Text

License Amendment Request Proposing to Add a Qualified Offsite Circuit to Technical Specifications 3.8.1, AC Sources-Operating and the Use of Load Tap Changers in the Automatic Mode of Operation on the Startup Transformers
	ML17270A041
Person / Time
Site:	Robinson
Issue date:	09/27/2017
From:	Kapopoulos E; Duke Energy Progress
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	RNP-RA/17-0037
	Download: ML17270A041 (101)
	v • d • e

(~ DUKE ENERGY<<

Serial: RNP-RA/17-0037 September 27, 2017 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 H.B. ROBINSON STEAM ELECTRIC PLANT, UNIT NO. 2 DOCKET NO. 50-261 RENEWED LICENSE NO. DPR-23 Ernest J. Kapopoulos, Jr.

H. B. Robinson Steam Electric Plant Unit 2 Site Vice President Duke Energy 3581 West Entrance Road Hartsville, SC 29550 0 843 857 1701 F: 843 857 1319 I Er11ie.Kapopou/05@duke-energy.co111 10 CFR 50.90

SUBJECT:

LICENSE AMENDMENT REQUEST PROPOSING TO ADD A QUALIFIED OFFSITE CIRCUIT TO TECHNICAL SPECIFICATION 3.8.1, "AC SOURCES -

OPERATING" AND THE USE OF LOAD TAP CHANGERS IN THE AUTOMATIC MODE OF OPERATION ON THE STARTUP TRANSFORMERS Ladies and Gentlemen:

Pursuant to 10 CFR 50.90, Duke Energy Progress, LLC (Duke Energy) hereby submits a license amendment request (LAR) for H.B. Robinson Steam Electric Plant, Unit No. 2 (HBRSEP). The proposed amendment will revise HBRSEP Technical Specification (TS) 3.8.1, "AC Sources - Operating," to reflect the addition of a second qualified offsite circuit. This proposed change is necessitated by the addition of a new 230kV startup transformer that will be installed and connected to the existing 230kV switchyard.

Additionally, Duke Energy is installing Load Tap Changers (LTC) at HBRSEP as sub-components on the new 230kV startup transformer as well as dn a replacement for the existing 115kV startup transformer. Duke Energy proposes to revise the HBRSEP current licensing basis as reflected in the Updated Final Safety Analysis Report (UFSAR) to allow for the use of these L TCs in the automatic mode of operation. Operation of the L TCs in automatic mode requires Nuclear Regulatory Commission (NRC) approval in accordance with 10 CFR 50.59, since automatic L TC operation creates a possibility for malfunction of a structure, system or component important to safety with a different result than any previously evaluated in the HBRSEP UFSAR.

Meetings were held with the NRC staff on August 26, 2015 and September?, 2017 to discuss the proposed change described above.

The Enclosure provides a description and assessment of the proposed change. Attachment 1 provides the existing HBRSEP TS pages marked to show the proposed change. Attachment 2 provides existing TS Bases pages marked to show the proposed change for information only.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 2 provides existing UFSAR pages marked to show the aspect of the proposed change associated with the addition of L TCs and their use in the automatic mode of operation. provid, s a single line diagram of the proposed HBRSEP electricj l distribution system.

The proposed change has been evaluated in accordance with 10 CFR 50.91(a)(1) using criteria in 10 CFR 50.92(c), and it has been determined that the proposed change involves no significant hazards consideration. The bases for these determinations are included in the Enclosure.

Approval of the proposed amendment is requested by September 15, 2018, to support HBRSEP refueling outage 31. Once approved, Duke Energy plans to implement the license amendment coincident with completion of the modifications discussed above. The modifications are scheduled for completion by the end of the HBRSEP refueling outage (R031) that begins in September 2018.

There are no new regulatory commitments contained in this letter.

In accordance with 1 O CFR 50.91, Duke Energy is notifying the State of South Carolina of this license amendment request by transmitting a copy of this letter and enclosure to the designated State Official.

If there are any questions or if additional information is needed, please contact Mr. Tony Pilo, Manager - Regulatory Affairs at 843-857-1409.

I declare under penalty of perjury that the foregoing is true and correct. Executed on September 27, 2017.

Ernest J. Kapopoulos, Jr.

Site Vice President EJK/jlv

Enclosure:

Description and Assessment of the Proposed Change Attachments:

1. Technical Specification Page Markups

2. Technical Specification Bases Page Markups (For Information Only)

3. UFSAR Page Markups (For Information Only)

4. Draft Revised UFSAR Figure, Electrical Distribution System (For Information Only)

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page3 cc (with Enclosure/Attachments):

C. Haney, USNRC Re~ion II - Regional Administrator J. Rotton, USNRC Sen;1or Resident Inspector - RNP D. Galvin, NRR Project Manager - RNP A. Gantt, Chief, Bureau of Radiological Health (SC)

A. Wilson, Attorney General (SC)

S. E. Jenkins, Manager, Radioactive and Infectious Waste Management (SC)

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 1 ENCLOSURE Description and Assessment of the Proposed Change

Subject:

License Amendment Request Protjosing an Additional Offsite Power Source and the Use of Startup Transformers with Automatic Load Tap Changers

1.

SUMMARY

DESCRIPTION

2.

DETAILED DESCRIPTION 2.1 Existing Offsite Power System Design and Operation 2.2 Current Technical Specifications Requirements 2.3 Reason for the Proposed Change 2.4 Description of the Proposed Change

3.

TECHNICAL EVALUATION 3.1 Technical Specification 3.8.1 Change Request 3.2 Load Tap Changers Request 3.3 Additional Technical Information to Support Proposed Change

4.

REGULA TORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Precedent 4.3 No Significant Hazards Consideration Determination Analysis 4.4 Conclusions

5.

ENVIRONMENTAL CONSIDERATION

6.

REFERENCES ATTACHMENTS:

1. Technical Specification Page Markups

2. Technical Specification Bases Page Markups (For Information Only)

3. UFSAR Page Markups (For Information Only)

4. Draft Revised UFSAR Figure, Electrical Distribution System (For Information Only)

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 2

1.

SUMMARY

DESCRIPTION The proposed change will revise H.B. Robinson Steam Electric Plant, Unit No. 2 (HBRSEP)

Technical Specification (TS) 3.8.1, "AC Sources - Operating," to reflect the addition of a second qualified offsite circuit. This proposed change is necessitated by the addition of a new startup transformer that will be installed and connected to the exi,ting 230kV side of the switchyard.

The proposed change will also revise the HBRSEP current licensing basis as reflected in the Updated Final Safety Analysis Report (UFSAR) to allow for the use of Load Tap Changers (L TCs) in the automatic mode of operation. Duke Energy is installing L TCs at HBRSEP as sub-components on the new 230 kV startup transformer as well as on the replacement for the existing 115kV startup transformer. There are no changes to the HBRSEP TSs associated with the request to use L TCs in the automatic mode of operation.

2.

DETAILED DESCRIPTION 2.1 Current Offsite Power System Design and Operation Introduction The HBRSEP offsite power system consists of those facilities necessary to interconnect the generating unit with the remainder of the Duke Energy Progress transmission system. The offsite power system provides capability for delivering power from HBRSEP when the unit is generating power, and also provides capability for delivering power to the unit when it is not generating power. The offsite power system includes the HBRSEP generator, the main power transformers, the switchyard (with a 230kV and 115kV side), the unit auxiliary and startup transformers, and the transmission lines from the site.

Offsite Power System Description The generator feeds electric power at approximately 22kV through an isolated phase bus to the main transformers. The bulk of the power required for station auxiliaries during normal operation is supplied by the unit auxiliary transformer which is also connected to the isolated phase bus.

The 230kV side of the switchyard is of the "breaker-and-a-half' design with six outgoing 230kV transmission lines and two connections to the adjacent 115kV switchyard through 300 MVA auto-transformers. The 115kV switchyard is a split bus design incorporating two bus sectionalizing breakers. The 115kV switchyard is connected to various points on the transmission system with three 115kV lines and to the 230kV switchyard with the two auto-transformers mentioned above.

Protective features inherent within the arrangement of 230kV "breaker-and-a-half' switchyard design coupled with switchyard bus and auto-transformer differential relaying provide reliable protection for isolation of faults to facilitate continuity of power supply from alternate sources.

Further protection associated with each transmission line includes high speed distance relaying, breaker failure relaying, carrier relaying, ground overcurrent relaying and selective-automatic reclosing of line to facilitate isolation of a sustained fault and continuity through reclosing in the event of transient faults.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 3 Switchyard Voltages The nominal switchyard voltages for HBRSEP are 115kV and 230kV. HBRSEP is provided with a voltage schedule which calls for the unit, when operating, to maintain these voltages within acceptable limits, as determined by both the transmission and plant auxiliary electrical system requiremtnts.

I Adequate voltage can be maintained at the switchyard to meet plant requirements because of the proximity of the Darlington County Internal Combustion Turbine Plant, the strong 230kV and 11 SkV transmission system connecting the area to the rest of the Duke Energy system and the location of capacitor banks throughout the system. Should the system voltage begin to drop for any reason, capacitor banks in the affected area will come on line by automatic voltage control or by dispatcher intervention. The system dispatcher closely monitors the plant 115kV switchyard bus voltage and will be alerted to voltages outside acceptable limits as determined by plant operating requirements.

Operators also monitor the voltage on the 115kV switchyard bus by means of a digital voltmeter located in the Control Room. Control Room annunciators alarm should the*voltage fall below 100 percent or rise above 103.5 percent. In addition, loss of power to the monitor circuit will also set off a separate alarm in the Control Room.

Startup Transformer and Back-feeding HBRSEP was constructed prior to the issuance of 10 CFR 50, Appendix A, General Design Criterion 17, "Electric power systems." Therefore, the existing design is that a single startup transformer connects the multiple sources of offsite power to the onsite electric distribution system. Should a failure of the startup transformer occur, a spare startup transformer located onsite can be placed into service. During the time that the startup transformer is out of service, the unit auxiliary transformer can supply power to the onsite distribution system by back-feeding the main transformer from the 230kV switchyard. The main transformer back-feeding will only be done during cold shutdown unless nuclear safety considerations require it to be done during hot shutdown when no other power sources are available.

2.2 Current Technical Specifications Requirements The current TS 3.8.1 provides a Limiting Condition for Operation (LCO) that requires the only qualified offsite circuit at HBRSEP to be operable in Modes 1, 2, 3 and 4. This qualified circuit between the offsite transmission network and the onsite Electrical Power System helps ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an anticipated operational occurrence or a postulated design basis accident (OBA). A corresponding action is provided in TS 3.8.1 that allows 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months to restore the inoperable offsite circuit. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time (CT) takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a OBA occurring during this period. If the inoperable offsite circuit is not restored within the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT and the plant is in Modes 1, 2, 3 or 4, a plant shutdown is required.

Because only one qualified offsite circuit exists at HBRSEP, TS 3.8.1 does not currently have a Condition for two inoperable offsite circuits. This lack of a second offsite circuit in TS 3.8.1 results in HBRSEP being inconsistent with NUREG-1431, Standard Technical Specifications (Reference 1 ), and other Westinghouse Plants. Another HBRSEP inconsistency with Reference 1 is that there is not a Required Action (RA) in TS 3.8.1 to perform Surveillance Requirement

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page4 (SR) 3.8.1.1 ("Verify correct breaker alignment and indicated power availability for each offsite circuit") when an offsite circuit is inoperable because only one offsite circuit exists. A second qualified offsite circuit is being added to the plant (see Section 2.4).

Additionally, existing HBRSEP TS 3.8.1 does not provide a Condition for two inoperable diesel generators (DGs) ~or does the TS provide a Condition for one inoperable offsite circ.uit and one inoperable DG. Tttese are also examples of inconsistencies with Referencel 1. The current HBRSEP TS 3.8.1 requires immediate entry into LCO 3.0.3 for both of these cases (i.e., two or more inoperable AC sources).

2.3 Reason for the Proposed Change Second Qualified Offsite Circuit HBRSEP is enhancing the plant electrical distribution system reliability and availability by increasing the number of available offsite power sources to the station distribution system.

Specifically, HBRSEP will accomplish this enhancement with the design and installation of a second startup transformer to be connected to the 230kV switchyard. The additional startup transformer will result in a second qualified circuit between the offsite transmission network and the onsite emergency AC Electrical Power Distribution System that will continue to ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after a postulated OBA. The two immediately available offsite power sources will be totally independent of and electrically isolated from each other to the extent practical in order to minimize the likelihood of a single event causing loss of both offsite circuits. The 115kV and 230kV SUTs will be physically separated from each other in order to minimize the chance of simultaneous failure. The regulation at Title 1 O of the Code of Federal Regulations ( 10 CFR) 50.36(c)(2)(ii)(C), "Criterion 3," states that a TS LCO must be established for:

A structure, system, or component that is part of the primary success path and which functions or actuates to mitigate a design basis accident or transient that either assumes the failure of or presents a challenge to the integrity of a fission product barrier.

For continued compliance with this regulatory requirement, the second offsite circuit that is to be installed at HBRSEP needs to be added to TS 3.8.1. Any proposed change to revise a plant's TSs requires a License Amendment Request pursuant to 10 CFR 50.90. The LCO, Conditions, Required Actions and Completion Times associated with TS 3.8.1 need to be modified in order to reflect the additional offsite circuit that is to be installed at HBRSEP.

An additional reason for the proposed change to revise TS 3.8.1 to reflect a new offsite circuit is to more closely conform to the NRC staffs guidance in NUREG-1431 (Reference 1) for "AC Sources - Operating" and also to have a TS 3.8.1 that is consistent with many of the other Westinghouse Pressurized Water Reactor plants in the nuclear industry.

Load Tap Changers The new startup transformer to be connected to the 230kV switchyard and a new replacement 115kV transformer will be equipped with L TCs with manual and automatic control capabilities.

The L TCs can automatically maintain the 4.16kV bus voltages at the required voltage for variations in switchyard voltage. This will minimize the occurrence and effect of overvoltage or undervoltage on the plant electrical equipment and the safety related buses throughout the plant modes of operation as well as applicable emergency conditions.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 5 Operation of the LTCs in automatic mode requires NRC approval in accordance with 10 CFR 50.59, since automatic L TC operation creates a possibility for a malfunction of a structure, system, or component important to safety with a different result than any previously evaluated in the UFSAR. With the proposed change, operation of the L TCs in automatic mode will be allowed. The UFSAR description of the offsite power sources will be revised to describe the automatic L TC operation. I I

2.4 Description of the Proposed Change The proposed change described in the following subsections is comprised of two separate change requests. The first request is associated with a revision to Technical Specification (TS) 3.8.1, "AC Sources - Operating," in order to reflect the addition of a second qualified offsite circuit. The second request is to revise the current licensing basis (i.e., UFSAR) to allow for the use of LTCs in the automatic mode of operation on both startup transformers (i.e., the new 230 kV startup transformer and the new replacement 115 kV startup transformer).

2.4.1 Technical Specification 3.8.1 Change Request TS 3.8.1, "AC Sources - Operating" will be revised as follows and the TS markups that reflect the proposed change are contained in Attachment 1.

LCO 3.8.1.a is modified to state: "Two qualified circuits between the offsite transmission network and the onsite emergency AC Electrical Power Distribution System; and" Condition A is revised to state: "One offsite circuit inoperable."

A new RA A.1 and associated CT with an "AND" connector are inserted as follows:

RA A.1: "Perform SR 3.8.1.1 for OPERABLE offsite circuit.

CT:

"1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter

The existing RA A.1 is renamed A.2. The associated CT is revised to state: "24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from discovery of no offsite power to one train concurrent with inoperability of redundant required feature(s)."

The existing RA A.2 is renamed A.3. The associated CT is revised to state:

"72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 1 O days from discovery of failure to meet LCO"

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page6 The CT for existing RA B.4 is revised to state:

"7 days AND 1 O days from discovery of faillre to meet LCO" New Condition C and associated RAs and CTs is added as follows:

C.

Two offsite circuits inoperable.

C. 1 Declare required feature(s) inoperable when its redundant required feature(s) is inoperable.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from discovery of Condition C concurrent with inoperability of redundant required features C.2 Restore one offsite circuit 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months to OPERABLE status.

New Condition D and associated RAs and CTs is added as follows:

D.

One offsite circuit inoperable.

One DG inoperable.

NOTE------

Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems - Operating,"

when Condition D is entered with no AC power source to any train.

D.1 Restore offsite circuit to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months OPERABLE status.

OR D.2 Restore DG to OPERABLE status.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 7 New Condition E and associated RA and CT is added as follows:

E.

Two DGs inoperable.

I E.1 Restore one DG to OPERABLE status.

2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months I

I I

The existing Condition C is renamed Condition F and revised to state: "Required Action and associated Completion Time of Condition A, B, C, D, or E not met."

The existing RAs C.1 and C.2 are renamed F.1 and F.2.

The existing Condition D is renamed Condition G and revised to state: "Three or more AC sources inoperable."

The existing RA D.1 is renamed G.1 and the NOTE is deleted.

The existing SR 3.8.1.1 is revised to state: "Verify correct breaker alignment and indicated power availability for each offsite circuit."

New SR 3.8.1.18 is added as follows:

SR 3.8.1.18

NOTE-----------------

This Surveillance shall not be performed in MODE 1 or 2.

Verify manual transfer of AC power sources from the 18 months normal offsite circuit to each alternate offsite circuit.

The TS 3.8.1 change request described above is supported by changes to the TS Bases. In addition to reflecting the requested change to the TS, the TS 3.8.1, 3.8.2, 3.8.4 and 3.8.9 Bases are revised for clarity and consistency. The regulation at 10 CFR 50.36 states, "A summary statement of the bases or reasons for such specifications, other than those covering administrative controls, shall also be included in the application, but shall not become part of the technical specifications." Changes to the TS Bases will be made in accordance with the Technical Specifications Bases Control Program following approval of the requested amendment. The proposed TS Bases changes are consistent with the proposed TS changes and provide the purpose for each requirement in the specification consistent with the Commission's Final Policy Statement on Technical Specifications Improvements for Nuclear Power Reactors, dated July 2, 1993 (58 FR 39132). Therefore, the TS Bases changes are provided for information in Attachment 2 and approval of the TS Bases is not requested.

2.4.2 Load Tap Changer Request There are no changes to the HBRSEP TSs associated with the request to operate L TCs on the two plant startup transformers (i.e., new replacement 115 kV SU transformer and new 230 kV SU transformer) in the automatic mode of operation. While the 115 kV and 230 kV startup

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 8 transformers are required to support operability of the qualified offsite circuits, there are no LCO Conditions, RAs, associated CTs or SRs that are specific to the startup transformers. The LCO Conditions, RAs, associated CTs and SRs are associated with the qualified offsite circuits.

The HBRSEP UFSAR will be revised as reflected in Attachment 3 to provide discussion of the L TCs in both the automatic and manual modes of operation. However, the proposed amendment only requests NRC staff apprbval to operate the L TCs in the automatic mode of operation because it was determined that lsuch operation creates the possibility for a malfunction of a structure, system or component important to safety with a different result than any previously evaluated in the UFSAR.

Changes to the TS Bases associated with the request to operated L TCs in the automatic mode of operation will be made in accordance with the Technical Specifications Bases Control Program following approval of the requested amendment. TS Bases changes are provided for information in Attachment 2 and approval of the TS Bases is not requested.

3.

TECHNICAL EVALUATION 3.1 Technical Specification 3.8.1 Change Request LCO 3.8.1.a is modified to reflect that there will be two qualified offsite circuits at HBRSEP.

NUREG-1431 (Reference 1) is written to reflect a Westinghouse single unit plant with two qualified offsite circuits. Therefore, the proposed wording for the modified HBRSEP LCO 3.8.1.a. is verbatim from Reference 1.

Condition A is modified to reflect Reference 1 because HBRSEP will have two qualified offsite circuits. Since Conditions should be ordered from the least to the most degraded, proposed Condition A for one offsite circuit inoperable is positioned in TS 3.8.1 before the Condition for two offsite circuits inoperable (new Condition C).

In accordance with Reference 1, new RA A.1 is added to perform SR 3.8.1.1 for the operable offsite circuit anytime one offsite circuit is inoperable. Performance of SR 3.8.1.1 ensures a highly reliable power source remains with one offsite circuit inoperable. The one hour CT associated with new RA A.1 is consistent with Reference 1 and reflects that it is necessary to perform the SR on a more frequent basis. The "Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter CT associated with new RA A.1 is consistent with the CT for existing RA B.1 to perform the same SR.

Verifying an offsite power source remains with one offsite circuit inoperable once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months also corresponds to once per shift.

Renaming the existing RA A.1 to A.2 is an administrative change. The new RA A.2 CT of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from discovery of no offsite power to one train concurrent with inoperability of redundant required feature(s) is consistent with Reference 1 and is considered acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown. Additionally, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT takes into account the capacity and capability of the remaining AC sources (i.e., remaining offsite circuit and the DGs), a reasonable time for repairs, and the low probability of a Design Basis Accident (OBA) occurring during the period.

Renaming the existing RA A.2 to A.3 is an administrative change. The new RA A.3 CT of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months is consistent with Reference 1 and also Regulatory Guide 1.93 (Reference 2). According to Reference 2, operation may continue when one offsite circuit is inoperable for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT takes into account the capacity and capability of

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 9 the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during the period. The maximum CT for new RA A.3 is proposed to be extended from 8 days to 1 O days. The maximum CT of 10 days limits the total time that LCO 3.8.1 is not met while concurrently or simultaneously entering and exiting Conditions A ("One offsite circuit inoperable.") and B ("One OG inoperable."). The existing maximum CT is the sum of the CT for existing RA A.2 (i.e., 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months ) and existing RA B.41 (i.e., 7 days). HBRSEP is proposing to extend the CT for existing RA A.2 (new RA A.3) to V2 hours due to the addition of a qualified offsite circuit. Thus, the new maximum CT for new RA A.3 will be increased from 8 days to 10 days.

The maximum CT for RA B.4 is proposed to be extended from 8 days to 10 days. The maximum CT of 1 O days limits the total time that LCO 3.8.1 is not met while concurrently or simultaneously entering and exiting Conditions A ("One offsite circuit inoperable.") and B ("One OG inoperable."). The existing maximum CT is the sum of the CT for existing RA A.2 (i.e., 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months ) and existing RA B.4 (i.e., 7 days). HBRSEP is proposing to extend the CT for existing RA A.2 (new RA A.3) to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months due to the addition of a qualified offsite circuit. Thus, the new maximum CT for RA B.4 will be increased from 8 days to 1 O days.

The new Condition C that is added for two offsite circuits inoperable is consistent with Reference 1. This new Condition is required because HBRSEP will transition from only having one qualified offsite circuit to two qualified offsite circuits. Because the severity of the level of degradation associated with new Condition C is less than other combinations of two AC sources inoperable that involve one or more OGs, new Condition C is positioned in TS 3.8.1 before those other combinations. Two factors tend to decrease the severity level of degradation for new Condition C according to Reference 1:

1. The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and

2. The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source.

In accordance with Reference 1, new RA C.1 is added to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety features.

The CT of new RA C.1 for the failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power (new RA A.2). Reference 2 allows a CT of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are operable. This assumption is invalid when a concurrent redundant required feature failure exists, and a shorter CT of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months CT for new RA C.1 is also consistent with Reference 1.

The new RA C.2 that is added to restore one offsite circuit to operable status and its associated CT is consistent with Reference 1. The CT for new RA C.2 is also in accordance with Reference 2, which discusses that operation may continue with two offsite circuits inoperable for a period that should not exceed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation (i.e., two offsite circuits inoperable) means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident. However, the onsite AC sources have not been degraded. The onsite AC sources are sufficient to maintain the HBRSEP unit in a safe shutdown condition in the event of a OBA or transient. A simultaneous loss of offsite AC sources, a loss of coolant accident (LOCA) and a worst case single failure were postulated as a

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 10 part of the design basis in the safety analysis. Thus, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT for new RA C.2 provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.

The new Condition D that is added for one offsite circuit inoperable and one DG inoperable is co~sistent with Reference 1. This new Condition is necessitbted by HBRSEP transitioning to tw6 qualified offsite circuits for the AC electrical power systeh In this new Condition D, the reliability of the power systems is lower than that in Condition C (loss of both offsite circuits).

The difference in reliability is due to the susceptibility of the power system configuration for new Condition D to a single bus or switching failure. Therefore, new Condition D is appropriately positioned after new Condition C.

The new RAs D.1 and D.2 that are added to restore the offsite circuit to operable status or the DG to operable status and the associated CTs are consistent with Reference 1. The CTs for new RAs D.1 and D.2 are also in accordance with Reference 2, which discusses that operation may continue with one offsite circuit inoperable and one DG inoperable for a period that should not exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . The CTs of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months are also appropriate because they take into account the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during the period. A Note also is proposed that modifies the RAs for Condition D. The Note indicates that when new Condition Dis entered with no AC source to any train, the Conditions and RAs for LCO 3.8.9, "Distribution Systems - Operating,"

must be entered immediately. This Note allows new Condition D to provide requirements for the loss of one offsite circuit and one DG, without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train in this instance. Without the Note modifying new RAs D.1 and D.2, the Distribution System ACTIONS would not be entered, even if all AC sources to it were inoperable, resulting in a de-energized train.

New Condition E that is added for two DGs inoperable aligns HBRSEP to Reference 1. In this new Condition E, with Train A and Train B DGs inoperable, there are no remaining standby AC sources. With an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required Engineered Safety Features (ESF) functions. The severity of the level of degradation associated with new Condition E is higher than that of Conditions A, B, C and D. Thus, new Condition E is positioned after those other Conditions.

The new RA E.1 that is added to restore one DG to operable status and its associated CT (i.e.,

2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months ) is consistent with Reference 1. Since the offsite electrical power system is the only source of AC power when two DGs are inoperable, the risk associated with continued operation for a very short time (i.e., 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months ) could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, which could result in a total loss of AC power). However, any inadvertent generator trip could also result in a loss of offsite AC power, and thus the 2 hour2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months CT severely restricts the time allowed for continued operation. The intent of RA E.1 and its associated CT of 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with the level of degradation when two DGs are inoperable.

Renaming existing Condition C to Condition Fis an administrative change. New Conditions C, D and E are added to new Condition F in order to reflect the situation when inoperable AC electric power sources associated with Conditions C, D and E cannot be restored to operable status within their respective CTs (i.e., the RA and associated CT of Condition C, Dor Eis not met). The new Condition F is consistent with Condition G of Reference 1.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 11 Renaming the existing RA C.1 to F.1 and the existing RA C.2. to F.2 are administrative changes. The CTs for new RAs F.1 and F.2 are appropriate when the RA and associated CT of new Condition C, D or E is not met. Bringing the HBRSEP unit to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months when the RA and associated CT of new Condition C, D or E is not met is based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner without challenging plant syst~ms. New RAs F.1 and F.2 and their as~ociated CTs are consistent with Reference 1.

l The existing Condition D is renamed to Condition G. This is an administrative change. New Condition G is modified to reflect three or more AC sources inoperable in order to be consistent with Reference 1 and to reflect that HBRSEP will have two qualified offsite circuits installed.

The existing RA D.1 is renamed to G.1. This is an administrative change. The Note that modified existing RA D.1 is no longer needed since a new Condition E for two DGs inoperable, along with its associated RA and CT, is being proposed. Therefore, the Note for existing RA D.1 is proposed to be deleted.

New SR 3.8.1.18 that is added to verify manual transfer of AC power sources from the normal offsite circuit to each alternate offsite circuit aligns HBRSEP to guidance in Reference 1. The 18 month frequency of the SR is based on engineering judgment, taking into consideration the unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

3.2 Load Tap Changers Request 3.2.1 Evaluation of the Load Tap Changer The replacement 115kV startup transformer and the new 230kV startup transformer will be installed during the refueling outage planned for the Fall of 2018. Each of these startup transformers will be equipped with a Load Tap Changer (LTC) that can regulate the output voltage of the respective startup transformer to the respective 4.16kV buses while in the manual or automatic operating mode. Operation of the L TCs for the 115kV and 230kV startup transformers in the manual mode has been evaluated in accordance with 1 O CFR 50.59 and determined to not require NRC staff approval. The analysis that follows focuses on the L TCs operation in the automatic operating mode.

L TC operation is based on the following primary and backup controller set points in Tables 1 and 2. The voltage level (Bandcenter) is set at 4160V or 120V base for both the 115kV and 230kV startup transformers. This is based on an evaluation that determined a nominal 4kV bus voltage setpoint of 4160V provides for voltages above the acceptance criteria for bus alignments during steady state and transient conditions.

Table 1: Primary Controller Setpoints M-20010 primary Voltage level 120V Bandwidth 3.71 TimeDelay 30Seconds Fast Voltage Recovery Enabled Recovery Voltage Level sv

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 12 Table 2: Backup Controller Setpoints M-03298 backup Voltage level uov Bandwidth 5V Deadband lV Time Delay 5 seconds The voltage control bands established with the above settings is shown in Figure 1 below.

Figure 1 represents the startup transformer's ( 11 SkV or 230kV) L TC voltage and control limits with the switchyard voltage within the voltage schedule. Explanation of these voltage bands is provided in the subsequent descriptions of L TC operation.

Figure 1: 115/230kV Startup Transformers Control and Limit Bands 43g_93 ****

4133.93 I I I I

.--------. 4281-07 Overvoltage *run back" Backup Controller Issue LTC Lower Command 4325

P1tmary Centi r

Uncett> IV -

eackup Controlloer

____.,_.__ 4290V - Overvoltage Limit (hckup Controller -

Block Raise Limit)

Unccrtalftty * *

4246.08 * * *

420.48

- -*-.. **-* 4224.3V - Upper Band Umit 4203.13 NomJnaJ *1sov. -* --**

4116.88 Volt.Olge Control Bclnd (Prrnary Mlcroconltolet) 4095.7V-Lower Band Limit 4074.53 4073.93 *****

+--- 4030V - Undervolta1* Limit (Backup Controller -

Block Lower Limit) 3986.08 *****

Voltage Limit Band(Badtup ConlrOli.r) 3l28V 4kV Bus Ill Low Transient Crk8rla (Upper Uanlt)

The Reinhausen RMV-11 tap changer mechanism for each LTC is located in a separate enclosure mounted to the transformer tanks. A drive motor rotates the tap changer to increase or decrease the number of transformer windings in service. By operating the drive motor, which changes the tap settings, the transformer output voltage is raised or lowered. The tap changer has four modes of operation: automatic, remote manual operation (uses the drive motor), local

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 13 manual operation (uses the drive motor) and manual hand crank. Manual hand crank operation can only be utilized when the associated SUT is de-energized. Any alarm condition associated with the L TC mechanism or loss of control supply power will cause light emitting diodes (LEDs) to illuminate locally at the L TC. Additionally, selected L TC alarms will annunciate/alarm in the Control Room. Operation of the tap changer in automatic control mode is the focus of the proposed change. A primary Beckwith M-2001 D microcontroller and a backup BeckwitH M-0329B microcontroller, separate from each startup transformer and the L TC mechanis~I. will be used to control the LTC mechanism.

In automatic mode, the primary microcontroller monitors load voltages to create a signal based on the sensed secondary voltage of its associated SUT. Each SUT has two output windings, designated the "X" and "Y" windings. During normal operation the 11 SkV SUT "X" winding provides power to Emergency Bus E1 and the 230kV SUT "Y" winding provides power to Emergency Bus E2. Therefore, the L TC microcontroller senses the 11 SkV SUT "X" winding and the 230kV SUT "Y" winding voltages. The primary microcontroller sends the signal to the L TC mechanism, which changes the tap setting when required, so that voltage is controlled to within the desired range. The desired range is symbolized by the "Voltage Control Band - Primary Microcontroller on Figure 1 and includes the "Upper Band Limit" of and the "Lower Band Limit."

The primary microcontroller also has programmable overvoltage detection and undervoltage blocking settings available. Furthermore, the primary controller has the ability to be configured to operate in both steady state voltage control definite time delay and fast voltage recovery mode. The steady state definite time delay prevents unnecessary L TC operations with slow voltage excursions of small magnitude and the fast voltage recovery mode provides for rapid L TC response to large grid transients. The fast voltage recovery mode (sensing time of half a second and operation time of 2 seconds) provides acceptable voltage response for the worst case grid transients and plant trips.

For added reliability, a backup microcontroller is installed that prevents a defective primary LTC tap changer microcontroller from adjusting the voltage outside the established upper and lower limits. The voltage limit band is symbolized by the "Voltage Limit Band - Backup Controller on Figure 1 and includes the "Undervoltage Limit (Backup Controller - Block Lower Limit)" and the "Overvoltage Limit (Backup Controller-Block Raise Limit)." The backup controller senses voltage at the same bus level as the primary controller with a separate drawer mounted potential transformer. This allows for proper isolation between the primary and backup controllers. The backup controller is wired in series with the primary controller L TC raise and lower commands. The backup controller functions to provide an "inhibit band" which is a separate control band set just outside the normal control band. Should the sensed voltage vary outside of this band, the backup controller prevents the primary controller from issuing a raise or lower command. Additionally, the backup controller is configured with an adjustable deadband and the ability to issue a lower command to the L TC to bring the voltage back into normal operating range, should voltage continue to rise. The backup microcontroller time delay is adjustable from 1 to 30 seconds (5 seconds was chosen to create the desired backup controller response). If voltage remains above the maximum (Block Raise) voltage by the selected deadband, the controller will issue a lower command to the tap changer to lower the voltage.

The new replacement 11 SkV startup transformer L TC and the new 230kV startup transformer LTC both provide a range of voltage regulation from -12.4% to +12.4% at rated secondary voltage in 16 steps (plus the nominal tap position). By providing automatic voltage regulation based on the onsite 4.16kV plant buses voltage for both the 11 SkV startup transformer L TC and the 230kV startup transformer L TC, both L TCs can compensate for the range of 11 SkV and/or 230kV system operating voltages.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 14 Operation of each transformer (115kV and 230kV) is verified following installation, which includes verification of the LTC operation over the full range of tap positions. Testing on the primary and backup microcontrollers includes confirmation, using a simulated voltage input, that the LTC regulating relays provide the correct raise/lower response in the automatic control mode. Testing on the backup solid state controller also ensures that it provides the proper blocking/ lowering function in the even~ of a primary microcontroller failure.

3.2.2 Load Tap Changer Automatic Operation Failure Modes Evaluation An evaluation of the potential failure modes of the L TC and its control system has been performed for both the replacement 115kV startup transformer and the new 230kV startup transformer. The evaluation results are discussed below and summarized in Table 3. The Failure Modes and Effects Analysis (FMEA) evaluation results show that use of the L TC in automatic mode creates the possibility for a malfunction of the L TC Operating Mechanism that raises or lowers the voltage provided to the 4.16 kV buses that feed the 480V safety-related buses. The condition created when the L TC Operating Mechanism automatically lowers the voltage provided to the safety-related buses was previously evaluated and is conservatively enveloped by evaluations previously performed in the UFSAR for the loss of voltage and degraded voltage instrumentation.

However, the condition created when the L TC Operating Mechanism raises the voltage provided to the 4.16kV safety-related buses has not been previously evaluated in the UFSAR.

As a result, in accordance with 10 CFR 50.59, the use of the L TC requires NRC approval, since this potential malfunction of the L TC creates a possibility for a malfunction of a structure, system or component important to safety with a different result than any previously evaluated in the UFSAR.

3.2.2.1 Failure Modes that Increase Voltage A failure of a L TC that results in increasing voltage causes the 4kV and 480V buses and loads downstream of the affected LTC to experience higher than design level voltages. When this failure mode occurs, one or both of the 480V emergency buses are affected. Damage from an overvoltage condition is only expected if the condition is sustained for an extended period of time. This condition will not be sustained over an extended period of time due to the ability to quickly detect the failure and administer protective actions to correct the condition.

Causes for failure at the high voltage limit include:

Loss of control power to L TC component(s)

Mechanical failure of the tap changer Mechanical or electrical failure of the L TC motor Human factors error Failure at the Control Room remote control station Failure at the digital tap changer controller (inadvertent/wrong tap setting demand signal outputted)

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 15 Each of the above failures is detectable through alarms generated locally or remotely by the failed components or through operator monitoring of voltages when attempting to change tap position.

The following voltage alarms will be included in the offsite power system after the transmission upgrades:

1

Annunciator APP-036-E3: 11 SkV Startup Transformer (sun or 230kV SUT over/under voltage 480V Emergency Bus E1 or E2 supply over/under voltage Annunciator APP-036-E3 is on the high side of the SUTs. A high voltage alarm experienced at one of these annunciators indicates that the high voltage is caused by the grid. The 480V Emergency Bus E1 and E2 alarms are on the low side of transformers SST 2F and SST 2G, respectively. A high voltage alarm experienced at these points indicates that the condition may be the grid or a failed component(s) upstream of the 480V emergency bus alarms. When a L TC fails and increases voltage, the 480V emergency bus voltage indicators will alarm and the APP-036-E3 annunciator will not. Therefore, this failure is detectable.

Operators will be able to respond under the guidance of abnormal operating procedures to the high voltage alarms and place the L TC in manual mode. The tap settings will be manually raised to correct the increased voltage condition if the failure was caused by the automatic controller.

If the failure was caused by a motor fault, then manual movement of the tap settings may not be possible and manual unloading of the SUT may be required.

The HBRSEP transmission upgrade design will provide indication to allow operators to detect an overvoltage condition and respond in a timely manner to limit the duration of the high voltage condition.

3.2.2.2 Failure Modes that Decrease Voltage A failure of a L TC that results in decreasing voltage causes the 4kV and 480V buses and loads downstream of the affected L TC to experience lower than design level voltages. When this failure mode occurs, one or both of the 480V emergency buses are affected. At the L TC highest tap setting, the undervoltage conditions on the affected 480V emergency bus will cause the supply breaker to trip and the bus to isolate and align with its associated emergency diesel generator. It should be noted that prior to reaching the degraded or undervoltage conditions on the emergency buses, operators will be notified of the low voltage condition via the E1/E2 voltage monitors and Main Control Room annunciation.

Causes for failure at the low voltage limit include:

Loss of control power to LTC component(s)

Mechanical failure of the tap changer

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 16 Mechanical or electrical failure of the L TC motor Human factors error Failure of the backup controller (lower function enabled)

Failure at the Control Room remote control station\\

Failure at the digital tap changer controller (inadvertent/wrong tap setting demand signal outputted)

Each of the above failures is detectable through alarms generated locally or remotely by the failed components or through operator monitoring of voltages when attempting to change tap position.

A low voltage alarm experienced at one of the APP-036-E3 annunciators indicates that the low voltage is caused by the grid. A 480V Emergency Bus supply voltage E1 or E2 alarming indicates that the source of the undervoltage condition may be the grid or a failed component(s) upstream of the 480V emergency bus alarms. When a L TC fails and decreases voltage, the 480V emergency bus voltage indicators will alarm and the APP-036-E3 annunciator will not.

Therefore, this failure is detectable.

Operators will be able to respond under the guidance of abnormal operating procedures to the low voltage alarms and place the L TC in manual mode for small voltage degradation or slow degradation. The tap settings will be manually lowered to correct the low voltage condition.

Prompt action prevents the voltage from being lowered below the degraded grid setpoint. For a significant voltage drop where there may not be time for operator action, undervoltage protection schemes (i.e., degraded grid or loss of voltage) on the emergency buses will automatically initiate.

The failure is detectable with procedural actions in place to prevent the voltage limit from reaching the degraded grid setpoint. If the L TC failure is not mitigated, then the existing degraded and/or undervoltage protection will ensure the emergency bus loads are protected and the emergency diesel generators will be available to support those loads. Therefore, the existence of this possible failure mode is deemed acceptable.

3.2.2.3 L TC Fails in Place Failure of the LTC to change the tap setting when required could create an overvoltage or an undervoltage condition if the grid voltage changes by a sufficiently large amount subsequent to a failure. A failure of the L TC to change the tap setting when required is not immediately detectable in some instances. However, there are several failures of the L TC and its controller that are detectable via local and subsequent Main Control Room annunciation. This includes some mechanical failures (see Table 3 below). A failure will only be detected when an overvoltage or undervoltage condition is detected. In addition, when the plant is in a single SUT configuration, the L TC is required to be in automatic mode to support a unit trip. If the L TC fails in place, then on a unit trip the degraded grid conditions will be met and offsite power will be lost to both emergency buses.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 17 Causes for failure in place include:

Loss of control power to L TC component(s) [detectable]

Mechanical failure of the tap changer [potentially undetectable]

Mechanical or electrical failure of the L TC motbr [potentially undetectable]

Human factors error [detectable]

Failure of the backup controller (block enabled) [detectable]

Failure at the Control Room remote control station [detectable]

Failure at the digital tap changer controller (inadvertent/wrong tap setting demand signal outputted) [detectable]

Mechanical failures of the tap changer mechanism or drive motor (and protective devices) may result in an undetectable failure of the L TC that will cause it to fail in place regardless of the demand signals. However, periodic maintenance and testing will detect these types of failures.

There are alarms that will indicate high or low voltage from the grid and at the 480V emergency buses that will provide sufficient detection once failure effects are present. Operator attention to voltages during tap changes will also provide an indication of tap position (or failure to change position). Procedurally controlled operator actions will be implemented quickly following detection and will return the system voltage to acceptable levels.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 18 Table 3 Load Tap Changer and Microcontroller Failure Modes and Effects (115kV/230kV SUTs)

Component Function Failure Modes Effects on Train or System Remarks and Other Effects Identification Reinhausen Load Tap

1. L TC may remain in previous position System will be inspected and RMV-11 (Tap Changer

2. L TC may inadvertently raise the maintained in accordance with vendor Changer (Mechanical voltage.

manual recommendations.

Mechanism)

Portion)

3. L TC may inadvertently lower the voltage General SUT Trouble alarm is provided.

4. L TC may be unable to interrupt the arc Alarm indications at local SUT

5. L TC may be unable to select the Annunciator panel:

next tap position L TC Vacuum Sys. Control Lockout

6. L TC may not be able to perform LTC Control Trouble [Tap Changer changeover.

Failure]

7. Position change may require hand L TC Oil Level Low Total crank manual action (NOTE: The Shutdown/Failure manual crank cannot be operated with the SUT energized)

I I

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 19 Component Function Failure Modes Identification Partial or Intermittent Failure Reinhausen Load Tap RMV-11 (Tap Changer Changer (Motor)

Mechanism)

Total Shutdown/Failure Partial or Intermittent Failure Effects on Train or System Remarks and Other Effects I

1. L TC may remain in previous position.

2. L TC may be unable to interupt the arc.

3. L TC may be unable to select the next tap position.

4. L TC may be slow in moving to the next tap position.

5. L TC may not be able to perform changeover.

6. Position change may require hand crank manual action. (NOTE: The manual crank cannot be operated with the SUT energized)

1. Loss of ability to change tap location.

2. Position change may require hand System will be inspected and crank manual action (NOTE: The maintained in accordance with vendor manual crank cannot be operated with manual recommendations.

the SUT energized.)

General SUT Trouble alarm is provided.

Alarm indications at local SUT annunciator panel:

Loss of L TC Control Power

1. Failure to completely stop upon LTC Control Trouble [Tap Changer position change.

Failure, Abnormal Tap Position]

2. Failure to change position upon loss L TC Control Lockout of arc in bypass switch.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 20 Component Function Failure Modes Identification SELSYN LTC Tap 1292KS Position Total Tap Sensor Sensor Shutdown/Failure Partial or Intermittent Failure Spurious Failure INCON Indication of 1250-B Tap Position Tap Position Total Monitor Shutdown/Failure Effects on Train or System Remarks and Other Effects I

1. Loss of output to Tap Position System will be inspected and maintained in accordance with vendor Monitor.

manual recommendations.

2. Loss of ability to determine tap position.

General SUT Trouble alarm is provided.

1. Loss of or intermittent output to Tap Alarm indications at local SUT annunciator Panel:

Position Monitor.

L TC Control Trouble [Abnormal Tap

2. Loss of ability to determine tap position.

Position]

3. Incorrect indication of tap position.

System will be inspected and maintained in accordance with vendor manual recommendations.

Faulty connection/cable General SUT Trouble alarm is provided.

Alarm indications at local SUT Annunciator Panel:

L TC Control Trouble [Abnormal Tap Position]

1. Loss of indication of Tap Position Testing will verify that the device retains Monitor its configuration following loss and

2. Loss of output to Current Loop restoration of power. Component will Interface (CU) meet Duke cyber security requirements.

3. Loss of ability to determine tap position.

System will be inspected and maintained in accordance with vendor manual recommendations.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 21 Component i

Function 1 Failure Modes Identification I

Partial or Intermittent Failure Spurious Failure Software Failure/Cyber Attack I

Effects on Train or System Remarks and Other Effects I

1. Loss of or intermittent indication of General SUT Trouble alarm is provided.

Tap Position Monitor

2. Loss of output to Current Loop Alarm indications at local SUT Interface (CU).

Annunciator Panel:

3. Loss of ability to determine tap L TC Control Trouble [Abnormal Tap position.

Position]

4. Incorrect indication of tap position.

1. Loss of or intermittent indication of Tap Position Monitor.

2. Loss of output to Current Loop Interface (CU).

3. Loss of ability to determine tap position.

4. Incorrect indication of tap position.

1. Loss of or intermittent indication of Tap Position Monitor.

2. Loss of output to Current Loop Interface (CU).

3. Loss of ability to determine tap position.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 22 Component Function Failure Modes Identification Beckwith Senses Tap CU M2025D Position and Current Loop Provides Total Interface Output Shutdown/Failure Module Value to Digital Tapchange Controller Partial or Intermittent Failure Spurious Failure Effects on Train or System Remarks and Other Effects

1. Loss of output to Digital Tapchange Controller.

2. Loss of input from Tap Position Monitor.

3. Loss of ability to determine tap position.

1. Intermittent output to Digital Tapchange Controller.

System will be inspected and

2. Loss of ability to determine tap maintained in accordanee-with vendor position.

manual recommendations.

3. Incorrect tap position transmitted to Digital Tapchange Controller.

General SUT Trouble alarm is provided.

Alarm indications at local SUT annunciator Panel:

L TC Control Trouble [Abnormal Tap Position]

1. Loss of output to Digital Tapchange Controller.

2. Loss of ability of Digital Tapchange Controller to determine tap position.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 23 Component Identification Function Failure Modes Beckwith Sets limits LTC for Backup LTC Digital Controller Tapchange M0329B Controller Total Shutdown/Failure Partial or Intermittent Failure Beckwith Provide M2001D control Digital Signal to Total Tapchanger LTC, power Shutdown/Failure Controller detection/

operation, metering and logging, I

Effects on Train or System Remarks and Other Effects I I I

1. May block operation of movement relays.

2. Voltage levels may drop below System will be inspected and minimum.

maintained in accordance with vendor

3. Loss of automatic tap changer manual recommendations.

control. L TC maintains position. Manual control may be performed.

General SUT Trouble alarm is provided.

Alarm indications at local SUT annunciator Panel:

L TC Backup Controller Alarm Loss of L TC Control Power

1. May block operation of movement L TC Control Trouble [Block Raise relays.

(Tap), Block Lower (TapT,-Block Raise

2. Voltage levels may drop below (Voltage), Block Lower (Voltage)]

minimum.

3. May lose tap changer control. L TC maintains position.

1. Loss of L TC position input from Tap Testing will verify that the device retains Sensor.

its configuration following loss and

2. Loss of demand signal to L TC and restoration of power. Component will Backup Controller.

meet Duke cyber security requirements.

3. L TC Movement requires manual Component will meet Duke action from either the local or control requirements for configuration control.

room stations.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page24 Component Identification Function

~ Failure Modes harmonic

analysis, SOE, heartbeat, and other monitoring.

May be used in manual or automatic control.

Partial or Intermittent Failure I

Effects on Train or System Remarks and Other Effects I

4. Backup controller may block required action if limits are reached.

System will be inspected and maintained in accordance with vendor manual recommendations.

General SUT Trouble alarm is provided.

1. Tap setting demand signal not Alarm indications at local SUT outputted.

annunciator Panel:

2. Inadvertent/wrong tap setting L TC Control Trouble demand signal outputted.

L TC Back-Up Controller Alarm Loss of L TC Control Power

1. Loss of demand signal to L TC and Testing will verify that the device retains Backup Controller its configuration following loss and

2. Loss of Automatic Mode Operation.

restoration of power. Component will L TC Movement requires manual action meet Duke cyber secuffiY.J:_equirements.

from either the local or control room Component will meet Duke stations.

requirements for configuration control.

System will be inspected and

1. Raises tap setting when not maintained in accordance with vendor needed. Backup controller mitigates or manual recommendations.

blocks raise signal to maintain tap General SUT Trouble alarm is provided.

position.

2. Lowers tap setting when not needed.

Backup controller blocks lower signal to control voltage.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 25 Component Function Failure Modes Identification Spurious Failure Control Room Provide Remote Remote Total Control LTC Control Shutdown/Failure Pushbutton from MCR Station Partial or Intermittent Failure Effects on Train or System Remarks and Other Effects I

3. Fails to changes taps on demand.

Tap setting remains as-is. L TC Alarm indications at locaf-SUT Movement requires manual action from annunciator panel:

either the local or control room stations.

L TC Control Trouble

1. Tap setting demand signal not L TC Back-Up Controller Alarm Loss of L TC Control Power outputted.

2. lnadvertant/wrong tap setting demand signal outputted.

1. Loss of demand signal to L TC and Backup Controller.

2. L TC Movement requires manual action from either the local or control room stations.

System will be inspected and maintained in accordance with vendor

1. Unable to move L TC remotely.

manual recommendations.

2. I nadvertant movement of tap changer.

Local control overrides-remote control.

1. Unable to move L TC remotely.

2. I nadvertant movement of tap changer.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 26 Component Function Failure Modes Identification Siemens Voltage PTW3 Transformer (Primary)

Total Shutdown/Failure Partial or Intermittent Failure Siemens Voltage PTW3 Transformer Total (Backup)

Shutdown/Failure Effects on Train or System Remarks and Other Effects I

3. Unable to stop tap changer Alarm indications at local SUT movement annunciator panel:

L TC Backup Controller Alarm Loss of L TC Control Power L TC Control Trouble [Block Raise (Tap), Block Lower (Tap), Block Raise (Voltage), Block Lower (Voltage)]

1. Loss of voltage input to Primary Controller. Controller unable to perform System will be inspected and control actions.

maintained in accordance with vendor

2. Loss of control loop.

manual recommendations.

Alarm indications at local SUT annunciator panel:

L TC Control Trouble [Block Raise

1. Spurious voltage input to Primary (Voltage), Block Lower Voltage]

Controller. Controller may be unable to Loss of L TC Control Power perform control actions or may perform L TC Back-Up Controller Alarm incorrect actions.

2. Loss of control loop.

System will be inspected and

1. Loss of input to Backup Controller.

maintained in accordance with vendor Controller may be unable to perform manual recommendations.

control or blocking actions or may perform incorrect actions.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 27 Component Function Failure Modes Identification Partial or Intermittent Failure Control Room Provide Remote Auto/Manual Total Auto/Manual Remote Shutdown/Failure Controls LTC Control from MCR Partial or Intermittent Failure Effects on Train or System Remarks and Other Effects Alarm indications at local SUT

1. Loss of input to Backup Controller.

annunciator panel:

Controller may be unable to perform Loss of L TC Control Power control or blocking actions.

L TC Back-Up Controller Alarm

1. Unable to move L TC remotely.

2. Inadvertently Disable Automatic Control System will be inspected and maintained in accordance with vendor manual recommendations.

1. Unable to move L TC remotely.

Local control overrides remote control.

2. Inadvertently Disable Automatic Control

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 28 3.2.3 Evaluation of Offsite Circuit Operability with a Non-Functional Load Tap Changer Implementation of automatic operation of the L TCs will allow them to automatically compensate for variations in switchyard voltage that could otherwise render the offsite circuits inoperable. A review of plant electrical ~us alignments was conducted for both normal and accidept grid transients and fast bus tr nsfers. This evaluation applied the worst case transient ~oltage acceptance criteria from t e existing HBRSEP Load Flow and Short Circuit ETAP model calculation. The evaluation determined that the new replacement 11 SkV startup transformer and the new 230kV startup transformer with L TCs were able to provide the transient response necessary to prevent operation of the safety related buses E1 and E2 DGVR relay. In the event that the L TC is non-functional and unable to compensate for switchyard voltage variations, offsite circuit operability will be determined based upon the L TC position and the current switchyard voltage. Provided that switchyard voltage is above the lowest scheduled value (116kV) established in the LTC analysis and the LTC is at or above the -3% position, the offsite circuit is operable. Switchyard voltage above the lowest scheduled voltage and the L TC at or above the -3% position ensures that emergency bus voltage is adequate to prevent the DGVR from timing out.

3.2.4 Conclusion Implementation of the automatic L TC operation will provide additional assurance that the voltage provided by the transmission system is adequate to maintain operability of the offsite power sources for the HBRSEP for the expected range of switchyard voltages. L TCs have been shown to be reliable, and the likelihood and consequences of each L TC failure mode has been evaluated and determined to be acceptable. Thus, the proposed change to operate the L TCs in the automatic mode of operation will increase overall reliability of the offsite power sources at HBRSEP.

3.3 Additional Technical Information to Support Proposed Change At a pre-application meeting between Duke Energy and the NRC staff in August 2015, the staff requested that the following information be submitted for the proposed change to install a new 230kV startup transformer and also to allow L TCs in the automatic mode of operation on the replacement 11 SkV startup transformer and 230kV startup transformer:

Grid Voltage Profile Summary (i.e., Grid Stability Study)

Steady State and Transient Load Flow Summaries Short Circuit Analysis (i.e., Fault Analysis) Summary Demonstration of breaker coordination of new switchgear including coordination with existing switchgear.

The following subsections provide a technical discussion on the bulleted items above.

3.3.1 Grid Voltage Profile Summary

Background

HBRSEP connects to the Duke Energy Progress (Duke Energy) transmission system via a 230kV/115kV switchyard as show in Figure 2 below. There is currently a single startup transformer (SUT) connected to the 11 SkV part of this switchyard. As previously discussed in

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 29 Section 2.3 of this Enclosure, the plans are to replace this single, fixed-tap SUT with two new automatic load tap changing transformers. The 11 SkV automatic tap changing SUT will replace and be configured in the same location as the existing SUT. The 230kV automatic tap changing SUT will be configured in a breaker-and-a-half arrangement with the Darlington County Plant 230kV North Line (see Figure 2). A draft copy of revised HBRSEP UFSAR Figure 8.1.2-1A is provided in Attachment 4 and sho~s the new ratings for the 11 SkV and 230kV SUTs. Each I SUT will be capable of providing sJfficient offsite power to serve 100% of the plant auxiliary loads necessary to achieve and maintain safe shutdown conditions (i.e., Emergency Buses E1 and E2 may be fed from either SLIT, either separately or together on the same SUT).

Figure 2: HBRSEP 230/11 SkV Switchyard Current Process for Maintaining Adequate Switchyard Voltage Duke Energy defines the "Minimum Required Switchyard Voltage" as the voltage necessary in the switchyard to ensure proper operation of the nuclear plant emergency loads following a trip of the unit (both LOCA and non-LOCA caused trips). In other words, minimum required switchyard voltage represents a post-trip voltage requirement. This minimum required

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 30 switchyard voltage is based on HBRSEP calculations and represents the voltage in the switchyard necessary to ensure that the DGVRs on the emergency buses will reset following a unit trip, considering the worst case plant auxiliary loading. A minimum required switchyard voltage of 113. 7kV (0. 9887 per unit) has been established and mutually agreed upon by the Nuclear Plant and Transmission organizations in accordance with NERC Reliability Standard NUC-001-3 (Reference 3).

I Duke Energy Transmission System Operations ensures that the current adequate minimum required switchyard voltage (113.7kV) is maintained via a Duke Energy plant voltage support and coordination operations procedure. The procedure directs the System Operator to commit nearby voltage support resources (generators and capacitor banks) as the Duke Energy Eastern Control Area Load (ECAL) increases. The guidance of the plant voltage support and coordination procedure is based on dynamic simulations performed using the Siemens PTI PSSE software (an industry standard software package for transmission grid analysis).

In addition to the guidance of the plant voltage support and coordination procedure, System Operations uses a Real Time Contingency Analysis (RCTA) application to monitor the adequacy of HBRSEP off site voltage. Starting from the real-time state of the grid, RCTA application simulates various outages of transmission lines and generators (including the trip of the HBRSEP unit) to alert the System Operator if an inadequate switchyard voltage condition would occur for the various contingencies.

The plant voltage support and coordination procedure also provides the communications protocol for notifying the Nuclear Plant Operator if a condition exists or is anticipated for which the minimum required switchyard voltage cannot be maintained. This communications protocol includes notification to the Nuclear Plant Operator of conditions for which the ability to determine adequate post-trip switchyard voltage is degraded or lost (such as failure of the RCTA application tool).

Future Process for Maintaining Adequate Switchyard Voltage Duke Energy will be retiring the majority of the local area generation providing voltage support for HBRSEP in the coming years. The Robinson Unit 1 coal-fired generation has already been retired. Darlington Country Plant, which is located approximately 2 miles from HBRSEP, consists of thirteen simple cycle generating units and is connected to the HBRSEP 230kV switchyard via two 230kV transmission lines. Eleven of those Darlington units are smaller (approximately 50 MW each) and are scheduled for retirement in the next several years. The two larger units (approximately 110 MW each) will remain available for service.

To compensate for this loss of nearby generation resources relied on for voltage support, HBRSEP will be replacing the existing 11 SkV SUT with an automatic load tap changing transformer. A second automatic load tap changing transformer will also be added to the 230kV switchyard. Both transformers will be capable of serving 100% of the plant auxiliary loads required to achieve and maintain safe shutdown conditions.

After installation of these two automatic load tap changing SUTs, Duke Energy Transmission System Operations will begin managing the transmission system to ensure adequate HBRSEP switchyard voltage is maintained per the Minimum Required Switchyard Voltage Profile Bounding Graph shown in Figure 3. This graph represents a change to a (steady state)

Minimum Required Switchyard Voltage of 110.4kV for the 11 SkV switchyard and 220.8kV for the 230kV switchyard (0.9600 per unit in both cases). It should be noted that the voltage profile

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 31 graph of Figure 3 represents the worst case post trip bounding values. Under normal operation, with or without the HBRSEP unit on-line, the 11 SkV and 230kV switchyard voltages will remain at or above 1.000 per unit voltage the vast majority of the time.

Adopting this new Minimum Required Switchyard Voltage Profile eliminates the need for running the Darlington Generation and using the Darlington 99 MVAR, 230kV Capacitor Bank to provide voltage support. The smaller HBRSEP 115kV #1 and #2 Capacitor Banks will still be used to manage the HBRSEP 115kV switchyard voltage to desirable levels. Installation of the new automatic load tap changing transformers will facilitate this change.

After installation of the new HBRSEP SUTs, the Duke Energy plant voltage support and coordination procedure will be revised to reflect the Minimum Required Switchyard Voltage change. The communications protocols noted above regarding offsite power voltage adequacy and monitoring capability will remain in place.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 32 Figure 3: Minimum Required Switchyard Voltage Profile Bounding Graph r

l'.fAll't.i.tw'~ A::.

O,tJ?PI I, OJ'll

/, OJ'I I, eJ0'/6

o. '16 ~(}

0. 'fJO.J-+..___....-

o. 9.!oo

' l

1.

The unlabeled values in the above graph are the per unit switchyard voltages for both the HBRSEP 115kV and 230kV switchyards (with the per unit bases being 115kV and 230kV, respectively).

2.

While commonly referred to as "LOCA Voltage," this profile bounds the range of reasonably expected transmission system conditions and anticipated post-trip voltage scenarios for HBRSEP. This includes trips with or without a LOCA/SI signal, turbine or reactor initiated trips for which the generator trip is delayed 60 seconds, and generator initiated trips for which there are significantly shorter or not intentional delays.

3.

T = O is defined as the time the generator output breakers open, separating the HBRSEP unit from the switchyard. The worst case scenarios is assumed for Transmission Planning studies. This is an electrical generator/GSU/UAT fault without a SI (LOCA) signal.

4.

At time T = O minus, the pre-trip switchyard voltage is assumed to be within the voltage schedule of 1.0086 to 1.0261 (116kV to 118kV and 232kV to 236kV).

5.

At T = 0 when the HBRSEP unit trip occurs, the switchyard voltages (both 230 and 115kV) would drop significantly to the nadir value. The voltage would remain at this nadir level for 1 second and then begin to recovery linearly over a period of no longer than 6.5 seconds until the final steady state value of 0.9600 per unit is reached. The final 0.9600 per unit or higher value is reached no later than 7.5 seconds after T = 0.

6.

The profile also provides that the nadir value will be no lower than 0.9305 per unit. regardless of the pre-trip starting voltage (for which the HBRSEP unit might actually be operating). For example, if the pre-trip voltage was at 1.000 per unit (115/230kV and below the voltage schedule), the post-trip initial voltage would still be no lower than 0.9305 per unit.

7.

The profile also provides that the maximum initial voltage drop will be no greater than 0.0781 per unit. For example, if the pre-trip starting voltage was at 1.0348 (119/238kV and above the voltage schedule), the post trip initial voltage (nadir value) would be no lower than 1.0348-0.0781 = 0.9567 per unit. However, the final steady-state voltage would still remain at 0.9600 per unit.

Conclusion The Minimum Required Switchyard Voltage Profile for HBRSEP 11 SkV and 230kV switchyards (Figure 3) was developed circa 2012 for design of the new SUTs. Additional simulations were performed during February 2017 to re-validate the ability of the transmission system to maintain this voltage profile under a variety of credible contingencies, using the most recent load forecast

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 33 and system configuration information. A comparison of the simulation plots against Figure 3 was performed and demonstrated that the Figure 3 graph bounds the simulated results. The base case used in the simulations included a number of conservative assumptions regarding the state of the transmission system. The series of simulations outaged each of the various transmission elements having the most impact on HBRSEP post-trip voltages.

The resultant ~ 1 SkV and 230kV switchyard voltages confirm that the Mi~imum Required Switchyard Voltage Profile Bounding Graph (Figure 3) can be expected to conservatively represent anticipated transmission system performance through the planning horizon (ten years).

3.3.2 Steady State Load Flow and Short Circuit Analysis Summaries 3.3.2.1 Bus Alignment Abbreviations To aid in the development of the steady state Load Flow and Short Circuit studies, the bus alignments were abbreviated as follows for convenience. In parenthesis are the names of the respective Load Flow and Short Circuit studies which were performed.

1.

100% Power (N1, SC1)

2.

100% Power EOG A Testing (N1EOGA, SC2)

3.

100% Power EOG B Testing (N1EOGB, SC3)

4.

100% Power OSOG Testing (N10SOG, SC4)

5.

100% Power with 11 SKV SUT Out of Service (OOS) (N2, SCS)

6.

100% Power 11 SKV SUT OOS EOG A Testing (N2EOGA, SC6)

7.

100% Power with 230KV SUT OOS (N3, SC9)

8.

100% Power 230KV SUT OOS EOG A Testing (N3EOGA, SC10)

9.

100% Power UAT OOS (N4, SCN4)

10.

100% Power UAT OOS EOG A Testing (N4EOGA, SCN4A)

11.

100% Power UAT OOS EOG B Testing (N4EOGB, SCN4B)

12.

100% Power UAT OOS OSOG Testing (N40SOG, SCN40)

13.

100% Power UA T & 11 SKV SUT Out of Service (NS, SCNS)

14.

Plant Trip (Normal Shutdown Alignment) (N7, SC13)

15.

Plant Trip EOG A Testing (N7EOGA, SC14)

16.

Plant Trip EOG B Testing (N7EOGB, SC15)

17.

Plant Trip OSOG Testing (N70SOG, SC16)

18.

Plant Trip UAT & 115KV SUT OOS (NSN7, SCNSN7)

19.

Plant Trip UAT & 115KV SUT OOS EOG A Testing (NSN7EOGA, SCNSN7A)

20.

Plant Trip UAT & 115KV SUT OOS EOG B Testing (NSN7EOGB, SCNSN7B) 21.

Plant Trip UAT & 115KV SUT OOS OSOG Testing (NSN70SOG, SCNSN70)

22.

Plant Trip UAT & 230KV SUT OOS (N6N7, SCN6N7)

23.

Plant Trip UAT & 230KV SUT OOS EOG A Testing (N6N7EOGA, SCN6N7A)

24.

Plant Trip UAT & 230KV SUT OOS EOG B Testing (N6N7EOGB, SCN6N7B)

25.

Plant Trip UAT & 230KV SUT OOS OSOG Testing (N6N70SOG, SCN6N70)

26.

Backfeed (B2, SC17)

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 34

27.

Backfeed EOG A Testing (B2EOGA, SC18)

28.

Backfeed EOG B Testing (B2EOGB, SC19)

29.

Backfeed OSOG Testing (B20SOG, SC20) 3.3.2.2 Normal Bus Alignments Evaluation The operating scheme~ above were evaluated to determine adequacy in regards to equipment voltage requirements and short circuit momentary and interrupt ratings. For the purposes of the evaluation, 100% power schemes 1 through 13 used the minimum scheduled switchyard voltages (1.0086 per unit; 116kV and 232kV) from the grid stability study discussed in Section 3.3.1 above. Plant Trip/Normal Shutdown Alignment schemes 14 through 25 used the highest identified switchyard voltages (1.0522 per unit).

Acceptance criteria from the existing HBRSEP ETAP model calculation was used to evaluate minimum bus voltages (except for buses E1 and E2, which temporarily show 426V for low voltage required) and short circuit ratings of breakers and buses.

Load Flow A summary of the bus alignments load flow ETAP studies revealed that in alignments 82, B2EOGA, B2EOGB and B20SOG, that the high voltage limit is exceeded on all 4kV buses, all 480V buses (including E1/E2) and the majority of the motor control center (MCC) and power panels.

The highest identified switchyard voltages (1.0522 per unit) are the maximum projected voltages and were applied for the backfeed alignments.

The actual normal station high switchyard voltage from the grid stability study discussed in Section 3.3.1 above is 1.0348 per unit (or 119kV/238kV).

Further evaluation at the actual normal station switchyard voltage levels revealed no adverse impact on equipment voltage ratings.

Additionally, the studies that were performed revealed no adverse bus overloading conditions in these alignments.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 35 Capacity of SUTs and Power Circuits to 4.16kV Buses Table4 Tabulation - Transformer Loading and Margin I

Power Source I

Maximum

% of Max 65 Transformer Ratings (MVA)

Calculated deg C Rating Load (MVA) 115kV SUT 44/49.28 MVA; (existing)

FOA 55 deg C/ FOA 41.12 83.4 65 deQ C 27/36/45 MVA 115kV SUT 55 deg C; (replacement)

ONAN/ONAF1 /ONAF2 41.90 83.1 50.4 MVA ONAF2 65 deg C 27 /36/45 MVA 55 deg C; 230kV SUT ONAN/ONAF1 /ONAF2 41.70 82.7 50.4 MVA ONAF2 65 dee C I

I Margin,%

16.6 16.9 17.3 The existing 115kV SUT load is from a HBRSEP calculation. Loading for the 115kV SUT and 230kV SUT are from ETAP model load flow cases. Maximum Calculated Loads are for cases with only one SUT serving plant load (other SUT and UAT out of service).

Note - HBRSEP equipment load is not changed by the addition of the offsite power source as demonstrated in Table 4 above.

Each of the two windings on the new replacement 115kV SUT and the new 230kV SUT will deliver power via 4000A rated circuits and 4000A disconnect switches to respective 4.16kV buses served.

The new replacement 115kV SUT and the new 230kV SUT have capacity to serve HBRSEP plant loads with increased margin.

Short Circuit A review of the normal alignments short circuit momentary duty ratings from the short circuit studies in ETAP revealed the following:

In alignments SC14, SCN5N7A, SCN6N7A and SC18, the momentary duty rating of the E1 switchgear was exceeded. These alignments are the bus alignments with the plant shutdown with EDG A or EDG B testing in progress.

In alignments SC15, SCN5N7B, SCN6N7B and SC19, the momentary duty rating of the E2 switchgear was exceeded. These alignments are the bus alignments with the plant shutdown with EDG A or EDG B testing in progress.

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page 36 For these alignments, HBRSEP will implement changes to procedures prior to implementation of the transmission upgrade modifications in order to limit loads on the applicable emergency bus. Limiting loads on the applicable emergency bus will bring the fault current within the duty cycle.

No other momentary duty rating is excee1ed in the above alignments.

A review of the bus alignments short circuit interrupt duty ratings from the short circuit studies in ETAP revealed the following:

In alignments SC4, sea, SC12 and SCN4D, the interrupt duties of several breakers were exceeded. These alignments are the bus alignments with Dedicated Shutdown Diesel Generator (DSDG) testing in progress.

In alignments SC16, SCNSN7D, SCN6N7D and SC20, the interrupt duties of several breakers were exceeded. These alignments are the bus alignments with DSDG testing in progress and the plant tripped.

The DSDG is only operated in parallel with the off-site power system during testing conditions. When the DSDG design function is required to operate, the system will operate independent of the off-site power supply. Therefore, the subject condition does not exist when the DSDG is required for design function operation.

3.3.2.3 Fault Current Design Reauirements Engineering standards and industry codes provide strict guidelines that require new equipment to be installed to have designs that have calculated anticipated fault current values that do not exceed equipment ratings. Some of these standards and industry codes that HBRSEP adheres to are discussed as follows.

IEEE Standard 141, Section 2.3.1 discusses "providing equipment that is properly and adequately sized and rated to handle available fault levels in the system with established fault duty calculations. Interrupting devices must be able to function safely and properly under the most severe duty to which they may be exposed."

National Electrical Safety Code, ANSI C2-2007, Section 171 states that "Circuit breakers, switches and fuses should be utilized with due regard to their assigned ratings of voltage and continuous and momentary currents. Devices that are intended to interrupt fault current shall be capable of safety interrupting the maximum short-circuit current they are intended to operate, and for the circumstances under which they are designed to operate."

3.3.2.4 Conclusions

1. For the Normal Bus Alignments, the steady state load flow value voltages and currents are within the acceptance criteria for the buses and equipment.

2. In the normal or shutdown bus alignments and when EOG A or EOG B are running in parallel with an offsite power source for surveillance testing, the momentary short circuit ratings of E1/E2 switchgear, respectively, are exceeded. HBRSEP will implement changes to procedures prior to implementation of the transmission upgrade modifications in order to limit loads on the applicable emergency bus. Limiting loads on

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 37 the applicable emergency bus will bring the fault current within the duty cycle.

3. In normal bus alignments when the DSDG is running in parallel with an offsite power source for surveillance testing, the interrupt duty ratings of multiple breakers on the 480V DS Bus and Bus 3 are exceeded. However, the DSDG is only operated in parallel with the off-site power system duri~g testing conditions. When the DSDG design function is j required to operate, the syste(ri will operate independent of the off-site power supply. Therefore, the subject condition does not exist when the DSDG is required for design function operation.

4. The design requirements discussed in Section 3.3.2.3 are adhered to in order to eliminate or mitigate undue equipment failure risk.

3.3.3 Transient Load Flows Summary Transient voltage analysis was performed to ensure that during large motor starts, plant transients and grid transients, the plant equipment has sufficient voltage to "ride through" and remain running following the transient. In addition, analysis was performed to show that the revised HBRSEP transmission system can react to the worst case grid transients without timing out the E1/E2 DGVR and Loss of Voltage (LVR) relays.

To aid in the discussion that follows, the bus alignment descriptions are abbreviated as follows for convenience:

N1 - 100% Power Normal Alignment N2 - 100% Power 11 SKV SUT Out of Service (OOS)

N3 - 100% Power 230KV SUT OOS N4 - 100% Power UA T OOS NS-100% Power UAT & 115KV SUT OOS N7 - Plant Trip/Normal Shutdown Alignment NSN7 - Plant Trip 11 SkV SUT OOS N6N7 - Plant Trip 230kV SUT OOS B2 - Backfeed

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 38 3.3.3.1 Acceptance Criteria The analyses that were performed used the minimum scheduled switchyard voltages (1.0086 per unit; 116kV and 232kV) discussed in Section 3.3.1 above. From the existing HBRSEP ETAP model calculation, the minimum motor start/ride through voltage of 3033.SV (73% of 4160V) was used for the acceptance criteria fdr the minimum transient voltage during each of the plant starts. This ensures other motors o~lthe 4kV buses have sufficient voltage to continue running during and after the transient.

In addition to the minimum "ride through" transient voltage, it is also necessary to ensure the 4kV bus undervoltage relays on Buses 1, 2 and 4 do not pick-up on a reactor coolant pump (RCP) start. The worst case pickup value of 66.9% with the shortest time delay of 0.692 seconds was used as the acceptance criteria based on a HBRSEP procedure.

For the E1/E2 buses, the maximum DGVR pickup voltage of 433V (90.21 % of 480V) for the minimum relay time of 9.S seconds was used as the acceptance criteria.

Additionally for the E1/E2 buses, the maximum Loss of Voltage relay pickup voltage of 3S2V (73.33% of 480V) for a minimum relay time delay of 0.712 seconds was used as the acceptance criteria.

3.3.3.2 Bus Transients - Pump Starts HBRSEP performed analysis to ensure a worst case pump start does not result in unacceptable voltage levels at the E1/E2 or 4kV bus levels. The worst case pump start is considered a RCP start due to it providing the largest starting transient for the longest duration. ETAP study cases were established performing pump starts in the different operating and shutdown bus alignments and evaluating the effects on the bus voltages. There were no cases where the 4kV buses fell below the 73% criterion during any RCP starts. The lowest transient voltage level on the 4kV buses for any RCP start was approximately 80%. The minimum transient value of 80%

is well above the 66.9% 4kV bus undervoltage relay setpoint.

For the E1/E2 buses, when in bus alignments N1 and N4, the voltage excursion during a RCP start did not fall below the 90.21 %. Therefore, while operating in these bus alignments, it is not necessary to disable the DGVR relay during a RCP start.

However, during bus alignments N2, N3 and NS, the voltage excursions did fall below the 90.21 %. Therefore, while operating in these bus alignments, it is necessary to disable the DGVR relay during a RCP start, as already required in the existing plant configuration.

In all bus alignments the E1/E2 bus voltage excursion during any RCP start was well above the 73.3% 480V bus Loss of Voltage relay setpoint and is acceptable.

During bus alignment NS, while starting a RCP with the L TC in automatic position, resulted in an undesirable bus overvoltage condition of approximately 112% due to the L TC overshooting the setpoint. In this bus alignment, the L TC will be placed in the manual position during a RCP start.

During bus alignments NSN7 and N6N7 the L TC will be placed in the manual position during a RCP start.

U.S. Nuclear Regulatory Commission RN P-RA/17-0037 Page 39 During bus alignments NSN7, N6N7 and B2 the DGVR relay will be disabled during an RCP start.

3.3.3.3 Grid Transient - Development Analysis showed that the worst case grid excursion occLrs when the HBRSEP unit trips. The bounding voltage profile is shown in Figure 3 above. T~e ETAP Transient Stability Module was utilized to create a study case defining this worst case grid excursion. Specific grid voltage magnitudes with respect to time were set, providing the ability to closely mimic the grid transient profile. The study case grid profile was used to model the system transient responses that are discussed in the following sections.

3.3.3.4 Grid Transient Response - LOCA 100% Power Bus Alignments Transient Stability Analyses were performed for plant 100% power alignments (N1, N2, N3, N4 and NS). Two specific cases were evaluated for each bus 100% power alignment analysis.

One case was with the L TC in automatic position and the other case with the L TC in manual position and locked at -3%. Analyses performed with the L TC in automatic position used an initial time delay of half a second and operating time delay of two seconds.

The transient response runs performed while the L TC was in the manual position were conducted to determine if there was a fixed tap position that provides a voltage response that meets the acceptance criteria without crediting the L TC response time.

For each of the transient runs, the transient started at T = 1 second, followed by LOCA bus load sequencing and finally a fast bus transfer of loads from the UAT to the respective SUT at T = 61 seconds.

The first set of analyses that was conducted provided voltage amplitude plots versus time in order to show conformance with the acceptance criteria for E1/E2 bus voltage DGVR response and also 4kV Buses 1, 2 and 4 bus undervoltage relay response.

The second set of analyses that was conducted provided motor ampacity plots versus time for the 4kV motors and E1/E2 bus motors 150HP and larger. The ETAP model was updated to include each 4kV motor and E1/E2 bus motor 150HP and larger ANSI protective 50/51 device settings. The analyses demonstrated that each motor's ampacity excursion during the transient is not of sufficient duration that results in tripping its respective overcurrent protective relay.

For illustrative purposes, the results of the 100% power alignment N3 analyses with the SUT L TC in the automatic position is shown on the following three graphs (Figures 4, 5 and 6).

These graphs reflect the system responses and demonstrate compliance with the acceptance criteria.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 40 Figure 4 demonstrates Buses E1/E2 voltage excursions did not result in the DGVR timing out during the system response shown for 100% Power Alignment N3 analysis. Figure 4 also demonstrates that no voltage excursion resulted in the voltage falling below the maximum DGVR time delay pick-up value greater than the relay's 9.5 seconds time delay. Additionally, the E1/E2 bus voltage excursion did not approach the Loss of Voltage relay pickup value of 73.33% and is therefore acceptable.

I 102 100 96

~..

1! 5 z

"a 12 i

90 Ill Figure 4 El/E2 Bus N3 Bus Alignment DGVR Evaluation LOCA LTC in Auto Start Df Grid TnnsiRnt

.-LO sec, 99.'"6 LO sec, 99.ll'6 PUMax437V i_.

31.00H<:

6.00 sec (El) and 6.o& sec (E2) 0 JO El Relay Dropout at 16.G2 sec

-u Yott.p -le UVobp!l'nlfile

- Orvpovt

-Pld<up Fil.SI Bus Tnnsfff to SUTat61.00HC

\\

El Relay Dropout at6LOsec:

E2 Relay Dropout at61.2sec

'IO

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 41 Figure 5 demonstrates that during the 100% power alignment N3 analysis, the voltage on the 4kV Buses 1, 2 and 4 dropped below the undervoltage relays setpoint for no more than 0.1 seconds. Since the 4kV Buses 1, 2 and 4 undervoltage relays have a time delay setting of 0.692 seconds, which is greater than 0.1 seconds, the 4kV Bus 1, 2 and 4 undervoltage relays did not pick-up during this grid transient condition and is acceptable.

I Figure 5 11 0 >..

c e 0 z 0

1: "

~

u A.

4160V Bus 1, 2, and 4 N3 Bus Alignment Undervoltage Relay Evaluation Fast Bus Transfer with LTC in Auto

===========::i -

Bus 4: 1.000 sec,

~

103.4% r Bus 1 Vottaeo Proftle 102 0 97 0 92 Q I

87 0 82 0 77 0 72 i (i]

62 0

0.5 Bus 1, 2: 1.000 sec, 102.7%

Start of Grid Transient Bus 4 Worst case 00 Time 1.5 Time (S~onds)

Bus 2 Voltage Profile

-Bus4 Voltatll' Profile Dropout DO Max 2787.2V

,/

+]

2J

~

0 0

0

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 42 Figure 6 demonstrates that the 4kV motors and Bus E1/E2 motors 1SOHP and greater remained running and did not stall or trip based on their respective instantaneous and/or time overcurrent trip settings during the 100% power alignment N3 analysis.

Figure 6 l\\brb!ao Ounnl

-ll'WA

-MW.II

-<VA Fl~JO

-111111.J

-UPJ

- - - - ---1

~l'/I.

lllfl/A

\\

I I

I

- I_ -- --

--- II/fl.I 111/H/I In 100% power bus alignments N1, N2, N4 and NS with the SUT LTC in the automatic position, the analyses demonstrated similar acceptable system results as described above for the 100%

power alignment N3.

In 100% power bus alignments N1 and N4, operation with the LTC in the manual position and locked at -3%, the analysis demonstrated similar acceptable system results as described above.

However, in 100% power bus alignments N2, N3 and NS operation with the L TC locked at

U.S. Nuclear Regulatory Commission RN P-RA/17-0037 Page 43

-3% resulted in the Bus E1/E2 bus voltage excursion timing out the DGVR and subsequent transfer to the onsite emergency power source. The 4kV Buses 1, 2 and 4 undervoltage relays did not time out and the 4kV motors remained running.

3.3.3.S Grid Transient Response - LOCA with Plant in Backfeed One Transient Stability Analysis w~s performed for the B2 backfeed alignment with a LOCA I (Safety Injection). The worst case grid transient was not used for this evaluation since the plant is shutdown and the plant trip transient is not applicable. The worst case grid voltage of 226kV was assumed to be present in the 230kV Switchyard and was used for ETAP modeling purposes.

For this LOCA transient run, the transient started at T = 1 second, followed by LOCA bus load sequencing. Note that some loads such as the Service Water (SW) Pump and SW Booster Pump are already running in this plant shutdown alignment.

In the B2 alignment, the LOCA transient did not result in the Bus E1/E2 bus voltage excursion timing out the DGVR. The 4kV Buses 1, 2 and 4 undervoltage relays did not time out and the Bus E1/E2 motors 1SOHP and greater remained running during and after the transient.

3.3.3.6 Grid Transient - Plant Trip with Fast Bus Transfers This analysis covered plant trips where the fast bus transfer occurs immediately, and also where it occurred after 60 seconds. Plant trips resulting from a generator lockout initiate an immediate fast bus transfer and plant trips resulting from a Safety Injection (SI) signal result in fast bus transfers at T = 60 seconds.

Transient Stability Analyses were performed for plant 100% power alignments (N1, N2, N3, N4 and NS). Two separate cases were analyzed for each bus alignment. One case was with the L TC in the automatic position and the other case was with the L TC in manual position and locked at -3%. The analyses performed with the L TC in automatic position used an initial time delay of half a second and an operating time delay of two seconds.

The 100% power bus alignments N 1 and N4 with the SUT's L TC in the manual position and locked at -3% provided acceptable system response.

However, the 100% power bus alignments N2, N3 and NS with the SUT's L TC in the manual position and locked at -3% resulted in the Bus E1/E2 bus voltage excursion timing out the DGVR and subsequent transfer to the onsite emergency power source. The 4kV Buses 1, 2 and 4 undervoltage relays did not time out and the 4kV motors remained running.

3.3.3.7 Condusions For the 480V emergency buses E1 and E2, when in bus alignments N1 and N4, the voltage excursion during a RCP start does not fall below the maximum DGVR pickup voltage of 433V.

Therefore, while operating in these bus alignments, it is not necessary to disable the DGVR relaying during a RCP start.

However, in bus alignments N2, N3, NS and NS, the voltage excursions do fall below the maximum DGVR pickup voltage of 433V. Therefore, while operating in these bus alignments, it

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page44 is necessary to disable the DGVR relay during a RCP start as already required in the existing plant configuration.

In all bus alignments, the 480V emergency bus E1 and E2 voltage excursion during any RCP start is well above the loss of voltage relay setpoint and is acceptable.

In bus alignments NS and N6, while startingla RCP with the LTC in automatic position, results in bus overvoltage conditions due to the LTC overshooting the setpoint. In these bus alignments, the L TC will be placed in the manual position during a RCP start.

In bus alignment N7, voltages are capable of being maintained at emergency buses E1 and E2 during a LOCA.

During bus alignments NSN7 and N6N7, the LTC will be placed in the manual position during a RCP start.

During bus alignments NSN7, N6N7 and B2, it is necessary to disable the DGVR relay during a RCP start.

3.3.4 Breaker Coordination and Equipment Protection Summary The HBRSEP design basis states the following with respect to overcurrent protection and coordination:

"The off-site power system should be provided with protective devices for overload and short circuit protection and to minimize, through relay coordination, the effects of faults upon the balance of the system."

In order to demonstrate compliance with above design basis requirement with the new transmission upgrades installed, a summary of the breaker coordination and protection relaying findings from an HBRSEP evaluation is provided below.

3.3.4.1 Evaluation of HBRSEP to Transmission Engineering Resource and Project Management <TERPM) Relay Coordination HBRSEP performed analysis to demonstrate that the Transmission Engineering Resource and Project Management (TERPM) SUT high and low 487E protective relay setpoints will provide for coordination with downstream plant relaying to ensure additional relay interlocking is not necessary. Coordination with downstream plant relaying ensures the following:

1. Coordination between the furthest upstream HBRSEP 4kV Bus 6-9 breaker relaying and the TERPM high and low side transformer relaying.

2. Coordination between the TERPM high and low side transformer and the RCP motor protective relaying pump starting evolutions with the respective SUT at maximum pre-start loading values.

For both the lowest and highest available short circuit current values, coordination was shown between the furthest upstream plant relay and the first upstream TERPM relay. This ensures adequate time exists to allow for the HBRSEP breaker to clear a fault prior to resulting in actuation of the TERPM relaying. The coordination separation exceeds the IEEE Std. 242-2001

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 45 minimum desired coordination time interval of 0.2 seconds for both criteria 1 and 2 above.

Therefore, interlocking between the plant downstream protective relaying and TERPM is not required.

3.3.4.2 Breaker Relay Interlocking In order to allow for breaker relay coordination, it is nicessary to ensure the required IEEE Std. 242-2001 minimum required coordination time interval of 0.2 seconds exists between each device. If the minimum time interval separation is not achievable, relay interlocking becomes necessary to allow for coordination. Relay interlocking allows for additional controls between upstream and downstream breakers that is not possible with relay setpoints alone.

Coordination exists between the HBRSEP 4kV Bus 6-9 feeder breakers to their respective TERPM relay as discussed above. However, given the TERPM relay settings and the need to clear long RCP starting transients, there are instances where the HBRSEP 4kV bus breaker coordination is not met without relay interlocking. These instances are as follows:

1. In the short time region for higher values of available short circuit current.

2. In the long time region where the 4kV bus feeder breakers intersect the RCP relays.

Relay interlocking allows the breaker closest to the fault (or large motor start) to react first while inhibiting or time delaying the response of the upstream breakers. The Westinghouse CO electromechanical relays on existing 4kV Buses 1-4 do not support interlocking. The 4.16kV buses that correlate to RCP power supplies (i.e., 4kV Buses 1, 2 and 4) will be changed out to Schweitzer Engineering Laboratory (SEL) electronic relays to support the coordination effort.

The SEL relays will allow for more precise setpoint adjustments and for invoking the interlocking feature.

An example of relay interlocking is provided below.

Figure 7: Relay Interlocking 62/01 True True True True F1 For this example, a fault is postulated on the RCP C feeder cable. The protective relays associated with each beaker in series in the circuit senses the short circuit current. Each of the SEL relays sets an output bit true when a fault current is sensed. The SEL protective relay located at the breaker closest to the fault, breaker 52101, sends an inhibit signal to breakers 52/10, 52112 and 52141 and immediately issues a trip command to the breaker 52101. The inhibit signal sent from the SEL relay at breaker 52101 is only sent for a duration of time necessary for the breaker to clear the fault. For the existing RCP breaker 52/01, this time duration would be on the magnitude of 8 cycles or 0.133 seconds.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page46 It is noted that only the RCP motor fault protection, as identified above, were necessary to be interlocked to provide for proper coordination. A time-current coordination (TCC) evaluation was conducted on the next largest load or feeder breaker relay on each bus and acceptable coordination was noted. Therefore, no further equipment upgrades were identified.

Breaker Coordination Conclusion Breaker coordination exists between the HBRSEP 4kV Buses 6-9 feeder breakers and the upstream TERPM relaying that doesn't necessitate additional interlocking.

Breaker coordination between the new 4kV Buses 6-9 and the existing 4kV Buses 1-4 will be achieved through a combination of relay interlocking and existing equipment relaying upgrades.

3.3.4.4 Equipment Protection Conclusion The new protective relay settings provided for both HBRSEP and TERPM devices provide complete instantaneous and time overcurrent protection for the 115kV/230kV SUT, cable bus and non-segregated bus duct.

4.

REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria The following regulatory requirements and guidance documents are applicable to the proposed change.

10 CFR 50.36 Title 10 of the Code of Federal Regulations (10 CFR) Section 50.36, "Technical specifications,"

establishes the requirements related to the content of the TSs. Pursuant to 10 CFR 50.36(c)

TSs will include items in the following categories: (1) safety limits, limiting safety system settings, and limiting control settings, (2) LCOs, (3) SRs, (4) design features; and (5) administrative controls. The proposed change to the HBRSEP TS affects the LCO category and the SR category.

Section 50.36(c)(2) states:

Limiting conditions for operation. Limiting conditions for operation are the lowest functional capability or performance levels of equipment required for safe operation of the facility. When a limiting condition for operation of a nuclear reactor is not met, the licensee shall shut down the reactor or follow any remedial action permitted by the technical specifications until the condition can be met.

The regulatory requirements in 1 O CFR 50.36 are not specific regarding the actions to be followed when TS requirements are not met other than a plant shut down. The proposed change to revise Technical Specification (TS) 3.8.1, "AC Sources - Operating," in order to reflect the addition of a second qualified offsite circuit provides remedial actions when LCO 3.8.1 is not met. Therefore, the proposed change is consistent with the LCO category of 10 CFR 50.36.

Section 50.36(c)(3) states:

U.S. Nuclear Regulatory Commission RNP-RN17-0037 Page47 Surveillance requirements. Surveillance requirements are requirements relating to test, calibration, or inspection to assure that the necessary quality of systems and components is maintained, the facility operation will be within safety limits, and that the limiting conditions for operation will be met.

the proposed change to revise TS 3.8.1 in order to reflect! the addition of a second qualified bffsite circuits provides a new Surveillance Requirement (SR) to verify manual transfer of AC power sources from the normal offsite circuit to each alternate offsite circuit. This new SR will help assure that LCO 3.8.1 will be met. Therefore, the proposed change is consistent with the SR category of 10 CFR 50.36.

NUREG-1431 NUREG-1431, "Standard Technical Specifications, Westinghouse Plants, Revision 4.0,"

contains the improved Standard Technical Specifications (STS) for Westinghouse plants. The improved STS were developed based on the criteria in the Final Commission Policy Statement on Technical Specifications Improvements for Nuclear Power Reactors, dated July 22, 1993 (58 FR 39132), which was subsequently codified by changes to 10 CFR 50.36 (60 FR 36953). The Abstract for NUREG-1431 states the following, in part:

Licensees are encouraged to upgrade their technical specifications consistent with those criteria and conforming, to the practical extent, to Revision 4 to the improved STS. The Commission continues to place the highest priority on requests for complete conversions to the improved STS.

To the extent practical, the proposed change to revise TS 3.8.1 in order to reflect the addition of a second qualified offsite circuit upgrades the TSs consistent with the criteria in Revision 4 to the improved STS. HBRSEP more closely conforms to NUREG-1431 as a result of the proposed change.

UFSAR Section 3.1.2.39, "Emergency Power" The General Design Criteria (GDC) in existence at the time HBRSEP was licensed for operation (July 1970) were contained in Proposed Appendix A to 10 CFR 50, "General Design Criteria for Nuclear Power Plants," published in the Federal Register on July 11, 1967.

HBRSEP UFSAR Section 3.1.2.39 describes the plant's compliance with the July 1967 GDC, as stated:

An emergency power source shall be provided and designed with adequate independency, redundancy, capacity, and testability to permit the functioning of the engineered safety features and protection systems required to avoid undue risk to the health and safety of the public. This power source shall provide this capacity assuming a failure of a single active components. (GDC 39)

The proposed change to revise TS 3.8.1 in order to reflect the addition of a second qualified offsite circuit and to allow the use of Load Tap Changers on both startup transformers in the automatic mode of operation does not affect HBRSEP's compliance with the intent of UFSAR Section 3.1.2.39 (i.e., July 1967 GDC 39).

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 48 The proposed change does not affect plant compliance with any of the above regulations or guidance and will ensure that the lowest functional capabilities or performance levels of equipment required for safe operation are met.

4.2 Precedent The NRC\\has previously approved changes similar to the proposeJ changes in this License Amendment Request for other nuclear power plants including:

1. James A. FitzPatrick Nuclear Power Plant: Application dated August 16, 2011 (ADAMS Accession No. ML112280282); NRC Safety Evaluation dated September 26, 2012 (ADAMS Accession No. ML12236A304).

The FitzPatrick submittal requested a change to implement the use of automatic load tap changers on transformers that provide offsite power to the James A. FitzPatrick Nuclear Power Plant. The FitzPatrick amendment request is similar to the portion of this HBRSEP request that is associated with operating the load tap changers on the 115kV and 230kV startup transformers in automatic.

2. Kewaunee Power Station: Application dated June 1, 2010 (ADAMS Accession No. ML101590218); NRC Safety Evaluation dated July 29, 2011 (ADAMS Accession No. ML11102A027).

The Kewaunee submittal requested a change to implement the use of automatic load tap changers on the Reserve Auxiliary Transformer (RAT) and Tertiary Reserve Transformer (TAT) that provide offsite power to Kewaunee Power Station (KPS). The Kewaunee amendment request is similar to the portion of this HBRSEP request that is associated with operating the load tap changers on the 115kV and 230kV startup transformers in automatic, except HBRSEP uses a Beckwith microcontroller I backup microcontroller in lieu of the Tapcon microcontroller I backup microcontroller.

3. Quad Cities Nuclear Power Station, Units 1 and 2: Application dated January 25, 2006 (ADAMS Accession No. ML060310402); NRC Safety Evaluation dated July 24, 2006 (ADAMS Accession No. ML061770520).

The Quad Cities submittal requested a change to implement the use of automatic load tap changers on transformers that provide offsite power to the Quad Cities Nuclear Power Station (QCNPS), Units 1 and 2. The Quad Cities amendment request is similar to the portion of this HBRSEP request that is associated with operating the load tap changers on the 115kV and 230kV startup transformers in automatic.

4. Clinton Power Station, Unit 1: Application dated May 20, 1998 (Legacy ADAMS Accession No. 9805290228); NRC Safety Evaluation dated October 1, 1998 (ADAMS Accession No. ML020990669).

The Clinton submittal requested a change to implement the use of automatic load tap changers on transformers that provide offsite power to Clinton Power Station, Unit 1.

The Clinton amendment request is similar to the portion of this HBRSEP request that is associated with operating the load tap changers on the 115kV and 230kV startup transformers in automatic.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 49 4.3 No Significant Hazards Consideration Determination Duke Energy requests approval of a change to the H.B. Robinson Steam Electric Plant, Unit No.

2 (HBRSEP) Technical Specifications (TS). The proposed change will revise TS 3.8.1, "AC Sources - Operating," to reflect the addition of a second qualified offsite circuit. The proposed change modifies trie TS 3.8.1 Limiting Condition for Operation (LCO), Conditions, Required Actions and Comp~etion Times to be more consistent with NUREG-1431, "Stbndard Technical Specifications, Westinghouse Plants, Revision 4.0." This proposed change is necessitated by the addition of a new startup transformer that will be installed and connected to the existing 230kV switchyard.

Additionally, Duke Energy requests approval of a change to the HBRSEP current licensing basis as reflected in the Updated Final Safety Analysis Report (UFSAR) to allow for the use of automatic load tap changers (L TCs) on a new replacement 11 SkV startup transformer and a new 230kV startup transformer that both provide offsite power to HBRSEP.

Duke Energy has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of Amendment," as discussed below:

1.

Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change revises TS 3.8.1 to reflect the addition of a second qualified offsite circuit at HBRSEP. The proposed change modifies the TS 3.8.1 LCO, Conditions, Required Actions and Completion Times to be more consistent with NUREG-1431. The AC power systems are not an initiator of any accident previously evaluated. As a result, the probability of an accident previously evaluated is not increased. The consequences of an accident with the proposed LCO requiring two qualified offsite circuits between the offsite transmission network and the onsite emergency AC Electrical Power Distribution System to be operable are no different than the consequences of an accident in Modes 1, 2, 3 and 4 with the existing LCO that requires the single qualified offsite circuit to be operable. The additional 230kV startup transformer will improve the reliability and availability of offsite power to the emergency buses by increasing the amount of available offsite power sources from one to two. The two qualified offsite circuits are designed to mitigate the consequences of previously evaluated accidents. The proposed change to TS 3.8.1 would not change any of the previously evaluated accidents in the UFSAR.

The proposed change will also allow operation of the L TCs on the 11 SkV and 230kV startup transformers in automatic mode. The only accident previously evaluated where the probability of an accident is potentially affected by the proposed change is a loss of offsite power (LOOP). Failure of a L TC while in the automatic mode of operation that results in decreased voltage to the safety related buses could cause a LOOP if voltage decreased below the degraded grid voltage relay (DGVR) setpoint. The three postulated failure scenarios are: 1) failure of a primary microcontroller that results in rapidly decreasing voltage supplied to the safety related buses; 2) failure of a primary microcontroller to respond to decreasing grid voltage; and 3) the backup microcontroller overrides the primary microcontroller when not required. For the first scenario, a backup

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 50 microcontroller is provided for each L TC, which makes this failure unlikely. For the second scenario, operators would have ample time to address the condition utilizing identified procedures since grid voltage changes typically occur relatively slowly. In addition, the frequency of occurrence of all of these failure modes is small, based on the operating history of similar equipment at other plants. Furthermore, in all of the above potential failure mod~s. operators can take manual control of the L TC to mitigate the effects of the failure. I Thus, the probability of a LOOP will not be significantly i~creased by operation of the L TCs in the automatic mode. The proposed change to allow operation of the L TCs in automatic mode has no effect on the consequences of a LOOP, since the emergency diesel generators (EDGs) provide power to safety related equipment following a LOOP. The design and function of the EDGs are not affected by the proposed change. The L TCs are each equipped with a backup microcontroller, which inhibits gross improper action of the L TC in the event of primary microcontroller failure. Additionally, the operator has procedurally identified actions available to prevent a sustained high voltage condition from occurring. Damage due to overvoltage is time-dependent, requiring a sustained high voltage condition. Therefore, damage to safety related equipment is unlikely, and the consequences of previously evaluated accidents are not significantly increased.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2.

Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change revises TS 3.8.1 to reflect the addition of a second qualified offsite circuit at HBRSEP. The proposed change modifies the TS 3.8.1 LCO, Conditions, Required Actions and Completion Times to be more consistent with NUREG-1431. The proposed change also will allow operation of the L TCs on the 11 SkV and 230kV startup transformers in automatic mode. All aspects of the proposed change involve electrical transformers that provide offsite power to safety-related equipment for accident mitigation. The proposed change does not alter the design, physical configuration or mode of operation of any other plant structure, system or component. No physical changes are being made to any other portion of the plant, so no new accident causal mechanisms are being introduced. The proposed change also does not result in any new mechanisms that could initiate damage to the reactor or its principal safety barriers (i.e., fuel cladding, reactor coolant system or primary containment).

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3.

Does the proposed change involve a significant reduction In a margin of safety?

Response: No.

The proposed change revises TS 3.8.1 to reflect the addition of a second qualified offsite circuit at HBRSEP. The proposed change modifies the TS 3.8.1 LCO, Conditions, Required Actions and Completion Times to be more consistent with NUREG-1431. The new 230kV startup transformer will improve the reliability and availability of offsite power

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 51 to the emergency buses by increasing the amount of available offsite power sources from one to two. Another improvement to the HBRSEP electrical system configuration as a result of the proposed change is that each emergency bus will be normally aligned to independent startup sources and will not require a fast bus transfer on a unit trip. This reduces the risk of loss of power to the emergency buses caused by power transfer and/or equipment failures. THe margin of safety is increased with the proposed change' to revise TS 3.8.1 to reflect thb additional qualified offsite circuit.

~ I The proposed change will also allow operation of the L TCs on the 11 SkV and 230kV startup transformers in automatic mode. The inputs or assumptions of any of the analyses that demonstrate the integrity of the fuel cladding, reactor coolant system or containment during accident conditions are unaffected by this proposed change. The allowable values for the degraded voltage protection function are unchanged and will continue to ensure that the degraded voltage protection function actuates when required, but does not actuate prematurely to unnecessarily transfer safety related loads from offsite power to the EDGs. Automatic operation of the L TCs increases the margin of safety by reducing the potential for transferring loads to the EDGs during an undervoltage or overvoltage event on the offsite power sources.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, Duke Energy concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.4 Conclusions In conclusion, based on the considerations discussed above: (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner; (2) such activities will be conducted in compliance with the Commission's regulations; and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.

ENVIRONMENTAL CONSIDERATION A review has determined that the proposed amendment would change a requirement with respect to installation or use of a facility component located within the restricted area, as defined in 1 O CFR 20, or would change an inspection or surveillance requirement. However, the proposed amendment does not involve (i) a significant hazards consideration, (ii) a significant change in the types or a significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 1 O CFR 51.22(c)(9). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

U.S. Nuclear Regulatory Commission RNP-RA/17-0037 Page 52

6.

REFERENCES

1. NUREG-1431, Standard Technical Specifications Westinghouse Plants Revision 4.0, U.S.

Nuclear Regulatory Commission, April 2012.

2. Regulatory Guide 1.93, Availability of ElecJric Power Sources, U.S. Nuclear Regulatory Commission, December 197 4.

3. NERC Reliability Standard NUC-001-3, Nuclear Plant Interface Coordination to RNP-RA-17-0037 Technical Specification Page Markups

3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources - Operating I

AC Sources-Operating 3.8.1 LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a.

+Re-Two qualified circuit§ between the offsite transmission network and the onsite emergency AC Electrical Power Distribution System; and

b.

Two diesel generators (DGs) capable of supplying the onsite emergency power distribution subsystem(s).

APPLICABILITY:

MODES 1, 2, 3, and 4.

ACTIONS

---~----~~-~----~----~~--~----~----~----~-NOTE----~-----~----~----~~---~~--------~----~----~--

LCO 3.0.4.b is not applicable to DGs.

CONDITION REQUIRED ACTION COMPLETION TIME A.

The qualified.Qne offsite A.1 Perform SR 3,8.1 J for 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months circuit inoperable.

OPERABLE offsite circuit.

AND Qgce Qe[ 1' bQ!.ffl:!

there.after

~

AA*i Declare required

~21...hours from feature(s) with no offsite discovery of no offsite power available power to one train inoperable when its concurrent with redundant required inoperability of feature(s) is inoperable.

redundant required feature(s).

AND (continued)

HBRSEP Unit No. 2 3.8-1 Amendment No. ~ I

ACTIONS (continued}

coNqlTION REQUIRED ACTION I

A.

(continued)

A.~~

Restore offsite circuit to OPERABLE status.

B.

One DG inoperable.

B.1 Perform SR 3.8.1.1 for the offsite circuit.

AND B.2 Declare required feature(s) supported by the inoperable DG inoperable when its required redundant feature(s) is inoperable.

AND B.3.1 Perform SR 3.8.1.2 for OPERABLE DG OR B.3.2.1 Determine OPERABLE DG is not inoperable due to common cause failure.

AND HBRSEP Unit No. 2 3.8-2 AC Sources-Operating 3.8.1 pOMPLETION TIME I

.:M-72 hours AND 3-1 O days from discovery of failure to meet LCO 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months from discovery of Condition B concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 24 hours (continued}

Amendment No. ~ I

ACTIONS (continued)

CONDITION I

REQUIRED ACTION I

B.

(continued)

~-~~--~~----NOTE--~---~-----~--

Not required to be performed when the cause of the inoperable DG is pre-planned maintenance and testing.

B.3.2.2 Perform SR 3.8.1.2 for OPERABLE DG.

AND B.4 Restore DG to OPERABLE status.

c IWQ Qffsite circuits CJ Decla[e regui[ed featuce(sl igogernble.

ioQQe[able wb~o its c~Q!.lilliaot ceguired

~atu(e(sl is ing12ernble.

AND C.2 BestQH~ ooe Qffsite cir.cuit to QEEB8BLE status.

HBRSEP Unit No. 2 3.8-4 AC Sources-Operating 3.8.1 COMPLEFION TIME I

96 hours0.00111 days 0.0267 hours 1.587302e-4 weeks 3.6528e-5 months 7days AND 8-.1Q__days from discovery of failure to meet LCO 12 bQUCS f[QOl diSCQV~~ Qf CQoditioo C CQ!JC!Jrrent with inQ(2~ribilitJ'. Qf redyngant [egyir~g features 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Amendment No. ++a I

ACTIONS (continued)

CONDITl~N D. Qoe Qffsite ci[cuit inoperable,

~

Qoe DG iooQernble.

E.

IwQ DGs io&iQerable.

G,E. Required Action and associated Completion Time of Condition A-ef...SA..

B, C. P. m E not met.

GG..

+wG-Three or more AC sources inoperable.

HBRSEP Unit No. 2 REQUIRED ACTION

---~----------~Q:IE:-------------------

Eote[ applicable CQoditiQDS and Beguiced 8ctioos of LCQ 3.8 9.

"Qistdbutioo S~stems - OQeratiog."

wbeo CooditiQD D is entered witb oo 8C. pQwer source to ao:x'. tcaio.

P.:l RestQre Qffsite QjrQuit to OPERABLE statu..s...

QB D.2 BestQre DG tQ QeEB8BLE status.

E.:l BestQre Qoe DG tQ QeEB8BLE status.

G,E.1 Be in MODE 3.

AND Gf.2 Be in MODE 5.

~lG+e eRtFJ1 iAte U:iis Re~l:liFed AstieA FJ:1ay be delayeEI ieF Re JFeateF tl=laR ~

l:lel:lFS 91:lFiRJ peffeFmaRse ef Re~1::1 i Fed,O.stieR 9. ~U aR9 Re~l:liFeEI AstieR e.~. 2. 2.

GG..1 Enter LCO 3.0.3 3.8-5 AC Sources-Operating 3.8.1 (continued)

CO~PLETION TIME 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months

12 bQU(S 2 bQUCS 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 36 hours Immediately Amendment No..++e I

SURVEILLANCE REQUIREMENTS SR 3.8.1.1 SR 3.8.1.2 SURVEILLANCE Verify corr~ct breaker alignment and indicated power availability for ~offsite circuit.

-~----~----~--~----NOTES~-~~--~---~-~-----

1.

Performance of SR 3.8.1. 7 satisfies this SR.

2.

All DG starts may be preceded by an engine prelube period and followed by a warmup period prior to loading.

3.

A modified DG start involving idling and gradual acceleration to synchronous speed may be used for this SR as recommended by the manufacturer. When modified start procedures are not used, the time, voltage, and frequency tolerances of SR 3.8.1. 7 must be met.

Verify each DG starts from standby conditions and achieves steady state voltage;;:: 467 V ands 493 V, and frequency ;;:: 58.8 Hz and s 61.2 Hz.

HBRSEP Unit No. 2 3.8-6 AC Sources-Operating 3.8.1 FREQUENCY 7 days 31 days (continued)

Amendment No. +:le I

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.8.1.15 (continued)

SR 3.8.1.16 SR 3.8.1.17 SR 3.8. 1.18

5. supplies permanently connected and auto connected emergency loads for ~ 5 minutes.

NOTE---------------

1. This Surveillance shall not be performed in MODE 1or2.

2. SR 3.8.1.16 is not required to be met if 4.160 kV bus 2 and 480 V Emergency Bus 1 power supply is from the start up transformer.

Verify automatic transfer capability of the 4.160 kV 18 months bus 2 and the 480 V Emergency bus 1 loads from the Unit auxiliary transformer to the start up transformer.

NOTE---------------------

All DG starts may be preceded by an engine prelube period.

Verify when started simultaneously from standby 10 years condition, each DG achieves, ins 1 O seconds, voltage

~ 467 V and frequency~ 58.8 Hz, and after steady state conditions are reachec;I, maintains voltage~

467 V ands 493 V and frequency~ 58.8 Hz and s 61.2 Hz.

NOTE----------------------------------

This Surveillance shall not be performed.lo MODE 1_Q_[

2.

Verify manual transfer of AC power sources fromJhe 16 months normal offsite circuit to each alternate offsite circuit.

HBRSEP Unit No. 2 3.8-12 Amendment No..+79 I to RNP-RA-17-0037 Technical Specification Bases Page Markups (For Information Only)

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating I

BASES BACKGROUND HBRSEP Unit No. 2 The unit AC Electrical Power Distribution System AC sources consist of the offsite power source~ (preferred power source,§), and the onsite standby power sources (Train A and Train B diesel generators (DGs)). As required by HBRSEP design criteria (Ref. 1), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems.

The onsite emergency AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to tfle-two preferred offsite power source§ and a single DG.

Offsite power is supplied to the unit switchyard(s) from the transmission network by multiple transmission lines. From the switchyard(s). two electrically and physically separated circuits provide AC power. through two dedicated startup traosJormers. tQ the 480 V ESF buses E1 and E2.

eo.th startup transformers are provided with a load tap changer. These load tap changers provide voltage regulation in the event of changing switchyard system voltage. Both load tap changers can be operated in manual or automatic modes. The 480 V ESE bus E1 is normally powered from the 115 kV switchyard through the dedicated 115 kV startup transformer. 4.16 kV bus 6 and station service transformer 2F The 480 V ESE bus E2 is normally powered from the dedicated 230 kV startup t@D.SiQrmer. 4.16 kV bus 9 and station service transformer 2G. The 4.16 kV b.uses 1. 23 and 5 are powered from the main generator via the auxiliary transformer and 4 16 kV bus 3 is powered from the 115 kV startup transformer via 4.16 kV bus 8 Following a generator lockout 4.16 kV buses 1 and 2 would automatically transfer to the 230 kV startup transformer via 4.16 kY bus 7 and 4. 16 kV buses 4 and 5 would automatically transfer to the 115 kV startup transformer via 4. 16 kV bus

.8...The 480 V ESF bus E2 is normally powered from the 115 kV switchyard through the startup transformer, 4.160 kV bus 3 and station service transformer 2G. The 480 V ESF bus E1 is normally powered from the turbine generator through the unit auxiliary transformer, 4.160 kV buses 1 and 2 and station service transformer 2F. A main generator lockout causes 4.160 kV buses 1 and 2 to be automatically transferred to the startup transformer which results in 480 \\I ESF bus E1 being supplied from the startup transformer.

(continued)

B 3.8-1 Revision No. 42

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES BACKGROUND (continued)

BACKGROUND (continued)

HBRSEP Unit No. 2 Should a failure of the startup transformer occur, a spare startup transformer located onsite can be jumpered into service. During the time that the startup transformer is out of service, the unit auxiliary transformer is capable of supplying power to the onsite distribution system while powered from the turbine generator or by back feeding the main transformer from the 230 kV Sl/Jitchyard. The unit auxiliary transformer powered from the turbine generator is not a qualified offsite circuit. Prior to back feeding the main transformer from the 230 kV s*.vitchyard, the generator must be disconnected from the main transformer by removing Upon a loss of either startup transformer. ESE bus E1 would be powered from the main generator through the auxiliarv transformer and 4.16 kV bus 2 via a 1JJ.aI1.Y.aUransfer. Upon a loss of the 230 kV startup transform.a ESE_b_us E2 wo_uld be manually transferred to the 115 kV startup transformer via 4.16 kV bus 3.

The unit auxiliarv transformer is capable of suoplying power to the onsite distribution system by back-feeding the main transformer from the 230 kV

§Witchyard in the event that both startup transformers are out of service, Prior to back-feeding the main transformer from the 230 kV switchyard. the generator must be disconnected from the main transformer by removing the connecting straps The main transformer back-feeding will only be gone during MODES 5 or 6 unless nuclear safety considerations require it tQJle done during MODES 3 or 4 On accordance with applicable Required Acti.ons) when no other offsite power SO!Jrces are available. A detailed description of the offsite power network and the circuits to..1tJ.e.£SF buses i.s._found in the UESAR. Chapter 8 {Ref. 2),

the connecting straps. The main transformer backfeeding

'Nill only be done during MODES 5 or 6 unless nuclear safety considerations require it to be done during MODES 2 or 3 (in accordance

'Nith applicable Required Actions) when no other offsite power sources are available. A detailed description of the offsite power network and the circuits to the ESf buses is found in the UF'8AR, Chapter 8 (Ref. 2).

An offsite circuit consists of all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite ESE buses. This includes the (continued)

B 3.8-2 Revision No. 42

AC Sources - Operating B 3.8.1 8 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES BACKGROUND (continued)

HBRSEP Unit No. 2 circuit path from the 115 kV switchyard up to and including the feeder breakers to ESF' buses E1 and E2 via the startup transformer, 4,160 V buses 2 and 3, and station service transformer 2G and 2F'.This includes the circuit path from the 115 kV swjtchyard up to and including the feeder breakers to ESE bus E 1 via the 115 kV startup transformer and station service transformer 2F and the circuit path from the 230 kV switchyard up to and including the feeder breakers to ESE bus E2 via the 230 kV startup transformer and station service transformeLZG...

Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the transformer supplying offsite power to the onsite Distribution System. Within 1 minute after the initiating signal is received, all automatic and permanently connected loads needed to recover the unit or maintain it in a safe condition are returned to service via the load sequencer.

The onsite standby power source for each 480 V ESE bus is a dedicated emergency DG. DGs A and Bare dedicated to ESE buses E1 and E2, respectively. A DG starts automatically on a safety injection (SI) signal (e.g., low pressurizer pressure or high containment pressure signals) or on an ESE bus degraded voltage or undervoltage signal (refer to LCO 3.3.5, "Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation"). After the DG has started, it will automatically tie to its respective bus after offsite power is tripped as a consequence of ESE bus undervoltage or degraded voltage, independent of or coincident with an SI signal. The DGs will also start and operate in the standby mode without tying to the ESE bus on an SI signal alone. Following the trip of offsite power, an undervoltage signal strips nonpermanent loads from the ESE bus. When the DG is tied to the ESE bus, loads are then sequentially connected to its respective ESE bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of the loss of preferred power, the ESE (continued)

B 3.8-3 Revision No. O

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES APPLICABLE SAFETY ANALYSES (continued)

LCO HBRSEP Unit No. 2

b.

An assumed loss of offsite AC power and a worst case single active failure.

The AC sources satisfy Criterion 3 of NRC Policy Statement.

+Re-Two qualified circuit,§ between the offsite transmission network and the onsite Electrical Power System and separate and independent DGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an anticipated operational occurrence (AOO) or a postulated OBA.

The qualified of:fsite circuit is.Qyalified offsite circuits are described in the UFSAR and ts-are part of the licensing basis for the unit.

The.++<;}-jJ..5.._kV to 4160 Vil~ startup transformer.and the 230 ~V o

4. 16 kV s_tartup traosformer must both be in service aRG-.as well as tne 4160 V4.16 kV buses 2-Q_and 3-.9.._as **.,.ell as theihe remainder of the off site circuit from the 4160 V1.16 kV buses ~and 3-.9Jo the 480 V buses E1 and E2 must be energized.

+Re-Each.offsite circuit is capable of maintaining rated frequency and voltage within acceptable limits, and accepting required loads during an accident, while connected to the ESF buses.

Offsite circuit #1 consists of the 115 kV startup transformer (including the load tap changer in the automatic or manual mode of operation) whjch is supplied from the 115 kV switchyard. and is fed through 4.16 kV breaker 52-36 powering station service transformer 2F. which. in turn. powers l;,S.E bus E 1 through its normal feeder breaker. Offsjte circuit #2 consists of t1J.e 2..3_0_K_V startup transformer {including the load tap changer in the automa~

QLillanual mode of gperation). which is supplied from the 230 kV switchyard. and is fed through 4.16 kV breaker 52-47 powering station service transformer 2G. which. in turn. pgwers ESE bus E2 through its normal feeder breaker In instances where the main generator output is (continued)

B 3.8-5 Revision No. Q

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES LCO (continued)

HBRSEP Unit No. 2 connected to the transmission system with one offsite circuit (startup transformer) out of service the load tap changer for the operable offsite circuit <startup transformer) must remain in automatic.

Each emergency DG must be capable of starting, accelerating to rated speed and voltage (within the tolerances specified in the associated surveillances), and connecting to its respective ESF bus on detection of bus undervoltage. This will be accomplished within 10 seconds. Each DG must also be capable of accepting required loads within the assumed loading sequence intervals, and continue to operate until offsite power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as DG in standby with the engine hot and DG in standby with the engine at ambient conditions. Additional DG capabilities must be demonstrated to meet required Surveillance.

Additionally, for a DG to be considered OPERABLE, the following protective trips must be bypassed to prevent a governor shutdown:

a.

Low lube oil pressure

b.

Low coolant pressure

c.

High coolant temperature

d.

High crankcase pressure

e.

Start failure - governor shutdown Proper sequencing of loads, including tripping of nonessential loads, is a required function for DG OPERABILITY.

The AC sources in one train are separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.

(continued)

B 3.8-6 Revision No. 28

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS HBRSEP Unit No. 2 A Note prohibits the application of LCO 3.0.4.b to an inoperable DG. There is an increased risk associated with entering a MODE or other specific condition in the Applicability with an inoperable DG and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.

To ensure a highly reliable power source remains with one offsite cjrcujt inoperable, it is oecessarv to verify the OPERABILITY of the remaining required offsite circuit on a more freauent basis. Since the Required Action

.QOIY specifies "perform." a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However. if a second required circuit fails SR 3.8, 1.1, the second offsite circuit is inoperable. and Condition C for two offsite circuits inoperable, is entered Required Action A.-1-i, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the.associated DG will not result in a complete loss of safety function of critical redundant required features.

These features are powered from the redundant AC electrical power train.

This includes motor driven auxiliary feedwater pumps. Single train systems, such as turbine driven auxiliary feedwater pumps, may not be included.

The Completion Time for inoperability of the offsite source is 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

The rationale for the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatory Guide 1.93 (Ref. 9) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable when two offsite sources are incorporated into the design, based upon the assumption that two complete safety trains are OPERABLE. When no offsite sources are OPERABLE, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate.The Completion Time (continued)

B 3.8-8 Revision No. Q

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 for Required Action A.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities This Completion Time also allows for an exception to the normal "time zero" for beainninq the allowed outage time "clock." In this Required Action. the Completion Time only begins on discovery that both:

a.

The train has no offsite power supplying it loads: and

b.

A required feature on the other train is inoperable.

If at ~my time during the existence of Condition A lone offsite circujt inoperable) a-1.edundant required fe_ature subsequently becomes jnoperable. this Completion Time begins to be tracked.

Discovering no offsite power to one train of the onsite emergency Electrical Power Distribution System coincident with one or more inoperable required support or supported features. or both. that are associated with the other train that has offsite power. results in starting the Completion Times for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to Train A and Train B of the onsite emergency Distribution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the component OPERABILITY of the redunds;int counteroart to the inoperable reguire9 feature. Additionally. the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into accou.oUM capacity and capability of the remaininSLAC sources. a reasonable time..J.Qr repairs. and the low probability of a OBA occurring during this period..

(continued)

B 3.8-9 Revision No. g

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 Operation may continue in Condition A for a period that should not mmeed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . IJVith the offsite circuit inoperable, the reliability of the,A,C power system is degraded, with attendant potential f.or a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE DGs are adequate to supply electrical power to the onsite Distribution System.According to Regulatorv Guide 1.93 <Ref. 9) operation may continue in Condition A for a period_that should not exc.eed 72 hoJ.irs. With Q& offsite circ_ujt inoperable. the reliability of the offsite system is degraded_.

.an.d the potential for a loss of offsite power is increas.ed. with a_ttendant potential for a challenge to the unit safety systems. In this Condlti.o.n..

bQwever. the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite emeraency Distribution System.

The 24-:zbhour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period.

The second Completion Time for Required Action A.4-.3._establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence offailing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 7 days. This could lead to a total of 8-J.Q,days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 7 days (for a total of +&-J.Ldays) allowed prior to complete restoration of the LCO. The 8-1.Q_day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and Bare entered concurrently. The "AND" connector between the 24-Z&hours and ~1Q_day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

(continued)

B 3.8-10 Revision No. e+

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 The Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuit~ on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

Required Action 8.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. Single train systems, such as turbine driven auxiliary feedwater pumps, are not included. Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable DG.

The Completion Time for Required Action 8.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on disco~ry that both:

a.

An inoperable DG exists; and (continued)

B 3.8-9a11 Revision No. &+

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating I BASES ACTIONS (continued)

HBRSEP Unit No. 2

b.

A required redundant feature on the other train (Train A or Train B) is inoperable.

If at any time during the existence of this Condition (one DG inoperable) a required feature subsequently becomes inoperable, this Completion Time would begin to be tracked.

Discovering one required DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the Completion Time for the Required Action. Four hours from the discovery of these events existing concurrently is Acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DG and offsite circuit~ is-are adequate to supply electrical power to the onsite Distribution System.

Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not been lost.

The 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period.

B.3.1. B.3.2.1. and B.3.2.2 Required Action B.3.1 requires performing SR 3.8.1.2 for the OPERABLE DG within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This action is required to confirm the remaining DG remains OPERABLE.

Required Action B.3.2.1 provides an allowance to avoid unnecessary testing of the OPERABLE DG. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If the cause of inoperability exists (continued)

B 3.8-12 Revision No. e+

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES I ACTIONS (continued)

HBRSEP Unit No. 2 not be performed if it has been successfully performed within the previous 24-hours, or if it is currently operating. Performance of SR 3.8.1.2 within the previous 24-hours meets the intent of REQUIRED ACTION B.3.1 or B.3.2 by providing reasonable assurance that the OPERABLE DG will perform its associated safety function.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the plant corrective action program will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition B.

According to Generic Letter 84-15 (Ref. 6), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG.

Operation may continue in Condition B for a period that should not exceed 7 days.

In Condition B, the remaining OPERABLE DG and offsite circuit§ are adequate to supply electrical power to the onsite Distribution System. The 7 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period.

The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet he LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to ~12_hours. This could lead to a total of 8-1.Q_days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the (continued)

B 3.8-14 Revision No. &+

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 DG restored OPERABLE, and an additional ~12..hours (for a total of 9-Jidays) allowed prior to complete restoration of the LCO. The 8-1.Q_day Completion Time provides a limit on time' allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 7 day and 8-JQ.day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

C.1 and C.2 If the inoperable AC electric power sources cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.Required Action C 1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety features The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power <Reauired Action A.2l. The rationale for the reduction to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatorv Guide 1.93 <Ref. 9) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for tw_o required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE. When a

@!J.CJ.lrrent redundant required feature failure exists, this assumption i$..IlQ1

~se. and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. T~

features are powered from redundant AC safetv trains. This includes motor driven auxiliary feedwater pumps, Single train features. such as turbine driven auxiliarv pumps, are not included in the list.

(continued)

B 3.8-15 Revision No. O

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 The Completion Time for Required Action C. 1 is intended to allow the operator time to evaluate and repair any discovered jnoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action the Completion Time only beings on discovery that both*

a All required offsite circuits are inoperable-and

b.

A required feature is inoperable.

If aUiny time during the existence of Condition C (two offsite circY.ils.

iooperable) a required feature becomes inoperable. this Completion Time b~qi n s to be tracked.

According to Regulatory Guide 1.93 <Ref. 9). operation may continue in Condition C for a period that should pot exceed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident: however the onsite AC sources have not been degraded This level of degradation generally corresponds to a total loss of the immedjately accessible offsjte power sources.

Because of the normally high availability of the offsjte sources. this leyel of degradation may appear to be more severe than other comb.inations of two AC sources inoo!llilble that involve one or more DGs inoperable. However.

two factors tend to decrease the severity of this level of degradation:

a.

The conf.iguration of the redundant AC electrical power system that rem..ains.-available is not su_s_ceptible to a single bus or switching failure* and

b.

The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source (continued)

B 3.8-16 Revision No. G

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 With both of the required offsite circuits inoperable. sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a OBA or transient. In fact a simultaneous loss of offsite AC sources a LOCA. and a worst case single failure were postulated as a part of the design basis in the safety analysis. Thus. the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design crjteria~

According to Refer:.e.nce 9. with the available offsite AC sources. two le_~

than required by the LCO. operation may continu.filQ_r 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If t'liQ offsite sources are restored withio-24 hours. unrestricted operation may continue. If only one offsite source is restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . power operation continues in accordance with Condition A D.1 and D.2 Pursuant to LCO 3.0.6. the Distribution System ACTIONS would not be entered even if all AC sources to it were jnoperable. resulting in de-eneraizatjon. Therefore the Required Actions of Condition Dare modified bv a Note to indicate that when Condition D is eptered with no AC source to any train. the Conditions and Require.O Actions for LCO 3.8 9.

"Distributi9.o_Systems - Operating." must be immediately entere_d. Thjs allows Condition D to provide requirements for the loss of one offsite cjrcuit and one DG. without reqa.r:QJo whether a ti:ain is de-eneraized. LCO 3.8.9 provides the appropriate restrictions for a de-eneraized train.

~inq to Requlatorv Guide 1.93 (Ref. 9). operation may continue in Condition D for a period that should not exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

(continued)

B 3.8-17 Revision No. G

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

HBRSEP Unit No. 2 In Condition p. individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power. however the reliability of the power systems in this Condition may appear higher than that in Condition C <loss of both required offsite circuits) This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time takes into account the capacity and capability of the remaining AC.

sources. a reasonable time for repairs. and the low probabjlity of a OBA occurring during this period.

With Train A and Train B DGs inoperable there are no remaining standby AC sources Thus. with an assumed loss of offsite electrical power.

insufficient standby AC sources are available to power the minimum required ESE functions. Since the offsite electrical power system is the only source of AC power for this level of degradation. the risk associated with continued operation for a verv short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability. which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power. however. the time all_g_wed for continue.d operation

~~rely restricted. Th_e intent here is to a.Y-oid the risk asso_ciated with ao_immediate controlled shutdown and to minimize the risk a.ssociated with tbis level of degradatm According to Reference 9. with both DGs inoperable. operation may continue for a period that should not exceed 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months .

(continued)

B 3.8-18 Revision No. G

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES ACTIONS (continued)

SURVEILLANCE REQUIREMENTS HBRSEP Unit No. 2 F.1 and F.2 If the inoperable AC electric power sources cannot be restored to OPERABLE status within the required Completion Time. the unit must be brought to a MODE in which the LCO does not apply. To achieve this status. the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable based on operating experience. to reach the required unit conditions from full power conditions in an orderly manner without challenging ptant systems.

Condition Q..G__corresponds to a level of degradation in which all redundancy in the AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. Therefore, no additional time is justified for continued operation. The unit is required by LCO 3.0.3 to commence a controlled shutdown.

Condition is modified by a Note which permits delaying entry into the Condition for no longer than 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months to permit the testing required by SR 3.8.1.2 for the OPERABLE DG since this testing renders the DG inoperable.

The AC sources are designed to permit inspection and testing of all important areas and features, especially those that have a standby function, in accordance with HBRSEP Design Criteria (Ref. 1).

Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions). The SRs for demonstrating the OPERABILITY of the DGs are consistent with the recommendations of Regulatory Guide 1.137 (Ref. 6), as addressed in the UFSAR.

(continued)

B 3.8-19 Revision No. G

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES I SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 Where the SRs discussed herein specify voltage and frequency tolerances, the following is applicable. The minimum steady state output voltage of 467 V is 97% of the nominal 480 V output voltage. It allows for voltage drops to motors and other equipment down through the 120 V level where minimum operating voltage is also usually specified as 90% of name plate rating. The specified maximum steady state output voltage of 493 Vis within the maximum operating voltage specified for the motors supplied by the 480 V subsystem. It ensures that for a lightly loaded distribution system, the voltage at the terminals of motors is no more than the maximum rated operating voltages. The specified minimum and maximum frequencies of the DG are 58.8 Hz and 61.2 Hz, respectively. These values are equal to +/- 2% of the 60 Hz nominal frequency and are consistent with the recommendations given in Regulatory Guide 1.9 (Ref. 7).

SR 3.8.1.1 This SR ensures proper circuit continuity for the offsite AC electrical power supply supplies to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source. The 7 day Frequency is adequate since breaker position is not likely to change without the operator being aware of it; and because its status is displayed in the control room.

(continued)

B 3.8-20 Revision No. dG

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.9 HBRSEP Unit No. 2 This Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source. This test verifies all actions encountered from the loss of offsite power, including shedding of the nonessential loads and energization of the emergency buses and respective loads from the DG. It further demonstrates the capability of the DG to automatically achieve the required voltage and frequency within the specified time.

The DG autostart time of 1 O seconds is derived from requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability is achieved.

The requirement to verify the connection and power supply of permanent and auto connected loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, emergency Core Cooling Systems (ECCS) injection valves are not required to be stroked open, or high pressure injection systems are not capable of being operated at full flow, or residual heat removal (RHR) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG systems to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Frequency of 18 months takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by three Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, (continued)

B 3.8-26 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES HBRSEP Unit No. 2 the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations. The reason for Note 2 is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. Note 3 to this SR permits removal of the bypass for protective trips after the DG has properly assumed its loads on the bus.

This reduces exposure of the DG to undue risk of damage that might render it inoperable.

SR 3.8.1.10 This Surveillance demonstrates that the DG automatically starts and achieves the required voltage and frequency within the specified time (1 O seconds) from the design basis actuation signal (LOCA signal) and operates for ~ 5 minutes. Stable operation at the nominal voltage and frequency values is also essential to establishing DG OPERABILITY, but a time constraint is not imposed. This is because a typical DG will experience a period of voltage and frequency oscillations prior to reaching steady state operation if these oscillations are not damped out by load application. This period may extend beyond the 1 O second acceptance criteria and could be a cause for failing the SR. In lieu of a time constraint in the SR, HBRSEP Unit No. 2 will monitor and trend the actual time to reach steady state operation as a means of assuring there is no voltage regulator or governor degradation which could cause a DG to become inoperable. The 5 minute period provides sufficient time to demonstrate stability. SR 3.8.1.1 O.d and SR 3.8.1.1 O.e ensure that permanently connected loads and emergency loads are energized from the offsite electrical power system on an ESF signal without loss of offsite power.

The requirement to verify the connection of permanent and autoconnected loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, ECCS injection valves are not required to be stroked open, or high pressure injection systems are not capable of being operated at full flow, or RHR systems performing a decay heat (continued)

B 3.8-21 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 removal function are not desired to be realigned to the ECCS mode of operation. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Frequency of 18 months takes into consideration unit conditions required to perform the Surveillance and is intended to be consistent with the expected fuel cycle lengths. Operating experience has shown that these components usually pass the SR when performed at the 18 month Frequency. Therefore, the Frequency was concluded to be acceptable from a reliability standpoint.

This SR is modified by three Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations. The reason for Note 2 is that during operation with the reactor critical, performance of this Surveillance could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and, as a result, unit safety systems. Note 3 to this SR permits removal of the bypass for protective trips after the DG has properly assumed its loads on the bus. This reduces exposure of the DG to undue risk of damage that might render it inoperable.

SR 3.8.1.11 This Surveillance demonstrates that DG noncritical protective functions (e.g., high coolant water temperature) are bypassed. A manual switch is provided which bypasses the non-critical trips. The noncritical trips are normally bypassed during DBAs and provide an alarm on an abnormal engine condition. This alarm provides the operator with sufficient time to react appropriately. The DG availability to mitigate the OBA is more critical (continued)

B 3.8-28 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 than protecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG. This SR is satisfied by simulating a trip signal to each of the non-critical trip devices and observing the DG does not receive a trip signal.

The 24 month Frequency is based on engineering judgment and is intended to be consistent with DG maintenance interval. The equipment being tested is a manually-operated switch. Therefore, Frequency was concluded to be acceptable from a reliability standpoint.

SR 3.8.1.12 This SR requires demonstration once per 18 months that the DGs can start and run continuously at full load capability for an interval of not less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , ~ 1. 75 hours8.680556e-4 days 0.0208 hours 1.240079e-4 weeks 2.85375e-5 months of which is at a load equivalent to 110% of the continuous duty rating and the remainder of the time at a load equivalent to the continuous duty rating of the DG. The DG start shall be a manually initiated start followed by manual syncroni;zationsynchronization with other power sources. Additionally, the DG starts for this Surveillance can be performed either from standby or hot conditions. The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual loading, discussed in SR 3.8.1.3, are applicable to this SR.

In order to ensure that the DG is tested under load conditions that are as close to design conditions as possible, testing must be performed using a power factor of~ 0.9. This power factor is chosen to be representative of the actual design basis inductive loading that the DG would experience.

The load band is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY. The 18 month Frequency takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

(continued)

B 3.8-.2.9 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 This Surveillance is modified by three Notes. Note 1 states that momentary transients due to changing bus loads do not invalidate this test.

Similarly, momentary power factor transients above the power factor limit will not invalidate the test. The reason for Note 2 is that during operation with the reactor critical, performance of this Surveillance could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and, as a result, unit safety systems.

Note 3 to this SR permits removal of the bypass for protective trips after the DG has properly assumed its loads on the bus.

This reduces exposure of the DG to undue risk of damage that might render it inoperable.

SR 3.8.1.13 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency within 10 seconds. The 10 second time is derived from the requirements of the accident analysis to respond to a design basis large break LOCA. Stable operation at the nominal voltage and frequency values is also essential to establishing DG OPERABILITY, but a time constraint is not imposed. This is because a typical DG will experience a period of voltage and frequency oscillations prior to reaching steady state operation if these oscillations are not damped out by load application. This period may extend beyond the 1 O second acceptance criteria and could be a cause for failing the SR. In lieu of a time constraint in the SR, HBRSEP Unit No. 2 will monitor and trend the actual time to reach steady state operation as a means of assuring there is no voltage regulator or governor degradation which could cause a DG to become inoperable. The 18 month Frequency is based on engineering judgment and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more (continued)

B 3.8-.3.Q Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BAS J S SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY. The requirement that the diesel has operated for at least 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months at full load conditions prior to performance of this Surveillance is based on manufacturer recommendations for achieving hot conditions. Momentary transients due to changing bus loads do not invalidate this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing.

SR 3.8.1.14 Under accident and loss of offsite power conditions, loads are sequentially connected to the bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents. The

+/- 0.5 seconds load sequence time setpoint tolerance ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF equipment time delays are not violated. Reference 2 provides a summary of the automatic loading of ESF buses.

The Frequency of 18 months takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems.

SR 3.8.1.15 In the event of a OBA coincident with a loss of offsite power, the DGs are required to supply the necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.

(continued)

B 3.8-.31 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 This Surveillance demonstrates the DG operation, as discussed in the Bases for SR 3.8.1.9, during a loss of offsite power actuation test signal in conjunction with an ESF actuation signal. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Frequency of 18 months takes into consideration unit conditions required to perform the Surveillance and is intended to be consistent with an expected fuel cycle length of 18 months.

This SR is modified by three Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations for DGs. The reason for Note 2 is that the performance of the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. Note 3 to this SR permits removal of the bypass for protective trips after the DG has properly assumed its loads on the bus.

This reduces exposure of the DG to undue risk of damage that might render it inoperable.

SR 3.8.1.16 Transfer of the 4.160 kV bus 2 power supply from the auxiliary transformer to the start up transformer demonstrates the OPERABILITY of the offsite circuit network to power the shutdown loads. In lieu of actually initiating a circuit transfer, testing that adequately shows the capability of the transfer is acceptable. This transfer testing may include any sequence of sequential, overlapping, or total steps so that the entire transfer sequence is verified. The 18 month Frequency is based on engineering judgementjudgment taking into consideration the plant conditions required (continued)

B 3.8-.3.2 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

HBRSEP Unit No. 2 to perform the Surveillance, and is intended to be consistent with expected fuel cycle length.

This SR is modified by two Notes. The reason for Note 1 is that, during operation with the reactor critical, performance of this SR could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and, as a result, unit safety systems. As stated in Note 2, automatic transfer capability to the SUT is not required to be met when the associated 4.160 kV bus and Emergency Bus are powered from the SUT. This is acceptable since the automatic transfer capability function has been satisfied in this condition.

SR 3.8.1.17 This Surveillance demonstrates that the DG starting independence has not been compromised. Also, this Surveillance demonstrates that each engine can achieve proper speed within the specified time when the DGs are started simultaneously. Stable operation at the nominal voltage and frequency values is also essential to establishing DG OPERABILITY, but a time constraint is not imposed. This is because a typical DG will experience a period of voltage and frequency oscillations prior to reaching steady state operation if these oscillations are not damped out by load application. This period may extend beyond the 1 O second acceptance criteria and could be a cause for failing the SR. In lieu of a time constraint in the SR, HBRSEP Unit No. 2 will monitor and trend the actual time to reach steady state operation as a means of assuring there is no voltage regulator or governor degradation which could cause a DG to become inoperable.

The 10 year Frequency is based on engineering judgment.

This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

(continued)

B 3.8-J.3 Revision No.

AC Sources - Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.18 REFERENCES HBRSEP Unit No. 2 Transfer of the ESE bus E1 power supply from 4 16 kV bus 6 to 4.16 kV bus 2 and transfer of tbe ESE bus E2 power supply from 4.16 kV bus 9 to 4.16 kV bus 3 demonstrates the OPERABILITY of the alternate circuit distribution network to power shutdown loads. The 18 month Frequency of the Surveillance is based on engineering judgment.

taking into consideration the unit conditions required to perform the Suryeillance and is intend.e..d to be consistent with expected fuel cyc;Le lengths. Operating experience has shown that these components usually pass the SR when performed at the 18 month Frequency. Therefore. the frequency w_as concluded to be acceptable from a reliability standpQinl This SR is modified by a Note. The reason for the Note is that. during operation with the reactor critical. performance of this SR could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and as a result. unit safety systems.

1.

UESAR, Section 3.1.

2.

UFSAR, Chapter 8.

3.

UFSAR, Chapter 6.

4.

UFSAR, Chapter 15.

5.

Generic Letter 84-15, "Proposed Staff Actions to Improve and Maintain Diesel Generator Reliability," July 2, 1984.

6.

Regulatory Guide 1.137, Rev. 1, October 1979.

(continued)

B 3.8-.3.4 Revision No.

B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources - Operating BASES REFERENCES (continued)

7.

Regulatory Guide 1.9, Rev. 3, July 1993.

AC Sources - Operating B 3.8.1

8.

Regulatory Guide 1.108, Rev. 1, August 1977.

9.

Regulatory Guide 1.93, Rev. 0, December 1974.

HBRSEP Unit No. 2 B 3.8-.35 Revision No. I

BASES ACTIONS A.2.1. A.2.2. A.2.3. A.2.4. B.1. B.2. B.3. and B.4 (continued)

I AC Sources - Shutdown B 3.8.2 but provides acceptable margin to maintaining subcritical operation.

Introduction of temperature changes including temperature increases when operating with a positive MTC must also be evaluated to ensure they do not result in a loss of required SOM.

Suspension of these activities does not preclude completion of actions to establish a safe conservative condition. These actions minimize the probability or the occurrence of postulated events. It is further required to immediately initiate action to restore the required AC sources and to continue this action until restoration is accomplished in order to provide the necessary AC power to the unit safety systems.

The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required AC electrical power sources should be completed as quickly as possible in order to minimize the time during which the unit safety systems may be without sufficient power.

Pursuant to LCO 3.0.6, the Distribution System's ACTIONS would not be entered even if all AC sources to it are inoperable, resulting in de-energization. Therefore, the Required Actions of Condition A are modified by a Note to indicate that when Condition A is entered with no AC power to any required ESF bus, the ACTIONS for LCO 3.8.1 O must be immediately entered. This Note allows Condition A to provide requirements for the loss of the offsite circuit, whether or not a train is de-energized. LCO 3.8.10 would provide the appropriate restrictions for the situation involving a de-energized train.

SURVEILLANCE SR 3.8.2.1 REQUIREMENTS HBRSEP Unit No. 2 SR 3.8.2.1 requires the SRs from LCO 3.8.1 that are necessary for ensuring the OPERABILITY of the AC sources in other than MODES 1, 2, 3, and 4. SR 3.8.1.16 and SR 3.8.1.18 &.are not required to be met since only one offsite circuit is required to be OPERABLE. SR 3.8.1.17 is excepted because B 3.8-30 (continued)

Revision No. e, 49 Amendment No. 490

DC Sources - Operating B 3.8.4 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.4 DC Sources - Operating BASES BACKGROUND HBRSEP Unit No. 2 The station DC electrical power system provides the AC emergency power system with control power. It also provides both motive and control power to selected safety related equipment and preferred AC instrument bus power (via inverters). As required by HBRSEP Design Criteria (Ref.1), the DC electrical power system is designed to have sufficient independence, redundancy, and testability to perform its safety functions, assuming a single active failure.

The 125 voe electrical power system consists of two separate and redundant safety related DC electrical power subsystems (Train A and Train B). Each subsystem consists of one station 125 voe battery, one primary (in service) battery charger for the battery, and all the associated control equipment and interconnecting cabling.

Two 100% capacity battery chargers are installed to support system operation. One charger is designated as the in service unit and the other is designated as the standby unit, which provides backup service in the event that the in service battery charger is out of service. If the standby battery charger is substituted for one of the in service battery chargers, then the requirements of redundancy between subsystems are maintained.

During normal operation, the 125 VDC load is powered from the battery chargers with the batteries floating on the system. In case of loss of normal AC power to the battery charger, the battery charger trips and the DC load is automatically powered from the station batteries. The in service unit automatically restarts and the standby unit requires a manual restart when power is restored. The manual restart is required due to capacity margin associated with the EOG.

The Train A and Train B DC electrical power subsystems provide the control power for its associated AC power load group, 4.16 kV switchgear,

£buses 1. 2, 3 and 4l, and 480 V breakers. The DC electrical power subsystems also provide DC electrical power to the inverters, which in turn power four of the eight instrument buses.

(continued)

B 3.8-38 Revision No. 4+

BASES I BACKGROUND HBRSEP Unit No. 2 Distribution Systems - Operating B 3.8.9 The onsite AC, DC, and AC instrurinent bus electrical power distribution systems are divided by train into t\\}'o redundant AC, DC, and AC instrument bus electrical power distribution subsystems.

The AC electrical power subsystem for each train consists of a primary Engineered Safety Feature (ESF) 480 V bus and secondary buses, distribution panels and motor control centers. Each 480 V ESF bus shares the common offsite source of power and is provided with a dedicated onsite diesel generator (DG) source. The 480 V ESF bus E2 is normally powered from the 115 kV switchyard through the startup transformer, 4.160 kV bus a and station service transformer 2G. The 480 V t:SF bus E1 is normally powered from the main generator through the unit main (auxiliary) transformer, 4.160 kV buses 1 and 2 and station service transformer 2F. /I, main generator lockout causes 4.160 kV buses 1 and 2 to be automatically transferred to the startup transformer which results in 480 V ESF bus El being supplied from the startup transformer. Should a failure of the startup transformer occur, a spare startup transformer located onsite can be jumpered into service. During the time that the startup transformer is out of service, the unit auxiliary transformer can supply power to the onsite distribution system by back feeding the main transformer from the 230 kV switchyard. Prior to back feeding the main transformer from the 230 kV switchyard, the generator must be disconnected from the main transformer by removing the connecting straps. The main transformer backfeeding will only be done during cold shutdown unless nuclear safety consideration require it to be done during hot shutdown when no other offsite power sources are available. If the offsite source is unavailable, the onsite emergency DG supplies power to the 480 V ESF bus. Control power for the 4.160 kV and 480 V breakers is supplied from the batteries.Each 480 V ESF bus ha_s_at least one separate and independent offsite source of p_ow..er..as_

w..elLas a dedicated onsjte diesel generator <DG) source. ~ach 480 V ESE bus is normally connected to a preferred offsite source. The 480 V ESF bus E1 is normally powered from the 115 kV switchyard through the 115 kV startup transformer and station service transformer 2F. The 480 V ESE bus E2 is normally powered from the 230 kV switchyard through the 230 kY startup transformer and station service transformer 2G. After a loss of the preferred offsite power source to either 480 V ESF bus, a manual transfer of ESF bus E1 to the unit auxi!iarv transformer is performed to maintain a redundancy of power sources. Upon a loss of_

the 230 kV stactup transformer. ESF bus E2 is transferred to the 115 kV startup transformer via 4,16 kV bus 3. If neither stactup trapsformer is available, the unit auxiliarv transformer can supply power to the entire onsite distribution system by backfeedinq the maioJransformer from the (continued)

B 3.8-65 Revision No. O

BACKGROUND (continued) 230 kV switchyard Prior to backfeedinq the main transformer from the 230 kV swjtchyard. the generator must be disconnected from the main transformer by removing the connecting straps The main transformer backfeedinq will only be performed during cold shutdown unless nuclear n~ogef0;~re:v:r:o~ce~a£e~v 1

~r1abi~:1f~f~ttsietsgur~esar:hen

!,Jnavajlable. the onsite emeraency DG supplies power to the 480 V ESF buses. Control power for the 4.16 kV buses 1. 2. 3 and 4 and 480 V breakers is SY.RPlied from the station batteries 'A' and 'B'. Additional description of this system may be found in the Bases for LCO 3.8.1, "AC Sources - Operating," and the Bases for LCO 3.8.4, "DC Sources - Operating."

The secondary AC electrical power distribution system for each train includes the safety related motor control centers, and distribution panels shown in Table B 3.8.9-1. The Auxiliary Feedwater (AFW) Header Discharge Valve to SIG "A", V2-16A and the Service Water System (SWS) Turbine Building Supply Valve (emergency supply),

V6-16C are powered from both Train A and Train B of the AC electrical bus distribution system by utilization of Automatic Bus Transfer (ABT) devices and molded case circuit breakers connected to each AC distribution train. Magnetic trip elements for these circuit breakers (two breakers per valve) provide circuit protection to prevent common mode failure (i.e., transfer of a fault from one electrical bus to the redundant bus) of both trains of the AC distribution systems.

The 120 VAC instrument buses are arranged in two load groups per train.

One load group is made up of two instrument buses normally powered from an inverter. The remaining load group is made up of two instrument buses powered from a constant voltage transformer powered from the associated AC emergency bus. The alternate power supply for the inverter supplied instrument buses and the constant voltage transformer supplied instrument buses is an AC source powered from the station AC power distribution system, and its use is governed by LCO 3.8.7, "AC Instrument Bus Sources - Operating."

There are two redundant 125 VDC electrical power distribution subsystems (one for each train).

The list of all required distribution buses is presented in Table B 3.8.9-1.

APPLICABLE The initial conditions of Design Basis Accident (OBA) and SAFETY ANALYSES transient analyses in the UFSAR, Chapter 6 (Ref. 1 ), and in the FSAR, Chapter 15 (Ref. 2), assume ESF systems are OPERABLE. The AC, HBRSEP Unit No. 2 DC, and AC instrument bus electrical power distribution systems are (continued)

B 3.8-66 Revision No. Q

TYPE AC buses DC buses AC instrument buses (IB)

Table B 3.8.9-1 (page 1 of 1)

Distribution Systems - Operating B 3.8.9 AC and DC Electrical Power Distribution Systems VOLTAGE TRAINA*

TRAIN B*

4160V 4.16 kV Bus ~§ 4.16 kV Bus d~

480V 480 V Bus E1 480 V Bus E2 125 v MCCA MCCB Distribution Panel Distribution Panel A

B 120V IB 1 IB3 IB2 IB4 IB 6 IB8 IB 7 (A & B)

IB 9 (A & B)

Each train of the AC and DC electrical power distribution systems is a subsystem.

HBRSEP Unit No. 2 B 3.8-77 Revision No. G I to RN P-RA-17-0037 UFSAR Page Markups (For Information Only)

8.2.2 Analysis HBR2 UPDATED FSAR The nominal switchyard voltages for the Robinson Plant are 115 kV and 230 kV. System Operations provides Robinson Plant with a voltage schedule which calls for the Robinson units, when operating, to maintain these vpltages within acceptable limits, as determined by both transmission system and plant auxil ~ary electrical system requirements.

Because of the close proximity of the Darlington County Internal Combustion Turbine Plant, the strong 230 kV and 115 kV transmission system connecting the area to the rest of the DEP system, and the location of capacitor banks throughout the system, adequate \\*oltage can be maintained at the switchyard to meet plant requirements. Should the system voltage begin to drop for any reason, capacitor banks in the affected area will come on line by automatic voltage control or by dispatcher inteF\\*ention. The system dispatcher closely monitors the plant 115 kV switchyard bus voltage and will be alerted to voltages outside acceptable limits (which are fixed through setpoint adjustments at the Energy Control Center) as determined by plant operating requirements.

The HBR 2 operators also monitor the voltage on the 115 kV and 230 kV switchyard busses by means of a-digital voltmeter,§ located in the HBR-2 Control Room. Control Room alarms (which are fixed through setpoint adjustments on the meter) are set to go off should the voltage fall below 100 percent or rise above 103.5 percent. In addition, loss of power to the monitor circuit,§ will also set off the alarm in the Control Room.

The Startup Transformers are equipped with Load Tap Changers <LTC) with automatic/manual control capabilities. Th_e. LTCs can autQmatically maintain the 4.16kV bus voltages aLthe__

required voltage regardless of variations in switchyard voltage. This minimizes the occurrence and effect of any overvoltage or degraded grid voltage on the plant electrical equipme...ol9.rui.

~f.e.ty related buses E1 and E2 for anticipated variations in switchyard voltage durinCLbQth_

DQ[ffial and emergency oper:_ati.Qo.s..

The Primarv LTC controller sends signals to the associated LTC to control voltage within the desired control band The control band was esta"blished to allow for oroper operation of the LTC controller while operating within the upper and lower system voltage limits, It has the abilitv to be configured to operate in both steady state voltage control definite time delay and fast voltage recoverv mode, The steady state definite time delay prevents unnecessarv LTC operations wrth slow voltage excursions of small magnitude, The fast voltage recoverv mode provides for rapid LTC response to larae grid transients, The fast voltage recoverv mode (sensing time of half a second and operation time of 2 seconds) provides acceptable voltage response for the worst case grid transients and plant trips, IheJlackup controller senses voltage at the same bus level as the primarv controller with a separate potential transformer. This allows for proper isQlation between the two cont[QJlers The

¥kup controller is wired in series with the primarv controller L TC raise and lower comma~

I.tlfil>..ackup controller functions to provide an "inhibit band" which is a sep9rate control band

~t just outside the normal control band. Should the sensed voltage vary outside this band, the

.Qacirup controller prevents the primary controller from issuing a rajse or lower command. In filk!.iti.Q.o here is an adjustable deadband that should voltage continue to rise, the backup controller is c_onfigured with the abilitv to issue a lower command to the L TC to bring the voltage back into normal operating range.

HBR 2 was constructed prior to the issuance of General Design Criteria 17. Therefore, a single 8.2.2-1 Revision No. 27-

HBR2 UPDATED FSAR HBR2 is equipped with two (2) startup transformers lone ( 1) 115 kV startup and one (1) 230 kV startup) which connects the multiple sources of offsite power to the onsite electric distribution system. Both the 115 kV startup and the 230 kV startup are capable of energizing Emeraency Buses E1 and E2 independently. Should a failure of either startup transformer occur, a spare startup transformer located onsite could be jumpered into service the other startup would be

~~l~f ~~~~~~ ~=

~t~ o:~~~~~~i~n ~s~. =During the time that the startup

~ ~~

c; i

, 0: C T :Jn4r ~Should HBR2 experience a failure of both startups. the Unit Auxiliarv Transformer <UATl could supply power to the onsite distribution system by back-feeding the main transformer from the 230 kV switchyard. Prior to back-feeding the main transformer from the 230 kV switchyard, the generator must be disconnected from the main transformer by removing the connecting straps. The main transformer backfeeding will only be done during cold shutdown unless nuclear safety consideration require it to be done during hot shutdown when no other power sources are available.

The spare startup transformer for Unit 2 is a spare unit stored onsite and has no wiring connections other than a cabinet heater to prevent accumulation of condensate in the control panel. A minimum of tv,ienty four hours is the estimated time required to temporarily connect the spare transformer for service. The type of failure of the normal startup transformer (i.e., fire, loss of duct bank, etc.) could cause this time to be greater. Approximately four hours is estimated to accomplish backfeeding the plant busses through the unit auxiliary transformer.

8.2.2-2 Revision No. ~

HBR 2 UPDATED FSAR 4400V Max#num Anowable load voruige Overvoltage "run back" Backup Controller Issue L TC lower Command 4325V

+---- 4290V - Overvoltage Limit {Backup Controller -

Block Raise Limit)

--** *........,.. -.. -*.. *-* 4224.3V - Upper Band Umit NomfnaJ 4160V H

Vott.>ge ConUOI Band (Pnmary Microconuon~)

-*.. *****-*-*--** *--****-***-.. --... -... -. 4095.7V-Lower Band Limit

....... -- 4030V - Undervoltage Limit {Backup Controller -

Block Lower Limit)

Voltage Lindi Band(Ba~up Conuotr.r)

- ---*---- 3l28V 4kV Bus 119 Low Transient Criteria (Upper Umlt)

H B. Robinson Unit 2 Duke Eneray UPDATED FINAL SAFETY ANALYSIS REPORT LTC OPERATING BANDS FIGURE 8 2.2-1 to RN P-RA-17-0037 Draft Revised UFSAR Figure, Electrical Distribution System (For Information Only)

~-------------------------------------------------------------------------------------------------------------------------------------------------------1 I

I I

lt. li;ut*" n cir.it lorm ~flour* c::1ni!Ot.-mnnri ulivl lh.-Mw11p1ac.me"f1 i5iF.V st:l11"9 lrensfotrne1 and llM "- 2lOkV Sbt1up tranalonNI IN iflablled t0T11 2311o.VQ DMLINOT~ alJMTT NCJU H L.ll'f: ZllloY l!I t4 2311.V STARTLP TlfftHSFQlllMf]I J' T HY*Z7/lli/4!11"9.4MYA WESfll~V~ ----.--[,IST 1151.V

......,,...U -**'""'

stPSA L.11 2Ja.V HollNTllAHSf'OlllHE1t~

l-331 MVA lP"H.&ettZ LV*ll.!11111/ZZ.512'.Z 1'4VA tE.-CHI

""'IN CCN.. 2

,---------<T 22tr.V, 11!14 Pf\\IA Z'I OISC SW* X SUf Z'>>

/l""*DlSC*SV*T*SlJl 139

~

9)11

)~

4.151.V 8u5 'l

~i'f o,.,

~c;v" OlsctlNNE1 l~lcr ll'

... ~"5:-:

STATION SEltvfCI SfATlON S[llYrc£ fYm2f 11WfSf"ORt£R ZJ TRAHSFCllMUI 2H

.. I..

52 29 fA- )N.D.

i =~~~-oo..,*~~.,,_---'"-"...;-.;..*...;*c..-.;.."----

.;..-c;.._**-..,b)--

ou:SE1.

2"11 CCNC... IOll l2'511 KV,41AV.ll.61ttl

"°'INlEHNi::E SN'£TT INJECTJ~ fl'U'4P 8 EMERGENCY DIESCL GEHERAltJI B lt2!1KYA.l& '8ttl H. B. ROBINSON UNIT 2 Carolina Power &: Light Company UPDATED nNAL SAfE1Y ANALYSIS REPORT ONE LINE DIAGRAM UNIT 2 AUXI LIARY DISTRIBUTION SYSTEM FIGURE 8.1.2-1A REVISION 28 L-------------------------------------------------------------------------------------------------------------------------------------------------------

v t e Letter Sequence Request
CAC:MG0276, (Open)
Initiation Request Acceptance... Supplement Administration Questions 12 April 2018 25 July 2018 18 April 2018 30 July 2018 Answers 16 May 2018 Results Approval... Other:
MONTHYEAR2018-05-16 [Table View]

RNP-RA/17-0037, License Amendment Request Proposing to Add a Qualified Offsite Circuit to Technical Specifications 3.8.1, AC Sources-Operating and the Use of Load Tap Changers in the Automatic Mode of Operation on the Startup Transformers

Text

SUBJECT:

Enclosure:

Subject:

SUMMARY

SUMMARY

Background

Navigation menu

RNP-RA/17-0037, License Amendment Request Proposing to Add a Qualified Offsite Circuit to Technical Specifications 3.8.1, AC Sources-Operating and the Use of Load Tap Changers in the Automatic Mode of Operation on the Startup Transformers

Text

SUBJECT:

Enclosure:

Subject:

SUMMARY

SUMMARY

Background

Navigation menu

Search