ML18052A359

From kanterella
Jump to navigation Jump to search
Auxiliary Feedwater Sys Reliability Analysis.
ML18052A359
Person / Time
Site: Palisades Entergy icon.png
Issue date: 03/21/1986
From:
CONSUMERS ENERGY CO. (FORMERLY CONSUMERS POWER CO.)
To:
Shared Package
ML18052A357 List:
References
NUDOCS 8603280238
Download: ML18052A359 (149)
v  d  e


Text

  • ATTACHMENT Consumers Power Company

-Palisades Plant Docket 50-255 AUXILIARY FEEDWATER SYSTEM RELIABILITY ANALYSIS March 21, 1986 8603280239 860321 PDR ADOCK 05000255 P PDR

  • IC0286-0001K-NL01 131 Pages

1.0 BACKGROUND

1 2.0 RELIABILITY ANALYSIS 2 2 .1 METHODOLOGY 2 2.2 FAULT TREES 3 2.3 CRITERIA AND ASSUMPTIONS 4 2.4 DATA SOURCES 5 2.5 CORRECTIONS TO FAULT TREES 5 2.6 RESULTS 7 3.0 MSLB AFW MODEL 9

4.0 CONCLUSION

S 13

5.0 REFERENCES

14 APPENDICES A. SYSTEM UNAVAILABILITY RESULTS B. MSLB AFW MODEL CUTSETS

c. FIGURES AND DRAWINGS D. HARDWARE FAULT TREE E. TEST AND MAINTENANCE FAULT TREE F. ELECTRICAL FAULT TREES G. DATA
  • IC0286-0001K-NL01

1

1.0 BACKGROUND

As a result of the Palisades Main Steam Line Break submittal, concern has been raised, by the NRG, regarding the adequacy of the existing Palisades auxiliary feedwater system (AFW). This concern is based on the evaluation of the AFW model used in the Main Steam Line Break (MSLB) submittal. Because of the importance of the issue, this report was created to clarify any potential misinterpretation of the results of the AFW system model analysis included in the MSLB submittal. The intent of this report is to provide information in support of the position that the AFW system model, as used in the MSLB submittal, should not be construed to represent the reliability of the system. This report focuses on two main elements 1) an analysis which more closely represents our state of knowledge regarding the reliability of the AFW system design and operation, and 2) a discussion of the results derived for the MSLB AFW model and why a significant portion is inappropriate in the context of the overall system reliability (refer to sections 2.1 and 3.0) .

  • In order to accomplish item 1), a separate analysis of the AFW system was conducted using the guidelines of NUREG-0635. The reasons for using NUREG-0635 are; a) to maintain consistency in the method of analysis (the system has undergone two previous analyses using these criteria).

b) the system has been significantly modified since the first analysis, using the same criteria allows direct comparison of the new results to the original results.

c) the results of the new analysis can be compared to the results for other plants already analyzed using the same criteria.

As indicated in a) above, two previous reliability analyses have been conducted. The purpose of the second analysis was to demonstrate the level of increased reliability attainable from proposed modifications to the system. A recent review of this second analysis showed that the fault tree models already developed could be used for an analysis of our existing system. Necessary corrections and alterations to the models were made and are identified in section 2.5.

As indicated in b) above, modifications to the system to improve reliability by minimizing the failure effects of human error, common causes, and single- or double-point vulnerabilities were completed after NUREG-0635 was published. Therefore, the results obtained by the original analysis are no longer accurate. Several of the significant modifications are listed below.

IC0286-0001K-NL01

2

  • 1.

2.

Addition of a third dedicated AFW pump.

Manual or automatic flow initiation on receipt of low steam generator water level, and manual or automatic isolation of the depressurized steam generator following secondary system line breaks.

3. Safety grade AFW flow indication to the main control room.
4. Redundant emergency power supply for the electrical equipment, instrumentation, and control circuits associated with the modifications.
5. Testability of AFW control circuits.
6. Seismic and environmental qualification to meet applicable Palisades guidelines.

2.0 RELIABILITY ANALYSIS 2.1 METHODOLOGY Fault tree analysis was used to identify those potential failures that could be chief contributors to AFW system unreliability during the three transient conditions listed below .

LMFW/LOOP - LMFW with concurrent reactor trip and loss of offsite power (LOOP). Onsite emergency power sources remain available.

LMFW/LOAC - LMFw and concurrent loss of all alternating current power (LOAC), except that which is battery derived.

The model used in the current analysis is not the same as the model used in the MSLB submittal. The reasons for using a different model are detailed below.

1) The time interval of interest as stated in NUREG-0635 is the unavailability of the AFW system during period of time to boil the steam generator dry which for Palisades has been established as 15 minutes. The model used in the MSLB submittal is based on a 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> mission time and therefore introduces significant contributions from failures of the system to continue to function *
  • IC0286-0001K-NL01

3

  • 2) The model used in the MSLB submittal is a modified version of the complete AFW fault tree. A discussion of the differences is provided in section 3.0 "MSLB AFW Model". However, a major difference in the models is due to an arbitrary assumption that the failed steam generator was unavailable. This assumption effectively eliminates the redundancy in flow paths from the AFW pumps to the steam generators.
3) The level of detail in the current plant model goes well beyond the level of detail prescribed by NUREG-0635. Since part of the concern is based on the degree of reliability as compared to other plants or proposed goals, it was decided that the reliability analysis should be completed in a manner that allows such comparisons.

As additional insight, each model was evaluated with two sets of data. The first set of data is generic as provided by NUREG-0635. The second set includes plant specific data where such data was available. When plant specific data was not available, generic data was used. This allows comparison of the relative impact of the use of plant specific data to generic data.

Analysis of the fault trees was conducted using the WAMCUT computer code .

  • 2.2 FAULT TREES Three fault tree models were used. The fault trees include random failures of electrical and mechanical components and the effects of testing and maintenance, and human error. The fault trees are shown in appendices D, E, and F.

Th.e trees were examined for causes of specific component failure modes and evaluation of their likelihood of occurrence. The causes considered were:

Random independent failures; Test and maintenance; and Human error.

Each of the three master trees was developed for the loss of main feedwater (LMFW) transient condition. For other transient conditions - LMFW with loss of offsite power (LMFW/LOOP) or LMFW with loss of all alternating current power (LMFW/LOAC) - some systems or components are unavailable. Those systems or components were deleted before analysis.

NUREG-0635 was used to establish the top event of the master fault tree, set the initiating events, and as the basic guide for the analysis. The top event is taken from NUREG-0635 which states;

  • IC0286-0001K-NL01

4

  • The time interval of interest for all transient events considered is the unavailability of the auxiliary feedwater system during the period of time required to boil the steam generator dry. (Reference 2, page III-10)

The fault tree models were peveloped assuming statistical independence for hardware/operator failures, human error, and test and maintenance failures.

2.3 CRITERIA AND ASSUMPTIONS The following analytical criteria and assumptions were used.

  • AFW system availability is defined as successful system startup within the steam generator boil dry time of 15 minutes.

The availability conditions for AFW system power sources during the analyzed transients were as follows;

1) LMFW - All alternating and direct current power available.
2) LMFW/LOOP - Two diesel generators and battery backup available.
3) LMFW/LOAC - Direct current and battery-backed alternating current available (instrument and control power available only)

Although water from the fire protection system and service water system is available to backup the AFW system condensate storage tank, these sources were not considered in the fault tree analysis.

All component and operator actions were assumed to be either successes or failures. No partial successes were considered.

Top event failure probability will be calculated by summing the failure probabilities from hardware, test and maintenance, and human error contributions. The probabilities for each category are rare event approximations.

Human error probability has been considered in the Hardware and Test and Maintenance fault trees.

Component outage due to maintenance will only be considered for active components (pumps, control valves, etc). Maintenance on manual valves is considered negligible *

  • IC0286-0001K-NL01

5

  • 2.4 DATA SOURCES Data used for the component failure rates in the hardware and test and maintenance trees was taken from the NRC .data found in Appendix III, Table III-3 of NUREG-0635. Electrical tree component data was taken from IEEE Std 500. Human error probabilities were drawn from NUREG-1278 and NUREG-0635. Specific component failure data is listed in Appendix G.

2.5 CORRECTIONS TO FAULT TREES As part of the preparation for this analysis, the fault trees utilized in the second reliability analysis were reviewed for accuracy. Several discrepancies were identified and corrected.

Changes made are indicated on the fault trees and discussed below.

2.5.1 Hardware fault tree

1) Operator errors had been treated as independent events. Since each operator error in this tree involved operator response to a failure of the automatic initiation of the system, it was decided that a high degree of dependence was involved. Based on this decision, all operator actions were grouped into three basic types; a) failure to actuate the system from the control room, b) failure to actuate the system locally, and c) failure to manually operate components.
2) T~e original hardcopy of the model did not identify the primary events representing the failure of pref erred ac power for instrumentation and control. These events were added to the model.
3) The failure mode for the motor-operated valves in the AFW flow paths was originally identified as fail to open. These valves are normally open and should be identified as fail to remain open. The correction to the fault trees did not get accomplished. However, in the examination of the system cutsets it was noted that the failure of these valves did not contribute significantly to the system unavailability.

Therefore, no corrections were made since the only impact was a slight conservatism in the numerical results and relative ranking of cutsets of intermediate to low contribution.

2.5.2 Test and maintenance fault tree

1) As in 2.5.1 (1) above, the human error associated with restoration of the outlet valves from the condensate storage tank to the AFW pumps was treated as independent for each valve. Because of the location and basis for restoration (ie if isolation was necessary at that point then both valves must be closed and restored), the separate events were combined into one.

IC0286-0001K-NL01

6

  • 2) Credit was taken for a manual valve which bypasses the pressure control valve in the steam line to the turbine-driven pump.

The current PRA model does not take credit for successful operation of this valve. While it may be possible to control steam inlet pressure to the turbine driver by manually regulating a gate valve, the ability to do this efficiently and consistently has not been demonstrated and it was deleted from the model.

3) In several cases, maintenance on valves was included when a) it is not physically possible to isolate these valves during power operation or b) isolation would disable 2 of the 3 pumps which is not allowed by Technical Specifications. Each of these valves was removed from the WAMCUT input deck and are shown lined-out in the model in Appendix E.

2.5.3 Electrical_ fault trees.

The majority of the failure probabilities for electrical components were derived by treating the components as standby with a monthly testing interval. Since several. of the components are performing their normal function and failures associated with them would be immediately detectable, while this treatment is inaccurate its importance was not obvious. Since the failure of power is represented in the master tree as basic events with a probability

  • derived from the output of the evaluation of the appropriate electrical tree, the impact of this treatment was determined by reevaluating the electrical trees and by examining the cutsets from the three transient cases using generic data to determine the importance of loss of power as a contributor to system unavailability.

The reevaluation of the electrical trees was accomplished by changing the failure probability of components which do not experience demands to probabilities of mission time failures of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> (first reevaluation) and 15 minutes (second reevaluation).

In general the changes resulted in reduced unavailabilities for the electric power sources.

The examination of system cutsets disclosed that the only case where the failure of electric power was identified as a significant contributor (>1%) to system unavailability was for the transient initiator loss of main f eedwater with concurrent loss of offsite power. In this case, the failure of bus lD and/or bus lC contributed substantially to the system unavailability. However, the change in unavailability (using 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> or 15 minute mission times) for these buses under loss of offsite power conditions was insignificant (changed from 3.06E-02 to 3.05E-02). The reason for the lack of difference is that the dominant failures for these buses tinder loss of offsite power are actual demand failures of the diesel generators and their output breakers *

  • IC0286-0001K-NL01

7

  • Based on these results, the system fault trees were not rerun with the revised electrical failure data. The results from the analyses with the initial electrical data were retained while recognizing that they were numerically conservative with respect to the electrical failures.

2.6 RESULTS The results of the analyses of the system fault trees are included in Appendix A and are discussed in the following sections. The information provided in Appendix A is arranged as follows.

Page 1 is a presentation in table form of the numerical unavailabilities of electrical power and the system for each transient case analyzed for both generic and plant specific data.

The contributions from hardware, maintenance, and human error were derived by an arbitrary reorganization of cutsets. The reorganization was completed by 1) moving all cutsets containing an operator error to a separate group (human error), 2) of the remaining cutsets any which incuded maintenance were separated into another group (maintenance), and 3) the remaining cutsets were identified as hardware.

The remainder of the Appendix is comprised of listings of the cutsets for each transient case. Pages two through seven involve

  • the output from the use of generic data. Pages eight through thirteen is the output from plant specific data. For each type of data, three pages represent unavailabilities from the master hardware tree for each transient and three pages for unavaila-bilities from all considerations for each transient. 'Each page includes a listing of dominant cutsets and the contribution of each (cutset unavailability/system unavailability) and a listing of the basic events which contribute substantially to the system unavailability (sum of the unavailabilities of the cutsets containing the basic event/system unavailability).

2.6.1 Results from Generic Data Evaluation 2.6.1.1 General Results The analysis indicates the factor having the greatest impact on the unavailability in all three cases was failure of the relief valve at the discharge of pumps P8A and P8B failing to remain closed, either as a single or in combination with the unavailability of pump P8C or its flow paths. Other significant contributors are: failure of P8C either as a pump failure or due to loss of bus lD; maintenance on control valves or check valves; operator error; and various causes of P8C or P8B pump trains (ie maintenance, power failure, or valve failures) *

  • IC0286-0001K-NL01

8

  • 2.6.1.2 Loss of Main Feedwater The dominant failure modes for this transient are double faults.

The most significant cutset contribution is the failure of the pump discharge relief valve to remain closed and the failure of P8C to start. The relief valve failure represents the common mode failure of pumps PSA and P8B. Primary event contributors in order of significance are: failure of the relief valve; failure of P8C to start; maintenance on control valves, check valves and PSC; and operator errors involving restoration of valves after testing or maintenance.

2.6.1.3 Loss of Main Feedwater/Loss of Offsite Power The dominant failure modes for this transient are also double faults. The most significant cutset contributor is the relief valve and the loss of power to PSC. Primary event contributions in order of importance are: the relief valve; loss of power from bus lD; PSC fail to start; loss of power from bus lC; maintenance on control valves, check valves, or PSC; operator restoration errors; and maintenance on PSB, a pressure regulating valve, and a check valve.

2.6.1.4 Loss of Main Feedwater/Loss of all AC The dominant failure modes for this transient are single faults. The dominant contributors are: the relief valve; maintenance on P8B, its check valve,*and its pressure regulating valve; and P8B fails to start and operator restoration errors.

2.6.2 Results from Plant Specific Data Evaluation 2.6.2.l General Results The failures representing the largest contribution to unavailability in all three transients is pump fails to start. Other general contributors are: the relief valve failing to remain closed; failure of the auto start circuitry and the operator error associated with placing the system in service.

2.6.2.2 Loss of Main Feedwater The dominant failures modes for this transient are triple faults.

The most significant contribution is made by the first cutset (approximately 24%). This cutset represents the combination of all three pumps failing to start. The more important primary event contributions in order of significance are: P8C fails to start; P8A fails to start; P8C fails to start; the relief valve fails to remain closed; and failure of the auto start circuit and the associated operator error in response to the failure of the start circuitry .

IC0286-0001K-NL01

9

  • 2.6.2.3 Loss of Main Feedwater/Loss of Offsite Power The dominant failure modes for this transient are again triple failures. The largest contribution to the system unavailability (approximately 47%) is identified in the first four cutsets. These cutsets represent failure of all three pumps. They include combinations of pumps failing to start and loss of power to P8A and/or P8C. The significant primary event contributions include:

P8B fails to start; loss of power from bus lC; loss of power from bus ID; P8C fails to start; and ~BA fails to start.

2.6.2.4 Loss of Main Feedwater/Loss of all AC The dominant contributors to this transient are single faults. The most significant contribution is the failure of P8B to start (approximately 72%). Other contributors are: maintenance on P8B, its steam pressure regulating valve, or its discharge check valve-;

and operator restoration errors associated with test and maintenance.

2.6.3 General Conclusions In comparing the results from generic data versus plant specific data, the calculated system unavailability is not significantly different. The major difference in the results was a reorganization of the importance of the primary events in their contribution to the system unavailability. In the analyses using generic data, the failure of the pump discharge relief valve for P8A and P8B is the dominant contributor in both cutset and primary event contribution.

For analyses using plant specific data, the combination of all available pumps failing to start is the dominant contributor in both cutsets and primary event contribution.

In evaluating the results from the analyses using plant specific data, no serious deficiencies were identified. There were no single point vulnerabilities associated with hardware or maintenance identified. Any further changes considered should be made only after careful evaluation of costs, benefits and importance in relation to the results of the analysis of the plant integrated risk model.

3.0 MSLB AFW MODEL In this section, the reliability of the auxiliary feedwater system as developed for examination of main st.earn line break issues is discussed (ref CPC to NRG May 23, 1985). The purpose of the main steam line break logic models was to determine the risks associated with steam generator blowdown events and to determine the benefits of various backfits being proposed to minimize these risks. In this regard," assumptions were made that significantly alter the system IC0286-0001K-NL01

  • i

10

  • configuration (ie eliminated redundant portions of the system) and therefore bias the numerical results of the analysis in a way that make it inappropriate to use these logic models for comparison with other risk based AFW reliability analyses such as that presented in the preceding section. Some of the more significant assumptions include:

those particular to the main steam line break transient which artificially enhance the benefits of some of the proposed backfits, those conservative with respect to system reliability that had no affect on the outcome of the main steam line break analysis and were therefore left uncorrected, the exclusion of any repair or recovery of failed hardware and an explicit attempt to model common cause events (those component failures which result from common manufacturer, function, etc).

The auxiliary feedwater cutsets extracted from the main steam line break report are included in appendix B. They are rearranged into sections to permit an understanding of the contributors to AFW failure (as developed in that specific evaluation) and to identify where the assumptions outlined above had an effect. A brief

  • description of these cutsets follows including a discussion of their contribution to AFW unavailability.

The first group of cutsets include those independent to the auxiliary feedwater system. The independent module (AUX3IT) will be discussed in detail later. The remaining cutset contains a single operator error - AFVOT - which represents failure to increase the flow to the intact steam generator. This cutset results from the assumption that the failed steam generator is isolated following the steam line break event and remains disabled as a viable heat sink throughout the transient. In reality, feedwater can be supplied to this generator, particularly during non-steam line break transients and this operator error should not be a single. In the normal system configuration - AFVOT - would be part of group of doubles in which the second event represented the failure of the redundant flow path from a given pump train. This cutset, therefore, is a result of assumptions made that are peculiar to the steam line break evaluation. Additionally, preliminary analyses in support of the upgrade of emergency procedures indicate that the flow supplied automatically through a single AFW train may be sufficient for decay heat removal.

The second group of cutsets are associated with makeup to the condensate storage tank. Given that there is normally several hours of condensate available in the tank, these failures are more closely associated with the long term functioning of the auxiliary feedwater system than the failures which would be identified in other reliability analyses (such as NUREG 0635). This part of the steam IC0286-0001K-NL01

11

  • line break analysis did not take credi~ for operator action to supply makeup from available systems including service water and the fire system, as outlined in plant procedures. In the normal system configuration with service water and fire water included as backups, these cutsets would become substantially lower in their contribution to the system unreliability. These cutsets, Xherefore, are a result of simplifying assumptions made with respect to auxiliary feedwater reliability that had little effect on the outcome of the steam line break evaluation.

The last group of cutsets identify power dependencies coupled with failures of pumps and flow control valves. The AC power system failures involve disabling of an emergency bus (Bus lC) which in these models is assumed to take out one motor driven pump and the air pressure to steam supply valves for the steam driven pump. The models conservatively ignore the nitrogen backup to instrument air supply to the steam driven pump valves as well as the ability to operate these valves locally by hand. In the normal system configuration these cutsets would be ANDED with failures of the turbine driven pump train or an operator action to manually admit steam to the pump. Consequently, these cutsets result from uncorrected assumptions which had no affect on the outcome of the steam line break study plus a lack of accounting for repair and recovery actions. Additionally, two of the cutsets contain flow control valve failures which, like AFVOT discussed above, appear because it is assumed that only one steam generator is available.

  • In the normal system configuration these cutsets would also include failures of the redundant flow path from the respective pump train.

The cutsets which remain are those which make up the independent module, AUX3IT, introduced above. The first group presented are those associated with the attempt to explicitly quantify common cause failures in the steam line break evaluation. Common cause events were developed for various classes of equipment in the AFW system including the pumps, air operated valves, and instrumentation required to actuate the system. Generic industry data was used to quantify these events and they end up making up the bulk of the independent module in terms of its probability. Setting the appropriateness of these values aside, there are a number of features of the plant design which deserve some discussion for which credit could be taken to mitigate these failures. Diversity in the pump design has been provided by including both turbine and motor drivers, for example. Also, the motor driven pumps are located in separate areas of the plant minimizing location dependencies.

Failure of flow controllers and instrumentation can be overcome by operator action to maintain level in the steam generators rather than concentrate on AFW flow only. In addition, the valves themselves can be operated locally if necessary *

  • IC0286-0001K-NL01

12

  • The next cutset is associated with spurious FOGG actuation (Feed Only Good Generator). The assumption that only one steam generator is available enters in to the generation of this cutset. Given that two steam generators are normally available this cutset should be ANDED with failures of components in the other flow trains. In the normal system configuration, this event would be represented by a group of triples involving spurious actuation AND failure of two flow paths. Additionally, it should be noted that FOGG signals for the two steam generators are interlocked such that FOGG isolation of one generator precludes this spurious FOGG signal for the other generator. This interlock was not included in the steam line break logic.

The next group of forty cutsets involve the loss of both flow paths to the unaffected steam generator. Again, this is a set of failures which results from assuming that only one steam generator is available as a heat sink throughout the transient. These cutsets should in fact be coupled with corresponding failures in the flow paths to the other steam generator. In the normal system configuration these cutsets would change to 3d and 4th order cutsets which represent combinations of a pump train and two flow paths; or four flow paths; or three flow paths and an operator action.

The next cutsets deal with the potential for flow diversion in the AFW pump suction. In fact, these failure modes are incorrect. A conservative assumption was made that a Y-strainer in the suction line to the AFW pumps, if left open following maintenance could lead to sufficient diversion of condensate to fail a portion of the system. Subsequent investigation reveals that the line from the strainer is small and will not divert sufficient flow to cause pump suction to drop significantly, is not only valved but capped, and if it were to be left open would result in condensate to pour on the floor of the turbine building where it would be difficult not to notice. These cutsets are a result of conservative modeling

  • assumptions that had no affect on the outcome of the steam line break evaluation and were left uncorrected in the analysis. .This failure mode has been deleted from the model.

The next group of cutsets represent human error in the calibration of instrumentation associated with AFW pump and flow control valve operation. Similar to the common cause failure of flow control

.instrumentation, miscalibration of this equipment will result in the operator taking feedwater flow control into manual in order to maintain steam generator inventory. This recovery action was not included in the steam line break logic. The pump suction pressure miscalibration should be a single event (as was noted in the staffs review of these cutsets). Nevertheless, it should be noted that testing of these instruments independent of their calibration occurs frequently during pump surveillance tests. Further, even if these monthly surveillances were to fail to uncover the deficiency, normal operator response to low suction trip of the AFW pumps would be to provide fire or service water pressµre to the pump s.uction

/". IC0286-0001K-NL01

13

  • effectively eliminating the low pressure condition. Additionally, steam supply to the turbine driven pump can be provided locally even in the presence of a low suction signal. Again, recovery actions such as these were not incorporated in the steam line break models.

The final group of cutsets found in the independent module are the random pump and valve failures similar to those associated with the reliability analysis presented in the preceding section.

Given the preceding discussion, it should be clear that the main steam line break logic models were not developed with the intention of demonstrating the overall reliability of auxiliary feedwater.

Assumptions specific to the main steam line break transient, assumptions that conservatively enhance the benefits of various backfits and conservative assumptions that had no affect on the outcome of the main steam line break evaluation bias the bottom line results. Explicit attempts to model common cause and a lack of obvious repair and recovery actions result in additional bias.

While the modelling was sufficient for the purpose of evaluating main steam line break issues, it is not appropriate to use them to draw conclusions as to the strengths and weaknesses of the system for a spectrum of more common transients.

4.0 CONCLUSION

S As indicated in section 1.0, the purpose of this report is to provide an analysis of the reliability of the AFW system and justification for not equating the results of the MSLB AFW model with system reliability. In section 2.0, the results of a separate reliability analysis are discussed. The results indicate that the system as modified is reliable. Additionally, in a qualitative context the system includes multiple trains any of which is capable of removing decay heat, is automatically actuated, and has no single point vulnerabilities except for perhaps some human errors associated with calibration. These are the features of an AFW system "characterized as having a high reliability" as explicitly outlined in section 4.6.1 of NUREG-0635.

In section 3.0, inconsistencies between the MSLB model and a reliability model were presented. The differences between the special case MSLB model and a general case reliability model are significant and cause a substantial disparity in both numerical and qualitative results. The MSLB model represents the system under unique conditions which do not allow an accurate derivation of the system reliability.

In addition, substantial improvement in the system reliability has been achieved through the completion of modifications as identified in section 1.0.

In conclusion, we believe the system is reliable and that the results of the reliability analysis have not disclosed any ~erious deficiencies in the current system .

IC0286-0001K-NL01

14

5.0 REFERENCES

1. Guide to the Collection and Presentation of Electrical, Electronic, and Sensing Component Reliability Data for, Nuclear Power Generating Stations, IEEE Std 500 (1977), Institute of Electrical and Electronics Engineers, Inc.
2. Generic Evaluation of Feedwater Transients and Small Break Loss of Coolant Accidents in Combustion Engineering Designed Operating Plants, NUREG-0635, U.S. Nuclear Regulatory Commission, January 1980.
3. Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278, U.S. Nuclear Regulatory Commission, April 1980.
4. Reactor Safety Study: An Assessment of Accident Risks in U.S.

Commercial Nuclear Power Plants, WASH-1400, U.S. Nuclear Regulatory Commission, 1975.

5. Equipment Availability Component Cause Code Summary Report for the Ten-Year Period 1967-1976, EEI Publication 77-64A, January 1978.
6. Clarification of TMI Action Plan Requirements, NUREG-0737, U.S.

Nuclear Regulatory Commission, October 1980 *

  • IC0286-0001K-NL01

1.0 BACKGROUND

1 2.0 RELIABILITY ANALYSIS 2 2.1 METHODOLOGY 2 2.2 FAULT TREES 3 2.3 CRITERIA AND ASSUMPTIONS 4 2.4 DATA SOURCES 5 2.5 CORRECTIONS TO FAULT TREES 5 2.6 RESULTS 7 3.0 MSLB AFW MODEL 9

4.0 CONCLUSION

S 13

5.0 REFERENCES

14 APPENDICES A. SYSTEM UNAVAILABILITY RESULTS B. MSLB AFW MODEL CUTSETS C. FIGURES AND DRAWINGS D. HARDWARE FAULT TREE E. TEST AND MAINTENANCE FAULT.TREE F. ELECTRICAL FAULT TREES G. DATA

  • IC0286-0001K-NL01

1

1.0 BACKGROUND

As a result of the Palisades Main Steam Line Break submittal concern has been raised, by the NRC, regarding the adequacy of the existing Palisades auxiliary feedwater system (AFW). This concern is based on the evaluation of the AFW model used in the Main Steam Line Break (MSLB) submittal. Because of the importance of the issue, this report was created to clarify any potential misinterpretation of the results of the AFW system model analysis included in the MSLB submittal. The intent of this report is to provide information in support of the position that the AFW system model as used in the MSLB submittal should not be construed to represent the reliability of the system. This report focuses on two main elements 1) an analysis which more closely represents our state of knowledge regarding the reliability of the AFW system design and operation, and 2) a discussion of the results derived for the MSLB AFW model and why a significant portion is inappropriate in the context of the overall system reliability (refer to sections 2.1 and 3.0).

In order to accomplish item 1) a separate analysis of the AFW system was conducted using the guidelines of NUREG-0635. The reasons for using NUREG-0635 are; a) to maintain consistency in the method of analysis (the system has undergone two previous analyses using these criteria).

b) the system has been significantly modified since the first analysis, using the same criteria allows direct comparison of the new results to the original results.

c) the results of the new analysis can be compared to the results for other plants already analyzed using the same criteria.

As indicated in a) above, two previous reliability analyses have been conducted. The purpose of the second analysis was to demonstrate the level of increased reliability attainable from proposed modifications to the system. A recent review of this second analysis showed that the fault tree models already developed there could be used for an analysis of our existing system.

Necessary corrections and alterations to the models were made and are identified in section 2.4.

As indicated in b) above, modifications to the system to improve reliability by minimizing the failure effects of human error, common causes, and single- or double-point vulnerabilities were completed after NUREG-0635 was published. Therefore the results obtained by the original analysis are no longer accurate. Several of the significant modifications are listed below.

IC0286-0001K-NL01

2

  • 1.

2.

Addition of a third dedicated AFW pump.

Manual or automatic flow initiation on receipt of low steam generator water level, and manual or automatic isolation of the depressurized steam generator following secondary system line breaks.

3. Safety grade AFW flow indication to the main control room.
4. Redundant emergency power supply for the electrical equipment, instrumentation, and control circuits associated with the modifications.
5. Testability of AFW control circuits.
6. Seismic and environmental qualification to meet applicable Palisades guidelines.

2.0 RELIABILITY ANALYSIS 2.1 METHODOLOGY Fault tree analysis was used to identify those potential failures that could be chief contributors to AFW system unreliability during the three transient conditions listed below .

LMFW - Loss of main feedwater with concurrent reactor trip and with offsite power available.

LMFW/LOOP - LMFW with concurrent reactor trip and loss of offsite power (LOOP); Onsite emergency power sources remain available.

LMFW/LOAC - LMFW and concurrent loss of all alternating current power (LOAC), except that which is battery derived.

The model used in the current analysis is not the same as the model used in the MSLB submittal. The reasons for using a different model are detailed below.

1) The time interval of interest as stated in NUREG-0635 is the unavailability of the AFW system during period of time to boil the steam generator dry which for Palisades has been established as 15 minutes. The model used in the MSLB submittal is based on a 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> mission time and therefore introduces significant contributions from failures of the system to continue to function *
  • IC0286-0001K-NL01

3

  • 2) The model used in the MSLB submittal is a modified version of the complete AFW fault tree. A discussion of the differences is provided in section 3.0 "MSLB AFW Model". However, a major difference in the models is due to an arbitrary assumption that the failed steam generator was unavailable. This assumption effectively eliminates the redundancy in flow paths from the AFW pumps to the steam generators.
3) The level of detail in the current plant model goes well beyond the level of detail prescribed by NUREG-0635. Since part of the concern is based on the degree of reliability as compared to other plants or proposed goals, it was decided that the reliability analysis should be completed in a manner that allows such comparisons.

As additional insight, each model was evaluated with two sets of data. The first set of data is generic as provided by NUREG-0635. The second set includes plant specific data where such data was available. When plant specific data was not available, generic data was used, This allows comparison of the relative impact of the use of plant specific data to generic data.

Analysis of the fault trees was conducted using the WAMCUT computer code .

  • 2.2 FAULT TREES Three fault tree models were used. The fault trees include random failures of electrical and mechanical components and the effects of testing and maintenance, and human error. The fault trees are shown in appendices D, E, and F.

The trees were examined for causes of specific component failure modes and evaluation of their likelihood of occurrence. The causes considered were:

Random independent failures; Test and maintenance; and Human error.

Each of the three master trees was developed for the loss of main feedwater (LMFW) transient condition. For other transient conditions - LMFW with loss of offsite power (LMFW/LOOP) or LMFW with loss of all alternating current power (LMFW/LOAC) - some systems or components are unavailable. Those systems or components were deleted before analysis.

NUREG-0635 was used to establish the top event of the master fault tree, set the initiating events, and as th~ basic guide for the analysis. The top event is taken from NUREG-0635 which states;

  • IC0286-0001K-NL01

4

  • 1'.he time interval of interest for all transient events considered is the unavailability of the auxiliary feedwater system during the period of time required to boil the steam generator dry. (Reference 2, page III-10)

The fault tree models were developed assuming statistical independence for hardware/operator failures, human error, and test and maintenance failures.

2.3 CRITERIA AND ASSUMPTIONS The following analytical criteria and assumptions were used.

AFW system availability is defined as successful system startup within.the steam generator boil dry time of 15 minutes.

' The availability conditions for AFW system power sources during the analyzed transients were as follows;

1) LMFW - All alternating and direct current power available.
2) LMFW/LOOP - Two diesel generators and battery backup available.
3) LMFW/LOAC - Direct current and battery-backed alternating current available (instrument and control power
  • available only)

Although water from the fire protection system and service water system is available to backup the AFW system condensate storage tank, these sources were not considered in the fault tree analysis.

Use of these water systems would require successful operation of manual valves, which is difficult within the 15-minute boil~dry time limit.

  • Al.l component and operator actions were assumed to be either successes or failures. No partial successes were considered.

Top event failure probability will be calculated by summing the failure probabilities from hardware, test and maintenance, and human error contributions. The probabilities for each category are rare event approximations.

    • Human error probability has been considered in the Hardware and Test and Maintenance fault trees.

' Component outage due to maintenance will only be considered for active components (pumps, control valves, etc). Maintenance on manual valves is considered negligible *

  • IC0286-0001K-NL01

5

  • 2.4 DATA SOURCES Data used for the component failure rates in the hardware and test and maintenance trees was taken from the NRC data found in Appendix III, Table III-3 of NUREG-0635. Electrical tree component data was taken from IEEE Std 500. Human error probabilities were drawn from NUREG-1278 and NUREG-0635. Specific component failure data is listed in Appendix G.

2.5. CORRECTIONS TO FAULT TREES As part of the preparation for this analysis the fault trees utilized in the second reliability analysis were reviewed for accuracy. Several discrepancies were identified and corrected.

Changes made are indicated on the fault trees and discussed below.

2.5.1 Hardware fault tree

1) Operator errors had been treated as independent events. Since, each operator error in this tree involved operator response to a failure of the automatic initiation of the system, it was decided that a high degree of dependence was involved. Based on this decision all operator actions were grouped into three basic types - a) failure to actuate the system from the control room, b) failure to actuate the system locally, and c) failure to manually operate components.
2) The original hardcopy of the model did not identify the primary events representing the failure of preferred ac power for instrumentation and control. These events were added to the model.
3) The failure mode for the motor~operated valves in the AFW flow paths was originally identified as fail to open. These valves are normally open and should be identified as fail to remain open. The correction to the fault trees did not get accomplished. However, in the examination of the system cutsets it was noted that the failure of these valves did contribute significantly to the system unavailability.

Therefore, no corrections were made since the only impact was a slight conservatism in the numerical results and relative ranking of cutsets of intermediate to low contribution.

2.5.2 Test and maintenance fault tree

1) As in 2.5.1 (1) above the human error associated with restoration of the outlet valves from the condensate storage tank to the AFW pumps was treated as independent for each valve. Because of the location and basis for restoration (ie if isolation was necessary at that point then both valves must be closed and restored), the separate events were combined into one.

IC0286-0001K-NL01

6

  • 2) Credit was taken for a manual valve which bypasses the pressure control valve in the steam line to the turbine-driven pump.

The current PRA model does not take credit for successful operation of this valve. While it may be possible to control steam inlet pressure to the turbine driver by manually regulating a gate valve, the ability to do this efficiently and consistently has not been demonstrated and it was deleted from the model.

3) In several cases, maintenance on valves was included when a) it is not physically possible to isolate these valves during power operation or b) isolation would disable 2 of the 3 pumps which is not allowed by Technical Specifications. Each of these valves was removed from the WAMCUT input deck and are-shown lined-out in the model in Appendix E.

2.5.3 Electrical fault trees.

The majority of the failure probabilities for electrical components were derived by treating the components as standby with a monthly testing interval. Since several of the components are performing

.their normal function and failures associated with them would be immediately detectab~e*, while this treatment is inaccurate its importance was not obvio.us. Since the failure of power is represented in the master tree as basic events with a probability

  • derived from the output of the evaluation of the appropriate electrical tree, the impact of this treatment was determined by reevaluating the electrical trees and by examining the cutsets from the three transient cases using generic data to determine the importance of loss of power as a contributor to system unavailability.

The reevaluation of the electrical trees was accomplished by changing the failure probability of components which do not experience demands to probabilities of mission time failures of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> (first reevaluation) and 15 minutes (second reevaluation).

In general the changes resulted in reduced unavailabilities for the electric power sources.

The examination of system cutsets disclosed that the only case where the failure of electric power was identified as a significant contributor (>1%) to system unavailability was for the transient initiator loss of main feedwater with concurrent loss of offsite power. In this case the failure of bus lD and/or bus lC contributed substantially to the system unavailability. However, the change in unavailability (using 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> or 15 minute mission times) for these buses under loss of offsite power conditions was insignificant (changed from 3.06E-02 to 3.05E-02). The reason for the lack of difference is that the dominant failures for these buses under loss of offsite power are actual demand failures of the diesel generators and their output breakers *

  • IC0286-0001K-NL01

.1_ --

7

  • Based on these results the system fault trees were not rerun with the revised electrical failure data. The results from the analyses with the initial electrical data were retained while recognizing that they were numerically conservative with respect to the electrical failures.

2.6 RESULTS The results of the analyses of the system fault trees are in~luded in Appendix A and are discussed in the following sections. The information provided in Appendix A is arranged as follows.

Page 1 is a presentation in table form of the numerical unavailabilities of electrical power and the system for each transient case analyzed for both generic and plant specific data.

The contributions from hardware, maintenance, and human error were derived by an arbitrary reorganization of cutsets. The reorganization was completed by 1) moving all cutsets containing an operator error to a separate group (human error), 2) of the remaining cutsets any which incuded maintenance were separated into another group (maintenance), and 3) the remaining cutsets were identified as hardware.

The remainder of the Appendix is comprised of listings of the cutsets for each transient case. Pages two through seven involve

  • the output from the use of generic data. Pages ei'ght through thirteen is the output from plant specific data. For each type of data three pages represent unavailabilities from the master hardware tree for each transient and three pages for unavailabilities from all considerations for each transient. Each page includes a listing of dominant cutsets and the contribution of each (cutset unavailability/system unavailability) and a listing of the basic events which contribute substantially to the system unavailability (sum of the unavailabilities of the cutsets containing the basic event/system unavailability).

2.6.1 Results from Generic Data Evaluation 2.6.Ll General Results The analysis indicates the factor having the greatest impact on the unavailability in all three cases was failure of the relief valve at the discharge of pumps PSA and P8B failing to remain closed, either as a single or in combination with the unavailability of pump P8C or its flow paths. Other significant contributors are: failure of P8C either as a pump failure or due to loss of bus lD; maintenance on control valves or check valves; operator error; and various causes of P8C or P8B pump trains (ie maintenance, power failure, or valve failures) *

  • IC0286-0001K-NL01

8

  • 2.6.1.2 Loss of Main Feedwater The dominant failure modes for this transient are double faults.

The most significant cutset contribution is the failure of the pump discharge relief valve to remain closed and the failure of P8C to start. The relief valve failure represents the common mode failure of pumps PSA and PSB. Primary event contributors in order of significance are: failure of the relief valve; failure of P8C to start; maintenance on control valves, check valves and PSC; and operator errors involving restoration of valves after testing or maintenance.

2.6.1.3 Loss of Main Feedwater/Loss of Offsite Power The dominant failure modes for this transient are also double faults. The most significant cutset contributor is the relief valve and the loss of power to PSC. Primary event contributions in order of importance are: the relief valve; loss of power from bus lD; PSC fail to start; loss of power from bus lC; maintenance on control valves, check valves, or P8C; operator restoration errors; and maintenance on P8B, a pressure regulating valve, and a check valve.

2.6.1.4 Loss of Main Feedwater/Loss of all AC

  • 2.6.2 The dominant failure modes for this transient are single faults. The dominant contributors are: the relief valve; maintenance on P8B, its check valve, and its pressure regulating valve; and P8B fails to start and operator restoration errors.

Results from Plant Specific Data Evaluation 2.6.2.1 General Results The failures representing the largest contribution to unavailability in all three transient is pump fails to start. Other general contributors are: the relief valve failing to remain closed; failure of the atito start circuitry and the operator error associated with placing the system in service.

2.6.2.2 Loss of Main Feedwater The dominant failures modes for this transient are triple faults.

The most significant contribution is made by the first cutset (approximately 24%). This cutset represents the combination of all three pumps failing to start. The more important primary event contributions in order of significance are: PSC fails to start; P8A fails to start; PSC fails to start; the relief valve.fails to remain closed; and failure of the auto start circuit and the associated operator error in response to the failure of the start circuitry

  • IC0286-0001K-NL01

9

  • 2.6.2.3 Loss of Main Feedwater/Loss of Offsite Power The dominant failure modes for this transient are again triple failures. The largest contribution to the system unavailability (approximately 47%) is identified in the first four cutsets. These cutsets represent failure of all three pumps. They include combinations of pumps failing to start and loss of power to P8A and/or P8C. The significant primary event contributions include:

P8B fails to start; loss of power from bus lC; loss of power from bus lD; P8C fails to start; and P8A fails to start.

2.6.2.4 Loss of Main Feedwater/Loss of all AC The dominant contributors to this transient are single faults. The most significant contribution is the failure of P8B to start (approximately 72%). Other contributors are: maintenance on P8B, its steam pressure regulating valve, or its discharge check valve; and operator restoration errors associated with test and maintenance.

2.6.3 General Conclusions In comparing the results from generic data versus plant specific data, the calculated system unavailability is not significantly different. The major difference in the results was a reorganization of the importance of the primary events in their contribution to the system unavailability. In the analyses using generic data the failure of the pump discharge relief valve for P8A and P8B is the dominant contributor in both cutset and primary event contribution.

For analyses using plant specific data the combination of all available pumps failing to start is the dominant contributor in both cutsets and primary event contribution.

In evaluating the results from the analyses using plant specific data no serious deficiencies were identified. There were no single point vulnerabilities associated with hardware or maintenance identified. Any further changes considered should be made only after careful evaluation of costs, benefits and importance in relation to the results of the analysis of the plant integrated risk model.

3.0 MSLB AFW MODEL In this section the reliability of the auxiliary feedwater system as developed for examination of main steam line break issues is discussed (ref CPC to NRG May 23, 1985). The purpose of the main steam line break logic models was to determine the risks associated with steam-generator blowdown events and to determine the benefits of various backfits being proposed to minimize these risks. In this regard~ assumptions were made that significantly alter the system IC0286-0001K-NL01

10

  • configuration (ie eliminated ~edundant portions of the system) and therefore bias the numerical results of the analysis in a way that make it inappropriate to use these logic models for comparison with other risk based AFW reliability analyses such as that presented in the preceding section. Some of the more significant assumptions include:

those particular to the main steam line break transient which artificially enhance the benefits of some of the proposed backfits, those conservative with respect to system reliability that had no affect on the outcome of the main steam line break analysis and were therefore left uncorrected, the exclusion of any repair or recovery of failed hardware and an explicit attempt to model.common cause events (those component failures which result from common manufacturer, function, etc).

The auxiliary feedwater cutsets extracted from the main steam line break report are included in appendix B. They are rearranged into sections to permit an understanding of the contributors to AFW failure (as developed in that specific evaluation) and to identify where the assumptions outlined above had an effect. A brief description of these cutsets follows including a discussion of their contribution to AFW unavailability.

The first group of cutsets include those independent to the auxiliary feedwater system. The independent module (AUX3IT) will be discussed in detail later. The remaining cutset contains a single operator error - AFVOT - which represents failure to increase the flow to the intact steam generator. This cutset results from the assumption that the failed steam generator is isolated following the steam line break event and remains disabled as a viable heat sink throughout the transient. In reality, feedwater*can be supplied to this generator, particularly during non-steam line break transients and this operator error should not be a single. In the normal system configuration - AFVOT - would be part of group of doubles in which the second event rep~esented the failure of the redundant flow path from a given pump train. This cutset, therefore, is a result of assumptions made that are peculiar to the steam line break evaluation. Additionally, preliminary analyses in support of the upgrade of emergency procedures indicate that the flow supplied automatically through a single AFW train may be sufficient for decay heat removal.

The second group of cutsets are associated with makeup to the condensate storage tank. Given that there is normally several hours of condensate available in the tank, these failures are more closely associated with the long term functioning of the auxiliary feedwater

  • system than the failures which would be identified in other reliability analyses (such as NUREG 0635). This part of the steam IC0286-0001K-NL01

11

  • line break analysis did not take credit for operator action.to supply makeup from available systems including service water and the fire system, as outlined in plant procedures. In the normal system configuration with service water and fire water included as backups these cutsets would become substantially lower in their contribution to the system unreliability. These cutsets, therefore, are a result of simplifying assumptions made with respect to auxiliary feedwater reliability that had little effect on the outcome of the steam line break evaluation.

The last group of cutsets identify power dependencies coupled with failures of pumps and flow control valves. The AC power system failures involve disabling of an emergency bus (Bus lC) which in these models is assumed to take out one motor driven pump and the air pressure to steam supply valves for the steam driven pump. The models conservatively ignore the nitrogen backup to instrument air supply to the steam driven pump valves as well as-the ability to operate these valves locally by hand. In the normal system configuration these cutsets would be ANDED with failures of the turbine driven pump train or an operator action to manually admit steam to the pump. Consequently, these cutsets result from uncorrected assumptions which had no affect on the outcome of the steam line break study plus a lack of accounting for repair and recovery actions. Additionally, two of the cutsets contain flow control valve failures which, like AFVOT discussed above, appear because it is assumed that only one steam generator is available.

  • In the normal system configuration these cutsets would also include failures of the redundant flow path from the respective pump train.

The cutsets which remain are those which make up the independent module, AUX3IT, introduced above. The first group presented are those associated with the attempt to explicitly quantify common cause failures in the steam line break evaluation. Common cause events were developed for various classes of equipment in the AFW system including the pumps, air operated valves, and instrumentation required to actuate the system. Generic industry data was used to quantify these events and they end up making up the bulk of the independent module in terms of its probability. Setting the appropriateness of these values aside, there are a number of features of the plant design which deserve some discussion for which credit could be taken to mitigate these failures. Diversity in the pump design has been provided by including both turbine and motor drivers, for example. Also, the motor driven pumps are located in separate areas of the plant minimizing location dependericies.

Failure of flow controllers and instrumentation can be overcome by operator action to maintain level in the steam generators rather than concentrate on AFW flow only. In addition, the valves themselves can be operated locally if necessary. (Barry, is any of this part of current procedures?)

  • IC0286-0001K-NL01

12

  • The next cutset is associated with spurious FOGG actuation (Feed Only Good Generator). The assumption that only one steam generator is available enters in to the generation of this cutset. Given that two steam generators are normally available this cutset should be ANDED with failures of components in the other flow trains. In the normal system configuration this event would be represented by a group of triples involving spurious actuation AND failure of two flow paths. Additionally, it should be noted that FOGG signals for the two steam generators are interlocked such that FOGG isolation of one generator precludes this spurious FOGG signal for the other generator. This interlock was not included in the steam line break logic.

The next group of forty cutsets involve the loss of both flow paths to the unaffected steam generator. Again, this is a set of failures which results from assuming that only one steam generator is available as a heat sink throughout the transient. These cutsets should in fact be coupled with corresponding failures in the flow paths to the other steam generator. In the normal system configuration these cutsets would change to 3d and 4th order cutsets which represent combinations of a pump train and two flow paths; or four flow paths; or three flow paths and an operator action.

The next cutsets deal with the potential for flow diversion in the AFW pump suction. In fact, these failure modes are incorrect. A conservative assumption was made that a Y-strainer in the suction line to the AFW pumps, if left open following maintenance could lead to sufficient diversion of condensate to fail a portion of the system. Subsequent investigation reveals that the line from the strainer is small and will not divert sufficient flow to cause pump suction to drop significantly, is not only valved but capped, and if it were to be left open would result in condensate to pour on the floor of the turbine building where it would be difficult not to notice. These cutsets are a result of conservative modeling assumptions that had no affect on the outcome of the steam line break evaluation and were left uncorrected in the analysis. This failure mode has been deleted from the model.

The next group of cutsets represent human error in the calibration of instrumentation associated with AFW pump and flow control valve operation. Similar to the common cause failure of flow control instrumentation, miscalibration of this equipment will result in the operator taking feedwater flow control into manual in order to maintain steam generator inventory. This recovery action was not included in the steam line break logic. The pump suction pressure miscalibration should be a single event (as was noted in the staffs review of these cutsets). Nevertheless, it should be noted that testing of these instruments independent of their calibration occurs frequently during pump surveillance tests. Further, even if these monthly surveillances were to fail to uncover the deficiency, normal operator response to low suction trip of the AFW pumps would be to provide fire or service water pressure to the pump suction

  • IC0286-0001K-NL01

13

  • effectively eliminating the low pressure condition. Additionally, steam supply to the turbine driven pump can be provided locally even in the presence of a low suction signal. Again, recovery actions such as these were not incorporated in the steam line break models.

The final group of cutsets found in the independent module are the random pump and valve failures similar to those associated with the reliability analysis presented in the preceding section.

Given the preceding discussion, .it should be clear that the main steam line break logic models were not developed with the intention of demonstrating the overall reliability of auxiliary feedwater.

Assumptions specific to the main steam line break transient, assumptions that conservatively enhance the benefits of various backfits and conservative .assumptions that had no affect on the outcome of the main steam line break evaluation bias the bottom line results. Explicit attempts to model common cause and a lack of obvious repair and recovery actions result in additional bias.

While the modelling was sufficient for the purpose of evaluating main steam line break issues, it is not appropriate to use them to draw conclusions as to the strengths and weaknesses of the system for a spectrum of more common transients.

4.0 CONCLUSION

S

  • As indicated in section 1.0 the purpose of this report is to provide an analysis of the reliability of the AFW system and justification for not equating the results of the MSLB AFW model with system reliability. In section 2.0 the results of a separate reliability analysis are discussed. The results indicate that the system as modified is reliable. Additionally in a qualitative context the system includes multiple trains any of which is capable of removing decay heat, is automatically actuated, and has no single point vulnerabilities except for perhaps some human errors ass.ociated with calibration. These are the features of an AFW system "characterized as having a high reliability" as explicitly outlined in section 4.6.1 of NUREG-0635.

In section 3.0 inconsistencies between the MSLB model and a reliability model were presented. The differences between the special case MSLB model and a general case reliability model are significant and cause a substantial disparity in both numerical and qualitative results. The MSLB model represents the system under unique conditions which do not allow an accurate derivation of the system reliability.

In addition, substantial improvement in the system reliability has been achieved through the completion of modifications as identified in section 1. O.

In conclusion we believe the system is reliable and that the results

  • of the reliability analysis have not disclosed any serious deficiencies in the current system.
  • IC02S6-0001K-NL01

14

5.0 REFERENCES

1. Guide to the Collection and Presentation of Electrical, Electronic, and Sensing Component Reliability Data for, Nuclear Power Generating Stations, IEEE Std 500 (1977), Institute of Electrical and Electronics Engineers, Inc.
2. Generic Evaluation of Feedwater Transients and Small Break Loss of Coolant Accidents in Combustion Engineering Designed Operating Plants, NUREG-0635, U.S. Nuclear Regulatory Commission, January 1980.
3. Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREG/CR-1278, U.S. Nuclear Regulatory Commission, April 1980.
4. Reactor Safety Study: An Assessment of Accident Risks in U.S.

Commercial Nuclear Power Plants, WASH-1400, U.S. Nuclear Regulatory Commission, 1975.

5. Equipment Availability Component Cause Code Summary Report for the Ten-Year Period 1967-1976, EEI Publication 77-64A, January 1978.
6. Clarification of TMI Action Plan Requirements, NUREG-0737, U.S.

Nuclear Regulatory Commission, October 1980 *

  • IC0286-0001K-NL01
  • APPENDIX A SYSTEM UNAVAILABILITY RESULTS
  • IC0286-0001K-NL01

F'ALISADES APPENDIX A

  • CONTRIBUTORS TO UNAVP1 I LAB IL I TY AFW SYSTEM UNAVAILABILITIES LOSS OF FEEDl*JATEF:

LOSS. OF.

OFFS I TE POl>JER

<GENERIC DATA>

LOSS OF (4LL AC F'Ol*JEF:

HAF:Dl..JARE 2. 04E-05 1. 3.ll*E-04 5.03E-03 MAINTENANCE 3. 15E--05 3. 99E--12l5 6. 46E-en HUMAJ\I ERF:OR 1.49E-05 1.76E-05 2.02E-1Zl3 TOTAL 6. 68E--05 1.91E-04 1. ::~5E-02 CPLANT SPECIFIC DATA)

HARDvJAF:E l.. 1 7E-05 7.05E-05  ::s. 11E-1Zl2 MAINTENANCE 9.17E-1Zl6 3.33E-05 8.31ZlE-03 HUMAN ERF::OR 7.47E-li'J6 1. 71E-05 2.04E-03 TOTAL.. 2. 83E--1Zl5 1.21E-04 4.14E-02

  • CASE CONDITIONAL UNAVAILABILITIES OF THE ELECTRICAL POWER SUPPLY NO ESSENTIAL POWER AVAILABLE FROM AC BUS Y10 CY2!ZJ) DC BUS # 1 ( #2)

CGENERIC DATA>

AC BUS 1 C ( 1 D) l 6.52E-05 6.39E-05 9.40E-05 2 7. 88E--0;:. 7.60E-05  :-5. 06E-02 3 2.83E-!Zl3 1.67E-03 1. 0 CPLANT SPECIFIC DATA>

1 1.04E-1Zl5 3.12E-05 1.21E-05Ct.03E-05) 2 1.07E-1Zl5 3.13E-05 3.43E-02(2.35E-02) 3 2.20E-04 1. 15E-04 1. fZJ CASE 1 - LOSS OF MAIN FEEDL<JATER CASE ~.

..::. - LOSS OF MAIN FEEDL<JATEF: " LOSS OF OFFS I TE POL JEF:

(:t; 1 CP1SE 3 - LOSS OF MAIN FEEDl*JATEF: "1::t; LOSS OF ALL AC POl>JEF:

  • A-1.

F'(-1L I SP1DES AF'PENDI X A GENERIC DATA DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER RAN~::: LJWW{-~1 I U\B IL I TY CUT SETS CONTF: I BUT I ON

1. 1.83E-05 PSBC F:\.10783 91. 6
2. 3.65E-07 G\./0752 F:\10783 1. 8 211 3.65E-07 CK0726

~

... 3.65E-07 GVl2l751 RV0783 F:V0783
1. 8
1. 8
2. 3.65E-07 CK0725 F:\.10783 1. 8
  • .;.i Q 3.43E-07 EAC1D RV0783 1. 7
4. 2.38E-07 EACY20 RV07S:3 1. 2 RANf::: l.JN(.WA I LAB IL I TY BASIC E'vENT CONTHIBUTION
1. 3.65E-03 RV0783 99.5

.1::. II 5.00E-03 PSBC 91. 8

._;," 1 . 00E-04 0::0725 1. 8 1.00E-04 ,...,

"._1" CK0726 1* 0

'._1 SI 1.00E-04 G'-.10751 1. 8

'._1., 1.00E-04 G'../0752 1. 8

4. 9.40E-05 EAC1D 1. 7 c:"

._J

  • 6.52E-05 EACY20 1. 2

F'AL. I SADES APPENDIX A GENEF:IC DATA DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER AND LOSS OF OFFSITE POWER RANK UtMWP1 I LAB IL I TY CUT SETS CONTRIBUTION

1. 1. 12E-04 Er.:iC1D R\JIZJ783 83.5

..:.:. . 1. 83E--IZl5 F'SBC R\JIZJ783 13.7

~-

9.36E-12l7 EAC1C EAC1D PSBB 0 7

4. 3.65E-07 G\..JIZJ752 F:'*/0783 0.3
4. 3.65E-07 G'*/0751 R'*.J0783 0.3 l.j.* 3.65E-07 CK0726 F:'*J0783 0.3 4.* 3 .. 65E-07 CK0725 R'*J07B:3 0.3 R(-1NK Ul\W1W1 I U-18 IL I TY BASIC E'v'ENT CONTRIBUTION 1.

,, 3.65E-03 RV078:.::; 98.5 kn 3.06E-02 EAC1D 81. 2

  • -' ... 5. 0!ZJE-12r3: PSBC 17. ::::.
4.  ::::.. 06E--02 EAC1C 1 --::*

c:"

._). 1. 0e:1E-03 PSBB 1..0

6. 1.00E-04 CK0725 0.3
6. 1. IZJIZJE-04 CK!Z:i726 IZJ.3
6. 1. IZJIZJE-04 G'v1Zt751 0. 3
6. 1. 00E*-04 GV0752 0.3

F'ALISADES AF'PENDI X A

  • C'E.NER IC DAT A DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER AND LOSS OF ALL ALTERNATING CURRENT i::::ANf::: UNAl.JA I LAB IL I TY CUT SETS CONTF: I BUT I ON
1. 3.65E-03 F:V078::!. 72 . 6

....... 1.00E-03 PSBB 19.9

  • ..:111

..,. 1

  • IZHZ!E-01.!* GV!Zl742 2. IZJ

..,. 1. !Zl!Z!E-04 Cf:'.:0743  ::. 0

  • .) D 1.00E-04 GV0132 2 .. 0
4. 6.53E-05 GOVERNOR L:::::

t::'

~1. 1. 00E-05 PCV0521A 0.2 RANK UNA'v'A I LAB IL I TY BASIC E'v'ENT cmHF: I BUT I ON

1. 3.65E-fll3 F:V0783 72.6
2. 1. IZJ!Z!E--03 PSBB 19.9

...,:1. 1. !ZltlJE--04 GV0742 2. (Z)

  • ...'a 1.00E-04 CK0743 2.0

'*-'[I 1.!ZlfZJE-04 G',llZJ132 2. fZ)

4. 6. 53E --05 GOVERNOR .1.3 i=

,_) . 1.00E-05 PCV0521A f2). 2

  • f.i .... 4

F'ALISf."1DES AF'F'ENDI X A

  • GENERIC DATA DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER F:ANf::: UNA',/A I LAB IL I TY CUT SE.TS CONTF: I BUT I ON
1. 1.83E-05 PSBC F:V0783 27. LJ.

~

.L.

. 7.81E-06 MCV0736A F:V0783 11. 7

~ . 7.81E-1Zl6 MCl/0737A RV0783

.i::..

11. 7
2. 7.81E-06 MCf:'.:0726 R'\'0783 11. ....I r;

7.BlE-06 MF'BC fW0783 11. 7

. 3. 65E-*06 OPE210 RVIZl783 c:'

._J

  • c::'

..J

._'\ 3.65E-06 OF'E2(Zt5 RV07S:3 c::' c::'

..,. ..Jn *.J

  • -=*. 3.65E-06 OPE108 FN0783 c::' c::'

..,. *--'. ,_I

...:1.  :::::. 65E*--06 OPE107 Rl/0783 c::'

...J.,

c::'

.._I RANK UNAVAILABILITY BASIC El.JENT CONTF: I BUT I ON

1. 3.65E-1Zl3 F:'v0783 99. 1

~.

L,. 5.!Zt!ZtE-03 PSBC ,..,..., ,...,

LI* D

2. 14E--03 MCV0T36A 11. 7

..::. . 14E-03 11. ....I

-=!'

  • _1 ..

~.

MC\J(2)737A

3. 2 .. 14E-li.'l3 MCK0726 11. 7
3. ...::... 14E-03

~.

MF'BC 11. 7 3 .. 1.00E-03 OF'E210 t:"

._J * *.J C'

-=!'

l. IZllZlE--03 OF'E205 c::'

,_I*

c::'

..J

  • -' D
  • -*" 1. 00E-li.'l3 OF'E108 t::' c::-

.._J . . ..J

  • -*"":!' . 1
  • 00E -ei::~ OF'E107 I:

._J

  • C"'

._J

F'ALISADES APF'END IX A GENERIC DATA DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER AND LOSS OF OFFSITE POWER RANK UNA'\IA I L_AB IL I TY CUT SETS CDNTF: I BUT I ON

1. 1. 12E--04 EAClD R\10783
2. 1.83E-05 PSBC F:\10783
3. 7.81E-06 MCVC!J736?"1 F:\10783 l.J.* :L

._..,....... 7.BlE-06 MC'v0737~1 R'v0783 4. 1

-~*

7.81E-06 MCK0726 R~!IZJ78::::; 4. 1

,_'\A 7.81E-06 MPBC R~/0783 4. 1 l.j.* 3. 65E*-06 OF'E210 R~/0783 1. 9

4. 3.65E-06 OPE205 R\10783 1. c;:*
4.  ::::: . 65E-06 OPE 108 F:V0783 l..9
4. 3. 65E--06 OF'E107 R',/0783 1. 9

,_,II i=

2.00E-06 EAC1C EACl.D 1'1CK07 Lf:~) 1*0 c::"

.J. 2. 00E-*06 EAC1C EAC1D MPBB 1.0 c::"

...J. 2.00E-06 EAC1C E(-1C1 D MPCV521A 1.0 RAM< UNA\JA I LAB IL I TY BASIC E'*!ENT CONTRIBUTION 1" 3 . 65E-en R\J0783 93.IZi r-,

L. 3.06E-02 EAC1D 64.2

3. 5.00E-03 PSBC 10.5
4. 3.06E-02 EAC1C
  • 5.8 C":"

,_In '.2:. 1.l~E-03 MCV0736A 4. 1 t::-

..::. 14E-03 Mcv07:::;:7A 4. 1 c*

c::-

r' 14E-03 MCK0726 4 .. 1 Ln 14E-03 MPBC

~.

....!

  • 4. 1
6. 1. 00E--03 OPE211ZJ 1. 9
6. 1. 00E-0:::; OF'E205 1. '7'
6. 1. 00E-!.2J::::; OPE108 1.. 'i
6. 1. 00E-(2J:5 OPEl.07 1. 9 7 . ~,

~ .. 1.4E--03 MCK0743 1. 4 7 . ~.

~ . l4E-03 MPBB 1. 4

7. 2. 14E-0::::; MF'C'v521A 1 " .l'~
  • Pi-6

F'ALISADES APPENDIX r-1 GENERIC D(-H A DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER AND LOSS OF ALL ALTERNATING CURRENT F:AN~::: UNAVAILABILITY CUT SETS CONTF: I BUT I ON

1. 3.65E-03 R\10783 27.2 2.14E-03 MCKl7.l71.J.3 15.8

.L ..

..::. l.4E.-t2rs MF'8B

~*

  • . .:1 .. 15.8

""=!"

..::. 14E-03 MF'C'-./:'.i21 A

~

    • -* " 15.8
4. 1 . f2l0E -Qr~; PS88 7.4
4. 1. 00E-er~; OPE 102 7.4
4. 1.00E-03 OF'E 101 7. .t.'J.

i:::*

'*-'a 1.l?JllJE-04 G'v'0742 0.7 t::'

..J. 1. 00E.-fZJij. D<Q:i742* 0. 7 c::-

,.J. 1.00E-04 G\/0132 0.7

6. 6.53E.-05 GO',,JERNOF: 0.5
6. 1.00E-05 PC',./0521 r.i 0. 1 F:r4NK IJN(WA I LAB It... I TY BP1SIC E',JENT CONTF: I BUT I CN
1. 3. 65E-*03 FN0783 r-.1

..::. / . ,.....

2 ..  :~. 14E-03 MCK074::::; 15.8

..::. 14E-03 MP8B 15.8

..:..:. 14E-03 MF'C'-J521 A

~.

3n 15.8

4. 1.00E-03 PS8B 7.4
4. 1.00E-03 OF'E102 7.1.!*
4. 1.00E-03 OPE.101 7.4

,J. 1.00E-04 G\10742 0 7 r.::-

..;. 1. 00E-*04 CK0743 0.7 c:

..J. l.. 00E-04 G'-./01:32 0.7

6. 6. 53E--05 GO\JEF:NOR 0.5
6. 1.00E-05 F'CV0~i21A 0. 1

F'ALISADES AF'F'END IX A

    • PLANT SPECIFIC DATA DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER RANK UNAVAILABILITY CUT SETS CONTRIBUTION*

L 6.75E-IZJ6 PS8f'.'..) PSBB F'SBC 46.5

'")

..:.. . 2.55E-12l6 F'SBC RV0783 17.6

2. 11ZJE-IZJ6 AFAS OPE1 F'SBB 14.5
4. 7. IZH2lE--12l7 AF{-iS OF'El OF'E2 LJ.* 8 C"

._). 1. 94E-*07 C'*)0727 c~Jl2l749 F'SBC 1.. :~:

6. l. 53E-07 Cf<l2l74l PSBB F'SBC 1. 1
6. 1. 53E-07 CKl2l726 PSBA PS8B 1. 1.
6. 1. 53E*-12l7 CK!ZJ725 PSBA PS8B 1. 1
7. 1.51E-12l7 C'v'C1749 M00798 F'SBC 1. 0
7. 1.51E-12l7 C'v'IZl749 MOIZl743 PSBC 1. Q)
7. 1.51E-12l7 C'*Jl2l727 M00760 F'S8C 1.. (2)
7. 1.51E-07 CVl2l727 M00753 PSBC 1. IZl F:ANK UNFNA I LAB IL I TY BASIC EVENT CONTF: I BUT I ON
1. 1.50E-02 PSBC 76.3 2n 3. 012lE-02 PSBB 65.2

._1 n 1.50E-12l2 PSBA 50.4

4. 7. l.ZllZJE--03 AFAS 19 . ~3
4. 1. 00E-12l3 OPE! 19.5 C"

-,_!" 1. 70E-l.Zl4 R~)0783 18.7

6. 1.00E-03 OPE2 4.8
7.  :-_::;. 612lE-0~5 C'*)0727 ...,. r.:

._:1 11 ._I

7. 3. 612lE-IZr5 CV074*9 ...,.

..:* . c::"

._)

8. 2.80E-03 M00798 2. f:l
8. 2.80E-03 M00761ZJ ~. ,...,

L .. O

8. 2. 80E-(13 M00753 2.8
8.  :;;::. BIZlE-03 M00743 2.8
9. 3.40E-04 CKl2i725 1..5
9. 3.412lE-04 CKIZl726 l. 5
10. 3. 41ZJE-0*1- CK07LH l.. 1
  • A-8

F'ALISADES APF'ENDI X A PLANT SPECIFIC DATA DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER AND LOSS OF OFFSITE POWER RANK UNAVAILABILITY CUT SETS CONTF: I BUT I Dr*J L 2.41E-IZJ5 E?,C1C EAC1D PS8B 32.8

2. 1.54E-05 EAC1C PSBB F'SBC 21. 0
  • -* u 1.12l6E-12l5 EACH> PSBA PSBB 14.4
4. 6.75E-12l6 PSBA PSBB PSBC
4. 012lE-06 EACl.D R',)078:3 c: t::-

.**J .. ...J

4. 2.55E-06 PSBC RVIZJ7K.\ 3. ~I
16. 2.10E-06 AFAS OPEl PSBB 2.9
13. 7.00E-07 AFAS 0F'E1 OPE2 1. 0 RANK UNAVAILABILITY BASIC EVENT CONTRIBUTIC!N
1. 3. 00E-02 PSBB 83.0
2. 2.35E-02 EAC1D 57.4
3. 3.43E-02 EAC1C 56.5
4. 1.50E-02 PS8C 36.6
1. 50E-02 PS8P1 24.8 6 .. l..70E-04 RV07f:33 9. 1

/ . 7.00E-03 AFP1S  ::.* 9

8. 1. IZJ0E-03 OPE1
9. 1.00E-03 OPE2 1. 0
  • A-9

PALISADES AF'PEND IX A PLANT SPECIFIC DATA DOMINANT HARDWARE CUT SETS AND BASIC EVENTS LOSS OF MAIN FEEDWATER AND LOSS OF ALL ALTERNATING CURRENT HANK UNA'v'A I LAB IL I TY CUT SETS CONTRIBUTION

1. 3. 00E-C12 PSBB 96 .. 5

.,..,..,.::. . 3.4QlE-04 CK!2l74:.::; 1. 1

._:1. 1.70E-04 F:V07B::::: 0.5

4. 1. 10E-04 C'v0522A CV0522B IZ'J .. 4 c::*

._.). 1. 00E--04 PC'*J0521A 0.3 r::"

...J. 8.70E-IZJ5 G\/0742 0.3 r.::-

...J. 8.70E.-(2)5 G'v0132 0.3

6. 6.53E-05 GOVERNDF: 0.2 F:ANK UNA'vA I LAB IL I TY Bf-)S IC EVENT CONTRIBUTION
1. 3.00E-02 F'SBB 96.5

.a::.. 3.40E-fZJ4 CK0743 1. 1

  • -". 1.71ZJE-04 F:V07s::; IZJ. 5
4. 1. 10E-04 C'.J0522A 0. Lj.
4. 1. 00E-02 C'*l0522B 0.4 c::"

._.). 1.00E-1Zl4 F'C'*.10521 A 0. 3 c::"

._.). 8.70E-05 G'v0742 0.3 r::"

._.) 8.70E-05 GV0132 121. 3

6. 6.53E-05 GO'v'ERNOF: (2) r::*
  • A-10

F'ALISADES APPENDIX A PLANT SPECIFIC DATA DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER RANK UNA'vP1 I LAB IL I TY CUT SETS CONTRIBUTION

1. 6.75E-06 PSBA PS8B PSBC 23 .. 8

~ .

.&::..

  • 2.55E-06 PSBC R'v'0783 9.0

._:1. 2. llZlE-06 AFAS OPE! PSBB 7.4

4. 9. 63E-*07 MCV0737A PS8A PS8B 3.4
4. 9.63E-07 MCV0736A PS8A PS8B 3.4
4. 9.63E-07 MCK0741 PSBB PSBC ~:. 4
4. 9.63E-07 MD:::f~726 PSBA PSBB c:"

,J. 8. 7BE--07 MP8B PSBA PSBC 3. 1

6. 7. IZHZlE -07 AFAS OPt=~l OPE2
7. 4. 82E--07 MPCV521A PSBA PSBC 1..7
7. 4.82E-07 MCK0743 PSBA PSBC 1. 7
8. 4.50E-07 OPE210 PSBA PSBB 1. 7 M
o. 4.50E-!Zl7 OPE205 F'SBA PSBB 1. 7
8. 4.50E-07 DPE108 PSBA PSBB 1. 7 8 .. 4.50E-07 OPE107 PSBA PSBB 1. 7 8 .. 4.50E-07 OPE102 PSBB PS8C l.7
8. 4.50E-f2l7 OPE101 PSBB PSBC 1. 7
9. 3.64E-07 MC'v0737A R'v'0783 1. 3
9.  ::. 64E-1Zl7 MCV0736A RV0783 1.3
9. 3.64E-07 MCK0726 RV0783 1. 3
29. 2.73E-!Zl7 AFAS MP8B OF'El 1. 0 RANK UNAVAILABILITY BASIC EVENT COl\ITF: I BUT I !JN
1. 3.00E-02 PSBC
2. 1. 50E-02 PSBA 57.7
3. 1. 50E*--02 PSBB 51. 6
4. 1. 70E-04 F:'v'0783 16. 1 5a 7" 0fZJE-03 AFAS 12.6

~I a 1 eJe\E -l?J3 n OPE1 12.6

6. 2u14E-03 MC\J07::6A [:"

...J.

~=

~1

6. 2. 14E--03 MCV0737A
6. 2. 14E-03 MCK0726 t::" c:"'

...J11 *-'

7. 3. 9l?lE-03 MPBB 4. ~;
8. 2. 14E-03 MCK07-'+1 3.6 B. 3.20E-04 CV0727
8. 3.21ZlE-04 CV0749 3.6 I
9. 2.80E-03 M00798 ~,

..::.. 0

9. 2. 812lE-IZl3 MD0760 2.6
9. 2. 80E-03 M00753 2.6
9. 2.BlZlE-03 M007t:i*:;

1 !ZJ. 1 . 00E -03 OPE210 2.4

10. 1. 12l0E-0:3 OPE205 2.4
10. 1 . IZJ0E -03 OPE108 2.4
10. 1. 00E-03 DPE107
11. 2.14E-03 MPC'*.1521A
11. 2. 14E-0:_::; MCK074~J 1 * !ZJ!ZJE -03 DPE102 L6
12. 1 .. 00E-03 OPEJ.01 *1 " t.:i A-l 1

F'ALISADES AF'F'END IX A

  • PLANT SPECIFIC DATA DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER AND LOSS OF OFFSITE POWER F:ANK UNAVAILABILITY CUT SETS CONTRIBUTION
1. 2.41E-05 EAClC EAClD F'SBB 19.9 r>

. 1.54E-IZJ5 EAC1C PSBB PSBC 12.7

...:*. 1.06E-05 EAC1D PSBA PSBB 8.8

4. 6.75E-06 PSBA PSBB F'S8C 5.6 c:*

..J. 4.lllli.lE-06 EAC1D RV0783 '....1. '*-*

6. 3. 14E-IZJ6 EAC1C EAC1D MPBB 2.6
7. 2.55E-06 PSBC Rl.J(2)783 2. l
8. 2.21ZJE-06 EAC1C MCV0737A PSElB l. 8
8. 2.20E-06 EAClC MCV0736(-1 PSBB 1. 8
8. 2.20E-06 EAC1C MCl<0726 PSBB 1. 8
9. 2. l!ZJE-06 AFAS OF'El PS8B 1. 7
9. 2.IZJlE-06 EAC1C MPBB F'SBC 1. 7
10. 1.72E-IZJ6 EAC1.C EP1ClD MPC:V521A 1. 4
10. 1.72E-IZJ6 EAC1C EAC1D MC1<074:5 1. 4 l 1. 1. 51E-0t::i EAC1D MD<0741 PSBB 1. 2
L 2. 1.37E-06 EAC1D MF'BB F'SBA 1. 1
13. 1. l l.ZlE-1216 Er.:iC1C MPCV521A PSBC 1. 0 1.3. 1. 10E-06 EAC1C MCl<0743 PSBC 1. !Zl
13. 1.1Zl3E-06 EAClC OPE211Zl PSBB 1. 0 (0. 8) 1 ::::; . 1.03E-12l6 EAC1C OPE205 PSBB l. 0
13. 1 . 03E-06 EAC1C OPE108 PSBB 1. Ql
13. 1.03E-06 EAC1C OPE107 PSBB 1. 0 F:r-~NK UNA~.JA I LAB IL I TY Bi:)S IC E'*.JENT CONTRIBUTION
1. 3.00E-02 3.42E-02 F'SBB 8 .  ?

~

2.

Ef4C1C 5.4

._.. u 2. ::::;5E-02 EAC1D 8. 7

4. 1.50E-02 F'S8C 1. *I

.L c::-

..J. 1. 50E-IZJ2 F'SBA 4 r::*. ~

6. 1.70E-04 R'*.J0783 7. (2) 7 . 3.90E-03 MPBB 6.5
8. 2.14E-03 MPC'v521A ._;** \.J
8. 2.14E-03 MCKIZJ743 ..,..

...;.* 0

9. 2. 14E-0:. MCVfZJ736A ~
  • _, u
9. ..::... 14E-12l3 MCV0737A

~.

9. ~ .

..:.:, a 14E-03 MCK0726

._1 *

-;r

  • --i 117.J. 7.IZllZIE-03 AFAS 2.9
10. 1. 00E-03 OPE1 2.9 1L 1 .a::..

2.14E-03 MCl<0741 ~.

..::.. .1

~.

1. !Zl0E-12l3 OPE104 1. 6
12. 1. 00E-03 OPE103 1. 6
13. 1.©0E-03 OPE210 1. 4
13. 1 . 1Zl(ZJE-e13 OF'E205 1. 4
13. 1. 00E-IZl3 DF'E108 L LI*

l3. 1. 00E-0:. OPE107 L4 r.:i-12

PALISADES APPENDIX A

  • PLANT SPECIFIC DATA DOMINANT CONTRIBUTORS TO CONDITIONAL UNAVAILABILITY LOSS OF MAIN FEEDWATER AND LOSS OF ALL ALTERNATING CURRENT RANK UNAVAILABILITY CUT SETS CONTRIBUTION
1. 3.IZJIZJE-02 PSBB 72.4
2. 3.91ZJE-03 MPBB 9.4
2. 14E-0~J MPCV521A 5.2

._..,...... 2. l.4E*-03 MCKIZJ743

4. 1
4. 1
  • IZJ!ZIE-03 OF'E11Zl1 2.4 t:"

...J. 5.IZJ!i.'IE-04 F'CV0521A 1 '::'

6. 3.20E-04 CK0743 12'J. 8
7. 1. 7!i.'IE-04 R'v0783 (Z). 4
8. 1.l0E-04 C',,112l522A CV0522B IZJ. 3
9. 8.l.4E-IZJ5 GVIZJ742 IZl. 2
9. 8.14E-05 G\1(2)132 0.2 1 IZJ. 6. 5~.!.E-05 GOVERNOR IZl ";*

RANK UNAVAILABILITY BASIC EVENT CON TR I BUT I m.J

1.  ::::;. 01ZJE-IZJ2 F'SBB 72. L1
2. 3.90E-03 MP88 9.4 3p 2n 14E-(Zl3 MF'CV521A 5.2
3. 2. 14E-03 MCK0743
4. 1
  • IZJ0E-IZJ3 OF'E102 2. 't
4. 1. 00E-03 OPE101 2.4 c:*

...J. 5. 01ZJE-04 PCVIZJ521A 1 ':.'

6. 3. 2!ZJE-04 CKIZJ743 iZJ. 8
7. l.. 70E-IZJ4 R'v0783 fZ). 4
7. l
  • 1 !ZJE-04 CV0522A 0.4
7. 1. 1 !ZlE-04* CVIZJ522B 12). 4
8. B.14E-05 GVIZJ742 0.2 8 .. 8.14E-05 GV0132 Q). 2
9. 6.53E-05 GOVERNOF: 0.2
  • A-13
  • IC0286-0001K-NL01

PALISADES APPENDIX B

  • AFW3

..,1.

.,),

P = 5.0E-03 The following cutsets are independent to AFW 2.40E-1113 5.00E-04 AUX31T AFVOT See indep transfer description Op fail to incr flow to good SS The following cutsets are associated with makeup to the condensate storage tank

...4.

'1 5.63E-04 3.89E-04 CONDTKIT P221 IT Condensate makeup indep failures XXV713MA

",J. 3.89E-04 P221IT XXV712MA

6. 2.BBE-04 P221 IT XXV107MB
7. 5.64E-05 P2211T XXV171MA
8. 4.28E-05 POOLOOP XXV712MA
9. 4.28E-05 POOLOOP XXV713MA
10. 3.16E-05 POOLOOP XXV107MB
11. 1.96E-05 ED611MG POOLOOP
12. 1.28E-05 P221IT X0090-020T
13. 1.19E-05 EDG1100 POOLOOP
14. 6.lBE-06 POOLDOP XXV171MA Loss of power to auto mikeup
16. 4.28E-06 EDG11ME POOLOOP _valve and alt makeup supply
17. 4.13E-06 P205DIT POOLOOP failures
18. 3.13E-06 P2211T XLS5201MC
19. 2.15E-06 P221IT PCBB#105MA 2111 . 2.10E-06 PTRSU1-2MT XXV712MA
21. 2.10E-06 PTRSU1-2MT XXV713MA
23. 1. 66E-06 P410IT XXV713MA
24. 1.66E-06 P410IT XXV712MA

.:. ,J

  • 1.56E-06 PTF:SU1-2MT XXV11117MB
26. 1.40E-06 POOLOOP XOD90-02DT
29. 1. 22E-06 P410IT XXV107MB The following cutsets are associated with random failures of combinations of pumps.and flow control valves
15. 5.32E-06 APMBCME PCBB#105MA,-loss of Bus iC and Pump C
22. 2.03E-06 PCBB#105MA PCBB#209ML .
27. 1.28E-06 AAV0749MA PCBB#203MA Loss of Bus lD and Trains A&B
28. 1. 28E-06 AAV111737AMA PCBB#105MA Loss of Bus lC and Train C AUX3IT -- INDEPENDENT MODULE The following cutsets are common cause failures derived using ge~eric industry data
1. 1.1110E-03 APM8ME2CC Pumps fa i 1 to start

.J. 2.50E-04 ASGFCVBCC Flow controller malfunction

4. 8.10E-05 ATFFCVBCC Flow transmitter failure
6. 4.80E-05 AAVFCV4CC Flow control valve failure.
16. 1.30E-05 APM8MG2CC Pumps fail to run B-1

PALI SADES APPENDIX B

  • AUX3IT Continued The following cutset is spurious FOGG isolation
2. 3.80E-04 ASSLMBMT The following cutsets are loss of both flow paths or one flow path with pump failure(s) in the remaining train C'

5.40E-05 AAV0749MA APM8Cl1E

7. 3.90E-05 AMV0760MD APM8CME
8. 3.90E-05 AMV0753MD APMBCME
9. 2.40E-05 AFC0749MT APMBCME
11. 2.05E-05 AAV0749MA PCBB#209MB
13. 1.48E-05 AMV0753MD PCBB#209MB
14. 1.4BE-05 AMV0760MD PCBBi209MB 15,. 1.30E-05 AAV0737AMA AAV0749MA
18. 9.36E-06 AAV0749MA APMBCMG
19. 9.36E-06 AAV0737AMA AMV0760MD
20. 9.36E-06 AAV0749MA AMV0754MD
21. 9.36E-06 AAV0749MA AMV0759MD
22. 9.36E-06 AAV0737AMA AMV0753MD

_L._\. 9.12E-06 AFC0749MT PCBB#209MB

'"l C'

"- .J

  • 6.76E-06 AMV0753MD AMV0759MD
26. 6.76E-06 AMV0759MD AMV0760MD
27. 6.76E-06 AMV076111MD APM8CMG
28. 6.76E-06 AMV0753MD AMV0754MD
29. 6.76E-06 AMV0753MD AP MB CMG
30. 6.76E-06 AMV0754MD AMV07b0MD
32. 5.76E-06 AAV0749MA AFC0737AMT

.J .J. 5.76E-06 AAV0737AMA AFC0749MT

37. 4.80E-06 ACV0729MA AP MB CME
38. 4.16E-06 AFC0737AMT AMV0753MD
39. 4.16E-06 AFC0749MT AP MB CMG
40. 4.16E-06 AFC0737AMT AMV07b0MD
41. 4.16E-06 AFC0749MT AMV0759MD
42. 4.16E-06 AFC0749MT AMV0754MD
46. 2.56E-06 AFC0737AMT AFC0749MT
49. 2.40E-06 AIP0749MT APMBCME
51. 1.82E-06 ACV0729MA PCBBi209MB C'.,.

..J._\ I 1.62E-06 AAV0737AMA APM8AME APM8BME

54. 1.50E-06 APM8CME ARE3P8ABMA
  • C' C'

.J.J. 1. 43E-06 AFE0749MK APM8CME

58. 1.17E-06 AMV0759MD APM8AME APMBBME
60. 1. 17E-06 AMV0754MD APMBAME APMBBME
61. 1.15E-06 AAV0749MA ACV111704MA
62. 1.15E-06 AAV0749MA ACV0725MA
63. 1. 1SE-06 AAV0749MA ACV0726MA
  • 64 . 1. 15E-06 AAV0737AMA ACV0729MA
  • B-2

PALISADES APPENDIX B AUX3IT Continued The following cutsets represent pump suction flow diversion 1111. 3.00E-05 APMBCME AXV505MC

17. 1.14E-05 AXV505MC PCBB#209MB
24. 7.20E-06 AAV0737AMA AXV505MC Y-strainer at suction
34. 5.20E-06 AMV0759MD AXV505MC - of pumps A ~ B

..:i..J. 5.20E-06 APMBCMG AXV505MC

36. 5.20E-06 AMV0754MD AXV505MC
45. 3.20E-06 AFC0737AMT AXV505MC The following cutsets result from human error (instrument calibration>
12. 1.60E-1115 INSTRABCOH ----i_ Flow control calibration
52. 1. 65E-06 APMBCl1E I NSTRU@Q!!j
43. 3.90E-06 APSPBACOH APMSBMO- Suction pressure calibration C'..,

..JI

  • 1.30E-06 APSPBACOH ATBl<BMG The following cutsets are random pump failures
31. 6. 7'5E-1116 APMBAME APMBBME APMBCME
44. 2.'56E-06 APMBAME APMSBME PCBBl209MB
47. 2.56E-1116 APMBBME ~PMBCME PCBB#104MB
48. 2.40E-1116
  • APMBCME ARV0783MC
50. 2.2'5E-06 AP MBA ME APMBCME ATBKBMS 56
  • 1.17E-06 APMBAME *APMBBME APMBCMG 59 . 1.17E-06 APMBAMG APMSBME APMBCME
  • B-3
  • APPENDIX C FIGURES AND DRAWINGS
  • IC0286-0001K-NL01

f!B

~--~

cw 0749 co.. DllNIATE STOllACOE TAtOC. MOTOR

~ ---~-

~

...--"\

DRIVEN PUi-1P-8A I ' ~;

l..C.

... _ "':. .. B, L-------:~----r.:'Z. - - - - - p;;\_ l~'

~

I 141

-*..:t---------__J I I

  • 1 I

I A

~

STEIM1 TURBINE. ~---~

DRIVEN l'VMP 88

~

,f\OM .SfRYIC£ WATl!R, .SYSTEM I

- - -- -- --~_-_ ::@-~-@

I I

_('iii?\_

~~

I I f.o. ..:. ~-~-J FIGURE i nrw~ ~r~rMdTJr rn~onN~NT I 1tor1 rn

t;;;\

~

~- -- -~

~-- ~-- I ~

1 I

bi;] A/S

~--1--

~ I I

I

~ A/~

40IM6 I

- -L-- --

1*0 ""'

A/.s 61l r>N FIGURE 2

~TFAM ~llPPI V ,V,Tl="M ~r11r.M/\TTt

  • I~ *

~

......... IW*01N

.....'*' lllLllf

'""" __. VAL\lf L

r Line 1 I r- Line 3 I tt.or*o*11 n-m1nt 11-aTPl*ll 11111141 CV*0141 ICll~lhl

,_... a.&TC t- GATIC CllltlL t- HTS - ,..,,.... INUITlllW llOUITIN CMICll r--

VALlll VM.Vl .....

WALVll

""""' ,_ VALlll VALVI VaLllC

,_ Loop 2 1--'- Loop 3

- ' ~.

HOA

- - - - - - ... - - '°'..,..,_.

21*1Slflll lll*Of.fl 1'""1*1NI Ctl-tnlT ...Olfl MO-OJiJ hW-110NI MTS W'ILlll GAft

~p P.H CHCI VAi.aii

- * ,.ft VA&.VS

- COllHO&.

VALVI llKATlOll ......T....

11111.VC QllC..

.-ft

.- GATI VAL\/&

- ~ Line 2 j I

Line 4 -* I CIT ,.._

Loop 1 -

ISJ*PV Uri - I Line 6 . .I

- - ...""" - *ca..... -

I llAlllCI

  • AMI&

.,..... C'kln7A *OIM *om ~

- CGllTIA lll\Ull lllU1Wll WALlll U&.118 H*OnlM CdCIC.

"ALlll .,....,. -

un p..ac - -

Cl*071*M Qll"'

flUll 1111*11.....

VA&.¥11 tTUM I

Line 5 CHrlM

- IJll.°"9 I

llMTIM .-ATllll t - OllU.

Train Al: Loop 2 + Loo p 3 + RV07A3 + Line 3 WAUIC fAl.VI Train A2: Line 5 +Line 6 Train Bl: Loop 2 +Loop 3 + RV0783 + Line 4 Train B2: line 5 + Line 7 Fl GURE 3 AFWS RELIABILITY BLOCK DIAGRAM

  • r-- * ~

STEAM 153 ens IHAh\S

  • C\1*051.18 .. OlMS PC.V-0521.ll GEN.

E-SOA - GATE VALVE GATlt VALVI CONTROL VALVI.

CHECK VALVI.

- PRESSURE CONTJ(Ot.

VALVE K*&

Loop 4 i-Loop 5

- TURBINE DRIVfR

- PUMP P-IB 110*214FW 150 F'N 1- i-GLOH GLOBE 1--

VALVE VALVE 15!.MS 15'2.AMS CV*0521A '401MS STEAM GUI, E*SOB GATE VALVE

- GATE VALVE

- CO~TROL VALVE

- - CHECK V~LVE CV*Olll

...._ i-CONTROL VALVE"

~

w.----------Line 9 -------------~

FIGURE 4 STEAM SUPPLY SYSTEM RELIABILITY BLOCK DIAGRAM

    • APPENDIX D HARDWARE FAULT TREE
  • IC0286-0001K-NL01

PALI SADES APPENDIX D AFW SYSTEM RELIABILITY - HARDWARE

1. llE-0.7 1 2 TOP OR 2 2 61 G2 CST PRU PT 61 AND 0 2 6V270FW 6V133FW 62 AND 2 0 63 64 63 AND 2 0 65 66 64 AND 2 0 67 GB 65 OR 3 1 69 610 611 RV0783 66 OR 2 0 612 613 67 OR 3 1 69 610 614 RV0783 68 OR 2 0 612 615 69 AND 0 2 6V0771 6V0271 610 AND 2 0 616 617 611 OR 1 3 620 lt00753 1'100760 CK0729 612 OR 1 4 622 CK0725 GV0751. CK0726 GV0752 613 OR 1 3 623 1'100754 1'100759 CK0704 614 OR 1 3 621 1'100743 1'10079-8 CK0728 615 OR 1 3 624 '100748 1'100755 CK0703 616 OR 1 3 618 6V0772 CK0741 6110740 617 OR 1 3 619 6V0132 CK0743 6V07.42 618 OR 1 3 625 PSBA EAC1C EACY10 619 OR 1 1 628 PSSB 620 OR 1 1 662 CV0749 621 OR 1 1 647 CV0727 622 OR 1 3 644 PS8C EAC1D EACY20 623 OR 1 1 657 CV0737A 624 OR 1 1 652 CV0736A 625 AND 1 1 626 AFAS 626 OR .0 ...~' HS 104CS OPE1 EDC1 628 OR 2 1 629 631!11 GOVERNOR 629 AND 2 0 632 . 633 632 OR 1 3 636 CK41!12MS GV153AMS 6V1531'1S 633 OR ... 3

.,) 637 638 665 CK401MS GV152AMS 1 GV152MS 636 OR 1 2 642 CV0522B

  • EACY10 637 AND 2 0 639 6371 638 OR 1 1 640 CV0522A 639 OR 0 6 OPE1 CV0521 SV0521 HS0521 EDC2 1 EACY10 640 AND 1 1 641 OPE2 641 OR 0 6 AIR1 SV0522A FCV0522A HS0522A OPE!

1 EDC1 642 AND 2 0 6421 6422 643 OR 1 5 6431 SV0522B FCV0522B HS0522B OPEl 1 EDC1 644 AND 2 0 6441 645 645 OR 0 3 HS209CS OPE1 EDC2 647 AND 0 2 OPE1 FT0727A 652 AND 0 2 OPE1 FT0736A 657 AND 0 2 OPE1 FT0737A 662 AND 0 2 Of'El FHl749A 665 AND 1 1 666 NATER 666 OR 1 1 667 GV714FW 667 OR 1 1 668 CV0525 668 AND 1 1 G69 OPE2 D-1

PALISADES.

APPENDIX D 669 OR AlR3 631111 OR "1 5 1 631112 SV0525 PCV111521A HS0525. OPE1 EDC1 63&12 AND Ill "L NITROGEN AlR4 6371 OR 2 6V111214 OPE3 6421 6422 AND OR "11 1 1

643 6423 OPE2 EDCl 6423 OR 1 1 6424 AFAS 6424 OR 2 1 6425 6426 EACY20 6425 AND 2 FT1117'36H 6426 6431 AND AND 111 2 2

FT0737H NITROGEN FT0736AH FT0737AH AlR2 6441 6442 OR OR

" 1 1 2 1 6442 6443 AFAS 644~ EACY10 6443 AND 2 FT111727H FT0727AH 6444 AND 2 FT0749H FT0749AH END

  • D-2

NO FLOW TO BOTH STEAM GENERATORS DURING BOIL DRY TIME <"" 15 MINJ DUE TO HARDWARE FAILURES 11--------< TRANSIENT EVEMT *#1, TOP LMFW - AC SOURCES AVAILABLE CST COMMON SUCT NO FLOW THRU NO FLOW TO HEAD En RUPTURE PIPE RUPTURE LOOP 1 SG AAND SGB CST PRU PT Gl G2 MV-270FW 133FW FAILS TO OPEN FAILS TO OPEN NO FLOW TO NO FLOW TO SG A SG B P.H3 Hl

NO FLOW TO SG A P.Hl G3 NO FLOW THRU NO FLOW THRU TRAIN Al TRAIN A2 NO FLOW HIRU NO FLOW THRU RV-0783 NO FLOW THRU LOOP 2 LOOP 3 PREMATURE OPEN LINE 3 G9 RV0783 P.H4 P.H5 P.H2 NO FLOW HIRU NO FLOW THRU LINE 5 . LINE 6 P.HlO P.Hll

NO FLOW TO SG B P.Hl NO FLOW THRU NO FLOW THRU TRAIN Bl TRAIN B2 NO FLOW THRU NO FLOW THRU RV-0783 NO FLOW THRU LOOP 2 LOOP 3 *PREMATURE OPEN lINE Ll G9 RV0783 P.H4 P.H5 P.H9 NO FLOW THRU NO FLOW THRU LINE 5 LINE 7 H3

NO FLOW THRU LOOP 2 P.B2.,H3 69 29-0771FW . MV-271FWS FAILS TO OPEN FAILS TO OPEN GV0771 GV0271 H4

P.H2.,H3 GlO NO FLOW THRU NO FLOW THRU LINE 1 LINE 2 P.H6 P.H7 H5

NO FLOW TH.RU

~---1 LINE 1 P.HS Gl6 29-0772FW PUMP P-8A 218-0741 14-0740FW FAILS TO OPEN FAILS FAILS TO OPEN FAILS TO OPEN GV0772 CK0741 GV0740 .

P.Hl3 H6

NO FLOW THRU LINE 2 P.HS PUMP P-8B 29~132FW 218-0743 14-0742FW FAILS - FAILS TO OPEN

  • FAILS TO OPEN FAILS TO OPEN GV0132 K0743 GV0742 P.Hl4 H7

~----11 NO FLOW THRU LINE 3 P.H2 Gll CV-0749 M0-0753 M0-0760 CK-0729FWS PREVENTS WATER FLOW FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN 00753 M00760 CK0729 P.H28 H8

NO FLOW THRU

...-...~----1 LI NE 4 P.H3 CV-0727 M0-0743 M0-0798 CK-0728FWS PREVENTS WATER FLOW FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN M00743 M00798 CK0728 P.H25 H9

NO FLOW THRU

~-- .....

LINE 5 Gl2 PUMP P-8C CK-0725FWS MV-751FWS CK~0726FWS MV-752FWS FAILS FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN CK0725 GV0751 K0726 GV0752 P.H24 HlO

NO FLOW THRU

'~-- .... LINE 6 P.H2 CV-0737A M0-0754 M0-0759 CK-0704FWS PREVENTS WATER FLOW FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN M00754 M00759 CK0704 P.H27 Mll

NO FLOW THRU

~-- ..... LINE 7 P.H3 CV-0736A M0-0748 M0-0755 CK-0703FWS PREVENTS WATER FLOW FAILS TO OPEN FAILS TO OPEN "FAILS TO OPEN M00748 M00755 CK0703 P.H26 Hl2

PUMP P-8A FAILS P.H6 Gl8 PUMP P-8A NO ELEC POWER NO ACTION TO START P-8A FAILS TO START ROM AC BUS lC WHEN REQUIRED 625 MANUAL START AFAS FAILURE FAILS G26 AFAS HS-152-104CS OPERATOR NO POWER FROM FAILS ERROR nc nus I Hl3 MS104CS PEI ED Cl

PUMP P-8B FAILS P.H7 Gl9 PUMP P-8B NO STEAM i:o FAILS TO START PUMP P-8B PS8B NO STEAM NO STEAM GOVERNOR THRU LOOP 4 THRU LOOP 5 FAILS OVERNOR I' I Hl5 P.H16 IU4

NO STEAM THRU LOOP 4 P.Hl4

...__ G29 NO STEAM NO STEAM THRU LINE'8 THRU LINE 9 32 P.Hl7 402MS 153AMS 153MS CV-0522B PREVENTS FAILS TO OPEN FAILS- TO OPEN FAILS TO OPH! STEAM FLOW CK402MS GV153AMS Vl53MS

- G36 P.H21-Hl5

NO STEAM THRU LOOP 5 P.Hl4 630 PCV-0521A PREVENTS FLOW 6301 LOSS OF PCV-0521A INSTRUMENT AIR FAILS TO OPEN 6302 PCV05.21A NITROGEN SERVICE &

INSTR AIR SOURCE FAILS SYSTEM FAILS Hl6 NITROGEN AIR4

NO STEAM THRU LINE 9 P.Hl5 ATER IN PIPE/ CV-0522A CV-0521 AND 401MS 152AMS 152MS FAILURE TO PREVENTS 130-214FW FAI DRAIN WATER STEAM FLOW TO PASS STEAM FAILS TO OPEN FAILS TO OPEN FAILS TO OPEN G37 CK401MS GV152AMS GV152MS P.Hl8 P.H20 CV-0521 130-214FW PREVENTS PREVENTS STEAM FLOW STEAM FLOW 130-214FW OPERATOR FAILS TO OPEN ERROR Hl7 GV0214 OPE3

ATER IN PIPE/

r A P - - - - - 1 FAILURE TO

........,. DRAIN WATER

-..- G65 FAILURE TO WATER IN PIPE DRAIN WATER ATER G66 CV-0525 714FW PREVENTS WATER FLOW FAILS TO OPEN 667 GV714FW CV-0525 CV-0525 FAILS DUE TO CONTROL FAILS TO OPEN FAILURE CV0525 Hl8

CV-0525 FAILS A r - - -....,UE TO CONTROL FAILURE P.Hl8 668 SUPPORTING OPERATOR ERROR INSTRUMENTS FAILURE IN LOCAL OPE2 LOSS OF SV-0525 HS-0525 OPERATOR NO POWER FROM INSTRUMENT AIR FAILS FAILS ERROR IN CR DC BUS 1 AIR3 SV0525 HS0525 OP El ED Cl H19

CV-0522A PREVENTS STEAM FLOW P.Hl7 CV-0522A CV-0522A FAIL DUE TO CONTROL FAILS TO*OPEN FAILURE CV0522A SUPPORTING OPERATOR ERROR INSTRUMENTS FAILURE IN LOCAL 641 OPE2 H20 LOSS OF SV-0522A FC'7-0522A HS-0522A OPERATOR ERROR NO POWER FROM INSTRUMENT AIR FAILS FAILS FAILS

  • IN CR DC BUS 1 AIRl SV0522A FCV0522A* DCl

CV-0522B PREVENTS STEAM FLOW P-.-H15 CV-0522B CV-0522B FAIL UE TO CONTROL FAILS TO OPEN FAILURE CV0522B G42 MANUAL AUTOMATIC CONTROL FAILS CONTROL FAILS G422 NO POWER FROM AUTO START DC BUS 1 FAILS H21 ED Cl

MANUAL CONTROL FAILS P.H21 6421 CR/SUPPORTING OPERATOR ERROR INSTRUMENTS FAILURE IN LOCAL G43 OPE2 LOSS OF

  • SV-0522B FCV-0522B HS-0522B OPERATOR NO POWER FROM INSTRUMENT AI FAILS FAILS FAILS ERROR IN CR DC BUS 1 G431 ED Cl NITROGEN SERVICE & H22 INSTR AIR SOURCE FAILS SYSTEM FAILS NITROGEN AIR2

CV-:0521 PREVENTS STEAM FLOW P. Hl7 OPERATOR CV-0521 SV-0521 HS-0521 NO POWER FROM ERROR IN CR FAILS TO OPEN FAILS FAILS DC BUS 2 SV0521 rm ELEC PWR FROM AC BUS YID H23 EACYlO L _ __ _ _ _ _ _ _ _ _ _ _ _ _ _ ---

PUMP P-8C FAILS P.HlO NO ACTION TO NO ELEC PWR.

PUMP P-8C NO ELEC POWER START P-8C FROM AC FAILS TO START WHEN REQUIRED BUS Y20 PS8C EACID 644 EACY20 MANUAL . AUTO START START FAILURE FAILS 645 HS-152-209C OPERATOR NO POWER FROM FAILS ERROR DC BUS *2 H24 HS209CS . OPEl EDC2

CV-0727 PREVENTS P.H9 WATER FLOW G21 CV-0727 CV-0727 FAILS DUE TO CONTROL FAILS TO OPEN FAILURE CV0727 G47 OPERATOR FT-0727A ERROR. FAILS OP El FT0727A H25

CV-0736A PREVENTS WATER FLOW P.Hl2 G24 CV-0736A . CV-0736A FAILS DUE TO CONTRO FAILS TO OPEN FAILURE CV0736A G52 OPERATOR FT-0736A ERROR FAILS OPEl FT0736A H26

CV-0737A PREVENTS p.Hll WATER FLOW CV-0737A CV-0737A FAIL UE TO CONTROL FAILS TO OPEN FAILURE CV0737A G57 OPERATOR FT-0737A ERROR FAILS OP El FT0737A H27

CV-0749 PREVENTS P.H8 WATER FLOW CV-0749 CV-0749 FAILS UE TO CONTROL FAILS TO OPEN FAILURE V0749 G62 OPERATOR FT-0749A.

ERROR FAILS FT0749A H28

AUTO START FAILS P.H21 G423 AFAS FLOW TRANSMITTERS FAILS FAIL AFAS 6424

  • FT0736 AND NO ELEC PWR FT0737 AND FT0736A FROM AC FT0737A L BUS Y20 FAIL HIGH EACY20

.__ G't25 ___.6426 FT0736 FT0736A FT0737 FT0737A FAILS HIGH FAILS HIGH FAILS HIGH FAILS HIGH H29 FT0736H FT0736AH T0737H FT0737AH

AUTO START FAILS P.H24 AFAS FLOW FAILS TRANSMITTERS FAIL AFAS G442 FT0727 AND NO ELEC PWR FT0749 AND FT0727A FROM AC FT0749A FAIL HIGH BUS YlQ FAIL HIGH G443 EACYlO G'444 FT0727 FT0727A FT0749 FT0749A FAILS HIGH FAILS HIGH FAILS HIGH FAILS HIGH .

H30 FT0727H FT0727AH FT0749H FT0749AH

  • APPENDIX E TEST AND MAINTENANCE FAULT TREE
  • IC0286-0001K-NL01

PALI SADES APPENDIX E AFW SYSTEM RELIABILITY - TEST & MAINTENANCE

1. 0E-1118 1 2 TOP DR 3 111 6801 6802 6803 6801 OR 2 0 6804 8805 8802

.,, 0 6101 611112 OR ..) 6103 681113 DR 4 0 6206 6208 6203 8204 6804 AND 0 ",;. DPE801 GV133FW 8805 AND 0 2 DPE81111 6V270FW 611111 AND 111 6104 6105 6102 AND 2 0 6106 8107 8103 AND "')

'- 0 8108 6109 6104 AND 2 0 6110 66 6105 AND 2 0 8121 GB 6106 AND 2 111 6112 66 6107 AND 2 0 6122 68 6108 AND 2 0 6119 65 8109 AND "')

'- 0 6119 67 6110 AND 2 111 G111 617 G111 OR 0 C".J TP8A MP8A MCK0741 OPE101 OPE102 G112 AND 2 0 ~113 616 G113 OR 1 C".J 6114 TPBB MP8B MCK0743 OPE11113 1 OPE104 6114 OR 2 1 6115 6116 MPCV521A r,

6115 AND ,;. 0 6117 632 G116 AND 2 0 6118 633 6117 DR 0 4 MCK401MS MCV0521 OPE105 MCV0522A 6118 OR 0 ..) MCK402MS MCV0522B DPE106 6119 DR 0 c~* TP8C MP8C MCK0726 OPE 107 OPE108 6203 OR 2 111 6209 6210 62M DR 2 0 8211 G212 6206 AND 2 0 8217 64 621118 AND 2 0 6223 83 821119 AND 2 0 G'J"C"

~ .£. .J 6239 8210 AND 2 0 8228 84 6211 AND 2 0 6230 6231 8212 AND 2 0 6"')77

.... ..,).._\ 83 6217 AND 2 111 G21B 86 6218 OR 0 2 MM00753 OPE21112 6223 AND 2 0 6224 GB 6224 OR 111 2 MM00743 OPE204 6225 AND ".£. 0 6227 85 6227 DR 0 ".£. MCV0737A DPE205 8228 AND 2 0 6229 65 G229 DR 0 2 MMD0754 DPE206 6230 AND ".£. 111 6232 85 6231 AND 2 111 6232 87 6232 DR 0 2 MCV0736A DPE210 6233 AND 2 0 G234 67 6234 OR 0 .£. "'I MM0074B OPE207 6239 AND ,_ 0

'1 6227 87 83 AND 2 111 85 86 64 AND .i.. 111 67 GB 7 1 65 OR ..) 69 810 811 RV0783 66 OR "')

'- 0 612 613 67 OR 7 1 69 610 814 RV0783

~'

E-1

PALISADES APPENDIX E

  • GB G9 G10 611 612 613 614 DR AND AND DR OR OR OR 2

Ill 2 Ill 1 3 1 4 1 3 1 3 Ill 2

G12 GVlll771 G16 6211!

6'""'

££ G23 G21 815 GVlll271 G17 MOlll753 CKlll725 MDlll754 M00743 M011176111 6Vlll751 MOlll759 1'100798 CKlll729 CKlll726 CKlll704 CK0728 6V0752 615 DR 1 .,. .

.,) 624 M00748 M0111755 CK0703 616 OR 1 ~' 618 6Vlll772 CKlll741 6V111740 617 DR 1 3 619 6Vlll132 CKlll743 GVlll742 618 OR 1 .,) 625 PS8A 'EAC1C EACY 10 619 OR 1 1 628 PSBB 62111 OR 1 1 G62 CVlll749 621 OR 1 1 647 CVlll727 G"'r, .,.

.t..~ OR 1 .,) G44 PS8C EAC1D EACY21i'l 623 OR 1 1 657 CVlll737A G24 OR 1 1 652 CVlll736A G"'c-

.:.....1 AND 1 1 626 AFAS G26 OR Ill .,) HS104CS OPE1 EDC1 628 OR 2 1 629 631111 GOVERNOR G29 AND 'i

.... Ill 632 G33 G32 OF: 1 .,) G36 CK402MS GV153AMS GV153MS 633 DR ~'

.,) 637 G38 665 CK41111MS GV152AMS 6V152MS 636 OR 1 2 642 CVlll522B EACY1111 G37 AND 2 Ill 639 G371 638 DR 1 1 64111 CVlll522A G39 OR Ill 6 DPE1 CVlll521 SVlll521 HSlll521 EDC2 1 EACY10 84111 AND 1 1 641 OPE2 541 DR Ill 6 AIR1 SVlll522A FCVlll522A HSlll522A OPE 1 1' EDC1 642 AND 2 Ill 6421 6422 64:'., OR 1 5 6431 SVlll522B FCVlll522B HSlll522B OPE1 1 EDC1 644 AND "'i

.... Ill 6441 645 645 OR Ill "'l'

  • -* HS21119CS OPE1 EDC2 847 AND Ill 2 OPE1 FT111727A Gc-""

...1,;. AND* Ill .....

,;. OPEl FTlll736A 657 AND Ill 2 OPE1 FT111737A 662 AND Ill 2 OPE1 FT111749A 865 AND 1 1 866 WATEr:

666 OR 1 1 667 6'V714FW 867 OR 1 1 668 CVlll525 G68 AND 1 1 G69 OPE2 G69 OF: Ill 5 AIR3 SVlll525 HSlll525 OPE1 EDC1 6:S~l OR 1 1 G31112 PCVlll521A G:.1112 AND Ill 2 NITROGEN AIR4 G371 OR Ill 2 GVlll214 OPE3 6421 AND 1 1 G43 OPE2 6422 OR 1 1 G423 EDC1 G423 DR 1 1 G424 AFAS 6424 OR .L. 1 G425 G426 EACY2111 6425 AND 0 ,;. FT0736H FT0736AH 6426 AND Ill 2 FT0T37H FT0737AH E-2

PALISADES APPENDIX E G431 AND 0 2 NITROGEN AIR2 8441 OR 1 1 G442 AFAS G442 OR 2 1 G443 G444 EACY10 G443 AND 0 2 FT0727H FT0727AH G444 AND 0 £. FT0749H FT0749AH END

  • E-3

NO FLOW TO BOTH STEAM GENERATORS DURING BOIL DRY TIME <"'15 MlN)

DUE TO TEST AND MAINTENANCE <T&M)

TRANSIENT EVENT #1~

TOP LMFW - AC SOURCES AVAILABLE MV-270FW NO FLOW TO SGA NO FLOW TO SGA .

AND 133FW &SGB DUE TO & SGB DUE TO FAIL TO OPEN PUMP T&M MAINT ON LINES 6801 P.T2 P.Tll NQIE:***1NDICATES TRANSFER TO 133FW FAILS T V-270FW FAILS DESIGNATED GATE AND PAGE OF OPEN; MV-270FW 0 OPEN &133FW HARDWARE FAULT TREE OMMISIONERROR OMMISION ERROR 804 6805 MV-270FW 133FW MV-270FW 133FW MISSION ERROR FAILS TO OPEN AILS TO OPEN OMISSION ERROR

  • Tl PE801 GV133FW GV270FW OPE801

NO FLOW TO SGA

&SGB DUE TO

....___.----PUMP T & M P.Tl NO FLOW TO SGA NO FLOW TO SGA 0 FLOW TO SGA

&SGB DUE TO &SGB DUE TO &SGB DUE TO PUMP P-8A T&M PUMP P-8B T&M PUMP P-8C T&M 6101 6102 6103 NO FLOW TO SGA NO FLOW TO SGB 0 FLOW TO SGA NO FLOW TO SGB 0 FLOW* TO SGA NO FLOW TO SGB DUE TO DUE TO DUE TO DUE TO DUE TO DUE TO P-8A T&M P-8A T&M P-8B T&M P-8B T&M P-8C T&M P-8C T&M P.T4 P.TS P.19

NO FLOW TO SGA DUE TO P-8A T&M P.T2 6104 NO FLOW THRU NO FLOW THRU TRAIN Al TRAIN A2 GllO NO FLOW THRU LIME 2 Glll P- 8A P- 8A 218-0741 29-0772FW 14-0740FW TEST MAINTENANCE MAINTENANCE MISSION ERROR OMISSION ERROR T3 TP8A MP8A CK0741 OPElOl OPE102

NO FLOW TO SGB DUE TO P-8A T&M P.T2 NO FLOW THRU NO FLOW THRU TRAIN Bl TRAIN B2 Gl21 NO FLOW THRU NO FLOW THRU LINE 1 DUE TO P-8A & LINE 2 T4

0 FLOW TO SGA DUE TO P-8B T&M P.T2 6106 NO FLOW THRU NO FLOW THRU TRAIN Al TRAIN A2 6112 NO FLOW THRU NO FLOW THRLJ

..___---t LINE 2 DUE TO LINE 1 -- P-8B T&M P.T8 Gll3 T5 NO STEAM TO P-8B P-8B 218-0743 29-132FW 14-0742FW PUMP P-8B DU TO MAINT TEST MAINTENANCE MAINTENANCE OMISSION ERROR MISSION ERROR TP8B MP8B MCK0743 OPE103 PE104

NO STEAM TO PUMP P-8B DUE TO.MAINT P.TS LINE 8 FAILS PCV0521A MA nn LINE 8 MAINT AND AND 150FW AND LINE 9 MAINT FAILS TO OPEN LINE 9 FAILS 6125 6116 P.T7 PCV0521A LINE 8 LINE 9 MAINTENANCE MAINTENANCE FAILS MPCV521A 6118 402MS CV-0522P: 153AMS MAINTENANCE MAINTENANCE OMISSION ERROR TG MCK402MS MCV0522B OPE106

LINE 8 FAILS LINE 9 MAINT P.T5

.....___.GllS LINE 8 FAILS LINE 9 MAINT Gll7 401MS CV-0521 152AMS CV-0522A MAINTENANCE MAINTENANCE OMISSION ERROR MAINTENANCE MCK401MS Tl MCV0521 OPE105 MCV0522A

NO FLOW TO SGB DUE TO P-SB T &M Gl07 NO FLOW THRU NO FLOW THRU TRAIN Bl TRAIN B2 Gl22 NO FLOW THRU NO FLOW THRU LINE 2 DUE TO P-8B T&M LINE 1 T8

NO FLOW TO SGA DUE TO P.T2 P-8C T&M Gl08 NO FLOW THRU NO FLOW THRU

~----1 LINE 5 DUE TO TRAIN Al P-8C P-8C CK-0726FWS MV-751FWS MV-752FWS TEST MAINTENANCE. MAINTENANCE OMISSION ERROR OMISSION TP8C MP8C MCK0726 PE107 OPE108 T9

tlO FLOW TO SGB DUE TO P-8C T&M 6109 NO FLOW THRU NO FLOW THRU LINE 5 DUE TO TRAIN Bl P-8C T&M TlO

W FLOW TO SGA 0 FLOW TO SGA 0 FLOW TO SGA 0 FLOW TO SGA

& SGB DUE TO SGB DUE TO & SGB DUE TO & SGB DUE TO MAINT LINE 3 MAINT LINE 4 MAINT LINE 6 MAINT LINE 7 6208 6203 6204 DUE TO DUE TO DUE TO DUE TO DUE TO OTHER VALVES CV-0737A OTHER VALVES CV-0736A OTHER VALVES P.116 P.Tl7 P.Tl9 P.T20 Tll

THIS PAGE INTENTIONALLY BLANK Tl2

CV-0749 MAINTENANCE G215 CV-0749 14-0740FW

&14-0742FW MAINTENANCE MISSION ERRO MCV074~ G216 14-0740FW 14-0742FW MISSION ERROR OMISSION ERROR OPE201 OPE202 Tl3

DUE TO

. OTHER VALVES 6206 NO FLOW TO SGA NO FLOW TO SGB

...__....., 6217 M0-0753,M00760 NO FLOW THRll OR CK0729FWS MAINTENANCE TRAIN A2 M0-0753 CV-0749 MAINTENANCE OMISSION ERROR Tl4 OPE20 2

THIS PAGE INTENTIONALLY BLANK Tl5

DUE TO OTHER VALVES G208 NO FLOW TO SGB NO FLOW TO SG M0-0743., M0079 *No FLOW THRU OR CK-0728FWS MAINTENANCE TRAIN B2 6224 P.H3 M0-0743 CV-0727 MAINTENANCE OMISSION ERROR Tl6 MM00743 OPE204

  • W FLOW TO SGA

~----IOI SGB DUE TO V-0737A MAINT

--..-.. G209 NO FLOW TO SG NO FLOW TO SGB G225 6239 CV-0737A NO FLOW THRU NO FLOW THRU CV-0737A MAINTENANCE TRAIN- Al TRJHN Bl MAINTENANCE P.Tl7 G227 P.H3 CV-0737A MV-752FWS MAINTENANCE OMISSION ERROR Tll MCV0737A OPE205

DUE TO OTHER VALVES

--G210 NO FLOW TO SGA NO FLOW TO SG

..__...... 6228 NO FLOW THRU 0-0754 .; M0-0759 OR CK-0704FWS TRAIN Al MAINTENANCE 6229 M0-0754 CV-0737A MAINTENANCE OMISSION ERROR MM00754 OPE206 118

NO FLOW TO S6A

~----1 & SGB DUE TO

~ CV-0736A MAINT 6211 NO FLOW TO S6A 0 FLOW TO SGB G230 6231 NO FLOW THRU CV-0736A NO FLOW THRU CV-0736A TRAIN Al MAINTENANCE TRAIN Bl MAINTENANCE 6232 P.Tl9 CV-0736A MV-752FWS MAINTENANCE OMISSION ERROR MCV0736A OPE210 Tl9

DUE TO OTHER VALVES

...__,, 6212 NO FLOW TO SGA NO FLOW TO SGB

--......... G233 M0-0748,M00755 NO FLOW THRU OR CK-0703FWS MAINTENANCE TRAIN Bl G234*

M0-0748 CV-0736A MAINTENANCE MM00748 OPE207 T20

14-07Lf0FW

& 14-0742FW OMISSION ERROR GZ'fO 14-07lf.OFW 14-0742FW OMISSION ERROR OMISSION ERROR OPE208 OPE209 TZJ

-1

  • APPENDIX F ELECTRICAL FAULT TREES
  • IC0286-0001K-NL01

PALISADES APPENDIX F

  • AFW RELIABILITY - ELECTRICAL BUS 1C EAC1C 826 831 633 END OR AND OR OR 0

1 2

0 4

1 0

4 826 631 B18 B20 BUS1C 833 C16 ClB D81-1S STUT1-2 D61-1R OPRT AFW RELIABILITY - ELECTRICAL BUS y 10 EACY10 OR 1 61 BUSY10 81 AND £

~.

© 62 83 62 OR 1 4 64 Bl Cl BYPR BUSY01

,83 OR 1 4 85 B2 C2 INVl BUSDl 84 AND .

"')

Ill 66 67 85 AND '7

-~ 0 GB 89 610 86 OR 1 4 814 B3 C3 ACT! BUSMCl 87 OF: 1 4 811 B4 C4 ACT2 BUSMC3 8.8 OR 1 7

._) 812 B5 C5 BATT 1 89 OR 1 3 813 B6 C6 BUSMC2 810 OR 1 3 814 B7 C7 BUSMC1 611 OR 1 2 815 BB CB 612 AND Ill 7 CHl CH3 BD

._)

613 OR 1 7

-~ 816 B9 C9 BUSB12 814 OR 1

.,. 617

~' Bllll C10 BUSB11 615 OR 1 618 BUSB13 616 AND 2 0 619 620 617 AND 2 0 621 622 618 AND £ Ill 6181 623 619 OR 4 624 B12 C12 STAP12 BUS1D 620 OR 1 7

._) 622 B11 Cll BUSBll 621 OR 1 3 819 B11 C11 BUSB12 622 OR 1 4 626 B14 C14 STAPll BUS1C 623 OR 2 827 BUSB14 B15 624 AND ..

r; 111 628 630 826 AND 2 0 831 833 627 OR 1 4 634 B16 C13 STAP14 BUSlE 828 OR Ill 4 B17 C15 D81-2S D61-2R 830 OR 0 4 B22 C22 STUT 1-2 OPRT 631 OR 0 4 B18 C16 DG1-1S D81-1R 633 OR 0 4 B20 C18 STUTl-2 OPRT 634 OR 0 4 B24 C21 STUTl-2 OPRT 6181 OF: 4 626 B181 C181 STAP13 BUSlC END

  • F-1

PALISAI:E3 APPENDIX F Anl RELIABILITY - ELECTRICAL DC BUS EDC1 OF: 1 1 85 BUSD1 85 AND 3 0 GB 89 610 GB OR .,.

1 ~' 812 B5 C5 BATT1 89 OR 1 3 613 B6 C6 BUSMC2 810 OR 1 ..,..J 814 B7 C7 BUSMC1 612 AND 0 .7

.) CH1 CH3 BD 813 OF: .,.

1 ~' G16 B9 C9 BUSB12 614 OR 1 ..J 7

G17 B10 C10 BUSB11 616 AND 2 0 819 820 617 AND ,_

'i 0 621 6""'~*

G19 OR 1 4 G24 B12 C12 STAP12 BUSlD G20 ..,

OR 1 ..J 622 811 c 11 BUSB11 821 OF: 1 ..J 819 811 C11 8USB12 s~ .. ,

,._,._ OR 1 4 G26 814 C14 STAPll 8US1C 624 AND 2 0 G28 G311l 626 AND 2 0 631 G33 G28 OR 0 4 817 C15 D61-2S DG1-2R G30 OR 0 4 822 C22 STUT1-2 OPRT 631 DR 0 4 B18 C16 D61-1S D61-1R 633 DR 0 4 B20 C1B STUT1-2 DPRT END

  • F-2
  • EEPS AC BUS lC NOT AVAILABLE EACIC EEPS TO AC BUS IC AC BUS IC.

FAILURE FAILURE BUSIC P.EI9

    • EEPS = ESSENTIAL ELECTRICAL POWER SUPPLY El

EEPS DC BUS 1 NOT AVAILABLE EEPS ro DC DC BUS 1 BUS 1 FAILURE FAILURE BUSDl P.ES E2

EEPS AC BUS YlO NOT AVAILABLE EACYlO EEPS TO BUS YlO BUS YlO FAILURE FAILURE Gl BUSYlO EEPS FROM EEPS FROM BUS YOl DC BUS 1 FAILURE . FAILURE P. E4 P.ES E3

EEPS FROM BUS YOl P.E3 FAILURE EEPS TO BRKRS CABLING BYPASS BUS YOl BUS YOl REGULATOR FAILURE FAILURE FAILURE FAILURE FAILURE G4 Bl Cl BYPR BUSYOl*

EEPS FROM EEPS*FROM MCC 1 MCC 3 FAILURE FAILURE G7 P.E6 P.E7 E4

EEPS FROM DC BUS 1 FAILURE EEPS TO BRKRS CABLING INVERTER 1 BUS 1 DC BUS 1 FAILURE FAILURE FAILURE FAILURE FAILURE B2 C2 INVl BUSDl BATTERY 1 EEPS FROM EEPS FROM MCC 2 MCC 1 FAILURE FAILURE FAILURE P.E8 P.E9 P.ElO ES

EEPS FROM MCC 1 P.E4 .FAILURE G6 EEPS TO BUS BRKRS CABLING INSTR AC BUS MCC 1 MCC 1 (FR BUS XFMR 1 Bll) FAILURE FAILURE FAILURE : FAILURE FAILURE B3 C3 ACTl BUSMCl P.Ell E6

EEPS FROM MCC 3 P.E4 FAILURE BRKRS CABLING EEPS TO INSTR AC . BUS MCC 3 MCC 3 XFMR 2 FAILURE FAILURE FAILURE FAILURE FAILURE B4 Gll EEPS FROM BUS Bl3 BRKRS CABLING FAILURE FAILURE FAILURE 615 B8 C8 EEPS TO BUS Bl3 BUS Bl3 FAILURE ! FAILURE .. ****.

E7 BUSB13 P.F14

BATTERY 1 P.ES FAILURE G8 BRKRS CABLING BATT 1 BATTERY CHARGERS FAILURE FAILURE FAILURE FAILURE BS cs BATTl 612 CHARGER 1 CHARGER 3 BATTERY FA I.LURE FAILURE LOW CHARGE CHl CH3 E8

EEPS FROM MCC 2 P.t5 FAILURE BRKRS CABLING BUS MCC 2 EEPS To MCC 2 (FROM BUS Bl2)

FAILURE FAILURE FAILURE - FAILURE B6 C6 BUSMC2 EEPS TO BRKRS CABLING BUS Bl2 BUS Bl2 FAILURE FAILURE FAILURE FAILURE

  • C9 BUSB12 P.El2 E9

EEPS FROM MCC 1 FAILURE P.E5 BRKR CABLING BUS MCC 1 EEPS To MCC 1 (FROM BUS Bll)

FAILURE FAILURE FAILURE FAILURE Bl Cl BUSMCl ElO

EEPS TO MCC 1

,......,_-----t (FROM BUS Bll)

FAILURE P.E6,,El0 Gl4 BRKR CABLING BUS Bll EEPS TO BUS Bll FAILURE FAILURE FAILURE FAILURE BIO 10 BUSBll P.El3 Ell

EEPS TO BUS Bl2 FAILURE P.E9

---... Gl6 EEPS FROM EEPS* FROM BUS lD BUS Bll FAILURE FAILURE EEPS FROM BRKRS CABLING BUS lC BUS Bll FAILURE FAILURE FAILURE FAILURE Bll Cll USBll P.El8

.. *~. '*

. El2

EEPS TO BUS Bll FAILURE P.Ell

"----'Gl7 EEPS FROM EEPS FROM BUS Bl2 . BUS IC FAILURE FAILURE BRKRS CABLING BUS Bl2 EEPS FROM BUS lD FAILURE FAILURE FAILURE FAILURE Bll Cll BUSB12 .

P.El6

...,... Fl3

EEPS TO BUS Bl3 FAILURE P.E7

.............._Gl8 EEPS FROM EEPS FROM BUS lC BUS Bl4 FAILURE FAILURE Gl81 BRKRS CABLING STA PWR BUS lC EEPS TO XFMR 13 BUS lC FAILURE FAILURE FAILURE FAILURE FAILURE Bl81 181 STAP13 BUSlC 1 G26 P.El9 El4

EEPS FROM BUS Bl4 P.El4 FAILURE; EEPS TO BUS Bl4 P:RKRS BUS Bl4 FAILURE FAILURE FAILURE 627 BUSB14 Bl5 EEPS TO BRKRS CABLING STA PWR BUS lE BUS lE XFMR 14 FAILURE FAILURE FAILURE FAILURE FAILURE Bl6 STAP14 BUSIE P.E20 EIS

EEPS FROM EUS ID.

FAILURE pI EI2.,, EI3 GI9 BRKR CABLING STA PWR BUS lD EEPS TO XFMR I2 BUS ID FAILURE *FAILURE FAILURE FAILURE FAILURE BI2 CI2 STAPI2 BUSlD G24 EEPS FROM EEPS FROM <RT)

DG I-2 FFSITE POWER FAILURE FAILURE G28 BRKRS CABLING DGl-2 .

FAILURE

~ *~

FAILURE FAILURE El6 Bl7 Cl5 DGI-2

EEPS FROM CRT>

n..,..__ ___.OFFSITE POWER FAILURE P.El6 BRKR CABLING STARTUP OFFSITE POWER FAILURE FAILURE XFMR 1-2 CRT) SOURCE FAILURE FAILURE B22 C22 STUTl-2

. ~. '* El7 .

EEPS FROM BUS lC FAILURE P.El2.,El3 G22 BRKRS CABLING STA PWR BUS lC EEPS TO XFMR 11 BUS IC FAILURE FAILURE FAILURE FAILURE FAILURE Bl4 Cl4 STAPll BUSIC P.El9

-**

  • El8

EEPS TO BUS lC

. FAILURE P.El,El4,El8 626 EEPS FROM EEPS FROM <RT)

DG 1-1 OFFSITE POWER FAILURE FAILURE BRKR CABLING STARTUP OFFSITE POWER XFMR 1-2 <RT) SOURCE FAILURE FAILURE FAILURE FAILURE B20 Cl8 STUTl-2 OPRT BRKR CABLING DG 1-1 FAILURE FAILURE FAILURE Bl8 Cl6 DGl-1 El9

EEPS TO BUS IE FAILURE P.El5 634 BRKR CABLING STARTUP OFFSITE POWER XFMR 1-2 CRT> SOURCE FAILURE FAILURE FAILURE FAILURE B24 21 STUTl-2 PRT E20

  • APPENDIX G DATA
  • IC0286-0001K-NL01

PALISADES APPENDIX G FAILURE OF AFW SYSTEM COMPONENTS USING PLANT SPECIFIC DATA

  • COMP ID AFAS AIR 1 AIR2 PROBABILITY 7.00E-03 1.52E-03
1. 52E-03 DESCRIPTION AFW actuation signal fails Loss of instrument air on CV-0522A Loss of instrument air ( f ram air system) on CV-0522B AIR~. 1.52E-0'3 Loss of instrument air on CV-0525 AIR4 1.52E-03 Loss of instrument air (from air system) on PCV-0521A CK401MS 1.00E-04 Check valve 401MS fails to open CK402MS 1.00E-04 Check valve 402MS fails to open CK0703 1.00E-04 Check valve CK-0703 FWS fails to open CK0704 1. 00E-04 Check valve CK-0704 FWS fails to open CK0725 1.00E-04 Check valve CK-0725 FWS fails to open Cl<0726 1.00E-04 Check valve CK-0726 FWS fails to open CK0728 1.00E-04 Check valve CK-0728 FWS fails to open CK0729 1.00E-04 Check valve CK-0729 FWS fails to open CK0741 1.00E-04 Check valve CK-0741 FWS f ai 1 s to open CK0743 1.00E-04 Check valve CK-0743 FWS fails to open CV0521 4.00E-04 Control valve CV-0521 fails to open CV0522A 4.00E-04 Control valve CV-0522A fa i 1 s to open CV0522B 4.00E-04 Control valve CV-0522B fails to open CV0525 4.00E-04 Control valve CV-0525 fails to open CV0727 4.00E-04 Control valve CV-0727 fails to open CV0736A 4.00E-04 Control valve CV-0736A fails to open CV0737A 4.00E-04 Control valve CV-0737A fails to open CV0749 4.00E-04 Control valve CV-0749 fails to open
  • EAClC EAC1D EACY 10 EACY20 EDCl EDC2
9. 40E-05 9.40E-05 6.52E-05 6.52E-05 6.39E-05 6.39E-05 No power from ac bus 1C CASE I ' TABLE 2-2 No power from ac bus lD CASE I I TABLE 2-2 No power from ac bus Y10 CASE I' TABLE 2-2 Na power from ac bus Y20 CASE I ' TABLE 2-2 No power from de bus 1 CASE I I TABLE 2-2 No power from de bus 1 CASE I I TABLE .... -L.

") ~.

FCV0522A 1.00E-05 Flori control valve FCV-0522A fails to open FCV0522B 1.00E-05 Fl ow control valve FCV-0522B fails to open FT0727A 2.17E-03 Fl ow transmitter FT-0727A fails FH!736A 2.17E-'n Flow tra.nsmi tter FT-0736A f ai 1 s FT0737A 2.17E-03 Flow transmitter FT-0737A fails FT0749A 2.17E-03 Fl ow tt-ansmi tter FT-0749A fails FT0727H 2.17E-03 Fl ow transmitter FT-0727 fails FT0727AH 2.17E-03 Flow transmitter FT-0727A fails high FT0736H 2.17E-03 Fl Ol'l transmitter FT-0736 fails high FT0736AH 2.17E-11!3 Flow transmitter FT-0736A fails high FT0737H 2.17E-03 Flow transmitter FT-0737 fails high FTl1!737AH 2.17E-03 Flow transmitter FT-0737A fails high FT0749H 2.17E-03 Flow transmitter FT-0749 fails high FT0749AH 2. 17E-11!3 Flow transmitter FT-0749A f ai 1 s high GOVERNOF: 6.53E-05 Turbine governor K-8 fails GV0132 1. 011!E-11!4 Gate valve 29-132FW fails to open 6V0271 1.11!0E-04 Gate valve MV-271FWS fails to open GV0740 1.00E-04 Gate valve 14-111740FW fails to open GV0742 1.00E-04 Gate valve 14-11!742FW fails to open

1. 0\:lE-04 . Ga.te valve MV-751FWS fails to open G'~0751 GV0752 1.00E-04 Gate valve MV-752FWS fails to open GV0771 1 .11!0E-04 Gate valve 29-0n1rn f ai 1 s to open G-1

PALISADES APPENDIX G GV0772 1.00E-04 Gate valve 29-0772FW fails to open GV133nl 1. 00E-04 Gate valve 133FW fails to open GV152MS 1. 00E-04 Gate valve 152MS fails to open GV152AMS 1.1110E-1114 Sate valve 152AMS fails to open GV153MS 1. 00E-04 Gate valve 153MS fails to open GV153AMS 1. 00E-04 Gate valve 153AMS fails to open GV270FW 1.00E-04 Gate valve MV-270FW fails to open 6V714FW 1.00E:-04 Gate valve 714FW fails to open GV0214 1.00E-04 Gate valve 130-214FW fails to open HS0521 3.00E-04 Hand switch HS-0521 fails HS0522A 3.00E-04 Hand Sl~i tch HS-0522A fa i 1 s HSlll522B 3. 0111E-1114 Hand switch HS-0522B fails HS0525 3.00E-1114 Hand srii tch HS-0525 fails HS104CS 3.00E-04 Hand switch HS-104CS fails HS209CS 3.00E-04 Hand switch HS-211l9CS fails MCK401MS 2. 14E-1113 Maintenance on check valve 401MS MCf:'.402MS 2.14E-03 Maintenance on check valve 41!12MS MCK0726 2.14E-1113 Maintenance on check valve CK-0726FWS MCK0741 2.14E-03 Maintenance on check valve 218-0741 MCK0743 2. 14E-lll3 Maintenance on check valve 218-0743 MCV0521 2.14E-03 Maintenance on control valve CV-0521 MCVl1l522A 2.14E-03 Maintenance on control valve CV-111522A MCVl1l522B 2.14E-1113 Maintenance on control valve CV-05ssB MCV0736A 2.14E-03 Maintenance on control valve CV-0736A MCV0737A 2.14E-03 Maintenance on control valve CV-0737A MM00743 2.14E-03 Maintenance on motor-operated valve MD-0743 MM00748 2.14E-03 Maintenance on motor-operated valve M0-0748 MMD0753 2.14E-03 Maintenance on motor-operated valve M0-0753 MM00754 2.14E-03 Maintenance on motor-operated valve M0-0760 MPCV521A 2.14E-03 Maintenance on pressure control valve PCV-0521A MP8A 2.14E-03 Maintenance on pump P8A MP8B 2.14E-03 Maintenance on pump PBB MPBC 2.14E-03 Maintenance on pump PBC M00743 1.00E-1114 Motor-operated valve M0-0743 fails to open MOl1l748 1. 011lE-1114 Motor-operated valve M0-0748 fails to open MOl1l753 1.00E-04 Motor-operated valve M0-0753 fails to open M00754 1. 00E-04 Motor-operated valve M0-0754 fails to open MOl1l755 1.00E-04 Motor-operated valve M0-0755 fa i 1 s to open M00759 t.00E-04 Motor-operated valve M0-0759 fails t Ci open M00760 1.11l0E-1114 Motor-operated valve M0-0760 fails to open M00798 1.11l0E-04 Motor-operated valve M0-0798 fails to open NITF:OGEN 1.52E-03 Loss of pressure from nitrogen source OF'E 1 1.00E-Ql3 Operator error DPE101 1.00E-03 Operator error OPE Hl2 1.00E-03 Operator error OPE103 1.00E-03 Operator error OPE104 1.00E-03 Operator error OF'E105 1.1110E-03 Operator error OPE106 1.00E-03 Operator error OPE107 1. 00E-03 Operator error OPE108 1.00E-03 Operator error OPE2 1.00E-03 Operator error OPE3 1.00E-03 Operator error OPE202 1. 00E-03 Operator error OF'E204 1.00E-03 Operator error G-2

PAL I SALES APPENDIX G OPE205 1.11l0E-11l3 Operator error OPE206 1. 00E-03 Operator error OPE207 1. 011JE-11l3 Operator error OPE2111l 1.11ll1JE-03 Operator error DPE801 1.11l0E-03 Operator error PCVl1l521A 1.11l11JE-11l5 Pressure control valve PCV-0521A fails to open PSBA 5.11l11JE-03 Electric pump PBA fails to start PSBB 1.11l0E-11l3 Turbine-driven pump PBB fails to start PSBC 5.11ll1JE-11l3 Electric pump P8C fails to start RVl1l783 3. 65E-11l3 Relief valve RV-0783 premature open SV0521 1. 00E-03 Solenoid valve SV0521 fails SV0522A 1.11l0E-03 Solenoid valve SV0522A fails SV0522B 1. liHlE-03 Solenoid valve SVl1l522B fails SV0525 1.00E-11l3 Solenoid valve SVl1l525 fails WATER 1. 00E-03 Water in steam pipe

  • G-3

PALI SADES APPENDIX G FAILURE OF AFW SYSTEM COMPONENTS USING PLANT SPECIFIC DATA COMP ID PROBABILITY DESCRIPTION AFAS 7.1110E-03 AFW actuation signal fails AIRl 1.52E-03 Loss of instrument air on CV-0522A AIR2 1.52E-1113 Loss of instrument air (from air system) on CV-0522B AIR3 1.52E-03 Loss of instrument air on CV-0525 AIR4 1. 52E-03 Loss of instrument air (from air system) on PCV-0521A CK401MS 9.50E-04 Check valve 401MS fails to open CK402MS 3.20E-04 Check valve 402MS fails to open CK0703 3.20E-04 Check valve CK-0703 FWS fails to open CKlil704 3.20E-04 Check valve CK-0704 FWS fails to open CK0725 3.20E-04 Check valve CK-0725 FWS fails to open CK0726 3.20E-04 Check valve CK-0726 FWS fails to open CK0728 3.20E-04 Check valve CK-0728 FWS fails to open CKlil729 3.20E-04 Check valve CK-0729 FWS fails to open CK0741 3. 20E-04 Check valve CK-0741 FWS fails to open CK0743 3.21/JE-04 Check valve CK-0743 FWS fails to open CV0521 8.00E-03 Control valve CV-0521 fails to open CV0522A 1.10E-02 Control valve CV-0522A fails to open CV0522B 3.60E-03 Control valve CV-0522B fails to open CV0525 1. 10E-02 Control valve CV-0525 fails to open CV0727 3.60E-03 Control valve CV-0727 fails to open CV0736A 3.61/JE-03 Control valve CV-0736A fails to open CV0737A 3.60E-03 Control valve CV-0737A fails to open CV0749 3.60E-03 Control valve CV-0749 fails to open EAC1C 1. 21E-05 No power from ac bus 1C CASE I, TABLE 2-2 EAC1D 1.03E-05 No power from ac bus 1D CASE I, TABLE 2-2 EACY 113 1.04E-05 No power from ac bus Y10 CASE I, TABLE 2-2 EACY20 1. ME-05 No power from ac bus Y20 CASE I, TABLE 2-2 EDC1 3. 12E-05 No power from de bus 1 CASE I, TABLE 2-2 EDC2 3.12E-05 No power from de bus 1 CASE I, TABLE 2-2 FCV0522A 5.50E-04 Flow control valve FCV-0522A fails to open FCV0522B 1. 90E-04 Flow control valve FCV-05228 fails to open FT0727A 1. 40E-04 Flow transmitter FT-0727A fails FT0736A 1.40E-04 Flow transmitter FT-111736A fails FT0737A 1. 40E-M Flow transmitter FT-0737A fails FT0749A 1.40E-04 Flow transmitter FT-0749A fails FT0727H 2.17E-03 Flow transmitter FT-0727 fails FT0727AH 2.17E-03 Flow transmitter FT-0727A fails high FT0736H 2.17E-03 Flow transmitter FT-0736 fails high FT0736AH 2.17E-03 Flow transmitter FT-0736A fails high FT0737H 2.17E-03 Flow transmitter FT-0737 fails high FT0737AH 2.17E-03 Flow transmitter FT-0737A fails high FT0749H 2.17E-03 Flow transmitter FT-0749 fails high FT0749AH 2.17E-03 Flow transmitter FT-lil749A fails high GOVERNOF: 6.53E-05 Turbine governor K-8 fails GV0132 8.14E-05 Gate valve 29-132FW fails to open GV0271 8.14E-05 Gate valve MV-271FWS fails to open GV0741il 8.14E-05 Gate valve 14-0740FW fails to open GV0742 8.14E-05 Gate valve 14-0742FW fails to open GV0751 B.14E-05 Gate valve MV-751FWS fails to open GV0752 8.14E-05 Gate valve MV-752FWS fails to open GV0771 8.14E-0:, Gate valve 29-0771FW fails to open G-4

PALISADES APPENDIX G GV111772 8.14E-05 Gate valve 29-0772FW fails to open GV133FW 8.14E-05 Gate valve 133FW fails to open GV152MS B.14E-05 Gate valve 152MS fails to open GV152AMS 8.14E-05 Gate valve 152AMS fails to open GV153MS 8.14E-05 Gate valve 153MS fails to open GV153AMS 8.14E-05 Gate valve 153AMS fails to open GV270FW 8.14E-05 Gate valve MV-270FW fails to open GV714FW 8.14E-05 Gate valve 714FW fails to open GV0214 6.70E-03 Gate valve 130-214FW fails to open HS0521 3.00E-05 Hand switch HS-0521 fails HS0522A 1.00E-05 Hand switch HS-0522A fails HS0522B 1. 00E-05 Hand switch HS-0522B fails HS0525 1. 00E-05 Hand switch HS-0525 fails HS 104CS 1. 00E-05 Hand switch HS-104CS fails HS209CS 1. 00E-05 Hand switch HS-209CS fails MCK401MS 2.14E-03 Maintenance on check valve 401MS MCK402MS 2. 14E-03 Maintenance on check valve 402MS MCK111726 2. 14E-03 Maintenance on check valve CK-0726FWS MCK0741 2.14E-03 Maintenance on check valve 218-0741 MCK0743 2.14E-03 Maintenance on check valve 218-0743 MCV0521 2.14E-03 Maintenance on control valve CV-0521 MCV0522A 2.14E-03 Maintenance on control valve CV-0522A MCV0522B 2.14E-03 Maintenance on control valve CV-05ssB MCV0736A 2.14E-03 Maintenance on control valve CV-0736A MCV0737A 2.14E-03 Maintenance on control valve CV-0737A Mt-100743 2.14E-1113 Maintenance on motor-operated valve M0-0743 MM00748 2.14E-03 Maintenance on motor-operated valve M0-0748

  • MM00753 MM00754 MPCV521A MPBA MPBB MPBC 2.14E-03 2.14E-03 2.14E-03 2.30E-04 3.90E-03 2.70E-04 Maintenance on motor-operated valve M0-0753 Maintenance on motor-operated valve M0-0760 Maintenance on pressure control valve PCV-0521A Maintenance on pump PBA Maintenance on pump P8B Maintenance on pump PBC M00743 2.80E-03 Motor-operated valve M0-0743 fails to open M00748 2.80E-03 Motor-operated valve M0-0748 fails to open M0075:. 2.80E-03 Motor-operated valve M0-0753 fails to open M00754 2.80E-03 Motor-operated valve M0-0754 fails to open M00755 2.80E-03 Motor-operated valve M0-0755 fails to open M00759 2.80E-03 Motor-operated valve M0-0759 fails to open M00760 2. BlllE-1113 Motor-operated valve M0-0760 fails to open M00798 2.80E-03 Motor-operated valve M0-0798 fails to open NITROGEN 1.52E-03 loss of pressure from nitrogen source OPE1 1.00E-02 Operator error OPE101 1.00E-1112 Operator error OPE 11112 1.00E-02 Operator error OPE1l!l3 1. 00E-03 Operator error OPE11114 1.00E-03 Operator error OPE 11115 1.00E-03 Operator error OPE106 1. 00E-03 Operator error OPE107 1.00E-03 Operator error OPE108 1. 00E-03 Operator error OPE2 1.00E-03 Operator error Operator error OPE3 1.00E-03 OPE202 1.00E-03 Operator error OPE21114 1.00E-03 Operator enot-G-5

PALI SADES APPENDIX G OPE205 1.00E-llJ3 Operator error OPE206 1.011JE-03 Operator error OPE207 1.00E-03 Operator error OPE210 1. lllllJE-03 Operator error OPE801 1.00E-03 Operator error*

PCV0521A 5.00E-lll4 Pressure control valve PCV-0521A fails to open PS8A 1. 511JE-lll2 Electric pump PBA fails to start PSBB 3.llJllJE-02 Turbine~driven pump PBB fails to start PSBC 1.50E-02 Electric pump PBC fails to start RVllJ783 1. 70E-M Relief ~alve RV-0783 premature open SVllJ521 1.00E-03 Solenoid valve SVllJ521 fails SV0522A 1.llJllJE-03 Solenoid valve SV0522A fails SVllJ522B 1. 011JE-lll3 Solenoid valve SV0522B fails SVllJ525 1.llllllE-03 Solenoid valve SV0525 fails WATER 1.00E-03 Water in steam pipe

  • G-6

PAL I SAr:.ES APPENDIX G FAILURE OF ELECTRICAL EQUIPMENT USING GENERIC DATA COMP ID PROBABILITY RATE DESCRIPTION ACT! 1. 79E-1214 4.91E-07 Instr AC Transf 1 fa i 1 s to function ACT2 1. 79E-04 4.91E-lil7 Instr ~c Tran sf 2 fails to function B1 5.15E-05 4. 70E-lil8 1/3 Breakers from bypass regulator to bus Y10 ftc B2 3.43E-05 4.70E-08 DC breaker ftc or 4.70E-lil8 AC breaker ftc B3 1.72E-05 4.70E-lil8 Breaker 52-145 ftc B4 1. 72E-05 4.70E-lil8 Breaker 52-356 ftc B5 1.72E-05 4. 70E-08 DC Breaker ftc B6 1. 72E-05 4.70E-lil8 Breaker 52-285 ftc B7 1. 72E-05 4. 70E-08 Breaker 52-146 ftc BB 1.72E-lil5 4. 70E-08 Breaker 52-1301 ftc B9 1.72E-05 4.70E-lil8 Breaker 52-1203 ftc B10 1. 72E-05 4. 70E-08 Breaker 52-1101 ftc B11 3.43E-05 4.70E-08 Breaker 52-1118 or breaker 52-1217 ftc B12 3.43E-l?J5 4.71ilE-08 Breaker 52-1202 ftc or 4.70E-lil8 Breaker 152-201 ftc B14 3.43E-05 4.7l?!E-08 Breaker 52-1102 ftc or 4.71ilE-08 Breaker 152-115 ftc B15 1. 72E-05 4.70E-08 Breaker 52-1310 ftc B16 3.43E-05 4.70E-08 Breaker 52-1402 ftc or 4.70E-08 Breaker 152-304 ftc B17 1.72E-05 4.70E-08 Breaker 152-213 <DG1-2 output) ftc B18 1.72E-05 4.7M-08 Breaker 152-107 <DG 1-1 output) ftc B21il 1.72E-05 4.70E-08 Bt-eaker 152-Hl6 ftc B22 1. 72E-05 4.71ilE-08 Breaker 152-202 ftc B24 1.72E-05 4.70E-08 Breaker 152-303 ftc B181 3.43E-05 4.70E-lil8 Breaker 52-1302 ftc or 4.70E-08 Breaker 252-110 ftc BD 1.05E-lil3 2.88E-06 DC battery 1 degraded BATT 1 1.06E-l?J3 2.90E-06 DC battery 1 fails BUS1C 6.39E-05 1.75E-07 Bus 1C fails BUS1D 6.39E-05 1.75E-07 Bus 10 fails BUS1E 6.39E-05 1.75E-07 Bus 1E fails BUSB11 6.39E-05 1.75E-07 Bus 11 fails BUSB12 6.39E-05 1.75E-07 Bus 12 fails BUSB13 6.39E-1115 1.75E-07 Bus 13 fails BUSB14 6.39E-05 1.75E-07 Bus 14 f ai 1s BUSMC1 6.39E-1115 1.75E-1117 MCC 1 fails BUSMC2 6.39E-lil5 1.75E-1117 MCC 2 fails BUSMC3 6.39E-1115 1.75E-07 MCC BUSY01 6:39E-05 1.75E-07 " fa fa Bus Y01 i 1s i 1s BUSY10 6.39E-05 1.75E-lil7 Bus Y10 f ai 1 s BUSD1 6.39E-05 1.75E-07 DC Bus *J. fails BYPR 8.40E-04 2.30E-06 Bypass regulator fails Cl 5.lBE-04 1. 42E-06 Cable fails C2 5.lBE-04 1.42E-lil6 Cable fails C3 5.18E-04 1.42E-06 Cable fails C4 5.18E-04 1. 42E-lil6 Cable fails C5 5. lBE-04 1.42E-06 Cable fails Cb 5.18E-04 1.42E-06 Cable fails C7 5. lBE-04 1. 42E-lil6 Cable failE G-7

I PALI SADES APPENDIX G CB 5. 18E-04 1. 42E-06 Cable fails C9 5.18E-04 1.42E-06 Cable fails C10 5.1BE..:.04 1.42E-06 Cable fails C11 5.18E-04 1.42E-06 Cable fails C12 5.lBE-1114 1.42E-06 Cable fails C13 5.18E-04 1. 42E-06 Cable f aii s C14 5.lBE-04 1.42E-06 Cable fails C15 5. lBE-04 1.42E-06 Cable fails Clb 5.lBE-04 1.42E-06 Cable fails C17 5.lBE-04 1.42E-06 Cable fails ClB 5.lBE-04 1.42E-06 Cable fails C19 5.lBE-04 1.42E-06 Cable fails C20 5.lBE-04 1.42E-06 Cable fails C21 5.lBE-04 1. 42E-06 Cable fails C22 5. lBE-04 1.42E-06 Cable fails C181 5.18E-04 1.42E-06 Cable fa i 1s CHl 4.42E-03 1.21E-05 Charger fails CH3 4.42E-03 1. 21E-05 Charger f ai 1s DG1-1S 3. 00E DG fails to start DG1-2S 3.00E-02 DG fails to start INV 1 8.40E-04 2.30E-06 Inverter 1 fails OPRT 1.19E-04 3.26E-07 Loss of offsi te power STAP11 2.lBE-04 5.96E-07 Station power transformer fails STAP12 2.lBE-04 5.96E-07 Station power transformer fails STAP13 2.lBE-04 5.96E-07 Station power transformer fails*

STAP14 2. lBE-04 5.96E-07 Station power transformer fails STUT 1-2 3. 22E-04 8.BlE-07 Start-up transformer fails

  • G-8

PALISADES APPENDIX G FAILURE OF ELECTRICAL EQUIPMENT USING PLANT SPECIFIC DATA COMP ID PROBABILITY RATE DESCRIPTION ACT! 2.1118E-1115 2.6111E-06 Instr AC Transf fails to function - Bhrs ACT2 2.1118E-1115 2.6111E-06 Instr AC Tran sf ..,,;. fails to function - Bhrs B1 3.84E-1116 1.6111E-1117 113 Breakers f ra*m bypass regulator ta bus Y10 ftrc - Bhrs B2 4.24E-06 3.70E-07 DC breaker ftrc - Bhrs or 1.60E-07 AC breaker ftrc - Bhrs B3 1.28E-1116 1. 60E-07 Breaker 52-145 ftrc - Bhrs B4 1.28E-06 1.6111E-07 Breaker 52-356 ftrc - Bhrs B5 2.96E-06 3. 70E-07 DC Breaker ftrc - Bhrs B6 1.28E-06 1.60E-1117 Breaker 52-285 ftrc - Bhrs B7 1.28E-1116 1.6111E-07 Breaker 52-146 ftrc - Bhrs BB 1. 28E-06 1. 6M-07 Breaker 52-1301 ftrc - Bhrs B9 1.28E-06 1. 6111E-1117 Breaker 52-121113 ftrc - Bhrs BH! 1. 28E-06 1. 60E-07 Breaker 52-111111 ftrc - Bhrs B11 2.56E-1116 1.6111E-1117 Breaker 52-1118 or breaker 52-1217 ftrc - Bhrs B12 1.33E-1115 1.611!E-1117 Breaker 52-121112 ftrc - Bhrs or 1.5111E-06 Breaker 152-21111 ftrc - Bhrs B14 1.33E-05 1.6111E-07 Breaker 52-111112 ftrc - Bhrs or 1.50E-1116 Breaker 152-115 ftrc - Bhrs B15 1.28E-1116 1. 60E-1117 Breaker 52-1310 ftrc - Bhrs B16 1. 33E-1115 1.6111E-07 Breaker 52-141112 ftrc .... Bhrs or

1. 5111E-1116 Breaker 152-304 ftrc - Bhrs B17 2.15E-1112 5. 7111E-1115 Breaker 152-213 <DG 1-2 output) ftc or ftrc DI=370hrs, MT=Bhrs B18 6.1111E-1113 1. 6111E-1115
  • Breaker 152-H'!7 <DG 1-1 output) ftc or ftrc DI=37111hrs, MT=Bhrs (p-1.6E-05)

B20 1. 2111E-1115 1. 50E-06 Breaker 152-11116* ftrc - Bhrs B22 1.20E-05 1.50E-1116 Breaker 152-21112 ftrc - Bhrs B24 1. 2111E-1115 1. 50E-fll6 Breaker 152-31113 ftrc - Bhrs B181 1.33E-1115 1. 6111E-1117 Breaker 52-131112 ftrc - Bhrs or

1. 5111E-06 Breaker 252-11111 ftrc - Bhrs BD 9. 62E-04 2.60E-1116 DC battery 1 degraded - SBD, DI=37111hrs BATT! 2.1118E-fll5 2. 6111E-06 DC battery 1 fails - Bhrs BUSlC 6. 4111E-06 8.1110E-1117 Bus 1C fails - Bhrs BUS1D 6.4111E-1116 8.0111E-fll7 Bus 1D fails - Bhrs BUS1E 6.4111E-1116 8.111111E-lil7 Bus lE fails - Bhrs BUSB11 1.36E-1116 1. 7111E-1117 Bus 11 fails - Bhrs BUSB12 1. 36E-06 1.7111E-07 Bus 12 fails - Bhrs BUSB13 1. 36E-1116 1. 7111E-1117 Bus 13 fails - Bhrs BUSB14 1. 36E-1116 1.7121E-07 Bus 14 fails - Bhrs BUSMCl 1. 36E-1116 1.70E-07 MCC fails - Bhrs BUSMC2 1.36E-06 1.70E-1117 MCC ,;. fa i 1s - Bhrs BUSMC3 1.36E-1116 1.70E-07 MCC ~' fails - Bhrs 7

BUSY1111 1.1114E-1115 1.3111E-06 Bus Y1111 fails - Bhrs BUSY10 1. ME-1115 1. 3111E-06 Bus Y10 fa i 1 s - Bhrs BUSDl 3.12E-05 3.9121E-06 DC Bus 1 fails - Bhrs BYPR 4.16E-1115 5.2111E-1116 Bypass regulator fa i 1 s - 8hrs Cl 6.00E-05 7.511lE-11l6 Cable fa i 1 s - Bhrs C2 6. liHl!E-05 7.50E-06 Cab 1 e fa i 1 s - Bhrs C3 6.lil0E-05 7.511JE-11l6 Cable fails - Bhrs C4 6.!l!lllE-05 7.511lE-06 Cable fa i 1 s - 8hrs C5 6.11l0E-11l5 7.5111E-06 Cable fails - 8hrs G-9

PALI SADES APPENDIX G

  • C6 6.00E-05 7.50E-06 Cable fails - Bhrs C7 6.00E-05 7. 5111E-1116 Cable fails - Bhrs CB 6.00E-05 7. 50E-1116 Cable fails - Bhrs C9 6.00E-05 7.50E-06 Cable fails - Bhrs C10 6. ll!ll!E-1115 7. 5111E-1116 Cable fails - Bhrs c 11 6. 0111E-1115 7.511!E-06 Cable fails - Bhrs C12 6. 011!E-1115 7. 5111E-06 Cable fails - Bhrs C13 6.1110E-1115 7. 5111E-1116 Cable fails - Bhrs C14 6.11!0E-1115 7. 511!E-06 Cable fails - Bhrs C15 6.00E-05 7. 50E-1116 Cable fails - Bhrs C16 6.00E-05 7.50E-06 Cable fails - Bhrs C17 6.00E-05 7.511!E-06 Cable fails - Bhrs C18 6.00E-05 7.50E-06 Cable fails - Bhrs C19 6.00E-05 7.50E-1116 Cable fails - 8hrs C2111 6.00E-05. 7.50E-06 Cable fails - Bhrs C21 6.1110E-05 7.5111E-06 Cable fails - Bhrs C22 6.00E-1115 7.50E-06 Cable fails - 8hrs C181 6.00E-05 7.50E-1116 Cable fails - Bhrs CH1 1.1114E-05 1.30E-06 Charger fails - Bhrs CH3 1. ME-05 1.3111E-06 Charger fails - Bhrs DG1-1S 6.1111E-03 6, llllE-03 DG fails to start - SBD DG1-1R 2.24E-02 2.BlllE-03 DG fails to run - Bhrs DG1-2S 8.10E-03 8.10E-03 DG fails to start - SBD DG1-2R 9.60E-03 1.20E-1113 DG fails to run - Bhrs INV 1 3.12E-05 3.9111E-06 Inverter 1 fails - Bhrs OPRT 5.36E-04 6.71l\E-05 Loss of offsite power - 8hrs STAP11 4.00E-06 5.00E-07 Station power transformer fails - Bhrs STAP12 4.00E-06 5.00E-07 Station power transformer fails - Bhrs STAP13 4.00E-06 5.00E-07 Station power transformer fails - Bhrs STAP14 4.00E-06 5.00E-07 Station power transformer fails - Bhrs STUT1-2 2.64E-05 3.30E-ll!6 Start-up transformer fails - Bhrs
  • G-10

PALISADES APPENDIX G COMPONENT FAILURE RATE DATA CALCULATION The following presents some calculations of component failure rate data for the AFW system unavailability estimate.

1.0 TEST AND MAINTENANCE 1.1 Pump test= 1.92E-03 (Reference 2)

Q = (hrs/test) (tests/yearl=(l.4> (12l = 1.93E-03 Test <hrs/year) 8760 1.2 Pump maintenance= 2.14E-03 <Reference 2)

Q =(!ll.22l (hrs/maintl=<0.22) (7) = 2.14E-03 Mai nt 720 720 1.3 . Valve maintenance= 2.14E-03 (Reference 2l Q =<0.22) (hrs/maint>=t0.22l (7) = 2.14E-03 Mai nt 720 720 2.0 OPERATOR ERROR

2. 1 Maintenance error = 1.00E-03 (Reference 3)

The failure probability if the maintainer fails to restore a valve after this work is finished is 1.00E-02, and the checker's failure probability is (1.01t'!E-02l (10> = 1.00E-01. Hence, the estimated error by the maintainer restoring manual valves is

<1.00E-02l (1.00E-01l = 1.00E-03.

2.2 Operator error in control room (or local)= 1.00E-03 (Reference 2)

Estimated failure probability for a "dedicated" operator to actuate AFW and possible backup actuation of AFW in 15 minutes actuation time needed is 1.00E-03.

3.0 HARDWARE 3.1 Valve (check, gatel fails to open= 1.00E-04 (Reference 4) 3.2 Control valve fails to open = 4.00E-04 Q = fails to operate +failure to remain open (plugl

= 3.00E-04 + 1~00E-04 = 4.00E-04 (Reference 4l 3.3 Relief valve premature open = 3.65E-03 Relief valve premature open failure rate~ = 1.00E-05/hr

<Reference 4l G-11

PALI SADES APPENDIX G By monthly testing:

Q = A*730/2 = (1.00E-05) (365) = 3.65E-03 3.4 AFW actuation signal fails = 7.00E-03 (Reference 2l 3.5 Loss of instrument air = 1.52E-03 Failure rate(...= 4.17E-06/hr (using compressor's failure rate (Reference 1 1 p 120>

Using monthly testing:

Q = A.* 730/2 = 4. 17E-06l <365) = 1. 52E-1113 3.6 Flow transmitter failure= 2.17E-03 Failure rate A. = 5.95E-06/hr (Reference 1 1 p 432)

Using monthly testing:

Q = (5.95E-06l 730/2 = 2.17E-03 3.7 Hand switch failure = 3.00E-04 (Reference 4l 3.8 Pressure (flow) control valve fails to open = 1.1110E-05

  • 3.9 By using relief valve fails to open data (Reference 4)

Governor failure = 6.53E-05 Failure rate A= 1.70E-07/hr MTTR't"'= 19.13 hr (Reference 7l Q = 1\1:' + 7'* 730/2 = 6.53E-05 (using monthly testing) 3.10 Electrically driven pump fails to start= 5.00E-03 Q = mechanical components + control circuit <with monthly testing) = 1.00E-03 + 4.00E-03 = 5.00E-03 (Reference 2l 3.11 Turbine driven pump fails to start= 1.00E-03 <Reference 2) 3.12 Solenoid valve failure= 1.0111E-03 (Reference 41 3.13 Pipe rupture, condensate storage tank rupture= 4.80E-08 The pipe rupture ()3") failure rate is 1.00E-10/hr per foot (Reference 4l. It was estimated that there were 20 feet of pipe length from the condensate storage tank to the double suction header and the average repair time was 24 hrs

  • Q = (20l (1.00E-111H'!) (24) = 4.80E-08/demand G-12

PALI SADES APPENDIX G

  • 3.14 Motor-operated valve <N.0.) fails to open (plugging)

= 1.00E-04 (Reference 21 3.15 Water in pipe= 1.00E-03 By judgement, the estimated probability that there is sufficient condensed water in the steam pipe is 1.00E-03.

It is noted that the top event unavailability will not be affected if 1.0 is used for that estimated probability .

  • 6-13
Retrieved from "https://kanterella.com/w/index.php?title=ML18052A359&oldid=2507145"