ML18153B547

From kanterella
Jump to navigation Jump to search
PRA Applications Program for Insp at Surry Nuclear Power Station,Unit 1, Draft Rept
ML18153B547
Person / Time
Site: Surry Dominion icon.png
Issue date: 07/31/1987
From: Jennifer Fisher, Gregg R
EG&G IDAHO, INC., IDAHO NATIONAL ENGINEERING & ENVIRONMENTAL LABORATORY
To:
NRC
References
CON-FIN-A-6553 EGG-REQ-7746, EGG-REQ-7746-DRFT, TAC-M66591, NUDOCS 8811210082
Download: ML18153B547 (61)
v  d  e


Text

EGG-REQ-77 46 July 1987 INFORMAL REPORT Idaho PRA APPLICATIONS PROGRAM FOR INSPECTION National AT THE SURRY NUCLEAR POWER STATION, Engineering UNIT 1 Laboratory DRAFT REPORT Managed by the US. R. E. Gregg Department J. E. Fisher of Energy R. E. Wright M. F. Hinton

'v

~n~EGB.13 ,~.~ Prepared for the U, S, NUCLEAR REGULATORY COMM Iss I01~

Work performed under DOE Contract . .

No. DE-AC07-76ID01570

. *881121 0082 Em.0134. " .

I QPDR f\Doc,~

5$000~0)

PDR

II ., ,

i,} ;- -. '*

EGG-REQ-7746 PRA APPLICATIONS PROGRAM FOR INSPECTION AT THE SURRY NUCLEAR POWER STATION, UNIT 1 DRAFT REPORT R. E. Gregg J. E. Fisher R. E. Wright M. F. Hinton

- I Published July 1987 EG&G Idaho, Inc.

Idaho Falls, Idaho 83415 Prepared fo~ the U.S. Nuclear Regulatory Commission Washington, D.C. 20555 Under DOE Contract No. DE-ACD7ID01570 FIN No. A6553

ABSTRACT This report contains information on the application of Probabilistic Risk Assessment (PRA) results to the inspection *of the Surry Power Station, Unit 1. The current operating plant inspection program is described and the methodology for applying PRA techniques is given. The suggested inspection guidance for use at Surry is provided in the form of system-based ana programmatic tables.

ii

SUMMARY

The Probabiltstic Risk Assessment (PRA) Application Program for Inspection at the Surry Power Station, Unit 1 was performed for Region II of the Nuclear Regulatory Commission (NRC) by EG&G Idaho, Inc. at the Idaho National Engineering Laboratory (INEL). The purpose of the program is to employ a previously developed method for using PRA techniques and results to develop risk-based inspection guidance. This guidance can then be applied to the*ongoing inspection effort for operating nuclear power plants. Using the PRA to help identify the risk significant events and equipment at a given site will assist NRC inspectors in focusing resources on those portions of a facility that contribute most to public risk.

The current {nsoection program is described, and the method used to derive the Surry guidance is shown. This method included using the SETS and SEP ~omputer codes to obtain core damage results directly from the PRA model. Importance measures were then applied to the results to determine the most important accident sequences, the events that form these sequences, and the.dominant causes of those events.

Since point estimate values of public health risk were not defined in the Surry 1 PRA, core damage criteria were used to determine sequence, system, and component importances. Based on risk of core damage, the maJor findings are these:

1. The most important sequence, station blackout leading to an RCP seal LOCA with a failure to restore HP! flow within one-half hour, contains 26% of identified core melt risk. The top four sequences contain 50% of identified plant damage risk. A total of 17 sequences are required to obtain 95% of identified plant damage risk.

iii

2. Based on Vesely-Fussell importance measures, the important systems include, the High Pressure Injection System, Emergency Power System, the Low Pressure Injection System, and the Primary Pressure Relief System. A complete list of identified risk important systems is contained in Table 18.

Inspection guidance tables are provided in two forms. First, system tables (Tables 1-11) provide the important failures, the IE modules that could be used to address those failures, and a modified walkdown list for the important equipment in each risk significant system (a full checkoff list should be used for major system reconfiguration applications, the modified checkoff list should be used for frequent, efficient walkdowns}.

Second, the important failures are arranged in programmatic tables (tables 12-15) that show functional inspection areas. These tables can be used by the inspectors who will be performing the inspections called for in the IE Manual. _

iv

ACKNOWLEDGMENTS The authors would like to express appreciation to Al Herdt, Frank Jape, and Bill Holland of NRC Region II for their assistance in obtaining the plant specific information needed for this project. Also many thanks to Bernard M. Hillmam of the NRC who, as Technical Monitor for the project, was a constant and valuable support .

V

CONTENTS ABSTRACT ............................................................. .

SUMMARY

ACKNOWLEDGEMENTS ..................................................... .

ii iii V

LIST OF TABLES ........................................................ . vii PURPOSE AND sco"PE .................................................... . 1 THE CURRENT INSPECTION PROGRAM ....................................... . 2 ..

~PPLYING PRA INFORMATION TO INSPECTION ............................... . 4 PRA Quantification .* ......................... '. ............*......... . 4 Importance Analysis 6 Importance Analysis Results ............................... 1 * * * * *

  • 7 SUGGESTED INSPECTION GUIDANCE FOR SURRY STATION ....................... . 9 CONCLUSIONS ........................................................... . 11 REFERENCES 12 TABLES lA. High Pressure Injection System Failure Mode Identification .... ... 13
18. IE Modules for High Pressure Injection System Inspection ...... ... 14 lC. Modified High Pressure Injection System Walkdown ................. 15 2A. Emergency Power System Failure Mode Identification ...... ......... 16
28. IE Modules for Emergency Power System Inspection ................. 17 2C. Modified Emergency Power System Walkdown ............ ;............ 18 3A. Low Pressure Injection System Failure Mode Identification ........ 19 3B. IE Modules for Low Pressure Injection System Inspection .......... 20 3C. Modified Low Pressure Injection System Walkdown .................. 21 vi

4A. Primary Pressure Relief System Failure Mode Identification ...... . 22

48. IE Modules for Primary Pressure Relief System Inspection ........ . 23 4C. Modified Primary Pressure Relief System Walkdown ................ . 24 SA. Auxiliary Feedwater System Failure Mode Identification ...........
68. IE Modules for Reactor Protection System Inspection ........... ~ .. . 29 6C. Modified Reactor Protection System Walkdown ..................... . 30 7A.* Charging P~mp Coo~ing System Failure Mode Identification ....... ,. 31
78. IE Modules for Charging Pump Cooling System Inspection .......... . 32 7C. Modified Charging Pump Cooling System Walkdown .................. . 33 SA. Recirculation Mode Transfer System Failure Mode I dent i fi cation .................................................. . 34
88. IE Modules for Recirculation Mede Transfer System Inspecti6n .... . 35 SC. Modified Re.-irculation Mode Transfer System Walkdown ............ . 36 9A. Accumulator System Failure Mode Identification .................. . 37
98. IE Modules for Accumulator System Inspection .................... . 38 9C. Modified Accumulator System Walkdown .................... ~ ....... . 39 lOA. Chemical and Volume Control System Failure Mode Identification .................................................. . 40

!OB. IE Modules for Chemical and Volume Control System Inspection .... . 41 lOC. Modified Chemical and Volume Control System Walkdown ............ . 42 llA. Service Water System Failure Mode Identification ................ . 43 118. IE Modules for Service Water System Inspection .................. . 44 llC. Modified Service Water System Walkdown ......................... .. 45

12. Plant Operations Inspection Guidance ............................ . 46 vii
13. Surveillance Inspection Guidance ................... .............. 47
14. Maintenance Inspection Guidance .................................. 48
15. Quality Assurance/Administrative Control Inspection Guidance ..... 49
16. Most Important Sequences ............ ............................. 50
17. Definitions of Codes Used in Table 16 ............................ 51
18. Important Systems 52 viii

~ I_, ...::. .

PRA APPLICATIONS PROGRAM FOR INSPECTION AT SURRY NUCLEAR POWER STATION PURPOSE AND SCOPE The work described in this report was performed for the Nuclear Regulatory Commission (NRC) Region II as part of FIN A6553. The basic task of this projec~ is to provide Probabilistic Risk Assessment (PRA) based inspection prioritization to improve the allocation of resources of the NRC.

inspection effort The PRA is an analytical technique for integrating diverse aspects of design and operation in order to assess the risk of a particular nuclear power plant and to develop an information base for analyzing plant-specific and generic issues. An assessment of the plant-specific risk provides both a measure of potential accident risk to the public and insights into the adequacy of plant design and operation. This assessment is achieved by identifying those sequences of potential events that contribute to risk and by establishing which features of the plant contribute most to the frequency of such s.equences. These i:- lant features may be *influenced by hardware failure, tests and maintenance during operations, or human error resulting from test, maintenance, or operational activities. Thus, a probabilistic analysis reveals the features of a plant that merit close attention and provides a focus for improving safety. Information developed_

in the assessment will be used to make decisions about the allocation of resources by directing attention to the factors and failure modes that contribute to plant risk, and therefore should be involved in any effort to reduce risk.

The method used here was first developed for the Indian Point Nuclear Power Plants, Units 2 and 3. The base document was the Indian Point Probabilistic Safety Study 1 , and the methodology and results are documented by Hinton and Wright 2 . The method has subsequently been applied to the Seabrook, Zion, and Haddam Neck Nuclear Power Stations .

  • 1

The Surry 1 task used some of the methods of reference 2 to adapt results from NUREG/CR-4550 Core Damage Frequency Report 3 for use in the inspection program at the Surry Nuclear Power Plant, Unit 1.

PRA-based inspection guidelines for Surry 1 were developed using a computerized version of the PRA 3 model. Importance measures were applied to the results to determine the most important contributors to risk: the most important accident sequences, the events that form these sequences, and the dominant causes of these events. Finally, the task required preparation of guidance tables for inspection at Surry 1. After a discussion of the current in.spection program, the results of the work just outlined are presented in the remainder of this report.

THE CURRENT INSPECTION PROGRAM The current inspection prioritization scheme includes inputs from many varied sources. Program documentation such as the Inspection and Enforcement (lE) Manual, reactive requirements such as IE Bulletins, specific plant assessment records such as Systematic Assessment of Licensee Performance (SALP) reports and previous 1nspection reports, and the in~pection staff itself all impose demands on inspection prioritization.

The IE Manual program for operating phase plants (Chapter 2515) involves a three-tiered approach. The three levels of inspection requirements are Minimum, Basic, and Supplemental. The Minimum Program will be completed at all plants without exception. The Basic Program will be completed if resource limitations do not prevent completion. The Supplemental Program is a set of procedures that are to be used when a need is seen and resources are available. Each inspection module has a frequency assigned. The frequencies include Daily, Biweekly, Weekly, Bimonthly, Monthly, Annual, Biennial, Refueling, Triannual, and When Required. The 'When Required' inspections are either called for under specific conditions, (e.g., Onsite Followup of Events at Operating Reactors, Module 93702), or are used when additional inspection of a specific area of plant operation is required. Supplemental Program inspections are all done When Required.

2

The SALP Program involves a 12 to 18 month review period over which each plant is evaluated and graded in ten functional areas: Plant Operations, Radiological Controls, Maintenance, Surveillance, Fire Protection, Emergency Preparedness, Security and Safeguards, Refueling, Licensing Activities, and Quality Programs and Administrative Controls Affecting Quality. As a result of SALP, the effort for some of the inspections in the functional areas can be relaxed or increased. However, for high population sites, the requirements cannot be relaxed.

The basic philosophy of the current IE program is that the individual closest to the pl~nt will be the one who*can best select the areas of the plant that require the closest scrutiny. The resident inspectors are instructed in the manual to spend twenty percent of their inspecti~n hours on self-directed inspection, which gives them the ability to investigate~

areas of the plant which may not otherwise be scheduled for ins.pection in the near future. The inspectors could, however, spend more time iti areas 3'.

where their interest or background dictates. This selfi-directed time a*lso allows the. inspectors to follow up on events or areas that appear to need a closer look without a requirement for a specific inspection procedure.

Also, on a quarterly basis, the resident inspectors submit to the region a formal request for inspections to be performed by the region-based specialist inspectors. These requests are based on chapter 2515 requirements or perceived need. It is the resident inspectors' responsibility to request inspections to meet the 2515 interval requirements~ and to monitor progress on other requirements from NRC directives and reactive event followup. There are three areas for which the residents do not influence the schedule. These three areas are Emergency Preparedness, Health Physics, and Security, which are handled entirely through the region.

At the Region office, the resident inspectors' requests are compiled for prioritization across the region. Here various additional considerations are applied to the process. Included are plant status (since the region must inspect construction, near term operating license, and operating plants), SALP results, population profiles, and the application of resources to NRC directives (instructions, bulletins, and 3

orders) and to reactive events. Finally, assignments are made for Regional Technical Specialist Inspectors from the specialist sections (e.g., Health Physics Specialists from the Facilities Radiation Protection Section) .

APPLYING PRA INFORMATION TO INSPECTION As documented in a previous report 2 , the overall direction of the IE Manual, with i\s tiers and assigned frequencies, was seen as a logical and effective program for general application. The module reviews that were performed revealed an overall program which provides for inspection of all aspects of the nuclear facility, with a flexible framework which allows customizing the program implementation to address the many varied plants.

It was decided that the best point t9 insert risk based inspection guidance was not in module selection or frequency, but in the direction that the inspector's efforts should take once a module is selected. After a* small set of minimum requirements, module selection should be more a function of plant operator performance or other external factors than of plant risk characteristics.

The information that the ?RA can provide to focus inspections should therefore not be placed in a new module and should not necessarily change the frequency. at which a modular inspection is performed. It should direct inspections of functional areas to the systems and components in each area that are important contributors to risk. Thus, from plant to plant the IE Manual remains the same; the plant specific information on important plant

,systems, components, and functions is the only variable.

PRA Quantification A 1eve1 3 PRA was done for Surry Power Station, Unit 1. A Level 1 analysis consist of core damage frequency quantification; a Level 2 analysis further assesses the risk of radiological release. A Level 3 PRA assesses population radiological risk based on results obtained from the Level 1 and 2 studies. Assessments of core damage frequency and population radiological dose for Surry 1 were part of the work done supporting the NUREG-1150 4 effort which is concerned with assessment of severe accidents 4

  • in nuclear power plunts. For previous P-RA-based inspection guideline
  • studies, the results of the Level 3 analysis were used, if available, to obtain system importance ranking and to choose the items which should receive priority during the application of the inspection modules.

However, as explained below, only the Level 1 results were used to develop the Surry 1 inspection guidelines.

The results of the accident sequence studies were reported in NUREG/CR-4550 3 : This analysis was done to obtain core melt frequency; event trees were used to represent accident sequences. Detailed fault trees:were used to model each top event and quantification was performed using the Set Eq~tion Transformation System (SETS) and Set Evaltiation Program (SEP) computer codes. The SETS code reduces .the fault trees into their corresponding minimal cutset equations, so that each top event was represented in terms of required combinations of component failures and~

associated frequencies. The events were then combined into the desired sequences. The SEP code performs seque~ce uncertainty analysis and extracts information required to obtain varicius importance measures: The results of the accident sequence analysis provide mean, or point estimate values for core melt frequency in terms of sequence, system, and components. These point estimates were used to obtain the systems importance ranking and for identifying priority items within each system.

-,~,.I The uncertainties associated with the core melt frequency quantification wer~ also available, but were not used in the development of PRA-based inspectiori *guidelines.

The accident seque~ce analysis results were also described in terms of plant damage states, which describe the potential for core coolability and containment heat removal capability. Thus, each damage state can be related to: (a) a source term release quantity and severity, and (b) the capability of the containment to prevent significant radiological release.

Characterization of the source term and analyses of the containment and site responses were reported in NUREG/CR-4551 5 . The analysis methods were chosen based on ability to evaluate uncertainty issues, which are high level representations of uncertainties in input parameters. Issues represent combinations of numerous input parameters which produce a common 5

effect. The principal analysis method was the Limited Latin Hypercube (LLH) sampling method, limited because not all uncertainties were addressed. The Optimistic, Central, and Pessimistic (OCP) approach was also used. The OCP approach assigns three values (optimistic, central, and pessimistic) to each branchpoint, and arrives at three possible outcomes for each sequence. The number and complexity of the issues precluded quantification in a statistically rigorous manner; a subjective analysis was used inste~d. As a consequence of the above methodology limitations, only general conclusions were made relating the plant damage states to populJtion radiological risk. Values representing source term characteristics and containment and site responses for each plant damage state were reported as ranges, and could not be defined precisely enough for rigorous statistical representatiori. Therefore, point estimate values were not available to permit systems importance ranking and priority item identification based on public radiological risk. Accordingly, the Surry 1.

PRA-based inspection guidelines were based on frequency of core damage rather than public health risk.

The NUREG-1150 document has been issued only in preliminary form. The final results of the accident sequence analyses could differ from those used as a basis for this report. However, most changes should only provide refinement of the estimated core damage frequency, and the effect on the systems importance ranking should be slight. For example, changes to offsite power recovery or emergency power system models could adjust reported*values for. station blackout sequence frequencies. Such adjustment could affect the relative importance ranking of the emergency power system, but should not result in its removal from the list of important systems.

Thus, the systems identified as significant to core damage and the identified priority inspection items within those systems should not be significantly affected by minor modeling revisions.

Importance Analysis In the Indian Point analysis 2 , nine importance measures were evaluated for use in this application. Because the concern of the program was to determine which components should be inspected most often in the 6

  • various functional areas, the measure of merit should include the factors for the components which themselves contributed to the high frequency of risk of the dominant sequences. The Vesely-Fussell measure includes the factors for contributing components, and therefore was used to perform the calculations for the Seabrook6 and subsequent studies.

The Vesely-Fussell importance measure is based on some end failure, such as the occurrence of a fatality, the occurrence of plant damage, or system failure. The importance of any element is defined as the

  • probability that the element is involved, given that the end failure occurs. Importances can therefore be fo.und for accident sequences, for

- events in the sequences, and for plant systems that fail in these events.

For example, the importance of the Low Pressure Injection (LPI) System, based gn-core damage, is the frequency of core damage occurring from an accident that involves failure of the LPI system, divided by the total frequency of core damage occurring from a plant accident.

The numerical values given in this report are based on the mean frequencies given in the Surry 1 PRA 3 . The uncertainties on these frequenci_.es; though quantified ir: the PRA, are not used in this report.

Y_*

Importance Analysis Results Impo.rtance Based on Pl ant Damage. Surry 1 core melt frequency is .

dominated by sequences involving station blackout. The most important sequence was a station blackout (ioss of offsite power for greater than one half hour and failure of two diesel generators) leading to Reactor Coolant Pump (RCP) seal Loss of Coolant Accident (LOCA), followed by failure to restore High Pressure Injection (HPI) flow within one half hour after the seal LOCA. This sequence accounted for 26% of the risk of core damage.

Other station blackout sequences included short term Auxiliary Feedwater (AFW) failure (due to failures associated with the turbine driven pump),

and long term AFW failures (guaranteed by long term AC power non-r~covery which eventually results in loss of instrumentation and control power).

Station blackout sequences contribute 43% of total core melt frequency .

The second most important sequence was a very small LOCA with failure of 7

high pressure injection. This sequence contained 10% of core damage risk.

The third and fourth sequences were loss of 480V bus lJ/lH with failure of a Power Operated Relief Valve (PORV) to reclose and failure of the low pressure suction pathway for high pressure recirculation. These items contain 8% and 6~~ of pl.ant risk respectively. Minor contributors to core melt frequency include Anticipated Transient Without Scram (ATWS),

interfacing systems LOCA 1 s, and other LOCA 1 s with failures associated with low pressure recirculation, coolant injection and accumulator functions.

In all, the top seventeen sequences are required to obtain 95% of core damage risk.

Importances based on health effects. Because the results of NUREG-1150 are not given as point estimates, importance measures based on health effects cannot be calculated and only general conclusions can be drawn concerning the risk to public health. Offsite consequences were est,matea for two risk ca~egories, early fatalities and latent cancer fatality risk. The SNNN and TNNN damage states (small LOCA and plant transient with no injection water delivered to the containme~t and neither of the ~pray systems operational) contribute a significant portion of the risk in -both categories. Both damage states are dominated by station blackout accident sequences. (The difference is loss or maintenance of RCP seal integrity.) Therefore, the major contributor to public health ris~ is station blackout. The interfacing systems LOCA is also identified as a contributor to latent cancer fatality risk and should be considered a minor contributor to health fisk.

Event and System Importances. Each sequence consists of events, and each event involves one or more plant systems. From the sequence importances, the event importances and system importances may be calculated. A system's importance is determined based on the importances of all the accident sequences in which it is a contributor to sequence failure.

8

  • SUGGESTED INSPECTION GUIDANCE FOR SURRY STATION Tables 1 through 15 provide guidance to inspectors based on the results of NUREG/CR-4550. The guidance permits the focusing of the inspector's resources on those systems that contribute at least 95% of the risk, and on components and failure modes that are significant contributors to the failure of those systems.

Each of the first eleven tables consists of three subtables. The first, or the 11 A11 subtable, is a system failure mode identification table.

_For each significant system it describes the ways in which each component failure contributes to risk. By understanding the types of failure that are significant, the inspector can focus on particular subcomponents, operations, tests, etc. For example, a premature transfer of a power supply is usually not a harmful event, while the failure to transfer usually is. The inspector would want to review or observe tests that cause transfer, and calibrations of relays that ensure proper dropout voltage or frequency. This table should be useful to all inspectors, regardless of experience levels or familiarity with the plant.

Also provided for each system, as the 11 811 subtable, are the IE modules that are relevant to the important systems and components. For a system-based inspection the module is not expected to be performed in its --1 I

entirety, since each module usually requires a look at a large number of systems. However, any or all of the requirements in each module could *be applied to the components or activities that are described in the table.

For a module-based inspection, this table can be used, along with the corresponding tables for the other important systems, to compile the list of components on which to focus the inspection. This table wili be most useful to newer.inspectors or those who are not familiar with the plant.

The 11 C11 subtable is a modified checkoff list. This list contains only those inspectable components that contribute significantly to system failure. It covers the system configuration when the plant is operating.

It is a good tool for an effective look at a system, covering the components that cause at least 95% of system failure, but usually includes 9

less than 20% of the system's components. For this reason, a full checkoff list should be used for major system reconfiguration applications, using the brief checkoff list for efficient, frequent walkdowns.

Tables 12 through 15 list the information given in the failure mode identification tables according to four functional areas. These tables are designed to assist programmatic inspection in the areas of operations, surveillance, maintenance, and QA/Administrative Controls. The information has only a diff~rent organization, not a different content.

Tables 16 through 18 list the important sequences and systems. The quantification of these tables forms the bases of the detailed guidance in Tables 1 through-15.

The guidance provided in the tables would be used differently by persons in different inspection roles. The regional specialist inspectors would use the guidance for each plant to familiarize themselves with the risk significant equipment prior to going to that plant. The residents would use it to assist in identifying areas which should be frequently observed during general *operability tours and which should be kept in mind for decision making in unusual situations .

10

CONCLUSIONS Based on the Surry 1 PRA 3 , the most important accident sequences and the most important plant systems have been identified. The importance of a sequence or system is measured by its contribution to the risk of plant*

damage. This measure was used for development of the inspection guidance tables.

Based on risk of plant damage, the major findings are these:

1. The most important sequence, station blackout leading to an RCP seal LOCA with a failure to restore HP! flow within one-half hour, contains 26% of identified core melt risk. The top four sequences contain 50% of identified plant damage risk. The top 17 sequences are required to get 95% of identified plant damage risk.
2. The important systems .include the High Pressure Injection System, the Emergency Power System, the Low Press~re Injection System, and the..P~imary Pressure Relief System. A co~plete list of important syst~ms is contained in Tab1e*1s.

The inspection guidance tables developed using the described methodology and the Surry PRA results will provide NRC inspectors the capability to inspect plant systems and components based on their importance to core melt risk.

11

REFERENCES

1. Pickard, Lowe and Garrick, Inc., Westinghouse Electric Corporation, and Fauske & Associates, Inc., Indian Point Probabilistic Safety Study, March 1982.
2. M. F. Hinton and R. E. Wright, Pilot PRA Applications Program for Inspection at Indian Point 2, EGG-EA-7136 Rev.2, February 1987.
3. R. C. Bertucio, et al., Analysis of Core Damage Frequency From Internal Events: Surry Unit 1, NUREG/CR-4550 Vol. 3, Sand 86-2084 (Draft Report), April 1986.

4.- Reactor Risk Reference Document, Main Report, U. S. Nuclear Regu1atory Commission Report NUREG-1150 Vol. l (Draft for comment), February 1987.

5. A. S. Benjamin et al., Evaluation of Severe Accident Risk and the Potential for Risk Reduction: Surry Power Station, Unit 1, NUREG/CR-4551 Vol. l, SAND86-1309 (Draft for comment) February 1987.
6. M. F. Hinton and R. E. Wright, PRA Applicitions Program for Inspection at Seabrook Station, EGG-EA-7194 Rev.1, February 1987.

12

TABLE lA. HIGH PRESSURE INJECTION SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of Motor Operated Valves MOV-1867C, D to Open. These valves must open to supply flow to intact loops with high pressure injection/

recirculation. Common cause failure modes are significant. Proper surveillance, maintenance, and lineup checks should be observed or reviewed.

2. Failure of Charaina Pump to Run. Pump fail~re, either common cause or independent in conjunction with loss of the AC bus that supplies the other pump, contribute~ ~ig~ificantly to unavailability of high pressure injection/ recirculation. Surveillance and maintenance of these pumps should be observed or reviewed.
3. Failure of Motor Operated Valve MOV-1842 to Coen. This valve provides an alternate path for injection/recircuiation flow, its common cause failure to open in conjunction with failure cf the motor operated valves in the normal injection path results in system unavailability.*

Proper surveillance, maintenance, and lineup checks sho~ld be observed or reviewed.

4. Ooerator *Failure to Provide HP! Flow Within 1/2 Hour of RCP Seal LOCA. Following AC power recovery, restoration of charging is of prime importance. Operator errors are minor contributors to this unavailability. Operator awareness of proper*procedures and familiarity with operating controls should be asses~ed or*reviewed.
5. Failure of Check Valves CV-25,-410 to Open. Failure of either of these check valves to open isolates the RWST from the charging pumps resulting in loss of high pressure injection capability. Maintenance and surveillance of these valves should be observed or reviewed.
6. Manual Valve 1-SI-24 Plugged. Should 1-SI-24 become plugged or closed, it would isolate the RWST from the charging pumps resulting in loss of high pressure injection capability. Maintenance and position of this valve should be observed or reviewed.
7. Failure of Motor Operated Valves MOV-11158.D to Open. Failure of both of these valves to open isolates the RWST to the charging pumps suction resulting in loss of high pressure injection capability.

Maintenance and surveillance of these valves should be observed or reviewed.

8. Failure of Motor Operated Valves MOV-lllSC,E to Close. Failure of these valves to close results in the inability to isolate the charging pump suction from the Volume Control Tank and realign it to the RWST, this causes loss of high pressure injection capability. Maintenance and surveillance of these valves should be observed or reviewed .
  • 13

TABLE 18. IE MODULES FOR HIGH PRESSURE INJECTION SYSTEM INSPECTION Module Title Components Failure Medea 41301 Operating Staff Operators 4 Training 61701 Surveillance (Complex) Charging Pumps 2 MOV-1867C, D 1 MOV-1842 3 CV-25, -410 5 1-SI-24 6

=

MOV-11158, D 7 MOV-lllSC, E 8 61726 Monthl~ Surveillance Charging Pumps 2 Observation MOV-1867C, D 1 MOV-1842 3 CV-25, -410 5 1-SI-24 6 MOV-11158, D 7 MOV**lllSC, E 8 62700 Maintenance Charging Pumps 2 62703 Monthly Maintenance Charging Pumps 2 Observation 71707 Operational Safety Verification Charging Pumps MOV-1867C, D*

MOV-1842 1-SI-24 MOV-11158, D 2

1 3

6 7

MOV-1115C, E 8 71710 ESF System Charging Pumps 2 Walkdown MOV-1867C, D 1 MOV-1842 3 l-S.I-24 6 MOV-11158, D 7 MOV-1115C, E 8

a. See Table lA for failure identification 14

TABLE lC. MODIFIED HIGH PRESSURE INJECTION SYSTEM WALKDOWN Requireda Actual Comeonent Noun Name Position Position LCV-11158 RWST to Charging Pump Suction Closed(Auto)

LCV-lllSD RWST to Charging Pump Suction Closed(Auto)

MOV-lllSC Crrarging Pump Suction from V.C.T. Open(Auto)

MOV-lllSE Charging Pump Suction from V.C.T. Open(Auto)

MOV-1842 Charging Iso. to Cold Leg Iso. Closed MOV-1867C Discharge to Cold Leg Closed MOV-1867D

  • Discharge to Co 1d. Leg Closed l-SI-24 RWST to HHS! Pumps Open 1-CH-P-lA, Charging Pumps 1 Runt' 1 Stby/

-18, -lC 1 Locked Out

a. Motor operated valves should be checked for power available as well as actual positi_on.

15

TABLE 2A. EMERGENCY POWER SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of Diesel Generators to Start/Run. Failure of DG 1 or 3 to start or run following a LOSP results in loss of ESF loads fed from the associated bus. This is a significant contributor to partial or total loss of AC power. Both common mode and independent failures are included.* Proper maintenance, surveillance, and lineup checks will minimize these failures. Review of maintenance records and performance tests will enhance the availability of the diesel generators.
2. Diesel Generator Unavailable due to Maintenance. This includes both scheduled and unscheduled maintenance. This item contributes to both partial and complete loss of AC power following a LOSP. The performance of mai.ntenar.ce should be reviewed to ensure efficient scheduling is done, and repairs are performed correctly, thus.

minimizing down time.

16

  • TABLE 28.

Module IE MODULES FOR EMERGENCY POWER SYSTEM INSPECTION Title Comeonents Failure mode a 61701 Surveillance (Complex) Diesel Generators l, 3 1, 2 61726 Monthly Surveillance Diesel Generators 1, 3 1, 2 62700 Maintenance

. Diesel Generators 1, 3 1, 2 62703 Monthly Maintenance Diesel Generators l, 3 1, 2 Observation 71707 Operati-0nal Safety Diesel Generators 1, 3 1 Verification 71710 ESF System Walkdown Diesel Generators 1, 3 *1

a. See Table 2A for failure identification 17

( I~ .

TABLE 2C. MODIFIED EMERGENCY POWER SYSTEM WALKDOWN Due to the integrated nature of the diesel generator failure to start/run failure mode, the lineup of all automatic diesel support functions (service water, fuel oil, starting air, DC power) should be checked.

18

TABLE 3A. LOW PRESSURE INJECTION SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of Motor Operated Valves MOV-1860A,B to Open. Failure of these valves to open due to common cause or independent failure when power is not available to the other pump train results in loss of low pressure recirculation capability. Maintenance and surveillance of these valves should be observed or reviewed .
2. Failure of Motor Ooerated Valves MOV-1862A,B to Close. Failure of these valves to close due to common cause or independent failure when power is not available to the other pump train results in loss of low pressure recirculation capability._ Maintenance and surveillance of these valves should be observed or reviewed. *
3. Failure of Low Head Safety Injection Pumps to Start/Run. Failure of these pumps to start/run due to common cause or independent failures results in loss of low pressure injection/recirculation capability.

Sur~eillance items associated wi~h these pumps should be observed or reviewed.

4. Low Head Safety Injection Pump Unavailable Due to Maintenance.

Maintenance unavailability of one of these pumps in co~junction with a fault on the other pump train results in loss of low pressure injection/recirculation capability. Maintenance activities associated with these pumps should be monitored to ensure completion in a timely and correct manner.

5. Check Valves CV-56, -47 Plugged/Fail to Open. Plugging or failure ~f these check valves to open causes blockage of the LHSI Pump suction from the containment sump resulting in loss of high/low pressure recirculation capability. Maintenance and surveillance of these valves should be observed or reviewed;
6. Failure of Operator to Switch from Low Pressure Recirculation to Hot Leg Recirculation. Following a LOCA, after 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> of low pressure recirculation Emergency Procedures require the operator to switch injectior. points from the cold legs to the hot legs, failure to do so results in core damage. Operator awareness of Emergency Procedures and familiarity with operating controls should be assessed.
7. Failure of an Injection Check Valve Pair. There are three pairs of check valves on the Low Pressure Injection lines, CV-79, -241, CV-82,

-242, and CV-85, -243. Failure of one of these pairs due to a combination of rupture, failure to close, or valve transfer open, results in an interfacing systems LOCA. Maintenance and surveillance of these valves should be observed or reviewed.

8. Plugging of the Containment Sump. Common cause failure of the sump suction lines due to plugging results in loss of high/low pressure recirculation capability. Surveillance involving these lines should be observed or reviewed and containment cleanliness maintained to limit this type of failure.

19

TABLE 38. *IE MODULES FOR LOW PRESSURE INJECTION SYSTEM INSPECTION Module Title Components Failure Mode a 41301 Operating Staff Operator 6 Training 61701 Surveillance (Complex) MOV-1860A, B 1 MOV-1862A, B 2 LHSI Pumps 3, 4 CV-56, -47 5 CV-79, -82, -85, 7

-241, -242, -243 61726 Monthly Surveillance

  • MOV-1860A, B 1 Observations MOV-1862A, B 2 LHSI Pumps 3, 4 62700 Maintenance LHSI Pumps 3, 4 62703 Monthly.Maintenance LHSI Pumps 3, 4 Observation 71707 Operational Safety MOV-186DA., B 1 Verification MOV01862A, B 2 LHSI Pumps 3, 4 71710 ESF System Walkdown MOV-1860A, B MOV-1862A, B LH.SI Pumps 1

2 3, 4

  • a.* See Table 3A for failure identification 20 *
  • TABLE 3C. MODIFIED LOW PRESSURE INJECTION SYSTEM WALKDOWN Requireda Actual Component Noun Name Position Position MOV-1860A LHSI Pump A Suction from Cont. Sump Closed MOV-18608 LHSI Pump 8 Suction from Cont. Sump Closed MOV-1862A LHSI Pump A Suction from RWST Open MOV-18628 LHSI Pump 8 Suction from RWST Open

'1-SI-P-lA LHSI Pump A Standby

. 1-SI-P-18 LHSI Pump 8 Standby

a. Motor operated valves should be checked for power available as well as actual position.

21

TABLE 4A. PRIMARY PRESSURE RELIEF SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of PCV-1456 or PCV-1455C to Reseat. Failure of a PORV to reseat is a significant contributor to a c6nsequential LOCA.

Maintenance and surveillance of these valves should be observed or reviewed.

2. Fai1ure of PCV-1456 or PCV-1455C to Ooen. Failure of a PORV to open coupled with failure of the AFW system following a transient results in core damage. Maintenance and surveillance .of these valves should be observed or reviewed .

22

TABLE 48. IE MODULES FOR PRIMARY PRESSURE RELIEF SYSTEM INSPECTION Module Title Comoonents Failure Mode a 56700 Calibration PCV-1456, -1455C 2 61701 Surveillance (Complex) PCV-1456, -1455C l, 2 61726 Mo~thly Surveillance PCV-1456, -1455C 1, ...?

Observation 71]07 Operational Safety PCV-1456, -1455C 1, .2 Verification 71710 ESF System PCV-1456, -1455C 1, 2 Walkdown

a. See Table 4A for failure identification 23

TABL£ 4C. MODIFIED PRIMARY PRESSURE RELIEF SYSTEM WALKDOWN Requireda Actual Component Noun Name Position Position PCV-1456 Pressurizer Power Operated Relief Close(auto)

PCV-1455C Pressurizer Power Operated Relief Closed(auto)

a. Motor operated valves should be checked for power available as well as actual position.

24

TABLE SA. AUXILIARY FEEDWATER SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

l. Turbine Driven Auxiliary Feedwater Pump Failure to Start. Failure of the turbine driven pump to start, in conjunction with a complete loss of AC power results in complete loss of auxiliary feed capability.

This failure is particularly important in conjunction with loss of offsite power for more than one-half hour and failure of both diesel generator~ resulting in station blackout.* Short term failure of the AFW System under these conditions results in core damage.

Surveillance and system lineup for these pumps should be observed or reviewed. *= *

2. Turbine Driven Auxiliary Feedwater Pump Unavailable Due to Maintenance. Turbine driven pump maintenance unavailability in conjunction with station blackout, is a contributing factor to loss of auxiliary feed capability. Maintenance activities involving this pump should be observed or reviewed to ensure maintenance is performed in a timeiy and correct manner.
3. Backleakage Through CV-27, -58, -89. Backleakage of steam through these check valves can result in common cause failure of all three AFW pumps due to steam binding. Maintenance and surveillance of these valves should be observed or.reviewed. Also, piping upstream of these ...

valves should.be periodically monitored for abnormally high temperature .

  • 25

TABLES 58. IE MODULES FOR AUXILIARY FEEDWATER SYSTEM INSPECTION Module Title Comeonents Failure Medea 61701 Surveillance (Complex) AFW Pump 2 1 CV-27, -58, -89 3 61726 Monthly Surveillance AFW Pump 2 1 Observation CV-27, -58, -89 3 62700 Maintenance AFW Pump 2, 2 62703 Monthly Maintenan_Fe- AFW Pump 2 2 Observation

a. See Table SA for failure identification 26
  • TABLE SC. MODIFIED AUXILIARY FEEDWATER SYSTEM WALKDOWN Due to the integrated nature of a turbine driven pump failure to start failure mode, the lineup of all pump support systems should be checked.

27

TABLE GA. REACTOR PROTECTION SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of Automatic Reactor Scram. The failure mode of concern is failure of the Reactor Protection System to scram the reactor given an automatic trip signal. This could result from electrical or mechanical failures in the Protection Logic, Scram Breakers, or Control Rod Drive Mechanisms. Maintenance, surveillance, and calibratiOTl of all Reactor Protection subsystems should be observed or reviewed.

2~ Failure of the Ooerator to Manually Scram the Reactor. For those ATWS events not caused by Controi Rod Drive Mechanism mechanical failure, the operator can end the event by manually opening the Scram Breakers. This can be done by deenergizing the shunt trips from the control room or removing power at the motor-generator sets. The operator has one minute to perform one of these actions. Operator awareness of Emergency Proceoures and familiarity with operating controls should be assessed.

28

TABLE 68. IE MODULES FOR REACTOR PROTECTION SYSTEM INSPECTION Module Title Components Failure Medea 41201 Operating Staff Operator 2 Training 56700 Calibration Reactor Protection 1 Logic 61701 Surveillance (Complex) Control Rods 1 Scram Breakers 1 62700 Maintenance Scram Breakers 1 71707 Operational Safety Control Rods 1 Verification Scram Breakers 1 71710 ESF System Control Rods 1 Walkdown Scram Breakers 1

a. See Table 6A for failure identification 29

TABLE 6C. MODIFIED REACTOR PROTECTION SYSTEM WALKDOWN Walkdown is ineffective against risk significant RPS failures.

30

TABLE 7A. CHARGING PUMP COOLING SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of Pumps 2A, B to Run. These pumps provide cooling water to the Charging Pump Seal Coolers. Over heating these seals could result in partial or complete loss of high pressure injection/recirculation capability. Maintenance and surveiliance of these pumps should be observed or reviewed .

2.

Failure of pumps 10A-. B to Run. These pumps provide cooling flow to the Charging Pump Lube Oil Coolers. Loss of Charging Pump lube oil cooling could result in complete loss of high pressure injection/recirculation capabi-lity. Both common cause and independent failures contribute to this unavailability.* Maintenance and surveillance of these pumps should be observed -0r reviewed.

3. Plugging of CPC System Inlet Strainers. The Charging Pump Cooling System uses raw water from the intake canal. This makes the inlet

'strainers susceptible ~o common cause failure by plugging. Loss of CPC flow results in overheating of the Charging Pump Seals and lube oil. This could result in complete loss of High Pressure Injection/

Recirculation capability. Maintenance and surveillance of these strainers should be observed or reviewed.

4. Failure of ~he Operator to Bypass Plugged Inlet Strainers. Should the CPC system inlet strainers become plugged, the operator can restore cooling flow by bypassing the strainers. Failure to do so could result in complete loss of High Pressure Injection/Recirculation capability. Operator awareness of appropriate procedures and familiarity with actions required to bypass a plugged ~trainer should be assessed.

31

TABLE 78. IE MODULES FOR CHARGING PUMP COOLING SYSTEM INSPECTION Modu1e 41301 61701 Training Title Operating Staff Surveillance(Complex)

Components Operators Pumps 2A, B Failure Medea 4

1 Pumps lOA, B 2 System Inlet Strainers 3 61726 Monthly Surveillance Pumps 2A, B 1 Observation Pumps lOA, B 2 System Inlet Strainers 3 62700 Maintenance Pumps 2A, *s 1 Pumps lOA, B 2 System Inlet Strainers 3 62707 Monthly Maintenance Pumps 2A, 8 1 Observation Pumps lOA, 8 2 System Inlet Strainers 3 71707 Operational Safety Pumps 2A, B 1 Verification Pumps lOA, B 2 71710 ESF System Pumps 2A, B 1 Walkdown Pumps lOA, B 2

a. See Table 7A for failure identification 32

TABLE 7C. MODIFIED CHARGING PUMP COOLING SYSTEM WALKDOWN

  • Comoonent 1-SW-P-lOA,B Noun Name Charging Pump Service Water Pumps Requireda Position 1 Run/1 Stby Actual Position 1-CC-P-2A,B Charging Pump Cooling Water Pumps 1 Run/1 Stby
a. Motor operated valves should be checked for power available as well as actual position.

33

TABLE BA. RECIRCULATION MODE TRANSFER SYSTEM FAILURE MODE IDENTIFICATION 1.

Conditions That Lead to Failure Miscalibration of Both RMT Level Sensor Trains. The Recirculation Mode Transfer System automatically switches from injection to recirculation on RWST low level. Miscalibration of these level sensors could result in failure of the Low/High Pressure Recirculation System. Calibration of these sensors should be observed or reviewed.

34

TABLE 88. IE MODULES FOR RECIRCULATION MODE TRANSFER SYSTEM INSPECTION Module Title Components Failure Medea 56700 Calibration RMT Level Sensors 1

a. See Table 8A for failure identification I

35

TABLE SC. MODIFIED RECIRCULATION MODE TRANSFER SYSTEM WALKDOWN Walkdown is ineffective against calibration errors.

36 *

  • TABLE 9A. ACCUMULATOR SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure
1. Failure of Check Valves CV-107, -109, -128, -130, -145, -147 to Open.

Following a large LOCA, core safety requires that the Accumulators on the intact loops inject to the core. Failure of any of these check valves on an intact loop would result in core damage. Maintenance and surveillance of these valves should be observed or rlviewed.

2. Plugging of Motor Ooerated Valves MOV-1865A. B, C. Following a large LOCA, core safety requir~s *that the Accumulators on the two intact loops inject to the core. Plugging of any of these valves on an intact loop would result in core damage. Maintenance and surveillance of these valves should be observed or reviewed.

37

TABLE 98. IE MODULES FOR THE ACCUMULATOR SYSTEM INSPECTION Module Title Comoonents Failure Mode a 61701 Surveillance(Complex) CV-107, -109, -128, 1

-130, -145, -147 MOV-1865A, 8, C 2 71707 Operational Safety MOV-1865A, 8, C 2 Veri.fi cation 71710 ESF System MOV-1865A, B, C 2 Walkdown  ::

a. See Table 9A for failure identification 38

TABLE 9C. MODIFIED ACCUMULATOR SYSTEM WALKDOWN Requireda Actual Component Noun Name Position Position MOV-1865A,B,C Accumulator discharge to Loops open a.* Motor operated valves should be checked for power available as well as actual position.

39

TABLE IDA. CHEMICAL AND VOLUME CONTROL SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Failure of operator to correctly perform Emergency Boration. The dominant failure mode is failure of the operator to correctly align and start (switch to fast speed) the boric acid transfer pumps within 10 minutes of an ATWS initiating event. Operator knowledge of appropriate Emergency Procedures and familiarity with associated operating ~ontrols should be assessed.
2. Failure of Boric Acid Transfer Pumo to run for one hour. Following an ATWS, failure of pump 1-CH-P-2A, -28 to run for one hour results in the inability to ~erform emergency boration, leading to core damage.

Maintenance and surveillance of this pump should be observed or reviewed~

40

  • TABLE 108.

Module IE MODULES FOR CHEMICAL AND VOLUME CONTROL SYSTEM INSPECTION Title Components Failure Medea 41201 Operating. Staff Operators 1 Training 61701 Surveillance (Complex) 1-CH-P-2A,B 2 61726 Monthly Surveillance 1-CH-P-2A,B 2 Observation 62700 Ma i.ntenance 1-CH-P-2A,B 2 62703 Monthly Maintenance 1-CH-P-2A,B 2 Observation 71707 Operational Safety 1-CH-P-2A,B 2 Verification 71710 ESF System 1-CH-P-2A,B 2 Walkdown

  • a. See Table lOA for failure identification 41

-j~

TABLE lOC. MODIFIED CHEMICAL AND VOLUME CONTROL SYSTEM WALKDOWN Requireda Actual Comoonent Noun Name Position Position 1-CH-P-2A,B Boric Acid Transfer Pumps 1 Run(slow)/1 Off

a. Motor operated valves should be checked for power available as well as actual position, 42

TABLE llA. SERVICE WATER SYSTEM FAILURE MODE IDENTIFICATION Conditions That Lead to Failure

1. Biological Fouling of the Service Water Inlet Valves to the Recirculation Spray Coolers. Motor Operated Valves MOV-SW-103A,B,C,D are susceptible to biological fouling. Common cause failure of these valves to 9pen due to biological fouling results in loss of cooling flow to the Containment Spray Coolers. Maintenance and surveillance of these valves should be observed or reviewed.
2. Failure of operator to manually ooen Service Water Inlet Valves to the Recirculation Soray Coolers. If MO.V-SW-103A,B,C,O fail to open from the Main Control Room they may be opened manually. Failure of the -

operator to do this results in loss of cooling to the Containment Spray Coolers: Operator awareness of Emergency Procedures and familiarity with actions necessary to manually open these valves sho~ld be assessed .

  • 43

TABLE 118. IE MODULES FOR SERVICE WATER SYSTEM INSPECTION Module Title Components Fa i1 ure Mode a 41201 Operating Staff Operators. 2 Training 61707 Surveillance (Complex) MOV-SW-103A, 8, C, D 1 62700 Maintenance MOV-SW-103A, 8, C, D l 71707 Operational Safety MOV-SW-103A, 8, C, D l Verification 71710 ESF System MOV-SW-103A, 8, C, D l Walkdown

a. See Jable llA for failure identification 44

TABLE llC. MODIFIED SERVICE WATER SYSTEM WALKDOWN Requireda Actual Comeonent Noun Name Position Position MOV-SW.-103A, B, C, D Recirc. Spray Service Water Closed

a. Motor operated valves should be checked for power available as well as actual position
  • 45

TABLE 12. PLANT OPERATIONS INSPECTION GUIDANCE Recognizing that normal system lineup is important to any given standby safety system, the following human errors are specifically identified in the PRA as important to risk.

System Failure Discussion High Pressure Failure to provide HP! flow within Table lA, Item 4 Injection System ~ne-half hour of an RCP seal LOCA.

Low Pressure Failure to switch from Low Pressure Table 3A, Item 6 Injection System Recirculation to Hot Leg Recirc ..

-~eactor Prote~tion Failure to manually scram the Table 6A, Item 2 System reactor following an ATWS.

Charging Pump Failure to bypass plugged inlet Table 7A, Item 4 Cooling System strainers.

Chemical and Volume Failure to correctly perform Table lOA, Item 1 Control System Emergency Boration.

Service Water Failure to manually open the Table llA, Item 2 System Recirculation Spray Cooler inlet valves 46 *

. 'I. -=- .

TABLE 13. SURVEILLANCE INSPECTION GUIDANCE The listed components are the risk significant components for which proper surveillance should minimize failure.

System Component Discussion High Pressure MOV-1867C, D Table lA, Item 1 Injection System Cha-rging Pumps Table lA, Item 2 MOV-1842 Table lA, Item 3 CV-25, -410 Table lA, Item 5 1-SI-24 Table lA, Item 6 MOV-1115B, D Table lA, Item 7 MOV-lllSC, E Table lA, Item 8 Emergency Power Diesel Ge~erator l, 3 Table 2A, Item 1 System Low Pressure MOV-1860A, B Table 3A, Item 1 Injection System MOV-1862A, B Table 3A, Item 2 LHSI Pumps Table 3A, Item 3 CV-56, -47 Table 3A, Item 5 CV-79, -82, -85; -241, Table 3A, Item 7

-242, -243 Primary Pressure PCV-1456, -1455C Table 4A, Item 1,2 Relief System Aux i 1i a ry Feedwa!'er APw Pump 2 Table SA, item 1 CV-27. -58, -89 Table SA, Item 3 Reactor Protection Automatic Scram System Table 6A, Item 1 System Charging Pump 1-CC-P-2A, B Table 7A, Item 1 Cooling System 1-SW-P-lOA, B Table 7A, Item 2 System inlet strainers Table 7A, Item 3 Recirculation.Mode RMT level sensors iable SA, Item 1 Transfer System Accumulator System CV-107, -109, -128, -130, Table 9A, Item 1

-145, -147 MOV-1865A, 8, C Table 9A, Item 2 Chemical and Volume 1-CH-P-2A, .B Table 10A, Item 2 Control System Service Water System MOV-SW-103A, B, C, D Table llA, Item 1 47

TABLE 14. MAINTENANCE INSPECTION GUIDANCE The following components are risk significant due to maintenance unavailability. The dominant contributors are frequency and duration of maintenance, with some contribution due to improperly performed maintenance.

System Component Discussion High Pressure Charging Pumps Table lA, Item 2 Injection System Em~rgency Power System Diesel Gen. 1, 3 Table 2A, Item 2 Low Pressure LHSI Pumps Table 3A, Item 4 Injection System Auxiliary Feedwater AFW Pump 2 Table SA, Item 2 System Reactor Protectio~ Scram Breakers Table 6A, Item 1 System Charging Pump 1-CC-P-2A, B Table 7A, Item 1 Cooling System 1-SW-P-lOA, 8 Table 7A, Item 2 System Inlet Strainers Table 7A, Item 3 Recirculation Mode RMT Level sensors Table BA, Item 1 Transfer System -

Chemical and Volume 1-CH-P-2A, 8 Table lOA, Item 2 Control System 48

TABLE 15. QUALITY ASSURANCE/ADMINISTRATIVE CONTROL INSPECTION GUIDANCE The failures listed here are ones which the QA/Admin. staff can affect.

For example, QA should ensure that both regular and post-maintenance surveillance actually test for the failure mode of concern for significant equipment. Also, in the case of equipment unavailabilities which cause LCO activation, administrative controls should work to minimize the time under LCD, lowering plant risk.

System Failure or Ur.availability Discussion High Pressure MOV-1867C, D Table lA, Item 1 Injection System Chargi~g Pumps Table lA, Item 2 MQV.c1842 Table lA, Item 3 CV-25, -410 - Table lA, Item 5 l-SW-24 Table lA, Item 6 MOV-11158, D Tab l e lA, I tern 7 MOV-1115C, E Table lA, Item 8 Emergency Power Diesel Generator 1, 3 Table 2A, Item 1, 2 System Low Pressure MOV-1860A, B Table 3A, Item 1 Injection System MOV-1862A, B Table 3A, Item 2 LHSI Pumps Table 3A, Item 3, 4 CV-56, -47 Table 3A, Item 5 cv-79, -82, ~8s, -241, Table 3A, Item 7

-242, -243 Primary Pressure PCV-1456, -1455C Table 4A, Item l, 2 Relief System Auxiliary Feedwater AFW Pump 2 Table SA, Item 1, 2 CV-27, -58, -89 Table SA, Item 3 Reactor Protection Automatic Scram System Table 6A, Item 1 System Charging Pump l-CC-P-2A, B Table 7A, Item 1 Cooling System 1-SW-P-lOA, B Table 7A, Item 2 System inlet strainers Table 7A, Item 3 Recirculation Mode RMT level sensors Table SA, Item 1 Transfer System Accumulator System CV-107, -109, -128, -130, Table 9A, Item 1

-145, -147 MOV-1865A, B, C Table 9A, Item 2 Chemical and Volume 1-CH-P-2A, B Table lOA, Item 2 Control System Service Water System MOV-SW-103A, B, C, D Table 11A, Item 1 49

TABLE 16. MOST IMPORTANT SEQUENCES Systems Rank Initiator a Faulted Eventsa Involved CM Fraction 1 \CSL) Dl I C, F1 EP, HPI 0.264 2 S3 Dl HPI 0.104 3 T4J

5 Tl L( LT.),= o1 , C, Fl EP, AFW 0.052 6 Tl L( ST), Dl, C, Fl EP, AFW 0.052 7 Tl L, p PPR, AFW 0.044 8 T K, R, D4 RPS 0.044 9 V LPI 0.040 10 S2 Hl LPI 0.036 11 T4J Q, Hz PPR, HPI, LPI 0.032 12 s1 Hl LPI 0.031 13 s1 Dl HPI 0.028 14 S2 Dl HPI 0.028 15 T4H Q, Hz PPR, HPI, LPI 0.027 16 T K, R, Z RPS 0.019 17 A D5 ACC 0.016 Total Core Melt Fraction 0.957

a. *See Table 17 for code definitions so

I **

TABLE 17. DEFINITIONS OF CODES IN TABLE 16 Initiator Codes Initiator Definitions A Large LOCA

.s1 Medi um LOCA S2 Small LOCA S3 Very Small LOCA T Transient

\ Station Blackout T (SL) Station Blackout Resulting in RCP Seal LOCA 1

T4H Loss of 480V Bus H T4J Loss* of 480V Bus J Fa~lted Event Codes Faulted Event Definitions C Fa i1 ure of Both Containment Spray Trains 01 Fa i1 ure of HPI from the RWST to the Jo 1d Legs 04 Failure of Emergency Boration D5 Fa i1 ure of an Intact Loop Accumulator to Inject Fl Failure of Seth !nsiae Spray Recirculation Trains HI Faiiure of LPR or Failure to Switch to Hot Leg Recirculation After 16 Hours H2 Failure of High Pressure Recirculation K Failure of Automatic Scram L Failure of Auxiliary Feedwater System L( LT) Long Term Failure of Auxiliary Feedwater System L(ST) Short Term Failure of Auxiliary Feedwater System p Fai1ure of PORV's to Open Q Failure of PORV's to Reclose or to Be Manually Isolated R Failure to Manually Trip the Reactor 51

TABLE 18. MOST IMPORTANT SYSTEMS Code System Name HPI High Pressure Injection System EP Emergency Power System LPI Low Pressure Injection System PPR Primary Pressure Relief System AFW Auxiliary F~edwater System RPS Reactor Protection System CPC Charging Pump Cooling System RMT Recirculation Mode Transfer System ACC Accumulator System eve Chemical and Volume Control System sws Service Water Syste~

52

Retrieved from "https://kanterella.com/w/index.php?title=ML18153B547&oldid=2402770"