ML16341B456
| ML16341B456 | |
| Person / Time | |
|---|---|
| Site: | Crane  |
| Issue date: | 09/04/1979 |
| From: | Basdekas D NRC - NRC THREE MILE ISLAND TASK FORCE |
| To: | Ahearne J NRC COMMISSION (OCM) |
| Shared Package | |
| ML16341B457 | List: |
| References | |
| TASK-TF, TASK-TMR NUDOCS 8012110042 | |
| Download: ML16341B456 (4) | |
Text
~
~g ltCCy~
o
+a**+
t UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON. O. C. 20555 SEP 4
}97g MEf10RANDVM FOR:
Corrnrissioner John F. Ahearne FROM:
SUBJECT:
Demetrios L. Basdekas Experimental Fast Reactor Safety Research Branch SAFETY IHPLICATIONS OF CONTROL SYSTEMS AND PLANT DYNAMICS The purpose of this memorandum is to expand on our discussion of the subject safety issue, and recorrmend what should be done to properly address it.
As I poiated out during our telephone discussion last Friday, this issue is not new The enclosed updated comparative listing sent to the Commissioners on Viay*25, 1979, and the subsequent correspondence with ACRS (copies enclosed) indicate a growing awareness and appreciation of the problem, but only marginally so.
Some aspects of it have been receiving staff attention associated with Unresolved Safety Issue f9, System Interactions in Nuclear Power PIants, Task A-17.
However, the most important link of interaction between the Reactor Protection System and Engineered Safety Features
- Systems, on one hand, and the various Control Systems on the other, the dynamics of
'the process itself, which is monitored or controlled, is not included in the A-17 re 1 ated wor k.
It is the dynamic characteristics of the various processes, (neutronic,
(
thermal, hydrodynamic, and hydrostructural) that must govern the design,
- analysis, and testing of their associated control systems.
The design criteria should include things such as damping ratios, frequency response characteristics, phase and gain margins, and experimental verification of their stability and performance by in-situ measurements.
Such design criteria do not exist in NRC's regulations.
Me do not properly review the adequacy of control
- systems, nebulous statements in Sect~ on 7. 7 of the Standard Review Plan and NUREG-0578 not withstanding.
Presently, the most likely way to find out what, if anything, is wrong with a control system's design is for something wrong to happen.
Certainly this is not the correct approach to safety.
I believe that this important lesson from THI has not been adequate1y learned.
j)uW 0
<o~a'ilo~ l~
goGKESo ushtho 2
FEB 17)98) i Office of the Secret Docketing & Service Irr ""g
Coam1ss1oner John OAhearne SEP 4
1979 I propose that the following be done as soon as possible:
A Failure Mode and'Effects Analysis (FLEA) of the control systems f<<
each plant operating or under licensing review.
This may be accomplished by a generic FMEA by each NSSS vendor/AE team supplemented by each licensee/applicant to cover design features unique to each plant.
However, this can only achieve part of the ob>ective <<
finding design faults in that it will not be possible to cover all dynamic aspects of'control systems and plant processes.
BSM submitted such a report on August 17, 1979.
Any NSSS Vendors who have not submitted such an FMEA should be asked to do so as soon as possible.
A risk assessment of Control System failures and interactions, including their as designed operation during transients should be performed using risk assessment methods similar to those developed in the HASH-1400 related effort and its subsequent redirection.
This should be preceeded by extensive 'effort for the development of the analytical and experimental tools suitable for the analysis, synthesis and testing of control systems.
2.
3.
4, 5.
6.
Establishment of design criteria for control systems.
This may be accomplished by ammending 10 CFR Part 50, Appendix A, and issuing Regulatory Guide(s) as needed.
Establishment of requirements for analytical design methods and in-situ measurements for design, installation, and performance verification.
Revision of the Standard Review Plan to include the requirement of detailed review of control systems, and plant dynamics.
Training of technical review personnel in modern control theory and applications, in addition to the acquisition of highly trained and experienced control system professionals.
Derating of all unreviewed operating nuclear power plants to about 65~ of rated power until, at least, a preliminary review of the control systems has been performed.
This review should include an FMEA and a
rigorous audit of the design and.installation methods of control systems.
r I believe that this action ~nuld offer a reasonable assurance, under the circumstances, that critical parameters would remain within a safe envelope, even if some control systems may not be properly designed or installed, and an operator act'ion may compound or initiate a transient.
Recent