ML17228B424
| ML17228B424 | |
| Person / Time | |
|---|---|
| Site: | Saint Lucie  |
| Issue date: | 03/19/1996 |
| From: | Norris J NRC (Affiliation Not Assigned) |
| To: | Plunkett T FLORIDA POWER & LIGHT CO. |
| References | |
| TAC-M74473, TAC-M74474, NUDOCS 9603220169 | |
| Download: ML17228B424 (42) | |
Text
Narch 19, 1996 Hr. Thomas F. Plunkett President - Nuclear Division Florida Power and Light Company Post Office Box 14000 Juno
- Beach, Florida 33408-0420
SUBJECT:
REQUEST FOR ADDITIONAL INFORMATION (RAI) ON ST.
LUCIE PLANT, UNITS 1
AND 2, INDIVIDUALPLANT EXAMINATION (IPE)
SUBMITTAL TAC NUMBERS H74473 AND H74474
Dear Hr. Plunkett:
As a result of our ongoing review of the St. Lucie Units 1 and 2
IPE submittal, we have determined that we need additional information.
The Enclosure contains the detailed questions.
The RAI is related to the internal event analysis in the IPE including the accident sequence core damage frequency analysis, the human reliability analysis, and the containment performance analysis.
We request that you provide written responses to the RAI within 60 days of the receipt of this letter.
This requirement affects nine or fewer respondents and, therefore, is not subject to the Office of Management and Budget review under P.L.96-511.
Sincerely, (Original Signed By) tt Jan A. Norris, Sr. Project Manager Project Directorate II-l, Division of Reactor Projects
-, I/II Office of Nuclear Reactor Regulation Docket Nos.
50-335 and 50-389
Enclosure:
As stated cc w/enclosure:
See next page FILENAME G: i74473RAI. I OFFICE LA:PDI I-1 D: PDI I-1 Distribution Docket File,'UBLIC PDII-l, RF SVarga'-
JZwolinski OGC ACRS il II It NAME EDunnin on NoNr s EImbro ~
COPY Ye No DATE 03 /8 96 03 H 96 Ye No 03 /
96 Yes OFFICIAL RECORD COPY 9603220169 9'603'L9 PDR ADQCK 05000335 V
>EiSC tRiLK CMT~ ~Pl aP'
0 1(
4 h
l F
~I f
~
LI I
11 I
f
(
T
'f I
I
'4 l
C I
EP,R 8500
~o Cy ClO
~O
++*++
~
~
UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555<001 March 19, 1996 Hr.
Thomas F. Plunkett President Nuclear Division Florida Power and Light Company Post Office Box 14000 Juno
- Beach, Florida 33408-0420
SUBJECT:
REQUEST FOR ADDITIONAL INFORMATION (RAI) ON ST.
LUCIE PLANT, UNITS 1
AND 2, INDIVIDUALPLANT EXAHINATION (IPE)
SUBMITTAL TAC NUMBERS H74473 AND H74474
Dear Hr. Plunkett:
As a result of our ongoing review of the St. Lucie Units 1 and 2
IPE submittal, we have determined that we need additional information.
The Enclosure contains the detailed questions.
The RAI is related to the internal event analysis in'the IPE including the accident sequence core damage frequency analysis, the human reliability analysis, and the containment performance analysis.
Me request that you provide written res'ponses to the RAI within 60 days of the receipt of this letter.
This requirement affects nine or fewer respondents and, therefore, is not subject to the Office of Management and Budget review under P.L.96-511.
Sincerely, Docket Nos.
50-335 and 50-389
Enclosure:
As stated cc w/enclosure:
See next page Jan A. Norris, Sr. Project Manager Project Directorate II-1 Division of Reactor Projects - I/II Office of Nuclear Reactor Regulation
Mr. T. F. Plunkett Florida Power and Light Company St. Lucie Plant CC; Jack Shreve, Public Counsel Office of the Public Counsel c/o The Florida Legislature 111 West Madison Avenue, Room 812 Tallahassee, Florida 32399-1400 Senior Resident Inspector St. Lucie Plant U.S. Nuclear Regulatory Commission 7585 S.
Hwy AlA Jensen
- Beach, Florida 34957 Joe Myers, Director Division of Emergency Preparedness Department of Community Affairs 2740 Centerview Drive Tallahassee, Florida 32399-2100 J.
R.
Newman
- Morgan, Lewis
& Bockius 1800 M Street, N.W.
Washington, DC 20036 John T. Butler, Esquire
- Steel, Hector and Davis 4000 Southeast Financial Center
- Miami, Fl orida 33131-2398 Mr. Thomas R.L. Kindred County Administrator St. Lucie County 2300 Virginia Avenue Fort Pierce, Florida 34982 Mr. Charles
- Brinkman, Manager Washington Nuclear Operations ABB Combustion Engineering, Nuclear Power 12300 Twinbrook Parkway, Suite 330 Rockville, Maryland 20852 Mr. Bill Passetti Office of Radiation Control Department of Health and Rehabilitative Services 1317 Winewood Blvd.
Tallahassee, Florida 32399-0700 Regional Administrator, Region II U.S. Nuclear Regulatory Commission 101 Marietta Street, N.W. Suite 2900 Atlanta, Georgia 30323 H. N. Paduano, Manager Licensing 5 Special Programs Florida Power and Light Company P.O.
Box 14000 Juno
- Beach, Florida 33408-0420 D. A. Sager, Vice President St. Lucie Nuclear Plant P. 0.
Box 128 Ft. Pierce, Florida 34954-0128 J. Scarola Plant General Manager St. Lucie Nuclear Plant P.O.
Box 128 Ft. Pierce, Florida 34954-0128 Mr. Kerry Landis U.S. Nuclear Regulatory Commission'01 Marietta Street," N.W. Suite 2900 Atlanta, Georgia 30323-0199,
/
i
Level I guestions t
I St.
Lucie Nuclear Power Plant, Units I 8
2 Individual Plant Examination (IPE) Review Request for Additional Information (RAI)
The submittal is not clear about whether plant changes due to the station blackout rule were credited in the analysis.
Please provide the following information:
(a)
Describe whether plant changes (e.g.,
procedures for load
- shedding, AC power) made in response to the station blackout rule were credited in the IPE and which specific plant
'hanges were credited.
(b)
If available, state the total impact of these plant changes on the total plant core damage frequency (CDF) and on the CDF involving station blackout (i.e., reduction in total plant CDF and station blackout COF).
(c)
(d)
If available, provide the impact, of each individual plant change to the total plant CDF and the station blackout CDF (i.e., reduction in total plant CDF and station blackout CDF).
Describe any other changes to the plant that are separate from those strictly in response to the station blackout rule, that nonetheless may reduce the station blackout CDF.
In addition, please:
(i) discuss whether these changes are implemented or planned, (ii) whether credit was taken for these changes in the
2.
A plant procedure enhancement/modification is described in the submittal which involves assuring adequate makeup to the Unit I condensate storage tank (CST) in certain scenarios.
It is not clear if this enhancement has actually, been implemented and whether it has been credited in the IPE model.
Please provide the following information:
(a)
The status of this improvement, i.e., whether the imp~ovement has actually been implemented
- already, is planned (with scheduled implementation date),
or is under evaluation.
(b) Whether the improvement was credited in the reported CDF.
(c) If available and depending on the answer to (b), either the reduction to the CDF and/or the conditional containment failure probability that would be realized from this plant improvement if the improvement were to be credited, or the increase in the CDF or
'the. conditional containment failure probability if the credited improvement were to be removed.
There are a number of differences between Unit I and Unit 2, which seem to favor Unit 2 for achieving a successful response to an anticipated transient without scram (ATWS) event.
For example, Unit 2 spends much less time in the regime where the moderator temperature coefficient is more positive than the critical value for reactor coolant system (RCS) failure (5X of the time for Unit 2 vs.
25X for Unit I, according to the submittal).
In addition, the condensate storage tank of Unit I needs to be replenished, whereas that of Unit 2 is of sufficient size so that makeup is not needed within the mission time.
Therefore, it is not clear why the ATWS contribution is so much higher at Unit 2 than at Unit I (1.8E-6/yr vs. 4.E-7/yr).
Please discuss the differences between units and their impact on the ATWS contribution to the CDF of each unit.
Please discuss the status and modeling of shared and cross-connected systems when one of the units is in shutdown.
Are these systems available, and if not, how is that accounted for in the model?
The following question concerns modeling of the emergency power system and loss of offsite power events.
Please answer the following:
(a)
(b)
(c)
The submittal states that it is possible to cross connect emergency power within a unit and between the units, such that one emergency diesel generator (EDG) can feed the safety loads on both units or can feed both electrical divisions on one unit, and that this is done under "strict administrative controls."
Is it possible that, in attempting to cross connect emergency power either within one unit or between the units, an operator error (either of omission or commission) could lead to a blackout on either unit or both units?
Please discuss if such events are credible and how they were modeled if they are.
Please provide the power recovery curve used in your
analysis and, if it differs significantly from the Nuclear Safety Analysis Center (NSAC) power recovery curve, please justify values used..
For the loss of grid event, has the possibility of common cause failure of all four diesel generators been considered (i.e. both units will have a blackout)?
Was the 8 value of 0.05 used for this case also?
(d)
For the loss of grid event, was the case where one unit may be shut down with one or both diesel generators in maintenance been considered (the breakers used for, tying the units during a blackout could also be in maintenance)?
How was this modeled?
(e)
While the loss of grid initiating event frequency seems reasonable, it is not clear why the "generic" value is used, especially when one considers the relative frequency of severe weather phenomena at the St.
Lucie site (and on the FPL grid).
3 Please provide the plant-specific (or grid-specific) data for this frequency, if available, or provide the bases for using the generic data.
(g)
It seems that the T4 initiator, "loss of offsite power,"
includes switchgear related losses of offsite power, as opposed to the "loss of grid" initiator, which would include the grid-related and weather-related initiators.
If so, it is not clear why (i) the initiating event frequency of T4 is so small (orders of magnitude smaller than at other plants),
(ii) why it cannot involve both units, and (iii) why it cannot affect both electrical divisions in one unit.
Please discuss what kind of events are included in this initiator, what failures contribute to it, how its impact is modeled in the event trees and fault trees, and provide the answers to (i), (ii) and (iii) above.
It is stated in the submittal that plant-specific data (i.e.,
no Bayesian updating) were used for the diesel generator failure to start, while generic data were used for the diesel generator failure to run.
For most other components with a plant-specific history, Bayesian updating was used.
While the failure to run rate is reasonable (2.54E-3/hr with an error factor of 10.0),
the demand failure rate to start is low (8.26E-3/demand compared to a NUREG/CR-4550 value of 3.0E-2/demand) and the error factor is exceedingly small (1.60),
expressing a high confidence in this failure rate.
The generic data for diesel generators indicated in the submittal show a failure to start of 1.76E-2/demand and an error 'factor of 5 (presumably this comes from the Science Applications International Corporation (SAIC) database).
Since the loss of grid event is a significant contributor to the CDF (about 20X) and the emergency power system has a relatively high Fussell-Vesely importance (25X) the data used for diesel generator failure will have a significant impact on the results, and therefore on plant-specific insights to be derived from the IPE process.
Also, the sensitivity analysis (page 3.7-16),
indicates that CDF results are relatively sensitive to the EOG failure data (a factor of 10 increase in EDG failure rate results in a 260X increase in the COF).
Plant-specific experience with the diesels should be relatively scarce (less than 6 years with either unit, less than 12 years overall).
Please explain why the diesel generators were treated differently than other plant-specific components (i.e.,
why no Bayesian updating was used),
and discuss the bases for the failure rate to start value and for the small error factor associated with it.
If these numbers need revising, please provide an estimate of the impact of the revision on the important sequences and the total CDF.
(h)
Some other electrical power system components used plant-specific data without Bayesian updating (4kV circuit breakers failure to operate, battery charger no output).
While the failure rates seem reasonable, the error factors are again extremely small (1.5).
Please provide the bases for such error factors.
It is stated in the submittal that the station batteries have a depletion time of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, if load sheddin is accom lished within one hour following a station blackout.
What is the battery lifetime if no load shedding is accomplished and how is this modeled'hat are the operator failure rates used for load shedding and what is the. basis7.
If the possibility of no load shedding is not considered in.
the model, please provide the basis for omitting it and, if available, the impact of the omission on the results'.
It is not clear from the submittal if local turbine-driven ';
auxiliary feedwater (AFW) pump control is modeled.
It. is.
stated that the Unit 2 turbine-driven auxiliary feedwater.,
(TDAFW) pump has mechanical controls (i.e.,
no DC power is needed),
but that the governor speed must be set manually, locally.
Are there any environmental concerns in certain types of events that would preclude such action, and how is this modeledf For Unit 1, is local operation of the TDAFW pump after battery depletion credited, what are the human error probabilities (HEPs)
- used, and what is their basis?
There is a certain probability that an initiator other than a loss of grid or loss of offsite power, will lead to a
demand for the emergency power system, due to failure to successfully transfer to startup transformers.
Please provide a discussion as to how this was considered, or the basis for screening this event from consideration.
If an adjustment is necessary in your model, please provide an estimate of the impact on the CDF and on the important sequences.
The following questions concern the reactor coolant pump (RCP) seals:
(a)
The description of the chemical and volume control system (CVCS) in Appendix 8 indicates that the CVCS provides RCP seal injection.
- However, in the IPE discussion of seal cooling, only component cooling water (CCW) cooling of thermal barriers and other seal components is mentioned.
Please describe the actual means used to cool the seals in the plant, and compare this with the model used in the IPE analysis for seal cooling.
Ca I
(b)
The submittal does not seem to consider spurious RCP failure to be a credible event (i.e.,
as a contributor to the small-small loss-of-coolant accident (LOCA)).
Small-small LOCA is a major contributor to the CDF at both St.
Lucie units (about 30X contribution to the CDF),
and therefore the value chosen for the initiating event frequency is important.
The explanation given in the submittal is that "there have never been RCP seal failures at CE plants."
However, there have been RCP seal failures involving Byron-Jackson seals (e.g.,
the ANO-I event).
Please provide the basis for not considering this initiating event, and, if available, provide the impact on the CDF and the important sequences if it is considered.
7.
This question concerns modeling of the power-operated relief valve (PORV):
(a)
In section 3.1.1.4 of the submittal, the values for PORV challenge probabilities based on an NRC study are characterized
'as overly conservative.
Please provide the actual values used in the IPE for the three types of events discussed (reactor trip, loss of offsite power and loss of condenser dump/atmospheric dump) and the bases for these values.
(b) Please discuss the reasons why the technical specifications require one Unit 2 block valve to be closed during normal operation, 8.
The following question concerns data:
(a)
(b)
(c)
Please provide the bases for the small error factors used for plant-specific component failure data (between l.'4 and 2.6, for most'omponents in Table 3.3-3).
In your search for vulnerabilities, it is important that plant-specific information be included wherever possible.
It is not clear if this was accomplished with respect to plant-specific failure rates.
As an example, there are many air compressors on site, yet there does not seem to be any plant-specific data available on air compressors from the 12-year data gathering period.
Please discuss why only a relatively few components, relative to the number of types of components that were analyzed for plant-specific data (Table 3.3-2}, are actually assigned plant-specific failure data (Table 3.3-3).
Please do not limit your discussion just to the air compressors mentioned
- above, but include all the components in Table 3.3-2.
One would expect considerable variation in design, environment, flow rates, etc.
among various types of motor-driven pumps, and therefore they should have different failure rates.
Please provide the rationale for using a
generic "motor driven pump" category for the failure data,
0 Ca
but distinguishing among various types of motor-driven pumps (e.g.,
CCW vs. high-head safety injection (HHSI)) in the common cause data.
(d)
(e)
(g)
Please provide the bases for apparently not modeling common cause failure of air compressors (see Table 3.3-6), either within one unit or across both units.
Also provide the reason why no plant-specific data exist for the compressor failure rate, despite a multitude of compressor units on site.
In addition, the generic data used for compressor failure rates is about an order of magnitude lower than that suggested in NUREG/CR-4550.
Please provide the bases for the compressor failure data
- used, or an estimate on the impact on the CDF and important sequences if an adjustment is necessary.
The intake cooling water (ICW) pump 8 factor is lower than that for most other pumps (0.03).
Please explain how the use of salt water in the 'ICW system affects the common cause data and the failure data and how this is accounted for in the IPE analysis.
Please clarify if common cause failure of all three AFW pumps (two motor-driven and one turbine-driven) was considered in the IPE analysis.
This would account for dependent failures of pumps themselves rather than failure of the pump drivers.
If such a
common cause failure was not considered, please justify this omission.
In addition to the components listed in Table 3.3-6, the following components can also experience common cause failures:
circuit breakers, PORVs, inverters,
- relays, switches, transmitters, solenoid valves.
Please provide the bases for screening such components from common cause considerations.
(h)
The generic data in the IPE for the turbine-driven pump failure to run is about two orders of magnitude lower than that in NUREG/CR-4550.
The AFW system is relatively important and the IPE results could be significantly affected by the data used for the turbine-driven pumps.
Please provide the bases for using this number, or provide an estimate of the impact on the dominant accident sequences and the CDF of using the NUREG/CR-4550 number.
The following questions concern the treatment of initiating events:
(a)
The LOCA frequencies seem small (1.42E-3, 4.06E-4, and 2.66E-4 for small-small, small and large, respectively).
The corresponding NUREG/CR-4550 categories would have frequencies of 1.4E-2, I.E-3 and 5.E-4, respectively (these are for events defined as very small and small
As LOCAs
41
(b)
(c) 7 contribute about 50X to the COF at either of the units, and since one of the goals of the IPE process 'is -understanding the risk profile of the plant, the initiating event frequencies used are important., Please provide the bases for the initiating event frequencies used for LOCAs, or, if any adjustment is necessary, the impact on the CDF results and on the important core damage sequences.
Please also refer to the related question on RCP seal'OCAs.
Please provide the bases for using a generic number for loss of a DC bus, a 4kV bus or a 6.9kV bus (a value of 3.94E-4 is used for all three).
As one of the goals of the IPE process was to understand the plant-specific risk profile and uncover any vulnerabilities, please explain why plant-specific data were not used for these initiators.
In the submittal it is stated that the reactor vessel rupture initiator would have a negligible effect on the COF.
Please provide the estimate of'and basis for the freq'uency of this initiator.
(d)
Describe the process used to.identify and account for Interfacing System LQCAs (ISLOCA).
Discuss the most likely flow paths and the impact of the degradation or loss of mitigating system due to ISLOCA, as well as any credit given for isolation.
(e)
Please provide the bases for your steam generator tube rupture (SGTR) initiating event frequency.
The number stated in the submittal seems to be one-half of the expected value.
Please state what cutoff was used in the quantification of cutsets and how it was assured that the residual was not significant.
NUREG-1335 requests "a thorough discussion of the evaluation of the decay heat removal function because the adequacy of the decay heat removal capability at the plant for preventing severe accident situations is to be resolved within this examination program."
In the submittal discussion of the decay heat removal (DHR) vulnerability
- issue, the results from an NRC study of St.
Lucie (NUREG/CR-4710) are cited regarding the important contributors to DHR failure.
- However, the NUREG-1335 request refers to your results from the IPE analysis.
Does the current study (i.e., your IPE) agree with the NRC conclusions
- and, if not, what are the conclusions of the IPE study and why are they different from the NRC study?
In addition, please provide a discussion of insights derived for OHR and its constituent
- systems, and provide the contribution of OHR and its constituent systems (including feed and bleed) to COF and the relative impact of loss of support systems on the frontline systems that perform that function.
0 4L I
I rJ
12.
This question concerns the treatment of heating, ventilation, and air conditioning (HVAC) failures, either as an initiating event or subsequent to an initiator. It is stated in the submittal that most HVAC failures will not lead to an initiator due to long heat up times.
- Also, a description of the HVAC system is provided in Appendix B, along with success criteria and a description of operation under normal and accident conditions.
The description of the electrical equipment room (EER)
HVAC is somewhat confusing.
Operator action is apparently needed (in as little as 2
hours) to restart this system following a loss of offsite power (LOOP) in order to prevent temperatures from reaching 120 F.
This means that recovery in a similarly short time would be needed, if, instead of a LOOP, the initial failure considered was a spurious loss of the EER HVAC.
Loss of equipment in this room might cause a reactor trip, with an (irrecoverable) reduced ability to remove the decay heat.
Thus, loss of this HVAC may lead to an initiating event, yet it was not considered as such in the IPE.
Please provide a more complete description of the investigation into. the impact of HVAC to the rooms containing safety-related equipment.
Discuss the equipment sensitive to temperature
- change, where that equipment is located (e.g.,
describe equipment in EER 1A and 1B),
methods of assessment (e.g., calculations or tests to determine the temperatures and timing), credits for operator actions,
- timing, temporary equipment, and,rationale for elimination as an initiating event or as support to specific equipment.
Consider the fact that equipment may be tripped (by protective interlocks) prior to reaching its damage threshold.
13.
Does FPL intend to maintain the IPE as a living probabilistic risk assessment (PRA)'?
14.
The following question concerns the treatment of flooding:
(a)
(b)
Please discuss the consideration of drains (including back flooding to other areas and probability of failure,.i.e.,
due to blockage),
and doors allowing flood propagation to other areas.
As the fire zones 'are used for delineation of flood zones, discuss whether all fire doors are waterproof in St.
Lucie 1
& 2, and whether failure of such doors to be in a closed position is accounted for in the model.
Please discuss if inadvertent actuation of the fire suppression equipment (i.e., not just pipe failures in this system) is accounted for in the analysis, and provide an estimate on the impact on flooding scenario results if it is not.
(c)
Please discuss the operator actions needed for isolation and mitigation of the most important flood scenarios and provide the basis for the flood-affected HEPs used (it seems the same HEPs as in the internal events analysis were used for
(d)
(e) some actions, disregarding the additional stress that the operator would be under).
Include a discussion of any alarms or any other means the operators would use to detect and stop the flood.
Please discuss how maintenance errors were treated in the flooding analysis.
Include errors committed while in cold shutdown which are left undiagnosed until the flood event occurs while the unit is at power.
There are many screened scenarios whose CDF contribution falls below the 1.E-6/yr cutoff.
Please provide an estimate of the total contribution of the screened scenarios to the CDF.
Human Reliability Analysis (HRA) guestions Pre-Initiator Human Errors:
2.
3.
4.
The submittal is not completely clear on the organizations that participated in the HRA portion of the analysis.
Please clarify the extent to which the HRA was performed by licensee staff versus contractors and which contractors were involved.
Also, please describe any independent peer review performed for the HRA and indicate the extent to which HRA experts were involved in the review.
The submittal does not clearly, discuss the process that was used to identify and select pre-initiator human factor errors (HFEs) involving miscalibration of instrumentation.
The process used to identify and select these types of human events may include the review of procedures, and discussions with appropriate plant personnel on interpretation and implementation of the plant's calibration procedures.
Please provide a
description of the process that was used to identify human events reinvolving miscalibration of instrumentation.
Please provide examples illustrating this process.
The submittal does not clearly discuss the process used to identify and select pre-initiator HFEs involving the failure to properly restore to service after test or maintenance.
This process used to identify and select these types of human events may include the review of maintenance and test procedures, and discussions with appropriate plant personnel on the interpretation and implementation of the plant's test and maintenance procedures.
Please provide a description of the process that was used to identify human events involving failure to restore to service after test or maintenance, and examples illustrating this process.
The submittal is unclear on details of the quantitative screening approach used for HFEs involving restoration of equipment and instrument miscalibration.
In Section 3.4.2, on page 3.4-3, the submittal provides the screening value (0.003 with a 0. I beta factor) used for pre-initiator human failure events.
However, neither a discussion of the bas'is for the screening value (0.003) nor a discussion of the basis for
10 the beta factor is provided.
Please provide the rationale for the choice of these values and provide examples of how the beta factor was applied.
In providing the examples, take specific HFEs and show how,
- where, and why failure probabilities were adjusted with the beta factor.
The submittal is unclear on how the "time-independent" quantification technique was applied to those pre-initiator human failure events surviving initial sequence quantification.
In fact, it is not clear as to whether any pre-initiators were actually quantified with the "time-independent" technique.
The submittal states that the time-independent technique was applied to slips, whether occurring pre-or post-initiator.
The submittal then goes on to present the parameters included in this quantification technique.
Please provide the following regarding the "time-independent" quantification technique as it was applied to pre-initiator human actions:
(a)
The basis for the parameters included in the technique and a
discussion of why this set of parameters is assumed to be sufficient.
(b)
(c)
(d)
The possible numerical values for parameters 1, 2, and 3
(as listed on page 3.4-3 of the submittal) and a discussion of how the numerical values would be chosen for selected pre-initiator events.
A listing of the performance shaping factors (PSFs) considered in parameter 4.
A discussion of the process whereby the PSFs in parameter 4
were selected.
(e)
A discussion of how the PSFs in parameter 4 would be applied in determining a
human failure probability and a listing of their associated numerical values.
Specific examples of the application of the technique that exercise all parameters in the technique as determined by events analyzed during the performance of the IPE.
The examples provided should clearly illustrate the application of PSFs and also illustrate how the derived human failure probabilities reflect plant-specific characteristics.
For
.example, the illustrations could explain how examinations of procedures, walkthrough of procedures, or interviews with plant personnel were considered in determining human failure probabilities.
The submittal is unclear on how dependencies associated with pre-initiator human errors (restoration faults and instrument miscalibrations) were addressed and treated.
There are several ways dependencies can be treated.
In the first example, the probability of the subsequent human events is influenced by the probability of the first event.
For example, in the restoration of several
- valves, a bolt is required to be "tightened."
It is judged that if the operator-fails
to "tighten" the bolt on the first valve, he will subsequently fail on the remaining valves.
In this example, subsequent HEPs in the model (i.e., representing the second valve) will be adjusted to reflect this dependence.
In the second
- example, poor lighting can result in increasing the likelihood of unrelated human events; that is, the poor lighting condition can affect different operators'bilities to properly calibrate or to properly restore a component to service, although these events are governed by different procedures and performed by different personnel.
This type of dependency is typically incorporated in the HRA model by "grouping" the components so they fail simultaneously. 'n the third example, pressure sensor x and y may be calibrated using different procedures.
However, if the procedures are poorly written such that miscalibration is likely on both sensor x and y, then each individual HEP in the model representing calibration of the pressure sensors can be adjusted individually to reflect the quality of the procedures.
Please provide the following concerning the treatment of pre-initiator dependencies:
(a)
A concise discussion of how dependencies (and human action common cause factors where appropriate) were addressed and treated in the pre-initiator HRA.
(b) Specific examples illustrating how dependencies were considered for pre-initiator events modeled in the IPE.
(c) If dependencies and human action common cause issues were not addressed for both miscalibrations and restoration
- events, please gustsfy.
Post-Initiator Human Errors:
7.
8.
The submittal is not clear whether response-type actions were considered.
These actions include human actions performed in response to the first level directive of the emergency operating procedures (EOPs).
For example, suppose the EOP directive instructs the operator to determine reactor water level status, and another directive instructs the operator to maintain reactor water level with system x.
These actions - reading instrumentation to determine level and actuating system x to maintain level - are response-type actions.
Please provide a list of the response actions considered in the analysis.
If response-type actions were not considered, please justify.
The submittal is not clear whether recovery-type actions were considered.
These actions include those performed to recover a specific failure or fault and may not be "proceduralized."
For example, suppose the EOP directive instructs the operator to maintain level using system x, but the system fails to function and the operator then attempts to recover it.
This action - diagnosing the failure and then deciding on a
course of action to "recover" the failed system - is a recovery-type action.
Please provide a list of the recovery actions considered in the
- analysis, and justify why these actions are not proceduralized.
fs'
12 The submittal does not clearly describe the method used to identify and select response-type actions for analysis.
The method utilized should confirm the plant emergency procedures,
- design, operations, and maintenance and surveillance procedures were examined and understood to identify potential severe accident sequences.
Please provide a description of the process that was used for identifying and selecting the response-type actions evaluated.
The submittal does not clearly describe the method used to identify and select recovery-type actions for analysis.
The method utilized should confirm the plant emergency procedures,
- design, operations, and maintenance and surveillance procedures were examined and understood to identify potential severe accident sequences.
Please provide a description of the process that was used for identifying and selecting the recovery-type actions evaluated.
The submittal is unclear on whether or not a quantitative screening approach was used for post-initiator human failure events.
If a screening approach was used, please provide:
(a) The screening value(s) used and the basis for the value(s); that is, provide a rationale for how the selected screening value(s) ensured that important post-initiator human events were not eliminated and/or important sequences truncated.
In addition, please provide the list of the post-initiator human failure events which were initially considered, but which were eventually screened-out.
If a quantitative screening analysis was not used on post-initiator human failure events, please describe how post-initiator human failure events were treated during initial quantification.
Were all human actions in the event and fault trees quantified in detail prior to initial quantification?
Were all human actions set to 1.0 and then addressed at the cutset level?
Please provide a detailed discussion of how human actions were addressed before and after initial quantification and how it was ensured that important post-initiator human events were not eliminated and/or important sequences truncated, The submittal is unclear on how the "time-independent" quantification technique was applied to those post-initiator human receiving detailed quantification and to which actions it was applied.
Please see question number 5.
The same information is requested here as in question number 5, but in regard to the quantification of post-initiator human events.
In addition to answering items (a) thru (f) from question 5, please also provide the following:
1 (g) For one of the post-initiator examples'n item (f) above, address operator action "RTOPITOTC," which is the operator action to initiate once through cooling for a transient.,
- Also, show the derivation of the HEP for the same action in the case of a small
13 LOCA ("RTOP1SIOTC").
Please discuss why time was not a relevant parameter for these actions and 'why the HEPs for these events were the same.
(h) For another
- example, address "RTOPlSlRCP," which is the operator action to secure the RCPs following a loss of seal cooling. Discuss why time was not a relevant parameter in the derivation of the HEP for this event.
(i) Select one more example that represents one of the more important time-independent operator actions and clearly illustrate the application of the quantification technique to this event.
(j) Discuss any differences in the PSFs considered for pre-and post-initiator events when using the time-independent technique.
If different PSFs were not considered, please justify how the same PSFs would be relevant to both pre-and post-initiator human failure events.
(k)
HRA methods in general attempt to consider both the diagnosis portion or phase of post-initiator operator actions and the execution demands of the action.
Please discuss how these two
. different aspects of human failure events were considered in determining post-initiator human failure probabilities.
In.
particular, discuss and illustrate with examples how the diagnosis portion of, human failure events is considered in determining human failure probabilities with the time-independent technique.
If diagnosis and associated PSFs were not explicitly considered, please provide a justification for how the values obtained with the time-independent technique accurately reflect human failure probability.
14.
The-submittal is unclear on how the "time-dependent" quantification technique was applied to those post-initiator human events surviving initial sequence quantification or receiving detailed quantification.
Beginning on page 3.4-4, the submittal presents two "time-dependent" quantification techniques which were used to generate HEPs for human events depending on whether the event was an in-control room action or an ex-control room action.
The submittal then goes on to present the parameters included for these quantification techniques.
Please provide for each of the time-dependent models:
(a)
The basis for the parameters included in these models and a
discussion as to why the selected parameters are relevant.
(b) Where appropriate, the possible numerical values for each of the parameters.
.(c)
A discussion of how the numerical values would be chosen.
4 (d) A discussion and listing of the PSFs applied in the techniques and a
discussion of the process used to determine the appropriateness of applying the various PSFs.
14 (e) Specific examples of the application of each of the two techniques that exercise all parameters in the techniques as determined by events analyzed during the performance of the IPE.
The examples provided should justify why the human failure probabilities should be reduced through the application of plant-specific PSFs.
This process could include examination of procedures,
- training, human engineering, staffing, communication, and administrative controls.
(f) For one of the examples, address event "RlA1AB," which is the operator action to align IA or 1B compressor.
Please provide a full description of the derivation of the human failure probability for this event.
(g) For another
- example, address "RPPCIBLPWR," which is the action to restore power to the PORV block valve.
(h)
HRA methods in general attempt to consider both the diagnosis portion or phase of post-initiator operator actions and the, execution demands of the action.
Please discuss how these two different aspects of human failure events were considered in determining post-initiator human failure probabilities with the time-dependent techniques.
In particular, discuss and illustrate with examples how the diagnosis portion of human failure events is considered in determining human failure probabilities with the time-dependent technique.
If diagnosis and associated PSFs were not explicitly considered, please provide a justification for how the values obtained with the time-dependent technique accurately reflect human failure probability.
15.
In applying
- PSFs, the consideration of time is important.
The submittal is not clear on how "available" time and "response" time were calculated for the various post-initiator human events.
Table 3.4-2 indicates some of the timing sources, but it is unclear as to which times the keys apply.
For each of the post-initiator human events
- examined, provide:
(a)
The available time estimated for the operator action and the bases for the time chosen.
(b) The response time estimated for the operator action and the bases for the time chosen.
(c) For several
- cases, provide examples illustrating how different times were calculated for the same task but in different sequences.
(d) It appears from the table that many of the time estimates were based on operator estimates.
Please discuss how it was ensured that.
operators would provide realistic estimates of the times required.
16.
As noted
- above, in applying
- PSFs, the consideration of time is important.
In Table 3.4-2, the submittal presents (for each post-initiator action) information regarding the time available and the time needed to perform the actions.
However, it was not clear whether the arrival times for cues relevant to operator decisions were considered.
15 Even though a particular event has occurred, the operators may not get any indication of the event for a period of time.
Was this considered in determining the time available and was it considered in calculating the human failure probabilities with the time-dependent techniques7 Please provide examples which illustrate consideration of cue arrival times in determining human failure probabilities or provide a
justification for why they were not considered.
17.
The submittal is unclear on how recovery actions (as defined in question
¹8 above) were quantified.
Please describe these techniques and provide examples that illustrate all aspects of the technique corresponding to the recovery events modeled in the IPE.
In addition, please provide the following:
(a) List the recovery events and identify any operator recovery actions credited for which written procedures did not exist.
For actions not covered by procedures, please provide a justification for the credit taken.
(b) Please describe and discuss any cutsets in which more than one recovery action was applied'8.
It is not clear from the submittal how dependencies were addressed.
and'reated in the post-initiator HRA.
The performance of the operator is both dependent on the accident under progression and the past performance of the operator during the accident of concern.
Improper treatment of these dependencies can result in the elimination of potentially dominant accident sequences and, therefore, the identification of significant events.
Please provide a concise discussion and examples illustrating how dependencies were addressed and treated in the post-initiator HRA for all types of actions to ensure that important accident sequences were not eliminated.
The discussion should address the two points below:
Human events are modeled in the fault trees as basic events such as failure to manually actuate.
The probability of the operator to perform this function is dependent on the accident in progression what symptoms are occurring, what other activities are being performed (successfully and unsuccessfully),
etc.
When the sequences are quantified, this basic event can appear, not only in different sequences, but in different combinations with different systems failures.
In addition, the basic event can potentially be multiplied by other human events when the sequences are quantified which should be evaluated for dependent effects.
Human events are modeled in the event trees as top events.
The probability of the operator to perform this function is still dependent on the accident progression.
The quantification of the human events needs to consider the different sequences and the other human events.
I
16 19.
20.
The submittal is unclear on how human actions during flooding scenarios were identified.
Please describe how human actions were identified as part of the flooding analysis.
The submittal is unclear on the quantification of human events related to flooding.
Please describe the approach used to quantify all human actions related to flooding scenarios.
In addition, provide examples illustrating the application of the approach and provide the basis for all information used in the examples.
Finally, provide a list of the flood-related human actions and their HEPs.
21.
The submittal is unclear on what human reliability analysis was performed during the Level 2 analysis.
Please provide the following regarding the HRA for the Level 2 analysis:
(a)
On page 4.0-2 of the submittal it is stated that the recovery measures considered in the'Level 1 analysis are generally applied in the Level 2 analysis regime.
Please provide a discussion of how this was done and provide a list of the relevant recovery actions and their associated HEPs.
If their HEPs differed from those used in the Level 1 analysis, please describe how the HEPs were calculated.
(b) Please list any additional operator/recovery actions considered in the Level 2 analysis and describe the technique used to quantify the event(s) by way of examples.
(c)
On page 4.0-9, it is noted that an HEP of 0.02 was assigned to the operator action to depressurize the RCS.
It is stated that this value is based on judgment.
Please discuss the basis for this judgment and also discuss the basis for any other HEPs assigned in this manner.
Level 2 guestions Binning of Core Damage Sequences for Transient Event Tree According to the description provided in Section D.3. 1, Sequence 2 of the transient event tree for St.
Lucie 1 (Figure 3. 1-1) is binned to core damage bin (CDB) III, which is described in Table D-2 as containing sequences with early core melt (core damage occurs within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> of shutdown).
- However, Sequence 2 is a sequence with failure of long-term cooling.
Since secondary heat removal is initially available for this sequence and core damage occurs primarily due to the depletion of the condensate storage tank,. it seems that core damage may occur, later than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> after shutdown.
Please discuss the time when core damage occurs in this sequence to justify the classification of this sequence as CDB III, not as CDB IV (for sequences with late core melt).
Please discuss the effect on core exit temperature (CET) quantification if this transient sequence is more appropriately classified as CDB IV instead of CDB III.
17 2.
RCS Pressure and Binning for Small LOCA Event Tree 3.
(a)
(b)
Core Damage (a)
RCS pressure is one parameter used in the IPE to determine the power distribution system (PDS) of a core damage sequence.
It is stated in Note C of Table D-4 that "RCS pressure is determined at the time of core damage and vessel breach."
RCS depressurization may occur between these two time frames, and according to Attachment E-2, this is considered in the CET model.
Therefore, the use of the above statement for RCS pressure determination seems ambiguous.
Please clarify the statement.
If RCS pressure at different times is used for the classification of different core damage sequences, then please provide more detailed discussion and justification.
RCS pressure is one of the factors that is used in the IPE to determine the binning of sequences into CDBs.
According to the IPE submittal (Figure 3. 1-3) small LOCA sequences are binned into CDBs V and VI, both of which are for seq'uences with RCS pressure below 200 psig.
However, the RCS pressure at core damage for small LOCA sequences is likely to be above 200 psig.
Please discuss RCS pressure time histories for the range of small LOCA break sizes considered to justify the above CDB classification.
Please include in the discussion consideration of the uncertainties of RCS pressures due to modeling assumptions.
III Bin for SBO Sequences--
According to the Core Damage Bins described in Table D-2, station blackout (SBO) sequences are binned to the SBO bin.
However, there is no SBO bin among the final plant damage state bins (Tables 4.0-1A and 4.0-1B).
Please provide the distribution of the SBO sequences to the various PDS bins and the basis for the distribution.
(b)
The parameter SACPOWER (AC power not restored or available) is used in the CET to determine the probability of AC power recovery prior to vessel breach for SBO sequences.
It is stated in the submittal (p4.0-10) that "If power is available, as defined by the PDS, this is assumed to be 0.01; otherwise one." However, since power availability (or SBO status) is not a
PDS parameter, it is not clear how the availability of power is determined from the PDS.
Please explain how the above assumption is implemented in the CET quantification.
Also, please discuss in detail how the probability of AC power recovery prior to vessel breach is determined in the IPE.,
4.
Sequences Selected to Represent PDSs'--
In NUREG-1335, it is suggested that one or more sequences be selected to represent each PDS bin.
These representative sequences are then used to quantify the containment event trees (Step 2 of Appendix A).
The following questions are related to
18 the sequences selected in the St. Lucie IPE for modular accident analysis program (HAAP) calculations:
(a)
(b)
(c)
(d)
The plant damage state binning criteria are discussed in Appendix D and the binning results are presented in Section 4.3 of the IPE submittal.
However, in Section 4.3 only the frequencies of the PDSs are presented, the contributions of the core damage sequences (e.g.,
based on the sequence descriptions in Tables 3. 1-1 to 3. 1-12) to the PDSs are not shown.
It is stated in Appendix F of the submittal that "a bas'eline scenario is selected to represent the most likely conditions within the sequences cutsets binned into the PDSs."
- However, because of the lack of the above information (i.e., contributions from the various sequences to the PDSs), it is not clear from the discussion presented in Appendix F how representative the selected sequences are for the PDSs.
Please provide this information and discuss whether all the selected sequences presented in Appendix F
satisfy the selection criteria mentioned in the submittal.
It is stated in the IPE submittal (Section F.4.3) that "only the large LOCA initiated events are evaluated using HAAP" for the low pressure PDSs.
- However, according to Appendix D
(PDS binning criteria) and Figure 3. 1-3 (small LOCA functional event tree) both large and small LOCA initiated events are grouped into low pressure PDSs (i.e.,
corresponding to CDBs V and VI).
Please discuss the differences of accident progression for small and large LOCA initiated sequences and justify the omission of small LOCA initiated sequences from HAAP calculations.
In the St. Lucie IPE, the sequences selected for representative HAAP calculations for the various PDSs are discussed in Appendix F.
- However, some sequences that were selected are not consistent with the definition of the PDS they represent.
For example, the sequence selected for PDS IVD (Section F.4. 1.5) is a sequence with failure of the auxiliary feedwater due to the depletion of the CST.
- However, according to Figure 3. 1-7 and the discussion in Section 0.3. 1, this sequence is classified as CDB III instead of CDB IV.
Please clarify the inconsistency regarding sequence selection and discuss the potential effect on CET quantification.
It is stated in the IPE submittal (Section F.4. 1) that the high pressure scenario calculations are used to "support determination of PDSs falling into core damage bins I, II, and primarily III." However, in the CET quantification, the CDBs (and thus the PDSs) associated with high pressure sequences are CDB III and IV.
In addition, the PDSs discussed in Section F ~ 4. 1 are actually related to CDB III and IV.
Please explain the relevance of CDBs I and II to high pressure sequences.
0 J
tP
19 Basic Events and Fault Trees for CET guantification--
(a)
(b)
The basic events that are used for CET quantification are shown in the fault tree diagrams for the CET top events (Attachment E-2 of the submittal).
They are also discussed in Section 4.5 of the submittal when the conditional probabilities of the CET event nodes are discussed.
- However, some basic events discussed in Section 4.5 cannot be found in the fault trees (e.g.,
PRCRUST and gWETCAV in p4.0-17), while some basic events that are presented in the fault trees are not discussed in Section 4.5 (e.g.,
gHPHEHP and gDHR-CLRS of Page 22 and 27 of Attachment E-2, respectively).
Also, for some of the basic events the probability values provided in Section 4.5 are not consistent with the values shown in the fault tree diagr'ams (e.g.,
the probability value of HOP-DP is 0.02 in Section 4.5 and 1.0 in the diagram).
Please clarify the above inconsistencies.
Please provide a complete comparison of the basic events presented in the fault tree diagrams and those discussed in Section 4.5 (do not limit the discussion to the above cited examples).
It is stated in the IPE submittal (pE-16) that "the generic CET described in Section E-5 was reviewed and modified to incorporate St. Lucie plant-specific features."
Because of the inconsistencies in (a) above, it is not clear whether the fault trees presented in Attachment E-2 are generated from the model used for St. Lucie CET quantification.
Please clarify this point, and provide the actual St.
Lucie fault trees if the fault trees presented in Attachment E-2 are not the ones generated for the St.
Lucie CET quantification model.
External Vessel Cooling (a)
The plant design of St.
Lucie allows enough water to accumulate in the cavity so that the bottom part of, the reactor vessel is submerged if refueling water tank (RWT) water is injected into the containment.
It is stated in the IPE submittal (pE-7) that "However, no calculations exist that indicate that sufficient cooling would be available 'to maintain vessel head integrity, although this is considered as a recovery action for some BWRs,to achieve core cooling under certain accident conditions (Rev.3 BWROG EOPs)."
The probability of successful ex-vessel cooling seems to be determined in the St.
Lucie IPE by basic event PR-HT-TRAN (no ex-vessel heat transfer established).
- Although, according to the submittal (p4.0-11),
only limited information is available at this time to determine the viability of establishing heat transfer through the vessel
- wall, a value of 0. 1 is used in the IPE (for no heat transfer established, p4.0-11).
Please discuss the basis of this assigned probability value and its impact on CET
0 20 (b)
Fault Trees quantification.
Although ex-vessel cooling is considered in the CET structure, it seems that its effect is not included in the HAAP model for severe accident progression analysis.
It should be noted that ex-vessel cooling may provide sufficient cooling to the core debris inside the vessel such that vessel failure is avoided or significantly delayed.
As a result, fission product creation and release paths are affected (e.g.,
in-vessel release from a dry debris bed versus ex-vessel release from a debris bed covered by water).
The release of fission products to the environment may actually increase if the containment fails and external cooling was accounted for in the source term calculation.
Please discuss the potential effect of ex-vessel cooling on source term definition for St. Lucie.
Since ex-vessel cooling affects the RCS conditions during and after core
- damage, please also discuss its effect on the probability of creep rupture of RCS boundaries and steam generator
- tubes, and consequently, the effect on containment performan'ce and source terms for St. Lucie.
~ =
I for CET Branches (a
Fault trees were developed in the IPE for CET quantification, and multiple fault trees were developed and used for some CET top events.
For example, five different fault trees (OCIG to DC5G) were used for CET top event DC (eoolable debris formed ex-vessel) and four fault trees (CFLlG to CFL4G) were used for CET top event CFL (no late containment failure). However, it is not clear from the IPE submittal how the various fault trees are associated with the various branches of the CET.
Please identify in the CET diagram (like that presented in Attachment E-1 of the submittal) the fault trees (e.g.,
CFL1G) applicable to the CET branches.
(b)
For the fault trees developed for CET top event DC (i.e.,
OCIG through OC5G), the description provided for the top event (e.g.,
in the box for Event DCIG) for some of the fault tree diagrams (e.g.,
Page 9 for DC1G, Page 17 for
- OC2G, and Page 24 for DC5G) seems to indicate that the applicability of the fault trees depends on the status of EVSE (presumably this refers to ex-vessel steam explosion).
Since EVSE is not a
CET top event or a PDS parameter its use as a condition for fault tree development and application is confusing.
Please clarify whether this is a typographical
- error, and if it is not a typographical
- error, then please discuss how these fault trees are applied in the CET structure and quantification.
21 RCS Depressurization by Operator Actions (a)
(b)
RCS depressurization by operator actions is considered in the CET quantification via basic event HOP-DP (Operator fails to depressurize RCS).
According to the discussion presented in Section 4.5. 1, a value of 0.02 is used for the probability of operator failure to depressurize the RCS (p4.0-9).
- However, no basis is provided in the IPE submittal for the selection of this value.
Furthermore, it is not consistent with the description provided in Table 4.0-3 for HOP-DP, where it is stated that HOP-DP is "quantified as certain on the basis of lack of emergency operating procedures that direct operators to depressurize the RCS beyond'ore damage."
Please clarify this inconsistency.
Judging from the results of IPE quantification (Figures 4.0-5 through 4.0-11) it seems that 0.02 was used in the IPE for operator depressurization.
If 0.02 was used in the CET quantification, then please discuss the basis for the derivation of this value.
Please include in the discussion the support systems required for RCS depressurization, the time available and the procedures involved in the recovery
- actions, and the operator actions required for successful recover'y.
In-Vessel Coolant makeup Recovery (a)
(b)
(c)
(d)
According to p4.0-9 of the IPE submittal, a probability value of 0.5 is assigned for the probability of basic events SHP-SISl (HPSI system not recoverable).
It is not clear from the submittal how this probability value is derived.
Please discuss the basis for the value used in the CET quantification.
According to p4.0-10, a probability value of 0. 1 is used for basic event SALT-SIS1 (alternative system not recovered during core melt).
Please discuss the alternative system(s) referred to and the basis for the probability value assigned.
In the discussion of basic event SLP-SIS1, it is stated in the submittal (p4.0-10) that "A value of 0.5 (unlikely) is used for PDSs that meet these conditions."
- However, according to Table 4.0-2, the range of "unlikely" is from 0.05 to 0.30.
Please clarify the discrepancy and discuss the basis for the value used in the IPE quantification.
The CET quantification results show that there is a high probability of in-vessel coolant makeup recovery even without successful RCS depressurization (0. 11 for failure, or 0.89 for successful recovery for all
- PDSs, Figures 4.0-5 through 4.0-11).
A review of the fault tree presented on
22 Page 4 of Attachment E-2 of the IPE submittal seems to show that such a low probability of recovery failure can be achieved only with successful recovery of alternate high pressure core injection (Basic Event SALT-SISH).
- However, this basic event is not discussed in Section 4.5.2 of the submittal and the value of 1.00 for this event shown in the fault tree diagram does not seem to lead to the low failure result obtained in the CET quantification.
Please discuss the probability value used for SALT-SISH, the system considered for this basic event, and the basis for the assigned probability value in the IPE.
10.
Containment Pressure Loads from High Pressure Melt Ejection (HPME) and Late Hydrogen Burns (a)
It is not clear from the IPE submittal what containment pressure loads are used to determine containment failure after HPME.
The discussion mentions that a peak pressure greater than the 95 psig containment pressure capability is obtained in some MAAP calculations.
It is also stated in the submittal (p4.0-13) that "An estimate of equivalent pressure load may be obtained by scaling the pressure increase from HPME obtained for Surry according to the volume ratio and thermal power relative to St. Lucie" and (p4.0-14) that "The Surry analysis generated a relationship between the probability of attaining a certain pressure level in the containment versus the ultimate capacity of the containment.
This information along with the MAAP calculations are used for screening this event in the logic tree."
Please discuss how containment pressure loads were obtained in the IPE for CET quantification and please provide the base pressures and the pressure rises used in the CET quantification for the various cases.
Because the pressure loads used in the NUREG-1150 CET quantification for Surry involve significant uncertainties, please discuss also how the uncertainty in the pressure loads is addressed in the St. Lucie IPE and, if it is not addressed in the
- IPE, then discuss the effect of potential higher pressure loads (in the NUREG-1150 uncertainty range) on the St.
Lucie containment failure probabilities.
(b)
According to the IPE submittal, the probability of containment failure due to late hydrogen burns is estimated using the same approach as that used to determine HPME failure.
Containment failures due to hydrogen burns under various conditions are determined by CET basic events PRPR1 through PRPR4.
Please provide the containment pressure loads estimated for these four events and discuss their bases.
Please include in the discussion the effect of the significantly higher amount of ziracaloy in the reactor core for St. Lucie than for Zion'(Table C-1 of the submittal) on hydrogen combustion loads.
23 ll.
Basic Events for the guantification of CET top Event DC (Coolable Debris Formation Ex-Vessel)
(a)
(b)
(c)
The two basic events discussed in Section 4.5.5 for ex-vessel debris coolability, PRCRUST (Impervious crust forms precluding eoolable debris) and gWETCAV (Cavity is wet),
cannot be found in the fault trees for CET top event DC in Attachment E-2 of the submittal.
Please identify the names of the events in the fault trees that correspond to the above two basic events.
Also, please compare and discuss the expected depth of the core debris in the cavity with respect to the assumed eoolable depth of 25 cm mentioned in Generic Letter 88-20.
In addition, please discuss the effect of non-uniform spreading of debris on debris coolability if all debris is retained in the reactor cavity.
According to the descriptions presented in Section 4.5.5, some of the basic events (e.g.,
SNOSPRAY2) are defined by the PDS.
- However, numerical values are provided for these basic events (e.g.,
9.99E-OI for SNOSPRAY2) in the logic tree diagram shown in Attachment E-2 of the submittal.
Please clarify this inconsistency, Some basic events presented in the logic trees for the CET top events are not discussed in the submittal (e.g.,
gHPHEHP on Page 22 of Attachment E-2).
Please discuss these events and the basis for the probability values used for these events in the CET quantification'2.
Induced SGTR (a)
(b)
The probability of induced SGTR is assigned a value of 0. 18 in the IPE in CET basic event PRSGOK (Steam generator tubes do not rupture).
However, it seems that event PRSGOK is considered in the IPE only for the evaluation of RCS pressure for the determination of hot leg/surge line failure (page 2 of Attachment E-2) and not as a containment failure mode (i.e., containment bypass failure).
Please discuss whether and how induced SGTR is =considered in the IPE as a
containment bypass failure, and if it is not considered as a
containment failure, then please discuss the effect of including induced SGTR as a containment failure mode on the St.
Lucie containment failure profile.
It should be noted that the probability of induced SGTR due to forced circulation caused by the restart of the RCPs is addressed in some IPEs because the insufficient core cooling (ICC) guidelines call for the RCPs to be restarted.
Please discuss whether there are procedures for St.
Lucie that call for the restart of the RCPs and, if there are, then discuss their effects on the probability of induced SGTR.
13.
AC Power and Spray Recovery for Late Containment Failure Two basic events related to AC power and spray recovery are included in the fault trees used to determine late containment failure.
They are SACSPREC and SACSPRECL for the probabilities of ac power and spray recovery early and late in the accident progression, respectively.
For early recovery (SACSPREC), it is stated in the IPE submittal (p4.0-17) that "The probability of 0.01 is assumed for not recovering AC power for all PDSs" while for late recovery (SACSPRECL) it is stated (p4.0-18) that "Condition of sprays and power late in the scenario are defined by the PDS."
Please discuss the basis for the probability of 0.01 for early recovery and the determination of late recovery for the various PDSs (since power availability and SBO status is not a
PDS parameter),
14.
The Probability of Late Hydrogen Burn Basic Event PRHB3 is used in the St. Lucie IPE to determine the probability of late hydrogen burn given AC power and sprays are recovered.
It is stated in the submittal (p4.0-18) that "Surry experts determine that if sprays and AC power were restored after CCI, late hydrogen burn was 'unlikely'f minute;sparks from electrical equipment were present."
- However, a review of the data-used in the NUREG-1150 analysis for Surry shows that a probability of 0.99 is used for hydrogen ignition when AC power and sprays are recovered late (Case 2 of guestions 50 and 62 of NUREG/CR-4551 for
- Surry, Volume 3 Rev.
1 Part 2).
Please clarify this inconsistency, and discuss the impact on the St.
Lucie CET quantification if the higher probability value is used.
15.
Late Containment Failure due to Steam Generation According to the fault trees for the CET top event CFL (no late containment failure) presented in Attachment E-2 of the IPE submittal, late containment failure may occur due to overpressurization (Events OVR-PRESS) by steam generation (STM-FAIL), which in turn requires that steam generation occurs (PRSTM-OCC) and that decay heat removal is insufficient (DHR).
Different values are used in the IPE for the above parameters under various conditions (e.g.,
the effects of DHR is represented in the fault trees by DHR1 through DHR3 for different conditions).
In addition, the probability of containment failure due to non-condensible gas generation is also included in the fault tree model presented in Attachment E-2.
- However, these events are not addressed in Section 4.5.6 of the IPE submittal where late containment failure is discussed.
Please discuss the logic used in the fault trees for the above failure modes, and the probability values used in the quantification along with their bases.
16.
Debris Impingement and Containment Shell Melt-through -- It is assumed in the St. Lucie IPE that containment failure due to debris impingement is not possible (a probability of zero) because the containment wall is isolated from the cavity (p4.0-15).
Since a steel containment is used in St. Lucie, the containment is more susceptible to this challenge of direct contact with the dispersed core debris.
According to the
- IPE, the core debris may be dispersed out of the reactor cavity region during
- HPME, and therefore a more detailed review of debris dispersion paths and debris relocation during HPME would be desirable.
Please provide a
more detailed discussion of the path of debris dispersion and relocation during HPME to show that the dispersed debris will not come into contact
25 with the containment steel shell and challenge the integrity of the containment.
17.
Thermal Failure of Penetrations The possibility of thermal failure of penetrations under high temperature conditions in the containment is assumed to be negligible in the IPE because it is assumed that thermal-'nduced failure is not likely to occur before pressure loads exceed the ultimate capacity of the containment (pE-13).
Containment conditions during severe accident progression and the properties of the seal materials for the penetrations are not addressed in the IPE.
Please discuss the seal materials used for the St. Lucie penetrations, their thermal properties, and the expected containment conditions, to support the assumption used in the IPE.
18.
Containment Failure Modes (a)
The guidelines for the quantification of the basic events for containment failure modes (i.e., leak and rupture) are
.discussed in Section 4.5.8 of the submittal (p4.0-20).
However, individual basic events used in the fault trees are not discussed and the probability values used for these events are not provided in the submittal.
Examination of the CET quantification results provided in Figures 4.0-5 through 4.0-11 shows that the split fractions used for CET quantification may not be consistent with the guidelines described in Section 4.5.8.
For example, for late containment failure, the probability values are discussed for a few failure mechanisms (e.g.,
overpressure failure) in terms of their likelihood (e.g., highly likely).
- However, the results seem to show that a single probability value is used for all late failure cases.
A comparison of the probability results presented in the figures for the leak and rupture modes of late containment failure (e.g.,
Cl-L and Cl-R) shows that a probability of 0.9975 for containment leakage (i.e.,
a split fraction of 0.9975 and 0.0025 for leak and rupture, respectively) is used for all late failure cases.
Please clarify this apparent inconsistency.
Please provide a more detailed discussion of the fault tree logic, the basic events, the probability values assigned to "the basic events in the
- IPE, and the basis for the assigned values.
(b)
For the determination of containment failure mode (or size) it is stated in the IPE submittal (p4.0-20) that "Overpressure failures that are induced by high pressure melt ejection loads and hydrogen burning are judged indeterminate (NUREG/CR-4551)."
This does not seem to be consistent with the description found in NUREG/CR-4551 for Surry.
According to guestion 43 of the Surry CET, the probability of containment failure mode for fast pressure rise is not defined as indeterminate (which would mean the use of a probability value of 0.5) but depends on the containment pressure load.
A more detailed discussion on
26 this topic is presented in Section A.2 of NUREG/CR-4551, Vol.3, Rev. 1 Part 2.
Please clarify this inconsistency.
19.
Fission Product Removal by Overlying Pool in the Cavity Regarding fission product removal by an overlying pool in the reactor cavity, it is stated in the IPE submittal (p4.0-19) that "Since for all
- PDSs, the St. Lucie plant cavity is wet, the probability of no overlying pool in the cavity is negligible (1.0E-10 used in the quantification)."
Please discuss the probability of the St. Lucie sequences that do not have the refueling water storage tank contents injected into the containment (e.g.,
SBO sequences with no recovery),
and for which any overlying pool is likely to be shallow.
If there is a significant contribution of such sequences to the total St.
Lucie CDF, then please discuss the likelihood of boil-off of this overlying pool and the effect on fission product release.
20.
21.
Containment Isolation Failure Containment isolation failure is evaluated in the CET as part of early containment failure.
It is stated in the IPE submittal (p4.0-16) that "For independent isolation failures (i.e., not influenced by the PDS),
the basic event probability associated with containment isolation failure of 1.0E-3 is obtained from the containment isolation system fault tree models."
- However, discussions of the fault tree models are not provided in the IPE submittal.
It should be noted that, with respect to the analysis of containment isolation failure probability, NUREG-1335 (Section 2.2.2.5, p2-11) states that "the analyses should address the five areas identified in the Generic Letter:
(1) the pathways that could significantly contribute to containment isolation failure, (2) the signals required to automatically isolate the penetrations, (3) the potential for generating the signals for all initiating events, (4) the examination of the testing and maintenance procedures, and (5) the quantification of each containment isolation failure mode (including common-mode failure)."
Please discuss the analysis performed in the St.
Lucie IPE for containment isolation failure and discuss how the above five areas were addressed in the fault tree models used in the IPE for the containment isolation analysis.
Sensitivity Study Sensitivity analyses are performed in the St.
Lucie IPE for MAAP calculations.
Although the CET quantification involves the use of assumptions and data that have significant uncertainties, the IPE does not provide a sensitivity study for CET quantification.
Please provide a sensitivity study addressing the parameters that are likely to have the largest effect on the likelihood or time of containment failure and the magnitude of the source term.
Use Table A.5 of NUREG-1335 and the results from other PRAs as guidance for selecting sensitivity parameters.
22.
Containment Performance Improvement (CPI) and Hydrogen Issues The Generic Letter CPI recommendation for PWR dry containments is the evaluation of containment and equipment vulnerabilities to localized hydrogen combustion and the need for improvements (including accident management procedures).
0 27 Please discuss whether plant walkdowns have been performed to determine the probable locations of hydrogen releases into the containment.
Including the use of walkdowns, discuss the process used to assure that:
(1) local deflagrations would not translate to detonations given an unfavorable nearby geometry, and (2) the containment
- boundary, including penetrations, would not be challenged by hydrogen burns.
Please identity potential reactor hydrogen release points and vent paths.
Estimates of compartment free volumes and vent path flow areas should also be provided.
Please specifically address how this information is used in your assessment of hydrogen pocketing and detonation.
Your discussion (including important assumptions) should cover the likelihood of local detonation and the potential for missile generation as a result of local detonation.
23.
CET guantification Results (a)
The CET quantification results for the various PDSs are discussed briefly in Section 4.6 of the submittal.
Summary and conclusions are presented in Section 4.8 of the submittal.
Although the important containment failure mechanisms (e.g.,
HPME and alpha mode failure for early failure, overpressure and basemat melt-through for late failure) are discussed in a general, qualitative manner,,in the summary section, the contributions of the various mechanisms to.,
containment failure for St.
Lucie are not provided.
It is important to identify the challenges that are significant to containment failure and their sources (e.g.,
system failure or debris not eoolable) for St. Lucie, so that meaningful insights can be'btained.
guantitative information of this type should be derived and discussed in the submittal.
Please discuss the contributions of the various failure mechanisms to the St.
Lucie containment failure results and the'nsights obtained from the evaluation of the results.
(b) According to the IPE submittal, there are 15 dominant PDSs for Unit 1 and 14 dominant PDSs for Unit 2 (Tables 4.0-1A and 4.0-1B).
Results of CET quantification for some of the POSs are discussed in Section 6 and contributions of the PDSs to the various CET end states (or release modes) are presented in Table 3,7-15 and 3.7-16 for Unit 1 and Unit 2, respectively.
However, the data presented in the tables are not complete in that the contributions of the POSs to some of the release
- modes, identified in Section 4.6 as important, are not provided in these tables.
For example, Release Mode Cl-L is not included in Tables 3.7-15 and 3.7-16.
In addition, some of the PDSs identified in Tables 4.0-1A and 4.0-1B are not included in Tables 3.7-15 and 3.7-16 either (e.g.,
PDSs IVB and VIE for Unit 1).
Please provide tables showing the results of CET quantification for all PDSs for both units (or the C-Matrix, similar to Tables 3.7-15 and 3.7-16 but with complete results).
0 I>>
W
,I
28 24.
Harsh Environmental Condition and System Survivability (a)
(b)
According to the IPE submittal, the environmental qualification limit for containment fan coolers and containment sprays is set in. the HAAP model as 44 psig for containment pressure and 264 F for containment temperature (pE-4).
However, it is not clear how equipment survivability under harsh environmental condition is treated in CET quantification.
The basic events addressing this topic are not presented and discussed in Section 4.5 of the submittal when conditional probabilities of CET event nodes are addressed.
Please discuss how survivability of equipment under severe accident conditions was treated in the CET quantification.
Please include in the discussion the basic events used in the CET structure to address equipment survivability, the probability values assigned to these
- events, and the basis for the assigned values.
It is stated in the submittal (pC-8) that "suction for the spray pumps is from the containment sump."
It is also stated in the submittal (pC-17) that "the St.
Lucie Reactor Cavity contains a containment sump (different from recirculation sumps)"
and that "Extending below and to the outside of the primary shield wall is the reactor cavity sump."
Please provide a schematic drawing showing the locations of the various sumps.
Please identify the sumps from which the spray pumps take suction, and discuss the probability of core debris getting into these,sumps and whether the dispersed core debris would affect the operation of the spray pumps.
25.
Fission Product Release Associated with Containment Bypass The PDSs that are identified in the IPE submittal as dominant PDSs (Tables 4.0-1A and 4.0-1B) include 2
SGTR and one ISLOCA PDS for Unit 1 and one SGTR and one ISLOCA PDS for Unit 2.
The SGTR and ISLOCA PDSs contribute 4X and 8X, respectively, to the Unit 1
CDF and 3X and 10X, respectively, to the Unit 2 CDF.
Since containment event trees are not developed in the IPE for these bypass
However, fission product releases (or source terms) for these containment bypass modes are not discussed in Section 4.7, "Radionuclide Release Characterization" of the IPE submittal and the release fractions are not provided in Table 4.0-7 of the IPE submittal.
Please provide the release fractions for these bypass modes based on plant-specific consideration and discuss the significance of containment bypass related source terms for St. Lucie.