ML13340A091
| ML13340A091 | |
| Person / Time | |
|---|---|
| Site: | Nine Mile Point  |
| Issue date: | 11/01/2013 |
| From: | Constellation Energy Nuclear Group, EDF Group |
| To: | NRC Region 1 |
| References | |
| Download: ML13340A091 (47) | |
Text
Enclosure 4
Nine Mile Point Unit 1 Regulatory Conference
Loss of Shutdown Cooling
November 1, 2013 ML13340A091
NMPParticipants Enclosure 4 MariaKorsnick CNO,COOandActingCEO ChrisCostanzo SiteVicePresident JimStanley PlantGeneralManager JohnBouck Manager,Operations ElliottFlick GeneralManager,FleetEngineering BruceMontgomery Manager,FleetNuclearSafety&Security TerrySyrell Manager,NuclearSafety&Security JimVaughn ShiftManager LarryNaron GeneralSupervisor-Engineering GarethParry IndustryPRAConsultant E.P.(Chip)Perkins Director,Licensing
Agenda Enclosure 4
OpeningRemarks
ChrisCostanzo
- Introduction
JimStanley
- SummaryofEvent andTimeline JohnBouck
- AdditionalRiskMitigating Barriers Jim Vaughn
- PRAAnalysisofEvent ElliottFlick
- LessonsLearnedand Conclusions Jim Stanley
- Questions
Team
- ClosingRemarks
ChrisCostanzo
Enclosure 4
Nine Mile Point Unit 1 Loss of Shutdown Cooling Regulatory Conference Introduction
Jim Stanley Plant General Manager
Introduction Enclosure 4 Weareextractingallofthelearningsfromtheevent
- AnyunplannedlossofSDCissignificantanddoesnotmeet ourexpectations
- Actionstakentorespondrapidlyandthoroughly
- Fixedprocedurestopreventrecurrence
- RestructuredNMP2outageschedule(LOOP/LOCAtesting)
- ManagingactionswithinourCorrectiveActionProgram Wehavenewdataandinformationtoshowwhythe industrymethodologyforassessinghuman performanceappliedbyNMPshouldbeusedto evaluatethesignificanceoftheevent
Introduction Enclosure 4 TechnicaldifferencebetweenCENGandNRCStaffanalysis ofsafetysignificance
- DifferenceisinhowCENGandNRCStaffarehandlingHU elements
- CENGPRAyieldsCCDF5.6E8
- NRCStaffPRAinvokesRASPHUlimitandyieldsCCDF1.1E6
- NMPbelievestheRASPdoesnotfullytakeintoaccountotherhuman elementsofthisevent
- AbsentapplyingtheRASPguidanceHEPfloorof1E6,thereis goodagreementonCCDFbetweenCENGandNRCStaff Summary:NMPbelieves,basedonotherriskmitigating factors,thiseventisofaverylowsafetysignificance Green
Enclosure 4
Nine Mile Point Unit 1 Loss of Shutdown Cooling Regulatory Conference
Summary of Event and Timeline
John Bouck Manager, Operations
SummaryofEvent and Timeline Enclosure 4 April16,2013,U1wasshutdownforrefueling Rxincoldshutdown(Mode4),RVheadinstalledbut detensioned-drywelldomeheadisoff
- RPVheadisvented-6inchventpipe
- RPVlevelisattheRVflange/Timetoboil: Approximately2hrs
- #12SDCpumpwasinservice
- #11and#13SDCpumpswereavailablebutbreakerswereracked outforLOOP/LOCAtesting
- Prejobbriefingtoprepareforrackinginbreakers
- Operatorswerestandingbylocallytorackinbreakersifnecessary asaplannedcontingency;theywerebriefedwithPPEstaged
- Workerswereinthereactorcavityatthistime Normal RFO conditions
SummaryofEvent and Timeline Enclosure 4 LossofPowertoBatteryBoard(BB)#12 1444(T=62m)to1545(T=1)
- Controlboardannunciationandidentificationby Operators
- Noequipmentfailuresorfaults
- SDCpump#12continuedtorun(verifiedbyOperators)
- MethodicalanddeliberateactionstorestorepowertoBB
- 12 There were no equipment failures; SDC in service
SummaryofEvent and Timeline Enclosure 4 LossofShutdownCooling
- 1546(T=0): ClosureofStaticBatteryCharger(SBC)171A attemptedperN1OP47A,125VDCPowerSystems
- MomentarilyenergizedBB#12-butimmediatelytripped
- SDCPump#12tripped
- OriginallossofDCpowercausedthehighsuctiontemperaturerelaytolosepower
- TripcoilmomentarilyenergizedwhenBB#12energizedtrippingSDCpump#12
- 1550(T=+4m): ControlRoomStaffnotedachangeincritical parameters:
- RBCLCtemperaturedropped67degrees
- 0ampsonSDCpump#12
- IdentifiedtripofSDCpump#12andenteredN1SOP6.1,LossofSDC
- Onlytook4minutestodiagnosetheproblem Through continuous review of critical plant parameters, Operators recognized the loss of SDC in 4 minutes
SummaryofEvent and Timeline
Enclosure 4
Recovery
- 1550-1603: Firststeps
- Shutdownsafetyriskreviewed
- Directedrackinginbreakersfor#11and#13SDCpumps
- ElectricalprintswerereviewedandquicklyidentifiedthereasontheSDCpump tripped
- 1603(T=+17): SDCpump#11started(SDCpumprestartedin17min)
- CommencedeffortstorestoreSDCperprocedure
- 1615(T=+29m): SDCpump#13started
- 1620(T=+34m):Coolantflowthroughcorerestoredinaccordancewith procedurestotalriseinRPVwatertemperature:30degreesF
- 1648(T=+62m): BB#12powerfromSBC171AwithSDCpump#12now available
- 1656(T=+70m):SOP47A.1andSOP6.1exited(70minafterlossofSDC)
- 1711: BreakerforBB#12isclosed
SDC pump restarted in 17 minutes
SummaryofEvent and Timeline
Enclosure 4
Summary
- SDCwasnotlostwhenBatteryBoard#12wasdisconnectedduetoa HUerror
- LossofSDCwasdiagnosedin4minutes
- SDCpumpwasrestartedin17minutes
- Coolantflowthroughcorewasrestoredin34minutes
- TherewerenoequipmentfailuresorHUerrorsassociatedwiththeloss orrestartingofSDC
- LicensedOperatorsrespondedinaccordancewithstandardpractice, training,procedures,andpreestablishedcontingencies
- OperatorsareregularlytrainedonlossofSDC(includingsimulator scenarios)
Prompt restoration of normal conditions
Enclosure 4
Nine Mile Point Unit 1 Loss of Shutdown Cooling Regulatory Conference
Additional Risk Mitigating Barriers
Jim Vaughn NMP1 Shift Manager
PRAConceptOverview
Enclosure 4
Shutdown Cooling RPV Level
Diagnose -
- Diagnose Action -
And And
- Action
Or
CCDF
Lost SDC but never lost RPV level make-up and management
ThreeSuccessPaths withRedundancy Enclosure 4 ThreeSuccessPathswithSignificantRedundancy
- #1)NormalMakeup
- #2)IdentifyLossofSDC&RestoreSDC
- #3)IdentifyLevelDrop&RestoreLevel Reminder: Successfulidentificationofanyofthe cuesassociatedwithanyofthesuccesspaths(13) yieldsasuccessfuloutcome(e.g.,nocoredamage)
AdditionalMitigation RiskFactors Enclosure 4
- 1-BWRshutdownlevelcontrol
- RPVmakeup: Condensate/feedwatersystem
- RPVletdown:ReactorWaterCleanupSystem
- AnyloweringRPVlevelduetoboiloffwouldhavebeenimmediately addressedbyadjustingmakeuporletdown
- ThisOperatoractionistheprimarybarrierofmaintainingcoreinventory atanytimeduringshutdownconditions A dedicated Reactor Operator was actively managing RPV level during the event - there was never a loss of RPV level control
MaintenanceofRPV Level inCold Shutdown
Enclosure 4
Monitor Level Raise Flow Going In Lower Flow Going Out
Level too Or low?
Loss of DC or SDC had no impact on ability to maintain RPV level
ThreeSuccessPaths withRedundancy
Enclosure 4
ThreeSuccessPathswithSignificantRedundancy
- #1)NormalMakeup
- #2)IdentifyLossofSDC&RestoreSDC
- #3)IdentifyLevelDrop&RestoreLevel
Reminder: Successfulidentificationofanyofthe cuesassociatedwithanyofthesuccesspaths(13) yieldsasuccessfuloutcome(e.g.,nocoredamage)
AdditionalMitigation RiskFactors
Enclosure 4
- 2-OperatorspromptlyrecognizedanddiagnosedthelossofSDC.There weremanyopportunitiesforthemtorecognizetheeventintheCR TemperatureIndications
- ReactorWaterCleanup
- ReactorBuildingClosedLoopCooling-inletandoutlet temperatures SDCSystemOperation
- LossofPumpAmperageIndication
- LossofSDCPumpDischargePressure PPCLargeScreenDisplayssetuptomonitorcriticalparameters (screensdisplayedprominentlywithparametertrendsatoppanelsin CR)
DA4267,RB340FireAlarm-Steamwouldsetofffireresponseon RefuelFloor Video#1-Simulatorscenario
Operators recognized loss of SDC in 4 minutes
AdditionalMitigation RiskFactors
Enclosure 4
- 3-Therewouldhavebeenadditionalobviousindications outsidetheCRofalossofSDC
- Headwasdetensionedandventedandtherewereworkersonthe RefuelingFloor;steamreleasewouldhavebeennoticed
- Steamreleasewouldhavesetoffoneofmanyarearadiationmonitors (potentiallypromptinganAlertdeclaration)
- RPTechsintheareawerecontinuouslymonitoringEDs;therearealways RPTechsontheRefuelingFloorduringRFOs
- OutageControlCenter(OCC)staffweremonitoringactivitiesonthe RefuelingFloorbycommunicationsandviacameras
- Video#2-EmergencyCondenserOperations-whatdoes40,000gallons ofwaterboilofflooklike?
A loss of SDC would have been very obvious
AdditionalMitigation RiskFactors
Enclosure 4
TherewerestatementsintheSeptember23,2013, letterneedingclarification:
SDCPumpHiTemp Staff: Operator missedit NMP: Annunciatorissilentduetobatteryloss; therewasnoalarm PPCDisplays Staff: Operator missed it NMP: Notrelevanttoanalysis Bus#12Failure AlarmLog Staff: Operator missedit NMP: Notrelevanttoanalysis
It is not credible for the Operators to miss the loss of SDC
AdditionalMitigation RiskFactors Enclosure 4 Conclusionsregardingrecognizingandrestoring SDC:
- LossofSDCwouldbeobvious
- Actionsarewellproceduralizedandtrainedon
- Demonstratedresponseindicatescrewsarewellprepared torespondtoalossofSDCandtakeactionbeforeRPV levelisevenchallenged
- IFthisfails,thereareevenmoreindicationsand contingenciestorespondtoalossoflevelinaBWR Staff recognizes acceptability of manual actions
ThreeSuccessPaths withRedundancy Enclosure 4 ThreeSuccessPathswithSignificantRedundancy
- #1) NormalMakeup
- #2) IdentifyLossofSDC&RestoreSDC
- #3) IdentifyLevelDrop&RestoreLevel Reminder:Successfulidentificationofanyofthecues associatedwithanyofthesuccesspaths(13)yields asuccessfuloutcome(e.g.,nocoredamage)
AdditionalMitigation RiskFactors
Enclosure 4
- 4-ThereweremanyCRinstrumentsavailablethatwould haveindicatedalossoflevel MultipleLevelIndications(13)
- KpanelFlange3to+3ftflangelevel
- FuelZoneWaterLevelCh.11and12240100*RegGuide1.97]
- KpanelGEMAC0100
- EpanelGEMAC0100
- FpanelCh.11/12Yarways0100*RegGuide1.97]
- FpanelCh.11/12GEMAC0100
- FpanelLevelChartRecorder0100
- FpanelCh.11/12LoLoLo33100*RegGuide1.97]
PPCLargeScreenDisplayssetuptomonitorcriticalparameters (screensdisplayedprominentlywithparametertrendsatoppanels acrosstheControlRoom)
DA4267,RB340FireAlarm-Steamwouldsetofffireresponseon RefuelFloor
Any single indication would have triggered the necessary Operator response
AdditionalMitigation RiskFactors
Enclosure 4
Belowarethe24separateaudiblealarms associatedwithRPVLevel(allavailabletothe Operatorsduringtheevent):
F143/F446Clear(RPSHiLvl,95)
F233Clear(RPVHi/Lolevel,83)
F233Alarm(RPVHi/Lolevel,65)
F113/F416Alarm(RPSRPVLowLevel,53)*EOP/SOPEntry+
F121/F428Alarm(RPSAutoTrip,53)
F242/F343Alarm(ATWSCh.11/12Trouble,5)
F123/F426Alarm(RPSRPVLoLolevel,5)*SOPEntry+
F132/F437Alarm(VesselIsolation,5)
F135/F434Alarm(ContainmentIsolation,5)
F146/F443Alarm(RPSCoreSprayAutoStart,5)
F142/F447Alarm(MainSteamAutoIsolation,5)
F144/F445Alarm(ECAutoInitiation,5)
F133/F436Alarm(RPSLevelLoLoLo,10)
Video#3-MultitudeofCRindications(next)
Any single annunciation would have triggered the necessary Operator response
Enclosure 4 0
Video #3-Multitude of CR Indications
CENG a joint venture of I
Constollatlan..*.. eoF E:nwgy"
AdditionalMitigation RiskFactors Enclosure 4
- 5-Operatorscouldhaveinitiated makeupwithaCRDpumpfromthe ControlRoom
- ThisiscontrarytotheSeptember23, 2013,letterwhichconcludesfieldactions arerequired. Thisisonlytrueduringnon emergency,normaloperations.
- Operatoractionsareincludedinthe procedureandtrainedoninthesimulator.
- Actionsarestraightforwardandregularly trainedon.
AdditionalMitigation RiskFactors Enclosure 4
- 6-Therewereanumberofothersystemsavailabletothe OperatorsforRPVcoolingandmakeup
- Eleven(11)systemswereavailablewithvaryingmakeupcapacityinexcess ofanestimated65gpmboiloffrate
- LossofBB#12restricted5ofthesystemsfor68minafterlossofSDC
- Operatorsaretrainedonall11systemsinavarietyofsimulatedaccident scenarios,includinglossofSDCevents
- Operatorsaretrainedtousethesesystemsinaccordancewithclear,well writtenprocedures
- NRCStaffsInspectionManualPart9900:TechnicalGuidance(seeC4) recognizesmanualactionsareacceptableinplaceofautomaticsystemswith writtenproceduresandtrainingonthoseproceduresbeforehand Any single make-up system would have provided success
AdditionalMitigation RiskFactors Enclosure 4
- 7-CoreSpray(withautomaticinitiation)wasrestoredto availability8.5hoursintoevent
- Couldhavebeenrestoredwithin15minutes-sinceSDChadbeen restored,restorationofCoreSpraywasinaccordancewithpre planning
- CoreSprayrestoredpriortothe9hourprojectedRPVlevelreaching topofactivefuel
- HadtheOperatorsfailedtotakeactiontorestoreSDCordiagnoseand manuallyinject,CoreSpraywouldhaveinjectedautomaticallypriorto uncoveringfuelbasedonthetimelineoftheevent
- NotrecognizedinSeptember23,2013,letter Had NMP recognized Core Spray system availability and communicated this earlier to NRC Staff, a Phase 3 analysis may not have been needed
AdditionalMitigation RiskFactors Enclosure 4
- 8-ThereweremanylicensedOperatorsintheplantatthetime oftheevent
- Inadditiontothelicensedstaff(2ROs&3SROs),therewere5SROs/4 ROs/2additionallicensedmanagersinandincloseproximitytotheCR duringthisevent
- Itistypicalforadditionallicensedpersonneltobeintheplantduring outages
- ClarificationtotheSeptember23,2013,letter:Thereisrecognizedvalue oftheextralicensedpersonnel
- NUREG/CR1278(Section18)creditsfourlicensedCRpersonnelasthe minimumgrouptoaddressevents
- NUREG/CR1278(Section19)recognizesthevalueofadditional licensedpersonnelforrecoveryactions Additional staffing is not credited in PRA analysis
AdditionalMitigation RiskFactors Enclosure 4
- NRCStaffagreesthattheremaybeaddedworthtoadditional personnel,buttheanalystknowsofnootherguidanceon when,how,oriftocreditadditionalpersonnel.
==
Conclusion:==
Thus,thisconservativechoiceintheanalysiswill inflatetheriskassociatedwiththeevent. Witha1.1E6 probability,morerealisticmodelingifavailablewouldlikely drivethenumbertolessthanthe1E6thresholdforawhite finding.
Additional factors would tend to drive PRA analysis results even lower.
Enclosure 4
Nine Mile Point Unit 1 Loss of Shutdown Cooling Regulatory Conference PRA Analysis of Event
Elliott Flick General Manager, Fleet Engineering
PRAAnalysisofEvent Enclosure 4 SummaryViewonPRA:
- Eitheroftwoindependentoperatoractionswouldpreventcore damage(restoreSDCandmaintainRPVlevel)
- CENGandNRCStaffevaluationsdeterminednodependency existedfortheoperatoractions
- CENGandNRCStaffquantitativeevaluationoftheindividual operatoractionscloselyagree
- ResultsdivergebasedonNRCassigningaminimumHEPvalue forthetwocombinedindependentactions:
- CENG:
EPRI/THERP*
- NRCStaff:
SPARH;RASPVolume1,Rev2(NRCStaffGuidance)
Reference:
TechniqueforHumanErrorRatePrediction(THERP)isatechniqueusedinthefieldofHuman ReliabilityAssessment(HRA),forthepurposesofevaluatingtheprobabilityofahumanerroroccurring throughoutthecompletionofaspecifictask.
PRAAnalysisofEvent Enclosure 4 EventwasevaluatedusingstandardPRAtechniques andprinciples MitigationofthiseventrequiredOperatorstoeither:
- RestoreSDC,or
- MaintainRPVabovetopofactivefuel Initialplantconditions(approximate):
- 2hourstoboilinginRPV
- 5hourslowlowLevelinRPV
- 9hoursforinventorytoreachtopofactivefuel 9 hours1.041667e-4 days <br />0.0025 hours <br />1.488095e-5 weeks <br />3.4245e-6 months <br /> were available to take actions.
PRAAnalysisofEvent
Enclosure 4
BothCENGandNRCStaffanalysisagreed:zerodependency associatedwiththetwoactions Dependencyfactorsconsidered:
- SameCrew:ashiftturnoverwouldhaveoccurredpriortoaprojected boilofftotopofactivefuel;
- CommonCognitive:avarietyofcuesandproceduresapplied
- SameTime:cuesoccuroveralengthytimeframe(hours)
- AdequateResources:Extrapersonnelalmostdoublethenormal controlroomcomplement
- HighStress:weclassifiedthisasanominalstressevent
- SameLocation:strongcuesfrombothcontrolroomandrefuelfloor
- Timing:substantialtimewasavailabletoact
Agreement on zero dependency - differences between NRC Staff & CENG analysis of human performance factors.
PRAAnalysisofEvent
Enclosure 4
TheRASPhandbookreferencesEPRIReport1021081 EstablishingMinimumAcceptableValuesfor ProbabilitiesofHumanFailureEvents,forthesetype ofevaluations.FromRASPhandbook:
- EPRIReport1021081providesamoredetailedapproachin determiningthelevelofdependencebetweenHFEsandapplying minimumjointprobabilities.Basedonthedeterminationofthelevel ofdependence,ananalystwillassignajointHEPof105(low dependence)or106(verylowdependence).Inaddition,thereport statesthat,ifthecriteriaforindependentHFEsaremet,itshould notbenecessarytoemployanalternativeminimumvaluerather thantheonecalculated.
Minimum HEP should not always be applied.
PRAAnalysisofEvent Enclosure 4 CENGandNRCStaffagree:
- RiskCalculation(w/otheRASPguidance1E6quantification limit)isatleast5.6E8 AlignmentofSDCandRPVinjection NRCCCDP CENGCCDP NoJointHEPquantitativelimit 6.1E8 5.6E8 JointHEPquantitativelimit1E7 1.4E7 1.6E7 JointHEPquantitativelimit5E7 5.4E7 5.6E7 JointHEPquantitativelimit1E6(usingRASPHandbook guidance) 1.1E6 1.1E6 NRC Staff & CENG calculations are close.
PRAAnalysisofEvent Enclosure 4 RASPguidanceassigninga1E6limitformultipleHFEs
- CompensatesforlimitationsinabilityforexistingPRAmethods toevaluatetheHEPforhighlyreliableactions
- However,1E6hasnofirmtechnicalbasis
- Applyingthelimitdoesnotdiscriminatebetweencaseswhere therearemanyversusasinglesuccesspath
- Applying1E6maynotsignificantlyaffectbaseCDF/LERF
- 1E6waschosenasnottodominatetheriskresults Applying the minimum HEP has value in many cases; however it is not applicable to this case.
PRAAnalysisofEvent Enclosure 4 Applying1E6limitisinappropriateinthiscase
- Giventheplethoraofcues,itisinconceivablethatthe operatorswouldnothavethecorrectplantstatusassessment
- Nomechanism(cognitiveorphysical)canbepostulatedthat wouldresultinafailuretorespondinthetimeavailable
- 1E6hasnofirmtechnicalbasis
- 1E6issoconservativethatitdrivestheoutcomeoftheSDP Applying the minimum HEP significantly distorts reality and is inappropriate in this case.
ConservatismsOverstate Risk&Dilute Insights Enclosure 4
+
InaccurateCharacterisationofRisk
=
1E6Quantitativelimitconservatism OverwhelmingindicationsonRefuelfloor andintheControlRoomConservatism
+
CRStaffing,Stress,Training Conservatism
+
Multipleindication andsuccesspath conservatism
+
Layers of CrewTurnover Conservatism Conservatism
PRAAnalysisofEvent
Enclosure 4
HRAmodelingofactionswithverylowprobabilitiesis challengingandtheresultingHEPsareveryuncertain Qualitativefactorsmustalsobeconsideredtogivean accurateassessmentofrisk
DefenseinDepth/ConservativePRAtechniquesdistort riskperspective
Riskinformeddecisionmakingmustrecognizethe limitationsofquantifyingveryreliable,independent humanactions
Assessing plant performance should recognize qualitative risk mitigating factors and independence in this case.
PRAAnalysis-LERFAnalysis
Enclosure 4
LargeEarlyReleaseFrequency(LERF)analysis projectsmargintopublicrisk
- TheNRCStaffevaluationassumesalargereleaseoccurs<2 hoursafterRPVlevellowerstothetopofactivefuel
- Computermodeling(MAAP)concludesnoappreciable releasebefore4.6hours
- CENGandNRCStaffagreethataGeneralEmergency evacuationcouldbeeffectivelycompletedin2hours(less thanhalfthetimebeforeaprojectedearlyreleaseperMAAP predictions)
There was a longer time to projected release.
PRAAnalysis-Evacuation Study Enclosure 4 Risktothepublicwasverylow;studyshowed evacuationcouldbeeffectivelycompletedwithin1hr 40minutes
- Commissionedanevacuationtimeestimateanalysisusing actualconditionsatthetimeaGeneralEmergencywould bedeclared
- UsedguidanceinNUREG/CR7002,CriteriaforEvacuation TimeEstimateStudies There was time to evacuate the public.
Enclosure 4
Nine Mile Point Unit 1 Loss of Shutdown Cooling Regulatory Conference
Lessons Learned and Conclusions
Jim Stanley General Plant Manager
Conclusions
Enclosure 4
Weareextractingallthelearningsfromtheevent
- AnyunplannedlossofSDCissignificantanddoesnot meetourexpectations
- TakenActions-respondedrapidlyandthoroughly
- Fixedprocedureproblemstopreventrecurrence
- RestructuredNMP2soutageschedule(LOOP/LOCAtesting)
- Managingactionswithinourcorrectiveaction program
Wehavecommunicatednewdataand informationtoshowwhytheindustry methodologyforassessinghumanperformance appliedbyNMPshouldbeusedtoevaluatethe significanceofevent;
Conclusions
Enclosure 4
WebelievetheCENGPRAanalysisforNMP1issound
- CENGPRAyieldsCCDF5.6E8forthisevent
- Analysisbasedonacceptedindustrymethodology
- Includesconservatism/providesamorerealisticpictureofrisk
- Potentialhumanerrorsareunderstoodandmodeled
- Additionalriskmitigatingbarriers
- Staffguidance(Part9900):acceptabletocreditmanualactions
- Anautomaticallyinitiatedsystem(CS)wasrestoredpriortothe projectedtimeof9hours(RPVleveltotopofactivefuel)
- OperatorsneverlostawarenessandcontrolofRPVlevel Summary:NMPbelieves,basedonouranalysisandother riskmitigatingfactors,thiseventisofaverylowsafety significanceGreen
QuestionsandClosingRemarks
Enclosure 4