ML18141A883

From kanterella
Jump to navigation Jump to search
LLC - Transmittal of Supplemental Response to NRC Request for Additional Information No. 116 (Erai No. 8926) on the NuScale Design Certification Application
ML18141A883
Person / Time
Site: NuScale
Issue date: 05/21/2018
From: Rad Z
NuScale
To:
Document Control Desk, Office of New Reactors
Shared Package
ML18141A882 List:
References
AF-0518-60016, RAIO-0518-60115
Download: ML18141A883 (20)
v  d  e


Text

RAIO-0518-60115 May 21, 2018 Docket No.52-048 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738

SUBJECT:

NuScale Power, LLC Supplemental Response to NRC Request for Additional Information No. 116 (eRAI No. 8926) on the NuScale Design Certification Application

REFERENCES:

1. U.S. Nuclear Regulatory Commission, "Request for Additional Information No. 116 (eRAI No. 8926)," dated August 01, 2017
2. NuScale Power, LLC Response to NRC "Request for Additional Information No. 116 (eRAI No.8926)," dated September 29, 2017 The purpose of this letter is to provide the NuScale Power, LLC (NuScale) supplemental

response to the referenced NRC Request for Additional Information (RAI).

The Enclosures to this letter contain NuScale's supplemental response to the following RAI

Question from NRC eRAI No. 8926:

19-23 is the proprietary version of the NuScale Supplemental Response to NRC RAI No.

116 (eRAI No. 8926). NuScale requests that the proprietary version be withheld from public

disclosure in accordance with the requirements of 10 CFR § 2.390. The enclosed affidavit (Enclosure 3) supports this request. Enclosure 2 is the nonproprietary version of the NuScale

response.

This letter and the enclosed responses make no new regulatory commitments and no revisions

to any existing regulatory commitments.

If you have any questions on this response, please contact Paul Infanger at 541-452-7351 or at

pinfanger@nuscalepower.com.

Sincerely, Zackary W. Rad Di t Regulatory Director, R l t Aff i Affairs NuScale Power, LLC Distribution: Gregory Cranston, NRC, OWFN-8G9A Samuel Lee, NRC, OWFN-8G9A Rani Franovich, NRC, OWFN-8G9A NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-0518-60115 : NuScale Supplemental Response to NRC Request for Additional Information eRAI No. 8926, proprietary : NuScale Supplemental Response to NRC Request for Additional Information eRAI No. 8926, nonproprietary : Affidavit of Zackary W. Rad, AF-0518-60016 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-0518-60115 :

NuScale Supplemental Response to NRC Request for Additional Information eRAI No. 8926, proprietary NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-0518-60115 :

NuScale Supplemental Response to NRC Request for Additional Information eRAI No. 8926, nonproprietary NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

Response to Request for Additional Information Docket No.52-048 eRAI No.: 8926 Date of RAI Issue: 08/01/2017 NRC Question No.: 19-23 10 CFR 52.47(a)(27) states that a design certification application (DCA) must contain a final

safety analysis report (FSAR) that includes a description of the design-specific probabilistic risk

assessment (PRA) and its results. 10 CFR 52.47(a)(2) states that the standard plant should

reflect through its design, construction, and operation an extremely low probability for accidents

that could result in the release of radioactive fission products. 10 CFR 52.47(a)(4) states that

each DCA must contain an FSAR that includes an analysis and evaluation of the design and

performance of systems, structures and components (SSCs). The objectives of the analysis and

evaluation are to assess the risk to public health and safety resulting from operation of the

facility and to determine the margins of safety during normal operations and transient conditions

anticipated during the life of the facility. Standard Review Plan (SRP) Section 19.0, Revision 3,

states, Shutdown and refueling operations for small, modular reactor designs may be

performed in ways that are new and completely different from those used at large traditional

light water reactors (LWRs) either licensed or under review by the NRC. In these cases, a more

in-depth review will be needed to ensure that the PRA model is of acceptable scope, level of

detail, and technical adequacy.

The staff reviewed FSAR Chapters 9 and 19 and ER-P060-7085, Dropped Module

Consequence Analysis, Revision 1, dated 8/11/2016. The staff is requesting that the FSAR be

updated with the following key assumptions and details regarding module drop and module

movement, so the staff can make a reasonable assurance finding regarding the adequacy of the

risk insights obtained from the dropped module risk analysis.

 The Dropped Module Consequence Analysis report states that the reactor pressure vessel

2(a),(c)

(RPV) and containment vessel (CNV) are pressurized with ((  psia of nitrogen gas, which is a design condition prior to transporting the module. The staff requests that the rationale for this design condition be discussed in the FSAR Section 19.1.6 and that this design condition be included as a key assumption for the low power and shutdown risk analysis.  The Dropped Module Consequence Analysis report states that the assessment is based on the module being shutdown for 48 hours. The staff requests the applicant to justify in the FSAR how this PRA assumption will be maintained by the combined license (COL) holder (e.g., by a Limiting Condition of Operation, a Condition of the License, or some other means).  Table 19.1-71, Key Assumptions for the Low Power and Shutdown Probabilistic Risk NuScale Nonproprietary

Assessment, states that the module is kept below the height that could damage the ultimate heat sink (UHS). The staff requests the applicant to define this height as a key assumption in the module drop analysis and justify in the FSAR how this PRA assumption will be maintained by the COL holder (e.g., by a Limiting Condition of Operation, a Condition of the License, or some other means). The staff is also requesting the applicant to justify the basis for this height in the FSAR.

4. Table 19.1-74, External Flooding Susceptibility during Low Power and Shutdown Plant

[(LPSD)], states that operators are assumed not to move modules with the crane when forecasts indicate the potential for flooding hazards. Therefore, the external flooding effects were not considered for plant operating states (POSs) 3, 4, and 5. The staff finds that this assumption regarding the availability of forecasts to indicate a potential flooding hazard does not apply to all flooding mechanisms such as catastrophic dam breach. The staff requests that a COL information item be added to the FSAR requiring a COL applicant referencing the certified NuScale design to evaluate the risk of external flooding during POSs 3, 4, and 5.

5. The staff is requesting the applicant to clarify in FSAR Section 19.1.6 whether a module drop event (with the CNV intact or not) results in any automated signals or manual actions for the dropped module or any other modules such as reactor trip or main control room isolation.
6. The second type of module drop event, called "UPV," reflects the possibility of dropping the upper RPV section onto the stationary core, which remains in the reactor flange tool (RFT). The applicant states that The radiological dose calculation of potential radionuclide release due to damaged fuel indicates that a large release does not occur due to this type of module drop.

Thus, the UPV type of module drop is not considered further in the LPSD probabilistic risk assessment. The staff requests the applicant to (1) clarify what the acronym UPV stands for; and (2) justify in FSAR Section 19.1.6 why the source term from module drop events during refueling operations (with the containment open or breached) does not result in a large release. NuScale Response: NuScale is supplementing its response to RAI 8926 (Question 19-23) originally provided in letter RAIO-0917-56321 dated September 29, 2017. This supplemental response is provided as a result of discussions with the NRC during public calls on November 21, 2017 and December 12, 2017 as well as during the PRA audit that began on March 06, 2018 (ML18053A216). During these discussions, additional information related to the low power and shutdown (LPSD) PRA was requested as related to NuScale Power Module (NPM) configurations during movement, NPM cover gas during movement, Anticipated operator action to suspend NPM movements during external events, and The potential for overdraining the reactor pressure vessel (RPV) during restart. As a result of those discussions, NuScales original response to Items 1 and 4 have been modified; also, information on the potential for overdraining the RPV during restart has been added. NuScale Nonproprietary

Item 1: The response is replaced in its entirety as follows: The containment vessel (CNV) is pressurized during module transport. In the NuScale engineering report that is cited in Question 19-23, the CNV is described as being pressurized with nitrogen to a value such that the hydrostatic pressure on the inside and outside of the CNV flange is approximately equal when the vessel is upright. The intent of pressurizing the CNV is to limit the exchange of water when the CNV flange is opened. With this pressurization, an inflow of water that could submerge components near the top of the CNV is prevented due to the presence of the gas bubble; the pressurization is not high enough to cause an outflow of water which could lower the water level enough to release non-condensable gases into the refueling pool. The level of CNV pressurization is not included as a key PRA assumption in the FSAR because it does not affect the assumed outcome of a module drop event or the associated potential dose consequences to the public. The practice of pressurizing the CNV during module transport, or the gas used for pressurization, does not affect the potential for core damage or radiological consequences of postulated module drop accidents. As described below, the determining factor is the module configuration; during transport, the module is in one of three configurations: During transport between the operating bay and the containment flange tool (CFT), the NPM is fully assembled. The CNV is flooded to approximately the bottom of the pressurizer and the reactor vent valves (RVVs) and reactor recirculation valves (RRVs) are open. In the PRA for LPSD, an NPM dropped in this configuration that comes to rest in a position that is not upright in the reactor pool is assumed to experience core damage because the water in the NPM may not cover the core. Due to the drop, the CNV is also assumed to be damaged (i.e., bypassed). As stated in FSAR Section 19.1.6.1.3, offsite dose consequences from a dropped NPM with core damage and a damaged CNV result from a potential radionuclide release that is a small fraction of a large release (as defined in FSAR Section 19.1.4.2.1.4). Module drops in this configuration are considered for POS3 and POS5. After the fully assembled NPM is placed in the CFT, the CNV is then disassembled and the upper CNV and RPV are moved from the CFT to the reactor flange tool (RFT); the lower CNV remains in the CFT. In this configuration, without the lower CNV, the water in the RPV communicates freely with the reactor pool through the open RVVs and RRVs. If the partially assembled module (i.e., upper CNV and RPV) were dropped, pool water can continue to enter the RPV through the open RRVs and RVVs to keep the fuel covered and prevent core damage. Thus, a drop of a partially assembled module is not considered in the LPSD PRA. The upper vessels (i.e., upper RPV and upper CNV) are separated from the lower RPV and moved to the dry dock area; the lower RPV, including the core, remains in the RFT open to the reactor pool. Because the core remains in the RFT, the only lift hazard in this configuration is the potential for physical impact caused by the reactor building crane (RBC) dropping the upper vessels onto the core. This configuration is not modeled in the LPSD PRA because it involves mechanical fuel damage rather than inadequate heat removal; the potential radionuclide release due to damaged fuel does not result in a large NuScale Nonproprietary

release. Thus, a drop of the upper vessels is not included in the LPSD PRA. The PRA results are not sensitive to the gas used for CNV pressurization. If air were used to pressurize the CNV, the presence of oxygen introduces the potential for hydrogen combustion, but the conclusion that a large release does not occur remains valid because (i) the CNV is assumed to fail and is not credited with preventing the release of radionuclides, (ii) potential combustion has a negligible effect on the radionuclide source term from a damaged module, and (iii) reactor pool water remains as a radionuclide scrubbing mechanism. FSAR Section 19.1.6.1.2 has been modified to reflect the clarifications in this response. Item 4: The response is replaced in its entirety as follows: The evaluation of the susceptibility of a module to external flooding provided in FSAR Table 19.1-74 for plant operating states POS3, POS4, and POS5 reflects the NPM response if warning of an external flood is not provided in time to implement operator action to suspend operations. Table 19.1-74 reflects the passive, fail-safe design of the RBC for controlling the module. As discussed in FSAR Section 19.1.5.4.1, a loss of offsite power (LOOP) is the initiating event that bounds the potential effects of an external flood. If the external flood does not cause a loss of offsite (AC) power, operator action can be taken to suspend operation and secure a load in a safe condition. However, the discussion of "anticipated" actions has been removed to clarify that operator actions are not needed to mitigate an external flood during LPSD operations due to the passive, fail-safe design of the RBC. As described in FSAR Sections 19.1.6.3.4 and 19.1.5.4.1, ten percent of external floods are assumed to result in a LOOP (i.e., for some potential external floods, e.g., dam failures, warning time may be insufficient to take precautionary measures to suspend operations). The following summarizes the module response if AC power is lost due to an external flood during LPSD: In POS3, during module transport to the refueling area, a loss of AC power will stop all RBC motion and the brakes will set to hold the load. The RBC is designed with redundant holding brakes so that if one set fails to engage, the other brake automatically holds the load. Because both brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load, a loss of AC power will halt operations, but not result in a load drop. In POS4, during transport of the upper vessels to the dry dock, there is no effect on the module following a loss of AC power; the module is not moved during POS4. The RBC operates with the wet hoist to remove reactor vessel internals, and the fuel handling machine moves fuel assemblies between the core and fuel storage racks in the spent fuel pool. A loss of AC power will set the brakes for both the wet hoist and fuel handling machine to stop all motion. In POS5, during module transport to the operating bay, a loss of AC power will stop all RBC motion and the brakes will set to hold the load. The response to a loss of AC power in POS5 is similar to that in POS3. NuScale Nonproprietary

Based on the RBC design, the results of the PRA evaluation are not dependent on a specific warning time for operator action in the event of an external flood; thus, a COL item to evaluate the risk of external flooding in POSs 3, 4, and 5 is not needed. FSAR Table 19.1-74 has been modified to reflect the evaluation provided in this response. As described in FSAR Sections 19.1.6.3.5 and 19.1.5.5, high wind events are assumed to result in a LOOP. As discussed in FSAR Section 19.1.5.5.1, a LOOP is the initiating event that bounds the potential effects of high winds. As described above, a loss of AC power during module movement will stop all RBC motion and set the brakes to hold the load. Therefore, the evaluation of susceptibility to high winds is not dependent on a specific warning time for operator action, thus, a COL item to evaluate the risk of high winds in POSs 3, 4, and 5 is not needed. FSAR Tables 19.1-63 and 19.1-75 have been modified to remove reference to operator actions. The description of the external flooding analysis during LPSD operation in FSAR Section 19.1.6.3.4 and the description of the high wind analysis during LPSD operation in FSAR Section 19.1.6.3.5 have been modified to reflect the clarifications in this response. Additional information regarding the potential for overdraining RPV during restart As discussed in FSAR Section 9.3.6, the containment evacuation system (CES) is used to vaporize and remove water from the CNV during NPM startup. A loss of decay heat removal due to overdraining the CNV by the CES during startup is judged to be not credible based on design and operating considerations. As described in FSAR Section 6.3.1, the RRV penetrations are located above the top of active fuel which prevents draining reactor coolant to the level of uncovering the core. Control room indications are provided to ensure parameters indicative of inadequate core cooling conditions, such as core inlet and exit temperatures as well as RPV water level and pressure, can be monitored. The chemical and volume control system (CVCS) is in use during start-up, as discussed in FSAR Section 9.3.4.2.1, which allows for coolant makeup, if needed. In addition, decay heat levels are low following refueling, which results in extensive time to identify and respond to degrading conditions. Therefore, based on these design and operating considerations, overdraining of the NPM during restart was not considered in the PRA model. Impact on DCA: FSAR Section 19.1.6 has been revised as described in the response above and as shown in the markup provided with this response. NuScale Nonproprietary

NuScale Final Safety Analysis Report Probabilistic Risk Assessment The fuel handling machine is used to move fuel assemblies between the core and the fuel storage racks. Maintenance and inspections are carried out on the upper vessels and RPV internals in the dry dock area during this time, and remote inspections are performed on the lower RPV and CNV in the refueling area. RAI 19-23 The module is reassembled after maintenance activities are completed and proper fuel loading is verified. The RBC replaces the reactor vessel internals, then aligns the upper vessels for reassembly in the RFT. The RPV flange bolts are tensioned and the assembly is lifted out of the RFT and moved to the CFT. The RBC aligns the CNV for reassembly and the CNV flange bolts are tensioned. Module transport involves using the RBC to lift the module out of the CFT, transport it to the operating bay, and lower it into the seismic restraints. The crane is disconnected from the module and returned to its storage location. RAI 19-23 Module reconnection involves restoring instrumentation and power connections, and reconnecting all piping. RAI 19-23S1 Restart begins with steam generator cleanup by establishing flow through the steam generators using the feedwater, main steam, and condensate systems. The RVVs and RRVs are closed, the RPV is pressurized with nitrogen to ensure net positive suction head for the CVCS pumps, and flow is established through the CVCS to begin coolant cleanup and boron dilution. The CNV is drained and RPV heatup begins as direct heat conduction to the reactor pool is reduced. Heat is added primarily by passing CVCS flow through the startup heater, with some assistance from the pressurizer heaters. Feedwater flow is adjusted to establish coolant circulation within the RPV, and control rods are withdrawn to establish criticality. When the power level reaches the minimum turbine load, the turbine is brought online and heatup continues. When the turbine is synchronized with the electrical grid, the module exits the scope of the LPSD probabilistic risk assessment and enters that of the full-power PRA. The nominal refueling outage is modeled as a series of seven plant operating states (POSs) that cover each arrangement of the module between shutdown and start-up. In addition to module arrangement, POSs are defined based on the activity being performed and availability of systems which can cause or be used to mitigate an initiating event. Each POS is described in detail below. POS1: Shutdown and Initial Cooling: The module enters POS1 when the control rods are inserted and the module becomes subcritical. Normal secondary cooling through the turbine bypass is used to reduce the temperature of the primary coolant to a level that allows the CNV to be flooded, and the CVCS functions to both borate and cleanup coolant chemistry. Containment flood begins and the main steam and feedwater systems are removed from service. The module exits POS1 when CNV flood is complete. Tier 2 19.1-98 Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment Given the unique nature of the refueling process, initiating events "IE-RBC-DROP-OP-FTS" and "IE-RBC-DROP-RF-FTS" associated with failure of the RBC are included in the LPSD risk assessment. An RBC failure initiating event is applicable to POS3 and POS5 and is used to depict potential drops in the operating area and refueling area. Module drops in the operating area could involve damage to multiple modules; a drop in the refueling area could affect only a single module. Table 19.1-68 provides the initiating event frequencies for POS3 and POS5 for the operating and refueling areas. The initiator frequencies provided in Table 19.1-68 were determined by multiplying the module drop probability per lift by the frequency with which a lift occurs. A module is lifted once per POS, and enters each POS 0.5 times per year, therefore the initiating event frequency is found by multiplying the module drop probability for each location by 0.5 times per year. A lognormal uncertainty factor of 10 is assumed, which is consistent with internal initiating events. To develop the module drop probability per lift, an evaluation of the RBC was performed to identify combinations of failures that could lead to a module drop. Initiating events for this evaluation were identified using an FMEA, supplemented by operating experience in NUREG-0612 (Reference 19.1-51). For each module drop initiating event, an event tree is developed to account for potential mitigating features (e.g., detection capability, emergency stops) which could prevent the initiating event from progressing to a module drop. Two types of drops were initially considered, based on the assembled configuration of the module during crane movements: RAI 19-23, RAI 19-23S1

  • The first type of module drop reflects the possibility of dropping an assembled module. For this type of module drop, the module is fully assembled and the CNV is intact. (A portion of the refueling operation involves movement of a module without the bottom portion of the CNV attached, which introduces the possibility of a "partial module drop." However, in this configuration, control rods are inserted and primary coolant in the RPV can communicate with the water in the reactor pool through the open RVVs and RRVs, allowing pool water to enter and cover the fuel, assuring adequate heat removal if the partial module were dropped. Thus, this configuration is not included as a potential contributor to CDF in the LPSD PRA).The module is in this configuration when transported between the operating bay and the CFT. In a fully assembled module, the CNV is intact, flooded, and the RVVs and RRVs are open. Module drops in this configuration are considered for POS3 and POS5.

RAI 19-23S1

  • The second type of module drop reflects the possibility of dropping a partially assembled module, without the lower CNV. The module is in this configuration when the crane lifts the upper CNV and the RPV out of the CFT and places it into the RFT. In this configuration, the water in the RPV communicates freely with the reactor pool through the open RVVs and RRVs. If a module were dropped in this configuration, pool water would flow in through the open RVVs and RRVs to keep the fuel covered and prevent core damage. Thus, a drop of a partially assembled module is not considered.

RAI 19-23, RAI 19-23S1 Tier 2 19.1-102 Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment

  • The secondthird type of module drop reflects the possibility of dropping the upper vessels (i.e., the upper portions of the RPV and CNV) as they are moved to or from the dry dock area. TheBecause the fuel is in the lower RPV, which remains in the RFT, the primary hazard in this situation is the physical impact of the crane dropping the upper RPVvessels onto the stationary core which remains in the RFT. While this configuration is not included as a potential contributor to CDF (because it involves potential mechanical fuel damage rather than inadequate heat removal), the radiological dose calculation of potential radionuclide release due to damaged fuel indicates that a large release does not occur due to this type of module drop. Thus, this type of module dropa drop of the upper vessels is not considered further in the LPSD probabilistic risk assessment.

Table 19.1-67 summarizes the module drop initiating events associated with an RBC failure and the mitigating features. Figure 19.1-30 is a representative event tree for evaluating potential NPM drops. The representative event tree is used to evaluate a full module drop based on the overload module drop initiating event (OL) (Item 7 in Table 19.1-67), in which the load exceeds the rated capacity of the crane. As indicated on the event tree, a module drop occurs based on combinations of detection and safety system features, e.g., Sequence 6 involves failure of the weigh circuit in the hoist control system to detect the overload (DET-OL) and failure of the motor overload protection to stop the motor (OL-PROT), which results in a module drop (MD) end state. The top events of the event trees are evaluated using fault trees. Quantification of the event trees associated with the module drop initiators identified in Table 19.1-67, and accounting for the time that a module is being moved in either the refueling area and operating area, produced probabilities of module drop in each of these areas for POS3 and POS5 as summarized in Table 19.1-68, as well as the determination of the initiating event frequencies that are used in the LPSD probabilistic risk assessment. 19.1.6.1.3 Low Power and Shutdown Accident Sequence Determination The accident sequences modeled in the LPSD probabilistic risk assessment are represented by the various "paths" through the event trees that were developed to depict the module response to initiating event. The changes in the module configuration between full power and LPSD configurations are not significant with regard to success criteria as no new systems are brought online to aid in shutdown cooling or other LPSD functions. For these systems, the LPSD success criteria are bounded by those established for full power condition. The LPSD plant operating states exhibit lower decay heat levels than the full power PRA due to the module being shut down or operating at low power at the time of the initiating event and the systems modeled for mitigation of full power initiators are sufficient for decay heat levels. Thus, for most LPSD initiating events, an LPSD transfer event tree is used to transfer to the full power event trees with the following modifications to the sequence logic to reflect each POS configuration:

  • RTS-T01: The RTS is assumed to succeed for the POS in which the module is subcritical (i.e., POS1, POS2, POS3, POS4, POS5, and POS6).
  • CFDS-T01: The containment flooding system is assumed to succeed for the POS in which the CNV is already flooded (i.e., POS2, POS3, POS4, and POS5).

Tier 2 19.1-103 Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NPM during LPSD conditions and that these states can be screened from quantification. 19.1.6.3.2 Internal Fire Risk during Low Power and Shutdown In the same manner as described in Section 19.1.5.2 for full power operation, the evaluation of LPSD fire risk is developed using the LPSD model for internal events and adapting the model to incorporate aspects of fire that differ from the corresponding aspects of the internal events model. An evaluation of each POS during LPSD operations is performed and presented in Table 19.1-72, along with its susceptibility to an internal fire. The analysis for the internal fire risk during LPSD concludes that because of the limited time (frequency and duration) that the module is in each POS during LPSD operations, as discussed in Section 19.1.6.1, and the fail-safe nature of the safety systems, internal fire contributes insignificantly to the risk when in LPSD modes. 19.1.6.3.3 Internal Flood Risk during Low Power and Shutdown As described in Section 19.1.5.3 for full power operation, the evaluation of internal flood risk associated with LPSD is developed using the LPSD model for internal events and adapted to incorporate aspects of internal floods that differ from the corresponding aspects of the internal events model. An evaluation of each POS during LPSD operations is performed and presented in Table 19.1-73 along with its susceptibility to an internal flood. The analysis for the internal flood risk during LPSD concludes that because of the limited time (frequency and duration) that the module is in any POS during LPSD operations, as discussed in Section 19.1.6.1, and the fail-safe nature of the safety systems, internal flood contributes insignificantly to the risk associated with LPSD. Thus, CDF and LRF for internal floods during LPSD are not calculated. 19.1.6.3.4 External Flood Risk During Low Power and Shutdown As described in Section 19.1.5.4 for full power operation, the evaluation of external flood risk associated with LPSD is developed using the LPSD model for internal events and adapted to incorporate aspects of external floods that differ from the corresponding aspects of the internal events model. RAI 19-23S1 Similar to the analysis for full power operation outlined in Table 19.1-55, the LOOP event tree bounds potential external flooding effects during LPSD. An evaluation of each POS during LPSD operations is performed and presented in Table 19.1-74 along with its susceptibility to an external flood. The analysis for the external flood risk during LPSD concludes that because of the limited time (frequency and duration) that the module is in any POS during LPSD operations, as discussed in Section 19.1.6.1, and the fail-safe nature of the safety systems, external flood contributes an insignificant amount to the risk when in LPSD modes. In addition, the operators have ample time to take appropriate steps to secure the plant due to Tier 2 19.1-110 Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment the long duration and significant warning time for external floods to develop. Thus, a CDF and LRF for external floods during LPSD are not determined. 19.1.6.3.5 High-Wind Risk during Low Power and Shutdown RAI 19-23S1 As described in Section 19.1.5.5 for full power operation, the evaluation of high-wind risk associated with LPSD is developed using the LPSD model for internal events and adapted to incorporate aspects of the high-wind hazard. As was the situation with the full power high-wind evaluation, only the LOOP initiator is applicable to the LPSD evaluation.and outlined in Table 19.1-59, the LOOP event tree bounds potential high wind effects during LPSD. RAI 19-23S1 Not all LPSD plant operating states are susceptible to high-wind events. During conditions where a hurricane or tornado strike is likely, it is assumed that crane movements are suspended. Advanced forecast warning allows operators to cease movements or move the module to a safe position. If crane movement were to be suspended during module transport, and the plant incurred a loss of power, the module would remain suspended. Similarly, it is assumed that initiation of module heatup or startup would not occur when conditions are likely for a hurricane or tornado strike. Given these assumptions, high-wind events were considered only for POS1 and POS7. The susceptibility of equipment damage due to an extreme high-wind event is summarized in Table 19.1-75. Following the hazard methodology presented in Section 19.1.5.5.1, the overall strike frequency during LPSD operations is calculated by adjusting the frequency for each applicable POS based on the duration in the POS. The hurricane strike frequency for LPSD was also adjusted for events that occurred during shutdown conditions. Core Damage Frequency The point estimate CDF values for extreme high winds during LPSD are:

  • tornado in POS1: 7.4E-14 per mcyr
  • tornado in POS7: 6.8E-14 per mcyr
  • hurricane in POS1: 1.2E-11 per mcyr
  • hurricane in POS7: 1.1E-11 per mcyr In POS 1 and POS 7, risk is dominated by sequences that involve a failure to recover power before an ECCS actuation and an incomplete ECCS actuation.

Large Release Frequency The point estimate LRF values for extreme high winds during LPSD are:

  • tornado in POS1: <1E-15 per mcyr Tier 2 19.1-111 Draft Revision 2

Tier 2 NuScale Final Safety Analysis Report RAI 19-23S1 Table 19.1-61: Key Assumptions for the High-Winds Probabilistic Risk Assessment Assumption Basis Extratropical straight winds, tornadoes = EF0 and EF1 (i.e., 110 mph), and hurricanes = Category 1 and 2 (i.e., Engineering judgment 110 mph) are covered by the weather related LOOP initiator in the internal events PRA. A LOOP is assumed for all extreme high-winds events. Engineering judgment Recovery of offsite power within 24 hours following a high-winds event is based on generic weather-related offsite Engineering judgment power recovery events. Additional recovery or mitigative actions are not credited in the analysis. A tornado strike hazard is determined from methods described in NUREG/CR-4661 and based on a central U.S. Bounding assumption geographic region. A lognormal distribution and error factor of 10 is assumed. A hurricane strike hazard is determined from NUREG-6890 industry data and based on a coastal U.S geographic Bounding assumption region. A lognormal distribution and error factor of 10 is assumed. Seismic Category I structures and SSC in Seismic Category I structures are not susceptible to damage from high- Engineering judgment winds events, wind-generated missiles, or damage from other buildings or SSC. Seismic Category II and III buildings and SSC within, and SSC located outside, are assumed inoperable with no Bounding assumption consideration of recovery. Forecasting information (e.g., hurricane warnings) is used to take mitigative actions; operators are assumed to Engineering judgment 19.1-256 delay startup and move a module from the crane and place it into a safe position when forecasts or conditions indicate a high winds impact is likely. Operators, however, are not assumed to reduce power or shut down following a hurricane warning or tornado watch; the plant is expected to remain at full power. Following a loss of power, motor operated valves are assumed to fail as-is and air and solenoid-operated valves Engineering judgment are assumed to fail in the de-energized position. Extreme stress was considered for operator actions following a high winds event. Engineering judgment Probabilistic Risk Assessment Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment RAI 19-23, RAI 19-23S1 Table 19.1-74: External Flooding Susceptibility During Low Power and Shutdown Plant Operating States Plant Operating State External Flooding Susceptibility POS1, Shutdown and initial Although this POS is similar in terms of plant response to the full-power PRA, because the time cooling in this POS is limited, the module can be cooled down and in POS2 before any equipment is susceptible to a flood-induced failure. In the event flood levels exceed expectations, secondary cooling can be provided by the passive DHRS to reach POS2. Therefore, external flooding effects were not evaluated for this POS. POS2, Cooling through Because the module can be maintained in POS2 indefinitely without electric power or operator containment and module action, there is no effect from an external flood during this POS. disconnection POS3, Transport and Operators are anticipated to suspend module movements if external flooding is predicted. In disassembly the event of loss of AC power, the RBC brakes will set and stop motion. The RBC is designed with redundant holding brakes so that if one set fails to engage, the other brake automatically holds the load. Because both brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load, a loss of power will halt operations but not result in a load drop. The module can be maintained in position suspended by the RBC until power is restored and the lift can resume; therefore, external flooding effects were not evaluated for this POS. POS4, Refueling and Operators are anticipated to suspend fuel and upper vessels movements if external flooding is maintenance predicted. The RBC operates with the wet hoist in the vicinity of the core to remove reactor vessel internals, and the fuel handling machine moves fuel assemblies between the core and fuel storage racks in the spent fuel pool. Both have fail-safe, redundant brakes so that in the event of loss of AC power, the brakes set and hold the load. The load can be maintained in position suspended by the RBC and wet hoist or fuel handling machine until power is restored and refueling operations can resume; therefore, external flooding effects were not evaluated for this POS. POS5, Reassembly, Operators are anticipated to suspend upper vessels and module movements if external flooding transport, and reconnection is predicted. In the event of loss of AC power, the RBC brakes will set and stop motion. The RBC is designed with redundant holding brakes so that if one set fails to engage, the other brake automatically holds the load. Because both brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load, a loss of power will halt operations, but not result in a load drop. The module can be maintained in position suspended by the RBC until power is restored and the lift can resume; therefore, external flooding effects were not evaluated for this POS. POS6, Heatup Operators are anticipated not to initiate plant heatup when forecasts indicate the potential for flooding hazards. Based on the limited duration of this POS, and the fail-safe nature of the passive NuScale design, external flooding effects were not evaluated for this POS. POS7, Low power operation Operators are anticipated not to enter low power operation when forecasts indicate the potential for flooding hazards. Based on the limited duration of this POS, and the fail-safe nature of the passive NuScale design, external flooding effects were not evaluated for this POS. Tier 2 19.1-280 Draft Revision 2

NuScale Final Safety Analysis Report Probabilistic Risk Assessment RAI 19-23, RAI 19-23S1 Table 19.1-75: High-Wind Susceptibility during Low Power and Shutdown Plant Operating States Plant Operating State (POS) Tornado and Hurricane Susceptibility POS1 High-winds events are evaluated in POS1. Shutdown and Cooling POS 2: Because the module can be maintained in POS2 indefinitely without electric power or Cooling through containment operator action, no SSC are susceptible to high winds in this POS. POS 3: Operators are anticipated to suspend module movements if high winds are predicted. Transport and disassembly In the event of loss of AC power, the RBC brakes will set and stop motion. The RBC is designed with redundant holding brakes so that if one set fails to engage, the other brake automatically holds the load. Because both brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load, a loss of power will halt operations, but not result in a load drop. The module can be maintained in position suspended by the RBC until power is restored and the lift can resume; therefore, high wind effects were not evaluated for this POS. POS 4: Operators are anticipated to suspend fuel and upper vessels movements if high winds Refueling and maintenance are predicted. The RBC operates with the wet hoist in the vicinity of the core to remove reactor vessel internals, and the fuel handling machine moves fuel assemblies between the core and fuel storage racks in the spent fuel pool. Both have fail-safe, redundant brakes so that in the event of loss of AC power, the brakes set and hold the load. The load can be maintained in position suspended by the RBC and wet hoist or fuel handling machine until power is restored and refueling operations can resume; therefore, high wind effects were not evaluated for this POS. POS 5: Operators are anticipated to suspend upper vessels and module movements if high Reassembly, transport, and winds are predicted. In the event of loss of AC power, the RBC brakes will set and stop reconnection motion. The RBC is designed with redundant holding brakes so that if one set fails to engage, the other brake automatically holds the load. Because both brake systems are designed and rated to maintain a hoisted load at the maximum allowable crane load, a loss of power will halt operations, but not result in a load drop. The module can be maintained in position suspended by the RBC until power is restored and the lift can resume; therefore, high wind effects were not evaluated for this POS. POS 6: Operators are anticipated to not initiate plant heatup under a hurricane warning or Heatup conditions where a tornado strike is likely. Based on the limited duration of this POS, and the fail-safe nature of the passive NuScale design, high wind effects were not evaluated for this POS. POS 7: High-winds events are evaluated in POS7. Low power operation Tier 2 19.1-281 Draft Revision 2

RAIO-0518-60115 : Affidavit of Zackary W. Rad, AF-0518-60016 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

NuScale Power, LLC AFFIDAVIT of Zackary W. Rad I, Zackary W. Rad, state as follows: 

   I am the Director, Regulatory Affairs of NuScale Power, LLC (NuScale), and as such, Ihave been specifically delegated the function of reviewing the information described in this Affidavit that NuScale seeks to have withheld from public disclosure, and am authorized to apply for its withholding on behalf of NuScale.
   I am knowledgeable of the criteria and procedures used by NuScale in designating information as a trade secret, privileged, or as confidential commercial or financial information. This request to withhold information from public disclosure is driven by one or more of the following:

D The information requested to be withheld reveals distinguishing aspects of a process (or component, structure, tool, method, etc.) whose use by NuScale competitors, without a license from NuScale, would constitute a competitive economicdisadvantage to NuScale. E The information requested to be withheld consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.), and the application of the data secures a competitive economic advantage, as described more fully in paragraph 3 of this Affidavit. F Use by a competitor of the information requested to be withheld would reduce the competitor's expenditure of resources, or improve its competitive position, in the design, manufacture, shipment, installation, assurance of quality, or licensing of a similar product. G The information requested to be withheld reveals cost or price information, production capabilities, budget levels, or commercial strategies of NuScale. H The information requested to be withheld consists of patentable ideas. 

   Public disclosure of the information sought to be withheld is likely to cause substantialharm to NuScale's competitive position and foreclose or reduce the availability of profit-making opportunities. The accompanying Request for Additional Information reveals distinguishing aspects about Vpecific valuesused in NuScale operational processes.

NuScale has performed significant research and evaluation to develop a basis for this SURFHVVandhas invested significant resources, including the expenditure of a considerable sum ofmoney. The precise financial value of the information is difficult to quantify, but it is a key elementof the design basis for a NuScale plant and, therefore, has substantial value to NuScale. If the information were disclosed to the public, NuScale's competitors would have access to the information without purchasing the right to use it or having been required to undertakea similar expenditure of resources. Such disclosure would constitute a misappropriation of NuScale's intellectual property, and would deprive NuScale of the opportunity to exerciseits competitive advantage to seek an adequate return on its investment. AF-0518-60016 

   The information sought to be withheld is in the enclosed response to NRC Request for Additional Information RAI No. 116, eRAI No. 8926. The enclosure containsthe designation "Proprietary" at the top of each page containing proprietary information.The information considered by NuScale to be proprietary is identified within double braces,"(( }}" in the document.
   The basis for proposing that the information be withheld is that NuScale treats the information as a trade secret, privileged, or as confidential commercial or financial information. NuScale relies upon the exemption from disclosure set forth in the Freedom of Information Act ("FOIA"), 5 USC § 552(b)(4), as well as exemptions applicable to the NRC under 10 CFR §§ 2.390(a)(4) and 9.17(a)(4).
   Pursuant to the provisions set forth in 10 CFR § 2.390(b)(4), the following is provided for consideration by the Commission in determining whether the information sought to be withheld from public disclosure should be withheld:

D The information sought to be withheld is owned and has been held in confidence by NuScale. E The information is of a sort customarily held in confidence by NuScale and, to the best of my knowledge and belief, consistently has been held in confidence by NuScale.The procedure for approval of external release of such information typically requiresreview by the staff manager, project manager, chief technology officer or otherequivalent authority, or the manager of the cognizant marketing function (or hisdelegate), for technical content, competitive effect, and determination of the accuracyof the proprietary designation. Disclosures outside NuScale are limited to regulatorybodies, customers and potential customers and their agents, suppliers, licensees, andothers with a legitimate need for the information, and then only in accordance with appropriate regulatory provisions or contractual agreements to maintainconfidentiality. F The information is being transmitted to and received by the NRC in confidence. G No public disclosure of the information has been made, and it is not available in public sources. All disclosures to third parties, including any required transmittals to NRC, have been made, or must be made, pursuant to regulatory provisions or contractual agreements that provide for maintenance of the information in confidence. H Public disclosure of the information is likely to cause substantial harm to the competitive position of NuScale, taking into account the value of the information to NuScale, the amount of effort and money expended by NuScale in developing the information, and the difficulty others would have in acquiring or duplicating the information. The information sought to be withheld is part of NuScale's technology that provides NuScale with a competitive advantage over other firms in the industry. NuScale has invested significant human and financial capital in developing this technology and NuScale believes it would be difficult for others to duplicate the technology without access to the information sought to be withheld. I declare under penalty of perjury that the foregoing is true and correct. Executed on 5/21/2018. Zackary WW. Rad AF-0518-60016}}

Retrieved from "https://kanterella.com/w/index.php?title=ML18141A883&oldid=2532612"