Text

Enclosure 4, Attachments 3, 4 and 5, Reactor Trip System (RTS) and Engineered Safety Fatures Actuation System (ESFAS) Instrumentation Completion Times, Bypass Times, and Surveillance Test Interval Extensions Based On..
	ML13330A953
Person / Time
Site:	Sequoyah
Issue date:	11/22/2013
From:	; Tennessee Valley Authority
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML13329A881	List: ML13329A717; ML13329A718; ML13329A790; ML13329A791; ML13329A792; ML13329A854; ML13329A855; ML13329A858; ML13329A859; ML13329A916; ML13330A922; ML13330A924; ML13330A925; ML13330A927; ML13330A928; ML13330A929; ML13330A930; ML13330A931; ML13330A953;
References
	CAW-13-3823, LTR-RAM-I-13-032, Rev 1 NP, NUREG-1431, Rev 4 WCAP-10271, WCAP-14333, WCAP-15376
	Download: ML13330A953 (68)
	v • d • e

ENCLOSURE 4 ATTACHMENTS 3, 4, AND 5 TENNESSEE VALLEY AUTHORITY SEQUOYAH NUCLEAR PLANT, UNITS 1 AND 2 Reactor Trip System (RTS) and Engineered Safety Features Actuation System (ESFAS) Instrumentation Completion Times, Bypass Times, and Surveillance Test Interval Extensions Based on WCAP-10271, WCAP-14333, and WCAP-15376 NON-PROPRIETARY VERSIONS AND AFFADAVIT FOR WITHHOLDING

WESTINGHOUSE NON-PROPRIETARY CLASS 3 Attachment 3 LTR-RAM-I-13-032, Rev. 1 NP-Attachment

SUMMARY

REPORT REV. 1 Sequoyah Nuclear Plant, Units 1 and 2 Implementation of Master and Slave Relays Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 Westinghouse Electric Company LLC 1000 Westinghouse Drive Cranberry Township, PA 16066

Attachment 3 Westinghouse Non-Proprietary Class 3

SUMMARY

REPORT Rev. 1 Sequoyah Nuclear Plant, Units 1 and 2 Implementation of Master and Slave Relays Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 1.0 Purpose The purpose of the program is to provide the technical justification for implementation of the master and slave relays Completion Time (CT) and Surveillance Test Interval (STI) changes justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 (References 1 and 2, respectively) for the Sequoyah Nuclear Plant (SQN) Units 1 and 2.

2.0 Background Information The NRC approved the following Technical Specification (TS) changes for the master and slave relays justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 for the engineered safety features actuation signals (ESFAS) (TS 3.3.2, ESFAS Instrumentation) for a solid state protection system (SSPS):

WCAP-14333-P-A, Rev. 1 Master relays:

CT from 6 hrs to 24 hrs Slave relays:

CT from 6 hrs to 24 hrs WCAP-15376-P-A, Rev. 1 Master relays:

STI from 2 months to 6 months The other TS changes justified in these WCAPs have already been addressed for SQN Units 1 and 2 in Rev. 2 of the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev.

1 and WCAP-15376-P-A, Rev. 1 summary report. Currently, SQN Units 1 and 2 ESFAS TS (3/4.3.2) do not include the master and slave relays; therefore, there are no CTs or Surveillance Requirements (SRs) included in the TS for the master and slave relays. Tennessee Valley Authority (TVA) is in the process of converting the SQN Units 1 and 2 TS to the Standard TS (NUREG-1431). NUREG-1431 includes the actuation relays (master and slave relays). Therefore, following implementation of NUREG-1431, the SQN Units 1 and 2 TS will also include the actuation relays, including the Actions and SRs associated with them.

Note that the surveillance frequency for the slave relays contained in NUREG-1431 is 92 days (quarterly), and is bracketed, which means that the frequency must be adopted or another frequency must be justified on a plant-specific basis. TVA is responsible for determining and justifying the slave relay surveillance frequency, since it was not justified in WCAP-15376-P-A, Rev. 1.

1 September 26, 2013

Attachment 3 Implementation of these master and slave relays changes requires the licensee to address the Conditions and Limitations in the NRCs Safety Evaluations for each WCAP.

For WCAP-14333-P-A, Rev. 1 this requires:

1. Confirmation of the applicability of the WCAP-14333-P-A, Rev. 1 analysis to the plant

2. Address Tier 2 and 3 requirements For WCAP-15376-P-A, Rev. 1 this requires:

1. Confirm the applicability of the WCAP-15376-P-A, Rev. 1 analysis to the plant

2. Address Tier 2 and 3 requirements

3. Address concurrent testing of one logic cabinet and associated reactor trip breaker (RTB) (not applicable to implementing the changes for the master and slave relays)

4. Confirm the modeling assumptions for the human reliability assessment are applicable Implementation Guidelines have previously been developed for each WCAP (References 3 and 4) and were followed in the program.

Tier 2 requirements provide reasonable assurance that risk-significant plant equipment outage configurations will not occur when equipment is out of service. These requirements place limitations on additional equipment that can be removed from service when in one of the risk-informed extended CTs.

Tier 3 ensures that risk significant out-of-service equipment is evaluated prior to performing any maintenance activities. Tier 3 evaluations are addressed by the plants Configuration Risk Management Program used to comply with 10CFR50.65(a)(4) and are out of scope of this program.

An additional commitment included in the Implementation Guidelines for WCAP-15376-P-A, Rev. 1 addresses setpoint uncertainty calculations and assumptions, including instrument drift. This commitment is not applicable to the master and slave relays.

In addition, monitoring requirements for the changes implemented were developed and an assessment of how external events impact the WCAP results was addressed. These are not Conditions or Limitations in the Safety Evaluations, but the NRC has requested this information for plants previously requesting the changes in these two WCAPs.

The scope of this project also includes a review of any unresolved Facts and Observations (F&Os) from the latest peer reviews of the SQN Units 1 and 2 PRA models to assess the potential impact on implementaion of the proposed changes. The main purpose of this task is to be consistent with Regulatory Guide (RG) 1.200. Although consistency of the SQN Units 1 and 2 internal events PRA with RG 1.200 is not an implementation requirement specified in Conditions and Limitations of the Safety Evaluations, the NRC has requested this information in previous submittals.

3.0 Summary of Results The following provides a summary of the results for each task in the program. Documents including SQNs Updated Final Safety Analysis Report (UFSAR), TS and Bases, Auxiliary Feedwater (AFW) system notebook, implementation report for previous TS changes, and survey of information letter from TVA were used to support this program.

2 September 26, 2013

Attachment 3 3.1 Task 1: Demonstrate Applicability of WCAP-14333-P-A, Rev. 1 and Tier 2 Limitations The following demonstrates the applicability of the WCAP-14333-P-A, Rev. 1 analysis and results to SQN Units 1 and 2 and also provides the Tier 2 limitations.

3.1.1 Applicability of WCAP-14333-P-A, Rev. 1 Tables 1 through 3 demonstrate that the WCAP-14333-P-A, Rev. 1 analysis and results are applicable to SQN Units 1 and 2. Additional explanatory information is provided in the Notes and Explanations at the end of each table as necessary.

From this the following is concluded for both units:

The signals available at SQN Units 1 and 2 to actuate safeguards equipment for the various events are consistent with those credited in the WCAP-14333-P-A, Rev. 1 analysis.

The current master and slave relays test intervals at the SQN Units 1 and 2 are equal to or greater than those used in the WCAP-14333-P-A, Rev. 1 analysis.

The master and slave relays at-power maintenance intervals at the SQN Units 1 and 2 are consistent with those assumed in the WCAP-14333-P-A, Rev. 1 analysis.

From this it is concluded that the WCAP-14333-P-A, Rev. 1 analysis is consistent with SQN Units 1 and 2 design and operation, and the master and slave relays changes justified in WCAP-14333-P-A, Rev. 1 are applicable to SQN Units 1 and 2.

The calculated increase in CDF for all the changes specified in WCAP-14333-P-A, Rev. 1, as provided in Table 8.4 of the WCAP, is 3.5E-07/yr for plants with predominately 2-of-4 logic requirements and 6.1E-07/yr for plants with predominately 2-of-3 logic. The calculated increase in LERF due to all the changes in WCAP-14333-P-A, Rev. 1, as provided in Table Q13.1 of the WCAP, is 2.0E-08/yr for plants with predominately 2-of-4 logic requirements and 2.2E-08/yr for plants with predominately 2-of-3 logic. Note that the CDF and LERF impact are expected to be less than the noted values from WCAP-14333-P-A, Rev. 1 since this specific assessment only addresses changes to the master and slave relays. Per Regulatory Guidance (RG) 1.174, Rev. 2 (Reference 5), for a total CDF of 1E-04/yr, changes to CDF of 1E-06/yr are acceptable; and for a total LERF of 1E-05/yr, changes to LERF of 1E-07/yr are acceptable. The SQN CDFs for internal events are 1.59E-05/yr (Unit 1) and 1.48E-05/yr (Unit 2) and LERFs for internal events are 2.20E-06/yr (Unit 1) and 2.23E-06 (Unit 2); therefore, this is consistent with the guidelines in RG 1.174, Rev. 2 that allows small increases in CDF and LERF.

From this it is concluded that implementing the master and slave relays changes justified in WCAP-14333-P-A, Rev. 1 will have an impact on CDF of less than 1.0E-06/yr and on LERF of less than 1.0E-07/yr which meets the guidance in RG 1.174, Rev. 2.

The master and slave relays changes in WCAP-14333-P-A, Rev. 1 are applicable to all of the engineered safety feature actuation functional units except for those discussed in Section 3.8 of the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report.

3 September 26, 2013

Attachment 3 Table 1 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters WCAP-14333-P-A, Rev. 1 Parameter Plant Specific Parameter Analysis Assumptions Logic Cabinet Type (1) Relay or SSPS SSPS Component Test Intervals (2)

Analog channels 3 months Addressed in previous report Logic cabinets (SSPS) 2 months Addressed in previous report Logic cabinets (Relay) 1 month Not Applicable Master Relays (SSPS) 2 months 2 months Master Relays (Relay) 1 month Not Applicable Slave Relays 3 months 18 months Reactor trip breakers 2 months Addressed in previous report Analog Channel Calibrations (3)

Done at-power Yes Addressed in previous report Interval 18 months Addressed in previous report Typical At-Power Maintenance Intervals (4)

Analog channels 24 months Addressed in previous report Logic cabinets (SSPS) 18 months Addressed in previous report Logic cabinets (Relay) 12 months Not Applicable Master relays (SSPS) Infrequent (5) Infrequent Master relays (Relay) Infrequent (5) Not Applicable 4 September 26, 2013

Attachment 3 Table 1 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters WCAP-14333-P-A, Rev. 1 Parameter Plant Specific Parameter Analysis Assumptions Slave relays Infrequent (5) Infrequent Reactor trip breakers 12 months Addressed in previous report ATWS Mitigation System Actuation Circuitry (AMSAC) (6) Credited for AFW pump start Yes Not required for the proposed changes Total Transient Event Frequency (7) 3.6/yr since the reactor trip signals are not impacted Not required for the proposed changes ATWS Contribution to CDF (current PRA model) (8) 8.4E-06/yr since the reactor trip signals are not impacted 1.59E-05 (Unit 1);

Total CDF from Internal Events (current PRA model) (9) 5.8E-05/yr 1.48E-05 (Unit 2)

Total CDF from Internal Events (IPE) (10) Not Applicable 1.26E-05/yr Notes for Table 1:

1. Indicate type of logic cabinet: SSPS or Relay (both are included in WCAP-14333-P-A, Rev. 1).

2. Fill in applicable test intervals. If the test intervals are equal to or greater than those used in WCAP-14333-P-A, Rev. 1, the analysis is applicable to your plant.

3. Indicate if channel calibration is done at-power and, if so, fill in the interval. If channel calibrations are not done at-power or if the calibration interval is equal to or greater than that used in WCAP-14333-P-A, Rev. 1, the analysis is applicable to your plant.

4. Fill in the applicable typical maintenance intervals or fill in equal to or greater than or less than. If the maintenance intervals are equal to or greater than those used in WCAP-14333-P-A, Rev. 1, the analysis is applicable to your plant.

5 September 26, 2013

Attachment 3

5. Only corrective maintenance is done on the master and slave relays. The maintenance interval on typical relays is relatively long, that is, experience has shown they do not typically completely fail. Failure of slave relays usually involves failure of individual contacts. Fill in infrequent if this is consistent with your plant experience. If not, fill in the typical maintenance interval. If infrequent slave relay failures are the norm, then the WCAP-14333-P-A, Rev. 1 analysis is applicable to your plant.

6. Indicate if AMSAC will initiate AFW pump start. If yes, then the WCAP-14333-P-A, Rev. 1 analysis is applicable to your plant.

7. Include total frequency for initiators requiring a reactor trip signal to be generated for event mitigation. This is required to assess the importance of ATWS events to CDF. Do not include events initiated by a reactor trip.

8. Fill in the ATWS contribution to core damage frequency (from at-power, internal events). This is required to determine if the ATWS event is a large contributor to CDF.

9. Fill in the total CDF from internal events (including internal flooding) for the most recent PRA model update. This is required for comparison to the NRCs risk-informed CDF acceptance guidelines.

10. Fill in the total CDF from internal events from the IPE model (submitted to the NRC in response to Generic Letter 88-20). If this value differs from the most recent PRA model update CDF provide a concise list of reasons, in bulletized form, describing the differences between the models that account for the change in CDF. The issue being addressed with the list of reasons was to provide to the NRC Staff reviewers an understanding of the difference in CDF from the IPE model to the current PRA model since the last time the plant PRA model was assessed by the NRC for technical adequacy was during the IPE review.

With the peer review process now in place, the NRC gets a more recent understanding of the technical adequacy of the PRA model to support the proposed change via a discussion of the open F&Os that could impact the proposed change.

6 September 26, 2013

Attachment 3 Table 2 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of Analysis, Reactor Trip Actuation Signals Since Table 2 of the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report addressed the reactor trip actuation signals and the master relays and slave relays do not impact reactor trip signals, this table is not required to demonstrate the applicability of the analysis for the proposed changes on master and slave relays.

7 September 26, 2013

Attachment 3 Table 3 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of Analysis, ESFAS a,c 8 September 26, 2013

Attachment 3 Table 3 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of Analysis, ESFAS a,c 9 September 26, 2013

Attachment 3

[

]a,c 10 September 26, 2013

Attachment 3 3.1.2 Tier 2 Limitation The Tier 2 (Avoidance of Risk-Significant Plant Configurations) requires an examination of the need to impose additional restrictions when operating in the proposed CTs in order to avoid risk-significant equipment outage configurations.

In support of Tier 2 limitations, analyses were completed in response to the NRC Request for Additional Information (RAI) (OG-96-110, Reference 6) regarding WCAP-14333-P-A, Rev. 1.

RAI #18 in Reference 6 asked for other risk significant systems or components for the proposed test or maintenance plant configuration. To support the response to this RAI, analyses were completed to determine the system importance for plant configurations with no test or maintenance activities (all components available), and for plant configurations with test or maintenance activities individually on the analog channels, logic cabinets, master relays, and slave relays. A system importance results summary for these configurations is provided in Table Q18.1 of Reference 6. It was observed that the risk significant systems did not change considerably with master relay or slave relay out of service, with respect to the base case (no test or maintenace activities in progress).

In addition, RAI #11 in Reference 6 requested CDFs for the various test and maintenance configurations that the plant would enter for the subject Allowed Outage Time (AOT) extensions.

Conditional core damage frequencies and core damage probabilities were calculated for each of the possible test and maintenance configurations. The summary of results is provided in Table Q11.1 of Reference 6. From the information in Table Q11.1, it was observed that the impact on CDF with the master relay or slave relay in maintenance (out of service) was small, with respect to the base case (no component out for test or maintenance).

Therefore, it is concluded that there are no Tier 2 limitations when a slave relay or master relay is out-of-service.

3.2 Task 2: Develop Monitoring Requirements for WCAP-14333-P-A, Rev. 1 Implementation Monitoring Program:

The purpose of performance monitoring program is to ensure that no unexpected adverse safety degradation occurs because of the proposed change. As stated in RG 1.174, Rev. 2, The staffs principal concern is the possibility that the aggregate impact of changes that affect a large class of SSCs could lead to an unacceptable increase in the number of failures from unanticipated degradation. The monitoring programs should include a means to adequately track the performance of equipment that, when degraded, can affect the conclusions of the licensees engineering evaluation and integrated decision making that support the change to the licensing basis. The program should be capable of trending equipment performance after a change has been implemented to demonstrate that performance is consistent with that assumed in the traditional engineering and probabilistic analyses that were conducted to justify the change. The RG discussion continues The program should be structured such that (1)

SSCs are monitored commensurate with their safety importance, i.e., monitoring for SSCs categorized as having low safety significance may be less rigorous than that for SSCs of high safety significance. Therefore, monitoring requirements need to be developed for parameters of equipment important to the implemented changes and these monitoring requirements can be commensurate with their importance to safety. The monitoring program 11 September 26, 2013

Attachment 3 needs to be directed at the unavailability of the master and slave relays due to the proposed CTs changes.

Key Assumptions in WCAP-14333-P-A, Rev. 1:

The following are the key assumptions in WCAP-14333-P-A, Rev. 1 that are of importance to the monitoring program for the master and slave relays.

Testing on a slave relay impacts only the specific relay.

Maintenance on a slave relay impacts only the specific relay.

Testing of a master relay impacts the train of the protection system (Train A or B) with which it is associated.

Maintenance of a master relay impacts the specific master relay and the slave relays it actuates.

WCAP-14333-P-A, Rev. 1 Unavailability Times:

From Table 5.1 of WCAP-14333-P-A, Rev. 1, the following 18 months unavailability due to test and maintenance are assumed for the master and slave relays:

Master relays (unavailability due to test and maintenance):

Test unavailability = 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months x 9 tests/18 months = 36 hour4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months s/18 months Maintenance unavailability = very small due to low failure probability of the relays (Relay failure rate is 5.29E-07 failures/hour per page 7-4 of WCAP-14333-P-A, Rev. 1)

Total master relay unavailability = 36 hour4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months s/18 months (for each master relay)

Slave relays (unavailability due to test and maintenance):

Test unavailability = 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months x 6 tests/18 months = 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months s/18 months Maintenance unavailability = very small due to low failure probability of the relays (Relay failure rate is 5.29E-07 failures/hour per page 7-4 of WCAP-14333-P-A, Rev. 1)

Total slave relay unavailability = 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months s/18 months (for each slave relay)

Based on the unavailability times calculated above, the suggested monitoring requirements for the master and slave relays over an 18-month rolling window are summarized in Table 4. If these unavailability limits are exceeded, then the reasons for the failures need to be evaluated to determine if the analysis supporting the TS change to extend the CTs from 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months to 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months remains valid. This can be done via either qualitative methods or a quantitative sensitivity analysis. Note that exceeding these limits on occasion will not invalidate the results, but if these limits are exceeded on a regular basis or by a significant amount during a single monitoring period (18 months), then action should be taken to resolve potential component performance problems.

12 September 26, 2013

Attachment 3 Table 4 Summary of Monitoring Requirements Unavailability Time Component Interval Limit Master Relay 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months 18 months Slave Relay 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 18 months Note that development of monitoring requirements is not specified in the Limitations and Conditions of the Safety Evaluation, but the NRC has requested this information recently from a plant implementing this WCAP.

3.3 Task 3: Assessment of Impact from External Events for WCAP-14333-P-A, Rev. 1 The analysis supporting the changes in WCAP-14333-P-A, Rev. 1 did not include external events. Although this is not an implementation requirement specified in the Limitations and Conditions of the Safety Evaluation, the NRC has requested information on the external event impact from plants recently requesting these changes. The external event assessment is provided in Section 3.6 in conjunction with the WCAP-15376-P-A, Rev. 1 external event assessment.

3.4 Task 4: Demonstrate Applicability of WCAP-15376-P-A, Rev. 1 The following demonstrates the applicability of the WCAP-15376-P-A, Rev. 1 analysis and results to SQN Units 1 and 2, and addresses the Conditions and Limitations in the Safety Evaluation. This includes:

Demonstrate the applicability of the analysis and results to SQN Units 1 and 2 (Condition and Limitation 1)

Demonstrate the applicability of the component failure probabilities for the master relays (Condition and Limitation 1)

Address containment failure assessment (Condition and Limitation 1)

Develop Tier 2 limitations (Condition and Limitation 2)

Address concurrent testing of one logic cabinet and associated RTB (Condition and Limitation 3). This requirement was already addressed in the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report and is not applicable to the proposed changes to the surveillance frequency of the master relays in WCAP-15376-P-A, Rev. 1.

Confirm modeling assumptions for human reliability assessment (Condition and Limitation 4) 13 September 26, 2013

Attachment 3 3.4.1 Applicability of WCAP-15376-P-A, Rev. 1 Tables 2, 3 and 5 demonstrate that the WCAP-15376-P-A, Rev. 1 analysis and results are applicable to SQN Units 1 and 2. Note that Tables 2 and 3 are the same for implementation of WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1.

From this the following is concluded for both units:

[

]a,c From this it is concluded that the WCAP-15376-P-A, Rev. 1 analysis is consistent with SQN Units 1 and 2 design and operation, and the master relays test interval change justified in WCAP-15376-P-A, Rev. 1 is applicable to SQN Units 1 and 2.

The calculated increase in CDF for all the changes specified in WCAP-15376-P-A, Rev. 1, as provided in Table 8.29 of the WCAP, is 8.0E-07/yr for plants with predominately 2-of-4 logic requirements and 8.5E-07/yr for plants with predominately 2-of-3 logic. The calculated increase in LERF due to all the changes in WCAP-15376-P-A, Rev. 1, as provided in Table 8.32 of the WCAP, is 3.1E-08/yr for plants with predominately 2-of-4 logic requirements and 5.7E-08/yr for plants with predominately 2-of-3 logic. Note that the CDF and LERF impact are expected to be less than the noted values from WCAP-15376-P-A, Rev. 1 since this specific assessment only addresses changes to the master and slave relays. Per RG 1.174, Rev. 2, for a total CDF of 1E-04/yr, changes to CDF of 1E-06/yr are acceptable; and for a total LERF of 1E-05/yr, changes to LERF of 1E-07/yr are acceptable. The SQN CDFs for internal events are 1.59E-05/yr (Unit 1) and 1.48E-05/yr (Unit 2) and LERFs for internal events are 2.20E-06/yr (Unit 1) and 2.23E-06 (Unit 2); therefore, this is consistent with the guidelines in RG 1.174, Rev. 2 that allows small increases in CDF and LERF.

From this it is concluded that implementing the master relay change justified in WCAP-15376-P-A, Rev. 1 will have an impact on CDF of less than 1.0E-06/yr and on LERF of less than 1.0E-07/yr which meets the guidance in RG 1.174, Rev. 2.

The master relays change in WCAP-15376-P-A, Rev. 1 are applicable to all of the engineered safety feature actuation functional units except for those discussed in the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report.

14 September 26, 2013

Attachment 3 Table 5 WCAP-15376-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters a,c 15 September 26, 2013

Attachment 3 Table 5 WCAP-15376-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters a,c 16 September 26, 2013

Attachment 3

[

]a,c 17 September 26, 2013

Attachment 3 3.4.2 Applicability of the Master Relays Failure Probabilities

[

]a,c The SQN Units 1 and 2 plant-specific information on the master relays were collected from 2004 to 2011. The results showed that over the eight year period, there were 5030 master relays actuations and zero failures recorded. A summary of the experience for the master relays at SQN is provided in Table 6 below.

Table 6 SQN Units 1 and 2 Master Relays Reliability Parameter Master Relays Actuations 5030 Failures 0

[

]a,c 3.4.3 Address Containment Failure Assessment

[

]a,c 18 September 26, 2013

Attachment 3

[

]a,c 19 September 26, 2013

Attachment 3

[

]a,c Therefore, from this conservative calculation, the LERF impact of the increased signal unavailabilities related to DCH is very small. Note that generic values from WCAP-15376-P-A, Rev. 1 were used in this calculation rather than SQN plant specific values to keep this consistent with the WCAP analysis. The applicability of WCAP-15376-P-A, Rev. 1 to SQN has already been demonstrated in earlier sections of this report.

3.4.4 Develop Tier 2 Limitations - Limitation and Condition 2 Since the proposed change in WCAP-15376-P-A, Rev. 1 only extends the master relays STI and does not impact bypass test time or CT, Tier 2 and Tier 3 requirements are not applicable.

3.4.5 Concurrent Testing of One Logic Cabinet and Associated Reactor Trip Breaker -

Limitation and Condition 3 As stated in Section 3.4, this requirement was already addressed in the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report and is not applicable to the proposed changes to the surveillance frequency of the master relays in WCAP-15376-P-A, Rev. 1.

3.4.6 Confirm Modeling Assumptions for Human Reliability Assessment - Limitation and Condition 4 Table 7 provides a summary of the operator actions credited in the WCAP-15376-P-A, Rev. 1 analysis and the ability of these actions to be successful at SQN Units 1 and 2. All actions are credited at both SQN units with plant procedures in place and all actions are effective.

Table 7: WCAP-15376-P-A, Rev. 1 Implementation Guidelines:

Applicability of the Human Reliability Analysis a,c 20 September 26, 2013

Attachment 3 This demonstrates that the WCAP-15376-P-A, Rev. 1 results are applicable to SQN Units 1 and 2.

3.5 Task 5: Develop Monitoring Requirements for WCAP-15376-P-A, Rev. 1 Implementation Monitoring requirements are required on the master relays with an extended STI to ensure the component FP for the extended STI used in the analysis remains applicable. The FP of the master relays used in the WCAP-15376-P-A, Rev. 1 analysis to justify the changes to the master relays STI is 3.30E-05.

The approach used to develop monitoring requirements involved the use of a binomial distribution to calculate an acceptable number of failures that support the FP used in the analysis. Then the actual actuations and failures can be compared to this and assessed if the FP used in the analysis is supported by the plant experience.

Based on this assessment, for the master relays, 0 or 1 failure would be expected depending on the number of actuations.

3.6 Task 6: Assessment of Impact from External Events for WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 The analysis supporting the changes in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 did not include external events. Although this is not an implementation requirement specified in the Limitations and Conditions of the Safety Evaluation, the NRC has requested information on the external event impact from plants previously requesting these changes.

External events assesments have already been addressed in the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report and still remains applicable for this program.

The external event analysis discussed in the Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 summary report considered the potential risk impact of the proposed changes due to seismic, fire, high winds, external flooding, and transportation and nearby facility accidents. The assessment used information from the SQN Individual Plant Examination for External Events (IPEEE). For each of these external events, the risk impact of the increased signal unavailabilities due to the implementation of the proposed changes was assessed and the acceptability of the change determined.

The seismic assessment considered seismically induced events that required actuation signals to initiate safety systems for event mitigation. LOOP and small LOCAs were identified as the events of interest, and the signals of interest were the SI and AFW start signals. It was concluded from this assessment that the impact on CDF and LERF is very small.

The fire assessment was based on the fire areas/rooms that were not screened out in the IPEEE assessment and required a quantitative assessment. The signals required for event mitigation and the increase in signal unavailability for these signals determined. This was then used to calculate the increase in CDF for each fire area/room which were summed for the total CDF impact. The LERF impact was calculated similarly with consideration given to containment 21 September 26, 2013

Attachment 3 bypass, core damage followed by containment isolation failure, and containment pressure challenges. It was concluded from this assessment that the impact on CDF and LERF is small.

The remaining external events were addressed qualitatively. It was concluded that the increase in signal unavailabilities due to the proposed changes has no impact on plant risk due to the low probability of the postulated events, some are not credible hazards, and since the signals play no role in mitigation of these types of events.

Based on this assessment it was concluded that the impact of the proposed change on plant risk from external events was small and meets the acceptance criteria in RG 1.174.

3.7 Task 7: Consistency with Regulatory Guide 1.200, Rev. 2 Only limited information from the SQN PRA model is used in the implementation of WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1. This information is related to:

Total CDF and LERF from internal events - this is required for comparison to the NRCs risk-informed CDF acceptance guidelines in RG 1.174, Rev. 2.

All other information required for implementation of these WCAPs, such as signals available to actuate mitigation equipment for the various initiating events, is based on the plant design and plant procedures. In addition, the applicability of FP for the master relays and the assessment of containment failure mechanisms unique to ice condenser containments are addressed separately in this assessment. Therefore, the assessments are not dependent on the PRA model.

The F&Os from the latest peer review of the SQN Units 1 and 2 PRA models were reviewed along with the TVA resolutions. All of the F&Os have been addressed. As a result, there are no impacts of unresolved peer review F&Os on implementing the proposed changes at SQN.

4.0 Conclusions The following provides a summary of the conclusions of the program:

The master and slave relays TS changes proposed in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 and the supporting analyses are applicable to SQN Units 1 and 2. The applicability of WCAP-15376-P-A, Rev. 1 test interval change is dependent on the required confirmation noted below.

There are no Tier 2 limitations from these proposed changes.

Monitoring requirements related to unavailability were identified for the master and slave relays.

Monitoring requirement related to component reliability was identified for the master relays.

The impact of the proposed changes on risk from external events is very small and will not impact the acceptability of the master and slave relays TS changes justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1.

22 September 26, 2013

Attachment 3 The impacts on LERF related to hydrogen combustion and DCH due to the increased signal unavailabilities are negligible.

The human reliability analysis of the WCAP-15376-P-A, Rev. 1 is applicable to SQN Units 1 and 2.

There are no impacts of unresolved peer review F&Os on this application.

Required Confirmation by TVA: One key parameter is the test time for the master relays. The current TS of SQN Units 1 and 2 do not address master relay testing. There are currently no time restrictions for testing or bypass on master relays. In order to maintain applicability of the WCAP-15376-P-A, Rev. 1 analysis to SQN Units 1 and 2, the bypass test time specified in the new SQN TS must be equal to or less than 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months .

5.0 References

1. WCAP-14333-P-A, Rev. 1, Probabilistic Risk Analysis of the RPS and ESFAS Test Times and Completion Times, October 1998.

2. WCAP-15376-P-A, Rev. 1, Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times, March 2003.

3. WOG-98-245, Implementation Guideline for WCAP-14333-P-A, Rev. 1 (Proprietary),

Probabilistic Risk Analysis of the RPS and ESFAS Test Times and Completion Times (MUHP-3054), December 2, 1998.

4. WOG-04-233, Transmittal of Revised Implementation Guidelines for WCAP-15376-P-A, Rev. 1, Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times (MUHP-3046), May 6, 2004.

5. Regulatory Guide 1.174, Rev. 2, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, May 2011.

6. OG-96-110, Transmittal of Response to Request for Additional Information (RAI)

Regarding WCAP-14333-P Entitled Probabilistic Risk Analysis of the RPS and ESFAS Test Times and Completion Times, December 20, 1996.

7. WCAP-16341-P, Rev. 0, Simplified Level 2 Modeling Guidelines, WOG Project:

PA-RMSC-0088, November 2005.

23 September 26, 2013

WESTINGHOUSE NON-PROPRIETARY CLASS 3 Attachment 4 LTR-RAM-I-13-032, Rev. 1 NP-Attachment

SUMMARY

REPORT REV. 2 Sequoyah Nuclear Plant, Units 1 and 2 Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 Westinghouse Electric Company LLC 1000 Westinghouse Drive Cranberry Township, PA 16066

Attachment 4 Westinghouse Non-Proprietary Class 3

SUMMARY

REPORT Rev. 2 Sequoyah Nuclear Plant, Units 1 and 2 Implementation of Technical Specification Changes Justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 1.0 Purpose The purpose of the program is to:

Provide the technical justification for implementation of the completion time (CT), bypass test time, and surveillance test interval (STI) changes justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 (References 1 and 2, respectively) for Sequoyah Nuclear Plant (SQN),

Units 1 and 2.

Provide marked-up SQN Technical Specifications (TS) and Bases to reflect the changes justified in the above WCAPs.

2.0 Background Information The NRC approved the following TS changes justified in WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev. 1 for the reactor trip actuation signals (TS 3.3.1, RTS Instrumentation) and engineered safety features actuation signals (TS 3.3.2, ESFAS Instrumentation) for a solid state protection system:

WCAP-14333-P-A, Rev. 1 Analog channels:

CT from 6 hrs to 72 hrs Bypass test time from 4 hrs to 12 hrs Although not a TS requirement, at-power channel calibration was evaluated with an unavailability of 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months per channel.

Logic Cabinets: CT from 6 hrs to 24 hrs Master Relays: CT from 6 hrs to 24 hrs Slave Relays: CT from 6 hrs to 24 hrs WCAP-15376-P-A, Rev. 1 Analog channels: STI from 3 months to 6 months Logic cabinets: STI from 2 months to 6 months Master Relays: STI from 2 months to 6 months 1 September 26, 2013

Attachment 4 Reactor trip breakers:

CT from 1 hr to 24 hrs Bypass test time from 2 hrs to 4 hrs STI from 2 months to 4 months Implementation of these changes requires the licensee to address the Conditions and Limitations in the NRCs Safety Evaluation for each WCAP. For WCAP-14333-P-A, Rev. 1 this requires:

1. Confirm the applicability of the WCAP-14333-P-A, Rev. 1 analysis to the plant

2. Address Tier 2 and 3 requirements For WCAP-15376-P-A, Rev. 1 this requires:

1. Confirm the applicability of the WCAP-15376-P-A, Rev. 1 analysis to the plant

2. Address Tier 2 and 3 requirements

3. Address concurrent testing of one logic cabinet and associated reactor trip breaker

4. Confirm the modeling assumptions for the human reliability assessment are applicable Implementation Guidelines have previously been developed for each WCAP (References 3 and 4) and were followed in the program.

Tier 2 requirements provide reasonable assurance that risk-significant plant equipment outage configurations will not occur when equipment is out of service. These requirements place limitations on additional equipment that can be removed from service when in one of the risk-informed extended CTs.

Tier 3 ensures that risk significant out-of-service equipment is evaluated prior to performing any maintenance activities. Tier 3 evaluations are addressed by the plants Configuration Risk Management Program used to comply with 10CFR50.65(a)(4) and are out of scope of this program.

An additional commitment included in the Implementation Guidelines for WCAP-15376-P-A, Rev. 1 addresses setpoint uncertainty calculations and assumptions, including instrument drift. Addressing this commitment is also out of scope of this program.

In addition, monitoring requirements for the changes implemented were developed and an assessment of how external events impact the WCAP results was addressed. These are not Conditions or Limitations in the Safety Evaluations, but the NRC has requested this information for plants recently requesting the changes in these two WCAPs.

The scope of this project also includes:

1. An assessment of the Regulatory Guide (RG) 1.200 SQN PRA model peer review level A and B Facts and Observations to determine their potential impact on implementation of the proposed changes.

2. TS mark-ups to reflect the changes made by implementing WCAP-14333-P-A, Rev. 1 and WCAP-15376-P-A, Rev . 1.

Note that the SQN TS do not contain requirements for master and slave relays. Therefore, changes to the STIs and CTs for these relays are not included in the following.

2 September 26, 2013

Attachment 4 3.0 Summary of Results The following provides a summary of the results for each task in the program. Documents including SQNs Updated Final Safety Analysis Report (UFSAR), TS, system notebooks, and letters from TVA were used to support this program.

3.1 Task 1: Demonstrate Applicability of WCAP-14333-P-A, Rev. 1 and Tier 2 Limitations The following demonstrates the applicability of the WCAP-14333-P-A, Rev. 1 analysis and results to SQN Units 1 and 2 and also provides the Tier 2 limitations.

3.1.1 Applicability of WCAP-14333-P-A, Rev. 1 Tables 1 through 3 demonstrate that the WCAP-14333-P-A, Rev. 1 analysis and results are applicable to SQN Units 1 and 2. Additional explanatory information is provided in the Notes and Explanations at the end of each table as necessary.

From this the following is concluded for both units:

The signals available to actuate reactor trip for the various events are consistent with those credited in the WCAP analysis.

The signals available to actuate safeguards equipment for the various events are consistent with those credited in the WCAP analysis.

The current analog channel, logic cabinet, and reactor trip breaker test intervals are based on WCAP-10271 (with Supplements 1 and 2), which provide the base case in the WCAP analysis, and are consistent with the WCAP analysis.

The analog channel, logic cabinet, and reactor trip breaker maintenance intervals are consistent with those assumed in the WCAP.

From this it is concluded that the WCAP-14333-P-A, Rev. 1 analysis is consistent with SQN Units 1 and 2 design and operation, and the changes in WCAP-14333-P-A, Rev. 1 are applicable to SQN Units 1 and 2.

The calculated increase in core damage frequency (CDF) for all the changes specified in WCAP-14333-P-A, Rev. 1, as provided in Table 8.4 of the WCAP, is 3.5E-07/yr for plants with predominately 2-of-4 logic requirements and 6.1E-07/yr for plants with predominately 2-of-3 logic. The calculated increase in large early release frequency (LERF) due to all the changes in WCAP-14333-P-A, Rev. 1, as provided in Table Q13.1 of the WCAP, is 2.0E-08/yr for plants with predominately 2-of-4 logic requirements and 2.2E-08/yr for plants with predominately 2-of-3 logic. Per Regulatory Guidance (RG) 1.174, Rev. 2 (Reference 5), for a total CDF of 1E-04/yr, changes to CDF of 1E-06/yr are acceptable; and for a total LERF of 1E-05/yr, changes to LERF of 1E-07/yr are acceptable. The updated SQN CDFs for internal events are 1.59E-05/yr (Unit 1) and 1.48E-05/yr (Unit 2), and LERFs for internal events are 2.20E-06/yr (Unit 1) and 2.23E-06 (Unit 2); therefore, this is consistent with the guidelines in RG 1.174, Rev. 2 that allows small increases in CDF and LERF.

From this it is concluded that implementing the changes in the WCAP will have an impact on CDF of less than 1.0E-06/yr and on LERF of less than 1.0E-07/yr which meets the guidance in RG 1.174.

3 September 26, 2013

Attachment 4 The changes in WCAP-14333-P-A, Rev. 1 are applicable to all of the reactor trip and engineered safety feature actuation functional units except for those discussed in Section 3.8.

4 September 26, 2013

Attachment 4 Table 1 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters WCAP-14333-P-A, Rev. 1 Parameter Plant Specific Parameter Analysis Assumptions Logic Cabinet Type (1) Relay or SSPS Solid State Protection System (SSPS)

Component Test Intervals (2)

Analog channels 3 months 92 days / 3 months 31 days on a Staggered Test Basis /

Logic cabinets (SSPS) 2 months 2 months Logic cabinets (Relay) 1 month Not Applicable Not Required by TS Master Relays (SSPS) 2 months (See Explanation 1)

Master Relays (Relay) 1 month Not Applicable Not Required by TS Slave Relays 3 months (See Explanation 1) 31 days on a Staggered Test Basis /

Reactor trip breakers 2 months 2 months Analog Channel Calibrations (3)

Done at-power Yes Yes Interval 18 months 18 months Typical At-Power Maintenance Intervals (4)

Analog channels 24 months Greater Than Logic cabinets (SSPS) 18 months Greater Than Logic cabinets (Relay) 12 months Not Applicable Master relays (SSPS) Infrequent (5) Infrequent Master relays (Relay) Infrequent (5) Not Applicable Slave relays Infrequent (5) Infrequent Reactor trip breakers 12 months Greater Than Anticipated Transient Without Scram (ATWS) Mitigation Credited for Auxiliary Feedwater Yes System Actuation Circuitry (AMSAC) (6) (AFW) pump start 5 September 26, 2013

Attachment 4 Table 1 WCAP-14333-P-A, Rev. 1 Implementation Guidelines: Applicability of the Analysis, General Parameters WCAP-14333-P-A, Rev. 1 Parameter Plant Specific Parameter Analysis Assumptions Total Transient Event Frequency (7) 3.6/yr 6.1E-01/reactor-year (both units) 2.67E-07/yr (Unit 1);

ATWS Contribution to CDF (current PRA model) (8) 8.4E-06/yr 2.84E-07/yr (Unit 2) 1.59E-05/yr (Unit 1);

Total CDF from Internal Events (current PRA model) (9) 5.8E-05/yr 1.48E-05/yr (Unit 2)