|
|---|
Category:LICENSEE EVENT REPORT (SEE ALSO AO
MONTHYEARML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18065B1151997-12-0909 December 1997
LER 97-013-00:on 971110,failure to Closure Test Two Check Valves Resulted in Violation of TS 6.5.7 Occurred.Caused by Close Function for Check Valves.Check Valves Tested to Confirm Proper Closure Capability
ML18067A7751997-11-11011 November 1997
LER 97-011-00:on 971012,primary Coolant Pump Was Started W/Sg Temperatures Greater than Cold Leg Temperature.Caused by Inadequate Procedures & Operator Decision Making.Critique of Event Conducted W/Operators Involved
ML18067A7581997-10-30030 October 1997
LER 97-010-00:on 970930,determined That Inadequacy in App R Analysis Resulted in Condition Outside Design Basis of Plant.Caused by Missing Cable in Circuit & Raceway Schedule. Developed New Evaluation Re ASD Valves Validation
ML18067A7461997-10-23023 October 1997
LER 97-009-00:on 970923,discovered Procedure Weakness Re Implementation of App R Shutdown Methodology.Caused by Human Error.Revised Off-Normal Procedure ONP-25.2, Alternate Safe Shutdown Procedure.
ML18067A7191997-10-10010 October 1997
LER 97-008-00:on 970912,spurious Valve Operation Could Result in Loss of Shutdown Capabilities Per 10CFR50,App R, Section Iii.L,Was Discovered.Caused by Failure to Validate Info from App R.Design Bases for SW Backup Reviewed
ML18067A6951997-09-24024 September 1997
LER 97-007-00:on 970826,discovered Inadequate Testing of DG Sequencer Control Relay Contacts.Caused by Oversight on Part of Personnel Involved in Installation of Facility Change FC-800.Tested 106D-1/XL & 106D-2/XL Relay Contacts
ML18067A5651997-06-0303 June 1997
LER 96-013-01:on 961115,DC Breaker Failed During Testing for as-found Trip Setting.Failure Caused by Oversight within Preventive Maint Program.Breaker Was Replaced & Tested
ML18067A5461997-05-12012 May 1997
LER 97-006-00:on 970412,overtime Limits Were Exceeded for Radiation Protection Technicians.Caused by Inadequate Design,Review & Proper Verifications of Overtime Work Schedule.Communicate Overtime Limitation Responsibilities
ML18067A4431997-03-24024 March 1997
LER 97-004-00:on 970221,trip of High Pressure Safety Injection Pump Occurred While Filling Safety Injection Tank Resulting in TS Violation.Caused by Particle Lodged Between Surface of Indication disk.Y-phase Relay Was OOS
ML18067A4391997-03-21021 March 1997
LER 97-005-00:on 961220,operation of Plant Outside Design Basis Occurred Due to an Unacceptable Repair on Main Steam Isolation Valves.Pipe Plugs Permanently Repaired
ML18067A4401997-03-21021 March 1997
LER 97-003-00:on 961101,four Piping Lines Were Determined to Be Potentially Susceptible to Pressurization Due to Containment Temperature Increase During an Accident.Cac Discharge Piping Will Be verified.W/970321 Ltr
ML18066A8931997-02-21021 February 1997
LER 97-002-00:on 970123,failure to Meet TSs 4.5.2d(1)(b) for Testing of Emergency Escape Airlock Occurred.Caused by Missed Surveillance.Emergency Escape Air Lock Testing Was Completed & Declared operable.W/970221 Ltr
ML18066A8751997-02-0505 February 1997
LER 97-001-00:on 970106,TAVE Temp Dropped Below Minimum Temp for Criticality.Caused by Control Rod Withdrawal Rate to Increase Power Not Sufficient to Match Increase in Steam. Turbine Bypass Valve Actuator repaired.W/970205 Ltr
ML18066A8041996-12-23023 December 1996
LER 96-014-00:on 961124,class 1E Raychem Cable Splices Were Installed Incorrectly.Caused by Incorrectly Made Electrical Splices.Total of 270 Splices Have Been Replaced within Containment
ML18066A7831996-12-16016 December 1996
LER 96-013-00:on 961115,DC Breaker Failure During Testing for as-found Trip Setting Occurred.Cause Under Investigation.All molded-case Circuit Breakers in DC Distribution Panels Were Replaced
ML18065A9951996-10-0404 October 1996
LER 96-002-01:on 960116,initiated TS Required Shutdown Due to Safeguards Cable Fault.Both Sets (Six Cables) of Cables Were Replaced & Installed Through Turbine Generator Bldg
ML18065A9171996-09-0909 September 1996
LER 95-012-00:on 960809,TS Violation Occurred,Due to No Senior Reactor Operator in Cr.Caused by Extensive Remodeling.Cr Remodeling completed.W/960909 Ltr
ML18065A8961996-08-29029 August 1996
LER 96-011-00:on 960730,CR Continuous Air Monitor Alarm Setpoint Improperly Established.Caused by Failure to Utilize Mod Process in 1988 Leading to Failure to Properly Select & Calibrate Instruments
ML18065A8811996-08-20020 August 1996
LER 96-005-01:on 960207,determined Fuse on Main Supply to Two Safety Related DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Lack of Thorough Associated Circuits Analysis.Supply Fuse to Panels Replaced
ML18065A8741996-08-16016 August 1996
LER 96-010-00:on 960717,high Pressure Safety Injection Pump Tripped While Filling Safety Injection Tank.Caused by Faulty 150/151Y-207 Time Overcurrent Relay.All Similar Relays in Time Overcurrent Application Have Been Inspected
ML18065A8651996-08-12012 August 1996
LER 96-009-00:on 960712,identified Penetration Seal Deficiency on Fire Barriers Caused by Failure to Perform & Document Comprehensive Fire Barrier Evaluation.Developed Basis document.W/960812 Ltr
ML18065A8601996-08-0202 August 1996
LER 96-006-01 on 960207,discovered Limits of Design Analysis Could Have Been Violated.Subsequent Tests & Analyses Facility Did Not Exceed Basis.Operating Procedures Have Been Revised to Treat 2530 Megawatts Limit as Absolute Limit
ML18065A8321996-08-0101 August 1996
LER 96-003-01:on 960115,alternate Shutdown Panel Inverter Resulted in Unavailability of Panel.Replaced Defective Inverter Alarm Logic Board
ML18065A7691996-06-12012 June 1996
LER 96-008-00:on 960513,fire Door Not Maintained Open in Accordance W/Design Basis.Cause Under Investigation. Engineering Evaluation Performed & Revised Documents, Surveillance & Test procedures.W/960612 Ltr
ML18065A6901996-05-0101 May 1996
LER 95-001-01:on 950302,malfunction of Left Channel DBA Sequencer Resulted in Inadvertent Actuation of Left Channel Safeguards Equipment.Replaced microprocessor.W/960501 Ltr
ML18065A6681996-04-22022 April 1996
LER 96-007-00:on 960321,inadequate Emergency Lighting & Ventilation in post-fire Safe Shutdown Areas.Caused by App R Program Documentation Insufficient to Demonstrate Regulatory Compliance.Lighting modified.W/960422 Ltr
ML18065A5721996-03-11011 March 1996
LER 96-006-00:on 960207,average Reactor Power Level Exceeded License Limit Due to Insufficient Procedural Guidance. GOP-12 Revised to Treat 2,530 Mwt Limit as Absolute Limit Requiring Immediate Corrective Action If Exceeded
ML18065A5261996-03-0101 March 1996
LER 96-005-00:on 960202,fuse on Main Supply to Two SR DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Inadequate Electrical/App R Design Review.Implemented Hourly Fire tours.W/960301 Ltr
ML18065A5111996-02-19019 February 1996
LER 94-012-02:on 940427,determined That Internal Ground in Thermal Margin Monitor Causes Nonconformance W/Rps Design Basis.Incorporated RPS Failure Modes & Effects Analysis in Plant DBD.W/960219 Ltr
ML18065A5061996-02-19019 February 1996
LER 96-004-00:on 960118,SIS Disabled W/Primary Coolant Sys Greater than 300 F.Caused by Personnel Error.Permanent Maint Procedure to Disable/Enable SIS Actuation on Low Pressurizer Pressure Will Be Revised to Align W/Ts
ML18065A5021996-02-15015 February 1996
LER 96-003-00:on 960115,technicians Found Low Voltage cut- Off for Alternate Shutdown Panel Inverter Set That Resulted in Unavailability of Panel.Caused by Inadequate Post Mod. Readjusted Set Point to Minimum setting.W/960215 Ltr
ML18065A4581996-01-31031 January 1996
LER 96-001-00:on 960103,failed to Test Duplicate Equipment. Caused by STS No Longer Containing Requirement for cross- Train Testing of Duplicate Components.Will Submit Request to Delete Subj Requirements from TS.W/960131 Ltr
ML18065A4421996-01-19019 January 1996
LER 95-016-00:on 951226,did Not Analyze Primary Coolant Samples within 72 H.Caused by Belief Acceptability to Save Pcs Samples for Choride Analysis Past 72 H.Counseled Chemistry Supervision.W/960119 Ltr
ML18065A4041996-01-15015 January 1996
LER 95-014-00:on 950119,PCP Oil Collection Deficiencies Created by FC-860 Piping Mod.Caused by Inadequate DBD for Sys & Lack of Review by Experienced Fire Protection Personnel.Updated Design Basis documentation.W/960115 Ltr
ML18065A3291995-12-0404 December 1995
LER 95-013-00:on 951103,circuit Fuse Coordination Deficiency Which Affects App R Safe Shutdown Equipment Noted.Design of Fuse Coordination in Potential Transformer Circuits Will Be Evaluated & Modified as required.W/951204 Ltr
ML18065A2361995-11-0202 November 1995
LER 95-012-00:on 950701,discovered Unqualified Electrical Connection in Containment SW Outlet Valve Controller.Caused by Failure of Assigned Engineers to Available Info.Replaced Wire Nuts W/Inline Butt connections.W/951102 Ltr
ML18065A2051995-10-20020 October 1995
LER 95-008-01:on 950728,discovered That None of Four Containment High Pressure Channels Would Initiate Reactor Trip Due to Programmatic Deficiencies.Administrative Procedure (AP) 9.44,AP 9.45 & AP 10.44 Will Be Revised
ML18065A0841995-09-18018 September 1995
LER 95-011-00:on 950817,CR 40 Withdrawal Occurred When Given Insertion Signal Due to skill-based Error in Crimping & Removing Foreign Matl from CRDM Motor Connection Box.Crd Package replaced.W/950918 Ltr
ML18065A0681995-09-14014 September 1995
LER 95-010-00:on 950815,ESFA Resulted in Manual Rt Following Isolation of Pcs.Replaced Failed Instrument Line
ML18065A0651995-09-0808 September 1995
LER 95-009-00:on 950728,discovered Lack of Procedural Guidance for Pump Repair Following Fire.Proposed Use of Power Supply Breaker Did Not Adequately Address Effect of Loss of Control Power.Performed Independent Assessment
ML18064A8781995-08-28028 August 1995
LER 95-008-00:on 950728,discovered During Design Change Testing That None of Four Containment High Pressure Channels Would Initiate Rt.Caused by Programmatic Deficiencies. Reviewed Selected Tests & Mods from Recent Refueling Outage
ML18064A8831995-08-21021 August 1995
LER 95-007-00:on 950720,discovered That 12 Instrument Loops Had V-bolted Type Qualified Cable Splices Connected to Wires W/Exposed Kapton Insulation.Caused by Human Error.All V- Bolted Splices Replaced w/in-line design.W/950821 Ltr
1999-09-02
[Table view]
Category:RO)
MONTHYEARML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18065B1151997-12-0909 December 1997
LER 97-013-00:on 971110,failure to Closure Test Two Check Valves Resulted in Violation of TS 6.5.7 Occurred.Caused by Close Function for Check Valves.Check Valves Tested to Confirm Proper Closure Capability
ML18067A7751997-11-11011 November 1997
LER 97-011-00:on 971012,primary Coolant Pump Was Started W/Sg Temperatures Greater than Cold Leg Temperature.Caused by Inadequate Procedures & Operator Decision Making.Critique of Event Conducted W/Operators Involved
ML18067A7581997-10-30030 October 1997
LER 97-010-00:on 970930,determined That Inadequacy in App R Analysis Resulted in Condition Outside Design Basis of Plant.Caused by Missing Cable in Circuit & Raceway Schedule. Developed New Evaluation Re ASD Valves Validation
ML18067A7461997-10-23023 October 1997
LER 97-009-00:on 970923,discovered Procedure Weakness Re Implementation of App R Shutdown Methodology.Caused by Human Error.Revised Off-Normal Procedure ONP-25.2, Alternate Safe Shutdown Procedure.
ML18067A7191997-10-10010 October 1997
LER 97-008-00:on 970912,spurious Valve Operation Could Result in Loss of Shutdown Capabilities Per 10CFR50,App R, Section Iii.L,Was Discovered.Caused by Failure to Validate Info from App R.Design Bases for SW Backup Reviewed
ML18067A6951997-09-24024 September 1997
LER 97-007-00:on 970826,discovered Inadequate Testing of DG Sequencer Control Relay Contacts.Caused by Oversight on Part of Personnel Involved in Installation of Facility Change FC-800.Tested 106D-1/XL & 106D-2/XL Relay Contacts
ML18067A5651997-06-0303 June 1997
LER 96-013-01:on 961115,DC Breaker Failed During Testing for as-found Trip Setting.Failure Caused by Oversight within Preventive Maint Program.Breaker Was Replaced & Tested
ML18067A5461997-05-12012 May 1997
LER 97-006-00:on 970412,overtime Limits Were Exceeded for Radiation Protection Technicians.Caused by Inadequate Design,Review & Proper Verifications of Overtime Work Schedule.Communicate Overtime Limitation Responsibilities
ML18067A4431997-03-24024 March 1997
LER 97-004-00:on 970221,trip of High Pressure Safety Injection Pump Occurred While Filling Safety Injection Tank Resulting in TS Violation.Caused by Particle Lodged Between Surface of Indication disk.Y-phase Relay Was OOS
ML18067A4391997-03-21021 March 1997
LER 97-005-00:on 961220,operation of Plant Outside Design Basis Occurred Due to an Unacceptable Repair on Main Steam Isolation Valves.Pipe Plugs Permanently Repaired
ML18067A4401997-03-21021 March 1997
LER 97-003-00:on 961101,four Piping Lines Were Determined to Be Potentially Susceptible to Pressurization Due to Containment Temperature Increase During an Accident.Cac Discharge Piping Will Be verified.W/970321 Ltr
ML18066A8931997-02-21021 February 1997
LER 97-002-00:on 970123,failure to Meet TSs 4.5.2d(1)(b) for Testing of Emergency Escape Airlock Occurred.Caused by Missed Surveillance.Emergency Escape Air Lock Testing Was Completed & Declared operable.W/970221 Ltr
ML18066A8751997-02-0505 February 1997
LER 97-001-00:on 970106,TAVE Temp Dropped Below Minimum Temp for Criticality.Caused by Control Rod Withdrawal Rate to Increase Power Not Sufficient to Match Increase in Steam. Turbine Bypass Valve Actuator repaired.W/970205 Ltr
ML18066A8041996-12-23023 December 1996
LER 96-014-00:on 961124,class 1E Raychem Cable Splices Were Installed Incorrectly.Caused by Incorrectly Made Electrical Splices.Total of 270 Splices Have Been Replaced within Containment
ML18066A7831996-12-16016 December 1996
LER 96-013-00:on 961115,DC Breaker Failure During Testing for as-found Trip Setting Occurred.Cause Under Investigation.All molded-case Circuit Breakers in DC Distribution Panels Were Replaced
ML18065A9951996-10-0404 October 1996
LER 96-002-01:on 960116,initiated TS Required Shutdown Due to Safeguards Cable Fault.Both Sets (Six Cables) of Cables Were Replaced & Installed Through Turbine Generator Bldg
ML18065A9171996-09-0909 September 1996
LER 95-012-00:on 960809,TS Violation Occurred,Due to No Senior Reactor Operator in Cr.Caused by Extensive Remodeling.Cr Remodeling completed.W/960909 Ltr
ML18065A8961996-08-29029 August 1996
LER 96-011-00:on 960730,CR Continuous Air Monitor Alarm Setpoint Improperly Established.Caused by Failure to Utilize Mod Process in 1988 Leading to Failure to Properly Select & Calibrate Instruments
ML18065A8811996-08-20020 August 1996
LER 96-005-01:on 960207,determined Fuse on Main Supply to Two Safety Related DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Lack of Thorough Associated Circuits Analysis.Supply Fuse to Panels Replaced
ML18065A8741996-08-16016 August 1996
LER 96-010-00:on 960717,high Pressure Safety Injection Pump Tripped While Filling Safety Injection Tank.Caused by Faulty 150/151Y-207 Time Overcurrent Relay.All Similar Relays in Time Overcurrent Application Have Been Inspected
ML18065A8651996-08-12012 August 1996
LER 96-009-00:on 960712,identified Penetration Seal Deficiency on Fire Barriers Caused by Failure to Perform & Document Comprehensive Fire Barrier Evaluation.Developed Basis document.W/960812 Ltr
ML18065A8601996-08-0202 August 1996
LER 96-006-01 on 960207,discovered Limits of Design Analysis Could Have Been Violated.Subsequent Tests & Analyses Facility Did Not Exceed Basis.Operating Procedures Have Been Revised to Treat 2530 Megawatts Limit as Absolute Limit
ML18065A8321996-08-0101 August 1996
LER 96-003-01:on 960115,alternate Shutdown Panel Inverter Resulted in Unavailability of Panel.Replaced Defective Inverter Alarm Logic Board
ML18065A7691996-06-12012 June 1996
LER 96-008-00:on 960513,fire Door Not Maintained Open in Accordance W/Design Basis.Cause Under Investigation. Engineering Evaluation Performed & Revised Documents, Surveillance & Test procedures.W/960612 Ltr
ML18065A6901996-05-0101 May 1996
LER 95-001-01:on 950302,malfunction of Left Channel DBA Sequencer Resulted in Inadvertent Actuation of Left Channel Safeguards Equipment.Replaced microprocessor.W/960501 Ltr
ML18065A6681996-04-22022 April 1996
LER 96-007-00:on 960321,inadequate Emergency Lighting & Ventilation in post-fire Safe Shutdown Areas.Caused by App R Program Documentation Insufficient to Demonstrate Regulatory Compliance.Lighting modified.W/960422 Ltr
ML18065A5721996-03-11011 March 1996
LER 96-006-00:on 960207,average Reactor Power Level Exceeded License Limit Due to Insufficient Procedural Guidance. GOP-12 Revised to Treat 2,530 Mwt Limit as Absolute Limit Requiring Immediate Corrective Action If Exceeded
ML18065A5261996-03-0101 March 1996
LER 96-005-00:on 960202,fuse on Main Supply to Two SR DC Panels & Panel Branch Circuit Breakers Not Properly Coordinated.Caused by Inadequate Electrical/App R Design Review.Implemented Hourly Fire tours.W/960301 Ltr
ML18065A5111996-02-19019 February 1996
LER 94-012-02:on 940427,determined That Internal Ground in Thermal Margin Monitor Causes Nonconformance W/Rps Design Basis.Incorporated RPS Failure Modes & Effects Analysis in Plant DBD.W/960219 Ltr
ML18065A5061996-02-19019 February 1996
LER 96-004-00:on 960118,SIS Disabled W/Primary Coolant Sys Greater than 300 F.Caused by Personnel Error.Permanent Maint Procedure to Disable/Enable SIS Actuation on Low Pressurizer Pressure Will Be Revised to Align W/Ts
ML18065A5021996-02-15015 February 1996
LER 96-003-00:on 960115,technicians Found Low Voltage cut- Off for Alternate Shutdown Panel Inverter Set That Resulted in Unavailability of Panel.Caused by Inadequate Post Mod. Readjusted Set Point to Minimum setting.W/960215 Ltr
ML18065A4581996-01-31031 January 1996
LER 96-001-00:on 960103,failed to Test Duplicate Equipment. Caused by STS No Longer Containing Requirement for cross- Train Testing of Duplicate Components.Will Submit Request to Delete Subj Requirements from TS.W/960131 Ltr
ML18065A4421996-01-19019 January 1996
LER 95-016-00:on 951226,did Not Analyze Primary Coolant Samples within 72 H.Caused by Belief Acceptability to Save Pcs Samples for Choride Analysis Past 72 H.Counseled Chemistry Supervision.W/960119 Ltr
ML18065A4041996-01-15015 January 1996
LER 95-014-00:on 950119,PCP Oil Collection Deficiencies Created by FC-860 Piping Mod.Caused by Inadequate DBD for Sys & Lack of Review by Experienced Fire Protection Personnel.Updated Design Basis documentation.W/960115 Ltr
ML18065A3291995-12-0404 December 1995
LER 95-013-00:on 951103,circuit Fuse Coordination Deficiency Which Affects App R Safe Shutdown Equipment Noted.Design of Fuse Coordination in Potential Transformer Circuits Will Be Evaluated & Modified as required.W/951204 Ltr
ML18065A2361995-11-0202 November 1995
LER 95-012-00:on 950701,discovered Unqualified Electrical Connection in Containment SW Outlet Valve Controller.Caused by Failure of Assigned Engineers to Available Info.Replaced Wire Nuts W/Inline Butt connections.W/951102 Ltr
ML18065A2051995-10-20020 October 1995
LER 95-008-01:on 950728,discovered That None of Four Containment High Pressure Channels Would Initiate Reactor Trip Due to Programmatic Deficiencies.Administrative Procedure (AP) 9.44,AP 9.45 & AP 10.44 Will Be Revised
ML18065A0841995-09-18018 September 1995
LER 95-011-00:on 950817,CR 40 Withdrawal Occurred When Given Insertion Signal Due to skill-based Error in Crimping & Removing Foreign Matl from CRDM Motor Connection Box.Crd Package replaced.W/950918 Ltr
ML18065A0681995-09-14014 September 1995
LER 95-010-00:on 950815,ESFA Resulted in Manual Rt Following Isolation of Pcs.Replaced Failed Instrument Line
ML18065A0651995-09-0808 September 1995
LER 95-009-00:on 950728,discovered Lack of Procedural Guidance for Pump Repair Following Fire.Proposed Use of Power Supply Breaker Did Not Adequately Address Effect of Loss of Control Power.Performed Independent Assessment
ML18064A8781995-08-28028 August 1995
LER 95-008-00:on 950728,discovered During Design Change Testing That None of Four Containment High Pressure Channels Would Initiate Rt.Caused by Programmatic Deficiencies. Reviewed Selected Tests & Mods from Recent Refueling Outage
ML18064A8831995-08-21021 August 1995
LER 95-007-00:on 950720,discovered That 12 Instrument Loops Had V-bolted Type Qualified Cable Splices Connected to Wires W/Exposed Kapton Insulation.Caused by Human Error.All V- Bolted Splices Replaced w/in-line design.W/950821 Ltr
1999-09-02
[Table view]
Category:TEXT-SAFETY REPORT
MONTHYEARML18066A6901999-11-0101 November 1999
Rev 5 to Palisades Nuclear Plant Colr.
ML18066A6761999-09-30030 September 1999
Monthly Operating Rept for Sept 1999 for Palisades Nuclear Plant
ML18066A6271999-09-0202 September 1999
LER 98-011-01:on 981217,inadequate Lube Oil Collection Sys for Primary Coolant Pumps Was Noted.Caused by Design Change Not Containing Appropriate Level of Rigor.Exemption from 10CFR50,App R Was Requested.With 990902 Ltr
ML18066A6351999-08-31031 August 1999
Monthly Operating Rept for Aug 1999 for Palisades Nuclear Plant
ML18066A6771999-08-31031 August 1999
Operating Data Rept Page of MOR for Aug 1999 for Palisades Nuclear Plant
ML18066A6221999-08-20020 August 1999
LER 99-002-00:on 990722,TS Surveillance Was Not Completed within Specified Frequency.Caused by Failure to Incorporate Revised Frequency Into Surveillance Schedule in Timely Manner.Verified Implementation.With 990820 Ltr
ML18066A6061999-07-31031 July 1999
Monthly Operating Rept for July 1999 for Palisades Nuclear Plant.With 990803 Ltr
ML18066A5201999-06-30030 June 1999
Monthly Operating Rept for June 1999 for Palisades Nuclear Plant.With 990702 Ltr
ML18066A4841999-05-31031 May 1999
Monthly Operating Rept for May 1999 for Palisades Nuclear Plant.With 990603 Ltr
ML18066A6371999-04-30030 April 1999
Revised Monthly Operating Rept for Apr 1999 for Palisades Nuclear Plant
ML18068A5941999-04-30030 April 1999
Monthly Operating Rept for Apr 1999 for Palisades Nuclear Plant.With 990503 Ltr
ML18066A4161999-04-0101 April 1999
Rev 4 to COLR, for Palisades Nuclear Plant
ML18066A4501999-03-31031 March 1999
Monthly Operating Rept for Mar 1999 for Palisades Nuclear Plant.With 990402 Ltr
ML18066A4671999-03-31031 March 1999
Rev 0 to SIR-99-032, Flaw Tolerance & Leakage Evaluation Spent Fuel Pool Heat Exchanger E-53B Nozzle Palisades Nuclear Plant.
ML18068A5351999-02-28028 February 1999
Monthly Operating Rept for Feb 1999 for Palisades Nuclear Plant.With 990302 Ltr
ML18066A3931999-01-31031 January 1999
Monthly Operating Rept for Jan 1999 for Palisades Nuclear Plant.With 990202 Ltr
ML18066A3781999-01-20020 January 1999
LER 98-013-00:on 981222,safeguards Transfer Tap Changer Failure Caused Inadvertant DG Start.Caused by Failed Motor Contactor.Contactor Was Replaced.With 990120 Ltr
ML20206F6131998-12-31031 December 1998
1998 Consumers Energy Co Annual Rept. with
ML18066A3651998-12-31031 December 1998
Monthly Operating Rept for Dec 1998 for Palisades Nuclear Plant.With 990105 Ltr
ML18066A3421998-11-30030 November 1998
Monthly Operating Rept for Nov 1998 for Palisades Nuclear Plant.With 981202 Ltr
ML18066A3301998-11-11011 November 1998
Part 21 Rept Re Potential Safety Hazard Associated with Wrist Pin Assemblies for FM-Alco 251 Engines at Palisades Nuclear Power Plant.Caused by Insufficient Friction Fit Between Pin & Sleeve.Supplier of Pin Will No Longer Be Used
ML18068A4921998-10-31031 October 1998
Monthly Operating Rept for Oct 1998 for Palisades Nuclear Plant.With 981103 Ltr
ML18068A4851998-10-29029 October 1998
LER 97-011-01:on 971012,starting of Primary Coolant Pump with SG Temps Greater than Cold Leg Temps Occurred.Caused by Inadequate Procedures & Operator Decision.Sop Used for Starting Primary Coolant Pump Enhanced
ML18066A3181998-09-30030 September 1998
Monthly Operating Rept for Sept 1998 for Palisades Nuclear Plant
ML18066A2901998-08-31031 August 1998
Monthly Operating Rept for Aug 1998 for Palisades Nuclear Power Plant.With 980903 Ltr
ML18066A3191998-08-31031 August 1998
Revised Monthly Operating Rept Data for Aug 1998 for Palisades Nuclear Plant
ML18066A2831998-08-18018 August 1998
LER 98-010-00:on 980721,reactor Manually Tripped.Caused by Failure of Coupling Which Drives Feedwater Pump Main Lube Oil Pump.Main Lube Oil Pump Coupling & Associated Components Replaced & Satisfactorily Tested
ML18066A2771998-08-13013 August 1998
Part 21 Rept Re Deficiency in CE Current Screening Methodology for Determining Limiting Fuel Assembly for Detailed PWR thermal-hydraulic Sa.Evaluations Were Performed for Affected Plants to Determine Effect of Deficiency
ML20237E0301998-07-31031 July 1998
ISI Rept 3-3
ML18066A2701998-07-31031 July 1998
Monthly Operating Rept for July 1998 for Palisades Nuclear Plant.W/980803 Ltr
ML18066A2311998-06-30030 June 1998
Monthly Operating Rept for June 1998 for Palisades Nuclear Plant
ML18066A2261998-06-30030 June 1998
LER 98-009-00:on 980531,small Pinhole Leak Found on One of Welds,During Leak Test Following Replacement of Pcs Sample Isolation Valves.Caused by Welder Error.Leaking Welds Repaired
ML18066A3061998-06-18018 June 1998
SG Tube Inservice Insp.
ML20249C4951998-06-17017 June 1998
Rev 1 to EA-GEJ-98-01, Palisades Cycle 14 Disposition of Events Review
ML18066A1781998-06-0909 June 1998
LER 98-008-00:on 980511,noted That Procedure Did Not Fully Satisfy Requirement to Test High Startup Rate Trip Function. Caused by Misunderstanding of Testing Requirements.Revised TS Surveillance Test Procedure & Reviewed Other Procedures
ML18066A1711998-06-0101 June 1998
Part 21 Rept Re Impact of RELAP4 Excessive Variability on Palisades Large Break LOCA ECCS Results.Change in PCT Between Cycle 13 & Cycle 14 Does Not Constitute Significant Change Per 10CFR50.46
ML18066A1741998-05-31031 May 1998
Monthly Operating Rept for May 1998 for Palisades Nuclear Plant.W/980601 Ltr
ML18066A2321998-05-31031 May 1998
Revised MOR for May 1998 for Palisades Nuclear Plant
ML18068A4701998-05-31031 May 1998
Annual Rept of Changes in ECCS Models Per 10CFR50.46.
ML18065B2451998-05-13013 May 1998
LER 98-007-00:on 980413,HPIS Sys Was Noted Inoperable During TS Surveillance Test.Caused by Performance of Flawed Procedure.Operators & Engineers Will Be Trained to Improve Operational Decision Making Through Resources & Knowledge
ML18066A2331998-04-30030 April 1998
Revised MOR for Apr 1998 for Palisades Nuclear Plant
ML18068A3461998-04-30030 April 1998
Monthly Operating Rept for Apr 1998 for Palisades Nuclear Plant.W/980501 Ltr
ML18066A3411998-04-22022 April 1998
Rev 0 to EMF-98-013, Palisades Cycle 14:Disposition & Analysis of SRP Chapter 15 Events.
ML18065B2071998-03-31031 March 1998
Monthly Operating Rept for Mar 1998 for Palisades Nuclear Plant.W/980403 Ltr
ML20217C2741998-03-31031 March 1998
Independent Review - Is Consumers Energy Method (W Method) of Determining Palisades Nuclear Plant Best Estimate Fluence by Combining Transport Calculation & Dosimetry Measurements Technically Sound & Does It Meet Intent of Pts
ML18066A2341998-03-31031 March 1998
Revised MOR for Mar 1998 for Palisades Nuclear Plant
ML18068A3041998-02-28028 February 1998
Monthly Operating Rept for Feb 1998 for Palisades Nuclear Plant.W/980302 Ltr
ML18066A2351998-02-28028 February 1998
Revised MOR for Feb 1998 for Palisades Nuclear Plant
ML18065B1641998-02-0505 February 1998
Rev 0 to Regression Analysis for Containment Prestressing Sys at 25th Year Surveillance.
ML18067A8211998-01-31031 January 1998
Monthly Operating Rept for Jan 1998 for Palisades Nuclear Plant.W/980203 Ltr
1999-09-30
[Table view] |
Text
consumers Power POWERiNii MICHlliAN-S PROliRESS Palisades Nuclear Plant: 27780 Blue Star Memorial Highway, Covert, Ml 49043 May 1, 1996 U S Nuclear Regulatory Commission Document Control Desk Washington, DC 20555 DOCKET 50-255 - LICENSE DPR PALISADES PLANT LICENSEE EVENT REPORT 95-001 ~01 - MALFUNCTION OF THE LEFT CHANNEL
. OBA SEQUENCER RESULTS IN INADVERTENT ACTUATION OF LEFT CHANNEL SAFEGUARDS EQUIPMENT - SUPPLEMENTAL REPORT Licensee Event Report (LER) 95-001-01 is attached. This Supplemental Report
. includes the vendor's evaluation of the sequencer controller module. This event is reportable to the NRC per 10 CFR 50.73(a)(2)(iv) as an unplanned automatic actuation of an engineered safety feature.
SUMMARY
OF COMMITMENTS This letter contains no new commitments and no revisions to existing commitments.
Richard W Smedley Manager, Licensing CC Administrator, Region Ill, USNRC Project Manager, NRR, USNRC NRC Resident Inspector - Palisades Attachment
- 0 7 0 0 3 2 9605070254 960501 PDR ADOCK 05000255 S PDR A O'.G" ENERGY COMPANY
NRC FORM366 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB NO. 3160..0104 (4195) EXPIRES 4/30/98 ESTIMATED BU1001 PER RESPONSE TO COMPLY WllH THIS MANDATORY INFORMATION COUECTION REQUEST: 50.0 HRS. REPORTED LESSONS LEARNED ARE INCORPORATED INTO THE LICENSING PROCESS NW FED BACK TO INDUSTRY. FORWARD COMMENTS LICENSEE EVENT REPORT (LER) REGARDING BURDEN ESTIMATE TO THE INFORMATION NID RECORDS MANAGEMENT BRANCH (T..O F33), U.S. NUCLEAR REGULATORY COMMISSION, WASHINGTON, DC 205SS-0001, NID TO THE PAPERWORK REDUCTION PROJECT (315Q.011W, OFFICE OF (See reverse for required number of digits/characters for each block) MANAGEMENT NW BUDGET, WASHINGTON, DC 20503 FACILITY NAME (1) DOCKET NUMBER (2) I Page (3)
PALISADES NUCLEAR PLANT 05000255 1of7 TITLE (4) Licensee Event Report 95-001 Malfunction of the Left Channel OBA Sequencer Results in Inadvertent Actuation of Left Channel Safeguards Equipment - Supplemental Report EVENT DATE (5) LER NUMBER (6) REPORT DATE (7) OTHER FACILITIES INVOLVED (8)
FACILITY NAME DOCKET NUMBER MONTH DAY YEAR YEAR I SEQUENTIAL NUMBER REVISION NUMBER MONTH DAY YEAR FACILITY NAME 05000 DOCKET NUMBER 03 02 95 95 - 001 - 01 05 01 96 05000 OPERATING THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS .OF 10 CFR§: (Check one or more) (11)
MODE (9) 20.2201(b) 20.2203(a)(2)(v) 50.73(a)(2)(i) 50.73(a)(2)(iii) 50.73(a)(2)(x)
I I 20.2203(a)(1) 20.2203(a)(3)(i) 50.73(a)(2)(ii)
I POWER LEVEL (10) 20.2203(a)(2)(i) 20.2203(a)(2)(ii) 20.2203(a)(3)(ii) 20.2203(a)(4) x 50.73(a)(2)(iii) 50.73(a)(2)(iv) 73.71 OTHER lilt lillll!tlll 20.2203(a)(2)(iii) 20.2203(a)(2)(iv) 50.36(c)(1) 50.36(c)(2)
LICENSEE CONTACT FOR THIS LER (12) 50.73(a)(2)(v)
- 50. 73(a)(2)(vii)
Specify in Abstract below or in NRC Form 366A NAME TELEPHONE NUMBER (Include Area Code)
Clayton M Mathews, Licensing Engineer (616) 764-8913 COMPLETE ONE LINE FOR EACH COMPONENT FAILURE DESCRIBED IN THIS REPORT (13)
CAUSE SYSTEM COMPONENT MANUFACTURER REPORTABLE CAUSE SYSTEM COMPONENT MANUFACTURER REPORTABLE TONPRDS TONPRDS SUPPLEMENTAL REPORT EXPECTED (14) MONTH DAY YEAR I YES If yes COMPLETE EXPECTED COMPLETION DATE x I NO EXPECTED SUBMISSION DATE (15)
ABSTRACT (Limit to.1400 spaces, i:e., approximately 15 single-spaced typewritten lines) (16)
On March 2, 1995, at 2009 hrs, with the plant operating at 100% power, the left channel Design Basis Accident (OBA) sequencer malfunctioned and simultaneously started most of the left channel safeguards equipment. Some left channel safeguards equipment was blocked from starting by logic external to the sequencer. All safeguards equipment responded as required and the plant response was normal for the equipment that changed status. Plant power was reduced to 91 % because of the event. The safeguards equipment was secured and the left channel diesel generator declared inoperable.
Instrument and Control (l&C) personnel documented the as-found condition of the sequencer.
Testing was performed to diagnose sequencer components. A team was established to determine root cause, evaluate common mode failures, and make recommendations to management regarding the sequencer. Evaluation determined that a failure of the micro-processor module of the electronic OBA sequencer caused the event. The microprocessor was replaced, operability of the sequencer verified, and the plant returned to 100% power on March 4, 1995.
NRC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION 4195 LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME (1 l DOCKETf2l PAGE (3\
I LER NUMBER 16l YEAR SEQUENTIAL REVISION NUMBER NUMBER PALISADES* NUCLEAR PLANT 05000255 2 OF 7 95 - 001 01 TEXT (If more space is required, use additional copies of NRC Form 366A) (17)
Event Descriptjon On March 2, 1995, at 2009 hrs, the left channel DBA sequencer, MC-34L, malfunctioned and simultaneously started the left channel High Pressure Safety Injection (HPSI) pump (P-66B), Low Pressure Safety Injection (LPSI) pump (P-678), boric acid pump (P-568), Service Water pump (P-7B), closed the volume control tank outlet valve (M0-2087), opened the boric acid gravity feed valves (M0-2169, M0-2170), opened the LPSI loop isolation valves (M0-3008, M0-3010), and opened the HPSI loop isolation valves (M0-3007, M0-3009, M0-3011, and M0-3013). Charging pump (P-55C) started and was i_mmediately stopped by pressurizer level control logic. Absent, as expected, from .
equipment actuation were the left channel Auxiliary Feedwater pump, (P-8A) and the left channel Control Room ventilation fan (V-95). Control Room operators noted no precursor to this failure and also noted that it appeared that all sequencer actuations occurred simultaneously. During this event it was also noted that at least two of the safety injection tank pressure control valves (CV-3042,. CV-3046, CV-3047 and CV-3038) opened causing relief valve RV-3161 to lift and relieve to the quench tank (T-73).
Plant power response was normal for the eq!Jipment that changed status during this event. The addition of boric acid caused reader Tave to decrease. The operators reduced power to 97% to match Tave to T ref* The operating charging pump (P-55A) automatically tripped on low suction pressure because the Volume Control Tank (VCT) outlet valve (M0-2087) closed as expected. The operators then isolated letdown. This left concentrated boric acid in the charging system. As a pre-planned evolution, charging and letdown were reestablished. This resulted in the power plant stabilizing at
_91% power. ..
All safeguards equipment was secured, the left channel diesel generator declared inoperable and a seven-day limiting condition of operation for the diesel generator was entered. The right channel diesel ge,nerator was test started and off-site power verified. Instrument and Control (l&C) techn_icians and engineers were called in to evaluate and support the follow-up to the event.
The sequencer is a Programmable Logic Controller (PLC) that consists of a main micro-processor and various input/output (1/0) modules for each piece of equipment actuated by the sequencer. The as-found status of the sequencer indicated that a problem had occurred with the micro-processor module. The micro-processor was taken to the l&C lab where evaluation determined that the micro-processor was now working properly. Next, all of the 1/0 modules were taken to the l&C lab where it I was determined that they were also functioning properly. A spare micro-processor was obtained from stock and satisfactorily functionally tested with the sequencer 1/0 modules. On March 3, 1995 at approximately 0300 hrs the spare micro-processor and the existing 1/0 modules were installed in the left channel OBA sequencer chassis. Return of the sequencer to service was delayed pending plant management review of the event and the corrective actions taken.
NRC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION 4195 LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION I
FACILITY NAME 11\ DOCKETl2) LER NUMBER 6) PAGE 13\
YEAR SEQUENTIAL REVISION NUMBER NUMBER PALISADES-NUCLEAR PLANT 05000255 3 OF?
95 - 001 01 TEXT (If more space is required, use additional copies of NRC Form 366A) (17)
On the morning of March 3, 1995, an engineering and management team was established to review the event. A call was made to the manufacturers technical service department which confirmed that the as-found status of the micro-processor indicated that a failure of the micro-processor had occurred. The discussion with the technical service department also confirmed the plant conclusion that, based on the as-found status and testing of the 1/0 modules, they were operable. At approximately 1500 hrs a plant management meeting was held to review.the event.
Based on the results of the review, a decision was made to return the sequencer to service and schedule a sequencer operability test. At approximately 1900 hrs the sequencer was successfully returned to service. The left channel of Technical Specification Surveillance Q0-1, "Safety Injection" was completed as a test of the sequencer's operability. After successful completion of the testing, the sequencer and associated diesel generator were declared operable. The Plant was returned to 100% power on March 4, 1995.
Cause of the Event The cause of the event was the failure of the OBA sequencer micro-processor module (MC-34L).
The root cause of the micro-processor module failure was anomalous, irregular operation with low probability of repeat failure.
Analysis of the Event The OBA sequencers, MC-34L (left channel) and MC-34R (right channel) sequence loads onto the emergency diesel generators. Sequencing of loads ensures that appropriate equipment is energized in time to contend with an event while, at the same time, preventing excessive step loads from being placed on the diesel generator (which could result in the loss of the generator).
Automatic sequencer actuation occurs only when emergency generator power is automatically demanded as result of lost or unacceptably degraded 2400V AC bus voltage. When this emergency generator demand is not accompanied by a Safety Injection Signal (SIS) actuation, the Normal Shutdown Sequencer (NSD) sequence is selected. When the emergency generator demand is accompanied by a SIS, the Design Basis Actuation (OBA) sequence is selected.
Issues/Questions
- What did the sequencer do to cause the safeguards initiation?
Discussion with operations personnel and examination of Plant Datalogger Sequence of Events Report indicates that every sequencer output device was sent a "start" signal. Some devices were blocked from starting by logic external to the sequencer and, as such, were not
. reported on the Datalogger report.
"RC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION 4195 LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME l1 l DOCKETl2l LER NUMBER 6\ PAGE l3l 05000255 YEAR I SEQUENTIAL NUMBER I REVISION NUMBER 40F7 PALISADES* NUCLEAR PLANT 95 - 001 01 TEXT (If more space is required, use additional copies of NRC Form 366A) (17)
At some time after initiating every output, the micro-processor turned off every output. Although it is difficult to determine exactly how long this took, it had to be long enough to fatch equipment breakers and interposing relays. The following are considerations in determining that time.
The sequencer can process its entire ladder logic program in 1O to 20 milliseconds. If the micro-processor "locked up" or if the processor diagnostic shut it dowa, it would take 300 milliseconds for the 110 cards to realize that communication with the micro-processor is absent or garbled. This is commonly referred to as a watchdog" feature.
The 110 card would then automatically turn off every output and extinguish its active light. The as-found status lights indicate that the processor was either "locked up" or shutdown by diagnostics because all module active lights were extinguished and 300.
milliseconds is long enough to latch the equipment breakers and inteq;>osing relays.
- What caused the sequencer failure?
We believe we have eliminated every component as the cause except the sequencer's micro-processor unit. The following is support for this position.
The DBA sequencer chassis holds all of the sequencer modules and is a passive device. Because the processor and 1/0 cards communicate across the chassis backplane using CyclicRedundancy Checksum (CRC-16), which is a method for -. '~
detecting communications errors within the sequencer, a fault on the backplane could not force the 110 module to alter the state of its outputs.
The 1/0 modules should not be able to make the processor fail its diagnostics because the error checking program (CRC-16) would not allow a fault on a single 1/0 card to be propagated to all output cards. A failure on the input card, however, could possibly start a false initiation of a NSD or DBD sequence which would take about 55 seconds to complete as determined by the software ladder logic. Since for this event, the sequencer actuated all outputs at once, this eliminates the input card as the source of failure.
Investigation of the as-found equipment condition showed that the micro-processor
- had the POWER light on, and the RUN and READY lights extinguished. This combination can only occur if the micro-processor locks up or the diagnostics detect a CPU or memory error and shuts down the system. The RUN light ori the processor and the ACTIVE light on each module were found off which is consistent with this failure mode. The RUN light on the processor and the ACTIVE light on each module
- were found off, which is consistent with this failure mode. The RUN light indicates
NRC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION 4195 LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME (1) DOCKETf?\ LER NUMBER 6\ PAGE 13\
05000255 YEAR I *SEQUENTIAL NUMBER I REVISION NUMBER 5 OF?
PALISADES* NUCLEAR PLANT 95 - 001 01 TEXT (If more space is required, use additional copies of NRC Form 366A) (17) that the processor is executing the ladder logic. If the micro-processor has been shut down, it could not run logic programming. The active lights on the 1/0 modules will automatically turn off after 300 ms due to lack of communications with the processor. Therefore, we believe that the micro-processor was the only possible point of failure in the sequencer.
The following provides additional discussion as to why the root cause failure is considered to be the micro-processor. It is based on general computer experience and very little. hard evidence.
A faulty component can cause intermittent memory or processor error which will cause
.computer systems to appear to lockup or quit instantaneously. However, the computer often will perform many instructions, some correctly and some incorrectly, before locking up or the error being detected by continuous diagnostics. The Palisades DBA sequencer system operates in the following cyclic sequence: Inputs retrieved, ladder logic performed, output sent, diagnostics run. This processing sequence would allow for some error to propagate from the memory and micro-processor to the output cards before detection by the diagnostics routine. This error might also remain in place until more problems lock up the processor or diagnostics shut down the system. Even an error which is present for only one scan cycle would leave outputs energized for 300 milliseconds until the watchdog timer on the 1/0 cards turned the outputs off. This could explain how a micro-processor problem could have been processed to the output cards, resulting in a start of the left channel safeguards equipment.
- Is this a recurring event?
There are some similarities between the current sequencer failure and the single previous failure on record. This previous failure occurred July 29, 1989 to the right channel sequencer (MC-34R). The similarity is limited to the loss of active lights on the 1/0 cards and the inability to recreate the failure during troubleshooting. The previous failure, however, did not activate any outputs. The differences in failure modes and the time between failures are large enough that a short term concern of a recurring event is not warranted. This previous failure was discussed with the vendor in conjunction with the evaluation of the current sequencer failure.
- Is there a common mode failure that could affect the microprocessor replacement unit or the other channel?
This topic was discussed with the manufacturer's technical service department. They searched their service bulletins for similar symptoms and none were found ..
. ~
NRC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION 4195
- LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION FACILITY NAME <1) DOCKETl2) LER NUMBER 6) PAGE (3\
YEAR
- 1 SEQUENTIAL REVISION NUMBER NUMBER PALISADES* NUCLEAR PLANT 05000255 60F7 95 001 01 TEXT (If more space is required, use additional copies of NRC Form 366A) (17)
A theory was proposed that Electro-Magnetic Interference (EMI) from some other device near to the micro-processor could have caused the problem. The theory was tested in the lab by keying a portable radio transmitter within a couple of inches of the micro-processor and monitoring for lockup or status light changes. None were detected. Power and input signals were examined for signal strength and wave form and nothing unusual was found. It has also been determined that no person was in close proximity to the PLC when the event occurred. At this time there appears to be no external mechanis111 to explain this malfunction of the micro-processor.
A typical design consideration when software is involved with equipment operation is whether a certain combination of internal software logic and/or external inputs from the application
- software could cause an action that was not predicted. It is highly unlikely, however, that this*
type of software anomaly could have caused the failure experienced here. The application . l software is written in ladder logic, which is a high level computer language. It cannot typically be written in such a way as to disable the processor itself. Processor malfunction was indicated by the lack of a READY light and the loss .of the 1/0 module ACTIVE lights~
A slightly more probable software failure niode involves an error in .the internal software logic sometimes called the software kernel. This is the part. of the software that interprets the ladder logic.code, acquires input data, outputs results of the ladder logic, and diagnoses errors in the hardware and memory. The probability of an error in the software kernel is low.
This sequencer has been running at Palisades without error for over six years. The sequencer hardware manufacturer checked their service bulletins and found no relevant * "'
notes, cautions, or fixes related to a software kernel problem. The microprocessor portion of the sequencer is a standard Programmable Logic Controller (PLC) that is widely used in .
various applications in many industries ..As such, the PLC manufacturer has the experience and market forces of many PLC owners who would identify that significant common mode failures were a problem with this device. At this time we also do not believe that a common mode software problem exists that would cause the micro-processor to fail. ..
Plant Response to the Event Along with the starting of safeguards pumps and opening and closing of valves, it was also noted that the Auxiliary Feedwater pump (P-BA) and Control Room Heating, Ventilation and Air Condition System (HVAC) fan (V-95) did not start. Based on design and plant conditions, these devices would not have been expected to start. P-BA did not start since an Auxiliary Feedwater Actuation Signal (AFAS) was not present. V-95 did not start because a load shed signal was not present.
NRC FORM 366a U.S. NUCLEAR REGULATORY COMMISSION i .! 4195
- LICENSEE EVENT REPORT (LER)
TEXT CONTINUATION I
FACILITY NAME l1 l DOCKETl2l LER NUMBER 16) PAGE (3)
YEAR SEQUENTIAL REVISION NUMBER NUMBER PALISADES*NUCLEAR PLANT 05000255 7 OF 7 95 - 001 01 TEXT .(If more space is required, use additional copies of NRC Form 366A) (17)
The condition report also noted that Safety Injection Tank (SIT) Pressure Control Valves (PCV) opened, causing relief valve RV-3161 to relieve to the quench tank (T-73). Based on an evaluation of design and valve lineup, this was correct and is acceptable system behavior.
Evaluations of the above situations are documented with the plant condition report documenting this event.
Corrective Action Completed I I
The micro-processor module of DBA sequencer MC-34L was sent to the vendor, Modicon, for I evaluation. Modicon was the original manufacturer of all of the modules which .make up the I MC-34L sequencer. The vendorwas requested to troubleshoot and report on the micro-processor I module. 1, I
The micro-processor module was put through .the same test sequence a new module would go I through prior to shipping. This is a sequence of processor commands, responses, voltage tests, I etc. No errors were found. The module worked within specifications. As no errors were readily I found, the module was placed into an extended test to see if a failure would occur with a longer I run time. Again, no errors were found. I I
The vendor has concluded that the micro-processor module is operating within specification. The vendor has found nothing that would contribute to a further understanding of the root cause of the
~equencer failure. The vendor .could not contribute any relevant speculation on the* failure m'ode other than a certain small error rate is expected and that they occasionally see errors in the presence of large voltage spikes (such as from welding).
Therefore, the vendor concurs that this failure was an anomalous event with low probability of repeat failure. Since a year has passed with no similar failure, no further corrective action is required.
