ML18087A415
| ML18087A415 | |
| Person / Time | |
|---|---|
| Site: | Westinghouse |
| Issue date: | 03/28/2018 |
| From: | Westinghouse |
| To: | Office of Nuclear Material Safety and Safeguards |
| Shared Package | |
| ML18087A400 | List: |
| References | |
| CAC L33317, LTR-RAC-18-25 | |
| Download: ML18087A415 (29) | |
Text
1 Consolidated November 23, 2016 RAI Responses for Organization (RAIs 1-2)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 1. Section 2.1.1.3 (d) of the license application (Ref. 1) states the responsibilities of the Regulatory Component. The responsibilities include, Verification of installed equipment for conformance to requirements for environmental and radiation protection, nuclear criticality safety, and emergency planning; and, for documentation of said conformance; and Ensuring reviews are conducted of environmental and radiation protection, fire and chemical safety, nuclear criticality safety, occupational safety and health, and emergency plan aspects of changes to equipment and operations associated with the processing, handling, and storage of licensed material in accordance with the governing regulations.
- 1. Discuss how Westinghouse conducts reviews for individual safety disciplines. 2. Discuss how and whether Westinghouse performs collective (i.e.,
integrated) reviews (e.g., by use of a multi-disciplinary Review Board). For example, in some facilities, Review Board consisting of members of safety disciplines (e.g.,
fire, chemical hazards) meet to discuss changes to a process or facility. The collective meeting follows individual reviews in specific disciplines. 3. Discuss how the experience of operators familiar with the system being changed are factored into the review process. 4.
Discuss how differing views are dispositioned.
See also the explanatory discussion of RAI 42 (page 15) and RAI 48 (page 18).
No change made to the License Application.
- 1. Section 3.1, Configuration Management describes how changes are reviewed by the Regulatory Component. The Regulatory Component consists of the individual safety disciplines as depicted on the organization chart in Chapter 2.0 Management Organization of the License Application.
- 2. A multidisciplinary safety review, consistent with the scope and complexity of the change, is performed for changes made in accordance with Section 3.1. Configuration Management. The safety review may take place collectively, with all parties in the same room. For simple changes, a collective review may not be required. The criteria for regulatory review of facility modifications are contained in CFFF procedures and are available for NRC inspection.
- 3. The design process assures that input from key stakeholders, including operations, is incorporated into changes made at the CFFF. In addition, when a process hazard analysis is performed, an operations representative is a required team member.
- 4. Typically, the team reviewing a change is able to resolve any differing views. If the team is unable to do so, there are multiple avenues for raising and resolving concerns.
RAI 2. Discuss how the components of the Columbia Fuel Fabrication Facility (CFFF) organization depicted in 10 CFR 70.22(a)(8)
No change made to the License Application. (Note that the figure listed in the RAI is Figure 2.1 in the renewal application.)
2 Figure 2.2 of the license application interact with each other (i.e. when changes are to be made in plant systems and procedures). Describe the extent of interactions between functions under different components (e.g., Safety, Quality Regulatory, Engineering, and Security) and specific roles in each component group. Describe how the implementation of maintenance changes is evaluated to avoid a decrease in established safety.
Figure 2.2 of the license application is an organizational chart of the CFFF. The chart shows five components (i.e., Safety, Regulatory, Quality, Engineering, and Security) under the plant manager. Similarly, under the Safety and Regulatory Components are (organizational)
Functions without discussion how the Functions interact, either within a Component or across Components. The license application lacks a discussion of how the components and functions interact to ensure that changes to plant systems, daily operations and procedures do not have adverse effects on safety.
For example, explain how an engineering change to a non-IROFS does not decrease safety or how this change is addressed as a whole system not a single component.
When changes are proposed to plant systems, procedures and maintenance activities, they are submitted to the Regulatory Component for review. These changes may or may not involve IROFS. The management measures described in Section 3.1, Configuration Management, Section 3.2, Maintenance and Section 3.4, Procedures, Training and Qualification in the License Application control these changes to assure safety and security, as well as compliance with license requirements. The organizational chart in Chapter 2.0 of the License Application shows that the Regulatory Component is independent of the Manufacturing and Engineering Components to assure objective review of proposed changes to plant systems, maintenance and procedures.
Typically, the Manufacturing or Engineering Component submits a proposed change to the Regulatory Component for review. The various safety functions within the Regulatory Component then perform an evaluation to assure that the proposed change meets our license requirements and does not have an adverse effect on safety or security. This Regulatory Component review is performed and documented in accordance with CFFF procedures and is available for NRC review and inspection.
Interactions between Component personnel vary based on the scope and complexity of the proposed change. For large or complex changes, it is best practice for the submitter of the proposed change to meet with the Regulatory Component and other affected Components face-to-face prior to submitting the proposed change for review. As the proposed change progresses through the different stages of design, additional face-to-face interactions with the affected Components may occur.
3 Consolidated November 2016 RAI Responses for ISA (RAI 3)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 3. Describe the features of the ISA program that periodically evaluate the assumptions on which the elements used to determine likelihood and consequence are based (e.g. initiating event frequencies, failure modes, failure rates, and release rates). Discuss the periodicity of these evaluations, the personnel involved, and the criteria applied to determine the validity of the original assumptions.
10 CFR 70.62(c)(ii) 10 CFR 70.72(a) 10 CFR 70.22(a)(6)
No change made to the License Application.
The Regulatory Component provides oversight for safe and compliant operations at the CFFF. This oversight includes monitoring the ongoing performance of IROFS, management measures and process upsets/abnormal conditions. Issues are entered into the Corrective Action Program for resolution.
This performance data is summarized at least quarterly and is reviewed by management to identify repetitive failures and generic issues. Unacceptable performance deficiencies are corrected, and any necessary updates to the Integrated Safety Analysis (ISA) and ISA Summary documents are made to correct underestimated performance (e.g., initiating event frequencies, failure modes, and failure rates).
The ISA documents are updated at least annually to incorporate the changes made during the calendar year, as well as to incorporate operating experience from within or outside the company. Operations and Engineering work as a team with the Regulatory Component to update these documents.
Safety program audits at the CFFF are performed on a triennial frequency as specified in the License Application. The ISA and ISA Summary are audited on a 5 year frequency. This audit includes evaluation of the technical basis and assumptions used in the analysis, as well as proper implementation of the safety basis. The criteria used for the audit are documented on an audit checklist.
4 Consolidated November 2016 RAI Responses for Nuclear Criticality Safety (RAIs 4-50)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 4. Commit to the 2005 version of American National Standards Institute/American Nuclear Society (ANSI/ANS) standard ANSI/ANS-8.19, or justify using an older version of the standard.
Section 6.1 of the license application (Ref. 1) states that the Nuclear Criticality Safety (NCS) Program meets the requirements of ANSI/ANS-8.19-1996 as pertains to organization and administration. Section 5.4.3.2 of Nuclear Regulatory Commission (NRC) guidance (Ref.
2), states that the license application should contain justification if committing to other than the most current version of a standard endorsed by the NRC.
Regulatory Guide 3.71 endorses the 2005 version of ANSI/ANS-8.19.
The difference between the 1996 version of ANSI/ANS-8.19 and the current 2005 version is (1) the reference to follow the guidance for use of CAAS from the newer/reaffirmed version in ANSI/ANS-8.3-1997, R2003, and (2) the reference to follow the guidance for emergency planning and response in ANSI/ANS-8.23-1997.
CFFF is following the guidance in ANSI/ANS-8.3-1997, as evident from SNM-1107, Section 6.1.8, which states: The CAAS radiation monitoring detectors are located to pursue conformance to the guidance of ANSI/ANS-8.3(1997) (as modified by Regulatory Guide 3.71), and compliance with 10CFR70.24. Furthermore, CFFF mostly complies with ANSI/ANS-8.23-1997. Section 9.0 of SNM-1107 has been revised as follows:
This program complies with the requirements of ANSI/ANS-8.23(1997) for nuclear criticality accident emergency planning and response with the exception that CFFF shall comply with Section 8.3 evacuation drill requirements on a biennial frequency.
Therefore, CFFF in its license application follows the guidance of the 2005 version of ANSI/ANS-8.19 and is justified in referencing ANSI/ANS-8.19-1996. However, for the sake of clarity going forward, CFFF has referenced the 2005 version of ANSI/ANS-8.19. In addition, CFFF will increase the frequency of evacuation drills to an annual basis to be in complete compliance with ANSI/ANS-8.23-1997, R2012.
RAI 5. Clarify use of the word configuration in the first paragraph of Section 6.1.1 of the license application (Ref. 1), which lists mass, moderation, and configuration as examples of controlled parameters.
Configuration is not included in the list of parameters in Section 6.1.3 of the license application (Ref. 1), nor is this a normally recognized controlled parameter. This information is needed for clarity.
It is recognized that configuration, in this context, is a synonym of shape, Therefore, the current wording in Section 6.1.3.4(1) (i.e., Geometry control is used to limit the shape, configuration or volume of SNM within specific process operations and vessels) has been revised as follows:
Geometry control is used to limit the shape or volume of SNM within specific process operations and vessels...
RAI 6. Section 6.1.1 of the license application (Ref. 1) states, The defense consists of the bounding 10 CFR 70.61(d)
It is agreed that the word constraints is not properly used, and should be changed to controls. In addition, the statement uniquely sufficient to maintain
5 assumptions, criticality safety limits, and criticality safety constraints that, as a set, are uniquely sufficient to maintain the minimum subcritical margin against an initiating event. Clarify the difference between criticality safety limits and constraints. Clarify what is meant by uniquely sufficient to maintain the minimum subcritical margin against an initiating event. The minimum subcritical margin is an allowance for any unknown uncertainties in calculating Keff and is not typically associated with any particular initiating event or limits.
the minimum subcritical margin is vague and non-descriptive. Therefore, the current paragraph in Section 6.1.1 that reads:
The defense consists of the bounding assumptions, criticality safety limits, and criticality safety constraints that, as a set, are uniquely sufficient to maintain the minimum subcritical margin against an initiating event has been changed to:
The defense consists of the bounding assumptions, criticality safety limits and controls that, as a set, are sufficient to maintain subcriticality during normal and credible abnormal conditions.
RAI 7. Explain the difference between audits and compliance audits in relation to ensuring the reliability of administrative controls the third paragraph of Section 6.1.1 in the license application (Ref. 1).
Section 5.4.3.2 of NRC guidance (Ref. 2) states expectations for various types of audits and assessments. Various terms are used throughout the nuclear fuel industry, and it is therefore necessary the terms be clearly understood.
Section 6.1.9 in the license application describes the various types of audits performed by CFFF. Regarding ensuring the reliability of administrative controls, the last sentence in Section 6.1.1 has been revised as follows:
The reliability and effectiveness of administrative controls are assured through management measures that include procedure reviews, training, and audits/assessments.
RAI 8. In Section 6.1.3 of the license application (Ref.
1), commit that when using a single NCS control to maintain the values of two or more parameters, this constitutes only one component necessary to meet double contingency.
By Section 5.4.3.2 of NRC guidance (Ref. 2), double contingency requires that at least two changes in process conditions are necessary for criticality, and that those changes in process conditions be independent.
Though double contingency is not required for existing facilities by the rule, double contingency is both a commonly practiced and effective means to limit the risk of a nuclear criticality accident.
For clarification, the following sentence has been added after the last sentence in the first paragraph of Section 6.1.1:
The use of a single NCS control to maintain the values of two or more controlled parameters constitutes only one component necessary to meet double contingency protection.
6 RAI 9. In Section 6.1.3 of the license application (Ref.
1), commit to when the control of parameters is based on measurement, the instrumentation used will be subject to facility management measures.
Though Section 5.4.3.2 NRC guidance (Ref. 2) mentions this criterion when applied to specific controlled parameters (e.g., mass, density, enrichment), the concept applies to any parameter where control relies on measurement.
The following sentence has been added to Section 6.1.1, third paragraph:
Any instrumentation relied upon to either verify or impose an NCS control or parameter is subject to CFFF management measures programs to assure the reliability of its intended function.
RAI 10. Section 6.1.3.1(2) of the license application (Ref. 1) states that an evaluation will be done to determine the controls necessary to prevent reaching the safety limit. Define the term safety limit.
The term safety limit is used in Section 6.1.3.1(2) of the license application, but not elsewhere in the chapter. Clear and unambiguous terms are necessary to communicate and implement nuclear safety concepts.
Safety limit refers to the margin of safety for normal and credible conditions as outlined in Section 6.1.5.2, Limits of keff. For clarification, the sentence has been revised as follows:
The evaluation also considers normal operations and expected process upsets to determine the operating mass limit and the controls necessary to maintain subcriticality.
RAI 11. In Section 6.1.3.2 of the license application (Ref. 1), commit to evaluate the effect of fire suppressants and firefighting activities in areas subject to moderation control.
By Section 5.4.3.2 NRC guidance (Ref. 2), the use of moderating fire suppressants can challenge moderation and possibly other controls and should be evaluated.
No change made to the License Application.
In Section 6.1.3.2 (4), CFFF commits to invoke ANSI/ANS-8.22 for moderator controlled areas. The requirement to evaluate the effect of fire suppressants and firefighting activities is invoked by: (1) ANSI/ANS-8.22, Section 4.1.6, which requires moderator control requirements in fire-fighting procedures, and (2)
ANSI/ANS-8.22, Section 4.2.10, which requires process evaluations (i.e., CSEs) to address the need for special controls for fire prevention and suppression activities.
RAI 12. Define the term interstitial moderator in Section 6.1.3.2(3) of the license application (Ref. 1).
Commonly, the term is used to refer to the density of water filling the space between fissionable units in an array or other collection of units, but the term has also 10 CFR 70.61(d)
The term interstitial moderator is referring to the water that can potentially intrude into the analyzed system (i.e., interspersed moderation between fissile units) and considers the full range of densities from humidity and mist conditions to full water density. To avoid any unambiguity, Section 6.1.3.2(3) has been revised as follows:
7 been used to refer to moderator that is intimately mixed with fissionable material. Clear and unambiguous terms are necessary to communicate and implement nuclear safety concepts.
Moderation controls (IROFS) are established to ensure that the interstitial moderator, or the water between fissile units, is maintained within the analyzed systems documented limits, for normal operation and expected process upsets.
The most reactive credible full range densities (i.e., humidity/mist conditions to full water density) for interstitial moderator are modeled.
RAI 13. In Section 6.1.3.2(4) and (5) of the license application (Ref. 1), clarify the statement that Westinghouse will follow the guidelines of ANSI/ANS-8.22-1997. State whether guidelines consist of the requirements of the standard, its recommendations, or both.
By Section 5.4.3.2 of NRC guidance (Ref. 2), when an applicant intends to conduct activities to which an NRC-endorsed standard applies, the application should contain a commitment to follow the requirements (shall statements) of the standard. The term guidelines is vague and does not make clear to what sections the licensee is committing. Clear and unambiguous terms are necessary to communicate and implement nuclear safety concepts.
CFFF has changed the word guidelines in Sections 6.1.3.2(4) and 6.1.3.2(5) to requirements.
RAI 14. In Section 6.1.3.2(4) of the license application (Ref. 1), clarify whether the bulleted commitments apply whenever moderation control is used, or only when moderation is the sole controlled parameter.
The subject commitments are sub-bullets under the paragraph that starts When moderation control is used as the sole controlled parameter, but appear appropriate to moderation control generally. Clear and unambiguous terms are necessary to communicate and implement nuclear safety concepts.
No change made to the License Application.
The wording of the text implicitly implies that a moderator control area consists of the bulleted list in Section 6.1.3.2(4) as a requirement, as well as ANSI/ANS-8.22 (1997), and when moderation control is in the singular use as a controlled parameter.
RAI 15. In Section 6.1.3.3(3) of the license application, commit that all physical and chemical mechanisms that can affect concentration so as to challenge a concentration control limit will be considered and 10 CFR 70.61(d)
For clarification, Section 6.1.3.3(3) has been revised as follows:
The determination of concentration limits and controls will consider all physical and chemical mechanisms that can affect concentration such as precipitation,
8 documented in Criticality Safety Evaluations (CSEs), or justify that the list of phenomena mentioned (e.g.,
precipitation, evaporation, freezing) is sufficiently all-inclusive.
evaporation, freezing, settling, heterogeneity and chemical phase change events as appropriate.
RAI 16. In Section 6.1.3.3 of the license application (Ref. 1), commit that when using tanks containing concentration-controlled solution, the tank will be closed and locked to prevent unauthorized access.
By Section 5.4.3.2 of NRC guidance (Ref. 2), all credible abnormal conditions must be considered to ensure that precipitating agents are not inadvertently introduced.
The following sentence has been added to Section 6.1.3.3 as a new bullet:
As required by the implementing CSE, in cases where the system design of a process tank using concentration-controlled solution does not preclude an inadvertent addition of precipitating agents, the tank will be closed and locked to prevent unauthorized access.
RAI 17. Section 6.1.3.4(5) of the license application (Ref. 1) states, Geometry controls will be maintained through management measures that include procedure reviews, training, experience, and audits. Section 6.1.3.10 of the license application states, Spacing controls will be maintained through management measures that include procedure reviews, training, experience, and audits. Explain what is meant by these statements.
Section 5.4.3.1 of NRC guidance (Ref. 2) states that applicants should commit to the double contingency principle, which requires that at least two changes in process conditions are necessary for criticality, and that those changes in process conditions be unlikely.
Management measures are applied to controls to ensure that their failure is unlikely. However, management measures listed do not appear appropriate to passive geometry or spacing controls.
The word experience was deleted from Section 6.1.3.10. In addition, it was deleted from Sections 6.1.1 and 6.1.3.4.
The function and effectiveness of all nuclear criticality safety-significant controls at CFFF, which includes both engineered and administrative controls, are verified and audited (per RA-108) to ensure proper performance. When geometry controls are relied upon for criticality safety, limiting equipment dimensions (e.g., cylinder radius) are maintained/verified through management measures (e.g., audits). The same applies when interaction is controlled by spacing items bearing fissile material (i.e., the amount of spacing/interacting requirement is verified through management measures). These controls are determined through criticality safety analysis of the normal and credible abnormal process upset conditions for the operation in question, which includes a double contingency analysis. In other words, the passive geometry or spacing controls are not single controls relied upon. The management measures are put in place to prevent degradation or loss of controls by verifying their intended functions.
In addition, there are a few geometry and spacing controls that have an administrative component to their safety function. For instance, there are 3 sizes of polypaks available in the plant (i.e., 7.5-, 8-and 9-inch). Operators must be trained on selecting the correct size polypak, as well as the approved material loading for each polypak. Also, at various portions of the operation, polypaks will be hand-carried by an operator and the operator will need to know the spacing
9 requirements for that polypak. Training and procedures are relied upon so that operations personnel will be able to readily recognize or detect failure of the control and take appropriate response actions for geometry and spacing control violations.
RAI 18. In Section 6.1.3.6(2) of the license application (Ref. 1), explain the phrase, control of enrichment to less than the licensed limit. State whether enrichment limits lower than the licensed limit will be used for criticality control. If so, state the controls that will be used to ensure limiting enrichments will not be exceeded.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that when enrichment is controlled, either a method of segregating enrichments is used to ensure different enrichments are not interchanged, or the most limiting enrichment is applied to all materials.
The maximum U-235 enrichment at CFFF is 5.0 wt%. Therefore, the basis/bounding assumption for performing CSEs is that all uranium is analyzed at 5.0 wt% U-235 enrichment, as this represents the maximum operating, or licensed, enrichment limit. No attempts are made at taking credit for lower enriched material in NCS space. Enrichment values lower than the licensed limit are not used for criticality control.
For clarity, the first sentence of Section 6.1.3.6(2) of the license application has been revised as follows:
Control of enrichment to not exceed the licensed limit is used to limit the percent of U-235 in a process, vessel, or container.
RAI 19. Section 6.1.3.7(2) of the license application (Ref. 1) states, Nuclear criticality safety calculations have demonstrated that for particle sizes 150 microns in diameter, the material can be considered homogeneous. Provide technical justification for this assertion.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that heterogeneous effects should be considered whenever relevant. The technical basis for the subject statement is needed to determine if this is an adequate criterion for when heterogeneous effects should be considered.
No change made to the License Application.
CFFF Calculation Note CN-95-022, Determine the heterogenic effect that a uranium particle of increasing size might have on the Keff of a spherical uranium system provides the requested technical justification and is available for NRC review and inspection.
RAI 20. Provide technical justification for the exceptions to ANSI/ANS-8.5-1996 stated in Section 6.1.3.8(2) of the license application (Ref. 1), especially given the statement in the standard that Raschig rings should not be used in basic solutions unless chemical and physical limits have been determined and 10 CFR 70.61(d)
Section 6.1.3.8(2) was revised as follows:
(2) When Raschig rings are used, their use and maintenance is in accordance with ANSI/ANS-8.5(1996). To prevent the degradation of the Raschig rings during use in basic environments/solutions, the chemical and physical limits are as follows:
10 documented, due to the known corrosion of borosilicate glass in basic environments.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that if the applicant intends to conduct activities to which an NRC-endorsed standard applies, the application should contain a commitment to follow the requirements (shall statements) of the standard, subject to exceptions as discussed in Regulatory Guide 3.71. The technical basis for these additional exceptions needs to be understood.
System pH is maintained > 7, but < 11.
System temperature is maintained < 60 degrees (Celsius).
The condition of the Raschig rings in the operational Q-Tanks is verified annually.
In addition, technical justification for the use of Raschig rings in basic environments was provided to NRC when on-site at the CFFF. This data is documented in Westinghouse letter LTR-EHS-17-80.
RAI 21. In Section 6.1.3.8(3) of the license application (Ref. 1), clarify whether the measurement of neutron absorbers includes verification of absorber dimensions in addition to composition.
For clarification, the first bullet of Section 6.1.3.8 (3) has been revised as follows:
The absorber dimension and composition are measured, and documented in the applicable CSE, prior to first use.
RAI 22. Explain the significance of defining the terms full reflection and partial reflection as used in Section 6.1.3.9 of the license application (Ref. 1).
These terms are not used elsewhere in the license application. Clarify if the definitions include that the 12-inches or 1-inch of water be tight-fitting and how these definitions apply in the presence of reflectors other than water (e.g., concrete).
Reflection is one of the parameters that affect neutron multiplication, and this section states the acceptable ranges of reflection that are typically evaluated in the CSE.
Section 6.1.3.9 has been revised as follows:
Credible reflection conditions are considered in the determination of all system limits and controls. The terms full reflection and partial reflection are defined as 12-inches and 1 inch of water equivalent (i.e., tight-fitting), respectively. If reflecting materials other than water are present (e.g., concrete), their reflecting properties are evaluated for all credible conditions and justified, as appropriate.
When less than full reflection is assumed, it is demonstrated that the reflection conditions modeled are the most reactive credible conditions; otherwise appropriate controls (i.e., IROFS) are established to maintain reflection within the applicable limits.
RAI 23. In Section 6.1.3.10 of the license application (Ref. 1), justify the first criterion for neutron isolation, specifically units may be considered non-interacting when they are separated by a 12-foot air distance.
Section 6.1.3.10 of the License Application was revised to state:
Units may be considered non-interacting when they are:
o separated by 12 inches of full density water equivalent
11 Regulations require that all processes be shown to be subcritical under normal and credible abnormal conditions. Calculations performed to demonstrate subcriticality must therefore bound actual process conditions, including consideration for interaction between neighboring units. Neutron isolation may not be adequately ensured by a 12 foot air distance for sufficiently large units.
A guideline often employed in the nuclear industry has been that single units may be considered isolated if separated by the larger of 12-foot air distance or the greatest distance across an orthogonal projection of the largest fissile accumulations on a plane perpendicular to the line joining their centers. The criterion stated in Section 6.1.3.10 is deficient in this regard.
material; or o separated by a distance in air which is the larger of 12 feet, or the greatest distance across an orthogonal projection of the largest fissile accumulations on a plane perpendicular to the line joining their centers.
RAI 24. In Section 6.1.3.10 of the license application (Ref. 1), commit to having engineered controls, or where not feasible, augmented administrative controls that will be used for interaction control, and that their structural integrity will be sufficient for normal and credible abnormal conditions.
By Section 5.4.3.2 of NRC guidance (Ref. 2), spacing upsets where spacing is only controlled administratively have commonly occurred.
The following sentence has been added to Section 6.1.3.10:
To maintain physical separation between units, engineered controls are used. If engineered controls are not feasible, administrative controls with visual aids such as painted lines and postings may be used. However, multiple procedural errors should not by themselves lead to criticality.
RAI 25. Section 6.1.4.2(1) of the license application (Ref. 1) states, The evaluation identifies the Safety Significant Controls necessary to ensure double contingency. Explain the statement. Define the term Safety Significant Controls, how they are used, and whether they include administrative or only engineered controls.
The term Safety Significant Controls is used in Section 6.1.4.2(1) of the license application, but is not defined anywhere else in the license application. Clear and 10 CFR 70.61(d)
For clarity, the second sentence in Section 6.1.4.2.(1) has been revised as follows:
The evaluation identifies controlled parameters for the system, establishes bounding assumptions for other system parameters, and identifies the controls necessary to maintain subcriticality.
Safety Significant Controls (SSCs) at CFFF includes both engineered (i.e., passive and active) and administrative controls that provide basic protection to prevent any accidents that could impact health, safety, and the environment. IROFS are a subset of SSCs that are relied on to prevent potential accidents at the facility that
12 unambiguous terms are necessary to communicate and implement nuclear safety concepts.
could exceed the performance requirements in 10 CFR 70.61 or to mitigate their potential consequences. Controls credited in the fault trees established for credible criticality scenarios are designated as IROFS. The attributes that are credited in a subcritical by geometry determination are also designated as IROFS.
RAI 26. In Section 6.1.4.2(8) of the license application (Ref. 1), clarify whether CSEs must be performed by qualified NCS staff.
Section 6.1.4.2(8) states that CSEs must be reviewed by a qualified Criticality Safety Technical Reviewer, but makes no mention of who performs and documents the CSEs. Similarly, Section 6.1.6 of the license application refers to a qualified Criticality Safety Technical Reviewer, but only in terms of performing independent verification of the CSEs.
Similarly, Section 6.1.6 refers to a qualified Criticality Safety Technical Reviewer, but only in terms of performing independent verification of the CSEs.
Organizational positions, functional responsibilities, experience, and qualifications of NCS personnel are necessary attributes of nuclear criticality safety.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that the applicant should meet the criteria in Section 2.4 of the same guidance, as it relates to the organizational positions, functional responsibilities.
Only a qualified NCS staff member can perform a CSE. Section 6.1.4.2(7) has been revised for clarification as follows:
CSEs are performed by qualified NCS staff in accordance with guidelines provided in the CFFF procedure for CSE generation.
RAI 27. In Section 6.1.7 of the license application (Ref.
1), commit to provide distinctive NCS postings in areas, operations, work stations, and storage locations relying on administrative controls.
By Section 5.4.3.2 of NRC guidance (Ref. 2), distinctive NCS postings ensure the operators understand the criticality safety significance of controls in their areas.
A new sentence was added to the beginning of Section 6.1.7 to address this RAI:
Distinctive NCS postings shall be in areas, operations, work stations, and storage locations relying on administrative controls as required by the implementing CSE.
RAI 28. Section 6.1.8 of the license application (Ref. 1) states, The CAAS [Criticality Accident Alarm System]
The first sentence of the second paragraph of Section 6.1.8 has been revised as
13 radiation monitoring detectors are located to pursue conformance to the guidance of ANSI/ANS-8.3(1997). Clarify the statement.
By Section 5.4.3.2 of NRC guidance (Ref. 2), states that if the applicant intends to conduct activities to which an NRC-endorsed standard applies, the application should contain a commitment to follow the requirements (shall statements) of the standard. The term pursue conformance is vague and does not make clear to what provisions in the standard the licensee is committing.
follows:
The CAAS radiation monitoring detectors are located in accordance with the requirements of ANSI/ANS-8.3(1997) (as modified by Regulatory Guide 3.71, Revision 2), and compliance with 10CFR70.24.
RAI 29. In Section 6.1.8 of the license application (Ref.
1), commit that the criticality accident alarm system (CAAS) will be designed to remain operational during credible events.
By Section 5.4.3.1 of the NRC guidance (Ref. 2), a CAAS should be designed to remain operational during credible events such as a seismic shock equivalent to the site-specific, design-basis earthquake or equivalent value as specified by the Uniform Building Code, and during events such as fires, explosions, a corrosive atmosphere, and other credible conditions.
In response to RAI 29, the following sentence has been added to the end of the second paragraph of Section 6.1.8:
The CAAS is designed to remain operational during credible events.
In addition, the following sentence was added to the beginning of Section 6.1.8:
The CFFF is committed to following the requirements of ANSI/ANS-8.3(1997).
RAI 30. In Section 6.1.8 of the license application, commit to having a criticality alarm that is clearly audible in areas to be evacuated or to provide alternative notification methods documented effective in notifying personnel that evacuation is necessary.
By Section 5.4.3.1 of NRC guidance (Ref. 2), the purpose of the alarm is to initiate timely evacuation.
The following sentence has been added in the last paragraph of Section 6.1.8:
The CAAS is clearly audible in all areas to be evacuated to ensure timely notification and evacuation or provide alternative notification methods documented effective in notifying personnel that evacuation is necessary.
RAI 31. In Section 6.1.8 of the license application (Ref.
1), commit to having fixed and personnel accident 10 CFR 70.24(a)(3)
The following sentences have been added at the end of the last paragraph of
14 dosimeters in areas requiring a CAAS, and that they will be readily available to personnel responding to an emergency, with a method for prompt onsite dosimeter readout.
By Section 5.4.3.1 of NRC guidance (Ref. 2), fixed and personnel accident dosimeters in areas requiring a CAAS ensure and protect response personnel from the consequences of a nuclear criticality accident. Such dosimeters ensure that response personnel are protected from the consequences of a criticality.
Section 6.1.8:
Furthermore, areas where CAAS is deployed, CFFF provides fixed and personnel accident dosimeters for responding emergency personnel. Prompt onsite dosimeter readout is available in a location outside the immediate evacuation zone to protect response personnel from the consequences of a nuclear criticality accident.
RAI 32. Section 6.1.9 of the license application (Ref. 1) states, audits and assessments address the guidelines of ANSI/ANS-8-19(1996). Clarify the statement. Confirm if it is the intent that audits and assessments will be done in accordance with the requirements of ANSI/ANS-8.19-1996.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that if the applicant intends to conduct activities to which an NRC-endorsed standard applies, the application should contain a commitment to follow the requirements (shall statements) of the standard. The term guidelines is vague.
Section 6.1.9 has been updated to reflect that CFFF will follow the requirements of the ANSI/ANS-8.19(2005) standard. Section 6.1.9 has been revised as follows:
These audits and assessments address the requirements of ANSI/ANS-8.19(2005) and are performed as described in Section 3.6 of this License Application.
RAI 33. Justify the triennial NCS program audit frequency in Section 6.1.9 of the license application (Ref. 1).
Section 5.4.3.2 of NRC guidance (Ref. 2) states that all operating SNM process areas should be reviewed at some specified frequency, which depends on such factors as the complexity of the process, degree of process monitoring, and degree of reliance on administrative controls. A graded approach may be used to justify an alternative schedule. Section 6.1.9 of the license application states, Program audits schedules are developed annually, with the complete NCS program assessed on a triennial frequency. No 10 CFR 70.22(a)(8)
The NCS program is audited by an independent party on a triennial basis. See the responses to RAIs 35 and 49 for additional information and justification.
In addition to the triennial program audit, with this license renewal, the CFFF commits to following the requirement of an annual review to ascertain that procedures are being followed and that process conditions have not been altered, per the requirements in ANSI/ANS-8.19 and ANSI/ANS-8.1.
15 reasons are given for the triennial frequency.
RAI 34. Justify the 5-year frequency of NCS compliance audits in Section 6.1.9 of the license application (Ref.
1).
Section 5.4.3.2 of NRC guidance (Ref. 2), states that all operating SNM process areas should be reviewed at some specified frequency, which depends on such factors as the complexity of the process, degree of process monitoring, and degree of reliance on administrative controls. A graded approach may be used to justify an alternative schedule. Section 6.1.9 of the license application (Ref. 1) states, Formal compliance audit schedules are developed annually, with one fifth of the fissile material processing areas described in the ISA audited annually, so that the complete set of operations making up the CFFF Integrated Safety Analysis (ISA) are assessed on a five year frequency. The assessments described in Section 6.1.9 have different frequencies, but the difference between them is not clear.
See response to RAI 35.
RAI 35. Describe the difference between the 5-year program assessments, described as compliance audits that evaluate implementation of NCS requirements and quarterly or semiannual facility walkthrough assessments, described as having a focus on field compliance with established NCS controls in Section 6.1.9 of the license application (Ref. 1). State how Westinghouse distinguishes between higher risk (requiring quarterly assessments) and lower risk (requiring semiannual assessments) operations.
Section 5.4.3.2 of NRC guidance (Ref. 2) contains acceptance criteria for various types of audits and assessments. These assessments described in Section 6.1.9 of the license application have different frequencies, but the difference between them is not clear.
CFFF performs many types of audits. The NCS group performs the facility walkthrough assessments described in Section 6.1.9. Also, an annual review will be performed going forward with the license renewal per the requirements in ANSI/ANS-8.19 and ANSI/ANS-8.1.
The frequency of facility walkthrough assessments is based on the risk of the system as determined by the applicable CSEs and ISAs. Specifically, the following criteria are employed to determine if a given process will be reviewed semiannually or quarterly:
Systems with no credible criticality scenarios: Semiannually Systems with credible criticality scenarios with frequencies 1E-05 per year: Semiannually Systems with credible criticality scenarios with frequencies > 1E-05 per year: Quarterly Systems that would otherwise qualify for a semiannual frequency may be assigned a quarterly frequency based on special circumstances (e.g., prior findings), as
16 determined by the EH&S Engineering Manager.
In addition, the NCS program is audited by an independent party on a triennial basis, and the ISAs are audited on a five year frequency as per the audit program described in Section 3.4. See the responses to RAI 49 for additional information.
RAI 36. In Section 6.1.10 of the license application (Ref. 1) clarify what is meant by stating that the combined process for procedures, training, and qualification meets the guidelines of ANSI/ANS-8.19(1996) and ANSI/ANS-8.20(1991). Confirm if it is the intent of Westinghouse that this process will satisfy the requirements of ANSI/ANS-8.19-1996 and ANSI/ANS-8.20-1991.
Section 5.4.3.2 of NRC guidance (Ref. 2) states that if the applicant intends to conduct activities to which an NRC-endorsed standard applies, the application should contain a commitment to follow the requirements (shall statements) of the standard. The term guidelines is vague.
It is the intent of CFFF to meet the requirements of ANSI/ANS-8.19(2005) and ANSI/ANS-8.20(1991). Therefore, the second sentence in Section 6.1.10 of the license application has been revised as follows:
This process is described in Section 3.4 of this License Application, and meets the requirements of ANSI/ANS-8.19(2005) and ANSI/ANS-8.20(1991), as they relate to training, procedures, and the requirement that no single, inadvertent departure from a procedure could cause an inadvertent criticality.
RAI 37. Provide minimum qualifications for qualified NCS staff, including those who will perform and document CSEs and perform other NCS Program functions, and for qualified NCS Technical Reviewers who will perform independent verification. Describe the various positions related to NCS and their duties and minimum qualifications.
Section 11.4.3.3 of NRC guidance (Ref. 2) states that the application should contain commitments regarding personnel qualification for managers, supervisors, technical staff, and others who perform regulated activities.
The general NCS engineer qualification (RAF-125-5) consists of four areas of applicability which must be met to be considered a qualified NCS engineer at CFFF. The four areas where the NCS engineer must demonstrate proficiency are:
A. Education/Experience - Hold a minimum of a Baccalaureate degree in science or engineering and two years of experience in the nuclear industry.
B. Required Reading/Knowledge - Possess a working knowledge of the ANSI/ANS criticality safety standards (8-series) as well as CFFF related NCS/ISA manuals and procedures. In addition, required reading includes the textbook by Mr. Ron Knief on Nuclear Criticality Safety Theory and Practice. Furthermore, NCS engineers must author three mentored CSEs as well as three mentored calculations.
C. Off-site Criticality Safety Training - Complete a university or national laboratory sponsored NCS short/training course or equivalent education or job experience.
17 D. General NCS Proficiency - Demonstrate knowledge of varied NCS topics such as Monte Carlo code usage, double contingency principle, techniques for demonstrating favorable geometry, preparing and implementing calculation notes and criticality safety evaluation.
Completion of the above training topics and satisfaction of RA-125 experience requirements represents the minimum requirements for the NCS Engineer Qualification at CFFF.
For Senior NCS Engineer Qualification, additional requirements must be met including demonstrated proficiency in RA-310 requirements and completion of three mentored technical reviews. Additional requirements for both the NCS Engineer and Senior NCS Engineer pertain to process qualification for a specific process area at CFFF.
Currently, the NCS criticality group at CFFF consists of four qualified individuals.
They perform the following functions and primary duties:
- 1. NCS Engineer performs general nuclear criticality safety functions including authoring CSEs and calculations and provides support to operations, such as procedure reviews and performs facility walkthrough assessments.
- 2. Senior NCS Engineer performs the same duties as the NCS engineer in addition to performing technical reviews on CSEs and criticality safety calculations.
- 3. NCS Group Manager performs administrative duties along with general nuclear criticality safety functions including authoring and reviewing CSEs and facility walkthrough assessments.
RAI 38. Commit to follow the requirements of ANSI/ANS-8.23-1997, in regard to emergency response as related to NCS.
Section 5.4.3.1 of NRC guidance (Ref. 2) contains this acceptance criterion. This is needed to ensure 10 CFR 70.24(a)(3)
The following sentence has been added at the end of the first paragraph of Section 6.1 as follows:
Also, CFFF is committed to following the requirements of ANSI/ANS-8.23(1997) with regards to emergency response as related to NCS to ensure personnel are
18 personnel are protected from the consequences of criticality.
protected from the consequences of a criticality accident.
RAI 39. Commit to require personnel to perform activities in accordance with written, approved procedures, and that unless a specific procedure deals with the situation, personnel shall take no action until NCS has evaluated the situation and provided guidance. Commit to require personnel to report defective NCS conditions to the NCS Program.
Section 5.4.3.2 of NRC guidance (Ref. 2) contains these acceptance criteria. They are needed to ensure an adequate response to off-normal conditions.
A second paragraph has been added in Section 6.1 as follows:
All activities that may affect NCS shall be performed in accordance with written and approved procedures. Should no specific procedure exist applicable to the situation, work shall not be initiated until such time that NCS staff has evaluated the situation and provided guidance. Furthermore, CFFF personnel shall report any defective NCS conditions to the NCS staff.
RAI 40. State whether density is relied on as a controlled parameter, and if so, commit that when process variables can affect the assumed density, the process variables are identified as controls.
Section 5.4.3.2 of NRC guidance (Ref. 2) contains acceptance criteria for the use of density as a controlled parameter.
A new Section 6.1.3.11 has been added for density as follows:
Density is not relied upon as a controlled parameter. As concentration is a controlled parameter, density is only an implicit controlled parameter.
RAI 41. Section 6.1.2 of the license application (Ref. 1) states, The relative effectiveness and reliability of NCS controls are considered during the CSE process.
Describe what is meant by relative effectiveness and state that the effectiveness and reliability of NCS controls will be justified in the CSE. One of the main issues during an event (Ref. 3) with the S-1030 scrubber that controls did not work because they were based on invalid assumptions. Much effort is typically put into showing that controls are reliable by appealing to the type of control (e.g., passive, active) and describing management measures. An often overlooked consideration is ensuring that controls actually work and can fulfill their safety functions. That requires a much more detailed kind of review.
The sentence has been revised as follows:
The effectiveness and reliability of NCS controls are considered, justified, and documented in the CSE process.
RAI 42. Section 6.1.3(b) of the license application 10 CFR The following statement has been added after the first sentence of Section
19 states that when less-than-optimum (worst case credible) conditions are assumed to a given parameter, the basis will be documented and justified in CSEs. In Section 6.1.3(c), state that the independent review of any assumptions, and the basis for their acceptance, will be documented.
Another main issue in the event of the S-1030 scrubber (Ref. 3) was that of unvalidated assumptions, several of which turned out to be false even though they were carried forward through several revisions of the CSE. They were subject to peer review, yet there are no firm criteria for performing the peer review and there is very little documentation of that review was conducted. Requiring an independent assessment of any assumptions would at least ensure that more than one person has had to think carefully about them.
70.61(d) 6.1.3(c):
Furthermore, independent review of the assumptions, including the basis or rationale for their acceptance, is separately documented at least every three years.
Section 6.1.3(c) was also revised to include the independent reviewer responsibilities described in Section 6.1.6. Section 6.1.6 was revised to add the following statement:
The TR also validates any assumptions used in the evaluation as per 6.1.3(b) and 6.1.3(c) and documents the basis for their acceptance.
In addition, the following statement was added to the triennial criticality safety program audit requirement in Section 6.1.9:
This audit shall include an effectiveness review of the CSE technical review process.
Note that assumptions will be assessed by an independent CSE technical review process at a minimum of every 3 years. Also, the FWA process, which is the annual NCS operational review for a process, verifies that the NCS bounding assumptions are still valid.
RAI 43. In Section 6.1.3.1 of the license application (Ref. 1), state that when mass limits are derived for material assuming a given weight percent of uranium, compliance will be verified by either weighing the material and ascribing the entire mass to uranium, or conducting physical measurements to establish the actual weight percent. State that process variables that can affect the weight percent of uranium are identified as controls. State that any material associated with a fissile process will be treated conservatively as having a high content of uranium until demonstrated otherwise.
For clarification, the following statement has been added at the end of Section 6.1.3.1 (1):
When mass limits are derived based on weight percent of uranium, compliance is verified by either weighing the material and ascribing the entire mass to uranium, or conducting physical measurements to establish the actual weight percent.
Furthermore, process variables that can affect the weight percent of uranium are identified as controls.
In addition, Section 6.1.3.1 (5) has been revised as follows:
20 An issue in the event involving the S-1030 scrubber (Ref. 3) was the non-conservative assumption that the material from the S-1030 scrubber was of low uranium content. This assumption was found to be incorrect. If all the material had been assumed to be uranium until measurements showed otherwise, the material would have been handled in a conservative manner (e.g., not pushed into two corners of the S-1030 scrubber when cleaning the scrubber of deposits). The assumption was based on process conditions that were not controlled.
These commitments are not included in the section on mass control, even though there are acceptance criteria in NRC guidance (Ref. 2). The specific acceptance criteria listed above are from Section 5.4.3.2 (for parameters such as density, but the same principle applies generally to other parameters, including mass).
For operations involving SNM, material is treated conservatively as having a high content of uranium until demonstrated otherwise.
It should be noted that uranium mass is treated as a worse case until the uranium mass is confirmed via measurements.
RAI 44. In Section 6.1.3.5(2) of the license application (Ref. 1), state that when credit is taken for process characteristics (e.g., the physical and chemical properties of a process and/or process materials), the bounding assumptions and limits are documented and justified in the applicable CSE.
Section 6.1.3.5(2) requires that credit for process characteristics must be documented, but does not require that it be justified. This is taken from Section 5.4.3.2 of NRC guidance (Ref. 2), where it states that process variables that can affect parameters should be controlled.
Section 6.1.3.5(2) has been revised as follows:
When credit is taken for process characteristics (e.g., the physical and chemical properties of a process and/or process materials), the bounding assumptions and limits are documented and justified in the applicable CSE.
RAI 45. Section 6.1.3.5(3) of the license application (Ref. 1) states, Utilization of process and/or material characteristics as controls is based on known scientific principles, established physical properties or chemical reactions, and/or experimental data supported by CFFF 10 CFR 70.61(d)
Known scientific principles and established physical properties, including experimental data, refers to criticality handbooks, standards (e.g., ANSI, ASTM, ISO), and chemical and physical properties as described in the CRC Handbook of Chemistry and Physics.
21 operational history. Explain what is meant by known scientific principles. Explain what is meant by established physical properties and experimental data, and provide examples. State that such credit cannot be based on operating history alone. Explain in detail how Westinghouse meets the commitments in Section 6.1.3.5(3) for the S-1030 scrubber, including which of the methods (i.e., known scientific principles, established physical properties or chemical reactions, experimental data) are being relied on, how they are being relied on, and how they are supported by operating history.
For clarification, Section 6.1.3.5 (3) has been revised as follows:
Utilization of process and/or material characteristics as controls is based on known scientific principles, established physical properties or chemical reactions, in conjunction with experimental data supported by CFFF operational history.
The S-1030 scrubber does not credit any specific scientific principles, established physical properties or chemical reactions, and experimental data, per se. Based on operational experience, the frequency of inspection and cleanout of the scrubber internals have been implemented (CSE-1-E, Rev.13). This is tied to the NCS control parameter of concentration, namely the uranium concentration within the scrubber liquid.
RAI 46. Explain what is meant by most reactive credible conditions as applied to reflection in Section 6.1.3.9 of the license application (Ref. 1). Provide an example of how this would be applied within an enclosed process, such as a glovebox or ventilation ductwork.
RAI 22 asked for clarification on commitments related to reflection. When reflection is not controlled, standard industry practice is that it is represented by 1 foot of tight-fitting water or 2 feet of concrete. Section 6.1.3.9 of the license application (Ref. 1) goes beyond this in allowing a third possibility, namely demonstrating that the reflection conditions modeled are the most reactive credible conditions. This needs to be justified, especially where models of material within the scrubber included 1 inch tight-fitting water, even though there is a large amount of water present in and around the material under normal conditions.
Using less conservative reflection conditions can result in a significantly higher mass limit than if full (1 foot) reflection is modeled.
In criticality safety analysis, normal and credible abnormal reflection is considered.
The possibility of full water reflection is considered when performing an analysis, unless more efficient reflector materials are present (e.g., concrete), in which case such materials are considered (also see response to RAI 22). Note, however, that there are times when full water reflection is not credible, such as moderation control areas with controls in place to prevent the introduction of moderators into the area. The analyst must then demonstrate that the less than full reflection model is the most reactive credible condition.
An example of how less than full reflection can be applied within an enclosed process is the ModCon areas, where the introduction of moderators are controlled by limiting the amount of moderator introduced to the area.
For clarity, the last sentence of Section 6.1.3.9 has been revised as follows:
When less than full reflection is assumed, it is demonstrated that the reflection conditions modeled are the most reactive credible conditions; otherwise, appropriate controls (i.e., IROFS) are established to maintain reflection within the applicable limits.
22 RAI 47. Explain what is meant by establishes bounding assumptions forsystem parameters in Section 6.1.4.2(1) of the license application (Ref. 1), in regard to the contents of CSEs. Clarify whether the word establishes means that assumptions will be documented, justified (consistent with the words in Section 6.1.3.5[3]), or something else.
The use of unvalidated assumptions has been a key issue in the event involving the S-1030 scrubber (Ref.
3). The commitment to establish bounding assumptions in analysis needs clarification.
In a CSE, bounding assumptions are defined through the criticality evaluation process. That is, they need to be documented and their basis justified.
The second and third sentences of Section 6.1.4.2(1) has been revised as follows:
The evaluation identifies controlled parameters for the system, establishes bounding assumptions for other system parameters, and identifies the controls necessary to maintain subcriticality. In addition, the basis for bounding assumptions for other system parameters are documented and justified.
RAI 48. Section 6.1.4.2(8) of the license application (Ref. 1) states that the independent review of CSEs by a qualified NCS Technical Reviewer, and the justification for their conclusions, must be documented.
The CSEs for the S-1030 scrubber (Ref. 3), and related CSEs reviewed as part of the extent-of condition review, were reviewed by multiple individuals over the course of several revisions, yet were based on assumptions that turned out to be invalid. A robust peer review should have caught at least some of these issues (which were subsequently identified both by the NRC inspectors and by the contractors hired to do an independent assessment). To ensure a more thorough review, it must be more than a mere checklist that is signed off. The peer reviewer should have to document what was looked at and why it was acceptable, including looking at any assumptions (see language in Section 6.1.3).
No change made to the License Application.
The CFFF Audit Program is described in Section 3.6 of the License Application.
Triennial audits for the nuclear criticality safety, radiation protection, chemical safety, fire safety and environmental protection programs are performed. In addition, the ISA is audited on a five year frequency. The CFFF has revised its triennial NCS program audit to require an independent review of the CSEs to ensure that assumptions are properly documented, input data is traceable, and that limits and controls are clearly established. Typically, there are only 2-3 major CSE Revisions per year at CFFF. Therefore, reviewing the assumptions every three years by an independent assessor is reasonable.
RAI 49. Describe what is looked at during the triennial NCS Program audits, and who performs them, in Section 6.1.9 of the license application (Ref. 1). Justify the independence of the auditors from the program, and the basis for the triennial frequency. State how audit findings will be resolved.
No change made to the License Application.
The NCS Triennial program audit scope shall address the guidelines of ANSI/ANS-8.19(1996) and include reviews of the effectiveness of the Periodic Criticality Safety Evaluation (CSE) Technical Review Program.
23 Section 5.4.3.2 of NRC guidance (Ref. 2) states that NCS program audits should be conducted at least once every 2 years, whereas Section 6.1.9 of the license application (Ref. 1) commits to assessing the entire program every 3 years. It is unclear what is meant by auditing the entire program. In addition, mention is made of internal and external audit findings, but it is not clear if this is a commitment to conducting internal audits, external audits, or both, or who performs them.
NRC guidance (Ref. 2) also says that reviews and audits should be independent. As follow-up to the event involving the S-1030 scrubber (Ref. 3), Westinghouse hired external contractors, who identified a number of issues with plant CSEs similar to those found by inspectors. A periodic external review of facility CSEs would seem beneficial.
Section 5.4.3.3.4 of NRC guidance (Ref. 2) states that weaknesses identified during audits should be referred to the corrective action program, which is responsible for promptly and effectively resolving them. Section 6.1.9 of the license application (Ref. 1) states that the results of audits are documented and maintained, but does not state that they will be put into the licensees corrective action program.
The audit team leader shall be an independent, qualified auditor with a background in criticality safety. The team leader is approved by the WEC Quality Programs Director. At a minimum, the audit team consists of three members, whereof at least two shall have experience in criticality safety, and at least one of the auditors shall have experience performing criticality safety evaluation.
Independence of the audit team is ensured by using auditors, external to the CFFF, who have previously not performed any in-house analysis/work for SNM operations at the CFFF.
The ANSI/ANS standards recommend that NCS related audits and surveillances do not exceed a 3-year time period. It is recognized that NUREG-1520 recommends audits should be conducted once every 2 years. The CFFF will maintain the frequency of the NCS program audit to be performed triennially due to the limited number of major CSE Revisions per year (2-3) coupled with the fact that the NCS program requirements do not change much, if at all, within the three year period.
Audit findings are entered into the Corrective Action Process (CAP) for resolution.
This is in accordance with NUREG-1520, Rev.1, Section 5.4.3.3.4. The CAP is described in Section 3.8 of the License Application.
RAI 50. In Section 4.1.3.2 of the license application (Ref. 1), state that all changes to operations involving SNM will be evaluated by NCS and the affected operations. If safety analysis is not required for the change, the justification for that determination will be documented on the Configuration Change Control Form. This shall include evaluating whether the validity of any underlying assumptions is impacted by the proposed change. In other words, ensure that NCS reviews all changes to fissile material operations, and justify if an analysis is not needed.
Section 3.1, Configuration Management describes the process by which changes to the plant are reviewed and approved. Prior to implementing a change, it is required that the impacts or modifications to the ISA, ISA Summary, or other safety program information, developed in accordance with 10 CFR 70.62 is addressed and documented. The criticality safety evaluation review is included in the other safety program information. For clarity, the words criticality safety evaluation were added to the following bullet in Section 3.1: the impacts or modifications to the ISA, ISA Summary, criticality safety evaluation or other safety program information, developed in accordance with 10CFR70.62 and 10CFR70.64.
Also, a second paragraph was added to Change Control in Section 3.1 as follows:
24 In the event involving the S-1030 scrubber (Ref. 3),
changes were made that invalidated the assumptions and controls in the processs safety basis; the event ensured partly as a result of the cumulative effect of many such changes. Section 4.1.3.2 of the license application states, All subsequent changes that might affect the Baseline ISA are reviewed by the same safety disciplines that were involved in preparation of the Baseline ISA. However, this does not clearly state whether NCS (or operations) will be involved in the review of all facility changes. Such reviews are often done by a checklist; the analyst should rather be required to document the basis when deciding that a more detailed safety review is not required.
Changes associated with operations involving fissile material are reviewed by the NCS organization. If a criticality safety evaluation is not required for the change, a justification is provided and documented. This justification shall include evaluating whether the validity of any underlying assumptions is impacted by the proposed change.
In addition, the third sentence of the first paragraph in Section 6.1 of the License Application was revised to add that the NCS Program meets the requirements of ANSI/ANS-8.1(2014) and ANSI/ANS-8.19(2005). ANSI/ANS-8.1 (2014) includes requirements for NCS process analysis in Section 4.1.2 of the standard.
25 Consolidated November 2016 RAI Responses for Chemical Process Safety (RAI 51)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 51. Chapter 7 of the license Application, Section 7.1.3.1 states that Hazard and Operability Analysis, What if/Checklist, and/or other recognized methods are used to systematically evaluate safety of chemical operations at the CFFF. The hazard evaluation method selected is based on the complexity of the process being analyzed. For the event in May 2016 involving the S-1030 scrubber, Westinghouse conducted a What-if/checklist hazard evaluation of the scrubber system; neither the method nor the application of the method did not adequately characterize the processes/hazards for the various safety disciplines.
- 1. Describe the criteria used for determining the hazard evaluation method used for each process, node or equipment. If the method selection considers process complexity or uncertainty discuss this factor and provide examples where process complexity or uncertainty has influenced the selection of the hazard evaluation method.
- 2. Discuss how the different disciplines (e.g. fire, criticality, chemical and radiological safety) are involved in a hazard evaluation in order to assure a common understanding of phenomena that could affect the individual safety analyses.
- 3. Discuss how CFFF shares or communicates the results of the hazard evaluation with the different safety disciplines.
10 CFR 70.62(c)(1) 10 CFR 70.65(b)
Section 4.1.1 of the License Application has been revised as follows to add the selection process used to determine the appropriate Process Hazard Analysis (PHA) methodology:
The choice of a particular method or combination of methods will depend on a number of factors including the reason for conducting the analysis, the results needed from the analysis, the information available, the complexity of the process being analyzed, the personnel and experience available to conduct the analysis, and the perceived risk of the process.
In addition, CFFF procedures provide guidance to assist in the selection of the appropriate PHA methodology. Examples of current guidance follow:
- 1. Guidance is provided in a plant procedure to assist in selection of the appropriate methodology for the conduct of a PHA.
The HAZOP methodology is well suited for continuous chemical and/or mechanical processes that have Piping & Instrumentation Diagram (P&ID) drawings. A HAZOP was performed for the Ammonium Diuranate (ADU)
Conversion process.
The FMEA methodology is well suited for analyzing instrumentation and control systems and/or mechanical equipment systems that have some combination of the following characteristics:
Analyzing systems that are relatively complex such as systems with multiple sensors and specific sequencing actions.
Analyzing systems that are dependent upon the communication between a logic solver and an item control computer system.
Analyzing systems whose components have a high frequency of use and thus a high potential for failure.
An FMEA was performed for a mixing operation in the ADU Blending area.
What-If/Checklists are well suited for chemical and mechanical processes
26 when brain storming to determine all of the hazards is needed. A What-If/Checklist was performed for ADU Fuel Rod Loading.
Layers of Protection Analysis (LOPA) is used when potential high risk scenarios need further analysis and/or quantification. A LOPA was performed for the Pelleting sintering furnaces.
Other approved industry standard PHA methodologies such as event trees, fault trees, etc. are allowed for use. Fault trees are used for demonstrating that criticality accident sequences are highly unlikely.
- 2. Qualified team leaders conduct PHAs, which are performed by an interdisciplinary team to evaluate potential safety and operability hazards for a process under review. Team members representing operations, maintenance, engineering and individual safety disciplines typically make up the team.
- 3. The results of individual analyses for the radiological, nuclear criticality, fire, chemical and environmental disciplines and the results of the interdisciplinary PHA are shared with the ISA team and incorporated into development of the ISA.
27 Consolidated November 2016 RAI Responses for Authorization (RAIs 52-53)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 52. In Section 12.1.7 of the license application (Ref. 1), Westinghouse requested continued authorization to abandon or dispose of small quantities of radioactive materials that are present as minor contamination on certain papers, notebooks, computer print-outs, films, and/or similar items currently retained for record purposes. Contamination limit criteria were provided. This authorization was originally requested in the application for license renewal dated April 30, 1995 (Ref. 4).
Describe the nature of records that Westinghouse continues to need the authorization to dispose of small quantities of radioactive materials present as minor contamination. The authorization requests the desire to dispose of small quantities of radioactive material on these records, but a caveat states these records shall be kept in locations primarily used for record storage.
Clarify if these are records to be retained or disposed of. Explain the method of disposal.
No change made to the License Application.
An example of a record covered under this authorization is a work order from the Chemical Area of the plant. The paper work order is stored for a period of 3 years.
After 3 years, these records are typically incinerated on-site.
RAI 53. In Section 12.2.6 of the license application (Ref. 1), Westinghouse requests an exemption from the requirement to monitor the external surfaces of packaged radioactive material receipts for radioactive contamination relative to flatbed trailer shipments of fuel assemblies received from the General Electric Company for interim storage purposes only, provided the constraints, conditions and controls committed to in a letter, dated November 30, 1993, (identification #
NRC-93-036), are satisfied; and further provided that the total number of such fuel assemblies stored at the site at any given time does not exceed 250.
This authorization has been deleted from the CFFF License Application.
28 This exemption was requested in the application for license renewal dated April 30, 1995 (Ref. 4) and approved in the license renewal dated November 3, 1995 (Ref. 5). Explain the need to continue this exemption, the interim storage requirements for fuel assemblies received from the General Electric Company, and update conditions and controls required to extend this exemption.
29 Consolidated November 2016 RAIs for Environmental Protection and Environmental Report (RAI 54-RAI 55)
REQUEST FOR ADDITIONAL INFORMATION REG BASIS WESTINGHOUSE RESPONSE RAI 54. Explain the investigation action the level of air effluents for dose to members of the public. Section 10.1.1 of the license application (Ref. 1) has set an investigation action level of air effluents for dose to the public at the regulatory limit of 100 mrem. Typically, an action level is significantly lower than 100 mrem than the regulatory limit in 10 CFR Part 20. Account for dose from liquid effluents which, together with the air effluents, cannot exceed 100 mrem.
Sections 10.1.1 and 10.1.2 of the License Application were revised to clarify that the dose to a member of the public due to liquid and gaseous effluents is summed.
Following RG 8.37, the ALARA goal, which is reviewed annually, is set at a fraction of the regulatory limit and equates to less than 10 mrem per year to a member of the public. The investigation level is set-up to assure the ALARA goal is not exceeded.
RAI 55. Table A-1 of Appendix A of the Environmental Report submitted by letter dated December 17, 2014 (Ref. 1) cites the permits, licenses, and certifications that Westinghouse with city, county, state, and federal agencies for the CFFF. Provide the periods of the permits, such as the date issuing and dated expired.
No change made to the Environmental Report.
As discussed with your staff, this information is available onsite and is readily available for NRC review during inspection.