ML18053A744
| ML18053A744 | |
| Person / Time | |
|---|---|
| Site: | Lee  |
| Issue date: | 12/19/2017 |
| From: | Donahue J Duke Energy Carolinas |
| To: | Office of New Reactors |
| Hughes B | |
| References | |
| DUKE, DUKE.SUBMISSION.15, LEE.NP, LEE.NP.1 | |
| Download: ML18053A744 (34) | |
Text
UFSAR Table of Contents 1 Introduction and General Description of the Plant 2 Site Characteristics 3 Design of Structures, Components, Equipment and Systems 4 Reactor 5 Reactor Coolant System and Connected Systems 6 Engineered Safety Features 7 Instrumentation and Controls 8 Electric Power 9 Auxiliary Systems 10 Steam and Power Conversion 11 Radioactive Waste Management 12 Radiation Protection 13 Conduct of Operation 14 Initial Test Program 15 Accident Analyses 16 Technical Specifications 17 Quality Assurance 18 Human Factors Engineering 19 Probabilistic Risk Assessment UFSAR Formatting Legend Description Original Westinghouse AP1000 DCD Revision 19 content Departures from AP1000 DCD Revision 19 content Standard FSAR content Site-specific FSAR content Linked cross-references (chapters, appendices, sections, subsections, tables, figures, and references)
17.1 Quality Assurance During the Design and Construction Phases ................ 17.1-1 17.2 Quality Assurance During the Operations Phase ........................................ 17.2-1 17.3 Quality Assurance During Design, Procurement, Fabrication, Inspection, and/or Testing of Nuclear Power Plant Items .............................................. 17.3-1 17.4 Design Reliability Assurance Program ........................................................ 17.4-1 17.4.1 Introduction ................................................................................. 17.4-1 17.4.2 Scope ......................................................................................... 17.4-1 17.4.3 Design Considerations ............................................................... 17.4-1 17.4.4 Relationship to Other Administrative Programs .......................... 17.4-1 17.4.5 The AP1000 Design Organization .............................................. 17.4-2 17.4.6 Objective ..................................................................................... 17.4-2 17.4.7 D-RAP ........................................................................................ 17.4-3 17.4.7.1 SSCs Identification and Prioritization ........................ 17.4-3 17.4.7.2 Not Used ................................................................... 17.4-5 17.4.7.3 Not Used ................................................................... 17.4-5 17.4.7.4 D-RAP Implementation ............................................. 17.4-5 17.4.8 Glossary of Terms ...................................................................... 17.4-6 17.5 Quality Assurance Program Description ...................................................... 17.5-1 17.6 Maintenance Rule Program .......................................................................... 17.6-1 17.6.1 Maintenance Rule Program Description ..................................... 17.6-1 17.6.1.1 Maintenance Rule Scoping per 10 CFR 50.65(b) ..... 17.6-1 17.6.1.2 Monitoring and Corrective Action per 10 CFR 50.65(a)(1) ................................................... 17.6-2 17.6.1.3 Preventive Maintenance per 10 CFR 50.65(a)(2) ..... 17.6-2 17.6.1.4 Periodic Evaluation of Monitoring and Preventive Maintenance per 10 CFR 50.65(a)(3) ....................... 17.6-3 17.6.1.5 Risk Assessment and Risk Management per 10 CFR 50.65(a)(4) ................................................... 17.6-3 17.6.2 Maintenance Rule Training and Qualification ............................. 17.6-3 17.6.3 Maintenance Rule Program Relationship With Reliability Assurance Activities ................................................................... 17.6-3 17.6.4 Maintenance Rule Program Relationship With Industry Operating Experience Activities .................................................. 17.6-4 17.6.5 Maintenance Rule Program Implementation .............................. 17.6-4 17.7 Combined License Information Items .......................................................... 17.7-1 17.8 References .................................................................................................. 17.8-1 17-i Revision 1
Components Important to Investment Protection ......................................... 17.3-3 4-1 Risk-Significant SSCs Within the Scope of D-RAP ...................................... 17.4-8 4-2 Example of Risk-Significant Ranking of SSCs for the Automatic Depressurization System ........................................................................... 17.4-15 17-ii Revision 1
Assurance Activities .................................................................................. 17.4-16 17-iii Revision 1
1 Quality Assurance During the Design and Construction Phases e Energy Carolinas (Duke) is responsible for the establishment and execution of quality urance program requirements during the design, construction, and operations phases of Lee lear Station Units 1 and 2. Duke may delegate, and has delegated to others, as discussed below, work of establishing and executing the quality assurance program, or any parts thereof, but ins responsibility for the quality assurance program.
Duke Energy Quality Assurance (QA) Program defines the QA program requirements for design construction activities. These program requirements remain in effect until such time as the lity Assurance Program Description (QAPD) discussed in Section 17.5 becomes effective.
e Energy contracted with Enercon Services, Inc. to develop the Lee Nuclear Station Combined nse (COL) application, including site characterization activities. The process of collection, review analysis of specific data for site characterization was performed under the Enercon Quality urance program and is described in the Enercon Quality Assurance Project Planning Document ference 208). Duke Energy maintains oversight under its existing 10 CFR Part 50, Appendix B gram, as described in Duke Energy Carolinas Topical Report Quality Assurance program ference 209). Duke Energy oversight is provided through its review and approval of the Enercon Plan, by conducting QA audits and surveillances of Enercon activities, and by direct participation OL development activities. This includes providing site specific applicant input and review of COL lication content, signing the COL application as applicant at submittal, and working directly with rcon and contractors to respond to NRC requests for additional information.
lementation of the applicable portions of the Duke Energy Quality Assurance Topical Report for CFR Part 52 Licenses, NGGM-PM-0033, discussed in Section 17.5 begins 30 days following the ance of the first COL to Duke Energy. The program establishes the QA program requirements for remaining portion of the design and construction phases and for operations; however, full lementation of the operations related requirements will be no later than as indicated in le 13.4-201.
17.1-1 Revision 1
17.2-1 Revision 1 section outlines the quality assurance program applicable to the design, procurement, ication, inspection, and/or testing of items and services for the AP1000 Project. The design for 000 is based upon employing the design of AP600 to the maximum extent possible. As a result, ntinuous quality program spanning AP600 design as well as AP1000 design has been used.
stinghouse has and will continue to maintain a quality assurance program meeting the uirements of 10 CFR 50 Appendix B for the AP1000 program that will be applicable to the design, urement, fabrication, inspection, and/or testing activities.
ctive March 31, 1996, activities affecting the quality of items and services for the AP600 Project ng design, procurement, fabrication, inspection, and/or testing were being performed in ordance with the quality plan described in "Westinghouse Electric Corporation - Energy Systems iness Unit, Quality Management System," (Reference 1). The Quality Management System S) has been maintained as the Quality Plan for the AP1000 program and subsequent revisions e been submitted to and accepted by the NRC as meeting the requirements of 10 CFR 50 endix B.
r to introduction of the QMS as the quality plan applicable to the AP1000 project, activities on the 00/AP1000 program were performed in accordance with topical report WCAP 8370 ferences 2 and 3), Westinghouse Energy Systems Business Unit/Power Generation Business Quality Assurance Plan. WCAP 8370 was subsequently superceded by the Westinghouse QMS escribe the quality assurance plan and Westinghouse commitments to meet the requirements of CFR 50 Appendix B.
current Westinghouse quality plan for work being performed on the AP1000 is the Westinghouse tric Company Quality Management System (QMS) (Reference 9). The referenced revision of the S was accepted by the NRC as meeting the requirements of 10 CFR 50, Appendix B, on tember 13, 2002.
oject-specific quality plan was issued to supplement the quality management system document the topical reports for design activities affecting the quality of structures, systems, and ponents for the AP600 project (Reference 4). This plan referenced the NQA-1-1989 edition ugh NQA-1b-1991 addenda and was applicable to work performed for the AP1000 design prior to ch 16, 2007.
ctive March 16, 2007, NQA-1-1994 is the applicable revision of NQA-1 for work performed for the 000 project. As such, a project-specific quality plan is no longer required, and the Westinghouse tric Company Quality Management System (QMS) (Reference 9) is the quality program for work ormed for the AP1000 project.
lity Assurance requirements for systems, structures, and components will be graded based on safety classification as indicated in Section 3.2. Safety-related systems are classified as ipment Classes A, B and C, and will meet the requirements of 10 CFR 50, Appendix B. For ems, structures, and components included in the regulatory treatment of nonsafety systems NSS), the quality requirements are identified in Table 17-1. See Section 16.3 for systems that uld be considered for designation of systems and components included in the regulatory tment of nonsafety systems.
17.3-1 Revision 1
stinghouse performs an initial evaluation of these programs and monitors their continued effective lementation through audits, surveillance, and evaluation of the performance of external anizations.
17.3-2 Revision 1
Systems, Structures, And Components Important to Investment Protection following outlines the quality assurance program requirements for suppliers of systems, structures, or ponents to which the requirements for investment protection short-term availability controls apply.
Organization The normal line organization may verify compliance with the requirements of this table. A separate or dedicated quality assurance organization is not required.
Quality Assurance Program It is expected that the existing body of suppliers procedures or practices will describe the quality controls applied to the subject equipment. A new or separate QA program is not required.
Design Control Measures shall be established to ensure that contractually established design requirements are included in the design. Applicable design inputs shall be included or correctly translated into design documents, and deviations therefrom shall be controlled. Normal supervisory review of the designers work is an adequate control measure.
Procurement Document Control Applicable design bases and other requirements necessary to assure component performance, including design requirements, shall be included or referenced in documents for procurement of items and services, and deviations therefrom shall be controlled.
Instructions, Procedures, and Drawings Activities affecting quality shall be performed in accordance with documented instructions, procedures, or drawings of a type appropriate to the circumstances. This may include such things as written instructions, plant procedures, cautionary notes on drawings, and special instructions on work orders. Any methodology which provides the appropriate degree of guidance to personnel performing activities important to the component functional performance will satisfy this requirement.
Document Control The issuance and change of documents that specify quality requirements or prescribe activities affecting quality shall be controlled to assure that correct documents are employed.
Control of Purchased Items and Services Measures are to be established to ensure that all purchased items and services conform to appropriate procurement documents.
Identification and Control of Purchased Items Measures shall be established where necessary, to identify purchased items and preserve their investment protection important functional performance capability. Examples of circumstances requiring such control include the storage of environmentally sensitive equipment or material, and the storage of equipment or material that has a limited shelf-life.
Control of Special Processes Measures shall be established to control special processes, including welding, heat treating, and non-destructive testing. Applicable codes, standards, specifications, criteria, and other special requirements may serve as the basis of these controls.
17.3-3 Revision 1
Important to Investment Protection Inspection Inspections shall be performed where necessary to verify conformance of an item or activity to specified requirements, or to verify that activities are being satisfactory accomplished.
Inspections need not be performed by personnel who are independent of the line organization. However, inspections, where necessary, shall be performed by knowledgeable personnel.
Test Control Measures shall be established, as appropriate, to test equipment prior to installation to demonstrate conformance with design requirements.
Tests shall be performed in accordance with test procedures. Test results shall be recorded and evaluated to ensure that test requirements have been met.
Control of Measuring and Test Equipment Measures shall be established to control, calibrate, and adjust measuring and test equipment at specific intervals.
Handling, Storage, and Shipping Handling, storage, cleaning, packaging, shipping, and preservation of items shall be controlled to prevent damage or loss and to minimize deterioration.
Inspection, Test, and Operating Status Measures shall be established to identify items that have satisfactory passed required tests and inspections, and to indicate status of inspection, test, and operability as appropriate.
Control of Nonconforming Items Items that do not conform to specified requirements shall be identified and controlled to prevent inadvertent installation or use.
Corrective Action Measures shall be established to ensure that failures, malfunctions, deficiencies, deviations, defective components, and nonconformances are properly identified, reported, and corrected.
Records Records shall be prepared and maintained to furnish evidence that the above requirements for design, procurement, document control, inspection, and test activities have been met.
Audits Audits which are independent of line management are not required, if line management periodically reviews and documents the adequacy of the suppliers process and takes any necessary corrective action. Line management is responsible for determining whether reviews conducted by line management or audits conducted by and organization independent of line management are appropriate.
If performed, audits shall be conducted and documents to verify compliance with design and procurement documents, instructions, procedures, drawings, and inspection and test activities.
17.3-4 Revision 1
4.1 Introduction AP1000 D-RAP is implemented as an integral part of the AP1000 design process to provide fidence that reliability is designed into the plant and that the important reliability assumptions e as part of the AP1000 probabilistic risk assessment (PRA) (Reference 5) will remain valid ughout plant life. The PRA quantifies plant response to a spectrum of initiating events to onstrate the low probability of core damage and resultant risk to the public. PRA input includes cific values for the reliability of the various structures, systems, and components (SSCs) in the t that are used to respond to postulated initiating events.
D-RAP, shown in Figure 17.4-1, is implemented during Design Certification. The D-RAP tifies risk-significant SSCs for inclusion into the site Operational Phase Reliability Assurance vities (OPRAAs) using probabilistic, deterministic, and other methods.
OPRAAs provides confidence that the operations and maintenance activities performed by the rating plant support should maintain the reliability assumptions made in the plant PRA.
4.2 Scope D-RAP includes a design evaluation of the AP1000 and identifies the aspects of plant operation, ntenance, and performance monitoring pertinent to risk-significant SSCs. In addition to the PRA, rministic tools, industry sources, and expert opinion are used to identify and prioritize those risk-ificant SSCs.
quality assurance requirements for non-safety related SSCs within the scope of D-RAP is in ordance with the Quality Assurance Program Description (QAPD), Part III.
4.3 Design Considerations part of the design process, risk-significant components are evaluated to determine their dominant re modes and the effects associated with those failure modes. For most components, a stantial operating history is available which defines the significant failure modes and their likely ses.
identification and prioritization of the various possible failure modes for each component lead to gestions for failure prevention or mitigation. This information is provided as input to the OPRAAs.
design reflects the reliability values assumed in the design and PRA as part of procurement cifications. When an alternative design is proposed to improve performance in either area, the sed design is first reviewed to provide confidence that the current assumptions in the other areas not violated. When a potential conflict exists between safety goals and other goals, safety goals precedence.
4.4 Relationship to Other Administrative Programs D-RAP manifests itself in other administrative and operational programs. The technical cifications provide surveillance and testing frequencies for certain risk-significant SSCs, providing fidence that the reliability values assumed for them in the PRA will be maintained during plant rations. Risk-significant systems that provide defense-in-depth or result in significant rovement in the PRA evaluations are included in the scope of the D-RAP.
17.4-1 Revision 1
RAAs:
Maintenance Rule Program (Reference 10)
Quality Assurance Program (Section 17.2)
Inservice Testing Program (Section 3.9)
Inservice Inspection Program (Section 5.2 and Section 6.6)
Technical Specifications Surveillance Test Program (Section 16.1)
AP1000 Investment Protection Short Term Availability Controls Program (Section 16.3)
Site Maintenance Program 4.5 The AP1000 Design Organization AP1000 organization of Section 1.4 formulates and implements the AP1000 D-RAP.
AP1000 management staff is responsible for the AP1000 design and licensing.
AP1000 staff coordinates the program activities, including those performed within Westinghouse ell as work completed by the architect-engineers and other supporting organizations listed in tion 1.4.
AP1000 staff is responsible for development of the D-RAP and the design, analyses, and risk reliability engineering required to support development of the program. Westinghouse is onsible for the safety analyses, the reliability analyses, and the PRA.
reliability analyses are performed using common databases from Westinghouse and from stry sources such as INPO and EPRI.
Risk and Reliability organization is responsible for developing the D-RAP and has direct access e AP1000 staff. Risk and Reliability is responsible for keeping the AP1000 staff cognizant of the AP risk-significant items, program needs, and status. Risk and Reliability participates in the ign change control process for the purpose of providing D-RAP-related inputs to the design ess. Additionally, a cognizant representative of Risk and Reliability is present at design reviews.
ough these interfaces, Risk and Reliability can identify interfaces between the performance of
-significant SSCs and the reliability assumptions in the PRA. Meetings between Risk and ability and the designer are then held to manage interface issues.
4.6 Objective objective of the D-RAP is to design reliability into the plant and to maintain the AP1000 reliability sistent with the NRC-established PRA safety goals.
following goals have been established for the D-RAP:
Provide reasonable assurance that
- The AP1000 is designed, procured, constructed, maintained and operated in a manner consistent with the assumptions and risk insights in the AP1000 PRA for these risk-significant SSCs
- The risk-significant SSCs do not degrade to an unacceptable level during plant operations 17.4-2 Revision 1
- The risk-significant SSCs function reliably when they are challenged Provide a mechanism for establishing baseline reliability values for risk-significant SSCs identified by the risk determination methods used to implement the Maintenance Rule (10 CFR 50.65) and consistent with PRA reliability and availability design basis assumptions used for the AP1000 design Provide a mechanism for establishing baseline reliability values for SSCs consistent with the defense-in-depth functions to minimize challenges to the safety-related systems Generate design and operational information to be used for ongoing plant reliability assurance activities elopment of maintenance assessments and recommendations and the site-specific portion of the gram is the responsibility of the Combined License applicant.
4.7 D-RAP definition portion of the D-RAP includes the initial identification of SSCs to be included in the gram, implementation of the aspects applicable to design efforts, and definition of the scope, uirements, and implementation options to be included in the later phases.
4.7.1 SSCs Identification and Prioritization initial task of the D-RAP is identification of risk-significant SSCs to be included within the scope e program. As shown in Figure 17.4-1, the AP1000 PRA is used to identify those SSCs, sistent with the criteria of Reference 7 for risk achievement worth (RAW), risk reduction worth W), and Fussel-Vesely worth (FVW). Note that, although Reference 7 was developed for AP600, directly applicable to AP1000. The review of light water reactor industry experience and industry ces (such as licensee event reports) supports the process. An expert panel is also employed in selection process.
A-based measurements provide information that contributes to the identification and prioritization SCs. A components RAW is the factor by which the plants core damage frequency increases if component reliability is assigned the value 0.0. Components with risk achievement worth values or greater are considered for inclusion in the D-RAP.
W is used in the selection process. A components risk reduction worth is the amount by which the ts core damage frequency decreases if the components reliability is assigned the value 1.0. A shold measure of 1.005 or greater is used as the cutoff. Components with RRW of 1.005 or ater are considered for inclusion in the D-RAP.
W is also used in the screening process. This is a measure of an events contribution to the overall t core damage frequency. Components with Fussel-Vesely worth of 0.5 percent or greater are sidered for inclusion in the D-RAP.
erministic considerations are also instrumental in identifying risk-significant SSCs. The rministic identification of risk-significant SSCs encompasses the following guidelines and siderations:
17.4-3 Revision 1
Containment performance Adverse interactions with the AP1000 safety-related systems Seismic considerations safety-related systems identified as risk-significant are considered in the scope of the D-RAP:
Diverse actuation system Non-Class 1E dc and uninterruptible power supply system Offsite power, main ac power, and onsite standby power systems Normal residual heat removal system Component cooling water system Service water system lly, risk-significant SSCs are selected using industry experience, regulations, and engineering ment.
4.7.1.1 Level 1 PRA and Shutdown Analysis Level 1 PRA evaluates accident sequences from initiating events and failures of safety functions ore damage events. The probability of core damage and the identification of dominant tributors to that state are also determined in this analysis.
w-power and shutdown assessment is conducted to address concerns about risk of operations ng shutdown conditions. It encompasses operation when the reactor is in a subcritical state or is transition between subcriticality and power operation up to 5 percent of rated power. It consists of vel 1 PRA and an evaluation of release frequencies and magnitudes.
uded in the D-RAP are events that meet the threshold risk achievement worth, risk reduction th, or Fussel-Vesely worth values defined in Subsection 17.4.7.1.
4.7.1.2 Level 2 Analysis Level 2 analysis predicts the plant response to severe accidents and offsite fission product ases. Specifically, the analysis includes the following sections:
Evaluating severe accident phenomena and fission product source terms Modeling the containment event tree Analyzing hydrogen burn, mixing, and igniter placement Modeling the AP1000 utilizing the MAAP4 code ipment used in the prevention of severe accidents and severe post-accident boundary conditions edited in the Level 1 and Level 2 PRA analyses. An example of this preventive equipment is the tor coolant system automatic depressurization system (ADS). Successful depressurization leads ore cooling, and in the event that injection fails, results in a low pressure core damage sequence has fewer uncertainties and can be more easily mitigated than high pressure core damage.
containment event tree used in the AP1000 Level 2 PRA examines the operation of equipment ch mitigates the threat to the containment from severe accident phenomena. The systems ited for the mitigation of large fission product releases are containment isolation, passive tainment cooling water (PCS), and operator action to flood the cavity by opening the recirculation es and energizing the hydrogen igniters.
17.4-4 Revision 1
mal and emergency operations situations. They include the following:
Internal flood Seismic margins analysis External events evaluations (such as high winds and tornados, external floods, and transportation accidents)
Fire internal flood analysis identifies, analyzes, and quantifies the core damage risk contribution as a lt of internal flooding during at-power and shutdown conditions. The analysis models potential d vulnerabilities in conjunction with random failures modeled as part of the internal events PRA.
seismic margins analysis identifies potential vulnerabilities and demonstrates seismic margin ond the safe shutdown earthquake. The capacity of those components required to bring the plant safe, stable shutdown is evaluated.
4.7.1.4 Expert Panel tings were held among Systems Engineering, PRA, and Reliability Engineering to perform the l selection of SSCs that should be included in the D-RAP. As shown in Figure 17.4-1, industry-e information sources and engineering judgment were employed in considering the addition of s to the D-RAP.
4.7.1.5 SSCs to be Included in D-RAP le 17.4-1 lists the non-site-specific SSCs included in the D-RAP. In Figure 17.4-1, this list is oted as "Risk-significant items (non-site-specific)." For each item listed in the "SSC" column, e is a corresponding "Rationale" given. Items whose values exceed the thresholds for RAW or W are included and noted as such. Other SSCs are included based upon their significance to el 2 analysis, external event analyses, or seismic margin analysis. Additional items are included ed upon an expert panel review. The "Insights and Assumptions" column provides additional ghts into the selection process.
use of Fussel-Vesely worth resulted in no SSC selections.
4.7.2 Not Used 4.7.2.1 Not Used 4.7.3 Not Used 4.7.4 D-RAP Implementation following is an example of a system that was reviewed and modified under the D-RAP. The ign and analytical results presented here are intended as an example.
17.4-5 Revision 1
earlier AP600 automatic depressurization system design contained four depressurization stages, motor-operated valves in all stages. Preliminary PRA analysis established that fourth stage re, in certain combination with failures of other stages, was a major contributor to core damage uency. Thus, it was concluded that the fourth stage valves should be diverse in design from the es in other stages to reduce common cause failure.
a result of joint meetings among the AP600 PRA, Design, and staff organizations to discuss core t frequency improvements, the fourth stage automatic depressurization system was changed a motor-operated valve to a squib (explosively actuated) valve. The new configuration of the em is shown in the reactor coolant system P&ID (Figure 5.1-5). An example of the analytical lts that reflect this change is provided in Table 17.4-2. This design feature is included in the 000 design to maintain the core melt frequency improvements included in the AP600 design.
part of the evaluation of the squib valves, a failure modes and effects analysis (FMEA) was pared to identify subcomponent failures and critical items that could lead to hazardous or ormal conditions of the automatic depressurization system and the plant. The identification of re modes facilitated the development of recommended maintenance and in-service testing vities to maximize valve reliability.
squib valve is a completely static electromechanical assembly. Prior to activation, there are no ing parts. No powered components are needed to hold a stem seat or globe in place by torque, noid coils, or friction. The explosive actuator is a simple, passive device that is triggered by an lied voltage.
ause the automatic depressurization system fourth stage valves perform safety-related functions, will be subject to in-service testing to verify that they are ready to function in an accident.
section 3.9.6 includes in-service testing requirements for these valves.
mple FMEA results for the fourth stage squib valves and the second and third stage or-operated valves are included in Table 6.3-3. Table 3.9-16 provides testing recommendations he second and third stage valves.
4.8 Glossary of Terms RAP Design Reliability Assurance Program - performed as part of the AP1000 design effort to assure that the reliability assumptions of the PRA remain valid throughout the plant operating lifetime.
W Fussel-Vesely Worth R Maintenance Rule RAAs Operational Phase Reliability Assurance Activities A Probabilistic Risk Assessment W Risk Achievement Worth 17.4-6 Revision 1
W Risk Reduction Worth NSS Regulatory Treatment of Nonsafety Systems C Structures, Systems, and Components 17.4-7 Revision 1
System, Structure, or Component (SSC)(1) Rationale(2) Insights and Assumptions tem: Component Cooling Water (CCS) ponent Cooling Water EP These pumps provide cooling of the normal residual heat removal ps system (RNS) and the spent fuel pool heat exchanger. Cooling S-MP-01A/B) the RNS heat exchanger is important to investment protection during shutdown reduced-inventory conditions. CCS valve realignment is not required for reduced-inventory conditions.
tem: Containment System (CNS) tainment Vessel EP, L2 The containment vessel provides a barrier to steam and S-MV-01) radioactivity released to the atmosphere following accidents.
rogen Igniters RAW/CCF, L2, The hydrogen igniters provide a means to control S-EH-1 through -64) Regulations H2 concentration in the containment atmosphere, consistent with the hydrogen control requirements of 10 CFR 50.34f.
tem: Chemical and Volume Control System (CVS) eup Pumps EP These pumps provide makeup to the RCS to accommodate leaks S-MP-01A/B) and to provide negative reactivity for shutdowns, steam line breaks, and ATWS.
eup Pump Suction and EP These CVS check valves are normally closed and have to open harge Check Valves to allow makeup pump operation.
S-PL-V113, -V160A/B) own Isolation Valves RAW The CVS letdown isolation valves automatically close to prevent S-PL-V045, -V047) excessive reactor coolant letdown and provide containment isolation. These containment isolation valves are important in limiting offsite releases following core melt accidents.
tem: Diverse Actuation System (DAS)
Processor Cabinets and RAW The DAS is diverse from the PMS and provides automatic and trol Panel (used to provide manual actuation of selected plant features including control rod matic and manual actuation) insertion, turbine trip, passive residual heat removal (PRHR) heat S-JD-001, -002, -003, -004, exchanger actuation, core makeup tank actuation, isolation of S-JC-020) critical containment lines, and passive containment cooling system (PCS) actuation.
ex Building UPS Distribution RAW These panels distribute power to the DAS equipment.
els S1-EA-1, EDS1-EA-14, 2-EA-1, EDS2-EA-14)
Drive MG Sets RAW These breakers open on a DAS reactor trip signal demand to ld Breakers) de-energize the control rod MG sets and allow the rods to drop.
S-MG-01A/B) tem: Main ac Power System (ECS) ctor Coolant Pump RAW/CCF These breakers open automatically to allow core makeup tank chgear operation.
S-ES-31, -32, -41, -42, -51,
-61, -62) illary Diesel Generators EP For post-72 hour actions, these generators are available to S-MS-01, -02) provide power for Class 1E monitoring, MCR lighting and for refilling the PCS water storage tank and spent fuel pool.
0 Vac Buses RAW These are ac power buses fed by the onsite DGs and offsite S-ES-1, -2) power.
17.4-8 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions tem: Main and Startup Feedwater System (FWS) tup Feedwater Pumps EP The startup feedwater system pumps provide feedwater to the S-MP-03A/B) steam generator. This capability provides an alternate core cooling mechanism to the PRHR heat exchangers for non-loss-of-coolant-accidents or steam generator tube ruptures.
tem: General I&C(4)
Pressure/DP Sensors RAW/CCF The in-containment refueling water storage tank (IRWST) level IRWST level sensors sensors support PMS functions. They are used in automatic (PXS-045, -046, -047, -048) actuation, and they provide indications to the operator. IRWST level supports IRWST recirculation actions.
Pressure/DP Sensors RAW/CCF/EP The following sensors are included in this group. These sensors RCS Hot Leg Level support PMS and PLS functions. They are used in reactor trip (RCS-160A/B) and ESF functions, and provide indications to the operator. Main Pressurizer Pressure feedwater flow sensors support startup feedwater actuation and (RCS-191A/B/C/D) startup feedwater flow sensors support PRHR actuation. The hot Pressurizer Level leg level sensors automatically actuate the IRWST injection and (RCS-195A/B/C/D) automatic depressurization system (ADS) valves during SG Narrow-Range Level shutdown conditions.
(SGS-001, -002, -003, -004,
-005, -006, -007, -008)
SG Wide-Range Level (SGS-011, -012, -013, -014,
-015, -016, -017, -018)
Main Steam Line Pressure (SGS-030, -031, -032, -033,
-034, -035, -036, -037)
Main Feedwater Wide-Range Flow (FWS-050B/D/F, -051B/D/F)
Startup Feedwater Flow (SGS-055A/B, -056A/B)
T Level Sensors RAW/CCF These level sensors provide input for automatic actuation of the S-011A/B/C/D, -012A/B/C/D, ADS. They also provide indications to the operator.
A/B/C/D, -014A/B/C/D) tem: Class 1E DC Power and Uninterruptible Power System (IDS)
Vdc 24-hour Buses, RAW/CCF The batteries provide power for the PMS and safety-related eries, Inverters, and valves. The chargers are the preferred source of power for rgers Class 1E dc loads and are the source of charging for the A-DB-1A/B, IDSB-DB-1A/B, batteries. The inverters provide uninterruptible ac power to the C-DB-1A/B, IDSD-DB-1A/B, I&C system. The buses distribute power to the Class 1E dc loads.
A-DU-1, IDSB-DU-1, C-DU-1, IDSD-DU-1, A-DC-1, IDSB-DC-1, C-DC-1, IDSD-DC-1, A-DS-1, IDSB-DS-1, C-DS-1, IDSD-DS-1)
Vdc and 120 Vac RAW These panels distribute power to components in the plant that ribution Panels require 1E power support and for the PMS.
A-DD-1, -EA-1/2, B-DD-1, -EA-1/2/3, C-DD-1, -EA-1/2/3, D-DD-1, -EA-1/2) 17.4-9 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions ed Transfer Switch Boxes RAW The fused disconnect switches connect the different levels of A-DF-1, IDSB-DF-1/-2, Class 1E distribution panels.
C-DF-1/-2, IDSD-DF-1)
Vdc Motor Control Centers EP These buses provide power for the PMS and safety-related valve A-DK-1, IDSB-DK-1, operation.
C-DK-1, IDSD-DK-1) tem: Passive Containment Cooling System (PCS) irculation Pumps EP These pumps provide the motive force to refill the PCS water S-MP-01A/B) storage tank during post-72 hour support actions.
WST Drain Isolation Valves EP, L2 These valves (two AOVs and one MOV) open automatically to S-PL-V001A/B/C) drain water from a water storage tank onto the outside surface of the containment shell. This water provides evaporative cooling of the containment shell following accidents.
tem: Plant Control System (PLS)
Actuation Hardware RAW/CCF This common cause failure event is assumed to disable all logic ntrol functions listed in outputs from the PLS associated with CVS reactor makeup, RNS e 5) reactor injection, spent fuel cooling, component cooling of RNS SFS heat exchangers, service water cooling of CCS heat exchangers, standby diesel generators, and hydrogen igniters.
Actuation Software RAW/CCF This common cause failure event is assumed to disable the ntrol functions listed in software in the PLS associated with CVS reactor makeup, RNS e 5) reactor injection, spent fuel cooling, component cooling of RNS SFS heat exchangers, service water cooling of CCS heat exchangers, standby diesel generators, and hydrogen igniters.
tem: Protection and Safety Monitoring System (PMS)
S Actuation Software RAW/CCF The PMS software provides the automatic reactor trip and ESF actuation functions listed in Tables 7.2-2 and 7.3-1.
S Actuation Hardware RAW/CCF The PMS hardware provides the automatic reactor trip and ESF actuation functions listed in Tables 7.2-2 and 7.3-1.
n Control Room (MCR) 1E RAW/CCF This includes the Class 1E PMS (QDPS) displays and controls.
lays and System Level These displays and system level controls provide important plant trols indications to allow the operator to monitor and control the plant S-JC-010, -011) during accidents.
ctor Trip Switchgear RAW/CCF These breakers open automatically to allow insertion of the S-JD-RTS A01/02, B01/02, control rods.
/02, D01/02) tem: Passive Core Cooling System (PXS)
ST Vents RAW/CCF The IRWST vents provide a pathway to vent steam from the tank S-MT-03) into the containment. The IRWST vents also have a severe accident function to prevent the formation of standing hydrogen flames close to the containment walls. This function is accomplished by designing the vents located further from the containment walls to open with less IRWST internal pressure than the other vents.
ST Screens RAW/CCF The IRWST injection lines provide long-term core cooling S-MY-Y01A/B/C) following a LOCA. These screens are located inside the IRWST and prevent large particles from being injected into the RCS.
They are designed so that they will not become obstructed.
17.4-10 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions tainment Recirculation RAW/CCF The containment recirculation lines provide long-term core ens cooling following a LOCA. The screens are located in the S-MY-Y02A/B) containment and prevent large particles from being injected into the RCS. They are designed so that they will not become obstructed.
T Discharge Isolation Valves RAW/CCF These air-operated valves automatically open to allow core S-PL-V014A/B, makeup tank injection.
-PL-V015A/B)
T Discharge Check Valves RAW/CCF These check valves are normally open. They close during rapid S-PL-V016A/B, accumulator injection.
-PL-V017A/B) umulator Discharge Check RAW/CCF These check valves open when the RCS pressure drops below es the accumulator pressure to allow accumulator injection.
S-PL-V028A/B, -V029A/B)
R Heat Exchanger Control RAW/CCF The PRHR heat exchangers provide core cooling following non-es LOCAs, steam generator tube ruptures, and anticipated S-PL-V108A/B) transients without scram. The air-operated valves automatically open to initiate PRHR heat exchanger operation.
tainment Recirculation RAW/CCF The containment recirculation lines provide long-term core ib Valves cooling following a LOCA. These squib valves open automatically S-PL-V118A/B, to allow containment recirculation when the IRWST level is
-PL-V120A/B) reduced to about the same level as the containment level. These squib valves can also allow long-term core cooling to be provided by the RNS pumps.
These squib valves can provide a rapid flooding of the containment to support in-vessel retention during a severe accident.
ST Injection Check Valves RAW/CCF The containment recirculation lines provide long-term core S-PL-V122A/B, -V124A/B) cooling following a LOCA. These check valves open when the IRWST level is reduced to approximately the same level as the containment level.
ST Injection Squib Valves RAW/CCF The IRWST injection lines provide long-term core cooling S-PL-V123A/B, -V125A/B) following a LOCA. These squib valves open automatically to allow injection when the RCS pressure is reduced to below the IRWST injection head.
ST Gutter Bypass Isolation RAW/CCF These valves direct water collected in the IRWST gutter to the es IRWST. This capability extends PRHR heat exchanger operation.
S-PL-V130A/B) 17.4-11 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions tem: Reactor Coolant System (RCS)
Stage 1/2/3 Valves (MOV) RAW/CCF The ADS provides a controlled depressurization of the RCS S-PL-V001A/B, -V002A/B, following LOCAs to allow core cooling from the accumulator, 03A/B, -V011A/B, -V012A/B, IRWST injection, and containment recirculation. The ADS 13A/B) provides "bleed" capability for feed/bleed cooling of the core. The ADS also provides depressurization of the RCS to prevent a high-pressure core melt sequence.
Stage 4 Valves (Squib) RAW/CCF The ADS provides a controlled depressurization of the RCS S-PL-V004A/B/C/D) following LOCAs to allow core cooling from the accumulator, IRWST injection, and containment recirculation. The ADS provides "bleed" capability for feed/bleed cooling of the core. The ADS also provides depressurization of the RCS to prevent a high-pressure core melt sequence.
ssurizer Safety Valves RRW These valves provide overpressure protection of the RCS.
S-PL-V005A/B) ctor Vessel Insulation Water EP These devices provide an engineered flow path to promote and Steam Vent Devices in-vessel retention of the core in a severe accident.
S-MN-01) ctor Cavity Doorway EP This device provides a flow path to promote in-vessel retention of per the core in a severe accident.
l Assemblies SMA The nuclear fuel assembly includes the fuel pellets, fuel cladding, assemblies with tag and associated support structures. This equipment, which provides bers beginning with a first barrier for release of radioactivity and allows for effective core
-FA) cooling, had the least margin in the seismic margin analysis.
tem: Normal Residual Heat Removal System (RNS) idual Heat Removal Pumps RAW/CCF These pumps provide shutdown cooling of the RCS. They also S-MP-01A/B) provide an alternate RCS lower pressure injection capability following actuation of the ADS.
The operation of these pumps is important to investment protection during shutdown reduced-inventory conditions. RNS valve realignment is not required for reduced-inventory conditions.
Motor-Operated Valves RRW These MOVs align a flow path for nonsafety-related makeup to S-PL-V011, -V022, -V023, the RCS following ADS operation, initially from the cask loading
- 55) pit and later from the containment.
Stop Check Valves CCF/EP These stop check valves and check valves are in the discharge of S-PL-V015A/B), the RNS pumps. They prevent backflow from the RCS.
Check Valves S-PL-V017 A/B)
Check Valves L2 RAW/EP Check valves V007 A/B and V013 provide a flow path from the S-PL-V007 A/B, -V013, RNS pumps to the RCS. Failure of these valves to open will result
- 56) in the loss of long-term cooling from the RNS. Check valve V056 provides a flow path from the cask loading pit to the RNS pump inlet.
tem: Spent Fuel Cooling System (SFS) nt Fuel Cooling Pumps EP These pumps provide flow to the heat exchangers for removal of S-MP-01A/B) the design basis heat load.
17.4-12 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions tem: Steam Generator System (SGS) n Steam Safety Valves RRW The steam generator main steam safety valves provide S-PL-V030A/B, -V031A/B, overpressure protection of the steam generator. They also 32A/B, -V033A/B, -V034A/B, provide core cooling by venting steam from the steam generator.
35A/B) n Steam and Feedwater RAW/EP The steam generator main steam and feedwater isolation valves ation Valves provide isolation of the steam generator following secondary line S-PL-V040A/B, -V057A/B) breaks and steam generator tube rupture.
tem: Service Water System (SWS) vice Water Pumps and EP These pumps and fans provide cooling of the CCS heat ling Tower Fans exchanger which is important to investment protection during S-MP-01A/B, shutdown reduced-inventory conditions. Service water system S-MA-01A/B) valve realignment is not required for reduced-inventory conditions.
tem: Nuclear Island Nonradioactive Ventilation System (VBS)
MCR and I&C Rooms EP For post-72 hour actions, these fans are available to provide Ancillary Fans cooling of the MCR and the two I&C rooms (B/C) that provide S-MA-10A/B, -11, -12) post-accident monitoring.
tem: Containment Air Filtration System (VFS)
Containment Purge RAW The VFS containment purge isolation valves provide isolation of ation Valves containment following an accident. These containment isolation S-PL-V003, -V004, -V009, valves are important in limiting offsite releases following core melt
- 10) accidents.
tem: Chilled Water System (VWS) ooled Chillers and Pumps EP This VWS subsystem provides chilled cooling water to the CVS S-MS-02, -03, VWS-MP-02, makeup pump room. The pumps and chillers are important components of the VWS.
tem: Liquid Radwaste System (WLS) p Containment Isolation RAW The sump containment isolation valves provide isolation of es containment following an accident. These containment isolation S-PL-V055, -V057) valves are important in limiting offsite releases following core melt accidents.
17.4-13 Revision 1
Component (SSC)(1) Rationale(2) Insights and Assumptions tem: Onsite Standby Power System (ZOS) ite Diesel Generators RAW/CCF These diesel generators provide ac power to support operation of S-MS-05A/B) nonsafety-related equipment such as the startup feedwater pumps, CVS pumps, RNS pumps, CCS pumps, SWS pumps, and the PLS. Providing ac power to the RNS and the equipment necessary to support its operation is important to investment protection during reduced inventory conditions.
ine Room Exhaust Fans RAW/CCF These fans provide ventilation of the rooms containing the onsite S-MY-V01A/B, -V02A/B) diesel generators.
s:
Only includes equipment at the component level. Other parts of the SSC or support systems are not included unless specifically listed.
Definition of Rationale Terms:
CCF = Common Cause Failure (for the SSCs whose inclusion rationale is RAW/CCF, the RAW is based on common cause failure of two or more of the specified SSCs.
EP = Expert Panel RAW = Risk Achievement Worth RRW = Risk Reduction Worth SMA = Seismic Margin Analysis Maintenance/surveillance recommendations for equipment are documented in each appropriate section.
This category captures instrumentation and control equipment common cause failures across systems.
The PLS provides control of the following functions:
CVS Reactor Makeup RNS Reactor Injection from Cask Loading Pit Startup Feedwater from CST Spent Fuel Cooling Component Cooling of RNS and SFS Heat Exchangers Service Water Cooling of the CCS Heat Exchangers Onsite Diesel Generators Hydrogen Igniters 17.4-14 Revision 1
ank(1) Event Code Description ED3MOD07 EDS3 EA1 distribution panel failure or unavailable due to testing and maintenance AD4MOD07, AD4MOD08, AD4MOD09, Hardware failure of 2 of 4 automatic AD4MOD10 depressurization system Stage 4 squib valves EC1BS001TM, ECBS012TM, EC1BS121TM, Unavailability of bus ECS ES due to unscheduled EC2BS002TM, EC2BS022TM, EC2BS221TM maintenance AD2MOD01, AD2MOD02, AD2MOD03, Hardware failure of 2 of 4 automatic AD2MOD04 depressurization system Stages 2 and 3 of lines 1 and 2 (includes motor-operated valves)
EC0MOD01 Main generator breaker ES01 fails to open ED3MOD01 Fixed component fails: circuit breaker, inverter or static transfer switch Z01MOD01, Z02MOD01 Diesel generator fails to start and run or breaker 102 fails to close Z02DG001TM, Z02DG001TM Standby diesel generator unavailable due to testing and maintenance The ranking is in the order of decreasing risk achievement component importance.
17.4-15 Revision 1
Figure 17.4-1 Design Reliability Assurance Program and Operational Phase Reliability Assurance Activities 17.4-16 Revision 1
cribed in the QAPD, which is maintained as a separate document. This QAPD is incorporated by rence (see Table 1.6-201). This QAPD is based on NEI 06-14A, Quality Assurance Program cription (Reference 201).
formance statements for QA-related Regulatory Guides (including Regulatory Guides 1.28, 1.30,
, 1.38, 1.39, 1.94, and 1.116) are provided in Appendix 1A. While many Regulatory Guide itions can be identified as applicable to the scope of work identified and addressed by the DCD others can be identified as applicable to the scope of work identified and addressed by the LA, some QA guidance related positions could be accomplished by either scope of work and thus ddressed in either the DCD or the COLA. These positions are primarily dependent on who orms the work. The DCD conformance statement indicates an exception to apply NQA-1. The LA identifies an exception to apply NQA-1. Per Section 17.3, WEC work performed up to ch 15, 2007 applied a 1991 version of the standard. A 1994 version of the standard is applied for k performed after that date by WEC. If the work is performed under the applicants COL program, 1994 version of NQA-1 identified in the COLA QAPD is applied. Thus, DCD scope (identified in endix 1A) and remaining scope differentiate the application of the guidance identified in these ulatory Guides.
QAPD is NGGM-PM-0033, Duke Energy Quality Assurance Topical Report for 10 CFR Part 52 nses.
le 13.4-201 provides milestones for operational quality assurance program implementation.
Quality Assurance Program in place prior to implementation of the QAPD is described in tion 17.1.
17.5-1 Revision 1
ntenance Rule Program Description for Plants Licensed Under 10 CFR Part 52, (Reference 202) the following supplemental information. See Table 1.6-201.
le 13.4-201 provides milestones for maintenance rule program implementation.
Maintenance Rule (MR) Program provides assurance that structures, systems, and components Cs) within the scope of the program remain reliable and capable of fulfilling their intended tions and provides processes for assessing and managing potential increases in risk that might lt from proposed maintenance activities. The MR Program meets the requirements of CFR 50.65 (Reference 203).
6.1 Maintenance Rule Program Description MR program follows the guidance in NUMARC 93-01 (Reference 204), as endorsed and ified by Regulatory Guide 1.160, (Reference 205) and revised Section 11.0 of NUMARC 93-01 ference 206), as endorsed and modified by Regulatory Guide 1.182 (Reference 207), without any eptions that could materially and negatively affect the effectiveness of the program. The principal tions of the program are described in the following subsections.
MR program includes appropriate control of procedures, documents, computer software and
, as applicable.
6.1.1 Maintenance Rule Scoping per 10 CFR 50.65(b) 6.1.1.a The SSCs within the scope of the MR program include safety-related SSCs and certain non-safety-related SSCs, as determined using a MR scoping procedure. The scoping procedure addresses:
Safety-related SSCs.
Non-safety-related SSCs that mitigate accidents or transients.
Non-safety-related SSCs that are used in Emergency Operating Procedures, where used means directly used to mitigate the accident or transient via explicit reference in the EOP or used in steps of procedures referenced by the EOP. Additionally, SSCs explicitly referenced in back-up or lower-tier methods in the EOPs and provide reasonable assurance of mitigation success, or whose use is implied in an EOP and essential to the completion of an EOP step, are considered within scope of the Maintenance Rule.
Non-safety-related SSCs whose failure prevents safety-related SSCs from fulfilling their safety-related functions.
Non-safety-related SSCs whose failure causes scrams or actuates safety systems.
SSCs within the scope of the MR program are evaluated against performance criteria to rmine which SSCs will have goals established and monitoring activities performed in accordance 10 CFR 50.65(a)(1).
17.6-1 Revision 1
risk significance criteria and appropriate consideration of operating experience, generic failure data, component reliability information, probabilistic risk assessment (PRA) insights, and the recommendations of an expert panel. All SSCs identified as risk-significant via the Reliability Assurance Program for the design phase (DRAP -
see Section 17.4) are included within the initial MR scope as HSS SSCs. This includes risk-significant SSCs identified as part of the design certification phase or follow-on COL applicant/holder phases of DRAP.
6.1.1.c The expert panel is established in accordance with NUMARC 93-01 prior to fuel load authorization and utilizes operating, maintenance and systems expertise, PRA insights, and other applicable information to update and maintain the MR scope and SSC classifications.
6.1.2 Monitoring and Corrective Action per 10 CFR 50.65(a)(1) s within the scope of the MR are initially classified as (a)(2) (ref. Section 17.6.1.3), except where determined that an SSC should be initially classified as (a)(1), e.g., an SSC that fails during start-esting.
s that do not meet performance criteria established for (a)(2) monitoring (ref. Section 17.6.1.3) evaluated for (a)(1) classification in accordance with MR program procedures, with mmended corrective actions identified as appropriate. Necessary corrective actions are lemented in accordance with the site Corrective Action Program. The MR expert panel reviews ther SSCs are to be classified as (a)(1). Monitoring goals are established for SSCs classified as 1), as appropriate, commensurate with the SSCs safety significance, and considering applicable stry operating experience, with the objective of providing reasonable assurance that the SSC is eeding to acceptable performance levels and that the corrective actions taken were effective.
SSCs that do not meet established (a)(1) monitoring goals following corrective actions initially tified and implemented, appropriate additional corrective actions are taken.
6.1.3 Preventive Maintenance per 10 CFR 50.65(a)(2) itoring as specified in 10 CFR 50.65(a)(1) is not required where it has been demonstrated that performance or condition of an SSC is being effectively controlled through the performance of ropriate preventive maintenance (PM), such that the SSC remains capable of performing its nded function.
MR program includes procedures for managing SSC performance in accordance with CFR 50.65(a)(2) requirements during plant operation consistent with NUMARC 93-01. To monitor effectiveness of the maintenance performed on the various SSCs, performance criteria are blished at the plant, system, train, or component level commensurate with safety, risk ificance and SSC function. SSC performance criteria (e.g., failure rate, unavailability or condition-ed) are chosen that are reasonable, measurable, and technically appropriate for the purpose of ly identification of degraded SSC performance or condition. For risk-significant SSCs identified DRAP, performance criteria are consistent with the reliability and availability assumptions used in PRA.
en a performance criterion is not met, the SSC is evaluated for (a)(1) classification in accordance MR program procedures, including review by the Expert Panel. Should the Expert Panel clude that the SSC should not be classified as (a)(1), or that no (a)(1) monitoring goals need be 17.6-2 Revision 1
s that provide little or no contribution to system safety function or can be allowed to run to failure to an acceptable risk may be categorized in a "run-to-failure" status (i.e., perform corrective ntenance rather than preventive maintenance) consistent with NUMARC 93-01.
ventive maintenance is subject to risk assessment and management per 10 CFR 50.65(a)(4)
Subsection 17.6.1.5).
6.1.4 Periodic Evaluation of Monitoring and Preventive Maintenance per 10 CFR 50.65(a)(3)
MR program includes procedures for the periodic evaluation of the performance and condition itoring activities and associated goals and preventive maintenance activities in accordance with 5(a)(3). The following considerations are included:
how procedures govern the scheduling and timely performance of (a)(3) evaluations.
documenting, reviewing and approving evaluations, providing and implementing results.
review of 50.65(a)(1) goals and 50.65(a)(2) performance criteria, condition monitoring criteria, SSC performance and condition history and effectiveness of corrective action making adjustments to achieve or restore balance between reliability and availability.
industry operating experience.
6.1.5 Risk Assessment and Risk Management per 10 CFR 50.65(a)(4)
MR program includes procedures for maintenance risk assessment and management in ordance with 10 CFR 50.65(a)(4), employing the methods described in NUMARC 93-01, tion 11 (Reference 206). The risk from maintenance activities is both assessed (i.e., using a risk-rmed process to evaluate the overall contribution to risk of the planned maintenance activities) managed (i.e., providing plant personnel with proper awareness of the risk, and taking actions as ropriate to control the risk).
MR program and procedures reflect, as appropriate, consideration of issues associated with
/offsite power reliability as identified in NRC Generic Letter 2006-02, items 5 and 6.
6.2 Maintenance Rule Training and Qualification MR program is supported by appropriate training and qualification for designated personnel.
ning is commensurate with MR responsibilities, including MR program administration, the expert el process, operations, engineering, maintenance, licensing, and plant management, as ropriate. Maintenance Rule Program training and qualification materials are based on regulatory uirements and guidance, and training records are maintained in accordance with plant edures.
6.3 Maintenance Rule Program Relationship With Reliability Assurance Activities ability during the operations phase is assured through the implementation of operational grams, i.e., the MR program, the Quality Assurance Program, inservice inspection and testing grams, the Technical Specifications surveillance test program, and maintenance programs.
17.6-3 Revision 1
quality assurance program (Section 17.5) rvice inspection program (Sections 5.2 and 6.6) rvice testing program (Section 3.9) technical specifications surveillance test program (Chapter 16) 6.4 Maintenance Rule Program Relationship With Industry Operating Experience Activities stry Operating Experience (IOE) comprises information from a variety of sources that is licable and available to the nuclear industry with the intent of minimizing, through shared eriences, adverse plant conditions or situations. Sources of IOE include information programs anized by the reactor vendor, safety-related equipment suppliers, the NRC, the Institute of lear Power Operations (INPO) and the Electric Power Research Institute (EPRI).
is reviewed for plant-specific applicability and, where appropriate, is applied in various elements e MR program and procedures, including scoping, performance/condition criteria development, itoring, goal-setting, corrective action, training, program assessment, and maintenance and urement activities. The specific steps for employing IOE in the various MR program areas are tained in program procedures.
dition monitoring of underground or inaccessible cables is incorporated into the maintenance rule gram. The cable condition monitoring program incorporates lessons learned from industry rating experience, addresses regulatory guidance, and utilizes information from detailed design procurement documents to determine the appropriate inspections, tests and monitoring criteria underground and inaccessible cables within the scope of the maintenance rule (i.e.,
CFR 50.65). The program takes into consideration Generic Letter 2007-01.
6.5 Maintenance Rule Program Implementation Program documents will be developed and maintained, and the MR program will be implemented he time that initial fuel loading has been authorized.
17.6-4 Revision 1
.2 The Quality Assurance program for procurement, fabrication, installation, construction and testing of structures, systems and components in the facility, including provisions for seismic Category II structures, systems, and components, is addressed in Section 17.5.
.3 The PRA importance measures, the expert panel process, and other deterministic methods to determine the site-specific list of SSCs under the scope of RAP are addressed in APP-GW-GLR-117 (Reference 11).
.4 The Quality Assurance program for operations is addressed in Section 17.5.
.5 The activities represented in Figure 17.4-1 as "Plant Maintenance Program" include the tasks necessary to maintain the reliability of risk-significant SSCs as addressed in APP-GW-GLR-117 (Reference 11). Reference 8 contains examples of cost-effective maintenance enhancements, such as condition monitoring and shifting time-directed maintenance to condition-direction maintenance.
.6 The Maintenance Rule (10 CFR 50.65) activities that prescribe SSC performance-related goals during plant operation are addressed in APP-GW-GLR-117 (Reference 11).
.7 The D-RAP activities are addressed in APP-GW-GLR-117 (Reference 11), and include:
- Reliability data base Historical data available on equipment performance. The compilation and reduction of this data provides the plant with source of component reliability information.
- Surveillance and testing In addition to maintaining the performance of the components necessary for plant operation, surveillance and testing provides a high degree of reliability for the safety-related SSCs.
- Maintenance plan This plan describes the nature and frequency of maintenance activities to be performed on plant equipment. The plan includes the selected SSCs identified in the D-RAP.
.8 The integration of the objectives of the OPRAAs into the Quality Assurance Program developed to implement 10 CFR 50, Appendix B, including failures of non-safety-related, risk-significant SSCs that result from design and operational errors in accordance with SECY-95-132, Item E, is addressed in Section 17.5.
17.7-1 Revision 1
WCAP-8370, Revision 12a, "Energy Systems Business Unit - Power Generation Business Unit Quality Assurance Plan."
WCAP-8370/7800, Revision 11A/7A, "Energy Systems Business Unit - Nuclear Fuel Business Unit Quality Assurance Plan."
WCAP-12600, Revision 4, "AP600 Advanced Light Water Reactor Design Quality Assurance Program Plan," January 1998.
APP-GW-GL-022, Revision 8, AP1000 Probabilistic Risk Assessment.
Not used.
NRC/DCP0669, "Criteria for Establishing Risk Significant Structures, Systems, and Components (SSCs) to be Considered for the AP600 Reliability Assurance Program,"
January 16, 1997.
Lofgren, E. V., Cooper, et al., "A Process for Risk-Focused Maintenance,"
NUREG/CR-5695, March 1991.
Westinghouse Electric Company Quality Management System (QMS), Revision 5, dated October 1, 2002.
NEI 07-02, Generic FSAR Template Guidance for Maintenance Rule Program Description for Plants Licensed Under 10 CFR Part 52.
APP-GW-GLR-117, Incorporation of the Maintenance Rule, Westinghouse Electric Company LLC.
SECY 95-132, Policy and Technical Issue With the Regulatory Treatment of Non-Safety Systems (RTNSS) in Passive Plant Designs (SECY 94-084).
. Nuclear Energy Institute, Technical Report NEI 06-14A, Quality Assurance Program Description, Revision 7, August 2010.
. Nuclear Energy Institute, Generic FSAR Template Guidance for Maintenance Rule Program Description for Plants Licensed Under 10 CFR Part 52, NEI 07-02A, Revision 0, March 2008.
. 10 CFR 50.65, Requirements for monitoring the effectiveness of maintenance at nuclear power plants.
. Nuclear Management and Resources Council, Inc., "Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants," NUMARC 93-01, Rev. 2, April 1996.
. Regulatory Guide 1.160, Rev. 2, Monitoring the Effectiveness of Maintenance at Nuclear Power Plants.
17.8-1 Revision 1
. Regulatory Guide 1.182, Assessing and Managing Risk Before Maintenance Activities at Nuclear Power Plants.
. Enercon Services, Inc, "Enercon Quality Assurance Project Planning Document," PPD No. DUK010.
. Duke Energy Carolinas, "Duke Energy Carolinas Topical Report - Quality Assurance Program," DUKE-1-A.
17.8-2 Revision 1