Risk-Managed Technical Specifications (RMTS) Guidelines, for a Risk-Informed Completion Time program.

https://www.nrc.gov/docs/ML1228/ML12286A322.pdf

text

NEI 06-09 (Revision 0) - A

Risk-Informed Technical

Specifications Initiative 4b

Risk-Managed Technical

Specifications (RMTS)

Guidelines

Industry Guidance Document

November 2006

NEI 06-09 Rev 0 November 2006

i

NEI 06-09 Revision 0 - A

NEI 06-09 Revision 0 was issued in November 2006.

This version incorporates NRC’s final safety evaluation, dated May 17, 2007, and is

designated as the “A” version (for approved).

This version is otherwise identical to the November 2006 document.

All NRC requests for additional information have been closed and the results

incorporated into the document.

May 17, 2007

Mr. Biff Bradley, Manager

Risk Assessment

Nuclear Energy Institute

Suite 400

1776 I Street, NW

Washington, DC 20006-3708

SUBJECT: FINAL SAFETY EVALUATION FOR NUCLEAR ENERGY INSTITUTE (NEI)

TOPICAL REPORT (TR) NEI 06-09, “RISK-INFORMED TECHNICAL

SPECIFICATIONS INITIATIVE 4B, RISK-MANAGED TECHNICAL

SPECIFICATIONS (RMTS) GUIDELINES” (TAC NO. MD4995)

Dear Mr. Bradley:

During a December 16, 2003, public meeting, the NEI representatives provided Interim

Report 1002965, “Risk-Managed Technical Specifications (RMTS) Guidelines,” dated October

2003 to the U.S. Nuclear Regulatory Commission (NRC) staff. By letter dated November 13,

2006, it was supplemented by a final version, TR NEI 06-09 entitled “Risk-Informed Technical

Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines,” to the

NRC staff for review. By letter dated April 12, 2007, an NRC draft safety evaluation (SE) was

provided for your review and comments. By letter dated April 24, 2007, NEI commented on the

draft SE. The NRC staff’s disposition of NEI’s comments on the draft SE are discussed in the

attachment to the final SE enclosed with this letter.

The NRC staff has found that TR NEI 06-09 is acceptable for referencing by licensees

proposing to amend their Technical Specifications to implement RMTS to the extent specified

and under the limitations delineated in the TR and in the enclosed final SE. The final SE

defines the basis for our acceptance of the TR.

Our acceptance applies only to material provided in the subject TR. We do not intend to repeat

our review of the acceptable material described in the TR. When the TR appears as a

reference in license applications, our review will ensure that the material presented applies to

the specific plant involved. License amendment requests that deviate from this TR will be

subject to a plant-specific review in accordance with applicable review standards.

Since there is no proprietary version of this TR, we request in accordance with the guidance

provided on the NRC website, that the NEI publish the accepted non-proprietary version of this

TR within three months of receipt of this letter. The NEI shall incorporate this letter and the

enclosed final SE after the title page. Also, the accepted version must contain historical review

information, including NRC requests for additional information and your responses. The

accepted version shall include an "-A" (designating accepted) following the TR identification

symbol.

B. Bradley - 2 -

If future changes to the NRC's regulatory requirements affect the acceptability of this TR, the

NEI and/or licensees referencing it will be expected to revise the TR appropriately, or justify its

continued applicability for subsequent referencing.

Sincerely,

/RA/

Jennifer M. Golder, Acting Deputy Director

Division of Policy and Rulemaking

Office of Nuclear Reactor Regulation

Project No. 689

Enclosure: Final SE

cc w/encl: See next page

B. Bradley - 2 -

If future changes to the NRC's regulatory requirements affect the acceptability of this TR, the

NEI and/or licensees referencing it will be expected to revise the TR appropriately, or justify its

continued applicability for subsequent referencing.

Sincerely,

/RA/

Jennifer M. Golder, Acting Deputy Director

Division of Policy and Rulemaking

Office of Nuclear Reactor Regulation

Project No. 689

Enclosure: Final SE

cc w/encl: See next page

DISTRIBUTION:

PUBLIC PSPB Reading File RidsNrrDpr RTjader

RidsNrrDprPspb RidsNrrPMTMensah RidsNrrLADBaxley

RidsOgcMailCenter RidsAcrsAcnwMailCenter SRosenberg (HardCopy)

ADAMS ACCESSION No.: ML071200238 *No major changes to SE input. NRR-043

OFFICE PSPB/PM PSPB/LA EICB/BC* ITSB/BC* APLA/BC*

NAME TMensah DBaxley AHowe TKobetz MRubin

DATE 05/10/07 05/9/07 03/28/07 03/29/07 02/22/07

OFFICE SPWB/BC* EEEB/BC* PSPB/BC DPR/DD(A)

NAME JNakoski GWilson SRosenberg JGolder

DATE 03/12/07 03/01/07 05/ 15 /07 05/ 17 /07

OFFICIAL RECORD COPY

FINAL SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION

TOPICAL REPORT (TR) NEI 06-09, REVISION 0

“RISK-INFORMED TECHNICAL SPECIFICATIONS INITIATIVE 4B,

RISK-MANAGED TECHNICAL SPECIFICATIONS (RMTS) GUIDELINES”

NUCLEAR ENERGY INSTITUTE

PROJECT NO. 689

1.0 INTRODUCTION

During a December 16, 2003, public meeting, the Nuclear Energy Institute (NEI)

representatives provided Interim Report 1002965, “Risk-Managed Technical Specifications

(RMTS) Guidelines,” dated October 2003 (Reference 1), to the U.S. Nuclear Regulatory

Commission (NRC) staff. Since that date, several supplemental communications have been

received, and a revised final version, TR NEI 06-09, Revision 0, entitled “Risk-Informed

Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS)

Guidelines,” dated November 2006 (Reference 2).

1.1 Proposed Action

The TR provides a risk-informed methodology which would permit a licensee to implement the

RMTS Guidelines (RMTS hereafter refers to the RMTS Guidelines), to permit the completion

times (CTs), also referred to as the allowed outage times (AOTs), associated with actions of

technical specifications (TSs) to be extended, provided risk is assessed and managed within a

configuration risk management program (CRMP). TR NEI 06-09, Revision 0, supports industry

initiative 4B of the Risk-Management Technical Specifications risk-informed CT (RICT) TS

program. These initiatives are intended to maintain and improve safety through the

incorporation of risk assessment and management techniques in TSs, while reducing

unnecessary burden and making TS requirements consistent with the Commission’s other

risk-informed regulatory requirements.

For those limiting conditions for operation (LCOs) within the proposed plant-specific scope of

the RMTS, a new action requirement is provided to permit continued operation beyond the

existing CTs of applicable action requirements of the LCOs. This new action requirement

tracks risk as measured by the configuration-specific core damage frequency (CDF) and large

early release frequency (LERF), and assesses this risk using processes and limits specified in

TR NEI 06-09, Revision 0. Additional requirements for compensatory measures or risk

management actions (RMA), requirements for scope and quality of the probabilistic risk

assessment (PRA) models used in the CRMP, and for quantitative evaluation of risk sources for

which PRA models may not be available are also specified.

-2-

1.2 Related NRC Actions

The TR is referenced in two pilot plant submittals. Omaha Public Power District submitted a

license amendment request (LAR) for Fort Calhoun Station (Ft. Calhoun) on May 14, 2004

(Reference 3), and South Texas Project Nuclear Operating Company submitted a LAR for the

two unit South Texas Project (South Texas) plants on August 2, 2004 (Reference 4). The

South Texas LAR was resubmitted on June 6, 2006 (Reference 5), to incorporate revisions

made to the TR. The Ft. Calhoun LAR was withdrawn on August 25, 2006 (Reference 6), and

is planned to be resubmitted pending approval of the TR.

2.0 REGULATORY EVALUATION

2.1 Applicable Regulations

In Title 10 of the Code of Federal Regulations (10 CFR) 50.36, the Commission established its

regulatory requirements related to the content of TSs. Pursuant to 10 CFR 50.36, TSs will

include items in the following five specific categories related to station operation: (1) safety

limits, limiting safety system settings, and limiting control settings; (2) LCOs; (3) surveillance

requirements; (4) design features; and (5) administrative controls. The rule does not specify

the particular requirements to be included in a plant’s TSs. As stated in 10 CFR 50.36(c)(2),

“Limiting conditions for operation are the lowest functional capability or performance levels of

equipment required for safe operation of the facility. When a limiting condition for operation of

a nuclear reactor is not met, the licensee will shut down the reactor or follow any remedial

action permitted by the technical specifications until the condition can be met.”

Most TS LCOs provide a fixed time interval, referred to as the AOT or CT, during which the

LCO may not be met, to permit a licensee to perform required testing or maintenance activities,

or to conduct repairs. Upon expiration of the CT, the requirement to shut down the reactor or

follow remedial action is imposed. The RMTS provide a means for the licensee to extend the

CT and thereby delay reactor shutdown or remedial actions, if risk is assessed and managed

within specified limits and programmatic requirements established by the CRMP. The

regulatory requirements for the content of LCOs continue to be met, since only the CT is

changed by the RMTS. The specific functional capabilities or performance levels of equipment

are unchanged, and the remedial actions, including the requirement to shut down the reactor,

are also unchanged; only the specific time limits for initiating actions are extended by the

RMTS.

The maintenance rule, 10 CFR 50.65, “Requirements for monitoring the effectiveness of

maintenance at nuclear power plants,” requires licensees to monitor the performance or

condition of structures, systems and components (SSCs) against licensee-established goals, in

a manner sufficient to provide reasonable assurance that these SSCs are capable of fulfilling

their intended functions. In addition,10 CFR 50.65(a)(4) requires the assessment and

management of the increase in risk that may result from a proposed maintenance activity. The

TR uses processes which are consistent with and complementary to the requirements of

10 CFR 50.65(a)(4).

- 3 -

2.2 Applicable Regulatory Criteria/Guidelines

A CT extension may increase the unavailability of an SSC due to the increased time the

component is permitted to be out-of-service for maintenance or repair. There are two

components to the risk impact: (1) the single event risk when the CT extension is invoked and

the component is out-of-service, and (2) the yearly risk contribution based on the expected

frequency that the CT extension will be implemented.

The yearly risk impact is represented by the change in CDF (CDF) and the change in LERF

(LERF) metrics referenced in Regulatory Guide (RG) 1.174, Revision 1, “An Approach for

Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to

the Licensing Basis” (Reference 7). The single event risk is represented by the incremental

conditional core damage probability (ICCDP) and the incremental conditional large early release

probability (ICLERP) metrics referenced in RG 1.177, “An Approach for Plant-Specific, Risk�Informed Decisionmaking: Technical Specifications” (Reference 8).

General guidance for evaluating the technical basis for proposed risk-informed changes is

provided in Chapter 19.0, “Use of Probabilistic Risk Assessment in Plant-Specific,

Risk-Informed Decisionmaking: General Guidance,” of the NRC Standard Review Plan (SRP),

NUREG-0800 (Reference 9). More specific guidance related to risk-informed TS changes,

including changes to TS CTs, is provided in SRP Section 16.1, “Risk-Informed Decisionmaking:

Technical Specifications” (Reference 10).

Specific methods and guidelines acceptable to the NRC staff are also outlined in RG 1.177 for

assessing risk-informed TS changes. Specifically, RG 1.177 provides recommendations for

utilizing risk information to evaluate changes to TS CTs with respect to the impact of the

proposed change on the risk associated with plant operation. RG 1.174, Revision 1, and

RG 1.177 also describe acceptable implementation strategies and performance monitoring

plans to help ensure that the assumptions and analysis used to support the proposed TS

changes will remain valid. Finally, RG 1.200, Revision 1, “An Approach for Determining the

Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities”

(Reference 11), establishes requirements for PRA technical adequacy.

3.0 TECHNICAL EVALUATION

3.1 Background

This section discusses how the RMTS are implemented at a plant, and provides the specific

detailed requirements identified in TR NEI 06-09, Revision 0, for the RMTS programs.

TR NEI 06-09, Revision 0, provides a risk-informed method to assess and manage the

extension of CTs of TS action requirements. The PRA methods are used to calculate the

configuration-specific risk in terms of CDF and LERF. These risk metrics are applied to

determine an acceptable extended duration for the CT, referred to as a RICT, based on the

accumulation of risk from the point in time when the LCO was not met.

The existing CTs of the TS actions are retained in the TS, and referred to as the frontstop CTs.

When a TS LCO is not met but the frontstop CT of the required action has not yet been

reached, there is no change to TS action requirements, and the provisions of

- 4 -

10 CFR 50.65(a)(4) address the requirement to assess and manage configuration-specific risk.

If the TS LCO is not restored prior to exceeding the frontstop CT, then under the existing TS

requirements, a plant shutdown, or other specified remedial action(s), would be required.

As an alternative TS action, the RMTS may be voluntarily applied, if applicable to the TS action

requirement, and subject to program limitations. A RICT may be calculated to determine an

appropriate extension of the CT to defer the plant shutdown or specified remedial action. The

RICT is based on the configuration-specific CDF and LERF, and the time to reach specified

limits for integrated core damage probability (ICDP) or integrated large early release probability

(ILERP). The RICT is further limited to a deterministic maximum of 30 days (referred to as the

backstop CT) from the time the TS action was first entered. The RICT is based on the

configuration-specific accumulation of risk from the time the TS action was first entered, and is

required to be recalculated whenever the plant configuration changes. If the TS LCO is not

restored prior to reaching the calculated RICT, then the TS requirements for plant shutdown or

other remedial action become applicable.

Risk Metrics. For RICT calculations, the configuration-specific risk is determined and the time

to reach an ICDP of 10-5, or an ILERP of 10-6, is calculated. The more limiting time becomes

applicable as the RICT, subject to an upper limit (backstop CT) of 30 days. The use of core

damage and large early release metrics is consistent with RG 1.177 and RG 1.174, Revision 1.

The ICDP and ILERP limits are consistent with Section 11 of NUMARC 93-01, ”Industry

Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants”, dated

February 22, 2000 (Reference 12), which was endorsed by RG 1.182, “Assessing and

Managing Risk Before Maintenance Activities at Nuclear Power Plants” (Reference 13), for

control of risk during maintenance activities. The 30-day backstop CT assures that TS

equipment is not out of service for extended periods, and is a reasonable upper limit to permit

repairs and restoration of equipment to an operable status.

In addition to the integrated risk limits for calculating the RICT, TR NEI 06-09, Revision 0, also

imposes a restriction which prohibits voluntary entry into a plant configuration which exceeds a

risk level equivalent to 10-3/year CDF, or 10-4/year LERF. These limits provide a control to

prevent entry into potential high risk configurations, and are consistent with the guidance of

NUMARC 93-01. Consistent with RG 1.182, the NRC staff neither endorses nor disapproves of

the 10-3/year CDF value, nor the 10-4/year LERF value. The NRC staff has not developed

guidance on acceptable levels of configuration risk, but instead uses metrics based on the

accumulation of risk over time. The industry imposed limits of 10-3/year CDF and 10-4/year

LERF would only permit a few days of operation until the ICDP limit of 10-5, or the ILERP limit of

10-6, upon which the RICT is based, were reached, and so extended operation in such

configurations would not be permitted under a RMTS program. Such configurations are not

expected to occur frequently, and therefore, the NRC staff does not find it necessary to provide

any further restrictions on configuration risk beyond what is proposed in TR NEI 06-09,

Revision 0.

A periodic assessment of the risk incurred due to the extension of CTs is also required. This is

an evaluation of the calculated change in risk after implementation of a RMTS program to

assure that the guidance of RG 1.174, Revision 1, for CDF (1E-5 per year) and LERF

(1E-6 per year) are met. If the RG 1.174, Revision 1, limits are exceeded, then corrective

actions must be implemented.

- 5 -

Applicability. The use of the RMTS is voluntary, and applies only to a plant-specific set of TS

LCOs and associated action requirements. The RMTS are applicable whenever any current TS

CT (referred to as the frontstop CT) is exceeded and the TS required plant shutdown or other

remedial action is to be deferred based on the RMTS. Under the existing TS, when the CT is

reached, the plant would be required to shut down, or to implement other remedial actions

allowed by the particular TS action. Under the RMTS, the RICT determined based on ICDP or

ILERP, up to a limit of 30 days, becomes the CT in effect for the LCO. The RMTS cannot be

voluntarily entered if: 1) the configuration-specific risk exceeds the instantaneous limits of

10-3/year CDF or 10-4/year LERF; 2) the ICDP or ILERP limit has been reached prior to

exceeding the frontstop CT; or 3) a total loss of specified safety function for the affected TS

system occurs.

Until a RICT is calculated, the frontstop CT, and any associated actions, remain the TS control

in effect. The RICT must be established prior to any time limit associated with a TS action

requirement of the frontstop CT. The RICT is based on the time to accumulate the allowable

risk limit from the time the LCO was not met; that is, the RICT accounts for risk accumulated

while the TS action was in effect prior to reaching the frontstop CT.

While an RICT is in effect, any configuration change within the scope of the CRMP requires a

reassessment of the configuration-specific risk and the resulting impact on the RICT. This

includes changes in status of any SSC within the scope of the plant-specific CRMP, including

those SSCs not subject to TS controls. For planned changes, the revised RICT would be

determined prior to implementation of the change in a configuration. For emergent conditions,

the revised configuration risk is required to be assessed within the time limits of any required

TS action, not to exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , and used to determine the new RICT. If the configuration

change is restoring SSCs to service, the RICT is conservatively not required to be updated.

The accumulation of risk and comparison to the ICDP and ILERP limits to determine an RICT

continues until there are no LCOs exceeding their front-stop CTs. At that time, the current TS

CTs become the CTs in effect, and the risk accumulation for a RICT is reset.

If the ICDP or ILERP limits are reached (i.e., the RICT is reached) and any TS LCO action

requirement is beyond its frontstop CT, then the actions required by the TS LCOs are

implemented. In addition, a 30-day backstop CT is also applicable to each individual LCO

action requirement, applicable from the time the LCO became not met, after which the actions

required by the TS LCOs must be implemented.

Applying Credit for the Risk Significance of Inoperable SSCs. An inoperable TS SSC will

cause a TS LCO to be not met, and will require meeting TS required actions within prescribed

CTs. In determining the configuration-specific risk impact, an inoperable SSC is normally

considered to be completely unavailable with respect to the calculation of risk using the PRA

model. Depending upon the specific inoperable SSC which causes the TS LCO to be not met,

the level of risk calculated may vary, and so different RICTs may be calculated for the same TS

action for different inoperable SSCs. For example, an inoperable valve in one of two or more

redundant flowpaths may make a system inoperable, but the impact is less and the associated

RICT would be longer than with a pump which cannot feed multiple flowpaths. Thus the

calculated CT is risk-informed, and varies based on the PRA functional impact of the actual

SSC inoperability. The RMTS define “PRA functionality” as that which can be explicitly credited

- 6 -

in a RICT calculation of a TS inoperable SSC, and is not to be confused with the use of the

term, “functionality,” in the Operability Determination Process described in Regulatory Issue

Summary 2005-20, “Information to Licensees Regarding Two NRC Inspection Manual Sections

on Resolution of Degraded and Nonconforming Conditions and on Operability” (Reference 14),

that only applies to non-TS SSCs capability to perform their safety function. A RICT only

applies to a TS condition, associated required action, and CT.

If the unique effect of the SSC inoperability on its particular TS function is discernible by the

CRMP and supporting PRA models, then the remaining capability of the affected inoperable

SSC may be credited when calculating the RICT. For example, if a valve has TS required

functions in both the open and closed positions, then an inoperable valve may be credited in the

RICT calculation based on its actual open or close status, if the PRA model can account for

failure modes which are based on the actual valve position. This allows the RICT to accurately

reflect the risk of the specific plant configuration in terms of the available mitigating capability of

inoperable SSCs. In any case, where credit is given in the RICT calculation to inoperable SSCs

performing a required TS function, appropriate justification must be provided and documented.

Emergent Failures. During the time when an RICT is in effect and risk is being assessed and

managed, it is possible that emergent failures of SSCs may occur, and these must be assessed

to determine the impact on the RICT. If a failed component is one of two or more redundant

components in separate trains of a system, then there is potential for a common cause failure

mechanism. Licensees must continue to assess the remaining redundant components to

determine there is reasonable assurance of their continued operability, and this is not changed

by implementation of the RMTS. If a licensee concludes that the redundant components

remain operable, then these components are functional for purposes of the RICT. However,

the licensee is required to consider and implement additional risk management actions (RMAs),

due to the potential for increased risks from common cause failure of similar equipment. The

staff interprets TR NEI 06-09, Revision 0, as requiring consideration of such RMAs whenever

the redundant components are considered to remain operable, but the licensee has not

completed the extent of condition evaluations, and additionally, as required by a followup

prompt operability determination.

If an emergent failure, or degraded or non-conforming condition is discovered for a redundant

SSC that results in a total loss of TS specified safety function while the RMTS are in effect, then

the RICT is exited and the associated applicable TS Required Actions are considered not met,

and subsequent TS required actions are required to be implemented. Voluntary use of the

RMTS for a configuration which represents a loss of TS specified safety function, or

inoperability of all required safety trains, is not permitted. The total loss of a TS specified safety

function requires exiting the RICT and entering the associated TS required actions.

As discussed above, regarding the PRA functionality of SSCs, it is possible that all trains of a

TS system may be inoperable, but the impact of the inoperability may be discerned by the PRA

model in the CRMP. In such cases involving emergent (unplanned) conditions, the RMTS may

be applied to calculate a RICT. A RICT can only apply to (restorative) TS Required Actions that

are not Mode changes or unit shutdown (e.g., TS 3.0.3 actions and CTs). A total loss of TS

specified safety function requires exiting the RICT. As a specific example consider,

NUREG-1431, Revision 3, “ Standard Technical Specifications, Westinghouse Plants”

(Reference 15), TS 3.5.2, “ECCS-Operating.” Continued operation is allowed for up to

- 7 -

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months if one or more trains are inoperable (Condition A) and if at least 100 percent of the

emergency core cooling system (ECCS) flow equivalent to a single operable ECCS train is

available (Condition C). In this case, the ECCS still meets its design basis analysis

requirements (i.e., 10 CFR 50.46) even though all trains are inoperable, because the minimum

required flow equivalent to one train is available. A RICT is appropriate if the PRA model can

correctly assess the degraded condition and establish a CT based on the actual capacity of the

ECCS.

The PRA function may be considered in cases that involve SSC inoperabilities which, while

degraded, do not involve a potential for further degrading component performance. In most

cases, degrading SSCs may not be considered to be PRA functional while inoperable. For

example, a pump which fails its surveillance test for required discharge pressure is declared

inoperable. It cannot be considered functional for calculation of a RICT, since the cause of the

degradation may be unknown, further degradation may occur, and since the safety margin

established by the pump’s operability requirements may no longer be met. As a counter

example, a valve with a degrading stroke time may be considered PRA functional if the stroke

time is not relevant to the performance of the safety function of the valve; for example, if the

valve is required to close and is secured in the closed position, then the degradation of stroke

time would not impact the capability of the valve to be closed.

Risk Management. An important element of the RMTS is the programmatic requirement to

manage risk and to implement reasonable compensatory measures to reduce risk. Thresholds

are established at a factor ten below the RICT limits for ICDP and ILERP, and used to calculate

a risk management action time (RMAT). If the equipment out-of-service time exceeds the

RMAT, or if the planned outage duration is projected to result in exceeding the RMAT, then

RMAs must be considered and applied as appropriate to the specific configuration and plant

conditions. These limits are consistent with the guidance of NUMARC 93-01 endorsed by

RG 1.182. TR NEI 06-09, Revision 0, provides guidance on typical RMAs which may be

considered, but is not prescriptive in requiring specific actions. RMAs are based on the

configuration-specific risk, and determined in accordance with plant-specific procedures and

programs.

PRA Quality. In order to support the RMTS, the plant-specific CRMP must include the

capability to assess LERF, and must include a quantified assessment of all significant sources

of risk (i.e., external events and fires) which can be impacted by changes to the plant

configuration. Where PRA models are not available, conservative or bounding analyses may

be performed to quantify the risk impact and support the calculation of the RICT. Sources of

risk shown to be insignificant or unaffected by changes in plant configurations may be

neglected in the RICT calculations. This assures that the RICT is calculated with appropriate

consideration of all potentially significant sources of risk.

The technical adequacy of the underlying PRA models is required to be assessed against the

guidance of RG 1.200, Revision 1. For the internal events PRA models, the assessment is

required to consider capability Category II of American Society of Mechanical Engineers

(ASME) RA-Sa-2003, “Addendum to ASME RA-S-2002, Standard for Probabilistic Risk

Assessment for Nuclear Power Plant Applications” (Reference 16), as modified or classified by

RG 1.200, Revision 1. Any departure from these requirements must be assessed and

determined not to impact the RMTS. Where NRC-endorsed standards do not exist for specific

- 8 -

PRA models (i.e., fire risk), the licensee must justify the technical adequacy of these models to

support the RMTS.

The NRC staff notes that an addendum to the ASME standard was issued in 2005, ASME

RA-Sb-2005, “Addenda to ASME RA-S-2002, Standard for Probabilistic Risk Assessment for

Nuclear Power Plant Applications” (Reference 17). RG 1.200, Revision 1, was issued in

January 2007, which endorsed the updated standard applicable for internal events PRA

models. The NRC staff takes exception to the reference to RG 1.200, Revision 0, currently

listed throughout TR NEI 06-09, Revision 0. The NRC staff will require an assessment of PRA

technical adequacy using the revised RG 1.200, Revision 1, and the updated PRA standard.

Scope of TS Applicability. Only TS LCOs governing SSCs which can be assessed using the

CRMP and underlying PRA models may be subject to the RMTS. The PRA model and CRMP

must address the TS required functions of the SSCs to assure that the risk significance of the

unavailability of the SSC is properly assessed to determine an RICT.

Documentation. Each entry into the RMTS is required to be properly documented to permit

proper review and oversight to determine compliance with the TS requirements. The minimum

requirements include:

• date/time an LCO(s) is not met and date/time restored;

• assessment of functionality of the inoperable components, and the basis for such

determinations;

• configuration-specific risk over the duration of the RICT, identifying inoperable or

non-functional equipment and associated plant alignments;

• RMAs including compensatory actions implemented;

• extent of condition assessments for emergent failures involving redundant

components;

• total accumulated ICDP and ILERP; and

• use of quantified bounding assessments or other conservative quantitative

approaches.

Periodically, an assessment of the RMTS program implementation is performed, which is

required to include:

• accumulated annual risk above the zero-maintenance baseline due to equipment

out-of-service beyond the frontstop CT;

• associated process used to monitor the accumulated risk; and

• associated insights and lessons learned.

3.2 Evaluation

The NRC staff reviewed TR NEI 06-09, Revision 0, using SRP Chapters 19.0 and 16.1, and the

three-tiered approach and the five key principles of risk-informed decisionmaking presented in

RG 1.174, Revision 1, and RG 1.177, as discussed below.

- 9 -

SRP Chapter 19.0, consistent with RG 1.177, identifies five key safety principles to be met for

risk-informed applications, including changes to TS. Each of these principles is addressed by

TR NEI 06-09, Revision 0, as discussed below.

1. The proposed change meets the current regulations unless it is explicitly related to a

requested exemption or rule change.

The regulation at 10 CFR 50.36(c) provides that TSs will include LCOs which are “the

lowest functional capability or performance levels of equipment required for safe

operation of the facility. When a limiting condition for operation of a nuclear reactor is

not met, the licensee will shut down the reactor or follow any remedial action permitted

by the technical specifications until the condition can be met.” TR NEI 06-09,

Revision 0, supports a risk-informed determination of the CT applicable to the actions of

the LCO by providing a NRC-approved methodology for assessing and managing the

configuration-specific risk. The LCOs themselves would remain unchanged, as would

the required remedial actions or shut down requirements in accordance with

10 CFR 50.36(c). Therefore, the proposed TR methodology for determining CTs is

consistent with current regulations and satisfies the first key safety principle of

RG 1.177.

2. The proposed change is consistent with the defense-in-depth philosophy.

Consistency with the defense-in-depth philosophy is maintained if:

• A reasonable balance is preserved among prevention of core damage,

prevention of containment failure, and consequence mitigation.

• Over-reliance on programmatic activities to compensate for weaknesses in plant

design is avoided.

• System redundancy, independence, and diversity are preserved commensurate

with the expected frequency, consequences of challenges to the system, and

uncertainties (e.g., no risk outliers).

• Defenses against potential common cause failures are preserved and the

potential for the introduction of new common cause failure mechanisms is

assessed.

• Independence of barriers is not degraded.

• Defenses against human errors are preserved.

• The intent of the general design criteria in 10 CFR Part 50, Appendix A, are

maintained.

TR NEI 06-09, Revision 0, uses both the CDF and the LERF metrics to assess and

establish CTs, which addresses maintaining a balance between core damage

prevention and containment failure prevention. Compliance with the guidance of

RG 1.174, Revision 1, and RG 1.177 for CDF and LERF is achieved by evaluation

- 10 -

using a comprehensive risk analysis, which assesses the configuration-specific risk by

including contributions from human errors and common cause failures. The use of

extended CTs is restricted to conditions which do not involve a total loss of function,

which assures preservation of redundancy and diversity. Both the quantitative risk

analysis and the qualitative considerations assure a reasonable balance of

defense in depth is maintained to ensure protection of public health and safety,

satisfying the second key safety principle of RG 1.177.

Use of Compensatory Measures to Retain Defense In Depth

TR NEI 06-09, Revision 0, addresses potential compensatory actions and risk

management action measures by stating, in generic terms, that compensatory

measures may include but are not limited to the following:

- Reduce the duration of risk sensitive activities.

- Remove risk sensitive activities from the planned work scope.

- Reschedule work activities to avoid high risk-sensitive equipment outages

or maintenance states that result in high risk plant configurations.

- Accelerate the restoration of out-of-service equipment.

- Determine and establish the safest plant configuration.

The TR requires that compensatory measures be initiated when the PRA calculated

RMAT is exceeded, or for preplanned maintenance for which the RMAT is expected to

be exceeded, RMAs shall be implemented at the earliest appropriate time. In order to

maintain defense in depth, compensatory actions for significant components should be

predefined to the extent practicable in plant procedures and implemented at the earliest

appropriate time.

Examples of compensatory measures that can be established for SSCs in TSs are

provided in items A and B below.

A. Examples of compensatory measures that should be considered during the

extended period that a diesel generator (DG) is inoperable, so that the increased

risk is reduced and to ensure adequate defense in depth, are:

(1) The condition of the offsite power supply, switchyard, and the grid should

be evaluated prior to entering the extended AOT for elective

maintenance, and RMAs considered, particularly during times of high grid

stress conditions, such as during high demand conditions;

(2) Deferral of switchyard maintenance should be considered, such as

deferral of discretionary maintenance on the main, auxiliary, or startup

transformers associated with the unit;

- 11 -

(3) Deferral of maintenance that affects the reliability of the trains associated

with the operable DGs should be considered.

(4) Deferral of planned maintenance activities on station blackout mitigating

systems should be considered, and consideration given to treating those

systems as protected equipment.

(5) Consider contacting the dispatcher on a periodic basis to provide

information on the DG status and the power needs of the facility.

B. Examples of compensatory measures that should be considered during the

extended period that a safety related battery is inoperable for elective

maintenance, so that the increased risk is reduced and to ensure adequate

defense in depth, are:

(1) Consider limiting the immediate discharge of the affected battery.

(2) Consider recharging the affected battery to float voltage conditions using

a spare battery charger.

(3) Evaluate the remaining battery capacity and its ability to perform its

safety function.

(4) Periodically verify battery float voltage is equal to or greater than the

minimum required float voltage.

3. The proposed change maintains sufficient safety margins.

The design, operation, testing methods, and acceptance criteria for SSCs, specified in

applicable codes and standards (or alternatives approved for use by the NRC) will

continue to be met as described in the plant licensing basis (including the final safety

analysis report and bases to TSs), since these are not affected by risk-informed

changes to the CTs. Similarly, there is no impact to safety analysis acceptance criteria

as described in the plant licensing basis. Thus, safety margins are maintained by the

proposed methodology, and the third key safety principle of RG 1.177 is satisfied.

4. When proposed changes result in an increase in CDF or risk, the increases should be

small and consistent with the intent of the Commission’s Safety Goal Policy Statement.

TR NEI 06-09, Revision 0, is a methodology for a licensee to evaluate and manage the

risk impact of extensions to TS CTs. Permanent changes to the fixed TS CTs are

typically evaluated by using the three-tiered approach described in Chapter 16.1 of the

SRP, RG 1.177, and RG 1.174, Revision 1. This approach addresses the calculated

change in risk as measured by the change in CDF and LERF, as well as the ICCDP

and ICLERP; the use of compensatory measures to reduce risk; and, the

implementation of a CRMP to identify risk-significant plant configurations.

TR NEI 06-09, Revision 0, is a methodology rather than a specific proposed change to

an existing TS CT, it does not provide a specific implementation of the three-tiered

- 12 -

approach for a particular change to a TS CT. Rather, it establishes the quality and

scope requirements of the PRA model or bounding assessments which support such

calculations, and establishes numerical criteria on which a licensee is to base the

determination of acceptable extensions of the existing TS CTs, to establish a bases for

compliance with the three-tiered approach each time the RMTS program is used to

extend a CT. The existing TS CTs (i.e., the frontstop CTs) are not changed by

implementation of the RMTS; rather, the subsequent action requirement upon expiration

of the frontstop CT is revised to permit continued operation for up to 30 days provided

risk is assessed and managed by the CRMP within specified limits. The TS CT is not

permanently changed, and the three-tiered process for risk assessment and

management is required each time the TS CT is to be exceeded.

The three-tiered approach in TR NEI 06-09, Revision 0, is summarized as follows:

Tier 1: The licensee should assess the impact on CDF, ICCDP, and, when appropriate,

LERF and ICLERP. TR NEI 06-09, Revision 0, requires an assessment of the

accumulated risk in terms of the ICDP and ILERP against program limits while a RICT is

in effect. The assessment is ongoing, in that any changes to the plant configuration

which would impact the RICT are required to be assessed and their impacts accounted

for in the RICT. The RICT, therefore, accounts for the actual plant risk based not just

on the inoperable TS system, but on the availability and alignment status of all plant

systems which are important to safety and modeled in the CRMP. The limits

established for a RICT are consistent with the guidance of NUMARC 93-01 endorsed by

RG 1.182 as applicable to plant maintenance activities. Thus, the TR NEI 06-09,

Revision 0, program requirements effectively establish a TS CT limit which is consistent

with the principle of Tier 1 that the risk increase should be small.

A periodic assessment of the risk incurred during the RMTS extended CTs is required to

evaluate the overall risk impact of the program in terms of annual CDF and LERF.

Any risk increases are evaluated against the criteria of RG 1.174, Revision 1, to assure

such increases are small and consistent with the principle of Tier 1.

Tier 2: The licensee should provide reasonable assurance that risk-significant plant

equipment outage configurations will not occur. TR NEI 06-09, Revision 0, does not

permit high risk configurations which would exceed instantaneous CDF and LERF limits.

It further requires implementation of RMAs when the actual or anticipated risk

accumulation during a RICT will exceed 10 percent of the ICDP or ILERP limit. Such

RMAs may include rescheduling planned activities to lower risk periods or implementing

risk reduction measures. The limits established for entry into a RICT and for RMA

implementation are consistent with the guidance of NUMARC 93-01 endorsed by

RG 1.182 as applicable to plant maintenance activities. These TR requirements are

consistent with the principle of Tier 2 to avoid risk-significant configurations.

Tier 3: The licensee should ensure that the risk impact of out-of-service equipment is

appropriately evaluated. TR NEI 06-09, Revision 0, establishes requirements for a

CRMP and the underlying PRA models in terms of scope and technical adequacy. The

CRMP is then used to evaluate configuration-specific risk for planned activities

associated with the RMTS extended CT, as well as emergent conditions which may

arise during an extended CT. This required assessment of configuration risk, along with

- 13 -

the implementation of compensatory measures and RMAs, is consistent with the

principle of Tier 3 for assessing and managing the risk impact of out-of-service

equipment.

RG 1.177 includes consideration of various technical and quality aspects of the PRA

models used for risk evaluations in support of changes to TS. These items are

discussed for the CRMP supporting the RMTS as described in TR NEI 06-09,

Revision 0, and are evaluated below.

Quality of the PRA. RG 1.174, Revision 1, and RG 1.200, Revision 1 define the quality

of the PRA in terms of its scope, level of detail, and technical adequacy. The quality

must be compatible with the safety implications of the proposed TS change and the role

the PRA plays in justifying the change.

The NRC has developed regulatory guidance to address PRA technical adequacy.

RG 1.200 addresses the use of the ASME RA-Sb-2005 and the NEI peer review

process NEI 00-02, “Probabilistic Risk Assessment (PRA) Peer Review Process

Guidance” (Reference 18), to address the technical adequacy of internal events PRA

models. External events and internal fires are also addressed, but as there are currently

no endorsed standards, RG 1.200, provides high level attributes and submittal guidance

only.

TR NEI 06-09, Revision 0, requires an evaluation of the PRA model used to support the

RMTS against the requirements of RG 1.200, Revision 1, and AMSE RA-S-2002,

“Standard for Probabilistic Risk Assessment for Nuclear power Plant Applications”

(Reference 19), for capability Category II. This assures that the PRA model is

technically adequate for use in the assessment of configuration risk. This capability

category of PRA is sufficient to support the evaluation of risk associated with out-of�service SSCs and establishing risk-informed CTs.

For external events and internal fires, submittal of the information identified by

RG 1.200, Revision 1 assures that the staff has an adequate basis to determine the

technical adequacy of these models to support the assessment of configuration risk.

The NRC staff notes that an addendum to the ASME standard was issued in 2005,

ASME RA-Sb-2005. RG 1.200, Revision 1 endorses the updated standard applicable

for internal events PRA models. The NRC staff takes exception to the reference to

RG 1.200, Revision 0, currently listed throughout TR NEI 06-09, Revision 0. The NRC

staff will require an assessment of PRA technical adequacy using RG 1.200, Revision 1,

and the updated PRA standard.

The NRC staff further interprets the guidance to evaluate the PRA using RG 1.200,

Revision 1, and the ASME standard for capability Category II as a requirement that the

licensee’s PRA for internal events must satisfy all requirements of the ASME standard,

and achieve at least capability Category II where the standard provides unique

requirements. Because of the significant role of the PRA models in this application,

exceptions to the requirements of the standard are generally not acceptable, and any

exceptions must be identified and justified.

- 14 -

There are currently no RG 1.200, Revision 1 endorsed standards for external events,

fires, or low power and shutdown conditions. TR NEI 06-09, Revision 0, permits the use

of either PRA or non-PRA type quantitative evaluations, including conservative or

bounding methods, to assess risk of these events and conditions. The specific method

to be utilized in the RMTS program would be identified and technically justified by the

licensee in its plant-specific application to implement the RMTS, and would be reviewed

and approved by the NRC staff in a license amendment implementing the RMTS.

Industry standards have been or are being prepared for external events, internal fires,

and low-power and shutdown PRAs. For the RMTS submittals received after a standard

is developed by the industry, endorsed by the NRC via revisions to RG 1.200, and is

beyond any NRC staff-approved implementation period, the NRC staff will use that

standard to assess the technical adequacy of the corresponding aspect of the PRA, if

used to support the RMTS. This is consistent with the Commission’s phased approach

to PRA quality. The NRC staff notes that if sources of risk can be shown to be

insignificant contributors to configuration risk, then they may be excluded from the

RMTS, as discussed under “Scope of the PRA”, below; the approval of industry

standards would not impose any requirement for such sources of risk to be included in

the RMTS calculations.

As part of its review and approval of a licensee’s application requesting to implement the

RMTS, the NRC staff intends to impose a license condition that will explicitly address

the scope of the PRA and non-PRA methods approved by the NRC staff for use in the

plant-specific RMTS program. If a licensee wishes to change its methods, and the

change is outside the bounds of the license condition, the licensee will need NRC

approval, via a license amendment, of the implementation of the new method in its

RMTS program. The focus of the NRC staff’s review and approval will be on the

technical adequacy of the methodology and analyses relied upon for the RMTS

application.

Therefore, these requirements of TR NEI 06-09, Revision 0, as modified, are consistent

with Section 2.3.1 of RG 1.177.

Scope of the PRA. TR NEI 06-09, Revision 0, requires a quantitative assessment of

potential impact on risk due to impacts from internal events, including internal fires.

Other sources of risk (i.e., seismic, other external events) must be quantitatively

assessed if they contribute significantly to configuration-specific risk. Transition risk is

conservatively not considered in establishing RICTs, and as the RMTS are not

applicable to cold shutdown and refueling modes, shutdown risk for these conditions

need not be evaluated. Consideration is made of both CDF and LERF metrics.

Bounding analyses or other conservative quantitative evaluations are permitted where

realistic PRA models are unavailable. The guidance provided in TR NEI 06-09,

Revision 0, is sufficient to ensure the scope of the risk analysis supporting the RMTS

evaluations are adequate to assess configuration risk and is consistent with

Section 2.3.2 of RG 1.177.

PRA Modeling. TR NEI 06-09, Revision 0, specifically applies the RMTS only to those

SSCs which mitigate core damage or large early releases. Where the SSC is not

- 15 -

modeled in the PRA, and its impact cannot otherwise be quantified using conservative

or bounding approaches, the RMTS are not applicable, and the existing frontstop CT

would apply. Potential impacts on the risk analyses due to screening criteria and

truncation levels are adequately addressed by the requirements for PRA quality in

RG 1.200, Revision 1.

TR NEI 06-09, Revision 0, also provides additional requirements for the CRMP PRA

model to assure a conservative calculation of the risk impact of unavailable SSCs:

• quantitative credit for repair or recovery of inoperable equipment is not permitted;

• quantitative credit for compensatory measures or RMAs is permitted only when

such actions are included in the baseline PRA model, and are contained in plant

procedures;

• the impact of SSC unavailability on the likelihood of initiating events must be

quantitatively assessed; and

• seasonal or time-in-operating cycle variations must be either conservatively

assessed or properly quantified for the particular conditions.

Therefore, based on the above considerations, TR NEI 06-09, Revision 0, for PRA

modeling is sufficient to ensure an acceptable evaluation of risk due to the SSC

unavailability and is consistent with Section 2.3.3 of RG 1.177.

Assumptions. TR NEI 06-09, Revision 0, applies the PRA model to evaluate

configuration-specific risk in order to set the required TS CT. No specific assumptions

of the PRA model are unique to this application. When key assumptions introduce a

source of uncertainty to the risk calculations (identified in accordance with the

requirements of the ASME standard), TR NEI 06-09, Revision 0, requires analysis of the

assumptions and accounting for their impact to the RMTS calculated RICTs. Thus, the

TR appropriately identifies the requirement to identify and address assumptions with

regard to configuration risk analyses in support of TS CTs and is consistent with

Section 2.3.4 of RG 1.177.

Sensitivity and Uncertainty Analyses. TR NEI 06-09, Revision 0, requires sensitivity

studies to assess the impact of key sources of uncertainties of the PRA on the RMTS.

Where the sensitivity analyses identify a potential impact on the calculated RICT,

programmatic changes must be identified and implemented, such as additional RMAs or

program restrictions which would address the impact of the uncertainties, or the use of

bounding analyses which address the impact of the uncertainty. Thus, the guidance of

TR NEI 06-09, Revision 0, appropriately identifies the requirement to consider the

possible impacts of PRA model uncertainty and sensitivity to key assumptions and

model limitations, consistent with Section 2.3.5 of RG 1.177.

The NRC staff notes that TR NEI 06-09, Revision 0, references EPRI 1009652,

“Guidelines for the Treatment of Uncertainty in Risk-Informed Applications: Technical

Basis Document,” December 2004 (Reference 20), as a method for determining key

- 16 -

uncertainties. The NRC staff has not reviewed this document, and the NRC neither

endorses nor disapproves its methods with regards to identifying key uncertainties. The

NRC staff will review each individual licensee’s process for identifying and assessing

key uncertainties as part of the review of the RMTS LAR.

Use of Compensatory Measures in TS Change Evaluations. TR NEI 06-09,

Revision 0, requires consideration and implementation of appropriate compensatory

measures, or RMAs, when the risk associated with an extended TS CT exceeds the

thresholds of 10-6 ICDP or 10-7 ILERP. These thresholds are consistent with

NUMARC 93-01. Such actions are not typically credited in the risk assessment. Where

credit for such RMAs is to be applied, the action must be incorporated into the

underlying PRA model of the CRMP. Thus, NEI 06-09 appropriately identifies the

requirement to provide consideration for compensatory measures, consistent with

Section 2.3.6 of RG 1.177.

Contemporaneous Configuration Control. TR NEI 06-09, Revision 0, uses a CRMP

to assess the configuration-specific risk and determine the acceptability of extending the

TS CT. The TR specifically requires reanalysis of the risk, and reverification that the

extended CT remains acceptable for any change to the plant configuration, within the

scope of the CRMP, which occurs during the extended CT. TR NEI 06-09, Revision 0,

provides numerical limits on configuration risk, consistent with the requirements of

NUMARC 93-01, for implementation of compensatory measures to mitigate higher risk

configurations. It further implements specific limits on configuration risk above which

extended CTs are prohibited. These limits are verified at the time the extended CT is

first entered, and whenever a configuration change occurs. TR NEI 06-09, Revision 0,

which includes the requirement for the CRMP, is required to be included in the TS

administrative controls for any licensee implementing the RMTS. These requirements

are consistent with Section 2.3.7.1 of RG 1.177.

RG 1.177 also identifies four key components of a CRMP: 1) implementation of the

CRMP, including the scope of SSCs, form of the assessment, and timing of the

assessment; 2) control and use of the CRMP assessment tool, including update

provisions and procedures governing its use; 3) Level 1 risk-informed assessment; and

4) Level 2 issues and external events. TR NEI 06-09, Revision 0, addresses all four key

components, and a CRMP applied to support an RMTS program must meet or exceed

the key components identified in RG 1.177, as described below.

(1) CRMP Implementation. The scope of SSCs subject to the CRMP includes all

PRA model components in addition to the components subject to the TS for

which the RMTS is applicable, and the assessment tool must include a direct

PRA assessment of the configuration. The CRMP must be used prior to entering

an extended CT, and emergent conditions must be assessed within the time

limits of any applicable TS actions up to a maximum allowed time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

Compensatory measures or RMAs are required to be in place for planned

activities, and must be implemented upon reaching specified risk thresholds for

either planned or unplanned activities.

- 17 -

(2) Control of CRMP Assessment Tool. A process must be in place to monitor

plant modifications and other changes which may impact the PRA model to

assure that the CRMP correctly reflects the as-built, as-operated plant. The

CRMP must be governed by plant procedures, and any deficiencies of the CRMP

tool must be addressed and dispositioned in accordance with the requirements

and time limits of the licensee’s corrective action program.

(3) Level 1 Assessment. Quantitative assessment of CDF risk for internal events is

required to support the RMTS. The assessment must use a PRA model which

satisfies capability Category II of ASME RA-Sb-2005.

(4) Level 2 and External Events. Quantitative assessment of LERF risk is required

to support the RMTS. Fire risk must be treated quantitatively as well, although

the use of conservative or bounding analyses may be employed. Other external

events are also treated quantitatively, unless it is demonstrated that these risk

sources are insignificant contributors to configuration-specific risk.

The NRC staff notes that TR NEI 06-09, Revision 0, references EPRI 1012948,

“Methodology for Fire Configuration Risk Management,” December 2005, as an

example of a bounding analysis method applicable to the RMTS for screening

fire risk. The NRC staff has not reviewed this document, and the NRC neither

endorses nor disapproves its methods with regards to analyzing fire risk to

support the RMTS. The NRC staff will review each individual licensee’s method

for assessing the fire risk contribution within the RMTS program as part of the

review of the RMTS LAR.

Thus, TR NEI 06-09, Revision 0, requirements for the CRMP are consistent with

Section 2.3.7.2 of RG 1.177.

Acceptance Guidelines. TR NEI 06-09, Revision 0, requires a licensee to

quantitatively evaluate the change in total risk for CDF and LERF for each instance of

an extended TS CT, using the configuration specific risk applicable at the time the TS

LCO is not met. Each individual instance is limited to a risk impact of 10-5 for ICDP, and

10-6 for ILERP. These limits were chosen to be consistent with the guidance of

NUMARC 93-01, as endorsed by the NRC staff in RG 1.182, for control of risk during

maintenance activities.

Consistent with NUMARC 93-01, a limit for configuration-specific CDF of 10-3/year and

for LERF of 10-4/year, are also established by TR NEI 06-09, Revision 0. If the

configuration-specific risk is above these limits, an extended CT may not be entered,

and the existing TS frontstop CTs would apply. These limits provide a control to prevent

entry into potential high risk configurations. Consistent with its endorsement of

RG 1.182, the NRC staff neither endorses nor disapproves of the 10-3/year CDF value,

nor the 10-3/year LERF value. The NRC staff has not developed guidance on

acceptable levels of configuration risk, but instead uses metrics based on the

accumulation of risk over time. The industry imposed limits of 10-3/year CDF and

10-4/year LERF would only provide for a maximum of about 3.5 days of operation until

the ICDP limit of 10-5, or the ILERP limit of 10-6, upon which the RICT is based, were

- 18 -

reached, and so extended operation in such configurations would not be permitted

under a RMTS program. Such configurations are not expected to occur frequently, and

therefore the NRC staff does not find it necessary to provide any further restrictions on

configuration risk beyond what is proposed in TR NEI 06-09, Revision 0.

Further, the NRC staff interprets TR NEI 06-09, Revision 0, guidance as not permitting a

RICT to be entered (i.e., to exceed the frontstop CT) when the configuration-specific risk

exceeds the 10-3 CDF or 10-4 LERF limits, since use of a RICT is a voluntary decision to

extend a CT. However, TR NEI 06-09, Revision 0, does not require exiting a RICT if the

limits of either 10-3 CDF or 10-4 LERF are subsequently exceeded due to emergent

conditions which arise after a RICT is in effect. This is consistent with the guidance of

NUMARC 93-01. The RICT, once in effect, is solely governed by the ICDP and ILERP

limits described above, and emergent configurations whose risk level exceeds the 10-3

CDF or 10-4 LERF limits are managed using RMAs.

RG 1.177 provides criteria for changes in risk applicable to permanent changes to TS

CTs, of 5 x 10-7 ICCDP, and 5 x 10-8 ICLERP. The NRC staff considered this guidance

and its applicability to the RMTS, and specifically considered that the allowable risk

accumulation proposed in TR NEI 06-09, Revision 0, exceeds the RG 1.177 guidance,

and instead applies 10-5 ICDP and 10-6 ILERP from NUMARC 93-01. The more

restrictive limits of RG 1.177 are based on a calculation which assumes that only the

particular TS SSC of the LCO is inoperable, and that all other plant SSCs are at their

nominal unavailability level. The intent of these limits is to provide assurance that a

proposed TS change, by itself, has no more than a small quantitative impact on plant

risk. However, the licensee is not limited by the assumptions of this risk calculation, and

any particular application of the TS change may result in risk which exceeds RG 1.177

guidance, depending upon the status of other SSCs when the LCO action is entered.

The risk during implementation is determined and managed in accordance with a

licensee’s program for 10 CFR 50.65(a)(4). The risk calculations applicable to an RMTS

program are more similar to the risk management activities and calculations performed

for actual application of a TS change, which assesses the actual plant configuration,

considering the status of all SSCs which are included in the scope of the CRMP.

Therefore, the NRC staff concludes that the guidance of NUMARC 93-01 endorsed by

RG 1.182 is appropriate guidance for establishing an acceptable RICT.

The methodology for extending CTs does not impact the existing frontstop CTs of the

TS. Further, there is no permanent change to the CT of any TS LCO, since

configuration-specific risk must always be assessed each time the frontstop CT is to be

exceeded, based on the actual status of all SSCs within the scope of the CRMP. The

NRC staff considers extensions of TS CTs using TR NEI 06-09, Revision 0, to be

temporary changes in plant risk, and the RG 1.177 ICCDP and ICLERP guidelines for

AOT changes should not be applied. Therefore, these CT extensions may be assessed

and managed using the criteria consistent with NUMARC 93-01.

Implementation of the RMTS avoids unnecessary unplanned shutdowns, and the

transition risks associated with such evolutions. RMAs which reduce the actual risk

incurred while TS equipment is out of service are required to be considered and

implemented when appropriate as part of the TR NEI 06-09, Revision 0, program

guidance. The RMTS allow a licensee to consolidate planned maintenance and testing

- 19 -

activities into single equipment outages, rather than performing such activities over

several smaller outages in order to comply with the existing TS CTs. This consolidation

may reduce the total unavailability of safety-related SSCs by eliminating the recurrence

of restoration alignment and testing, and displace and reduce the risk associated with

more frequent, shorter equipment outages. These improvements to operational safety

are not quantified or credited by the RMTS program.

Implementation of TR NEI 06-09, Revision 0, is therefore consistent with the three-tiered

approach of RG 1.177 and SRP 19.0 by providing for:

(1) a comprehensive risk assessment addressing configuration-specific risk of core

damage and large early release, applying limits consistent with NUMARC 93-01

applicable for equipment maintenance, and assessing the total risk associated

with all significant sources of risk, including fire risk and any plant-specific

significant external events;

(2) consideration and implementation of risk management actions for those

equipment outages which exceed specified risk thresholds; and

(3) ongoing risk assessment within a CRMP for all changes to plant status occurring

during implementation of the TS extended CT.

Therefore, the proposed methodology satisfies the fourth key safety principle of

RG 1.177 by assuring any increase in risk is small consistent with the intent of the

Commission’s Safety Goal Policy Statement.

5. The impact of the proposed change should be monitored using performance

measurement strategies.

The cumulative impact of implementation of an RMTS is periodically assessed as

required by TR NEI 06-09, Revision 0, and must be shown to result in a total risk impact

below 10-5/year for change to CDF, and below 10-6/year for change to LERF, and the

total CDF and total LERF must be reasonably shown to be less than 10-4/year and

10-5/year, respectively. These criteria are consistent with the guidance of RG 1.174,

Revision 1, for acceptable small changes in risk.

The NRC staff anticipates that the use of extended CTs within an RMTS program is

unlikely to be a routine practice, since licensees already accomplish planned

maintenance activities within the existing TS CTs. Although the RMTS are permitted to

be applied to planned maintenance activities, other requirements, such as 10 CFR 50.65

performance monitoring, and regulatory oversight of equipment performance, are

disincentives to a licensee for incurring significant additional unavailability of plant

equipment, even when allowed by an RMTS program. This provides a further control on

the use of the RMTS which could result in a significant increase in equipment

unavailability and the commensurate risk.

The NRC staff notes that a single CT extension at the 10-5 ICDP or 10-6 ILERP limit

could approach CDF or LERF guidance of TR NEI 06-09, Revision 0. While

allowable, such configurations are not routinely encountered during plant maintenance

- 20 -

activities, and are not the anticipated application of the RMTS. More typically, the actual

risk of a configuration involving an extended CT would be a low risk evolution, and the

RICT provides an effective method for a licensee to manage and reduce the total risk

associated with all plant maintenance activities.

If implementation of the RMTS result in a cumulative annual calculated risk increase

above the RG 1.174, Revision 1, guidance, TR NEI 06-09, Revision 0, requires the

licensee to assess the cause and implement appropriate corrective actions. These

assessments are required to be documented and available for NRC staff review. The

performance monitoring and feedback specified in the TR, is sufficient to reasonably

assure changes in risk due to the implementation of the RMTS are small, and are

consistent with Section 3.2 of RG 1.177. Thus, the fifth key safety principle of RG 1.177

is satisfied.

4.0 LIMITATIONS AND CONDITIONS