ML13317A735

From kanterella
Jump to navigation Jump to search

Forwards Eg&G Draft Technical Evaluation on SEP Topic VII-3, Electrical,Instrumentation & Control Feature of Sys Required for Safe Shutdown, & NRC Draft Safety Evaluation. Facility Meets Current Licensing Criteria
ML13317A735
Person / Time
Site: San Onofre 
Issue date: 11/18/1981
From: Crutchfield D
Office of Nuclear Reactor Regulation
To: Dietch R
Southern California Edison Co
References
TAC-44652, TAC-62079, TASK-07-03, TASK-7-3, TASK-RR LSO5-81-11-040, LSO5-81-11-40, NUDOCS 8111200293
Download: ML13317A735 (18)
v  d  e


Text

November 18, 1981 Docket No. 50-206 LS05 11-040 Mr. R. Dietch, Vice President Nuclear Engineering and Operations 2244 Walnut Grove Avenue Post Office Box 800 Rosemead, California 91770

Dear Mr. Dietch:

SUBJECT:

SEP TOPIC VII-3, SYSTEMS REQUIRED FOR SAFE SHUTDOWN, DRAFT SAFETY EVALUATION FOR SAN ONOFRE is our contractor's draft technical evaluation on this topic. is a draft of our safety evaluation that is based on Enclosure 1 and a previous study of safe shutdown systems.

This evaluation is the staff's position regarding design of your facility in the subject area. With regard to the referenced topic, the staff has concluded your facility meets current licensing criteria.

Sincerely, Dennis M. Crutchfield, Chief Operating Reactors Branch No. 5 Division of Licensing

Enclosure:

60 As stated 0

cc w/enclosure:

/

See next page go Ut6 ADD*

OFFICE

...... S SEP:SL..-fSEP:BC./

P ORB#5/C A

RSc

dp BHermann e.Y o i rutchffeTd

.as SUR AME DATE......

0/

1...

1 0

0/4? /81.......

.1/

81 1./...

NRC FORM 318 (10-80) NRCM 0240 OFFICIAL RECORD COPY USGPO: 1981-335-960

VPV jI REG (&

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D. C. 20555 November 18, 1981 Docket No.

50-206 LS05-81-11-040 Mr. R. Dietch, Vice President Nuclear Engineering and Operations Southern California Edison Company 2244 Walnut Grove Avenue Post Office Box 800 Rosemead, California 91770

Dear Mr. Dietch:

SUBJECT:

SEP TOPIC VII-3, SYSTEMS REQUIRED FOR SAFE SHUTDOWN, DRAFT SAFETY EVALUATION FOR SAN ONOFRE is our contractor's draft technical evaluation on this topic. is a draft of our safety evaluation that is based on Enclosure 1 and a previous study of safe shutdown systems.

This evaluation is the staff's position regarding design of your facility in the subject area. With regard to the referenced topic, the staff has concluded your facility meets current licensing criteria.

Sincerely, Dennis M.

Crutchfield, Chief Operating Reactors Branch No. 5 Division of Licensing

Enclosure:

As stated cc w/enclosure:

See next page

Mr. R. Dietch cc Charles R. Kocher, Assistant General Counsel James Beoletto, Esquire Southern California Edison Company Post Office Box 800 Rosemead, California 91770 David R. Pigott Orrick, Herrington & Sutcliffe 600 Montgomery Street San Francisco, California 94111 Harry B. Stoehr San Diego Gas & Electric Company P. 0. Box 1831 San Diego, California 92112 Resident Inspector/San Onofre NPS c/o U. S. NRC P. 0. Box 4329 San Clemente, California 92672 Mission Viejo Branch Library 24851 Chrisanta Drive Mission Viejo, California 92676 Mayor City of San Clemente San Clemente, California 92672 Chairman Board of Supervisors County of San Diego San Diego, California 92101 California Department of Health ATTN:

Chief, Environmental Radiation Control Unit Radiological Health Section 714 P Street, Room 498 Sacramento, California 95814 U. S. Environmental Protection Agency Region IX Office ATTN:

Regional Radiation Representative 215 Freemont Street San Francisco, California 94111 0402J SYSTEMATIC EVALUATION PROGRAM TOPIC VII-3 ELECTRICAL, INSTRUMENTATION AND CONTROL FEATURES OF SYSTEMS REQUIRED FOR SAFE SHUTDOWN SAN ONOFRE UNIT 1 NUCLEAR POWER PLANT Docket No. 50-206 October 1981 D. A. Weber EG&G Idaho, Inc.

10-6-81

CONTENTS

1.0 INTRODUCTION

2.0 REVIEW CRITERIA...............................................

2 3.0 RELATED SAFETY TOPICS AND INTERFACES............................

2 4.0 REVIEW GUIDELINES.............................................. 3 5.0 DISCUSSION AND EVALUATION......................................

4 5.1 Instrumentation.........................................

4 5.1.1 Evaluation........................................

5 5.2 Safe Shutdown Systems.....................................

5 5.2.1 Onsite Power Unavailable...........................

7 5.2.1.1 Evaluation.............................

8 5.2.2 Offsite Power Unavailable..........................

8 5.2.2.1 Evaluation.............................

8 5.3 Shutdown and Cooldown Capability Outside the Control Room............................................

8 5.3.1 Evaluation

........................................ 9 6.0

SUMMARY

9 7.0 SAFE SHUTDOWN EI&C FEATURES FOR CONSIDERATION BY SEP TOPIC III-1

............................................... 9

8.0 REFERENCES

...................................................11

SEP TECHNICAL EVALUATION TOPIC VII-3 ELECTRICAL, INSTRUMENTATION AND CONTROL FEATURES OF SYSTEMS REQUIRED FOR SAFE SHUTDOWN SAN ONOFRE UNIT 1 NUCLEAR POWER PLANT

1.0 INTRODUCTION

This report is part of the Systematic Evaluation Program (SEP) review of Topic VII-3, "Systems Required for Safe Shutdown".

The objective of this review is to determine whether the electrical, instrumentation, and control (EI&C) features of the systems required for safe shutdown, including support systems, meet current licensing requirements.

The systems required for safe shutdown have been identified by the NRC SEP staff. The systems were reviewed to ensure the following safety objec tives are met:

1. Assure the design adequacy of the safe shutdown system to automatically initiate operation of appropriate systems, including reactivity control systems, such that fuel design limits are not exceeded as a result of operational occurrences and postulated accidents, and to automatically initiate systems required to bring the plant to a safe shutdown
2.

Assure that required systems, equipment, and control to maintain the unit in a safe condition during hot shut down are appropriately located outside the control room, and have the capability for subsequent cold shut down of the reactor using suitable procedures

3. Assure only safety grade equipment is required to bring primary coolant systems from a high pressure-to low pressure cooling condition.

The scope of this review specifically includes an evaluation of the electrical, instrumentation, and control (EI&C) features necessary for operation of the identified safe shutdown systems.

The review evaluates the systems for operability with and without offsite power and the ability to operate with any single failure. The EI&C 1

review of safe shutdown systems only includes those features not covered under other SEP Topics. Specific items which will be covered under other SEP reports are identified in Section 4.0, Review Guidelines.

2.0 REVIEW CRITERIA Current licensing criteria for safe shutdown is contained in the following:

1. IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations"
2. GDC-5, "Sharing of Structures, Systems, and Components"
3. GDC-13, "Instrumentation and Control"
4. GDC-17, "Electric Power Systems"
5. GDC-19, "Control Room"
6. GDC-26, "Reactivity Control System Redundancy and Capability"
7. GDC-34, "Residual Heat Removal"
8. GDC-35, "Emergency Core Cooling"
9. GDC-44, "Cooling Water."

3.0 RELATED SAFETY TOPICS AND INTERFACES The following list of SEP topics are related to the safe shutdown topic with respect to EI&C features, but are not being specifically reviewed under this topic:

1. SEP III-1O.A, "Thermal Overload Protection for Motors of Motor-Operated Valves"
2. SEP VI-7.A.3, "ECCS Actuation System"
3. SEP VI-7.C.1, "Independence of Onsite Power"
4.

SEP VI-10.A, "Testing of RTS and ESF Including Response Time Testing" 2

5. SEP VI-10.B, "Shared ESF, Onsite Emergency Power, and Service Systems for Multiple Unit Facilities"
6. SEP VII-1, "Reactor Trip System"
7. SEP VII-2, "ESF Control Logic and Design"
8. SEP VIII-2, "Onsite Emergency Power Systems--Diesel Generators"
9. SEP VIII-3, "Emergency DC Power Systems"
10.

SEP IX-3, "Station Service and Cooling Water Systems"

11.

SEP IX-6, "Fire Protection."

Where safe shutdown system EI&C response is affected by the above mentioned topics, that particular SEP review has been consulted for deter mination of overall safe shutdown system performance. Where the SEP topic review is not available, the effect on safe shutdown system performance is based on an assumed operating condition of the effecting system. The safe shutdown review will be considered preliminary until resolution of the effecting topic is completed and found to be in accordance with assumptions made in this review.

The completion of this review impacts upon the following SEP topics, since capabilities relating to safe shutdown is required in the topic:

1. SEP VIII-l.A, "Potential Equipment Failures Associated with a Degraded Grid Voltage"
2. SEP VIII-2, "Onsite Emergency Power Systems--Diesel Generators."

4.0 REVIEW GUIDELINES The capability to attain a safe shutdown has been reviewed by evalu ating the systems used for normal shutdown (onsite power not available) and emergency shutdown (offsite power not available).

SRP 7.4 was applied to each system to ensure the following guidelines were met:

1. They have the required redundancy (SRP 7) 3
2. They meet the single failure criterion (RG 1.53, ICSB BTP 18)
3. They have the required capacity and reliability to perform intended safety functions on demand (SRP 7).

Additionally, SRP 5.4 requirements contained in BTP RSB 5-1 were reviewed to determine if the systems required for residual heat removal meet the following criteria:

1. The systems are capable of being operated from the control room with only offsite or only onsite power available
2. The systems are capable of bringing the reactor to cold shutdown with only offsite or only onsite power avail able within a reasonable period, assuming the most limiting single failure.

The electrical equipment environmental qualification and physical separation are being reviewed under other topics, as is the seismic equipment qualifi cation, and are not reviewed in this report. Section 7.0 consists of a list of safety related EI&C equipment necessary for safe shutdown to be used in resolving SEP Topic III-1, "Classification of Structures, Compo nents, and Systems."

5.0 DISCUSSION AND EVALUATION 5.1 Instrumentation. The NRC SEP Staff Review of Safe Shutdown Sys tems identified the instrumentation available in the control room necessary to bring the reactor from the hot shutdown to cold shutdown condition. This review evaluates the nuclear instrumentation, since this instrumentation must be monitored to ensure the reactor achieves and maintains shutdown con ditions. Various system parameters, such as pump running or valve position indications, are not included in the list of safe shutdown instruments of the SEP Review of Safe Shutdown Systems. This is because indication is pro vided by the control/operate circuitry. Availability of control/operate circuitry to run the system also means availability of the required indica tion. Similarly, if the control/ operate circuitry is unavailable such that system operation is not possible, then system indication is not mandatory.

4

The nuclear instrumentation is powered from four independent 120 V AC sources providing redundant indication of each range of power level.

Normal power for three of the sources is supplied from 125 V DC-1 via independent inverters 1, 2 and 3. The fourth source is normally supplied from 125 V DC-2 via inverter 4. Each source can be independently supplied with emer gency power from MCC1 or 2. There is no single failure that would disable all of the nuclear instrumentation.

The reactor parameter indicators (level, pressure/temperature) avail able in the control room are powered from the same normal and emergency sources as the nuclear instrumentation. Therefore, no single failure will result in loss of reactor parameter indications.

The indications for power to the various AC and DC buses is supplied by lights, meters, or alarms powered from the bus being monitored. Loss of power to the bus would be indicated in the control room, and no single failures of indications would effect the ability to monitor any other bus.

5.1.1 Evaluation.

The instrumentation necessary for reaching and maintaining cold shutdown at San Onofre meets current licensing criteria since there are no single EI&C failures that could render vital indications necessary for maintaining plant control inoperable.

5.2 Safe Shutdown Systems.

The SEP staff review of Safe Shutdown Systems identified the systems required for short-term cooling (immediately after reactor shutdown) and long-term cooling (when the reactor is cooled to the RHR design pressure limit) with only offsite or only onsite power available.

Normal short-term cooling is provided by dumping steam from the main steam system to the main condenser via the steam bypass valves. The cir culating water pumps provide cooling to remove heat by condensing the steam.

The feedwater system then returns the water to the steam generator. Failure of the feedwater control system, steam bypass valves, or loss of circulating 5

water flow to the condenser can render this method of cooling inoperative.

The systems in this method are not class 1E but are being considered as an available means to remove decay heat.

The emergency or alternate short-term cooling requires operation of the Main Steam Safety Valves (MSSV), the Steam Dump Control System (SOCS), and the Auxiliary Feed System (AFS).

The MSSVs have no electrical controls and operate automatically to relieve pressure from the S/Gs, thereby cooling the reactor. The SDCS actuates four atmospheric dump valves (ADVs), which vent steam directly to the atmosphere, and two steam bypass valves (SBVs), which allows main steam to flow directly to the main condenser. This system pre vents or limits the operation of the MSSVs, and provides a means of RCS cooldown. The two auxiliary feed pumps, one turbine-driven and one motor driven, are each capable of supplying the necessary S/G makeup to continue this method of cooling if the main feed system is unavailable. In addition, the turbine-driven pump can be used to relieve steam system pressure as the turbine exhausts to atmosphere. The air-operated valves in the AFS are con trolled from the control room and fail closed on loss of air pressure.

Iso lation of any failed portion of the AFS can be accomplished by manual valve operations. Finally, the S/G makeup can be accomplished through a normal path or an emergency path which bypasses any failed air operated valve.

Both Auxiliary Feed Pumps (AFP) take suction from the Condensate Stor age Tank (CST) via the hotwell and makeup line. The CST can be filled from the primary plant makeup pumps or from the service water reservoir using the fire protection system fire hydrant in the vicinity of the CST and portable hoses.

Makeup water to maintain primary water inventory and necessary boration levels is provided either by the Chemical and Volume Control System (CVCS) or the Safety Injection System (SIS).

The CVCS will automatically provide water when pressurizer level is low. The SIS must be manually started to provide this function unless the primary pressure has dropped to the SI initiation point. There are no EI&C single failures which would disable both systems.

6

The CVCS provides water from the Volume Control Tank (VCT) or the Refueling Water Storage Tank (RWST) to che reactor via the loop A charging line.

Boron is added to the suction of the charging pumps from the Boric Acid Tank (BAT).

The RWST contains borated water.

The SIS provides water from the RWST to the reactor via the cold leg of each loop.

This system will automatically initiate on low reactor pres sure or can be manually started to provide the necessary makeup water.

Long-term cooling is provided by the RHR system which takes suction on the hot leg of loop C and returns to the cold leg of loop A. Two 50% capa city pumps and heat exchangers provide the cooling.

Only the Component Cooling Water System (CCWS) can provide cooling to the RHR heat exchangers.

5.2.1 Onsite Power Unavailable (Offsite Power Only).

San Onofre normally operates with the station turbine generator providing power to the reactor coolant pumps via auxiliary transformers A and B. Offsite power, via auxiliary transformer C, provides power to all other loads.

Reactor or turbine malfunctions normally trip the generator 220 KV circuit breakers but leave the generator circuit breaker closed so that generator coastdown energy is supplied to the reactor coolant pumps. On loss of power to Aux iliary Transformer C, the generator is tripped, the generator disconnect is opened, and power is restored to the 4160 V system through auxiliary trans formers A and B.

Single failures of EI&C features, such as a loss of the feedwater control system, could render the normal short-term cooling method inoper able. However, no EI&C single failure disabling the normal cooldown method would also render the AFS, SDCS and MSSVs inoperable.

Long-term cooling is provided only by the RHR system. Single EI&C failures such as failure of control power to any suction or discharge MOV render the system inoperable. This does not meet the criteria of BTP RSB 5-1.

7

5.2.1.1 Evaluation. The systems required for short-term cooling at San Onofre are capable of providing the required cooling assuming no onsite power is available and a single EI&C failure. Only the long-term cooling system (RHR) is susceptible to single failures of EI&C features and does not meet the criteria of BTP RSB 5-1.

5.2.2 Offsite Power Unavailable. During normal operation, a loss of offsite power will result in a reactor scram, turbine trip, and momentary loss of power to the AC distribution system. Subsequently, the diesel generators will be automatically started but must be manually loaded to supply power.

In addition to the normal short-term cooling method (use of the main condenser), the AFS, SOCS, and MSSVs are available to cool the reactor to the point of RHR initiation. There are no EI&C single failures which would prevent the AFS from operating to supply water to the S/Gs using either the steam driven pumps or the electric pump.

The long-term cooling capabilities of the RHR system have been pre viously discussed.

There is no single EI&C failure that would prevent both the CVCS and SIS from providing the necessary primary make-up.

5.2.2.1 Evaluation. The short-term cooling methods at San Onofre are capable of providing the required cooling assuming no offsite power is available and a single EI&C failure. The long-term cooling system is susceptible to single EI&C failures and does not meet the criteria of BTP RSB 5-1.

5.3 Shutdown and Cooldown Capability Outside the Control Room. The capability to maintain the plant in hot shutdown from outside the control room exists at San Onofre. The Auxiliary Control Panel (C38) contains instruments to monitor reactor parameters, such as level and temperature, and has controls to operate the SDCS and AFS. Local control stations exist 8

for the pumps and valves of the systems required for safe shutdown described in Section 5.2.

Procedures for taking the plant from hot to cold shutdown from outside the control room exist and the EI&C features of the safe shut down systems are capable of supporting this procedure.

5.3.1 Evaluation. Adequate capability exists to maintain the reactor at hot shutdown and to take the reactor from hot to cold shutdown from outside the control room.

6.0

SUMMARY

The systems required to take the reactor from hot shutdown to cold shutdown, assuming only offsite power is available or only onsite power is available and a single failure, are capable of initiation to bring the plant to a safe shutdown and are in compliance with current licensing cri teria and the safety objectives of SEP Topic VII-3, except that long-term cooling (RHR) is susceptible to single EI&C failures which render long-term cooling inoperable.

The instrumentation available to control room operators to place and maintain the reactor in cold shutdown conditions meets current licensing criteria since no single EI&C failures render vital parameters such as reactor pressure and temperature, inoperable.

The capability to maintain the reactor in hot shutdown from outside the control room exists and is in compliance with the safety objectives of SEP Topic VII-3. Procedures to take the plant from hot to cold shutdown from outside the control room satisfy the safety objectives of SEP.

Topic VII-3.

7.0 SAFE SHUTDOWN EI&C FEATURES FOR CONSIDERATION BY SEP TOPIC III-1 ELECTRICAL DISTRIBUTION (including support structure, but not individual loads) 9

1. AC BUSES 1A, 1B, 1C, 2C, 1, 2, 3, and the MCC's powered from these buses--including all feeders, incoming or outgoing, control circuits, indicating circuits, bus work and support structures
2. ALL DC BUSES--including batteries, chargers, breakers, bus work, and support structures
3. DIESEL GENERATOR 1 and 2--including control and indi cating circuitry, and control and indication of vital DG auxiliaries such as lube oil, fuel, and cooling.

INSTRUMENTATION (including support structures)

1. PRESSURIZER LEVEL
2. REACTOR PRESSURE
3. REACTOR TEMPERATURE
4. REACTOR PROTECTION SYSTEM
5. NEUTRON MONITORING (including in-core monitoring)
6. AREA AND SYSTEM RADIATION MONITORING
7. STEAM GENERATOR INSTRUMENTATION SYSTEMS (includes pumps, valves, control, indication, and support structures)
1. RESIDUAL HEAT REMOVAL SYSTEM
2. COMPONENT COOLING WATER SYSTEM
3. SERVICE WATER SYSTEM
4. AUXILIARY FEED SYSTEM
5. INSTRUMENTATION AIR SYSTEM
6. MAIN STEAM SAFETY VALVES
7. STEAM DUMP CONTROL SYSTEM
8. SAFETY INJECTION SYSTEM
9. CHEMICAL AND VOLUME CONTROL SYSTEM 10
10.

MAIN CONDENSER AND FEEDWATER SYSTEM

11.

SALT WATER COOLING SYSTEM

8.0 REFERENCES

1. "Final Safety Analysis Report," San Onofre Nuclear Station.
2. Code of Federal Regulations, 10 CFR 50, Appendix A, "General Design Criteria for Nuclear Power Plants."
3.

IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations."

4. NUREG 75/087, Nuclear Regulatory Commission Standard Review Plan 7.4, "Systems Required for Safe Shutdown" and 5.4, "Residual Heat Removal."
5. SCE letter, K. P. Baskin, to Director of Nuclear Reactor Regulation, dated February 19, 1981.
6.

SCE letter, W. C. Moody, to Director of Nuclear Reactor Regulation, dated July 28, 1981.

11

tnCIOSUre z

  • TEATIC EVALUATION PROGRAM TOPIC VII-3 SAN ONOFRE 1 TOPIC VII-3 SYSTEMS REQUIRED FOR SAFE SHUTDOWN
1. INTRODUCTION The systems aspects of the review of Systems Required for Safe Shutdown was conducted as part of Topic V-10. (RHR Reliability). This safety evaluation is limited to the electrical instrumentation and cpntrol sys tems identified as being required for safe'shutdown.

Plant systems that are needed to achieve and maintain a safe shutdown condition of the plant, including the capability for prompt hot shutdown of the reactor from out side the control room were reviewed. Included also, was a review of the design capability and method of bringing the plant from a high pressure condition to low pressure cooling assuming the use of only safety grade equipment. The objectives of the review were to assure:

i) The design adequacy of the safe shutdown system to (a) initiate automatically the operation of appropriate systems, including the reactivity control systems, such that specified acceptable fuel design limits are not exceeded as a result of anticipated operat ional occurrences or pcstulated accidents and (t) initiate the operation of systems and components required to bring the plant to a safe shutdown.

(2)

That the required systems and equipment, including necessary in strumentation and controls to maintain the unit in a safe condition during hot shutdown, are located at appropriate places outside the control room and have a potential capability for subsequent cold shutdown of the reactor through the suitable procedures.

(3) That only safety grade equipment is required to bring the reactor coolant system from a high pressure condition to a low pressure cooling condition.

II. Review Criteria The review criteria are presented in Section 2 of EG&G Report 0402J, "Electrical, Instrumentation, and Control Features of Systems Required for Safe Shutdown."

III.

Related Safety.Topics and Interfaces Review areas outside the scope of this topic and safety topics that are dependent on the present topic information for completion are identified in Section 3 of EG&G Report 0402J.

-2 IV.

Review Guidelines The review guidelines are presented in Section 4 of EG&G Report 0402J.

V. Evaluation As noted in EG&G Report 0402J, the systems required to take San Onofre 1 from hot shutdown to cold shutdown, assuming only offsite power is available or only onsite power is available and a single failure, are capable of initiation to bring the plant to a safe shutdown and are in compliance with current licensing criteria and the safety objectives of SEP Topic VII-3 except that long-term cooling (RHR) is susceptible to single EI&C failures which render long-term cooling inoperable.

The instrumentation available to control room operators to place and maintain the reactor in cold shutdown conditions meets current lic ensing criteria since no single EI&C failures render vital parameters such as reactor pressure, temperature, etc., inoperable.

The capability to maintain the reactor in hot shutdown from outside the control room exists and is in compliance with the safety objec tives of SEP Topic VII-3.

Procedures to take the plant from hot to cold shutdown from outside the control room satisfy the safety objec tives of SEP Topic VII-3.

VI.

Conclusions The long term cooling method (RHR) is susceptible to single EI&C failures which render it inoperable. However, because alternative methods of long term cooling are available which were not addressed by the contractor (see SEP Safe Shutdown Systems Report, transmitted by letter dated June 20, 1981),

the staff concludes that San Onofre 1 satisfies all of the review criteria.

Retrieved from "https://kanterella.com/w/index.php?title=ML13317A735&oldid=5224638"