ML18096B240

From kanterella
Jump to navigation Jump to search
Insp Repts 50-272/92-81 & 50-311/92-81 on 921214-23.No Safety Consequences Noted.Major Areas Inspected:Areas Necessary to Ascertain Facts & Determine Probable Causes of Loss of Overhead Annunciators
ML18096B240
Person / Time
Site: Salem  PSEG icon.png
Issue date: 01/27/1993
From: Durr J, Ruland W
NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I)
To:
Shared Package
ML18096B239 List:
References
50-272-92-81, 50-311-92-81, NUDOCS 9302100031
Download: ML18096B240 (5)
v  d  e


See also: IR 05000272/1992081

Text

U.S. NUCLEAR REGULATORY COMMISSION_

REGION I

REPORT/DOCKET NOS.

50-272/92-81

50-311/92-81

LICENSE NOS.

LICENSEE:

FACILITY:

DPR-70

DPR-75

Public Service Electric and Gas Company

P.O. Box 236

Hancocks Bridge, New Jersey 08038

Salem Nuclear Generating Station

INSPECTION DATES:

December 14-23, 1992

INSPECTORS:

Leonard Cheung, Sr. Reactor Engineer, DRS

Robert A. Spence, Reactor Systems Engineer, AEOD

Jose Ibarra, Sr. I&C Engineer, AEOD

John Calvert, Reactor Engineer, DRS

Allison Pelletier, Project Engineer, NRR

Craig Gordon, Sr. Emergency Preparedness Specialist, DRSS

TEAM LEADER:

APPROVED BY:

W. H. Ruland, Chief, Electrical Section,

Engineering Branch, DRS

r

I

Date

Areas Inspected: An Augmented Inspection Team (AIT) consisting of personnel from

Region I, AEOD, and NRR inspected those areas necessary to ascertain the facts and

determine probable cause(s) of the December 13, 1992, Salem Unit 2 event involving the

loss of overhead annunciators for approximately 1112 hours0.0129 days <br />0.309 hours <br />0.00184 weeks <br />4.23116e-4 months <br />. The team also evaluated the

licensee's response, including assessment of emergency conditions and corrective actions.

Results: See Executive Summary

9302100031 930204

PDR

ADOCK 05000272

G

PDR

TABLE OF CONTENTS

ACRONYMS AND INITIALISMS ................................ iii

EXECUTIVE SUMMARY ...................................... 2

1.0

2.0

3.0

4.0

5.0

INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.1

Event Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

1.2

Augmented Inspection Team (AIT) Formation . . . . . . . . . . . . . . . . . . 3

1. 3

Overhead Annunciator System . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

GENERAL SEQUENCE OF EVENTS . . . . . . . . . . . . . . . . . . . . . . . . . . 4

OHA SYSTEM INTERFACE AND OTHER ANNUNCIATOR SYSTEMS .... 6

3. 1

Auxiliary Annunciator System

. . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.2

Control Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

3.3

System Interface

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

EVALUATION OF STAFF RESPONSE ......................... 7

4.1

Operator Response

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

4.1.1 Fifteen Minute Functional Test . . . . . . . . . . . . . . . . . . . . . . . 8

4.2

Technical Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

4.3

Managerial Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

4. 3 .1 Shift Supervision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

4.3.2 Station Management . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

4.3.3 SERT Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12

4.4

Human Performance Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12

4.4.1 Teamwork and Communications . . . . . . . . . . . . . . . . . . . . .

12

4.4.2 Command and Control . . . . . . . . . . . . . . . . . . . . . . . . . . .

13

4.4.3 Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14

4.4.4 Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

17

4.4.5 Human-Machine Interface . . . . . . . . . . . . . . . . . . . . . . . . .

19

OHA SYSTEM REVIEW . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

19

5. 1

Modification Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20

5 .1.1 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

20

5 .1. 2 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

21

5.1.3 Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

21

5.1.4 Safety Evaluations . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22

i

---

\\

\\

..

Table of Contents

5.2

Unit 1 Historical Problems

. . . . . . . . . . . . . . . . . . . . . . . . . . . .

22

5 .3

Failure During Event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

22

5 .4

Corrective Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

23

5.4.1 Testing at Vendor Factory . . . . . . . . . . . . . . . . . . . . . . . .

23

5.4.2 Troubleshooting for Other OHA System Problems . . . . . . . . . .

24

5. 5

Applicability to Hope Creek . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26

6.0

OHA SYSTEM SURVEILLANCE TESTING . . . . . . . . . . . . . . . . . . . . .

26

6.1

Preventive Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26

6.2

Operations Surveillance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26

6.3

OHA System Self-Test Features . . . . . . . . . . . . . . . . . . . . . . . . .

27

7.0

EVALUATION OF EMERGENCY RESPONSE . . . . . . . . . . . . . . . . . . .

27

7 .1

Emergency Assessment and Classification . . . . . . . . . . . . . . . . . . .

27

7.2

Notifications and Reportability . . . . . . . . . . . . . . . . . . . . . . . . . .

28

8.0

SAFETY SIGNIFICANCE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29

9.0

OVERALL CONCLUSIONS................................ 29

9 .1

Root Cause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29

9.2

Other Findings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

30

10.0

ADDIDONAL INFORMATION ............................. 31

11.0

EXIT MEETING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

31

ATTACHMENT 1 - AIT Charter

ATTACHMENT 2 - Overhead Annunciator System Description

ATTACHMENT 3 - OHA System Block Diagram

ATTACHMENT 4 - Detailed Sequence of Events

. ATTACHMENT 5 - Site Acceptance Testing

ATTACHMENT 6 - Simulator Demonstration

ATTACHMENT 7 - Exit Slides

ATTACHMENT 8 - Exit Meeting Attendees

ATTACHMENT 9 - Persons Contacted

ii

ARP

ccw

CFR

CPU

CRT

DCP

EAL

ECG

GM-SO

HED

I&C

INPO

mV

NCO

NI

NRPDS

NSS

OHA

P-250

PM

PROM

PSE&G

RAM

RCP

RCW

RCWS

RHR

RP

RPS

RMS

RVLIS

SE

SE

SER

SERT

SNSS

SORC

SOER

SPDS

STA

TAS

TS

WO

. ACRONYMS AND INITIALISMS

Annunciator Response Procedure

closed-cooling water

code of federal regulations

central processing unit

cathode ray tube

design change package

emergency action level

emergency classification guide

General Manager - Salem Operator

human engineering deficiency

Instrumentation and Control

Institute of Nuclear Plant Operations

millivolt

nuclear control operator

nuclear instrumentation

Nuclear Reliability Plant Data System

nuclear shift supervisor

overhead annunciator system

plant process computer

preventative maintenance

programmable read only memory

Public Service Electric and Gas

random access memory

reactor coolant pump

remote configuration workstation program

remote configuration workstation

residual heat removal

reactor protection

reactor protection system

radiation monitoring computer system

Reactor Vessel Level Indication System

safety evaluation

safety engineer

sequential events recorder

Significant Event Review Team

senior nuclear shift supervisor

site operating review committee

Significant Operating Event Report

safety parameter display system

Shift Technical Advisor

temporary annunciator system

technical specification

work order

iii

EXECUTIVE SUMMARY

NRC established an Augmented Inspection Team (AIT) on December 14, 1992, after Salem

Unit 2 lost all control room overhead annunciators without the operators' knowledge. The

team's charter required detailed fact-finding, identification of root causes, and review of licensee

performance.

The team concluded that the loss of overhead annunciators, for about 11/z hours on

December 13, 1992, was most likely caused by a member of the operating shift making the

wrong key strokes on a computer workstation for the system. These key strokes, coupled with a

panel switch in the wrong position, put the annunciator system computer in a mode such that it

was waiting for additional commands that never came. This prevented the annunciator system

from displaying alarms in the control room. The team could not conclusively establish which

individual made the keystrokes or whether those actions were inadvertent or intentional.

The loss of annunciators and failure to recognize that loss for 90 minutes had several root

causes. The multi-microprocessor overhead annunciator system that was recently installed failed

to provide the necessary human-machine interface. The system design also gave higher priority

to other actions besides providing alarm indications to the operators and did not provide

indication of failure. Finally, operators were not trained to routinely verify proper system

operation.

The team found that there were no safety consequences due to the loss of the overhead

annunciators. However, the undetected loss of the overhead annunciator system could delay

operator response or increase the likelihood of errors while responding to abnormal plant

conditions. Further, the team was concerned about the failure of operators to abide by station

operating practices when they tried to use password-protected software.

The team found that PSE&G performed little software review of the overhead annunciator

modification. Once the annunciator system was installed, staff knowledge of the system was

inadequate. A lack of training on the system was a prime contributor to that inadequacy.

In the emergency preparedness area, the team found that the plant conditions existed for an Alert

declaration until shortly after discovery that the annunciators were lost, and that this Alert

condition was terminated before its classification and reporting were practicable. We also found

that, because the annunciators were promptly restored upon discovery of their loss, an Alert

level activation of your emergency response organization was not then needed to assure plant or

public safety. Operators were trained to view the annunciator loss from time of discovery when

implementing emergency procedures.

The plant operating staff delayed informing their management of the event. PSE&G made a

1-hour non-emergency notification to the NRC more than 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br /> after the event. Senior

licensee management, the NRC, and State and local officials were not notified of an event that

may have met the classification criteria until well after the event.

The team found that PSE&G did not have a loss-of-annunciator procedure. Also, simulator

training was not conducted on loss of annunciators. However, during a simulator demonstration,

operators responded well to several events without the overhead annunciators.

Retrieved from "https://kanterella.com/w/index.php?title=ML18096B240&oldid=5004296"