Technical Specification Bases 3.8.1

ML14342A189
Person / Time
Site:	McGuire, Mcguire
Issue date:	11/04/2014
From:	Duke Energy Carolinas
To:	Office of Nuclear Reactor Regulation
Shared Package
ML14339A712	List: ML14339A659 ML14339A714 ML14339A716 ML14339A719 ML14339A720 ML14339A721 ML14339A722 ML14339A723 ML14339A724 ML14339A725 ML14339A726 ML14339A727 ML14339A747 ML14339A748 ML14339A749 ML14339A750 ML14339A751 ML14339A764 ML14339A765 ML14339A766 ML14339A768 ML14339A769 ML14339A781 ML14339A782 ML14339A783 ML14339A790 ML14339A791 ML14339A792 ML14339A793 ML14339A794 ML14339A795 ML14339A804 ML14339A805 ML14339A806 ML14339A807 ML14339A808 ML14339A809 ML14339A810 ML14339A811 ML14339A812 ML14339A825 ML14339A827 ML14339A828 ML14339A829 ML14339A830 ML14342A055 ML14342A056 ML14342A057 ML14342A058 ML14342A059 ... further results
References
MNS-14-088
Download: ML14342A189 (28)
v • d • e

Text

McGuire Units 1 and 2 B 3.8.1-1 Revision No. 115 AC SourcesOperating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC SourcesOperating BASES BACKGROUND The unit Essential Auxiliary or Class 1E AC Electrical Power Distribution System AC sources consist of the offsite power sources (preferred power sources, normal and alternate(s)), and the onsite standby power sources (Train A and Train B diesel generators (DGs)). As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems.

The onsite Class 1E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to two preferred offsite power sources and a single DG.

Offsite power is supplied to the unit switchyard(s) from the transmission network by two transmission lines. From the switchyard(s), two electrically and physically separated circuits provide AC power, through step down station auxiliary transformers, to the 4.16 kV ESF buses. A detailed description of the offsite power network and the circuits to the Class 1E ESF buses is found in the UFSAR, Chapter 8 (Ref. 2).

A qualified offsite circuit consists of all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1E ESF bus(es).

The offsite transmission systems normally supply their respective unit's onsite power supply requirements. However, in the event that one or both buslines of a unit become unavailable, or by operational desire, it is acceptable to supply that unit's offsite to onsite power requirements by aligning the affected 4160V bus of the opposite unit via the standby transformers, SATA and SATB in accordance with Regulatory Guides 1.6 and 1.81 (Ref. 12 and 13). In this alignment, each unit's offsite transmission system could simultaneously supply its own 4160V buses and one (or both) of the buses of the other unit.

Although a single auxiliary transformer (1ATA, 1ATB, 2ATA, 2ATB) is sized to carry all of the auxiliary loads of its unit plus both trains of essential 4160V loads of the opposite unit, the LCO would not be met in this alignment due to separation criteria.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-2 Revision No. 115 BACKGROUND (continued)

Each unit's Train A and B 4160V bus must be derived from separate offsite buslines. The first offsite power supply can be derived from any of the four buslines (1A, 1B, 2A, or 2B). The second offsite power supply must not derive its power from the same busline as the first.

Acceptable train and unit specific breaker alignment options are described below:

Unit 1 A Train

1. BL1A-1ATA-1TA-1ATC-1ETA

2. BL1B-1ATB-1TA-1ATC-1ETA

3. BL1A-1ATA-1TC-SATA-1ETA

4. BL1B-1ATB-1TC-SATA-1ETA

5. BL2A-2ATA-2TC-SATA-1ETA

6. BL2B-2ATB-2TC-SATA-1ETA Unit 1 B Train

1. BL1B-1ATB-1TD-1ATD-1ETB

2. BL1A-1ATA-1TD-1ATD-1ETB

3. BL1B-1ATB-1TB-SATB-1ETB

4. BL1A-1ATA-1TB-SATB-1ETB

5. BL2B-2ATB-2TB-SATB-1ETB

6. BL2A-2ATA-2TB-SATB-1ETB Unit 2 A Train

1. BL2A-2ATA-2TA-2ATC-2ETA

2. BL2B-2ATB-2TA-2ATC-2ETA

3. BL2A-2ATA-2TC-SATA-2ETA

4. BL2B-2ATB-2TC-SATA-2ETA

5. BL1A-1ATA-1TC-SATA-2ETA

6. BL1B-1ATB-1TC-SATA-2ETA Unit 2 B Train

1. BL2B-2ATB-2TD-2ATD-2ETB

2. BL2A-2ATA-2TD-2ATD-2ETB

3. BL2B-2ATB-2TB-SATB-2ETB

4. BL2A-2ATA-2TB-SATB-2ETB

5. BL1B-1ATB-1TB-SATB-2ETB

6. BL1A-1ATA-1TB-SATB-2ETB

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-3 Revision No. 115 BACKGROUND (continued)

Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the transformer supplying offsite power to the onsite Class 1E Distribution System. Typically (via accelerated sequencing), within 1 minute after the initiating signal is received, all loads needed to recover the unit or maintain it in a safe condition are returned to service.

The onsite standby power source for each 4.16 kV ESF bus is a dedicated DG. DGs A and B are dedicated to ESF buses ETA and ETB, respectively.

A DG starts automatically on a safety injection (SI) signal (i.e., low pressurizer pressure or high containment pressure signals) or on an ESF bus degraded voltage or undervoltage signal (refer to LCO 3.3.5, "Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation"). After the DG has started, it will automatically tie to its respective bus after offsite power is tripped as a consequence of ESF bus undervoltage or degraded voltage, independent of or coincident with an SI signal. The DGs will also start and operate in the standby mode without tying to the ESF bus on an SI signal alone. Following the trip of offsite power, a sequencer strips loads from the ESF bus. When the DG is tied to the ESF bus, loads are then sequentially connected to its respective ESF bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of a loss of preferred power, the ESF electrical loads are automatically connected to the DGs in sufficient time to provide for safe reactor shutdown and to mitigate the consequences of a Design Basis Accident (DBA) such as a loss of coolant accident (LOCA).

Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the DG in the process.

Typically (via accelerated sequencing), within 1 minute after the initiating signal is received, all loads needed to recover the unit or maintain it in a safe condition are returned to service.

Ratings for Train A and Train B DGs satisfy the requirements of Regulatory Guide 1.9 (Ref. 3). The continuous service rating of each DG is 4000 kW with 10% overload permissible for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> in any 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> period. The ESF loads that are powered from the 4.16 kV ESF buses are listed in Reference 2.

APPLICABLE The initial conditions of DBA and transient analyses in the UFSAR, SAFETY ANALYSES Chapter 6 (Ref. 4) and Chapter 15 (Ref. 5), assume ESF systems are OPERABLE. The AC electrical power sources are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-4 Revision No. 115 APPLICABLE SAFETY ANALYSES (continued)

Coolant System (RCS), and containment design limits are not exceeded.

These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS);

and Section 3.6, Containment Systems.

The OPERABILITY of the AC electrical power sources is consistent with the initial assumptions of the Accident analyses and is based upon meeting the design basis of the unit. This results in maintaining at least one train of the onsite or offsite AC sources OPERABLE during Accident conditions in the event of:

a.

An assumed loss of all offsite power or all onsite AC power; and

b.

A worst case single failure.

The AC sources satisfy Criterion 3 of 10 CFR 50.36 (Ref. 6).

LCO Two qualified circuits between the offsite transmission network and the onsite Class 1E Electrical Power System and separate and independent DGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an anticipated operational occurrence (AOO) or a postulated DBA.

Qualified offsite circuits are those that are described in the UFSAR and are part of the licensing basis for the unit.

In addition, one required automatic load sequencer per train must be OPERABLE.

Each offsite circuit must be capable of maintaining rated frequency and voltage, and accepting required loads during an accident, while connected to the ESF buses.

The 4.16 kV essential system is divided into two completely redundant and independent trains designated A and B, each consisting of one 4.16 kV switchgear assembly, two 4.16 kV/600 V load centers, and associated loads.

Normally, each Class 1E 4.16 kV switchgear is powered from its associated non-Class 1E train of the 6.9 kV Normal Auxiliary Power System as discussed in "6.9 kV Normal Auxiliary Power System" in Chapter 8 of the UFSAR (Ref. 2). Additionally, an alternate source of power to each 4.16 kV essential switchgear is provided from the 6.9 kV system via a separate and independent 6.9/4.16 kV transformer. Two transformers are shared between units and provide the capability to supply an alternate source of power to each unit's 4.16 kV essential

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-5 Revision No. 115 LCO (continued) switchgear from either unit's 6.9 kV system. A key interlock scheme is provided to preclude the possibility of connecting the two units together at either the 6.9 or 4.16 kV level.

Each train of the 4.16 kV Essential Auxiliary Power System is also provided with a separate and independent emergency diesel generator to supply the Class 1E loads required to safely shut down the unit following a design basis accident.

Each DG must be capable of starting, accelerating to rated speed and voltage, and connecting to its respective ESF bus on detection of bus undervoltage. This will be accomplished within 11 seconds. Each DG must also be capable of accepting required loads within the assumed loading sequence intervals, and continue to operate until offsite power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as DG in standby with the engine hot and DG in standby with the engine at ambient conditions.

Additional DG capabilities must be demonstrated to meet required Surveillance, e.g., capability of the DG to revert to standby status on an ECCS signal while operating in parallel test mode.

Proper sequencing of loads is a function of Sequencer OPERABILITY.

Proper load shedding is a function of DG OPERABILITY. Proper tripping of non-essential loads is a function of AC Bus OPERABILITY (Condition A of Technical Specification 3.8.9).

The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.

Both normal and emergency power must be OPERABLE for a shared component to be OPERABLE. If normal or emergency power supplying a shared component becomes inoperable, then the Required Actions of the affected shared component LCO must be entered independently for each unit that is in the MODE of applicability of the shared component LCO.

The shared component LCOs are:

3.7.7 - Nuclear Service Water System (NSWS),

3.7.9 - Control Room Area Ventilation System (CRAVS),

3.7.10 - Control Room Area Chilled Water System (CRACWS), and 3.7.11 - Auxiliary Building Filtered Ventilation Exhaust System (ABFVES).

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-6 Revision No. 115 APPLICABILITY The AC sources and sequencers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:

a.

Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and

b.

Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.

The AC power requirements for MODES 5 and 6 are covered in LCO 3.8.2, "AC SourcesShutdown."

ACTIONS A Note prohibits the application of LCO 3.0.4.b to an inoperable DG.

There is an increased risk associated with entering a MODE or other specified condition in the Applicability with an inoperable DG and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.

A.1 To ensure a highly reliable power source remains with one offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition C, for two offsite circuits inoperable, is entered.

A.2 Required Action A.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function of critical redundant required features. These features are powered from the redundant AC electrical power train. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three independent AFW pumps are required to ensure the

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-7 Revision No. 115 ACTIONS (continued) availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis.

The Completion Time for Required Action A.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:

a.

The train has no offsite power supplying its loads; and

b.

A required feature on the other train is inoperable.

If at any time during the existence of Condition A (one offsite circuit inoperable) a redundant required feature subsequently becomes inoperable, this Completion Time begins to be tracked.

Discovering no offsite power to one train of the onsite Class 1E Electrical Power Distribution System coincident with one or more inoperable required support or supported features, or both, that are associated with the other train that has offsite power, results in starting the Completion Times for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to Train A and Train B of the onsite Class 1E Distribution System. The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time takes into account the component OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

A.3 According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. With one offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-8 Revision No. 115 ACTIONS (continued)

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action A.3 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total of 144 hours0.00167 days <br />0.04 hours <br />2.380952e-4 weeks <br />5.4792e-5 months <br />, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."

This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

B.2 Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-9 Revision No. 115 ACTIONS (continued) independent AFW pumps are required to ensure the availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis. Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable DG.

The Completion Time for Required Action B.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:

a.

An inoperable DG exists; and

b.

A required feature on the other train (Train A or Train B) is inoperable.

If at any time during the existence of this Condition (one DG inoperable) a required feature subsequently becomes inoperable, this Completion Time would begin to be tracked.

Discovering one required DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the Completion Time for the Required Action. Four hours from the discovery of these events existing concurrently is Acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not been lost. The 4 hour4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-10 Revision No. 115 ACTIONS (continued)

B.3.1 and B.3.2 Required Action B.3.1 provides an allowance to avoid unnecessary testing of OPERABLE DG(s). If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed. If the cause of inoperability exists on other DG(s), the other DG(s) would be declared inoperable upon discovery and Condition E of LCO 3.8.1 would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action B.3.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG(s),

performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the problem investigation process will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> constraint imposed while in Condition B.

These Conditions are not required to be entered if the inoperability of the DG is due to an inoperable support system, an independently testable component, or preplanned testing or maintenance. If required, these Required Actions are to be completed regardless of when the inoperable DG is restored to OPERABLE status.

According to Generic Letter 84-15 (Ref. 8), 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG.

B.4 According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition B for a period that should not exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-11 Revision No. 115 ACTIONS (continued)

OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

This could lead to a total of 144 hours0.00167 days <br />0.04 hours <br />2.380952e-4 weeks <br />5.4792e-5 months <br />, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

C.1 and C.2 Required Action C.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> from that allowed for one train without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is that Regulatory Guide 1.93 (Ref. 7) allows a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE. When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is appropriate. These features are powered from redundant AC safety trains. This includes motor driven auxiliary feedwater pumps.

Single train features, such as turbine driven auxiliary pumps, are not included in the list.

The Completion Time for Required Action C.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action the Completion Time only begins on discovery that both:

a.

All required offsite circuits are inoperable; and

b.

A required feature is inoperable.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-12 Revision No. 115 ACTIONS (continued)

If at any time during the existence of Condition C (two offsite circuits inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked.

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition C for a period that should not exceed 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds to a total loss of the immediately accessible offsite power sources.

Because of the normally high availability of the offsite sources, this level of degradation may appear to be more severe than other combinations of two AC sources inoperable that involve one or more DGs inoperable.

However, two factors tend to decrease the severity of this level of degradation:

a.

The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and

b.

The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source.

With both of the required offsite circuits inoperable, sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a DBA or transient. In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety analysis. Thus, the 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.

According to Reference 6, with the available offsite AC sources, two less than required by the LCO, operation may continue for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. If two offsite sources are restored within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, unrestricted operation may continue. If only one offsite source is restored within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, power operation continues in accordance with Condition A.

D.1 and D.2 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in de-energization. Therefore, the Required Actions of Condition D are

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-13 Revision No. 115 ACTIONS (continued) modified by a Note to indicate that when Condition D is entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9, "Distribution SystemsOperating," must be immediately entered. This allows Condition D to provide requirements for the loss of one offsite circuit and one DG, without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train.

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition D for a period that should not exceed 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.

In Condition D, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition C (loss of both required offsite circuits). This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

E.1 With Train A and Train B DGs inoperable, there are no remaining standby AC sources. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions. Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk associated with continued operation for a very short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the time allowed for continued operation is severely restricted. The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with this level of degradation.

According to Reference 7, with both DGs inoperable, operation may continue for a period that should not exceed 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.

F.1 The sequencer(s) is an essential support system to both the offsite circuit and the DG associated with a given ESF bus. Furthermore, the

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-14 Revision No. 115 ACTIONS (continued) sequencer is on the primary success path for most major AC electrically powered safety systems powered from the associated ESF bus.

Therefore, loss of an ESF bus sequencer affects every major ESF system in the train. The 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> Completion Time provides a period of time to correct the problem commensurate with the importance of maintaining sequencer OPERABILITY. This time period also ensures that the probability of an accident (requiring sequencer OPERABILITY) occurring during periods when the sequencer is inoperable is minimal.

G.1 and G.2 If the inoperable AC electric power sources cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.

H.1 Condition H corresponds to a level of degradation in which all redundancy in the AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. Therefore, no additional time is justified for continued operation. The unit is required by LCO 3.0.3 to commence a controlled shutdown.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-15 Revision No. 115 SURVEILLANCE The AC sources are designed to permit inspection and testing of all REQUIREMENTS important areas and features, especially those that have a standby function, in accordance with 10 CFR 50, Appendix A, GDC 18 (Ref. 9).

Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions). The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Regulatory Guide 1.137 (Ref. 11), as addressed in the UFSAR.

Since the McGuire DG manufacturer, Nordberg, is no longer in business, McGuire engineering is the designer of record. Therefore, the term "manufacturer's or vendor's recommendations" is taken to mean the recommendations as determined by McGuire engineering, with specific Nordberg input as it is available, that were intended for the DGs, taking into account the maintenance, operating history, and industry experience, when available.

Where the SRs discussed herein specify voltage and frequency tolerances, the following is applicable. The minimum steady state output voltage of 3740 V is 90% of the nominal 4160 V output voltage. This value allows for voltage drop to the terminals of 4000 V motors whose minimum operating voltage is specified as 90% or 3600 V. It also allows for voltage drops to motors and other equipment down through the 120 V level where minimum operating voltage is also usually specified as 90%

of name plate rating. The specified maximum steady state output voltage of 4580 V is equal to the maximum operating voltage specified for 4000 V motors. It ensures that for a lightly loaded distribution system, the voltage at the terminals of 4000 V motors is no more than the maximum rated operating voltages. The specified minimum and maximum frequencies of the DG are 58.8 Hz and 61.2 Hz, respectively. These values are equal to

+/- 2% of the 60 Hz nominal frequency and are derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3).

SR 3.8.1.1 This SR ensures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that appropriate independence of offsite circuits is maintained. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-16 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.2 and SR 3.8.1.7 These SRs help to ensure the availability of the standby electrical power supply to mitigate DBAs and transients and to maintain the unit in a safe shutdown condition.

To minimize the wear on moving parts that do not get lubricated when the engine is not running, these SRs are modified by a Note (Note 2 for SR 3.8.1.2) to indicate that all DG starts for these Surveillances may be preceded by an engine prelube period and followed by a warmup period prior to loading.

For the purposes of SR 3.8.1.2 and SR 3.8.1.7 testing, the DGs are started from standby conditions using a manual start, loss of offsite power signal, safety injection signal, or loss of offsite power coincident with a safety injection signal. Standby conditions for a DG mean that the diesel engine coolant and oil are being continuously circulated and temperature is being maintained consistent with manufacturer recommendations.

In order to reduce stress and wear, the manufacturer recommends a modified start in which the DGs are gradually accelerated to synchronous speed prior to loading. These start procedures are the intent of Note 3, which is only applicable when such modified start procedures are recommended by the manufacturer.

SR 3.8.1.7 requires that the DG starts from standby conditions and achieves required voltage and frequency within 11 seconds. The 11 second start requirement supports the assumptions of the design basis LOCA analysis in the UFSAR, Chapter 15 (Ref. 5).

The 11 second start requirement is not applicable to SR 3.8.1.2 (see Note 3) when a modified start procedure as described above is used. If a modified start is not used, the 11 second start requirement of SR 3.8.1.7 applies.

Since SR 3.8.1.7 requires a 11 second start, it is more restrictive than SR 3.8.1.2, and it may be performed in lieu of SR 3.8.1.2. This is the intent of Note 1 of SR 3.8.1.2.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-17 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to the equivalent of the maximum expected accident loads. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.

Although no power factor requirements are established by this SR, the DG is normally operated at a power factor between 0.8 lagging and 1.0.

The 0.8 value is the design rating of the machine, while the 1.0 is an operational limitation to ensure circulating currents are minimized. The load band is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by four Notes. Note 1 indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized. Note 2 states that momentary transients, because of changing bus loads, do not invalidate this test. Similarly, momentary power factor transients above the limit do not invalidate the test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations. Note 4 stipulates a prerequisite requirement for performance of this SR. A successful DG start must precede this test to credit satisfactory performance.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-18 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is adequate for approximately 30 minutes of DG operation at full load, which allows for an orderly shutdown of the DG should fuel replenishment to the day tank become unavailable.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation. There are numerous bacteria that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks eliminates the necessary environment for bacterial survival. This is the most effective means of controlling microbiological fouling. In addition, it eliminates the potential for water entrainment in the fuel oil during DG operation. Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and breakdown of the fuel oil by bacteria. Frequent checking for and removal of accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is for preventative maintenance. The presence of water does not necessarily represent failure of this SR, provided the accumulated water is removed during the performance of this Surveillance.

SR 3.8.1.6 This Surveillance demonstrates that each required fuel oil transfer pump operates and transfers fuel oil from its associated storage tank to its associated day tank. This is required to support continuous operation of standby power sources. This Surveillance provides assurance that the fuel oil transfer pump is OPERABLE, the fuel oil piping system is intact, the fuel delivery piping is not obstructed, and the controls and control systems for automatic fuel transfer systems are OPERABLE.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-19 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.7 See SR 3.8.1.2.

SR 3.8.1.8 Transfer of each 4.16 kV ESF bus power supply from the normal offsite circuit to the alternate offsite circuit demonstrates the OPERABILITY of the alternate circuit distribution network to power the shutdown loads.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is that, during operation with the reactor critical, performance of this SR could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and, as a result, unit safety systems.

SR 3.8.1.9 Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single load without exceeding predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the single load for each DG and its kilowatt rating is as follows: Nuclear Service Water Pump which is a 576 kW motor. This Surveillance may be accomplished by:

a.

Tripping the DG output breaker with the DG carrying greater than or equal to its associated single largest post-accident load while paralleled to offsite power, or while solely supplying the bus; or

b.

Tripping its associated single largest post-accident load with the DG solely supplying the bus.

As required by Regulatory Guide 1.9 (Ref. 3), the load rejection test is acceptable if the increase in diesel speed does not exceed 75% of the

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-20 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued) difference between synchronous speed and the overspeed trip setpoint, or 15% above synchronous speed, whichever is lower.

The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequence intervals. The 3 seconds specified is equal to 60% of a typical 5 second load sequence interval associated with sequencing of the largest load. The voltage and frequency specified are consistent with the design range of the equipment powered by the DG.

SR 3.8.1.9.a corresponds to the maximum frequency excursion, while SR 3.8.1.9.b and SR 3.8.1.9.c are steady state voltage and frequency values to which the system must recover following load rejection. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This Surveillance is performed with the DG connected to its bus in parallel with offsite power supply. The DG is tested under maximum kVAR loading, which is defined as being as close to design basis conditions as practical subject to offsite power conditions. Design basis conditions have been calculated to be greater than 0.9 power factor. During DG testing, equipment ratings are not to be exceeded (i.e., without creating an overvoltage condition on the DG or 4 kV emergency buses, over-excitation in the generator, or overloading the DG emergency feeder while maintaining the power factor greater than or equal to 0.9).

This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3.8.1.10 This Surveillance demonstrates the DG capability to reject a full load without overspeed tripping or exceeding the predetermined voltage limits.

The DG full load rejection may occur because of a system fault or inadvertent breaker tripping. This Surveillance ensures proper engine generator load response under the simulated test conditions. This test simulates the loss of the total connected load that the DG experiences following a full load rejection and verifies that the DG does not trip upon loss of the load. These acceptance criteria provide for DG damage protection. While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG is not degraded for future application, including reconnection to the bus if the trip initiator can be corrected or isolated.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-21 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

Although not representative of the design basis inductive loading that the DG would experience, a power factor of approximately unity (1.0) is used for testing. This power factor is chosen in accordance with manufacturer's recommendations to minimize DG overvoltage during testing.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3.8.1.11 As required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.4, this Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source. This test verifies the de-energization of the emergency buses, load shedding from the emergency buses and energization of the emergency buses and blackout loads from the DG. Tripping of non-essential loads is not verified in this test. It further demonstrates the capability of the DG to automatically achieve the required voltage and frequency within the specified time.

The DG autostart time of 11 seconds is derived from requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability is achieved.

The requirement to verify the connection and power supply of the emergency bus and autoconnected loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, Emergency Core Cooling Systems (ECCS) injection valves are not desired to be stroked open, or high pressure injection systems are not capable of being operated at full flow, or residual heat removal (RHR) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-22 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued) capability of the DG systems to perform these functions is acceptable.

This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations. The reason for Note 2 is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems.

SR 3.8.1.12 This Surveillance demonstrates that the DG automatically starts and achieves the required voltage and frequency within the specified time (11 seconds) from the design basis actuation signal (LOCA signal) and operates for 5 minutes. The 5 minute period provides sufficient time to demonstrate stability. SR 3.8.1.12.d ensures that the emergency bus remains energized from the offsite electrical power system on an ESF signal without loss of offsite power. This Surveillance also verified the tripping of non-essential loads. Tripping of non-essential loads is verified only once, either in this SR or in SR 3.8.1.19, since the same circuitry is tested in each SR.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

SR 3.8.1.13 This Surveillance demonstrates that DG non-emergency protective functions (e.g., high jacket water temperature) are bypassed on a loss of voltage signal concurrent with an ESF actuation test signal.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-23 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

The non-emergency automatic trips are all automatic trips except:

a.

Engine overspeed;

b.

Generator differential current;

c.

Low lube oil pressure; and

d.

Generator voltage - controlled overcurrent.

The non-emergency trips are bypassed during DBAs and provide an alarm on an abnormal engine condition. This alarm provides the operator with sufficient time to react appropriately. The DG availability to mitigate the DBA is more critical than protecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG. Currently, DG emergency automatic trips are tested periodically per the station periodic maintenance program.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is not normally performed in MODE 1 or 2, but it may be performed in conjunction with periodic preplanned preventative maintenance activity that causes the DG to be inoperable. This is acceptable provided that performance of the SR does not increase the time the DG would be inoperable for the preplanned preventative maintenance activity.

SR 3.8.1.14 Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.9, requires demonstration that the DGs can start and run continuously at full load capability for an interval of not less than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> of which is at a load equivalent from 105% to 110% of the continuous duty rating and the remainder of the time at a load equivalent to the continuous duty rating of the DG. The DG starts for this Surveillance can be performed either from standby or hot conditions. The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual loading, discussed in SR 3.8.1.3, are applicable to this SR.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-24 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

This Surveillance is performed with the DG connected to its bus in parallel with offsite power supply. The DG is tested under maximum kVAR loading, which is defined as being as close to design basis conditions as practical subject to offsite power conditions. Design basis conditions have been calculated to be greater than 0.9 power factor. During DG testing, equipment ratings are not to be exceeded (i.e., without creating an overvoltage condition on the DG or 4 kV emergency buses, over-excitation in the generator, or overloading the DG emergency feeder while maintaining the power factor greater than or equal to 0.9).

The load band is provided to avoid routine overloading of the DG.

Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This Surveillance is modified by two Notes. Note 1 states that momentary transients due to changing bus loads do not invalidate this test. Note 2 allows gradual loading of the DG in accordance with recommendation from the manufacturer.

This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency within 11 seconds. The 11 second time is derived from the requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more frequent teardown inspections in accordance with vendor

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-25 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued) recommendations in order to maintain DG OPERABILITY. The requirement that the diesel has operated for at least 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> at full load conditions prior to performance of this Surveillance is based on manufacturer recommendations for achieving hot conditions. Momentary transients due to changing bus loads do not invalidate this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing.

SR 3.8.1.16 As required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.11, this Surveillance ensures that the manual synchronization and automatic load transfer from the DG to the offsite source can be made and the DG can be returned to standby operation when offsite power is restored. It also ensures that the autostart logic is reset to allow the DG to reload if a subsequent loss of offsite power occurs. The DG is considered to be in standby operation when the DG is at rated speed and voltage, the output breaker is open and can receive an autoclose signal on bus undervoltage, and the load sequence timers are reset.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems.

SR 3.8.1.17 Demonstration of the test mode override ensures that the DG availability under accident conditions will not be compromised as the result of testing and the DG will automatically reset to standby operation if a LOCA actuation signal is received during operation in the test mode. Standby operation is defined as the DG running at rated speed and voltage with the DG output breaker open. These provisions for automatic switchover are required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.13. The requirement to automatically energize the emergency loads with offsite power is essentially identical to that of SR 3.8.1.12. The intent in the requirement associated with SR 3.8.1.17.b is to show that the emergency loading was not affected by the DG operation in test mode. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the emergency loads to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-26 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued)

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems.

SR 3.8.1.18 Under accident and loss of offsite power conditions loads are sequentially connected to the bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents. The load sequence time interval tolerance in Table 8-16 of Reference 2 ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF equipment time delays are not violated.

Table 8-1 of Reference 2 provides a summary of the automatic loading of ESF buses. The sequencing times of Table 8-16 are committed and required for OPERABILITY. The typical 1 minute loading duration seen by the accelerated sequencing scheme is NOT required for OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.19 In the event of a DBA coincident with a loss of offsite power, the DGs are required to supply the necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.

This Surveillance verifies the de-energization of the emergency buses, load shedding from the emergency buses, tripping of non-essential loads and energization of the emergency buses and ESF loads from the DG.

Tripping of non-essential loads is verified only once, either in this SR or in SR 3.8.1.12, since the same circuitry is tested in each SR. In lieu of actual demonstration of connection and loading of loads, testing that

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-27 Revision No. 115 SURVEILLANCE REQUIREMENTS (continued) adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations for DGs. The reason for Note 2 is that the performance of the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems.

SR 3.8.1.20 This Surveillance demonstrates that the DG starting independence has not been compromised. Also, this Surveillance demonstrates that each engine can achieve proper speed within the specified time when the DGs are started simultaneously.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

AC Sources-Operating B 3.8.1 BASES McGuire Units 1 and 2 B 3.8.1-28 Revision No. 115 REFERENCES

1.

10 CFR 50, Appendix A, GDC 17.

2.

UFSAR, Chapter 8.

3.

Regulatory Guide 1.9, Rev. 3, July 1993.

4.

UFSAR, Chapter 6.

5.

UFSAR, Chapter 15.

6.

10 CFR 50.36, Technical Specifications, (c)(2)(ii).

7.

Regulatory Guide 1.93, Rev. 0, December 1974.

8.

Generic Letter 84-15, "Proposed Staff Actions to Improve and Maintain Diesel Generator Reliability," July 2, 1984.

9.

10 CFR 50, Appendix A, GDC 18.

10.

Regulatory Guide 1.137, Rev. 1, October 1979.

11.

IEEE Standard 308-1971.

12.

Regulatory Guide 1.6, Rev. 0, March 1971.

13.

Regulatory Guide 1.8.1, Rev. 1, January 1975.