ML100710755

From kanterella
Jump to navigation Jump to search
Attachment 6 to DCL-10-028, Impacts of PRA Open Items/Gaps on Application
ML100710755
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 03/11/2010
From:
Pacific Gas & Electric Co
To:
Office of Nuclear Reactor Regulation
References
DCL-10-028
Download: ML100710755 (28)
v  d  e


Text

Enclosure Attachment 6 PG&E Letter DCL-10-028 Impacts of PRA Open Items/Gaps on Application

PG&E Letter DCL-10-028 Enclosure Attachment 6 Impacts of PRA Open Items/Gaps on Application The DCPRA is a living PRA, which is maintained through a periodic review and update process. The sections below discuss the review process that the DCPRA had under gone, the status of the disposition/resolution of the findings from the reviews and the impact of those outstanding/open issues from the reviews on the results and conclusions of this study.

Westinghouse Peer Review (Certification)

Peer Review (Certification) of the DCPP PRA model, using the WOG Peer Review Certification Guidelines, was performed in May 2000 and the final report for the peer review was published in August 2000 [Reference 1]. On the basis of its evaluation, the Certification Team determined that, with certain facts and observations (F&Os) addressed, the technical adequacy of all elements of the PRA would be sufficient to support risk significance evaluations with defense-in-depth input relative to the requested Emergency Diesel Generator completion time (CT) extension from the NRC during that time period.

The two "A" F&Os, related to the human reliability analysis (HRA) were addressed by upgrading the methodology used for the evaluation. The upgraded HRA analysis was recently subjected to a focused peer review. A discussion of this focused HRA peer review is provided below.

The B F&Os from the WOG Peer Review were addressed during model updates in support of the EDG Completion Time Extension (CTE) license amendment request (LAR), the LAR effort to extend the Completion Times (CTs) for several emergency core cooling system (ECCS) components, and the MSPI calculations. The updated DCRA model in which issues related to the B F&Os from the WOG Peer Review were addressed is the DC01 PRA model. There are no outstanding issues (B F&Os) from the WOG Peer Review.

DCPRA Gap Analysis In addition to the WOG Peer Review, three recent limited scope and independent assessments of the DCPP PRA Level 1 and Level 2 PRA models have been performed by leading industry PRA experts (i.e., Gap Analyses) to support several risk-informed applications, including the MSPI calculations and DCPP's transition to the National Fire Protection Association (NFPA) 805 Standard [Reference 2].

Review and Re-evaluation of DCPP Internal Flooding Hazards 1

PG&E Letter DCL-10-028 Enclosure Attachment 6 The Diablo Canyon Internal Flood PRA (Reference 3) was reviewed by Scientech/Jacobsen Engineering (Reference 4) to identify any specific weaknesses in its approach or implementation which might impair its ability to be used for risk informed decision making. The approach for the review was to compare the method of implementation and documentation of the existing Internal Flooding PRA with the requirements of the ASME PRA standard Addendum B (March 17th 2005 Draft)

(Reference 5).

Most of the review comments/finding was on the lack of documentation or related to the approaches not affecting the offsite power sources such as the 230kV power supply.

Table 1 summarizes the issues/deficiencies from the review and recommendations for improvement in some of the areas of the DCPP Internal Flooding PRA for the PRA to meet at least the Capability Category II requirements. The expected impact of these issues on the application is also provided. There are no open issues that would impact the results and conclusions of this evaluation.

2

PG&E Letter DCL-10-028 Enclosure Attachment 6 TABLE 1. Summary of DCPP Internal Flood Analysis Areas for Improvement (Table 2-1 of Reference 4)

Supporting Summary of Existing DCPP Internal Recommendation for Improvement to Expected Impact on Requirement Flood PRA Approach (Reference 3) meet Standard Application from ASME and Nature of Associated Deficiency Std with Respect to ASME Std IF-A4 A plant walk down was conducted as part of the Analysis needs to be brought up to date by repeating Documentation issue and no IF-B3a Rev 0 analysis to collect additional information to procedure performed for Rev 1 analysis. impact on application is IF-C9 confirm previous documentation and judgments Since that last comprehensive walkdown was expected IF-A3 on the flood sources and potential impact. This performed in 1991 (and not well documented) it is was documented by photographs of important recommended that it is repeated and documented equipment. For Rev 1 analysis an additional using a set flood area walk down sheets and walkdown was conducted (Attachment 6 - checklists.

Reference 3) to confirm information used in the intake structure analysis.

IF-B1 Major flood sources in each area are identified by See recommendation for creating flood area Documentation issue and no type (e.g. water piping high/ moderate energy, information sheets in IF-A4 which identified requisite impact on application is steam piping high energy) in table F.4-2. However information. expected specific systems, pipe sizes or external flood sources are not identified.

Potential in leakage is not explicitly identified although it can be inferred from the propagation paths "to" column (Note in some cases the potential for propagation is identified without describing the specific route (doorway opening etc. Where pathway is described no explicit reference is given (e.g. door number)

IF-B1b Table F.4-2 (Reference 3) includes a screening Recommend defining a set of qualitative and Flooding events are not IF-C5 process. However the general screening criteria quantitative screening criteria consistent with the significant contributors to CDF.

IF-C5a used are not well defined and justified and in ASME standard and indicating for each specific flood Most of SSCs which could some cases include judgmental credit for isolation area which particular criteria is applicable. impact the availability of vital 4 of sources before damage/ propagation can occur kV buses and offsite power are and /or drainage capacity. The containment is located in Aux Bldg and TB screened out on the basis that it is designed for areas where a flooding damage LOCA and high energy line breaks in containment is very unlikely. Whether (section F.4.3). screening out or in of such areas in the flooding analysis should not significantly impact the proposed Completion Time extension of offsite power and/or 4 kV bus.

3

PG&E Letter DCL-10-028 Enclosure Attachment 6 TABLE 1. Summary of DCPP Internal Flood Analysis Areas for Improvement (Table 2-1 of Reference 4)

Supporting Summary of Existing DCPP Internal Recommendation for Improvement to Expected Impact on Requirement Flood PRA Approach (Reference 3) meet Standard Application from ASME and Nature of Associated Deficiency Std with Respect to ASME Std IF-C1 Table F.4-2 identifies the flood propagation paths In flood area information sheets (see IF-A4) document Only areas where significant IF-C3b from the source area to an adjacent area ( but no potential propagation paths thru cable penetrations as accumulation leading to further) Section F.4.3.2 provides a general well as doors and HVAC ducts structural failure of barrier discussion Section F.4.3.2 provides a good elements are the SI Pump room general description for each building (turbine, Review flood analysis to identify cases where flood and Charging Pump Room. In intake, auxiliary and fuel handling) of the flood accumulation may occur (or has not been ruled out) these cases one can assume propagation pathways to their ultimate point of and determine if consequences of barrier element that barrier failures may lead to accumulation challenges (e.g. doors or penetration seals) may result damage in adjacent areas in a plant impact which has not been addressed in the where appropriate.

Did not see any reference to analysis of structural current flood analysis. If so perform engineering failures in the analysis although this probably analysis to determine if the barrier element will Flooding events are not because the potential for significant flood withstand the loading significant contributors to CDF.

accumulation in most cases is minimal given the There are no SSCs in or next to plant design Performing the above will satisfy the Cat II SI and Charging pump rooms, requirements. where a flooding could lead to a The only evidence of random barrier element loss of vital electrical buses or failures being considered is in respect of the ASW In order to satisfy Cat III requirements the random offsite power which could room drain check valves. failure of any barrier elements identified as being significantly impact the challenged and with significant consequences of failure availability of the protected vital will need to be addressed. ( See Westinghouse F&O buses or other risk significant type C ) For area which may be susceptible to high SSCs during the proposed energy line breaks determine if barriers and barrier configuration.

elements will be challenged by over pressure and determine consequences of failure.

IF-C2a Automatic or operator responses to terminate Where such features form part of the argument for Consequences of non isolation IF-C6 floods are summarized in the discussion of flood screening or evaluating flood scenarios this information in a timely manner were found location and scenario evaluations provided in should be provided. to be potentially significant for section F.4.3.2 Table F4 Scenarios 45, 46, 53, 54 Specifically recommend evaluating the reliability of SCW, CCW, RWST supply appears to credit manual action for isolation in actions credited in the scenarios 45, 46, 53, 54, 69, 83 floods and AFW pump room order to screen (although it is not clear whether and 84. floods in terms of controlling the the consequences of non isolation are significant). potential for flood propagation or No discussion of flood indication, timing or means gross system impact.. A of isolation is provided. screening analysis is proposed which does not credit isolation, except in the case of the SCW where the flooding rate relative to the volume required to cause 4

PG&E Letter DCL-10-028 Enclosure Attachment 6 TABLE 1. Summary of DCPP Internal Flood Analysis Areas for Improvement (Table 2-1 of Reference 4)

Supporting Summary of Existing DCPP Internal Recommendation for Improvement to Expected Impact on Requirement Flood PRA Approach (Reference 3) meet Standard Application from ASME and Nature of Associated Deficiency Std with Respect to ASME Std damage was judged to be such that the time available would be many hours.

The proposed system realignment (electrical bus and power supply configuration) and plant modification/testing activities during the extended Completion Time should not impact the time available for any operator actions and other human performance factors associated with either terminating or mitigating consequences of a flooding.

IF-C3 Equipment susceptibility to various types of flood Need to include potential damage to junction boxes Impact of high/moderate energy hazard are identified in table F.2-12 of the original treatment due to spray and submergence. line breaks (HELB/MELB) need DCPP flood PRA. In summary this table indicates to be considered for Capability that all electrical components except cables are Category II. An update of the assumed to be susceptible to flood accumulation Internal Flooding Analyses and spray. High energy jet impingement may should evaluate and document cause damage to all electrical components the impact of HELB/MELB.

including cables. No reference to junction box qualification/damage is given and the treatment Impact on conclusions of the needs to be checked. It is not clear that high current application will be energy line break effects have been considered in negligible since offsite and the Revision 1 update onsite power sources not affected.

IF-C3c The results of engineering calculations of Need to identify location of flooding calculations relied An update of the Internal maximum flood heights reported in DCM T-20 upon in the analysis and review underlying basis to Flooding Analysis should (see table F.4.4) are used in the study. For ensure consistency with PRA requirements ( e.g. no determine the applicability of example a maximum flood height of 3" is cited as restrictions on maximum crack size or assumptions design calculations cited in the the reason for lack of flood propagation from the about isolation within specific time) existing Internal Flooding study.

AFW TDP pump room to the AFW MDP pump rooms. When this reference was reviewed the Impact on conclusions of the calculation referred to was not apparent current application will be negligible since offsite and onsite power sources not 5

PG&E Letter DCL-10-028 Enclosure Attachment 6 TABLE 1. Summary of DCPP Internal Flood Analysis Areas for Improvement (Table 2-1 of Reference 4)

Supporting Summary of Existing DCPP Internal Recommendation for Improvement to Expected Impact on Requirement Flood PRA Approach (Reference 3) meet Standard Application from ASME and Nature of Associated Deficiency Std with Respect to ASME Std affected.

IF-C4 Flood scenario development is generally Screening analyses proposed which does address No expected to impact the accomplished in section F4.5.1. However it is not impact of isolation of flood source. Further detailed conclusions of the current clear the analysis has recognized the analyses may be needed if this conservative analysis application since offsite and consequences of flood isolation on system shows high risk contribution. onsite power sources not availability That is isolation of an AFW system affected.

flood may require the CST source to all pumps to be isolated depending upon (the break location).

Isolation of a CCW flood may require partial isolation of the CCW system IF-C5a It appears that DCPP analysis (Table F.4-2 item Further examination of the reliability of the isolation An update of the Internal

23) credits isolation of a large turbine building system, the timing available for operator action, the Flooding Analysis will re-flood prior to propagation to the DG corridor or the integrity and reliability of the doors and drain check examine the Turbine Building fuel oil pump room vaults via drains, and the 12kV valves which protect the EDG rooms, the fuel oil pump flood scenario(s). Since it is room due to the automatic condenser mitigating vaults and the 12kv SWGR room as well as any extremely unlikely that the EDG features. This qualitative argument is used to drainage paths to the outside, is warranted in order to will be affected by TB flooding screen out all propagation scenarios from the screen this scenario (Although extremely unlikely this events, this issue would have turbine building. scenario could lead to a loss of the EDGs and loss of insignificant impact on the offsite power). conclusion of the current application.

IF-D3 Flood scenarios are grouped as follows: If the consequences of isolation of the CCW or AFW is This issue has been partially FL1 - All CCW floods potentially more significant than currently identified resolved. Not expected to FL2 - Charging suction header floods (See IF-E5a) flood scenarios may need to be broken impact the conclusions of the FL3 - AFW OR Fire Water Floods in AFW MDP up in order to recognize specific consequences current application since offsite Room associated with different break locations in order to and onsite power sources not meet cat II or III requirements. affected.

IF-E5a Only three non screened flood scenarios were Need to address potential impact of flooding on HEPs Although a screening HEP value developed for quantification of CDF. Only the included in the internal events PRA including an was used in the scenario, this is CCW scenario which credited isolation (prior to assessment of degradation of instrumentation and not expected to impact the system depressurization ) and in this analysis a access for local actions conclusions of the current 10% probability of failure to isolate was assumed Need to perform more robust justification of flood application since offsite and without any justification on the basis of flood isolation probability used for CCW floods and impact. onsite power sources not indication, event timing, and means of isolation. In affected.

addition the analysis does not appear to address the consequences of conducting isolation which 6

PG&E Letter DCL-10-028 Enclosure Attachment 6 TABLE 1. Summary of DCPP Internal Flood Analysis Areas for Improvement (Table 2-1 of Reference 4)

Supporting Summary of Existing DCPP Internal Recommendation for Improvement to Expected Impact on Requirement Flood PRA Approach (Reference 3) meet Standard Application from ASME and Nature of Associated Deficiency Std with Respect to ASME Std presumably would be lead to at least partial loss of the system. None of the three flood scenario analyses appear to have addressed the potential degradation on operator errors modeled in the PRA associated with the flooding event. (see IF-D3) 7

PG&E Letter DCL-10-028 Enclosure Attachment 6 Self-Assessment of DCPRA Level 1 Internal Events A self-assessment of the Diablo Canyon Level 1 Internal Events PRA was performed by ERIN Engineering and Research, Inc. and the results were published in December 2006 (Reference 6) and then updated in January 2008 (Reference 7). The self-assessment was done with respect to the high level requirements (HLR) and supporting requirements (SR) in the ASME PRA Standard RA-Sb-2005, accounting for NRC interpretations of these requirements per Appendix A and Appendix B of Regulatory Guide 1.200 (Reference 8). One aim of the self-assessment is to identify SR for which the DCPP PRA may not meet the ASME PRA STD RA-Sb-2005 Capability Category II requirements. This category is generally viewed, for a given SR as sufficient capability for most currently envisioned risk-informed applications. The self-assessment did not include the determination of whether the DCPP PRA met the requirements for Large Early Release Frequency.

Table 2 summarizes the disposition/recommended action associated with the SR resulting from the self-assessment, and determines whether the issue associated the SR has any impact on the application. There are no opening issues that would impact the results and conclusion of this evaluation.

8

PG&E Letter DCL-10-028 Enclosure Attachment 6 Table 2 Summary of Suggested Disposition Actions from the DCPRA Gap Analysis (See Table 1 of Reference 7)

Applicable Description and Suggested Disposition Action Expected Impact on Application ASME SRs IE-A7 IE-A7 is met at Capability Category I; precursors are not Calc File H.1.6 updated to directly factored into the model. However, this may be a include discussion of screening pessimistic assessment, since insights gained from past of precursor events.

precursors has been incorporated, so Capability Category II Documentation Issue and no could be appropriate. The set of initiating events modeled is impact is expected believed to adequately represent the spectrum of applicable industry experience, and it is unlikely that not meeting Capability Category II for this SR would have an impact on applications of the PRA. Consider adding a discussion of how initiating event precursors should be addressed to either the H.1.6 calc or to PRA update guidance.

IE-A10, IE- IE-A10 is Not Met. The treatment of dual unit initiators should ASW for Unit 2 only credited if B5, SC-A4a, be reviewed, and the documentation of the basis for the U2 EDGs are operable and can SY-A11 current treatment, or an update, should be developed. support pumps. Vital power cross tie not currently credited.

Calc File H.1.6 updated to include discussion of plant response to dual-unit initiators.

Documentation Issue and no impact is expected. Most of potential dual unit trip events are external hazards (e.g., ocean swell, kelp/jelly fish attacks).

The issue/application involved in this submittal is an internal event in nature (i.e., SLUR/FLUR setpoint, 4 KV UV trips).

SC-A6, SC- While SR SC-A6, SC-B1, SC-B3 are judged to be met, the Both ATWS issue (F&O DA-7)

B1, SC-B3 issues in C-significance F&Os DA-7 and TH-4 might have and PTS issue (under TH-4) significance to particular applications. The impact of these resolved. Calc File E.11 updated should be considered on an application-specific basis until to reflect changes. No impact on resolved application.

SY-A20 To meet SR SY-A20, a confirmation that credited SSCs are Equipment qualification able to operate in all modeled accident scenarios, including discussion to be addressed in those where SSC design basis conditions may be exceeded, Calc File E.17. No impact on is needed. application.

HR-D4 HR-D4 is met with one exception, lack of an established HRA was re-peer reviewed and maximum credit for recovery in the pre-initiator HEPs. findings discussed below.

Although a maximum credit is not assigned, excessive credit is not taken for recovery. Therefore, this SR has been judged to be adequately met. However, this issue could easily be addressed in the documentation.

9

PG&E Letter DCL-10-028 Enclosure Attachment 6 Table 2 Summary of Suggested Disposition Actions from the DCPRA Gap Analysis (See Table 1 of Reference 7)

Applicable Description and Suggested Disposition Action Expected Impact on Application ASME SRs HR-G4 HR-G4 does not appear to be met. The bases for HEP timing HRA was re-peer reviewed and success criteria analyses are not adequately specified in Calc findings discussed below.

G.2; times are specified but the bases for the times are unclear in the calc. (They may be documented in the HRA Calculator). [This assessment is based on information available prior to the re-peer review of the HRA.]

HR-G5 HR-G5 does not appear to be met. The validation of human HRA was re-peer reviewed and action timing is unclear. Calc G.2 refers to operator interviews findings discussed below.

for required times, but it is unclear as to what this covers.

[This assessment is based on information available prior to the re-peer review of the HRA.]

DA-D2 DA-D2 is currently NA since there are no instances of failure SR N/A. No impact events with no applicable generic data. Consideration should be given to developing a process for estimating data for which there is no generic data source, consistent with the DA-D2 requirements, for future application.

DA-D7 DA-D7 is currently NA since there are no instances where SR N/A. No impact existing plant experience data are no longer applicable.

Consideration should be given to developing a process/guidance for dealing with data that are no longer applicable, consistent with the DA-D7 requirements, for future application.

QU-D4 QU-D4 is Not Met. Consideration should be given to adopting Discussion of the review of non-a sampling process for review of non-dominant sequences as significant sequences has been part of the model quantification. included in Calc File C.9.

Documentation issue and no impact on application.

10

PG&E Letter DCL-10-028 Enclosure Attachment 6 Human Reliability Analysis Peer Review To address the findings and observations of an earlier peer review [in particular, the Human Reliability Analysis (HRA) portion] of the PRA (Reference 11), an upgrade of the HRA was performed (Reference 9). A follow-on peer review of the HRA was needed (required by ASME PRA Standard) and was performed by ABS Consulting, Inc. The findings were published in July 2007 (Reference 10).

This peer review identified eighteen elements that did not meet category level II of the PRA Standard. Seven of these were documentation issues or did not affect the results of the application. The remaining eleven were subsequently either dispositioned or were demonstrated to have a negligible effect on the results of this application through a sensitivity evaluation.

The disposition of each open issue from the HRA peer review is presented in Table 3.

11

PG&E Letter DCL-10-028 Enclosure Attachment 6 Table 3 - HRA Peer Review Observations ID L Observation Resolution HR-F2- B Better, more detailed, and more precise accident Generally, such HFEs have 1 sequence descriptions should be provided. The been modeled conservatively, so description should include the all of the preceding it is not expected that the HEPs actions/indications, the initiating events, relevant plant would change. The dependency response, concurrent actions/indications, etc. analysis serves to identify any Especially for actions that may be applied in a variety HFEs that are out of context of sequence conditions, the description should make assumed in the development of clear which one of the conditions forms the basis for the HFE. The dependency the action evaluation. This information is important to analysis has been reperformed evaluate whether the HEP so obtained is later applied and no "out of context" HEPs appropriately in the sequence models. See reviewer were found.

notes for sample action ZHECV1 (Recovery from seismic relay chatter).

HR-F2- B The HRA analysis was largely updated in the spring Although procedure revision 2-1 of 2002. Many of the procedures referenced at that numbers and step numbers may time have been revised since the analysis was first change, the critical steps and performed. It is therefore unclear how it can be recovery steps would essentially concluded that the current assessment represents the be the same and would therefore current, as-operated design. not impact the quantification as such. It is not expected that there had been any significant changes to EOPs since 2002, as the EOPs are standardized. If any additional critical steps have been added, the expected change would be small and bounded by the HEP sensitivity evaluation for this study.

HR-F2- B For the analysis of ZHEFO4 (Fuel Oil Recovery), the Impact of procedural step issue 2-2 most important procedure step in the current for ZHEFO4 and ZHEFO5 is procedures was not identified as part of the tasks to bounded by sensitivity be performed and the evaluation of the execution evaluation. ZHEOR1 are actions errors did not cover it. In the analysis of the not affected by the status of the execution error for ZHEOR1 (SGTR - RCS cooldown 230kV power source. Therefore and depressurization), it was assumed that level the 230kV power supply control in the intact S/Gs was already successful evaluation is not sensitive to since level control for the ruptured S/Gs was changes in this HEP.

successful. However this task was not analyzed and accounted for in action ZHEOX1 either.

12

PG&E Letter DCL-10-028 Enclosure Attachment 6 HR-G2- B On page 2, it is stated that memorized actions use the Documentation issue.

2 HCR/ORE method while on page 4 this is Documentation will be updated contradicted. There it states that both memorized and to clarify that the assumption of time critical actions use the HCR/ORE method. a negligible HEP for entering E-0 Assumption 1 in Section 4.2.3 and Section 5.4 on given a RT or SI does not apply Page 19 indicate that the HEPs for the cognitive part to ATWS.

of early memorized actions (i.e., those associated with reactor trip, reactor trip required, safety injection or safety injection required) can be considered negligible. The reviewers disagree with this assertion. Based on our understanding, this assertion is refuted by simulator data performed for Diablo Canyon and which in part formed the basis for the HCR/ORE model; i.e. for reactor trip under ATWS conditions.

There are also other actions that were assumed to Applicable HEPs for this study have negligible HEPs for the cognitive contribution were reviewed and it was and were not evaluated for cognitive errors (there are determined that the sensitivity a total of 15 actions which have zero values in Table case bounds the impact of 1 for the human cognitive response probability; e.g. including cognitive failure ZHEOR1 for SGTR cooldown and depressurization). probabilities for each applicable This review does not accept the assertion that these HEP.

actions can be assigned zero cognitive error probabilities.

The HCR/ORE model can be interpreted as The DCPP PRA model uses accounting for the time-dependent contribution to CBDTM/THERP for all HEPs.

both cognitive and execution type errors. In actions This methodology accounts for where time-pressures are large, the time-dependent the contribution from time-errors may dominate. However, where such time- independent errors. The pressures are computed to be small, the contribution comments from the observation from time-independent errors should be incorporated; specifically address the time-e.g. execution errors if not negligible. independent impact of execution errors that should be incorporated if time pressures are small. All DCPP HEPs reflect these time independent errors.

HEPs were derived using EXCEL for reactor trip and Documentation issue only.

turbine trip actions and documented in Appendix A, but the HEPs listed in Table 1 for execution errors for these actions are the same as those obtained in Appendix A for cognitive errors.

13

PG&E Letter DCL-10-028 Enclosure Attachment 6 HR-G3- B Due to the short time window available for cognitive HCR/ORE calculated for the 1 diagnosis and decision-making (excluding cue time, HEPs identified in the any other delay time, and manipulation time), some observation to verify if time-actions may be significantly influenced by the PSF for based contribution should be "Time" (e.g., ZHERE5, ZHEPR1, ZHEOE1, ZHERF2, incorporated. All HEPs affected of the 10 sampled are of this type) These actions by the status of the 230kV power were evaluated using the CBDT approach only. For supply were increased by a actions evaluated using the CBDT, the PSF for Time factor of 5.

is accounted for only in the assignment of the level of dependency for recovery. For the evaluation of the initial errors, however, the PSF for Time (which may contribute to the occurrence of error due to the time pressure) is not accounted for in the CBDT tree branches.

HR-G3- B The methodology description provides a brief Documentation issue. Update 2 summary of the CBDT approach (in section 4.2.1) the methodology description and references a 1992 description. The write-up also using the latest EPRI guidance notes a number of modeling assumptions specifically for the use of HRA Calculator.

identified for Diablo Canyon for both cognitive and execution contributions. However, since 1992 much work has gone into standardizing the judgments needed to implement the CBDT approach (see, for example, draft Guidelines for Performing Human Reliability Analyses - using the HRA calculator effectively dated June 2003. The judgments used in the update are not all consistent with the more recent EPRI guidance.

Section 5.3 on Page 19 states that single procedure These actions will not impact the should be selected for PCE but this seems 230kV power supply evaluation inconsistent with EPRI guidance. (see actions results.

ZHEPR1, ZHERF2,).

For Assumption 11 in Section 4.2.3 on Page 9, the AD1.ID2 "Procedure Use and provisions for using check-offs and provisions for Adherence" directs procedure place-keeping are not evident in most of the users to sign off each step after procedures referenced. (e.g., the use of E-1.3 for the is performed and prior to analysis of ZHERF2 and the use of annunciator performing the next step. This response procedure for the analysis of ZHECV1). procedural requirement ensures that placeholding/checkoffs are performed.

14

PG&E Letter DCL-10-028 Enclosure Attachment 6 The stress level is underestimated in some cases High stress is reserved for (e.g., work in radiation environment). The stress level scenarios where the procedural for SGTR sequences is stated in one place as options are exhausted or are not moderate (Modeling Convention 8.1 in Section 4.3.4 successful due to multiple on Page 14) and another as high (Assumption 1 in failures (Functional restoration Section 4.1 on Page 2). procedures). High stress is also related to workload exceeding available manpower e.g. in loss of support system scenarios such as station blackout or loss of instrument air. For SGTR, the stress level assumed is low to moderate. The documentation needs to be clarified.

Regarding Assumption 7 in Section 4.1 on Page 4, Actions important to risk typically not all procedures use the Response Not Obtained involve procedures that are in a format so it is unclear if the THERP tables used are RNO format (All EOPs except for correctly adjusted for all actions. For example, Step some appendices). Neither of 3.h in Appendix B of Procedure OP AP-11 was the HEPs that this finding refers treated in the analysis of the execution error for to directly mitigate a LOCA. The ZHECC1 (CCW heat load reduction) as if the status of the 230kV power procedure is in a columnar or Response/Response supply is not sensitive to these Not Obtained format, while this procedure is not HEPs. Therefore the 230kV written in this format. Another example is the power supply evaluation is not annunciator response procedure used for the analysis sensitive to changes in this HEP.

of ZHECV1 (Control room ventilation recovery).

For Modeling Convention 6 in Section 4.3.4 on Page A factor of three difference 13, the reviewers do not believe that NUREG/CR- between short and long HEPs.

1278 intended that the first 10 steps of a long list can With credit for recoveries, this be assumed to be from a short list. (e.g., in the factor of three is reduced to a analysis of ZHERF2). factor of 1.5 in the case of ZHERF2. This HEP is not affected by the status of the 230kV power supply. Therefore 230kV power supply evaluation is not sensitive to changes in this HEP.

Section 5.1 on Page 15 states that most errors of Use of the word typical in the commission which use Table 20-12 should select documentation does not imply Item 3 but this is not what is used in the actions that all selections from table 20-reviewed. Seldom is Item 3 selected. 12 should use Item 3. This is a documentation issue.

The sequence descriptions do not always identify all Original determination of of the preceding and concurrent workload was based on operator events/actions/indications, and as such the operator interviews. This determination work load and distractions involved may be was made independent of underestimated and unaccounted. sequence desription detail. This is a documentation issue.

15

PG&E Letter DCL-10-028 Enclosure Attachment 6 Credit for recovery (e.g., due to self review for the This observation refers to cognitive error and consideration of specific ZHEMU3 (Makeup to RWST procedure steps for the execution error) may need to from spent fuel pool). The self be reexamined in some cases. For example, credit review recovery is performed in for self review when performing a local action in a the control room as it involves radiation environment may not be appropriate. reading RWST level indications.

The radiation environment would not impact likelihood of self review.

No recovery was considered for some of the Potential credit for recovery not procedure steps (e.g., opening of one pressurizer taken in the model. The PORV, closing the PORV, etc.) in the analysis of application results are ZHEOR1, although the steps for checking the RCS conservative.

pressure can certainly serve as opportunities for recovery from previous failures.

HR-G3- B The DCPRA considers multiplicative factors on the For spectral accelerations 4 post-trip operator actions following a strong between 1.75 and 2.5g, the earthquake. These factors should be considered operator may be disconcerted screening values because they are not action and confused by equipment and specific. Per requirement SA-B2 of the external structure movement taking place events standard (ANS-58.21-2003), the factors used around him, but he is unlikely to should be justified be physically affected. A multiplication factor of 5 typically was assigned to error rates for seismic events within this range.

For spectral accelerations greater than 2.5g, the operator may be even more anxious and may be physically affected. He may be knocked down or knocked against something; things may fall on him, or the atmosphere may be clouded by dust limiting visibility. It is not expected that operators will be trapped or otherwise disabled by falling objects. A multiplication factor of 30 was used for these cases.

The methodology section does not describe the Detailed analyses had been modeling of actions after a strong earthquake. performed e.g. ZHECT1, ZHECT2 and ZHECT3 (seismic relay chatter) using CBDT.

Detailed analyses for these post-earthquake actions During the development of the should consider the time elapsed since the DCPP IPEEE, all of the operator earthquake, the access routes to control stations routes to remotely actuated outside the control room, and the potential direct equipment were checked for effects of the earthquake on operator conditions. potential blockage resulting from a seismic event. No operator routes were judged as likely to be blocked.

16

PG&E Letter DCL-10-028 Enclosure Attachment 6 HR-G4- A For many of the sample actions reviewed, the Documentation basis for timing 1 reference provided does not document T/H analyses has been updated. In some to support the assumed time available for the action cases, the timing used is based analyzed. The times assumed for occurrence of the on input assumptions for thermal indications is also often not tied to T/H analyses. For hydraulic calculations. For example, action ZHEMU3 states the Tw is 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> example, the time requirement of and references an earlier version of G.2. That 10 minutes to isolate a faulted reference does not contain T/H analysis, only an steam generator is based on the unreferenced estimate for the two hour value. analysis assumption used in the Similarly, the assessment of action ZHEPR1 again thermal hydraulic calculation. A references G.2 but there is no T/H analysis to support best-estimate evaluation of the the 16 minute estimate. actual time window to avoid In Section 5.4 on Page 19, the time windows for Time windows for ATWS reactor and turbine trip are noted here. Based on our mitigation would be longer than understanding, these times were originally selected time windows to avoid PORV for the success criteria to avoid a PORV challenge or challenge or SI signal. The use an SI signal, and therefore they may not be of shorter time windows would appropriate for ATWS mitigation. result in a conservative calculation of the HEP.

HR-G7- B From the documentation provided, it is unclear how Dependency analysis was re-1 the sequences listed are determined to contain performed using a higher weight multiple actions. Some cross-reference between split for HEPs (0.5 instead of 0.1).

fractions and HFEs is needed. The analysis assumes 200 internal and 100 seismic/fire that one can identify combinations of action by sequences were reviewed. The revising each HEP to 0.1, and then quantifying the dependency reference in the core damage sequences. By this approach, observation (Dependency sequences with 3 or more actions may be discarded between switchover to RWST prior to qualitative evaluation. The number of core and makeup to the RWST) is damage sequences reviewed individually (100 for modeled as having a high internal events, and 50 each for seismic and fires) for dependency (0.5 conditional dependence between actions is insufficient to ensure failure probability). The 230kV that this does not happen. As an example, small power supply evaluation is not LOCA sequences involving failure of both switchover sensitive to changes in this HEP.

for cold leg recirculation and failure to align RWST supply to the RWST did not appear in the latest dependency analysis reviewed. However, these sequences did appear in an earlier dependency analysis and at that time were judged to be highly dependent.

The dependence analysis does not describe the This observation refers to a lack actions already assessed as completely dependent; of documentation for actions i.e. where the later actions are not credited in the assessed as completely sequence model due to earlier action failures. dependent and modeled as such. Since the dependencies are modeled, this will not affect the application.

Consideration should be given to actions important for Sequences leading to Large LERF and/or containment bypass. Early Release do not have additional operator actions for mitigation of offsite releases.

17

PG&E Letter DCL-10-028 Enclosure Attachment 6 HR-G7- B In the dependence analysis, the HFEs in most The HRA documentation 2 sequences with two or more operator actions were describes the purpose for each judged to be independent or only with very weak of the separate actions.

dependence (i.e., dismissed as low dependence Additional detail is needed in the actions) due to such considerations as "different documentation.

functions (performed for different reasons)," while directed by the same procedures, or "different procedures," etc. In some cases, a common cognitive element may still exist, even though different detailed functions are involved. The basis for these judgments should be examined; e.g. to say which functions and to identify the different reasons.

The dependence analysis documentation suggests The sensitivity case provided that there was a general assumption that if actions increases HEPs relevant to the are directed by procedures with different numbers application by a factor of 5.

they can be considered independent. This is questionable. Other factors, such as time required, increased stress, availability of resources, and common instrumentation, can lead to dependencies between actions. Such dependencies governed by time are noted in the HRA methodology write-up.

In some sequences, the presence of an intervening Not crediting successful successful action (i.e. in the same sequence) can be intervening actions is used to dismiss actions failed in the same sequence conservative. Disposition of this as being only weakly dependent. Successful actions issue will not adversely affect the were not considered in the dependence review. results of this application.

The summary of quantified actions in Table 1 does This is a documentation issue not incorporate any dependencies found in and will not affect the results of attachment A.7. The highest HEP is only 6.8E-2. the application.

Some HEPs are said to be highly dependent on other The sensitivity case provided actions but assigned values of 0.1. High dependence adjusts the dependency impact should be assigned values of 0.5, per Table 20-17 in to 0.5 for actions considered NUREG/CR-1278. highly dependent.

For one selected sequence involving ZHEOE1, the High ZHEMU3 (makeup to the analysis asserts that the action quantification analysis RWST) dependency on itself (using CBDT) adequately considers dependence switchover to recirculation with preceding actions in the sequence. This is not included in the sensitivity correct. Another example of a need to carefully analysis. The 230kV power evaluate the dependence on preceding actions in supply evaluation is not sensitive specific sequences is ZHEMU3. to changes in this HEP.

HR-H2- B For the analysis of recovery actions (e.g., in the case ZHECT1 is an operator recovery 1 of ZHECT1), it is unclear if credit can be taken, when action for seismic relay chatter.

the procedural guidance referenced is not sufficiently The 230kV power supply detailed to determine the operators execution steps. evaluation is not sensitive to Failure mechanism PCF may better be evaluated as changes in this HEP.

item (g) 6E-2, rather than (a) negligible.

The action contained in recovery split fraction RE6A RE6A is a recovery for a loss of is mentioned in the dependency analysis but is not switchgear ventilation. The included in summary Table 1 230kV power supply evaluation is not sensitive to changes in this HEP.

18

PG&E Letter DCL-10-028 Enclosure Attachment 6

  • Observations make reference to the DCPP HRA calculation file.

Level 2 Peer Review The level 2 peer review comments were reviewed for impact on the ECCS completion time LAR. None of the identified issues were determined to have a significant impact on the results of the original evaluation. Table 4 details the open issues and their disposition relative to this application. There are no open issues that would affect the results and conclusions of this evaluation.

19

PG&E Letter DCL-10-028 Enclosure Attachment 6 Table 4 - Summary Resolution for Level 2 Peer Review Comments Issue Met/Not Met Issue Disposition Index LE- Met at CC-1 LE-C2a is Met at Capability Non-modeled actions have small LERF C2a Category I. Post-core-damage impact. Actions may provide additional actions are not modeled. benefits for late release assessments.

Although the treatment of such actions is conservative, the evaluation of potential LERF contributors, as documented in Calc N.1, indicates that it is unlikely that inclusion of post-core damage operator actions would significantly affect LERF insights or conclusions.

LE- Met at CC-1 LE-C2b is Not Applicable to As a result of the rapid progression of C2b Category I. The Capability LERF events, repair of equipment is of Category II/III criteria are not low probability and is not considered in met, and there is no criterion for the PRA model. Thus, the impact on Capability Category I. For the baseline PRA is not considered particular applications in which significant for the overall LERF and the a plant issue might directly impact on the use of the PRA for affect containment systems or application is expected to be small and SSCs that are significant limited to specific component related contributors to LERF, additional applications.

consideration of post-core damage recoveries per EOP actions noted by the re-peer reviewers, and possibly SAMG actions, may be warranted.

20

PG&E Letter DCL-10-028 Enclosure Attachment 6 LE-C3 Met at CC-1 LE-C3 is met at Capability Assumed value of PORV (PSV) failure Category I. The LERF model is has small LERF impact. Note that believed to contain sufficient overall assessment of TI-SGTR is logic to provide a "realistic conservative in that combined impact estimation of the significant of operator action to depressurize the accident progression RCS and mechanical failure to reseat sequences resulting in a large of PSVs is biased low. Model early release." However, the assumption should not impact features listed for Capability application. No credit is taken for Category II are not included. fission product scrubbing when Credit for mitigating actions, feedwater is available. Application fission product scrubbing, and results are conservative.

beneficial failures are not included in the Level 2 model.

Inclusion of the additional features listed would not likely have a significant impact on LERF, since only limited credit could be justified.

LE- Met at CC-1 LE-C8a may not be fully met. Long term survivability of the CFCUs is C8a based on The re-peer review not a concern for LERF. New improved recommendations should be containment sump design addresses sump design addressed to establish that sump concern. The PRA model does survivability issues are not consider the impact of ducting adequately dealt with for the failures on the ability of the reactor LERF model. The Level 2 re- cavity to flood following reactor vessel peer reviewers made several lower head failure. This is not recommendations regarding considered an impact on LERF survivability for the CFCUs and ducting/hatches in the reactor cavity.

LE- Met at CC-1 LE-C9a is met at Capability This scenario that is the primary issue C9a Category I. Credit is not taken here has a very low likelihood at DCPP in the Level 2 or LERF modeling as it requires a low probability core for containment failure-related challenge in conjunction with impacts on equipment simultaneous failure of all trains of survivability. CFCUs and the entire CSS. Credit for operation beyond containment failure is possible however there is no value in developing the justification for modeling this issue as containment failure would be expected following off-site evacuation. While this feature may impact long term core performance the late nature of the failure suggests that the event would not contribute to the plant LERF.

21

PG&E Letter DCL-10-028 Enclosure Attachment 6 LE- Met at CC-1 This item requires that the utility Current treatment is conservative.

C9b review significant accident Upgrade to CC-II would not adversely progression sequences affect the application results.

resulting in a large early release to determine if engineering analyses can support operation or operator actions after containment failure that could reduce LERF.

LE- Met at CC-1 Credit is not taken for scrubbing Neglect of scrubbing may bias LERF C10 in the bypass sequences. result. The SGTR PRA model does not credit scrubbing to remove bypass events from LERF. This is a conservative position and may overestimate the LERF contribution.

Upgrade to CC-II would reduce conservatism but will not change results.

LE-D3 Met at CC-1 IE-C12 cat-II requires realistic Conservative ISLOCA piping failure pending evaluation of ISLOCA probability is used in the DCPP PRA resolution of probability. model. Application results are IE-C12 conservative.

LE-F2 Met at CC-1. The Level 2 re-peer reviewers A discussion of key sources of See noted a lack of evaluation of uncertainty is included in the LAR Reference 12 impact of key sources of submittal.

and Appendix uncertainty on the Level 2 LERF C model. The re-peer report discusses a number of potential sources of uncertainty and impacts. For most PRA applications, it is not likely that such issues will affect LERF insights.

LE-G1 Not Met Documentation issue. Does not effect The LERF analysis shall be the results of the application.

documented consistent with the applicable supporting requirements (HLR-LE-G). The Level 2 re-peer reviewers commented that the existing documentation generally does not meet the LE-G high level requirement.

LE-G3 Met at CC-1 The significant contributors to Documentation issue. Does not effect LERF are documented in the the results of the application.

quantification calc (Calc C.9).

Additional detail as noted for Category II/III is not included.

22

PG&E Letter DCL-10-028 Enclosure Attachment 6 LE-G4 Not Met LE-G4 is not met. Basis is the A discussion of key sources of Level 2 re-peer reviewer's uncertainty is included in the LAR assessment. Consideration submittal.

should be given to developing the recommended evaluation of Key Assumptions and Key Sources of Uncertainty for the LERF model.

LE-G5 Not Met An assessment of limitations of A discussion of key sources of the LERF model that might uncertainty is included in the LAR impact applications has not submittal.

been developed.

LE-G6 Not Met A statement of the quantitative Documentation issue.

definition for significant accident progression sequences has not been included in the documentation.

23

PG&E Letter DCL-10-028 Enclosure Attachment 6 References

1. Diablo Canyon Power Plant Probabilistic Risk Assessment Peer Review Report, Final Report, August 2000
2. National Fire Protection Association (NFPA) 805 Standard
3. PRA Internal Flooding Analysis, Calculation File F.4, Revision 1
4. Review and Reevaluation of Specific Issues of internal Floods Analysis
5. American Society of Mechanical Engineers (ASME) RA-Sb-2003, Addenda to ASME RA-S-2002, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, dated March 17, 2005 (draft)
6. Diablo Canyon Power Plant PRA Self-Assessment (Draft Report), ERIN Engineering and research, December 2006.
7. Diablo Canyon Power Plant PRA Self-Assessment, ERIN P0114060001-2717 R1, January 2008.
8. Regulatory Guide 1.200, Revision 1, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk- Informed Activities, U.S. NRC dated, January 2007.
9. Davis, Earnest G., Human Action Analysis - Failure Likelihood and Range Factor Calculation, Calculation file number: G.2, revision 5, 392 pages, undated but after May, 2006
10. Diablo Canyon Follow-On Peer Review of HRA Update, Final Report, R-1736044-1728, July 31, 2007.
11. Sloane, Barry, et al, Diablo Canyon Power Plant PROBABILISTIC RISK ASSESSMENT PEER REVIEW REPORT - FINAL REPORT, prepared for Westinghouse and Pacific Gas & Electric Company, August 2000.
12. PRA-File C.9, Revision 10, Quantification of CDF and LERF for the DCPP PARA Model, June 2006.

24

PG&E Letter DCL-10-028 Enclosure Attachment 6 References

13. Diablo Canyon PRA (DCPRA-1988)
14. Long-Term Seismic Program (LTSP)
15. Supplement No. 34 to NUREG-0675, dated June 1991.
16. NUREG/CR-5726
17. Sloane, Barry, et al, Diablo Canyon Power Plant PROBABILISTIC RISK ASSESSMENT PEER REVIEW REPORT - FINAL REPORT, prepared for Westinghouse and Pacific Gas & Electric Company, August 2000.
18. U.S. Nuclear regulatory Commission, Staff Evaluation of the Diablo Canyon Power Plant (DCPP) Units 1 and 2, Individual Plant Examination (IPE) - Internal Events Submittal, June 30, 1993.
19. U.S. Nuclear regulatory Commission, Individual Plant Examination of External Events for severe Accident Vulnerabilities, Generic Letter 88-20, Supplement 4, June 28, 1991
20. U.S. Nuclear regulatory Commission, Staff Evaluation of the Diablo Canyon Power Plant (DCPP) Units 1 and 2, Individual Plant Examination of External Events (IPEEE) Submittal, December 4, 1997.
21. NUREG/CR-5750
22. SBO submittal 25

PG&E Letter DCL-10-028 Enclosure Attachment 6

23. Common Cause Failure Database and Analysis System, NUREG/CR-6268, INEEL/EXT-97-00696.
24. Common Cause Failure Parameter Estimations, NUREG/CR-5497, INEEL/EXT-97-01328.
25. Reliability Study: Westinghouse Reactor Protection System, 1984-1995, NUREG/CR-5500 Vol2, INEEL/EXT-97-00740.
26. Calculation File H.4, Revision 3
27. Calculation File H.3 Revision 2
28. Draft NUREG/CR (INEEL/EXT-04-02326), Evaluation of Loss of Offsite Power Events at Nuclear Plants: 1986-2003 (Draft), October, 2004 by S.A.Eide, C.D.

Gentillon, and T.E Wierman of INEEL and D.M. Rasmuson of USNRC

29. EPRI Calculator
30. PRA Calculation File PRA05-05, Re-Evaluation of Selected Split Fractions in Level 2 Model, Revision 0, December 5, 2005
31. Calculation File GF.2, Revision 5
32. PRA Calculation File PRA02-06 Revision 0, EDG 14 day LAR
33. Diablo Canyon Power Plant Probabilistic Risk Assessment Peer Review Report, Final Report, August 2000
34. National Fire Protection Association (NFPA) 805 Standard
35. PRA Internal Flooding Analysis, Calculation File F.4, Revision 1
36. Review and Reevaluation of Specific Issues of internal Floods Analysis
37. American Society of Mechanical Engineers (ASME) RA-Sb-2003, Addenda to ASME RA-S-2002, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, dated March 17, 2005 (draft)
38. Diablo Canyon Power Plant PRA Self-Assessment (Draft Report), ERIN Engineering and research, December 2006.
39. Diablo Canyon Power Plant PRA Self-Assessment, ERIN P0114060001-2717 R1, January 2008.
40. Regulatory Guide 1.200, Revision 1, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk- Informed Activities, U.S. NRC dated, January 2007.

26

PG&E Letter DCL-10-028 Enclosure Attachment 6

41. Davis, Earnest G., Human Action Analysis - Failure Likelihood and Range Factor Calculation, Calculation file number: G.2, revision 5, 392 pages, undated but after May, 2006
42. Diablo Canyon Follow-On Peer Review of HRA Update, Final Report, R-1736044-1728, July 31, 2007.

27

Retrieved from "https://kanterella.com/w/index.php?title=ML100710755&oldid=2559175"