ML17300A470
| ML17300A470 | |
| Person / Time | |
|---|---|
| Site: | Palo Verde  |
| Issue date: | 08/25/1986 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML17300A466 | List: |
| References | |
| NUDOCS 8609170270 | |
| Download: ML17300A470 (20) | |
Text
Rev.
1, 9/9/86 STAFF EVALUATION OF OPERATOR PERFORMANCE,
- EOPS, AND THEIR RELATIONSHIP TO CEN-152 RELATED TO THE JULY 12, 1986 EVENT AT PALO VERDE NUCLEAR GENERATING STATION BACKGROUND Prior to licensing, Palo Verde implemented their emergency operating procedures (EOPs) based on CE generic guidelines, CEN-152.
On July 12,
- 1986, Palo Verde, Unit 1, experienced a reactor trip from 1005 power on a steam generator Lo-Flow signal.
The operating crew immediately implemented the Emergency Operations Procedure which directed them to enter the Diagnositc Flow Chart in an attempt to identify the cause of the trip.
The shift crew identified the initiating event to be a small break LOCA (SBLOCA).
Upon entering this procedure,
- however, the SBLOCA could not be verified and the crew was directed by the procedure to either return to the Diagnostic or enter the Functional Recovery Procedure (FRP).
The crew elected to return to the Diagnostic, at which point the Steam Generator (SG) pressure dropped below the MSIS setpoint.
The Diagnostic then led the crew to the correct diagnosis of an excess steam demand event.
The correct diagnosis was accomplished approximately seven minutes after the reactor trip.
STAFF EVALUATION In evaluating the event, the EOPs and crew response, the staff has identified several problem areas which may require further action on the part of the NRC and/or the licensee.
The staff based their evaluation on the following:
a.
The NRC requirements, following the TMI accident, for function oriented procedures, b.
Knowledge of the Combustion Engineering Guidelines, c.
Knowledge of the Palo Verde Emergency Operating Procedures
- Program, 8609 1 70270 8b09 1 0 PDR
- DOCK 05000528 8
PDR j
I d.
Review of the Post Trip Review Report, and e.
Conversations with both NRC regional personnel and plant operations personnel.
Staff comments and concerns are as foll.ows:
1.
The event was complicated by the loss of a nonvital bus, causing the loss of a number of containment indications.
These indications included temperature, humidity, sump level, and radiation.
According to discussions with plant personnel, having reached the point in the Diagnostic where reading of these parameters were called for, the control room supervisor (CRS) determined that, lacking this information, he would take the "conservative" approach and assume that these indications were high.
This led him to the SBLOCA procedure.
Subsequently, however, in reviewing the post trip report, it appeared that the course followed in the Diagnostic was the less conservative; the values of the parameters had to have been assumed low, or the decision point was simply bypassed
- to get to a diagnosis.
Regardless, the crew ended up in the SBLOCA procedure.
While the basis for the course taken in the Diagnostic is unclear, the decision to go on to an event procedure is called into question in the context of the CE Guidelines and plant commitments.
The specific references are as follows:
a.
According to the Combustion Engineering,(CE)
Guidelines (CEN-152) where "diagnosis is not possible,"
the Functional Recovery Procedure is used.
b.
A letter from E.E.
Van Brunt, Jr.
(APS) to G. Knighton (NRC), dated January 10, 1984 states that "If diagnosis is not possible the Functional Recovery Procedure will be implemented."
c ~
The Plant Specific Technical Guideline (PST-G) portion of the Procedures Generation Package (PGP) for Palo Verde states that "The Functional Recovery Procedure will be entered if one of the following exist:
(a)
The Diagnostic is unclear.
(b) A Recovery Operation does not sufficiently handle the situation.
(c) An unexplained loss of control of Safety Function has occurred."
d.
The Palo Verde training documentation states that the Functional Recovery Procedure is used where the "Diagnostic Flow Chart has been attempted and is unclear or leads to diagnosis the CRS knows is incorrect or incomplete."
e.
The Palo Verde Emergency Procedure Development program defines Functional Recovery Procedure as "A procedure designed to be used to maintain safety functions and stabilize the plant when a
specific event cannot be diagnosed, or.a recovery procedure cannot be implemented as designed."
Given the fact that a decision point was reached in the diagnostic where information necessary for diagnosis was not available, the staff position is that diagnosis was "unclear" and "incomplete",
and the appropriate response would be to proceed to the, Functional Recovery Procedure.
This is the sequence the staff would expect the operators to take, based on the requirements for a functional approach to accident mitigation, and the orientation of CEN-152, as committed to by the licensee.
Although for this particular event the consequences of proceeding to the SBLOCA procedure was
minimal, the staff is concerned that this may not always be the case.
This was, in fact, the underlying concern, based on the THI-2 event, that caused the staff to require function oriented procedures in the first place.
The decision not to use the FRP lends support to the Region's impression that the plant's philosophy regarding use of the FRP is to use it as a last resort.
In conversations with plant staff, it appears that the decision go to an optimal recovery procedure may, in part, be due to the belief that it does not matter ifyou go into the wrong optimal recovery procedure; the first step will kick you out if you are wrong.
Conceivably, this philosophy can result in taking inappropriate and unnecessary actions (especially with incomplete information from plant instrumentation),
or delaying appropriate actions while moving from one event procedure to another.
Since the general approach adopted by the licensee in dealing with the event appears to be in conflict with the referenced technical guidelines and with the documented plant philosophy, the NRC staff views this as a deviation from CEN-152 and the requirements for FRPs.
It is recommended that:
a ~
As a preliminary step before the staff determines
-the acceptability of the licensee's
- approach, the licensee should define clearly the conditions under which the FRP would be used and develop a policy (and technical basis) for those situations where decision points are unclear or necessary information is unavailable.
The licensee's description should also include a statement regarding how they addressed the "A" items that resulted from the staff audit of the Palo Verde
- EOPs, conducted in September 1984.
2.
When the reactor tripped, the operator entered the Diagnostic Flow Chart in an attempt to diagnose the initiating event which in this case was an Excess Steam Demand (ESD) Event.
The first attempt in the diagnostic evaluation process put the operator in the Small Break Loss of Coolant Accident (SBLOCA) procedure.
A major factor that led to the misdiagnosis of the event was a logic statement in the Diagnostic Flow Chart.
This statement 'determined if the steam generator (SG) pressure is less than the MSIS, and depending on the answer the operator can take two paths in the Flow Chart.
One path (SG pressure C MSIS) can lead to the ESD procedure and the other path (SG pressure ~j MSIS) lead to the SBLOCA procedure.
The Flow Chart logic is such that the ESD event could not be diagnosed until the SG pressure was less than the MSIS setpoint.
The Post Trip Review Report shows that the S.G.
pressure was decreasing during this event.
The use of the S.G.
pressure trend in the Diagnostic Flow Chart would have been a valuable aid to help diagnose the event.
While the generic guideline, CEN-152, does not explicitly state that parameter trends should be evaluated when diagnosing an event, it gives numerous examples in which parameters trends are considered to determine the event.
The lack of considering the trending of the steam generator pressure was one of the major factors in misdiagnosing the July 12, 1986 event.
It is recommended that a.
Palo Verde performs an analysis of the Diagnostic Procedure to determine if trending of Steam Generator Pressure should be incor-porated in the Flow Chart to help diagnose ESD events.
In addition the use of parameter trending for diagnosing other events should be considered.
b.
CEN-152 be changed to explicitly state that parameter trending should be used in diagnosing an event.
3.
As mentioned
- above, the loss of a nonvital bus caused the loss of a number of containment parameters.
Among these were containment temperature, humidity, sump level, and radiation.
During the event, when the operator was following the Diagnostic Flow Chart to determine the correct procedure to enter into, one of the logic statements required the operator to know whether or not the containment
- pressure, temperature,
- humidity, sump level, and radiation was increasing.
Four out of these five parameters were unavailable.
It is recommended that:
a.
Parameters and instrumentation that are key variables, especially those that are needed in the early stages of an event, be powered from a more reliable power supply.
b.
CEN-152 be revised to include statements to have reliable power supply for key parameters that are, used in the early stage of an accident, i.e., event diagnostics.
4.
Palo Verde's Diagnostic Flow Chart contains a number of logic statements to determine the correct procedure for mitigating the event.
Once the operator enters the Flow Chart, he will eventually be led to an event orientated procedure, that is, he wi 11 end up in a statement to tell him to go to the SBLOCA Procedure, Loss of FW Procedure, etc.
In the Diagnostic Flow Chart there is no logic statement or success path that will lead the operator to a statement that directs him to the Functional Recovery Procedure (symptoms orientated procedures).
The only way the operator can enter the Functional Recovery Procedure from the Flow Chart is if, in the operators opinion, the diagnostic is unclear, and he stops using the Flow Chart.
With no statement to direct the operator to the Functional Recovery Procedure (FRP) in the Diagnostic Flow Chart, the staff is concerned that the operator would be reluctant to stop using the Flow Chart, and enter the FRP.
In fact, it seems there would be a preference for the operator to continue to use a Flow Chart until he ended up in an event orientated procedure knowing that if it was the wrong procedure he would be kicked out of it.
This may be, in fact, what actually happened.
It is recommended that:
a.
Palo Verde Diagnostic Flow Chart be changed to include logic statements and success paths that will direct the operator to a statement that will send him to the Functional Recovery Procedure or define in the Flow Chart the conditions under which the Functional Recovery Procedure should be used.
5.
In the review of Palo Verde's Diagnostic Flow Chart it was noted that in a number of instances the Flow Char t has a statement that requires operator actions, i.e., trip turbine generator, trip reactor coolant pumps, etc.
This is different than the philosophy incorporated in CE
I, ~
generic guidelines, CEN-152.
The entry condition contained in CEN-152 is a reactor trip or a condition that requires a reactor trip.
Once this condition exists, CEN-152 requires the operator to perform the "Standard Post Trip Actions" which evaluate the status of each safety function, and provide immediate actions which can be quickly and easily performed to improve the status of safety functions in jeopardy.
Following the Standard Post Trip Actions, diagnostic actions are performed to determine the symptom set corresponding to the type of event which is transpiring.
Then the operator will select either the event orientated procedure (ORG) or the symptom orientated procedure (FRG).
In CEN-152, the Diagnostic Aides Section provides the operator with a set of symptoms that will assist him in logically selecting an ORG or the FRG.
The philosophy incorporated in the Diagnostic Aid Section is to analyze the symptom to determine the correct procedure to enter.
No operator actions are called upon or required in this section of CEN-152,
- whereas, in Palo Verde's Diagnostic Flow Chart, operators are required to perform actions while diagnosing the event.
The Palo Verde philosphy of the operator performing actions in the Diagnostic Flow Chart before the event is verified, leave open the possibility of the operator taking actions that might aggravate the situation, or taking actions that would not be taken in the procedure finally selected.
For example, in the July 12, 1986 event, all the reactor coolant pumps were tripped as required by the Diagnostic Chart before the operator was told to go to the. Small Break LOCA (SBLOCA) procedure.
When the operator entered the SBLOCA procedure, he could not
r J
h
verify that he had a
SBLOCA (as required by the SBLOCA procedure) and had to exit the procedure.
However, all the reactor pumps had been tripped.
The event was then correctly determined to be an Excess Steam Demand Event in which all the reactor pumps are not required to be tripped.
In reviewing Palo Verde's SBLOCA procedure to determine their compliance with CEN-152, and Palo Verde's Procedure Generation Package (PGP) with regard to tripping the reactor coolants pumps, the staff found that Palo Verde's SBLOCA procedures have the correct reactor coolant pump trip strategy (i.e., the operator is required to trip the reactor coolant pumps under certain conditions).
Hence, there is an inconsistency between what action the operator takes in the Diagnostic Flow Chart and what is required in the SBLOCA procedure.
In the Flow Chart, the operator is told to trip all reactor coolant
- pumps, and then enter the SBLOCA procedure, while in the SBLOCA procedure, all the reactor coolant pumps are tripped only under certain conditions.
It is recommended that:
a.
The Diagnostic Flow Chart delete the requirement to trip reactor coolant pumps.
This would make the Flow Chart compatible with SBLOCA procedure and the trip strategy incorporated in CEN-152.
b.
Palo Verde reexamined the need for all other statements in the Diagnostic Flow Chart that require operator actions and delete them if possible.
This would eliminate action statements in the Flow Chart that could be inconsistent with the selected recovery procedure, and leave the Diagnostic Flow Chart as purely a diagnostic which is consistent with the philosophy of CEN-152.
F 1
t 1
I 6.
Since a number of concerns were found in the Palo Verde Diagnostic Flow Chart (see above),
the Flow Chart was reviewed for compliance with GEOG gener ic guideline, CEN-152, and Palo Verde PGP.
It was found that the Diagnostic Aide Section (Section 3) of CEN-152 is written in such a way that any utility referencing this document in his PGP's can put anything he wishes in his plant specific procedure without identifying it as a
deviation from CEN-152.
CEN-152 uses words in their figures like "Possible version of...".
Also, the text contains this sentence "Each utility will decide, based on their own training programs and other plant specific considerations, what form this diagnostic section will take in their plant specific procedures."
It is recommended that:
a.
The Diagnostic Aides Section of CEN-152 be revised to eliminate.
the vagueness as to what should be included in the EOPs.
Words which can be construed to mean utilities do not have to comply with the section, should be deleted so deviations will be identified by utilities referencing CEN-152.
0