ML091660602
| ML091660602 | |
| Person / Time | |
|---|---|
| Site: | San Onofre  |
| Issue date: | 06/10/2009 |
| From: | Scherer A Southern California Edison Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| Download: ML091660602 (187) | |
Text
SOUFHErN CALIFORNIA A. Edward Scherer Wn EDDISON Director Nuclear Regulatory Affairs An EDISON INTERNATIONAL@ Company June 10, 2009 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001
Subject:
Docket Nos. 50-361 and 50-362 Cycle Specific Technical Specification Bases Page Updates San Onofre Nuclear Generating Station, Units 2 and 3
Dear Sir or Madam:
Enclosed is the refueling cycle update to the San Onofre Nuclear Generating Station Units 2 and 3 Technical Specification (TS) Bases. As required by TS 5.4.4, changes to the TS Bases implemented without prior Nuclear Regulatory Commission (NRC) approval are provided to the NRC on a frequency consistent with 10 CFR 50.71(e).
Included in this update are all TS Bases pages that have been revised between March 1, 2007 and March 13, 2009. The enclosed pages show the most recent changes with revision bars in the right hand margin.
Pages that are supplied without any change bars reflect text rollover from one page to the next as the result of additions or deletions.
If you have any questions, please contact Ms. Linda T. Conklin at (949) 368-9443.
Sincerely, Enclosure cc: E. E. Collins, Regional Administrator, NRC Region IV R. Hall, NRC Project Manager, SONGS Units 2 and 3 G. G. Warnick, NRC Senior Resident Inspector, SONGS Units 2 and 3 Aw\-
P.O. Box 128 San Clemente, CA 92674
ENCLOSURE PART 1: SAN ONOFRE UNIT 2 REVISED TS BASES PAGES PART 2: SAN ONOFRE UNIT 3 REVISED TS BASES PAGES Bases Change Package Numbers B05-01 0 B06-002 B06-003 B06-006 B07-001 B07-002 B07-003 B08-001 B08-002 B08-004 B08-005 B08-006 B08-009 B08-01 0 B09-001 B09-002
SAN ONOFRE UNIT 2 REVISED TS BASES PAGES CRIS B 3.3.9 BASES (continued)
APPLICABLE The CRIS, in conjunction with the Control Room Emergency Air SAFETY ANALYSES Cleanup System (CREACUS), maintains the control room atmosphere within conditions suitable for prolonged occupancy throughout the duration of any one of the accidents discussed in Reference 1. The radiation exposure of control room personnel, through the duration of any one of the postulated accidents discussed in "Accident Analysis," SONGS Units 2 and 3 UFSAR, Chapter 15 (Ref. 1),
does not exceed the limits set by 10 CFR 50, Appendix A, GDC 19 (Ref. 3).
LCO LCO 3.3.9 requires one channel of CRIS to be OPERABLE. The required channel consists of Actuation Logic, Manual Trip, and gaseous radiation monitors. The specified value for the setpoint of the CRIS is listed in the SR.
The Bases for the LCO on the CRIS are discussed below for each Function:
- a. Manual Trip The LCO on Manual Trip backs up the automatic trips and ensures operators have the capability to rapidly initiate the CRIS Function if any parameter is trending toward its setpoint. One channel must be OPERABLE. This considers that the Manual Trip capability is a backup and that other means are available to actuate the redundant train if required, including manual SIAS.
- b. Airborne Radiation One channel of Airborne Radiation detection in the required train is required to be OPERABLE to ensure the control room isolates on high gaseous concentration.
- c. Actuation Loqic One train of Actuation Logic must be OPERABLE, since there are alternate means available to 'actuate the redundant train, including SIAS.
(continued)
SAN ONOFRE--UNIT 2 B 3.3-146 Amendment No. 127 12/01/08 I
RCS DNB (Pressure, Temperature, and Flow) Limits B 3.4.1 BASES (continued)
APPLICABLE within the limits of LCO 3.1.7, "Regulating CEA Insertion SAFETY ANALYSES Limits"; LCO 3.1.8, "Part Length CEA Insertion Limits";
(continued) LCO 3.2,3, "AZIMUTHAL POWER TILT (Tq)"; and LCO 3.2.5, AXIAL SHAPE INDEX (ASI) . The safety analyses are performed over the following range of initial values: RCS pressure 2000- 2300 psia, core inlet temperature 533 -
560'F (for > 30% power), and 520 - 560'F (for
- 30% power) and reactor vessel inlet coolant volumetric flow rate 95%.
The RCS Pressure, Temperature, and Flow limits satisfy Criterion 2 of the NRC Policy Statement.
LCO This LCO specifies limits on the monitored process variables-RCS pressurizer pressure, RCS cold leg temperature and RCS total flow rate-to ensure that the core operates within-the limits assumed for the plant safety analyses. These variables are contained in the COLR to provide operating and analysis flexibility from cycle to cycle. Operating within these limits will result in meeting the DNBR criterion in the event of a DNB limited transient.
The LCO numerical values for pressure, temperature and flow rate specified in the COLR are given for the measurement location but have not been adjusted for instrument error.
The uncertainties for pressure and temperature are accounted for in the CPC and COLSSoverall uncertainty analyses. The RCS flow uncertainty must be appl~ied to the value stated in this LCO.
APPLICABILITY In MODE 1, the limits on RCS pressurizer pressure, RCS cold leg temperature, and RCS flow rate must be maintained during steady state operation in order to ensure that DNBR criteria will be met in the event of an unplanned loss of forced coolant flow or other DNB limited transient. In all other MODES, the power level is low enough so that DNBR is not a concern.
A Note has been added to indicate the limit on pressurizer pressure may be exceeded during short term operational transients such as a THERMAL POWER ramp increase of > 5% RTP per minute or a THERMAL POWER step increase of > 10% RTP.
(continued)
SAN ONOFRE--UNIT 2 R 3.4-2 Amendment-No. 127 02/03/09
ECCS-Operating B 3.5.2 BASES (continued)
SURVEILLANCE SR 3.5.2.3 (continued)
REQUIREMENTS manipulation. Rather, it involves verification that those valves capable of being mispositioned are in the correct position.
The 31 day Frequency is appropriate because the valves are operated under procedural control and an improper valve position would only affect a single train. This Frequency as been shown to be acceptable through operating experience.
SR 3.5.2.4 The ECCS pumps are normally in a standby, nonoperating mode.
As such, flow path piping has the, potential to develop voids and pockets of entrained gases.' Maintaining the piping from the RWST to the RCS full of water (Ref. 7) ensures that the system will perform properly, injecting its full capacity into the RCS upon demand. This will also prevent water hammer, pump cavitation, and pumping of noncondensible gas (e.g., air, nitrogen, or hydrogen) into the reactor vessel following an SIAS. The 31 day Frequency takes into consideration the gradual nature of gas accumulation in the ECCS piping and the adequacy of the procedural controls governing system operation.
SR 3.5.2.5 Periodic surveillance testing of ECCS pumps to detect gross degradation caused by impeller structural damage or other hydraulic component problems is required by Section XI of the ASME Code. This type of testing may be accomplished by measuring the pump developed head at only one point of the pump characteristic curve. This verifies both that the measured performance is within an acceptable tolerance of the original pump baseline performance and that the performance at the test flow is greater than or equal to the performance assumed in the unit safety analysis. SRs are specified in the Inservice Testing Program, which encompassesSection XI of the ASME Code.Section XI of the ASME Code provides the activities and Frequencies necessary to satisfy the requirements.
SR 3.5.2.6 Deleted (continued)
SAN ONOFRE--UNIT 2 B 3.5-19 Amendment No. 127 03/03/09
ECCS- Operating B 3.5.2 I- REFERENCES I. 10 CFR 50, Appendix A, GDC 35.
- 2. 10 CFR 50.46.
- 3. UFSAR, Section 6.3, 15.6.3, and 15.10.6.3.
- 4. NRC Memorandum to V. Stello, Jr., from R. L. Baer, "Recommended Interim Revisions to LCOs for ECCS Components," December 1, 1975.
- 5. IE Information Notice No. 87-01, January 6, 1987.
- 6. CE NPSD-995, "CEOG Joint Applications Report for Low Pressure Safety Injection System AOT Extension," May 1995.
- 7. Nine-Month Response to GL 2008-01, Dated October 14, 2008. I
- J )
SAN ONOFRE--UNIT 2 B 3.5-20a Amendment 127 03/03/09
MSSVs B 3.7.1 B 3.7 PLANT SYSTEMS B 3.7.1 Main Steam Safety Valves (MSSVs)
BASES BACKGROUND The primary purpose of the MSSVs is to provide overpressure protection for the secondary system. The MSSVs also provide protection against overpressurizing the reactor coolant pressure boundary by providing a heat sink for the removal of energy from the Reactor Coolant System (RCS) if the preferred heat sink, provided by the Condenser and Circulating Water System, is not available.
Nine MSSVs are located on each main steam header, outside containment, upstream of the main steam isolation valves.
As described in UFSAR Section 10.3.2 (Ref. 1), the MSSVs must have sufficient capacity to limit the secondary system pressure to
- 110% of the design pressure. This meets the requirements of Section III of the ASME Code (Ref. 2).
The ASME requirement that MSSVs lift settings should be within 1% of the-specified setpoint reflects two separate objectives: the objective to maintain lift setpoints within the bounds of the Safety Analysis and an objective to minimize the number of valves which operate to mitigate an event by staggering the valve setpoints.
This second requirement to stagger setpoints reflects good engineering design, but not safety requirements. The objective to stagger valve setpoints constrains the less restrictive Safety Analysis requirement as a condition of Operability.
The radiological release assumptions used in the Steam Generator Tube Rupture dose assessment bound the source terms which are based on a low MSSV setpoint of 1100 psia with 15% MSSV blowdown, and considering the appropriate setpoint tolerance.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-1 Amendment No. 212 06/21/07
MSSVs B 3.7.1 BASES (continued)
APPLICABLE SAFETY ANALYSES The design basis for the MSSVs' comes from Reference 2.
The MSSVs' purpose is to limit secondary system pressure to 110% of design pressure when passing 100% of design steam I.:
flow. This design basis is sufficient to cope with any anticipated operational occurrence (AO0) or accident considered in the Design Basis Accident (DBA) and transient analysis.
The events that challenge the MSSV relieving capacity, and thus RCS pressure, are those characterized as decreased heat removal events, and are presented in the UFSAR, Section 15.2 (Ref. 3). Of these, the full power loss of condenser vacuum (LOCV) event is the limiting AOO. An LOCV isolates the turbine and condenser, and terminates normal feedwater flow to the Steam Generators. Before delivery of auxiliary feedwater to the Steam Generators, RCS pressure reaches c 2750 psig. This peak pressure is less than or equal to 110% of the design pressure of 2500 psia, but high enough to actuate the pressurizer safety valves. The maximum relieving rate of the MSSVs during the LOCV event (Reference 3 ), is within the rated capacity of the MSSVs. I I
The MSSVs satisfy Criterion 3 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-2 Amendment No. 127 04/28/08 1
MSSVs B 3.7.1 BASES (continued)
LCO This LCO requires MSSVs to be OPERABLE as specified in Tables 3.7.1-1 and 3.7.1-2. The LCO is met when no more than one MSSV per steam generator is inoperable. Operation with more than one MSSV inoperable per steam generator requires limitations on allowable THERMAL POWER (to meet Reference 2 requirements) and adjustment to Reactor Protection System trip setpoints. These limitations are according to those shown in Table 3.7.1-1, Required Action A.1, and Required Action A.2. An MSSV is considered inoperable if it fails to open upon demand.
The OPERABILITY of the MSSVs is defined as the ability to open in accordance with Lift Settings specified in Table 3.7.1-2, relieve Steam Generator overpressure, and reseat when pressure has been reduced. The OPERABILITY of the MSSVs is determined by periodic surveillance testing in accordance with the inservice testing program.
The Lift Settings specified in Table 3.7.1-2 correspond to ambient conditions of the valve at nominal operating temperature and pressure.
This LCO provides assurance that the MSSVs will perform their designed safety function to mitigate the consequences of accidents that could result in a challenge to the Reactor Coolant Pressure Boundary.
APPLICABILITY In MODE 1, the accident analysis requires a minimum of five MSSVs per Steam Generator which is limiting and bounds all lower MODES. In MODES 2 and 3, both the ASME Code and the accident analysis require only one MSSV per Steam Generator to provide overpressure protection.
In MODES 4 and 5, there are no credible transients requiring the MSSVs.
The Steam Generators are not normally used for heat removal in MODES 5 and 6, and thus cannot be overpressurized; there is no requirement for the MSSVs to be OPERABLE in these MODES.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-3 Amendment No. 212 04/28/08 i
MSSVs B 3.7.1 BASES (continued)
ACTIONS The ACTIONS table is modified by a Note indicating that separate Condition entry is allowed for each MSSV.
A.1 With two to seven MSSVs per steam generator (SG) inoperable reduce power so that the available MSSV relieving capacity meets Reference 2 requirements for the applicable THERMAL POWER. Operation with less than all nine MSSVs OPERABLE for each Steam Generator is permissible, if THERMAL POWER is limited to the relief capacity of the remaining MSSVs. This is accomplished by restricting THERMAL POWER so that the energy transfer to the most limiting Steam Generator is not greater than the available relief capacity in that Steam Generator.-
Operation at or below the allowable power will ensure the design overpressure limits will not be exceeded.
The 4-hour Completion Time for Required Action A.1 is a reasonable time period to reduce power level and is based on the low probability of an event occurring in this period that would require activation of the MSSVs.
A.2 With two to four MSSVs per SG inoperable, the ceiling on the Linear Power Level-High trip setpoint is reduced. The reduced reactor trip allowable values are based on a detailed analysis of the Loss of Condenser Vacuum with a Concurrent Single Failure event (Ref. 3). This analysis considered the concerns identified in NRC Information Notice 94-60 (Ref. 6). With five to seven MSSVs per SG inoperable, the plant must be taken to MODE 3 (per Action A.1), where the Linear Power Level-High trip is not required.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-4 Amendment No. 212 06/21/07
MSSVs B 3.7.1 BASES (continued)
ACTIONS A.2 (continued)
The operator should limit the maximum steady state power level to some value below this setpoint to avoid an inadvertent overpower trip.
The Completion Time of 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> for Required Action A.2 is based on the time required to perform the power reduction, operating experience in resetting all channels of a protective function, and on the low probability of the occurrence of a transient that could result in steam generator overpressure during this period.
B.1 and B.2 If the MSSVs cannot be restored to OPERABLE status in the associated Completion Time, or if one or more Steam Generators have eight or more inoperable MSSVs per SG, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 4 within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />,. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR 3.7.1.1 REQUIREMENTS This SR verifies the OPERABILITY of the MSSVs by the verification of each MSSV lift setpoints in accordance with the inservice testing program. The ASME Code,Section XI (Ref. 4), requires that safety and relief valve tests be performed in accordance with ASME OM Code, 1998 Edition through 2000 Addenda, Appendix l-Inservice Testing of Pressure Relief Devices in Light-Water Reactor Nuclear Power Plants (Ref. 5).
,(continued)
SAN ONOFRE--UNIT 2 B 3.7-5 Amendment No. 212 06/21/07
MSSVs B 3.7.1 BASES (continued)
SURVEILLANCE SR 3.7.1.1 (continued)
REQUIREMENTS According to Reference 5, the following tests are required for MSSVs:
- a. Visual examination;
- b. Seat tightness determination.;
- c. Setpoint pressure determination (lift setting); and
- d. Compliance with owner's seat tightness criteria.
This SR is modified by a Note that allows entry into and operation in MODE 3 prior to performing the SR. This is to allow testing of the MSSVs at hot conditions. The MSSVs may be either bench tested or tested in situ at hot conditions using an assist device to simulate lift pressure. If the MSSVs are not tested at hot conditions, the lift setting pressure shall be corrected to ambient conditions of the valve at operating temperature and pressure.
REFERENCES 1. UFSAR, Section 10.3.2.
- 2. ASME, Boiler and 'Pressure Vessel Code,-Section III, Article NC-7000, Class 2 Components.
- 3. UFSAR, Section 15.2.
- 4. ASME, Boiler and Pressure Vessel Code,Section XI, Article IWV-3500.
- 5. ASME OM Code, 1998 Edition through 2000 Addenda, Appendix l-Inservice Testing of Pressure Relief Devices in Light-Water Reactor Nuclear Power Plants.
- 6. NRC Information Notice 94-60.
SAN ONOFRE--UNIT-2 B 3.7-6 Amendment No. 212 06/21/07
ECW System B 3.7.10 BASES (:continued)
BACKGROUND If while implementing LCO 3.7.10-Action A for an inoperable (continued) 'EN-train, the opposite ECW train for the affected Unit(s)
.becomes inoperable, enter LCO 3.0.3 on the applicable Unit(s).
TS 3.7.10 allows 14 days for restoring operability of one ECWS train. The 14 day AOT is based on a probabilistic risk assessment that was done in accordance with the guidance of Regulatory Guide 1.177, "An Approach for Plant-Specific,
- Risk Informed Decisionmaking: Technical Specifications."
The 14 day AOT is implemented in the three-tiered approach.
First, the risk of the 14 day AOT is acceptable based on the single AOT risk. Second, administrative controls must be established to ensure that preventive maintenance on an emergency chilled water train does not coincide with a planned outage of normal chilled water system chillers ME330, ME331, pumps MP158, MP159, or compression tank T013.
These controls also apply to required support equipment for the above listed components. Thi'rd, risk-significant configurations are identified and managed appropriately per
-the Maintenance Rule (a)(4). Allowing only one 14 day clock even in the case of multiple single train component failures is conservative. This approach prohibits exceeding the intent of the LCO, -which is to ensure an ECWS train remains out of service for no more than 14 days, regardless of circumstances.
LCO 3.7.10 allows only one ECW train to be inoperable.
Therefore, with both trains inoperable, a LCO 3.0.3 entry is required.
An emergency chiller is considered OPERABLE when it is or can be aligned to either Unit's operating or standby OPERABLE Component Cooling Water (CCW) critical loop, provided that the OPERABLE CCW critical loop can be placed in operation within 2 *hours after a design *basis event is detected in the Control Room. (Reference 2) Thus, an emergency chiller, under normal circumstances, remains OPERABLE during a transfer operation between OPERABLE CCW critical loops completed in less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Likewise, an emergency chiller is considered OPERABLE when it is aligned to either Unit's energized 4 kV bus. Under normal circumstances, the emergency chiller remains OPERABLE during a transfer operation between 4 kV buses, provided the transfer operation is completed in less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
(continued)
SAN ONDFRE-.-UNIT 2 B 3.7-50 Amendment No. 197, 03/07/07 1
ECW System B 3.7.10
,BASES (continued)
Room Coolers OPERABILITY, General I.f one or more required individual room coolers for a Unit are inoperable and the backup cooling listed in Table I for the affected room(s) is also inoperable, OR if the temperature in the affected room(s) increases above its design temperature, declare the safety related equipment in the cooled room(s) inoperable and enter the LCO action
( )
) (conti nued)
SAN ONOFRE--UNIT 2 B 3.7-50a Amendment No. 197 03/07/07 1
ECW System B 3.7.10 BASES (continued)
BASES (continued)
BACKGROUND TABLE I (continued) Individual Room Coolers IE COOLER BACKUP COOLER EQUIPMENT IN ROOM ME417 ME414 P017, P015, P012 ME416 ME413 P019, P016, P013 ME517 ME445 (HE) P018 ME445 ME517 (HE) P018 ME455 ME448 P026 ME454 ME450 (NON-1E) or ME518 P025 ME518 ME450 (NON-1E) or ME454 P025 ME453 ME449 P024 ME438 RADWASTE FANS: P190 ME433 or ME434 (supply)
-AND-MA192 or MA193 (exhaust)
\..*,.°-J ME435 Same as above for ME438 P192 ME436 ME437 (HE) or Same as above for ME438 P.191 ME437 ME436 (HE) or Same as above for ME438 P191 ME255 ME430 and MA165,.or alternate method 50 ft. swgr ME257 ME430 and MA165, or alternate method 50 ft. swgr ME441 ME442 (ZE) P009, Polo ME442 ME441 (ZE) PO09, Polo (continued)
SAN ONOFRE--UNIT 2 .B 3.7-51 Amendment No. 127 04/28/08 I
ECW System B 3.7.10 BASES (continued)
BACKGROUND statement(s) for the inoperable equipment in the cooled (continued) room(s). See details for specific rooms, below.
statement(s) for the inoperable equipment in the cooled room(s). See details for specific rooms, below.
If one or more required individual room cooler(s) for a Unit are inoperable, the ECW train for that Unit remains OPERABLE. OPERABILITY of the safety related equipment in the cooled room(s) remains unaffected provided that the backup room cooling listed in Table I remains OPERABLE AND provided that the temperature in the affected room(s) remains below its design temperature. Return the individual room cooler(s) to OPERABLE status within 14 days while maintaining the temperature in the affected room(s) below its design temperature or enter the applicable action statement for the equipment in the room. Separate entry is allowed for each inoperable emergency room cooler.
For equipment in rooms cooled by only emergency cooling with no normal cooling, redundant emergency coolers are 100%
capacity, and are adequate for maintaining the cooled equipment OPERABLE for up to 14 days.
It is not prudent to rely on backup cooling for periods longer than the allowed outage time for an ECW train itself.
Therefore it is conservative to require restoration of an inoperable room cooler within .14 days.
With both emergency and backup room cooling inoperable, safety related equipment does not have the cooling required by the LCO 1.1 definition of OPERABLE.
Table 1 permits normal Radwaste Building ventilation to provide backup cooling for the charging pump rooms. This I is reasonable because these pumps can be running normally and have no normal room coolers.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-52 Amendment No. 127 04/28/08 1
ECWB System 3.7.1.0
-BASES (continued)
APPLICABILITY In MODES 1, 2., 3, and 4, the ECW System is required to be OPERABLE when a 'LOCA or other accident would require ESF operation.
In MODES 5 and 6, potential heat loads are smaller and the probability of accidents requiring the ECW System is low.
ACTIONS ACTION statements are modified by a Note: "Each Unit shall enter applicable ACTIONS separately." Because the ECW System is shared between Unit 2 and Unit 3, this note clarifies what Action should be taken when the Units are in different MODES.
A.1 If one ECW train is inoperable, action must be taken to restore OPERABLE status within 14 days. The 14 day AOT is
-based on a probabilistic risk assessment that requires administrative controls be implemented to ensure that preventive maintenance on an emergency chilled water train does not coincide with a planned outage of normal chilled water system chillers ME330, ME331, pumps MP158, MP159, or compression tank T013. These controls also apply to required support equipment for the above listed components.
In this condition, one OPERABLE ECW train is adequate to perform the cooling function. The 14 day Completion Time is reasonable, based on the low probability of an event occurring during this time, the 100% capacity OPERABLE ECW train., and the redundant availability of the normal HVAC System.
B.1 and B.2 If the ECW train cannot be restored to OPERABLE status within the associated Completion Time, or two ECW trains are inoperable, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed, in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR .3.7.10.1 REQU-IREMENTS Verifying the correct alignment for manual, power operated, and automatic valves in the ECW flow path provides assurance that the proper flow paths exist for ECW operation. This SR does not apply to valves that are locked, sealed, or (continued)
SAN ONOFRE--UNIT 2 B 3.7-55 Amendment No. 127 03/07/07 I
ECW System B 3.7.10
.,BASES ,(.continue.d)
SURVEILLANCE SR 3.7.10.1 (continued)
REQUIREMENTS otherwise secured in position, since they are verified to be in the correct position prior to locking, sealing., or securing. This SR also does not apply to valves that cannot be inadvertently misaligned, such as check valves. This Surveillance does not require any testing or valve manipulation; rather, it involves verification that those valves capable of potentially being mispositioned are in the correct position.
The 31 day Frequency is based on engineering judgment, is consistent with the procedural controls governing valve operation, and ensures correct valve positions.
SR 3.7.10.2 This SR verifies proper automatic operation of the ECW System components and that the ECW pumps and chillers will start in the event of any accident or transient that generates an SIAS, TGIS, CRIS, or FHIS. The 24 month Frequency is based on operating experience and design S..reliability of the equipment.
REFERENCES 1. UFSAR, Section 9.4.2.
- 2. Memorandum from V. Barone (NEDO) to T. Vogt (OPS),
Revision 1,,dated 12-22-94 (CDM document HVAC-352).
SAN ONOFRE---UNIT 2 B 3.7-55a Amendment No. 127 03/07/07 1
CREACUS B 3.7.11 B 3.7 PLANT SYSTEMS B 3.7.i Control Room Emergency Air Cleanup System (CREACUS)
BASES BACKGROUND The CREACUS provides a protected environment from which occupants can control the plant following an uncontrolled release of radioactivity, hazardous chemicals, or smoke.
The CREACUS consists of two independent, redundant trains that recirculate and filter air in the control room envelope (CRE) and a CRE boundary that limits the inleakage of unfiltered air. Each CREACUS train consists of emergency air conditioning unit, emergency ventilation air supply unit, emergency isolation dampers, and cooling coils and two cabinet coolers per Unit. Each emergency air conditioning unit includes a prefilter, a high efficiency particulate air (HEPA) filter, an activated carbon adsorber section for removal of gaseous activity (principally iodines), and a fan. A second bank of HEPA filters follows the adsorber section to collect carbon fines. Each emergency ventilation air supply unit includes prefilter, HEPA filter, carbon adsorber and fan. Ductwork, motor-operated dampers, doors, barriers, and instrumentation also form part of the system.
Air and motor-operated dampers are provided for air volume control and system isolation purposes.
The CRE is the area within the confines of the CRE boundary that contains the spaces that control room occupants inhabit to control the unit during normal and accident conditions.
This area encompasses the control room, and may encompass other non-cr-itical areas to which frequent personnel access or continuous occupancy is not necessary in the event of an accident. The CRE is protected during normal operation, natural events, and accident conditions. The CRE boundary is the combination of walls, floor, roof, ducting, doors, penetrations and equipment that physically form the CRE.
The OPERABILITY of the CRE boundary must be maintained to ensure that the inleakage of unfiltered air into the CRE will not exceed the inleakage assumed in the licensing basis analyses of design basis accident (DBA) consequences to CRE occupants. The CRE and its boundary are defined in the Control Room Envelope Habitability Program.
(continued)
SAN ONOFRE--UNIT 2 .B 3.7-56 Amendment No. 127 12/12/07 I
CREACUS B 3.7.11 BASES (continued)
BACKGROUND Upon receipt of the actuating signal, normal air supply to (continued) the CRE is isolated, and the stream of ventilation air is recirculated through the system's filter trains. The prefilters remove any large particles in the air to prevent excessive loading of the HEPA filters and charcoal adsorbers. Continuous operation of each train, for at least 15 minutes per month verifies proper system operability.
There are two CREACUS operational modes. Emergency mode is an operational mode when the control room is isolated to protect operational personnel from. radioactive exposure through the duration of any one of the postulated limiting faults discussed in Chapter 15 UFSAR (Ref. 2). Isolation mode is an operational mode when the CRE is isolated to.
protect operational personnel from toxic gasses and smoke.
Actuation of the CREACUS places the system into either of two separate states of operation, depending on the initiation signal. Actuation of the system to either the emergency mode r isolation mode of CREACUS operation closes the unfiltered-outside-air intake and unfiltered exhaust dampers, and aligns the system for recirculation of air within the CRE through the redundant trains of HEPA and charcoal filters.
The emergency mode also initiates pressurization of the CRE.
Outside air is added to the air being recirculated from the CRE. Pressurization of the CRE minimizes infiltration of unfiltered air through the CRE boundary from all the surrounding areas adjacent to the CRE boundary.
The CRE supply and the outside air supply of the normal control room HVAC are monitored by radiation and toxic-gas detectors respectively. One detector output above the setpoint will, cause actuation of the emergency mode or isolation mode as required. The actions of the isolation mode are more restrictive, and will override the actions of the emergency mode of operation. However, toxic gas and radiation events are not considered to occur concurrently.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-57 Amendment No. 127 12/12/07
CREACUS B 3.7.11 BASES (continued)
BACKGROUND Redundant recirculation trains provide the required (continued) filtration should an excessive pressure drop develop across the other filter train. Normally-open isolation dampers are arranged in series pairs so that one damper's failure to shut will not result in a breach of isolation. The CREACUS is designed in accordance with Seismic Category I requirements.
The CREACUS is designed to maintain a habitable environment in the CRE for 30 days of continuous occupancy after a Design Basis Accident (DBA) without exceeding a 5-rem total effective dose equivalent (TEDE).
APPLICABLE The CREACUS components are arranged in redundant, safety SAFETY ANALYSES related ventilation trains. The location of components and ducting within, the CRE ensures an adequate supply of filtered air to all areas requiring access.
The CREACUS provides airborne radiological protection for the CRE occupants, as demonstrated by the CRE occupant dose analyses for the most limiting design basis loss of coolant accident fission product release presented in the UFSAR, Chapter 15 (Ref. 2).
Dose calculations, as specified in Unit 2/3 UFSAR Chapter 15 (Reference 2), only take credit for the HEPA filters and charcoal adsorbers of the emergency recirculation air conditioning unit. The emergency ventilation supply unit is designed to contribute to the pressurization of the control room to minimize unfiltered inleakage as indicated in Unit 2/3 UFSAR.
(continued)
SAN ONOFRE--UNIT 2 B 3.7*58 Amendment No. 127 12/12/07
CREACUS B 3.7.11 BASES (continued)
APPLICABLE The CREACUS provides protection from smoke and hazardous SAFETY ANALYSES chemicals to the CRE occupants. The analysis of hazardous (continued) chemical releases demonstrates that the toxicity limits are not exceeded in the CRE following a hazardous chemical release (Ref. 3). The evaluation of a smoke challenge demonstrates that it will not result in the inability of the CRE occupants to control the reactor either from the control room or from the remote shutdown panels (Ref. 4).
The worst case single active failure of a component of the CREACUS, assuming a loss of offsite power,*does not impair the ability of the system to perform its design function.
The CREACUS satisfies Criterion 3 of the NRC Policy Statement.
LCO Two independent and redundant trains of the CREACUS are required to be OPERABLE to ensure that at least one is available if a single active failure disables the other train. Total system -failure, such as from a loss of both ventilation trains or from an inoperable CRE boundary, could result in exceeding a dose of 5 rem TEDE to the CRE occupants in the event of a large radioactive release.
Each CREACUS train is considered OPERABLE when the individual components necessary to limit CRE occupant exposure are OPERABLE. A CREACUS train is considered OPERABLE when the associated:
- a. Fan is OPERABLE;
- b. HEPA filters and charcoal adsorber are not excessively restricting flow, and are capable of performing their filtration functions; and (continued)
SAN ONOFRE--UNIT 2 B 3.7-59 Amendment No. 128 12/12/07
CREACUS B 3.7.11 BASES (continued)
LCO c. Ductwork, valves, and dampers are OPERABLE, and, air (continued) circulation can be maintained. If an Emergency Isolation Damper is stuck open, the associated train of CREACUS may still be considered OPERABLE if the redundant damper in series with the inoperable damper is closed with power removed.
In order for the CREACUS trains to be considered OPERABLE, the CRE boundary must be maintained such that CRE occupant dose from a large radioactive release does not exceed the calculated dose in the licensing basis consequence analyses for DBAs, and that CRE.occupants are protected from hazardous chemicals and smoke.
The LCO is modified by a Note allowing the CRE boundary to I be opened intermittently under administrative controls.
This note only applies to openings in the CRE boundary that can be rapidly restored to the design condition, such as doors, hatches, floor plugs, and access panels. For entry and exit through doors the administrative control of the J opening is performed by the person(s) entering or exiting the area. For other openings, these controls should be proceduralized and consist of stationing a dedicated individual at the opening who is in continuous communication with the operators in the CRE. This individual will have a method to rapidly close the opening and to restore the CRE boundary to a condition equivalent to the design condition when a need for CRE isolation is indicated.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-60 Amendment No. 127 12/12/07
CREACUS B 3.7.11 BASES (continued)
APPLICABILITY In MODES 1, 2, 3, 4, 5, and 6 and during movement of irradiated fuel assemblies the CREACUS must be OPERABLE to ensure that the CRE will remain habitable during and following a DBA.
In MODES 5 and 6, the CREACUS is required to cope with the release from a rupture of a waste gas tank.
During movement of irradiated fuel assemblies, the CREACUS must be OPERABLE to cope with the release from a fuel handling accident involving handling irradiated fuel.
ACTIONS ACTION statements are modified by two NOTES. NOTE I says:
"The provisions of LCO 3.0.4 are not applicable when entering MODES 5, 6, or defueled configuration."
Specification 3.0.4 establishes that entry into an operational mode or other specified condition shall not be made unless the conditions of the LCO are met.
Applicability statement "During movement of irradiated fuel assemblies" ensures the OPERABILITY of both CREACUS trains prior to the start of movement of irradiated fuel assemblies.
NOTE 2 says: "Each Unit shall enter applicable ACTIONS separately." CREACUS is a shared system between Unit 2 and Unit 3. LCO doesn't address the operational situation when the Units are in different operational MODES. Without this NOTE it may not be clear what ACTIONS should be taken.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-61 Amendment No. 128 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
ACTIONS A.I (continued)
With one CREACUS train inoperable, for reasons other than an inoperable CRE boundary, action must be taken to restore OPERABLE status within 14 days. The 14 day AOT is based on a probabilistic risk assessment that does not require administrative controls to be implemented when a CREACUS train is taken out of service. In this Condition, the remaining OPERABLE CREACUS train is adequate to perform the CRE occupant protection function.
However, the overall, reliability is reduced because a failure in the OPERABLE CREACUS train could result in loss of CREACUS function. The 14 day Completion Time is based on the low probability of a DBA occurring during this time period., and the ability of the remaining train to provide the required capability.
B.1, B.2 and B.3 If the unfiltered inleakage of potentially. contaminated air past the CRE boundary and into the CRE can result in CRE occupant radiological dose greater than the calculated dose of the licensing basis analyses of DBA consequences (allowed to be. up to.5 rem TEDE), or inadequate protection of CRE occupants from hazardous chemicals or smoke, the CRE boundary is inoperable. Actions must be taken to restore an OPERABLE CRE boundary within 90 days.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-62 , Amendment No. 128 12/12/07
CREACUS B 3.7.11 BASES (continued)
ACTIONS During the period that the CRE boundary is considered (continued) inoperable, action must be initiated to implement mitigating actions to lessen the effect on CRE occupants from the potential hazards of a radiological or chemical event or a challenge from smoke. Actions must be taken within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to verify that in the event of a DBA, the mitigating actions will ensure that CRE occupant radiological exposures will not exceed the calculated dose of the licensing basis analyses of DBA consequences, and that CRE occupants are protected from hazardous chemicals and smoke. These mitigating actions (i.e., actions that are taken to offset the consequences of the inoperable CRE boundary) should be preplanned.for implementation upon entry into the condition, regardless of whether entry is intentional or unintentional.
The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is 'reasonable based on the low probability of a DBA occurring during this time period, and the use of mitigating actions. The 90 day Completion Time is reasonable based on the determination that the mitigating actions will ensure protection of CRE occupants within analyzed limits while limiting the probability that CRE occupants will have to implement protective measures that may adversely affect their ability to control the reactor and maintain it in a safe shutdown condition in the event of a DBA. In addition, the 90 day Completion Time is a reasonable time to diagnose, plan and possibly repair, and test most problems with the CRE boundary.
C.1 and C.2 In MODES 1, 2, 3, or 4, if the inoperable CREACUS or the CRE boundary cannot be restored to OPERABLE status within the required Completion Time, the unit must be placed in a MODE that minimizes the accident risk. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within,36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-63 Amendment No. 208 12/12/07
CREACUS B 3.7.11 BASES (continued)
ACTIONS D.1, D.2.1, and D.2.2 (continued)
In MODE 5 or 6, or during movement of irradiated fuel assemblies, if Required Action A.1 cannot be completed within the required Completion Time, the OPERABLE CREACUS train must be immediately placed in the emergency mode of operation. This action ensures that the remaining train is OPERABLE, that no failures preventing automatic actuation will occur, and that any active failure will be readily detected.
An alternative to Required Action D.1 is to immediately suspend activities that could result in a release of radioactivity that might require isolation of the CRE. This places the unit in a condition that minimizes the accident risk. This does not preclude the movement of fuel assemblies to a safe position.
E.1 and E.2 When in MODE 5 or 6, or during movement of irradiated fuel assemblies with two trains inoperable or with one or more CREACUS trains inoperable due to an inoperable CRE boundary, action must be taken immediately to suspend activities that could result in a release of radioactivity that might enter the CRE. This places the unit in a condition that minimizes theaccident risk.. This does not preclude the movement of fuel to a safe position.
F.1 If both CREACUS trains are inoperable in MODE 1, 2, 3, or 4 for reasons other than an inoperable CRE boundary (i.e.,
Condition B), the CREACUS may not be capable of performing the intended function and the unit is in a condition outside the accident analyses. Therefore, LCO 3.0.3 must be entered immediately.
(continued)
SAN ONOFRE--UNIT 2 B 3 .7-64 Amendment No.208 12/12/07
CREACUS B 3.7.11 BASES (continued)
SURVEILLANCE SR 3.7.11.1 REQUIREMENTS Standby systems should be checked periodically to ensure that they function properly. Since the environment and normal operating conditions on this system are not severe, testing each train once every month provides an adequate check on this system.
Cumulative operation of the system for at least 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> over a'31 day period is sufficient to reduce the buildup of moisture on the adsorbe rs and HEPA filtes. The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> time frame is based on a conservative engineering evaluation which calculated the time required to evaporate the moisture contained in the air trapped inside the CREACUS duct upstream of charcoal beds. The 31 day Frequency is based on the known reliability of the equipment, and the two train redundancy available.
SR 3.7.11.2 This SR verifies that the required CREACUS testing is performed in accordance with the Ventilation Filter Testing Program (VFTP). The CREACUS filter tests are based on Regulatory Guide 1.52 (Ref. 5). The VFTP includes testing HEPA filter performance, charcoal adsorber efficiency, minimum system flow rate, and the physical properties of theactivated charcoal (general use and following specific operations). Specific test Frequencies and additional information are discussed in detail in the VFTP.
The filtration efficiency only apply to the emergency recirculation air conditioning units E418 and E419.
Therefore, testing for filtration efficiency is not required for the emergency ventilation supply units A206 and A207.
However, the specified air flow from the emergency ventilation units is required during the filtration efficiency testing of the emergency recirculation air conditioning units. Also, the air flow requirements which are specified in the VFTP apply to the emergency ventilation and emergency air conditioning units.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-65 Amendment No. 208 12/12/07
CREACUS B 3.7.11 BASES (continued).
/
SURVEILLANCE SR 3.7.11.3 REQUIREMENTS (continued) This SR verifies that each CREACUS train starts and operates on an acutual or simulated actuation signal. The Frequency of 24 months is based on industry operating experience and is consistent with the typical refueling cycle.
SR 3.7.11.4 This SR verifies the OPERABILITY of the CRE boundary by testing for unfiltered air inleakage past the CRE boundary and into the CRE. The details of the testing are specified in the Control Room Envelope Habitability Program.
The CRE is considered habitable when the radiological dose to CRE occupants calculated in the licensing basis analyses of DBA consequences is no more than 5 rem TEDE and the CRE occupants are protected from hazardous chemicals and smoke.
This. SR verifies that the unfiltered air inleakage into the CRE is no greater than the flow rate assumed in the licensing basis analyses of DBA consequences. When unfiltered air inleakage is greater than the assumed flow rate, Condition B must be entered. Required Action B.3 allows time to restore the CRE boundary to OPERABLE status provided mitigating actions can ensure that the CRE remains within the licensing basis habitability limits for the occupants following an accident. Compensatory measures are discussed in Regulatory Guide 1.196, Section C.2.7.3, (Ref. 6) which endorses, with exceptions, NEI 99-03, Section (continued)
)
SAN ONOFRE--UNIT 2 B 3.7-66 Amendment No. 208 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
SURVEILLANCE SR 3.7.11.4 REQUIREMENTS (continued) 8.4 and Appendix F (Ref. 7). These compensatory measures may also be used as mitigating actions as required by Required Action B.2. Temporary analytical methods may also be used as compensatory measures to restore OPERABILITY (Ref. 8). Options for restoring the CRE boundary to OPERABLE status include changing the licensing basis DBA consequence analysis, repairing the CRE boundary, or a combination of these actions. Depending upon the nature of the problem and the corrective action, a full scope inleakage test may not be necessary to establish that the CRE boundary has been restored to OPERABLE status.
REFERENCES 1. UFSAR, Section 9.4.
- 2. UFSAR, Chapter 15.
- 3. UFSAR, Section 6.4.
- 4. UFSAR,-Section 9.5.
- 5. Regulatory Guide 1.52 (Rev. 2).
- 7. NEI 99-03, "Control Room Habitability Assessment,"
June 2001.
- 8. Letter from Eric J. Leeds (NRC) to James W. Davis (NEI) dated January 30, 2004, "NEI Draft White Paper, Use of Generic Letter 91-18 Process and Alternative Source Terms in the Context of Control Room Habitability." (ADAMS Accession No. ML040300694).
(continued)
S SAN ONOFRE--UNIT 2 B 3.7-67 Amendment No. 208 12/12/0.7
Fuel Storage Pool Boron Concentration B 3.7.17
) B 3.7 PLANT SYSTEMS B 3.7.17 Fuel Storage Pool Boron Concentration BASES BACKGROUND As described in LCO 3.7.18, "Spent Fuel Assembly Storage,"
fuel assemblies are stored in the spent fuel racks in accordance with criteria based on initial enrichment, discharge burnup, and cooling time (plutonium decay).
Although the water in the spent fuel pool is normally borated to Ž 2000 ppm, the criteria that limit the storage of a fuel assembly to specific rack locations is conservatively developed without taking credit for boron while maintaining Keff < 1.0. Credit for boron is taken to maintain Keff
- 0.95.
APPLICABLE Soluble boron in the spent fuel pool is credited in SAFETY ANALYSES criticality analyses for normal and accident conditions.
The relevant accidents are 1) Fuel Assembly Dropped Horizontally On Top of the Racks, 2) Fuel Assembly Dropped Vertically Into a Storage Location Already Containing a Fuel Assembly, 3) Fuel Assembly Dropped to the SFP Floor, and 4)
Fuel Misloading in either Region I or Region II. The i limiting accident is Fuel Misloading in either Region I or Region II.
A fuel assembly could be inadvertently loaded into a spent fuel rack location not allowed by LCO 3.7.18 (e.g., an un-irradiated fuel assembly or an insufficiently depleted fuel assembly). This accident is analyzedassuming the misloading of one fresh assembly with the maximum permissible enrichment. However, the negative reactivity effect of the soluble boron compensates for the increased reactivity caused by the postulated accident scenario.
Under normal, non-a'ccident conditions, the soluble boron needed to maintain Keff less than or equal to 0.95, including uncertainties, is 970 ppm. Under accident conditions, the soluble boron needed to maintain Keff less than or equal to 0.95, including uncertainties, is 1700 ppm. A SFP boron dilution analysis shows that dilution from 2000 ppm to below 1700 is not credible. Therefore, the minimum required soluble boron concentration is 2000 ppm.
The concentration of dissolved boron in the fuel pool satisfies Criterion 2 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-71 Amendment No. 127 03/05/08
Fuel Storage Pool Boron Concentration B 3.7.17 BASES (continued) K" LCO The specified concentration of 2000 ppm.dissolved boron in the fuel pool preserves the assumptions used in the analyses described above. This concentration of dissolved boron is the minimum required concentration for fuel assembly storage and movement within the spent fuel pool.
APPLICABILITY This LCO applies whenever fuel assemblies are stored in the spent fuel pool.
ACTIONS A.1 and A.2 The Required Actions are modified by a Note indicating that LCO 3.0.3 does not apply.
When the concentration of boron in the spent fuel pool is less than required 2000 ppm, immediate action must be taken to preclude an accident from happening or to mitigate the consequences of an accident in progress. This is most efficiently achieved by immediately suspending the movement of fuel assemblies. This does not preclude the movement of fuel assemblies to a safe position. In addition, action must be immediately initiated to restore boron concentration to the required 2000 ppm.
If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify any action. If moving irradiated fuel assemblies while in MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operation.
Therefore, inability to suspend movement of fuel assemblies is not sufficient reason to require a reactor shutdown.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-72 Amendment No. 127 03/05/08
Fuel Storage Pool Boron Concentration B 3.7.17 BASES (continued)
SURVEILLANCE SR 3.7,17,1 REQUIREMENTS This SR verifies that the concentration of boron in the spent fuel pool is within the required limit. As long as this SR is met, the analyzed incidents are fully addressed.
The 7 day Frequency is appropriate because no major replenishment of pool water is expected to take place over a short period of time.
REFERENCES 1. UFSAR, Section 9.1.
J SAN ONOFRE--UNIT 2 B 3.7-73 Amendment No. 127 03/05/08 1
Spent Fuel Assembly Storage B 3.7.18 B 3,7 PLANT SYSTEMS B 3.7.18 Spent Fuel Assembly Storage BASES BACKGROUND The spent fuel storage facility is 'designed to store either new (nonirradiated) nuclear fuel assemblies, or burned (irradiated) fuel assemblies., in a vertical configuration underwater. The storage pool is sized to store 1542 fuel assemblies. Two types/sizes of spent fuel storage racks are used (Region I and Region II). The two Region I racks each contain 156 storage locations each spaced 10.40 inches on center in a 12x13 array. Four Region II storage racks each contain 210 storage locations in a 14x15 array. The remaining two Region II racks each contain 195 locations in a 13x15 array. All Region II locations are spaced 8.85 inches on center.,
To maintain Keff < 0.95 for spent fuel of maximum enrichment up to 4.8 w/o, (1) soluble boron is credited, and (2) the following storage patterns and borated stainless steel guide tube inserts are used as needed:
(1) unrestricted storage, minimum discharge burnup and cooling time requirements vs. initial enrichment, (2)- SFP Peripheral storage, minimum discharge burnup and cooling time requirements vs. initial enrichment, (3) 2x2 storage patterns, minimum discharge burnup and cooling time requirements vs. initial enrichment, (4) 3x3 storage patterns, minimum discharge burnup and cooling time requirements vs. initial enrichment, (5) credit for inserted Control Element Assemblies (CEAs),
(6) credit for erbia in fresh assemblies, (7) credit for cooling time (Pu-241 decay), and, (8) credit for borated stainless steel guide tube inserts.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-74 Amendment No. 127 03/05/08
Spent Fuel Assembly Storage B 3.7.18 BASES (continued)
BACKGROUND When soluble boron is credited, the following acceptance (continued) criteria apply:
(1) Under normal conditions, the 95/95 neutron multiplication factor (Keff), including all uncertainties, shall be less than 1.0 when flooded with unborated water, and, (2) Under normal and accident conditions, the 95/95 neutron multiplication factor (Keff), including all uncertainties, shall be less than or equal to 0.95 when flooded with borated water.
APPLICABLE The spent fuel storage facility is designed for SAFETY ANALYSES noncriticality by use of adequate spacing, neutron absorbing stainless steel cans, borated water with a minimum soluble boron concentration of 970 ppm, and storage of fuel assemblies in accordance with the administrative Controls in LCO 3.7.18 and LCS 4.0.100, "Fuel Storage Patterns".
The spent fuel assembly storage satisfies Criterion 2 of the NRC Policy Statement.
LCO The restrictions on the placement of fuel assemblies within the spent fuel pool, in the accompanying LCO, ensure that the Keff of the spent fuel pool will always remain
< 1.00 under normal, non-accident conditions assuming the pool to be flooded with unborated water. The Keff of the spent fuel pool will always remain
- 0.95 under normal, non-accident conditions assuming the pool to be flooded with borated water with a minimum soluble boron concentration of 970 ppm. The Keff of the spent fuel pool will always remain
- 0.95 under accident conditions assuming the pool to be flooded with borated water with a minimum soluble boron concentration of 1700 ppm. The restrictions are consistent with the criticality safety analysis performed for the spent fuel pool.
(continued)
SAN ONOFRE--UNIT 2 B 3.7-75 Amendment No. 127 03/05/08
Spent Fuel Assembly Storage B 3.7.18 BASES (continued) 7 >
APPLICABILITY This LCO applies whenever any fuel assembly is stored in Regions I and II of the spent fuel pool.
ACTIONS A.1 Required Action A.1 is modified by a Note indicating that LCO 3.0.3 does not apply.
When the configuration of fuel assemblies stored in Regions I and II of the spent fuel pool is not in accordance with LCO 3.7.18, immediate action must be taken to make the necessary fuel assembly movement(s) to bring the configuration into compliance.
If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify any action. If moving irradiated fuel assemblies while in MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operation.
Therefore, in either case, inability to move fuel assemblies is not sufficient reason to require a reactor shutdown.
SURVEILLANCE SR 3.7.18.1 REQUIREMENTS This SR verifies by administrative means that the fuel assembly is stored in accordance with LCO 3.7.18, or Design Features 4.3.1.1, or LCS 4.0.100. For-fuel assemblies not stored in accordance with LCO 3.7.18, performance of this SR will ensure compliance with Specification 4.3.1.1.
This surveillance is performed.prior to the initial storage of a fuel assembly in a spent fuel pool location and prior to each subsequent movement to a new location.
REFERENCES UFSAR, Section 9.1.2.2.
SAN ONOFRE--UNIT 2 B 3.7-75a Amendment No. 127 03/05/08
AC Sources - Operating B 3.8.1 BASES (continued)
LCO sequence intervals, and continue to operate until offsite (continued) power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as: DG in standby with the engine hot, DG in standby with the engine at ambient conditions, and DG operating in a parallel test mode. A DG is considered already operating if the DG voltage is Ž 4161 and
- 4576 volts and the frequency is ; 59.7 and
- 61.2 Hz.
I Proper sequencing of loads, including tripping of nonessential loads on a SIAS, is a required function for DG OPERABILITY.
The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.
For the offsite AC sources, separation and independence are to the extent practical. A circuit may be connected to more than one ESF bus, with transfer capability to the other circuit, and not violate separation criteria.
APPLICABILITY The AC sources and associated automatic load sequence timers
) are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
The AC power requirements for MODES 5 and 6 are covered in LCO 3.8.2, "AC Sources-Shutdown."
ACTIONS A.1 To ensure a highly reliable power source remains with the one offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit on (continued)
B 3.8-5 ONOFRE--UNIT 22 SAN ONOFRE--UNIT B 3.8-5 Amendment No. 127 04/28/08 I
AC Sources -Operating B 3.8.1 BASES (continued)
ACTIONS B.3.1 and B.3.2 (continued)
In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the plant corrective action program will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> cons-traint imposed while in Condition B.
According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is reasonable to confirm that the OPERABLE DG is not affected by the same problem as the inoperable DG.
B.4
- An augmented analysis using the methodology set forth in Reference 16 provides a series of deterministic and probabilistic justifications and supports continued operations in Condition B for a period that should not exceed 14 days.
In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 14 day Completion Time takes ACinto remaining account the capacity and capability of the sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is.entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently returned OPERABLE,.the LCO may already have been not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (for a total of 20 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable'for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.
As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the
- ) (continued)
SAN ONOFRE--UNIT 2 B 3.8-9 Amendment No. 127 11/29/07 1
AC Sources- Operating B 3.8.1 BASES (continued)
SURVEILLANCE Where the SRs discussed herein specify voltage and frequency REQUIREMENTS tolerances, the following is applicable. The minimum steady (continued) state output voltage of 4297 V is above the maximum reset voltage of the 4.16 kV bus undervoltage relays (Ref. SR 3.3.7). Achieving a voltage at or above 4297 V ensures that the LOVS/SDVS/DGVSS relay logic will reset allowing sequencing of the ESF loads on to the ESF bus if one or more ESF actuation signals is present. This minimum voltage limit, which is consistent with ANSI C84.1-1982 (Ref. 11),
is above the allowed voltage drop to the terminals of 4160 V motors whose minimum steady state operating voltage is 3744 V (90% of 4160 V). This minimum voltage requirement also ensures that adequate voltage is provided to motors and other equipment down through the 120 V level. The specified maximum steady state output voltage of 4576 V ensures that, for a lightly loaded distribution system, the voltage at the terminals of 4160 V motors is no more than the maximum allowable steady state operating voltage (110% of 4160V).
The specified minimum and maximum frequencies of the DG are 59.7 Hz and 61.2 Hz, respectively. The upper frequency limit is equal to + 2% of the 60 Hz nominal frequency and is derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3). The lower frequency limit is equal to
- 0.5% of the 60 Hz nominal frequency and is based on maintaining acceptable high pressure safety injection system performance as assumed in the accident analyses.
During a DG surveillance test, steady state DG voltage of 4297 to 4576 volts and steady state frequency of 59.7 to 61.2 Hz shall be verified. For the lower voltage and frequency limits, the Total Loop Uncertainty (TLU) of the measurement device (Reference Calculation E4C-098) shall be considered.
SR 3.8.1.1 This SR assures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that availability of independent offsite circuits is maintained.
The 7 day Frequency is adequate since breaker position is not likely to change without the operator being aware of it and because its status is displayed in the control room.
The SR is modified by two NOTES to indicate that Bus 3A04 or Bus 3A06 is required when unit crosstie breaker 3A0416 or 3A0603, respectively, is used to provide a source of AC power.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-14 Amendment No. 127 03/13/09
AC Sources- Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.2 and SR 3.8.1.7 (continued)
REQUIREMENTS The normal 31 day Frequency for SR 3.8.1.2 (see Table 3.8.1-1, "Diesel Generator Test Schedule'," in *the accompanying LCO) and the 184 day Frequency for SR 3.8.1.7 are consistent with Regulatory Guide 1.9 (Ref. 3). These frequencies provide adequate assurance of DG OPERABILITY, while minimizing degradation resulting from testing.
Note 4- This note discusses operability of the diesel generator subcomponent Automatic Voltage Regulator (AVR).
The AVR is an integral part of the DG, however, each DG has 2 AVRS that are 100% redundant to each other. Only one AVR may be inservice at any one time. To ensure operability of each AVR, the AVRs must have been in service during the performance of SR 3.8.1.2 and SR 3.8.1.3 within the las.t 60 days plus any allowance per SR 3.0.2. SR 3.8.1.2 is modified by NOTE 1 to indicate that SR 3.8.1.7 satisfies all of the requirements of SR 3.8.1.2. This note is applicable for AVR operability. Also, each AVR must have been in service for either SR 3.8.1.9, SR 3.8.1.10, or SR 3.8.1.19 within the last 24 months plus any allowance per SR 3.0.2.
During the 24 month test dynamic performance of the AVR is measured to confirm it is acceptable for all required AVR transients. Based on the design of the AVR, its intended function and the maintenance history, the above specified surveillance schedule will assure the AVRs are capable' of performing their intended function.
SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to the equivalent of the maximum expected accident loads listed in Reference 2.
This capability is verified by performing a load test equivalent to 90% to 100% of the continuous duty rating of the DG, for an interval of not less than 60 minutes, consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.
Although no power factor requirements are established by this SR, the surveillance is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR oading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:
) (continued)
SAN ONOFRE--.UNIT 2 B 3.8-16 Amendment No. 127 04/28/08 1
AC Sources-Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.4 (continued)
REQUI REMENTS full load plus 10%. The level is expressed as an equivalent volume in inches. The 31.5 inch level includes instrument uncertainties and corresponds to the minimum requirement of 389 gallons of fuel oil.
The 31 day Frequency is adequate to assure that a sufficient supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.
SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation. There are numerous microorganisms that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks once every 31 days eliminates the necessary environment for microbial survival in the day tanks. This is the most effective means of controlling microbiological fouling. In addition, it eliminates t~he.
potential for water entrainment in the fuel oil during DG operation. Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and from breakdown of the fuel oil by microorganisms. Frequent checking for and removal of accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system.
The Surveillance Frequencies are established by Regulatory Guide 1.137 (Ref. 10). This SR is for preventive maintenance. The presence of water does not necessarily represent failure of this SR provided the accumulated water is removed during the performance of this Surveillance.
SR 3.8.1.6 This Surveillance demonstrates that for each OPERABLE DG at least one fuel oil transfer pump operates and transfers fuel oil from its associated storage tank to its associated day tank. This is required to support continuous operation of the standby power source. This Surveillance provides assurance that at least one fuel oil transfer pump is OPERABLE, the fuel oil piping system is intact, the fuel delivery piping is not obstructed, and the controls and control systems for the fuel transfer system are OPERABLE.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-18 Amendment No. 211 04/05/07 1
AC Sources - Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8,1.8 (continued)
REQUIREMENTS The 24 month Frequency of the Surveillance is based on engineering judgment, taking into consideration the unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.
Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency.
Therefore, the Frequency was concluded to be acceptable from a reliability standpoint.
This SR is modified-by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.
SR 3.8.1.9 Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single post-accident load without exceeding predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the largest single post-accident load for each DG is the Auxiliary Feedwater pump which has a name plate rating of 800 HP. As required by IEEE-308 (Ref. 13), the load rejection test is acceptable if the increase in diesel speed does not exceed 75% of the difference between synchronous speed and the overspeed trip setpoint, or 15% above synchronous speed, whichever is lower.
The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequencing and load rejection. The 4 seconds specified is equal to 80% of the 5 second load sequence interval associated with sequencing of the largest load. Since SONGS specific analyses demonstrate the acceptability of overlapping load groups (i.e., adjacent load groups that start at the same time due to load sequence timer tolerance), the use of 80% of load sequence interval for voltage recovery is consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The voltage and frequency specified are consistent with the design range of the equipment powered by the DG.
SR 3.8.1.9.a corresponds to the maximum frequency excursion, (conti nued)
SAN ONDFRE--UNIT 2 B 3.8-20 Amendment No. 127 11/29/07
,Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3
( ) B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.3 Diesel Fuel Oil, Lube Oil, and Starting Air BASES BACKGROUND Each diesel generator (DG) is provided with a storage tank having a fuel .o~il capacity sufficient to operate that diesel for a period of 7 days, while the DG is supplying maximum post loss of coolant accident load demand as discussed in the UFSAR, Section 9.5.4.2 (Ref. 1). The maximum load demand is calculated assuming the maximum load demand is suppl.ied by one DG. This onsite fuel oil capacity is sufficient to operate the DGs for longer than the time to replenish the onsite supply from outside sources.
Fuel oil is transferred from storage tank tolday tank by either of two transfer pumps associated with each storage tank. Redundancy of pumps and piping precludes the failure..
of one pump, or the rupture of any pipe, valve, or tank to result in the loss of more than one DG. All outside tanks, pumps, and piping are located underground.
For proper operation of the standby DGs, it is necessary to ensure the proper quality of the fuel oil. San Onofre has a Diesel Fuel Oil (DFO) testing program which ensures proper fuel oil quality. The program includes purchasing, rec:eipt testing of new fuel oil, and periodic analyses of the stored fuel. San Onofre is not committed to the fuel analysis portion of Regulatory Guide 1.137 (Ref. 2) or ANSI N195-1976 (Ref. .3); however, these standards were utilized as guidance in the development of the D.FO testing program.
The DG lubrication system is designed to provide sufficient lubrication to permit proper operation of its associated DG under all loading conditions. The system is required to circulate the lube oil to the diesel engine working surfaces and to remove excess heat generated by friction during operation. Each engine oil sump contains an inventory capable of supporting a minimum of 7 days of continuous operation. This supply is sufficient supply to allow the operator to replenish lube oil from outside sources.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-36 Amendment No. 211 04/05/07
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3 7 BASES (continued)
APPLICABILITY The AC sources (LCO 3.8.1 and LCO 3.8.2) are required to ensure the availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an AO0 or a postulated DBA. Since stored diesel fuel oil, lube oil, and starting air subsystems support LCO 3.8.1 and LCO 3.8.2, stored diesel fuel oil, lube oil and starting air are required to be within limits when the associated DG is required to be OPERABLE.
ACTIONS A.1 In this Condition, the 7 day fuel oil supply (48,400 gallons) for a DG is not available. However, the Condition is restricted to fuel oil level reductions that maintain at least a 6 day supply (41,800 gallons). These circumstances may be caused by events such as full load operation required after an inadvertent start while at minimum required level; or feed and bleed operations, which may be necessitated. by increasing particulate levels or any number of other oil quality degradations. Thi's restriction allows sufficient time for obtaining the requisite replacement volume and performing the analyses required prior to addition of fuel oil to the tank. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required level prior to declaring the DG inoperable. This period is acceptable based on the remaining capacity (> 6 days), the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
B.1 With lube oil inventory less than the TSmin marking in the dipstick, sufficient lubricating oil to support 7 days of continuous DG operation at full load conditions may not be available. However, the Condition is restricted to lube oil volume reductions that maintain at least a 6 day supply (continued)
SAN ONOFRE--UNIT 2 B 3.8-38 Amendment No. 211 04/05/07
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3
( BASES (continued)
ACTIONS B.1 (continued) greater than or equal to the TSinop marking in the dipstick). This restriction allows sufficient time to obtain the requisite replacement volume. The TSmin mark corresponds to 369.4 gals for the 16 cylinder DG and 412.1 gals for the 20 cylinder DG. The TSinop mark corresponds to 347.5 gals for the 16 cylinder DG and 386.2 gals for the 20 cylinder DG. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required volume prior to declaring the DG inoperable. This period is acceptable based on the remaining capacity (>6 days), the low rate of usage, the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
C.'
In this Condition the 7 day fuel oil supply (43,600 gallons) for a DG during Mode 5 or 6 is not available. However, the Condition is restricted to fuel oil level reductions that maintain at least a 6 day supply (37,400 gallons). These circumstances may be caused by events such as full load operations required after an inadvertent start while at minimum required level; or feed and bleed operations, which may be necessitated by increasing particulate levels or any number of other oil quality degradations. This restriction allows sufficient time for obtaining the requisite replacement volume and performing the analyses required prior to addition of fuel oil to the tank. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required level prior to declaring the DG inoperable.
This period is acceptable based on the remaining capacity
(> 6 days), the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
D.1 This Condition is entered as a result of a failure to meet the acceptance criterion of SR 3.8.3.3. Normally, trending of particulate levels allows sufficient time to correct high particulate levels prior to reaching the limit of (continued)
SAN ONOFRE--UNIT 2 B 3.8-39 Amendment No. 211 04/05/07
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3 BASES (continued)
(
ACTIONS F._ (continued) are accomplished on the first attempt, and the low probability of an event during this brief period.
G._1 With a Required Action and associated Completion Time not met, or one or more DGs with diesel fuel oil or lube oil not within limits for reasons other than addressed by Conditions A through F, the associated DG may be incapable of performing its intended function and must be immediately declared inoperable.
SURVEILLANCE SR 3.8.3.1 REQUIREMENTS This SR *provides verification that there is an adequate inventory of fuel oil (> 48,400 gallons in Mode 1, 2, 3, or 4 and > 43,600 gallons in Mode 5 or 6) in the storage tanks to support each DG's operation for 7 days at full load. The K 7 day period is sufficient time to place the unit in a safe shutdown condition and to bring in replenishment fuel from an offsite location.
The 31 day Frequency is adequate to ensure that a sufficient supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.
SR 3.8.3.2 This Surveillance ensures that sufficient lube oil inventory is available to support at, least 7 days of full load operation for each DG. The TS min (412.1 gal for the 20 cylinder engine and 369.4 gal for the 16 cylinder engine) requirements are based on the DG manufacturer consumption values for the run time of the DG.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-41 Amendment No. 211 04/05/07
DC Sources - Operating B 3.8.4 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.4 DC Sources--Operating BASES BACKGROUND The station DC electrical power system provides the AC emergency power system with control power. It also provides both motive and control power to selected safety related equipment and preferred AC vital bus power (via inverters).
As required by 10 CFR 50, Appendix A, GDC 17 (Ref.1), the DC electrical power system is designed to havesufficient independence, redundancy, and testability to perform its safety functions, assuming a single failure. The DC electrical power system also conforms to the recommendations of Regulatory Guide 1.6 (Ref. 2) and IEEE-308 (Ref. 3).
The 125 VDC electrical power system consists of two independent and redundant safety related Class IE DC electrical power systems (Train A and Train B). Each train consists of two subsystems each containing a DC bus, one. 125 VDC battery, the required battery charger for each battery, and all the associated control equipment and interconnecting cabling.
During normal operation, the 125 VDC load is powered from the required battery charger with the batteries floating on the system. In case of loss of normal power to the required battery charger, the DC load is automatically powered from the station batteries.
The Train A and Train B DC electrical power systems provide control power for their associated Class 1E AC power load group, 4.16 kV switchgear, and 480 V load centers. The DC electrical power subsystems also provide DC electrical power to other loads including inverters which in turn power the AC vital buses.
Train A DC systems (Subsystems A and C) provide power to the Channel A and C inverters feeding the 120 VAC vital bus 1 and 3 electrical power distribution subsystems (Channel A and C). Train B DC system (Subsystems B and D) provide power to the Channel B and D inverters feeding the 120 VAC vital bus 2 and 4 electrical power distribution subsystems (Channel B and D). DC subsystem C also provides DC power to the Auxiliary Feedwater Pump (AFWP) P 140 steam inlet valve HV-4716 and the AFWP electric governor.
(Continued)
B 3.8-46 Amendment No. 127 03/13/09 ONOFRE--UNIT 22 SAN ONOFRE--UNIT B-3.8-46 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND Train A DC systems are capable of providing DC power to both (continued) Channel A and Channel C loads when DC subsystems A and C are manually cross-connected. This allows both DC buses to remain operable during battery replacement, testing, or maintenance of any one DC battery. A dedicated battery charger(s) can be replaced, tested or maintained when the swing charger is OPERABLE.
Train B DC systems are capable of providing DC power to both Channel B and Channel D loads when DC subsystem B and D are manually cross-connected. This allows both DC buses to remain operable during battery replacement, testing, or maintenance of any one DC battery. A dedicated battery
- charger(s) can be replaced, tested or maintained when the swing charger is OPERABLE.
Train Subsystem DC Bus Battery Charger Swing Charger A DI B007 B001 A B021 C D3 B009 B003 B D2 B008 B002 B B022 D D4 B010 B004 During cross-connecting of subsystem buses A and C or B and D, two batteries will be paralleled for a short duration.
An electrical fault during that duration could exceed the interrupting duties of the protective devices. This is an accepted practice during transfer of power sources and is considered to be an acceptable minimal risk. Once the cross-tie alignment is complete, only one battery is aligned to cross-connected buses DI and D3 or D2 and D4.
An OPERABLE Class 1E battery bank BOOX may replace B007, B008, B009 or B010 battery to allow battery maintenance (including replacement) activities.
The DC power distribution system is described in more detail in the Bases for LCO 3.8.9, "Distribution Systems -
Operating," and for LCO 3.8.10, "Distribution Systems -
Shutdown."
Each 125 VDC battery is separately housed in a ventilated room apart from its charger and distribution buses. Each subsystem is located in an area separated physically and electrically from the other subsystems to ensure that a (Continued)
SAN ONOFRE--UNIT 2 B 3.8-47 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND single failure in one subsystem does not cause a failure in (continued) a redundant subsystem. There is no sharing of equipment between redundant Class 1E subsystems, such as batteries, battery chargers, or distribution panels. Subsystems A and C or B and D share an 1800 amp-hour rated battery and battery charger(s) when cross-tied.
Each battery has adequate storage capacity to meet the duty cycle(s) discussed in the UFSAR, Chapter 8 (Ref. 6). The battery is designed with additional capacity above that required by the design duty cycle to allow for temperature variations and other factors.
The batteries for Train A and Train B DC electrical power subsystems are sized to produce the required capacity at 80%
of nameplate rating, corresponding to the warranted capacity at end of life cycles and the 100t design demand. The minimum design voltage limit at the supplied load (inverter) is 105.414 V (Ref.-12).
The battery cells are of flooded lead acid construction with a nominal specific gravity of 1.215. This specific gravity corresponds to an open circuit battery voltage of approximately 120 V for a 58-cell battery (i.e., cell voltage of 2.065 volts per cell (Vpc)). The open circuit voltage is the voltage maintained by a fully charged cell when there is no charging or discharging. Once fully charged with its open circuit voltage Ž 2.065 Vpc, the battery cell will maintain its capacity for 30 days without further charging per manufacturer's instructions. All cells begin to self-discharge when left on open circuit, but cells can be left open circuit for some period of time (> 30 days, refer to the manufacturer's instruction for the maximum storage periods) without any long-term performance degradation. Optimal long-term performance however, is obtained by maintaining a float voltage of 2.20 to 2.28 Vpc.
This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge. The nominal float voltage of 2.267 Vpc corresponds to a total float voltage of 131.5 V for a 58-cell battery.
Each Train A and Train B DC electrical power subsystem battery charger has ample power output capacity for the steady state operation of connected loads required during normal operation, while at the same time maintaining its battery bank fully charged. Each battery charger also has sufficient excess capacity to restore the battery from the design minimum charge to its fully charged state within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> while supplying normal steady state loads discussed in the UFSAR, Chapter 8 (Ref. 6).
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-48 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND Each subsystem has a dedicated battery charger that is rated (continued) at 300 Amps. Each Train has a 400 Amp rated swing battery charger that meets all the performance requirements of the dedicated charger and can be manually aligned to either subsystem. The swing charger breakers and interconnecting cables allow alignment to either subsystem within a train.
Key interlocks limit swing charger alignment to one subsystem at a time. The Train B swing charger can also be aligned to non-iE 125 VDC Battery Bus D5. Electrical isolation and independence between subsystems required by R.G. 1.75 is maintained by the isolation capability of the battery charger itself and the key interlocked output circuit breakers. If the swing battery charger is substituted for one of the dedicated battery chargers, the requirements of independence and redundancy between subsystems are maintained.
The swing battery charger and the dedicated battery charger are equally qualified. When required, the swing battery charger can replace the dedicated battery charger using the provided circuit breakers. The swing battery charger can stay in service indefinitely, and there are no restrictions on swing battery charger use. The swing and dedicated battery chargers are designed to operate in parallel in any combination. The swing battery charger is powered from its respective Train's common MCC which is diesel generator backed as required by TS 3.8.1, "AC Sources - Operating," or TS 3.8.2, "AC Sources - Shutdown."
With same train DC buses cross-connected, an OPERABLE charger or chargers with a combined rated capacity greater than or equal to 400 Amps is required.
A "required battery charger" is one of the following:
" the "dedicated charger" aligned to its respective DC bus
" the "swing battery charger" aligned to the respective DC bus
" two "dedicated chargers" aligned to cross-tied DC buses, or
- the "swing battery charger" aligned to cross-tied DC buses.
Note: It is acceptable to have the swing charger and one dedicated charger aligned to cross-connected buses.
The battery charger is normally in the float-charge mode.
Float-charge is the condition in which the charger is supplying the connected loads and the battery cells are receiving adequate current to optimally charge the battery.
This assures the internal losses of a battery are overcome and the battery is maintained in a fully charged state.
(Continued) o SAN ONOFRE--UNIT 2 B 3,8-49 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND When desired, the charger can be placed in the equalize (continued) mode. The equalize mode. is at a higher voltage than the float mode and charging current is correspondingly higher.
The battery charger is operated in the equalize mode after a battery discharge or for routine maintenance. Following a battery discharge, the battery recharge characteristic accepts current at the current limit of the battery charger (if the discharge was significant, e.g., following a battery performance or service test) until the battery terminal voltage approaches the charger voltage setpoint. Charging current then reduces exponentially during the remainder of the recharge cycle. Lead-acid batteries have recharge efficiencies of greater than 95%, so once at least 105% of the ampere-hours discharged have been returned, the battery capacity would be restored to the same condition as it was prior to the discharge. This can be monitored by direct observation of the exponentially decaying charging current or by evaluating the amp-hours discharged from the battery and amp-hours returned to the battery.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 7) and Chapter 15 (Ref. 8), assume that Engineered Safety Feature (ESF) systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
The OPERABILITY of the DC sources is consistent with the initial assumptions of the accident analyses and' is based upon meeting the design basis of the unit. This includes maintaining the DC sources OPERABLE during accident conditions in the event of:
- b. A worst case single failure.
The DC sources satisfy Criterion 3 of the NRC Policy Statement.
j/'
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-50 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES (continued)
LCO Each DC electrical power subsystem, consisting of one battery (unless cross-connected), the required battery charger, and the corresponding control equipment and interconnecting cabling supplying power to the associated bus, is required to be OPERABLE to support distribution systems required OPERABLE by LCO 3.8.9, "Distribution Systems - Operating." This ensures the availability of the required power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AO0) or a postulated DBA. Loss of any DC electrical power subsystem does not prevent the minimum safety function from being performed consistent with UFSAR Chapter 8 (Ref. 6).
During the cross-connection period of 4 days (14 days for battery replacement),.an OPERABLE DC electrical power subsystem requires one 1800 amp-hour rated battery and the required battery charger(s) to be operating and connected to subsystem DC buses A and C or B and D.
APPLICABILITY The DC electrical power sources are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure safe unit operation and to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided, and containment integrity and other vital functions are maintained in the event of a postulated DBA.
The DC electrical power requirements for MODES 5 and 6 are addressed in the Bases for LCO 3.8.5, "DC Sources -
Shutdown."
ACTIONS Conditions A and B represent one train with one or two required battery chargers or associated control equipment or cabling inoperable (e.g., the battery voltage limit of SR 3.8.4.1 is not maintained). The ACTIONS provide a tiered response that focuses on returning the battery to the fully charged state and restoring the required charger(s) to OPERABLE status in a reasonable time period.
/
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-51 . Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS A.I. A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2)
(continued)
Condition A is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
Required Action A.1 requires that the battery terminal voltage be restored to greater than or equal to the minimum established float voltage (Ž 129.0 V) within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This time provides for returning the inoperable charger to OPERABLE status or providing an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage. Restoring the battery terminal voltage to greater than or equal to the minimum established float voltage provides adequate assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored to its fully charged condition (Required Action A.2) from any discharge that might have occurred due to the charger inoperability.
A discharged battery having a terminal voltage of at least the minimum established float voltage indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus, there is adequate assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding a premature shutdown with its own attendant risk.
If established battery terminal float voltage cannot be restored to greater than or equal to the minimum established float voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, and the charger is not operating in the current-limiting mode, a faulty charger is indicated. A faulty charger that is incapable of maintaining established battery terminal float voltage does not provide assurance that it can revert to and operate properly in the current limit mode that is necessary during the recovery period following a battery discharge event that the DC system is designed for.
The charger operating in the current limit mode in excess of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is an indication that the battery is partially discharged and its capacity margins will be reduced. The time to return the battery to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action A.2).
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-52 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS A.1. A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued)
Required Action A.2 requires that the battery float current be verified to be less than or equal to 1.50 amps. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 1.50 amps the battery is at least 98% charged. A 2% capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 12) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 1.50 amps this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 13). The multimeter must be capable of measuring the low magnitude of DC current (less than 1.50 amps) and filtering the induced AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action A.3 (A.3.1 or A.3.2.1 and A.3.2.2) is applicable if an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage has been used (e.g., balance of plant non-Class 1E spare battery charger).
Required Action A.3.1 limits the restoration time for the required battery charger to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> if a non-iE charger with a non-lE power source is used. The restoration time for the required battery charger can be extended to 7 days (Required Action A.3.2.2) if the ability to power the spare battery charger from a diesel-backed source has been established within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (Required Action A.3.2.1). All preparations to accomplish the ability to power the spare battery charger must be complete within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The purpose of this provision is to facilitate connection of the spare battery charger to a diesel-backed source in < 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> if non-lE power is lost. The 4-hour charger connection time is required because 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after the loss of non-lE power, the battery may not supply the minimum required voltage at the loads. The 7 day completion time reflects a reasonabje time to effect restoration of the required battery charger to operable status.
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-53 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS B.1, B.2, and B.3 (B.3.1 or B.3.2.1 and B.3.2.2)
(continued)
Condition B is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
Required Action B.1 basis is the same as A.I.
Required Action B.2 requires that the battery float current be verified to be less than or equal to 0.75 amp. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 0.75 amp the battery is at least 98% charged. A 2% capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 12) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 0.75 amp this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current. The multimeter must be capable of measuring the low magnitude of DC current (less than 0.75 amp) and filtering the induced AC noise from the connected inverter.
A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action B.3 (B.3.1 or B.3.2.1 and B.3.2.2) basis is the same as A.3 (A.3.1 or A.3.2.1 and A.3.2.2).
C.1 With the required DC electrical power subsystem battery charger or associated control equipment or cabling outside the allowances of the Required Actions for Condition A or B, sufficient capacity to supply the maximum expected load requirement is not assured and the associated DC battery must be declared inoperable immediately.
(Continued)
SAN ONOFRE--UNIT-2 B 3.8-54 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS D.1 and D.2 (continued)
Condition D represents one train with one or two DC electrical power subsystems inoperable for reasons other than Condition A or B including when a battery is inoperable (Condition C). With a battery inoperable, the associated DC bus is being supplied by the required battery charger. Any event that results in a loss of the AC bus supporting the battery charger will eventually result in loss of DC to that subsystem. Recovery of the AC bus, especially if it is due to a loss of offsite power, will be hampered by the fact that many of the components necessary for the recovery (e.g., diesel generator control and field flash, AC load shed and diesel generator output circuit breaker, etc.) rely upon the operability of the battery(ies). In addition, DC loads with energization transients that are beyond the capability of the battery charger and normally require the assistance of the battery will not be able to be brought online. The 2-hour limit allows sufficient time to effect restoration of a DC electrical power subsystem or an inoperable battery given that the majority of the conditions that lead to battery inoperability (e.g., loss of battery charger, battery cell voltage less than 2.07 V, etc.) are identified in LCOs 3.8.4, 3.8.5, and 3.8.6 together with additional specific completion times.
Condition D also represents one train with a loss of ability to completely respond to an event, and a potential loss of ability to remain energized during normal operation. It is therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for complete loss of DC power to the affected subsystem. The 2-hour limit is consistent with the allowed time for an inoperable DC distribution system.
If one of the required DC electrical power subsystems is inoperable for reasons other than Condition A or B (e.g.,
inoperable battery charger and associated inoperable battery), the remaining DC electrical power subsystem has the capacity to support a safe shutdown and to mitigate an accident condition. Since a subsequent worst case single failure could, however, result in the loss of minimum necessary DC electrical subsystems to mitigate a worst-case accident, continued power operation should not exceed 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. The 2-hour Completion Time is based on Regulatory Guide 1.93 (Ref. 9) and reflects a reasonable time to cross connect with same train DC subsystem (1800 amp-hour rated battery required) or assess unit status as a function of the inoperable DC electrical power subsystem and, if the DC 2
(Continued)
SAN ONOFRE--UNIT 2 B 3.8-55 Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS D.1 and D.2 (continued) electrical power subsystem is not restored to OPERABLE status, to prepare to effect an orderly and safe unit shutdown. Either of Required Actions D.1 or D.2 will restore the DC subsystem train to OPERABLE status. Required Action D.2 includes a requirement to ensure the battery aligned to the cross-tied subsystem buses has adequate capacity.
Cross connection of two subsystems on two trains has not been analyzed and is therefore not permitted.
E.1 Condition E represents one train with one subsystem battery out of service and two subsystems cross-connected with one 1800 amp-hour rated battery. This alignment will allow both subsystems to remain OPERABLE for 4 days (14 days for battery replacement). The 4-day duration is adequate for routine maintenance activities such as performance of battery discharge testing (online) in MODES 1 through 4.
The 14-day duration allows for battery replacement projects.
The 4-day Completion Time includes a NOTE to allow an extension to 14 days for battery replacement.
The SONGS 2/3 Living PRA determined acceptable risk impact for a period of up to 30 days while two same train DC subsystems are cross-connected with one 1800 amp-hour rated battery supporting both buses. The analysis was performed consistent with the guidelines of Regulatory Guides 1.174 and 1.177.
Cross connection of two subsystems on two trains has not been analyzed and is therefore not permitted.
F.1 and F.2 If the inoperable DC electrical power subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. The Completion Time to bring the unit to MODE 5 is consistent wit the time required in Regulatory Guide 1.93 (Ref. 9).
(continued)
SAN ONOFRE--UNIT 2 B 3.8-55a Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES (continued)
SURVEILLANCE SR 3.8.4.1 REQUIREMENTS Verifying battery terminal voltage while on float charge for the batteries helps to ensure the effectiveness of the battery chargers, which support the ability of the batteries to perform their intended function. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a fully charged state, while supplying the continuous steady state loads of the associated DC subsystem. On float charge, battery cells will receive adequate current to optimally charge the battery. The voltage requirements are based on the nominal design voltage of the battery and are consistent with the minimum float voltage established by the battery manufacturer (2.20 Vpc). This voltage maintains the battery plates in a condition that supports maintaining the grid life (expected to be approximately 20 years). The 7-day frequency is consistent with manufacturer recommendations and Reg. Guide 1.129, Rev. 2 (Ref. 11).
The minimum float voltage is specified in SR 3.8.104.1 (Ref. 13).
SR 3.8.4.2 This SR verifies the design capacity of the swing and dedicated battery chargers. Regulatory Guide 1.32 (Ref. 10) recommends that the battery charger supply is to be based on the largest combined demands of the various steady state loads and the charging capacity to restore the battery from the design minimum charge state to the fully charged state, irrespective of the status of the unit during these demand occurrences. The minimum required amperes and duration ensure that these requirements can be satisfied. Each required battery charger must be capable of supplying rated amps at the minimum established float voltage for 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />s-The ampere requirements are based on the output rating of the chargers. The time period is sufficient for the charger temperature to have stabilized and to have been maintained for at least 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
The Surveillance Frequency is acceptable, given the unit conditions required to perform the test and the other administrative controls existing to ensure adequate charger performance during these 24-month intervals.
This SR is modified by two NOTES that clarify that the (dedicated battery charger is rated at 300 amps and the swing battery charger is rated at 400 amps.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-55b Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES SURVEILLANCE SR 3.8.4.3 REQUIREMENTS (continued) A battery service test is a special test of battery capabil-ity, as found, to satisfy the design requirements (battery duty cycle) of the DC electrical power system. The discharge rate and test length should correspond to the design duty cycle requirements as specified in IEEE 450 (Ref. 4). SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 13).
For batteries with a rated capacity of 1260 amp-hours, the service test will be performed at 24-month intervals. The performance discharge test may be used in lieu of the service test at 48-month intervals as stated in the NOTE.
This SR is modified by a NOTE that allows the battery performance discharge test in SR 3.8.6.7 to be performed in lieu of the service test in SR 3.8.4.3 once per 48 months for batteries rated at 1260 amp-hours. The substitution is acceptable because the battery performance discharge test in SR 3.8.6.7 represents a more severe test of battery capacity than the service test in SR 3.8.4.3.
If for any reason a battery has to undergo a service and performance test (e.g., one following the other during scheduled, maintenance testing), the service test shall be completed first. Recharging of the battery is required before the performance test is conducted. The "as found" condition prior to the performance test is state of the battery immediately prior to the performance test.
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE.. The spare cells are included during battery discharge testing.to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
SR 3.8.4.4 A modified performance test is comprised of performing a service test, in as-found condition, to satisfy the battery duty cycle followed immediately by a 4-hour rate constant current discharge until 1.75 Vpc is reached (Ref. 4, Annex 1.3). SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 13).
(continued)
Amendment No. 127 03/13/09 ONOFRE--UNIT 2 SAN ONOFRE--UNIT 2 B 3.8-55c B 3.8-55c Amendment No. 127 03/13/09
DC Sources - Operating B 3.8.4 BASES SURVEI LLANCE SR 3.8.4.4 (continued)
REQUIREMENTS This SR is modified by NOTE 1 which states that the modified performance discharge test in SR 3.8.6.7 will be performed for batteries rated at 1800 amp-hours. The substitution is acceptable because modified performance discharge test in SR 3.8.6.7 represents a more severe test of battery capacity than the service test in SR 3.8.4.4. The modified performance discharge test is described in the Bases for SR 3.8.6.7. NOTE 2 states that completed service tests and performance discharge tests remain valid until the new modified performance discharge test is performed at its required frequency.
For 1800 amp-hour rated batteries, the modified performance discharge test will use the combined duty cycle of the cross-connected subsystems. Battery life expectancy is optimized by using a 30-month test interval.
A modified performance discharge test shall be performed after installation of a new battery bank for operability.
Within 2 years after initial installation, a modified battery performance discharge test shall be performed for collecting baseline data for future battery capacity trending purposes.
)
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE. The spare cells are included during battery discharge testing to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-55d Amendment No. 127 03/13/09 r
DC Sources - Operating B 3.8.4 BASES (continued)
REFERENCES 1. 10 CFR 50, Appendix A, GDC 17.
- 2. Regulatory Guide 1.6, March 10, 1971.
- 3. IEEE-308-1978.
- 4. IEEE-450-2002.
- 5. IEEE-485-1997.
- 6. UFSAR, Chapter 8.
- 7. UFSAR, Chapter 6.
- 8. UFSAR, Chapter 15.
- 9. Regulatory Guide 1.93, December 1974.
- 10. Regulatory Guide 1.32, February 1977.
- 11. Regulatory Guide 1.129, Rev. 2.
) 13. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November 14, 2008.
9 SAN ONOFRE--UNIT 2 B 3.8-55e Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8.5 B 3.8 ELECTRICAL POWER SYSTEMS i)
B 3.8.5 DC Sources--Shutdown BASES BACKGROUND A description of the DC sources is provided in the Bases for LCO 3.8.4, "DC Sources - Operating." When TS 3.8.5 applies, there are two exceptions to what is described in the Bases for LCO 3.8.4:
- 1. One or both train(s) of DC subsystem buses may be cross-tied to an 1800 amp-hour rated battery. This alignment allows both subsystems to remain OPERABLE. There is no time limit to the duration DC subsystem buses may be cross-tied with the unit shutdown.
- 2. With same train DC buses cross-connected, an OPERABLE charger or chargers with a combined rated capacity greater than or equal to 300 Amps is required. A "required battery charger" is one of the following:
" the "dedicated charger" aligned to its respective DC bus
" the "swing battery charger" aligned to the respective DC bus
- one "dedicated charger" aligned to cross-tied DC buses, or i
- the "swing battery charger" aligned to cross-tied DC buses.
Note: It is acceptable to have the swing charger and one dedicated charger aligned to cross-connected buses.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume that Engineered Safety Feature (ESF) systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
The OPERABILITY of the DC subsystems is consistent with the initial assumptions of the accident analyses and the requirements for the supported systems' OPERABILITY.
The OPERABILITY of the minimum DC electrical power sources during MODES 5 and 6 and during movement of irradiated fuel assemblies ensures that:
- a. The unit can be maintained in the shutdown or refueling condition for extended periods; (continued)
SAN ONOFRE--UNIT 2 B 3.8-56 Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8.5 BASES APPLICABLE b. Sufficient instrumentation and control capability is SAFETY ANALYSES available for monitoring and maintaining the unit (continued) status; and
- c. Adequate DC electrical power is provided to mitigate events postulated during shutdown, such as a fuel handling accident.
The DC sources satisfy Criterion 3 of the NRC Policy Statement.
LCO Each DC electrical power subsystem, consisting of one battery (cross connection allowed), the required battery charger, and the corresponding control equipment and interconnecting cabling supplying power to the associated bus, is required to be OPERABLE to support distribution systems required OPERABLE by LCO 3.8.10, "Distribution Systems - Shutdown." This ensures the availability of sufficient DC electrical power sources to maintain the unit in a safe shutdown condition and to mitigate the consequences of postulated events during shutdown (e.g.,
fuel handling accidents).
APPLICABILITY The DC electrical power sources required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel assemblies provide assurance that:
- a. Required features to mitigate a fuel handling accident are available;
- b. Required features necessary to mitigate the effects of events that can lead to core damage during shutdown are available; and
- c. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown condition or refueling condition.
The DC electrical power requirements for MODES 1, 2, 3, and 4 are covered in LCO 3.8.4.
ACTIONS LCO 3.0.3 is not applicable while in MODE 5 or 6. However, since irradiated fuel assembly movement can occur in MODE 1, 2, 3, or 4, the ACTIONS have been modified by a NOTE stating that LCO 3.0.3 is not applicable. If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify (continued)
SAN ONOFRE--UNIT 2 B 3.8-57 Amendment No. 127 03/13/09 6
DC Sources - Shutdown B 3.8.5 BASES ACTIONS any action. If moving irradiated fuel assemblies while in (continued) MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operations. :Entering LCO 3.0.3, while in MODE 1, 2, 3 or 4 would require the unit to be shutdown unnecessarily.
Conditions A and B represent one train with one or two required battery chargers or associated control equipment or cabling inoperable (e.g., the battery voltage limit of SR 3.8.4.1 is not maintained). The ACTIONS provide a tiered response that focuses on returning the battery to the fully charged state and restoring the required charger(s) to OPERABLE status in a reasonable time period.
A.I. A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2)
Condition A is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
Required Action A.1 requires that the battery terminal voltage be restored to greater than or equal to the minimum established float voltage (Ž 129.0 V) within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This time provides for returning the inoperable charger to OPERABLE status or providing an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage. Restoring the battery terminal voltage to greater than or equal to minimum established float voltage provides good assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored 'to its fully charged condition (Required Action A.2) from any discharge that might have occurred due to the charger inoperability.
A discharged battery having terminal voltage of at least the' minimum established float voltage indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus, there is good assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding ashutdown of refueling activities.
If established battery terminal float voltage cannot be restored to greater than or equal to the minimum established float voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, and the charger is not operating in the current-limiting mode, a faulty charger is indicated. A faulty charger that is incapable of maintaining established battery terminal float voltage does not provide assurance that it can revert to and operate properly in the current limit mode that is necessary during the recovery period following a battery discharge event that the DC system is designed for.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-58 Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8'5 BASES ACTIONS A.I. A.2. and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued)
The charger operating in the current limit mode in excess of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is, an indication that the battery is partially discharged and its capacity margins will be reduced. The time to return the battery to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action A.2).
Required Action A.2 requires that the battery float current be verified as less than or equal to 1.50 amps. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 1.50 amps the battery is at least 98% charged. A 2% capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 3) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 1.50 amps this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 4). The multimeter must be capable of measuring the low magnitude of DC current (less than 1.50 amps) and filtering the induced AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action A.3 (A.3.1 or A.3.2.1 and A.3.2.2) is applicable if an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float Voltage has been used (e.g., balance of plant non-Class 1E spare battery charger).
Required Action A.3.1 limits the restoration time for the required battery charger to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> if a non-lE charger with a non-iE power source is used. The restoration time for the battery charger can be extended to 7 days (required Action A.3.2.2) if the ability to power the spare battery charger from a diesel-backed source has been established within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (Required Action A.3.2.1). All preparations to accomplish the ability to power the spare battery charger must be complete within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The purpose of this (continued)
SAN ONOFRE--UNIT 2 B 3.8-59 Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8.5 BASES ACTIONS A.1, A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued) provision is to facilitate connection of the spare battery charger to a diesel-backed source in < 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> if non-iE power is lost. The 4-hour charger connection time is required because 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after the loss of non-IE power, the battery may not supply the minimum required voltage at the loads. The 7-day completion time reflects a reasonable time to effect restoration of the required battery charger to operable status.
B.I. B.2, and B.3 (B.3.1 or B.3.2.1 and B.3.2.2)
Condition B is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
Required Action B.1 basis is the same as A.1.
Required Action B.2 requires that the battery float current be verified to be less than or equal to 0.75 amp. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 0.75 amp the battery is at least 98% charged. A 2% capacity margin
)(correction factor) has been used in the battery sizing calculation (Ref. 3) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 0.75 amp this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 4). The multimeter must be capable of measuring the low magnitude of DC current (less than 0.75 amp) and filtering the indicated AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action B.3 (B.3.1 or B.3.2.1 and B.3.2.2) basis is the same as A.3 (A.3.1 or A.3.2.1 and A.3.2.2).
(
(continued)
SAN ONOFRE--UNIT 2 B 3.8-59a Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8.5 BASES ACTIONS C.1 (continued)
With the required DC electrical power subsystem battery charger or associated control equipment or cabling outside the allowances of the Required Actions for Condition A or B, sufficient capacity to supply the maximum expected load requirement is not assured and the associated DC battery must be declared inoperable immediately.
D.1 or D.2.1. D.2.2. D.2.3. and D.2.4 Condition D represents one DC electrical power subsystem inoperable for reasons other than Condition A or B including when a battery is inoperable (Condition C). The ACTIONS provide a tiered response allowing the option to declare required features inoperable immediately with the associated DC power source(s) inoperable.
If two trains are required per LCO 3.8.10, the remaining train with DC power available may be capable of supporting sufficient systems to allow continuation of CORE ALTERATIONS and fuel movement. By allowing the option to declare required features inoperable with the associated DC power source(s) inoperable, appropriate restrictions will be implemented in accordance with the affected required features LCO ACTIONS. In many instances, this option may involve undesired administrative efforts. Therefore, the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involving positive reactivity additions). The Required Action to suspend positive reactivity additions does not preclude actions to maintain or increase reactor vessel inventory, provided the required SDM is maintained.
Suspension of these activities shall not preclude completion of actions to establish a safe conservative condition.
These actions minimize probability of the occurrence of postulated events. It is further required to immediately initiate action to restore the required DC electrical power subsystems and to continue this action until restoration is accomplished in order to provide the necessary DC electrical power to the unit safety systems.
The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required DC electrical power subsystems should be completed as quickly as possible in order to minimize the time during which the unit safety systems may be without sufficient power.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-59b Amendment No. 127 03/13/09
DC Sources - Shutdown B 3.8.5 BASES (continued)
SURVEILLANCE SR 3.8.5.1 REQUIREMENTS SR 3.8.5.1 states that Surveillances required by SR 3.8.4.1 through SR 3.8.4.4 are applicable in these MODES. See the corresponding Bases for LCO 3.8.4 for a discussion of each SR.
This SR is modified by a NOTE. The reason for the NOTE is to preclude requiring the OPERABLE DC sources from being discharged below their capability to provide the required power supply or otherwise rendered inoperable during the performance of SRs. It is the intent that these SRs must still be capable of being met, but actual performance is not required.
REFERENCES 1. UFSAR, Chapter 6.
- 2. UFSAR, Chapter 15.
- 4. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November 14, 2008.
SAN ONOFRE--UNIT 2 B 3.8-59c Amendment No. 127 03/13/09
Battery Parameters I B 3.8.6 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.6 Battery Parameters BASES BACKGROUND This LCO delineates the limits on battery float current as well as electrolyte temperature, level, and float voltage for the DC power subsystem batteries. A discussion of these batteries and their OPERABILITY requirements is provided in the Bases for LCO 3.8.4, "DC Sources - Operating," and LCO 3.8.5, "DC Sources - Shutdown." In addition to the limitations of this Specification, the licensee controlled program also implements a program specified in Administrative Controls Section 5.5.2.17 for monitoring various battery parameters that is based on recommendations of IEEE Standard 450-2002, "IEEE Recommended Practice for Maintenance, Testing, and Replacement of Vented Lead-Acid Batteries for Stationary Applications" (Ref. 3).
The battery cells are of flooded lead acid construction with a nominal specific gravity of 1.215. This specific gravity corresponds to an open circuit battery voltage of approximately 120 V for a 58-cell battery (i.e., cell
) voltage of 2.065 Volts per cell (Vpc)). The open circuit voltage is the voltage maintained when there is no charging or discharging. Once fully charged with its open circuit voltage Ž 2.065 Vpc, the battery cell will maintain its capacity for 30 days without further charging per manufacturer's instructions. Optimal long-term performance however, is obtained by maintaining a float voltage of 2.20 to 2.28 Vpc. This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge.
The nominal float voltage of 2.267 Vpc corresponds to a total float voltage output of 131.5 V for a 58-cell battery.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
19 (continued)
SAN ONOFRE--UNIT 2 B 3.8-60 Amendment No. 127 03/13/09
Battery Parameters B 3.8.6 BASES APPLICABLE The OPERABILITY of the DC subsystems is consistent with the SAFETY ANALYSES initial assumptions of the accident analyses and is based (continued) upon meeting the design basis of the unit. This includes maintainingat least one train of DC sources OPERABLE during accident conditions, in the event of:
- b. A worst case single failure.
Battery parameters satisfy Criterion 3 of the NRC Policy Statement.
LCO Battery parameters must remain within acceptable limits to ensure availability of the required DC power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence or a postulated DBA.
Battery parameter limits are conservatively established, allowing continued DC electrical system function even with limits not met.
7/ Note: Additional preventative maintenance, testing, and monitoring is performed in accordance with the Licensee Controlled Specifications 3.8.104, 3.8.105, and 3.8.106 and as specified in Administrative Controls Section 5.5.2.17 (Ref. 6).
APPLICABILITY The battery parameters are required solely for the support of the associated DC electrical power subsystems.
Therefore, battery parameter limits are only required when the DC power source is required to be OPERABLE. Refer to the Applicability discussion in the Bases for LCO 3.8.4 and LCO 3.8.5.
ACTIONS A.1., A.2.1 or A.2.2 and A.3 A battery cell is degraded when the cell float voltage is
<2.07 V. A battery bank may not be degraded with one or more degraded battery cells. Within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, verification of the required battery charger OPERABILITY is made by monitoring the battery terminal voltage (perform SR 3.8.4.1) and of the overall battery state of charge by monitoring the battery float charge current (perform SR 3.8.6.1 or SR 3.8.6.2 as applicable). This assures that there is still sufficient battery capacity to perform the intended (continued)
SAN ONOFRE--UNIT 2 B 3.8-61 Amendment No. 127 03/13/09
Battery Parameters B 3.8.6 BASES ACTIONS A.1, A.2.1 or A.2.2 and A.3 (continued) function. Therefore, the affected battery is not required to be considered inoperable solely as a result of one or more cells in one or more batteries <2.07 V, and continued operation is permitted for a limited period up to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> per Required Action A.3.
Since the Required Actions of A.1 and A.2.1 or A.2.2 only specify "perform", a failure of SR 3.8.4.1 or SR 3.8.6.1 or SR 3.8.6.2 acceptance criteria does not result in this Required Action not met. However, if one of the SRs is failed, the appropriate Condition(s), depending on the cause of the failures, is entered. If SR 3.8.6.1 or SR 3.8.6.2 is failed then there is not assurance that there is still sufficient battery capacity to perform the intended function and the battery must be declared inoperable immediately.
B.1 and B.2 Condition B is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
One or two batteries in one train with float current of
>1.50 amps indicates that a partial discharge of the battery' capacity has occurred. This may be due to a temporary loss of a battery charger or possibly due to one or more battery cells in a low voltage condition reflecting some loss of capacity.
Verification of the required battery charger OPERABILITY is made by monitoring the battery terminal voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> (perform SR 3.8.4.1). If the terminal voltage is found to be less than the minimum established float voltage there are two possibilities, the battery charger is inoperable or is operating in the current limit mode. The charger operating in the current limit mode after 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is an indication that the battery has been substantially discharged and likely cannot perform its required design functions. The time to return the battery to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action B.2). The battery must therefore be declared inoperable.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-62 Amendment No. 127 03/13/09
Battery Parameters I B 3.8.6 2 BASES ACTIONS B.1 and B.2 (continued)
If the float voltage is found to be satisfactory but there are one or more battery cells with float voltage less than 2.07 V, the associated "OR" statement in Condition G is applicable and the battery must be declared inoperable immediately. If float voltage is satisfactory there is a good assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored to its fully charged condition (required Action B.2) from any discharge that might have occurred due to a temporary loss of the battery charger. A discharged battery with float voltage (the charger setpoint) across its terminals indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus there is good assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding a premature shutdown with its own attendant risk.
If the condition is due to one or more cells in a low voltage condition but still greater than 2.07 V and float voltage is found to be satisfactory, this is not indication of a substantially discharged battery and 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is a reasonable time prior to declaring the battery inoperable.
Since Required Action B.1 only specifies "perform", a failure of SR 3.8.4.1 acceptance criteria does not result in the Required Action not met. However, if SR 3.8.4.1 is failed, the appropriate Condition(s), depending on the cause of the failure, is entered.
C.1 and C.2 Condition C is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
One or two batteries in one train with float current of
> 0.75 amp indicates that a partial discharge of the battery capacity has occurred. This may be due to a temporary loss of a battery charger or possibly due to one or more battery cells in a low voltage condition reflecting some loss of capacity.
The basis for C.1 and C.2 is the same as B.1 and B.2 except for 1260 amp-hour rated batteries, Condition H applies instead of Condition G.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-63 Amendment No. 127 03/13/09
Battery Parameters I B 3.8.6 BASES ACTIONS (conti nued) D.1, D.2 and D.3 With one or two batteries on one train with one or more cells with electrolyte level above the top of the plates, but below the minimum established design limits, the battery still retains sufficient capacity to perform the intended function. Therefore, the affected battery is not required to be considered inoperable solely as a result of electrolyte level not met. Electrolyte level limits are visually indicated on each cell via minimum and maximum electrolyte level lines. Within 31 days the minimum established design limits for electrolyte level must be re-established. With electrolyte level below the top of the plates there is a potential for dryout and plate degradation. Required Actions D.1 and D.2 address this potential (as well as provisions in Administrative Controls Section 5.5.2.17, Battery Monitoring and Maintenance Program). Actions for battery cell(s) with electrolyte level below the top of the plates, per Administrative Controls Section 5.5.2.17.c, are specified in LCS 3.8.106.
The Required Actions are modified by two NOTES:
NOTE I indicates that Required Actions D.1 and D.2 are only applicable if electrolyte level is below the top of the plates. Within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, the electrolyte level is required to be restored to above the top of the plates.
NOTE 2 indicates that Required Action D.2 must be completed if electrolyte level was below the top of the plates.
The Required Action D.2 requirement to verify that there is no leakage by visual inspection and the Administrative Controls Section 5.5.2.17.c initiate action to equalize and test in accordance with manufacturer's recommendation and to implement corrective actions in accordance with Annex D of IEEE Standard 450-2002 (Ref. 3). They are performed following the restoration of the electrolyte level to above the top of the plates. Based on the results of the manufacturer's recommended testing, the battery(ies) may have to be declared inoperable and the affected cells replaced.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-64 Amendment No. 127 03/13/09
Battery Parameters I B 3.8.6 BASES ACTIONS E.1 (continued)
With one or two batteries on one train with pilot cell electrolyte temperature less than the minimum established design limit (specified in LCS SR 3.8.106), 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is allowed to restore the temperature to greater than or equal to minimum established design limits. A low electrolyte temperature limits the current and power available. Since the battery is sized with margin, while battery capacity is degraded, sufficient capacity exists to perform the intended function and the affected battery is not required to be considered inoperable solely as a result of the pilot cell electrolyte temperature not met.
F.1 With one or more batteries in redundant trains with battery parameters not within limits there is not sufficient assurance that battery capacity has not been affected to the degree that the batteries can still perform their required function, given that redundant batteries are involved. With redundant batteries involved this potential could result in a total loss of function on multiple systems that rely upon the batteries. The longer completion times specified for battery parameters on non-redundant batteries not within limits are therefore not appropriate, and the parameters must be restored to within limits on at least one train within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
G.1 Condition G is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
With one or more batteries with any battery parameter outside the allowances of the Required Actions for Condition A, B, D, E or F, sufficient capacity to supply the maximum expected load requirement is not assured and the corresponding DC battery must be declared inoperable immediately. Additionally, discovering one or two'batteries in one train with one or more battery cells with float voltage less than 2.07 V and float current greater than 1.50 amps indicates that the battery capacity may not be sufficient to perform the intended functions. The battery must therefore be declared inoperable immediately.
(continued) 3.8-65 B 3.8-65 Amendment No. 127 03/13/09 SAN ONOFRE--UNIT 2 SAN ONOFRE--UNIT 2 B Amendment No. 127 03/13/09
Battery Parameters'I B 3.8.6 BASES ACTIONS (conti nued) H.1 Condition H is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
With one or more batteries with any battery parameter outside the allowances of the Required Actions for Condition A, C, D, E, or F, sufficient capacity to supply the maximum expected load requirement is not assured and the corresponding DC battery must be declared inoperable immediately. Additionally, discovering one or two batteries in one train with one or more battery cells with float voltage less than 2.07 V and float current greater than 0.75 amp indicates that the battery capacity may not be sufficient to perform the intended functions. The battery must therefore be declared inoperable immediately.
SURVEILLANCE SR 3.8.6.1 REQUIREMENTS Verifying battery float current while on float charge is used to determine the state of charge of the battery. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a charged state. The float current requirements are based on the float current indicative of a charged battery. Use of float current to determine the state of charge of the battery and the 7-day frequency is consistent with the battery manufacturer's recommendation.
This SR is modified by a NOTE that states the float current requirement is not required to be met when battery terminal voltage is less than the minimum established float voltage of SR 3.8.4.1. When this float voltage is not maintained the Required Actions of LCO 3.8.4 Action A are being taken, which provide the necessary and appropriate verifications of the battery condition. Furthermore, the float current limit of
- 1.50 amps for batteries rated at 1800 amp-hours is established based on the nominal float voltage value and is not directly applicable when this voltage is not maintained.
(continued)
Amendment No. 127 03/13/09 SAN ONOFRE--UNIT 2 2 B 3.8-66 B 3.8-66 Amendment No. 127 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.2 REQUIREMENTS (continued) Verifying battery float current while on float charge is used to determine the state of charge of the battery. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a charged state. The float current requirements are based on the float current indicative of a charged battery. Use of float current to determine the state of charge of the battery and the 7-day Frequency is consistent with the battery manufacturer's recommendation.
This SR is modified by a NOTE that states the float current requirement is not required to be met when battery terminal voltage is less than the minimum established float voltage of SR 3.8.4.1. When this float voltage is not maintained the Required Actions of LCO 3.8.4 Action B are being taken, which provide the necessary and appropriate verifications of the battery condition. Furthermore, the float current limit of < 0.75 amp for batteries rated at 1260 amp-hours is established based on the nominal float voltage value and is
) not directly applicable when this voltage is not maintained.
SR 3.8.6.3 and SR 3.8.6.6 SRs 3.8.6.3 and 3.8.6.6 require verification that the pilot or connected cell float voltages are equal to or greater than the short term absolute minimum voltage of 2.07 V.
Optimal long-term battery performance is obtained by maintaining a float voltage greater than or equal to the minimum established design limits provided by the battery manufacturer. This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge, which could eventually render the battery inoperable. Float voltage less than the administrative limit in LCS 3.8.106, but greater than 2.07 Vpc, is addressed in LCS 3.8.106 as required by Administrative Controls Section 5.5.2.17, items a and b. The frequency for cell voltage verification every 31 days for each pilot cell and 92 days for each connected cell is consistent with IEEE-450-2002 (Ref. 3).
(continued)
SAN ONOFRE--UNIT 2 B 3.8-66a Amendment No. 127 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.4 REQUIREMENTS (continued) The limit specified for electrolyte level ensures that the plates suffer no physical damage and maintain adequate electron transfer capability. The minimum established design limit is the minimum mark on the cell jar, which is above the top of the plates. The 31-day frequency is consistent with IEEE-450-2002 (Ref. 3). Battery cells with electrolyte level below the top of the plates are addressed in LCS 3.8.106.
SR 3.8.6.5 This Surveillance verifies that each pilot cell temperature is greater than or equal to the minimum established design limit, which is specified in LCS 3.8.106. Pilot cell electrolyte temperature is maintained above this temperature to assure the battery can provide the required current and voltage to meet the design requirements. Temperatures lower than assumed in battery sizing calculations act to inhibit or reduce battery capacity. The 31-day frequency is consistent with IEEE-450-2002 (Ref. 3).
(continued)
SAN ONOFRE--UNIT 2 B 3.8-66b Amendment No. 127 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.7 REQUIREMENTS (continued) A battery performance discharge test is a test of constant current capacity of a battery, normally done in the "as found" condition, after having been in service, to detect any change in the capacity determined by the acceptance ,
test. The test is intended to determine overall battery degradation due to age and usage. For 1800 amp-hour rated batteries, the modified performance discharge test will use the combined duty cycle of the cross-connected subsystems.
Either the battery performance discharge test or the modified performance discharge test is acceptable for satisfying SR 3.8.6.7. SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 6).
A modified performance discharge test is a test of the battery capacity and its ability to provide a high rate, short duration load (usually the highest rate of the duty cycle). This will confirm the battery's ability to meet the critical period of the load duty cycle, in addition to
) determining its percentage of rated capacity. Initial conditions for the modified performance discharge test should be identical to those specified for a service test.
The modified performance discharge test is conducted in accordance with IEEE 450-2002 Annex 1.3. The battery terminal voltage for the modified performance discharge test must remain above the minimum battery terminal voltage specified in the battery service test for the duration of time equal to that of the service test.
The acceptance criteria for this Surveillance are consistent with IEEE-450-2002 (Ref. 3) and IEEE-485-1997 (Ref. 4).
These references recommend that the battery be replaced if its capacity is below 80% of the manufacturer rating. A capacity of 80% shows that the battery rate of deterioration is increasing, even if there is ample capacity to meet the load requirements. Furthermore, the battery is sized to meet the assumed duty cycle loads when the battery design capacity reaches this 80% limit.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-66c Amendment No. 127 03/13/09
Battery Parameters I B 3.8.6 BASES SURVEILLANCE SR 3.8.6.7 (continued)
REQUIREMENTS The Surveillance Frequency for this test is normally 60 months. If the battery shows degradation, or if the battery has reached 85% of its expected life and capacity is
<100% of the manufacturer's rating, the Surveillance Frequency is reduced to 12 months. However, if the battery shows no degradation but has reached 85% Qf its expected life, the Surveillance Frequency is only reduced to 24 months for batteries that have capacity Ž 100% of the manufacturer's rating. Degradation is indicated, according to IEEE-450-2002 (Ref. 3), when the battery capacity drops by more than 10% relative to its capacity on the previous performance test or when it is Ž 10% below the manufacturer's rating. These frequencies are consistent with the recommendations in IEEE-450-2002 (Ref. 3).
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE. The spare cells are included during battery discharge testing to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
If for any reason a battery has to undergo a service and performance test (e.g., one following the other during scheduled maintenance testing), the service test shall be completed first. Recharging of the battery is required before the performance test is conducted. The "as found" condition prior to the performance test is state of the battery immediately prior to the performance test.
REFERENCES 1. UFSAR, Chapter 6.
- 2. UFSAR, Chapter 15.
- 3. IEEE-450-2002.
- 4. IEEE-485-1997.
- 6. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November 14, 2008.
SAN ONOFRE--UNIT 2 B 3.8-66d Amendment No. 127 03/13/09
Inverters-Operating B 3.8.7 BASES (continued)
LCO The inverters ensure the availability of AC electrical power for the systems instrumentation required to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AOO) or a postulated DBA.
Maintaining the required inverters OPERABLE ensures that the redundancy incorporated into the design of the RPS and ESFAS instrumentation and controls is maintained. The four battery powered inverters (one per channel) are required to be OPERABLE to ensure an uninterruptible supply of AC electrical power to the AC vital buses even if the 4.16 kV safety buses are de-energized.
OPERABLE inverters require the associated AC vital bus to be powered by the inverter, which has the correct DC voltage (105-140 V) applied from a battery to the inverter input, and inverter output AC voltage within tolerances.
APPLICABILITY The inverters are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
Inverter requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.8, "Inverters-Shutdown."
ACTIONS A.1 and A.2 Required Action A.1 is modified by a Note, which states to enter the applicable conditions and Required Actions of LCO 3.8.9, "Distribution Systems--Operating," when Condition A is entered with one AC vital bus de-energized.
This ensures the vital bus is returned to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-68 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.9 Distribution Systems - Operating BASES BACKGROUND The onsite Class 1E AC, DC, and AC vital bus electrical power distribution systems are divided as follows:
- Train A and Train B for AC
" Subsystems A, B, C, and D for DC
" Channels A, B, C, and D for AC vital bus electrical power distribution systems.
The AC primary electrical power distribution system is divided into two trains consisting of two 4.16 kV Engineered Safety Feature (ESF) buses, each having at least one separate and independent offsite source of power as well as a dedicated onsite diesel generator (DG) source. Each 4.16 kV ESF bus is normally connected to a preferred offsite source. After a loss of the preferred offsite power source to a 4.16 kV ESF bus, a transfer to the alternate offsite source is accomplished by utilizing a time delayed bus undervoltage relay. If all offsite sources are unavailable, the onsite emergency DG supplies power to the 4.16 kV ESF bus. Control power for the 4.16 kV breakers is supplied from the Class 1E batteries. Additional description of this system is in the Bases for LCO 3.8.1, "AC Sources-Operating," and the Bases for LCO 3.8.4, "DC Sources-Operating."
The 120 VAC vital buses are arranged into four channels and each channel is normally powered from its own channel inverter. The alternate power supply for the vital buses are Class 1E constant voltage source transformers powered from one of the trains in the same load group (one transformer per load group) which is governed by LCO 3.8.7, "Inverters - Operating." Each constant voltage source transformer is powered from a Class 1E AC bus.
There are four independent 125 VDC electrical power distribution subsystems (two for each Train). Background detail for the DC System is found in the Bases for LCO 3.8.4, "DC Sources - Operating" and the Bases for LCO 3.8.6, "Battery Parameters."
The AC systems, DC subsystems, and the AC vital buses are further defined in Table B 3.8.9-1.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-75 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 BASES (continued)
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume ESF systems are OPERABLE. The AC, DC, and AC vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System, and containment design limits are not exceeded. These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS); and Section 3.6, Containment Systems.
The OPERABILITY of the AC and DC electrical power distribution systems and AC vital buses are consistent with the initial assumptions of the accident analyses and is based upon meeting the design basis of the unit. This includes maintaining power distribution systems OPERABLE during accident conditions in the event of:
- a. An assumed loss of all offsite power or all onsite AC electrical power; and
- b. A worst case single failure.
The distribution systems satisfy Criterion 3 of the NRC Policy Statement.
LCO The required power distribution systems listed in Table B 3.8.9-1 ensure the availability of AC, DC, and AC vital bus electrical power for the systems required to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AOO) or a postulated DBA. The AC, DC, and AC vital bus electrical power distribution systems are required to be OPERABLE.
Maintaining the Train A and Train B AC, Subsystems A, B, C, and D DC, and Channels A, B, C, and D AC vital bus electrical power distribution systems OPERABLE ensures that the redundancy incorporated into the design of the ESF is not defeated. Therefore, a single failure within any electrical power distribution system will not prevent safe shutdown of the reactor.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-76 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 BASES LCO OPERABLE AC, DC, and AC vital bus electrical power (continued) distribution systems require the associated buses and load centers to be energized to their proper voltages.
APPLICABILITY The electrical power distribution systems are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
Electrical power distribution system requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.10, "Distribution Systems--Shutdown."
ACTIONS A.1 With one or more required AC buses or the required load center, except AC vital buses, in one train inoperable, the remaining AC electrical power distribution system in the other train is capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure.
The overall reliability is reduced, however, because a single failure in the remaining power distribution system could result in the minimum required ESF functions not being supported. Therefore, the required AC buses and load center must be restored to OPERABLE status within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.
Condition A worst scenario is one train without AC power (i.e., no offsite power to the train and the associated DG inoperable). In this condition, the unit is more vulnerable to a complete loss of AC power. It is, therefore, imperative that the unit operator's attention be focused on minimizing the potential for loss of power to the remaining (continued)
SAN ONOFRE--UNIT 2 B 3.8-77 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS A.1 (continued) train by stabilizing the unit, and on restoring power to the affected train. The 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> time limit before requiring a unit shutdown in this condition is acceptable because of:
- a. The potential for decreased safety if the unit operator's attention is diverted from the evaluations and actions necessary to restore power to the affected train, to the actions associated with taking the unit to shutdown within this time limit; and
- b. The potential for an event in conjunction with a single failure of a redundant component in the train with AC power.
The second Completion Time for Required Action A.1 establishes a limit on the maximum time allowed for any combination of required distribution systems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DC subsystem is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the AC distribution system. At this time, a DC circuit could again become inoperable, and AC distribution restored OPERABLE.
This could continue indefinitely.
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition A was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
B.1 With one or more AC vital bus inoperable, the remaining OPERABLE AC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition. Overall reliability is reduced, however, since an additional single failure could result in the minimum required ESF functions 2 ~(cont inued)
SAN ONOFRE--UNIT 2 B 3.8-78 Amendment No. 127 03/13/09
)
Distribution Systems- Operating B 3.8.9 BASES ACTIONS B.__ (continued) not being supported. Therefore, the required AC vital bus must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Condition B represents one or more AC vital bus without power; potentially both the DC source and the associated AC source are nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all noninterruptible power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining vital buses, and restoring power to the affected vital bus.
This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate vital AC power.
The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time takes into account the importance to safety of restoring the AC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE vital buses, and the low probability of a DBA occurring during this period.
The second Completion Time for Required Action B.1 establishes a limit on the maximum time allowed for any combination of required distribution systems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an AC bus is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up sinceto 8initial hours. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, failure of the LCO, to restore the vital bus distribution system. At this time, an AC train could again become inoperable, and vital bus distribution restored OPERABLE. This could continue indefinitely.
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition B was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-79 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS C.1 (continued)
With one or more DC electrical power distribution subsystems in one train inoperable, the remaining DC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining DC electrical power distribution subsystem could result in the minimum required DC subsystem must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Condition C represents one or more subsystems without adequate DC, power; potentially both with the battery significantly degraded and the associated charger nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all DC power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining subsystems and restoring power to the affected subsystem.
This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components which would be without power.
The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time for DC subsystems is consistent with Regulatory Guide 1.93 (Ref. 3).
The second Completion Time for Required Action C.1 establishes a limit on the maximum time allowed for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition C is entered while, for instance, and AC bus is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the DC distribution system. At this time, an AC train could again become inoperable, and DC distribution restored OPERABLE.
This could continue indefinitely.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-80 Amendment No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS C.1 (continued)
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition C was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
D.1 and D.2 If the inoperable distribution subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable.,
based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR 3.8.9.1 REQUIREMENTS This Surveillance verifies that the AC, DC, and AC vital bus electrical power distribution systems are functioning properly, with all the required circuit breakers closed and the buses energized from normal power. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The 7 day Frequency takes into account the redundant capability of the AC, DC, and AC vital bus electrical power distribution systems, and other indications available in the control room that alert the operator to system malfunctions.
)(continued)
SAN.ONOFRE--UNIT 2 B 3.8-81 Amendment'No. 127 03/13/09
Distribution Systems - Operating B 3.8.9 Table B 3.8.9-1 (Page 1 of 1)
AC and DC Electrical Power Distribution Systems TYPE VOLTAGE TRAIN A TRAIN B 4160 V ESF Bus A04 ESF Bus A06 AC 480 V Load Center B04 Load Center B06 SUBSYSTEM A SUBSYSTEM C SUBSYSTEM B SUBSYSTEM D DC 125 V Bus DI Bus D3 Bus D2 Bus D4 Panel DiPI Panel D3PI Panel D2P1 Panel D4P1 AC vital CHANNEL A CHANNEL C CHANNEL B CHANNEL D bus 120 V Bus Y01 Bus Y03 Bus Y02 Bus Y04 SAN ONOFRE--UNIT 2 B 3.8-83 Amendment No. 127 03/13/09
Distribution Systems - Shutdown B 3.8.10 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.10 Distribution Systems - Shutdown BASES BACKGROUND A description of the AC, DC, and AC vital bus electrical power distribution systems is provided in the Bases for LCO 3.8.9, "Distribution Systems--Operating" and the Bases for LCO 3.8.5, "DC Sources - Shutdown."
APPLICABLE The initial conditions of Design Basis Accident and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature (ESF) systems are OPERABLE. The AC, DC, and AC vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System, and containment design limits are not exceeded.
The OPERABILITY of the AC and DC electrical power distribution systems and AC vital buses is consistent with the initial assumptions of the accident analyses and the requirements for the supported systems' OPERABILITY.
The OPERABILITY of the minimum AC and DC electrical power distribution systems, and AC vital buses during MODES 5 and 6 ensures that:
- a. The unit can be maintained in the shutdown or refueling condition for extended periods;
- b. Sufficient instrumentation and control capability is available for monitoring and maintaining the unit status; and
- c. Adequate power is provided to mitigate events postulated during shutdown, such as a fuel handling accident.
The AC and DC electrical power distribution systems satisfy Criterion 3 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-84 Amendment No. 127 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES (continued)
LCO Various combinations of electrical distribution systems, equipment, and components are required OPERABLE by other LCOs, depending on the specific unit condition. Implicit in those requirements is the required OPERABILITY of necessary support required features. This LCO explicitly requires energization of the portions of the electrical distribution system necessary to support OPERABILITY of required systems, equipment and components-all specifically addressed in each LCO and implicitly required via the definition of OPERABILITY.
Maintaining these portions of the distribution system energized ensures the availability of sufficient power to operate the unit in a safe manner to mitigate the consequences of postulated events during shutdown (e.g.,
fuel handling accidents).
APPLICABILITY The AC and DC electrical power distribution systems required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel assemblies, provide assurance that:
- a. Systems to provide adequate coolant inventory makeup are available for the irradiated fuel in the core;
- b. Systems needed to mitigate a fuel handling accident are available;
- c. Systems necessary to mitigate the effects of events that can lead to core damage duringshutdown are available; and
- d. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown condition and refueling condition.
The AC and DC electrical power distribution systems, and AC vital buses requirements for MODES 1, 2, 3, and 4 are covered in LCO 3.8.9.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-85 Amendment No. 127 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES (continued)
ACTIONS A.1, A.2.1, A.2.2. A.2.3. A.2.4, and A.2.5 Although redundant required features may require redundant trains of electrical power distribution systems to be OPERABLE, one OPERABLE distribution system may be capable of supporting sufficient required features to allow continuation of CORE ALTERATIONS and fuel movement. By allowing the option to declare required features associated with an inoperable distribution system inoperable, appropriate restrictions are implemented in accordance with the affected distribution system LCO's Required Actions. In many instances, this option may involve undesired administrative efforts. Therefore,'the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involving positive reactivity additions that could result in loss of required SDM (Mode 5) or boron concentration (Mode 6)). Suspending positive reactivity additions that could result in failure to meet the minimum SDM or boron concentration limit is required to assure continued safe operation. Introduction of coolant inventory must be from sources that have a boron concentration greater than what would be required in the RCS for minimum SDM or refueling boron concentration. This may result in an overall reduction in RCS boron concentration, but provides acceptable margin to maintaining subcritical operation.
Introduction of temperature changes including temperature increases when operating with a positive MTC must also be evaluated to ensure they do not result in a loss of required SDM.
Suspension of these activities shall not preclude completion
- of actions to establish a safe conservative condition.
These actions minimize the probability of the occurrence of postulated events. It is further required to immediately initiate action to restore the required AC and DC electrical power distribution systems and to continue this action until restoration is accomplished in order to provide the necessary power to the unit safety systems.
Notwithstanding performance of the above conservative Required Actions, a required shutdown cooling (SDC) system may be inoperable. In this case, these 'Required Actions of Condition A do not adequately address the concerns relating to coolant circulation and heat removal. Pursuant to LCO 3.0.6, the SDC ACTIONS would not be entered.
(continued)
SAN ONOFRE--UNIT 2 B 3.8-86 Amendment No. 127 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES ACTIONS A.1, A.2.1, A.2.2, A.2.3. A.2.4. and A.2.5 (continued)
Therefore, the Required Actions of Condition A direct declaring SDC inoperable, which results in taking the appropriate SDC actions.
The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required distribution systems should be completed as quickly- as possible in order to minimize the time the unit safety systems may be without power.
SURVEILLANCE SR 3.8.10.1 REQUIREMENTS This Surveillance verifies that the AC, DC, and AC vital bus electrical power distribution system is functioning properly, with all the required buses energized. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The 7-day frequency takes into account the redundant capability of the electrical power distribution systems and other indications available in the control room that alert the operator to system malfunctions.
REFERENCES 1. UFSAR, Chapter 6.
- 2. UFSAR, Chapter 15.
SAN ONOFRE--UNIT 2 B 3.8-87 Amendment No. 127 03/13/09
SAN ONOFRE UNIT 3 REVISED TS BASES PAGES CRIS B 3.3.9 BASES (continued)
APPLICABLE The CRIS, in conjunction with the Control Room Emergency Air SAFETY ANALYSES Cleanup System (CREACUS), maintains the control room atmosphere within conditions suitable for prolonged occupancy throughout the duration of any one of the accidents discussed in Reference 1. The radiation exposure of control room personnel, through the duration of any one of the postulated accidents discussed in "Accident Analysis," SONGS Units 2 and 3 UFSAR, Chapter 15 (Ref. 1),
does not exceed the limits set by 10 CFR 50, Appendix A, GDC 19 (Ref. 3).
LCO LCO 3.3.9 requires one channel of CRIS to be OPERABLE. The required channel consists of Actuation Logic, Manual Trip, and gaseous radiation monitors. The specified value for the setpoint of the CRIS is listed in the SR.
The Bases for the LCO on the CRIS are discussed below for each Function:
- a. Manual Trip The LCO on Manual Trip backs up the automatic trips and ensures operators have the capability to rapidly initiate the CRIS Function if any parameter is trending toward its setpoint. One channel must be OPERABLE. This considers that the Manual Trip capability is a backup and that other means are available to actuate the redundant train if required, including manual SIAS.
- b. Airborne Radiation One channel of Airborne Radiation detection in the required train is required to be OPERABLE to ensure the control room isolates on high gaseous concentration.
- c. Actuation Logic One train of Actuation Logic must be OPERABLE, since there are alternate means available to actuate the redundant train, including SIAS.
(conti nued)
SAN ONOFRE--UNIT 3 B 3.3-146 Amendment No. 116 12/01/08
RCS DNB (Pressure, Temperature, and Flow) Limits B 3.4.1 BASES (continued)
APPLICABLE within the limits of LCO 3.1.7, "Regulating CEA Insertion SAFETY ANALYSES Limits"; LCO 3.1.8, "Part Length CEA Insertion Limits";
(continued) LCO 3.2.3, "AZIMUTHAL POWER TILT (Tq)"; and LCO 3.2.5, "AXIAL SHAPE INDEX (ASI)". The safety analyses are performed over the following range of initial values: RCS pressure 2000 - 2300 psia, core inlet temperature 533 -
560°F (for > 30% power), and 520 - 560'F (for _<30% power) and reactor vessel inlet coolant volumetric flow rate 95%.
The RCS Pressure, Temperature, and Flow limits satisfy Criterion 2 of the NRC Policy Statement.
LCO This LCO specifies limits on the monitored process variables-RCS pressurizer pressure, RCS cold leg temperature and RCS total flow rate-to ensure that the core operates within the limits assumed for the plant safety analyses. These variables are contained in the COLR to provide operating and analysis flexibility from cycle to cycle. Operating within these limits will result in meeting the DNBR criterion in the event of a DNB limited transient.
The LCO numerical values for pressure, temperature and flow rate specified in the COLR are given for the measurement location but have not been adjusted for instrument error.
The uncertainties for pressure and temperature are accounted for in the CPC and COLSS overall uncertainty analyses. The RCS flow uncertainty must be applied to the value stated in this LCO.
APPLICABILITY In MODE 1, the limits on RCS pressurizer pressure, RCS cold leg temperature, and RCS flow rate must be maintained during.
steady state operation in order to ensure that DNBR criteria will be met in the event of an unplanned loss of forced coolant flow or other DNB limited transient. In all other MODES, the power level is low enough so that DNBR is not a concern.
A Note has been added to indicate the limit on pressurizer pressure may be exceeded during short term operational transients such as a THERMAL POWER ramp increase of > 5% RTP per mi nute or a THERMAL POWER step increase of > 10% RTP.
I (conti nued)
SAN ONOFRE--UNIT 3 B 3.4'2 Amendment No. 116 02/03/09
ECCS -Operating B 3.5.2 BASES (continued)
SURVEILLANCE SR 3.5.2.3 (continued)
REQUIREMENTS manipulation. Rather, it involves verification that those valves capable of being mispositioned are in the correct position.
The 31 day Frequency is appropriate because the valves are operated under procedural control and an improper valve position would only affect a single train. This Frequency has been shown to be acceptable through operating experience.
SR 3.5.2.4 The ECCS pumps are normally in a standby, nonoperating mode.
As such, flow path piping has the potential to develop voids and pockets of entrained gases. Maintaining the piping from the RWST to the RCS full of water (Ref. 7) ensures that the system will perform properly, injecting its full capacity into the RCS upon demand. This will also prevent water hammer, pump cavitation, and pumping of noncondensible gas (e.g., air, nitrogen, or hydrogen) into the reactor vessel following an SIAS. The 31 day Frequency takes into consideration the gradual nature of gas accumulation in the ECCS piping and the adequacy of the procedural controls governing system operation.
SR 3.5.2.5 Periodic surveillance testing of ECCS pumps to detect gross degradation caused by impeller structural damage or other hydraulic component problems is required by Section XI of the ASME Code. This type of testing may be accomplished by measuring the pump developed head at only one point of the pump characteristic curve. This verifies both that, the measured performance is within an acceptable tolerance of the original pump baseline performance and that the performance at the test flow is greater than or equal to the performance assumed in the unit safety analysis. SRs are specified in the Inservice Testing Program, which encompassesSection XI of the ASME Code.Section XI of the ASME Code provides the activities and Frequencies necessary to satisfy the requirements.
SR 3.5.2.6 Deleted (continued)
I SAN ONOFRE--UNIT 3 B 3. 5-19 Amendment No. 116 03/03/09 1
ECCS - Operating B 3.5.2 BASES (continued)
REFERENCES 1. 10 CFR 50, Appendix A, GDC 35.
- 2. 10 CFR 50.46.
- 3. UFSAR, Section 6.3, 15.6.3, and 15.10.6.3.
- 4. NRC Memorandum to V. Stello, Jr., from R. L. Baer, "Recommended Interim Revisions to LCOs for ECCS Components," December 1, 1975.
- 5. IE Information Notice No. 87-01, January 6, 1987.
- 6. CE NPSD-995, "CEOG Joint Applications Report for Low Pressure Safety Injection System AOT Extension," May 1995.
- 7. Nine-Month Response to GL 2008-01, 2008.
Dated October 14, I
SAN ONOFRE--UNIT 3 B 3.5-20a Amendment 116 03/03/09 1
MSSVs B 3.7.1 B 3.7 PLANT SYSTEMS B 3.7.1 Main Steam Safety Valves (MSSVs)
BASES BACKGROUND The primary purpose of the MSSVs is to provide overpressure
-protection for the secondary system. The-MSSVs also provide protection against overpressurizing the reactor coolant pressure boundary by providing a heat sink for the removal of energy from the Reactor Coolant System (RCS) if the preferred heat sink, provided by the Condenser and Circulating Water System, is not available.
Nine MSSVs are located on each main steam header, outside containment, upstream of the main steam isolation valves.
As described in UFSAR Section 10.3.2 (Ref. 1),. the MSSVs must have sufficient capacity to limit the secondary system pressure to
- 110% of the design pressure. This meets the requirements of Section III of the ASME Code (Ref. 2).
The ASME requirement that MSSVs lift settings should be within 1% of the specified setpoint reflects two separate objectives: the objective to maintain lift setpoints within the bounds of the Safety Analysis and an objective to minimize the number of valves which operate to mitigate an event by staggering the valve setpoints.
This second requirement to stagger setpoints reflects good engineering design, but not safety requirements. The objective to stagger valve setpoints constrains the less restrictive Safety Analysis requirement as a condition of Operability.
The radiological release assumptions used in the Steam Generator Tube Rupture dose assessment bound the source terms which are based on a low MSSV setpoint of 1100 psia with 15% MSSV blowdown, and considering -the appropriate setpoint tolerance.
(conti nued)
SAN ONOFRE--UNIT 3 B 3.7-1 Amendment No. 204 06/21/07
MSSVs B 3.7.1 BASES (continued)
APPLICABLE SAFETY ANALYSES The design basis for the MSSVs comes from Reference 2.
The MSSVs' purpose is to limit secondary system pressure to
< 110% of design pressure when passing 100% of design steam I
flow. This design basis is sufficient to cope with any anticipated operational occurrence (ADO) or accident considered in the Design Basis Accident (DBA) and transient analysis.
The events that challenge the MSSV relieving capacity, and thus RCS pressure, are those characterized as decreased heat removal events, and are presented in the UFSAR, Section 15.2 (Ref. 3). Of these, the full power loss of condenser vacuum (LOCV) event is the limiting ADO. An LOCV isolates the turbine and condenser, and terminates normal feedwater flow to the Steam Generators. Before delivery of auxiliary feedwater to the Steam Generators, RCS pressure reaches
< 2750 psig. This peak pressure is less than or equal to 110% of the design pressure of 2500 psia, but high enough to actuate the pressurizer safety valves. The maximum relieving rate of the MSSVs during the LOCV event (Reference 3), is within the rated capacity of the MSSVs.
II
,I The MSSVs satisfy Criterion 3 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-2 Amendment No. 116 04/28/08
MSSVs B 3.7.1 BASES (continued)
LCO This LCO requires MSSVs to be OPERABLE as specified in Tables 3.7.1-1 and 3.7.1-2. The LCO is met when no more than one MSSV per steam generator is inoperable. Operation with more than one MSSV inoperable per steam generator requires limitations on allowable THERMAL POWER (to meet Reference 2 requirements) and adjustment to Reactor Protection System trip setpoints. These limitations are according to those shown in Table 3.7.1-1, Required Action AlI, and Required Action A.2. An MSSV is considered inoperable if it fails to open upon demand.
The OPERABILITY of the MSSVs is defined as the ability to open in accordance with Lift Settings specified in Table 3.7.1-2, relieve Steam Generator overpressure, and reseat when pressure has been reduced. The OPERABILITY of the MSSVs is determined by periodic surveillance testing in accordance with the inservice testing program.
The Lift Settings specified in Table 3.7.1-2 correspond to ambient conditions of the valve at nominal operating temperature and pressure.
This LCO provides assurance that the MSSVs will perform their designed safety function to mitigate the consequences of accidents that could result in a challenge to the Reactor Coolant Pressure Boundary.
APPLICABILITY In MODE 1, the accident analysis requires a minimum of five MSSVs per Steam Generator Which is limiting and bounds all lower MODES. In MODES 2 and 3, both the ASME Code and the accident analysis require only one MSSV per Steam Generator to provide overpressure protection.
In MODES 4 and 5, there are no credible transients requiring the MSSVs.
The Steam Generators are not normally used for heat removal in MODES 5 and 6, and thus cannot be pVerpressurized; there is no requirement for the MSSVs to be OPERABLE in these MODES.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-3 Amendment No. 204 04/28/08
MSSVs B 3.7.1 BASES (continued)
ACTIONS The ACTIONS table is modified by a Note indicating that separate Condition entry is allowed for each MSSV.
A.1 With two to seven MSSVs per steam generator (SG) inoperable reduce power so that the available MSSV relieving capacity meets Reference 2 requirements for the applicable THERMAL POWER. Operation with less than all nine. MSSVs OPERABLE for each Steam Generator is permissible, if THERMAL POWER is limited to the relief capacity of the remaining MSSVs. This is accomplished by restricting THERMAL POWER so that the energy transfer to the most limiting Steam Generator is not greater than the available relief capacity in that Steam Generator.
Operation at or below the allowable power will ensure the design overpressure limits will not be exceeded..
The 4-hour Completion Time for Required Action A.1 is a reasonable time period to reduce power level and is based on the low probability of an event occurring in this period that would require activation of the MSSVs.
A.2 With two to four MSSVs per SG inoperable, the ceiling on the Linear Power Level-High trip setpoint is reduced. The reduced reactor trip allowable values are based on a detailed analysis of the Loss of Condenser Vacuum with a '
Concurrent Single Failure event (Ref. 3). This anaysis considered the concerns identified in NRC Information Notice 94-60 (Ref. 6). With five to seven MSSVs per SG inoperable, the plant must be taken to MODE 3 (per Action A.1), where the ]inear Power Level-High trip is not required.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-4 Amendment No. 204 06/21/07
MSSVs B 3.7.1 BASES (.continued)
ACTIONS A.2 (continued)
The operator should limit the maximum steady state power level to some value below this setpoint to avoid an inadvertent overpower trip.
The Completion Time of 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> for Required Action A.2 is.
based on the time required to perform the power reduction, operating experience in resetting all channels of a protective function, and on the low probability of the occurrence of a transient that could result in steam generator overpressure during this period.
B.1 and B.2 If the MSSVs cannot be restored to OPERABLE status in the associated Completion Time, or if one or more Steam Generators have eight or more inoperable MSSVs per SG, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 4 within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR 3.7.1.1 REQUIREMENTS This SR verifies the OPERABILITY of the MSSVs by the verification of each MSSV lift setpoints in accordance with the inservice testing program. The ASME Code,Section XI (Ref. 4), requires that safety and relief valve tests be performed in accordance with ASME OM Code., 1998 Edition through 2000 Addenda, Appendix Il-Inservice Testing of Pressure Relief Devices in Light-Water React'or Nuclear Power Plants (Ref. 5).
(continued)
SAN ONOFRE--UNIT 3 B 3.7-5 Amendment No. 204 06/21/07
MSSVs B 3.7.1 BASES (continued)
SURVEILLANCE SR 3.7.1.1 (continued)
REQUIREMENTS According to Reference 5, the following tests are required for MSSVs:
- a. Visual examination;
- b. Seat tightness determination;
- c. Setpoint pressure determination (lift setting); and
- d. Compliance with owner's seat tightness criteria.
This SR is modified by a Note that allows entry into and operation in MODE 3 prior to performing the SR. This is to allow testing of the MSSVs at hot conditions. The MSSVs may be either bench tested or tested in situ at hot conditions using an assist device to simulate lift pressure. If the MSSVs are not tested at hot conditions, the lift setting pressure shall be corrected to ambient conditions of the valve at operating temperature and pressure.
REFERENCES 1. UFSAR, Section 10.3.2.
- 2. ASME, Boiler and Pressure Vessel Code,Section III, Article NC-7000, Class 2 Components.
- 3. UFSAR, Section 15.2.
- 4. ASME, Boiler and Pressure Vessel Code,Section XI, Article IWV-3500.
- 5. ASME OM Code, 1998 Edition through 2000'Addenda, Appendix l-Inservice Testing of Pressure Relief Devices in Light-Water Reactor Nuclear Power Plants.
- 6. NRC Information Notice 94-60.
SAN ONOFRE--UNIT 3 B 3.7-6 Amendment No. 204 06/21/07
ECW System B 3.7.10 BASES (continued)
BAC:KGROUND 1"f wh-ile implementing LCO 3.7.10 -Acti-on A for .,an inoperable (continued) ECW train., the opposite ECW train for the affected Unit(s) becomes inoperable, enter LCO 3.0.3 on the applicable Unit(s).
TS 3.7.10 allows 14 days for restoring operability of one ECWS train. The 14 day AOT is based on a probabilistic risk assessment that was done in accordance with the guidance of Regulatory Guide 1.177, "An Approach for Plant-Specific, Risk Informed Decisionmaking: Technical Specifications."
The 14 day AOT is implemented in the three-tiered approach.
First, the risk of the 14 day AOT is acceptable based on the single AOT risk. Second, administrative controls must be established to ensure that preventive maintenance on an emergency chilled water train does not coincide with a planned outage of normal chilled water system chillers ME330, ME331, pumps MP158, MP159, or compression tank T013.
These controls also apply to required support equipment for the above listed components. Third, risk-significant configurations are identified and managed appropriately per the Maintenance :Rule (a)(4). Allowing only one 14 day clock even in the case of multiple single train component failures is conservative. This approach prohibits exceeding the intent of the LCO, which is to ensure an ECWS train remains out of service for no more than 14 days, regardless of circumstances.
LCO 3.7.10 allows only one ECW train to be inoperable.
Therefore, with both trains inoperable, a LCO 3.0.3 entry is required.
An emergency chiller is considered OPERABLE when it is or can be aligned to either Unit's operating or standby OPERABLE Component Cooling Water (CCW) critical loop, provided that the OPERABLE CCW critical loop can be placed in operation within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> after a design basis event is detected in the Control Room. (Reference 2) Thus, an emergency chiller, under normal circumstances, remains OPERABLE during a transfer operation between OPERABLE CCW critical loops completed in less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Likewise, an emergency chiller is considered OPERABLE when it is aligned to either Unit's energized 4 kV bus. Under normal circumstances, the emergency chiller remains OPERABLE during a transfer operation between 4 kV buses, provided the transfer operation is completed in less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-50 Amendment No. 188 03/07/07
ECW System B 3.7.10 BASES (continued)
.Room Coolers OPERAB*ILITY., General If one or more required individual room coolers for a Unit are inoperable and the bac'kup cooling listed in Table I for the affected room(s) is also inoperable, OR if the temperature in the affected room(s) increases above its design temperature, declare the safety related equipment in the cooled room(s) inoperable and enter the LCO action (continued)
SAN ONOFRE--UNIT 3 B 3.7-50a Amendment No. 188 03/07/07 1
ECW System B 3.7.10 BASES (continued)
BACKGROUND TABLE 1 (continued) Individual Room Coolers 1E COOLER BACKUP COOLER EQUIPMENT IN ROOM ME417 ME414 P017, P015, P012 ME416 ME413 P019, P016, P013 ME517 ME445 (1E) P018 ME445 ME517 (lE) P018 ME455 ME448 P026 ME454 ME450 (NON-IE) or ME518 P025 ME518 ME450 (NON-lE) or ME454 P025 ME453 ME449 P024 ME438 RADWASTE FANS: P190 ME433 or ME434 (supply)
-AND-MA192 or MA193 (exhaust)
ME435 Same as above for ME438 P192.
ME436 ME437 (OE) or Same as above for ME438 P.191 ME437 ME436 (1E) or Same as above for ME438 P191 ME255 ME430 and MA165, or alternate method 50-ft. swgr ME257 ME430 and MA165, or alternate method 50 ft. swgr ME441 ME442 (1E) PO09, Polo ME442 ME441 (HE) P009, Polo (conti nued)
SAN ONOFRE--UNIT 3 B 3.7751 Amendment No. 116 04/28/08
ECW System B 3.7.10 BASES (continued)
BACKGROUND statement(s) for the inoperable equipment in the cooled (continued) room(s). See details for specific rooms, below.
If one or more required individual room cooler(s) for a Unit are inoperable, the ECW train for that Unit remains OPERABLE. OPERABILITY of the safety related equipment in the cooled room(s) remains unaffected provided that the backup room cooling listed in Table I remains OPERABLE AND provided that the temperature in the affected room(s) remains below its design temperature. Return the individual room cooler(s) to OPERABLE status within 14 days while maintaining the temperature in the affected room(s) below its design temperature or enter the applicable action statement for the equipment in the room. Separate entry is allowed for each inoperable emergency room cooler.
For equipment in rooms cooled by only emergency cooling with no normal cooling, redundant emergency coolers are 100%
capacity, and are adequate for maintaining the cooled equipment OPERABLE for up to 14 days.
It is not prudent to rely on backup cooling for periods longer than the allowed outage time for an ECW train itself.
Therefore it is conservative to require restoration of an inoperable room cooler within 14 days.
With both emergency and backup room cooling inoperable, safety related equipment does not have -the cooling required by the LCO 1.1 definition of OPERABLE.
Table I permits normal Radwaste Building ventilation to provide backup cooling for the charging pump rooms. This is reasonable because these pumps can be running normally and have no normal room coolers.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-52 Amendment No. 116 04/28/08
ECW System B 3.7.10 BASES (continued)
I APPLICABILITY n MODES 1, 2, 3, and 4, the ECW System is re q.uired to .:be OPERABLE when a LOCA or other accident would require ESF operation'.
In MODES 5 and 6, potential heat loads are smaller and the probability of accidents requiring the ECW System is low.
ACTIONS ACTION statement.s are modified by a Note: "Each Unit shall enter applicable ACTIONS separately." Because the ECW System is shared between Unit 2 and Unit 3, this note clarifies what Action should be taken when the Units are in different MODES.
A.1 If one ECW train is inoperable, action must be taken to restore OPERABLE status within 14,days. The 14 day AOT is based .on a probabilistic risk asses'sment that requires administrative controls be implemented to ensure that preventive maintenance on an emergency chilled water train does not coincide with a planned outage of normal chilled water system chillers ME330, ME331, pumps MP158, MP159, or compression tank T013. These controls also apply to required support equipment for the above listed components.
In this condition, one OPERABLE ECW train is adequate to perform the cooling function. The 14 day Completion Time is reasonable, based on the low probability of an event occurring during this 'time, 'the 100% capacity OPERABLE ECW train, and the redundant availability of the normal HVAC System.
B.1 and B.2 If the ECW train cannot be restored to OPERABLE status within the associated Completion Time, or two ECW trains are inoperable, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. -The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR 3.7.10.1 REQUIREMENTS Verifying the correct alignment for manual, power operated, and automatic valves in the ECW flow path provides assurance that the proper flow paths exist for ECW operation. This SR does not apply to valves that are locked, sealed, or (continued)
SAN ONOFRE--UNIT 3 B 3.7-55 Amendment No. 116 03/07/07 I
ECW System B 3.7.10 BASES (continued)
'SURVEI'LLANCE SR 3.7.10.1 (continued)
REQUIREMENTS otherwi-se secured in position, since they are verifi:ed to be in the correct position prior to locking, sealing, or securi~ng. This SR also does not apply to valves that cannot be inadvertently misaligned, such as check valves. This Surveillance does not require any testing or valve manipulation;, rather, it involves verification that those valves capable of potentially being mispositioned are in the correct position.
The 31 day Frequency is based on engineering judgment, is consistent with the procedural controls governing valve operation, and ensures correct valve positions.
SR 3.7.10.2 This SR verifies proper automatic operation of the ECW System components and that the ECW pumps and chillers will start in the event of any accident or transient that generates an SIAS, TGIS, CRIS, or FHIS. The 24 month Frequency is based on operating experience and design reliability of the equipment.
REFERENCES 1. UFSAR, Section 9.4.2.
- 2. :Memorandum from V. Barone (NEDO) to T. Vogt (OPS),
Revision 1, dated 12-22-94 (CDM document HVAC-352)
SAN ONOFRE--UNIT 3 B 3.7-55a Amendment No. 116 03/07/07 I
CREACUS B 3.7.11 B 3.7 PLANT SYSTEMS B 3.7.11 Control Room Emergency Air Cleanup System (CREACUS)
BASES BACKGROUND The CREACUS provides a protected environment from which occupants can control the plant following an uncontrolled release of radioactivity, hazardous chemicals, or smoke.
The CREACUS consists of two independent, redundant trains that recirculate and filter the air in the control room envelope (CRE) and a CRE boundary that limits the inleakage of unfiltered air. Each CREACUS train consists of emergency air conditioning unit, emergency ventilation air supply unit, emergency isolation dampers, and cooling coils and two cabinet coolers per Unit. Each emergency air conditioning unit includes a prefilter, a high efficiency particulate air (HEPA) filter, an activated carbon adsorber section for removal of gaseous activity (principally iodines), and a fan. A second bank of HEPA filters follows the adsorb er section to collect carbon fines. Each emergency ventilation air supply unit includes prefilter, HEPA filter, carbon adsorber and fan. Ductwork, motor-operated dampers, doors, barriers, and instrumentation also form part of the system.
Air and motor-operated dampers are provided for air volume control and system isolation purposes.
The CRE is the area within the confines of the CRE boundary that contains the spaces that control room occupants, inhabit to control the unit during normal and accident conditions.
This area encompasses the control room, and may encompass other non-critical areas to which frequent personnel access or continuous occupancy is not necessary in the event of an accident. The CRE is protected during normal operation, natural events, and accident conditions. The CRE boundary is the combination of walls, floor, roof, ducting, doors, penetrations and equipment that physically form the CRE.
The OPERABILITY of the CRE boundary must be maintained to ensure that the inleakage of unfiltered air into the CRE will not exceed the-inleakage assumed in the licensing basis analyses. of design basis accident (DBA) consequences to CRE occupants. The CRE and its boundary are defined in the Control Room Envelope Habitability Program.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-56 Amendment No. 116 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
BACKGROUND Upon receipt of the actuating signal, normal air supply to (continued) the CRE is isolated, and the stream of ventilation air is recirculated through the system's filter trains. The prefilters remove any large particles in the air to prevent excessive loading of the HEPA filters and charcoal adsorbers. Continuous operation of each train for at least 15 minutes per month verifies proper system operability.
There are two CREACUS operational modes. Emergency mode is an operational mode when the control room is isolated to protect operational personnel from radioactive exposure through the duration of any one of the postulated limiting faults discussed in Chapter 15 UFSAR (Ref. 2). Isolation mode is an operational mode when the CRE is isolated to protect operational personnel from toxic gasses and smoke.
Actuation of the CREACUS places the system into either of two separate statesrof operation, depending on the initiation signal. Actuation of the system to either the emergency mode or isolation mode of CREACUS operation closes the unfiltered-outside-air intake and unfiltered exhaust dampers, and aligns the system for recirculation of air within the CRE through the redundant trains of HEPA and charcoal filters.
The emergency mode also initiates pressurization of the CRE.
Outside air is added to the air being recirculated from the CRE. Pressurization of the CRE minimizes infiltration of unfiltered air through the CRE boundary from all the surrounding areas adjacent to the CRE boundary.
The CRE supply and the outside air supply of the normal control room HVAC are monitored by radiation and tox.ic-gas detectors respectively. One detector output above the setpoint will cause actuation of the emergency mode or isolation mode as required. The actions of the isolation
.mode are more restrictive, and will override the actions of the emergency mode of operation. However, toxic gas and radiation events are not considered to occur concurrently.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-57 Amendment No. 116 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
BACKGROUND Redundant recirculation trains provide the required (continued) filtration should.an excessive pressure drop develop across the other filter train. Normally-open isolation dampers are arranged in series pairs so that one damper's failure to shut will not result in a breach of isolation. The CREACUS is designed in accordance with Seismic Category I requirements.
The CREACUS is designed to maintain a habitable environment in the CRE for 30 days of continuous occupancy after a Design Basis Accident (DBA) without exceeding a 5-rem total effective dose equivalent (TEDE).
APPLICABLE The CREACUS components are arranged in redundant, safety SAFETY ANALYSES related ventilation trains. The location of components and ducting within the CRE ensures an adequate supply of filtered air to all areas requiring access.
The CREACUS provides airborne radiological protection for the CRE occupants, as demonstrated by the CRE occupant dose analyses for the most limiting design basis loss of coolant accident fission product release presented in the UFSAR, Chapter 15 (Ref. 2).
Dose calculations, as specified in Unit 2/3 UFSAR Chapter 15 (Reference 2), only take credit for the HEPA filters and charcoal adsorbers of the emergency recirculation air conditioning unit. The emergency ventilation supply unit is designed to contribute to the pressurization of the control room to minimize unfiltered inleakage as indicated in Unit 2/3 UFSAR.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-58 Amendment No. 116 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
APPLICABLE The CREACUS provides protection from smoke and hazardous SAFETY ANALYSES chemicals to the control room occupants. The analysis of (continued) hazardous chemical releases demonstrates that the toxicity limits are not exceeded in the CRE following a hazardous chemical release (Ref. 3). The evaluation of a smoke challenge demonstrates that it will not result in the inability of the CRE occupants to control the reactor either from the control room or from the remote shutdown panels (Ref. 4)
The worst case, single active failure of a component of the CREACUS, assuming a loss of offsite power, does not impair the ability of the system to perform its design -function.
The CREACUS satisfies Criterion 3 of the NRC Policy Statement.
LCO Two independent and redundant trains of the CREACUS are required to be OPERABLE to ensure that at least one is available if a single active failure disables the other train. Total system failure, such as from a loss of both ventilation trains or from an inoperable CRE boundary, could result in exceeding a dose of 5 rem TEDE in the event of a large radioactive release.
Each CREACUS train'is considered OPERABLE when the individual components necessary to limit CRE occupant exposure are OPERABLE. A CREACUS train is considered OPERABLE when the associated:
- a. Fan is OPERABLE;
- b. HEPA filters andcharcoal adsorber are not excessively restricting flow, and are capable of performing their filtration functions; and (continued)
SAN ONOFRE--UN-IT 3 B 3.7-59 Amendment No. 117 12/12/07
CREACUS B 3.7.11 BASES (continued)
LCO c. Ductwork, valves, and dampers are OPERABLE, and air (continued) circulation can be maintained. If an Emergency Isolation Damper is stuck open, the associated train of CREACMS may still be considered OPERABLE if the redundant damper in series with the inoperable damper is closed with power removed.
In order for the CREACUS trains to be considered OPERABLE, the CRE boundary must be maintained such that CRE occupant dose from a large radioactive release does not exceed the calculated dose in the licensing basis consequence analyses for DBAs, and that CRE occupants are protected from hazardous chemicals and smoke.
The LCO is modified by a Note allowing the CRE boundary. to be opened intermittently under administrative controls.
This Note only appli'es to openings in the CRE boundary that can be rapidly restored to the design condition, such as doors, hatches, floor plugs, and access panels. For entry and exit through doors the administrative control of the opening is performed by the person(s) entering or exiting the area. For other openings, these controls should be proceduralized and consist of stationing a dedicated individual at the opening who is in continuous communication with the operators in the CRE. This individual will have a method to rapidl'y close the opening and to restore the CRE boundary to a condition equivalent to the design condition when a need for CRE isolation is indicated.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-60 Amendment No. 116 12/12/07
CREACUS B 3.7.11 BASES (continued)
APPLICABILITY In MODES 1, '2,3, 4, 5, and 6 and during movement of irradiated fuel assemblies the CREACUS must be OPERABLE to ensure that the CRE will remain habitable during and following a DBA.
In MODES 5 and 6, the CREACUS is required to cope with the release from a rupture of a waste gas tank.
During movement of irradiated fuel assemblies, the CREACUS must be OPERABLE to cope with the release from a fuel handling accident involving handling irradiated fuel.
ACTIONS ACTION statements are modified by two NOTES. NOTE I says:
"The provisions of LCO 3.0.4 are not applicable when entering MODES 5, 6, or defueled configuration."
Specification 3.0.4 establishes that entry into an operational mode or other specified condition shall not be made unless the conditions of the LCO are met.
Applicability statement "During movement of irradiated fuel assemblies" ensures the OPERABILITY of both CREACUS trains prior to the start of movement of irradiated fuel assemblies.
NOTE 2 says: "Each Unit shall, enter applicable ACTIONS separately." CREACUS is a shared system between Unit 2 and Unit 3. LCO doesn't address the operational situation when the Units are in different operational MODES. Without this NOTE it may not be clear what ACTIONS should be taken.
(continued)
SAN ONOFft--UNIT 3 B 3 .7-61 Amendment No. 117 12/12/07 1 1
CREACUS B 3.7.11 BASES (continued)
ACTIONS A.1 (continued)
With one CREACUS train inoperable, for reasons other than an inoperable CRE boundary, action must be taken to restore OPERABLE status within 14 days. The 14 day AOT is based on a probabilistic risk assessment that does not require administrative controls to be implemented when a CREACUS train is taken out of service. In this Condition, the remaining OPERABLE CREACUS train is adequate to perform the CRE occupant protection function.
However, the overall reliability is reduced because a failure in the OPERABLE CREACUS train could result in loss of CREACUS function. The 14 day Completion Time is based on the low probability of a DBA occurring during this time period, and the ability of the remaining train to provide the required capability.
B.1, B.2, and B.3 If the unfiltered inleakage of potentially contaminated air past the CRE boundary and into the CRE can result in CRE occupant radiological dose greater than the calculated dose of the licensing basis analyses of DBA consequences (allowed to be up to 5 rem TEDE), or inadequate protection of CRE occupants from hazardous chemicals or smoke, the CRE boundary is inoperable. Actions must be taken to restore an OPERABLE CRE boundary within 90 days.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-62 Amendment No. 117 12/12/07
CREACUS B 3.7.11 BASES (continued)
ACTIONS B.1, B.2, B.3 (continued)
During the period that the CRE boundary is considered inoperable, action must be initiated to implement mitigating actions to lessen the effect on CRE occupants from the potential hazards of a radiological or chemical event or a challenge from smoke. Actions must be taken within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to verify that in the, event of a DBA, the mitigating actions will ensure that CRE occupant radiological exposures will not exceed the calculated dose of the licensing basis analyses of DBA consequences, and the CRE occupants are protected from hazardous chemicals and smoke. These mitigating actions (i.e., actions that are taken to offset the consequences of the inoperable CRE boundary) should be preplanned for implementation upon entry into the condition, regardless of whether entry is intentional or unintentional..
The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is reasonable based on the low probability of a DBA occurring during this time period, and the use of mitigating actions. The 90 day Completion Time is reasonable based on the determination that the mitigating actions will ensure protection of CRE occupants within analyzed limits while limiting the probability that CRE occupants will have to implement protective measures that may adversely affect their ability to control the reactor and maintain it in a safe shutdown condition in the event of a DBA. In addition, the 90 day Completion Time is a reasonable time to diagnose, plan and possibly repair, and test most problems with the CRE boundary.
C.1 and C.2 In MODES 1, 2, 3, or 4, if the inoperable CREACUS or the CRE boundary cannot be restored to OPERABLE status within the required Completion Time, the unit must be placed in a MODE that minimizes the accident risk. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-63 Amendment No. 200 12/12/07 I
CREACUS B 3.7.11 BASES (continued)
ACTIONS D.1, D.2.1, and D.2.2 (continued)
In MODE 5 or 6, or during movement of irradiated fuel assemblies, if Required Action A.2 cannot be completed within the required Completion Time, the OPERABLE CREACUS train must be immediately placed in the emergency mode of operation. This action ensures that the remaining train is OPERABLE, that no failures preventing automatic actuation will occur, and that any active failure will be readily detected.
An alternative to Required Action D.1 is to immediately suspend activities that could result in a release of radioactivity that might require isolation of the CRE. This places the unit in a condition that minimizes the accident risk. This does not preclude the movement of fuel assemblies to a safe position.
E.1 and E.2 When in MODES 5 or 6, or during movement of irradiated fuel assemblies with two trains inoperable or with one or more CREACUS trains inoperable due to an, inoperable CRE boundary, action must be taken immediately to suspend activities that could result in a release of radioactivity that might enter the CRE. This places the unit in a condition that minimizes the accident risk. This does not preclude the movement of fuel to a safe position.
F.1 If both CREACUS trains are inoperable in MODE 1, 2, 3, or 4 for reasons other than an inoperable CRE boundary (i.e.,
Condition B), the CREACUS may not be capable of performing the intended function and the unit is in a condition outside the accident analyses. Therefore, LCO 3.0.3 must be entered immediately.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-64 Amendment No. 200 12/12/07
CREACUS B 3.7.11 BASES (continued)
SURVEILLANCE SR 3.7.11.1 REQUIREMENTS Standby systems should be checked periodically to ensure that they function properly. Since the environment and normal operating conditions on this system are not severe, testing each train once every month provides an adequate check on this system.
Cumulative operation of the system for at least 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> over a 31 day period is sufficient to reduce the buildup of moisture on the adsorbers and HEPA filtes. The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> time frame is based on a conservative engineering evaluation which calculated the time required to evaporate the moisture contained in the air trapped inside the CREACUS duct upstream of charcoal beds. The 31 day Frequency is based on the known reliability of the equipment, and the two train redundancy available.
SR 3.7.11.2 This SR verifies that the required CREACUS testing is performed in accordance with the Ventilation Filter Testing Program (VFTP). The CREACUS filter tests are based on Regulatory Guide 1.52 (Ref. 5). The VFTP includes testing HEPA filter performance, charcoal adsorber efficiency, minimum system flow rate, and the physical properties of the activated charcoal (general use and following specific operations). Specific test Frequencies and additional information are discussed in detail in the VFTP.
The filtration efficiency only apply to the emergency recirculation air conditioning units E418 and E419.
Therefore, testing for filtration efficiency is not required for the emergency ventilation supply units A206 and A207.
However, the specified air flow from the emergency ventilation units isrequired during the filtration efficiency testing of the emergency recirculation air conditioning units. Also, the air flow requirements which are specified in the VFTP apply to the emergency ventil.ation and emergency air conditioning units.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-65 Amendment No. 200 12/12/07
CREACUS B 3.7.11 BASES (continued)
SURVEILLANCE SR 3.7.11.3 REQUIREMENTS (continued) This SR verifies that each CREACUS train starts and operates on an acutual or simulated actuation signa.l. The Frequency of 24 months is based on industry operating experience and is consistent with the typical refueling cycle.
SR 3.7.11.4 This SR verifies the OPERABILITY of the CRE boundary :by testing for unfiltered air inleakage past the CRE boundary and into the CRE. The details of the testing are specified in the Control Room Envelope Habitability Program.
The CRE is considered habitable when the radiological dose to CRE occupants calculated in the licensing basis analyses of DBA consequences is no more than 5 rem TEDE and the CRE occupants are protected from hazardous chemicals and smoke.
This SR verifies that the unfiltered air inleakage into the CRE is no greater than the flow rate assumed in the licensing basis analyses of DBA consequences. When unfiltered air inleakage is greater than the assumed flow rate, Condition B must be entered. Required Action B.3 allows time to restore the CRE boundary to OPERABLE status provided mitigating actions can ensure that the CRE remains within the licensing basis habitability limits for the occupants following an accident. Compensatory measures are discussed in Regulatory Guide 1.196, Section C.2.7.3, (Ref. 6) which endorses, with exceptions, NEI 99-03,, Section (continued)
SAN ONOFRE--UNIT 3 B 3.7-66 Amendment No. 200 12/12/07 1
CREACUS B 3.7.11 BASES (continued)
SURVEILLANCE SR 3.7.11.4 REQUIREMENTS (continued) 8.4 and Appendix F (Ref. 7). These compensatory measures may also be used as mitigating actions as required by Required Action B.2. Temporary analytical methods may also be used as compensatory measures to restore OPERABILITY (Ref. 8). Options for restoring the CRE boundary to OPERABLE status include changing the licensing basis DBA consequence analysis, repairing the CRE boundary, or a combination of these actions. Depending upon the nature of the problem and the corrective action, a full scope inleakage test may not be necessary to establish that the CRE boundary has. been restored to OPERABLE status.
REFERENCES 1. UFSAR, Section 9.4.
- 2. UFSAR, Chapter 15.
- 3. UFSAR, Section 6.4.
- 4. UFSAR, Section 9.5.
- 5. Regulatory Guide 1.52 (Rev. 2).
- 7. NEI 99-03, "Control Room Habitability Assessment,"
June 2001.
- 8. Letter from Eric J. Leeds (NRC) to James W. Davis (NEI) dated January 30, 2004, "NEI Draft White Paper, Use of Generic Letter 91-18 Process and Alternative Source Terms in the Context of Control Room Habitability." (ADAMS Accession No. ML040300694)
(continued)
SAN ONOFRE--UNIT 3 B 3 .7-67 Amendment No. 200 12/12/07 1
Fuel Storage Pool Boron Concentration B 3.7.17 B 3.7 PLANT SYSTEMS B 3.7.17 Fuel Storage Pool Boron Concentration BASES BACKGROUND As described in LCO 3.7.18, "Spent Fuel Assembly Storage,"
fuel assemblies are stored in the spent fuel racks in accordance with criteria based on initial enrichment, discharge burnup, and cooling t-ime (plutonium decay).
Although the water in the spent fuel pool is normally borated to Ž 2000 ppm, the criteria that limit the storage of a fuel assembly to specific rack locations is conservatively developed without taking credit for boron while maintaining Keff < 1.0. Credit for boron is taken to maintain Keff
- 0.95.
APPLICABLE Soluble boron in the spent fuel pool is credited in SAFETY ANALYSES criticality analyses for normal and accident conditions.
The relevant accidents are 1) Fuel Assembly Dropped Horizontally On Top of the Racks, 2) Fuel Assembly Dropped Vertically Into a Storage Location Already Containing a Fuel Assembly, 3) Fuel Assembly Dropped to the SFP Floor, and 4)
Fuel Misloading in either Region I or Region I1. The limiting accident is Fuel Misloading in either Region I or Region II.
A fuel assembly could be inadvertently loaded into a spent fuel rack location not allowed by LCO 3.7.18 (e.g., an un-irradiated fuel assembly or an insufficiently depleted fuel assembly). This accident is analyzed assuming the misloading of one fresh assembly with the maximum permissible enrichment. However, the negative reactivity effect of the soluble boron compensates for the increased reactivity caused by the postulated accident scenario.
Under normal, non-accident conditions, the soluble boron needed to maintain Keff less than or equal to 0.95, including uncertainties, is 970 ppm. Under accident conditions, the soluble boron needed to maintain Keff less. than or equal to 0.95, including uncertainties, is 1700 ppm. A SFP boron dilution analysis shows that dilution from 2000 ppm to below 1700 is not credible. Therefore, the minimum required soluble boron concentration is 2000 ppm.
The concentration of dissolved boron in the fuel pool satisfies Criterion 2 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-71 Amendment No. 116 03/05/08 1
Fuel Storage Pool Boron Concentration B 3.7.17 BASES (continued)
LCO The specified concentration of 2000 ppm dissolved boron in the fuel pool preserves the assumptions used in the analyses descr-ibed above. This concentration of dissolved boron is the minimum required concentration for fuel assembly storage and movement within the spent fuel pool.
APPLICABILITY This LCO applies whenever fuel assemblies are stored in the spent fuel pool.
ACTIONS A.1 and A.2 The Required Actions are modified by a Note indicating that LCO 3.0.3 does not apply.
When the concentration of boron in the spent fuel pool is less than required 2000 ppm, immediate action must be taken to preclude an accident from happening or to mitigate the consequences of an accident in progress. This is most efficiently achieved by immediately suspending the movement of fuel assemblies. This does not preclude the movement of fuel assemblies to a safe position. In addition, action must be immediately initiated to restore boron concentration to the required 2000 ppm.
If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify any action. If moving irradiated fuel assemblies while in MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operation.
Therefore, inability to suspend movement of fuel assemblies is not sufficient reason to require a reactor shutdown.
(continued)
SAN ONOFRI--UNIT 3 B 3.7-72 Amendment No. 116 03/05/08 1
Fuel Storage Pool Boron Concentration B 3.7.17 BASES (continued)
SURVEILLANCE SR 3.7.17.1 REQUIREMENTS This SR verifies that the concentration of boron in the spent fuel pool is within the required limit. As long as this SR is met, the analyzed incidents are fully addressed.
The 7 day Frequency is appropriate because no major replenishment of pool water is expected to take place over a short period of time.
REFERENCES 1. UFSAR, Section 9.1.
SAN ONOFRE--UNIT 3 B 3.7-73 Amendment No. 116 03/05/08 1
Spent Fuel Assembly Storage B 3.7.18 B 3.7 PLANT SYSTEMS B 3.7.18 Spent Fuel Assembly Storage BASES BACKGROUND The spent fuel storage facility is designed to store either new (nonirradiated) nuclear fuel assemblies, or burned (irradiated) fuel assemblies in a vertical configuration underwater. The storage pool is sized to store 1542 fuel assemblies. Two types/sizes of spent fuel storage racks are used (Region I and Region II). The two Region I racks each contain 156 storage locations each spaced 10.40 inches on center in a 12x13 array. Four Region II storage racks each contain 210 storage locations in a 14x15 array. The remaining two Region II racks each contain 195 locations in a 13x15 array. All Region 1I locations are spaced 8.85 inches on center.
To maintain Keff
- 0.95 for spent fuel of maximum enrichment up to 4.8 w/o, (1) soluble boron is credited, and (2) the following storage patterns and borated stainless steel guide tube inserts are used as needed:
(1) unrestricted storage, minimum discharge burnup and cooling time requirements vs. initial enrichment, (2) SFP Peripheral storage, minimum discharge burnup and cooling time requirements vs. initial enrichment, (3) 2x2 storage patterns, minimum discharge burnup and cooling time requirements vs. initial enrichment, (4) 3x3 storage patterns, minimum discharge burnup and cooling time requirements vs. initial enrichment, (5) credit for inserted Control Element Assemblies (CEAs),
(6) credit for erbia in fresh assemblies, (7) credit for cooling time (Pu-241 decay), and, (8) credit for borated stainless steel guide tube inserts.
(continued)
SAN ONOFRE--UNIT 3 B 3.7-74 Amendment No. 116 03/05/08
Spent Fuel Assembly Storage B 3.7.18 BASES (continued)
BACKGROUND When soluble boron is credited, Lhe following acceptance (continued) criteria apply:
(1) Under normal conditions, the 95/95 neutron multiplication factor (Keff), including all uncertainties, shall be less than 1.0 when flooded with unborated water, and, (2) Under normal and accident conditions, the 95/95 neutron multiplication factor (Keff), including all uncertainties, shall be less than or equal to 0.95 when flooded with borated water.
APPLICABLE The spent fuel storage facility is designed for SAFETY ANALYSES noncriticality by use of adequate spacing, neutron absorbing stainless steel cans, borated water with a minimum soluble boron concentration of 970 ppm; and storage of fuel assemblies in accordance with the administrative controls in LCO 3.7.18 and LCS 4.0.100, "Fuel Storage Patterns".
The spent fuel assembly storage satisfies Criterion 2 of 'the NRC Policy Statement.
LCO The restrictions on the placement of fuel assemblies within the spent fuel pool, in the accompanying LCO, ensure, that the Keff of the spent fuel pool will always remain < 1.00 under normal, non-accident conditions assuming the pool to be flooded with unborated water. The Keff of the spent fuel pool will always remain < 0.95 under normal, non-accident conditions assuming the pool to be flooded with borated water with. a minimum soluble boron concentration of 970 ppm.
The Keff of the spent fuel pool will always remain
- 0.95 under accident conditions assuming the pool to be flooded with borated water with a minimum soluble boron concentration of 1700 ppm. The restrictions are consistent with the criticality safety analysis performed for the spent fuel pool.
(continued)
SAN ONOFRF--UNIT 3 B 3.7-75 Amendment No. 116 03/05/08
Spent Fuel Assembly Storage B 3.7.18 BASES (continued)
APPLICABILITY This LCO applies whenever any fuel assembly is stored in Regions I and II of the spent fuel pool.
ACTIONS A.1 Required Action A.1 is modified by a Note indicating that LCO 3.0.3 does not apply.
When the configuration of fuel assemblies stored in Regions I and II of the spent fuel pool is not in accordance with LCO 3.7.18, immediate action must be taken to make the necessary fuel assembly movement(s) to bring the configuration into compliance.
If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify any action. If moving irradiated fuel assemblies while in MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operation.
Therefore, in either case, inability to move fuel assemblies is not sufficient reason to require a reactor shutdown.
SURVEILLANCE SR 3.7.18.1 REQUIREMENTS This SR verifies by administrative means that the fuel assembly is stored in accordance with LCO 3.7.18, or Design Features 4.3.1.1, or LCS 4.0.100. For fuel assemblies not stored in accordance with LCO 3.7.18, performance of this SR will ensure compliance with Specification 4.3.1.1.
This surveillance is performed prior to the initial storage of a fuel assembly in a spent fuel pool location and prior to each subsequent movement to a new location.
REFERENCES UFSAR, Section 9.1.2.2.
SAN ONOFRF--IJNTT 3 R 3.7-75a Amendment No. 116 03/05/08
AC Sources -Operating B 3.8.1 BASES (continued)
LCO sequence intervals, and continue to operate until offsite (continued) power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as: DG in standby with the engine hot, DG in standby with the engine at ambient conditions, and DG operating in a parallel test mode. A DG is considered already operating if the DG voltage is a 4161 and
- 4576 volts and the frequency is ; 59.7 and
- 6.1.2 Hz.
Proper sequencing of loads, including tripping of nonessential loads on a SIAS, is a required function for DG OPERABILITY.
The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.
For the offsite AC sources, separation and independence are to the extent practical. A circuit may be connected to more than one ESF bus, with transfer capability to the other circuit, and not violate separation criteria.
APPLICABILITY The AC sources and associated automatic load sequence timers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AO0s or abnormal transients; and
- b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
The AC power requirements for MODES 5 and 6 are covered in LCO 3.8.2, "AC Sources-Shutdown."
ACTIONS A.__
To ensure a highly reliable power source remains with the one offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit on (continued)
SAN ONOFRE--UNIT 3 B 3.8-5 Amendment 116 04/28/08 1
AC Sources - Operating B 3.8.1 BASES (continued)
ACTIONS B.3.1 and B.3.2 (continued)
In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the plant corrective action program will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> constraint imposed while in Condition B.
According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is reasonable to confirm that the OPERABLE DG is not affected by the same problem as the inoperable DG.
B.4 An augmented analysis using the methodology set forth in Reference 16 provides a series of deterministic and probabilistic justifications and supports continued operations in Condition B for a period that should not exceed 14 days.
In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become. inoperable, the DG. restored OPERABLE, and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (for a total of 20 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit-is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.
As in Required Action B.2, the Completion Time allowsifor an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the (continued)
SAN ONOFRE--UNIT 3 B 3.8-9 Amendment 116 11/29/07
AC Sources - Operating B 3.8.1 BASES (continued)
SURVEILLANCE Where the SRs discussed herein specify voltage and frequency REQUIREMENTS tolerances, the following is applicable. The minimum steady (continued) state output voltage of 4297 V is above the maximum reset voltage of the 4.16 kV bus undervoltage relays (Ref. SR 3.3.7). Achieving a voltage at or above 4297 V ensures that the LOVS/SDVS/DGVSS relay logic will reset allowing sequencing of the ESF loads on to the ESF bus if one or more ESF actuation signals is present. This minimum voltage limit, which is consistent with ANSI C84.1-1982 (Ref. 11),
is above the allowed voltage drop to the terminals of 4160 V motors whose minimum steady state operating voltage is 3744 V (90% of 4160 V). This minimum voltage requirement also ensures that adequate voltage is provided to motors and other equipment down through the 120 V level. The specified maximum steady state output voltage of 4576 V ensures that, for a lightly loaded distribution system, the voltage at the terminals of 4160 V motors is no more than the maximum allowable steady state operating voltage (110% of 4160V).
The specified minimum and maximum frequencies of the DG are 59.7 Hz and 61.2 Hz, respectively. The upper frequency limit is equal to + 2% of the 60 Hz nominal frequency and is derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3). The lower frequency limit is equal to
- 0.5% of the 60 Hz nominal frequency and is based on maintaining acceptable high pressure safety injection system performance as assumed in the accident analyses.
During a DG surveillance test, steady state DG voltage of 4297 to 4576 volts and steady state frequency of 59.7 to 61.2 Hz shall be verified. For the lower voltage and frequency limits, the Total Loop Uncertainty (TLU) of the measurement device (Reference Calculation E4C-098) shall be considered.
SR 3.8.1.1 This SR assures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that availability of independent offsite circuits is maintained.
The 7 day Frequency is adequate since breaker position is not likely to change without the operator being aware of it and because its status is displayed in the control room.
The SR is modified by two NOTES to indicate that Bus 2A04 or Bus 2A06 is required when unit crosstie breaker 2A0417 or 2A0619, respectively, is used to provide a source of AC power.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-14 Amendment No. 116 03/13/09
AC Sources - Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.2 and SR 3.8.1.7 (continued)
REQUIREMENTS The normal 31 day Frequency for SR 3.8.1.2 (see Table 3.8.1 -i, "Diesel Generator Test Schedule," in the accompanying LCO) and the 184 day Frequency for SR 3.8.1,7 are consistent with Regulatory Guide 1.9 (Ref. 3). These frequencies provide adequate assurance of DG OPERABILITY, while minimizing degradation resulting from testing.
Note 4 - This note discusses operability of the diesel generator subcomponent Automatic Voltage Regulator (AVR).
The AVR is an integral part of the DG, however, each DG has 2 AVRS that are 100% redundant to each other. Only one AVR may be inservice at any one time. To ensure operability of each AVR, the AVRs must have been in service during the performance of SR 3.8.1.2 and SR 3.8.1.3 within *the last 60 days plus any allowance per SR 3.0.2. SR 3.8.1.2 is modified by NOTE 1 to indicate that SR 3.8.1.7 satisfies all of the for AVR requirements of SR 3.8.1.2. This note is applicable operability. Also, each AVR must have been in service for either SR 3.8.1.9, SR 3.8.1.10, or SR 3.8.1.19 within the last 24 months plus any allowance per SR 3.0.2.
During the 24 month test dynamic performance of the AVR is measured to confirm it is acceptable for all required AVR transients. Based on the design of the AVR, its intended function and the maintenance history, the above specified surveillance schedule will assure the AVRs are capable of performing their intended function.
SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to the equivalent of the maximum expected accident loads listed in Reference 2.
This capability is verified by performing a load test equivalent to 90% to 100% of the continuous duty rating of the DG, for an interval of not less than 60 minutes, consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.
Although no power factor requirements are established by this SR, the surveillance is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e.., without creating an overvoltage condition on the ES F buses, over excitation condition on the ESF buses, over excitation condition in the enerator, or overloading the DG main feeder). The kVAR oading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:
(continued)
SAN ONOFRE--UNIT 3 -B 3.8-16 Amendment 116 04/28/08
AC Sources -Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.3 (continued)
REQUIREMENTS
- a. kVAR is Ž 3000 and
- 3200 or bl. the excitation current for GO02 is 2 3.8 A and
- 4.0 A b2. the excitation current for G003 is ý 5.1 A and
- 5.5 A or
- c. the ESF bus voltage is Ž 4530 V and
- 4550 V or \
- d. DG feeder current is Ž 730 A and
- 750 A This method of establishing kVAR loading ensures that, in addition to verifying the load carrying capability (kL) of the diesel engine, the reactive power (kVAR) and voltage regulation capability of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).
The normal 31 day Frequency for this Surveillance (Table 3.8.1-1) is consistent with Regulatory Guide 1.9 (Ref. 3).
This SR is modified by five Notes. Note I indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized. Note 2 states that momentary DG load transients do not invalidate this test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that.might result from offsite circuit or grid perturbations. Note 4 stipulates that a successful DG start must. precede this test to credit satisfactory performance. Note 5 - This note discusses operability of the diesel generator subcomponent Automati'c Voltage Regulator (AVR). The AVR is an integral part of the DG, however, each DG has 2 AVRS that are 100% redundant to each other. Only one AVR may be inservice at any one time.
To ensure operability of each AVR, the AVRs must have been in service during the erformance of SR 3.8.1.2 and SR 3.8.1.3 within the last 60 days plus any allowance per SR 3.0.2. SR 3.8.1.2 is modified by NOTE I to indicate that SR 3.8.1.7 satisfies all of the requirements of SR 3.8.1.2.
This note is applicable for AVR operability. Also,, each AVR must have been in service for either SR 3.8.1.9, SR 3.8.1.10, or SR 3.8.1.19 within the last 24 months plus any allowance per SR 3.0.2. During the 24 month test dynamic performance of the.AVR is measured to confirm it is acceptable for all required AVR transients. Based on the design of the AVR, its intended function and the maintenance history, the above specified surveillance schedule will assure the AVRs are capable of performing their intended function.
SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is at or above the level selected to ensure adequate fuel oil for a minimum of 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> of DG operation at (continued)
SAN ONOFRE--UNIT 3 B 3.8-17 Amendment 116 8/30/08
AC Sources-Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.4 (continued)
REQUIREMENTS full load plus 10%. The level is expressed as an equivalent volume in inches. The 31.5 inch level includes instrument uncertainties and corresponds to the minimum requirement of 389 gallons of fuel oil.
The 31 day Frequency is adequate to assure that a sufficient supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.
SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation. There are numerous microorganisms that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks once every 31 days eliminates the necessary environment for microbial survival in the day tanks. This is the most effective means of controlling.
microbiological fouling. In addition, it eliminates the potential for water entrainment in the fuel oil during DG operation'. Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and from breakdown of the fuel oil by microorganisms. Frequent checking for and removal of ,
accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system.
The Surveillance Frequencies are established by Regulatory Guide 1.137 (Ref. 10). This SR is for preventive maintenance. The presence of water does not necessarily represent failure of this SR provided the accumulated water is removed during the performance of this Surveillance.
SR 3.8.1.6 This Surveillance demonstrates that for each OPERABLE DG at least one fuel oil transfer pump operates and transfers fuel oil from its associated storage tank to its associated day tank. This is required to support continuous operation of the standby power source. This Surveillance provides assurance that at least one fuel oil transfer pump is OPERABLE, the fuel oil piping system is intact, the fuel delivery piping is not obstructed,.and the controls and control systems for the fuel transfer system are OPERABLE.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-18 Amendment 203 04/05/07
AC Sources -Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.8 (continued)
REQUIREMENTS The 24 month Frequency of the Surveilla~nce is based on engineering judgment, taking into conside~ration the unit' conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.
Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency.
Therefore, the Frequency was concluded to be acceptable from a reliability standpoint.
This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.
SR 3.8.1.9 Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single post-accident load without exceeding predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the largest single post-accident load for-each DG is the Auxiliary Feedwater pump which has a name plate rating of 800 HP. As required by IEEE-308 (Ref. 13), the load rejection test is acceptable if the increase in diesel speed does not exceed 75% of the difference between synchronous speed and the overspeed trip setpoint, or 15% above synchronous speed, whichever is lower.
The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequencing and load rejection. The 4 seconds specified is equal to 80% of the 5 second load sequence interval associated with sequencing of the largest load. Since SONGS specific analyses demonstrate the acceptability of overlapping load groups (i.e., adjacent load groups that start at the, same time due to load sequence timer tolerance), the use of 80% of load sequence interval for voltage recovery is consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The voltage and frequency specified are consistent with the design range of the equipment powered by the DG.
SR 3.8.1.9.a corresponds to the maximum frequency excursion, (continued)
SAN ONOFRE--UNIT 3 B 3.8-20 Amendment 116 11/29/07
AC Sources-Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.10 (continued)
REQUIREMENTS The DG full load rejection may occur because of a system fault, inadvertent breaker tripping or a SIAS received during surveillance testing. This Surveillance ensures proper engine and generator load response under the simulated test conditions. This test simulates the loss of the total connected load that the DG experiences following a full .load rejection and verifies that the DG will not trip upon loss of the load. The voltage transient limit of 5450 V is 125% of rated voltage (4360 V). These acceptance criteria provide DG damage protection. While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG is not degraded for future application (e.g., reconnection to the bus if the trip initiator can be corrected or isolated). Thes'e loads and limits are consistent with Regulatory Guide 1.9 (Ref. 3).
The DG is tested under inductive.load conditions that are as close to design basis conditions as possible. Testing is performed with DG kVAR output that offsite power system.
conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:
- a. kVAR is Ž 3000 and < 3200 or bi. the excitation current for G002 is Ž 3.8 A and
- 4.0 A b2. the excitation current for G003 is Ž 5.1 A and
- 5.5 A or
- c. the ESF bus voltage is Ž 4530 V and
- 4550 V or
- d. DG feeder current is Ž 730 A and
- 750 A This method of establishing kVAR loading ensures that, in addition to verifying the full load rejection capability (kW) of the diesel engine, the reactive power rejection capability (kVAR) of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).
The 24 month Frequency is consistent with the recommendation of Regulatory Guide 1.9 (Ref. 3) and is intended to be consistent with expected fuel cycle lengths.
(continued)
B 3.8-22 Amendment 116 8/30/08 ONOFRE--UNIT 3 SAN ONOFRE--UNIT 3 B 3.8-22 Amendment 116 8/30/08
AC Sources -Operating B 3.8.1 BASES (continued)
SURVEILLANCE SR 3.8.1.14 (continued)
REQUIREMENTS The DG is tested under inductive load conditions that are as close to design conditions as possible. Testing is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading r~equirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:
- a. kVAR is Ž 3000 and
- 3200 or bi. the excitation current for G002 is Ž 3.8 A and
- 4.0 A b2. the excitation current for G003 is Ž 5.1 A and
- 5.5 A or
- c. the ESF bus voltage is Ž 4530 V and
- 4550 V or
- d. DG feeder current is Ž 730 A and
- 750 A This method of establishing kVAR loading ensures that, in addition to verifying the load carrying capability (kW) of the diesel engine, the reactive power (kVAR) and voltage regulation capability of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).
The kW load band in the SR is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.
The 24 month Frequency is consistent with the recommendations of Regulatory Guide 1.9, (Ref. 3), takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.
This Surveillance is modified by two Notes. Note I states that momentary DG load transients do not invalidate this test.
Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.
SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency within 9.4 seconds. The 9.4 second time is (continued)
SAN ONOFRE--UNIT 3 B 3.8-27 Amendment 116 8/30/08
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.3 Diesel Fuel Oil, Lube Oil, and Starting Air BASES BACKGROUND Each diesel generator (DG) is provided with a storage tank having a fuel oil capacity sufficient to operate that diesel for a period of 7 days, while the DG is supplying maximum post loss of coolant accident load demand as discussed in the UFSAR, Section 9.5.4.2 (Ref. 1). The maximum load demand is calculated assuming the maximum load demand is supplied by one DG. This onsite fuel oil capacity is sufficient to operate the DGs for longer than the time to replenish the onsite supply from outside sources.
Fuel oil is transferred from storage tank to day tank by either of two transfer pumps associated with each storage tank. Redundancy of pumps and piping precludes the failure of one pump, or the rupture of any pipe, valve, or tank to result in the loss of more than one DG. All outside tanks, pumps, and piping are located underground.
For proper operation of the standby DGs, it is necessary to ensure the proper quality of the fuel oil. San Onofre has a Diesel Fuel Oil (DFO) testing program which ensures proper fuel oil quality. The program includes purchasing, receipt testing of new fuel oil, and periodic analyses of the stored fuel. San Onofre is not committed to the fuel analysis portion of Regulatory Guide 1.137 (Ref. 2) or ANSI Ni95-1976 (Ref. 3); however, these standards were utilized as guidance in the development of the DFO testing program.
The D6 lubrication system is designed to provide sufficient lubrication to permit proper operation of its associated DG under all loading conditions. The system is required to circulate the lube oil to the diesel engine working surfaces and to remove excess heat generated by friction during operation. Each engine oil sump contains an inventory capable of supporting a minimum of 7 days of continuous operation. This supply is sufficient supply to allow the operator to replenish lube oil from outside sources.
(continued)
SAN.ONOFRE--UNIT 3 B 3.8-36 Amendment No. 203 04/05/07 1
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3 BAS ES (continued)
APPLICABILITY The AC sources (LCO 3.8.1 and LCO 3.8.2) are required to ensure the availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an AO0 or a postulated DBA. Since stored diesel fuel oil, lube oil, and starting air subsystems support LCO 3.8.1 and LCO 3.8.2, stored diesel fuel oil, lube oil and starting air are required to be within limits when the associated DG is required to be OPERABLE.
ACTIONS A. 1 In this Condition, the 7 day fuel oil supply (48,400 gallons) for a DG is not available. However, the Condition is restricted to fuel oil level reductions that maintain at least a 6 day supply (41,800 gallons). These circumstances may be caused by events such as full load operation required after an inadvertent start while at minimum required level; or feed and bleed operations, which may be necessitated by increasing particulate levels or any number of other oil quality degradations. This restriction allows sufficient time for obtaining the requisite replacement volume and performing the analyses required prior to addition of fuel oil to the tank. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required level prior to declaring the DG inoperable. This period is acceptable based on the remaining capacity (> 6 days), the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
B.i With lube oil inventory less than the TSmin marking in the dipstick, sufficient lubricating oil to support 7 days of continuous DG operation at full load conditions may not be available. However, the Condition is restricted to lube oil volume reductions that maintain at. least a 6 day supply (continued)
SAN ONOFRE--UNIT 3 B 3.8-38 Amendment No. 203 04/05/07
Diesel, Fuel Oil, Lube Oil, and Starting Air B 3.8.3 BASES (continued)
ACTIONS B.1 (continued) greater than or equal to the TSinop marking in the dipstick). This restriction allows sufficient time to obtain the requisite replacement volume. The TSmin mark corresponds to 369.4 gals for the 16 cylinder DG and 412.1 gals for the 20 cylinder DG. The TSinop mark corresponds to 347.5 gals for the 16 cylinder DG and 386.2 gals for the 20 cylinder DG. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required volume prior to declaring the DG inoperable. This period is acceptable based on the remaining capacity (> 6 days), the low rate of usage, the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
C.1 In this Condition the 7 day fuel oil supply (43,600 gallons) for a DG during Mode 5 or 6 is not available. However, the Condition is restricted to fuel oil level reductions that maintain at least a 6 day supply (37,400 gallons). These circumstances may be caused by events such as full load operations required after an inadvertent start while at minimum required level; or feed and bleed operations, which may be necessitated by increasing particulate levels or an),
number of other oil quality degradations. This restriction allows sufficient time for obtaining the requisite replacement volume and performing the analyses required prior to addition of fuel oil to the tank. A period of 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is considered sufficient to complete restoration of the required level prior to declaring the DG inoperable.
This period is acceptable based on the remaining capacity
(> 6 days), the fact that procedures will be initiated to obtain replenishment, and the low probability of an event during this brief period.
D.1 This Condition is entered as a result of a failure to meet the acceptance criterion of SR 3.8.3.3. Normally, trending of particulate levels allows sufficient time to correct high particulate levels prior to reaching 'the limit of (continued)
SAN ONOFRE--UNIT 3 B 3.8-39 Amendment No. 203 04/05/07 1
Diesel Fuel Oil, Lube Oil, and Starting Air B 3.8.3 BASES (continued)
ACTIONS F.3 (continued) are accomplished on the first attempt, and the low probability of an event during this brief period.
G.2 With a Required Action and associated Completion Time not met, or one or more DGs with- diesel fuel oil or lube oil not within limits for reasons other than addressed by Conditions A through F, the associated DG may be incapable of performing its intended function and must be immediately declared inoperable.
SURVEILLANCE SR 3.8.3.1 REQUIREMENTS This SR provides verification that there is an adequate inventory of fuel oil (2 48,400 gallons in Mode 1, 2, 3, or 4 and _>43,600 gallons in Mode 5 or 6) in the storage tanks to support each DG's operation for 7 days at full load. The 7 day period is sufficient time to place the unit in a safe shutdown condition and to bring in replenishment fuel from an offsite location.
The 31 day Frequency is adequate to ensure that a sufficient supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.
SR 3.8-3.2 This Surveillance ensures that sufficient lube oil inventory is available to support at least 7 days of full load operation for each DG. The TS min (412.1 gal for the 20 cylinder engine and 369.4 gal for the 16 cylinder engine) requirements are. based on the DG manufacturer consumption values for the run time of the DG.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-41 Amendment No. 203 04/05/07
DC Sources - Operating B 3.8.4 B 3.8 ELECTRICAL POWER SYSTEMS C
B 3.8.4 DC Sources--Operating BASES BACKGROUND The station DC electrical power system provides the AC emergency power system with control power. It also provides both motive and control power to selected safety related equipment and preferred AC vital bus power (via inverters).
As required by 10 CFR 50, Appendix A, GDC 17 (Ref.1), the DC electrical power system is designed to have sufficient independence, redundancy, and testability to perform its safety functions, assuming a single failure. The DC electrical power system also conforms to the recommendations of Regulatory Guide 1.6 (Ref. 2) and IEEE-308 (Ref. 3).
The 125 VDC electrical power system consists of two independent and redundant safety related Class 1E DC electrical power systems (Train A and Train B). Each train consists of two subsystems each containing a DC bus, one 125 VDC battery, the required battery charger for each battery, and all the associated control equipment and interconnecting cabling.
During normal operation, the 125 VDC load is powered from the required battery charger with the batteries floating on the system. In case of loss of normal power to the required battery charger, the DC load is automatically powered from the station batteries.
The Train A and Train B DC electrical power systems provide control power for their associated Class IE AC power load group, 4.16.kV switchgear, and 480 V load centers. The DC electrical power subsystems also provide DC electrical power to other loads including inverters which in turn power the AC vital buses.
Train A DC systems (Subsystems A and C) provide power to the Channel A and C inverters feeding the 120 VAC vital bus I and 3 electrical power distribution subsystems (Channel A and C). Train B DC system (Subsystems B and D) provide power to the Channel B and 0 inverters feeding the 120 VAC vital bus 2 and 4 electrical power distribution subsystems (Channel B and D). DC subsystem C also provides DC power to the Auxiliary Feedwater Pump (AFWP) P 140 steam inlet valve HV-4716 and the AFWP electric governor.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-46 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND Train A DC systems are capable of providing DC power to both (continued) Channel A and Channel C loads when DC subsystems A and C are manually cross-connected. This allows both DC buses to remain operable during battery replacement, testing, or maintenance of any one DC battery. A dedicated battery charger(s) can be replaced, tested or maintained when the swing charger is OPERABLE.
Train B DC systems are capable of providing DC power to both Channel B and Channel D loads when DC subsystem B and D are manually cross-connected. This allows both DC buses to remain operable during battery replacement, testing, or ma'intenance of any one DC battery. A dedicated battery charger(s) can be replaced, tested or maintained when the swing charger is OPERABLE.
Swing Train Subsystem DC Bus Battery Charger Charger A DI B007 BOO1 A BB021 C D3 B009 B003 B D2 B008 B002 B B022 D D4 B010 B004 During cross-connecting of subsystem buses A and C or B and D, two batteries will be paralleled for a short duration.
An electrical fault during that duration could exceed the interrupting duties of the protective devices. This is an accepted practice during transfer of power sources and is considered to be an acceptable minimal risk. Once the cross-tie alignment is complete, only one battery is aligned to cross-connected buses DI and D3 or D2 and D4.
An OPERABLE Class 1E battery bank BOOX may replace B007, B008, BOO9 or B010 battery to allow battery maintenance (including replacement) activities.
The DC power distribution system is described in more detail in the Bases for LCO 3.8.9, "Distribution Systems -
Operating," and for LCO 3.8.10, "Distribution Systems -
Shutdown."
Each 125 VDC battery is separately housed in a ventilated room apart from its charger and distribution buses. Each subsystem is located in an area separated physically and electrically from the other subsystems to ensure that a (Continued)
SAN ONOFRE--UNIT 3 B 3.8-47 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND single failure in one subsystem does not cause a failure in (continued) a redundant subsystem. There is no sharing of equipment between redundant Class 1E subsystems, such as batteries, battery chargers, or distribution panels. Subsystems A and C or B and D share an 1800 amp-hour rated battery and battery charger(s) when cross-tied.
Each battery has adequate storage capacity to meet the duty cycle(s) discussed in the UFSAR, Chapter 8 (Ref. 6). The battery is designed with additional capacity above that required by the design duty cycle to allow for temperature variations and other factors.
The batteries for Train A and Train B DC electrical power subsystems are sized to produce the required capacity at 80%
of nameplate rating, corresponding to the warranted capacity at end of life cycles and the 100% design demand. The minimum design voltage limit at the supplied load (inverter) is 105.414 V (Ref. 12).
The battery cells are of flooded lead acid construction with a nominal specific gravity of 1.215. This specific gravity corresponds to an open circuit battery voltage of approximately 120 V for a 58-cell battery (i.e., cell voltage of 2.065 volts per cell (Vpc)). The open circuit voltage is the voltage maintained by a fully charged cell when there is no charging or discharging. Once fully charged with its open circuit voltage Ž 2.065 Vpc, the battery cell will maintain its capacity for 30 days without further charging per manufacturer's instructions. All cells begin to self-discharge when left on open circuit, but cells can be left open circuit for some period of time (> 30 days, refer to the manufacturer's instruction for the maximum storage periods) without any long-term performance degradation. Optimal long-term performance however, is obtained by maintaining a float voltage of 2.20 to 2.28 Vpc.
This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge. The nominal float voltage of 2.267 Vpc corresponds to a total float voltage of 131.5 V for a 58-cell battery.
Each Train A and Train B DC electrical power subsystem battery charger has ample power output capacity for the steady state operation of connected loads required during normal operation, while at the same time maintaining its battery bank fully charged. Each battery charger also has sufficient excess capacity to restore the battery from the design minimum charge to its fully charged state within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> while supplying normal steady state loads discussed in the UFSAR, Chapter 8 (Ref. 6).
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-48 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND Each subsystem has a dedicated battery charger that is rated (continued) at 300 Amps. Each Train has a 400 Amp rated swing battery charger that meets all the performance requirements of the dedicated charger and can be manually aligned to either subsystem. The swing charger breakers and interconnecting cables allow alignment to either subsystem within a train.
Key. interlocks limit swing charger alignment to one subsystem at a time. The Train B swing charger can also be aligned to non-iE 125 VDC Battery Bus D5. Electrical isolation and independence between subsystems required by R.G. 1.75 is maintained by the isolation capability of the battery charger itself and the key interlocked output circuit breakers. If the swing battery charger is substituted for one of the dedicated battery chargers, the requirements of independence and redundancy between subsystems are maintained.
The swing battery charger and the dedicated battery charger are equally qualified. When required, the swing battery charger can replace the dedicated battery charger using the provided circuit breakers. The swing battery charger can stay in service indefinitely, and there are no restrictions on swing battery charger use. The swing and dedicated battery chargers are designed to operate in parallel in any combination. The swing battery charger is powered from its respective Train's common MCC which is diesel generator backed as required by TS 3.8.1, "AC Sources - Operating," or TS 3.8.2, "AC Sources - Shutdown."
With same train DC buses cross-connected, an OPERABLE charger or chargers with a combined rated capacity greater than or equal to 400 Amps is required.
A "required battery charger" is one of the following:
" the "dedicated charger" aligned to its respective DC bus
" the "swing battery charger" aligned to the respective DC bus
.. two "dedicated chargers" aligned to cross-tied DC buses, or
- the "swing battery charger" aligned to cross-tied DC buses.
Note: It is acceptable to have the swing charger and one dedicated charger aligned to cross-connected buses.
The battery charger is normally in the float-charge mode.
Float-charge is the condition in which the charger is supplying the connected' loads and the battery cells are receiving adequate current to optimally charge the battery.
This assures the internal losses of a battery are overcome and the battery is maintained in a fully charged state.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-49 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES BACKGROUND When desired, the charger can be placed in the equalize (continued) mode. The equalize mode is at a higher voltage than the float mode and charging current is correspondingly higher.
The battery charger is operated in the equalize mode after a battery discharge or for routine maintenance. Following a battery discharge, the battery recharge characteristic accepts current at the current limit of the battery charger (if the discharge was significant, e.g.., following a battery performance or service test) until the battery terminal voltage approaches the charger voltage setpoint. Charging current then reduces exponentially during the remainder of the recharge cycle. Lead-acid batteries have recharge efficiencies of greater than 95%, so once at least 105% of the ampere-hours discharged have been returned, the battery capacity would be restored to the same condition as it was prior to the discharge. This can be monitored by direct observation of the exponentially decaying charging current or by evaluating the amp-hours discharged from the battery and amp-hours returned to the battery.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 7) and Chapter 15 (Ref. 8), assume that Engineered Safety Feature (ESF) systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
The OPERABILITY of the DC sources is consistent with the initial assumptions of the accident analyses and is based upon meeting the design basis of the unit. This includes maintaining the DC sources OPERABLE during accident conditions in the event of:
- b. A worst case single failure.
The DC sources satisfy Criterion 3 of the NRC Policy Statement.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-50 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES (continued)
LCO Each DC electrical power subsystem, consisting of one battery (unless cross-connected), the required battery charger, and the corresponding control equipment and interconnecting cabling supplying power to the associated bus, is required to be OPERABLE to support distribution systems required OPERABLE by LCO 3.8.9, "Distribution Systems - Operating." This ensures the availability of the required power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AO0) or a postulated DBA. Loss of any DC electrical power subsystem does not prevent the minimum safety function from being performed consistent with UFSAR Chapter 8 (Ref. 6).
During the cross-connection period of 4 days (14 days for battery replacement), an OPERABLE DC electrical power subsystem requires one 1800 amp-hour rated battery and the required battery charger(s) to be operating and connected to subsystem DC buses A and C or B and D.
APPLICABILITY The DC electrical power sources are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure safe unit operation and to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AO0s or abnormal transients; and
- b. Adequate core cooling is provided, and containment integrity and other vital functions are maintained in the event of a postulated DBA.
The DC electrical power requirements for MODES 5 and 6 are addressed in the Bases for LCO 3.8.5, "DC Sources Shutdown."
ACTIONS Conditions A and B represent one train with one or two required battery chargers or associated control equipment or cabling inoperable (e.g., the battery voltage limit of SR 3.8.4.1 is not maintained). The ACTIONS provide a tiered response that focuses on returning the battery to the fully charged state and restoring the required charger(s) to OPERABLE status in a reasonable time period.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-51 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS A.1, A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2)
(continued)
Condition A is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
Required Action A.1 requires that the battery terminal voltage be restored to greater than or equal to the minimum established float voltage (> 129.0 V) within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This time provides for returning the inoperable charger to OPERABLE status or providing an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage. Restoring the battery terminal voltage to greater than or equal to the minimum established float voltage provides adequate assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored to its fully charged condition (Required Action A.2) from any discharge that might have occurred due to the charger inoperability.
A discharged battery having a terminal voltage of at least the minimum established float voltage indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus, there is adequate assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding a premature shutdown with its own attendant risk.
If established battery terminal float voltage cannot-be restored to greater than or equal to the minimum established float voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, and the charger is not operating in the current-limiting mode, a faulty charger is indicated. A faulty charger that is incapable of maintaining established battery terminal float voltage does not provide assurance that it can revert to and operate properly in the current limit mode that is necessary during the recovery period following a battery discharge event that the DC system is designed for.
The charger operating in the current limit mode in excess of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is an indication that the battery is partially discharged and its capacity margins will be reduced. The time to return the battery to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of
- the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action A.2).
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-52 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS A.I. A.2. and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued)
Required Action A.2 requires that the battery float current be verified to be less than or equal to 1.50 amps. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 1.50 amps the battery is at least 98% charged. A 29 capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 12) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 1.50 amps this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 13). The multimeter must be capable of measuring the low magnitude of DC current (less than 1.50 amps) and filtering the induced AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action A.3 (A.3.1 or A.3.2.1 and A.3.2.2) is applicable if an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage has been used (e.g., balance of plant non-Class 1E spare battery charger).
Required Action A.3.1 limits the restoration time for the required battery charger to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> if a non-iE charger with a non-IE power source is used. The restoration time for the required battery charger can be extended to 7 days (Required Action A.3.2.2) if the ability to power the spare battery charger from a diesel-backed source has been established within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (Required Action A.3.2.1). All preparations to accomplish the ability to power the spare battery charger must be complete within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The purpose of this provision is to facilitate connection of the spare battery charger to a diesel-backed source in < 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> if non-iE power is lost. The 4-hour charger connection time is required because 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after the loss of non-lE power, the battery may not supply the minimum required voltage at the loads. The 7 day completion time reflects a reasonable time to effect restoration of the required battery charger to operable status.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-53 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS B.I. B.2, and B.3 (B.3.1 or B.3.2.1 and B.3.2.2)
(continued)
Condition B is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
Required Action B.1 basis is the same as A.1.
Required Action B.2 requires that the battery float current be verified to be less than or equal to 0.75 amp. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 0.75 amp the battery is at least 98% charged. A 25 capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 12) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 0.75 amp this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current. The multimeter must be capable of measuring the low magnitude of DC current (less than 0.75 amp) and filtering the induced AC noise from the connected inverter.
A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action B.3 (B.3.1 or B.3.2.1 and B.3.2.2) basis is the same as A.3 (A.3.1 or A.3.2.1 and A.3.2.2).
C.1 With the required DC electrical power subsystem battery.
charger or associated control equipment or cabling outside the allowances of the Required Actions for Condition A or B, sufficient capacity to supply the maximum expected load requirement is not assured and the associated DC battery must be declared inoperable immediately.
(Continued)
SAN ONOFRE--UNIT 3 B 3.8-54 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS D.1 and D.2 (continued)
Condition D represents one train'with one or two DC electrical power subsystems inoperable for reasons other than Condition A or B including when a battery is inoperable (Condition C). With a battery inoperable, the associated DC bus is being supplied by the required battery charger. Any event that results in a loss of the AC bus supporting the battery charger will eventually result in loss of DC to that subsystem. Recovery of the AC bus, especially if it is due to a loss of offsite power, will be hampered by the fact that many of the components necessary for the recovery (e.g., diesel generator control and field flash, AC load shed and diesel generator output circuit breaker, etc.) rely upon the operability of the battery(ies). In addition, DC loads with energization transients that are beyond the capability of the battery charger and normally require the assistance of the battery will not be able to be brought online. The 2-hour limit allows sufficient time to effect restoration of a DC electrical power subsystem or an inoperable battery given that the majority of the conditions that lead to battery inoperability (e.g., loss of battery charger, battery cell voltage less than 2.07 V, etc.) are identified in LCOs 3.8.4, 3.8.5, and 3.8.6 together with additional specific completion times.
Condition D also represents one trai.n with a loss of ability to completely respond to an event, and a potential loss of ability to remain energized during normal operation. It is therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for complete loss of DC power to the affected subsystem. The 2-hour limit is consistent with the allowed time for an inoperable DC distribution system.
If one of the required DC electrical power subsystems is inoperable for reasons other than Condition A or B (e.g.,
inoperable battery charger and associated inoperable battery), the remaining DC electrical power subsystem has the capacity to support a safe shutdown and to mitigate an accident condition. Since a subsequent worst case single failure could, however, result .inthe loss of minimum necessary DC electrical subsystems to mitigate a worst-case accident, continued power operation should not exceed 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. The 2-hour Completion Time is based on Regulatory Guide 1.93 (Ref. 9) and reflects a reasonable time to cross connect with same train DC subsystem (1800 amp-hour rated battery required) or assess unit status as a function of the inoperable DC electrical power subsystem and, if the DC (Continued)
SAN ONOFRE--UNIT 3 B 3.8-55 Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES ACTIONS Q.1 and D.2 (continued) electrical power subsystem is not restored to OPERABLE status, to prepare to effect an orderly and safe unit shutdown. Either of Required Actions D.1 or D.2 will restore the DC subsystem train to OPERABLE status. Required Action D.2 includes a requirement to ensure the battery aligned to the cross-tied subsystem buses has adequate capacity.
Cross connection of two subsystems on two trains has not been analyzed and is therefore not permitted.
E.1 Condition E represents one train with one subsystem battery out of service and two subsystems cross-connected with one 1800 amp-hour rated battery. This alignment will allow both subsystems to remain OPERABLE for 4 days (14 days for battery replacement). The 4-day duration is adequate for routine maintenance activities such as performance of battery discharge testing (online) in MODES 1 through 4.
The 14-day duration allows for battery replacement projects.
The 4-day Completion Time includes a NOTE to allow an extension to 14 days for battery replacement.
The SONGS 2/3 Living PRA determined acceptable risk impact for a period of up to 30 days while two same train DC subsystems are cross-connected with one 1800 amp-hour rated battery supporting both buses. The analysis was performed.
consistent with the guidelines of Regulatory Guides 1.174 and 1.177.
Cross connection of two subsystems on two trains has not been analyzed and is therefore not permitted.
F.1 and F.2 If the inoperable DC electrical power subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. The Completion Time to bring the unit to MODE 5 is consistent with the time required in Regulatory Guide 1.93 (Ref. 9).
(continued)
SAN ONOFRE--UNIT 3 B 3.8-55a Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES (continued)
SURVEILLANCE SR 3.8.4.1 REQUIREMENTS Verifying battery terminal voltage while on float charge for the batteries helps to ensure the effectiveness of the battery chargers, which support the ability of the batteries to perform their intended function. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a fully charged state, while supplying the continuous steady state loads of the associated DC subsystem. On float charge, battery cells will receive adequate current to optimally charge the battery. The voltage requirements are based on the nominal design voltage of the battery and are consistent with the minimum float voltage established by the battery manufacturer (2.20 Vpc). This voltage maintains the battery plates in a condition that supports maintaining the grid life (expected to be approximately 20 years). The 7-day frequency is consistent with manufacturer recommendations and Reg. Guide 1.129, Rev. 2 (Ref. 11).
The minimum float voltage is specified in SR 3.8.104.1 (Ref. 13).
SR 3.8.4.2 This SR verifies the design capacity of the swing and dedicated battery chargers. Regulatory Guide 1.32 (Ref. 10) recommends that the battery charger supply is to be based on the largest combined demands of the various steady state loads and the charging capacity to restore the battery from the design minimum charge state to the fully charged state, irrespective of the status of the unit during these demand occurrences. The minimum required amperes and duration ensure that these requirements can be satisfied. Each required battery charger must be capable of supplying rated amps at the minimum established float voltage for 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.
The ampere requirements are based on the output rating of the chargers. The time period is sufficient for the charger temperature to have stabilized and to have been maintained for at least 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
The Surveillance Frequency is acceptable, given the unit conditions required to perform the test and the other administrative controls existing to ensure adequate charger performance during these 24-month intervals.
This SR is modified by two NOTES that clarify that the dedicated battery charger is rated at 300 amps and the swing battery charger is rated at 400 amps.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-55b Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES SURVEILLANCE SR 3.8.4.3 REQUIREMENTS (continued) A battery service test is a special test of battery capability, as found, to satisfy the design requirements (battery duty cycle) of the DC electrical power system. The discharge rate and test length should correspond to the design duty cycle requirements as specified in IEEE 450 (Ref. 4). SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 13).
For batteries with a rated capacity of 1260 amp-hours, the service test will be performed at 24-month intervals. The performance discharge test may be used in lieu of the service test at 48-month intervals as stated in the NOTE.
This SR is modified by a NOTE that allows the battery performance discharge test in SR 3.8.6.7 to be performed in lieu of the service test in SR 3.8.4.3 once per 48 months for batteries rated at 1260 amp-hours. The substitution is acceptable because the battery performance discharge test in SR 3.8.6.7 represents a more severe test of battery capacity than the service test in SR 3.8.4.3.
If for any reason a battery has to undergo a service and performance test (e.g., one following the other during scheduled maintenance testing), the service test shall be completed first. Recharging of the battery is required before the performance test is conducted. The "as found" condition prior to the performance test is state of the battery immediately prior to the performance test.
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE. The spare cells are included during battery discharge testing to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
SR 3.8.4.4 A modified performance test is comprised of performing a service test, in as-found condition, to satisfy the battery duty cycle followed immediately by a 4-hour rate constant current discharge until 1.75 Vpc is reached (Ref. 4, Annex 1.3). SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 13).
(continued)
SAN ONOFRE--UNIT 3 B 3.8-55c Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES SURVEILLANCE SR 3.8.4.4 (continued)
REQUIREMENTS This SR is modified by NOTE I which states that the modified performance discharge test in SR 3.8.6.7 will be performed for batteries rated at 1800 amp-hoirs. The substitution is acceptable because modified performance discharge test in SR 3.8.6.7 represents a more severe test of battery capacity than the service test in SR 3.8.4.4. The modified performance discharge test is described in the Bases for SR 3.8.6.7. NOTE 2 states that completed service tests and performance dischar'ge tests remain valid until the new modified performance discharge test is performed at its required frequency.
For 1800 amp-hour rated batteries, the modified performance discharge test will use the combined duty cycle of the cross-connected subsystems. Battery life expectancy is optimized by using a 30-month test interval.
A modified performance discharge test shall be performed after installation of a new battery bank for operability.
Within 2 years after initial installation, a modified battery performance discharge test shall be performed for collecting baseline data for future battery capacity trending purposes.
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE. The spare cells are included during battery discharge testing to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-55d Amendment No. 116 03/13/09
DC Sources - Operating B 3.8.4 BASES (continued)
REFERENCES 2. 10 CFR 50, Appendix A, GDC 17.
- 2. Regulatory Guide 1.6, March 10, 1971.
- 3. IEEE-308-1978.
- 4. IEEE-450-2002.
- 5. IEEE-485-1997.
- 6. UFSAR, Chapter 8.
- 7. UFSAR, Chapter 6.
- 8. UFSAR, Chapter 15.
- 9. Regulatory Guide 1.93, December 1974.
- 10. Regulatory Guide 1.32, February 1977.
- 11. Regulatory Guide 1.129, Rev. 2.
- 13. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November .14, 2008.
SAN ONOFRE--UNIT 3 B 3.8-55e Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.5 DC Sources--Shutdown BASES BACKGROUND A description of the DC sources is provided in the Bases for LCO 3.8.4, "DC Sources - Operating." When TS 3.8.5 applies, there are two exceptions to what is described in the Bases for LCO 3.8.4:
- 1. One or both train(s) of DC subsystem buses may be cross-tied to an 1800 amp-hour rated battery. This alignment allows both subsystems to remain OPERABLE. There is no time limit to the duration DC subsystem buses may be cross-tied with the unit shutdown.
- 2. With same train DC buses cross-connected, an OPERABLE charger or chargers with a combined rated capacity greater than or equal to 300 Amps is required. A "required battery charger" is one of the following:
U the "dedicated charger" aligned to its respective DC bus 0 the "swing battery charger" aligned to the respective DC bus 0 one "dedicated charger" aligned to cross-tied DC buses, or S the "swing battery charger" aligned to cross-tied DC buses.
Note: It is acceptable to have the swing charger and one dedicated charger aligned to cross-connected buses.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume that Engineered Safety Feature (ESF) systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
The OPERABILITY of the DC subsystems is consistent wit'h the initial assumptions of the accident analyses and the requirements for the supported systems' OPERABILITY.
The OPERABILITY of the minimum DC electrical power sources during MODES 5 and 6 and during movement of irradiated fuel assemblies ensures that:
- a. The unit can be maintained in the shutdown or refueling condition for extended periods; (continued)
SAN ONOFRE--UNIT 3 B 3.8-56 Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 BASES APPLICABLE b. Sufficient instrumentation and control capability is SAFETY ANALYSES available for monitoring and maintaining the unit (continued) status; and
- c. Adequate DC electrical power is provided to mitigate events postulated during shutdown, such as a fuel handling accident.
The DC sources satisfy Criterion 3 of the NRC Policy Statement.
LCO Each DC electrical power subsystem, consisting of one battery (cross connection allowed), the required battery charger, and the corresponding control equipment and interconnecting cabling supplying power to the associated bus, is required to be OPERABLE to support distribution systems required OPERABLE by LCO 3.8.10, "Distribution Systems - Shutdown." This ensures the availability of sufficient DC electrical power sources to maintain the unit in a safe shutdown condition and to mitigate the consequences of postulated events during shutdown (e.g.,
fuel handling accidents).
APPLICABILITY The DC electrical power sources required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel assemblies provide assurance that:
- a. Required features to mitigate a fuel handling accident are available;
- b. Required features necessary to mitigate the effects of events that can lead to core damage during shutdown are available; and
- c. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown condition or refueling condition.
The DC electrical power requirements for MODES 1, 2, 3, and 4 are covered in LCO 3.8.4.
ACTIONS LCO 3.0.3 is not applicable while in MODE 5 or 6. However, since irradiated fuel assembly movement can occur in MODE 1, 2, 3, or 4, the ACTIONS have been modified by a NOTE stating that LCO 3.0.3 is not applicable. If moving irradiated fuel assemblies while in MODE 5 or 6, LCO 3.0.3 would not specify (continued)
SAN ONOFRE--UNIT 3 B 3.8-57 Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 BASES ACTIONS any action. If moving irradiated fuel assemblies while in (continued) MODE 1, 2, 3, or 4, the fuel movement is independent of reactor operations. Entering LCO 3.0.3, while in MODE 1, 2, 3 or 4 would require the unit to be shutdown unnecessarily.
Conditions A and,B represent one train with one or two required battery chargers or associated control equipment or cabling inoperable (e.g., the battery voltage limit of SR 3.8.4.1 is not maintained). The ACTIONS provide a tiered response that focuses on returning the battery to the fully charged state and restoring the required charger(s) to OPERABLE status in a reasonable time period.
A.1, A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2)
Condition A is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
Required Action A.1 requires that the battery terminal voltage be restored to greater than or equal to the minimum established float voltage (? 129.0 V) within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This time provides for returning the inoperable charger to OPERABLE status or providing an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage. Restoring the battery terminal voltage to greater than or equal to minimum established float voltage provides good assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored to its fully charged condition (Required Action A.2) from any discharge that might have occurred due to.the charger inoperability.
A discharged battery having terminal voltage of at least the minimum established float voltage indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus, there is good assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding a shutdown of refueling activities.
If established battery terminal float voltage cannot be restored to greater than or equal to the minimum established float voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, and the charger is not operating in the current-limiting mode, a faulty charger is indicated. A faulty charger that is incapable of maintaining established battery terminal float voltage does not provide assurance that it can revert to and operate properly in the current limit mode that is necessary during the recovery period following a battery discharge event that the DC system is designed for.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-58 Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 BASES ACTIONS A.1, A.2. and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued)
The charger operating in the current limit mode in excess of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is an indication that the battery is partially discharged and its capacity margins will be reduced. The time to return the battery to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action A.2).
Required Action A.2 requires that the battery float current be verified as less than or equal to 1.50 amps. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 1.50 amps the battery is at least 98% charged. A 2% capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 3) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration. of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 1.50 amps this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 4). The multimeter must be capable of measuring the low magnitude of DC current (less than 1.50 amps) and filtering the induced AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action A.3 (A.3.1 or A.3.2.1 and A.3.2.2) is applicable if an alternate means of restoring battery terminal voltage to greater than or equal to the minimum established float voltage has been used (e.g., balance of plant non-Class 1E spare battery charger).
Required Action A.3.1 limits the restoration time for the required battery charger to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> if a non-IE charger with a non-iE power source is used. The restoration time for the battery charger can be extended to 7 days (required Action A.3.2.2) if the ability to power the spare battery charger from a diesel-backed source has been established within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (Required Action A.3.2.1). All preparations to accomplish the ability to power the spare battery charger must be complete within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The purpose of this (continued)
SAN ONOFRE--UNIT 3 B 3.8-59 Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 BASES ACTIONS A.1, A.2, and A.3 (A.3.1 or A.3.2.1 and A.3.2.2) (continued) provision is to facilitate connection of the spare battery charger to a diesel-backed source in 5 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> if non-lE power is lost. The 4-hour charger connection time is required because 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> after the loss of non-iE power, the battery may not supply the minimum required voltage at the loads. The 7-day completion time reflects a reasonable time to effect restoration of the required battery charger to operable status.
B.1. B.2. and B.3 (B.3.1 or B.3.2.1 and B.3.2.2)
Condition B is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
Required Action B.1 basis is the same as A.1.
Required Action B.2 requires that the battery float current be verified to be less than or equal to 0.75 amp. This indicates that, if the battery had been discharged as the result of the inoperable battery charger, it is now fully capable to supply the maximum expected load requirement.
The battery manufacturer certified that at 0.75 amp the battery is at least-98% charged. A 2% capacity margin (correction factor) has been used in the battery sizing calculation (Ref. 3) which ensures that the battery has sufficient capacity to meet the maximum expected load demand. If at the expiration of the initial 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> period the battery float current is not less than or equal to 0.75 amp this indicates there may be additional battery problems and the battery must be declared inoperable.
A digital, multimeter of high accuracy in an average function mode is required to measure the steady state float charging current (Ref. 4). The multimeter must be capable of measuring the low magnitude of DC current (less than 0.75 amp) and filtering the indicated AC noise from the connected inverter. A millivolt shunt located close to the battery terminal provides the battery float charging current signal.
Required Action B.3 (B.3.1 or B.3.2.1 and B.3.2.2) basis is the same as A.3 (A.3.1 or A.3.2.1 and A.3.2.2).
(continued)
SAN ONOFRE--UNIT 3 B 3.8-59a Amendment No. 116 03/13/09
DC Sources - Shutdown
-. B 3.8.5 BASES ACTIONS C.1 (continued)
With the required DC electrical power subsystem battery charger or associated control equipment or cabling outside the allowances of the Required Actions for Condition A or B, sufficient capacity to supply the maximum expected load requirement is not assured and the associated DC battery must be declared inoperable immediately.
D.1 or D.2.1, D.2.2. D.2.3, and D.2.4 Condition D represents one DC electrical power subsystem inoperable for reasons other than Condition A or B including when a battery is inoperable (Condition C). The ACTIONS provide a tiered response allowing the option to declare required features inoperable immediately withthe associated DC power source(s) inoperable.
If two trains are required per LCO 3.8.10, the remaining train with DC power available may be capable of supporting sufficient systems to allow continuation of CORE ALTERATIONS and fuel movement. By allowing the option to declare required features inoperable with the associated DC power source(s) inoperable, appropriate restrictions will be implemented in accordance with the affected. required features LCO ACTIONS. In many instances, this option may involve undesired administrative efforts. Therefore, the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involVing positive reactivity additions). The Required Action to suspend positive reactivity additions does not preclude actions to maintain or increase reactor vessel inventory, provided the required SDM is maintained.
Suspension of these activities shall not preclude completion of actions to establish. a safe conservative condition.
These actions minimize probability of the occurrence of postulated events. It is further required to immediately initiate action to restore the required DC electrical power subsystems and to continue this action until restoration is accomplished in order to provide the necessary DC electrical power to the unit safety systems.
The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required DC electrical power subsystems should be completed as quickly as possible in order to minimize the time during which the unit safety systems may be without sufficient power.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-59b Amendment No. 116 03/13/09
DC Sources - Shutdown B 3.8.5 BASES (continued)
SURVEILLANCE SR 3.8.5.1 REQUIREMENTS SR 3.8.5.1 states that Surveillances required by SR 3.8.4.1 through SR 3.8.4.4 are applicable in these MODES. See the corresponding Bases for LCO 3.8.4 for a discussion of each SR.
This SR is modified by a NOTE. The reason for the NOTE is to preclude requiring the OPERABLE DC sources from being discharged below their capability to provide the required power supply or otherwise rendered inoperable during the performance of SRs. It is the intent that these SRs must still be capable of being met, but actual performance is not required.
REFERENCES 1. UFSAR, Chapter 6.
- 2. UFSAR, Chapter 15.
- 4. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November 14, 2008.
SAN ONOFRE--UNIT 3 B 3.8-59c Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.6 Battery Parameters BASES BACKGROUND This LCO delineates the limits on battery float current as well as electrolyte temperature, level, and float voltage for the DC power subsystem batteries. A discussion of these batteries and their OPERABILITY requirements is provided in the Bases for LCO 3.8.4, "DC Sources - Operating," and LCO 3.8.5, "DC Sources - Shutdown." In addition to the limitations of this Specification, the licensee controlled program also implements a program specified in Administrative Controls Section 5.5.2.17 for monitoring various battery parameters that is based on recommendations of IEEE Standard 450-2002, "IEEE Recommended Practice for Maintenance, Testing, and Replacement of Vented Lead-Acid Batteries for Stationary Applications" (Ref. 3).
The battery cells are of flooded lead acid construction with a nominal specific gravity of 1.215. This specific gravity corresponds to an open circuit battery voltage of approximately 120 V for a 58-cell battery (i.e., cell voltage of 2.065 Volts per cell (Vpc)). The open circuit voltage is the voltage maintained when there is no charging or discharging. Once fully charged with its open circuit voltage Ž 2.065 Vpc, the battery cell will maintain its capacity for 30 days without further charging per manufacturer's instructions. Optimal long-term performance however, is obtained by maintaining a float voltage of 2.20 to 2.28 Vpc. This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge.
The nominal float voltage of 2.267 Vpc corresponds. to a total float voltage output of 131.5 V for a 58-cell battery.
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature systems are OPERABLE. The DC electrical power system provides normal and emergency DC electrical power for the DGs, emergency auxiliaries, and control and switching during all MODES of operation.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-60 Amendment No. 116 03/13/09
Battery Parameters I B 3.8.6 BASES APPLICABLE The OPERABILITY of the DC subsystems is consistent with the SAFETY ANALYSES initial assumptions of the accident analyses and is based (continued) upon meeting the design basis of the unit. This includes maintaining at least one train of DC sources OPERABLE during accident conditions, in the event of:
- b. A worst case single failure.
Battery parameters satisfy Criterion 3 of the NRC Policy Statement.
LCO Battery parameters must remain within acceptable limits to ensure availability of the required DC power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence or a postulated DBA.
Battery parameter limi-ts are conservatively established, allowing continued DC electrical system futiction even with-limits not met.
Note: Additional preventative maintenance, testing, and monitoring is performed in accordance with the Licensee Controlled Specifications 3.8.104, 3.8.105, and 3'.8.106 and as specified in Administrative Controls Section 5.5.2.17 (Ref. 6).
APPLICABILITY The battery parameters are required solely for the support of the associated DC electrical power subsystems.
Therefore, battery parameter. limits are only required when the DC power source is required to be OPERABLE. Refer to the Applicability discussion in the Bases for LCO 3.8.4 and LCO 3.8.5.
ACTIONS A.1, A.2.1 or A.2.2 and A.3 A battery cell is degraded when the cell float voltage is
<2.07 V. A battery bank may not be degraded with one or more degraded battery cells. Within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, verification of the required battery charger OPERABILITY is made by monitoring the battery terminal voltage (perform SR 3.8.4.1) and of the overall battery state of charge by monitoring the battery float charge current (perform SR 3.8.6.1 or SR 3.8.6.2,as applicable). This assures that there is still sufficient battery capacity to perform the intended (continued)
SAN ONOFRE--UNIT 3 B 3.8-61 Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 I
BASES ACTIONS A.I, A.2.1 or A.2.2 and A.3 (continued) function. Therefore, the affected battery is not required to be considered inoperable solely as a result of one or more cells in one or more batteries <2.07 V, and continued operation is permitted for a limited period up to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> per Required Action A.3.
Since the Required Actions of A.1 and A.2.1 or A.2.2 only specify "perform", a failure of SR 3.8.4.1 or SR 3.8.6.1 or SR 3.8.6.2 acceptance criteria does not result in this Required Action not met. However, if one of the SRs is failed, the appropriate Condition(s), depending on the cause of the failures, is entered. If SR 3.8.6.1 or SR 3.8.6.2 is failed then there is not assurance that there is still sufficientbattery capacity to perform the intended function and the battery must be declared inoperable immediately.
B.1 and B.2 Condition B is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
One or two batteries in one train with float current of
>1.50 amps indicates that a partial discharge of the battery capacity has occurred. This may be due to a temporary loss of a battery charger or possibly due to one or more battery cells in a low voltage condition reflecting some loss of capacity.
Verification of the required battery charger OPERABILITY is made by monitoring the battery terminal voltage within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> (perform SR 3.8.4.1). If the terminal voltage is found to be less than the minimum established float voltage there are two possibilities, the battery charger is inoperable or is operating in the current limit mode. The charger operating in the current limit mode after 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> is an indication that the battery has been substantially discharged and likely cannot perform its required design functions. The time to return the battery-to its fully charged condition in this case is a function of the battery charger capacity, the amount of loads on the associated DC system, the amount of the previous discharge, and the recharge characteristic of the battery. The charge time can be extensive, and there is not adequate assurance that it can be fully recharged within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (Required Action B.2). The battery must therefore be declared inoperable.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-62 Amendment No. 116 03/13/09.
Battery Parameters B 3.8.6 BASES ACTIONS B.1 and B.2 (continued)
If the float voltage is found to be satisfactory but there are one or more battery cells with float voltage less than 2.07 V, the associated "OR" statement in Condition G is applicable and the battery must be declared inoperable immediately. If float voltage is satisfactory there is a good assurance that, within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, the battery will be restored to its fully charged condition (required Action B.2) from any discharge that might have occurred due to a temporary loss of the battery charger. A discharged battery with float voltage (the charger setpoint) across its terminals indicates that the battery is on the exponential charging current portion (the second part) of its recharge cycle. The time to return a battery to its fully charged state under this condition is simply a function of the amount of the previous discharge and the recharge characteristic of the battery. Thus there is good assurance of fully recharging the battery within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />, avoiding a premature shutdown with its own attendant risk.
If the condition is due to one or more cells in a low voltage condition but still greater than 2.07 V and float voltage is found to be satisfactory, this is not indication of a substantially discharged battery and 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is a reasonable time prior to declaring the battery inoperable.
Since Required Action B.1 only specifies "perform", a failure of SR 3.8.4.1 acceptance criteria does not result in the Required Action not met. However, if SR 3.8.4.1 is failed, the appropriate Condition(s), depending on the cause of the failure, is entered.
C.1 and C.2 Condition C is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
One or two batteries in one train with float current of
> 0.75 amp indicates that a partial discharge of the battery capacity has occurred. This may be due to a temporary loss of a battery charger or possibly due to one or more battery cells in a low voltage condition reflecting some loss of capacity.
The basis for C.1 and C.2 is the same as B.1 and B.2 except for 1260 amp-hour rated batteries, Condition H applies instead of Condition G.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-63 Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES ACTIONS D.1, D.2 and D.3 (continued)
With one or two batteries on one train with one or more cells with electrolyte level above the top of the plates, but below the minimum established design limits, the battery still retains sufficient capacity to perform the intended function. Therefore, the affected battery is.not required to be considered inoperable solely as a result of electrolyte level not met. Electrolyte level limits are visually indicated on each cell via minimum and maximum electrolyte level lines. Within 31 days the minimum established design limits for electrolyte level must be re-established. With electrolyte level below the top of the plates there is a potential for dryout and plate degradation. Required Actions D.1 and D.2 address this potential (as well as provisions in Administrative Controls Section 5.5.2.17, Battery Monitoring and Maintenance Program). Actions for battery cell(s) with electrolyte level below the top of the plates, per Administrative Controls Section 5.5.2.17.c, are specified in LCS 3.8.106.
The Required Actions are modified by two NOTES:
NOTE 1 indicates that Required Actions D.1 and D.2 are only applicable if electrolyte level is below the top of the plates. Within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, the electrolyte level is required to be restored to above the top of the plates.
NOTE 2 indicates that Required Action D.2 must be completed if electrolyte level was below the top of the plates.
The Required Action D.2 requirement to verify that there is no leakage by visual inspection and the Administrative Controls Section 5.5.2.17.c initiate action to equalize and test in accordance with manufacturer's recommendation and to implement corrective actions in accordance with Annex D of IEEE Standard 450-2002 (Ref. 3). They are performed following the restoration of the electrolyte level to above the top of the plates. Based on the results of the manufacturer's recommended testing., the battery(ies) may have to be declared inoperable and the affected cells replaced.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-64 Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES ACTIONS E.1 (continued)
With one or two batteries on one train with pilot cell electrolyte temperature less than the minimum established design limit (specified in LCS SR 3.8.106), 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is allowed to restore the temperature to greater than or equal to minimum established design limits. A low electrolyte temperature limits the current and power available. Since the battery is sized with margin, while battery capacity is degraded, sufficient capacity exists to perform the intended function and the affected battery is not required to be considered inoperable solely as a result of the pilot cell electrolyte temperature not met.
F.1 With one or more batteries in redundant trains with battery parameters not within limits there is not sufficient assurance that battery capacity has not been affected to the degree that the batteries can still perform their'required function, given that redundant batteries are involved. With redundant batteries involved this potential could result in a total loss of function on multiple systems that rely upon the batteries. The longer completion times specified for battery parameters on non-redundant batteries not within limits are therefore not appropriate, and the parameters must be restored to within limits on at least one train within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
G. I' Condition G is modified by a NOTE identifying that it is only applicable to 1800 amp-hour rated batteries.
With one or more batteries with any battery parameter outside the allowances of the Required Actions for Condition A, B, D, E or F, sufficient capacity to supply the maximum expected load requirement is not assured and the corresponding DC battery must be declared inoperable immediately. Additionally, discovering one or two batteries in one train with one or more battery cells with float voltage less than 2.07 V and float current greater than 1.50 amps indicates that the battery capacity may not be sufficient to perform the intended functions. The battery must therefore be declared inoperable immediately.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-65 Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES ACTIONS H.1 (continued)
Condition H is modified by a NOTE identifying that it is only applicable to 1260 amp-hour rated batteries.
With one or more batteries with any battery parameter outside the allowances of the Required Actions for Condition A, C, D, E, or F, sufficient capacity to supply the maximum expected load requirement is not assured and the corresponding DC battery must be declared inoperable immediately. Additionally, discovering one or two batteries in one train with one or more battery cells with float voltage less than 2.07 V and float current greater than 0.75 amp indicates that the battery capacity may not be sufficient to perform the i.ntended functions. The battery must therefore be declared inoperable immediately.
SURVEILLANCE SR 3.8.6.1 REQUIREMENTS Verifying battery float current while on float charge is used to determine the state of charge of the battery. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a charged state. The float current requirements are based on the float current indicative of a charged battery. Use of float current to determine the state of charge of the battery and the 7-day frequency is consistent with the battery manufacturer's recommendation.
This SR is modified by a NOTE that states the float current requirement is not required to be met when battery terminal voltage is less than the minimum established float voltage of SR 3.8.4.1. When this float voltage is not maintained the Required Actions of LCO 3.8.4 Action A are being taken, which provide the necessary and appropriate verifications of the battery condition. Furthermore, the float current limit of
- 1.50 amps for batteries rated at 1800 amp-hours is established based on the nominal float voltage value and is not directly applicable when this voltage is not maintained.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-66 Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.2 REQUIREMENTS (continued) Verifying battery float current while on float charge is used to determine the state of charge of the battery. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery and maintain the battery in a charged state. The float current requirements are based on the float current indicative of a charged battery. Use of float current to determine the state of charge of the battery and the 7-day Frequency is consistent with the battery manufacturer's recommendation.
This SR is modified by a NOTE that states the float current requirement is not required to be met when battery terminal voltage is less than the minimum established float voltage of SR 3.8.4.1. When this float voltage is not maintained the Required Actions of LCO 3.8.4 Action B are being taken, which provide the necessary and appropriate verifications of the battery condition. Furthermore, the float current limit of < 0.75 amp for batteries rated at 1260 amp-hours is established based on the nominal float voltage value and is not directly applicable when this voltage is not maintained.
SR 3.8.6.3 and SR 3.8.6.6 SRs 3.8.6.3 and 3.8.6.6 require verification that the pilot or connected cell float voltages are equal to or greater than the short term absolute minimum voltage of 2.07 V.
Optimal long-term battery performance is obtained by maintaining a float voltage greater than or equal to the minimum established design limits provided by the battery manufacturer. This provides adequate over-potential, which limits the formation of lead sulfate and self-discharge, which could eventually render the battery inoperable. Float voltage less than the administrative limit in LCS 3.8.106, but greater than 2.07 Vpc, is addressed in LCS 3.8.106 as required by Administrative Controls Section 5.5.2.17, items a and b. The frequency for cell voltage verification every 31 days for each pilot cell and 92 days for each connected cell is consistent with IEEE-450-2002 (Ref. 3).
(continued)
SAN ONOFRE--UNIT 3 B 3.8-66a Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.4 REQUIREMENTS (continued) The limit specified for electrolyte level ensures that the plates suffer no physical damage and maintain adequate electron transfer capability. The minimum established design limit is the minimum mark on the cell jar, which is above the top of the plates. The 31-day frequency is consistent with IEEE-450-2002 (Ref. 3). Battery cells with electrolyte level below the top of the plates are addressed in LCS 3.8.106.
SR 3.8.6.5 This Surveillance verifies that each pilot cell temperature is greater than or equal to the minimum established design limit, which is specified in LCS 3.8.106. Pilot cell electrolyte temperature is maintained above this temperature to assure the battery can provide the required current and voltage to meet the design requirements. Temperatures lower than assumed in battery sizing calculations act to inhibit or reduce battery capacity. The 31-day frequency is consistent with IEEE-450-2002 (Ref. 3).
(continued)
SAN ONOFRE--UNIT 3 B 3.8-66b Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 BASES SURVEILLANCE SR 3.8.6.7 REQUIREMENTS (continued) A battery performance discharge test is a test of constant current capacity of a battery, normally done in the "as found" condition, after having been in service, to detect any change in the capacity determined by the acceptance test. The test is intended to determine overall battery degradation due to age and usage. For 1800 amp-hour rated batteries, the modified performance discharge test will use the combined duty cycle of the cross-connected subsystems.
Either the battery performance discharge test or the modified performance discharge test is.acceptable for satisfying SR 3.8.6.7. SR 3.8.106.8 is required to be performed prior to a battery service test or performance discharge test (Ref. 6).
A modified performance discharge test is a test of the battery capacity and its ability to provide a high rate, short duration load (usually the highest rate of the duty cycle). This will confirm the battery's ability to meet the critical period of the load duty cycle, in addition to determining its percentage of rated capacity. Initial conditions for the modified performance discharge test should be identical to those specified for a service test.
The modified performance discharge test is conducted in accordance with IEEE 450-2002 Annex 1.3. The battery terminal voltage for the modified performance discharge test must remain above the minimum battery terminal voltage specified in the battery service test for the duration of time equal to that of the service test.
The acceptance criteria for this Surveillance are consistent with IEEE-450-2002 (Ref. 3) and IEEE-485-1997 (Ref. 4).
These references recommend that the battery be replaced if its capacity is below 80% of the manufacturer rating. A capacity of 80% shows that the battery rate of deterioration is increasing, even if there is ample capacity to meet the load requirements. Furthermore, the battery is sized to meet the assumed duty cycle loads when the battery design capacity reaches this 80% limit..
(continued)
SAN ONOFRE-UNIT 3 B 3.8-66c Amendment No. 116 03/13/09
Battery Parameters B 3.8.6 I BASES SURVEILLANCE SR 3.8.6.7 (continued)
REQUIREMENTS The Surveillance Frequency for this test is normally 60 months. If the battery shows degradation, or if the battery has reached 85% of its expected life and capacity is
<100% of the manufacturer's rating, the Surveillance Frequency is reduced to 12 months. However, if the battery shows no degradation but has reached 85% of its expected life, the Surveillance Frequency is only reduced to 24 months for batteries that have capacity Ž 100% of the manufacturer's rating. Degradation is indicated, according to IEEE-450-2002 (Ref. 3), when the battery capacity drops by more than 10% relative to its capacity on the previous performance test or when it is Ž 10% below the manufacturer's rating. These frequencies are consistent with the recommendations in IEEE-450-2002 (Ref. 3).
Spare cell(s) are normally maintained qualified by installing them in a seismic battery rack, kept on float charge and surveilled as if they were OPERABLE. The spare cells are included during battery discharge testing to demonstrate their adequacy under the discharge conditions that would be present if they were OPERABLE.
If for any reason a battery has to undergo a service and performance test (e.g., one following the other during scheduled maintenance testing), the service test shall be completed first. Recharging of the battery is required before the performance test is conducted. The "as found" condition prior to the performance test is state of the battery immediately prior to the performance test.
REFERENCES 1. UFSAR, Chapter 6:
- 2. UFSAR, Chapter 15.
- 3. IEEE-450-2002.
- 4. IEEE-485-1997.
- 6. Response to Request for Additional Information on Battery and DC Sources Upgrades dated November 14, 2008.
SAN ONOFRE--UNIT 3 B 3.8-66d Amendment No. 116 03/13/09
Inverters -Operating B 3.8.7 BASES (continued)
LCO The inverters ensure the availability of AC electrical power for the systems instrumentation required to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AO0) or a postulated DBA.
Maintaining the required inverters OPERABLE ensures that the redundancy incorporated into the design of the RPS and ESFAS instrumentation and controls is maintained. The four battery powered inverters (one per channel) are required to be OPERABLE to ensure an uninterruptible supply of AC electrical power to the AC vital b.uses even if the 4.16 kV safety buses are de-energized.
OPERABLE inverters require the associated AC vital bus *to be
.powered by the inverter, which has the correct DC voltage (105-140 V) applied from a battery to the inverter input, and inverter output AC voltage within tolerances.
APPLICABILITY The inverters are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided, and containment OPERABILITY and other. vital functions are maintained in the event of a postulated DBA.
Inverter requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.8, "Inverters--Shutdown."
ACTIONS A.1 and A.2 Required Action A.1 is modified by a Note, which states to enter the applicable conditions and Required Actions of LCO 3.8.9, "Distribution Systems--Operating," when Condition A is entered with one AC vital bus de-energized.
This ensures the vital bus is returned to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
(continued)
SAN ONOFRE--UNIT 3 B 3 .8-68 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.9 Distribution Systems - Operating BASES BACKGROUND The onsite Class 1E AC, DC, and AC vital bus electrical power distribution systems are divided as follows:
" Train A and Train B for AC
" Subsystems A, B, C, and D for DC
- Channels A, B, C, and D for AC vital bus electrical power distribution systems.
The AC primary electrical power distribution system is divided into two trains consisting of two 4.16 0V Engineered Safety Feature (ESF) buses, each having at least one separate and independent offsite source of power as well as a dedicated onsite diesel generator (DG) source. Each 4.16 kV ESF bus is normally connected to a preferred offsite source. After a loss of the preferred offsite power source to a 4.16 kV ESF bus, a transfer to the alternate offsite source is accomplished by utilizing a time delayed bus undervoltage relay. If all offsite sources are unavailable, the onsite emergency DG supplies power to the 4.16 kV ESF bus. Control power for the 4.16 kV breakers is supplied from the Class 1E batteries. Additional description of this system is in the Bases for LCO 3.8.1, "AC Sources-Operating," and the Bases for LCO 3.8.4, "DC Sources-Operating."
The 120 VAC vital buses are arranged into four channels and each channel is normally powered from its own channel inverter. The alternate power supply for the vital buses are Class 1E constant voltage source transformers powered from one of the trains in the same load group (one transformer per load group) which is governed by LCO 3.8.7, "Inverters - Operating." Each constant voltage source transformer is powered from a Class IE AC bus.
There are four independent 125 VDC electrical power distribution subsystems.(two for each Train). Background detail for the DC System is found in the Bases for LCO 3.8.4, "DC Sources - Operating" and the Bases for LCO 3.8.6, "Battery Parameters."
The AC systems, DC subsystems, and the AC vital buses are further defined in Table B 3.8.9-1.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-75 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 BASES (continued)
APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume ESF systems are OPERABLE. The AC, DC, and AC vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System, and containment design limits are not exceeded. These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS); and Section 3.6, Containment Systems.
The OPERABILITY of the AC and DC electrical power distribution'systems and AC vital buses are consistent with the initial assumptions of the accident analyses and is based upon meeting the design basis of the unit. This includes maintaining power distribution systems OPERABLE during accident conditions in the event of:
- a. An assumed loss of all offsite power or all onsite AC electrical power; and
- b. A worst case single failure.
The distribution systems satisfy Criterion 3 of the NRC Policy Statement.
LCO The required power distribution systems listed in Table 8 3.8.9-1 ensure the availability of AC, DC, and AC vital bus electrical power for the systems required to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (ADO) or a postulated DBA. The AC, DC, and AC vital bus electrical power distribution systems are required to be OPERABLE.
Maintaining the Train A and Train B AC, Subsystems A, B, C, and D DC, and Channels A, B, C, and D AC vital bus electrical power distribution systems OPERABLE ensures that the redundancy incorporated into the design of the ESF is not defeated. Therefore, a single failure within any electrical power distribution system will not prevent safe shutdown of the reactor.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-76 Amendment No. 116 03/13/09
'Distribution Systems - Operating B 3.8.9 BASES LCO OPERABLE AC, DC, and AC vital bus electrical power (continued) distribution systems require the associated buses and load centers to be energized to their proper voltages.
APPLICABILITY The electrical power distribution systems are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
- a. Acceptable fuel design limits and 'reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
- b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
Electrical power distribution system requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.10,.
"Distribution Systems--Shutdown."
ACTIONS A.1 With one or more required AC buses or the required load center, except AC vital buses, in one train inoperable, the remaining AC electrical power distribution system in the other train is capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure.
The overall reliability is reduced, however, because a single failure in the remaining power distribution system could result in the minimum required ESF functions not being supported. Therefore, the required AC buses and load center must be restored to OPERABLE status within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.
Condition A worst scenario is one train without AC power (i.e., no offsite power to the train and the associated DG inoperable). In this condition, the unit is more vulnerable to a complete loss of AC power. It is, therefore, imperative that the unit operator's attention be focused on minimizing the potential for loss of power to the remaining (continued)
SAN ONOFRE--UNIT 3 B 3.8-77 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS A.1 (continued) train by stabilizing the unit, and on restoring power to the affected train. The 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> time limit before requiring a unit shutdown in this condition is acceptable because of:
- a. The potential for decreased safety if the unit operator's attention is diverted from the evaluations and actions necessary to restore power to the affected train, to the actions associated with taking the unit to shutdown within this time limit; and
- b. The potential for an event in conjunction with a single failure of a redundant component in the train with AC power.
The second Completion Time for Required Action A.1 establishes a limit on the maximum time allowed for any combination of required distribution systems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DC subsystem is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of, the LCO, to restore the AC distribution system. At this time, a DC circuit could again become inoperable, and AC distribution restored OPERABLE.
This could continue indefinitely.
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition A was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
B.1 With one or more AC vital bus inoperable, the remaining OPERABLE AC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition. Overall reliability is reduced, however, since an additional single failure could result in the minimum required ESF functions (continued)
SAN ONOFRE--UNIT 3 B 3.8-78 Amendment No. 116 03/13/09
Distribution Systems -- Operating B 3.8.9 BASES ACTIONS B.1 (continued) not being supported. Therefore, the required AC vital bus must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Condition B represents one or more AC vital bus without power; potentially both the DC source and the associated AC source are nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all noninterruptible power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining vital buses, and restoring power to the affected vital bus.
This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate vital AC power.
The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time takes into account the importance to safety of restoring the AC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE vital buses, and the low probability of a DBA occurring during this period.
The second Completion Time for Required Action B.1 establishes a limit on the maximum time allowed for any combination of required distribution systems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an AC bus is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the vital bus distribution system. At this time, an AC train could again become inoperable, and vital bus distribution restored OPERABLE. This could continue indefinitely.
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition B was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-79 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS C.1 (continued)
With one or more DC electrical power distribution subsystems in one train inoperable, the remaining DC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining DC electrical power distribution subsystem could result in the minimum required DC subsystem must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
Condition C represents one or more subsystems without adequate DC power; potentially both with the battery significantly degraded and the associated charger nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all DC power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining subsystems and restoring power to the affected subsystem.
This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components which would be without power.
The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time for DC subsystems is consistent with Regulatory Guide 1.93 (Ref. 3).
The second Completion Time for Required Action C.1 establishes a limit on the maximum time allowed for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition C is entered while, for instance, and AC bus is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the DC distribution system. At this time, an AC train could again become inoperable, and DC distribution restored OPERABLE.
This could continue indefinitely.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-80 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 BASES ACTIONS C.1 (continued)
The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."
This will result in establishing the "time zero" at the time the LCO was initially not met, instead of the time Condition C was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.
D.1 and D.2 If the inoperable dist.ribution subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable.,
based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
SURVEILLANCE SR 3.8.9.1 REQUIREMENTS This Surveillance verifies that the AC, DC, and AC vital bus electrical power distribution systems are functioning properly, with all the required circuit breakers closed and the buses energized from normal power. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The 7 day Frequency takes into account the redundant capability of t.he AC, DC, and AC vital bus electrical power distribution systems, and other indications available in the control room that alert the operator to system malfunctions.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-81 Amendment No. 116 03/13/09
Distribution Systems - Operating B 3.8.9 Table B 3.8.9-1 (Page I of 1)
AC and DC Electrical Power Distribution Systems TYPE VOLTAGE TRAIN A TRAIN B 4160 V ESF Bus A04 ESF Bus A06 AC 480 V Load Center B04 Load Center B06 SUBSYSTEM A SUBSYSTEM C SUBSYSTEM B SUBSYSTEM D DC 125 V Bus DI Bus D3 Bus D2 Bus D4 Panel DIPI Panel D3P1 Panel D2PI Panel D4PI CHANNEL A CHANNEL C CHANNEL B CHANNEL D AC vital 120 V bus Bus Y01 Bus Y03 Bus Y02 Bus Y04 SAN ONOFRE--UNIT 3 B 3.8-83 Amendment No. 116 03/13/09
Distribution Systems - Shutdown B 3.8.10 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.10 Distribution Systems - Shutdown BASES BACKGROUND A description of the AC, DC, and AC vital bus electrical power distribution systems is provided in the Bases for LCO 3.8.9, "Distribution Systems--Operating" and the Bases for LCO 3.8.5, "DC Sources - Shutdown."
APPLICABLE The initial conditions of Design Basis Accident and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature (ESF) systems are OPERABLE. The AC, DC, and AC vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System, and containment design limits are not exceeded.
The OPERABILITY of the AC and DC electrical power distribution systems and AC vital buses is consistent with the initial assumptions of the accident analyses and the requirements for the supported systems' OPERABILITY.
The OPERABILITY of the minimum AC and DC electrical power distribution systems, and AC vital buses during MODES 5 and 6 ensures that:
- a. The unit can be maintained in the shutdown or refueling condition for extended periods;
- b. Sufficient instrumentation and control capability is available for monitoring and maintaining the unit status; and
- c. Adequate power is provided to mitigate events postulated during shutdown, such as a fuel handling accident.
The AC and DC electrical power distribution systems satisfy Criterion 3 of the NRC Policy Statement.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-84 Amendment No. 116 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES (continued)
LCO Various combinations of electrical distribution systems, equipment, and components are required OPERABLE by other LCOs, depending on the specific unit condition. Implicit in those requirements is the required OPERABILITY of necessary support required features. This LCO explicitly requires energization of the portions of the electrical distribution system necessary to support OPERABILITY of required systems, equipment and components-all specifically addressed in each LCO and implicitly required via the definition of OPERABILITY.
Maintaining these portions of the distribution system energized ensures the availability of sufficient power to operate the unit in a safe manner to mitigate the consequences of postulated events during shutdown (e.g.,
fuel handling accidents).
APPLICABILITY The AC and DC electrical power distribution systems required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel assemblies, provide assurance that:
- a. Systems to provide adequate coolant inventory makeup are available for the irradiated fuel in the core;
- b. Systems needed to mitigate a fuel handling accident are available;
- c. Systems necessary to mitigate the effects of events that can lead to core damage during shutdown are available; and
- d. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown condition and refueling condition.
The AC and DC electrical power distribution systems, and AC vital buses requirements for MODES 1, 2, 3, and 4 are covered in LCO 3.8.9.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-85 Amendment No. 116 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES (continued)
ACTIONS A.1, A.2.1, A.2.2, A.2.3, A.2.4, and A.2.5 Although redundant required features may require redundant trains of electrical power distribution systems to be OPERABLE, one OPERABLE distribution system may be capable of supporting sufficient required features to allow continuation of CORE ALTERATIONS and fuel movement. By allowing the option to declare required features associated with an inoperable distribution system inoperable, appropriate restrictions are implemented in accordance with the affected distribution system LCO's Required Actions. In many instances, this option may involve undesired administrative efforts. Therefore, the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS, movement of irradiated.fuel assemblies, and operations involving positive reactivity additions that could result in loss of required SDM (Mode 5) or boron concentration (Mode 6)). Suspending positive reactivity additions that could result in failure to meet the minimum SDM or boron concentration limit is,required to assure continued safe operation. Introduction of coolant inventory must be from sources that have a boron concentration greater than what would be required in the RCS for minimum SDM or refueling boron concentration. This may result in an overall reduction in RCS boron concentration, but provides acceptable margin to maintaining subcritical operation.
Introduction of temperature changes including temperature increases when operating with a positive MTC must also be evaluated to ensure they do not result in a loss of required SDM.
Suspension of these activities shall not preclude completion of actions to establish a safe conservative condition.
These actions minimize the probability of the occurrence of postulated events. It is further required to immediately initiate action to restore the required AC and DC electrical power distribution systems and to continue this action until restoration is accomplished in order to provide the necessary power to the unit safety systems.
Notwithstanding performance of the above conservative Required Actions, a required shutdown cooling (SDC) system may be inoperable. In this case, these Required Actions of Condition A do not adequately address the concerns relating to coolant circulation and heat removal. Pursuant to LCO 3.0.6, the SDC ACTIONS would not be entered.
(continued)
SAN ONOFRE--UNIT 3 B 3.8-86 Amendment No. 116 03/13/09
Distribution Systems - Shutdown B 3.8.10 BASES ACTIONS A.1, A.2.1, A.2.2, A.2.3, A.2.4, and A.2.5 (continued.)
Therefore, the Required Actions of Condition A direct declaring SDC inoperable, which results in taking the appropriate SDC actions.
The Completion Time'of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required distribution systems should be completed as quickly as possible in order to minimize the time the unit safety systems may be without power.
SURVEILLANCE SR 3.8.10.1 REQUIREMENTS This Surveillance verifies that the AC, DC, and AC vital bus electrical power distribution system is functioning properly, with all the required buses energized. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The 7-day frequency takes into account the redundant capability of the electrical power distribution systems and other indications available in the control room that alert the operator to system malfunctions.
REFERENCES 1. UFSAR, Chapter 6.
- 2. UFSAR, Chapter 15.
SAN ONOFRE--UNIT 3 B 3.8-87 Amendment No. 116 03/13/09