ML13324A858

From kanterella
Jump to navigation Jump to search

Safety Evaluation Accepting Util Proposed Alternative Shutdown Capability Design in Event of Fire to Comply w/10CFR50 App R Requirements
ML13324A858
Person / Time
Site: San Onofre Southern California Edison icon.png
Issue date: 05/15/1986
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML13324A856 List:
References
TAC-54880, TAC-64883, NUDOCS 8605210095
Download: ML13324A858 (11)
v  d  e


Text

R E 0UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D. C. 20555 SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION SOUTHERN CALIFORNIA EDISON COMPANY SAN ONOFRE NUCLEAR GENERATING STATION, UNIT NO. 1 DOCKET NO. 50-206

1.0 INTRODUCTION

By "05000361/LER-1984-020, :on 840326,w/unit in Mode 2 at 2% Power,Reactor Trip Occurred on High Steam Generator Level.Caused by Overfeeding Steam Generators During Manual Operation of [[system" contains a listed "[" character as part of the property label and has therefore been classified as invalid. Control Sys|letter dated April 24, 1984]], Southern California Edison Company (SCEC),

the licensee for San Onofre Nuclear Generating Station, Unit 1 (SONGS 1) submitted a revised, proposed alternative shutdown design (dedicated safe shutdown system) to achieve compliance with the requirements of Appendix R to 10 CFR Part 50, Sections III.G.3 and III.L. The staff's safety evaluation of the licensee's originally proposed alternative shutdown design was presented in a Safety Evaluation Report dated November 18, 1982. The staff's evaluation of the licensee's most recent proposal is addressed below. This evaluation supercedes that previously provided on this subject.

The licensee has described the post-fire shutdown capability for SONGS 1 in submittals dated April 24, 1984; May 21, September 30, October 4, and December 31, 1985; and February 18 and April 23, 1986. Additional infor mation and clarification was obtained in a meeting with the licensee on November 15, 1985, and during a plant site visit February 6 - 7, 1986.

The licensee has provided a safe shutdown analysis for a fire event and has demonstrated that adequate alternative methods exist to compensate for fire hazards in areas and assure safe shutdown.

2.0 EVALUATION A. Systems Required for Safe Shutdown In the event of a fire concurrent with the loss of offsite power, the following components are used to provide the safe shutdown capability 8605210095 860515 PDR ADOCK 05000206 F

PDR

for SONGS 1. Reactor shutdown is initiated from the control room by a manual scram of the control rods, if an automatic scram has not already occurred. Primary coolant inventory and reactor shutdown reactivity are maintained with the north centrifugal charging pump (G-8a) taking suction from the refueling water storage tank; if the charging pump is not available the safety injection system can alternately be used. Reactor coolant system pressure is controlled by the use of pressurizer heaters; overpressurization protection for the primary system is provided by the pressurizer power-operated relief valve (PORV)/block valve combination. Decay heat removal is accomplished through natural circulation, with steam release from the steam generators through power-operated, atmospheric steam dump valves.

Heat can be removed from the Reactor Coolant System (RCS) to achieve and maintain cold shutdown conditions, by using one or more steam generators in successive operating modes: a steaming mode and a single phase heat transfer mode. The steaming mode begins immediately following reactor trip. Heat transferred to the secondary side of the steam generator(s) will generate steam that will be released to the environs initially through the safety relief valves and shortly thereafter, i.e., after auxiliary feedwater flow has been established, by controlling the atmospheric steam dump valves. Make up water will be supplied to the steam generators from the auxiliary feedwater storage tank (AFST) by a new motor driven auxiliary feedwater (AFW) pump G-10W, dedicated to that service. After the steam generator bulk water temperature reaches approximately 220'F, the steaming mode will be terminated and a tran sition to the single-phase heat transfer mode will commence.

The single-phase heat transfer mode involves using the steam generator(s) as a once-through, single-phase heat exchanger. This will entail flooding the steam generators and main steam headers to establish a return flow path; however, manual isolation valves MSS 301 and 302 on the main steam headers will be closed in advance to limit the extent of steam line flooding.

(By letter dated May 21, 1985, the licensee stated that a detailed evaluation of the affected piping and supports would be performed,

%S and that any modifications required to ensure that the lines are adequately supported, would be implemented.)

Return flow will be "letdown" to an existing circulating water outfall point through a new manual flow control valve and discharge manifold that is "teed" to the steam supply line for the turbine driven AFW pump, upstream of existing manual isolation valve CV-113. In this mode of operation, the RCS cooldown rate is limited to 5F/hr due to the capacity of the AFW pump. Nevertheless, cold shutdown can be achieved within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> as required by Sections III.G. and III.L.1. of Appendix R to 10 CFR Part 50. The single phase heat transfer mode of operation will continue until normal residual heat removal system operation is restored.

B. Areas Where Alternative Shutdown is Required The sepa'ration criteria applied in developing the original SONGS 1 design were not consistent with the separation requirements of 10 CFR Part 50, Appendix R. Therefore, the licensee conducted an evaluation to determine whether to reroute existing circuits and relocate existing components to establish separation, or provide other means of alternative shutdown capability. The evaluation identified a total of five fire areas/zones containing redundant safe shutdown divisions that are not adequately separated.

Alternative shutdown capability is provided for these areas, which include the reactor auxiliary building lower level (Fire Area 1-AB-(-3)-2A), yard area (Fire Area 1-YD-14-4D), circulating water pump well (Fire Area 1-YD-(-7)-4E) turbine deck (Fire Area 1-TB-35-9B) and power block roof (Fire Area 1-PB-56-33).

Redundant divisions for all existing shutdown related control and instrumentation circuits interface with one or more of these fire areas, and the congested equipment and cabling made it infeasible to establish adequate train separation within these areas. Therefore, the licensee has committed to provide alternative systems independent of the above fire areas to assure safe shutdown capability in the event of a fire in any of the areas. The alternative shutdown provisions for each of the fire areas is discussed below:

1. Reactor Auxiliary Building Lower Level (Fire Area 1-AB-(-3)-2A)

A fire in this area could result in losing portions of the chemical and volume control system (CVCS) and essential electrical systems that are used to achieve hot standby. In the event that both redundant charging pumps become inoperable due to a fire, alternative shutdown capability is provided by the Safety Injection System (SIS) whose circuits and components are located outside of this fire area/zone. Spurious operation of valves associated with the charging system due to fire damage to cables has been considered by the licensee and found not to adversely affect SIS operation.

2. Yard Area (Fire Area 1-YD-14-4D).

A fire in this area could result in losing:

the cables for the pressurizer heaters, RWST isolation valve, charging pumps and associated equipment, charging RWST isolation valves, charging loop A control valve and seal injection flow control valves, flow control valves for AFW system, motor driven and steam driven AFW pumps, steam dump transfer control valve, CCW pumps, CCW heat exchanger isolation valves, CCW/RHR heat exchanger flow control valves, saltwater cooling pumps, use of the nitrogen bottles, station service transformers, and the 480V switchgear and 120V vital buses that are used to achieve hot standby.

In the event that the circuits for pressurizer heater groups B and D are damaged due to their being routed through this fire area/zone, alternative pressurizer heater groups A and C will remain available since their circuitry is routed through a different fire area/zone.

Cables for the redundant charging pumps G-8A and 8B could be damaged by a fire in this fire area/zone. However, the licensee has stated that cables for charging pump G-8B and its associated support equip ment will be rerouted to no longer pass through this fire area/zone.

The rerouting of the cables will maintain a separation of more than 20 feet between the redundant charging pumps. Therefore, charging pump G-8B will remain free of fire damage.

The circuits associated with seal water return and letdown isolation valves CV-528 and CV-526 could be damaged by a fire, but the redundant seal water return and letdown isolation valves CV-525 and CV-527 located outside this fire area/zone, will remain available.

This is due to the separation between the respective fire area/zones containing these valves and their associated circuits.

The power circuits for AFW pump G-10S, which are routed in this fire area/zone, could be damaged due to fire. The licensee has stated that these circuits will be rerouted outside this fire area/zone or a disconnect switch will be provided at the switchgear room (located in a different fire area/-zone) to allow manual starting of the pump from the switchgear room.

The three component cooling water (CCW) pumps are adjacent to one another and could be damaged due to a fire in this fire area/zone.

Alternative pumping capability is provided by a motor driven auxiliary feedwater pump which is located 100 feet away from the CCW pumps.

The cables for the redundant saltwater cooling pumps G-13A and B, could be damaged by fire. However, auxiliary saltwater cooling pump G-13C could be used to provide alternative pumping capability since its circuits are located more than 100 feet from the G-13A and B circuits.

The licensee has stated that the train 1 (480V electrical distri bution system) will remain available in the event train 2 and train 3 station service transformers are damaged by fire. Similarly, the train 2 and train 3, (480V electrical distribution systems) will remain available in the event train 1 station service transformers are damaged by fire.

The licensee has further stated that, depending on the location of the fire, operator action can be taken to locally control certain equipment located outside this fire area/zone. There are eleven manual actions that can be undertaken. The time required to perform these manual actions has been evaluated to assure adequate time and manpower will be available. In order to achieve safe shutdown, the licensee has stated that a minimum of 21 hours2.430556e-4 days <br />0.00583 hours <br />3.472222e-5 weeks <br />7.9905e-6 months <br /> are available before these manual actions need to be taken.

Additionally, the requirements for manual actions for valves MOV-883 and MOV-1100C are being evaluated by the licensee. The licensee has committed by letter dated April 23, 1986 to provide adequate fire protection or implement modifications to assure the availability of these valves. The licensee's resolution of this issue will be veri fied during the safe shutdown audit of the plant.

3. Circulating Water Pump Well (Fire-Area-1-YD-(-7)-4E)

A fire in this area/zone could result in loss of cables for saltwater cooling pump G-13A which is used to achieve hot standby. Auxiliary saltwater pump G-13C which is located outside this fire area/zone could be used as an alternative if saltwater cooling pump G-13A is unavailable.

4. Turbine Deck (Fire-Area-1-TB-35-9B) and Power Block Roof (Fire-Area 1-PB-56-33)

A fire in these areas/zones could result in the loss of circuits for pressurizer pressure transmitters, primary system hot-leg temper ature transmitters and steam generator level transmitters which indicate in the control room. However, alternative indications are provided by dedicated shutdown system instrumentation located outside these fire areas/zones should a fire occur on the turbine deck and power block roof.

6 -

The licensee has further stated that manual operator actions can be taken to control certain equipment located outside these fire areas/zones. By letter dated Feburary 18, 1986, the licensee identified 20 fire areas where manual actions are required subsequent to a fire. These manual actions can be accomplished outside the affected areas. Since adequate time is available to perform these actions, the staff finds them acceptable.

C. Dedicated Safe Shutdown System The licensee has provided a Dedicated Safe Shutdown System for the following fire areas:

1. Containment (1-CO-(-10)-1),
2. East Penetration Area (1-YD-20-4A),
3. West Penetration Area (1-YD-20-4B),
4. Turbine Building Ground Floor (1-TB-8-9A),
5. 4160V Switchgear Room (1-PB-14-8),
6. Control Room Complex (1-PB-42-16),

The Dedicated Safe Shutdown System (DSSS) is designed to provide the capability to achieve safe shutdown for any postulated fire in the above fire areas at San Onofre Nuclear Generating Station, Unit 1 (SONGS 1).

The DSSS consists of: a dedicated onsite power source (diesel generator) that will serve the centrifugal charging pump in use; an additional, dedicated motor-driven auxiliary feedwater pump G10-W; the existing remote shutdown panel and associated control valves; and instrumentation and controls. The DSSS may be used independently of the above listed fire areas by procedural means, with actions being performed from local shutdown stations or at the equipment itself. The remote shutdown panel (Auxiliary Control Panel C-38) will be the primary control station for DSSS operations. The C-38 panel will be relocated in the DSSS switchgear enclosure building. Alternate process monitoring capability and instrumentation will be provided at the remote shutdown panel.

D. Other Areas With the exception of the areas identified above the licensee will ensure that all areas of the plant required to have safe shutdown capability will comply with the requirements of Section III.G.2 of Appendix R to 10 CFR Part 50, unless an exemption request has been approved by the staff.

E. Performance Goals The performance goals for post-fire safe shutdown, including reactivity control, reactor coolant makeup, reactor coolant pressure control and decay heat removal, can be met using existing systems and equipment identified in Sections II.A and II.B. of this SER. Control over these functions can be accomplished from the DSSS remote shutdown panel or the control room, depending on the location of the fire. The licensee's DSSS method is governed by a single written procedure and relies on operator actions at local shutdown stations or at the required equipment. The process monitoring capability provided at the remote shutdown panel includes pressurizer pressure and level indication; A, B and C steam generator level indication; RCS loop A, B and C hot-and cold-leg temperature indication; main steam header pressure indication; charging flow controller indication. The capability for local indication of tank levels and pressure, and temperature or flow indications of support systems will be identified in the shutdown procedures.

F. Repairs The licensee has stated that the only actions necessary to achieve cold shutdown include replenishing the oil supply for the dedicated diesel generator from the existing fuel oil storage tanks using a transfer pump and portable hoses, and providing additional compressed air or nitrogen for the operation of instruments and air operated valves using a portable air compressor or additional nitrogen supplies located onsite. The available supply of fuel oil for the dedicated diesel generator is adequate for approximately 17 hours1.967593e-4 days <br />0.00472 hours <br />2.810847e-5 weeks <br />6.4685e-6 months <br /> of operation, and the available supply of nitrogen is sufficient for approximately 20 hours2.314815e-4 days <br />0.00556 hours <br />3.306878e-5 weeks <br />7.61e-6 months <br /> of operation. Since the licensee states that approximately 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> are required to achieve hot standby conditions, these actions will be required to proceed from hot standby to the cold shutdown mode. Necessary equipment will be stored onsite, and procedures to accomplish these activities will be available.

G. Associated Circuits The licensee has conducted an extensive review of the present electrical system to determine plant capability to meet the criteria of Appendix R to 10 CFR Part 50.

All circuitry, indicators, instruments and power supplies associated with the Dedicated Safe Shutdown System (DSSS) are independent from the iden tified fire zones for which DSSS capability is required by virtue of isolation devices. The licensee's methods of protecting the safe shutdown capability are consistent with the guidelines provided by the staff in Generic Letter 81-12.

1. Common Power Source The licensee has stated that coordinated breakers or fuses will be provided to assure that faults on associated circuits will not cause a loss-of-power to equipment required for shutdown.
2. Common Enclosure The licensee has stated that the common enclosure evaluation demon strates that associated circuits will not endanger safe shutdown capability.
3. Spurious Signal Operation The licensee's analysis of alternate safe shutdown capability identi fied the individual components in systems that are needed to assure the DSSS function. The licensee's proposed design for the DSSS and local control station will provide the capability to electrically isolate DSSS components from fire areas. The DSSS design provides the capability to control all needed components independent of the fire area.

The licensee's analysis identified six high/low pressure interfaces where fire induced operation of the redundant valves in series could potentially result in a LOCA. For the interfaces in two pressurizer relief lines, the licensee stated that operator action will be taken to de-energize the power supply to the valve operators to prevent spurious operation; the valves fail closed on loss-of-power. For the other valve interfaces, the licensee has stated that spurious valve operation is prevented either through compliance with the separation criteria of III.G.2 of Appendix R to 10 CFR Part 50 or by operator action to lock out the power breaker to one of the redundant valves.

H. Safe Shutdown Procedures and Manpower The licensee has stated that the procedures governing DSSS operation will be completed and personnel will be trained in their use. Furthermore, the licensee has stated that a normal shift crew (not including fire brigade members) provides sufficient staffing to perform the required manual oper ations in a timely manner, and achieve and maintain a safe hot-standby condition. Consequently, adequate personnel will be available on-site at all times for proper DSSS operation.

3.0 CONCLUSION

Based on the above, the staff concludes that the San Onofre Nuclear Gener ating Station, Unit 1 post-fire alternate shutdown system design provides one train of components necessary to achieve and maintain safe shutdown conditions. This meets the requirements of Sections III.G.3 and III.L of Appendix R to 10 CFR Part 50, with respect to safe shutdown in the event of a fire, and is, therefore, acceptable.

10 -

4.0 ACKNOWLEDGEMENT This Safety Evaluation has been prepared by A. Singh.

Dated:

MAY 15 1986 11 -

Retrieved from "https://kanterella.com/w/index.php?title=ML13324A858&oldid=5222615"