Text

RAIO-0618-60592 June 25, 2018 Docket No.52-048 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738

SUBJECT:

NuScale Power, LLC Response to NRC Request for Additional Information No.

435 (eRAI No. 9434) on the NuScale Design Certification Application

REFERENCE:

U.S. Nuclear Regulatory Commission, "Request for Additional Information No.

435 (eRAI No. 9434)," dated April 25, 2018 The purpose of this letter is to provide the NuScale Power, LLC (NuScale) response to the referenced NRC Request for Additional Information (RAI).

The Enclosure to this letter contains NuScale's response to the following RAI Question from NRC eRAI No. 9434:

13.05.02.01-20 This letter and the enclosed response make no new regulatory commitments and no revisions to any existing regulatory commitments.

If you have any questions on this response, please contact Steven Mirsky at 240-833-3001 or at smirsky@nuscalepower.com.

Sincerely, Zackary W. Rad Director, Regulatory Affairs NuScale Power, LLC Distribution: Gregory Cranston, NRC, OWFN-8G9A Samuel Lee, NRC, OWFN-8G9A Prosanta Chowdhury NRC, OWFN-8G9A : NuScale Response to NRC Request for Additional Information eRAI No. 9434 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-0618-60592 :

NuScale Response to NRC Request for Additional Information eRAI No. 9434 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

Response to Request for Additional Information Docket No.52-048 eRAI No.: 9434 Date of RAI Issue: 04/25/2018 NRC Question No.: 13.05.02.01-20 REGULATORY BASIS REQUIREMENTS Title 10 of the Code of Federal Regulations (10 CFR) Section 52.47(a)(8) requires an applicant for a design certification to provide an FSAR (Final Safety Analysis Report) which includes the information necessary to demonstrate compliance with any technically relevant portions of the Three Mile Island requirements set forth in 10 CFR 50.34(f), with certain exceptions. Section 10 CFR 50.34(f)(2)(ii) requires an applicant to "Establish a program, to begin during construction and follow into operation, for integrating and expanding current efforts to improve plant procedures. The scope of the program shall include emergency procedures, ...

TMI Action Plan Item I.C.1, a Post-TMI requirement approved by the Commission for implementation, requires the preparation of emergency procedure technical guidelines for development of the Emergency Operating Procedures (EOPs). Preparation of the technical guidelines is conducted in accordance with NUREG-0737, Clarification of TMI Action Plan Requirements, and NUREG-0737, Supplement 1, Requirements for Emergency Response Capability, which also specify submittal of the technical guidelines to the NRC for review and approval.

Meeting the requirements of TMI Action Plan Item I.C.1 as prescribed in NUREG-0737,Section I.C.1, and Supplement 1 to NUREG-0737, Section 7, is acceptance criteria in SRP 13.5.2.1, Operating and Emergency Operating Procedures. Design-specific Generic Technical Guidelines (GTGs), otherwise referred to as the Emergency Operating Guidelines (EOGs), will be used by COL applicants to develop their Plant-Specific Technical Guidelines (P-STGs), from which their EOPs will be developed, and are the responsibility of the DC applicant.

By letter dated November 30, 2017 (ADAMS Accession No. ML17334B822) NuScale submitted technical report TR-1117-57216, NuScale Generic Technical Guidelines, for docketing.

ISSUE The NuScale GTGs are symptom-based procedural guidelines that allow the operator to respond directly to indications presented as part of an accident progression. Legacy plant generic guidelines include event-based descriptions; i.e., events based on the Transient and NuScale Nonproprietary

Accident Analysis events and associated operator actions described in Chapter 15 of the FSAR for a specific design. Because the NuScale design has no credited manual actions in FSAR Chapter 15, the symptom-based approach allows for mitigating strategies to be effective with multiple failures, regardless of the combination. The evaluation of symptoms in the NuScale GTGs is grouped into critical safety functions (CSFs). Three CSFs, have been defined for the NuScale design:

Containment Integrity Reactivity Core Heat Removal Section 4.3, Structure and Use, of the NuScale GTGs states:

The guidance is arranged in a flowchart format and is intended to be implemented in a similar manner when finalized as a procedure. The flowchart consists of a series of decision points that culminate in either a list of operator actions or displays a status that no action is needed. The flowcharts are to be implemented in one of three ways (in order of preference):

1. Electronically through the human-system interface (HSI)

2. Manually through a user interface that asks the decision point questions and provides the appropriate procedure

3. Manually by using the paper version of the flowchart Section 4.3 further explains that the paper copies of the individual CSF flowcharts are grouped into functional areas (i.e., sub-functions) comprised of decision point logic and associated operator actions. These sub-functions are prioritized from most to least severe (i.e., left to right). If the plant operates per design (as indicated on the flowcharts with green arrows), then no operator action is needed and the CSF is met. If any decision point is answered in a way that is not in accordance with the plant design (as indicated with a dashed red arrow), then a set of manual actions is specified.

Section 4.3 provides no additional guidance or insight regarding implementation/execution strategies for paper copies of the individual CSF flowcharts other than what has been described above. NRC staff is questioning the implementation/execution strategies for the CSF flowcharts with respect to the following:

Given that the entry conditions are the same for each CSF flowchart, it appears that operators would be in all three CSFs simultaneously. Accordingly:

Item 1: Has a CSF hierarchy/priority been established?

Item 2: Is CSF flowchart implementation strategy a series, parallel, or series/parallel hybrid approach?

NuScale Nonproprietary

Item 3: If a concurrent red path condition (i.e., CSF not met) existed on two or more CSFs for the same unit, how would operators implement the GTGs?

Item 4: Assuming CSF flowchart sub-functions are implemented in series (given that they are prioritized from most to least severe), how would the flowcharts be implemented if unable to satisfy a higher order sub-function? Would the operator, by procedure, be on hold at the higher order sub-function until it was met or be permitted to continue on to the lower order sub-function logic?

Item 5: Given the inability to satisfy a sub-function (e.g., RA-2 manual actions associated with the Reactor Trip System (RTS) Actuation sub-function are unsuccessful), and procedural guidance that precludes the ability to execute lower order sub-function logic within the Reactivity CSF flowchart until the higher order sub-function logic has been satisfied, (assumes CSF flowchart sub-functions are implemented in series),

Then, what strategy would be employed if a concurrent red condition existed, for example, on the Core Heat Removal (CHR) CSF for the same or different unit (assumes the CHR CSF is a lower priority than the Reactivity CSF)? Would the operator be on hold at the RTS Actuation sub-function until it could be met, or be procedurally allowed to address the CHR CSF issue?

Item 6: The CSF flowcharts do not depict the decision logic for how operators would progress to the lower order sub-functions within the flowcharts (if in fact necessary),

when the manual Operator Action(s) taken to address a red path condition within a higher-order sub-function have been successful.

INFORMATION NEEDED NRC staff requests that NuScale: (1) explain the implementation/execution strategies for the CSF flowcharts to specifically address the staffs concerns listed as Items 1-6 above, and (2) make the necessary changes to incorporate these strategies into Section 4.3, Structure and Use, of technical report TR-1117-57216, so that operators will be provided the appropriate guidance to efficiently and effectively implement the CSF flowcharts.

NuScale Response:

Item 1: Safety functions always take priority over defense-in-depth functions. The safety functions are arranged in order of importance: containment integrity, reactivity, and core heat removal. The basis of this priority scheme is described in TR-1117-57216, NuScale Generic Technical Guidelines, Section 4.2.

Item 2: Upon meeting an entry condition, all of the the safety function and defense-in-depth flow NuScale Nonproprietary

charts for the affected unit are entered concurrently. Within each flow chart for a specific safety or defense-in-depth function, the actions are addressed in order of priority. Each chart is intended to be performed in series from left to right. If an end point is reached, only the actions listed need to be performed.

Item 3: If two or more red paths exist on a single unit, then the crew starts with containment integrity then reactivity and core heat removal as actions are completed. If an operator is performing steps in a higher priority function but is waiting for an action to complete, then actions may be taken on lower level safety functions or defense-in-depth actions until the higher level action is completed at which time the higher level priority must be addressed first.

Item 4: Within each flow chart for a specific safety or defense-in-depth function, the actions are addressed in order of priority. Each chart is intended to be performed in series from left to right.

If an end point is reached, only the actions listed need to be performed. The green safety function met end point has no actions. When the actions taken at an endpoint are successful, the system interface will re-evaluate the flow chart logic to automatically indicate the new endpoint state.

Item 5: If an operator is performing steps in a higher priority function but is waiting for an action to complete, then actions may be taken on lower level safety functions or defense-in-depth actions until the higher level action is completed at which time the higher level priority must be addressed first.

Item 6: If the emergency procedures are being implemented manually, such as when the system interface is not operating correctly, then an initial evaluation of the safety functions should be performed within a reasonable time. Follow-up evaluations would be performed at periodic intervals. Continuous evaluation of the flow charts and logic is not needed since even in beyond-design-basis events, accident progression is relatively slow.

Section 4.8 Implementation Strategy has been added to TR-1117-57216.

Impact on DCA:

Technical Report TR-1117-57216, NuScale Generic Technical Guidelines, has been revised as described in the response above and as shown in the markup provided in this response.

NuScale Nonproprietary

NuScale Generic Technical Guidelines TR-1117-57216-NP Draft Rev. 01 4.0 Procedure Development 4.1 Symptom-Based Procedures The structure of the guidelines is symptom-based. Symptom-based procedures are used to allow the operator to respond directly to the indications presented as part of the accident progression. Symptom-based procedures do not require the operator to attempt to diagnose the accident in progress. Symptom-based procedures allow the operator to respond to an event without knowledge of the initiating event or equipment status. These procedures also allow the operator to respond to unanticipated events, because they evaluate key parameters and direct actions to maintain them within the prescribed limits rather than responding in a predetermined sequence based on a diagnosed accident.

Legacy generic guidelines have included event-based descriptions. These events were based on the transient and accident analysis events and associated operator actions described in those designs Final Safety Analysis Report Chapter 15. Because the NuScale design has no FSAR Chapter 15 manual actions credited, the symptom-based approach allows for mitigating strategies to be effective with multiple failures regardless of the combination.

4.2 Critical Safety Functions The evaluation of symptoms is grouped into critical safety functions. This guidance is developed to maintain critical safety functions for the NuScale plant design. Evaluation of the NuScale design, in addition to performing a comparison with traditional light water reactor safety functions, was used to determine the appropriate NuScale safety functions. These functions are accomplished by maintaining the following, listed in order of priority:

• containment integrity

• reactivity

• core heat removal Additional safety functions are not needed due to the simplicity and reliance on passive systems in the NuScale design. For example, current fleet pressurized-water reactors (PWRs) typically have a critical safety function of maintaining a secondary heat sink.

Heat sink maintenance exists in other PWR designs because its loss can lead to core damage. Timely assessment and recovery or mitigation is critical to preventing core damage and, therefore, a separate critical safety function is warranted. The key difference is that in the NuScale design, loss of secondary heat sink, by itself, does not result in core damage. Mitigation of a complete loss of secondary heat sink has been analyzed as part of PRA and, as such, is a best estimate analysis. This analysis demonstrates that loss of secondary heat sink is mitigated passively with the reactor safety valves and heat removal through containment. The ECCS is also fully capable of removing decay heat in all required operating conditions.

RCS integrity is not a stand-alone safety function and is monitored by the core heat removal safety function since the primary actuation that mitigates a loss of RCS integrity

© Copyright 20178 by NuScale Power, LLC 9

NuScale Generic Technical Guidelines TR-1117-57216-NP Draft Rev. 01

((2(a),(c) 4.7 Setpoint Selection The listed setpoints have been derived from safety analysis (Table 7.1-4 of Reference 7.2.1), calculations, or best estimate. The final setpoints may deviate from those listed here due to final selection of instrumentation, accuracy, and allowing appropriate time for the operator to respond. The values have been included within these guidelines to provide a reference and it is anticipated that the basis for the setpoints will remain constant. Instrumentation requirements have been provided based on NuScale requirements, regulatory requirements, or vendor recommendations, but must be refined once the actual instrumentation is selected or purchased. Emergency procedures developed from these GTGs will need to reference the plant specific equipment values, ranges, and accuracies. 4.8 Implementation Strategy Upon meeting an entry condition as listed in section 4.5, all of the the safety function and defense-in-depth flow charts for the affected unit are entered concurrently. By design, the various flow chart analysis is completed by the human-system interface automatically more than once per second. This analysis consists of evaluating system parameters against the flow chart decision setpoints and resulting in an end point. An end point can be either the green safety function met indication and no procedure to be performed, OR a red/yellow condition in which there are applicable procedure steps to be performed. When the procedure steps have been successful, the flow chart is re-evaluated to determine the appropriate end point. Safety functions always take priority over defense-in-depth functions. The safety functions are arranged in order of importance: containment integrity, reactivity, and core heat removal. If two or more red paths exist on a single unit, then the crew starts with containment integrity then reactivity and core heat removal as actions are completed. If an operator is performing steps in a higher priority function but is waiting for an action to complete, then actions may be taken on lower level safety functions or defense-in-depth © Copyright 20178 by NuScale Power, LLC 25

NuScale Generic Technical Guidelines TR-1117-57216-NP Draft Rev. 01 actions until the higher level action is completed at which time the higher level priority must be addressed first. The prioritization also applies to multiple red safety functions on multiple units. The highest affected safety function on any unit would be addressed first. Red paths of the safety function occur when the unit is outside the analysis of design basis events and is in a beyond-design-basis scenario which has a very small probability of occurrence. Within each flow chart for a specific safety or defense-in-depth function, the actions are addressed in order of priority. Each chart is intended to be performed in series from left to right. If an end point is reached, only the actions listed need to be performed. The green safety function met end point has no actions. When the actions taken at an endpoint are successful, the system interface will re-evaluate the flow chart logic to automatically indicate the new endpoint state. If the emergency procedures are being implemented manually, such as when the system interface is not operating correctly, then an initial evaluation of the safety functions should be performed within a reasonable time. Follow-up evaluations would be performed at periodic intervals. Continuous evaluation of the flow charts and logic is not needed since even in beyond-design-basis events, accident progression is relatively slow. The following examples demonstrate how to apply the implementation strategy:

1) A single unit experiences a reactor trip and loss of coolant accident from the reactor coolant to the containment. Containment Isolation has actuated. All containment isolation valves are closed with the exception of a single valve.

The pressurizer heater breakers did not open when pressurizer level lowered below 35%. All other equipment operated as designed. The expected safety function display should be: Containment Integrity: Yellow - CI-6 Reactivity: Green Core Heat Removal: Red - HP-3 In this case, core heat removal is the highest priority since the logic has culminated in a red end point. It is only required for operators to take the actions listed in HP-3 and not to take actions in any other end point until the HP-3 actions are successful or a successive core heat removal flow chart evaluation results in an earlier end point within the decision paths. In the above example, if two containment isolation valves in the same path failed to close, the containment integrity function would have reached the Red

                      - CI-7 end point. Containment integrity being red would now be the highest priority. Once action has been started to address containment isolation, the operators can then take actions for core heat removal.

© Copyright 20178 by NuScale Power, LLC 26

NuScale Generic Technical Guidelines TR-1117-57216-NP Draft Rev. 01 Reactivity in this example is green, so there are no actions that would be taken to address reactivity.

2) A multi-unit trip has occurred. All safety functions for each unit are green except for a red containment integrity function on Unit 1 and a red reactivity function on Unit 2. In this case, operators would address Unit 1 first since containment integrity is the highest priority safety function.

3) A single unit experiences a beyond-design-basis event that met the entry conditions of the generic technical guidelines. Core exit thermocouple readings exceed 700°F but are less than 1200°F. The containment integrity and reactivity safety functions status indicate green. The core heat removal end point is red HF-3. Operators are expected to take actions listed in HF-3 and no other actions listed on the core heat removal flow chart. Only when core exit thermocouple readings lower to less than 700°F and a re-evaluation of the core heat removal flow chart is performed, would different actions be performed (based on the new end point).

© Copyright 20178 by NuScale Power, LLC 27}}