ML110060187

From kanterella
Jump to navigation Jump to search
OU-AA-103, Rev. 15, Shutdown Safety Management Program
ML110060187
Person / Time
Site: Salem, Hope Creek  PSEG icon.png
Issue date: 08/10/2010
From:
Public Service Enterprise Group
To:
Office of Nuclear Reactor Regulation
References
LR-N10-0355 OU-AA-103, Rev 15
Download: ML110060187 (24)
v  d  e


Text

OU-AA-103 Revision 15 Page 1 of 24 PSEG NUCLEAR L.L.C OU-AA-103 Rev. 15 Shutdown Safety Management Program REVISION

SUMMARY

1. Step 1.3 was revised to clarify shutdown operational modes.
2. Step 3.1.2 Deleted approved entries into RED by plant manager (70112373-
70)
3. Added 3.1.3 Plant Manager communication requirements for HRA and outage risk changes to senior managers. (70112373-20)
4. Step 3.2.4 Deleted approved planned entries into Safety Status RED.

(70112373-70)

5. Step 3.3.4 SSM communication of SSRB results to senior management.

(70112373-30)

6. Step 3.4.4 added engineering programs (risk assessment) as part of the SSRB representatives. (70112373-60)
7. Step 3.4.9, added emergent activities as per step 3.3.2. (70112373-80)
8. Steps 3.5.4 deleted final authorization for planned safety status RED.

(70112373-70)

9. Step 3.5.9 Clarified communication with ESOC while performing high risk activities.
10. Step 3.6.3 Added STA responsibilities to inform SSM of any schedule discrepancies relating to Shutdown safety. (70112373-90)
11. Step 4.2.10 changed to new procedure number OU-HC/SA-105. (70112373-100)

OU-AA-103 Revision 15 Page 2 of 24

12. Step 4.3.1 added bullet to obtain approval of HRA using scope control process. Added bullet to inform plant manager of impending HRA activity.

(70112373-20)

13. Step 4.3.5 added plant manager notification for different unplanned color changes. and documentation of ORANGE condition in operations narrative log.3.3.5 (70112373-20)
14. Step 4.5.6 deleted entry into planned Safety status RED conditions.

(70112373-70)

15. Step 4.5.10 Added missing sentence from last revision. (70112373-40)
16. Step 4.5.11 Editiorial added correct procedure number for protected equipment. OP-AA-108-116.
17. Step 4.8.2 changed to new procedure number OU-HC/SA-105 (70112373-100)
18. Step 6.11 Changed to new procedure number OU-SA-105 (70112373-100)
19. Step 6.12 Changed to new procedure number OU-HC-105 (70112373-100)

IMPLEMENTATION REQUIREMENTS: None Effective Date 8/10/10

OU-AA-103 Revision 15 Page 3 of 24 SHUTDOWN SAFETY MANAGEMENT PROGRAM

1.

PURPOSE 1.1 This procedure defines the Nuclear Shutdown Safety Assessment and Management Program (SSMP).

1.2 This procedure applies to the planning, scheduling, and execution of work on a unit already in or expected to be in a shutdown mode of operation. The actual periods of applicability are determined on a site-specific basis in conjunction with the site's On-line Risk process.

1.3 This procedure applies to units in shutdown operation Salem modes 3,4,5,6, defueled or Hope Creek modes 3,4,5, defueled.other than Salem modes 1, 2, 3 or Hope Creek modes 1, 2.

2.

TERMS AND DEFINITIONS

2.1 Available

For the purpose of this procedure a system, structure or component (SSC) along with its necessary auxiliary systems, controls, instrumentation and power supplies is capable of performing its intended function and can be placed in service by manual (simple operator actions) or automatic means within the required timeframe.

2.1.1.

Simple Operator Actions are actions an operator can take that require no support such as closing in a breaker or opening a manual valve. When considering the use of simple operator actions the time required to place the system or component in service to maintain the key safety function should be considered. Actions that require the use of more than 50% of the available time required to maintain the key safety function should not be considered.

2.1.2.

A system or component does not have to be operable as defined in Technical Specifications to be considered available.

2.1.3.

A system or component cannot be considered available if its functionality has been removed ( i.e. clearance applied, drained, breached, etc )

2.1.4.

A clearance, for Operations only, on the power supply breaker for a component is acceptable provided the release paperwork is pre-staged and the field operator has received a pre job brief on the removal of the tag and subsequent closure of the breaker.

2.1.5.

Credit may be taken for temporary alterations (i.e. power supplies), and line-ups provided procedural guidance is available.

OU-AA-103 Revision 15 Page 4 of 24 2.1.6.

Any equipment supporting shutdown safety key safety functions is required to be tested, validating its functionality, prior to the time it is required to be available to support reduced defense in depth.

2.2 Unavailability

Not meeting the availability guidelines.

2.3 Containment Closure: The action to secure primary (PWR) or secondary (BWR) containment and its associated structures, systems, and components as a functional barrier to fission product release under existing plant conditions.

2.4 Contingency Plan: A plan of compensatory actions to:

Maintain Defense-in-Depth by alternate means when pre-outage planning reveals that specified systems, structures, or components will be unavailable.

Restore Defense-in-Depth when system availability drops below the planned Defense-in-Depth during the outage.

Minimize the likelihood of a loss of Key Safety Functions during higher-risk evolutions.

Provide response actions for postulated events that would present a challenge to Key Safety Functions.

2.5 Decay Heat Removal Capability: The ability to maintain reactor coolant system and spent fuel pool temperature and/or pressure below specified limits following a shutdown.

2.6 Defense-in-Depth

For the purpose of managing risk during shutdown, Defense-in-Depth is the concept of providing systems, structures, and components to ensure backup of Key Safety Functions using redundant, alternate, or diverse methods. INPO 06-008 provides additional guidance and philosophy

2.7 Defueled

All fuel assemblies removed from the reactor vessel.

2.8 First Time Evolution: Those activities (affecting Shutdown Safety) that have never been conducted on the equipment.

2.9 Forced Outages: Any outage that requires unit shutdown and entry into modes of operation for which the SSMP is applicable, and were not identified and planned at least one month in advance of the outage.

2.10 High Risk Activity: Activities, plant configurations, or conditions during shutdown where the plant is more susceptible to an event causing the loss or challenge to a Key Safety Function.

OU-AA-103 Revision 15 Page 5 of 24 2.11 High Risk Activity Review: An evaluation of all planned or emergent activities for the purpose of determining the effects of these activities on the Key Safety Functions. Items to be considered when reviewing these activities, as applicable, shall include:

Work that affects equipment or plant configurations associated with a Key Safety Function as defined by the site-specific procedures.

Work that is outside of an established clearance boundary.

Work that could cause an undesirable equipment actuation.

Work that involves equipment that could indirectly impact equipment or plant configurations associated with Key Safety Functions (Instrument Air, Ventilation, heat sink, etc.).

Work on other equipment that is in close proximity to equipment associated with Key Safety Functions.

Rigging and/or transport of heavy loads over equipment associated with Key Safety Functions 2.12 Inventory Control: Measures established to ensure that irradiated fuel assemblies remain adequately covered to maintain heat transfer and shielding capabilities.

2.13 Salem Key Safety Functions:

Decay Heat Removal Electric Power Availability (both On-site and Off Site)

Inventory Control Reactivity Control Spent Fuel Pool Cooling

- Containment Service Water SWGR Pen Area Cooling

- CREACS Control Air

OU-AA-103 Revision 15 Page 6 of 24 2.14 Hope Creek Key Safety Functions:

- Shutdown Cooling Electrical Power Availability (both On-site and Off Site)

- Inventory Control

- Secondary Containment

- Reactivity Control Spent Fuel Pool Cooling 2.15 Limiting Condition for Operation (LCO) 3.0.4.b: LCO 3.0.4.b allows entry into a MODE or other specified condition in the Applicability with inoperable equipment required by TS, provided that a risk assessment demonstrates the acceptability. The risk assessment shall address all inoperable systems and components, consideration of the results, determination of the acceptability of entering the MODE or other specified condition in the Applicability, and establishment of risk management actions, if appropriate. The use of LCO 3.0.4.b is subject to the following limitations.

LCO 3.0.4.b should not be used unless there is a reasonable probability of completing restoration such that the requirement of the LCO would be met prior to the expiration of the ACTION Completion Times that would require exiting the Applicability.

The risk assessment must consider all unavailable TS equipment. The risk impact of inoperable TS equipment not covered by the current risk assessment tools must be qualitatively assessed.

The use of LCO 3.0.4.b is prohibited for certain systems. Refer to station TS.

2.16 ORAM-SENTINEL: A computer-based tool, which is used to assess the Risk Levels associated with plant configurations and outage activities during both the planning and execution phases of the outage. The program uses imported information from the outage schedule or manual user input to calculate the associated risk levels 2.17 Equipment Out of Service (EOOS): A software tool that allows online work activity schedules to be analyzed for the impact on Nuclear Safety. The program receives input from the scheduling tool as well a manually entered parameters.

EOOS process the activity through a Salem or Hope Creek specific model and calculates the overall effects on the nuclear Safety. EOOS uses a probabilistic model and calculates core damage frequency.

OU-AA-103 Revision 15 Page 7 of 24 2.18 Protected Equipment: Equipment (or systems) whose availability has been physically identified as essential to ensure that a Key Safety Function is maintained.

2.19 Pathway (Pathway to Success): A process, power system/train, or plant condition, which helps to maintain one or more Key Safety Functions.

2.20 Protected Pathway: A pathway whose availability has been identified as essential to ensure that a Key Safety Function is maintained.

2.21 Reactivity Control: Measures established to preclude inadvertent criticality, power excursions or losses of shutdown margin, and to predict and monitor core behavior.

2.22 Reduced Inventory (PWR): Water level in the reactor vessel is greater than 3 feet below the reactor vessel flange and fuel in the vessel.

2.23 Lowered Inventory (PWR): Level at or below the vessel flange (independent of RPV head status) and fuel in the vessel.

2.24 Lowered Inventory (BWR): Level at the flange, fuel in the vessel and RPV head detensioned.

2.25 Schedule Changes: A schedule change as it relates to the SSMP is an alteration in the sequencing for removal / restoration of equipment or an alteration in the sequencing of plant configuration changes for those activities that support Key Safety Functions and thus alters their relationship from the previously approved schedule. Shifting of equipment removal / restoration or plant configuration changes forward or backward in time does not constitute a schedule change as long as their relationship to the previously approved sequence in the outage network remains intact.

2.26 Shutdown Safety Categories: The nature of the risk, which is to be evaluated by the assignment of a deterministic Status (color) and/or by the calculation of a probabilistic status. There are four such categories:

Key Safety Function Status: The color of an individual Key Safety Function.

Unit Status: The overall color for the unit as defined in the site-specific procedure.

Planned Status: The "as planned color of a Key Safety Function or Unit Status.

Actual Status: The color of a Key Safety Function or Unit Status resulting from the "as executed" actual plant conditions.

OU-AA-103 Revision 15 Page 8 of 24 2.27 Safety Status (colors): The results of the safety evaluation deterministically from the SFATs and /or probabilistically from the PSSA or PRA as applicable.

These evaluations are made the individual Key Safety Functions. A four-color Safety Status scheme is used which is explicitly defined for each site in their site-specific procedure. A computed color for a Key Safety Function corresponds to the following safety status:

GREEN: Based on the combination of available pathways and activity types a failure or error could be easily mitigated without presenting a significant challenge in that Key Safety Function. This represents optimal defense-in-depth with all or nearly all mitigation equipment available.

YELLOW: Based on the combination of available pathways and activity types a failure or error can still be mitigated but might present a challenge in that Key Safety Function. This represents reduced defense-in-depth with more than the minimum pathways available.

ORANGE: Based on the combination of available pathways and activity types a failure or error would potentially lead to the loss of the Key Safety Function. This represents no defense-in-depth.

RED: Based on the combination of available pathways and activity types the Key Safety Function is potentially not maintained. This represents a condition in which the safety function is not supported relative to its success criteria.

2.28 Switchyard Work: Work in the Switchyard(s) that significantly increases the potential for initiating a Loss of Off-Site Power (LOP) event, or loss of power to a component that may affect shutdown safety.

2.29 System Windows: Time periods during the outage when work on systems or a train is scheduled, and they may be unavailable or degraded.

2.30 Time to Boil: Given the plant configuration, decay heat load, and location of the fuel from the previous operating cycle, the time it would take to reach bulk coolant saturation temperature with no Decay Heat Removal systems in operation. Consider the reactor and spent fuel pool separately or as one body depending on plant conditions.

2.31 Time to Uncover the Core: Given the plant configuration, decay heat load, and location of the fuel from the previous operating cycle, the time it would take to reduce the reactor vessel inventory to the top of active fuel.

OU-AA-103 Revision 15 Page 9 of 24

3.

RESPONSIBILITIES 3.1 Plant Manager Responsibilities:

3.1.1.

Challenge and oversee the execution of outage preparations, defense-in-depth reviews, work activities with elevated risk, and post outage critiques.

3.1.2.

Approve planned entries into Safety Status ORANGE.

3.1.3.

Communicates changes in high risk activities or Outage Risk Changes to senior management.

3.2 Director of Work Management Responsibilities 3.2.1.

Oversight of the station's Shutdown Safety Management Program (SSMP).

3.2.2. Designate the Shutdown Safety Manager and the members of the Shutdown Safety Review Board.

3.2.3.

Establish outage shutdown safety goals.

3.2.4.

Recommends planned entries into Safety Status ORANGE to or RED to the Plant Manager and the Site Vice-President for approval.

3.3 Shutdown Safety Manager Responsibilities 3.3.1. Implement the station's SSMP. This includes the day-to-day performance when the unit is in a mode where the program is applicable.

3.3.2.

Evaluate new notifications in SAP identified as having an impact on key safety functions and convene the SSRB for any impacts that have the potential to result in a change in risk level or duration of risk condition. [70103591 CAPR 2, CRCA 7]

3.3.3.

Chair the Shutdown Safety Review Board.

3.3.4.

Communicate the results of the SSRB to the Shift Manager, Shift Outage Manager and Plant Manager.

3.3.5.

Conduct Shutdown Safety Management Plan orientation with Operations and key OCC personnel prior to each outage.

3.3.6.

Document the results of the SSRB in CAP. [70103591 CAPR 2]

3.4 Shutdown Safety Review Board (SSRB) Responsibilities 3.4.1.

Membership quorum requires three members to conduct business.

3.4.2.

Requires one member holding a current Operating License.

OU-AA-103 Revision 15 Page 10 of 24 3.4.3.

Requires a Nuclear Engineer (NE) / Reactor Engineer (RE) for issues involving the Reactivity Control Key Safety Function.

3.4.4.

Other members could also include knowledgeable representatives from the following departments:

- Operations

- Engineering

- Maintenance

- Radiation Protection

- Chemistry Work Management

- Training

- Engineering programs (Risk assessment) 3.4.5.

Review and approve content (philosophical) changes to the site-specific procedure and outage models.

3.4.6.

The personnel designated to fill the shutdown safety manager role during outage execution should participate on the SSRB whenever possible.

3.4.7.

During the pre-outage planning phase, perform a review of the outage schedule.

The following aspects should be considered:

Major work activities and their relationship to each other so that key systems and components are available to support the Key Safety Functions.

The planned Safety Status assigned to each plant configuration during the outage.

Identification of risk impact of outage activities to the opposite unit, and of the risk impact of opposite unit activities to the outage unit (if applicable).

3.4.8.

During pre-outage planning and preparation complete the following, as applicable:

Approve the High Risk Activity (HLA/HRA) Review that was performed for the outage and specify any additional measures to be taken.

Identify activities or configurations that require Contingency plans. SSMP should also evaluate the need for contingency plans addressing degraded key safety components and single point vulnerabilities.

OU-AA-103 Revision 15 Page 11 of 24 Approve any contingency plans that were developed to support SSMP requirements.

Approve Protected Equipment plans developed to support SSMP requirements.

Specify any training requirements needed to support SSMP activities Specify any meetings at which selected Shutdown Safety information is required to be communicated.

Verify each outage that abnormal or emergency operating procedures (AOPs/EOPs) for mitigating challenges to shutdown safety such as loss of shutdown cooling or spent fuel pool cooling, and other key safety functions, can be performed as written based on the outage schedule and resultant system/equipment configurations. Develop contingency plans when equipment required by the AOPs/EOPs will not be available. The Operations member of the SSRB should perform this verification.

Review all HLA and IPA scheduled during the outage period to ensure they are scheduled to maximize defense in depth.

Ensure all actions required to support SSMP activities are tracked in CAP..

The final SSRB pre-outage assessment report and associated contingency plans should be reviewed by an independent party not associated with the outage plant. This may be accomplished by the sister site, but an industry peer is recommended.

The final SSRB pre-outage assessment report and associated contingency plans should be reviewed and approved by the Plant Operating Review Committee (PORC).

3.4.9.

During the outage execution phase review impact of sSchedule cChanges and emergent activities as per step 3.3.2 on Key Safety Functions and Unit Status.

Approve such changes and/or impose additional changes/requirements, as needed.

3.4.10.

Document all reviews, recommendations, approvals, and other actions taken by the SSRB using Attachment 1 (facsimile).

3.5 Shift Manager Responsibilities 3.5.1.

Maintains overall responsibility for control of the key shutdown safety functions.

3.5.2.

Maintain responsibility for the release and closure of outage and system work windows that have an impact on the key safety functions.

OU-AA-103 Revision 15 Page 12 of 24 3.5.3.

Develop the Protected Equipment plans to support SSMP requirements. Ensure outstanding corrective / elective maintenance orders and technical evaluations of operable but degraded key safety function components are reviewed for impact.

[70103591 CRCA 17]

3.5.4.

Final authorization for planned entries into Safety Status ORANGE. The authorization ensures that the actual plant configuration is consistent with planned configuration when the activity was originally approved.

3.5.5.

Ensures the required Protected Pathways/Protected Equipment as posted.

3.5.6.

Ensures the appropriate Contingency Plans are in place when they are required.

3.5.7.

Ensures that the actual plant configuration is consistent with the planned plant configuration.

3.5.8.

Ensure the required notifications have been made for un-planned entry into Orange or Red Key Safety Function or Unit Status.

3.5.9.

Communicate changes in plant configurations while performing high risk activities when that require offsite power distribution is protected high risk evolutions to Electrical Systems Operations Center. (ESOC) 3.6 Shift Technical Advisor 3.6.1.

Perform periodic review of key safety system configuration against shutdown safety plan to identify any discrepancies. Communicate any discrepancies to the Shutdown Safety Manager and Shift Manager.

3.6.2.

Ensure frequent review of new notifications is conducted by shift management identifying any adverse impact to current risk condition, flagged in SAP, and communicated to the Shutdown Safety Manager and Shift Manager.

3.6.3.

During outage execution, ensures an ORAM risk review of the schedule is performed prior to issuance and any discrepancies are communicated to the Shutdown Safety Manager.

3.7 Program Administrator ORAM-SENTINEL Outage Evaluation Application Mode Responsibilities 3.7.1. Owns the ORAM-SENTINEL Outage Evaluation Models ensuring model accuracy.

3.7.2.

Ensures the appropriate documentation is completed for outage related model changes.

OU-AA-103 Revision 15 Page 13 of 24 3.7.3.

Works with the EOOS On-Line Evaluation Application Mode model owner to maintain accuracy of those model components shared between Outage and On-Line.

3.7.4.

Ensures model availability and functionality, as required to support SSMP needs during both the planning and execution phases of the outage.

4.

MAIN BODY 4.1 Shutdown Safety Management Programs 4.1.1.

SSMP uses as its basis, the philosophy and recommendations stated in NUMARC 91-06, "Guidelines for Industry Actions to Assess Shutdown Management" and INPO 06-08, Guidelines for the Conduct of Outages at Nuclear Power Stations.

4.1.2.

The SSMP is also designed to meet the applicable requirements of 10CFR50.65a(4) and NUMARC 93-01, " Industry Guidance for monitoring the Effectiveness of Maintenance at Nuclear Power Plants ".

4.1.3.

This procedure is not intended to meet the requirements specified in the UFSAR or Technical Specifications.

4.2 Outage Planning and Schedule Development 4.2.1.

Every attempt should be made to build outage schedules with Key Safety Function and Unit Status of GREEN or YELLOW throughout the outage period. Planned entries into Status ORANGE should be minimized.

GREEN conditions do not require any actions.

YELLOW conditions:

Post protected equipment as determined and approved by the SSRB and communicate to the work force.

ORANGE conditions must have:

- Approved contingency plans Protected equipment identified, posted, and communicated to the work force.

Plant Manager approval Site and Corporate challenges 4.2.2.

Time in reduced or lowered inventory should be minimized.

OU-AA-103 Revision 15 Page 14 of 24 4.2.3. Evolutions resulting in reduced inventory should be considered and executed as infrequently performed evolutions IAW HU-AA-1211.

4.2.4.

The availability of systems should be controlled and documented through an approved process or as documented by the SSRB. For those instances where a system is neither drained or disassembled, if the Shutdown Safety Review Board (SSRB) determines that the system or component can be returned to service in the required time, they may declare that the system or component is available after documenting the rationale and approving it using Attachment 1 of this procedure.

4.2.5.

Outage management will conduct a High Risk Activity review, documented in SAP, which will include all of the following:

Work that affects equipment or plant configurations associated with a Key Safety Function as defined by the site-specific procedures.

Work that is outside of an established clearance boundary.

Work that could cause an undesirable equipment actuation.

Work that involves equipment that could indirectly impact equipment or plant configurations associated with Key Safety Functions (Instrument Air, Ventilation, heat sink, etc.).

Work on other equipment that is in close proximity to equipment associated with Key Safety Functions.

Rigging and/or transport of heavy loads over equipment associated with Key Safety Functions.

4.2.6.

First time evolutions should be screened and evaluated for risk impact and, if appropriate, not scheduled during periods of short time to boil.

NOTE:

A mode change or entry into a Technical Specification applicable condition with inoperable Technical Specification equipment using the provisions of TS LCO 3.0.4.b constitutes an emergent condition requiring completion of Attachment 1 of this procedure.

4.2.7.

The risk assessment for LCO 3.0.4.b shall address all inoperable systems and components, consideration of the results, determination of the acceptability of entering the MODE or other specified condition in the Applicability, and establishment of risk management actions, if appropriate. The use of LCO 3.0.4.b is subject to the following limitations.

LCO 3.0.4.b should not be used unless there is a reasonable probability of completing restoration such that the requirement of the LCO would be met

OU-AA-103 Revision 15 Page 15 of 24 prior to the expiration of the ACTION Completion Times that would require exiting the Applicability.

The risk assessment must consider all unavailable TS equipment. The risk impact of inoperable TS equipment not covered by the current risk assessment tools must be qualitatively assessed.

The use of LCO 3.0.4.b is prohibited for certain systems. Refer to station TS.

4.2.8.

A mode change or entry into a Technical Specification applicable condition with inoperable Technical Specification equipment using the provisions of TS LCO 3.0.4.b constitutes an emergent condition requiring completion of Attachment 1 (facsimile) of this procedure.

4.2.9.

Heavy Load Lifts Heavy load lifts shall be assessed for outage impact for lifts that could impact the following (impact to the operating unit for multi-unit plants will be assessed in accordance with WC-AA-101, On-line Work Control Process):

o Irradiated fuel o Equipment whose failure has the potential to drain the RPV. If a dropped load has the potential to drain the RPV, assure that an inventory make-up source would remain available if a drop should occur o Equipment whose failure could result in radioactive release o Equipment whose loss could result in a loss of a decay heat removal safety function o Equipment whose failure would result in elevated risk.

Heavy load lifts should be engineered and/or scheduled such that a dropped load would not cause draining of the RPV, a radioactive release or loss of a key safety function. Evaluation of the potential impact, if such a lift cannot be changed, should be documented.

4.2.9.4.2.10. The ORAM-SENTINEL assessment tool or an authorized alternative should be used to provide Shutdown Safety information during the outage planning process.

Consideration should be given to the effects of external weather conditions (storms, icing, tornadoes, high winds, etc.) for impact to safety functions.

OU-AA-103 Revision 15 Page 16 of 24 4.2.10.4.2.11. For non-Refueling Outages where the SSMP is applicable, program requirements may be relaxed or waived as determined by the SSRB. As a minimum the following are required:

Document the justification and approval for deviation from SSMP requirements using Attachment 1 (facsimile), Shutdown Safety Approval.

Perform a safety assessment in accordance with OU-HC/SA-105HC(SC).OM-AP.ZZ-0001.

4.3 Outage Execution 4.3.1.

When a sSchedule cChange or emergent activity occurs, the outage management organization is responsible for the following:

Review the change or emergent activity for impact on Shutdown Safety.

Perform a High Risk Activity Review.

Obtain review and approval to perform the activity using the scope change request process IAW OU-AA-101-1007 Outage Scope Control Notify plant manager of impending HRA activity.

Notify the Shutdown Safety Manager when a condition that challenges the availability of protected equipment occursemerges.

4.3.2.

Plant and Supplemental workers will be informed of the current Safety Status prior to starting work for the day via applicable station communication tools.

4.3.3.

The operations shift turnover process includes verification by the oncoming shift that the published plant configuration is consistent with current plant status.

4.3.4. Requirements associated with Planned Entry into a more degraded Key Safety Function or Unit Status Color.

YELLOW Post degraded protected equipment as determined and approved by the SSRB and communicate to the work force.

ORANGE:

IMPLEMENT approved Contingency Plans prior to entry.

POST the identified Protected Pathways/Protected Equipment.

OU-AA-103 Revision 15 Page 17 of 24 4.3.5.

Required Actions for Unplanned Entry into a more degraded Key Safety Function or Unit Status Color.

YELLOW:

NOTIFY the Shutdown Safety Manager and Plant Manager.

UPDATE all communication aids.

Review and Initiate if required a Prompt investigation in accordance with OP-AA-106-101-1001, Event Response Guidelines.

ORANGE:

Perform the requirements for unplanned entry into YELLOW.

NOTIFY the Shutdown Safety Manager and Plant Manager.

DOCUMENT unplanned ORANGE condition in the operations Narrative LOG.

VERIFY written Contingency Plans exist or PREPARE as appropriate and INITIATE the plans.

IDENTIFY and POST Protected Pathways / Protected Equipment.

CONVENE a SSRB to evaluate Schedule Changes.

Generate a Condition Report (CR) to the Site Maintenance Rule Coordinator / System Manager as applicable to review the activity or activities for applicability under the requirements of the Maintenance Rule.

RED:

NOTIFY the Shutdown Safety Manager and Plant Manager.

- Perform the requirements for unexpected entry into ORANGE:

HALT all work that has the potential to adversely impact the effected Key Safety Function(s).

EXPEDITE actions needed to restore Pathways of threatened or lost Key Safety Functions and EXIT to a less degraded status.

4.4 Communications, Meetings, and Training

OU-AA-103 Revision 15 Page 18 of 24 NOTE: The following activities will be performed by the Shutdown Safety Manager or individuals designated by the Shutdown Safety Manager.

4.4.1.

Prior to the start of Scheduled Outages:

The Plant Operations Review Committee (PORC) will review the Shutdown Safety Management Plan for all Refuel Outages and Planned Outages containing significant work on systems that support Key Safety Functions.

COMMUNICATE Management's expectations for safety during the outage and other pertinent shutdown safety issues to the appropriate work groups in the station (including contractor groups).

Orient the OCC staff on defense-in-depth principles and risk management as discussed in Chapter V of INPO 06-008, Guidelines for the conduct of Outages at Nuclear Power Stations, providing additional insights and industry standards for decision-makers.

DISTRIBUTE easy-to-use references for workers that include relevant Shutdown Safety information for the Scheduled Outage 4.4.2.

During the Outage (all Safety Status Colors):

COMMUNICATE the Unit Status in a HIGHLY VISIBLE manner each shift.

IDENTIFY the Unit Status, Protected Pathways/Protected Equipment, and significant shutdown safety activities on a daily basis during normal working days.

REVIEW the Unit Status, Protected Pathways, and significant shutdown safety activities at designated outage meetings. PROVIDE reasons for Status colors other than GREEN to attendees.

PROVIDE Control Room personnel with the information such as Time to Boil and Key Safety Function Status for use in Operator shift briefings and/or postings in the Control Room 4.5 Protected Pathways/ Protected Equipment 4.5.1.

The Shutdown Safety Manager or designee determines the Protected Pathway requirements for all Scheduled Outages based on plant configuration and planned Defense-in-Depth.

4.5.2. Protected equipment/systems are clearly identified in the field to prevent inadvertent work on or near the protected equipment. Physical barriers are used whenever possible, particularly in cases where bumping into a component may cause an inadvertent trip or system transient.

OU-AA-103 Revision 15 Page 19 of 24 4.5.3.

Protected spaces are monitored to ensure barriers are in place and unauthorized work is not occurring. Non-intrusive work is controlled and limited to activities identified in OP-AA-108-107.

4.5.4.

At a minimum, Protect the following during outage conditions:

One in-service decay heat removal train and required support systems with fuel in the reactor vessel, One reactor inventory makeup train and required support systems with fuel in the vessel, One spent fuel pool cooling train once core offload starts until the time to boil in the spent fuel pool is greater than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

4.5.5.

The SSRB reviews and approves the plan to protect equipment 4.5.6.

A list of protected equipment is required for any entry into ORANGE condition.

Protected equipment may also be required for YELLOW conditions as identified by the SSRB. 4.5.7.

The Shutdown Safety Manager or designee reviews the schedule during the outage execution and revises, if necessary, the Protected Pathways list if plant configuration and equipment availability require these changes.

4.5.8.

The Shift Manager will receive the list of Protected Pathways 4.5.9.

The Shift Manager ensures that the appropriate Protected Pathways signs/barriers have been placed on a shiftly basis or whenever the requirements change.

4.5.10.

The protected train concept is applicable for switchyard work and associated off-site power feeds, relays, switchgear and associated transformers. This work includes activities performed by station personnel, supplemental workers and Transmission and Distribution employees.

4.5.11.

Work on Protected Equipment (in or within 2 feet of the area posted) that could result in the loss of the supported safety function will be evaluated and approved by the Shift Manager IAW OP-AA-108-116.

4.5.12.

Protected path signs have been established to provide consistency throughout PSEG.

4.6 Contingency Plans 4.6.1.

All entries into Status ORANGE require a Contingency Plan containing the following elements:

OU-AA-103 Revision 15 Page 20 of 24 All associated work instructions and procedures are reviewed and approved and necessary equipment and parts are staged Roles and responsibilities for implementing contingency actions are outlined for workers, the outage control center (OCC) staff, and control room personnel. Individuals are identified in advance and contact lists are maintained with a pre-determined communication protocol for initiating contingency actions.

Walkthroughs and drills are conducted to validate contingency plan assumptions, where feasible. For example, time critical operation and maintenance activities such as placing gravity feed in service, powering a bus from a blackout diesel, establishing temporary power feeds, or closing the containment equipment hatch are determined.

4.6.2.

The SSRB may select and approve additional activities or plant configurations that require a Contingency Plan.

4.6.3.

Any contingency plans that were developed to support SSMP requirements will be approved by the SSRB. 4.6.4.

When developing Contingency Plans, the use of permanent and/or temporary equipment, procedures, and additional monitoring and controls is acceptable.

Consider plant conditions such as time to core boil/damage, decay heat loads, time to perform the Contingency Plan and installed or temporary equipment.

4.6.5.

A Contingency Plan will clearly state when it is applicable to ensure it is in place when required.

4.6.6.

Contingency Plans will be distributed to work groups having actions to perform if the plan is activated. The work groups, as appropriate, will brief these actions while the plan is in place.

4.7 Post Outage Assessment 4.7.1.

Upon completion of a Refueling Outage and for other outages as determined by the SSRB, a post outage assessment report will be prepared and issued to the Plant Manager.

4.7.2. The report will focus on the following:

Compare Planned Status with Actual Status encountered during the execution of the outage.

Identify unplanned entries into status Yellow, Orange, or Red.

Disposition unplanned unavailability of Shutdown Safety Equipment during periods when it was needed to support Key Safety Functions.

OU-AA-103 Revision 15 Page 21 of 24 4.8 Shutdown Safety Management Program Site Specific Procedures 4.8.1.

Each plant will have a site-specific procedure providing detailed guidance for implementation of the SSMP based on individual site characteristics.

4.8.2.

Each site ensures all shutdown safety evaluations are conducted in accordance with the policies and practices contained in OU-HC/SA-105.(Q).

4.9 Site Specific Procedure Contents 4.9.1.

Each Site Specific procedure will contain as a minimum the following:

Safety System Status sheet that can be used to verify that actual plant configuration matches the planned configuration.

Safety System Outage Guidelines that provide minimum Defense-in-Depth requirements for each Key Safety Function.

A Program or data sheet that provides a method for performing a manual safety assessment.

5.

DOCUMENTATION Document the results of the SSRB in CAP.

6.

REFERENCES 6.1 Commitments - None 6.2 NRC Information Notice 95-57, Risk Impact Study Regarding Maintenance During Low-Power Operation and Shutdown, 12/13/95.

6.3 NUREG-1449, Shutdown and Low-Power Operation at Commercial Nuclear Power Plants in the United States, September 1993.

6.4 INPO 06-008, Guidelines for the Conduct of Outages at Nuclear Power Stations.

6.5 INPO SOER 91-01, Conduct of Infrequently Performed Tests or Evolutions.

6.6 NUMARC 91-06, Guidelines for Industry Actions to Assess Shutdown Management 6.7 NSAC-175, Safety Assessment of BWR Risk During Shutdown Operations -

EPRI.

6.8 NSAC-176L, Safety Assessment of PWR Risk During Shutdown Operations -

EPRI.

OU-AA-103 Revision 15 Page 22 of 24 6.9 10CFR50.65A(4) - Maintenance Rule.

6.10 NUMARC 93-01, Industry Guidance for monitoring the Effectiveness of Maintenance at Nuclear Power Plants 6.11 OU-SA-105 (Q), Shutdown Safety Management Program - Salem Annex 6.12 OU-HC-105 (Q), Shutdown Safety Management Program - Hope Creek Annex 6.13 SOER 09-01 Shutdown Safety

7.

ATTACHMENTS 7.1, Shutdown Safety Approval

OU-AA-103 Revision 15 Page 23 of 24 ATTACHMENT 1 Shutdown Safety Evaluation and Approval Page 1 of 1

[70103591 CRCA 19]

OUTAGE DATE:

Reason for Evaluation/Approval Initial Schedule approval Deviation from guidelines Schedule Change approval Contingency Plan approval Safety Status RED approval Model Changes Safety Status ORANGE approval Equipment Availability Use of LCO 3.0.4.b Other:

==

Description:==

Evaluation of Key safety function impacts: (Address Technical Specifications and non-outage unit impact as applicable)

Actions required from SSRB review:

OU-AA-103 Revision 15 Page 24 of 24 Approvals Required Signature Date Shutdown Safety Manager SRO [Operations]

NE/RE (if required)

Other __________________

Other __________________

Other __________________

Retrieved from "https://kanterella.com/w/index.php?title=ML110060187&oldid=5286247"