ML16207A584

From kanterella
Jump to navigation Jump to search
Revision 18 to Updated Safety Analysis Report, Q&R 8.1-1 Through Q&R 8.3-47
ML16207A584
Person / Time
Site: South Texas  STP Nuclear Operating Company icon.png
Issue date: 04/28/2016
From:
South Texas
To:
Office of Nuclear Reactor Regulation
Shared Package
ML16207A547 List: ... further results
References
NOC-AE-16003371
Download: ML16207A584 (60)
v  d  e


Text

STPEGS UFSAR Q&R 8.1-1 Revision 15 Question 430.3N

In Section 8.1.4.2 you state that automatic inoperability of a bypassed status indication for the safety-related systems is provided in the main control room. IEEE 279-1971 and Regulatory Guide 1.47 require that this bypass and inoperability indication be at the system level. Verify your compliance with this requirement and amend your FSAR accordingly.

Response Bypass and inoperable status indication is provided at the system level in accordance with Regulatory Guide (RG) 1.47. The 480 vac 30 ESF, 4160 vac 30 ESF, 125 vac Class 1E, and 125 vdc Class 1E busses are monitored for their inope rability via the specific Engin eered Safety Feature(s) (ESF) components and the ESF systems that these busses power.

STPEGS UFSAR Q&R 8.1-2 Revision 15 Question 430.73N

Incidents have occurred at nuclear power stations that indicate a deficiency in the electrical control

circuitry design. These incidents included the inadvertent disabling of a component by racking out the circuit breakers for a different component. As a result of these occurrences, we request that you perform a review of the electrical control circuits of all safety-related equipment at the plant, so as to assure that disabling of one component does not, through incorporation in other interlocking or sequencing controls, render other components inoperable. All modes of test, operation and failu re should be considered. Verify and state the

results of your review. Also your procedures should be reviewed to ensure they provide that, whenever a part of a redundant system is removed from service, the portion remaining in service is functionally tested immediately after the disabling of the affected portion. Veri fy that your procedures include the above cited provisions.

Response A review of control circuits has not indicated any deficiency in the electrical circuit design such that when a circuit breaker is racked out, it disables another component th at is interlocked with it. The subject review is performed continuo usly as part of the design proce ss to avoid such deficiencies.

STPEGS UFSAR Q&R 8.1-3 Revision 15 Question 430.108N

Staff's review of the FSAR is guided by the current revision of the applicable regulatory guides and the referenced standards. Tables 3.12-1 and 8.1-2 list old revisions of guides and standards for STPEGS compliance. Clearly identify the differe nces between STPEGS design and the requirements of the current revisions of the regulatory guides and the referenced standards listed below. Justify the differences.

Revision Listed Guide (Standard)

Current Revision in the Tables RG 1.9 Rev. 2 (12/79)

Rev. 0 (3/71)

RG 1.63 Rev. 2 (7/78)

Rev. 0 (10/73)

RG 1.75 Rev. 2 (9/78)

Rev. 1 (1/75)

IEEE Std 338 1975 - (incorp. by 1971 RG 1.118) IEEE Std 387 1977 - (incorp. by 1972 RG 1.9) Response Table 8.1-2 has been revised as shown:

RG 1.118 (IEEE 338-1977)

RG 1.9 (IEEE 387-1977)

Table 3.12-1 has been revised as shown:

RG 1.9, Rev. 2 (12/79), UFSAR Ref. Section 8.3.1.1.4.7, Status C RG 1.118, Rev. 2 (6/78), UFSAR Ref.

Table 8.1-2, Section 7.1.2.11, Status A The only substantive difference between Rev. 1 and Rev. 2 of RG 1.75 is the addition of the

following paragraph in Rev. 2: This guide addresses only some aspects of defense against the effects of fires. Additional criteria for protection against the effects of fires are prov ided in Regulatory Guide 1.120, "Fire Protection Guidelines for Nuclear Power Plants". STPEGS uses an alternate approach for RG 1.120 (fire protection); th e criteria used is specified in BTP APCSB 9.5-1 Appendix A. Compliance with RG 1.75, Rev. 2 is as stated in Sec tion 8.3.1.4, with exceptions as stated in Sections 7.1.2.2.1 and 8.3.1.4.4.14, items No. 6 and 8.

STPEGS UFSAR Q&R 8.1-4 Revision 15 Response (Continued)

The vendors have confirmed that the STPEGS electric penetration prototype tests were made in accordance with RG 1.63, Rev. 2. Also, all other aspect s of the STPEGS electric penetrations meet the requirements of RG 1.63, Rev. 2.

Regarding RG 1.9, the diesel generator (DG) protective trips are tagged by the Emergency Response Facilities (ERF) computer with a time, but time resolution provided ma y not be sufficient to identify the first trip as depicted by Rev. 2 of RG 1.9.

STPEGS UFSAR Q&R 8.1-5 Revision 15 Question 430.110N

Table 3.12-1 indicates the status of the following regulatory guides to be not applicable to STP design due to their implementation dates. Clearly id entify where and how the STP design is not in accordance with the positions of these regulatory guides and justify the deviations.

Regulatory Guide 1.118, Rev. 1, dated 11/77

Regulatory Guide 1.108, Rev. 1, dated 8/77

Regulatory Guide 1.128, Rev. 0, dated 4/77

Regulatory Guide 1.131, Rev. 0, dated 8/77 Response Note 69 to Table 3.12-1 indicates STPEGS conformance to Regulatory Guide (RG) 1.118. Note 40 to Table 3.12-1 explains that STPEGS will comply with RG 1.108 w ith the interpretations and exceptions presented in Section 8.3.1.2.10.

The "Status on STPEGS" of RG 1.128 as shown in Table 3.12-1 was revised to "A" (conform to guide). See also revised response to Q430.14N.

Note 24 to Table 3.12-1 and Section 3.11.2.2 have been revised as described in the response to Q430.109, regarding RG 1.131.

STPEGS UFSAR Q&R 8.2-1 Revision 15 Question 430.9N

In Section 8.2.2.1 you state that the grid will remain stable for loss of any two generators. The diagrams you provide for load flow results (Figures 8.2-6 through 8.2-9) do not show results for loss of both STPEGS generators. Update FSAR to include figure for loss of both STPEGS generators and discuss this effect on grid.

Response Figure 8.2-12 has been added to the FSAR to show th e effects of the loss of both STP Units 1 & 2 to the system grid.

STPEGS UFSAR Q&R 8.2-2 Revision 15 Question 430.10N

Define the facility's operating limits (real and reactive power, voltage fr equency and other) which have been established and provide a brief description as to how these limits were established. Also, describe the operating procedures or other provisions (presently pla nned) for assuring that the facility will be operated within these limits.

Response The operating limits of the facility are governed by the rating and operating mode of the limiting major component for power generation namely the reactor, the steam generator, the main turbine generator, or the generator step-up transformers.

Refer to Section 8.2.1.5 of the UFSAR for the ratings of the generator and the main step-up transformers. The main step-up transformer bank is sized to deliver, to the 345 kV utility grid system, the maximum generator power at design power factor, less the transformer bank losses and less the auxiliary pow er operating load. The operating limits are established on the basis of recommendations of Westinghouse Electric Corporation and STPNOC operating practices. The real power limit of the turbine generator unit is 1,329 MW. This limit is the maximum guaranteed net rating of the turbine when operating within the cycle defined by design steam conditions of 1,060 psia; 551.7°F; 0.050 percent moisture at the throttle, reheating to 521.7°F; 3.5 in. Hg abs at the exhaust, 0 percent makeup, with all six stages of feedwater heating in service, and extracting steam for steam generator feed pump turbines. The reactive power limits are shown on the reactive capability curves (MVAr vs MW). A copy of the Westinghouse Reactive Capability Curve is shown on Figure Q430.10N-1. It depicts the reactive power limits at rated voltage under different real power conditions at va rious power factors. The MVAr limits at 1,329 MW in the overexcite d and underexcited conditi ons are given below: MW MVAr Limits MVA 1,329 (Lagging P.F.)

1,493 680.0 Overexcited (Leading P.F.) 1,442 560.0 Underexcited The generator is capable of operation at its rated capacity with rated freque ncy, power factor, and gas pressure at any voltage not more than 5 pe rcent above or below ra ted voltage (25 kV).

HISTORICAL INFORMATION CN-2951 HISTORICAL INFORMATION CN-2951 STPEGS UFSAR Q&R 8.2-3 Revision 15 Response (Continued) During normal operation, the automatic voltage regulator and excitation system will maintain the voltage at its set value within the above limits. The frequency limits are determined by the turbine. Westinghouse recommended limits are 59.5 Hz and 60.5 Hz. The automatic analog electro-hydraulic control system of the turb ine with its load and speed control features maintain s the frequency within the above limits under normal operation. These limits will be included in the general operating procedures for power operation from 0 to 100 percent power. Applicable operating curves will be maintained in a plant curve book.

HISTORICAL INFORMATION CN-2951 HISTORICAL INFORMATION CN-2951 STPEGS UFSAR Q&R 8.2-4 Revision 15 Figure Q430.10N-1

STPEGS UFSAR Q&R 8.2-5 Revision 15 Question 430.106N

Section 8.2.III.4 of the SRP requires determination that all component/ equipmen t from and including the switchyard to the onsite Class 1E system are included in the quality assurance program. Confirm STPEGS design for compliance.

Response The switchyard and cable from th e switchyard to the various transformers; e.g., main, standby, and emergency, were installed, inspected, and tested according to standard HL&P practices. The component/equipment from the aforementioned transformers to the onsite Class 1E system were installed, inspected, and tested according to STPEGS Quality Assurance (QA) requirements for non-Class 1E components/equipment. Since the components/equipment discusse d above are not safety-related or "important to safety", the above complies with GDC 1. NUREG-0800, Section 8.2.III.4 was not applied for all of the offsite power system, but installed, inspected, a nd tested in accordance with standard utility high quality.

STPEGS UFSAR Q&R 8.2-6 Revision 15 Question 430.112N

The use of a generator breaker to provide immediate access offsite power to a Class 1E bus requires the design to follow the guidelines provided in Appendix A to the SRP Section 8.2. STPEGS design utilizes generator breaker to provide immediate access offsite power to one of the redundant Class 1E onsite distribution systems. Confirm that the STPEGS design follows the guidelines for the performance and capability tests specified in secti on B of the reference SRP. Describe the test program with results which demonstrate the breaker's ability to perform its intended function during various modes of operation as specified in the SRP guidelines.

Response In regard to specific guidelines of Appendix A, (Rev. 0, 7/83) to Standard Review Plan (SRP), Section 8.2 (Rev. 3, 7/83):

Item 1. The device is a circuit breaker capable of interrupting the maximum available fault current. Item 2. STPEGS has purchased Cogenel type PKG2C breakers. Unless noted otherwise test documents listed in a) through i) below have been performed on type PKG breakers with various voltage and current ratings. The Cogenel test meets the requiremen ts of Appendix A. The breaker will be tested every 18 months or less.

a) Dielectric withstand strength is documente d by Cogenel Type Test Report No. 1738A. The test documents comply with ANSI C37.09, but were completed prior to the issue of the 1979 version of the ANSI standard.

The test report is dated 1/20/76.

b) Load current switching capability is documented by Cogenel Type Test Report No.

2090A. c) Fault current interrupting capability is documented by Cogenel Report of Performance

Test No. 291-81A.

d) The rate of rise of recovery voltage (RRRV) is specified by Cogenel to be greater than 6 kV/microsecond. Justification that the system RRRV is less than circuit breaker RRRV will be provided.

e) Short term current carrying capability is documen ted by Cogenel Report of Performance Test No. 2283-74A. The test report is dated 4/29/74.

f) Momentary current carrying cability is documented by Cogenel Report of Performance Test No. 2945-78. Th e test report is dated 11/3/78.

g) The ability to interrupt magnetizing current of an unloaded station main and/or auxiliary transformer is documented by C ogenel Type Test Report No. 1720A. The test report is dated 11/24/75.

STPEGS UFSAR Q&R 8.2-7 Revision 15 Response (Continued) h) Thermal capability is documented by Cogenel Test Report No. HM51-02-806. The test was performed 3/15/78 to 3/17/78.

i) Mechanical operation test endurance is documented by Cogenel Type Test Report No.

1784A, dated May 1976 and Cogenel Endurance Test Report No. 314. The endurance test was performed 1/27/78 to 6/30/78. Item 3. Offsite power is availa ble independently of the generator breaker; manual realignment is required. (See response to Q430.111N.)

Selectivity in tripping between the generator breaker and the two associate switchyard breakers is maintained in that a separate set of relays is used for each function. Only unit differentials and ground fault detection are common. The unit differe ntial protection zone, includes the generator breaker and a short section of pl ant side isophase bus. Ground fault detection is provided by relaying on the generator neutral (trips ge nerator breaker) and on the isopha se bus section on the switchyard side of the generator breaker (trips switchyard).

The ground fault detectors are coordinated so that the generator neutral detector operates first. The remaining relays used for switchyard relaying are directional and do not operate for a fault on the plant side of the generator breaker. Item 4. This addresses load break switches and is not applicable to generator breakers.

STPEGS UFSAR Q&R 8.2-8 Revision 15 Question 430.113N

Figure 8.2-3 indicates that the standby transformers No. 1 and No. 2 are supplied from the switchyard north and south busses, respectively, through di sconnect switches which do not have fault interrupting capability. In order to isolate a fault in the standby transformers 1 or 2 or their associated cable, all the six breakers on the respective 345 kV switchyard bus will have to be automatically

opened. Analyze this condition and cer tify that the relay coordination is so designed as not to cause, directly or indirectly, tripping of the other 345 kV bus breakers and the generator bay middle breakers which may cause loss of power to the other standby transformer and unit auxiliary transformer through the main transformer.

Response The subject condition has been analyzed and it has been certified that the relay coordination will not trip, directly or indirectly, the south bus breakers for a fault on standby transformer no. 1 or other north bus faults. South bus protection is identical and likewise only the south bus breakers will trip. Generator bay middle breakers are no t directly tripped for faults on the standby transformers or other bus faults, but upon failure of the generator bus breakers to properly clear the fault, the middle breaker will trip to isolate the fa ult. Even upon loss of the unit, however, the standby transformer is tied to the opposite bus and remains energized. By using primary and back-up systems on the bus differential control schemes, each with respective DC station battery power supplies and separately wired trip coils, a high level of reliability can be attained. Attached are relay wiring diagrams illustrating this point and various examples of potential faults with associated sequence of events

summaries.

STPEGS UFSAR Question 040.5

Diesel generator alarms in the control room: A review of malfunction reports of diesel generators at operating nuclear plants has uncovered that in some cases the information available to the control room operator to indicate the operational status of the diesel generator may be imprecise and could lead to misinterpretation. This can be caused by the sharing of a single a nnunciator station to alarm conditions that render a diesel ge nerator unable to respond to an automatic emergency start signal and to also alarm abnormal, but not di sabling, conditions. Another cause can be the use of wording of an annunciator window that does not specifi cally say that a diesel generato r is inoperable (i.e., unable at the time to respond to an automatic emergency star t signal) when in fact it is inoperable for that purpose. Provide the alarm and control circui try logic for the diesel generators at your facility to determine how each condition that renders a diesel generator unable to respond to an automatic emergency start signal is alarmed in the control room. These cond itions include not only the trips that lock out the diesel-generator start and require manual reset, but also control switch or mode switch positions that block automatic start, loss of cont rol voltage, insufficient starting air pr essure or battery voltage, etc. This review should consider all aspects of possible diesel generator operational condition for example text conditions and operation from local control stations. One ar ea of particular concern is the unreset conditions following a manua l stop at the location station which terminates a diesel generator test and prior to resetting the diesel generator controls for enabling subsequent automatic operation.

Provide the details of your evalua tion, the results and conclusions, a nd a tabulation of the following information:

1. All conditions that render the diesel generator incapable of responding to an automatic emergency start signal for each operating mode as discussed above;
2. The wording on the annunciator window in the control room that is al armed for each of the conditions identified in (1);
3. Any other alarm signals not included in (1), a bove, that also cause the same annunciator to alarm; 4. Any condition that renders the diesel generator incapable of responding to an automatic emergency start signal which is not alarmed in the control room; and
5. Any proposed modifications resulting from this evaluation.

Q&R 8.3-1 Revision 15

STPEGS UFSAR Response Figure 8.3-4 (sheet 1) shows the standby diesel generator (SBDG) logic, including alarm circuitry and local operation capability, and includes all operating modes for the SBDG. The Engineered Safety Feature (ESF) Status Monitoring System pr ovides the operator with diesel generator (DG) bypass or inoperable status information in the control room. The ESF Status Monitoring System is described in Section 7.5.4. Other systems also provide status information to the operator; e.g. indicators, annunciators, and computer alarms. However, the ESF Status Monitoring System is the specifically identified system for provision of bypass or inoperable status. This separation of functions eliminates one source of misinterpretation by the operators. The specific information requested is provided as follows:

1. The following conditions render the DG incapable of responding to an automatic emergency start signal for all operating modes:
a. Engine overspeed lockout not reset
b. Generator differentia l lockout not reset
c. Loss of control power
d. Mode selector switch not in "remote" position
e. Emergency stop push button not reset
f. Loss of starting air pressure or starting system malfunction
g. Start circuit inoperable
2. Each of the conditions identified in (1) is alarmed through the ESF Status Monitoring System.

The wording on the windows in the control room is:

a. OVER SP LCKOUT
b. GEN DIFF LCKOUT
c. LOSS DG CONT PWR
d. MODE SEL SW NOT RMT POS
e. EMERG STOP NOT RESET
f. LOSS STRT AIR
g. STRT CKT INOP
3. No other signals cause the SBDG-related ESF Status Monitoring System windows to light.

Q&R 8.3-2 Revision 15

STPEGS UFSAR Response (Continued)

4. No other SBDG conditions (anticipated more than once per year) could render the DG incapable of responding to an emergency star t signal. Manual bypass or operable status indication may be initiated for conditions occurring infrequently (less than once per year).

Electrical power distribution bypass or inoperable conditions, support systems (cooling water and heating, ventilating, and air conditioning [HVAC]) bypass or inoperable status conditions and ESF load sequencer bypass or inoperable conditions are alarmed using ESF Status Monitoring windows in the same group of windo ws. (As indicated in Section 7.5.4, lighting of a component-level bypass/inop window also results in lighting of the system-level bypass/inop window.)

5. No modifications are required.

Q&R 8.3-3 Revision 15

STPEGS UFSAR Q&R 8.3-4 Revision 15 Question 430.16N

In Section 8.3.1 you discuss the onsite distribution system. Your discussion provides insufficient detail for evaluation. Specifically address breaker coordination a nd the interrupti ng capacities of switchgear, load centers, motor control centers, and distribution panels under maximum short circuit conditions. Provide this information including supporting drawings and amend your FSAR accordingly.

Response Interrupting capacities of 13.8 kV and 4.l6 kV switchgear are pr ovided in Sections 8.3.1.1.1 and 8.3.1.1.4.1, respectively. Interrupting capacities of 480 V switchgear are selected appropriately based on the fault current contribution from loads and the s ource at a bus. Criteria for breaker coordination for onsite power system is discussed in Section 8.3.l.l.4.6. Maximum short circuit conditions ha ve been calculated conservatively, by assuming the ultimate system contribution of 30 gva (the system contri bution with the two STPEGS units on line, and the eight transmission circuits will be 19.41 gva) and maximum load fault current contribution (motors>_ 50 HP and with standby diesel generator during testing). The calculations will be updated with final data.

The present calculations indicate that the interrupting capacities of the equipment identified below is not exceeded under worst-case circuit conditions, with the exception of two out of four 13.8 kV switchgear which yield a negligible, yet negative interrupting capacity margin of 0.2 percent. The present calculations are acceptable considering the conservatism in the present calculations as discussed above.

Rated Interrupting Capacity (amp,rms symm) 1. 13.8 kV Switchgear 28,000 (@ 15 kV)

2. 4.16 kV Switchgear 30,300 (@ 4.76 kV)
3. 480 V Loadcenter 30,000 4. 480V MCC 25,000 5. 120/208 V dist. Pnl 8,500 The drawings with breaker coordination curves were submitted by separate cover letter (see ST-HL-AE-1487, dated October 29, 1985).

STPEGS UFSAR Question 430.19N In section 8.3.1.2.7 you state that the design and basic layout of the electrical system is structure in accordance with the basic objectives of Regulatory Guide 1.75.

Your FSAR does not address the following areas in sufficient detail for evaluation. (a) Isolation and separation of non-Cl ass 1E and associated circuits from Class 1E circuits as covered in IEEE 384-1974 section 4.5 and 4.6. (b) Cable splices in raceway. IEEE 384-1974 section 5.1.1.3. (c) Physical identification by color co ding of cables. IEEE 384-1974 section 5.1.2. (l) Were cables labeled prior to installation or were cables jacket s color coded during manufacturing.

(2) If cables were field labeled does labeling meet IEEE 384-1974 requirements. (d) Limiting the non-Class 1E load connected to Cl ass 1E power supplies to only those required to maintain the plant in a safe orderly condi tion and insuring that their connection does not degrade the capacity, capability and reliability of the Class 1E system. (e) Sufficient slack provided in cables at building interfaces to allow building motion under DBE conditions. (f) Separation of cable trays and conduit of redundant trains. Provide this additional information and amend your FSAR accordingly.

Response (a) Isolation and separation of non-Class 1E and associated circ uits as required per IEEE 384-1974 is covered in UFSAR Section 8.3.1.4.4.4. (b) Splicing of cables is not allowe d in cable tray or rigid conduit. Splicing is performed within enclosures (totally enclosed locations including manholes, equipment, boxes, conduit fittings, etc.) that are accessible. All splices are performed with qualified material and in accordance with applicable plant procedures and specifications. (c) Physical identification by color coding of cable for separation groups is covered in UFSAR Section 8.3.1.3. The cables either have jackets color coded during manufacture or are color coded in field in a manner of sufficient durability for the life of the plant and in accordance with IEEE 384-1974. (d) A limited number of non-Class 1E devices are conn ected to Class 1E power supplies. These non-Class 1E devices are either connected thro ugh an isolation device, or are fed through breakers which are tripped by a safety injecti on (SI) signal. Depending upon the loading of Q&R 8.3-5 Revision 15

STPEGS UFSAR Response (Continued) the Class 1E system these tripped non-Class 1E loads can be reconnected manually by the operator after all the required Class 1E loads have been connected and the SI si gnal reset. Also see response to Question 430.33N for more details.

(e) Sufficient slack is provided during installation in the cables at building interfaces to allow building motion under Design Basi s Earthquake (DBE) conditions. (f) Identification and separation of redundant trains is covered in UFSAR Sections 8.3.1.3 and 8.3.1.4. Q&R 8.3-6 Revision 15

STPEGS UFSAR Question 430.20N

Your response to question 040.9 is not acceptable. We have recently revised this position to include an added feature to the second leve l undervoltage protection and furthe r clarification. Our preference is compliance with the revised position. Your response to Part 4 concerning acceptable verification testing will be required regardless of which position you opt to meet, i.e., the original criteria presented in question 040.9 or the revised version.

Supplement the description of your design in the FSAR to show conformance with the positions or provide detailed analysis to justify nonconformance.

1. In addition to the undervoltage scheme provided to detect loss of offsite power at the Class 1E busses, a second level of undervoltage protection with time delay should also be provided to protect the Class 1E equipment; this second level of undervoltage protection shall satisfy the following criteria:
a. The selection of undervoltage and time delay setpoints shall be determined from an analysis of the voltage requirements of the Class 1E loads at all onsite system distribution levels;
b. Two separate time delays shall be select ed for the second level of undervoltage protection based on the following conditions:

(1) The first time delay should be of a duration that establishes the existence of a sustained degraded voltage condition; i.e., something longer than a motor starting transient. Following this delay, an alarm in the control room should alert the operator to the degraded condition. The subsequent occurrence of a safety injection actuation signal (SIAS) should immediately se parate the Class 1E distribution system from the offsite power system.

(2) The second time delay should be of a limited duration such that the permanently connected Class 1E loads will not be damaged. Following this

delay, if the operator has failed to rest ore adequate voltages, the Class 1E distribution system should be automatically separated from the offsite power system. Bases and justification must be provided in support of the actual delay chosen. c. The voltage sensors shall be designed to satisfy the following applicable requirements derived from IEEE Std. 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations":

(1) Class 1E equipment shall be utilized and shall be physically located at and electrically connected to the Class 1E switchgear.

(2) An independent scheme shall be provid ed for each division of the Class 1E power system.

Q&R 8.3-7 Revision 15

STPEGS UFSAR Question 430.20N (Continued)

(3) The undervoltage protection shall include coincidence logic on a per bus basis to preclude spurious trips of the offsite power source.

(4) The voltage sensors shall automatically initiate the disconne ction of offsite power sources whenever the voltage set point and time delay limits (cited in item l.b.2, above) have been exceeded.

(5) Capability for test and calibration du ring power operation shall be provided.

(6) Annunciation must be provided in th e control room for any bypasses incorporated in the design.

d. The Technical Specification shall include limiting conditions for operations, surveillance requirements, trip setpoints with minimum and maximum limits, and

allowable values for the second-level voltage protection sensors and associated time delay devices.

2. The Class 1E bus load shedding scheme should automatically prevent shedding during sequencing of the emergency loads to the bus. The load shedding feature should, however, be reinstated upon completion of the load sequencing action. The Technical Specifications must include a test requirement to demonstrate the operability of the automatic bypass and reinstatement features at least once per l8 months during shutdown. In the event an adequate basis can be provided for retaining the load shed feature during the above transient conditions, the setp oint value in the Technical Sp ecifications for the first level of undervoltage protection (loss of offsite power) must specify a value having maximum and minimum limits. The basis for the setpoints and limits selected must be documented.
3. The voltage levels at the safety-related busses should be optimized for the maximum and minimum load conditions that are expected throughout the anticipat ed range of voltage variations of the offsite power sources by appropria te adjustment of the vo ltage tap settings of the intervening transformers. Th e tap settings selected should be based on an analysis of the voltage at the terminals of the Class 1E loads. The analyses performed to determine minimum operating voltages should typically consider maximum unit steady state and transient loads for events such as a unit trip, loss of coolant accident, startup or shutdown; with the offsite power supply (grid) at minimum anticipated voltage and only the offsite source being considered available. Maximum vo ltages should be analyzed with the offsite power supply (grid) at maximum expected voltage concurrent with minimum unit loads; e.g.

cold shutdown, refueling. A separate set of the above analyses should be performed for each available connection to the offsite power supply.

Q&R 8.3-8 Revision 15

STPEGS UFSAR Question 430.20N (Continued)

4. The analytical techniques and assumptions used in the voltage analysis cited in item 3 above must be verified by actual measurement. The ve rification and test should be performed prior to initial full power reactor operati on on all sources of offsite power by:
a. Loading the station distribution busses, in cluding all Class 1E busses down to the 120/208 volt level, to at least 30 percent
b. Recording the existing grid and Class 1E bus voltages and bus loading down to the l20/208 volt level at steady state conditions and during starting of both a large Class 1E and non-Class 1E motor (not concurrently) Note: To minimize the number of instrumented locations, (r ecorders) during the motor starting transient tests, the bu s voltages and loading need only be recorded on that string of busses which previously showed the lowest analyzed voltages from item 3, above.
c. Using the analytical techniques and assumptions of the previous voltage analysis cited in item 3 above, and the measured existi ng grid voltage and bus loading conditions recorded during conduct of the test, calculate a new set of voltages for all Class 1E busses down to the l20/208 volt level
d. Compare the analytically derived voltage values against the test results With good correlation between the an alytical results and the test results, the test verification requirement will be met. That is, the validity of the mathematical model used in performance of the analyses of item 3 will have been established; therefore, the validity of the results of the analysis is also established. In general the test results should not be more than 3 percent lower than the analytical results; however, the differences between the two when subtracted from the voltage levels determined in the original analyses should never be less than the Class 1E equipment rated voltages.

Response 1. Two undervoltage sensing schemes are employe d for each Class 1E 4.16 kV bus to provide two levels of undervoltage protection. The first scheme detects loss of voltage and the second scheme detects degraded voltage conditions on the bus. Voltage signals to each scheme are provided through four potential transformers connected to each bus. Four solid state type instantaneous undervoltage relays and four time delay relays are used for the first scheme (loss of voltage). The devices used for the second scheme (degraded voltage) include four solid state type instantaneous unde rvoltage relays and two sets of four time delay relays.

Q&R 8.3-9 Revision 15

STPEGS UFSAR Q&R 8.3-10 Revision 15 Response (Continued) The first set provides for an alarm only, and the second set initiates a lo gic signal as shown on Figure 8.3-4.

a. The devices for the first (loss of voltage) scheme are set to operate after a time delay setpoint of 1.75 seconds at 74.7 percent of nominal voltage, which is below the minimum expected voltage during diesel generator sequencing. A 1.75 second time delay is provided to prevent spurious initiation of the logic signal due to a transient dip in voltage. The 74.7 percent voltage set point results in a relay operating range, including tolerance, of 71.6 percent to 77.6 percent of nominal voltage.

The degraded voltage relays are set to operate at 92.2 percent of 4.16 kV, which corresponds to 90 perc ent of 480 volts at the bus of the worst case motor control center (MCC). The worst case MCC is determined based on the maximum voltage drop from the 4.16 kV switchgear bus to the MCC bus with the lowest offsite system voltage and maximum in plant load conditions. b. (1) The first set of time delay relays used in the degraded voltage scheme are set to operate after 35 seconds and provide an alarm in the control room to alert the operator. The setpoint is longer than the worst case motor accelerating time of approximately 30.6 seconds at 80 percen t rated voltage for the Essential Cooling Water Pump drive motor. The logic is set up to trip the offsite source feeder breaker in the event of a subse quent occurrence of safety injection actuation signal (SIAS) in order to sepa rate the Class 1E distribution system from the degraded offsite source. (2) The second set of time delay relays used in the degraded voltage are set to operate at 50 seconds to initiate separation of the system from the degraded source. Analysis of motor thermal damage curves indicates that the loads are capable of withstanding 70 percent of nominal voltage, for a duration of more than 50 seconds without damage.

c. The undervoltage sensors are designed to satisfy the following applicable requirements derived for IEEE 279-1971 "Criteria for Protection Systems for Nuclear

Power Generating Stations".

(1) Class 1E equipment is utilized, physically located in and elec trically connected to the Class 1E switchgear.

(2) An independent scheme is provided fo r each division of the Class 1E power system. (3) The undervoltage protection uses coin cident logic on a per bus basis to preclude spurious trips of the offsite po wer source. This is shown in Figure 8.3-4, sheets 2 and 5.

STPEGS UFSAR Q&R 8.3-11 Revision 15 Response (Continued)

(4) The undervoltage relays automatically initiate disconnection of the offsite power source in the event the voltage setpoint and time delay limits (cited in item 1.b.2, above) are exceeded.

(5) The undervoltage relays can be tested and calibrated during power operation.

(6) Annunciation is provided in the control room in the event any of the undervoltage relays operate. The relay test procedures require that some alarms be activated during testing of an undervoltage relay by applying a shorting link to the test switch used to isolate the relay. The shorting link energizes the timer that is used to provide the alarm.

d. The Technical Specifications includes setpoints, with minimum or maximum limits, as applicable, for the loss of voltage and degraded voltage relays, and associated time delay relays.
2. The design of the bus loading scheme does not permit sequencing and shedding of emergency loads at the same time. See Figure 8.3-4 a nd Section 8.3.1.1.4.4 for a description of the load shedding scheme. In the event a mode I or m ode II recognition signal is received, while load sequencing is in progress, the logic is such that further sequencing of lo ads stops immediately. The emergency loads already connected to the bus by the sequencer are shed and the

sequencer is restarted from step 1. Westinghous e indicates that, based on sensitivity studies (WCAP-8471), the time delay due to stopping and restarting of sequencer under the worst condition is within the acceptable limit of LOCA analysis. Upon completion of sequencing, load shedding reinstatement is accomplished by manually resetting the reset button in the Main Control Ro om or at the sequencer panel. Note that manual resetting prevents inadvertent exces sive starting of motors. The Technical Specifications include testing of the automatically bypassed load shed and manual operation of load shed reinstatement. Since simultaneous occurrence of sequencing and shedding of emergency loads is precluded per logic design, it is not necessary to include the first level undervoltage relay setpoint limits in the Technical Specifications.

3. A voltage analysis was performed in accordance with BTP PSB-1, Position 3. Optimum transformer tap settings have been selected to maintain termin al voltage levels within 90-110 percent of rated voltage duri ng steady state operation, and at 80 percent or above during motor starting (75 percent or above for starting the Reactor Containment Fan Cooler motors).

The tap settings selected are based on the resu lts of the analysis which calculates bus and terminal voltage levels for various worst ca se plant operating modes and loading conditions (normal, startup, LOCA, and shutdown). In the analysis, particular emphasis is placed on analyzing the voltage levels at those loads which are supplied STPEGS UFSAR Q&R 8.3-12 Revision 15 Response (Continued) through the standby transformer. The basis for this is that these loads will be susceptible to voltage violations in the offsite system (0.96-1.02 p.u.), as opposed to loads supplied through the unit auxiliary transformer, which has an automatic tap changer. Minimum steady state voltage levels were determined by considering the following: Maximum loading of the standby transformers assuming that Unit 1 unit auxiliary transformer is not available Operation of Class 1E loads required during a LOCA Minimum system voltage (e.g., 0.96 p.u.) Minimum transient voltage levels were determ ined by considering the above scenario and emulating the Class 1E load starting profile of the ESF load sequencer, which includes the simultaneous starting of Class 1E 4.16 kV and 480 V motors. Maximum bus voltage levels were determined by considering maximum anticipated grid voltage (1.02 p.u.) concurrent with each standby transformer winding exclusively supplying a safety-related train under light load conditions; e.g., less than 25 percent of LOCA loads.

The various interconnections to the offsite power system are documented and discussed in the analysis. Only those arrangements that are representative of the worst case conditions (e.g., max-min loading and system voltage levels), as discussed above, were analyzed in detail.

4. Field verification of the analytical techniques and assumptions used in the voltage analysis were accomplished and documented.

STPEGS UFSAR Question 430.21N

In FSAR Section 8.3.l you state that protection of the electrical pene trations is provided by source and feeder breakers with a backup means of sizing the penetration conductors larger than the cable, thus taking advantage of the self-fusing concept. This concept is unacceptable to the staff because of

the inherent fire hazards in such an approach. Additionally in your response to question 040.07 on this subject you discuss overcurrent protection of the electrical pe netrations, including the primary and backup protection; however, the coordination curves shown on sheets 1 and 6 show only a single curve of overcurrent protection. Yo u also state in secti on 4.d of the response that fuses are used for backup protection; the coordination curves for 14 A.W.G penetration on sheet 10 do not show a curve for this fuse. The time current curves do not show the instantaneous and time delay curves for all circuit breakers used and does not relate those breakers to a single line diagram for the circuit application. Modify your time current coordination curves for each size penetration to include penetration rating, curves for instantaneous, long and short time overcurrent trips provided by primary and backup protective devices. Additionally provide a single line diagram and a drawing

that shows circuit configurat ion and breaker coordination.

Response Power and control field cables to the electric penetrations are capab le of carrying the load circuit based on the penetration conductor ampacity, as calculated for the elec tric penetration protection.

Credit for self-fusing concept of field conducto rs has not been taken. See Section 8.3.l.l.5. Coordination curves with single line diagram showing circuit configuration of each type of penetration conductor was submitted in letter ST-HL-AE-1687 dated June 11, 1986.

The types of circuits that go through penetration assemblies are as follows:

1. Power feeders for medium voltage 13.2 kV motors
2. 480 vac load center power feeders
3. 480 vac motor control center power feeders
4. 120 vac miscellaneous power feeders
5. 120 vac vital circuits
6. 120 vac control circuits
7. 125 vdc power circuits
8. 125 vdc control circuits
9. Control rod drive mechanism (CRDM) circuits Q&R 8.3-13 Revision 15

STPEGS UFSAR Response (Continued)

10. Instrument circuits
11. Communication circuits The following system features are provided to ensure compliance with the Regulatory Guide (RG) 1.63 position in regard to single random failure s of circuit overcurrent protective devices:
1. Medium voltage penetration assemblies: The only medium voltage ci rcuits routed through the penetration are for the 13.2 kV, non-Class 1E reactor coolant pump motors. Two 1000 kcmil conductors per phase have been used in each of four penetration assemblies for these circuits. Primary and backup protection for th e penetration conductors are provided by the switchgear source and feeder breaker overcurrent relays. Curve no. 1 shown that the time-current capability of the 1000 kcmil penetrati on conductors is greater than any maximum short circuit current vs. time condition that could possibly occur even if one relay fails. Thus, the penetration conductors are protected against any overcurrent in the event of a single random failure of a protective device.
2. 480 vac load center power feeders: 3-300 hp Residual Heat Removal (RHR) Pumps and 6-150 hp Reactor Containment Fan C ooler (RCFC) Supply Fans are supplied from 480 V load centers. All other 480 V loads inside the containment are fed from 480 V Motor Control Centers (MCCs). The RHR and RCFC circuit penetration conductors are protected by the load center solid state overcurrent trip devices. The prim ary and backup protection is provided by the load center feeder and source br eaker trip devices respectively, as shown on curve nos. 2 and 3.
3. 480 vac MCC power feeders: The circuits for motor loads fed from MCCs are provided with an additional thermal-magnetic (TM) circuit breaker in series with the magnetic-only circuit breaker used in the combination starter for each motor. The TM breakers are generally located in separate cubicles of the MCCs and they provide backup protection for the associated penetration conductors. The magne tic-only breakers togeth er with the starter thermal overload relays provide the primary pr otection. Curves nos. 4 through 10 show that the protective devices provide satisfactory primary and backup protection for the penetration conductors used for the continuous duty motor load circuits. For Class 1E motor operated valves (MOVs), the thermal overload relay contacts are bypassed to comply with RG 1.106. The contacts are wired to provide alarm only. Therefore, primary protection for the Class 1E MOV circuits, provided by the magnetic-only breaker, is for short circuit only. For these Class 1E MOVs , the backup breakers are selected to allow for sustained locked rotor current, and the penetr ation conductors are sel ected large enough to ensure that the thermal limits of the penetra tions are not exceeded. The selected penetration conductors are capable of carrying motor locked rotor current continuously. Curves nos. 11 through 19 show the thermal damage curves fo r penetration conductors for Class 1E MOVs and the associated time-current curves for prim ary and backup protective devices. Curves Q&R 8.3-14 Revision 15

STPEGS UFSAR Response (Continued) nos. 20 through 22 show similar coordination curv es for the non-Class 1E MOV circuits. Non-Class 1E 480 V MCCs supply power to mi scellaneous in-Containm ent loads such as lighting transformers, reactor coolant pump motor space heaters, incore detector drive units, fuel handling control panel, etc. Each of these power feeders is furnished with two TM breakers in series to provide primary and backup protection for the as sociated penetration conductors. These breakers have generally the same rating and are located in separate cubicles of the MCC. The ratings of both series connected breakers are selected that in the event of an overcurrent, the breakers trip before the thermal limits of penetration conductors are reached. Curves nos. 23 through 29 demonstrate the operation of the breakers under such overcurrent conditions.

4. 120 vac miscellaneous power feeders: 120/208 V distribution panels provide 120 vac power to motor space heaters, instrument enclosure space heaters, and other small miscellaneous loads. These circuits are furnished with TM breakers and fuses in series to provide primary and backup protection for the associated pe netration conductors. The TM breakers are located in the 120/208 V distribution panels, and the fuses are located separately from the

distribution panels. Curves nos. 30 through 32 s how that the protective devices used provide adequate protection for th e penetration conductors.

5. 120 vac vital circuits: There are only two 120 vac vital circuits routed through penetrations. These circuits originate from the uninterrupt ed power supply (UPS) distribution panel and they provide power to digital rod position indication (DRPI) data cabinets A&B located inside the Containment. Two TM circuit breakers in series are used in each circuit to provide primary and backup protection for the associated penetration conductors. The breakers have same rating and they are housed in separate en closures. Curve no. 33 shows that the breaker time-current characteristics curves are well under the thermal damage curve of the penetration conductors, thus the breakers provide satisfactory protection for the penetration conductors.
6. 120 vac control circuits: 120 v ac control circuits originating from MCCs are powered by 480/120 vac control power transformers (CPT) lo cated in the MCC cubicles. Each of the circuits are provided with two fu ses in series except for those cases where available maximum short circuit current is demonstrated to be less than the ampacity of the minimum size (10 AWG) penetration conductors used for control circuits. The s hort circuit study shows that for 100 and 150 VA CPT circuits the maximum available fault current is less than the ampacity (32A) of the associated 10 AWG penetration co nductors. These circui ts are not furnished with an additional fuse as backup because the integrity of the penetration will not be jeopardized even in the event of a sustained fa ult. Curve no. 34 shows that two fuses, 3A and 6A, connected in series provide satisfactor y primary and backup pr otection for the 10 AWG penetration conductors.

Q&R 8.3-15 Revision 15

STPEGS UFSAR Response (Continued)

Curve no. 35 shows protection coordination for ot her 120 vac control circ uits that originate from the auxiliary relay panels, isolation relay panels, or miscellaneous control panels (ZLP panels). The primary protection is provided by a fuse, 15A or less, used for each circuit. The backup protection is provided by the 20A TM main breaker used for each panel.

7. 125 vdc power circuits: There are only two 125 vdc power feeders that go through Containment penetrations. These feeders pr ovide power to the sole noid operated reactor coolant pressurizer power relief valves. Two TM breakers, connected in series, are used in each circuit to provide the primary and backup protection for the associated penetration conductors. The breakers are located in the 125 vdc distri bution switchboard. Curve no. 36 illustrates that the penetration conductors are satisfactorily protected.
8. 125 vdc control circuits: The 125 vdc control ci rcuits routed through penetration assembly are generally powered from the auxiliary relay pane ls or isolation relay pa nels. Each circuit is furnished with a 15A, or less, fuse which provides the primary protection for the associated penetration conductors. The 20A TM main breakers, used for each relay panel, provides the backup protection as in the case of 120 vac c ontrol circuits. See Curve no. 35. The curves show that the fuse with TM breakers provide satisfactory primary a nd backup protection for the 10 AWG penetration conductors.

There are a few 125 vdc control circuits which are not powered from relay panels. These circuits are for RCFC fans and they are powered from the load center 125 vdc control bus.

Each of these circuits is provided with two fuses in series in each lead, one located in the load center and the other in the transfer panel. These fuses provide primary and backup protection for the 10 AWG penetration conductors as shown on curve no. 38.

9. Control rod drive mechanism (CRD M) circuits: DC power to the CRDM circuits is provided by motor-generator sets through a series of rec tifiers located in the CRDM power cabinets. The maximum fault current available for a fault inside the Containment is limited by the inherent current limiting feature of the rectifier. The CRDM lift power circuits are protected by two 50A fuses, one in the positive lead and other in the negative lead. The CRDM stationary, or moving gripper, power circuits are protected by tw o fuses, one in each lead. The two fuses in each circuit provide both primary and backup protection because the DC distribution system for the CRDM is ungrounded. Curve no. 37 demonstrates that the penetration conductors are well prot ected against circuit overcurrent.
10. Instrument circuits: Instrument circuits are all low energy circuits carrying only a few milliamperes. Also these circuits are routed in separate raceways from power and control cables to preclude the possibili ty of a short between the instrument and other circuits.

Q&R 8.3-16 Revision 15

STPEGS UFSAR Response (Continued) Therefore, fault current exceeding the ampacity of 16 AWG (minimum size used) penetration conductors under any faulted condition is not credible. Hence, backup protection for the instrument circuit penetrati on conductors is not required. Primary protection is, however, provided by the devices which are integral with the power supply to the circuits.

11. Communication circuits: There are three types of communication circ uits, telephone, paging, and maintenance jack, that are r outed through penetration assemblies.

All of these circuits are low energy circuits and routed in separate raceways from powe r and control circuits. These circuits cannot have significant short circuit current to pose a threat to the penetration assembly. Therefore backup protection for the associated penetration conductors (19 AWG) is not provided.

Q&R 8.3-17 Revision 15

STPEGS UFSAR Question 430.23N

Provide a listing of all Class 1E and l3.8 kV non-Class 1E switchgear (by bus nomenclature) within the design and specifically address the source of control power to each. This is needed to facilitate an independent review of how your emergency power system design meets the single failu re criterion and to determine the extent of loss due to postulated failures.

Response Refer to Table Q430.23N-1.

Q&R 8.3-18 Revision 15

STPEGS UFSAR TABLE Q430.23N-1 CONTROL POWER SOURCES Bus Description Control Power Source 13.8 kV Non-Class 1E Bus lF 125 vdc Dist. PNL PL125E Except RCP 1A Circuit Bkr (125 V Non-Class 1E Battery) 13.8 kV Non-Class 1E Bus lG 125 vdc Dist. PNL PL125B Except RCP 1B Circuit Bkr.

(125 V Non-Class 1E Battery) 13.8 kV Non-Class 1E Bus lH 125 vdc Dist. PNL PL125E Except RCP 1C Circuit Bkr.

(125 V Non-Class 1E Battery) 13.8 kV Non-Class 1E Bus 1J 125 vdc Dist. PNL PL125B Except RCP lD Circuit Bkr.

(125 V Non-Class 1E Battery)

RCP Feeder Bkrs. 1A, B, C, and D 125 vdc Dist. PNL PL125K (125 V Non-Class 1E Battery) 4.16 kV Non-Class 1E Bus 1D 1 125 vdc Dist. PNL PL125A

4.16 kV Non-Class 1E Bus 1D 2 125 vdc Dist. PNL PL125A

4.16 kV Class 1E Bus E1A 125 vdc Class 1E Dist. SWBD E1A11 (125 V Class 1E Battery)

4.16 kV Class 1E Bus E1B 125 vdc Class 1E Dist. SWBD E1B11 (125 V Class 1E Battey) 4.16 kV Class 1E Bus E1C 125 vdc Class 1E Dist. SWBD E1C11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1Al 125 vdc Class 1E Dist. SWBD E1A11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1A2 125 vdc Class 1E Dist. SWBD E1A11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1Bl 125 vdc Class 1E Dist. SWBD E1B11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1B2 125 vdc Class 1E Dist. SWBD E1B11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1Cl 125 vdc Class 1E Dist. SWBD E1C11 (125 V Class 1E Battery) 480 V Class 1E 4L Bus E1C2 125 vdc Class 1E Dist. SWBD E1C11 (125 V Class 1E Battery)

Q&R 8.3-19 Revision 15

STPEGS UFSAR TABLE Q430.23N-1 (Continued) CONTROL POWER SOURCES Bus Description Control Power Source Reactor Trip SWGR 'R' 125 vdc Class 1E Dist. SWBD E1A11 (125 V Class 1E Battery)

Reactor Trip SWGR 'S' 125 vdc Class 1E Dist. SWBD E1B11 (125 V Class 1E Battery)

Q&R 8.3-20 Revision 15

STPEGS UFSAR Question 430.24N

Periodic testing and test loading of an emergency diesel generator in a nuclear power plant is a necessary function to demonstrate the operability, capability, and availability of the unit on demand.

Periodic testing coupled with good preventive maintenance practices will assure optimum equipment readiness and availability on dema nd. This is the desired goal. To achieve this optimum equipment readiness status the following requirements should be met:

1. The equipment should be tested with a minimum lo ading of 25 percent of rated load. No load or light load operation will cause incomplete combustion of fuel resulting in the formation of gum and varnish deposits on the cylinder walls, in take and exhaust valves, pistons and piston rings, etc., and accumulation of unburned fuel in the turbocharger and exhaust system. The consequences of no load or light load operation are potential equipment failure due to the gum and varnish deposits and fire in the engine exhaust system.
2. Periodic surveillance testing should be performed in accordance with the applicable NRC guidelines (RG 1.108), and with the recommendations of the engine manufacturer. Conflicts between any such recommendations and NRC guidelines, particularly with respect to test frequency, loading, and duration, sh ould be identifie d and justified.
3. Preventive maintenance should go beyond the normal routine adjustments, servicing and repair of components when a malfunction occurs. Preventive maintenance should encompass investigative testing of components which have a history of repeated malfunctioning and require constant attention and repair. In such cases consideration should be given to replacement of those components with other products which have a record of demonstrated reliability, rather than repetitive repair and maintenance of th e existing components. Testing of the unit after adjustments or repairs have been made only confirms that the equipment is operable and does not necessarily mean that the root cause of the problem has been eliminated or alleviated.
4. Upon completion of repairs or maintenance and prio r to an actual start, run, and load test a final equipment check should be made to assure that all electrical circuits are functional; i.e., fuses are in place, switches and circuit breakers are in their proper position, no loose wires, all test leads have been removed, and all valves ar e in the proper position to permit a manual start of the equipment. After the unit has been satisfactorily started and load tested, return the unit to ready automatic standby se rvice and under the control of the control room operator.

Provide a discussion of how the above requirements have been implemented in the emergency diesel generator system design and how they will be considered when the plant is in commercial operation; i.e., by what means will the above requirements be enforced.

Q&R 8.3-21 Revision 15

STPEGS UFSAR Q&R 8.3-22 Revision 15 Response See Section 9.5.5.6 for a description of the loading of the diesel ge nerators (DGs) for testing and troubleshooting. The Preventive Maintenance (PM) program includes directions to review PM documentation for information pertaining to equipment failure trends, frequency, and the root causes of failures. This program will identify and track equipment failure and determine the root causes of failures. The Maintenance Work Request (MWR) program in cludes directions to review the MWR package for information pertaining to equipment failure tr ends, frequency, and the root causes of failures. This program will identify and track equipment failures and determine root causes of failure which require corrective maintenance. The procedure for returning the DG to an operable status following maintenance will incorporate a final equipment check to assure that electrical circuits are functional. STPEGS has procedural commitments to perform reviews of equipment failures. Based on these reviews, design changes are considered which would improve reliability. Maintenance is performed in accordance with written procedures, which require verification or testing to ensure that equipment meets its design requirements prior to bei ng declared operable.

Refer to Section 13.5.1.3. For STPEGS's position on Regulatory Guide (RG) 1.108, see the response to Q430.11N.

STPEGS UFSAR Q&R 8.3-23 Revision 15 Question 430.25N

The availability on demand of an emergency diesel generator is dependent upon, among other things, the proper functioning of its controls and monitoring instrumentation. This equipment is generally panel mounted and in some instances the panels are mounted directly on the diesel generator skid. Major diesel engine damage has occurred at some operating plants from vibration induced wear on skid mounted control and monitoring instrumentation. This sensitive instrumentation is not made to withstand and function a ccurately for prolonged periods under continuous vibrational stresses normally encountered with internal combustion engines. Operation of sensitive instrumentation under this environment rapidly deteriorates calibration, accuracy and control signal output. Therefore, except for sensors, and other equipment that must be directly mounted on the engine or associated piping, the controls and monitoring instrumentation should be installed on a free standing floor mounted panel separate from the engine skids, and located on a vibration free floor area. If the floor is not vibration free , the panel shall be equipped with vibration mounts. Confirm your compliance with the above requirements or provide justification for noncompliance.

Response The engine and generator control and instrumentation panels are physically located approximately 12 ft from the diesel generator (DG) at an elevati on of 10 ft above the bottom of the generator. The natural frequency of the DG and foundation system is lower than the machine speed. Also, the ratio of foundation weight to the DG weight is approximately eight. Transmission of vibratory motion from the DG to the engine and generator panel is considered insignificant. In addition the control panels were seismically test ed and the Test Response Spectra curves envelope the Required Response Spectra curves by a margin of more than 10 percent. The panels were also tested to the equivalent of 5 Operating Basis Earthquakes (OBEs). The location and mounting arrangement of the DG control panel has been reviewed with the manufacturer and they have indicated that the configuration is acceptable from a vibration standpoint.

STPEGS UFSAR Q&R 8.3-24 Revision 15 Question 430.26N

It has been noted during past revi ews that pressure switches or othe r devices were incorporated into the final actuation control circuitry for large horsepower safety-related motors which are used to drive pumps. These switches or devices preclude automatic (safety signal) and manual operation of the motor/pump combination unless permissive conditi ons such as lube oil pressure are satisfied. Accordingly, identify any safety-related motor/pump combinations which are used in the STPEGS design that operate as noted above. Also, descri be the redundancy and diversity which is provided for the pressure switches or permissive devices that are used in this manner.

Response There are not any large horsepower safety-related motor/pump combinations where process devices (used as start permissives in the final actuation co ntrol circuit) would preclude the automatic (safety signal) and manual operation of the equipment on STPEGS.

STPEGS UFSAR Q&R 8.3-25 Revision 15 Question 430.27N

Identify all electrical equipment, both safety and non-safety, that may become submerged as a result of a LOCA. For all such equipment that is not qualified for service in such an environment provide an analysis to determine the following: 1. The safety significance of the failure of this electrical equipment (e.g., spurious actuation or loss of actuation function) as a result of flooding. 2. The effects on Class 1E electrical power sources serving this equipment as a result of such submergence. 3. Any proposed design changes resulting from this analysis.

Response All electrical equipment subject to submergence during the maximum postulated LOCA are identified in Table Q430.27N-1 along with the an ticipated result of such submergence. For additional listing of instrumentation and control items see re sponse to Question Q32.35. For protection of penetration integrity see response to Question 430.2lN.

TABLE Q430.27N-1 EQUIPMENT BELOW RCB MAXIMUM FLOOD ELEVATION FAILURE EFFECT FOR EQUIPMENT STPEGS UFSAR Effect on Service Safety Class 1E Equipment No.

Description Open Circui t Short Circuit Related Power Source 9Q061NPA101A Normal Sump Pump 1A Pump Inoperative Motor Destroyed No None 9Q061NPA101B Normal Sump Pump 1B Pump Inoperative Motor Destroyed No None 9E171ECS7561 Normal Sump Pump None Pump May Get Started No None Test P.B. Station 9Q061NPA102A Sec. Containment Pump I noperative Motor Destroyed No None Normal Sump Pump 1A 9E171ECS7563 Test P.B. Station For N one Pump May Get Started No None Sec. Cont. Normal Sump Pump 8V141VFN023 Reactor Cavity Vent Fan I noperative Motor Destroyed No None Fan No. 11A 8V141VFN024 Reactor Cavity Vent Fan I noperative Motor Destroyed No None Fan No. 11B 7R301NPA107A Reactor Coolant Drain Pump Inoperative Motor Destroyed No None Tank Pump 1A 7R301NPA107B Reactor Coolant Drain Pump Inoperative Motor Destroyed No None Tank Pump 1B 9E591ERP0002 Welding Receptacle Inopera tive Receptacle Destroyed No None Q&R 8.3-26 Revision 15

STPEGS UFSAR Q&R 8.3-27 Revision 15 Question 430.28N

Provide a detail discussion (or pl an) of the level of training proposed for your operators, maintenance crew, quality assurance, and supervisory personnel responsible for the operation and maintenance of the emergency diesel generators.

Identify the number and type of personnel that will be dedicated to the operations and maintenance of the emergency dies el generators and the number and type that will be assigned from your general plant operations and maintenance groups to assist when needed. In your discussion identify the amount and kind of tr aining that will be recei ved by each of the above categories and the type of ongoing training program planned to assure optimum availability of the emergency generators. Also discuss the level of education and minimum experience requirements for the various categories of operations and maintenance personnel associated with the emergency diesel generators.

Response The training program for supervisors, operators, and maintenance personnel de scribed in Chapter 13 includes training on the standby di esel generators (SBDGs).

The Nuclear Training group wil initially provide training to appropriate Nu clear Plant Operations Department (NPOD) and Nuclear Training Department personnel. This training will be equivalent or similar to the vendor or manufacaturer's training program. Depending on the discipline, this training is expected to last from two to five days involving a combination of classroom, demonstrations/tours, and walk throughs, as appropriate. This training will be completed prior to NPOD assuming operational and maintenance responsibility for the SBDGs from Startup. Retraining will be factored in to appropriate requalification or retraining programs as well as integrated into appropriate apprentice training programs. The goal of the initial and retraining programs is to identify specific job responsibilities and train personnel accordingly thus assuring optimum availability of the SBDG.

Specific personnel are not exclusively dedicated to the SBDGs. The level of education, experience, numbers, and type of personnel assigned to supervision, operation and maintenance is described in

Chapter 13. The criteria stated in Chapter 13 apply to DGs as well as other plant systems and components.

The training, education, experien ce, and staffing of QA personne l is described in Chapter 17.

STPEGS UFSAR Q&R 8.3-28 Revision 15 Question 430.29N

Recent experience with Nuclear Power Plant Class 1E electrical system equipment protective relay applications has established that re lay trip setpoints drifts with conve ntional type rela ys have resulted in premature trips of redundant safety-related system pump motors when the safety system was required to be operative. While the basic need for proper protection for feeders/equipment against permanent faults is recognized, it is the staff's position that total non-availability of redundant safety systems due to spurious trips in pr otective relays is not acceptable.

Provide a description of your circuit protection criteria for safety systems/equipment to avoid incorrect initial setpoint selecti on and the above cited protective relay trip setpoint drift problems.

Response Primary relays and direct acting trip devices at STPEGS are solid state type and thus subject to minimal setpoint drift. The short circuit protection system is analyzed to determine correct setpoints for the protective devices. During preoperation tes ting the protective devices are tested to verify operability at the correct setpoints.

STPEGS UFSAR Q&R 8.3-29 Revision 15 Questions 430.32N

Provide the results of a review of your operating, maintenance, and testing procedures to determine the extent of usage of jumpers or other temporary forms of bypassing functi ons for operating, testing, or maintaining of safety related systems. Identify and justify any cases wh ere the use of the above methods cannot be avoided. Provide the criteria for any use of jumpers for testing.

Response The problems associated with use of jumpers are recognized and administrative controls have been developed to control their use. In general, jumpers and temporary bypasses will only be used in safety-related systems when no other practical means is available to accomplish a necessary operating, maintenance, or testing function. If it becomes necessary to use a jumper or temporary bypass in a safety system, such use will be controlled by approved procedures. Incorporation of the

safeguards test features descri bed in UFSAR Section 7.3.1.2.2.5.4 should minimize such occurrences.

STPEGS UFSAR Q&R 8.3-30 Revision 15 Question 430.35N

In FSAR section 8.3.2.1.3 you indicate that each battery charger is equipped with a DC voltmeter, ammeter, AC failure relay, DC output circuit breaker and DC low voltage alarm relay with the position status of the battery circuit breakers, the DC output circuit breaker of the charger, and the main breakers feeding the charger indicated in the control room and alarmed when off normal. As an optimum we require that the following indications and alarms of the Class 1E DC power system status be provided in the control room:

a) battery charger output current (ammeter) b) battery current (ammeter-charge/discharge) c) DC bus voltage voltmeter d) battery charger output voltage (voltmeter) e) battery high discharge rate ALARM f) DC bus ground alarm (for ungrounded systems) g) battery breaker(s) or fuse(s) open alarm h) battery charger output breaker(s) or fuse(s) open alarm i) battery charger trouble alarm (one alarm for a number of abnormal conditions which are usually indicated locally). Confirm compliance with the above requirements or provide adequate justifica tion for any deviations.

Response See revised Sections 8.3.2.1.1, 8.3.2.1.2, and 8.3.2.1.3. Battery high discharge rate is not alarmed in the control room because the discharge rate of the battery varies with time, so an overcurrent setting on the sensing device cannot be pr ovided without generating nuisance alarms. The proposed DC bus voltage indicator in the control room, supplemented by DC bus undervoltage alarm, provides adequate information to the operator regarding the battery status.

STPEGS UFSAR Q&R 8.3-31 Revision 15 Question 430.37N

Provide a description of the capability of emergency power system battery chargers to properly function and remain stable upon th e disconnection of the battery. Include in the description any foreseen modes of operation that would require battery disconnec tion such as when applying an equalizing charge. State if the stability of the ba ttery charger output is lo ad dependent and if so describe. Additionally discuss the capability of the battery charger to operate all required accident loads assuming the battery is not available. Amend your FSAR accordingly.

Response The Class 1E power system battery chargers are qualified to STP specificati ons with or without a battery connected. Basis is similarity to the battery charger that was tested to document the equipment environmental qualification report.

Powering the switchboard with a battery charger w ith no battery connected during operation is not a design basis, and using the active charger in this manner requires entry into an LCO condition. Examples of conditions under which a charger might be operated withou t a battery connected are: 1) disconnecting the battery to remove or replace a defective cell, 2) service, capacity or discharge testing, or 3) the battery charger (standby charger) load test. Disconnec ting the battery is not required for application of an equalization charge.

No stabilization problems have been encountered on the battery chargers from no load to full load. Amendments #73 and #62 to the facility operating li censes were issued on the basis of demonstrated ability of a single battery charger to maintain opera bility of the affected ch annel at design loading.

The battery chargers were designed to comply with NEMA Standard PV-5-1976.

STPEGS UFSAR Q&R 8.3-32 Revision 15 Question 430.38N

In section 8.3.2.1.6 and 8.3.2.3 you state "The bus s upply breakers of the 13.8 kV auxiliary busses provide the 125 vdc control power from the independent 125 vdc system". Clarify this statement.

Also provide discussion on the capability to transfer from offsite to onsite power or onsite to offsite in sufficient time to prevent fuel damage should 125 vdc control power be lost. Amend your FSAR accordingly.

Response All 13.8 kV breakers are supplied control power from the non-Class 1E 125 vdc bus. The main generator breaker is supplied cont rol power from the non-Class 1E 250 vdc bus. On loss of control power these breakers neither trip nor close but remain in position. The loss of power to the 125 vdc or 250 vdc bus or loss of control power to thes e breakers is indicated in the control room. The aforementioned breakers are capable of being manually operated. The 13.8 kV breakers are the stored energy type using charged springs to provide a minimum of one closing and opening operation upon loss of 125 vdc. The main generator breaker is the stored energy type using compressed air to provide a minimum of one closing and opening operation; the compressor motor is 460 VAC. These stored energy systems can be manually released to open or close the breakers upon loss of 125 vdc.

In the event of loss of offsite power due to the inability to electri cally operate (i.e., loss of the non-Class 1E DC systems) the 13.8 kV and generator ci rcuit breakers, the resp ective ESF bus would be manually isolated and supplied power from its DG. After manually operating the necessary 13.8 kV and/or generator circuit breakers, the offsite power source can be paralleled to the DG and then the breaker to the DG tripped.

Note, this question is no longer appl icable to the referenced sections.

STPEGS UFSAR Q&R 8.3-33 Revision 15 Question 430.39N

Concerning the emergency load sequencers which ar e associated with the offsite and onsite power sources we require that you eith er provide a separate sequencer for offsite and onsite power (per electrical division) or a detailed analysis to demonstrate that there are no credible sneak circuits or common failures modes in sequencer design that c ould render both onsite and offsite power sources unavailable. In addition provide information c oncerning the reliability of your sequencer and reference design detailed drawings.

Response Section 8.3.1.1.4.4 has been revised (in response to NRC Question 430.33N) to provide reliability data for the Engineered Safety Feature(s) (ESF) load sequencers. The following discussion is provided to support the existing system design wh ich utilizes one ESF load sequencer for each redundant Engineered Safety Features Actuation System (ESFAS) channel. On receipt of an safety injection (SI) signal (Mode I), the ESF load sequencer will sequence the equipment required in programmed steps to the preferred (offsite) power source.

On loss of offsite power (LOOP) (Mode II) the ESF load sequencer will initiate the following: (a) Shed all loads on the 4.16 kV ESF bus (except the load center primary breakers). (b) Start the standby diesel generator (DG) and enter it into isochronous mode and the voltage regulator into the automatic mode. Under thes e conditions, all non-critic al protective devices are bypassed as described in Section 8.3.1.1.4.6. (c) Trip the ESF 4.16 kV preferred source (offsite) power supply breaker. (d) Energize the equipment required in programmed steps.

Tripping the offsite power supply br eaker will isolate the Class 1E onsite power system. There is, therefore, no possibility of s ubsequent interaction between the load shed and the offsite power system. After load shed, tripping of the 4.16 kV ESF bus offsite supply breaker and subsequent closing of the DG breaker to th e 4.16 kV ESF bus, the undervoltage relays now monitor the standby (onsite) power supply for an undervoltage occurrence.

No bypass of the undervoltage relays to prevent interaction of offsite power with the shed feature is required because the relays are transferred with the 4.16 kV ESF bus from offsite power (preferred) to onsite power (standby) on LOOP.

STPEGS UFSAR Q&R 8.3-34 Revision 15 Response (Continued)

If a separate sequencer were provi ded so that one could be used to sequence the safety-related loads on offsite power and the other could be used to sequence safety-related loads on onsite power, it would be incorporated as an integral part of the same redundant load group of the existing sequencer.

As a result, the power supplies for the separate sequencing systems would be derived from the same load group power source, and the sequencers would be electrically interco nnected. As such, no independence or significant increase in reliability would be achieved by the addition of another sequencer. The existing design implements the applicable criteria with sufficient assu rance of proper operation independence.

STPEGS UFSAR Q&R 8.3-35 Revision 15 Question 430.74N

Operating experience at two nuclear power plants has shown that duri ng periodic surveillance testing of a standby diesel generator, initiation of an emergency start signal (LOCA or LOOP) resulted in the diesel failing to start and perform its function due to depletion of the starting air supply from repeated activation of the starting relay. This event occurred as the result of inadequate procedures and from a hang-up in engine starting and control circuit logic failing to address a built-in time delay relay to assure the engine comes to a complete stop before attempting a restart. During the period that the relay was timing out, fuel to the engine was blocked while the st arting air was uninhibited. This condition with repeated start attempts depleted starting air and rendere d the diesel generator unavailable until the air system could be repressurized.

Review procedures and control system logic to assure this event will not occur at your plant. Provide a detailed discussion of how your system design, supplemented by procedures, precludes an occurrence of this event. Should the diesel genera tor starting and control circ uit logic and procedures require changes, provide a description of the proposed modifications. (Refer to Request 430.96 for control air requirements) (SRP 8.3.1, Part II and III)

Response HL&P has reviewed the standby diesel control system logics and has determined that the diesel does not have the built-in time delay feature which requires the engine to come to a complete stop before attempting to restart.

STPEGS UFSAR Q&R 8.3-36 Revision 15 Question 430.116N

Section 6.4.2 of IEEE Standard 387-1977 requires, in part , that the load acceptan ce test consider the potential effects on load acceptance after prolonged no load or light load operation of the diesel generator. Provide the results of load acceptance tests or analysis that demonstrates the capability of the diesel generator to accept the design accident load sequence after prolonged no load operation. This capability should be demonstrated over the full range of ambient air temperatures that may exist at the diesel engine air intake. If this capability cannot be demonstrated for minimum ambient air temperature conditions, describe de sign provision that will assure an acceptable engine air intake temperature during no load operation.

Response The diesel generator (DG) specification requires that the DG be capable of r unning at no load for one hour without deterioration of the engine, generator or auxiliaries. In order to enhance the DG availability, the manufacturer recommends that for each 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> of cumulative no load operation, the DG should be run at least 15 minutes at 75 percent or greater load. This is accomplished by manually synchronizing the DG with the offsite power supply and loading to the desired point.

Station operating procedures will be provided to assure that after a 6-hour accumulation of no load and/or light load (less than 50 percent rating) operation, a DG will be operated at a minimum of 75 percent of full load for 15-30 minutes per the manufacturer's recommendations. A one time field test will be performed on a DG du ring which load up to 1 00 percent of continuous rating will be applied immediately following 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> of no load operation.

Response to Q430.102N describes effect of ambient air temperature variations on the DG's capability to carry full load.

STPEGS UFSAR Q&R 8.3-37 Revision 15 Question 430.117N

Loads connected to the DC bus ma y be subject to voltage variations from 105 to 140 volts due to

battery discharge and equalizing ch arge as stated in section 8.3.2.1 of the FSAR. It is the staff position that DC loads be designed and qualified to operate when subjec t to these voltage variations. Describe compliance of STPEGS design to this position for both minimum and maximum voltages.

Response The Class 1E 125 V DC systems are designed such that the loads will operate within the battery and charger voltage range of 105 volts to 140 volts ex cept as stated by note 4 and note 5, below. The following DC system circuit voltage drop criteria are used for the Class 1E distribution system:

Class 1E system vdc Battery to switchboard

1.0 Switchboard

to panel

2.5 Switchboard

to 100 V load 4.0 (1) Switchboard to 90 V load 14.0 (1)(5)

Switchboard to inverter

0.5 Panel

to 100 V load 1.5 (1) Panel to 90 V load 11.5 (1) DC control circuits for sp ecific 4.16 kV breakers 10.0 (2) DC control circuits for specific 480 V breakers (3) All other DC control circuit 20.0 (4) Notes: 1. The loads are defined as motors , solenoids, power supply units, switchgear control power busses, and other equipment control panel control power busses, etc. 2. ESF diesel generator (DGs) breaker s and the bus supply breakers to the 4.16 kV switchgear busses E1A, E1B, and E1C. 3. The allowable voltage drop from the bus to the switchgear shall be the difference between the minimum battery voltage at 2-hour duty cycle (106 vdc) minus the actual voltage drop from the battery to the bus and the actual minimum voltage required by the control equipment (100 vdc) for the bus

supply breakers to the 480 V switchg ear busses E1A1, E1A2, E1B1, E1B2, E1C1, E1C2. 4. All DC control circuits, except thos e listed in notes 2 and 3, which are required to operate only when the battery charger is energized. The battery nominal

float voltage is 130 vdc. 5. The voltage drop for safety-related DC powered AFW regulator valve, FV 7526, is calculated to be 19.3 VDC.

STPEGS will verify that all the 125 vdc Class 1E loads will be capable of operating at the maximum and minimum voltages. In addition all the Class 1E DC equipment will be qualified for operation over the required voltage range.

HISTOR ICAL IN FORM ATION C N-2 792HISTORICAL INFORMATION CN-2792

STPEGS UFSAR Q&R 8.3-38 Revision 15 Question 430.119N

From the statement on battery capacity in Section 8.3.2.1.2 of the FSAR it is implied that power will be available to DC system loads fo r at least two hours in th e event of loss of a ll AC power. After two hours you have assumed that AC power is either re stored or that the em ergency generators are available to energize the battery chargers. Based on the staff's review of recent applications, this period for restoration of AC power appears to be too short. Provide the basis and operational experience data for the assumption that AC power can be restored within two hours. Emergency procedures and training requirements for station blackout events ar e described in generic letter 81-04. Provide a statement of compliance with these generic requirements.

Response It was not the intent in Section 8.3.2.1.2 to refer to a blackout. Th is Section has been revised to delete the word "all" to read: "T he batteries are sized to carry their connected Engineered Safety Feature (ESF) loads for two hours without power flow from the charge rs in the event of loss of AC power". An emergency operating procedure for the loss of all AC power was developed from the Westinghouse Owners Group (WOG) Emergency Response Guideline ECA-0.0, "Loss of All AC Power." Reenergization of specific equipment, as required, is covered in other emergency operating plant procedures. Operations training for all emerge ncy procedures at STPNOC is an intricate part of the plant operations training program. STPNOC is in comp liance with Generic Letter 81.04.

STPEGS UFSAR Q&R 8.3-39 Revision 15 Question 430.120N

Recent experience with nuclear power plant Class 1E motor-operated valve motors has shown that in some instances the motor winding on the valve oper ator could fail when the valve is subjected to frequent cycling. This is primarily due to the lim ited duty cycle of the motor. Provide the required duty cycle of the following valves as it relates to system mode of operation in various events:

1. Steam supply valve to AFW pump turbine (if they are MOVS)
2. Auxiliary feedwater flow control valves
3. RHR heat exchanger valves
4. SI injection valves
5. SI discharge valves
6. Atmospheric dump valves (if they are MOVS) Demonstrate that the availability of the safety systems in the South Texas Project Electric Generating Station design will not be compromised due to the limited duty cycle of the valve operator motors.

Response The following responses correspond to the above valve applications:

1. Steam Supply valve to AFW Pump Turbine The steam supply valve, MS0143 (shown on Fi gure 10.4.9-1), to the auxiliary feedwater pump turbine is a DC motor-opera ted valve. This valve is normally closed and receives an AFW initiation signal (see Section 7.3) to open. Except for periodic testing, the valve remains closed. In the event of an incident requiring AFW initiation, the valve would be opened and remain open until operator action to close it; e.g., to effect isolation in the event of a steam generator tube rupture.

It is qualified for 5000 cycles (open-close-open) over the 40-year life of the plant.

Valve XMS0514 is the turbine trip and throttle valve for the AFW pump turbine, and is also shown on Figure 10.4.9-1. It is a DC motor-operated valve, and is normally open, receiving a confirmatory AFW initiation signal to open during an incident requiring AFW initiation.

Except for periodic testing, the valve remains open and is clos ed only to provide redundant isolation to valve MS0143 discu ssed above. The valve is qualified for 1460 cycles over the 40-year life of the plant.

STPEGS UFSAR Q&R 8.3-40 Revision 15 Response (Continued)

2. AFW Flow Control Valves The AFW regulator valves, FV-7523, FV-7524, and FV-7525, are AC motor-operated valves. The AFW regulator valve in the steam-driven train, FV-7526, is a DC motor-operated valve.

These valves are shown on Figure 10.4.9-1.

Except for periodic testing, these valves are controlled by the Qualified Display Processing System (described in Section 7.5.6) based upon the flowrate in the AFW train. Considering the pressure in the steam generator during the most limiting incident, the AFW regulator valves are jogged 10 full or partial strokes within the first 10 minutes after AFW initiation. The valves will be qualified for this conservative duty cycle. Since this is the most stringent duty requirement, these valves will be modulated less frequently than the cycling rate for which they are qualified.

3. RHR Heat Exchanger Valves The RHR heat exchanger valves are air-operate d valves. Therefore, this question does not apply. 4,5. SI Injection Valves/SI Discharge Valves The safety injection system valves referenced are AC motor-operated ga te valves and are not required to be repetitively stroked during normal or emergency modes of operation. These valves are qualified for 2000 cycl es over the 40-year plant life. 6. Atmospheric Steam Dump Valves The steam generator power-operate d relief valves are electro-hydr aulically actuated valves.

The turbine bypass valves are air-operated valves. Therefore, this question does not apply to these valves.

The above indicated numbers of cycles are the number of cycles the valve is qualified for over the 40-year life of the plant. If the valve's qualified life is shorte r than 40 years, it is qualified for the number of cycles needed during its qualified life. Thus, a valv e qualified for 2000 cycles over 40 years, but having a qualified life of 5 years, is qualified for 1/8 of 2000 cycles, or 250 cycles. Based upon the above information, the duty cycles of these motor-operated valves are adequate for normal operation, required periodic surveillance testing and emergency operation. The availability of safety systems in the South Texas design will not be compromised due to limited duty cycles of valve operator motors.

STPEGS UFSAR Q&R 8.3-41 Revision 15 Question 430.123N

Table 8.3-3 of the FSAR shows step 1 load to be 0 kW as this step only energizes the load center transformers. However, the total running load of step 2 as shown on page 8.3-43 is significantly less than the total step 2 lo ads shown on page 8.3-42. Explain the difference and confirm that the diesel generator is sized for the correct values of loads applied automatica lly in various loading steps and also all the manually applied loads to the diesel generator.

Response There is no conflict in loading steps as deliminated in note "e" of Table 8.3-3 as stated: "The high pressure (HP) valve shown represents a summation of all the motor-operated valves (MOVs) connected to the diesel generator (DG) and this load is assumed to be intermittent. Therefore, it is not being added in the next step." The MOV loads on page 8.3-42 (step

2) are not included on page 8.3-43 (s tep 3), since the valves do not require continued power after their appropriate action is completed. The DG is sized for the correct values of loads which are applied automatically in various loading steps and also for all of the manually applied loads.

This fact is verified by a tran sient voltage response analysis of the DG units (by Generator Manufacturer) to step loads indicated in Table 8.3-3.

STPEGS UFSAR Q&R 8.3-42 Revision 15 Question 430.128N

ESF load sequencer drawing (5Z-10-9-Z-42117) indicates incoming breaker s to 480 volt bus E1A1 and E1A2 are stripped in Mode II and also in Mode III for an emergency trip of the diesel generator and are resequenced for both mode

s. The logic does not show individual 480 volt and 120 volt loads stripped and sequenced. For this design, when the incoming breakers to 480 volt busses E1A1 and E1A2 close when sequenced, all their loads will be energized simultaneously. Confirm that this transient will not cause starting problems to Cla ss 1E loads and all equipment will be energized without being overstressed. Substantiate your answer w ith the analysis results.

Response The Engineered Safety Feature (ESF) Load Sequencer Actuations Train A Logic Diagram Figure 8.3-4 Sheet 2 (9-Z-42117) indicates that in the event that a Loss of Offsite Power (LOOP) condition is recognized, the 460 V Residual Heat Removal (RHR) pump, 460 V Reactor Containment fan cooler (RCFC) fans the 460 V Electrical Auxiliary Buildi ng (EAB) heating, ventila ting, and air conditioning (HVAC) supply air to 480 V Pressurizer Heater Group, and 460 V Essential Chiller are stripped from the Load Center Busses E1A1 and E1A2 and the Load Center 480 V incoming breakers are opened. Upon closing of the Load Center incoming breakers in Load Sequence Step 2, approximately 920 Load kVA (3375 Starting kVA) is energized on the 480 V and 120 V distribution systems. The diesel generator (DG) transient vol tage response analysis shows that the calculated 4.16 kV voltage dip is less than 11 percent for less than a third of a second at the generator terminals. It should be noted that if required, the generato r voltage regulator can be set to provide a generator output voltage as high as 4160 V and 10 percent. The results of the DG transient voltage re sponse analysis will be expanded to verify that voltages at the Class 1E loads are above the minimum voltage rating for satisfactory operation.

STPEGS UFSAR Q&R 8.3-43 Revision 15 Question 430.129N

STPEGS drawing no. 5Z-10-9-Z-42117 indicates five seconds, four seconds and one second time delays in bus strip signal for various conditions. Explain the basic reason for each of these time delays. If the five seconds time delay for Mode III is interlocked as permissi ve with diesel generator breakers closure logic (reference drawing 5Z 9-Z-42121 and STPEGS letter to NRC dated June 25, 1984), then explain why the load stripping is also delayed for five seconds. From the STPEGSs referenced letter, we understood that the five second time delay in the diesel generator breaker closure was after the load strippi ng had taken place and was not to delay the load stripping also for five seconds.

Response The load stripping is not delayed. Figure 8.3-4 Sheet 2 (STPEGS drawing 5Z-10-9-Z-42117) shows that the bus strip signals are pulse signals maintained for a duration of 5 seconds or 1 second (not delayed). The Mode II (or Mode III) signal is in itially not present, satisfying only one-half of the "AND" gate. When the Mode II (or Mode III) signal is generated the "AND" gate is satisfied and the bus strip signal(s) generated. When the time de lay drop out (TDDO) times out, the "AND" gate is no longer satisfied, thus rem oving the bus strip signal and allowing r eclosure of the indi cated breakers.

Thus the bus strip signals are pulsed, rather than delayed, for the times shown.

The bus strip signal pulse for 5 seconds (after a Mode III condition) and the bus strip signal pulse for 1 second (after a Mode II condition) provide positive strip signals to ensure that breakers are tripped before a closure signal is sent.

The second bus strip signal pulse for 1 second (after a coincident LOOP and DG emergency trip following closure of the DG breaker) provides a positive strip signal to ensure that breakers are tripped following a DG emergency trip after its breaker was closed following a Loss-of-Offsite Power (LOOP). Followup actions after a DG emergency trip must be made by the operator; this strip signal ensures that loads have been stripped from the bus. The 4-second TDDO is provided to give positive input to the bus strip signal just described.

Section 8.3.1.1.4.4.3 has been revised to provide a descri ption of the various en tries to Mode III and the automatic features provided for each entry.

STPEGS UFSAR Q&R 8.3-44 Revision 15 Question 430.131N

FSAR Section 8.3.2.1.3 includes various alarms, indications, and meters for the status of various components in the 125 vdc, Class 1E battery system. This section, however, does not include "Battery High Discharge Rate" alarm. In the absence of this alarm, the control room operator will

only know of a discharging battery when he periodical ly checks the battery current indicator or when the battery has sufficiently been discharged to trip the undervoltage alarm. It is, therefore, a good engineering practice to provi de a battery high discharge rate alarm and not take the risk of a partial discharge of the battery before th e operator is alerted of this c ondition. We believe that STPEGS design should include this alarm or justify its omission.

Response Under normal operating conditions the battery is on float charge and the battery chargers supply all required power to the DC distribution switchboard. Any current flow from the battery to the DC distribution switchboard discharges the battery. This current flow is indicated on a meter in the control room. In addition it is alarmed in the control room at a preset level via the Emergency Response Facility Data Acquisition Display System (ERFDADS) comp uter. This alarm alerts the operator to the batter y discharging condition.

STPEGS UFSAR Q&R 8.3-45 Revision 15 Question 430.133N

Response to NRC question 430.30N refers to S ection 8.3.1.1.4.1.1 and Table 8.3-3 of the FSAR. However, these two references include only the AC non-Class 1E loads being supplied from Class 1E buses. The question also requested similar information for DC non-Class 1E loads being supplied from Class 1E buses and should be tripped on receip t of an accident signal. The AC loads included in Table 8.3-3 do not include 120 V AC vital instrument bus loads and any non-Class 1E loads fed from the 120 V AC vital instrument buses that are being shed by an accident signal. Explicitly list all such AC and DC loads.

Response Table 8.3-3 has been revised. The following non-Class 1E loads are tripped in th e event of an Safety Injection (SI) signal.

480 V LC EIA Press HTR Group A 431 kW 480 V LC EIC Press HTR Group B 431 kW 480 V MCC 1A5* (as listed) 156 kW DGB OIL TK RM EXH FAN 1 HP REACTOR CAVITY VENT FAN 11B 40 HP REACTOP SUPPORT EXH FAN 20 HP CRDM VENT FAN 40 HP RHRP 1A MINIFLOW MOV 1.9 HP STBY DG11 AIR COMPR 12 15 HP STBY DG11 AIR COMPR 11 15 HP N1E 125vdc BAT CHRG #2 75 kVA 480 V MCC 1B5* (as listed) 80 kW RHRP 1B MINIFLOW MOV 1.9 HP CRDM VENT FAN 40 HP REACTOR SUPPORT EXH FAN 20 HP DGB OIL TK RM EXH FAN 1 HP STBY DG #12 AIR COMPR 14 15 HP STBY DG #12 AIR COMPR 13 15 HP 480 V MCC 1C5* (as listed) 11O kW RHPP IC MINIFLOW MOV 1.9 HP REACTOR CAVITY VENT FAN 11A 40 HP CRDM VENT FAN 40 HP STBY DG 13 AIR COMPR 16 15 HP STBY DG 13 AIR COMPR 15 15 HP DGB OIL TK RM EXH FAN 1 HP

  • MCC SUPPLY BREAKER TRIPPED STPEGS UFSAR Q&R 8.3-46 Revision 15 Response (Continued)

Distribution Panels (DP) 208/120 V DP A435 9.518 kW Circuits for DG, motors and switchgear (Train A) space heaters 208/120 V DP B435 9.858 kW Circuits for DG, motors and switchgear (Train B) space heaters 208/120 V DP C435 9.858 kW Circuits for DG, Motors and switchgear (Train C) space heaters 120 V DP A335 Branch CKT 1 0.15 kW For ECWIS Equipment space heaters (Train A) 120 V DP B335 Branch CKT 1 0.15 kW For ECWIS Equipment space heaters (Train B) 120 V DP C335 Branch CKT 1 0.15 kW For ECWIS Equipment space heaters (Train C)

Note: The EAB and the control room essential lighting (non-Class 1E) loads are connected to MCC E1A2 and MCC E1C2, through 30 kVA isolation/ distribution transformers which are not stripped from the buses in the event of an SI signal.

Also, electrical heat tracing (non-Class 1E) will be supplied from Class 1E buses through redundant Class 1E thermal magnetic trip devices in series which are not tripped in the event of an SI signal.

There are no non-Class 1E 125 vdc, nor non-Clas s 1E 120 V vital AC loads connected to the Class 1E channel buses.

STPEGS UFSAR Q&R 8.3-47 Revision 15 Question 430.136N

IE Information Notices 83-11 and 84-83 addresse d to holders of opera ting license (OL) and construction permit (CP) reported failure and/or degr adation of batteries at various power plants. This has been attributed to swollen positive plates and/or cracked cases of the battery cells. A seismic event might accelerate the degration of the battery and could cause a common mode failure of the plant DC systems. Confirm that the IE Notices and the concerns therein were evaluated for their impact on the STPEGS design of Class 1E batteries and the seismic capability of its racks.

Response Information Notice 83-11 expresses a concern that old lead-acid storage batteries may fail during a seismic event and cause a common mode failure of plant DC systems. The STPEGS specification for Class 1E lead storage batteries requires the batte ries to be qualified in accordance with IEEE 535-1979. This document requires that the increased seismic vulnerability of old batteries be reflected in a battery's qualified life.

Therefore, this concern has been evaluated and should have no impact on the STPEGS. Information Notice 84-83 expresses concerns of overloading DC busses and solvent induced battery case cracking. STPEGS is continuing the review of the loading to ensure that adequate capacity is maintained.

All STPEGS batteries are sized and designed to carry all loads connect ed to the associated DC bus. The design complies with the recommendation of IEEE 450-1975, having the batteries' capacity at least 125 percent of the load exp ected at the end of their servi ce life. The Class 1E battery manufacturer's (GNB) instruction manual includes a "CAUTION" against the use of solvent as a cleaning agent for plastic battery cells, jars, and battery covers. This manual also includes procedures for cleaning the battery posts.

The concerns contained in Information Notices 83-11 and 84-83 were evaluated and are not applicable to STPEGS.

Retrieved from "https://kanterella.com/w/index.php?title=ML16207A584&oldid=1263781"