ML16341E762
| ML16341E762 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 08/15/1988 |
| From: | NRC |
| To: | |
| Shared Package | |
| ML16341E763 | List: |
| References | |
| NUDOCS 8808240031 | |
| Download: ML16341E762 (26) | |
Text
ENCLOSURE 1
SAFETY EVALUATION REPORT DIABLO CANYON POWER PLANT, UNITS 1 AND 2 COYiPLIANCE WITH ATWS RULE 10 CFR 50.62 DOCKET NOS: 50-275/323
1.0 INTRODUCTION
On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Mater-Cooled Nuclear Power Plants" (known as the ATMS Rule).
The requirements of Section 10 CFR 50.62 apply to all commercial light-water-cooled nuclear power plants.
An ATMS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that is accompanied by a failure of the Reactor Trip System (RTS) to shut down the reactor.
The ATWS Rule requires specific improvements in the design and operation of commercial nuclear power facilities to reduce the probability of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATMS event.
Paragraph (c)( 1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants.
Equipment, diverse from the RTS, is required to initiate the auxiliary feedwater (AFW) system and a turbine trip for ATWS events.
In response to paragraph (c)(1), the Westinghouse Owners Group (WOG) developed a set of conceptual ATWS mitigating system actuation circuitry (AMSAC) designs generic to Westinghouse plants.
MOG issued Westinghouse Topical Report WCAP-10858, "AHSAC Generic Design Package,"
which provided information on the various Westinghouse designs.
=--aap824pps p~ppp275
1,
The staff reviewed WCAP-10858 and issued a safety evaluation of the subject topical report on July 7, 1986 (Ref. 1).
In this safety evaluation, the staff concluded that the generic designs presented in WCAP-10858 adequately meet the requirements of 10 CFR 50.62.
The approved version of the WCAP is labeled WCAP-10858-P-A.
During the course of the staff's review of the proposed AMSAC design, the WOG issued Addendum 1 to WCAP-10858-P-A by letter dated February 26, 1987 (Ref. 2).
This Addendum changed the setpoint of the C-20 AMSAC permissive signal from 70'eactor power to 40% power.
On August 3, 1987, the WOG issued Revision 1 to WCAP-10858-P-A (Ref. 3), which incorporated Addendum 1 changes and provided details on changes associated with a new variable timer and the C-20 time delav.
For those plants selecting either the feedwater flow or the feedwater pump/valve status logic option, a variable delay timer is to be incorporated into the AMSAC actuation logics.
The variable time delay will be inverse to reactor power and will approximate the time that the steam generator takes to boil down to the low-low level setpoint upon a loss of main feedwater (MFW) from any given reactor power level between 40~ and 100Ã power.
The time delay on the, C-20 permissive signal for all logics will be lengthened to incorporate the maximum time that the steam generator takes to boil down to the low-low level setpoint upon a loss of MFW with the reactor operating at 40%
power.
The staff considers the Revision 1 changes to be acceptable.
Paragraph (c)(6) of the ATWS Rule requires that detailed information to demonstrate compliance with the requirements be submitted to the Director, Office of Nuclear Reactor Regulation (NRR).
In accordance with paragraph (c)(6) of the ATWS Rule, Pacific Gas and Electric Company (PGSE) (licensee) provided information by letter dated October 30, 1987 (Ref. 4).
The letter forwarded the detailed design description of the ATWS mitigating system actuation circuitry proposed for installation at the Diablo Canyon Power Plant, Units 1 and 2.
The staff held a conference call with the licensee on December 15, 1987 to discuss their ANSAC design.
As a result of the conference call, the licensee responded to the staff concerns by letter dated March 2, 1988 (Ref. 5).
On March 22, 1988, another conference call was held with the licensee during which isolation devices and their compliance to the requirements of Appendix A of the generic SER (Ref.
- 1) were discussed.
The licensee responded to the isolation device concerns by letter dated April 28, 1988 (Ref. 6).
2.0.
REVIEW CRITERIA The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normallv applied to safety'-related equipment.
However, the equipment required by the ATWS Rule should be of sufficient quality and reliability to perform its intended function while minimizing the potential for transients that may challenge the safety systems, e.g.,
inadvertent scrams.
The following review criteria were used to evaluate the licensee's submittals:
1.
The ATWS Rule, 10 CFR 50.62.
2.
"Considerations Regarding Systems and Equipment Criteria,"
published in the Federal
- Register, Volume 49, No 124, dated June 26, 1984.
3.
Generic Letter 85-06, "guality Assurance Guidance for ATWS Equipment That Is Not Safety Related."
4.
Safety Evaluation of WCAP-10858 (Ref. 1).
5.
WCAP-10858-P-A, Revision 1 (Ref. 3).
3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATWS event are present, the licensee has elected to implement the WCAP-10858-P-A AMSAC design associated with monitoring the steam generator water level and activating the AYiSAC when the water level is below the low-low setpoint.
Also, the licensee wi 11 implement the new time delay (as described in the introduction section) associated with the C-20 permissive con-sistent with the requirements of Revision 1 to the WCAP.
Hany details and interfaces associated with the implementation of the final AYiSAC desigri are of a plant-specific -nature.
In its safety evaluation of WCAP-10858, the staff identified 14 key elements that require resolution for each plant design.
The following paragraphs provide a discussion on the licensee's compliance with respect to each of the plant-specific elements.
1.
~oi vers it The plant design should include adequate diversity between the AHSAC equipment and the existing Reactor Protection System (RPS) equipment.'easonable equipment diversity, to the extent practicable, is required to minimize the potential for common-cause fai lures.
The licensee has provided information to confirm that the microprocessor-based ANSAC logic circuits will be diverse from the discrete digital logic circuits of the RPS in the areas of design, equipment, and manufacturing.
Where similar types of components are used, such as relays, the=ANSAC will utilize an output relay of a different make and manufacturer.
2.
Logic Power Su lies Logic power supplies need not be Class 1E, but must be capable of performing thc required design functions upon a loss of offsite power.
The logic power must come from a power source that is independent from the RPS power supplies.
The licensee has provided information verifying that the logic power supplies selected for the Diablo Canyon AMSAC logic circuits will provide the maximum available independence from the RPS power supplies.
The AYSAC will be powered from nonsafety-related power supplies which will be independent of the RPS and capable of operating upon a loss of offsite power.
3.
Safet -Related Interface The implementation of the ATl!S Rule shall be such that the existing RPS continues to meet all applicable safety criteria.
The proposed Diablo Canyon AMSAC design interfaces at its input with the existing Class 1E circuits of the steam generator water level instrumentation and turbine first-stage impulse pressure instrumentation.
At its output, the AYiSAC will interface with the Class lE circuits of the AFM pumps.
Connections to these Class 1E circuits will be made through the use of approved Class IE isolation devices.
The licensee has confirmed to the staff that the existing safety-related criteria that are in effect at the Diablo Canyon plants and described in the FSAR Update Section 3. 10 will continue to be met after the implementation of AMSAC, (i.e., the RPS will perform its safety functions without interference from AMSAC).
Refer to Item 9 for further discussion on this issue.
The licensee is required to provide information regarding compliance with Generic Letter (GL) 85-06, "equality Assurance for ATRS Equipment That Is Not Safety Related."
The criteria of the NRC quality assurance guidance (GL 85-06) were reviewed bv the licensee.
The licensee stated that the quality assurance practices at the Diablo Canyon plant, as applicable to nonsafety-related AMSAC equipment, comply with the guidance of GL 85-06.
5.
Maintenance B
asses Information showing how maintenance at power's accomplished should be provided.
In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the control room.
The licensee provided information showing how maintenance will be accomplished at power.
The staff was informed that maintenance at power will be performed by inhibiting the operation of AMSAC's output relays which wi 11 block the output signal and thus, prevent it from reaching the final actuation devices.
The continuous indication of bvpass status wi 11 be provided in the main control room through the use of status lights and annunciation.
This indication will be installed consistent with the human-factors guidelines in effect at the plant.
6.
0 eratin B
asses The operating bypasses should be indicated continuously in the control room.
The independence of the C-20 permissive signal should be addressed.
The licensee has provided information stating that an AMSAC operating bypass (C-20) will be used to enable the operators to bring the plant up in power during startup and to avoid spurious AMSAC actuations at power levels below 40> reactor power (the C-20 setpoint).
Above 40%
reactor power, the C-20 wi 11 automatically arm the AMSAC logic.
Upon the loss of the C-20 input (turbine impulse pressure signal), the
C-20 permissive signal will be maintained for a period of time consistent with Revision 1 to WCAP-10858-P-A.
The licensee has determined that the time delay will be sufficient to ensure that AMSAC will perform its function in the event of a turbine trip (loss of load ATWS).
The C-20 permissive signal will originate from existing first-stage turbine impulse chamber pressure sensors.
This signal will be taken downstream from qualified isolators and thus will not interfere with the RPS.
The operating bypass will be indicated continuously in the control room via annunciation and status lights whenever it arms or enables the AMSAC.
This indication will be consistent with the accepted human-factors guidelines in effect at the plant.
- 7. M~fB The means for bypassing shall be accomplished by using a permanently installed, human-factored, bypass switch or similar device.
Disallowed methods for bypassing mentioned in the guidance should not be utilized.
The licensee's response stated that a key-locked control switch will be used, for the bypass function.
The disallowed methods for bypassing, such as lifting leads, pulling fuses, blocking relays, tripping breakers, will not be used.
The bypass switch will be located on the ANSAC Test/Yiaintenance panel.
The licensee has conducted a human-factors review of the AMSAC maintenance,
- test, and bypass controls and indications consistent with the plant's detailed control room design process taking into account the applicable human factors considerations described in NUREG-0700.
8.
Manual Initiation Manual initiation capability of the AMSAC mitigation function must be provided.
In the plant-specific submittal, the licensee discussed how manual turbine trip and auxi liary feedwater actuation are accomplished by the operator.
In summary, the operator can use existing manual controls located in the control room to perform a turbine trip and to start auxiliary feedwater flow should it be necessary.
These manual start procedures are outlined in the Diablo Canyon Emergency Procedure FR-S.l, "Response to Nuclear Power Generation/ATVS."
- Thus, no additional manual initiation capability is required as a result of installing the AMSAC equipment.
9.
Electrical Inde endence From Existin Reactor Protection S stem Independence is required from the sensor output to the final actuation device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolators.
The licensee discussed how electrical independence is to be achieved.
The proposed design requires isolation between the non-Class 1E ANSAC and the Class IE circuits associated with the steam generator (SG) level signals, the turbine first stage impulse chamber pressure
- signals, and the AFM pumps.
The licensee has informed the staff that the required isolation will be achieved using electrical isolation devices that have been qualified and tested to Class 1E e'lectrical equipment requirements.
In addition, the isolators will be tested as described in Appendix A to the Safety Evaluation (Ref. 1).
The data and information required by Appendix A is to be compiled by the licensee and should be available for review during a
subsequent site audit in accordance with Temporary Instruction 2500/20 (Ref. S).
10.
Ph sical Se aration From Existin Reactor Protection S stem The implementation of the ATVS mitigating system must be such that the separation criteria applied to the existing RPS are not violated.
7
~
The licensee stated that the AMSAC circuitry will be physically separated from the RPS circuitry.
The licensee has further stated that the cable routing will be ind'ependent of protection system cable routing and that the ATMS equipment cabinets will be located so that there will be no interaction with the protection system cabinets.
The licensee also stated that the RPS design will continue to meet the separation criteria originally established for the Diablo Canyon plants during initial plant licensing, and that the RPS will not be compromised as a result of the ANSAC installation and implementation.
I i
1 II The plant-specific submittal should address the environmental qualification of ATHS equipment for anticipated operational occurrences.
The licensee stated that AMSAC mitigation equipment will be located 'in areas of the plant that are considered to be a mild environment.
The licensee also stated that the equipment will be environmentally qualified for anticipated operational occurrences that might occur associated with the respective equipment locations.
12.
Testabi litv at Power Measures to test the ATMS mitigating system before installation, as well as periodically, are to be established.
Testing may be performed with the system in the bypass mode.
The testing from the input sensor through to the final actuation device should be performed with the plant shut down.
The licensee stated that the ATWS mitigative system will be tested prior to installation and will be subjected to a post installation startup test prior to operation.
The system will be tested periodically during the life of the plant.
These periodic tests will consist of at-power tests
)
and end-to-end tests.
The at-power tests will be performed on a
quarterly basis or as required to assure system availability.
The testing capability consists of a series of overlapping tests which can be performed with the ANSAC output actuation devices bypassed.
These tests will verify analog channel
- accuracy, setpoint (bistable trip)
- accuracy, coincidence logic operation, and operation and accuracy of all timers.
The end-to-end test of the AMSAC system, including the AMSAC outputs through to the actuation devices, wi 11 be performed approximately every 18 months which is consistent with current refueling cycles as defined in Diablo Canyon's Technical Specifications.
The bypass Gf the AMSAC output actuation devices will be accomplished through the use of a permanently installed bypass switch, which negates the need to lift leads, pull fuses, trip breakers, or physically block relays.
Status outputs to the main control board, indicating that a
general warning condition exists with AMSAC, will be initiated when the system's outputs are bypassed.
Plant procedures will be used to test the AMSAC circuitry and outputs.
These procedures will ensure that AMSAC is returned to service when testing is complete.
i3.
~C1 i
Etiam i
i A
The licensee is required to verify that (1) the protective action, once initiated, goes to completion and (2) the subsequent return to operation requires deliberate operator action.
The licensee responded that the system design wi 11 be such that AMSAC is consistent with the circuitry of the auxiliary feedwater and turbine trip control systems, as well as.the steam generator blowdown isolation and sampling valve isolation systems.
.Once initiated, the design will ensure that protective action goes to completion.
Deliberate operator action will then be required to override the actuation signals and return the final actuatior. devices to normal operation.
)
14.
Technical S ecifications The plant specific submittal should address technical specification requirements for AMSAC.
The licensee responded stating that no technical specification action is proposed with respect to the AVSAC and that normal administrative controls are sufficient to ensure AMSAC operability.
The equipment required by the ATWS Rule to reduce the risk associated with an ATWS everst must be designed to perform its functions in a reliable manner.
A method acceptable to the staff for demonstrating that the equipment satisfies the reliability requirements of the ATVS Rule is to provide limiting conditions for operation and surveillance requirements in the technical specifications.
In its Interim Commlission Policy Statement of Technical Specification improvements for Nuclear Power Plants
[62 Federal
~Re ister 3788, February 6, 1987], the Commission established a specific set of objective criteria for determining whi ch regulatory requirements and operating restrictions should be included in technical specifications.
The staff is presently reviewing ATWS requirements to criteria in this Policy Statement to determine whether and to what extent technical specifications are appropriate.
Accordingly, this aspect of the staff review remains open pending completion of, and subject to the results of, the staff's further review.
The staff will provide guidance regarding the technical specification requirements for AMSAC at a later date.
4.0 CONCLUSION
The staff concludes, based on the above discussion and subject to final resolution of the technical specification issue, that the AMSAC design proposed by Pacific Gas and Electric Company for the Diablo Canyon Power Plant, Units 1
and 2, is acceptable and is in compliance with the ATWS Rule, 10 CFR 50e62, paragraph (c)( 1).
The staff's conclusion is further subject to the satisfactory
)
completion of isolation device qualification testing to which the licensee has committed.
It is the staff's position that the AMSAC should not be declared operational prior to the successful qualification of the electrical isolation devices in accordance with Appendix A to the staff's SER (Ref. 1).
Until staff review is completed regarding 'the use of technical specifications for ATRS requirements, the licensee should continue with the scheduled installation and implementation (planned operatioh) of the ATRS design utilizing administratively controlled procedures.
A
'P
5.0 REFERENCES
- Letter, C E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986.
2.
- Letter, R. A. Newton (WOG) to J.
Lyons (HRC), "Westinghouse Owners Group Addendum 1 to WCAP-10858-P-A and WCAP-11233-A:
AMSAC Generic Design Package,"
February 26, 1987.
3.
- Letter, R. A. New'ton (WOG) to J.
Lyons (NRC), "Westinghouse Owners Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, AYSAC Generic Design Package,"
August 3, 1987.
4.
Letter, J.
D. Shiffer (PGKE) to U. S.
- NRC, "Diablo Canyon Units 1 and 2, Plant-Specific AMSAC Design," October 30, 1987.
5.
Letter, J.
D. Shiffer (PGKE) to U.S.
NRC, "Diablo Canyon Units 1 and 2, "Additional Information on the AMSAC Design for DCPP,"
Viarch 2, 1988.
6.
Letter, J.
D. Shiffer (PGP.E) to U.S.
NRC, "Diablo Canyon
,Units 1 and 2, Additional Information on AYiSAC Isolation Devices,"
April 28, 1988.
7.
Temporary Instruction 2500/20, "Inspection to Determine Compliance with ATWS Rule, 10 CFR 50.62," February 9, 1987.
k 1
4'+