ML16028A096

From kanterella
Jump to navigation Jump to search

Emergency Core Cooling System Preferred Pump Logic, Common Accident Signal Logic, and Unit Priority Re-Trip Logic License Amendment Request
ML16028A096
Person / Time
Site: Browns Ferry  Tennessee Valley Authority icon.png
Issue date: 02/01/2016
From:
Tennessee Valley Authority
To:
Office of Nuclear Reactor Regulation
Saba F, NRR/DORL/LPLII-2, 415-1447
References
Download: ML16028A096 (52)
v  d  e


Text

Browns Ferry Nuclear Plant Units 1, 2, and 3 Emergency Core Cooling System Preferred Pump Logic, Common Accident Signal Logic, and Unit Priority Re-Trip Logic License Amendment Request February 1, 2016

Agenda

  • Introduction and Purpose

Preferred Pump Logic (PPL), Common Accident Signal (CAS) Logic, and Unit Priority Re-Trip Logic

  • Overview of Browns Ferry Nuclear Plant (BFN) License Amendment Request
  • Discussion of NRC Requested Information
  • Summary 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 2

Introduction

  • TVA requested a change to the BFN Units 1 and 2 Technical Specifications by Adding New Specification TS 3.3.8.3, "Emergency Core Cooling System Preferred Pump Logic, Common Accident Signal (CAS) Logic, and Unit Priority Re-Trip Logic," and the Unit 3 TS by adding New Specification TS 3.3.8.3, "Common Accident Signal (CAS) Logic and Unit Priority Re-Trip Logic" 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 3

Purpose

  • Provide overview of one-of-a-kind logic systems currently installed at BFN for controlling electrical loads
  • Provide overview of the BFN License Amendment Request (LAR)
  • Discuss draft NRC requests for information to ensure TVA fully understands the scope of information requested 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 4

Overview of Associated Logic - History

  • Original Design Basis
  • BFN Safety Evaluation Report (SER) Supplement No. 4 stated that the system shall have the capability to provide emergency power to accommodate any combination of accident signals (real or spurious), in all three units, in any order (real followed by spurious or spurious followed by real) without operator action for the short term (0-10 minutes). SER Supplement No. 4 further stated that a spurious accident signal is considered to be a single failure.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 5

Overview of Associated Logic - History (continued)

  • Initial BFN Units 1, 2 and 3 Startup and Operation
  • Identification of Accident Initiation Logic Design Deficiencies
  • Unit 2 Re-Start
  • Unit 3 Re-Start - Addition of the Unit Priority Re-Trip Logic
  • Adoption of the SAFER/GESTR-LOCA methodology
  • Unit 1 Re-Start - Modification of the ECCS PPL and CAS Logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 6

Overview of Associated Logic - CAS

  • The purpose or overall function of the CAS Logic

- Accident with normal power available - Place the electrical distribution system in an analyzed reliable alignment and facilitate the transfer of the 4kV Shutdown Boards to alternate offsite power supplies as required (helps ensure compliance with GDC 17)

- Accident with a complete loss of offsite power - Maximize the reliability of the onsite diesel generators (DGs) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 7

Overview of Associated Logic - CAS (continued)

  • There are two CAS systems: Unit 1/2 and Unit 3, each with two redundant divisions

- Unit 1/2 CASA and CASB - interfaces with the Unit 1/2 electrical distribution system and DGs

- Unit 3 CASA and CASB - interfaces with the Unit 3 electrical distribution system and DGs

  • An accident signal from any unit will initiate both the Unit 1/2 and Unit 3 CAS systems 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 8

Overview of Associated Logic - CAS (continued)

  • The common accident signal logic (CASA and CASB) performs the following:

- sends a signal to start all eight DGs for Unit 1/2 and Unit 3

- trips the DG output breakers (if closed)

- defeats selected DG protective trips

- blocks the 4kV Shutdown Board auto transfer logic

- blocks the 4kV degraded voltage trips

- starts the RHR Service Water (RHRSW) (aligned to EECW) pumps and blocks subsequent RHRSW (aligned to EECW) pump start signal

- trips the RHRSW pumps A2 and C2

- trips the Raw Cooling Water (RCW) pump 1D

- trips and blocks the fire pumps A, B, and C auto start logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 9

Overview of Associated Logic - Pre-Accident Signal (PAS)

  • This feature anticipates an event and provides a redundant (to the CAS logic) signal that starts all eight DGs for Unit 1/2 and Unit 3 so that they are ready for electrical loading when required by the load sequencing logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 10

Overview of Associated Logic - PAS (continued)

  • The PAS functions are separated between two PAS systems: Unit 1/2 and Unit 3, each with two redundant divisions

- Unit 1/2 PASA and PASC

- Unit 3 PASA and PASC

  • An accident signal from any unit will initiate both the Unit 1/2 and Unit 3 PAS systems 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 11

Overview of Associated Logic - Unit Priority Re-Trip

  • Added to support Unit 3 re-start
  • Initiated from the RHR initiation logic - Low reactor vessel water level signal or high drywell pressure signal coincident with low reactor pressure signals
  • The Unit Priority Re-Trip logic trips the DG output breakers (if running) to shed any running loads off the DGs to allow the following ECCS pumps to properly sequence onto the DGs

- RHR pumps

- Core Spray Pumps

- EECW pumps 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 12

Overview of Associated Logic - Unit Priority Re-Trip (continued)

  • Subsequent DG trips are blocked by the CAS logic.
  • If the DGs were already running and loaded from an accident signal from the opposite unit, a second accident signal would attempt to start an RHR pump on a DG already loaded with an EECW pump.
  • The Unit Priority Re-Trip Logic removes the trip signal block in the CAS logic and allows the CAS logic to re-trip the DG breaker on the unit with the second accident signal.
  • This sheds any running loads from the DGs with the second accident signal to allow the ECCS pumps to properly sequence onto the DGs.
  • Subsequent DG trips are again blocked by the CAS logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 13

Overview of Associated Logic - Unit 1/2 ECCS PPL

  • Real and Spurious Accident Signal in Units 1/2 (two accident signals)

- Assigns Division I RHR and Core Spray Pumps to Unit 1

- Assigns Division II RHR and Core Spray Pumps to Unit 2

- Performs the same function with or without a loss of offsite power

- Blocks the manual restart of the pumps for 60 seconds

- After 60 seconds the pumps may be manually restarted 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 14

Overview of Associated Logic - Unit 1/2 ECCS PPL (continued)

  • Real Accident Signal in Unit 1 or Unit 2 (one accident signal),

with RHR or Core Spray Pumps running in the non-accident unit (e.g., RHR pumps running for shutdown cooling)

- Trips any running RHR or Core Spray pumps in the non-accident unit

- Allows the accident unit to start both divisions of RHR and Core Spray pumps to mitigate the accident

- Performs the same function with or without a loss of offsite power

- Blocks the manual restart of the pumps in the non-accident unit for 60 seconds

- After 60 seconds the pumps in the non-accident unit may be manually restarted 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 15

Overview of BFN LAR - ECCS PPL

  • There are two divisions of ECCS PPL, each consisting of two channels: an LPCI channel and a Core Spray channel
  • ECCS PPL receives inputs from Core Spray Functions 1a, 1b, and 1c and LPCI Functions 2a, 2b, and 2c as listed on TS Table 3.3.5.1-1 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 16

Overview of BFN LAR - ECCS PPL

- Two divisions of ECCS PPL be operable in Modes 1, 2, and 3

- The division(s) of ECCS PPL required to be operable during operation in Modes 4 and 5 is dependent on the configuration of the RHR or Core Spray pumps required to be operable, or in operation 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 17

Overview of BFN LAR - ECCS PPL

  • In the event that the Required Action and associated Completion Time of proposed Condition A are not met during operation in Mode 1, 2, or 3, proposed Condition D requires placing the affected unit in Mode 3 within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> and Mode 4 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 18

Overview of BFN LAR - ECCS PPL

  • Proposed Condition E is entered in the event that the Required Action and associated Completion Time of proposed Condition A is not met during operation in Mode 4 or 5 with the opposite unit (Unit 1 or Unit 2) in Mode 1, 2, or 3. Proposed Condition E requires declaring the associated ECCS components inoperable immediately.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 19

Overview of BFN LAR - ECCS PPL

  • Proposed SR 3.3.8.3.1 requires performance of a Logic Systems Functional Test once per 24 months for the ECCS PPL.

- Note 1 allows entry into the associated Conditions and Required Actions to be delayed for up to six hours when a division is placed in an inoperable status solely for the performance of required surveillance testing, provided the associated redundant division is operable.

- Note 2 states that breakers associated with the other unit (Unit 1 or Unit 2) are not required to actuate for proper completion of the Surveillance.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 20

Overview of BFN LAR - CAS Logic

- Relocated to proposed TS 3.3.8.3 LCO

  • Current TS 3.8.1, Applicability is MODES 1, 2, and 3

- Relocated to proposed TS 3.3.8.3 Applicability 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 21

Overview of BFN LAR - CAS Logic

  • From TS 3.8.1, Actions Table D. One division of common D.1 Restore required division of 7 days accident signal logic common accident signal logic inoperable. to OPERABLE status.
  • Relocated to TS 3.3.8.3, Condition B (Units 1 and 2) and Condition A (Unit 3)

I. Required Action and I.1 Be in MODE 3. 12 Hours Associated Completion Time of Condition A, B, C, AND D, E, F, or H not met.

I.2 Be in MODE 4. 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />

  • Relocated to TS 3.3.8.3, Condition D (Units 1 and 2) and Condition C (Unit 3) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 22

Overview of BFN LAR - CAS Logic

  • From TS 3.8.1, Actions Table (continued)

J. One or more required offsite J.1 Enter LCO 3.0.3. Immediately circuits and two or more Unit 1 and 2 DGs inoperable.

OR Two required offsite circuits and one or more Unit 1 and 2 DGs inoperable.

OR Two divisions of 480 V load shed logic inoperable.

OR Two divisions of common accident signal logic inoperable.

  • Entry condition for two divisions of CAS inoperable relocated to TS 3.3.8.3, Condition F (Units 1 and 2) and Condition D (Unit 3) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 23

Overview of BFN LAR - CAS Logic

  • From Current TS 3.3.5.1 Surveillance Requirements Table SR 3.3.5.1.6 Perform LOGIC SYSTEM 24 months FUNCTIONAL TEST
  • Proposed SR 3.3.8.3.1 requires performance of a Logic Systems Functional Test once per 24 months for the CAS Logic.
  • Proposed SR 3.3.8.3.1 is modified by two notes (for Units 1 and 2). Only Note 1 applies to CAS Logic. SR 3.3.8.3.1 is modified by one note for Unit 3.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 24

Overview of BFN LAR - CAS Logic Proposed SR 3.3.8.3.1 (continued)

  • The applicable note allows entry into the associated Conditions and Required Actions to be delayed for up to six hours when a division is placed in an inoperable status solely for the performance of required surveillance testing, provided the associated redundant division is operable.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 25

Overview of BFN LAR - Unit Priority Re-Trip Logic

  • Unit Priority Re-Trip Logic is described in the current Bases for TS 3.8.1.
  • Unit Priority Re-Trip Logic requires an existing CAS for actuation.
  • Explicit requirements for Unit Priority Re-Trip Logic are not provided in the current TS.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 26

Overview of BFN LAR - Unit Priority Re-Trip Logic

  • As Unit Priority Re-Trip Logic works in conjunction with CAS, the associated requirements should be consistent with those for CAS Logic as provided in the proposed TS 3.3.8.3.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 27

Overview of BFN LAR - Related Changes

  • Units 1 and 2

- Footnote (b) revised to include ECCS PPL

- New Footnote (f) assigned to Functions 2.a, 2.b, and 2.c for ECCS PPL and Unit Priority Re-Trip Logic.

  • Unit 3

- New Footnote (g) assigned to Functions 2.a, 2.b, and 2.c for Unit Priority Re-Trip Logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 28

Overview of BFN LAR - PRA

  • PRA evaluation performed to determine the change in core damage frequency and large early release frequency for an increase in Completion Time for the ECCS PPL (from 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to seven days), and adding a Completion Time for CAS Logic and Unit Priority Re-Trip Logic for seven days.
  • Evaluation Applicable to BFN Units 1 and 2 only
  • Unit 3 does not utilize preferred pump logic so no PPL-related changes were made to the Unit 3 model.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 29

Overview of BFN LAR - PRA Method of Analysis

  • Evaluation was performed based on the three-tiered approach provided by RG 1.177
  • The PRA model that was used to perform analysis meets the RG 1.200, Revision 2 technical adequacy
  • BFN Internal Events PRA Revision 6 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 30

Overview of BFN LAR - PRA ECCS PPL Modeling

  • ECCS PPL logic is required in the PRA for the following initiating events because these events require two pumps on a single 4Kv Shutdown Board:
1. Large or medium Loss of Coolant Accidents (LOCAs)
2. Small LOCAs (including Inadvertently Open Relief Valves (IORV))

along with loss of HPCI and RCIC

3. Main steam line or feedwater line breaks outside containment.
  • Other internal initiating events and external initiating events are not affected by the preferred pump logic, because these are the only initiators that activate the preferred pump logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 31

Overview of BFN LAR - PRA Model Changes for the Evaluation

  • The PRA Model of Record (MOR) currently models the preferred pump logic unavailability assuming a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />; the model was modified to account for the Completion Time of seven days (unavailability changed from 2.74E-3 to 1.92E-2)
  • The current MOR does not model CAS or Unit Priority Re-Trip Logic explicitly; the model does take into account the effects of a CAS or Unit Priority Re-Trip failure 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 32

Overview of BFN LAR - PRA Results for Internal Events

  • The changes in Core Damage Frequency (CDF) and Large Early Release Fraction (LERF) fall below a small change as suggested in RG 1.174 of 1E-6 for Delta CDF and 1E-7 for Delta LERF Baseline CDF/LERF per year Delta Parameter CDF/LERF (Baseline Model Plus CDF/LERF per year ECCS PPL Failures)

Unit 1 CDF 6.06E-06 6.06E-06 negligible Unit 2 CDF 5.25E-06 5.25E-06 negligible Unit 1 LERF 1.07E-06 1.07E-06 negligible Unit 2 LERF 1.02E-06 1.02E-06 negligible 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 33

Overview of BFN LAR - PRA External Events

  • Fire scenarios were examined using the draft BFN Fire PRA FRANX model. The fire model considers spurious operation of the PPL logic, but not unavailability. Adding unavailability to the fire logic could potentially remove the spurious operation which would actually decrease total CDF/LERF.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 34

Overview of BFN LAR - PRA External Events (continued)

  • The mean annual frequency of exceedance for a safe shutdown earthquake at BFN is 5.26E-5. The probability of an SSE occurring during the seven day (0.0192 years) period of the ECCS PPL Completion Time is 1.01E-6. There is a very small probability of having a safe shutdown earthquake concurrent with the ECCS PPL being out of service, which is:

1.92E-2*1.01E-6=1.94E-8.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 35

Discussion of NRC Requested Information EICB-RAI-1 The LAR describes that Core Spray System is initiated by sensors and relays based on low reactor water level (Level 1 setpoint) or high drywell pressure coincident with low reactor pressure. These same sensors and relays are used to initiate the Common Accident Signal (CAS) and the LAR references the Updated Final Safety Analysis Report (UFSAR) Section 7.4. One of the functions of the CAS is to send a signal to start all eight Unit 1, 2, and 3 diesel generators (DGs). The UFSAR (BTN 25; Page 7.4-18) also refers formally to a signal labeled Pre-Accident Signal (note all first letters are capitalize giving the impression this is a specific signal) that is generated by low reactor water level (Level 1 setpoint) or high drywell pressures and sends a signal to start all eight Unit 1, 2, and 3 DGs. The use of the Pre-Accident Signal term was not discussed in the LAR. Is this Pre-Accident Signal a separate duplicate signal and part of the logic system?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 36

Discussion of NRC Requested Information EICB-RAI-2 The LAR describes three logic systems (ECCS Preferred Pump Logic (PPL), the Common Accident Signal (CAS) Logic, and the Unit Priority Re-Trip Logic (UPRTL) that currently exist and are used to help protect from overloading the 4KV shutdown boards and their associated DG during the startup of necessary emergency core cooling systems (ECCS) during an emergency. The CAS Logic is currently included in BFN technical specification LCOs. The Unit Priority Re-Trip Logic is mentioned in the BASES. The ECCS Preferred Pump Logic was not explicitly included in the current TS Table 3.3.5.1 or the current TS Bases approved by the NRC. The ECCS Preferred Pump Logic and Unit Priority Re-Trip Logic are added by this LAR. The logic schemes are complex and some of the logic figures in UFSAR Chapter 7 and 8 illustrating them are difficult to read.

A readable logic diagrams of the three logic systems are needed, especially in support of the review of the PRA justification for repair completion times.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 37

Discussion of NRC Requested Information EICB-RAI-3 The LAR describes that with an accident signal present in both Units 1 and 2 (one real and one spurious), the ECCS Preferred Pump Logic dedicates RHR pumps 1A and 1C to Unit 1 and pumps 2B and 2D to Unit 2. The Division I Core Spray pumps 1A and 1C are dedicated to Unit 1, while the Division II pumps 2B and 2D are dedicated to Unit 2. These are considered the preferred pumps. The non-preferred pumps, Unit 1 Division II and Unit 2 Division I, will be tripped if running and will be blocked from automatically starting. The opposite unit RHR pumps that are tripped by the ECCS Preferred Pump Logic are locked out from manually re-starting for 60 seconds. This same time delay is also applied to the Core Spray pumps. If one of the preferred pumps becomes inoperable, is the strategy for the reactor operators to start a replacement manually OR is there additional logic that would bring on a replacement pump automatically from the non-preferred pumps?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 38

Discussion of NRC Requested Information EICB-RAI-4 The LAR proposes TS changes in Table 3.3.5.1-1 for BFN Unit 1 and 2 for Function 1a, 1b, 1c, for Core Spray by revising the Note (b) to state, ECCS Preferred Pump Logic and Common Accident Signal Logic. Refer to LCO 3.3.8.3." However, Function 2a, 2b, 2c, for Low Pressure Coolant Injection (LPCI) System adds a note (f) to state, (f) Channels affect ECCS Preferred Pump Logic and Unit Priority Re-trip Logic. Refer to LCO 3.3.8.3, Emergency Core Cooling System (ECCS) Preferred Pump, Common Accident Signal (CAS),

and Unit Priority Re-Trip Logic." It is not clear why the Core Spray and LPCI do not both affect the same logic systems with the same initiation signals.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 39

Discussion of NRC Requested Information EICB-RAI-5 In the proposed new TS 3.3.8.3 for BFN Unit 1 and 2, the SR 3.3.8.3.1 states in part, Perform LOGIC SYSTEM FUNCTIONAL TEST. Why would this not specifically list the three logic systems being tested by name in the same manner as the LCO 3.3.8.3 as, Perform LOGIC SYSTEM FUNCTIONAL TEST for each FUNCTION in Table 3.3.8.3-1. so there is no ambiguity?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 40

Discussion of NRC Requested Information EICB-RAI-6 In the LAR under Section 4.1, System Description, under Unit Priority Re-Trip Logic, the first sentence states, Following an initiation of a CAS on either Unit 2 or Unit 3 (which trips all eight DG output breakers), subsequent accident signal trips of the DG output breakers are blocked. Considering the twin like relationship between BFN Unit 1 and 2, should this actually state something to the effect, Following an initiation of a CAS on either Unit 2 or Unit 3, or either Unit 1 or Unit 3 (either combination which will trip all eight DG output breakers),

subsequent accident signal trips of the DG output breakers are blocked?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 41

Discussion of NRC Requested Information EICB-RAI-7 The BACKGROUND in the BASES for the new TS 3.3.8.3 for BFN Unit 1 {Page B 3.3-275; Page 117 of the LAR} it states, In the event of an accident signal in either Unit 1 or Unit 2, all of the ECCS equipment associated with the accident unit will start, and The diesel generators and Standby AC Power System are designed to accommodate spurious accident signals from any unit and in any order, real followed by a spurious signal, real coincident with a spurious signal, and spurious followed by a real accident signal. If the ECCS loads for both Units 1 and 2 were allowed to start during combinations of real and spurious accident signals, the combined Unit 1/2 ECCS pumps would overload the 4KV shutdown boards and their associated diesel generators. In CONDITION B and C, when one of the two logic division is inoperable (there are 2 CAS logic division and two Unit Priority Re-Trip Logic, divisions) COMPLETION TIME to repair is 7 days, justified by the fact the other division is available. In CONDITION A, both divisions of ECCS Preferred Pump Logic can be INOPERABLE with up to 7 days to restore in which time there is no automatic logic and, from BFN own BASES the plant is at risk of overload(ing) the 4KV shutdown boards and their associated diesel generators. Provide a justification why CONDITION A should not be the same as CONDITION B AND C and allow only one INOPERABLE ECCS Preferred Pump Logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 42

Discussion of NRC Requested Information - PRA

  • Systems Overview and Dependencies

- ECCS Preferred Pump Logic (PPL), including PPL DC dependency

- Common Accident Signal (CAS)

- Unit Priority Re-trip Logic (UPRTL) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 43

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts

- TS LCO 3.3.8.3 Condition A states: One or more required ECCS Preferred Pump Logic divisions inoperable. In the context of Condition A which pertains to one or more PPL division inoperable discuss:

1. Equipment impacted by PPL inoperable.
2. Impact of capability to load equipment on the first CAS given PPL inoperable, and any differences considering the accident and non-accident unit.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 44

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts (continued)
3. Impact on capability to load the emergency bus due to a UPRTL when a second accident signal is received, given PPL inoperable, and any differences considering the accident and non-accident unit.
4. The LAR had identified a previous sequencing concern which had applicability to both emergency power and offsite power. PPL inoperablilty and whether or not its unavailability could place the plant into a previous condition in which the emergency bus cannot be loaded, and any differences considering the accident and non-accident unit.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 45

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts (continued)
5. Impact on capability to load a bus given 1) PPL inoperable, and 2) other loads out of service for maintenance which would have been loaded onto the bus for an accident signal.
6. Significance of the 60 second time delay given PPL inoperable.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 46

Discussion of NRC Requested Information - PRA (continued)

1. TS LCO 3.3.8.3 Condition A risk evaluation including PRA modeling and assumptions.
2. Why TS LCO 3.3.8.3 Condition C, One Unit Priority Re-Trip Logic division inoperable, does not appear to be evaluated for risk.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 47

Discussion of NRC Requested Information

  • Please clarify whether single or multiple (simultaneous, e.g.,

one spurious accident and one EDG fail) failures of EDGs have been considered and analyzed for Browns Ferry Units 1, 2, and 3. If multiple failures have been considered and analyzed, please respond to the following questions.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 48

Discussion of NRC Requested Information

  • Assuming loss of offsite power (LOOP) and loss of one of the EDG, please provide summary of latest calculations showing the maximum loading of all eight EDGs of 3-unit plant, expected for first 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> during various time intervals (such as 0-10 minutes; 10 minutes-2 hours, 2-hours to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />),

under the following scenarios:

1. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG A, followed by spurious accident in Unit 2.
2. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG B, followed by spurious accident in Unit 2.
3. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG C, followed by spurious accident in Unit 2.
4. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG D, followed by spurious accident in Unit 2.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 49

Discussion of NRC Requested Information

  • In the calculations, please show major safety-related loads considered during various time intervals. Confirm that the remaining safety-related equipment would meet the accident analysis.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 50

Comments/Questions?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 51

Browns Ferry Nuclear Plant Units 1, 2, and 3 Emergency Core Cooling System Preferred Pump Logic, Common Accident Signal Logic, and Unit Priority Re-Trip Logic License Amendment Request February 1, 2016

Agenda

  • Introduction and Purpose

Preferred Pump Logic (PPL), Common Accident Signal (CAS) Logic, and Unit Priority Re-Trip Logic

  • Overview of Browns Ferry Nuclear Plant (BFN) License Amendment Request
  • Discussion of NRC Requested Information
  • Summary 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 2

Introduction

  • TVA requested a change to the BFN Units 1 and 2 Technical Specifications by Adding New Specification TS 3.3.8.3, "Emergency Core Cooling System Preferred Pump Logic, Common Accident Signal (CAS) Logic, and Unit Priority Re-Trip Logic," and the Unit 3 TS by adding New Specification TS 3.3.8.3, "Common Accident Signal (CAS) Logic and Unit Priority Re-Trip Logic" 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 3

Purpose

  • Provide overview of one-of-a-kind logic systems currently installed at BFN for controlling electrical loads
  • Provide overview of the BFN License Amendment Request (LAR)
  • Discuss draft NRC requests for information to ensure TVA fully understands the scope of information requested 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 4

Overview of Associated Logic - History

  • Original Design Basis
  • BFN Safety Evaluation Report (SER) Supplement No. 4 stated that the system shall have the capability to provide emergency power to accommodate any combination of accident signals (real or spurious), in all three units, in any order (real followed by spurious or spurious followed by real) without operator action for the short term (0-10 minutes). SER Supplement No. 4 further stated that a spurious accident signal is considered to be a single failure.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 5

Overview of Associated Logic - History (continued)

  • Initial BFN Units 1, 2 and 3 Startup and Operation
  • Identification of Accident Initiation Logic Design Deficiencies
  • Unit 2 Re-Start
  • Unit 3 Re-Start - Addition of the Unit Priority Re-Trip Logic
  • Adoption of the SAFER/GESTR-LOCA methodology
  • Unit 1 Re-Start - Modification of the ECCS PPL and CAS Logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 6

Overview of Associated Logic - CAS

  • The purpose or overall function of the CAS Logic

- Accident with normal power available - Place the electrical distribution system in an analyzed reliable alignment and facilitate the transfer of the 4kV Shutdown Boards to alternate offsite power supplies as required (helps ensure compliance with GDC 17)

- Accident with a complete loss of offsite power - Maximize the reliability of the onsite diesel generators (DGs) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 7

Overview of Associated Logic - CAS (continued)

  • There are two CAS systems: Unit 1/2 and Unit 3, each with two redundant divisions

- Unit 1/2 CASA and CASB - interfaces with the Unit 1/2 electrical distribution system and DGs

- Unit 3 CASA and CASB - interfaces with the Unit 3 electrical distribution system and DGs

  • An accident signal from any unit will initiate both the Unit 1/2 and Unit 3 CAS systems 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 8

Overview of Associated Logic - CAS (continued)

  • The common accident signal logic (CASA and CASB) performs the following:

- sends a signal to start all eight DGs for Unit 1/2 and Unit 3

- trips the DG output breakers (if closed)

- defeats selected DG protective trips

- blocks the 4kV Shutdown Board auto transfer logic

- blocks the 4kV degraded voltage trips

- starts the RHR Service Water (RHRSW) (aligned to EECW) pumps and blocks subsequent RHRSW (aligned to EECW) pump start signal

- trips the RHRSW pumps A2 and C2

- trips the Raw Cooling Water (RCW) pump 1D

- trips and blocks the fire pumps A, B, and C auto start logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 9

Overview of Associated Logic - Pre-Accident Signal (PAS)

  • This feature anticipates an event and provides a redundant (to the CAS logic) signal that starts all eight DGs for Unit 1/2 and Unit 3 so that they are ready for electrical loading when required by the load sequencing logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 10

Overview of Associated Logic - PAS (continued)

  • The PAS functions are separated between two PAS systems: Unit 1/2 and Unit 3, each with two redundant divisions

- Unit 1/2 PASA and PASC

- Unit 3 PASA and PASC

  • An accident signal from any unit will initiate both the Unit 1/2 and Unit 3 PAS systems 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 11

Overview of Associated Logic - Unit Priority Re-Trip

  • Added to support Unit 3 re-start
  • Initiated from the RHR initiation logic - Low reactor vessel water level signal or high drywell pressure signal coincident with low reactor pressure signals
  • The Unit Priority Re-Trip logic trips the DG output breakers (if running) to shed any running loads off the DGs to allow the following ECCS pumps to properly sequence onto the DGs

- RHR pumps

- Core Spray Pumps

- EECW pumps 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 12

Overview of Associated Logic - Unit Priority Re-Trip (continued)

  • Subsequent DG trips are blocked by the CAS logic.
  • If the DGs were already running and loaded from an accident signal from the opposite unit, a second accident signal would attempt to start an RHR pump on a DG already loaded with an EECW pump.
  • The Unit Priority Re-Trip Logic removes the trip signal block in the CAS logic and allows the CAS logic to re-trip the DG breaker on the unit with the second accident signal.
  • This sheds any running loads from the DGs with the second accident signal to allow the ECCS pumps to properly sequence onto the DGs.
  • Subsequent DG trips are again blocked by the CAS logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 13

Overview of Associated Logic - Unit 1/2 ECCS PPL

  • Real and Spurious Accident Signal in Units 1/2 (two accident signals)

- Assigns Division I RHR and Core Spray Pumps to Unit 1

- Assigns Division II RHR and Core Spray Pumps to Unit 2

- Performs the same function with or without a loss of offsite power

- Blocks the manual restart of the pumps for 60 seconds

- After 60 seconds the pumps may be manually restarted 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 14

Overview of Associated Logic - Unit 1/2 ECCS PPL (continued)

  • Real Accident Signal in Unit 1 or Unit 2 (one accident signal),

with RHR or Core Spray Pumps running in the non-accident unit (e.g., RHR pumps running for shutdown cooling)

- Trips any running RHR or Core Spray pumps in the non-accident unit

- Allows the accident unit to start both divisions of RHR and Core Spray pumps to mitigate the accident

- Performs the same function with or without a loss of offsite power

- Blocks the manual restart of the pumps in the non-accident unit for 60 seconds

- After 60 seconds the pumps in the non-accident unit may be manually restarted 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 15

Overview of BFN LAR - ECCS PPL

  • There are two divisions of ECCS PPL, each consisting of two channels: an LPCI channel and a Core Spray channel
  • ECCS PPL receives inputs from Core Spray Functions 1a, 1b, and 1c and LPCI Functions 2a, 2b, and 2c as listed on TS Table 3.3.5.1-1 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 16

Overview of BFN LAR - ECCS PPL

- Two divisions of ECCS PPL be operable in Modes 1, 2, and 3

- The division(s) of ECCS PPL required to be operable during operation in Modes 4 and 5 is dependent on the configuration of the RHR or Core Spray pumps required to be operable, or in operation 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 17

Overview of BFN LAR - ECCS PPL

  • In the event that the Required Action and associated Completion Time of proposed Condition A are not met during operation in Mode 1, 2, or 3, proposed Condition D requires placing the affected unit in Mode 3 within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> and Mode 4 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 18

Overview of BFN LAR - ECCS PPL

  • Proposed Condition E is entered in the event that the Required Action and associated Completion Time of proposed Condition A is not met during operation in Mode 4 or 5 with the opposite unit (Unit 1 or Unit 2) in Mode 1, 2, or 3. Proposed Condition E requires declaring the associated ECCS components inoperable immediately.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 19

Overview of BFN LAR - ECCS PPL

  • Proposed SR 3.3.8.3.1 requires performance of a Logic Systems Functional Test once per 24 months for the ECCS PPL.

- Note 1 allows entry into the associated Conditions and Required Actions to be delayed for up to six hours when a division is placed in an inoperable status solely for the performance of required surveillance testing, provided the associated redundant division is operable.

- Note 2 states that breakers associated with the other unit (Unit 1 or Unit 2) are not required to actuate for proper completion of the Surveillance.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 20

Overview of BFN LAR - CAS Logic

- Relocated to proposed TS 3.3.8.3 LCO

  • Current TS 3.8.1, Applicability is MODES 1, 2, and 3

- Relocated to proposed TS 3.3.8.3 Applicability 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 21

Overview of BFN LAR - CAS Logic

  • From TS 3.8.1, Actions Table D. One division of common D.1 Restore required division of 7 days accident signal logic common accident signal logic inoperable. to OPERABLE status.
  • Relocated to TS 3.3.8.3, Condition B (Units 1 and 2) and Condition A (Unit 3)

I. Required Action and I.1 Be in MODE 3. 12 Hours Associated Completion Time of Condition A, B, C, AND D, E, F, or H not met.

I.2 Be in MODE 4. 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />

  • Relocated to TS 3.3.8.3, Condition D (Units 1 and 2) and Condition C (Unit 3) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 22

Overview of BFN LAR - CAS Logic

  • From TS 3.8.1, Actions Table (continued)

J. One or more required offsite J.1 Enter LCO 3.0.3. Immediately circuits and two or more Unit 1 and 2 DGs inoperable.

OR Two required offsite circuits and one or more Unit 1 and 2 DGs inoperable.

OR Two divisions of 480 V load shed logic inoperable.

OR Two divisions of common accident signal logic inoperable.

  • Entry condition for two divisions of CAS inoperable relocated to TS 3.3.8.3, Condition F (Units 1 and 2) and Condition D (Unit 3) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 23

Overview of BFN LAR - CAS Logic

  • From Current TS 3.3.5.1 Surveillance Requirements Table SR 3.3.5.1.6 Perform LOGIC SYSTEM 24 months FUNCTIONAL TEST
  • Proposed SR 3.3.8.3.1 requires performance of a Logic Systems Functional Test once per 24 months for the CAS Logic.
  • Proposed SR 3.3.8.3.1 is modified by two notes (for Units 1 and 2). Only Note 1 applies to CAS Logic. SR 3.3.8.3.1 is modified by one note for Unit 3.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 24

Overview of BFN LAR - CAS Logic Proposed SR 3.3.8.3.1 (continued)

  • The applicable note allows entry into the associated Conditions and Required Actions to be delayed for up to six hours when a division is placed in an inoperable status solely for the performance of required surveillance testing, provided the associated redundant division is operable.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 25

Overview of BFN LAR - Unit Priority Re-Trip Logic

  • Unit Priority Re-Trip Logic is described in the current Bases for TS 3.8.1.
  • Unit Priority Re-Trip Logic requires an existing CAS for actuation.
  • Explicit requirements for Unit Priority Re-Trip Logic are not provided in the current TS.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 26

Overview of BFN LAR - Unit Priority Re-Trip Logic

  • As Unit Priority Re-Trip Logic works in conjunction with CAS, the associated requirements should be consistent with those for CAS Logic as provided in the proposed TS 3.3.8.3.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 27

Overview of BFN LAR - Related Changes

  • Units 1 and 2

- Footnote (b) revised to include ECCS PPL

- New Footnote (f) assigned to Functions 2.a, 2.b, and 2.c for ECCS PPL and Unit Priority Re-Trip Logic.

  • Unit 3

- New Footnote (g) assigned to Functions 2.a, 2.b, and 2.c for Unit Priority Re-Trip Logic 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 28

Overview of BFN LAR - PRA

  • PRA evaluation performed to determine the change in core damage frequency and large early release frequency for an increase in Completion Time for the ECCS PPL (from 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to seven days), and adding a Completion Time for CAS Logic and Unit Priority Re-Trip Logic for seven days.
  • Evaluation Applicable to BFN Units 1 and 2 only
  • Unit 3 does not utilize preferred pump logic so no PPL-related changes were made to the Unit 3 model.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 29

Overview of BFN LAR - PRA Method of Analysis

  • Evaluation was performed based on the three-tiered approach provided by RG 1.177
  • The PRA model that was used to perform analysis meets the RG 1.200, Revision 2 technical adequacy
  • BFN Internal Events PRA Revision 6 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 30

Overview of BFN LAR - PRA ECCS PPL Modeling

  • ECCS PPL logic is required in the PRA for the following initiating events because these events require two pumps on a single 4Kv Shutdown Board:
1. Large or medium Loss of Coolant Accidents (LOCAs)
2. Small LOCAs (including Inadvertently Open Relief Valves (IORV))

along with loss of HPCI and RCIC

3. Main steam line or feedwater line breaks outside containment.
  • Other internal initiating events and external initiating events are not affected by the preferred pump logic, because these are the only initiators that activate the preferred pump logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 31

Overview of BFN LAR - PRA Model Changes for the Evaluation

  • The PRA Model of Record (MOR) currently models the preferred pump logic unavailability assuming a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />; the model was modified to account for the Completion Time of seven days (unavailability changed from 2.74E-3 to 1.92E-2)
  • The current MOR does not model CAS or Unit Priority Re-Trip Logic explicitly; the model does take into account the effects of a CAS or Unit Priority Re-Trip failure 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 32

Overview of BFN LAR - PRA Results for Internal Events

  • The changes in Core Damage Frequency (CDF) and Large Early Release Fraction (LERF) fall below a small change as suggested in RG 1.174 of 1E-6 for Delta CDF and 1E-7 for Delta LERF Baseline CDF/LERF per year Delta Parameter CDF/LERF (Baseline Model Plus CDF/LERF per year ECCS PPL Failures)

Unit 1 CDF 6.06E-06 6.06E-06 negligible Unit 2 CDF 5.25E-06 5.25E-06 negligible Unit 1 LERF 1.07E-06 1.07E-06 negligible Unit 2 LERF 1.02E-06 1.02E-06 negligible 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 33

Overview of BFN LAR - PRA External Events

  • Fire scenarios were examined using the draft BFN Fire PRA FRANX model. The fire model considers spurious operation of the PPL logic, but not unavailability. Adding unavailability to the fire logic could potentially remove the spurious operation which would actually decrease total CDF/LERF.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 34

Overview of BFN LAR - PRA External Events (continued)

  • The mean annual frequency of exceedance for a safe shutdown earthquake at BFN is 5.26E-5. The probability of an SSE occurring during the seven day (0.0192 years) period of the ECCS PPL Completion Time is 1.01E-6. There is a very small probability of having a safe shutdown earthquake concurrent with the ECCS PPL being out of service, which is:

1.92E-2*1.01E-6=1.94E-8.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 35

Discussion of NRC Requested Information EICB-RAI-1 The LAR describes that Core Spray System is initiated by sensors and relays based on low reactor water level (Level 1 setpoint) or high drywell pressure coincident with low reactor pressure. These same sensors and relays are used to initiate the Common Accident Signal (CAS) and the LAR references the Updated Final Safety Analysis Report (UFSAR) Section 7.4. One of the functions of the CAS is to send a signal to start all eight Unit 1, 2, and 3 diesel generators (DGs). The UFSAR (BTN 25; Page 7.4-18) also refers formally to a signal labeled Pre-Accident Signal (note all first letters are capitalize giving the impression this is a specific signal) that is generated by low reactor water level (Level 1 setpoint) or high drywell pressures and sends a signal to start all eight Unit 1, 2, and 3 DGs. The use of the Pre-Accident Signal term was not discussed in the LAR. Is this Pre-Accident Signal a separate duplicate signal and part of the logic system?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 36

Discussion of NRC Requested Information EICB-RAI-2 The LAR describes three logic systems (ECCS Preferred Pump Logic (PPL), the Common Accident Signal (CAS) Logic, and the Unit Priority Re-Trip Logic (UPRTL) that currently exist and are used to help protect from overloading the 4KV shutdown boards and their associated DG during the startup of necessary emergency core cooling systems (ECCS) during an emergency. The CAS Logic is currently included in BFN technical specification LCOs. The Unit Priority Re-Trip Logic is mentioned in the BASES. The ECCS Preferred Pump Logic was not explicitly included in the current TS Table 3.3.5.1 or the current TS Bases approved by the NRC. The ECCS Preferred Pump Logic and Unit Priority Re-Trip Logic are added by this LAR. The logic schemes are complex and some of the logic figures in UFSAR Chapter 7 and 8 illustrating them are difficult to read.

A readable logic diagrams of the three logic systems are needed, especially in support of the review of the PRA justification for repair completion times.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 37

Discussion of NRC Requested Information EICB-RAI-3 The LAR describes that with an accident signal present in both Units 1 and 2 (one real and one spurious), the ECCS Preferred Pump Logic dedicates RHR pumps 1A and 1C to Unit 1 and pumps 2B and 2D to Unit 2. The Division I Core Spray pumps 1A and 1C are dedicated to Unit 1, while the Division II pumps 2B and 2D are dedicated to Unit 2. These are considered the preferred pumps. The non-preferred pumps, Unit 1 Division II and Unit 2 Division I, will be tripped if running and will be blocked from automatically starting. The opposite unit RHR pumps that are tripped by the ECCS Preferred Pump Logic are locked out from manually re-starting for 60 seconds. This same time delay is also applied to the Core Spray pumps. If one of the preferred pumps becomes inoperable, is the strategy for the reactor operators to start a replacement manually OR is there additional logic that would bring on a replacement pump automatically from the non-preferred pumps?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 38

Discussion of NRC Requested Information EICB-RAI-4 The LAR proposes TS changes in Table 3.3.5.1-1 for BFN Unit 1 and 2 for Function 1a, 1b, 1c, for Core Spray by revising the Note (b) to state, ECCS Preferred Pump Logic and Common Accident Signal Logic. Refer to LCO 3.3.8.3." However, Function 2a, 2b, 2c, for Low Pressure Coolant Injection (LPCI) System adds a note (f) to state, (f) Channels affect ECCS Preferred Pump Logic and Unit Priority Re-trip Logic. Refer to LCO 3.3.8.3, Emergency Core Cooling System (ECCS) Preferred Pump, Common Accident Signal (CAS),

and Unit Priority Re-Trip Logic." It is not clear why the Core Spray and LPCI do not both affect the same logic systems with the same initiation signals.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 39

Discussion of NRC Requested Information EICB-RAI-5 In the proposed new TS 3.3.8.3 for BFN Unit 1 and 2, the SR 3.3.8.3.1 states in part, Perform LOGIC SYSTEM FUNCTIONAL TEST. Why would this not specifically list the three logic systems being tested by name in the same manner as the LCO 3.3.8.3 as, Perform LOGIC SYSTEM FUNCTIONAL TEST for each FUNCTION in Table 3.3.8.3-1. so there is no ambiguity?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 40

Discussion of NRC Requested Information EICB-RAI-6 In the LAR under Section 4.1, System Description, under Unit Priority Re-Trip Logic, the first sentence states, Following an initiation of a CAS on either Unit 2 or Unit 3 (which trips all eight DG output breakers), subsequent accident signal trips of the DG output breakers are blocked. Considering the twin like relationship between BFN Unit 1 and 2, should this actually state something to the effect, Following an initiation of a CAS on either Unit 2 or Unit 3, or either Unit 1 or Unit 3 (either combination which will trip all eight DG output breakers),

subsequent accident signal trips of the DG output breakers are blocked?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 41

Discussion of NRC Requested Information EICB-RAI-7 The BACKGROUND in the BASES for the new TS 3.3.8.3 for BFN Unit 1 {Page B 3.3-275; Page 117 of the LAR} it states, In the event of an accident signal in either Unit 1 or Unit 2, all of the ECCS equipment associated with the accident unit will start, and The diesel generators and Standby AC Power System are designed to accommodate spurious accident signals from any unit and in any order, real followed by a spurious signal, real coincident with a spurious signal, and spurious followed by a real accident signal. If the ECCS loads for both Units 1 and 2 were allowed to start during combinations of real and spurious accident signals, the combined Unit 1/2 ECCS pumps would overload the 4KV shutdown boards and their associated diesel generators. In CONDITION B and C, when one of the two logic division is inoperable (there are 2 CAS logic division and two Unit Priority Re-Trip Logic, divisions) COMPLETION TIME to repair is 7 days, justified by the fact the other division is available. In CONDITION A, both divisions of ECCS Preferred Pump Logic can be INOPERABLE with up to 7 days to restore in which time there is no automatic logic and, from BFN own BASES the plant is at risk of overload(ing) the 4KV shutdown boards and their associated diesel generators. Provide a justification why CONDITION A should not be the same as CONDITION B AND C and allow only one INOPERABLE ECCS Preferred Pump Logic.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 42

Discussion of NRC Requested Information - PRA

  • Systems Overview and Dependencies

- ECCS Preferred Pump Logic (PPL), including PPL DC dependency

- Common Accident Signal (CAS)

- Unit Priority Re-trip Logic (UPRTL) 02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 43

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts

- TS LCO 3.3.8.3 Condition A states: One or more required ECCS Preferred Pump Logic divisions inoperable. In the context of Condition A which pertains to one or more PPL division inoperable discuss:

1. Equipment impacted by PPL inoperable.
2. Impact of capability to load equipment on the first CAS given PPL inoperable, and any differences considering the accident and non-accident unit.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 44

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts (continued)
3. Impact on capability to load the emergency bus due to a UPRTL when a second accident signal is received, given PPL inoperable, and any differences considering the accident and non-accident unit.
4. The LAR had identified a previous sequencing concern which had applicability to both emergency power and offsite power. PPL inoperablilty and whether or not its unavailability could place the plant into a previous condition in which the emergency bus cannot be loaded, and any differences considering the accident and non-accident unit.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 45

Discussion of NRC Requested Information - PRA (continued)

  • PPL Outage Impacts (continued)
5. Impact on capability to load a bus given 1) PPL inoperable, and 2) other loads out of service for maintenance which would have been loaded onto the bus for an accident signal.
6. Significance of the 60 second time delay given PPL inoperable.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 46

Discussion of NRC Requested Information - PRA (continued)

1. TS LCO 3.3.8.3 Condition A risk evaluation including PRA modeling and assumptions.
2. Why TS LCO 3.3.8.3 Condition C, One Unit Priority Re-Trip Logic division inoperable, does not appear to be evaluated for risk.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 47

Discussion of NRC Requested Information

  • Please clarify whether single or multiple (simultaneous, e.g.,

one spurious accident and one EDG fail) failures of EDGs have been considered and analyzed for Browns Ferry Units 1, 2, and 3. If multiple failures have been considered and analyzed, please respond to the following questions.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 48

Discussion of NRC Requested Information

  • Assuming loss of offsite power (LOOP) and loss of one of the EDG, please provide summary of latest calculations showing the maximum loading of all eight EDGs of 3-unit plant, expected for first 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> during various time intervals (such as 0-10 minutes; 10 minutes-2 hours, 2-hours to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />),

under the following scenarios:

1. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG A, followed by spurious accident in Unit 2.
2. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG B, followed by spurious accident in Unit 2.
3. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG C, followed by spurious accident in Unit 2.
4. Loss-of-coolant accident (LOCA) in Unit 1 and loss of EDG D, followed by spurious accident in Unit 2.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 49

Discussion of NRC Requested Information

  • In the calculations, please show major safety-related loads considered during various time intervals. Confirm that the remaining safety-related equipment would meet the accident analysis.

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR l 50

Comments/Questions?

02/01/2016 - BFN ECCS PPL, CAS Logic, and Unit Priority Re-Trip Logic LAR 51

Retrieved from "https://kanterella.com/w/index.php?title=ML16028A096&oldid=2024588"