ML13303B219

From kanterella
Jump to navigation Jump to search
Safety Evaluation Accepting Evaluation of Compliance W/Atws Rule 10CFR50.62 Requirements for Reduction of Risk from ATWS Events for Light Water Cooled Nuclear Power Plants
ML13303B219
Person / Time
Site: San Onofre  
Issue date: 05/29/1990
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML13303B218 List:
References
NUDOCS 9006010276
Download: ML13303B219 (8)
v  d  e


Text

L*0 p 'A EG U 0,

UNITED STATES o0 NUCLEAR REGULATORY COMMISSION WASHINGTON, D. C. 20555 SAFETY EVALUATION SAN ONOFRE NUCLEAR GENERATING STATION, UNIT NOS. 2 AND 3 EVALUATION OF COMPLIANCE WITH THE ATWS RULE:

10 CFR 50.62 REQUIREMENTS FOR REDUCTION OF RISK FROM ANTICIPATED TRANSIENTS WITHOUT SCRAM (ATWS) EVENTS FOR LIGHT-WATER-COOLED NUCLEAR POWER PLANTS DOCKET NOS. 50-361 AND 50-362

1.0 INTRODUCTION

On July 26, 1984 Title 10, Chapter 1, Part 50 of the Code of Federal Regulations (CFR3 was amended to include the "ATWS Rule" (Section 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram [ATWS] Events for Light-Water-Cooled Nuclear Power Plants").

An ATWS is an expected opera-tional transient (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power), which is accompanied by a failure of the reactor trip system (RTS) to shut down the reactor.

The ATWS Rule requires specific improvements in the design and operation of commercial nuclear power facilities to reduce the likelihood of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATWS event.

The 10 CFR 50.62 requirements applicable to pressurized water reactors manufactured by Combustion Engineering such as San Onofre Nuclear Generating Station, Unit Nos. 2 and 3 SONGS-2,3) are:

(1) Each pressurized water reactor must have equipment from sensor output to final actuation device, that is diverse from the reactor trip system, to automatically initiate the auxiliary (or emergency) feedwater system and initiate a turbine trip under conditions indicative of an ATWS. This equipment must be designed to perform its function in a reliable manner and be independent (from sensor output to the final actuation device) from the existing reactor trip system.

0276 900*.529 1DR

-DOCK 05000361 PDC

-2 (2) Each pressurized water reactor... must have a diverse scram system from the sensor output to interruption of power to the control rods. This scram system must be designed to perform its function in a reliable manner and be independent from the existing reactor trip system (from sensor output to interruption of power to the control rods).

In summary, the ATWS Rule requirements for SONGS-2,3 are to install a diverse scram system (DSS), diverse circuitry to initiate a turbine trip, and diverse circuitry for initiation of emergency feedwater.

2.0 BACKGROUND

Paragraph (c)(6) of the ATWS Rule requires that detailed information to demonstrate compliance with the requirements of the Rule be submitted to the Director, Office of Nuclear Reactor Regulation (NRR). In accordance with Paragraph (c)(6) of the ATWS Rule, the Combustion Engineering Owners Group (CEOG) provided information to the staff by letter dated September 18, 1985 (Ref. 1).

The letter forwarded CEN-315, "Summary of the Diversity Between the Reactor Trip System and the Auxiliary Feedwater Actuation System for CE Plants," for staff review.

The staff reviewed CEN-315 and, by letter dated August 4, 1986 (Ref. 2),

forwarded its conclusion to the CEOG. The staff concluded that sufficient diversity did not exist between the RTS and the auxiliary feedwater actuation system (AFAS) to achieve the degree of reduction in potential common mode failure mechanisms by providing hardware diversity as required by the ATWS Rule. This decision affected San Onofre Nuclear Generating Station,. Unit Nos. 2 and 3, Arkansas Nuclear One, Unit 2, and Waterford Steam Electric Station, Unit 3.

In response to the staff's evaluation of CEN-315, Southern California Edison (SCE), the licensee for SONGS-2,3, submitted CEN-349 to the staff by letter dated December 30, 1986 (Ref. 3).

CEN-349 provided additional information to support the CEOG position stated in CEN-315. The staff reviewed CEN-349 and, by letter dated January 11, 1988 (Ref. 4), again rejected the CEOG position that the existing diversity between the RTS and the AFAS meets the requirements of the ATWS Rule.

The licensee then, by letter dated December 29, 1988 (Ref. 5), submitted a plant-specific request for an exemption from the portion of the ATWS Rule that requires equipment diverse from the RTS to initiate the AFAS under conditions indicative of an ATWS. The staff denied this request for exemption by letter dated June 23, 1989 (Ref. 6), noting that the licensee had presented no new information to justify reconsideration of the require ments of the ATWS Rule and, in addition to this, the staff commented that the value/impact ratio that formed the basis of the exemption request was considered during the preparation of and before the issuance of the ATWS Rule.

-3 Meetings were held with the CEOG on May 1, 1989 and July 12 1989 during which the general design features of the diverse (aka DEFASI were discussed. A summary of the meetings, dated August 15, 1989 (Ref. 7), was forwarded to the licensee. The summary contained the staff's comments on the CEOG DEFAS design features and the staff's understanding of the functional requirements for the DEFAS that were agreed upon during the meetings. A conference call was held with the licensee on October 3, 1989, during which a schedule for the DEFAS design submittals was discussed.

The licensee, by letter dated December 5, 1989 (Ref. 8), committed to supply the details of a DEFAS design for SONGS-2,3 and by letter dated March 15, 1990 (Ref. 9) satisfied that commitment.

This safety evaluation addresses the licensee's conformance to the ATWS Rule with respect to the diverse emergency feedwater actuation system, as detailed in References 8 and 9. The licensee's conformance to the ATWS Rule with respect to the diverse scram system and the diverse turbine trip was approved in a previous safety evaluation transmitted in a letter dated January 30, 1990.

3.0 DISCUSSION AND EVALUATION The following is a discussion on the licensee's compliance to the guidance contained in the Federal Register, "Statement of Considerations" (Ref. 10) and to the requiremen sof the ATWS Rule as discussed in Section 3 of this report, as they apply to the proposed Diverse Emergency (Auxiliary) Feed water Actuation System (DEFAS).

A. SYSTEM DESCRIPTION The proposed DEFAS for SONGS-2,3 will consist of isolators, signal conditioning, trip recognition, coincident logic, initiation logic, and other circuitry and equipment necessary to monitor plant conditions and initiate emergency feedwater (EFW) flow during conditions indicative of an ATWS. The DEFAS will be a nonsafety related system isolated from the safety-related systems of the plant with which it interfaces by the use of approved electrical isolation devices. It will utilize the existing safety-related steam generator level sensors and the existing safety-related emergency feedwater system equipment (pumps and valves) to provide EFW to the steam generators to mitigate the consequences of an ATWS event.

The DEFAS initiation logic will be a 2-out-of-4 (2/4) trip logic system where a signal from both trip paths is required to initiate EFW flow. The functional requirements for the DEFAS include:

DEFAS must initiate EFW flow for conditions indicative of an ATWS where the EFAS has failed to initiate EFW flow.

The DEFAS will not be required to provide mitigation of an accident such as isolating feedwater flow to a ruptured steam generator.

-4 DEFAS will stop EFW flow to the affected steam generator after reaching a predetermined level setpoint (about 30 minutes after actuation) at which time manual operator intervention will control the system.

DEFAS will interface with existing pumps and valves via the existing safety-related circuitry.

DEFAS will be blocked by the main steam isolation system (MSIS) and by the EFAS to prevent control/safety interactions when EFW flow to a ruptured steam generator is terminated.

DEFAS will be enabled by a signal from the DSS indicating DSS actuation.

DEFAS will include capabilities to allow testing at the channel logic level while the plant is at power.

DEFAS will include features that provide alarms, plant computer data and other operator interfaces to indicate system status.

DEFAS setpoints will be set lower than the existing RPS setpoints so that a competing condition between the RPS and DEFAS will be avoided.

DEFAS equipment will be qualified for anticipated opera tional occurrences (AO0).

DEFAS may be manually actuated from the control room.

B. DIVERSITY The SONGS-2,3 DEFAS design will use the existing safety-related steam generator level instruments for the input signal and will send an actuation signal to the existing safety-related EFW system.

The DEFAS equipment will be diverse from that used in the Reactor Protection System (RPS) in that the DEFAS logic system will use Foxboro Spec 200 equipment while the RPS uses a bistable electro/

mechanical system. The DEFAS energizes to actuate and the RPS de-energizes to actuate. The DEFAS interface with the EFW system will be through a relay which will not be used in the RPS. This relay will be of a different manufacturer than that of the EFAS solid state relays.

C. ELECTRICAL/PHYSICAL INDEPENDENCE The DEFAS contains two 120 VAC power supplies, powered from a non-Class 1E uninterruptable power source (UPS) which receives its power from the "A" Train 4160 volt safety related bus. The UPSs can supply the DEFAS for up to an hour upon the loss of power.

-5 The nonsafety-related equipment of the DEFAS will be installed in a separate cabinet located in the main control room and will be in the same general area as are sections of the RPS. The licensee has determined that the installation of the DEFAS will not degrade the existing separation criteria of the RPS. !Being in a mild environ ment, the environmental qualification (EQ) called out in 10 CFR 50.49 will not be required, however; the DEFAS cabinet and equipment will be rated for the environment in which they are installed.

A DEFAS Trouble alarm located in the control room will alert the operators whenever the system has a loss of power.

D. RELIABILITY/TESTABILITY/MAINTENANCE The SONGS-2,3 DEFAS design has provisions for testing at-power. The tests will verify the channel logic and the proper operation of the output circuits. The channel logic tests will be performed once per day and a functional test will be performed at 92-day intervals.

The DEFAS will have an end-to-end test conducted each refueling outage which will consist of functional testing from the sensor output to and including the DEFAS output relay. It is the staff's understanding that the end-to-end test of the DEFAS will be over lapped with the surveillance testing of the EFAS such that a complete test will be performed which will encompass both the sensor and the final actuated equipment. The test procedure to be used to test the DEFAS should be made available for staff audit during the post implementation inspection of the DEFAS circuits.

Test and maintenance bypasses will be accomplished by the use of control switches designed into the DEFAS circuits. Circuit modifi cations for test purposes while at power will not involve installing jumpers, lifting leads, pulling fuses, tripping breakers, blocking relays, or other similar type actions. However, the end-to-end tests to be performed during refueling outages will require that two jumpers be installed at terminal strip test points specifically for DEFAS testing. The removal of these jumpers will be formally checked and documented as part of the calibration and test procedure.

A DEFAS Trouble alarm located in the control room will alert the operators whenever the system is undergoing test or maintenance.

E. OTHER DEFAS DESIGN CONSIDERATIONS The DEFAS Trouble alarm located in the control room will consist of the following local alarms:

Trip Path Bypass Channel Trip Trip Path Trip Channel In Test Spec 200 Micro Card Failure Loss of Logic Power Supply Loss of AC Power Supply

-6 These alarms will be displayed on the CFMS CRT screen. It is the staff's understanding that they will be given a Human Factors review and will be in keeping with the licensee's Control Room Design Review process.

The SONGS-2,3 DEFAS will comply with the Quality Assurance guidance required for nonsafety-related ATWS equipment as provided by Generic Letter 85-06.

The ATWS Rule requires that the DEFAS equipment must be designed to perform its function in a reliable manner. For a programmable digital system such as Foxboro spec. 200 micro cards, it must have a formal software verification and validation process to assure the software reliability. This was discussed with the licensee during a conference call on May 14, 1990. The licensee indicated that the software verification and validation program for the Foxboro Spec.

200 micro cards was documented in Foxboro document No. QOAAEO3-Rev. B dated October 26, 1988.

(This V&V program was accepted by NRC staff under Docket No. 50-213 Haddam Neck plant-reactor protection system upgrade.) The record of the software verification and validation process and the configuration file used in conjuction with the DEFAS software will be available for staff audit during the post-implemen tation inspection of the DEFAS circuits.

F. CONCLUSION Based on the above Discussion and Evaluation, the staff concludes that the Diverse Emergency Feedwater Actuation System proposed for implementation at the San Onofre Nuclear Generating Station, Units 2 and 3, conforms to the requirements of 10 CFR 50.62 (the ATWS Rule),

and is, therefore, acceptable. However, the staff's conclusion is subject to the verification of the DEFAS V&V processes and end-to-end test procedures as discussed in Sections D and E. The staff will audit these documents during a post-implementation inspection.

4.0 TECHNICAL SPECIFICATION REQUIREMENTS The staff is presently evaluating the need for technical specification operability and surveillance requirements, including actions considered appropriate when operability requirements cannot be met (i.e., limiting conditions for operation), to ensure that equipment installed per the ATWS Rule will be maintained in an operable condition. In its Interim Commission Policy Statement on Technical Specification Improvements for Nuclear Power Plants [52 Federal Register 3778, February 6, 1987], the Commission established a specific set of objective criteria for determining which regulatory requirements and operating restrictions should be included in Technical Specifications.

This aspect of the staff's review of SONGS-2,3 ATWS design compliance with the ATWS Rule remains open pending completion of the staff's review to determine whether and to what extent Technical Specifications are appro priate. The staff will provide guidance regarding the Technical

-7 Specification requirements for DSS, DTT, and DEFAS at a later date. Installation of ATWS prevention/mitigation system equipment should not be delayed pending the development or staff approval of operability and surveillance requirements for ATWS equipment.

-8

6.0 REFERENCES

1. Letter, R. G. Wells (CEOG) to F. Rosa (USNRC), "CEN-315 Summary of the Diversity Between the Emergency Feedwater Actuation System for C-E Plants," September 18, 1985.
2. Letter, D. M. Crutchfield (USNRC) to R. W. Wells (CEOG), "Staff Evaluation of CEN-315," August 4, 1986.
3. Letter, M. 0. Medford (SCE) to G. W. Knighton (USNRC), "San Onofre Nuclear Generating Station, Units 2 and 3 (Submittal of CEN-349),"

December 30, 1986.

4. Letter, G. W. Knighton (USNRC) to K. P. Baskin (SCE) and J. C. Holcombe (SDG&E), "NRC Evaluation of CEN-315 and CEN-349," January 11, 1988.
5. Letter, L. T. Papay (SCE) to USNRC, "Docket Nos. 50-361 and 50-362, ATWS Rule (10 CFR 50.62) Exemption Request, San Onofre Nuclear Generating Station Units 2 and 3, TAC Numbers 59139 and 59140,"

December 29, 1988.

6. Letter, G. M. Holahan (USNRC) to K. P. Baskin (SCE), "Nuclear Reactor Regulation Response to the Partial Exemption from the Requirements of 10 CFR 50.62 for San Onofre Nuclear Generating Station, Units 2 and 3 (TAC NOS. 59139 and 59140)," June 23, 1989.
7. Memorandum, M. D. Lynch (USNRC) to J. W. Hannon (USNRC), "Summary of Meeting with the Combustion Engineering Owners Group (CEOG) Regarding the DEFAS Design Features to be Installed Per 10 CFR 50.62 (The ATWS Rule)," August 15, 1989.
8. Letter, F. R. Nandy (SCE) to USNRC, "Docket No. 50-362, ATWS Rule 10 CFR 50.62, Diverse Emergency Feedwater Actuation, San Onofre Nuclear Generating Station, Unit 3, (TAC NO. 59140)" December 5, 1989.
9. Letter, F. R. Nandy (SCE) to USNRC, "Docket Nos. 50-361 and 50-362, ATWS Rule, 10 CFR 50.62 (TAC NOS. 59139/59140), Diverse Emergency Feedwater Actuation, San Onofre Nuclear Generating Station, Units 2 and 3," March 15, 1989.
10. Statement of Considerations, Federal Register, Vol. 49, No. 124, June 26, 1984.

Principal Contributor: H. Li Dated:

May 15, 1990

Retrieved from "https://kanterella.com/w/index.php?title=ML13303B219&oldid=5228459"