ML17258A943
| ML17258A943 | |
| Person / Time | |
|---|---|
| Site: | Ginna  |
| Issue date: | 02/27/1981 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML17258A942 | List: |
| References | |
| TASK-08-03, TASK-8-3, TASK-RR 0341J, 341J, NUDOCS 8104080465 | |
| Download: ML17258A943 (24) | |
Text
0341J SEP TECHNICAl. EVALUATION rOPIC VIr-3 Ef.ECTRICAL, INSTRUMENTATION, AND CONTROL FEATURES OF SYSTEMS REQUIRED FOR SAFE SHUTDOWN FINAL DRAFT ROBERT EhMETT GINNA UNIT NO.
1 Docket No.
50-24~>
Febr::ary 1981 2-27-81
ABSTRACT This report documents the technical evaluation and review of NRC Safety Topic VII-3, associated with the electrical, instrumentation, and control portions of the systems required for safe shutdown of tne Ginna Nuclear Power Plant, using current licensing criteria.
It includes a review of a report submitted by EGGG, Inc., "Energy Measurements
- Group, San Ramon Oper-ations,"
and incorporates comments rrom Rochester Gas and Electric Corpora-tion which were based on the San Ramon report.
CONTENTS
.0 INTRODUCTION 1
2.0 REVIEW CRITERIA 3.0 RENTED SAFETY TOPICS AND INZERFACES 4'0 REVIEW GUIDELINES 5.0 SYSTEM DESCRIPTION AND EVALUATION 5.1 General 5.2 Reactor Protection System.................................
5.3 Auxiliary and Standby Feedwater System 5.4 Main Steam System.........................................
5.5 Service Water System......................................
10 5.6 Chemical and Volume Control System................. ~.....
~
11 5.7 Component Cooling Water System............................
11 5.8 Residual Heat Removal System..............................
12 5.9 Electrical Instrumentation and Power Systems..............
14 0 o 0
SUMMARY
~ ~
~ ~
~ ~
~ ~
~ ~
~ ~ ~ ~ ~
~ ~ ~ ~
~ ~ ~ ~
~ ~ ~
~ ~
~ ~ ~
~ ~
~
~ ~ ~ ~ ~ ~ ~ ~
~ ~ ~
~
~ ~
~ ~ ~ ~ ~
~ ~ ~
~
17 7.0 REFERENCES 20 TABLES 1.
Functions for Shutdown and Cooldown.............................
2.
List of Safe Shutdown Instruments...............................
15 3.
Safe Shutdown Systems Power Source and Location.................
18 111
SEP TECHNICAL EVALUATION TOPIC VII-3 ELECTRICAL INSTRUMENTATION, AND CONTROL FEATURES OF SYSTEMS RE UIRED FOR SAFE SHUTDOWN GINNA NUCLEAR STATION
1.0 INTRODUCTION
This report is part of the Systematic Evaluation Program (SEP) review of Topic VII-3, Systems Required for Safe Shutdown."
The objective of this review is to determine whether the electrical, instrumentation, and control (EI6C) features of the systems required for safe
- shutdown, including support
- systems, meet current licensing requirements.
The systems required for safe shutdown have oeen identified by the NRC SEP staff.
Tne systems were reviewed to ensure the following safety objec-tives are met:
l.
Assure the design adequacy of the safe shutdown system to auto-matically initiate operation of appropriate
- systems, including reactivity control systems, such that fuel design limits are not exceeded as a result of operational occurrences and postulated accidents,"and to automatically initiate systems required to bring the plant to a safe shutdown 2.
~ Assure that required
- systems, equipment, and control to maintain the unit in a safe condition during hot shutdown are appropriately located outside the control room, and have the capability for subsequent cold shutdown of the reactor using suitable procedures 3.
Assure only safety grade equipment is required to bring primary coolant systems from a high pressure to low pressure cooling condition.
The scope of this review specifically includes an evaluation of the electrical, instrumentation, and control features necessary for operation of the identified safe shutdown systems.
The review evaluates the systems for operability with and without offsite power and the ability to operate with any single failure.
The EIGC review of safe shutdown systems only includes those features not covered under other SEP Topics.
Specific items which will be covered under other SEP reports are identified in Section 4.0, Review Guidelines.
2.0 REVIEW CRITERIA Current licensing criteria for safe shutdown is contained in the following:
l.
IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations" 2.
GDC-5, "Sharing of Structures,
- Systems, and Components" 3.
GDC-13, "Instrumentation and Control" 4.
GDC-17, "Electric Power Systems" 5.
GDC-19, "Control Room" 6.
GDC-26, "Reactivity Control System Redundancy and Capability" 7.
GDC-34, "Residual Heat Removal" 8.
GDC-35, "Emergency Core Cooling" 9 ~
GDC-44, "Cooling Water."
3.0 RELATED SAFETY TOPICS AND INTERFACES The following list of SEP topics are related to the safe shutdown topic with respect to EIGC features, but are not being specifically reviewed under this topic:
1.
SEP III-10.A, "Thermal Overload Protection for Motors of Motor-Operated Valves" 2.
SEP VI-7A3, "ECCS Actuation System" 3.
SEP VI-7C1, "Independence of Onsite Power" 4.
SEP VI-10A, "Testing of RTS and ESF Including Response Time Testing" 5.
SEP VI-lOB, "Shared ESF, Onsite Emergency
- Power, and Service Systems for Multiple Unit Facilities" 6.
SEP VII-1, "Reactor Trip System" 7.
SEP VII-2, "ESF Control Logic and Design" 8.
SEP VIII-2, "Onsite Emergency Power Systems Diesel Generators" 9.
SEP VIII-3, "Emergency DC Power Systems" 10.
SEP IX-3, "Station Service and Cooling Water Systems" 11.
SEP IX-6, "Fire Protection."
Where safe shutdown system EI6C response is affected by the above-mentioned topics, that particular SEP review has been consulted for deter-mination of overall safe shutdown system performance.
Where the SEP topic review is not available, the affect on safe shutdown system performance has been identified as being based on an assumed operating condition or the
affecting system.
The safe shutdown review will be considered preliminary until resolution of tne affecting topic is completed and found to be in accordance with assumptions made in this review.
l
.The completion of this review impacts upon the following SEP topics, since capabilities relating to safe shutdown is required in the topic:
2 ~
SEP VIII-1A, "Potential Equipment Failures Associated with a
)
Degraded Grid Voltage" SEP VIII-2, "Onsite Emergency Power Systems Diesel Generators."
4.0 REVIEW GUIDELINES The capability to attain a safe shutdown has been reviewed by evalu-ating the systems used for normal shutdown (onsite power not available) and emergency shutdown (offsite power not available).
SRP 7.4 was applied to each system to ensure the following guidelines were met:
1.
They have the required redundancy (SRP 7) 2.
They meet the single failure criterion (RG 1.53, ICSB BTP 18) 3.
They have the required capacity and reliability to perform inten-ded safety functions on demand (SRP 7)-
Additionally, SRP 5.4 requirements contained in BTP RSB 5-1 were reviewed to determine if the systems required for residual heat removal met the following guidelines:
1.
The systems are capable of being operated from the control room with only offsite or only onsite power available 2.
The systems are capable of bringing the reactor to cold shutdown with only offsite or only onsite power available within a reason-aole periqd, assuming the most limiting single failure.
The electrical equipment environmental qualification and physical separa-tion are being reviewed under other topics, as is the seismic equipment qualification, and are not reviewed in this report.
Section 7.0 consists or a list of safety related EIBC equipment necessary for safe shutdown to be used in resolving SEP Topic III-1, "Classification of Structures, Compo-
- nents, and Systems."
5.0 SYSTEM DESCRIPTION AND EVALUATION 5.1 General The SEP Review of Safe Shutdown Systems for the R. E. Ginna Nuclear Power Plant states that:
1 The NRC staff and the licensee, Rochester Gas and Electric Corp.
(RG6E),
developed a list of the minimum systems necessary to take the reactor from operating conditions to cold shutdown.
Although other systems may be used to perform shutdown and cooldown functions, the following list is the minimum number of systems required to fulfill the requirements of BTP RSB 5-1 5 1.
Auxiliary Peedwater System 3.
Main Steam System Service Water System 5.
Chemical and Volume Control System 6.
Component Cooling Water System 7.
Residual Heat Removal System
8.
Electrical Instrumentation and Power Systems for the above systems.
Five basic tasks or functions are required to proceed from plant power operation to hot shutdown, to cold shutdown.
These functions and their associated alternate methods are identified in Table l.
5.2 Reactor Protection S stem The reactor prost ction system (RPR) is designed on a channelized basis to achieve isolation and independence between redundant protection channels.
Channel independence is carried throughout the system extending from the sensor to the relay providing the logic.
Isolation of redundant analog channels originates at the process sensors and continues back through the field wiring and containment penetrations to the analog protection racks.
Wnen safety and control functions are combined, both functions are fully isolated in the remaining part of tne channel, control being derived from the primary safety-signal path through an isolation amplifier.
As such, a
failure in the control circuitry does not affect the safety channel.
RPS channels are supplied with sufficient redundancy to provide the capability for channel calibration and testing at power.
Bypass removal of one trip circuit is accomplished by placing that circuit in a half-tripped mode, i.e.,
a two-out-of-tnree circuit becomes a one-out-of-two circuit.
Testing does not trip the system unless a trip condition concurrently exists in a redundant channel.
The power supplies to the channels are fed from four instrument buses.
Two of the buses are supplied by constant voltage transformers and two are supplied by inverters.
Each channel is energized from a separate ac power feed.
Each reactor trip circuit is designed so that a trip occurs when the circuit is de-energized.
An open circuit or the loss of channel power causes the system to go into its trip mode.
Reliability and independence are obtained by redundancy within each tripping function.
In a two-out-of-three circuit, the three cnannels are equipped with separate primary sensors and each channel is energized from an independent electrical bus.
A single failure may be applied in which a channel fails to de-energize when
TABLE 1.
FUNCTIONS FOR SHUTDOWN AND COOLDOWN Function 1.
Control of Reactor Power a.
BOratiOn Method 1.
CVCS 2.
High-Pressure Safety Injection b.
Control Rods 1.
Controlled Rod Insertion 2.
Reactor Trip 2.
Core Heat Removal a.
Forced Circulation (reactor coolant pumps) b.
Natural Circulation (using steam generators) c.
CVCS Letdown Heat Exchangers (CCW) e.
Pressurizer Reliefs and Safety Injection 3.
Steam Generator Heat Removal a.
Main Condenser (circulating water system) 4.
Feedwater b-Atmospheric Dumps (manual actuation) c.
Safety Valves d.
Auxiliary Feed System Turbine e.
Steam Generator Blowdown f.
Water-Solid Steam Generator a.
Main Feedwater Pumps b.
Steam-and Motor-Driven Auxiliary Feedwater Pumps c.
Standby Auxiliary Feedwater Pumps S.
Primary System Control a.
CVCS o.
Pressurized Relief Valves
required;
- however, sucn a malfunction can affect only one channel.
The trip signal furnished by the two remaining channels is unimpaired in this event.
5.2.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that the RPS complies with the current licensing criteria listed in Section 2 of this report.
5.3 Auxiliar and Standb Feedwater S stem The primary source of water to the auxiliary feedwater system (AFS) is from the condensate storage tanks (CSTs) via nonseismic CST supply lines.
The backup source of water to the AFS is from the seismic Class 1 service water system (SWS) via two separate paths; one path provides suction to the turbine-driven
- pump, the other path provides suction to two motor-driven pumps.
Manual action is required to isolate the AFS pump suctions from the CST and to line up the pumps to the SWS.
All other functions of the AFS can be initiated, controlled, and monitored from the control room.
The manual valve alignment of the AFS to the SWS can be performed by an operator dispatcned from the control room.
The NRC staff has determined that the manual lineup of the AFS suction to the SWS is justified under the "limited 5
operator action outside the control room" provision of BTP RSB 5-1.
The two motor-driven pumps are powered from separate redundant 480V emergency buses which can receive power from either onsite or offsite sources.
Each motor-driven pump can provide 100% of the AFS flow required for decay heat removal and can be cross-connected to provide flow to either steam generator.
A standby auxiliary feedwater system (SAFS) provides flow to the steam generators whenever the AFS pumps are unavilable.
The SAFS uses two motor-driven pumps which can be aligned to separate SWS loops.
The SAFS provides the same features as the AFS pumps with regard to functional capability and power supply diversity; it is manually actuated from the control room.
The NRC staff evaluation of the SAFS is contained in Reference 6.
5.3.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that AFS complies with the current licensing criteria listed in Section 2 of this report.
5.4 Main Steam S stem The safety-grade shutdown components associated with the main steam system (MSS} are the main steam isolation valves (MSIUs), the steam safety
- valves, and the steam atmospheric dump valves.
Each of the two steam gen-erators is equipped with an air-operated, solenoid-controlled MSIV, four steam safety valves, and one air-operated atmospheric dump valve.
The MSIVs fail closed upon loss of control air.
For core decay heat removal with natural circulation of the reactor coolant, only one steam generator and one of its four sarety valves are required to remove core decay heat a
few seconds after reactor trip.
One atmospheric steam dump which can be operated from the control room is sufficient for maintaining hot shutdown or for cooldown of the RCS below hot shutdown conditions.
Boiling of tne feedwater in the steam generator is the dominant mode of removing primary system heat.
Normally, the energy in the steam is removed in the turbine and the main condenser.
After the turbine is trip-
- ped, the turbine bypass system provides a controlled steam release directly to the condenser.
The ultimate heat sink for the condenser is the circula-ting water system.
When the condenser is not available, the steam is released directly to the atmosphere through either the steam safety valves or the atmospheric dump valves.
As the steam is lost, a continuing source of feedwater is required.
The MSS-level instrumentation is designed on a channelized basis to achieve isolation and independence between redundant protection channels.
Channel independence is carried throughout the system, extending from the sensor to the relay providing the logic.
Loop A steam-generator level is indicated in the control room, at the auxiliary feedwater pump panel, and at the main feedwater control valves.
5.4.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that the HSS complies with the current licensing criteria listed in Section 2 of this report.
5.5 Service Water S stem The service water system (SWS) circulates water from the screen house to various heat exchangers and systems in the containment, auxiliary, and turbine buildings.
The system has four pumps, three of which have the capacity to supply normal cooling loads.
Under accident conditions, one pump is sufficient to supply essential loads.
The SWS piping is arranged so that there are at least two flow paths to each essential load; non-essential loads are automatically isolated on a safeguards actuation signal.
Valving is provided to isolate any single failure and to permit continued operation of the system.
The SWS valve lineup splits the system into two independent trains.
Safety-related equipment (diesel generators, AFS sup-ply, containment ventilation coolers, etc.) is split between the trains so that the loss of one SWS loop will affect only half of the redundant safety-related equipment capacity.
Motor-operated valves which isolate non-essential SWS loads, as well as the system
- pumps, are operable from the control room.
Power for the SWS pumps is provided by the 480V emergency buses which can be supplied by onsite (emergency diesels) or offsite power.
One SWS pump per emergency diesel is automatically started during post-accident diesel load sequencing.
5.F 1 Evaluation Based on a reveiw of the documentation listed in the Reference section of this report, we conclude that tne SWS complies with the current licensing criteria listed in Section 2 of this report.
- 10
5.6 Chemical and Volume Control S stem The chemical and volume control system (CVCS) provides borated water from the ooric-acid tanks (BATs) or the refueling water storage tank (RWST) through three positive displacement charging pumps to the RCS.
The capacity of one pump (46 gpm) is sufficient to compensate for contraction of the RCS coolant during normal cooldown.
One cha'rging pump alone, or with the boric-acid transfer
- pump, can provide cold shutdown boration requirements immedi-ately following reactor shutdown.
Borated water for the charging pumps would be supplied from the RWST by manually opening Valve 358 to bypass an air-operated valve in the charging pump suction lines.
The cnarging pumps can be controlled locally or from the control room.
Power for the charging pumps is supplied via the emergency buses from either onsite or offsite power sources.
The charging pumps discharge into a common pulse-dampening accumulator which renders the system susceptible to a single failure which could prevent charging for boration and coolant contraction during cool-down.
Should this occur, a redundant method of charging and boration exists by means of the high pressure safety injection (HPSI) system.
Any of the three HPSI pumps can be lined up from the control room to take a suction on the BATs or the RWST and to inject borated water into the RCS via the HPSI lines.
5.6.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that the CVCS complies with the current licen-sing criteria listed in Section 2 of this report.
5.7 Com onent Coolin Water S stem The component cooling water (CCW) system consists of two pumps,"
two heat exchangers, a surge
- tank, and connecting valves and piping.
During normal full-power operation or for post-accident operation, one component cooling pump and one component cooling heat exchanger can accommodate the heat removal loads.
The standby pump and heat exchanger provide 100X back-up.
Both pumps and both heat exchangers are utilized to remove the residual and sensible heat during plant shutdown.
If one of the pumps or one of the heat exchangers is not operative, the time for cooldown is extended.
The CCW pumps recieve power from the redundant 480V emergency buses which can be supplied by onsite or offsite power.
The CCW system is normally operated from the control room.
The surge tank accommodates expansion, contraction, and leakage of water, and ensures a continuous component cooling water supply until a leaking cooling line can be isolated.
Because the surge tank is normally vented to the atmosphere, a radiation monitor in the compo-nent cooling pump inlet header annunciates in the control room and closes a
valve in the vent line in the event that the radiation level reaches a
preset level above the normal background.
Part of the CCW pump discharge supplies cooling water to the Reactor Coolant Pumps A and B, tne Excess Letdown Heat Exchanger (CVCS),
and the Reactor Support Cooling through a single, nomally-open valve, MOV 817.
Failure of the valve in the closed position could disrupt plant operation due to the loss of cooling to the above components, but would not effect equipment required for safe shutdown.
5.7.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that the CCW system complies with the current licensing criteria listed in Section 2 of this report.
5.8 Residual Heat Removal S stem The suction line of the residual heat remov'al (RHR) system is isolated from the Loop A hot leg of the RCS by MOV 700 and MOV 701 in series.
MOV 700 and MOV 701 normally operate in the closed position and do not change position upon loss of power (fail as is).
MOV 700 is operable with either onsite or offsite power from essential Bus 14 via MCC 1C.
MOV 701 is operable with either onsite or offsite power from essential Bus 16 via The discharge line of the RHR system is isolated from the Loop B cold leg of the RCS by MOV 720 and MOV 721 in series.
MOV 720 and MOV 721 norm-ally operate in the closed position and do not change position upon loss of power (fail as is).
MOV 720 is operable with either onsite or offsite power from essential Bus 14 via MCC 1C.
MOV 721 is operable with either onsite or offsite power from essential Bus 16 via MCC 1D.
The RHR system discharge line is not used for an ECCS function that would require MOV 720 or MOV 721 to open;
Isolation between the RHR system and LPSI injection into the reactor vessel is provided by two separate paths from the RHR discharge line, with each path containing an MOV and check valve.
MOV 852A and Check Valve 853A provide isolation in one path, and MOV 852B and check valve 853B provide isolation in the other.
MOV 852A and MOV 852B normally operate in the closed position and do not change position upon loss of power (fail as is).
MOV 852A is operable with either onsite or offsite power from essen-tial Bus 14 via MCC 1C.
MOV 852B is operable with either onsite or offsite power from essential Bus 16 via MCC 1D.
The suction line of the RHR system, when functioning in the injection phase of LPSI, commences at the RUST to MOV 856 and Check Valve 854 in
- series, then to a parallel branch where MOV 704A and 704B provides a path to RHR Pumps A and B, respectively.
MOV 856 is normally locked open with power removed.
It can be operated from either onsite or offsite power from essential Bus 14 via MCC 1C.
MOV 704A and 704B normally operate in the open position and do not change position upon loss of power (fail as is).
MOV 704A is operable with either onsite or offsite power from essential bus 14 via MCC 1C.
MOV 704B is operable with either onsite or offsite power from essential Bus 16 via MCC 1D.
Two separate paths provide suction to the RHR system when it is func-tioning in the recirculation phase of LPSI.
Both paths commence at the containment sump and terminate at the RHR pmps.
MOV 850A and MOV 851A in series provide the path to RHR Pump 1.
MOV 850B and MOV 851B in series provide the path to RHR Pump 2.
MOV 850A and MOV 850B normally operate in the closed position and do not change position upon loss of power (fail as is).
MOV 851A and 851B are normally locked open with power remove'd.
MOV 850A and MOV 851A are operable with either onsite or offsite power from essential Bus 14 via MCC 1C.
MOV 850B and MOV 851B are operable with either onsite or offsite power from essential Bus 16 via MCC 1D.
Both RHR pumps are operable with either onsite or offsite power.
RHR Pump 1 is powered from essential Bus 14, RHR Pump 2 is powered from essen-tial Bus 16.
5.8.1 Evaluation The RHR system itself is not single-failure proof in tnat single failures exist in the RHR inlet and discharge lines.
A failure of any one of the four MOVs to open would disable the system.
- However, as there are acceptable alternative methods for attaining cold shutdown (Reference 1),
we conclude that the RHR system complies witn the current licensing cri-teria listed in Section 2 of tnis report.
5.9 Electrical Instrumentation and Power S stems Table 2 provides a list of the instruments required to conduct a safe shutdown.
The list includes those instruments wnich provide information to the control room operator from which the proper operation of all safe shut-down systems can be inferred.
These instruments show RCS pressure, RCS temperature, pressurizer level, steam-generator
- level, and main steam temp-erature.
Improper trending of these parameters would lead the operator to investigate the potential causes.
Other instruments listed in the.table provide the operator with a direct check on safe shutdown system perform-ance and indication of actual or impending degradation of system perform-ance.
The asterisk in the "instrument location" column of the table indicates whicn indicators are located outside the control room at local shutdown panels.
Offsite emergency power is provided througn a single 4.16kV station auxiliary transformer.
Tnerefore, the BTP RSB 5-1 (Reference
- 6) assumption on loss of onsite emergency power, i.e.,
loss of bot'n diesel generators TABLE 2.
LIST OF SAFE SHUTDOWN INSTRUMENTS Com onent/S stem Main steam Reactor coolant Instrument Steam generator level LT and LI 460,
- 461, and 470, 471 Main steam pressure PT and PI 468, 469,
- 478, and 479 Pressurizer level LT and LI 426, 427,
and 410A and B
Instrument Location LT inside continament LI control room+
PT intermed. bldg.
PI control room LT inside containment control room+
PT inside containment PI control room+
TE inside continament TI control rrom Reference Drawing 33013-544 Drawing 33013-534 Drawing 33013-424 Drawing 33013-424 Drawing 33013-424 Auxiliary feed AFWS flow FT 2021,
- 2022, 2023, 2025 FT intermed.
buld.
FI control room~
Drawing 33013-544 FI 2021,
- 2022, 2023, 2024 FT and FT 4084, 4085 Service water Pump discharge press.
PT 2160 and 2161 PT screen house PI control room Drawing D-302-071-E
TABLE 2.
(continued)
Com onent/S stem Instrument Instrument Location Reference Chemical and volume control Charging flow FIT 128, FI 128 FIT auxiliary build.
FI control room Drawing 33013-433 RWST level LT 920, LI 920 LT auxiliary build.
LI control room Drawing 33013-425 Component cooling water System flow FIT 619 FIT auxiliary build.
Low flow alarm in control room Drawing 33013-436 Surge tank level LIT 618 LIT auxiluary build.
LI control room Drawing 33013-435 Residual heat removal System flow FT 626, FI 626 FT auxiliary build.
FI control room Drawing 33013-436 Diesel generator Generator output voltage and current Control room Emergency ac power 480V Buses 14, 16, 17, 18, voltage indication Control room Emergency dc power 125V dc Buses 1 and 2, voltage indication Control room
~Indicators are also available at local shutdown panels.
renders the offsite emergency power susceptible to single failure.
The acceptability of this design was reviewed during the Provisional Operating License review, and it was concluded that, because of the demonstrated high reliability of the type of transformers involved, the absence of a redundant transformer does not significantly affect the reliability of offsite power.
A secondary source of offsite power can be made available via the unit auxiliary transformer by manually disconnecting flexible connections at the main generator terminals.
This design meets the current NRC requirements for offsite power supplied (GDC 17), providing that disconnection of the flexible connections at the main generator terminals can be accomplished within the time contraints imposed oy coolant water inventory and battery 5
life, even though this deviates from the guidelines of BTP RSB 5-1.
Onsite emergency power is furnished by two diesel-engine generating sets.
Either diesel generator is capable of supplying sufficient safety loads.
The diesel generators and loads are divided on a split-bus arrange-ment.
There is no automatic tie between the two buses.
Both diesels are started by a "safety injection" signal, and each diesel is started by an undervoltage condition at either of its 480V buses.
Each diesel can also be started locally or from the control room.
Table 3 details the safe shutdown systems power source and location.
5.9.1 Evaluation Based on a review of the documentation listed in the Reference section of this report, we conclude that the electrical, instrumentation, and power systems comply with the current licensing criteria listed in Section 2 of this report.
- 6. 0 SUKGQtY The systems required to take the reactor from hot shutdown to cold l
- shutdown, assuming only offsite power is available or only onsite power is available and a single failure, are capable of initiation to bring the plant to safe shutdown and are in compliance with current licensing criteria TABLE 3.
SAFE SHUTDOWN SYSTEMS POWER SOURCE AND LOCATION S stem Reactor protection Reactor breakers Reactor Bistables Power Source DC power, instrument bus Location Control room (289 ft)
Main steam safety valves Isolation valves Atmos.
dump valves Auxiliary feed motor-driven Pumps A, B
Turbine-driven pump Standby Pumps C,
D Service water Pumps A, B, C, D
Chemical and volume control Pumps A, B, C
Air (fail closed)
Air or manual A-Bus 14, B-Bus 16 Steam-driven C-Bus 14, D-Bus 16 A,C-Bus 18, B D-bus 17 A-Bus 14, B,C-Bus 16 Intermediate build.
(278 ft)
Intermediate build. (253 ft)
Intermediate build.
(253 ft)
Auxil. buld. addition (270 ft)
Screen house (253 ft)
Auxiliary build. (253 ft) east Refueling water storage tank Component cooling water Pumps A, B
Heat Exchangers A-Bus 14, B-Bus 16 Auxiliary build.
Auxiliary build. (271 ft)
Auxiliary build.
(271 ft)
Diesel Generators lA, 1B 125V control power Diesel Room N side of turbine build (253 ft)
TABLE 3.
(continued)
S stem Power Source Location 480V Bus 14 480V Bus 16 480V Bus 17 480V Bus 18 Instrument Buses 1A, 1B Instrument Buses 1C, 1D Diesel lA or offsite power Diesel 1B or offsite power Diesel 1B or offsite power Diesel lA or offsite power lA-Inverter 1, 1B-480V MCC 1C-Inverter 2, 1D-480V MCC Auxiliary build. (271 ft)
Auxiliary build. (263 ft)
Screen house (253 ft)
Screen house (253 ft)
Control room (289 ft)
Battery and Inverter lA Battery and Inverter 1B Battery room (253 ft)
and the safety objectives of SEP Topic VII-3, except that long-term cooling (RHR) is susceptible to single EIGC failures which render this form of long-term cooling inoperable.
However, other systems are available for the removal of decay heat.
The instrumentation available to control room operators to place and maintain the reactor in cold shutdown conditions meets current licensing criteria since no single EI&C failures render vital parameters such as reactor pressure, temperature, etc.,
The capability to maintain the reactor in hot shutdown from outside the control room exists and is in compliance with the safety oojectives of SEP Topic VII-3.
No procedure exists to take the plant from hot to cold shutdown from outside the control room.
However, all the required systems and components could be operated at local stations throughout the plant and, therefore, satisfy the safety objectives of SEP Topic VII-3.
7.0 REFERENCES
1.
SEP Review of Safe Shutdown Systems for the R. E. Ginna Nuclear Power
- Plane, Revision 1, updated.
2.
U.S. Nuclear Regulatory Commission, Code of Federal Re ulations, Title 10, Part 50, Appendix A (General Design Criteria),
1979.
3.
U.S. Nuclear Regulatory Commission, Standard Review Plan, NUREG-75/087, Revision l.
U.S. Nuclear Regulatory Commission, Safety Topic III-l, Classification of Structures S stems and Com onents.
5 ~
U.S. Nuclear Regulatory Commission, Branch Technical Position, RSB 5-1, Desi Re uirements of the Residual Heat Removal S stem, Revision 1.
6.
NRC letter, D. Ziemann, to L. White, dated August 24, 1979, forwarding Amendment 29 to the Ginna Operating License.
7.
Foxboro Drawings BD-2 through BD-19 for the Ginna Nuclear Power Station.
8.
Rochester Gas and Electric Corp. Drawing 33013-435-A, Auxiliary Cool-ant System.
0 9.
Rochester Gas and Electric Corp. Ginna Final Safety Analysis Report (FSAR) dated April 23, 1975.
10.
Rochester Gas and Electric Corp. Drawing 33013-436-A, Auxiliary Cool-ant System.
11.
Rochester Gas and Electric Corp. Drawing 33013-425-A, Safety Injection System.
12.
SEP Review of the Electrical, Instrumentation, and Controls associated with the systems required for safe shutdown of the Ginna Nuclear Power
- Plant, EGGG Energy Measurements
- Group, San Ramon Operations, EGG 1183-4147, September 1980.
13.
Rochester Gas and Electric Corporation letter, J.
E. Maier, to NRC, D. M. Crutchfield, January 23, 1981.
- 21