ML13317B232

From kanterella
Jump to navigation Jump to search
Safety Evaluation Accepting Util Proposed Implementation of ATWS Rule 10CFR50.62(c)(1) Subj to Satisfactory Completion of Human Factors Engineering Reviews & Environ Qualification Considerations
ML13317B232
Person / Time
Site: San Onofre 
Issue date: 11/30/1990
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML13317B231 List:
References
NUDOCS 9012050282
Download: ML13317B232 (10)
v  d  e


Text

.il RUNITED STATES 0

NUCLEAR REGULATORY COMMISSION o

WASHINGTON, D. C. 20555 ENCLOSURE SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION RELATED TO IMPLEMENTATION OF ATWS RULE REQUIREMENTS, 10 CFR 50.62 FOR SAN ONOFRE NUCLEAR GENERATING STATION, UNIT NO. 1 SOUTHERN CALIFORNIA EDISON COMPANY SAN DIEGO GAS AND ELECTRIC COMPANY DOCKET NO. 50-206

1.0 INTRODUCTION

On June 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants" (known as the ATWS Rule). The requirements of 10 CFR 50.62 became effective on July 26, 1984, and were applicable to all commercial light-water cooled nuclear power plants.

An ATWS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that is accompanied by a failure of the Reactor Trip System (RTS) to shut down the reactor. The ATWS Rule requires specific improvements in the design and operation of commercial nuclear power facilities to reduce the probability of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATWS event.

Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants, which requires that equipment diverse from the RTS initiate the auxiliary feedwater system and a turbine trip for ATWS events. In response to 10 CFR 50.62, paragraph (c)(1), the Westinghouse Owners Group (WOG) developed a set of conceptual ATWS mitigating system actuation circuitry (AMSAC) designs generic to Westinghouse plants. WOG issued Westinghouse Topical Report WCAP-10858, "AMSAC Generic Design Package," which provided information on the various Westinghouse designs.

The results of the NRC staff's review of WCAP-10858 was documented in a safety evaluation dated July 7, 1986 (Ref. 1).

In its safety evaluation, the staff concluded that the generic designs presented in WCAP-10858 satisfied the requirements of 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.

During the staff's review of the proposed AMSAC designs, the WOG issued Addendum 1 to WCAP-10858-P-A by letter dated February 26, 1987 (Ref. 2).

This Addendum changed the setpoint of the C-20 AMSAC permissive signal from 70%

reactor power to 40% power. On August 3, 1987, the WOG issued Revision 1 to 901205028:2 901130 F:'j ADOCK 0500020 P

0PDC

-2 WCAP-10858-P-A (Ref. 3), which incorporated Addendum 1 changes and provided details on changes associated with a new variable timer and the C-20 time delay. For those plants selecting either the feedwater flow or the feedwater pump/valve status logic option, a variable delay timer was added to the AMSAC actuation logic.

The variable time delay was inverse to reactor power and was used to approximate the time that the steam generator took to boil down to the low-low level setpoint upon a loss of main feedwater (MFW) from any given reactor power between 40% and 100% power. The time delay on the C-20 permissive signal for all logic circuits was lengthened to incorporate the maximum time that the steam generator takes to boil down to the low-low level setpoint upon a loss of MFW with the reactor operating at 40% power. The staff considered these changes to be acceptable.

Paragraph (c)(6) of the ATWS Rule required licensee's to submit information to the Director, Office of Nuclear Reactor Regulation (NRR), to demonstrate compliance with the rule. Southern California Edison Company (SCE or licensee) provided the required information by letter dated January 29, 1988, which included the proposed AMSAC design for San Onofre Nuclear Generating Station, Unit No. 1 (SONGS-1). The licensee also provided additional information by letters dated March 7 and October 21, 1988, July 5, 1989, and July 23, 1990.

2.0 DISCUSSION The auxiliary feedwater actuation system (AFAS) and the auxiliary feedwater system (AFWS) for SONGS-1 were upgraded following the TMI-2 accident in accordance with the resulting TMI Action Plan. The AFWS at SONGS-1 consists of two independent and redundant trains: Train A (AFWS-A) and Train B (AFWS-B).

Since the existing RTS for SONGS-1 is powered from electrical Train A, the licensee only included AFWS-B in its ATWS mitigation system (AMS) design in order to maintain independence between these two systems. The AFAS for Train B (AFAS-B) receives independent steam generator level signals from three narrow range level transmitters, one on each steam generator. The input circuitry for AFAS-B is arranged in a 2 out of 3 logic and the bistable setpoints are set at 5 percent of steam generator narrow range level. Upon actuation, AFAS-B will initiate AFWS-B. The existing AFAS circuitry is similar to the Westinghouse generic AMSAC logic as defined in WCAP-10858-P-A, Rev. 1. The AFAS-B logic senses conditions indicative of an ATWS event by monitoring steam generator water levels and actuating AMSAC when the water levels are below the low level setpoint. In keeping with the requirements of the ATWS Rule, the licensee will add circuitry to the AFAS-B output to initiate a diverse turbine trip (DTT).

In its response, the licensee stated that AFAS/AFWS-B satisfied the ATWS Rule requirements for Westinghouse plants.

3.0 EVALUATION The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normally applied to safety-related equipment.

However, the equipment required by the ATWS Rule should be of sufficient quality and reliability to perform its intended function while minimizing the potential for transients that may challenge safety systems, e.g., inadvertent scrams.

-3 The following review criteria were used to evaluate the licensee's response to 10 CFR 50.62:

1. The ATWS Rule, 10 CFR 50.62.
2. "Considerations Regarding Systems and Equipment Criteria," published in the Federal Register, Volume 49, No 124, dated June 26, 1984.
3. Generic Letter 85-06, "Quality Assurance Guidance for ATWS Equipment That Is Not Safety Related."
4. Safety Evaluation of WCAP-10858 (Ref. 1).
5. WCAP-10858-P-A, Revision 1 (Ref. 3).

3.1 Plant-Specific Elements Related to the Generic AMS Design Many details and interfaces associated with the implementation of the final AMSAC design are of a plant-specific nature. In its safety evaluation of WCAP-10858, the staff identified 14 key elements that require resolution for each plant design. The following paragraphs provide a discussion on the licensee's compliance with.respect to each of the plant-specific elements.

1. Diversity The plant design should include adequate diversity between the AMSAC equipment and the existing Reactor Protection System (RPS) equipment.

Reasonable equipment diversity, to the extent practicable, is required to minimize the potential for common-cause failures.

The licensee has provided information to confirm that the AFAS-B and DTT circuits will be diverse from the RTS logic circuits in the areas of design, equipment, and manufacturing. Where similar types of components are used, such as relays, the AFAS-B will utilize a relay of a different make and manufacturer. Although not required, the diversity of equipment extends to the steam generator level transmitters.

2. Logic Power Supplies Logic power supplies need not be Class 1E, but must be capable of per forming the required design functions upon a loss of offsite power.

The logic power must come from a power source that is independent from the RPS power supplies.

The RTS and AFWS-B actuation circuitry are powered from the 480 VAC level which is an acceptable method. Since the RTS is powered by Train A and AFAS-B is powered by Train B, the licensee satisfies.the staff's criteria for independent power supplies.

The AFAS/AFWS-B for SONGS-1 satisfies the requirements of NUREG-0737, TMI

-4 Action Plan, which requires that all AFWS equipment be installed and maintained as Class 1E.

Inasmuch as these requirements exceed the ATWS Rule requirements, additional system reliability has been gained.

3. Safety-Related Interface Implementation of the ATWS Rule shall be such that the existing RPS continues to meet all applicable safety criteria.

The commercial grade DTT solenoid valve receives power from 125 VDC Bus No. 2, which is safety-related. The power supply is isolated from the DTT solenoid valve circuit by a fuse in line with a 125 VDC breaker. The safety-related AFWS control circuit is isolated from the DTT solenoid valve control circuit by Foxboro logic isolation cards. There is no interface between the RPS and AMSAC; therefore, the proposed AMSAC design will not affect the existing RTS.

4. Quality Assurance The licensee is required to provide information regarding compliance with Generic Letter (GL) 85-06, "Quality Assurance for ATWS Equipment That Is Not Safety Related."

The licensee's response stated that existing Quality Assurance Program (QAP) requirements would be applied to ATWS equipment that is not safety-related. It was the licensee's position that the existing QAP satisfied the requirements of 10 CFR 50, Appendix B, and that by applying these requirements to the ATWS equipment, it would not be necessary to maintain two separate QA programs.

5. Maintenance Bypasses Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the control room.

The licensee's response stated that depending on the type of maintenance required, maintenance at power would be accomplished by completely removing AFWS-B from service. The DTT circuitry will be equipped with a bypass switch to allow AFWS testing without causing a turbine trip. Continuous indication of bypass status will be provided in the main control room through the use of status lights and annunication. Additionally, it is the staff's understanding that the licensee will conduct a human-factors review of the bypass status indication consistent with the plant's control room design review process.

6. Operating Bypasses The operating bypasses should be indicated continuously in the control

-5.

room. Diversity and independence of the P-7 permissive signal should be addressed.

The licensee stated in its response that the AMSAC design for SONGS-1 will not include provisions for operating bypasses, and that there is no interface between AMSAC and the P-7 circuit.

7. Means for Bypasses The means for bypassing shall be accomplished by using a permanently installed, human-factored bypass switch or similar device. Disallowed methods for bypassing mentioned in the guidance should not be used.

The licensee's response stated that the AFAS-B configuration will be modified to eliminate the need to lift leads for testing. The means for bypassing will be provided by permanently installed jacks, bypass switches or other similar devices in accordance with human-factors guide lines.

8. Manual Initiation Manual initiation capability of the AFAS/AFWS and DTT mitigation function must be provided.

The licensee's response discussed how manual turbine trip and auxiliary feedwater actuation are accomplished by the operator. In summary, the operator can use existing manual controls located in the control room to perform a turbine trip and to start auxiliary feedwater flow should it be necessary. Thus, no additional manual initiation capability will be required as a result of installing the ATWS mitigating equipment.

9. Electrical Independence From The Existing Reactor Protection System Independence is required from the sensor output to the final actuation device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolation devices.

The licensee provided information addressing how electrical independence is to be achieved. The proposed AMSAC design requires isolation between the safety-related 125 VDC Bus No. 2 and the DTT solenoid valve circuitry; and between the safety-related AFWS circuitry and the nonsafety-related DTT circuitry. The safety-related power supply will be isolated from the nonsafety-related DTT solenoid valve by a fuse in line with a 125 VDC breaker. The AFWS circuitry will be isolated from the DTT circuitry by Foxboro logic isolation cards. There are no other safety-related/

nonsafety-related interfaces.

10. Physical Separation From The Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the

-6 separation criteria applied to the existing RPS are not violated.

The licensee stated that the ATWS mitigating circuitry will be physically separated from the RPS circuitry. In addition, cabinets for the ATWS equipment (AFAS/AFWS-B and DTT) will be located such that there will be no interaction with the RPS cabinets. The licensee also stated that the AFWS-A and AFWS-B cabinets will be physically separate.

11.

Environmental Qualification The plant-specific submittal should address the environmental qualification (EQ) of ATWS equipment for anticipated operational occurrences.

The licensee stated in its response that AFWS-B is safety-related and that those portions of AFWS-B subject to potentially harsh post-accident environments are environmentally qualified in accordance with IEEE Std. 323-1974.

In addition, the licensee stated that the design life of the ATWS mitigating system would be at least 35 years.

Although EQ is not specifically required for ATWS equipment, the licensee is required to satisfy 10 CFR 50.49(b)(2) requirements. Therefore, the licensee's safety evaluation related to the design of the ATWS mitigating system must address this matter accordingly.

12. Testability at Power Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing of the system may be performed with the system in the bypass mode. Testing from the input sensor to the final actuation device should be performed with the plant shutdown.

The licensee stated in its response that the capability will exist to test AFWS-B and its associated DTT at power. During testing at power, AFWS-B will be isolated by closing the manually operated block valves downstream of the auxiliary feedwater pumps. The DTT circuitry, up to but not including the new turbine trip solenoid, will be tested in conjunction with testing that is performed on AFWS-B. The output of the DTT circuit will be placed in the bypass mode to prevent tripping the turbine while performing tests at power. The SONGS-1 Technical Specifications requires that AFWS surveillance testing be performed monthly, and therefore, the DTT circuit will also be tested monthly. Additionally, the new DTT turbine trip solenoid will be tested during plant shutdowns with a frequency not to exceed one refueling interval.

The licensee also stated that a human factors review of the controls and indications used for testing purposes would be performed, that is consistent with the plant's detailed control room design review process.

-7

13.

Completion of Mitigating Action The licensee is required to verify that (1) the protective action, once initiated, goes to completion and (2) the subsequent return to operation requires deliberate operator action.

The licensee stated in its response that the AMS design will be such that once initiated, the design will ensure that mitigating action goes to completion. The licensee also stated that the design will be such that deliberate operator action will be required to return the actuated devices to normal operation upon completion of mitigating action.

14. Technical Specifications The plant-specific submittal should address technical specification requirements for AFAS/AFWS and DTT.

The 'licensee stated in its response that AFWS-B is a safety-related system and is addressed by existing Technical Specification (TS) requirements.

Even though technical specification requirements exist that address AFWS-B components, the staff is presently reviewing ATWS requirements to criteria established in the Commission Policy Statement dated February 6, 1987, to determine whether and to what extent these technical specification require ments are adequate. This aspect of the staff's review remains open pending completion of and subject to the results of the staff's further review. The staff will provide guidance concerning ATWS technical specifi cation requirements at a later date.

3.2 Unique Design Considerations Applicable to SONGS-1 The staff identified during its review that the AMS design that was being proposed by the licensee did not satisfy Westinghouse generic design assumptions. Specifically, Westinghouse assumed that two trains of auxiliary feedwater (AFW) would be used to mitigate the effects of ATWS, but the licensee's AMS design only credited AFWS-B in order to satisfy separation and independence requirements relative to the existing RTS. Consequently, by letter dated February 13, 1990, the staff requested additional information in order to complete its evaluation, including:

a. Site-specific analysis of AFW flow requirements necessary to mitigate an ATWS event.
b. Generic Westinghouse design assumptions relative to the ATWS Rule that are not applicable to SONGS-1, and licensee resolution of any discrepancies.

The licensee provided its response to the staff's request by letter dated July 23, 1990. With regard to the AFW flow requirements, Westinghouse performed a plant-specific analysis for SONGS-1 and determined that reactor

-8 coolant system (RCS) peak pressure limits would not be exceeded during an ATWS event. The limiting events considered by the Westinghouse analysis were loss of normal feedwater without scram (LONF/ATWS), loss of offsite power without scram (LOP/ATWS), and loss of load without scram (LOL/ATWS). The LOP/ATWS event was analyzed assuming AFW flow was both available, and not available, in order to adequately model the licensee's AMS design. Of the events considered, the most limiting event was LONF/ATWS which resulted in a peak RCS pressure of 2998 psia. The staff was satisfied that the licensee's plant-specific analysis adequately addressed this matter and demonstrated that the AMS design for SONGS-1 relative to AFW flow was acceptable.

In its July 23 response, the licensee also identified a number of other generic Westinghouse assumptions that are not applicable to SONGS-1 for AMS design considerations, including:

a. Reactor coolant pumps (RCPs) in the generic Westinghouse plant continue to operate following a turbine trip whereas the SONGS-1 RCPs coast down.
b. The generic Westinghouse plant assumes no MFW flow for all ATWS events whereas SONGS-1 credits 5% MFW flow for a LOL/ATWS event.
c. The generic Westinghouse ATWS analysis assumes steam dump operation whereas SONGS-1 does not.
d. The generic Westinghouse ATWS analysis assumes some amount of heat transfer for uncovered steam generator tubes whereas SONGS-1 does not.
e. SONGS-1 credits plant-specific reactivity feedback.

The licensee's plant-specific analysis discussed above addressing AFW flow requirements for SONGS-1 was performed crediting these differences.

During its review of Westinghouse generic design assumptions applicable AMS, the licensee determined that the generic Westinghouse analyses which show that departure from nucleate boiling (DNB) is not a concern may not be applicable to SONGS-1 (SCE letter dated May 2, 1990). The licensee concluded in its July 23 letter that additional analyses would be required to fully address this matter, and stated that the analyses would be completed prior to Cycle 12 operation and further stated that any necessary plant modifications as a result of the analyses would be implemented prior to Cycle 13 operation.

This Safety Evaluation (SE) addresses licensee implementation of ATWS Rule requirements. The issue regarding DNB is outside the scope of this SE.

Therefore, the staff will review this issue as a separate matter. The staff considers the licensee's schedule for resolving this issue to be acceptable and commends the licensee for identifying this issue as one that requires further NRC review.

-9

4.0 CONCLUSION

Based on the considerations discussed in this SE, the staff concludes that the proposed AMS design for SONGS-1 is in compliance with the ATWS Rule, 10 CFR 50.62, paragraph (c)(1), and is therefore acceptable. The staff's position is contingent upon licensee completion of the following actions:

a. Human-factors engineering reviews must be completed to verify design adequacy of controls and indications used for testing purposes (SE Section 3.1, Item 12) and bypass functions (SE Section 3.1, Item 5).
b. The licensee must address 10 CFR 50.49(b)(2) requirements in its safety evaluation (SE Section 3.1, Item 11).

The staff will address the adequacy of Technical Specification requirements related to the AMS by future correspondence (SE Section 3.1, Item 14) and the issue regarding DNB (SE Section 3.2) will be addressed as a separate matter.

Therefore, licensee installation and implementation of the proposed AMS for SONGS-1 during the Cycle 11 outage is acceptable and should be completed.

Principal Contributors: A. Nolan (EG&G)

L. Tran C. Liang J. Tatum Dated:

November 30, 1990

10

5.0 REFERENCES

1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986.
2. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners Group Addendum 1 to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Package," February 26, 1987.
3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, AMSAC Generic Design Package," August 3, 1987.
4. Temporary Instruction 2500/20, "Inspection to Determine Compliance with ATWS Rule, 10 CFR 50.62," February 9, 1987.
Retrieved from "https://kanterella.com/w/index.php?title=ML13317B232&oldid=5224408"