CP-200900520, License Amendment Request (LAR 09-003), Revision to Technical Specification 3.8.1, AC Sources - Operating, for One-Time, 14-Day Completion Time for Offsite Circuits

From kanterella
(Redirected from ML093080341)
Jump to navigation Jump to search

License Amendment Request (LAR 09-003), Revision to Technical Specification 3.8.1, AC Sources - Operating, for One-Time, 14-Day Completion Time for Offsite Circuits
ML093080341
Person / Time
Site: Comanche Peak  Luminant icon.png
Issue date: 10/26/2009
From: Madden F
Luminant Generation Co, Luminant Power
To:
Document Control Desk, Office of Nuclear Reactor Regulation
Shared Package
ML130520005 List:
References
CP-200900520, LAR 09-003, TXX-09026
Download: ML093080341 (77)
v  d  e


Text

Rafael Flores Luminant Power Senior Vice President P.O. Box 1002

& Chief Nuclear Officer 6322 North FM 56 rafaeliflores@luminant.com Glen Rose, TX 76043 Lum inantT 254 897 5590 LuminantC 817 559 0403 F 254 897 6652 CP-200900520 Ref:

10 CFR 55.90 TXX-09026 File

  1. 236 October 26, 2009 U. S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

SUBJECT:

COMANCHE PEAK STEAM ELECTRIC STATION (CPSES) DOCKET NOS. 50-445 AND 50-446, LICENSE AMENDMENT REQUEST (LAR)09-003, REVISION TO TECHNICAL SPECIFICATION 3.8.1, "AC SOURCES - OPERATING," FOR A ONE-TIME, 14-DAY COMPLETION TIME FOR OFFSITE CIRCUITS

REFERENCE:

Pre-application Meeting Between the Nuclear Regulatory Commission and Luminant Generation Company LLC to Discuss the Future Request for a One-time, 14-Day License Amendment Request to Technical Specification 3.8.1, "AC Sources - Operating," (TAC NOS. ME1739 and ME1740), Dated August 25, 2009.

Dear Sir or Madam:

Pursuant to 10CFR50.90, Luminant Generation Company LLC (Luminant Power) hereby requests an amendment to the Comanche Peak Steam Electric Station (CPSES), herein referred to as Comanche Peak Nuclear Power Plant (CPNPP), Unit 1 Operating License (NPF-87) and CPSES Unit 2 Operating License (NPF-89) by incorporating the attached change into the CPSES Unit 1 and 2 Technical Specifications (TS).

This change request applies to both Units.

On August 25, 2009, Luminant Power met with the Nuclear Regulatory Commission to discuss a proposed change to plant TS in the Reference above. The proposed change will revise TS 3.8.1 entitled "AC Sources - Operating" to extend, on a one-time basis, the allowable Completion Time (CT) of Required Action A.3 for one offsite circuit inoperable, from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days. This change is only applicable to startup transformer XST2 and will expire on March 1, 2011. This change is needed to allow sufficient time to make final terminations as part of a plant modification to facilitate connection of either startup transformer (ST) XST2 or the spare startup transformer to the 1E buses. After completion of this modification, if XST2 should require maintenance or repair or if failure occurs, then the spare startup transformer can be connected to the 1E buses well within the current CT.

Luminant Power's justification for this change to TS 3.8.1 Required Action A.3 Completion Time is based upon the risk informed, deterministic evaluation presented in Attachment 1 to this letter. The change is consistent with the guidance in Regulatory Guides (RG) 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," and 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications" (References 8.1 and 8.2, respectively).

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway Comanche Peak

  • Diablo Canyon
  • Palo Verde ' San Onofre - South Texas Project
  • Wolf Creek A

U. S. Nuclear Regulatory Commission TXX-09026 Page 2 10/26/2009 Attachment I provides a detailed description of the proposed change, a technical analysis of the proposed change, Luminant Power's determination that the proposed change does not involve a significant hazard consideration, a regulatory analysis of the proposed change, and an environmental evaluation. The Appendix to Attachment I provides the details of the scope and quality of the Comanche Peak Nuclear Power Plant (CPNPP) Probabilistic Risk Assessment (PRA) model. Attachment 2 provides the affected Technical Specification (TS) page marked-up to reflect the proposed change. Attachment 3 provides the proposed changes to the TS Bases for information only. These changes will be processed per CPNPP site procedures. provides the retyped Technical Specification page which incorporates the requested change. Attachment 5 provides retyped Technical Specification Bases pages which incorporate the proposed changes for information only. Attachment 6 provides marked-up pages of the Final Safety Analysis Report (for information only) which reflect the proposed changes to the FSAR. contains new commitments which will be completed or incorporated in the CPNPP Licensing Basis as noted. The Commitment number is used by Luminant Power for the internal tracking of CPNPP commitments.

Luminant Power requests approval of the proposed License Amendment by September 30, 2010, to be implemented within 120 days of the issuance of the license amendment. The plant does not require this amendment to allow continued safe full power operation although approval is required to support a plant modification which will facilitate future connection of either the startup transformer XST2 or the spare startup transformer to the 1E buses within the current TS CT.

In accordance with 10CFR50.91(b), Luminant Power is providing the State of Texas with a copy of this proposed amendment.

Should you have any questions, please contact Ms. Tamera J. Ervin-Walker at (254) 897-6902.

I state under penalty of perjury that the foregoing is true and correct.

Executed on October 26, 2009.

Sincerely, Luminant Generation Company, LLC Rafael Flores By:

Fred W. Madden Director, Oversight and Regulatory Affairs

U. S. Nuctear Regulatory Commission TXX-09026 Page 3 10/26/2009 TJEW Attachments 1.

2.

3.

4.

5.

6.

7.

Description and Assessment Proposed Technical Specifications Change Proposed Technical Specifications Bases Change (for information)

Retyped Technical Specifications Pages Retyped Technical Specification Bases Pages (for information)

Proposed FSAR change (for information)

Summary of Regulatory Commitments c -

E. E. Collins, Region IV G. D. Replogle, Region IV B. K. Singal, NRR Resident Inspectors, CPNPP Alice Hamilton Rogers, P. E.

Inspection Unit Manager Texas Department of State Health Services Mail Code 1986 P. 0. Box 149347 Austin, Texas 78714-9347

ATTACHMENT 1 to TXX-09026 DESCRIPTION AND ASSESSMENT to TXX-09026 Page 2 of 51 10/26/2009 LICENSEE'S EVALUATION

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration 5.2 Applicable Regulatory Requirements/ Criteria

6.0 ENVIRONMENTAL CONSIDERATION

7.0 PRECEDENTS

8.0 REFERENCES

APPENDIX - CPNPP PRA MODEL QUALITY to TXX-09026 Page 3 of 51 10/26/2009

1.0 DESCRIPTION

By this letter, Luminant Generation Company LLC (Luminant Power) requests an amendment to the Comanche Peak Steam Electric Station, herein referred to as Comanche Peak Nuclear Power Plant (CPNPP), Unit 1 Operating License (NPF-87) and Unit 2 Operating License (NPF-89) by incorporating the attached change into the Comanche Peak Unit 1 and 2 Technical Specifications (TS). Proposed change license amendment request (LAR)09-003 is a request to revise Technical Specifications (TS) 3.8.1, "AC Sources - Operating" to an OR statement to the Completion Time (CT) of Required Action A.3. The note is applicable only to startup transformer XST2, expires on March 1, 2011, and will allow, on a one-time basis, extension of the CT from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days.

Proposed Final Safety Analysis Report (FSAR) (Reference 8.3) changes, as discussed in section 2 below, are included in Attachment 6 for information only.

2.0 PROPOSED CHANGE

The proposed change is summarized below and shown in Attachment 2.

The proposed change would revise Technical Specifications (TS) 3.8.1, "AC Sources - Operating,"

by adding the following note to the Completion Time (CT) of Required Action A.3:"14 days for a one-time outage on XST2 to complete a plant modification to be completed by March 1, 2011."

The extended CT will allow a proposed maintenance outage to complete cable terminations as part of a plant modification to provide the capability to connect either XST2 or the spare startup transformer to the 1E buses within the current TS CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

For information only, this license amendment request includes markups in Attachment 3 indicating proposed associated changes to the Bases for TS 3.8.1, "AC Sources - Operating."

Retyped TS pages and TS Bases pages which incorporate the proposed changes are provided in Attachments 4 and 5, respectively.

The proposed changes.in Chapter 8 and 9.5.1.5.6 of the Final Safety Analysis Report (FSAR)

(Reference 8.3) (Attachment 6) reflect a name change for the spare startup transformer from XST1/2 to XST2A and installation of new cable buses and transfer panels. The FSAR Table and Figures not shown in the Attachment, but which will also be updated, are Table 8.3-3 and Figures 1.2-1, 8.2-1, 8.2-4, 8.2-1 Sheet 1, 8.2-10 Sheets I and 2, 8.1-11, and 10.2-1.

3.0 BACKGROUND

3.1 Current Plant Design The 138 kilo volt (kV) switchyard and 345kV switchyard are supplied from seven transmissions lines, two lines to the 138kV switchyard and five to the 345kV switchyard.

The 138kV switchyard is physically and electrically independent of the 345kV switchyard. The 345kV and the 138kV switchyards each consist of a two bus arrangement having one breaker per transmission circuit. Transmission circuits terminate in individual positions on alternate buses in the switchyards. Power can be supplied to each switchyard from any of their respective transmission circuits. The plant switchyards and transmission line connections are shown in FSAR Figure 8.2-1.

to TXX-09026 Page 4 of 51 10/26/2009 Two physically independent and redundant sources of offsite power are available on an immediate basis for the safe shutdown of either Unit. The preferred source to Unit 1 is the 345kV offsite supply from the Comanche Peak Nuclear Power Plant (CPNPP) 345kV switchyard and the startup transformer (ST), XST2; the preferred source to Unit 2 is the 138kV offsite supply from the CPNPP 138kV switchyard and the ST, XST1. The preferred power sources supply power to the 6.9kV Class 1E buses during plant startup, normal operation, emergency shutdown, and upon a Unit trip. This eliminates the need for automatic transfer of safety-related loads in the event of a Unit trip. In the event one ST (e.g., XST1, a preferred source) becomes unavailable to its normally fed Class 1E buses, power is made available from the other ST (e.g., XST2, an alternate source) by an automatic transfer scheme. For the loss of a ST, the load transfer only takes place in the Unit for which the transformer was the preferred source. If it becomes necessary to safely shutdown both Units simultaneously, sharing of these offsite power sources between the two Units has no effect on the station electrical system reliability because each transformer is capable of supplying the required safety related loads of both Units although the design criteria require consideration of a Design Basis Accident (DBA) on one Unit only.

The STs and spare startup transformer are physically located in the protected area near the Turbine Building (TB) and not in the switchyards. The switchyards are approximately 600 feet due west of the TB. XST1 is connected to the 138kV switchyard by an overhead line, while XST2 and the spare startup transformer are connected to the 345kV switchyard by a common overhead line.

Currently, if XST2 requires maintenance that would exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, or if XST2 catastrophically fails, it would take about 18 to 21 days to replace XST2 with the spare startup transformer. The timing is dependant on the mobilization/availability of heavy haulers, extent of transformer damage, and the availability of needed equipment and personnel to perform the work. Since each ST provides one of the two required offsite AC sources for each CPNPP Unit, an outage of either ST for greater than the current CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> would require that both Units be shutdown to Mode 5 simultaneously.

3.2 Proposed Plant Design Modification The requested extended CT is needed to allow sufficient time to make final terminations as part of a plant modification to facilitate connection of ST XST2 or the spare startup transformer (renamed XST2A) to the 1E buses within the current TS CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

Installation of this modification will enhance the plant design by providing the capability to preclude an extended interruption of offsite power in case of failure of, or maintenance on, XST2 that would exceed the CT.

Installation of the cabling from XST2 and spare ST to the new 6.9kV transfer panels will allow the spare ST to be a fully installed spare capable of being aligned to provide power to the 1E buses in place of XST2 from its current location within the existing CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

The modification will be completed in two phases. The transfer panels and additional cables and raceway connections to the spare startup transformer will be installed with both XST1 and XST2 available and while both CPNPP Units continue power operations in Mode 1. However for the second phase, making the final cable terminations on XST2 and the transfer panels, XST2 will be out-of-service for greater than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> but less or equal to 14 days.

to TXX-09026 Page 5 of 51 10/26/2009 In general, completing the modification will require that XST2 be removed from service in order to route the existing cabling from the transformer to the 1E buses thru the transfer panels installed for this modification. The entire sequence of activities is projected to require approximately 11 days and 13 hours1.50463e-4 days <br />0.00361 hours <br />2.149471e-5 weeks <br />4.9465e-6 months <br /> to complete. Table 1, provides a more detailed list of planned maintenance activities and their durations.

Table 1.

Transformer Outage Scheduled Work Dates Approximate Maintenance Activity Tierours Time (Hours)

Hang Clearance and Remove XST2 from Service*

2 Complete Scaffolding 6

Remove XST2 Cover 12 Remove Cable Tray Covers 12 Breach Seal 1

Tag/ Phase/Determ XST2 12 Pull Out Cables 30 Modify Tray 18 Pull In Cables 30 Install Transfer Panel Stress Cones/Terms 54 Install Seal 18 Start Install Tray Covers 18 Seal Cure Time 16 Quality Assurance Acceptance 3

Complete Install Tray Covers 6

Megger 6

Land Leads at XST2 18 Install XST2 Cover 12 Test XST2, Remove Clearance, and Restore XST2 to Service**

72

  • Enter 14-day CT
    • Exit 14-day CT

_777771 3.3 Post-Modification Plant Design Once the modification to the plant is complete and XST2 needs maintenance or if XST2 fails, the spare ST can be connected to the safety buses to restore the 345kV offsite source within the current TS CT. After maintenance or repair on XST2 is completed, XST2 may be put back in-service.

Upon completion of the proposed maintenance outage on XST2, the spare ST will still retain the ability to be used as a spare startup transformer for XST1. However, the spare ST will have to be physically relocated to a dedicated location near XST1. This relocation will take about 18 to 21 days which exceeds the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> CT in TS, requiring both Units to shutdown. Therefore, CPNPP is considering the purchase of a dedicated spare for XST1.

Consequently, CPNPP is not requesting a CT extension for XST1 at this time.

3.4 FSAR References Related background in the CPNPP Final Safety Analysis Report (FSAR) (Reference 8.3) is found primarily in section 1A(B) and section 8.

to TXX-09026 Page 6 of 51 10/26/2009 As described above, the proposed change will revise TS 3.8.1, "AC Sources - Operating" to add a note to the CT of Required Action A.3. The note will allow, on a one-time basis, the extension of Required Action A.3 CT from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days for an outage of startup transformer XST2 to complete terminations in the newly installed transfer panels.

Providing the capability for connection of the spare startup transformer to the 1E buses within the current TS CT is an improvement in plant design which eliminates the necessity to shutdown both Units if XST2 fails or requires maintenance that goes beyond the current TS CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

This change will improve the long-term reliability of the 345kV offsite circuit by providing connection to the ESF buses through XST2 or the spare startup transformer.

4.0 TECHNICAL ANAYLYSES The proposed change has been evaluated to determine that current regulations and applicable requirements continue to be met, that adequate defense-in-depth is maintained, and that any increases in core damage frequency (CDF) and large early release frequency (LERF) are small, consistent with the United States Nuclear Regulatory Commission (NRC) Safety Goal Policy Statement (Reference 8.4), and within the acceptance criteria of Regulatory Guide (RG) 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions On Plant-Specific Changes to the Licensing Basis," July 1998, (Reference 8.1) and RG 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," August 1998 (Reference 8.2).

"Conformance with Nuclear Regulatory Commission (NRC) General Design Criteria," (GDC) section 3.1 of the Final Safety Analysis Report (FSAR) (Reference 8.3) provides the basis for concluding that the station fully satisfies and complies with the GDC in Appendix A to 10 CFR Part 50. These proposed changes do not affect the basis for this conclusion and do not affect compliance with the GDC.

Four elements provide the basis for the requested Technical Specifications (TS) change and provide a high degree of assurance of the capability to provide power to the safety related 6.9kV alternating current (AC) Engineered Safety Features (ESF) buses during the one-time, 14-day Completion Time (CT). The four main elements are (1) traditional engineering analyses, (2) an evaluation of the adequacy of the CPNPP PRA and a risk assessment that shows an acceptable increase in risk (Tier 1), (3) avoidance of risk-significant plant configurations (Tier 2), and (4) continued implementation of a Configuration Risk Management Program (CRMP) during the one-time, 14-day extended CT (Tier 3).

4.1 Deterministic Evaluation As described in section 3.1 the safety related buses are normally powered from the preferred offsite source and are automatically transferred to the alternate offsite source on a loss of the preferred source. All Class 1E buses are arranged in such a way that train A buses are electrically and physically isolated from train B buses to satisfy the single failure criteria. Each 6.9kV safety related bus is provided with a dedicated emergency diesel generator (EDG) to automatically supply the bus loads if both the offsite sources to the bus are lost.

Currently TS 5.5.18 "Configuration Risk Management Program" (CRMP) contains provisions requiring a proceduralized risk-informed assessment of offsite power and switchyard conditions to insure switchyard activities and conditions are monitored and controlled during all maintenance activities. CRMP requires assessing the risk impact of to TXX-09026 Page 7 of 51 10/26/2009 out-of-service equipment during all Modes of operation to assure that the plant is being operated within acceptable risk guidelines. In addition to the ongoing CRMP, compensatory and risk reduction measures will be implemented during the XST2 extended CT which will ensure that the 138kV switchyard, ST XST1, and both the EDGs of a Unit remain available to eliminate the risk of losing the remaining offsite power source or an EDG due to maintenance or test activities.

During the one-time, 14-day CT for XST2, only oneoffsite AC source (XST1) and both the EDGs of the Units will remain available. If during the XST2 extended CT, power from the remaining offsite source via XST1 is lost, the redundant EDG of each Unit will provide emergency power for the safety buses. Emergency power to at least one safety bus for each Unit will still be available through an EDG even if the other EDG becomes inoperable due to an assumed single failure.

Per the pre-application meeting between the NRC and Luminant Power on August 25, 2009, as a defense-in-depth feature, a set of temporary power diesel generators (TPDGs) will be installed for each Unit to maintain the capability to provide power for one train of ESF equipment needed for safe shutdown and long term cooling of each Unit during the XST2 extended CT to respond to a beyond design basis event if loss of XST1 occurs and both EDGs of a Unit fail to start and load as designed. If required, due to a loss of offsite power from XST1 coincident with the failure of both Class 1E EDGs of a Unit, the TPDGs will be manually connected to the affected Unit's 6.9kV safety bus in Modes 3, 4, and 5.

Thus, the minimum set of components for one train required to maintain the affected Unit in a safe shutdown condition can be loaded onto the TPDG and operating within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> which meets CPNPP's Station Black Out analysis.

The TPDGs are skid mounted and are designed to be manually connected to a 6.9kV bus.

The sequencing of the required loads on' the TPDGs is also performed manually. The TPDGs consist of one or more diesel generators operating in parallel at 480V, 3 phase, and 60 Hz. The TPDGs set rating is approximately 4200kVA. As part of the TPDG package, a 480V/6900V transformer is provided to connect the TPDGs to the 6.9kV bus.

The transformer may be loaded to 3450kVA. Therefore, the TPDG load limit is approximately 3450kVA. Each generator of a TPDG set has a useable fuel oil tank capacity of 340 gallons and arrangements are made such that a continued fuel supply is ensured.

During the XST2 extended CT required to facilitate the maintenance outage, only one offsite source (XST1) will be available and the current TS would require the shutdown of both Units if XST2 is not restored within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, therefore, a CT extension is requested only for XST2 maintenance. If this requested change is approved, and any other onsite or offsite source or any combination thereof becomes inoperable during the XST2 extended CT, the current TS CTs would apply and both Units shall shutdown accordingly.

Consistent with other similar NRC approved CT extension requests, Luminant Power provides the following list of compensatory measures in addition to the risk reduction measures discussed in section 4.3 to assure safe shutdown and offsite power capability and availability. The summary of regulatory commitments is contained in Attachment 7 to this LAR.

to TXX-09026 Page 8 of 51 10/26/2009 With respect to grid reliability, CPNPP will communicate with Oncor, the transmission service provider, so that transmission work activities that could affect the CPNPP switchyards are limited.

1.

CPNPP's Operations Department will contact the Transmission Operator (Transmission Grid Controller) once per day during the 14-day Completion Time to ensure no problems exist in the transmission lines feeding CPNPP or their associated switchyards that would cause post trip switchyard voltages to exceed TS limits (Attachment 7, Commitment 3792178).

Operating and maintenance procedures will be developed prior to the one-time, 14-day maintenance outage. These procedures should be very similar to the operating and maintenance procedures in existence for XST2 and using the spare ST as an alternate for XST2. This is to ensure the spare ST reliability and operability when the spare ST is providing power to the 1E in place of XST2.

2.

Operatingiand maintenance procedures will be developed and issued for using XST2A as an alternate startup transformer for XST2 (Attachment 7, Commitment 3792190).

Appropriate just-in-time (JIT) training will be provided to Operations personnel on this TS change as well as the compensatory measures and risk reduction measures to be implemented during this one-time, 14-day maintenance outage. The JIT training will include the loss of the operating ST (XST1) to heighten Operations personnel awareness of challenges to the electrical distribution during the maintenance outage. Additionally, Electrical Support and Meter and Relay crews will be trained on the procedures developed and issued for connection of the spare ST as an alternate startup transformer for XST2.

3.

Just-in-time training for affected work groups will be completed prior to the start of the XST2 outage (Attachment 7, Commitment 3792184).

Operations personnel will monitor weather conditions and forecasts and take compensatory measures or risk reduction measures to reduce challenges to plant safety or the electrical distribution system during the maintenance outage.

4.

Local weather conditions and forecasts will be monitored by Operations twice per shift to assess potential impacts on plant conditions (Attachment 7, Commitment 3792197).

Summary of Deterministic Evaluation In summary, CPNPP has a robust design with the desired defense-in-depth design features (i.e., the ability to mitigate design basis accidents when a ST is out-of-service).

Specifically, offsite and onsite power systems are diverse and redundant and meet regulatory requirements of GDC 17. While XST2 is out-of-service during the maintenance outage, XST1 has the capacity and capability to supply the required safety related loads of both Units.

to TXX-09026 Page 9 of 51 10/26/2009 During the one-time, 14-day CT for XST2, compensatory measures will be in place to assure safe shutdown and offsite power capability and availability. One measure, the TPDGs, will provide an alternate power source to one safety related bus in Modes 3, 4, and 5 to maintain the capability for safe shutdown and long term cooling of the Unit. The one-time, 14-day CT will be implemented consistent with the CRMP and other station procedures which require consideration of compensatory and risk reduction measures as discussed above and in section 4.3 below to mitigate the consequences of an accident occurring while XST2 is inoperable.

4.2 Probabilistic Evaluation Tier 1 of the three-tiered approach described in RG 1.177 (Reference 8.2) for evaluating the risk associated with a proposed TS allowed outage time (AOT or Completion Time (CT) as used in the Improved Standard Technical Specifications) requires an evaluation of the effect on plant risk of the proposed change. The Tier 1 portion of the proposed change discusses the adequacy of the CPNPP PRA, the quality and conformity of the PRA model with Regulatory Guide 1.200, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," (Reference 8.5) and provides the detailed description of the risk assessment and affect of the proposed change on core damage frequency (CDF), large early release frequency (LERF),

incremental conditional core damage probability (ICCDP), and incremental conditional large early release probability (ICLERP).

4.2.1 PRA Scope and Quality Requirements The scope and quality requirements and the related documentation required for this submittal are provided in this section. First, the documentation required by section 4.2 of RG 1.200 "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities" (Reference

8. 5) to demonstrate the technical adequacy of the CPNPP PRA is discussed and provided as appropriate. Second, the details of the risk assessment process described in section 3 of the ASME PRA Standard - ASME RA-Sb-2005 (Reference 8.6) are provided. Together these demonstrate the technical adequacy of the CPNPP PRA model to address the risk impact of the proposed license amendment. As noted below, this demonstration is supported by additional details provided in the Appendix of this Attachment.

Licensee Submittal Documentation Section 4.2 of RG 1.200 discusses six documentation items that are to be provided as part of a licensee's submittal. Each of these items is discussed below and the required information is either directly provided or otherwise referenced.

Item 1:

To address the need for the PRA model to represent the as-built, as-operated plant, identification of permanent plant changes (such as design or operational practices) that have an affect on those things modeled in the PRA but which have not been incorporated in the baseline PRA model.

to TXX-09026 Page 10 of 51 10/26/2009 CPNPP Response:

There are no relevant plant changes that have not been incorporated into the CPNPP PRA model. The plant model has been periodically updated to reflect plant changes as described in the Appendix to this Attachment. The current models address the Unit 1 Steam Generator Replacement and the recent Unit 1 and 2 Power Up-rates.

Item 2:

Documentation that the parts of the PRA required to produce the results used in the decision are performed consistently with the standard as endorsed in the appendices of this Regulatory Guide. If a requirement of the standard (as endorsed in the appendix to this guide) has not been met, the licensee is to provide a justification of why it is acceptable that the requirement has not been met. This justification should be in the form of a sensitivity study that demonstrates the accident sequences or contributors significant to the application were not affected (remained the same).

CPNPP Response:

The plant models used to support this license amendment request are developed consistently with the standard - ASME RA-Sb-2005. A self-assessment of the CPNPP PRA models against the requirements of the standard has been completed. The resulting gap analysis shows that there are no gaps that affect the conclusions of the risk assessment supporting the license amendment request. See the Appendix to this Attachment for additional details.

Item 3:

A summary of the risk assessment methodology used to assess the risk of the application, including how the base PRA model was modified to appropriately model the risk impact of the application and results. (Note that this is the same as that required in the application-specific Regulatory Guides.)

CPNPP Response:

The analyses were completed in accordance with the requirements of RG 1.174 "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions On Plant-Specific Changes to the Licensing Basis" (Reference 8.1) and RG 1.177 "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," (Reference 8.2). The details of the risk assessment, how the base model was modified to address the risk impact of the application, and the results of the assessment are provided in section 4.2.2.

to TXX-09026 Page 11 of 51 10/26/2009 Item 4:

Identification of the key assumptions and approximations relevant to the results used in the decision-making process. Also, include the peer reviewers' assessment of those assumptions. These assessments provide information to the NRC staff in their determination of whether the use of these assumptions and approximations is appropriate for the application, or whether sensitivity studies performed to support the decision are appropriate.

CPNPP Response:

Key assumptions are that systems modeling, data analysis, human actions, station blackout (SBO) modeling, and loss of offsite power (LOOP) recovery are adequately developed in the CPNPP PRA model to address the risk implications of this license amendment request. These features of the model have been peer reviewed, both initially and in focused reviews, and there are no outstanding/unresolved issues from these reviews. However, in support of this license amendment request, certain sensitivity studies were performed to address modeling, data and human action uncertainties.

These sensitivity studies are discussed in section 4.3.

Item 5:

A discussion of the resolution of the peer review or self-assessment findings and observations that are applicable to the parts of the PRA required for the application. This may take the following forms:

a discussion of how the PRA model has been changed a justification in the form of a sensitivity study that demonstrates the accident sequences or contributors significant to the application were not affected (remained the same) by the particular issue.

CPNPP Response:

There are no outstanding A&B findings and observations from the peer review. There are outstanding items related to the RG 1.200 self-assessment. Most of the gaps identified are documentation. There are some gaps, in particular Flood and Containment Performance, where the methodology is older and conservative and should be updated. These gaps were evaluated and determined to have no significant affect on the conclusions of the risk assessment to support this license amendment request.

Certain gaps were also identified in the area of uncertainty analyses for various requirements. To address these uncertainties, sensitivity studies were performed to support this amendment request. These sensitivity studies are discussed in section 4.3.

to TXX-09026 Page 12 of 51 10/26/2009 Item 6:

The standards or peer review process documents may recognize different capability categories or grades that are related to level of detail, degree of plant specificity, and degree of realism. The licensee's documentation is to identify the use of the parts of the PRA that conform to capability categories or grades lower than deemed required for the given application (section 3 of ASME RA-Sb-2005),

to determine whether they lead to limitations on the implementation of the licensing change.

CPNPP Response:

This application can be adequately addressed with a Capability Category 2 PRA model. The CPNPP model generally meets this capability. [The bases for the determinations of the required Capability Category are provided immediately below where the stages of section 3 of ASME RA-Sb-2005 are addressed fully.]

Where there are limitations in the model with gaps that do not meet this capability, the gaps were evaluated and determined to have no significant affect on the conclusions of the risk assessment supporting this license amendment request. [See the Appendix to this Attachment for additional details.]

Risk Assessment Application Process - Section 3 of ASME RA-Sb-2005 The purpose of this section is to determine the required Capability Category and to demonstrate the capability of the CPNPP PRA to support this license amendment request. For ease of presentation, each of the stages and the associated sub parts are addressed separately below.

Stage A: Identification of Application (a)

This application requests an extension of the CT for the startup transformer XST2. This is a one-time event which increases the CT from the current 3 days to 14 days. This will affect both Units. XST2 is the preferred startup transformer (preferred source for the 6.9kV power to the safety related busses) for Unit 1 and the alternate startup transformer for Unit 2.

(b)

The structures, systems, and components (SSC) directly affected by this application is the startup transformer; specifically it increases the XST2 unavailability for the duration of the CT to 14 days. This application directly affects the electric power system reliability by removing redundancy and diversity of power to the 6.9kV safety related buses. It indirectly increases the importance of the remaining startup transformer and the emergency diesel generators to assure continuity of power given various events. In the event of a loss of the operating startup transformer, power to these buses could be provided only by the EDGs.

The proposed change increases the core damage frequency as a result of this unavailability. Therefore, the metrics applicable to this request are those specified in RG 1.174 and RG 1.177, namely delta CDF and ICCDP respectively, for each Unit.

to TXX-09026 Page 13 of 51 10/26/2009 Stage A: Determination of Capability Categories (a,b)

The role of the PRA in the application and the extent of reliance of the decisions on the PRA results are significant. The decision will be made in large part on the basis of the risk metrics from RG 1.174 and 1.177.

Though it is expected that the changes in CDF and ICCDP will be small, they may approach the internal events guideline values. For these reasons, the systems analysis, data analysis, LOOP initiators and associated EDGs/SBO modeling and LOOP recovery, and quantification should meet Capability Category II.

(c)

The internal events model Level I is sufficient to evaluate the impacts.

LERF has been shown to be a small contributor based on qualitative evaluations; nevertheless, LERF metrics will also be calculated. Similarly, Flooding is not expected to be a significant contributor; nevertheless it was included in the considerations of this evaluation. Further, it is concluded that Capability Category I for Flood and LERF is adequate for this application.

It should also be noted that because of the vulnerability of the electric power system to loss of the single remaining startup transformer and the complications this poses to recovery of power, Fire and other external events such as High Winds and Tornado are also considered in this evaluation.

(d)

Sensitivity studies were done (see section 4.3) to address uncertainties to determine if there are vulnerabilities that were not adequately addressed.

These sensitivities were determined to be 1) Reliability of components important to the risk contributions of the CT extension, 2) LOOP recovery values, 3) Recovery of important components, 4) LOOP Weather-and Plant-Centered frequencies, 5) Tornado F1 and F2 non-recovery probability, and 6) Deferred maintenance.

To address these uncertainties, it was also determined that it is important to assure that risk management/risk reduction measures are in place to minimize challenges to the plant while in this configuration.

(e)

There is high confidence in the results from these evaluations. The model has been frequently used to assess configuration risk and results have been carefully reviewed to determine if there are model issues.

(f)

The requested change has a one-time plant impact to effect a design modification. The unavailability of the startup transformer is anticipated in the design basis for the plant and in the plant licensing basis. The end result of the design modification will be a spare startup transformer that can be placed into service within the current 3-day CT.

to TXX-09026 Page 14 of 51 10/26/2009 Stage B: Assessment of PRA for Necessary Scope, Results, and Models The internal events model Level I is sufficient to evaluate the affects of the requested changes. No changes of significance were required to the PRA model except as identified immediately below.

The PRA explicitly models the startup transformers, AC and DC power systems, onsite emergency AC power (diesel generators) and the 138kV and 345kV switchyards. The model uses a combination LOOP initiating event fault tree for plant-centered events and point estimates for weather-centered, grid-centered and grid-centered-blackout events. The plant-centered fault tree explicitly calculates the LOOP initiating event frequency based on startup transformer and switchyard equipment in-service and a point estimate of plant-centered events.

The current model assumes in its plant-centered LOOP initiating event fault tree, that the loss of the aligned transformer is the preferred transformer. To support this license amendment request, the current model of record was revised to reflect the planned extended configuration, that is, Unit 1 will be aligned to its alternate offsite power source (XST1). The model was revised to allow for the initiating event fault tree to consider either the preferred or alternate transformer as the normally aligned transformer.

LERF has been shown to be a small contributor based on qualitative evaluations; nevertheless, LERF metrics were also calculated. Similarly, Flooding is not expected to be a significant contributor; nevertheless it was also included.

Further, it is concluded' that Capability Category I for Flood and LERF is adequate for this application.

Because of the vulnerability of the electric power system to the loss of the single

,remaining startup transformer and the complications this poses to recovery of power, Fire and other external events such as High Winds and Tornado were also considered in this evaluation. These assessments use the damage footprints identified in the analyses of record (IPEEE) and use the current model of record to assess those impacts on the metrics.

All parts of the CPNPP PRA internal events model important to this application have been peer reviewed and the findings and observations of significance have been addressed, either by further evaluation or by model changes.

Stage C: Determination of the Standard's Scope and Level of Detail The Standard scope (as currently endorsed by RG 1.200) is for internal events.

There is no identified lack of specific requirements in the Standard for addressing the requested change from the internal events perspective. The scope and level of detail in the Standard are adequate to address the internal events model requirements for the requested change.

As noted above, there are vulnerabilities associated with Fire and Tornado that are not included in the scope of the RG 1.200 Revision 1 endorsed Standard.

However, RG 1.200 has a discussion of the technical requirements of the internal Fire and other external hazards which the current IPEEE analyses generally meet.

As noted above, Fire and Tornado were evaluated for this application. The I

Attachment I to TXX-09026 Page 15 of 51 10/26/2009 quantitative assessments were based on evaluation of the damage footprints using the current model of record. Qualitative assessments, supported by walkdowns and risk management actions, supplement the quantitative evaluations. Luminant Power believes that this provides a robust evaluation of these vulnerabilities.

Stage D: Comparison of the PRA Model to the Standard The model satisfies the Capability Category II (i.e., CC II) requirements for this application. There is high confidence that the PRA Model Scope and Quality are adequate to address the risk aspects of the requested change. This conclusion is based on the results of the WOG peer review, various focused self-assessments and focused peer reviews, and on the MSPI review. See the Appendix to this Attachment for additional details of these reviews.

A self-assessment comparing the CPNPP PRA model to RG 1.200 - including NRC memorandum and clarifications to Revision 1 - was completed with the following results:

The CPNPP PRA Model generally meets at least Capability Category II for most of the supporting elements.

Most of the gaps could be eliminated by more detailed documentation or programmatic guidance.

Gaps in modeling detail or capability were generally confined to the Internal Flooding and Large Early Release Frequency elements. The modeling gaps are generally due to the age and associated conservatism of the model, or that some elements of the Standard were beyond the scope of the original analysis.

The evaluation of gaps identified in the RG 1.200 self-assessment shows there are none that adversely affect the risk analysis of the requested change. The pertinent ASME Supporting Requirements are met at Capability Category II or higher.

Stage E: Use of Supplementary Analyses/Requirements As noted above, there are vulnerabilities associated with Fire and Tornado that are not included in the scope of the RG 1.200 Revision 1 endorsed Standard.

However, both Fire and Tornado were evaluated for this application.

Quantitative assessments are based on evaluation of the damage footprints using the current model of record. Qualitative assessments, supported by walkdowns and risk management actions, supplement the quantitative evaluations.

Luminant Power believes that this provides a robust evaluation of these vulnerabilities.

Adequacy of the CPNPP PRA Summary The above evaluations show that the CPNPP PRA model is of sufficient scope and quality to adequately address the salient risk aspects of the extended XST2 CT. The various reviews and self-assessments of the model provide a high level of confidence that the plant events, plant systems, and plant data analyses are appropriately modeled to properly address the consequences of various event initiators with startup transformer XST2 out-of-service.

to TXX-09026 Page 16 of 51 10/26/2009 In addition, the gap analysis RG 1.200 self-assessment shows that there are no gaps that would limit the capability of the model to address the implications of the requested change.

4.2.2 Risk Assessment The details of the risk-assessment are presented in this section. The scope of this assessment is broad and includes all hazard groups and plant operational states essential to the one-time, 14-day CT extension.

Scope of Risk-Assessment The scope of the risk-assessment includes Internal events, Flood events, Fire events, Seismic events, Tornado events, and other External events. These are addressed either by a qualitative assessment, a quantitative assessment, or a combination of the two in sufficient detail to support an overall conclusion that the risk of the proposed CT is acceptably low. The quantitative assessments address CDF, delta CDF, ICCDP, LERF, delta LERF, and ICLERP. The results were compared to the acceptance criteria defined in RGs 1.174 and 1.177.

As discussed in the sections that follow, only Internal events and Fire events required a quantitative assessment. All other areas are addressed principally by qualitative assessments which show that they are not significant contributors to the overall risk of this license amendment request.

Certain facts and assumptions supporting this assessment are listed below:

All startup transformers are located inside of the protected area and not in the switchyard.

0 Each of the transformers, XST1 and XST2, are different in design/manufacture; therefore, they are not subject to common cause failures.

Baseline Internal and External events models use the at-power test and maintenance model.

0 The CPNPP PRA model does not allow recovery of a faulted or out-of-service (OOS) startup transformer.

Failure modes for important components and their associated failure rates are as follows:

Diesel Generator Fail to Start 9.60E-03/demand Fails After 1st Hour 1.51E-03/hr Turbine Driven Auxiliary Feedwater Pump Fail to Start 6.47E-03/demand Fail to Run 6.44E-04/hr Transformer Fail to Operate 1.43E-06/hr Assessment of Internal Events The Internal events analysis utilized the current CPNPP At-power (Mode 1) PRA Model of Record, Revision 3D. As noted above, the analyses were done using the test and maintenance model.

to TXX-09026 Page 17 of 51 10/26/2009 A minor adjustment to the base test and maintenance model was made to address the alignment of the startup transformers. The PRA explicitly models the startup transformers, AC and DC power systems, onsite emergency AC power (EDGs) and the 138kV and 345kV switchyards. The model uses a combination LOOP Initiating event fault tree for plant-centered events and point estimates for weather-centered, grid-centered and grid-centered-blackout events. The plant-centered fault tree explicitly calculates the LOOP Initiating event frequency based on startup transformer and switchyard equipment in-service and a point estimate of plant-centered events. The current model assumes in its plant-centered LOOP initiating event fault tree that the loss of the aligned transformer is the preferred transformer. To support this request, the current model of record was revised to reflect the planned extended configuration, that is, Unit 1 will be aligned to its alternate offsite power source (XST1). The model was revised to allow for the initiating event fault tree to consider either the preferred or alternate transformer as the normally aligned transformer.

To facilitate the analysis of the extended CT, the base PRA model was re-quantified with the XST2 transformer OOS and then compared to the base case frequencies. At CPNPP, when test or maintenance activities occur on the XST2 transformer, no routine or elective work is performed on the TDAFW pumps, the EDGs, or the XST1 transformer. This condition is reflected in the base PRA model. Thus, no other assumptions or adjustments to the model were necessary for the assessment.

The yearly frequencies for the base case and for the XST2 OOS case for CDF and LERF are shown in Table 2. These yearly frequencies are based on remaining in the plant configuration for an entire reactor year.

Table 2:

Risk Assessment Input Values Unit Input Parameters Frequency (Per Year)

CDFBase 9.93E-06 Unit 1 CDFXST2 1.71E-05 LERFBase 5.04E-07 LERFxsT2 6.67E-07 CDFBase 9.68E-06 Unit 2 CDFXsT2 1.63E-05 LERFBase 6.21E-07 LERFxsT2 7.54E-07 NOTE:

The values presented have been rounded.

The equations for determining CDFNew, ACDF, ICCDP, LERFNew, ALERF, and ICLERP are shown below.

(Eq. 01)

CDFNEw=

7 7cTj

Bae))

(Eq. 02)

ACDF = CDFNew - CDFBs,,

to TXX-09026 Page 18 of 51 10/26/2009 (Eq. 03)

ICCDP = (CDFx - CDFBase)

  • CT New Where:

CDFBase = baseline annual CDF for the at power (Mode 1) internal events.

CDFx

= annual CDF for the specific CT case.

TCT

= total days the XST2 transformer is to be OOS for this CT extension LAR, 14 days.

Tyear

= time equivalent to one reactor year or 365 days of full power operation.

CTNew \\ = time in years, 3.84E-02 years, the XST2 transformer is to be OOS for this LAR (14 days).

Equation 1 (Eq. 1) is used to create a weighted annual CDF for the baseline and XST2 00S conditions, with the weight being the fraction of time each condition is to exist. The resulting CDFNew from Eq. 1 is then compared to the Baseline CDF to calculate the change in CDF (ACDF) in Eq. 2, in accordance with RG1.174. The ICCDP in Eq. 3 is calculated in accordance with RG 1.177. It should be noted that the base and specific configurations for the plant, while in the extended CT, are the same in both equations 1 and 3, and thus the ACDF is equal to the ICCDP.

The results of these calculations are shown in Table 3.

Table 3:

Risk Assessment Output Values Unit Output Parameters Value Frequency CDF NEWxsT2 1.02E-05 Per Year ACDFXST2 2.75E-07 Per Year Unit 1ICCDPXsT2 2.75E-07 Dimensionless LERFNEWXST2 5.10E-07 Per Year ALERFXsT2 6.25E-09 Per Year ICLERPxsT 2 6.25E-09 Dimensionless CDFNEWXsT2 9.93E-06 Per Year ACDFxsT2 2.54E-07 Per Year Unit 2 ICCDPxsT2 2.54E-07 Dimensionless LERF NEWXsT2 6.26E-07 Per Year ALERFXST 2 5.10E-09 Per Year ICLERPxsT2 5.10E-09 Dimensionless NOTE:

The values presented have been rounded.

The results of the internal events analyses, for both Units, are shown in Table 3.

The resulting delta CDF/ delta LERF and ICCDP/ICLERP are all less than the corresponding risk significance guideline values defined in RG 1.174 (Reference 8.1) and RG 1.177 (Reference 8.2). Further, these results show the relative insignificance of large, early release in this analysis. As a whole, these results show that with risk associated with the extended CT for most internal events is very small. Further, even in the case of a LOOP, given the diversity of electric power supply (i.e., the EDGs) and the likelihood of recovery of offsite power, the extended CT presents a very small increase in risk.

to TXX-09026 Page 19 of 51 10/26/2009 Assessment of Fire Events The fire analysis for the extended CT used the methodology employed by the CPNPP IPEEE Fire Evaluation (Reference 8.8). The fire frequencies and fire suppression system un-availabilities were taken from the IPEEE based on the industry guidance developed by the Electric Power Research Institute Fire Risk Implementation Guide (Reference 8.9).

The analysis was supported by walkdowns of the power cabling from each of the startup transformers to the safety related 6.9kV buses (lEA1, lEA2, 2EA1, and 2EA2) to identify potential fire scenarios. The control cable routings for each of the startup transformers were identified and walked down. Both sets of cabling were also examined for potential fire impacts. Additionally, fire in the remaining plant startup transformer was re-examined.

Fire Scenario - Fire Zone Analysis Based upon the walkdowns, certain fire zones (rooms) were excluded from the analysis. For example, fire zones were excluded where both transformers cables existed in the same zones and are impacted by the same fire scenarios or where the fire baseline assessment presumed only a Hot Gas Layer (HGL) scenario.

These fire zones were removed from further consideration because a fire in one of these zones was presumed to result in the loss of the cabling from both transformers and therefore, a loss of both transformers. Thus, consequences of the fire in these zones are not affected by whether or not a transformer is OOS since both are equally affected.

For most of the zone analysis, a mirror image was seen between Unit 1 and Unit 2, the two transformers' cabling, and their fire scenarios. However, based on the detailed analyses and plant walkdowns, fire zones SB8 and SD9 required individual examinations for each Unit using the walkdown results. In zones SB8 and SD9, there was a noted difference between the two transformer cable routings to the 6.9kV safety buses. The XST2 cabling in both SB8 and SD9 can be removed from the re-analysis because transformer XST2 is already out-of-service.

This leaves only one fire scenario for SB8 that needs to be quantitatively analyzed, that is the Unit 1 fire source FSN2-082 (electrical cabinet/control panel) as it is directly below the XST1 to lEA1 power cabling. This scenario (SB8) does not exist in Unit 2 based on plant layout/cable location. For fire zone SD9, the Unit 2 sources FSN4-083 (transformer) and FSN7-083 (motor-control center (MCC)) lie directly below the XST1 cabling to the 2EA1/2 buses and must be quantitatively analyzed. The scenarios for SD9 are not applicable to Unit 1 based on plant layout/cable location. Thus, for the three scenarios identified above, given the differences between the Units with respect to cable routing and plant equipment location, scenario FSN2-082 is associated only to Unit 1 and FSN4-083 and FSN7-083 are associated only to Unit 2.

For these scenarios, it should be noted that XST1 power cables are routed inside of a shielded conduit at a location significantly above the fire source. Intervening combustibles (i.e., cable trays) are located between the fire sources and power cables and therefore some time would be required to ignite these trays before the fire caused damage to the power cables. For these cases, fire propagation (plume to TXX-09026 Page 20 of 51 10/2612009 analysis) was not re-performed and the XST1 cables were assumed to be damaged. For the quantitative analysis, each of the fire scenarios were re-analyzed using the Fire IPEEE impact analysis and re-quantified using the current model of record (3D). The fire scenarios were then quantified again with XST2 OS, and the results of both quantifications, for CDF yearly values, are presented in Table 4.

Table 4:

CDF Results for Fire Scenarios Frequency (Per Year)

Input Parameters Unit 1 Unit 2 FSN2 082 FSN4_083 FSN7_083 CDFFSNXBase 4.49E-08 1.60E-06 1.31E-07 CDFFSNXXST2 3.09E-06 1.21E-05 7.79E-06 NOTE:

The values presented have been rounded.

Utilizing the annual CDF results presented in Table 4 and the inputs described below, the new annual CDF for each of the scenarios was calculated using Equation 04, the ACDF was calculated using Equation 05, and the ICCDP was calculated using Equation 06 below.

CDFNEW =(-

TCT -

  • CDF

_FSN(X)XST 2_OOS+

(Eq. 04)1

-(

T D

S M

Bs (Eq. 05)

ACDF = CDFNew - CDF _ FSN(X)Bas ICCDP = ( CDF - FSN(X)XST 2 _ooS-CDF_ FSN(X) Baw)

  • CT New Where:

CDFFSN(X)Bae

= baseline annual CDF for the individual fire scenario.

CDFFSN(X)xsT2_oos

= annual CDF for the fire scenario with XST2 OOS.

TCT

= total days the XST2 transformer is to be OOS for this CT extension LAR, 14 days.

Tyear

= time equivalent to one reactor year or 365 days of full power operation.

CTNe*w time in years, 3.84E-02 years, the XST2 transformer is to be OOS for this LAR.

to TXX-09026 Page 21 of 51 10/26/2009 Eq. 4 is used to create a weighted annual CDF for the fire scenario baseline and XST2 00S conditions, with the weight being the fraction of time each condition exists. The resulting CDFNeW from Eq. 4 is then compared to the Baseline Fire Scenario CDF in Eq. 5 to calculate the change in CDF (ACDF), in accordance with RG1.174 (Reference 8.1). Eq. 6 is used to calculate the ICCDP in accordance with RG 1.177 (Reference 8.2). Since the base and specific configurations are the same in Eq. 04 and Eq. 06, the ACDF (Eq. 05) and ICCDP (Eq. 06) are numerically equal. The results of these calculations are presented in Table 5.

Table 5:

ACDF and ICCDP Results for Fire Scenarios Unit I Unit 2 Output Parameters FSN2082 FSN4 083 FSN7083 Frequency CDFNEW FSNXXST2 1 1.62E-07 2.01E-06 4.25E-07 Per Year ACDF NEW FSNXxsT21 1.17E-07 4.02E-07 2.94E-07 Per Year FSNXICCIDPxsT2 I1.17E-07 I4.02E-07 I2.94E-07 IDimensionless NOTE:

The values presented have been rounded.

Fire in Startup Transformer XST1 If a fire were to occur in the XST1 transformer with XST2 OS, the plant would experience a LOOP since both transformers would be unable to supply power.

This scenario was not part of the original fire analysis.

For the quantitative analysis of a fire in XST1, the baseline transformer fire was re-analyzed using the current model of record (3D). The XST1 fire was then quantified again with XST2 OOS, and the results of both, for CDF yearly values, are presented in Table 6.

Table 6:

CDF Results for Fire in XST1 IuP t Frequency (Per Year)

Input ParametersUnt1ni2 0

Unit I Unit 2 CDFFire XST1Base*

8.22E-09 2.16E-07 CDFFireXST1xsT2 2.61E-06 2.61E-06 NOTE:

The values presented have been rounded.

  • The difference between the Units in the base case reflects the role of XST1 as the preferred source (Unit 2) or the alternate source (Unit 1) in normal conditions.

Utilizing the annual CDF results in Table 6 and the inputs described above, the new annual CDF for each of the scenarios can be calculated using Eq. 04, the ACDF is calculated using Eq. 05, and the ICCDP is calculated using Eq. 06 above.

The results presented are in Table 7.

Table 7:

ACDF and ICCDP Results for Fire in XST1 Output Parameters Unit 1 Unit 2 Frequency CDFNEWFireXSTlxsT2 1.08E-07 3.08E-07 Per Year ACDFNEW Fire XST1xsT2 1.00E-07 9.17E-08 Per Year FireXST1_ICCDPxsT2 1.OOE-07 9.17E-08 Dimensionless NOTE:

The values presented have been rounded.

to TXX-09026 Page 22 of 51 10/26/2009 Results and Insights of Assessment of Fire Events Examining the fire results top cutsets reveals LOOPs and SBOs that lead to induced reactor coolant pump (RCP) seal loss of coolant accidents (LOCAs). This is seen due to the loss of XST1 in the fire when XST2 is already OOS, thus rendering both offsite power sources inoperable and causing a reliance on onsite power. Specifically, this causes an increased reliance on the EDGs for onsite power in the event of a LOOP, the TDAFW pumps in the event of SBO for secondary heat removal, and on the SSW pumps to provide cooling when the EDGs start.

When the fire results are combined, there is one affected fire scenario from Table 5 and the XST1 fire scenario above for Unit 1 ACDF and ICCDP (Table 7).

Similarly, for Unit 2, there are two fire scenarios from Table 5 and the XST1 fire scenario above (Table 7) that affect the Unit 2 ACDF and ICCDP values. Table 8 shows the total results for Units 1 and 2.

Table 8:

Unit 1 and Unit 2 Total Fire Results Fire Risk Measures Per Fire Acceptance Below Acceptance Unit Values Guideline Guideline AUlFireCDFTotal 2.17E-07

< 1.OOE-06 Yes Ul Fire ICCDP Total 2.17E-07

< 5.OOE-07 Yes AU2_FireCDFTotal 7.88E-07

< 1.OOE-06 Yes U2_FireICCDPTotal 7.88E-07

< 5.OOE-07 No NOTE:

The values presented have been rounded.

The results summarized in Table 8 show the affect of the increased CT for the XST2 transformer on Unit 1 and Unit 2 CDF and ICCDP due to fire. The variation between the Unit 1 and Unit 2 risk metrics are due to the differences in physical plant layout, i.e., the transformer cable routings. These results are as expected for these fire scenarios based upon the importance of the offsite power sources. The quantitative results of the fire re-analysis when compared to the acceptance criteria in RG 1.174 demonstrate the acceptability of the extended XST2 CT for this fire analysis.

However, with respect to the ICCDPs in Table 8, the fire ICCDP for Unit 2 is seen to be slightly above the threshold of the RG 1.177 criteria (by approximately 2.88E-07). This is a small increase over the acceptance value for ICCDP. To address this condition a further qualitative analysis is provided which includes a assessment of risk reduction measures that will be implemented to minimize the risks associated with these fires.

Qualitative Assessment of Fire Events Risk Reduction Measures Based upon the plant/Unit walkdowns, each scenario was evaluated for potentially effective risk reduction measures. It was determined that several such measures could be employed which are presented below. These were then evaluated in the qualitative assessment to show their effectiveness in reducing risk from this very small impact.

to TXX-09026 Page 23 of 51 10/26/2009 The following risk reduction measures were determined to be effective for the various scenarios and will be implemented for the duration of the requested extended XST2 CT:

All work along the power and control cabling routes for the in-service transformer (XST1) will be suspended, A roving hourly fire watch along the power and control cabling routes for the in-service transformer (XST1) will be conducted, All four Class 1E EDGs will be tested prior to entering the requested extended XST2 CT, and Temporary power diesel generators (TPDGs) (previously discussed in the deterministic evaluation in section 4.1). will be provided onsite for each Unit.

For the fire scenarios where XST1 cable damage is of concern, the fire ignition sources must ignite intervening cable trays in order to damage the shielded power cabling associated with XST1. There exists a large gap of several feet between the intervening cable trays and the XST1 power cables. Suspension of work activities in the vicinity and an hourly roving fire watch provide assurance of early detection such that manual fire suppression actions will occur in a timely manner and prevent damage to the XST1 cabling.

In the event of a fire that damages the in-service transformer (XST1), the plant's four EDGs will act as the primary source of onsite power. Testing of the DGs prior to entering the extended CT provides assurance that the DGs will be available to perform their safety function when called upon to mitigate a LOOP.

In the event of a failure of both EDGs to start or load, the TPDGs will provide an alternate source of power to one safety bus for each Unit (lEA1 or lEA2 and 2EA1 or 2EA2), thus ensuring the availability of equipment needed to maintain safe shutdown and long term cooling of the Unit.

Given these risk reduction measures, if credit were taken for preventing damage to the shielded power cabling associated with XST1 due to early detection and suppression, the threshold criteria for ICCDP in RG 1.177 would likely be met.

These risk reduction measures provide added assurance that the Fire risk is acceptable for the duration of the extended CT.

Overall Conclusions with Respect to Fire Events Based upon the results of the Fire analysis, the affect on plant risk due to a fire while startup transformer XST2 is 0OS for up to 14 days is small. This is illustrated by the relatively small increase in ACDF and ICCDP for each of the analyzed fire scenarios. Although the Unit 2 ICCDP value is slightly above the threshold in RG 1.177, it is unlikely that the XST1 power cabling would be damaged if a fire were to occur due to intervening combustibles, the location of the XST1 power cabling, and the shielding of the XST1 power cabling.

Additionally, various risk reduction measures will be implemented. These risk reduction measures will reduce the likelihood of potential fires that would impact XST1 cabling or mitigate the consequences if a fire were to occur. Further, if these risk reduction measures were capable of quantification, it is likely that the Unit 2 ICCDP would be below the regulatory threshold set forth in RG 1.177.

to TXX-09026 Page 24 of 51 10/26/2009 Therefore, based upon this analysis and the proposed risk reduction measures, the affect on the plant fire risk of extending the CT from 3 to 14 days for startup transformer XST2 is minimal.

Assessment of High Wind/Tornado Events The High Wind/Tornado assessment for the requested CT extension is based on the CPNPP IPEEE (Reference 8.7). For the IPEEE analysis, the Fujita scale (e.g., FO to F5) was used for rating tornado intensity, based on the damage tornadoes cause to structures. The CPNPP design basis, from Reference 8.3, for High Wind/Tornado is the following:

Seismic Category I structures are designed for 300 mile-per-hour (mph) winds (F5),

The Turbine Building is designed for industrial standards of 150 mph winds (F3),

0 The switchyard is designed for 80 mph winds (F1), and Winds below 80 mph (F0) are within the design basis of plant equipment.

The assessment of High Wind/Tornado events for the requested CT extension considers two scenarios: 1) the High Wind/Tornado event occurs on the plant site (protected area/switchyard) and 2) the High Wind/Tornado event takes place offsite and affects offsite power lines.

In the first scenario a highly unpredictable, erratic, and destructive high Wind/Tornado event is assumed to occur on the plant site (switchyard/protected area). The CPNPP IPEEE Tornado Risk Assessment (Reference 8.7) assumes that all Tornado strikes/High Wind events with wind speeds in excess of 80 mph (F1 and higher) result in a LOOP. This assumption is based on the design for the switchyard, as stated above, such that a F1 tornado will result in damage significant enough to render it inoperable.

At CPNPP, the plant physical layout is such that the protected area is in close proximity to the switchyard. Both of the startup transformers are physically located in the protected area on the west and south sides, close to the switchyards. Given the unpredictability of a High Wind/Tornado event, the damage incurred by the event may render the switchyards and both transformers inoperable. Therefore, having XST2 00S for maintenance when the High Wind/Tornado event occurs does not directly affect the analysis of the High Wind/Tornado event.

Additionally, for tornadoes F3 and greater, the capability to recover offsite power is assumed to be lost since the cable trays for XST1 and XST2 are both routed through the Turbine Building which is assumed to be damaged. Therefore, the requested CT extension results in a risk equivalent to the CPNPP IPEEE Tornado Risk Assessment whether both, or only one, startup transformer (XST1 and XST2) is in-service at the time of the High Wind/Tornado event.

In the second scenario, a High Wind/Tornado event affecting the offsite power lines occurs outside of the protected area/switchyard. For this scenario, the offsite power lines are assumed to be of the same robustness as the switchyard and therefore, would also be rendered inoperable in any High Wind/Tornado to TXX-09026 Page 25 of 51 10/26/2009 condition greater than or equal to a F1. As this event is assumed to occur offsite, it does not directly affect either of the startup transformers or the CPNPP switchyard through direct wind effects or generated missiles. However, the event will cause a LOOP due to the unavailability of the incoming (offsite) power feeds.

Therefore, regardless of whether both, or only one, ST is in-service, a situation similar to the first scenario exists in wvhich offsite power has been lost, in this case due to damaged offsite power lines rather than onsite systems, structures, or components, and the recovery of offsite power is dependent upon the ability to repair offsite power lines and not plant equipment. However, in this scenario, with XST2 already OOS, the only available recovery path is via the remaining available startup transformer, XST1, through the 138kV switchyard.

Since the baseline calculations for F1 and F2 tornadoes apply weather-centered recoveries focusing on the switchyard, a sensitivity study based on no weather-centered recovery when a transformer is OOS was completed. The sensitivity study is discussed in section 4.3 and addresses the potential recovery of the switchyard after a F1 or F2 tornado with one surviving transformer. Since the single switchyard recovery is similar to the loss of a single transformer when both startup transformers are available, the sensitivity study results are relevant to both scenarios.

Results and Insights of Assessment of High Wind/Tornado Events Based on the evaluation above, it is concluded that the plant risk due to High Wind/Tornado events with XST2 OOS is equivalent to the risk with both transformers available. This is true because a High Wind/Tornado event occurring on the plant site is assumed to render the switchyard and both startup transformers inoperable and, for events occurring offsite, the offsite power lines supplying the switchyard and any available startup transformers are assumed to be rendered inoperable. Therefore, there is little or no affect on plant risk regardless of how many startup transformers are, or are not, available at the time of the event.

The sensitivity study discussed in section 4.3 shows that, even if offsite power is unrecoverable due to the single transformer configuration, the risk increase for the requested extended CT is not significant. However, in order to minimize the likelihood of High Wind or Tornado events occurring while utilizing the extended CT, Luminant Power will utilize weather data from National Oceanic and Atmospheric Administration (NOAA) to select an appropriate time-of-year, based upon historical low frequencies of weather events, to complete the modification to XST2.

Assessment of Internal Flood Events The effect on internal flooding risk of transformer XST2 being OOS for the duration the extended CT was evaluated through plant walkdowns and comparisons to the CPNPP Internal Flooding Analysis, Revision 3 (Reference 8.10).

to TXX-09026 Page 26 of 51 10/26/2009 During the walkdowns of each Unit, it was observed that, with two exceptions, the XST1 and XST2 power cabling are generally routed in cable trays and junction boxes that are positioned at a height above the floor level where they would not be affected by Flooding events. The exceptions are the Units 1/2 832' Electrical Equipment rooms and the Units 1/2 Train B Switchgear rooms.

Cabling in these rooms is routed through the floor. However, since it does not go through a junction box, it would not be affected by a Flood event. The only location where a flood could potentially affect the power cabling is in the Switchgear rooms at the safety related buses. However, flooding affecting the buses will result in a loss of the switchgear and consequently negate the need for power from either transformer. Since this flooding scenario is already accounted for in the base flood model, there is no increase in risk due to Flooding events affecting the power cables.

For the control cabling, a similar situation was seen to be true. All of the control cables are generally routed in conduit, cable trays, and junction boxes located at a height well above the floor. The only exceptions are the Ul Train C Uninterruptible Power Supplies (UPS) and Distribution room, the Unit 1 Cable Spread room, and the Units 1/2 Control room. As with the power cabling, the control cabling in these areas is routed through the floor in conduit and would not be affected by flooding in these rooms unless the cabinets themselves were also affected. In addition, the control cabling for XST1 and XST2 are run together through floor routings. Therefore, any flooding in these areas would affect both transformers and, therefore, would result in no changes to the conclusions of the CPNPP Internal Flooding analysis.

To verify this qualitative analysis; the CPNPP Internal Flood analysis was requantified using the current model of record (3D) files both with XST2 0OS and in-service. The results from the Unit 1 quantitative analyses showed no change in the quantified values with the transformer OOS or in-service.

Therefore, based upon this analysis, the requested extended CT has no affect on the plant Internal Flooding risk.

Assessment of Seismic Events CPNPP is located in a region of low seismicity and is classified per NUREG-1407 (Reference 8.11) as a reduced scope plant. The CPNPP IPEEE Seismic analysis (Reference 8.12) was used as the basis for the evaluation of the effect of the requested extended CT on plant risk due to Seismic events. As a reduced scope plant, the IPEEE Seismic analysis uses a margin approach that assumes a LOOP and a Very Small Break LOCA as a result of a Seismic event.

Since neither the startup transformers nor the switchyards are category I seismic structures, they are assumed to be damaged in the Seismic event. In this case, XST2 being OOS for maintenance at the time of the event has no affect on the consequences of a Seismic event. However, assuming that one startup transformer could survive the event, the post-event recovery actions would be affected by the ability to recover power to the available transformer's switchyard.

Since the frequency of a seismic event is very small compared to a normal LOOP and the duration of the planned XST2 maintenance is also very small, the requested one-time extension of the CT for XST2 has no significant effect on plant risk due to Seismic events.

to TXX-09026 Page 27 of 51 1012612009 However, in order to minimize the effect on plant risk due to Seismic events, Luminant Power will complete a walkdown of all four (4) emergency diesel generators and both turbine driven auxiliary feedwater pumps to identify any obvious mounting or seismic interaction issues, such as loose parts or missing hardware, prior to entering the requested extended CT to complete the modification to XST2.

Based upon the above analysis and the selected risk reduction measure, it is concluded that the requested extended CT for XST2 has no significant effect on plant risk due to a Seismic event.

Assessment of Shutdown and Transition Risk The requested one-time, 14-day CT will be used to permit the continuous operation of CPNPP Units 1 and 2 while XST2 is out-of-service to complete installation of a plant modification. If the modification can be completed while both Units remain at power, any plant risk due to transition and shutdown is avoided. If the extended CT is not granted, a concurrent shutdown of both CPNPP Units to Mode 5 will be required to complete implementation of the plant modification. This averted risk was not considered in calculating the affect of the requested extended CT on plant risk.

Assessment of External Flood Events A detailed analysis of External Flood events was performed as part of the Individual Plant Examination of External Events (IPEEE) for CPNPP (Reference 8.13). The IPEEE systematically considered the various factors that can contribute to External Flooding events at CPNPP including historical data for river flooding, probable maximum precipitation (PMP), potential dam failures, and other natural phenomena such as surges, hurricane, and tsunami. The analysis specifically addresses the susceptibility of the safety related structures of the station to these conditions. The insights and conclusions of the IPEEE remain valid.

The results of the evaluation of External Flood events show that there are no credible Flooding events that reach the plant elevation of 810'. Since the startup transformers are located at the 810' elevation, it is clear that extending the CT to 14 days does not affect the plant risk due to External Flood events. Consequently, the contribution of External Flooding events to the core damage frequency at CPNPP during the proposed extended CT is insignificant.

Assessment of Fires External to the Plant During the requested CT extension, there is an insignificant incremental increase in risk to the plant associated with an external fire. The potential vulnerability exists from brush or forest fires causing the loss of power from the remaining startup transformer XST1 to the 138kV switchyard. The 138kV switchyard is supplied from the 138kV Stephenville and DeCordova lines. The area inside the switchyard, between the yard and the transformer and from the transformer into the power plant contains minimal vegetation. The rights of way for the two offsite power lines are routinely cleared of trees and significant vegetation.

to TXX-09026 Page 28 of 51 10/26/2009 Hence, any fires that might occur are not expected to cause power disruptions to the 138kV switchyard due to the small amount of combustibles. Therefore, it is concluded that the contribution of External Fire events to the core damage frequency at CPNPP is insignificant.

Assessment of Transportation and Nearby Facility Accidents An analysis of Transportation & Nearby Facility Accidents and their effects on the station was performed as part of the IPEEE for CPNPP (Reference 8.13). The analysis showed that the risk from such accidents is very low given the nearby facilities and typical land use. Although there has been some growth in the area around CPNPP and additional gas exploration within the Barnett Shale, the insights and conclusions of the IPEEE remain valid. Therefore, it is concluded that the risk from these events relative to this LAR is extremely small.

4.2.3 Summary of Analysis Results Compared to Acceptance Guidelines The results of the assessment of the effect of the proposed extended CT on plant risk in terms of ACDF, ICCDP, ALERF, and ICLERP are summarized for Internal and Fire events in Table 9. The corresponding risk significance guidelines specified in RG 1.174 (Reference 8.1) and RG 1.177 (Reference 8.2) are also provided in Table 9 for comparison to the risk assessment results.

With regard to the Internal and External events analysis, the acceptance guidelines from RG 1.174 and RG 1.177 are met with the exception of the Unit 2 ACDF and ICCDP, which exceed the guidance by a small amount. This exception is primarily related to Unit 2 Fire events. However, as the qualitative evaluation shows given the risk reduction measures, there is a high likelihood of detection and suppression of the fire before significant damage to XST1 cables can occur. If these early detection and suppression risk reduction measures could be quantified and credited, Luminant Power is confident that the criteria in RG 1.174 and RG 1.177 for ACDF and ICCDP would be met for Unit 2.

to TXX-09026 Page 29 of 51 10/26/2009 Table 9:

Comparison of Risk Assessment Results to Acceptance Guideline Output 1eAcceptance Below Unit Parameters Value Frequency Guideline Acceptance Guideline Internal Events CDF NEWxsT2 1.02E-05 Per Year

< 1.OOE-04/yr Yes ACDFXST 2 2.75E-07 Per Year

< 1.OOE-06/yr Yes ICCDPXST2 2.75E-07 Dimensionless < 5.00E-07/yr Yes Unit 1LERFNEWxsT2 5.10E-07 Per Year

< 1.OOE-05/yr Yes ALERFxsT2 6.25E-09 Per Year

< 1.00E-07/yr Yes ICLERPXST 2 6.25E-09 Dimensionless < 5.OOE-08/yr Yes CDFNEWXST2 9.93E-06 Per Year

< 1.OOE-04/yr Yes ACDFXST2 2.54E-07 Per Year

< 1.00E-06/yr Yes Unit 2 JCCDPXST2 2.54E-07 Dimensionless < 5.OOE-07/yr Yes LERFNEWxsT2 6.26E-07 Per Year

<1.00E-05/yr Yes ALERFXST 2 5.10E-09 Per Year

< 1.OOE-07/yr Yes ICLERPXST 2 5.10E-09 Dimensionless < 5.OOE-08/yr Yes Fire Events*

FireCDFNew**

2.11E-05 Per Year

< 1.OE-04/yr Yes Unit 1 FireACDF 2.17E-07 Per Year

< 1.00E-06/yr Yes Fire ICCDP 2.17E-07 Dimensionless < 5.OOE-07/yr Yes FireCDFNew**

2.17E-05 Per Year

<1.OOE-04/yr Yes Unit 2 Fire ACDF 7.88E-07 Per Year

< 1.00E-06/yr Yes FireICCDP 7.88E-07 Dimensionless < 5.OOE-07/yr No Total Values (Internal Events and Fire Events)

CDFNEW Total 3.13E-05 Per Year

< 1.00E-04/yr Yes Unit 1 ACDFTotaI 4.92E-07 Per Year

< 1.OOE-06/yr Yes ICCDPTota l 4.92E-07 Dimensionless < 5.00E-07/yr Yes CDFNEW Total 3.16E-05 Per Year

< 1.OOE-04/yr Yes Unit 2 ACDFTotaI 1.04E-06 Per Year

< 1.00E-06/yr No ICCDPTotaI 1.04E-06 Dimensionless < 5.OOE-07/yr No NOTE 1:

NOTE 2:

The values presented have been rounded.

No credit taken for any risk reduction measures.

The IPEEE Fire analysis did not extend to LERF/Level II.

    • Calculation of the New Fire CDFs was done by using the IPEEE CDF total value (2.09E-05) and adding the associated ACDF for the appropriate Unit.

4.3 Avoidance of Risk Significant Plant Configurations Tier 2 of the three-tiered approach described in RG 1.177 for evaluating the risk associated with a proposed TS allowed outage time (AOT or Completion Time (CT) as used in the Improved Standard Technical Specifications) requires an examination of the need to impose additional restrictions when operating under the proposed CT in order to avoid risk significant equipment outage configurations and to understand the role uncertainty plays in application of the results of the risk assessment. The results of the risk assessment were analyzed and certain sensitivity studies were performed to identify risk significant plant configurations and any appropriate risk reduction measures.

to TXX-09026 Page 30 of 51 10/26/2009 Analysis of Risk Assessment Results A detailed examination of the results of the risk assessment was conducted to identify any previous assumptions or configurations that might have been overlooked or underestimated and which might potentially, significantly affect the results of the evaluation. All Internal events that affect total risk metrics (CDF, ACDF, and ICCDP) were re-analyzed for any potentially neglected items. The detailed analysis of the Internal events results consisted of a review of the individual top cut sets and significant basic events.

The analysis involved a detailed review of the Internal events CDF assessment. Only the Internal events CDF analysis was selected since the LERF, delta LERF, and ICLERP risk metrics (shown in Table 9) were minimally affected by the proposed CT extension.

Decomposition into Significant Accident Sequences or Cutsets and Basic Events This analysis determined the importance of individual contributors and assumptions. For this internal events assessment with XST2 OOS the results of the internal events analysis show General Transient/LOOP to be the main contributor to ACDF. Reviewing the top cutsets for Unit 1 and Unit 2 show that all of the new scenarios involved a SBO with a combination of the failure of the other startup transformer (XST1) and the failure of the EDGs. Since offsite power is dominating in the baseline PRA, these results are consistent with the expectation that the XST2 transformer being OOS would have an affect on scenarios that lead to a SBO. Because the STs and the EDGs already had such a great importance to CDF, a sensitivity study based on their failure rates was completed and the results are shown below in the Assessment of Uncertainty.

After reviewing the cutset files, the basic events importance measures were reviewed for any further contributors. The resulting top 25 basic events for equipment failure and operator action from Unit 1 and Unit 2 were identified.

The results of the basic events analysis were much the same as the cutset review because XST1 and both EDGs, along with their associated components, breakers, etc., were again shown to be important components affecting plant risk during the proposed extended CT. However, the basic events associated with SSW components and the TDAFW pumps were also shown to be important. Therefore, the SSW pumps and TDAFW pumps failure rates were addressed in sensitivity studies discussed below and the restriction on routine or elective maintenance of the SSW system was added as a risk reduction measure for the plant during the proposed CT extension.

Assessment of Uncertainty Based on Sensitivity Analysis Throughout the analysis of this CT extension, various assumptions and contributions were identified as warranting a sensitivity analyses to address uncertainties in the PRA model. The following sensitivity analyses were conducted:

0 Reliability of components important to risk contribution in the CT extension (EDGs, XST1, SSW pumps, and TDAFW pumps),

LOOP recoveries, Important component recoveries, LOOP power weather-and plant-centered Initiating event (IE) frequencies, F1 and F2 tornado non-recovery of offsite power, and Deferred maintenance.

to TXX-09026 Page 31 of 51 10/26/2009 Sensitivity Study for Reliability of Components Important to Risk Contribution During the Proposed CT Extension (DGs, XST1, SSW Pumps, and TDAFW Pumps)

As the discussion of the significant accident sequences above indicates, the EDGs, startup transformer XST1, the SSW pumps, and the TDAFW pumps were identified as significantly contributing to the plant risk associated with the requested extended CT.

Due to their importance to plant risk, each of them was re-analyzed for their contribution to CDF with XST2 OOS with their failure rates doubled.

As with the previous analyses, the annual XST2 OS and component failure rates CDFs were compared to the baseline values using Equations 1-3. Also, an additional case was analyzed where all of the important component failure rates were doubled with XST2 OOS. The reason for this analysis stems from the uncertainty associated with the various component reliabilities and the potential consequences of their failure with XST2 OOS.

The results of these sensitivity analyses are shown in Table 10.

Table 10:

Results for Reliability Sensitivity Cases Unit Output Parameters Value (per year)

CDFNEWXST2_TDAFWPx2 1.02E-05 ACDFXsT2_TDAFWPx2 3.02E-07 CDFNEWxsT2_EDGsx2 1.04E-05 ACDFXsT2 EDGsx2 4.28E-07 Unit 1 CDFNEWXST 2 SSWPSx 2 1.02E-05 ACDFxsT 2_SSWPsx2 2.83E-07 CDF NEWXST2_XST1x2 1.02E-05 ACDFxsT2_XSTlx2 2.87E-07 CDF NEWXsT2_AllImpCompsx2 1.04E-05 ACDFXsT2_Al!_ImpCompsx2 4.86E-07 CDFLNEWXST2 TDAFWPx2 9.96E-06 Unit 2 ACDFXST2-TDAFWP.2 2.81E-07 CDF..NEWXST2 EDGsx2 1.01E-05 ACDFXST2 EDGsx2 4.04E-07 CDF-NEWxsT2 SSWPsx 2 9.94E-06 ACDFXST2 SSWP,. 2 2.62E-07 CDFLNEWXST2 XSTIx2 9.95E-06 ACDFXST2 XSTIx2 2.65E-07 CDF NEWXST2 All ImpCornpsx2 1.01E-05 IACDFxsT2_AllImp_Compsx2 4.61E-07 NOTE:

The values oresented have been rounded.

The sensitivity study demonstrates that the various increases to each of the individual components failure probabilities results in acceptable risk measures. In addition, when all of the important component failure probabilities are doubled and combined, the results still remain within the regulatory limits of RG 1.174.

However, to ensure their reliability, the EDGs and the TDAFW pumps will be tested prior to entry into the one-time, 14-day CT. Furthermore, to ensure their availability, any routine or elective testing or maintenance activities affecting the EDGs, XST1, the SSW pumps, or the TDAFW pumps will be prohibited for the duration of the requested extended CT.

to TXX-09026 Page 32 of 51 10/26/2009 Sensitivity Study - LOOP Recoveries Since the XST2 startup transformer is associated with offsite power, a contribution to risk from the offsite power recoveries is an area where a sensitivity analysis was warranted.

For this analysis, the XST2 OOS cases were re-analyzed using recovery files that limited offsite non-recovery probabilities to 10-3 and 10-2 to obtain new annual CDFs. The current limit in the PRA model is 104. Limiting the offsite non-recovery probabilities also addresses questions relating to the use of Log Normal versus Weibull distribution curves.

By limiting these non-recovery values, questions relating to the divergence of the curves, towards the tail end, are also addressed. As with the previous analyses, the annual XST2 OOS and modified non-recovery CDF results were compared to the baseline values using Equations 1-3. The results of this sensitivity analysis, provided in Table 11, show that the uncertainty in LOOP non-recovery probabilities is not significant to the conclusions of this analysis.

Table 11:

Results for Reliability Sensitivity Cases Unit Output Parameters Value (per year)

CDFNEWXsT2_Re..v N....l 1.02E-05 ACDFXsT2 Recov Normal 2.75E-07 Unit 1 CDFNEWXsT 2_Recov 10^-3 1.02E-05 ACDFxsT2_Recov_1 0

^-3 2.94E-07 CDFNEWXST2_Rec.v.10^-2 1.05E-05 ACDFXST2_Re....10^-2 5.40E-07 CDF NEWXsT2_Recov Normal 9.93E-06 ACDFXsT2 _Recov Normal 2.54E-07 Unit 2 CDFNEWXsT 2 Recov. 10^-3 9.96E-06 ACDFXsT2_Rec.v 10A-3 2.77E-07 CDF NEWxST2_Recov_10^-2 1.02E-05 ACDFXsT2_Recov_1.OA2 5.19E-07 NOTE:

The values presented have been rounded.

This sensitivity study demonstrates the affects of offsite power recoveries on the XST2 OOS cases. Using the increased values for non-recovery of offsite power shows that the results remain within the regulatory limits of RG 1.174.

Sensitivity Study - Important Component Recoveries The next sensitivity is the recovery of components important to this configuration. As previously identified, the TDAFW pumps and the EDGs are components that become very important risk contributors during the XST2 00S time frame. For this sensitivity analyses, the recovery values for these components were changed to reflect the inability to recovery them (i.e., a recovery value set to 1). Setting the recovery value to 1 has the effect of assuming that, for the time XST2 is OOS, if any of these components were to fail there would be no possibility of recovery of the failed component. This case was run using the base model with XST2 OOS. The results, presented in Table 12 along with the annual CDFs, were then compared to the Baseline CDF assuming there is no important component recovery.

to TXX-09026 Page 33 of 51 10/26/2009 Table 12:

Results for Recovery Sensitivity Cases Unit Output Parameters Value (per year)

CDFNEWxsT 2 1.02E-05 Unit 1 ACDFXST2 2.75E-07 CDF NEWxsT2 comp-Recov-Mod 1.07E-05 ACDFXST2 Recov CompRecov.Mod 8.00E-07 CDFNEWXST 2 9.93E-06 Unit 2 ACDFXST 2 2.54E-07 CDF NEWXST2 Comp RecovMod 1.04E-05 ACDFXST2_Recov CompRecov Mod 7.64E-07 NOTE:

The values presented have been rounded.

This sensitivity study demonstrates the affect on plant risk of non-recovery of important components when XST2 is OOS. Using the non-recovery values for these important components demonstrates that the risk metrics still remain within the regulatory limits of RG 1.174.

Sensitivity Study for LOOP Weather-and Plant-Centered Initiating Event Frequencies A sensitivity study was done to address the significance of risk management actions to manage/control weather-centered and plant-centered LOOP initiating event frequencies during the period when XST2 is out-of-service. These risk management actions are 1) the selection of the time-of-year in which the activity will be allowed, and 2) the restriction on maintenance in the switchyard and potentially affecting XST1. Considering these restrictions, the probabilities of LOOP for weather-centered (WC) and plant-centered (PC) events can be modified accordingly as a sensitivity case.

Weather-Centered Sensitivity: Based upon weather data from the NOAA, the time-of-year in which the XST2 will be OOS will coincide with times when severe weather is not typical, namely September through March. Using this restriction, the weather-centered probability will be reduced by 67%.

Plant-Centered Sensitivity: With the restriction on switchyard and XST1 access and maintenance, the plant-centered LOOP frequencies were re-examined and it was determined that these could be reduced based upon a review of the events in the Electric Power Research Institute (EPRI) Reports (References 8.14, 8.15, and 8.16). The review of industry events considered two items: 1) removal of events caused by maintenance/human action and 2) inclusion of LOOP events due to having one transformer OOS. For this second case, all LOOP events that were previously excluded from the original LOOP calculations because of the dual switchyard design of CPNPP were reviewed again to see if the event would now be applicable to CPNPP with the plant in the CT configuration. Based on this review, adjusted values for plant-centered LOOP were calculated.

Using the adjusted values for the PC and WC LOOP IE, several runs were completed for the PC and WC modifications and compared to the baseline values. The results of these sensitivity runs are in Table 13 and should be compared with the values in Table 3 to see the overall affect of these sensitivity runs.

to TXX-09026 Page 34 of 51 10/26/2009 Table 13:

Results for PC and WC Sensitivity Cases Unit Output Parameters Value (per year)

CDF NEWXST2 PCMod 1.02E-05 ACDFXST2 PC Mod 2.67E-07 Unit CDF NEWxsT2WCMod 1.01E-05 ACDFXST2_WCMod 2.17E-07 CDF NEWXST2_PCWCMod 1.01E-05 ACDFxsT2 PC wc Mod 2.10E-07 CDFNEWXST2 PCMod 9.93E-06 ACDFXST2 PC-Mod 2.50E-07 Ut2 CDFNEWXST2WCMod 9.88E-06 ACDFXST2_WCMod 2.04E-07 CDFNEWXST2_PCWCMod 9.88E-06 I

ACDFXST2_PCWC_Mod 1.96E-07 NOTE:

The values presented have been rounded.

This sensitivity study demonstrates the affects of the LOOP weather-centered and plant-centered IE frequencies on the XST2 extension cases. As seen in Table 13, if credit were taken for these risk reduction measures, an overall reduction in the risk results presented in Table 3 could be realized. However, for the submittal no credit was taken for these action and the results here are for sensitivity analysis only.

Sensitivity Study - F1 and F2 Tornado Non-Recovery of Offsite Power In a F1 and F2 tornado, the potential exists for recovery of offsite power through plant actions. This is due to the potential event where a tornado has rendered only one of the startup transformers inoperable. For this sensitivity study, the normal case where a F1 or a F2 tornado has struck will be run with normal offsite power recovery actions. A second case will be run where both transformers are inoperable and no offsite power recoveries are allowed. The two cases will be compared using earlier equations (1-3) and the results are in Tables 14 and 15.

Table 14:

Annual CDFs for F1 and F2 Tornado Sensitivity Cases Unit Input Parameters Frequency (per year)

Unit 1 CDFBaseFIF2 1.61E-07 CDFxsT2 NoPowerRecov 1.85E-06 Unit 2 CDFBaseFIF2 1.45E-07 CDFXsT2_NoPower Recov 1.84E-06 NOTE:

The values presented have been rounded.

Table 15:

Results for F1 and F2 Sensitivity Cases Unit Output Parameters Value (per year)

Unit 1 CDFNEWFIF2 2.25E-07 ACDFFIF2 6.46E-08 Unit 2 CDF NEWFIF2 2.10E-07

_ACDFFIF2 6.48E-08 NOTE:

The values presented have been rounded.

to TXX-09026 Page 35 of 51 10/26/2009 This sensitivity study demonstrates the effects of switchyard non-recovery for XST2 00S F1 and F2 tornado cases. Table 15 shows the results are well within the regulatory limits of RG 1.174.

Sensitivity Study - Deferred maintenance As stated above, risk reduction measures for various components will be in place which will have routine or elective testing and maintenance activities suspended (EDGs, SSW pumps, XST1, and TDAFW pumps) for the duration of the CT. Due to questions relating to deferred maintenance activities as a result of the 14-day suspension, this sensitivity study will address the risk of deferred maintenance. Since deferred testing and maintenance during the XST2 CT will increase the test and maintenance needed for the remainder of the year, a baseline case will be run with all of their test and maintenance frequencies increased by 5% (14 days/365 days = -3.8% rounded up to 5%). Additionally, because the switchyard maintenance will also be suspended, the LOOP due to plant-centered initiating events will also be increased by 5%. The modified baseline CDF was incorporated with the XST2 00S and compared to the baseline values.

CDF NTyT j

  • CDFxsT2 oo+

CDFNwxsr ModedBs*

  • Ty.,*

(Eq. 07) 1I-( TcT CDF l TY.

BsMdifed ACDFXST2 Modged - Base :CDF

- NewXST2 Modied_ Base (Eq. 08)

CDFB Where:

CDF Base

= baseline annual CDF for the individual fire scenario.

CDFxsT2_oos

= annual CDF for the XST2 OOS.

CDFBaseeMdifie

= baseline annual average CDF with TM for DGs, SSW pumps, XST1, and TDAFW pumps TM events increased by 5% and the LOOP Plant Centered initiator increased by 5%.

TCT

= total days the XST2 transformer is to be OOS for this CT extension LAR, 14 days.

T year

= time equivalent to one reactor year or 365 days of full power operation.

CTNo

= time in years, 3.84E-02 years, the XST2 transformer is to be COS for this LAR.

to TXX-09026 Page 36 of 51 10/26/2009 Eq. 7 is used to create a weighted annual CDF for the for the modified baseline and XST2 OOS conditions, with the weight being the fraction of time each condition is to exist. The resulting CDFNewxsT2_ModifieBase from Eq. 7 is then compared to the baseline internal events scenario CDF in Eq. 8 to calculate the change in CDF (ACDF), in accordance with RG1.174. The results of these calculations are in Table 16.

Table 16:

Annual CDFs and Results for Deferred TM Sensitivity Cases Unit Output Parameters Value (per year)

CDFBase Mod 1.01E-05 Unit 1 CDFNEWxsT2 Mod-Base 1.04E-05

_ACDFXsT 2 Mod Base 4.38E-07 CDFBase Mod 9.83E-06 Unit 2 CDF NEWXST2 Mod Base 1.01E-05 ACDFXST2 Mod Base 3.98E-07 NOTE:

The values presented have been rounded.

This sensitivity study demonstrates the effects of deferred testing and maintenance on the XST2 OS cases. Modifying the baseline test and maintenance frequencies for these components and changing the plant-centered LOOP frequencies results in risk metrics that remain within regulatory limits of RG 1.174.

Risk Reduction Measures In the course of this analysis, risk reduction measures were considered and discussed.

Several risk reduction measures were identified which address the various configuration risks and sensitivity analyses in addition to the compensatory measures for grid and switchyard restrictions provided in section 4.1. The following risk reduction measures were evaluated to be effective and will be implemented by CPNPP during the one-time, 14-day XST2 CT. A summary of regulatory commitments is contained in Attachment 7.

1.

Restricted Access to and Suspension of Maintenance in the Switchyard Access to both switchyards and relay houses will be controlled and posted, and all maintenance will be suspended for the duration of the extended XST2 CT.

This risk reduction measure was selected based on the reliance of one startup transformer during the one-time, 14-day CT. The measure is selected to deter any perturbations to the remaining startup transformers power supply, 138kV switchyard, and any potential grid or trip issues from the 345kV switchyard.

Work in the switchyard is administratively controlled by the Operations Shift Manager who, by plant procedure STA-629, has sole authority to grant access to the switchyard. By his authority, no testing, maintenance or access to either switchyard with the exception of normal operator visual inspection rounds will be allowed. The startup transformers, XST1 and XST2, are physically located in the protected area and not in the switchyard. Additionally, signs will be placed on both switchyards and relay houses noting the restriction of access, testing, and maintenance during the extended XST2 CT.

to TXX-09026 Page 37 of 51 10/26/2009

2.

Suspension of Routine or Elective Maintenance on the EDGs, TDAFW Pumps, XST1, and SSW Pumps The EDGs, TDAFW Pumps, XST1, and SSW Pumps will have all routine or elective testing and maintenance activities suspended for the duration of the one-time, 14-day CT for XST2. Additionally, signs will be placed on the doorways to the equipment, or in the case of XST1 around the equipment, noting the restriction of testing and maintenance duringthe extended XST2 CT.

This will ensure the availability of these components for the entire duration of the CT.

3.

Testing of Emergency Diesel Generators and Turbine Driven Auxiliary Feedwater Pumps within Two (2) Weeks Prior to the Start of the XST2 14-day CT All four EDGs and both Turbine Driven Auxiliary Feedwater Pumps will be verified operable within two weeks prior to the start of the one-time, 14-day CT on XST2.

The importance of the EDGs and the TDAFW Pumps to LOOP and SBO scenarios for this CT is significant. Therefore, to ensure the reliability of these components, they will be tested within two weeks prior to the start of the XST2 CT.

4.

Temporary Power Diesel Generators Sets Will Be Onsite For Each Unit During the one-time, 14-day CT for XST2, two sets of TPDGs will be onsite. One TPDG set will be dedicated to each Unit to feed one safety bus in order to provide long term cooling if the remaining offsite source XST1 is lost and both the EDGs of a Unit fail to start or load. The TPDGs, the circuit transformer, transfer switch, and cabling to connect TPDG to a bus will be verified available once per shift and treated as protected equipment.

Due to the importance of power sources to the safety related buses it was decided to bring in a set of TPDGs for each Unit. Each set of TPDGs is capable of supporting one train of shutdown cooling.

5.

Suspension of Work Activities-Near XST1 Power and Control Cabling All work activities along the routing associated with power and control cabling for XST1, the in-service startup transformer, will be suspended during the XST2 CT.

This will reduce the risks associated with fires and maintenance activities that could damage or disable the XST1 transformer cabling.

6.

Roving Hourly Fire Watch Along Paths of XST1 Power and Control Cabling A roving hourly fire watch will be in effect during the one-time, 14-day XST2 CT along the path of the XST1 power and control cabling.

This is an additional measure to monitor the area for fire risks that could damage or disable the XST1 transformer cabling.

to TXX-09026 Page 38 of 51 10/26/2009

7.

Selection of Time-of-Year Due to Weather Considerations The XST2 outage will be conducted during the time-of-year when the probability of severe weather is lowest as indicated by the NOAA curves discussed in the sensitivity analysis above.

This selection is based upon the risk associated with High Wind/Tornados and weather challenges to the plant during the XST2 CT.

8.

Seismic Walkdown for the EDGs and TDAFW Pumps The seismic walkdown will be completed prior to entering the extended CT to identify any vulnerabilities that could affect the EDGs and TDAFW Pumps availability during a seismic event. These vulnerabilities could include mounting or interaction issues such as loose parts and missing hardware.

This walkdown will provide assurance that these components will meet their seismic design criteria in the event of a seismic incident.

Summary of Risk Management and Sensitivity Study Insights Based upon this evaluation, the risk significant configurations have been adequately identified and accounted for through risk management actions and configuration control.

Further, the sensitivity studies show that the results of the analyses were relatively insensitive to the parameter change used for the sensitivity study. Table 17 shows the affect of all these studies on ACDF. The table shows that if all of the uncertainties in the model were to be considered simultaneously, there is a slight increase above the regulatory limits for ACDF. Although each of these impacts were minor in nature, risk reduction measures have been identified that will minimize risk. Therefore, based on qualitative and quantitative considerations, there is no change to the conclusions of the risk analysis due to uncertainty issues. For the risk reduction measures that were not quantitatively addressed, there is high confidence that if these factors were addressed, the values for Unit 2 ACDF and ICCDP would fall below the regulatory guidance.

to TXX-09026 Page 39 of 51 10/26/2009 Table 17: Summary and Summation of ACDF Including All Sensitivities Case CDF ACDF Compared ACDF Compared Unit (All Sensitivity Cases NEW to Unit Normal to Unit XST2 Include XST2 OOS)

Baseline CDF OOS CDF New XST2 OOS only 1.02E-05 2.75E-07 All Important Component 1.04E-05 4.86E-07 2.11E-07 Failures Doubled Recovery Limited to 10-2 1.05E-05 5.40E-07 2.65E-07 Uft1Weather and Plant Center Unit1 Modifed 1.01E-05 2.10E-07

-6.52E-08 LOOP Modified DG and TDAFWP Non-1.07E-05 8.OOE-07 5.25E-07 Recovery I

Deferred Maintenance 1.04E-05 4.38E-07 1.63E-07 Total ACDF*

1.37E-06 XST2 OOS only 9.93E-06 2.54E-07 All Important Component 1.01E-05 4.61E-07 2.07E-07 Failures Doubled Recovery Limited to 10-2 1.02E-05 5.19E-07 2.65E-07 Unit 2 Weather and Plant Center 9.88E-06 1.96E-07

-5.75E-08 LOOP Modified DG and TDAFWP Non-1.04E-05 7.64E-07 5.10E-07 Recovery Deferred Maintenance 1.01E-05 3.98E-07 1.44E-07 Total ACDF*

1.32E-06 NOTE:

The values presented have been rounded.

  • Total Delta CDF is calculated by adding the XST2 OOS delta CDF value with all of the sensitivities compared to XST2 OOS Delta CDFs.

4.4 Risk-Informed Configuration Management Program Tier 3 requires a proceduralized process to assess the risk associated with both planned and unplanned work activities. The objective of the third tier is to ensure that the risk impact of out-of-service equipment is evaluated prior to performing any maintenance activity. As stated in section 2.3 of RG 1.177, "...a viable program would be one that is able to uncover risk significant plant equipment outage configurations in a timely manner during normal plant operation." The third tier requirement is an extension of the second tier requirement, but addresses the limitation of not being able to identify all possible risk significant plant configurations in the second-tier evaluations. Programs and procedures are in place at CPNPP which serve to address this objective.

CPNPP has a Configuration Risk Management Program which has the characteristics of the Model Configuration Risk Management Program (CRMP) described in RG 1.177 and which was previously approved for risk informed Technical Specifications 3.5.2, "ECCS -

Operating' Required Action A.1 via License Amendment Nos. 62 and 48 (TAC Nos. M97809 and M97819). Its description has been incorporated into plant Technical Specifications 5.5.18, "Configuration Risk Management Program (CRMP)" (Reference 8.17). In addition, CPNPP conforms to the guidance in NUMARC 93-01, "Industry Guideline For Monitoring the Effectiveness Of Maintenance At Nuclear Power Plants" (Reference 8.18).

to TXX-09026 Page 40 of 51 10/26/2009 To avoid or reduce the potential for risk significant configurations from either emergent or planned work, CPNPP has implemented a set of administrative guidelines that go beyond the requirements set forth in the plant Technical Specifications. These guidelines control configuration risk by assessing the risk impact of out-of-service equipment during all Modes of operation to assure that the plant is being operated within acceptable risk guidelines.

CPNPP employs a conservative approach to at power maintenance. The weekly schedules are train and channel based and prohibit the scheduling of opposite train activities without additional review, approvals, and/or risk reduction actions. The assessment process further minimizes risk by restricting the number and combination of systems or trains allowed to be simultaneously unavailable for scheduled work.

Unplanned or emergent work activities are factored into the plant's actual and projected condition, and the level of risk is evaluated. Based on the result of this evaluation, decisions pertaining to actions required to achieve an acceptable level of risk (component restoration or invoking risk reduction measures) are made. The unplanned or emergent work activities are also evaluated to determine impact on planned activities and the affect the combinations would have on plant risk.

At CPNPP, procedures WCI-606 "Work Control Process" and WCI-203 "Weekly Surveillances/Work Scheduling" are two of the controlling procedures for the maintenance process. The CRMP program at CPNPP ensures that configuration risk has been addressed prior to initiating any maintenance activity consistent with the requirements of 10CFR50.65(a)(4).

Currently, CPNPP uses the Safety MonitorTm software to perform online risk assessment.

All PRA components' are represented in Safety MonitorTM with the ability to take one or multiple components out-of-service. After the activities have been added (i.e., component taken OOS), the model is re-quantified and the CDF and LERF are calculated. The risk is then compared to preset values and colors are assigned based on these preset values. As the projected risk increases the requirement for management approval is raised. External events are evaluated qualitatively to determine their impact on the configuration risk.

Summary of CRMP This process is performed for all activities that affect PRA components, initiating events, or recoveries. The Work Control Group uses the weekly schedule to calculate the plant risk for the week on an activity basis. The proposed CT would be planned and added to the weekly schedule and the risk for the activity would be calculated. The weekly risk assessment will be reviewed and appropriate management approval will be obtained.

The process is the same for emergent activities. The risk is assessed prior to the emergent activity being worked. The risk is calculated and scheduled activities may be moved to a later date or equipment put back in-service to ensure that the risk is acceptable. The CRMP implemented at CPNPP meets the requirement of RG 1.177 section 2.3.7.

to TXX-09026 Page 41 of 51 10/26/2009 4.5 Summary of Technical Analysis The analysis of the proposed extended CT consists of four main elements: (1) a traditional engineering analyses, (2) an evaluation of the adequacy of the CPNPP PRA and a risk assessment that shows an acceptable increase in risk (Tier 1), (3) avoidance of risk significant plant configurations (Tier 2), and (4) continued implementation of a Configuration Risk Management Program (CRMP) during the one-time, 14-day extended Completion Time (Tier 3). CPNPP has a robust design with diverse and redundant offsite and onsite power systems. XST1 has the capacity and capability to supply the required safety related loads of both Units during the proposed extended CT. Compensatory measures and the ongoing CRMP will be in place to assure safe shutdown and offsite power capability and availability. One measure will provide an alternate power source to one safety related bus for each Unit in Modes 3, 4, and 5 to maintain the capability for safe shutdown and long term cooling of each Unit.

For the 3-Tiered analysis of the 14-day CT extension, various factors were considered and reviewed to address the impact of the extension on the CPNPP PRA model. The analysis included a review of the PRA model quality, Internal events, External events, sensitivity analyses, identified risk reduction measures, and a Configuration Risk Management Program as discussed in sections 4.2 through 4.4, respectively.

The Tier 1 analysis first addressed the model quality and potential gaps from the RG 1.200 self-assessment described in section 4.2. From this analysis it was determined that there is a high level of confidence in the PRA model ability to address the affects of the proposed CT extension. This conclusion is based the high quality of the model, its reflection of the plant systems and operation, and the self-assessment which concluded there are no gaps that would affect the results of the PRA analysis for this application. Individual evaluations of the affect of the proposed CT extension were performed for the Internal events, High Wind/Tornado events, Fire events, Internal Flood events, Seismic events, and other External events. Based upon these evaluations, including quantitative and qualitative considerations, the risk results meet the guidance set forth in RG 1.174 and RG 1.177. In regards to the fire events analysis, all regulatory acceptance guidelines from RG 1.174 and RG 1.177 were met with the exception of the Unit 2 ACDF and ICCDP, which exceeded the threshold by a small amount. However, it was noted in" this analysis that due to the distance between the intervening combustibles to the XST1 power cabling and the shielding of the XST1 power cabling, it is unlikely that the XST1 power cabling would be damaged if a fire were to occur because of the high likelihood of early detection and suppression.

Additionally, the Tier 2 analysis identified several risk reduction measures which will be implemented to either reduce or mitigate any potential fires that could affect XST1. These risk reduction measures include the suspension of work along all XST1 cabling (to reduce the potential frequencies of fires in these areas), the addition of a roving hourly fire watch (to add assurance that suppression could be initiated prior to the intervening combustibles igniting the cabling) and the provision of an alternate power source (the TPDGs) for a safety related bus in each Unit for the duration of the extended CT. Based upon the noted conservatisms in the fire analysis and the risk reduction measures that were not quantitatively addressed, there is high confidence that if these factors were quantitatively addressed, the values for Unit 2 ACDF and ICCDP would be below the threshold of the regulatory guidance. The relatively minor variations between the Unit 1 and the Unit 2 risk metrics are due to the differences in the transformer cable routings.

to TXX-09026 Page 42 of 51 10/26/2009 The cumulative affect on plant risk is shown in Table 18. When added to the plant shutdown risk, conservatively estimated to be 2.5*10-5/yr, Table 18 shows that there is reasonable assurance that the total core damage frequency for both CPNPP Units is less than 1*10-4/yr for all sources.

The following stathments address the events that were qualitatively reviewed and how they were incorporated quantitatively.

For High Wind/Tornado, Seismic, and Flood events analyses, it was determined that there is an insignificant effect from XST2 being OOS and therefore, the ACDF and ICCDP values are effectively zero. However, for the total contribution to CDF, the baseline values for all three are taken into consideration for cumulative core damage frequency.

The High Wind/Tornado CDF is from the IPEEE and the Flood CDF is from the Revision 3B analysis.

For the Seismic contribution, the CDF was estimated, since the IPEEE is a margin analysis, using the safe shutdown earthquake probability, from NUREG-1488 (Reference 8.19), and multiplied by the CCDP for LOOP.

Table 18 also shows the addition of all of the risk metrics from each of the event analyses and how each meets the regulatory acceptance criteria. As seen in the fire events analysis, the Unit 2 cumulative ACDF and ICCDP were slightly greater than the acceptance criteria. Risk reduction measures were identified which are affective in reducing the overall risk to an acceptable level.

Additionally, various uncertainties associated with this assessment were addressed and the results show that there are no uncertainties that can significantly affect the conclusions of this risk evaluation. Further, the Tier 3 CRMP will be implemented to address initiating events, mitigation, uncertainties and equipment important to the XST2 CT, as detailed above.

Overall Conclusions The risk impact of the requested extended CT for the startup transformer has been shown to be very small and to generally meet the overall acceptance criteria. Where quantitative guidelines are used, the results show only one case where the risk is slightly above the guideline. This has been fully addressed through a detailed qualitative assessment and identification of effective risk reduction actions.

Thus, based upon the comprehensive analysis presented in this evaluation, the one-time extension of TS 3.8.1 Required Action A.3 CT from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days to facilitate completion of a plant modification has been shown to be of very low risk significance.

to TXX-09026 Page 43 of 51 10/26/2009 Table 18:

Comparison of Risk Assessment Total Results to Acceptance Guidelines Un__

_utput Parameters Value Acceptance i Below Acceptance it O

Guideline Guideline Internal Events CDF NEWxsT2 1.02E-05

< 1.OOE-04/yr Yes Unit I ACDFxsT2 2.75E-07

< 1.OOE-06/yr Yes ICCDPXST2 2.75E-07

< 5.OOE-07 Yes CDFNEWxsT2 9.93E-06

< 1.OOE-04/yr Yes Unit 2 ACDFxsT2 2.54E-07

< 1.OOE-06/yr Yes ICCDPXST2 2.54E-07

< 5.OOE-07 Yes Fire Events Fire CDFNew**

2.11E-05

< 1.OE-04/yr Yes Unit 1 Fire ACDF 2.17E-07

< 1.OOE-06/yr Yes FireICCDP 2.17E-07

< 5.OOE-07 Yes FireCDFNew**

2.17E-05

<l.00E-04/yr Yes Unit 2 FireACDF 7.88E-07

< 1.OOE-06/yr Yes FireICCDP 7.88E-07

< 5.OOE-07 No Flood Events (Units 1 and 2)

Both FloodCDF 6.91E-08

< 1.OE-04/yr Yes High Wind/ Tornado Events (Units 1 and 2)

Both High Wind

/TornadoCDF 3.70E-06

<I1.E-04/yr Yes Seismic Events (Units 1 and 2)

Both Seismic CDF 7.61E-09

< 1.OE-04/yr Yes Total Values (Internal Events and External Events)

CDFNEW Total 3.51E-05

< 1.OOE-04/yr Yes Unit 1 ACDFTotal 4.92E-07

< 1.OOE-06/yr Yes ICCDPwotal 4.92E-07

< 5.OOE-07 Yes CDFNEW Total 3.54E-05

< 1.OOE-04/yr Yes Unit 2 ACDFTotaI 1.04E-06

< 1.OOE-06/yr No ICCDPTotal 1.04E-06

< 5.OOE-07 No NOTE 1:

The values presented have been rounded.

NOTE 2:

No credit taken for any risk reduction measures.

NOTE 3:

Since LERF was previously determined to not be a significant contributor in section 4.2.1 and Table 9, only the CDF Metrics are presented here.

    • Note: Calculation of the New Fire CDFs was done by using the IPEEE CDF total value (2.09E-05) and adding the associated ACDF for the appropriate Unit.

to TXX-09026 Page 44 of 51 10/26/2009

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration Luminant Power is proposing a change to the Comanche Peak Nuclear Power Plant (CPNPP) Technical Specifications (TS) 3.8.1 entitled "AC Sources - Operating" to extend, on a one-time basis, the allowable Completion Time (CT) of Required Action A.3 for one offsite circuit inoperable, from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days. This change is only applicable to startup transformer XST2 and will expire on March 1, 2011. This change is needed to allow sufficient time to make final terminations as part of a plant modification to facilitate connection of either startup transformer (ST) XST2 or the spare startup transformer to the 1E buses. Installation of the cabling from XST2 and the spare startup transformer to the two new 6.9kV transfer panels will allow spare startup transformer to be a fully installed spare capable of being aligned in place of XST2 within the original TS CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

Luminant Power has evaluated whether or not a significant hazards consideration is involved with the proposed amendment(s) by focusing on the three standards set forth in 10CFR50.92, "Issuance of amendment," as discussed below:

5.1.1 Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response

No The proposed change will revise the CT for the loss of one offsite source from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days. The proposed one-time extension of the CT for the loss of one offsite power circuit does not significantly increase the probability of an accident previously evaluated. The startup transformers are not the initiator of any previously evaluated accidents involving a loss of offsite power (LOOP).

The TS will continue to require equipment that will power safety related equipment necessary to perform any required safety function. The one-time extension of the CT to 14 days does not affect the design of the STs, the interface of the STs with other plant systems, the operating characteristic of the STs, or the reliability of the STs.

Per Regulatory Guide (RG) 1.177, the risk acceptance guideline presented in RG 1.174 shows that Unit 1 met all the risk acceptance guidelines for delta core damage frequency (CDF), delta large early release frequency (LERF), incremental conditional core damage probability (ICCDP), and incremental conditional large early release probability (ICLERP). Unit 2 met the same risk acceptance guidelines of delta LERF and ICLERP; however, the delta CDF and ICCDP were above the acceptance value. Since the increase above the regulatory guidance is small, and the risk reduction measures quantitatively addressed, the values for Unit 2 delta CDF and ICCDP would fall below the regulatory guidance as well as decrease the other risk metrics for both Units.

The consequence of a LOOP event has been evaluated in the CPNPP Final Safety Analysis Report (Reference 8.3) and the Station Blackout evaluation. Increasing the CT for one offsite power source on a one-time basis from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 14 days does not increase the consequences of a LOOP event nor change the evaluation of LOOP events.

to TXX-09026 Page 45 of 51 10/26/2009 Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

5.1.2 Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response

No The proposed change does not result in a change in the manner in which the electrical distribution subsystems provide plant protection. The proposed change will only affect the time allowed to restore the operability of the offsite power source through a startup transformer. The proposed~change does not affect the configuration, or operation of the plant. The proposed change to the CT will facilitate installation of a plant modification which will improve plant design and will eliminate the necessity to shut down both Units if XST2 fails or requires maintenance that goes beyond the current TS CT of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This change will improve the long-term reliability of the 345kV offsite circuit STs which are common to both CPNPP Units.

There are no changes to the STs or the supporting systems operating characteristics or conditions. The change to the CT does not change any existing accident scenarios, nor create any new or different accident scenarios. In addition, the change does not impose any new or different requirements or eliminate any existing requirements. The change does not alter any of the assumptions made in the safety analysis.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

5.1.3 Do the proposed changes involve a significant reduction in a margin of safety?

Response

No The proposed change does not affect the acceptance criteria for any analyzed event nor is there a change to any safety limit. The proposed change does not alter the manner in which safety limits, limiting safety system settings, or limiting conditions for operation are determined. Neither the safety analyses nor the safety analysis acceptance criteria are affected by this change. The proposed change will not result in plant operation in a configuration outside the current design basis. The proposed activity only increases, for a one-time pre-planned occurrence, the period when the plant may operate with one offsite power source. The margin of safety is maintained by maintaining the ability to safely shut down the plant and remove residual heat.

Therefore, the proposed change does not involve a reduction in a margin of safety.

Based on the above evaluations, Luminant Power concludes that the proposed amendment present no significant hazards under the standards set forth in 10CFR50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

to TXX-09026 Page 46 of 51 10/26/2009 5.2 Applicable Regulatory Requirements/Criteria GDC 5 - Sharing of Structures, Systems, and Components, "Structures, systems, and components important to safety shall not be shared between nuclear power Units unless it can be shown that such sharing will not significantly impair their ability to perform their safety functions including, in the event of an accident in one Unit, an orderly shutdown and cooldown of the remaining Unit."

GDC 17 - Electric Power Systems, "An onsite electric power system and an offsite electric power system shall be provided to permit functioning of structures, systems, and components important to safety. The safety function for each system (assuming the other system is not functioning) shall be to provide sufficient capacity and capability to ensure that (1) specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded as a result of anticipated operational occurrences, and (2) the core is cooled and containment integrity and other vital functions are maintained in the event of postulated accidents.

The onsite electric power sources, including the batteries, and the onsite electrical distribution system, shall have sufficient independence, redundancy, and testability to perform their safety functions, assuming a single failure.

Electric power from the transmission network to the onsite electric distribution system shall be supplied by two physically independent circuits (not necessarily on separate rights of way) designed and located so as to minimize to the extent practical the likelihood of their simultaneous failure under operating and postulated accident and environmental conditions. A switchyard common to both circuits is acceptable. Each of these circuits shall be designed to be available in sufficient time following a loss of all onsite alternating current power supplies and the other offsite electrical power circuit, to ensure that specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded. One of these circuits shall be designed to be available within a few seconds following a loss of coolant accident to ensure that core cooling, containment integrity, and other vital safety functions are maintained. Provisions shall be included to minimize the probability of losing electric power from any of the remaining supplies as a result of, or coincident with, the loss of power generated by the nuclear power Unit, the loss of power from the transmission network, or the loss of power from the onsite electrical power supplies."

GDC 18 - Inspection and Testing of Electric Power System, "Electric power systems important to safety shall be designed to permit appropriate periodic inspection and testing of important areas and features, such as wiring, insulation, connections, and switchboards, to assess the continuity of the systems and the condition of their components. The systems shall be designed with a capability to test periodically (1) the operability and functional performance of the components of the systems, such as onsite power sources, relays, switches, and buses and (2) the operability of the systems as a whole and, under conditions as close to design as practical, the full operational sequence that brings the systems into operation, including operation of applicable portions of the protection system and the transfer of power among the nuclear power Unit, the offsite power system, and the onsite power system."

NRC Regulatory Guide 1.53, dated June 1973, titled "Applicability of Single-Failure Criterion to Nuclear Power Plant Protection Systems" (Reference 8.20).

to TXX-09026 Page 47 of 51 10/26/2009 NRC Regulatory Guide 1.62, dated October 1973, titled "Manual Initiation of Protective Actions" (Reference 8.21).

NRC Regulatory Guide 1.75, Revision 1, dated January 1975, titled "Physical Independence of Electrical Systems" (Reference 8.22).

NRC Regulatory Guide 1.81, Revision 1, dated January 1975, titled "Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants." (Reference 8.23)

NRC Regulatory Guide 1.93, dated December 1974, titled "Availability of Electric Power Sources" (Reference 8.24). The current CT associated with inoperable AC power source(s) is intended to minimize the time an operating plant is exposed to a reduction in the number of available AC power sources. NRC Regulatory Guide (RG) 1.93 is referenced in the TS Bases for actions associated with TS 3.8.1. RG 1.93 provides operating restrictions (i.e., CT and maintenance limitations) that the NRC considers acceptable if the number of available AC power sources is one less than the LCO. RG 1.93 specifically states, "If the available a.c. power sources are one less than the LCO, power operation may continue for a period that should not exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> if the system stability and reserves are such that a subsequent single failure (including a trip of the Unit's generator, but excluding an unrelated failure of the remaining offsite circuit if this degraded state was caused by the loss of an offsite source) would not cause total loss-of-offsite power." RG 1.93 additionally states, "The operating time limits delineated above are explicitly for corrective maintenance activities only."

NRC Regulatory Guide 1.155, "Station Blackout," dated August 1988 (Reference 8.25).

NRC Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Bases," dated July 1998 (Reference 8.1).

NRC regulatory Guide 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," dated August 1998 (Reference 8.2).

NRC Safety Guide 6, dated March 10, 1971, titled "Independence Between Redundant Standby (onsite) Power Sources and Between Their Distribution Systems" (Reference 8.26).

NRC Safety Guide 9, dated March 10, 1971, titled "Selection of Diesel Generator Set Capacity for Standby Power Supplies" (Reference 8.27).

Analysis Only conformance with Regulatory Guide 1.93 is affected by this proposed change.

According to RG 1.93, operation may continue with one offsite circuit inoperable for a period not to exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. If the proposed change is approved, CPNPP will continue to conform to this RG with the exception that the allowed CT for restoration of an offsite circuit will be increased, on a one-time basis, to 14 days.

In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

to TXX-09026 Page 48 of 51 10/26/2009

6.0 ENVIRONMENTAL CONSIDERATION

Luminant Power has determined that the proposed amendment would change requirements with respect to the installation or use of a facility component located within the restricted area, as defined in 10CFR20, or would change an inspection or surveillance requirement. Luminant Power has evaluated the proposed change and has determined that the change does not involve (1) a significant hazards consideration, (2) a significant change in the types or significant increase in the amounts of any effluent that may be released offsite, or (3) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed change meets the eligibility criterion for categorical exclusion set forth in 10CFR51.22(c)(9). Therefore, pursuant to 10CFR51.22(b), an environmental assessment of the proposed change is not required.

7.0 PRECEDENTS The proposed change is similar to the following NRC approved one-time, Completion Time (CT) extension precedent submittals below with one exception. The proposed one-time, 14-day, CT is not needed to perform maintenance on startup transformer (ST) XST2, but is needed to allow sufficient time to make final terminations as part of a plant modification to facilitate connection of either startup transformer XST2 or the spare startup transformer to the 1E buses within the current Technical Specifications CT. After completion of this modification, should XST2 require maintenance or repair or catastrophic failure occurs, the spare startup transformer can be connected to the 1E buses within the current CT. This change is needed to ensure the continued long-term reliability of the 345kV offsite circuit.

7.1 On May 27, 2009, the NRC issued Amendment No. 260, Docket No. 50-257, to Indian Point Nuclear Generating Unit No. 2 for a one-time extension to TS 3.8.1 from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 144 hours0.00167 days <br />0.04 hours <br />2.380952e-4 weeks <br />5.4792e-5 months <br />. Specifically, the extension supported the replacement of a cooling oil pump on the station auxiliary transformer to restore operability of the associated offsite circuit (Reference 8.28).

7.2 Similar Amendment No. 239, Docket No. 50-219, was issued to Oyster Creek Generating Station on November 24, 2003, to delete the 30 day unavailability period restriction for occurrence of the specified 7 day allowed outage durations for the startup transformers.

During the allowed outage time of 7 days, the redundant Oyster Creek startup transformer is required to be operable (Reference 8.29).

7.3 On October 10, 2003, the NRC issued Amendment Nos. 214 and 189, Docket Nos. 50-387 and 50-388, to Susquehanna Steam Electric Station (SSES) Units 1 and 2 regarding a one-time extension of the CT for TS 3.8.1, Action A.3, from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 10 days. The one-time extension was needed for the planned replacement of ST No. 10 (Reference 8.30).

7.4 On October 9, 2001, the NRC issued Amendment No. 88, Docket Nos. 50-445 and 50-446, to Comanche Peak Nuclear Power Plant (CPNPP) Units 1 and 2 to extend the CT for TS 3.8.1 for restoration of an inoperable offsite circuit from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 21 days (Reference 8.31). The request was to facilitate a one-time preventive maintenance outage on startup transformer XST2 to ensure the continued long term reliability of XST2.

7.5 By letter dated April 28, 2000 the NRC issued Amendment No. 206 to Facility Operating License No. DPR-51 and Amendment No. 215 to facility Operating License No. NPF-6, Docket Nos. 50-373 and 50-368, for Arkansas Nuclear One (ANO), Units 1 and 2, respectively. The amendment provided a 30-day allowed outage time for offsite startup to TXX-09026 Page 49 of 51 10/26/2009 transformer No. 2 which is shared by both Units. The 30-day completion time will be used not more than once in any 10-year period for the purpose of performing preventive maintenance to increase the reliability of the transformer. (Reference 8.32)

8.0 REFERENCES

8.1 NRC Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions On Plant-Specific Changes to the Licensing Basis," July 1998.

/

8.2 NRC Regulatory Guide 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," August 1998.

8.3 Comanche Peak Steam Electric Station Final Safety Analysis Report, Docket Nos. 50-445 and 50-446.

8.4 NRC Probabilistic Risk Assessment (PRA) Policy Statement, "Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement," Federal Register, Volume 60, p.42622, August 16, 1995.

8.5 Regulatory Guide 1.200, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," Revision 1, January 2007.

8.6 ASME RA-Sb-2005 ADDENDA to ASME RA-S-2002, "Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications," dated December 30, 2005.

8.7 ER-EA-004, "Individual Plant Examination of External Events: Tornado Risk Assessment, Comanche Peak Steam Electric Station," April 1995.

8.8 ER-EA-005, "Individual Plant Examination of External Events: Fire Evaluation, Comanche Peak Steam Electric Station," April 1995.

8.9 EPRI Report Project 3385-01, "Fire Risk Analysis Implementation Guide," January 1994.

8.10 R&R-PN-021, "Comanche Peak Steam Electric Station, Internal Flooding Analysis,"

Revision 3, October 2005.

8.11 NUREG-1407, "Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Sever Accident Vulnerabilities," June 1991.

8.12 ER-EA-001, "Individual Plant Examination of External Events: Seismic, Comanche Peak Steam Electric Station," August 1994.

8.13 ER-EA-008, "IPEEE for Severe Accident Vulnerabilities," June 1995.

8.14 EPRI-TR-1100398, "Loss of Offsite Power at US Nuclear Power Plants Through 1997,"

April 1998.

8.15 EPRI-TR-1002987, "Loss of Offsite Power at US Nuclear Power Plants Through 2001,"

April 2002.

to TXX-09026 Page 50 of 51 10/26/2009 8.16 EPRI-TR-1009889, "Loss of Offsite Power at US Nuclear Power Plants Through 2003,"

April 2004.

8.17 Letter to C. Lance Terry (TU Electric) from Timothy J. Polich (USNRC) dated December 29, 1998, "Comanche Peak Steam Electric Station, Units 1 and 2 - Amendment Nos. 62 and 48 to Facility Operating License Nos. NPF-87 and NPF-89 (TAC Nos. M97809 and M97810)."

8.18 NUMARC 93-01, Industry Guideline For Monitoring the Effectiveness Of Maintenance At Nuclear Power Plants," Revision 3, July 2000.

8.19 NUREG-1488, "Revised Livermore Seismic Hazard Estimates for 69 Sites East of the Rocky Mountains," April 1994.

8.20 NRC Regulatory Guide 1.53, "Applicability of Single-Failure Criterion to Nuclear Power Plant Protection Systems," June 1973.

8.21 NRC Regulatory Guide 1.62, "Manual Initiation of Protective Actions," October 1973.

8.22 NRC Regulatory Guide 1.75, Revision 1, "Physical Independence of Electrical Systems,"

January 1975.

8.23 NRC Regulatory Guide 1.81, Revision 1, "Shared Emergency and Shutdown Electric Systems for Multi-unit Nuclear Power Plants," January 1975.

8.24 NRC Regulatory Guide (RG) 1.93, "Availability of Electric Power Sources," December 1974 8.25 NRC Regulatory Guide 1.155, "Station Blackout," dated August 1988.

8.26 NRC Safety Guide 6, "Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems," March 10, 1971.

8.27 NRC Safety Guide 9, "Selection of Diesel Generator Set Capacity for Standby Power Supplies," March 10, 1971.

8.28 Letter to Vice President, Nuclear Operations of Entergy Nuclear Operations, Inc. (Indian Point Nuclear Generating Unit No. 2) from John P1 Boska (USNRC) dated May 27, 2009, "Issuance of Amendment Re: Allowable Completion Time for Offsite Electrical Power Sources (TAC NO. MD9648)."

8.29 Letter from Peter S. Tam (NRC) to John L Skolds (AmerGen Energy Company) dated November 24, 2003, "Oyster Creek Nuclear Generating Station - Issuance of Amendment Re: Startup Transformer and Emergency Diesel Generator Unavailability Periods (TAC No. MB9144)."

8.30 Letter to Mr. Bryce L. Shriver (PPL Susquehanna, LLC) from Richard V. Guzman (USNRC) dated October 10, 2003, "Susquehanna Steam Electric Station, Units 1 and 2 -

Issuance of Amendments Re: Extended Outage Time for Offsite Power-Single Occurrence (TAC NOS. MB9903 and MB9904)."

to TXX-09026 Page 51 of 51 10/26/2009 8.31 Letter to C. Lance Terry (TXU Electric) from David H. Jaffe (USNRC) dated October 9, 2001, amendment no. 88, "Comanche Peak Steam Electric Station (CPSES), Units 1 and 2.

8.32 Letter to Mr. Craig G. Anderson (Entergy Operations, Inc.) from M. Christopher Nolan (USNRC) dated April 28, 2000, "Arkansas Nuclear One, Units 1 and 2 - Issuance of Amendments Re: Startup Transformer No. 2 Allowed Outage Time for Preventative Maintenance (TAC Nos. MA7184 and MA7185).

APPENDIX to TXX-09026 CPNPP PRA MODEL QUALITY

Appendix to TXX-09026 Page 1 of 11 October 29, 2009 CPNPP PRA Model Quality I.

Adequacy of the Scope and Level of Detail of the CPNPP PRA Model to Address the License Amendment Request This appendix provides the details of the scope and quality of the Comanche Peak Nuclear Power Plant (CPNPP) Probabilistic Risk Assessment (PRA) model. The collective bases provided herewith support the conclusion that the CPNPP PRA model is of adequate scope and quality for use in the application of the subject License Amendment Request.

In the sections that follow, background information and a general description of the CPNPP PRA model are provided. Then a description of the PRA model quality history, a summary of the self-assessment to determine conformance with Regulatory Guide (RG) 1.200, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities" (Reference 1) and a summary of CPNPP PRA model quality in support of this application are provided.

Background

Level I and Level II PRA analyses were completed and submitted as the CPNPP Individual Plant Examination (IPE) to the Nuclear Regulatory Commission (NRC) in August and October 1992, respectively. The Level I analysis has been periodically updated as part of the PRA Continuous Update Process and both the Level I and Level II models have undergone several Industry/Peer reviews. The current CPNPP Model of Record (MOR), revision 3D, reflects the current as-built and as-operated plant design, including the Unit 1 Steam Generator Replacement and Unit 1 and 2 Power Up-rates. The model is routinely updated to ensure plant changes (including modifications, procedure changes, etc.) are accurately reflected in the PRA.

General Description of the CPNPP PRA Model Model Structure The CPNPP PRA Level I model consists of three basic components: event trees, fault trees, and failure data. The actual logical structure of the PRA model is created in event trees and fault trees.

The development of a PRA model is based on failures as opposed to successes.

Event trees are used to create the sequence of events that must occur to result in a core damage event. The CPNPP PRA model uses 37 different event trees: 15 Level I initiating event trees; 11 core damage bin event trees; and 11 Level II large early release frequency (LERF) event trees. The Level I event trees include: Transient, Reactor Coolant Pump (RCP) Seal Loss of Coolant Accident (LOCA), Anticipated Transient Without Scram (ATWS), Steam Generator Tube Rupture (SGTR),

LOCAs (very small, small, medium, large, and excessive), Consequential and Degraded Voltage Loss of Offsite Power (LOOPs), Loss of Feedwater, Main Steam Line Break, and Interfacing Systems LOCAs (ISLOCAs). All of these event trees were translated into a top logic fault tree model which has been linked with the various front-line and support system models to allow for more rapid quantification of the CPNPP PRA. Internal Initiating events, including Internal Flooding events and ISLOCA events, are evaluated using the combined fault tree model.

Although the Internal Flooding events use the same model, their results are maintained separate from the internal events PRA model.

Fault trees are used to model functions specified in the event trees, and typically represent the logic associated with failure of a system or combinations of systems. The fault tree represents the combination of events that can cause the failure of a specified system function.

Appendix to TXX-09026 Page 2 of 11

,October 29, 2009 Model Data There are four basic data types used in the CPNPP PRA model: component failure data (independent and common cause), initiating event data, component test and maintenance unavailability data, and human reliability data. The risk analysis uses point estimates of the mean data. These data can be determined using plant-specific information and/or generic industry failure data from various industry publications, such as other PRAs, contractor data summary reports (e.g. PLG-0500), NUREGs and IEEE-500 (Reference 2). Plant specific data are preferred over generic data because these more closely reflect the plant's design and operating and maintenance practices.

To develop CPNPP plant-specific data, generic industry data are Bayesian updated with CPNPP plant-specific operating experience data. The Bayesian update process is a formal way of adjusting generic failure rate information based on plant-specific data. The primary source for the generic industry data is the PLG-0500 Database. To obtain the CPNPP plant-specific operating histories required for the Bayesian update process, a list of components was developed to identify the major components for which plant-specific data could be obtained. A multi-stage update approach is used by Bayesian updating previous results using new data collected during the update period. This approach emphasizes newer data which reflects recent equipment performance.

The LOOP Frequency is based on the historical data (between 1984 and 2005) compiled by the Electric Power Research Institute (EPRI) EPRI-TR-1100398/1002987/1009889 (References 3, 4, and 5, respectively). The CPNPP relevant events were established and grouped into four categories of events (plant-centered, grid-centered, weather-centered, and grid-centered-blackout). The criteria for grouping LOOP events are based on the guidance provided in NUREG/CR-5032, "Modeling Time to Recovery and Initiating Event Frequency for Loss of Off-Site Power Incidents at Nuclear Power Plants," January 1988 (Reference 6). LOOP frequencies were calculated for these groups.

Initiating event frequencies for the General Transients and Loss of Coolant Inventory categories of initiators use plant-specific data in combination with generic data for those initiators for which reasonable plant-specific data are available (e.g. initiators that result due to a failure of mechanical hardware). Because of the lack of plant-specific data associated with pipe breaks, recent industry studies have been used for the Loss of Coolant Inventory. The overall goal is to develop Initiating event frequencies that are both plant-specific and more realistic.

To this end, Initiating event frequencies for General Transients were updated with plant specific data using the Bayesian update process. Loss of Coolant Inventory initiators, which includes various sizes of LOCAs, High Energy Line Breaks and Steam Generator Tube Rupture events, were updated based on recent industry work. In some instances, frequency estimates documented in NUREG/CR-5750, "Rates of Initiating Events at Nuclear Power Plants 1987-1995," (Reference 7) were retained when review of subsequent industry data did not justify an update.

The CPNPP common cause failure data contains the Multiple Greek Letter (MGL) parameters and common cause failure probabilities (CCF) for various types of common cause groups. These parameters were originally based on data obtained from the PLG-0500 database. For.revision 3, some CCF values were selected for update using the NRC Common Cause Failure Database and Analysis System along with WCAP 16187-P, "Re-Classification of Common Cause Failure Events," (Reference 8). Specifically, CPNPP explicitly models CCF for the emergency diesel generators (EDGs). The startup transformers are not considered for CCF as they are of different design and manufacturer.

Appendix to TXX-09026 Page 3 of 11 October 29, 2009 Quantification of human errors is accomplished by performing a human reliability analysis (HRA) for each human action identified in the PRA;including latent human errors, dynamic human errors, and recovery actions. For each dynamic and recovery action, the HRA analyst identifies the most restrictive conditions under which the action may have to be performed.

Restrictive conditions considered include such things as: the operator stress at the time of the action, the environment in which the action is performed (for local actions only), the complexity of the action, the procedural guidance available, the cues which inform the operator that the action is required, the potential conflicts experienced in performing the action and the time' availableto perform the action. This information is factored into the methodology for calculating a failure probability. Interviews and, when possible, simulator observations are conducted to verify the results of this analysis. In addition to the dynamic and recovery actions, the probabilities of maintenance errors, calibration errors, and restoration errors, occurring prior to the event, are similarly estimated. HRA results were calculated and documented using the EPRI.

HRA Calculator software.

Truncation Assumption A curve was generated from the results of quantifying the PRA model at different truncation limits. The curve indicated, as expected, that successive changes in truncation level will result in smaller and smaller changes in results. Judgment is that the truncation level should be low enough such that 95% of the total result is captured.

Based on this acceptance level, a truncation level for core damage frequency (CDF) (1E-11) and LERF (1E-12) is deemed acceptable. For an increase of a decade in chosen truncation levels for both CDF (1E-10) and LERF (1E-11), the increase in the result was found to be less than 5%.

IPEEE Fire and Wind Analyses Individual Plant Examination of External Events (IPEEE) Fire and Wind Analyses CPNPP completed the fire and wind PRA studies to address these External events as per the IPEEE. The studies have not been updated since that time; however, these analyses were reviewed and deemed to be acceptable for the current work of assessing the impact on CDF for the proposed extended Completion Time (CT) of 14 days.

Since the completion of the IPEEE, there have been changes to the plant configuration and procedures. These changes would tend to lower the IPEEE Fire and Wind results as they have been shown to lower the values of CDF and LERF for Internal events and Internal Flooding.

Further, for this submittal, a walkdown of cable routes from the startup transformers to the four (4) Unit safety-related 6.9kV switchgears was performed. No new fire sources were identified that could affect those cable routings. Similarly, based on walkdowns, no new tornado (High Winds) missile impacts were identified due to changes in plant configurations. Therefore, the IPEEE Fire and Wind assumptions and analyses can be used to reassess the proposed one-time, 14-day CT extension request as described in this submittal.

IPEEE Seismic Margin Analysis It is noted that the seismic PRA margin analysis was created in support of the IPEEE. The studies have not been updated since that time; however, this analysis was reviewed and deemed to be acceptable for the current work of assessing the impact on plant risk for this extended CT.

Appendix to TXX-09026 Page 4 of 11 October 29, 2009 A.

CPNPP PRA Model Quality Reviews.

To ensure a high-quality PRA and.to provide quality control to the update process, independent reviews were conducted on the CPNPP PRA model. These reviews included a detailed assessment of the model by NRC in support the CPNPP Risk Informed In-service Testing (IST) Pilot Project. A summary of the five most recent reviews are provided below.

1.

Westinghouse Owners Group (WOG) Peer Review The first review was the WOG Peer Review on the Revision 2 Model of Record.

The final report, issued in March 2002, summarized the team's findings by assigning a consensus grade of 3 for each of the PRA elements, with four of those grades contingent on implementation of recommended improvements or equivalent actions. The elements for which grades were contingent were Initiating Events, Accident Sequence Evaluation, Human Reliability and Containment Performance. Fact and Observation Regarding PRA Technical Elements (F&O's) of A and B significance levels have all been resolved.

Additional F&O's (C and D) have either been resolved or have been entered in the continuous update database to track completion of recommended improvements.

The overall assessment of the peer team indicated "the Comanche Peak PRA can be effectively used to support risk significance evaluations with deterministic input, subject to addressing the items identified as significant in the technical element summaries and Fact and Observation sheets as appropriate for the specific applications."

2.

Evaluation of Systems Analysis The second review, an evaluation of the Systems Analysis (SY) element of the PRA Model, was done in 2004 prior to a major model update. American Society of Mechanical Engineers (ASME), "Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications," ASME RA-S-2002, April 5, 2002 was the standard used. This was an internal assessment of the CPNPP system notebooks that identified gaps relative to the ASME standard and proposed document improvements. No gaps were identified relative to technical adequacy; improvements were entered in the continuous update database.

3.

PRA Update Review During the PRA update process in 2004 that involved development of significant model changes, a self-assessment was planned and executed to provide peer feedback prior to final approval. The model of record (Rev. 2) was formally reviewed using the WOG peer review process and the team included two peer reviewers (from Wolf Creek Plant and South Texas.Plant). The assessment objective was to determine whether the PRA update (CPNPP interpretations and implementation) would remain consistent with industry modeling approaches and standards. The review scope included incorporation of the WOG 2000 Seal

Appendix to TXX-09026 Page 5 of 11 October 29, 2009 LOCA model, changes to the CPNPP LOOP frequency calculation and associated convolution analysis and changes to the CPNPP support system initiating event fault tree analysis. Review results confirmed the technical quality and adequacy of the CPNPP PRA model with the inclusion of the major changes would be maintained in a way that continued to support risk informed applications.

4.

Focused Independent Reviews Two reviews were conducted by outside consultants utilizing the quantification element of the ASME Standard. Because these reviews were conducted in the same time frame and used the same criteria, they were consolidated in a single report to document responses to F&O's. The focused independent industry reviews of the Revision 3 changes were completed in the spring of 2005. The major model features addressed in these reviews included the RCP Seal LOCA model update to the WOG 2000 Model Revision 1A (which incorporated the NRC's Safety Evaluation Report (SER) comments), the thermo-hydraulic (T-H) analyses associated with seal LOCA scenarios, the LOOP model changes, and the quantification process. This review was based on ASME PRA Standard. No category A or B F&Os were identified by this review. All other F&O items were resolved and incorporated into Revision 3B of the model as appropriate.

5.

Mitigating Systems Performance Index Reviews In April 2006, CPNPP completed the Mitigating Systems Performance Index (MSPI) which included a cross comparison and assessment of monitored components as a means to address PRA quality issues. The comparison revealed two potential outliers: 1) High Pressure Safety Injection (HPSI) Chemical and Volume Control System (CVCS) pumps and 2) Low Pressure Safety Injection (LPSI) Residual Heat Removal (RHR) pumps. These outliers were reviewed in detail with the NRC's MSPI expert panel and found to be acceptable based on valid design and modeling considerations. CPNPP results for alternating current (AC) power were found to be consistent with industry results.

B.

Conformance to RG 1.200 The technical adequacy of the baseline PRA model has been verified through review of legible, retrievable documents that provide sufficient detail to support risk informed applications. In addition to detailed documentation, technical adequacy has been demonstrated through self-assessment, independent reviews, and a deliberate process for managing PRA model updates. These efforts maintain quality and consistency with industry consensus standards and are further described in subsequent paragraphs.

R.G. 1.200 Self-Assessment Process The self-assessment of the CPNPP PRA model was done in 2007-2008. It utilized industry consensus standards that were compiled in a structured access database. The database, ePSA Standard Assessment Tool, was developed by EPRI specifically for this purpose.

Incorporation of these criteria in the database provided a worksheet form to use for reviews. Initial preparation for the self-assessment involved identifying where NRC clarifications were applicable and capturing results of prior reviews in the worksheet.

These steps enhanced the worksheets to allow a snapshot of the applicable criterion and

Appendix to TXX-09026 Page 6 of 11 October 29, 2009 results from various reviews that had already assessed the subject criterion. Reviewers utilized the capability of ePSA to attach comments to a given worksheet to add information pertinent to the criterion. Comments typically added NRC clarifications, descriptive information excerpted from PRA documents and status of PRA impacts and actions.

The results from prior reviews were input into the self-assessment portion of the worksheet, taking care to identify appropriate PRA source documents. Results from another earlier review (an informal review to assess MSPI identified criteria) were also incorporated in the worksheet.

The worksheets were reviewed in two stages by PRA analysts within the Risk Assessment & Applications (RAA) department. Both reviewers were experienced in PRA methods. One of the reviewers was new to CPNPP but had significant PRA experience from another Westinghouse PWR plant. The following outlines the self-assessment process.

1.

A standard reference list was developed and a master document list established to provide a common basis for reviews. The freeze date was set to October 22, 2007.

2.

A pre-assessment meeting was held with the reviewers and the group supervisor to discuss the scope and primary objectives. The scope was the PRA model as represented in the master list. Three objectives were discussed.

Determine the capability category satisfied based on the cited standards and note which references (documented review results or PRA documents) provided evidence; Provide concise descriptions of how the CPNPP PRA satisfies the criteria and status pending impacts; and Recommend whether further action is needed (including document completion).

3.

The first review stage was primarily a document search to confirm the PRA model, as documented, addressed the subject criterion at the highest achievable capability category. In cases with a single criterion (for the three categories,)

category 0 could occur. Review outcomes were noted as Satisfactory or Gap. A recommendation for documentation improvement could accompany either of these designations.

4.

The second stage of the review involved either review by a second reviewer or discussion of the results with the group to confirm the findings.

5.

Findings then underwent a final review to determine their impact on technical adequacy of the PRA. All gaps, whether technical or strictly documentation, were identified to be tracked internally (in the continuous update database).

Gaps in demonstrating technical adequacy were characterized to identify any immediate, substantive impact on the PRA model requiring action, or to identify them as requiring review relative to risk informed applications. Thus, results were placed in three categories:

Substantive Gaps. Gaps in demonstrating that the PRA has been performed in a technically correct manner--identified for resolution under a SmartForm. Technical correctness implies:

Appendix to TXX-09026 Page 7 of 11 October 29, 2009 a) Capability to support applications, representation of the as-built and as-operated plant, b) Development consistent with good industry practice, reflecting dependencies and reliance on operator actions, and c) Estimation of probabilities and frequencies consistent with definitions in the logic model.

Review Gaps. Gaps relating to state-of-the-art PRA technology issues or the appropriateness of assumptions and approximations in the PRA model-fully documented in the final report and tracked internally to facilitate assessment relative to applications. Documentation includes assessment (or reference to an assessment) of current applications and information sufficient to support assessment of future applications.

Document Gaps. Gaps relating to improvements in documentation to better support internally tracked issues to ensure they are addressed with future updates.

A gap analysis compared the documentation and modeling of CPNPP Rev. 3C PRA model against the ASME RA-Sb-2005 "Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications," (Reference 9), hereafter called "the Standard." The objective of the comparison was to determine which elements of the model did not meet at least Capability Category II of the Standard. The results of this comparison demonstrate that the model generally meets at least Capability Category II for most of the supporting elements. Most of these Gaps could be eliminated by more detailed documentation or programmatic guidance. Gaps in modeling detail or capability were generally confined to the Internal Flooding (IF) and LERF elements. The modeling Gaps are generally due to the age and associated conservatism of the model, e.g., LERF, or that some elements of the Standard were beyond the scope of the PRA original analysis (e.g.,

Internal Flooding).

The following provides a summary of the results for each area reviewed. The identified Gaps and an assessment of their impact on this submittal are provided.

Initiating Event Analysis:

The current documentation generally meets Capability Category III requirements. There was one Gap, IE-A4a, which can be fixed by a minor change to department guideline.

There is also one comment related to IE-B5. This comment can be resolved by a minor change to department guideline, none of these gaps impact this submittal.

Accident SequenceAnalysis:

The current documentation generally meets Capability Category III requirements. There was one Gap, AS-C3, which can be fixed by upgrading identification/documentation of uncertainties and related assumptions. There are two additional comments. One comment is related to AS-B3. This comment can be resolved by-identifying PRA documents that reference the source. The other comment is related to AS-C2. Some minor document corrections were identified for accident sequence calculation. The one identified Gap associated with assumptions and uncertainty has been addressed explicitly in this submittal through the use of sensitivity cases. No other Gaps impact this submittal.

Appendix to TXX-09026 Page 8 of 11 October 29, 2009 Success Criteria Analysis:

The current documentation generally meets Capability Category III requirements. There was one comment, SC-B5, which can be resolved by more explicit documentation of comparisons/benchmarks of Modular Accident Analysis Program (MAAP) runs. The desktop instruction should consider requiring simple explicit checks against similar plants/previous runs when new analysis is performed. There are no Gaps affecting this submittal.

Systems Analysis:

The current documentation generally meets Capability Category III requirements.

Reviews identified eight Gaps; five related to documentation and three identifying the need for further review.

Systems analysis for the CPNPP PRA was found to include the causes of system failure and unavailability modes represented in the initiating events analysis and sequence definition. Fault trees have been developed for each system based on their use and requirements as set forth in the accident sequence analysis. Systems analysis is reasonably complete based on review of the supporting requirements. Findings revealed that modeling relative to the required system functions is plant specific, detailed and, to a large degree, realistic. Review results confirmed supporting requirements including these SY-A attributes:

pertinent as-built, as-operated system information is incorporated, limitations are defined, boundary definitions are aligned with component failure data, modularization is appropriately implemented with consistent nomenclature, variable success criteria are incorporated, all failure modes are considered, exclusions are justified (or meet screening criteria),

human failure events are modeled, and out-of-service unavailability for components is modeled.

Treatment of common cause failures and intersystem and intra-system dependencies is reasonably complete. Common cause failures are incorporated in system models and exclusions are appropriately documented for the listed component group candidates.

Common cause failures are incorporated into the system model according to defined CCF grotips consistent with data analysis. System dependencies are accounted for through the use of a linked fault tree. System analysis applies success criteria and timing that are based on realistic plant-specific analyses. Related to SY-B, other considerations in the analysis included:

identification of spatial and environmental hazards, support system interfaces needed within the mission time, supports, systems or conditions required for initiation and actuation, and operator interface dependencies.

Systems analysis is documented consistent with the applicable supporting requirements.

Based on SY-C review, the system notebooks were found to document the system functions and boundary, the associated success criteria, the modeled components and failure modes including human actions, and a description of modeled dependencies including support system and common cause failures, including the inputs, methods, and results. Reviews concluded that the systems analysis is documented in a manner that facilitates PRA applications, upgrades, and peer review.

Appendix to TXX-09026 Page 9 of 11 October 29, 2009 There was one Gap, SY-A22, which dealt with modeling the repair of hardware faults and the limited justification through analysis or examination of data. As DG and offsite power recoveries are used in the PRA model, these recoveries are explicitly assessed for their impact on this submittal through a set of sensitivity cases. The second Gap identified dealt with reviewing NUREG/CR-5485 (Reference 10) with regard to screening review and documentation of common cause exclusions. The major plant components of interest are the DGs and cooling water pumps, as they impact the results associated with this submittal, and they were reviewed and determined to be adequately addressed. The CCF analysis was based on updating the original PLG-0500 values using as appropriate the NRC CCF database and analysis system along with WCAP 16187-P.

Human Reliability Analysis:

The current documentation generally meets Capability Category III requirements. Gaps were identified and can be categorized in two areas, 1) level of detail/analysis of dependencies, no documentation of dependencies on recoveries, and 2) some HRA values based on screening methodology. A dependency assessment was performed for combinations of human actions that were found in the quantification results, although the documentation/rigor of those analyses may not have met the current expectation of R.G. 1.200 assessment. Recoveries were addressed from a dependency viewpoint by assuring the shift is adequately staffed to perform the repair/recovery actions credited in the PRA model based on minimum plant staffing. The current PRA model contains some HRA values based on screening values. As part of the last PRA model update the dominant human interactions were identified and re-quantified (if required) using the EPRI HRA Calculator code. The remaining "screened" human interaction events will not adversely impact the conclusions of this submittal. There are no Gaps that impact this submittal.

Data Analysis:

Reviews identified Gaps related to analysis and documentation improvement. The Gaps cover:

1.

Groupings based on service conditions,

2.

Update the data analysis to reflect the latest availability information,

3.

Additional ooeratine experience needs to be incornorated into the data analysis because the original estimates provided by Maintenance and Operations may not reflect actual experience. Failure to update unavailability durations could eventually result in failure to meet the requirements-of Category I through II, Collected and analyzed plant specific recovery data, and Reviewing the resulting distribution on a sample basis, reviewing the 5th, 95th, and means for unusual distributions.

4.

5.

These Gaps should not significantly affect theconclusions provided in this submittal. In general, the plant has not significantly changed its test and maintenance practices since the last update. From work done in support of Maintenance Rule criteria development and MSPI implementation; estimates of unavailability have tended to be over-estimated in the PRA when compared to actual plant experience. The current model update process will incorporate additional operating experience where available for both reliability and unavailability data.

Those components/recovery actions that may be of importance to this submittal have been the subject of sensitivity cases. These include: reliability of the EDG, turbine driven auxiliary feedwater (TDAFW) pump, transformers and station service water (SSW) pumps; maintenance unavailability of the EDG, SSW pumps and TDAFW pump;

Appendix to TXX-09026 Page 10 of 11 October 29, 2009 probability of LOOP; important faulted equipment recoveries; and Initiating Event Frequency for plant-centered and weather-centered LOOPs. There are no Gaps that impact this submittal.

Internal Flooding Analysis:

Most of the analysis and documentation generally meets Capability Category III requirements. Most of the remainder is documentation related. There are 3 Gaps that are Capability Category I or less. These Gaps are due to the age and related conservative nature of the analysis. They include: 1) PLG-0500 (i.e. generic data) was used for flooding frequencies; 2) maintenance or repair induced floods are outside the scope of the current flood analysis; and 3) LERF is outside the scope of existing analysis.

The conclusion of the Internal Flood assessment for this submittal was that no new scenarios would be created by the extended CT not currently addressed in Internal Flooding analysis. Therefore, no change in the conclusions of the submittal would occur due to these Gaps.

Quantification Analysis:

Reviews identified Gaps related to analysis and documentation improvement. An evaluation of the Gaps shows that none of them impact this submittal.

HLR-QU-A was determined to be at Capability Category III. Reviews identified one Gap on the state of knowledge correlation.

HLR-QU-B was determined to be at Capability Category III: no Gaps were identified.

HLR-QU-C was determined to be at Capability Category III: no Gaps were identified.

HLR-QU-D was determined to be at Capability Category III. Reviews identified one Gap related to documentation.

HLR-QU-E was determined to be at Capability Category I. Reviews identified four Gaps - the Gaps indicate that sources of uncertainty and related assumptions need to be reviewed and documented according to the NRC definitions and EPRI 1009652 "Guideline for the Treatment of Uncertainty in Risk-Informed Application: technical Basis Document," (Reference 11). For this submittal, sensitivity cases were done to address key assumption.

HLR-QU-F was determined to be at Capability Category I. Reviews identified four Gaps, one on documentation (sources of uncertainty and related assumptions), one calling for more explicit discussion of the limitations of the quantification process and the remaining two on application of cutset review definitions, specifically with regards to the definition of "dominant." These issues do not affect the conclusions of this submittal.

LERF Analysis:

About half of the analysis and documentation generally meets Capability Category III requirements. The remaining half is Capability Category I or less. Most of these Gaps are due to the age and related conservative nature of the analysis. That is, updating the analysis to current best estimate methods (i.e., minimal conservative assumptions) would resolve these issues. Although, there are conservatisms in the existing LERF analysis, the affect of this CT extension request impact on LERF can be adequately assessed using the current model.

Appendix to TXX-09026 Page 11 of 11 October 29, 2009 C.

Summary of PRA Model Scope and Quality and Conformance to RG 1.200 The above evaluations show that the CPNPP PRA model is of sufficient scope and quality to adequately address the salient risk aspects of the XST2 AOT LAR. The various reviews and self-assessments of the model provide a high level of confidence that the plant events, plant systems and plant data analyses are appropriately modeled to properly address the consequences of various initiators with the startup transformer (XST2) out-of-service.

In addition, the gap analysis RG 1.200 self-assessment shows that there are no gaps that would limit the capability of the model to address the implications of this amendment request. Because there are uncertainties in the various aspects of the model and its quantification, certain sensitivity studies were performed as part of this evaluation. These sensitivity studies show that there are no uncertainties that significantly affect the conclusion of the baseline evaluations.

References:

1.

Regulatory Guide 1.200, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," Revision 1, January 2007.

2.

IEEE -500," Guide to the Collection and Presentation of Electric, Electronic, Sensing Component, and Mechanical Equipment Reliability Data for Nuclear-Power Generating Stations," 1984.

3.

EPRI-TR-1100398, "Loss of Offsite Power at US Nuclear Power Plants Through 1997,"

April 1998.

4.

EPRI-TR-1002987, "Loss of Offsite Power at US Nuclear Power Plants Through 2001,"

April 2002.

5.

EPRI-TR-1009889, "Loss of Offsite Power at US Nuclear Power Plants Through 2003,"

April 2004.

6.

NUREG/CR-5032, "Modeling Time to Recovery and Initiating Event Frequency for Loss of Off-Site Power Incidents at Nuclear Power Plants," January 1988.

7.

NUREG/CR-5750, "Rates of Initiating Events at Nuclear Power Plants 1987-1995,"

February 1999.

8.

WCAP 16187-P, "Re-Classification of Common Cause Failure Events," Rev 0, Dec 2003.

9.

ASME RA-Sb-2005 ADDENDA to ASME RA-S-2002, "Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications," dated December 30, 2005.

10.

NUREG/CR-5485, "Guidelines on Modeling Common-Cause Failures in Probabilistic Risk Assessment," November 1998.

11.

EPRI-1009652, "Guideline for the Treatment of Uncertainty in Risk-Informed Application: technical Basis Document," December 2004.

ATTACHMENT 2 to TXX-09026 PROPOSED TECHNICAL SPECIFICATION CHANGES (MARK-UP)

Page 3.8-2 to TXX-09026 Page 1 of 1 AC Sources - Operating 3.8.1 ACTIONS INk LCO 3.0.4.b is not applicable to DGs.

r ----------------------------------------------- ---------

CONDITION REQUIRED ACTION COMPLETION TIME A. One required offsite circuit A.I Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> inoperable, required OPERABLE offsite circuit.

AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter AND 7--- - ---------

NOTE--------

In MODES 1,2 and 3, the TDAFW pump is considered a required redundant feature.

A.2 Declare required 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from feature(s) with no offsite discovery of no power available offsite power to one inoperable when its train concurrent with redundant required inoperability of feature(s) is inoperable, redundant required feature(s)

AND A.3 Restore required offsite 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> circuit to OPERABLE OR status.

14 days for a one-time outage on XST2 to complete a plant modification to be completed by March 1, 2011.

1 (continued)

COMANCHE PEAK - UNITS I AND 2 3.8-2 Amendment No. 409,4-24, 442-

ATTACHMENT 3 to TXX-09026 PROPOSED TECHNICAL SPECIFICATIONS BASES CHANGES (Markup For Information Only)

Pages B 3.8-8 INSERT

AC Sources - Operating B 3.8.1 to TXX-09026 Page 1 of 2 BASES ACTIONS (continued)

A.3 According to Regulatory Guide 1.93 (Ref. 6), operation may continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. With one offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low FINSERT Aj probability of a DBA occurring during this period.

B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

B.2 Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes the motor driven auxiliary feedwater pumps and the TDAFW pump which must be available for mitigation of a Feedwater line break. Single train systems, other than the turbine driven auxiliary feedwater pump, are not included.

Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable DG.

The Completion Time for Required Action B.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:

a.

An inoperable DG exists; and

b.

A required feature on the other train (Train A or Train B) is inoperable.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B3.8-8 Revision 58 to TXX-09026 Page 2 of 2 INSERT INSERT A An OR statement for a temporary Completion Time is added to the Completion Time above (72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />).

The one-time, 14-day Completion Time is applicable toXST2 only and expires on March 1, 2011.

The 14-day Completion Time applies when making the final terminations as part of the plant modification to facilitate connection of either XST2 or the spare startup transformer to the 1 E buses.

If during the conduct of the prescribed maintenance outage, should any combination of the remaining OPERABLE AC Sources be determined inoperable, current TS requirements would apply.

ATTACHMENT 4 to TXX-09026 RETYPED TECHNICAL SPECIFICATION PAGES Page 3.8-2 to TXX-09026 Page 1 of 1 AC Sources -Operating 3.8.1 ACTIONS

-NOTE-LCO 3.0.4.b is not applicable to DGs.

CONDITION REQUIRED ACTION COMPLETION TIME A. One required offsite circuit inoperable.

A.1 Perform SR 3.8.1.1 for required OPERABLE offsite circuit.

AND NOTE In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

A.2 Declare required feature(s) with no offsite power available inoperable when its redundant required feature(s) is inoperable.

1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from discovery of no offsite power to one train concurrent with inoperability of redundant required feature(s) 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> OR 14 days for a one-time outage on XST2 to complete a plant modification to be completed by March 1,2011.

AND A.3 Restore required offsite circuit to OPERABLE status.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 3.8-2 Amendment No. 4-09,4-24,442,

ATTACHMENT 5 to TXX-09026 RETYPED TECHNICAL SPECIFICATION BASES PAGES Pages B 3.8-8

AC Sources - Operating B 3.8.1 to TXX-09026 Page 1 of 1 BASES ACTIONS (continued)

A.3 According to Regulatory Guide 1.93 (Ref. 6), operation may continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. With one offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

A note for a temporary Completion Time is added to the Completion Time above (72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />). The one-time, 14-day Completion Time is applicable to XST2 only and expires on March 1, 2011. The 14-day Completion Time applies when making the final terminations as part of the plant modification to facilitate connection of either XST2 or XST2A to the 1 E buses. If during the conduct of the prescribed maintenance outage, should any combination of the remaining OPERABLE AC Sources be determined inoperable, current TS requirements would apply.

B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

B.2 Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes the motor driven auxiliary feedwater pumps and the TDAFW pump which must be available for mitigation of a Feedwater line break. Single train systems, other than the turbine driven auxiliary feedwater pump, are not included.

Redundant required feature failures consist of inoperable features

,(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-8 Revision

ATTACHMENT 7 to TXX-09026

SUMMARY

OF REGULATORY COMMITMENTS to TXX-09026 Page 1 of 1 Regulatory Commitment Summary Number Commitment Due Date/Event 3792121 The temporary power diesel generators provided for each Unit will be During the 14-day verified available to provide power to equipment for long term cooling Completion Time.

once per shift.

3792145 During the one-time, 14-day Completion Time for XST2, one set of During the 14-day temporary power diesel generators (TPDG) will be provided for each Completion Time.

Unit.

3792165 All four Emergency Diesel Generators (DGs) and both turbine driven Within two weeks auxiliary feed water pumps (TDAFWP) will be verified OPERABLE prior to the start within the two week period prior to the start of the one-time, 14-day of the 14-day Completion Time.

Completion Time.

3792166 All routine or elective testing and maintenance activities affecting the During the 14-day switchyards and relay houses (with the exception of operator rounds),

Completion Time.

EDGs, TDAFW Pumps, SSW Pumps, XST1 and work activities along the route associated with power and control cabling for XST1 will be suspended for the duration of the one-time, 14-day Completion Time.

3792168 Roving hourly fire watches along the route associated with power and During the 14-day control cabling for the in-service startup transformer, XST1, will be Completion Time.

established for the duration of the one-time, 14-day Completion Time.

3792169 Plant modification activities requiring the use of the one-time, 14-day Administrative Completion Time will be planned so as to minimize the probability of controls in place severe weather or grid stress.

within 120 days of NRC approval.

3792197 Local weather conditions and forecasts Will be monitored by Operations During the 14-day twice per shift to assess potential impacts on plant conditions.

Completion Time.

3792171 A walkdown will be completed prior to entering the 14-day Completion Within the two Time to identify any issues that could adversely affect the availability of -weeks prior to the the Emergency Diesel Generators or Turbine Driven Auxiliary Feed start of the 14-day Water Pumps during a seismic event.

Completion Time.

3792177 Access to the switchyards, the relay houses, the EDGs, the TDAFW Prior to Pumps, the SSW Pumps and XST1, will be posted and controlled.

implementation of the 14-day Completion Time.

3792178 CPNPP's Operations Department will contact the Transmission During the 14-day Operator (Transmission Grid Controller) once per day during the 14-Completion Time.

day Completion Time to ensure no problems exist in the transmission lines feeding CPNPP or their associated switchyards that would cause post trip switchyard voltages to exceed TS limits.

3792184 Just-in-time training for affected work groups will be completed prior Prior to to the start of the XST2 outage.

implementation of the 14-day Completion Time.

3792190 Operating and maintenance procedures will be developed and issued Prior to for using XST2A as an alternate startup transformer for XST2.

implementation of the 14-day Completion Time.

Retrieved from "https://kanterella.com/w/index.php?title=CP-200900520,_License_Amendment_Request_(LAR_09-003),_Revision_to_Technical_Specification_3.8.1,_AC_Sources_-_Operating,_for_One-Time,_14-Day_Completion_Time_for_Offsite_Circuits&oldid=5308438"