|
|---|
Category:LICENSEE EVENT REPORT (SEE ALSO AO
MONTHYEARML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18065B1151997-12-0909 December 1997
LER 97-013-00:on 971110,failure to Closure Test Two Check Valves Resulted in Violation of TS 6.5.7 Occurred.Caused by Close Function for Check Valves.Check Valves Tested to Confirm Proper Closure Capability
ML18067A7751997-11-11011 November 1997
LER 97-011-00:on 971012,primary Coolant Pump Was Started W/Sg Temperatures Greater than Cold Leg Temperature.Caused by Inadequate Procedures & Operator Decision Making.Critique of Event Conducted W/Operators Involved
ML18067A7581997-10-30030 October 1997
LER 97-010-00:on 970930,determined That Inadequacy in App R Analysis Resulted in Condition Outside Design Basis of Plant.Caused by Missing Cable in Circuit & Raceway Schedule. Developed New Evaluation Re ASD Valves Validation
ML18067A7461997-10-23023 October 1997
LER 97-009-00:on 970923,discovered Procedure Weakness Re Implementation of App R Shutdown Methodology.Caused by Human Error.Revised Off-Normal Procedure ONP-25.2, Alternate Safe Shutdown Procedure.
ML18067A7191997-10-10010 October 1997
LER 97-008-00:on 970912,spurious Valve Operation Could Result in Loss of Shutdown Capabilities Per 10CFR50,App R, Section Iii.L,Was Discovered.Caused by Failure to Validate Info from App R.Design Bases for SW Backup Reviewed
ML18067A6951997-09-24024 September 1997
LER 97-007-00:on 970826,discovered Inadequate Testing of DG Sequencer Control Relay Contacts.Caused by Oversight on Part of Personnel Involved in Installation of Facility Change FC-800.Tested 106D-1/XL & 106D-2/XL Relay Contacts
ML18067A5651997-06-0303 June 1997
LER 96-013-01:on 961115,DC Breaker Failed During Testing for as-found Trip Setting.Failure Caused by Oversight within Preventive Maint Program.Breaker Was Replaced & Tested
ML18067A5461997-05-12012 May 1997
LER 97-006-00:on 970412,overtime Limits Were Exceeded for Radiation Protection Technicians.Caused by Inadequate Design,Review & Proper Verifications of Overtime Work Schedule.Communicate Overtime Limitation Responsibilities
ML18067A4431997-03-24024 March 1997
LER 97-004-00:on 970221,trip of High Pressure Safety Injection Pump Occurred While Filling Safety Injection Tank Resulting in TS Violation.Caused by Particle Lodged Between Surface of Indication disk.Y-phase Relay Was OOS
ML18067A4391997-03-21021 March 1997
LER 97-005-00:on 961220,operation of Plant Outside Design Basis Occurred Due to an Unacceptable Repair on Main Steam Isolation Valves.Pipe Plugs Permanently Repaired
ML18067A4401997-03-21021 March 1997
LER 97-003-00:on 961101,four Piping Lines Were Determined to Be Potentially Susceptible to Pressurization Due to Containment Temperature Increase During an Accident.Cac Discharge Piping Will Be verified.W/970321 Ltr
ML18066A8931997-02-21021 February 1997
LER 97-002-00:on 970123,failure to Meet TSs 4.5.2d(1)(b) for Testing of Emergency Escape Airlock Occurred.Caused by Missed Surveillance.Emergency Escape Air Lock Testing Was Completed & Declared operable.W/970221 Ltr
ML18066A8751997-02-0505 February 1997
LER 97-001-00:on 970106,TAVE Temp Dropped Below Minimum Temp for Criticality.Caused by Control Rod Withdrawal Rate to Increase Power Not Sufficient to Match Increase in Steam. Turbine Bypass Valve Actuator repaired.W/970205 Ltr
ML18066A8041996-12-23023 December 1996
LER 96-014-00:on 961124,class 1E Raychem Cable Splices Were Installed Incorrectly.Caused by Incorrectly Made Electrical Splices.Total of 270 Splices Have Been Replaced within Containment
ML18066A7831996-12-16016 December 1996
LER 96-013-00:on 961115,DC Breaker Failure During Testing for as-found Trip Setting Occurred.Cause Under Investigation.All molded-case Circuit Breakers in DC Distribution Panels Were Replaced
ML18065A9951996-10-0404 October 1996
LER 96-002-01:on 960116,initiated TS Required Shutdown Due to Safeguards Cable Fault.Both Sets (Six Cables) of Cables Were Replaced & Installed Through Turbine Generator Bldg
ML18065A9171996-09-0909 September 1996
LER 95-012-00:on 960809,TS Violation Occurred,Due to No Senior Reactor Operator in Cr.Caused by Extensive Remodeling.Cr Remodeling completed.W/960909 Ltr
ML18065A8961996-08-29029 August 1996
LER 96-011-00:on 960730,CR Continuous Air Monitor Alarm Setpoint Improperly Established.Caused by Failure to Utilize Mod Process in 1988 Leading to Failure to Properly Select & Calibrate Instruments
ML18065A8811996-08-20020 August 1996
LER 96-005-01:on 960207,determined Fuse on Main Supply to Two Safety Related DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Lack of Thorough Associated Circuits Analysis.Supply Fuse to Panels Replaced
ML18065A8741996-08-16016 August 1996
LER 96-010-00:on 960717,high Pressure Safety Injection Pump Tripped While Filling Safety Injection Tank.Caused by Faulty 150/151Y-207 Time Overcurrent Relay.All Similar Relays in Time Overcurrent Application Have Been Inspected
ML18065A8651996-08-12012 August 1996
LER 96-009-00:on 960712,identified Penetration Seal Deficiency on Fire Barriers Caused by Failure to Perform & Document Comprehensive Fire Barrier Evaluation.Developed Basis document.W/960812 Ltr
ML18065A8601996-08-0202 August 1996
LER 96-006-01 on 960207,discovered Limits of Design Analysis Could Have Been Violated.Subsequent Tests & Analyses Facility Did Not Exceed Basis.Operating Procedures Have Been Revised to Treat 2530 Megawatts Limit as Absolute Limit
ML18065A8321996-08-0101 August 1996
LER 96-003-01:on 960115,alternate Shutdown Panel Inverter Resulted in Unavailability of Panel.Replaced Defective Inverter Alarm Logic Board
ML18065A7691996-06-12012 June 1996
LER 96-008-00:on 960513,fire Door Not Maintained Open in Accordance W/Design Basis.Cause Under Investigation. Engineering Evaluation Performed & Revised Documents, Surveillance & Test procedures.W/960612 Ltr
ML18065A6901996-05-0101 May 1996
LER 95-001-01:on 950302,malfunction of Left Channel DBA Sequencer Resulted in Inadvertent Actuation of Left Channel Safeguards Equipment.Replaced microprocessor.W/960501 Ltr
ML18065A6681996-04-22022 April 1996
LER 96-007-00:on 960321,inadequate Emergency Lighting & Ventilation in post-fire Safe Shutdown Areas.Caused by App R Program Documentation Insufficient to Demonstrate Regulatory Compliance.Lighting modified.W/960422 Ltr
ML18065A5721996-03-11011 March 1996
LER 96-006-00:on 960207,average Reactor Power Level Exceeded License Limit Due to Insufficient Procedural Guidance. GOP-12 Revised to Treat 2,530 Mwt Limit as Absolute Limit Requiring Immediate Corrective Action If Exceeded
ML18065A5261996-03-0101 March 1996
LER 96-005-00:on 960202,fuse on Main Supply to Two SR DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Inadequate Electrical/App R Design Review.Implemented Hourly Fire tours.W/960301 Ltr
ML18065A5111996-02-19019 February 1996
LER 94-012-02:on 940427,determined That Internal Ground in Thermal Margin Monitor Causes Nonconformance W/Rps Design Basis.Incorporated RPS Failure Modes & Effects Analysis in Plant DBD.W/960219 Ltr
ML18065A5061996-02-19019 February 1996
LER 96-004-00:on 960118,SIS Disabled W/Primary Coolant Sys Greater than 300 F.Caused by Personnel Error.Permanent Maint Procedure to Disable/Enable SIS Actuation on Low Pressurizer Pressure Will Be Revised to Align W/Ts
ML18065A5021996-02-15015 February 1996
LER 96-003-00:on 960115,technicians Found Low Voltage cut- Off for Alternate Shutdown Panel Inverter Set That Resulted in Unavailability of Panel.Caused by Inadequate Post Mod. Readjusted Set Point to Minimum setting.W/960215 Ltr
ML18065A4581996-01-31031 January 1996
LER 96-001-00:on 960103,failed to Test Duplicate Equipment. Caused by STS No Longer Containing Requirement for cross- Train Testing of Duplicate Components.Will Submit Request to Delete Subj Requirements from TS.W/960131 Ltr
ML18065A4421996-01-19019 January 1996
LER 95-016-00:on 951226,did Not Analyze Primary Coolant Samples within 72 H.Caused by Belief Acceptability to Save Pcs Samples for Choride Analysis Past 72 H.Counseled Chemistry Supervision.W/960119 Ltr
ML18065A4041996-01-15015 January 1996
LER 95-014-00:on 950119,PCP Oil Collection Deficiencies Created by FC-860 Piping Mod.Caused by Inadequate DBD for Sys & Lack of Review by Experienced Fire Protection Personnel.Updated Design Basis documentation.W/960115 Ltr
ML18065A3291995-12-0404 December 1995
LER 95-013-00:on 951103,circuit Fuse Coordination Deficiency Which Affects App R Safe Shutdown Equipment Noted.Design of Fuse Coordination in Potential Transformer Circuits Will Be Evaluated & Modified as required.W/951204 Ltr
ML18065A2361995-11-0202 November 1995
LER 95-012-00:on 950701,discovered Unqualified Electrical Connection in Containment SW Outlet Valve Controller.Caused by Failure of Assigned Engineers to Available Info.Replaced Wire Nuts W/Inline Butt connections.W/951102 Ltr
ML18065A2051995-10-20020 October 1995
LER 95-008-01:on 950728,discovered That None of Four Containment High Pressure Channels Would Initiate Reactor Trip Due to Programmatic Deficiencies.Administrative Procedure (AP) 9.44,AP 9.45 & AP 10.44 Will Be Revised
ML18065A0841995-09-18018 September 1995
LER 95-011-00:on 950817,CR 40 Withdrawal Occurred When Given Insertion Signal Due to skill-based Error in Crimping & Removing Foreign Matl from CRDM Motor Connection Box.Crd Package replaced.W/950918 Ltr
ML18065A0681995-09-14014 September 1995
LER 95-010-00:on 950815,ESFA Resulted in Manual Rt Following Isolation of Pcs.Replaced Failed Instrument Line
ML18065A0651995-09-0808 September 1995
LER 95-009-00:on 950728,discovered Lack of Procedural Guidance for Pump Repair Following Fire.Proposed Use of Power Supply Breaker Did Not Adequately Address Effect of Loss of Control Power.Performed Independent Assessment
ML18064A8781995-08-28028 August 1995
LER 95-008-00:on 950728,discovered During Design Change Testing That None of Four Containment High Pressure Channels Would Initiate Rt.Caused by Programmatic Deficiencies. Reviewed Selected Tests & Mods from Recent Refueling Outage
ML18064A8831995-08-21021 August 1995
LER 95-007-00:on 950720,discovered That 12 Instrument Loops Had V-bolted Type Qualified Cable Splices Connected to Wires W/Exposed Kapton Insulation.Caused by Human Error.All V- Bolted Splices Replaced w/in-line design.W/950821 Ltr
1999-09-02
[Table view]
Category:RO)
MONTHYEARML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18065B1151997-12-0909 December 1997
LER 97-013-00:on 971110,failure to Closure Test Two Check Valves Resulted in Violation of TS 6.5.7 Occurred.Caused by Close Function for Check Valves.Check Valves Tested to Confirm Proper Closure Capability
ML18067A7751997-11-11011 November 1997
LER 97-011-00:on 971012,primary Coolant Pump Was Started W/Sg Temperatures Greater than Cold Leg Temperature.Caused by Inadequate Procedures & Operator Decision Making.Critique of Event Conducted W/Operators Involved
ML18067A7581997-10-30030 October 1997
LER 97-010-00:on 970930,determined That Inadequacy in App R Analysis Resulted in Condition Outside Design Basis of Plant.Caused by Missing Cable in Circuit & Raceway Schedule. Developed New Evaluation Re ASD Valves Validation
ML18067A7461997-10-23023 October 1997
LER 97-009-00:on 970923,discovered Procedure Weakness Re Implementation of App R Shutdown Methodology.Caused by Human Error.Revised Off-Normal Procedure ONP-25.2, Alternate Safe Shutdown Procedure.
ML18067A7191997-10-10010 October 1997
LER 97-008-00:on 970912,spurious Valve Operation Could Result in Loss of Shutdown Capabilities Per 10CFR50,App R, Section Iii.L,Was Discovered.Caused by Failure to Validate Info from App R.Design Bases for SW Backup Reviewed
ML18067A6951997-09-24024 September 1997
LER 97-007-00:on 970826,discovered Inadequate Testing of DG Sequencer Control Relay Contacts.Caused by Oversight on Part of Personnel Involved in Installation of Facility Change FC-800.Tested 106D-1/XL & 106D-2/XL Relay Contacts
ML18067A5651997-06-0303 June 1997
LER 96-013-01:on 961115,DC Breaker Failed During Testing for as-found Trip Setting.Failure Caused by Oversight within Preventive Maint Program.Breaker Was Replaced & Tested
ML18067A5461997-05-12012 May 1997
LER 97-006-00:on 970412,overtime Limits Were Exceeded for Radiation Protection Technicians.Caused by Inadequate Design,Review & Proper Verifications of Overtime Work Schedule.Communicate Overtime Limitation Responsibilities
ML18067A4431997-03-24024 March 1997
LER 97-004-00:on 970221,trip of High Pressure Safety Injection Pump Occurred While Filling Safety Injection Tank Resulting in TS Violation.Caused by Particle Lodged Between Surface of Indication disk.Y-phase Relay Was OOS
ML18067A4391997-03-21021 March 1997
LER 97-005-00:on 961220,operation of Plant Outside Design Basis Occurred Due to an Unacceptable Repair on Main Steam Isolation Valves.Pipe Plugs Permanently Repaired
ML18067A4401997-03-21021 March 1997
LER 97-003-00:on 961101,four Piping Lines Were Determined to Be Potentially Susceptible to Pressurization Due to Containment Temperature Increase During an Accident.Cac Discharge Piping Will Be verified.W/970321 Ltr
ML18066A8931997-02-21021 February 1997
LER 97-002-00:on 970123,failure to Meet TSs 4.5.2d(1)(b) for Testing of Emergency Escape Airlock Occurred.Caused by Missed Surveillance.Emergency Escape Air Lock Testing Was Completed & Declared operable.W/970221 Ltr
ML18066A8751997-02-0505 February 1997
LER 97-001-00:on 970106,TAVE Temp Dropped Below Minimum Temp for Criticality.Caused by Control Rod Withdrawal Rate to Increase Power Not Sufficient to Match Increase in Steam. Turbine Bypass Valve Actuator repaired.W/970205 Ltr
ML18066A8041996-12-23023 December 1996
LER 96-014-00:on 961124,class 1E Raychem Cable Splices Were Installed Incorrectly.Caused by Incorrectly Made Electrical Splices.Total of 270 Splices Have Been Replaced within Containment
ML18066A7831996-12-16016 December 1996
LER 96-013-00:on 961115,DC Breaker Failure During Testing for as-found Trip Setting Occurred.Cause Under Investigation.All molded-case Circuit Breakers in DC Distribution Panels Were Replaced
ML18065A9951996-10-0404 October 1996
LER 96-002-01:on 960116,initiated TS Required Shutdown Due to Safeguards Cable Fault.Both Sets (Six Cables) of Cables Were Replaced & Installed Through Turbine Generator Bldg
ML18065A9171996-09-0909 September 1996
LER 95-012-00:on 960809,TS Violation Occurred,Due to No Senior Reactor Operator in Cr.Caused by Extensive Remodeling.Cr Remodeling completed.W/960909 Ltr
ML18065A8961996-08-29029 August 1996
LER 96-011-00:on 960730,CR Continuous Air Monitor Alarm Setpoint Improperly Established.Caused by Failure to Utilize Mod Process in 1988 Leading to Failure to Properly Select & Calibrate Instruments
ML18065A8811996-08-20020 August 1996
LER 96-005-01:on 960207,determined Fuse on Main Supply to Two Safety Related DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Lack of Thorough Associated Circuits Analysis.Supply Fuse to Panels Replaced
ML18065A8741996-08-16016 August 1996
LER 96-010-00:on 960717,high Pressure Safety Injection Pump Tripped While Filling Safety Injection Tank.Caused by Faulty 150/151Y-207 Time Overcurrent Relay.All Similar Relays in Time Overcurrent Application Have Been Inspected
ML18065A8651996-08-12012 August 1996
LER 96-009-00:on 960712,identified Penetration Seal Deficiency on Fire Barriers Caused by Failure to Perform & Document Comprehensive Fire Barrier Evaluation.Developed Basis document.W/960812 Ltr
ML18065A8601996-08-0202 August 1996
LER 96-006-01 on 960207,discovered Limits of Design Analysis Could Have Been Violated.Subsequent Tests & Analyses Facility Did Not Exceed Basis.Operating Procedures Have Been Revised to Treat 2530 Megawatts Limit as Absolute Limit
ML18065A8321996-08-0101 August 1996
LER 96-003-01:on 960115,alternate Shutdown Panel Inverter Resulted in Unavailability of Panel.Replaced Defective Inverter Alarm Logic Board
ML18065A7691996-06-12012 June 1996
LER 96-008-00:on 960513,fire Door Not Maintained Open in Accordance W/Design Basis.Cause Under Investigation. Engineering Evaluation Performed & Revised Documents, Surveillance & Test procedures.W/960612 Ltr
ML18065A6901996-05-0101 May 1996
LER 95-001-01:on 950302,malfunction of Left Channel DBA Sequencer Resulted in Inadvertent Actuation of Left Channel Safeguards Equipment.Replaced microprocessor.W/960501 Ltr
ML18065A6681996-04-22022 April 1996
LER 96-007-00:on 960321,inadequate Emergency Lighting & Ventilation in post-fire Safe Shutdown Areas.Caused by App R Program Documentation Insufficient to Demonstrate Regulatory Compliance.Lighting modified.W/960422 Ltr
ML18065A5721996-03-11011 March 1996
LER 96-006-00:on 960207,average Reactor Power Level Exceeded License Limit Due to Insufficient Procedural Guidance. GOP-12 Revised to Treat 2,530 Mwt Limit as Absolute Limit Requiring Immediate Corrective Action If Exceeded
ML18065A5261996-03-0101 March 1996
LER 96-005-00:on 960202,fuse on Main Supply to Two SR DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Inadequate Electrical/App R Design Review.Implemented Hourly Fire tours.W/960301 Ltr
ML18065A5111996-02-19019 February 1996
LER 94-012-02:on 940427,determined That Internal Ground in Thermal Margin Monitor Causes Nonconformance W/Rps Design Basis.Incorporated RPS Failure Modes & Effects Analysis in Plant DBD.W/960219 Ltr
ML18065A5061996-02-19019 February 1996
LER 96-004-00:on 960118,SIS Disabled W/Primary Coolant Sys Greater than 300 F.Caused by Personnel Error.Permanent Maint Procedure to Disable/Enable SIS Actuation on Low Pressurizer Pressure Will Be Revised to Align W/Ts
ML18065A5021996-02-15015 February 1996
LER 96-003-00:on 960115,technicians Found Low Voltage cut- Off for Alternate Shutdown Panel Inverter Set That Resulted in Unavailability of Panel.Caused by Inadequate Post Mod. Readjusted Set Point to Minimum setting.W/960215 Ltr
ML18065A4581996-01-31031 January 1996
LER 96-001-00:on 960103,failed to Test Duplicate Equipment. Caused by STS No Longer Containing Requirement for cross- Train Testing of Duplicate Components.Will Submit Request to Delete Subj Requirements from TS.W/960131 Ltr
ML18065A4421996-01-19019 January 1996
LER 95-016-00:on 951226,did Not Analyze Primary Coolant Samples within 72 H.Caused by Belief Acceptability to Save Pcs Samples for Choride Analysis Past 72 H.Counseled Chemistry Supervision.W/960119 Ltr
ML18065A4041996-01-15015 January 1996
LER 95-014-00:on 950119,PCP Oil Collection Deficiencies Created by FC-860 Piping Mod.Caused by Inadequate DBD for Sys & Lack of Review by Experienced Fire Protection Personnel.Updated Design Basis documentation.W/960115 Ltr
ML18065A3291995-12-0404 December 1995
LER 95-013-00:on 951103,circuit Fuse Coordination Deficiency Which Affects App R Safe Shutdown Equipment Noted.Design of Fuse Coordination in Potential Transformer Circuits Will Be Evaluated & Modified as required.W/951204 Ltr
ML18065A2361995-11-0202 November 1995
LER 95-012-00:on 950701,discovered Unqualified Electrical Connection in Containment SW Outlet Valve Controller.Caused by Failure of Assigned Engineers to Available Info.Replaced Wire Nuts W/Inline Butt connections.W/951102 Ltr
ML18065A2051995-10-20020 October 1995
LER 95-008-01:on 950728,discovered That None of Four Containment High Pressure Channels Would Initiate Reactor Trip Due to Programmatic Deficiencies.Administrative Procedure (AP) 9.44,AP 9.45 & AP 10.44 Will Be Revised
ML18065A0841995-09-18018 September 1995
LER 95-011-00:on 950817,CR 40 Withdrawal Occurred When Given Insertion Signal Due to skill-based Error in Crimping & Removing Foreign Matl from CRDM Motor Connection Box.Crd Package replaced.W/950918 Ltr
ML18065A0681995-09-14014 September 1995
LER 95-010-00:on 950815,ESFA Resulted in Manual Rt Following Isolation of Pcs.Replaced Failed Instrument Line
ML18065A0651995-09-0808 September 1995
LER 95-009-00:on 950728,discovered Lack of Procedural Guidance for Pump Repair Following Fire.Proposed Use of Power Supply Breaker Did Not Adequately Address Effect of Loss of Control Power.Performed Independent Assessment
ML18064A8781995-08-28028 August 1995
LER 95-008-00:on 950728,discovered During Design Change Testing That None of Four Containment High Pressure Channels Would Initiate Rt.Caused by Programmatic Deficiencies. Reviewed Selected Tests & Mods from Recent Refueling Outage
ML18064A8831995-08-21021 August 1995
LER 95-007-00:on 950720,discovered That 12 Instrument Loops Had V-bolted Type Qualified Cable Splices Connected to Wires W/Exposed Kapton Insulation.Caused by Human Error.All V- Bolted Splices Replaced w/in-line design.W/950821 Ltr
1999-09-02
[Table view]
Category:TEXT-SAFETY REPORT
MONTHYEARML18066A6901999-11-0101 November 1999
Rev 5 to Palisades Nuclear Plant Colr.
ML18066A6761999-09-30030 September 1999
Monthly Operating Rept for Sept 1999 for Palisades Nuclear Plant
ML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6351999-08-31031 August 1999
Monthly Operating Rept for Aug 1999 for Palisades Nuclear Plant
ML18066A6771999-08-31031 August 1999
Operating Data Rept Page of MOR for Aug 1999 for Palisades Nuclear Plant
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A6061999-07-31031 July 1999
Monthly Operating Rept for July 1999 for Palisades Nuclear Plant.With 990803 Ltr
ML18066A5201999-06-30030 June 1999
Monthly Operating Rept for June 1999 for Palisades Nuclear Plant.With 990702 Ltr
ML18066A4841999-05-31031 May 1999
Monthly Operating Rept for May 1999 for Palisades Nuclear Plant.With 990603 Ltr
ML18066A6371999-04-30030 April 1999
Revised Monthly Operating Rept for Apr 1999 for Palisades Nuclear Plant
ML18068A5941999-04-30030 April 1999
Monthly Operating Rept for Apr 1999 for Palisades Nuclear Plant.With 990503 Ltr
ML18066A4161999-04-0101 April 1999
Rev 4 to COLR, for Palisades Nuclear Plant
ML18066A4501999-03-31031 March 1999
Monthly Operating Rept for Mar 1999 for Palisades Nuclear Plant.With 990402 Ltr
ML18066A4671999-03-31031 March 1999
Rev 0 to SIR-99-032, Flaw Tolerance & Leakage Evaluation Spent Fuel Pool Heat Exchanger E-53B Nozzle Palisades Nuclear Plant.
ML18068A5351999-02-28028 February 1999
Monthly Operating Rept for Feb 1999 for Palisades Nuclear Plant.With 990302 Ltr
ML18066A3931999-01-31031 January 1999
Monthly Operating Rept for Jan 1999 for Palisades Nuclear Plant.With 990202 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML20206F6131998-12-31031 December 1998
1998 Consumers Energy Co Annual Rept. with
ML18066A3651998-12-31031 December 1998
Monthly Operating Rept for Dec 1998 for Palisades Nuclear Plant.With 990105 Ltr
ML18066A3421998-11-30030 November 1998
Monthly Operating Rept for Nov 1998 for Palisades Nuclear Plant.With 981202 Ltr
ML18066A3301998-11-11011 November 1998
Part 21 Rept Re Potential Safety Hazard Associated with Wrist Pin Assemblies for FM-Alco 251 Engines at Palisades Nuclear Power Plant.Caused by Insufficient Friction Fit Between Pin & Sleeve.Supplier of Pin Will No Longer Be Used
ML18068A4921998-10-31031 October 1998
Monthly Operating Rept for Oct 1998 for Palisades Nuclear Plant.With 981103 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A3181998-09-30030 September 1998
Monthly Operating Rept for Sept 1998 for Palisades Nuclear Plant
ML18066A2901998-08-31031 August 1998
Monthly Operating Rept for Aug 1998 for Palisades Nuclear Power Plant.With 980903 Ltr
ML18066A3191998-08-31031 August 1998
Revised Monthly Operating Rept Data for Aug 1998 for Palisades Nuclear Plant
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2771998-08-13013 August 1998
Part 21 Rept Re Deficiency in CE Current Screening Methodology for Determining Limiting Fuel Assembly for Detailed PWR thermal-hydraulic Sa.Evaluations Were Performed for Affected Plants to Determine Effect of Deficiency
ML20237E0301998-07-31031 July 1998
ISI Rept 3-3
ML18066A2701998-07-31031 July 1998
Monthly Operating Rept for July 1998 for Palisades Nuclear Plant.W/980803 Ltr
ML18066A2311998-06-30030 June 1998
Monthly Operating Rept for June 1998 for Palisades Nuclear Plant
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A3061998-06-18018 June 1998
SG Tube Inservice Insp.
ML20249C4951998-06-17017 June 1998
Rev 1 to EA-GEJ-98-01, Palisades Cycle 14 Disposition of Events Review
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18066A1711998-06-0101 June 1998
Part 21 Rept Re Impact of RELAP4 Excessive Variability on Palisades Large Break LOCA ECCS Results.Change in PCT Between Cycle 13 & Cycle 14 Does Not Constitute Significant Change Per 10CFR50.46
ML18066A1741998-05-31031 May 1998
Monthly Operating Rept for May 1998 for Palisades Nuclear Plant.W/980601 Ltr
ML18066A2321998-05-31031 May 1998
Revised MOR for May 1998 for Palisades Nuclear Plant
ML18068A4701998-05-31031 May 1998
Annual Rept of Changes in ECCS Models Per 10CFR50.46.
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18066A2331998-04-30030 April 1998
Revised MOR for Apr 1998 for Palisades Nuclear Plant
ML18068A3461998-04-30030 April 1998
Monthly Operating Rept for Apr 1998 for Palisades Nuclear Plant.W/980501 Ltr
ML18066A3411998-04-22022 April 1998
Rev 0 to EMF-98-013, Palisades Cycle 14:Disposition & Analysis of SRP Chapter 15 Events.
ML18065B2071998-03-31031 March 1998
Monthly Operating Rept for Mar 1998 for Palisades Nuclear Plant.W/980403 Ltr
ML20217C2741998-03-31031 March 1998
Independent Review - Is Consumers Energy Method (W Method) of Determining Palisades Nuclear Plant Best Estimate Fluence by Combining Transport Calculation & Dosimetry Measurements Technically Sound & Does It Meet Intent of Pts
ML18066A2341998-03-31031 March 1998
Revised MOR for Mar 1998 for Palisades Nuclear Plant
ML18068A3041998-02-28028 February 1998
Monthly Operating Rept for Feb 1998 for Palisades Nuclear Plant.W/980302 Ltr
ML18066A2351998-02-28028 February 1998
Revised MOR for Feb 1998 for Palisades Nuclear Plant
ML18065B1641998-02-0505 February 1998
Rev 0 to Regression Analysis for Containment Prestressing Sys at 25th Year Surveillance.
ML18067A8211998-01-31031 January 1998
Monthly Operating Rept for Jan 1998 for Palisades Nuclear Plant.W/980203 Ltr
1999-09-30
[Table view] |
Text
NRt: Fonn 388 _. U.S. NUCLEAR REGULATORY COMMISSION 111-831 APPROVED OM8 NO. 3160-0104 EXPIRES: 8/31 /86 LICENSEE EVENT REPORT (LER)
FACILITY NAME 111 DOCKET NUMBER 121 PAGE 131 0 5 0 0 0 2 5 5 OF 0 8 Palisades Plant nm 141 MALFUNCTION OF THE LEFT CHANNEL OBA SEQUENCER RESULTS IN INADVERTENT ACTUATION OF LEFT CHANNEL SAFEGUARDS EQUIPMENT EVENT DATE 1111 REPORT DATE 181 OTHER FACILITIES INVOLVED 181 REVISION FACILITY NAMES MONTH DAY YEAR YEAR NUMBER MONTH DAY YEAR N/A 0 6 0 0 0 0 3 0 2 9 5 9 5 0 0 1 0 0 N/A 0 6 0 0 0 THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS OF 10 CFR I: (f:Mclr one ortnMe of IM following} 1111 OPERATING N~T"""20-.-40-2-~-l----------"T""""'T""-20-.4-06-lc-l----------"'T""x-r-50-.7-3-la-112-l~-l--------"""'T"~-7-3-.7-1~-l-------------1 MODE Ill 1-------.....--------+--I 20.4061all11UI 50.381cll11 50.731all21M 73.711cl 20.4061all1111il 50.381cll21 50.731all21Mil OTHER (Specify in Abetract 20.4061all116iil 50.731all21fol 50.731all21MiillAI below - In Toxt, 20.4061all11Qvl 50.731all21fail 50. 7 31all211viiill81 NRC Fonn 388Al 20.4061all11M 50.731*11210iil 50.731all21bd LICENSEE CONTACT FOR THIS LER 1121 NAME TELEPHONE NUMBER AREA CODE William L. Roberts 6 6 7 6 4 8 9 3 MANUFAC- REPORTABLE MANUFAC- REPORTABLE CAUSE SYSTEM COMPONENT TURER TO NPRDS CAUSE SYSTEM COMPONENT TURER TO NPRDS
~~~...;.;.~1--~~~~+-~~~~-r~~--t ~:--+-~-t~~~~~t--~...;.;.;;.;....~-+-.;.,,;;..;.;,;.;.;;;~~
SUPPLEMENTAL REPORT EXPECTED 1141 MONTH DAY YEAR EXPECTED SUBMISSION X
--tely , , _,
YES llf yu,, ,,_,,.,_ EXPECTED SVBMISSION £1'4 TEI ABSTRACT UJm/t 10 1400 .,.u.. l.o.,
NO ling#-.-:o typowritten -
- I 1181 DATE 1161 0 0 9 6 On March 2, 1995, at 2009 hrs, with the plant operating at 100% power, the left channel Design Basis Accident (OBA) sequencer malfunctioned and simultaneously started most of the left channel safeguards equipment. Some left channel safeguards equipment was bloc.ked from starting by logic external to the sequencer. All safeguards equipment responded as required and the plant response was normal for the equipment that changed status. Plant power was reduced to 91 % because of the event. The safeguards equipment was secured- and the left channel sequencer and corresponding diesel generator declared inoperable.
Instrument and Control personnel documented the as-found condition of the sequencer. Testing was performed in the l&C lab to diagnose sequencer components. A team was established to determine root cause, evaluate common mode failures, and make recommendations to management regarding the sequencer. Evaluation determined that a failure of the micro-processor module of the electronic OBA sequencer caused the event. The micro-processor was replaced, operability of the sequencer verified and the plant returned to 100% power on March 4, 1995.
9504070144 950331
~DR ADOCK 05000255 PDR
NRC Form 388A'. U.S. NUCLEAR REGULATORY COMMISSION 19-831 APPROVED OMB NO. 3160-0104 EXPIRES: 8/31 /86 LICENSEE EVENT REPORT !LERI TEXT CONTINUATION FACILITY NAME (1J DOCKET NUMBER 121 lER NUMBER (31 PAGE (41 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I6 I0 I0 I0 I2 I6 I6 9 I6 - 0 I0 I 1 - 0 I0 0 I2 OF 0 I8 Event Oescription On March 2, 1995, at 2009 hrs, the left channel D8A sequencer, MC-34L, malfu'nctioned and simultaneously started the left channel High Pressure Safety Injection (HPSI) pump (P-668), Low Pressure Safety Injection (LPSI) pump. (P-678), boric acid pump (P-568), service water pump (P-78), closed the volume control tank outlet valve (M0-2087), opened the boric acid gravity feed valves (M0-21.69, M0-2170), opened the LPSI loop isolation valves (M0-3008, M0-3010), and opened the HPSI loop isolation valves (M0-3007, M0-3009, M0-3011, and M0-3013). Charging pump (P-55C) started and was immediately stopped by pressurizer level control logic. Absent, as expected, from equipment actuation were the left channel auxiliary feedwater pump, (P-8A) and the left channel control room ventilation fan (V-95). Control room operators noted no precursor.
to this failure and also noted that it appeared that all sequencer actuations occurred simultaneously. During this event at least two of the safety injection tank pressure control valves (CV-3042, CV-3046, CV-3047 and CV-3038) opened causing relief valve RV-3161 to lift and relieve to the quench tank (T-73).
Plant power response was normal for the equipment that changed status during this event. The addition of boric acid caused reactor T eve to decrease. The operators reduced power to 97% to match T eve to T,.,. The operating charging pump (P-55A) automatically tripped on low suction pressure because the Volume Control Tank (VCT) outlet valve (M0-2087) closed as expected.
The operators th.en isolated letdown. This left concentrated boric acid in the charging system.
As a pre-planned evolution, charging and letdown were reestablished. This resulted in the power plant stabilizing at 91 % power.
All safeguards equipment was secured, the left channel sequencer and associated diesel generator declared inoperable and a seven day limiting condition of operation for the diesel generator .was entered. The right channel diesel generator was test started and off-site power verified. Instrument and Control (l&C) technicians and engineers were called in to evaluate and support the follow-up to the event .
The sequencer is a Programmable Logic Controller (PLC) that consists of a main micro-processor an.d various input/output (1/0) modules for each piece of equipment actuated by the sequencer.
The as-found status of the sequencer indicated that a problem had .occurred with the micro-processor module. The micro-processor was taken to the l&C lab where evaluation determined that the micro-processor was now working properly. Next all of the 1/0 modules were taken to the lab where it was determined that they were also functioning properly. A spare micro-processor was obtained from stock and satisfactorily functionally tested with the sequencer 1/0 modules. On March 3, 1995 at approximately 0300 hrs the spare micro-processor and the existing 1/0 modules were installed in the left channel OBA sequencer chassis. Return of the sequencer to service was delayed pending plant management review of the event and the corrective actions taken.
NRC Form 388A U.S. NUCLEAR REGULATORY COMMISSION 19-831 APPROVED OMB NO. 3160-0104 EXPIRES: 8/31186 LICENSEE EVENT REPORT ILER) TEXT CONTINUATION FACILITY NAME 111 DOCKET NUMBER 121 LER NUMBER 131 PAGE 141 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I5 I0 I0 I0 I2 I5 I5 9 I5 - 0 I0 11 - 0 I0 0 I3 OF 0 I8 On the morning of ~arch 3, 1995, an engineering and management team was established to .
review the event. A call was made to the manufacturers technical service department which confirmed that the as found status of the micro-processor indicated that a failure of the micro-processor had occurred. The discussion with the technical service department also confirmed the plant conclusion that based on the as found status and testing of the 1/0 modules they were operable. At approximately 1500 hrs a plant management meeting was held to review the event.
Based on the results of the review a decision was made to return the sequencer to service and schedule a sequencer operability test. At approximately 1900 hrs the sequencer was .
successfully returned to service. The left channel of Technical Specification Surveillance 00-1, "Safety Injection" was completed as a test of the sequencer's operability. After successful completion of the testing the sequencer an_d associated diesel generator were declared operable.
The plant was returned to 100% power on March 4, 1995.
Ca_use of the Event The cause of the event is the failure of the OBA sequencer micro-processor module. The root cause of the micro-processor module failure is unknown at this time and evaluation of the exact
- cause of the unit failure is. being pursued with the manufacturer.
Analysis of the Event The OBA sequencer, MC-34L (left channel) and MC-34R (right channel), sequence loads onto the -'
.*.1 emergency diesel generators. Sequencing of loads ensures that appropriate equipment is energized in time to contend with an event while at the same time preventing excessive step loads from being placed on the diesel generator (which could result in the loss of the generator).
Automatic sequencer actuation occurs only when emergency generator power is automatically demanded as result of. lost or unacceptably degraded 2400V AC bus voltage. When this emergency generator demand is not accompanied by a Safety Injection Signal (SIS) actuation, the Normal Shutdown Sequencer (NSD) sequence is selected. When the emergency generator demand is accompanied by a SIS, the Design Basis Actuation (OBA) sequence is selected.
Issues/Questions
- What did the sequencer do to cause the safeguards initiation?
Discussion with operations personnel and examination of Plant Datalogger Sequence of Events Report indicates that every sequencer output device was sent a "start" signal. Some devices were blocked from starting by logic external to the sequencer and as such were not reported on the datalogger report.
NRC Form 388A" U.S. NUCLEAR REGULATORY COMMISSION 19-831 APPROVED OMB NO. 3160-0104 EXPIRES: 8/31 /86 LICENSEE EVENT REPORT (LERI TEXT CONTINUATION FACILITY NAME 111 DOCKET NUMBER 121 LER NUMBER 131 PAGE 141 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I6 I0 I0 I0 I 2 I6 I6 9 I6 - 0 I I 0 1 - 0 I0 0 I4 OF 0 I8 At some time after initiating every output, the micro-processor turned off every output.
Although it is difficult to determine exactly how long this took, it had to be long enough for equipment breakers and interposing relays to latch. The following are considerations in determining that time.
The sequencer can process its entire ladder logic program in 10 to 20 milliseconds. If the micro-processor "locked up" or if the processor diagnostic shut it c;iown, it would take 300 milliseconds for the 1/0 cards to realize that communication with the micro-processor is absent or garbled. This is commonly referred to as a "watchdog" feature.
The 1/0 card would then automatically turn off every output and extinguish its ACTIVE light. The as-fou_nd status lights indicate that the processor was either "locked up" or shutdown by diagnostics because all 1/0 module ACTIVE lights were extinguished and 300 milliseconds is long en*ough for the equipment breakers and interposing relays to latch.
- What caused the sequencer failure 1 Although the final root cause is unknown, we believe we have eliminated every component as the cause except the sequencer's micro-processor unit. The following is support for this positi<m.
The OBA sequencer ch~ssis holds all of the sequencer .1/0 modules and is a passive device. Because the processor and 1/0 modules communicate across the chassis backplane using Cyclic ~edundancy Checksum (CRC-16), which* is a method for detecting communications errors within the sequencer, a fault on the backplane could not force the 1/0 module to alter the state of its outputs.
The 1/0 modules should not be able to make the processor fail its diagnostics because the error checking program (CRC-16) would not allow a fault on a single 1/0 card to be propagated to all output cards. A failure on the input card, however, could possibly start a false initiation* of a NSD or DBD sequence which would take about 55 seconds to complete as determined by the software ladder logic. Since for this event, the sequencer actuated all outputs at once, this eliminates the input card as the source of failure.
Investigation of the "as found" sequencer condition showed that the micro-processor had the POWER light on, and the RUN and READY lights extinguished. The READY being off can only occur if the micro-processor locks up or the diagnostics detect a CPU or memory error and shuts down the system. The RUN and READY light on the micro-processor and the ACTIVE light on each 1/0 module were found off which is consistent with this failure mode. The Run light indicates that the processor is executing the ladder logic. If the micro-processor has been shutdown, it could not run logic programming.
NRC Form *399,( U.S. NUCLEAR REGUlATORY COMMISSION 19-831 APPROVED OMB NO. 3160.0104 EXPIRES: 8/31 /86 LICENSEE EVENT REPORT (LERI TEXT CONTINUATION FACILITY NAME (1) DOCKET NUMBER 121 LER NUMBER 131 PAGE 141 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I 5 I 0 I 0 I 0 I 2 I .5 I 5 9 I5 - 0 I I 0 1 - 0 I 0 0 I5 OF 0 I8 The ACTIVE light on the 1/0 modules would automatically turn off if the processor failed due to a communication timeout. Therefore, we believe that the micro-processor was the only possible point of failure in the sequencer.
The following is speculation as to why the root cause failure is considered to be the micro-processor. It is based on general computer experience and very little hard evidence and may end up being discounted as further investigation takes place.
A faulty component can cause intermittent memory or processor error which will cause computer systems to appear to lockup or quit instantaneously. However, the computer often will perform many instructions, some correctly and some incorrectly, before locking up or the error being detected by continuous diagnostics. The Palisades OBA sequencer system operates in the following cyclic sequence: inputs retrieved, ladder logic performed, output sent, diagnostics run. This processing sequence would allow for some error to propagate from the memory and micro-processor to the output cards before detection by the diagnostics routine. This error might also remain in plc;ice until .i more problems lock up the processor or diagnostics shut down the system. Even an error which is present for only one scan cycle would leave outputs energized for 300 milliseconds until the watchdog timer on the 1/0 cards turned the outputs off. This could explain how a micro-processor problem could have been processed to the output cards resulting in a start of the left channel safeguards equipment.
- Is this a recurring event?
There are some similarities between t.he current sequencer failure and the single previous failure on record. This previous failure occurred 7 /29/89 to the right channel sequencer (MC-34R). The similarity is limited to the loss of ACTIVE lights on the 1/0 cards and the inability to recreate the failure during troubleshooting. The previous failure, however, did not activate any outputs. The.differences in failure modes and the time between failures are large enough that a short term concern of a recurring event is not warranted. This previous failure will be discussed with the vendor in conjunction with the evaluation of the current sequencer failure.
- Is there a common mode failure that could affect the microprocessor replacement unit or the other channel?
This topic was discussed with the manufacture's technical service department. They searched their service bulletins for similar symptoms and none were found.
NRC Form 368A U.S. NUCLEAR REGULATORY COMMISSION (9-83) APPROVED OM8 NO. 31~104 EXPIRES: 8/31 /86 LICENSEE EVENT REPORT (LERI TEXT CONTINUATION FACILITY NAME 111 DOCKET NUMBER 121 LER NUMBER (3) PAGE (41 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I I0 I0 I0 I I I 5 2 5 5 9 I 5 - 0 I 0 j1 - 0 I 0 0 I6 OF 0 I8 A theory was proposed that electro-magnetic interference (EMI) from some other device near to the micro-processor could have caused the problem. The theory was tested in the lab by keying a portable radio transmitter within a couple of inches of the micro-processor and monitoring for lockup or status light changes. None were detected. Power and input signals were examined for signal strength and wave form and nothing unusual was found. It has also been determined that no person was in close proximity to the sequencer when event occurred. At this time there appears to be no external mechanism to e~plain this malfunction of the micro-processor.
A typical consideration when software is involved with equipment operation is whether a certain combination of internal software logic and/or external inputs from the application software could cause an action that was not predicted or tested in design. This has some merit, but the probability of it being the cause is small or it's happening again is
- insignificant. The application software is written in ladder logic which is a high level .*
computer language. It cannot typically be written in such a way as to disable the processor as was *evidenced by the lack of a READY light and the loss of the 1/0 module ACTIVE lights.
A slightly more probable software failure mode involves an error in the internal so:ftware logic sometimes called the software kernel. This is the part of the software that interprets the ladder logic code, acquires input data, outputs results of the ladder logic, and diagnoses errors in the hardware and memory. The probability of an error in the software kernel is low. This sequencer has been running at Palisades without error for over six* years. The *'
sequencer hardware manufacturer checked their service bulletins and found no relevant notes, cautions, or fixes related to a software kernel problems. The micro-processor portion
. of the sequencer is a standard Programmable logic Controller (PLC) that is widely used in vario~s applications in many industries. As such, the PLC manufacturer has the experience and market forces of many PLC owners who would identify that significant common mode failures were a problem with this device. At this time we also do not believe that a common mode software problem exists that would cause the micro-processor to fail.
Plant Resoonse to the Event Along with the starting of safeguards pumps and opening and closing of valves, it was also noted that the auxiliary feedwater pump (P-8A) and control room HVAC fan (V-95) did not start. Based on design and plant conditions, these devices would not have been expected to start. P-8A did not start*since an Auxiliary Feedwater Actuation Signal (AFAS) was not present. V-95 did not start bacause a load shed signal was not present.
Nf\I: FOJm 388~ U.S. NUCLEAR REGULATORY COMMISSION 19-83) Al'f'ROVED OMB NO. 3160-()104 EXPIRES: 8/31/86
- LICENSEE EVENT REPORT (LERI TEXT CONTINUATION FACILITY NAME 111 DOCKET NUMBER 121 LER NUMBER 131 PAGE 141 SEQUENTIAL REVISION YEAR NUMBER NUMBER Palisades Plant 0 I6 I0 I0 I0 I2 I6 I6 9 I6 - 0 I 11 -
0 0 I 0 0 I7 OF 0 I8 The condition report also noted that safety injection tank (SIT) pressure control valves (PCV) opened, causing relief valve RV-3161 to relieve to the quench tank (T-73). Based on an evaluation of design and valve lineup, this was correct and is anticipated system behavior.
Evaluations of the above situations are documented with the. plant condition report documenting this event.
Corrective Action 1 - The services of the manufacturer of the sequencer hardware will be utilized to diagnose the root cause of the micro-proc~ssor module failure.
- Seei.
LICENSEE EVENT REPORT (LERI TEXT CONTINUATION
- U.S. NUCLEAR REGULATORY COMMISSION APPROVED OM8 NO. 31~104 EXPIRES: 8/31 /86 FACILITY NAME 11 l DOCKET NUMBER (21 LER NUMBER (31 PAGE (4)
- YEAR SEQUENTIAL NUMBER REVISION NUMBER Palisades Plant o 1 s 1o 1 o 1o 1 2 1 s 1 s 9 16 - o Io I , - 0 Io o Ia OF o Ia Attachment 1 Palisades Design Basis Accident (OBA) Sequencer Facts: -Programmable Logic Controller (PLC)
-Manufactured by Gould Modicon
-Model 984-380 processor.
-Series 810 110 Modules: 1 AC input, 2 AC output, *3 DC output
-Operates with 115VAC +/- 15%, 47 to 63 Hz, Class 1E source (Y30)
-Takes 5ms/K words of logic to complete scan cycle.
-Runs self diagnostics on CPU, modules, and memory every scan.
-Installed in 1988 by FC~ 737
-Meets Surge Withstand Cap.ability tests, IEEE 472-1974, ANSI C37.90A-1974 TYPICAL SEQUENCER ARRANGEM~NT 9&4 D -- -- -
D --
-<.r
~
~
~*
~
0 - -- - -- --
Processor lnput Module ............................ Dutput Modules .....................................................
