ML18228A664

From kanterella
Jump to navigation Jump to search
Korea Hydro-Nuclear Power Co., Ltd (Design Control Document) Rev.3 - Tier2 Chapter17-Quality Assurance and Reliability Assurance
ML18228A664
Person / Time
Site: 05200046
Issue date: 08/13/2018
From: Kim H
Korea Hydro & Nuclear Power Co, Ltd
To:
Office of New Reactors
Ward W
References
KOREAHYDRONUC, KOREAHYDRONUC.SUBMISSION.10, APR1400.DCD.NS, APR1400.DCD.NS.4
Download: ML18228A664 (58)


Text

APR1400 DESIGN CONTROL DOCUMENT TIER 2 CHAPTER 17 QUALITY ASSURANCE AND RELIABILITY ASSURANCE APR1400-K-X-FS-14002-NP REVISION 3 AUGUST 2018

2018 KOREA ELECTRIC POWER CORPORATION KOREA HYDRO & NUCLEAR POWER CO., LTD All Rights Reserved This document was prepared for the design certification application to the U.S. Nuclear Regulatory Commission and contains technological information that constitutes intellectual property of Korea Hydro & Nuclear Power Co., Ltd.

Copying, using, or distributing the information in this document in whole or in part is permitted only to the U.S. Nuclear Regulatory Commission and its contractors for the purpose of reviewing design certification application materials. Other uses are strictly prohibited without the written permission of Korea Electric Power Corporation and Korea Hydro & Nuclear Power Co., Ltd.

Rev. 3

APR1400 DCD TIER 2 CHAPTER 17 - QUALITY ASSURANCE AND RELIABILITY ASSURANCE TABLE OF CONTENTS NUMBER TITLE PAGE CHAPTER 17 - QUALITY ASSURANCE AND RELIABILITY ASSURANCE .................................................................................. 17.0-1 17.0 Quality Assurance and Reliability Assurance ................................................ 17.0-1 17.1 Quality Assurance during the Design Certification Phase ........................... 17.1-1 17.1.1 Combined License Information ......................................................... 17.1-1 17.2 Quality Assurance during the Operations Phase ........................................... 17.2-1 17.2.1 Combined License Information ......................................................... 17.2-1 17.3 Quality Assurance Program Description ........................................................ 17.3-1 17.3.1 Combined License Information ......................................................... 17.3-1 17.4 Reliability Assurance Program Guidance ...................................................... 17.4-1 17.4.1 Overview............................................................................................ 17.4-1 17.4.2 Reliability Assurance Program Scope, Stages, and Goals ................. 17.4-1 17.4.3 Reliability Assurance Program Implementation ................................ 17.4-2 17.4.3.1 Description ..................................................................... 17.4-2 17.4.3.2 Programmatic Controls ................................................... 17.4-3 17.4.3.3 RAP SSC Identification .................................................. 17.4-6 17.4.3.4 Expert Panel.................................................................... 17.4-7 17.4.3.5 RAP Scope...................................................................... 17.4-8 17.4.3.6 Dominant Failure Modes (DFMs) .................................. 17.4-9 17.4.3.7 QA Associated with Design Activities............................ 17.4-9 17.4.3.8 ITAAC .......................................................................... 17.4-10 17.4.3.9 The RAP During the COL Applicant Phase ................. 17.4-10 17.4.3.10 The RAP During the Operations Phase ........................ 17.4-11 17.4.4 Reliability Assurance Program Information Included in the COL Application .............................................................................. 17.4-11 17.4.5 References ........................................................................................ 17.4-12 i Rev. 3

APR1400 DCD TIER 2 17.5 Quality Assurance Program Description - Design Certification ................. 17.5-1 17.5.1 Combined License Information ......................................................... 17.5-2 17.5.2 References .......................................................................................... 17.5-2 17.6 Maintenance Rule ............................................................................................. 17.6-1 17.6.1 Combined License Information ......................................................... 17.6-1 ii Rev. 3

APR1400 DCD TIER 2 LIST OF TABLES NUMBER TITLE PAGE Table 17.4-1 Reliability Assurance Program Systems, Structures &

Components ...................................................................................... 17.4-14 iii Rev. 3

APR1400 DCD TIER 2 ACRONYM AND ABBREVIATION LIST CAP corrective action program CCF common cause failure FV Fussell-Vesely HSS high-safety-significant ITAAC inspections, tests, analyses, and acceptance criteria NEI Nuclear Energy Institute PRA probabilistic risk assessment QA quality assurance QAPD quality assurance program description RAP reliability assurance program RAW risk achievement worth RTNSS regulatory treatment of non-safety systems SMA seismic margin analysis SRM staff requirements memorandum SSCs systems, structures, and components iv Rev. 3

APR1400 DCD TIER 2 CHAPTER 17 - QUALITY ASSURANCE AND RELIABILITY ASSURANCE 17.0 Quality Assurance and Reliability Assurance The quality assurance (QA) program for the APR1400 during the design certification phase is described in Sections 17.1, 17.2, 17.3, and 17.5. The design reliability assurance program for the APR1400 is described in Section 17.4. Information on the APR1400 Maintenance Rule is provided in Section 17.6.

17.0-1 Rev. 3

APR1400 DCD TIER 2 17.1 Quality Assurance during the Design Certification Phase Quality assurance (QA) during the design certification phase of the APR1400 is described in Section 17.5.

17.1.1 Combined License Information COL 17.1(1) The COL applicant is to establish and implement a QA program that is applicable to site-specific design activities during the plant construction and operation phases.

17.1-1 Rev. 3

APR1400 DCD TIER 2 17.2 Quality Assurance during the Operations Phase 17.2.1 Combined License Information COL 17.2(1) The COL applicant establishes and implements a QA program that is applicable to site-specific design activities during the plant construction and operation phases.

17.2-1 Rev. 3

APR1400 DCD TIER 2 17.3 Quality Assurance Program Description Quality Assurance Program Description during the design certification phase of the APR1400 is described in Section 17.5.

17.3.1 Combined License Information COL 17.3(1) The COL applicant is to establish and implement a QA program that is applicable to site-specific design activities during the plant construction and operation phases.

17.3-1 Rev. 3

APR1400 DCD TIER 2 17.4 Reliability Assurance Program Guidance 17.4.1 Overview The APR1400 Reliability Assurance Program (RAP) identifies Systems, Structures and Components (SSCs) that are risk-significant, or significant contributors to plant safety.

This determination is based upon a review of all available quantitative and qualitative information about each SSC. These risk-significant components are tabled on the RAP list, which is issued to the Design Engineering, Operations, Maintenance and Quality Assurance departments. These organizations utilize the RAP list of risk-significant SSCs to provide reasonable assurance of the following:

1) The APR1400 is designed, constructed, and operated in a manner that is consistent with the risk insights and key assumptions (e.g., SSC design, reliability, and availability) from the probabilistic, deterministic, and other methods of analysis used to identify and quantify risk.
2) The RAP SSCs do not degrade to an unacceptable level of reliability, availability or condition during plant operations.
3) The frequency of transients that challenge these SSCs is minimized.
4) These SSCs will function reliably when challenged.

This section describes the RAP as it has been established for the design phase of the APR1400, and identifies those program elements that will be developed in the Combined License phase.

17.4.2 Reliability Assurance Program Scope, Stages, and Goals Scope. The APR1400 Reliability Assurance Program identifies risk-significant components for the departments that are tasked to achieve the RAP objectives summarized above. The RAP scope includes all plant Systems, Structures and Components that have been identified by the RAP Expert Panel as risk-significant, based upon a review of all available quantitative and qualitative risk information. This information is presented in the RAP list (Table 17.4-1).

Stages. The RAP is implemented in two stages. The first stage, the Design Reliability Assurance Program (D-RAP), encompasses the reliability-assurance activities that occur 17.4-1 Rev. 3

APR1400 DCD TIER 2 before initial fuel load. The D-RAP is applicable during the APR1400 design certification, licensing and plant construction phase. The second stage comprises the reliability-assurance activities conducted during the operations phase of the plants license.

Goals. The goal of the RAP during the design stage is to ensure that the reactor design meets the purposes identified in Section 17.4.1 above, through the reactor design, procurement, fabrication, construction and preoperational testing activities and programs.

The goal of the RAP during the operations stage is to ensure that the reliability of the SSCs within the RAP scope (i.e., all risk-significant components) is maintained.

17.4.3 Reliability Assurance Program Implementation 17.4.3.1 Description The RAP is implemented in three phases. These include the following:

1) Design certification (DC) phase
2) Combined License (COL) application, including construction phase
3) Operation phase Once the COL applicant phase is complete and fuel load commences, the RAP ends and its functions are assumed by specific plant programs such as the Maintenance Rule.

During the design phase, the APR1400 designer, Korea Hydro & Nuclear Power Co., Ltd.

(KHNP), implemented the Design Reliability Assurance Program. At the same time, KHNP developed and updates the quantitative probabilistic risk model and generates importance statistics for all modeled components. These results were provided to the Expert Panel, which supplemented the quantitative PRA results with all available qualitative information and established the RAP scope of components. The RAP list of risk-significant components is maintained, updated and issued to all interfacing organizations, each of which has a role in achieving the RAP goals. As a design certification activity, this phase is the responsibility of KHNP.

17.4-2 Rev. 3

APR1400 DCD TIER 2 17.4.3.2 Programmatic Controls 17.4.3.2.1 Organizations The D-RAP is implemented by the following departments:

1) The Design Engineering department holds the lead responsibility for implementing the Reliability Assurance Program. Duties include RAP oversight and the issuance of the RAP SSC list to impacted organizations.
2) The Risk Management department includes the Probabilistic Risk Analysis staff, which maintains the PRA model and provides risk input for the Reliability Assurance Program. The PRA engineer also provides risk input during design reviews.
3) The Operations department participates in the Expert Panels duties and minimizes RAP component unavailability.
4) The Site Engineering department provides system engineering expertise for the Expert Panel.
5) The Maintenance department participates in the Expert Panels duties, ensures that RAP component maintenance is effective and unavailability is minimized.
6) The Safety Engineering department provides safety analysis expertise for the Expert Panel.
7) The Quality Assurance department participates in the Expert Panels duties. The QA department focuses on RAP components in audits and other activities.

All organizations are expected to proactively identify new issues and concerns that may affect the RAP scope and impact any aspect of plant design and operation.

17.4.3.2.2 Design Control Plant changes and D-RAP updates. Proposed design changes include a risk review to ensure that reliability is reasonably optimized and risk significance is minimized.

17.4-3 Rev. 3

APR1400 DCD TIER 2 The Reliability Assurance Program evaluates plant changes also. Following each PRA modelupdate, the PRA engineer reviews the new importance statistics for all modeled components. These results are provided to the Expert Panel. The Panel supplements the PRA input with qualitative insights in order to update the RAP scope.

The scope may be reviewed, between PRA model updates, if warranted by important design changes or new information. Interim reviews may be requested by any member of the Expert Panel. Interim reviews are entirely qualitative, pending a PRA model update when applicable.

RAP Scope Update Notifications. Following each revision of the RAP list, the Expert Panel provides a timely, written update to all interfacing organizations.

Quality Controls. Section 19.1.2 of the APR1400 Design Certification Document (Reference 11) discusses PRA model quality, including personnel qualification requirements, procedures and corrective action. This text summarizes the PRA model quality bases as required by SRP Sections 19.0 (Reference 12) and 17.4 (Reference 13).

These quality controls govern PRA model revisions, quantification and the generation of the importance measures that are used as key input data for the RAP risk classification.

Issues are tracked by the Corrective Action Program.

Configuration Control. The RAP list of risk-significant components is established and maintained by the Expert Panel. Potential changes include both the scope of systems, structures and components, as well as their dominant failure modes.

17.4.3.2.3 Implementing Procedures The Reliability Assurance Program is implemented via procedures which control the following:

1) RAP duties and responsibilities.
2) Expert Panel activities.
3) Design changes.
4) Risk Management.

17.4-4 Rev. 3

APR1400 DCD TIER 2

5) Inspections and audits.

17.4.3.2.4 Corrective Action Program The Corrective Action Program (CAP) is a web-based reporting and tracking system. It is used to document any D-RAP activities that are determined to be in error, deficient, or nonconforming. CAP issues are tracked to resolution and documented.

17.4.3.2.5 Records Required RAP documentation includes the following:

1) Panel membership requirements and qualifications
2) Component Risk Significance Evaluation sheets
3) RAP Scope Table
4) Expert Panel meeting minutes
5) Design change request reviews
6) General quality requirements, design control, personnel training and qualification 17.4.3.2.6 Audits Reference 1 describes the APR1400 Quality Assurance program in general, and Section 18 specifically addresses audit requirements. Section 18.1 notes that, in general, the audit requirements for all programs include, at a minimum, verification of compliance and effectiveness of implementation of internal rules, procedures (e.g., design, procurement, surveillance, and test), regulations, programs for training, retraining, qualification, and corrective actions, including associated record keeping. During the early portions of the APR1400 DC activities, audits will focus on areas including, but not limited to, design control, procurement, and corrective action. The scope of the audit is determined by the quality status and safety importance of the activities being performed. Management addresses all audit findings and initiates corrective action where indicated.

17.4-5 Rev. 3

APR1400 DCD TIER 2 All applicable QA program elements are audited at least once a year. Additional audits may be performed as deemed necessary by management.

These audits are the responsibility of KHNP during the design certification phase. The responsibility transfers to the COL applicant during the Combined License phase.

17.4.3.3 RAP SSC Identification The process for identifying RAP systems, structures and components typically begins with a PRA review of importance statistics following model revision. A review can also be initiated at the request of any Expert Panel member. This review includes all available APR1400 PRA models: internal events, fire and flood; at full power and shutdown; Level 1 (core damage) and Level 2 (large, offsite radionuclide release). The PRA staff identifies potentially risk-significant components and their failure modes. The PRA criteria for consideration include the Risk Achievement Worth (RAW > 2) and the Fussell-Vesely (FV > 0.005) for individual components. If at least one train meets any of these criteria, all redundant trains are retained for further evaluation.

In addition, the PRA Engineer reviews common cause failures (CCFs) with a RAW > 20.

If the individual components in these CCFs are not RAP list candidates already, then these SSCs are added to the list for Expert Panel review as potentially risk-significant.

The PRA staff provides the list of recommendations for risk-significant components to the Expert Panel. The PRA representative provides interpretations and background information as needed to support the Expert Panels classification process.

The Expert Panel supplements the quantitative PRA input with the following qualitative information, when available:

1) PRA model assumptions and limitations
2) Qualitative risk analyses (e.g., seismic margins analyses, etc.)
3) Deterministic safety analyses
4) Root cause analyses
5) Failure modes & effects analyses 17.4-6 Rev. 3

APR1400 DCD TIER 2

6) Severe accident evaluations
7) Operating experience (e.g., industry LERs, etc.)
8) SSC risk significance at other, similar plants
9) Expert Panel judgment All available quantitative and qualitative sources of information are considered during the review process. The panel reviews these sources and classifies each SSC as risk-significant or low risk. All risk-significant components are placed on the RAP list in Table 17.4-1.

The Expert Panel (1) can designate a component as risk-significant even if the PRA engineer did not make that recommendation; or (2) can designate components as low risk, even if the PRA engineer recommended it as risk-significant.

The panel also evaluates components that are not modeled. These determinations are solely qualitative. The RAP scope therefore includes SSCs that are not modeled in the PRA.

The panel revisits the RAP scope following each revision of the PRA model. If prompt action is warranted, the panel shall review design changes between PRA model updates, and perform an interim, qualitative evaluation until new PRA model results are available.

Certain passive components, such as pipes or electrical cables, are omitted from the review process. These SSCs are generally associated with an active, risk-significant component, such as a pump or a valve, which is included within the RAP scope. The reliability of the passive components is typically much higher than that for an active component. In addition, the passive component reliability implicitly falls under the umbrella of its corresponding, active risk significant component. Therefore these passive components are omitted from the RAP scope.

17.4.3.4 Expert Panel The RAP Expert Panel organization, qualifications and duties are defined in Reference 8.

The panel includes personnel with experience in PRA, safety analysis, operations, maintenance, design engineering and systems engineering. These disciplines are selected 17.4-7 Rev. 3

APR1400 DCD TIER 2 to ensure that the panel membership breadth of experience will be sufficient to properly evaluate SSC risk significance.

The panel membership consists of the following:

1) RAP Coordinator
2) PRA Engineer
3) Safety Engineer (provides safety analysis expertise)
4) Operations representative
5) Maintenance representative
6) Design Engineer
7) Site Engineer (provides system engineering expertise)
8) Quality Assurance representative Each member must have at least 6 years of nuclear industry experience. Except for the RAP Coordinator, all members must also have a minimum of 4 years of position-specific experience. The RAP Coordinator must meet this qualification for at least one specific discipline. All members are trained by the PRA Engineer on importance measures.

17.4.3.5 RAP Scope Components within the D-RAP scope are listed in Table 17.4-1. This list includes the following information:

1) List of RAP systems, structures and components (SSCs), including identification numbers and descriptions
2) Basis for inclusion, including the analysis or evaluation (e.g., internal events or fire) that resulted in the risk-significant classification
3) Dominant Failure Modes Component boundaries are not reproduced in the RAP list. SSC boundaries have been defined in the DCD Section 19.1, Table 19.1-18.

17.4-8 Rev. 3

APR1400 DCD TIER 2 The RAP list of risk-significant components and their DFMs is revisited following each PRA model revision. The scope, or any part thereof, can also be re-evaluated between model revisions if new information is obtained concerning design changes, modeling assumptions or possible errors.

17.4.3.6 Dominant Failure Modes (DFMs)

In addition to the list of components, Table 17.4-1 also lists the Dominant Failure Modes for each SSC. A failure mode is dominant if it is a basis for a risk-significant classification. For example, the DFMs for a specific valve might include a failure-to-open if that valve is required to open to perform a risk-significant function. These failure modes may be based upon quantitative PRA results or qualitative reviews.

The PRA model itself has been designed to be in conformance with the PRA quality requirements of Reference 19. These requirements include a comprehensive scope of initiating events, systems, components and failure modes in order to ensure that plant risk is effectively analyzed and quantified. These failure modes (e.g., a standby pump start in a risk-significant system would typically be included, as would any necessary valve re-alignments, etc.) are analyzed as a starting point in identifying the Dominant Failure Modes.

Most DFMs will be identified in this manner. Additional DFMs can be identified by Expert Panel judgment.

DFMs are reviewed following each PRA model update, or upon request by any Expert Panel member.

17.4.3.7 QA Associated with Design Activities The Quality Assurance (QA) program for the APR1400 design certification is described in Reference 1. The QA program is based on the requirements of Reference 3 and other, applicable regulatory documents or guides.

The overall QA program is described in Section 2 of Reference 1 and Design Control is specifically addressed in Section 3. The Reliability Assurance Program is not explicitly addressed but the RAP design activities fall under the general oversight of Section 3. See also DCD Sections 17.1, 17.2 & 17.3.

Appropriate QA controls for the nonsafety-related RAP SSCs are addressed in Section 17.5 and COL 17.4(2).

17.4-9 Rev. 3

APR1400 DCD TIER 2 The APR1400 design process controls design inputs, outputs, changes, interfaces, records, and organizational interfaces.

Section 3.1 of Reference 1 notes that design processes ensure that items and activities under QA control are suitable for their intended application, consistent with their effect on safety.

The extent of the design verification required is a function of the importance to safety.

Section 3.2 of Reference 1 requires that important design steps, including input sources, are documented.

Part III of Reference 1 specifically addresses quality control for non-safety-related components. It notes, for example, that The specific program controls are targeted at those characteristics ... that render the SSC a significant contributor to plant safety. Risk-significant SSCs that are non-safety-related will be subject to augmented quality requirements, above and beyond those for non-safety-related, low risk SSCs. These requirements include corrective actions for potential design and pre-operational errors that could degrade the SSCs.

17.4.3.8 ITAAC Inspections, Tests, Analysis and Acceptance Criteria (ITAAC) are developed to meet multiple requirements, including the Design RAP. The ITAAC requirements verify the as-built configuration and performance characteristics of SSCs as identified in Tier 1 design descriptions. The ITAAC is described in Reference 14. DCD Sections 14.3.2.13 and 2.13 specifically address the Design Reliability Assurance Program. The D-RAP ITAAC requirements ensure that the various test requirements of the ITAAC reflect the latest available list of RAP components.

RAP components are addressed by the ITAAC to ensure that their performance is consistent with the key assumptions and risk insights that resulted in their classification.

17.4.3.9 The RAP During the COL Applicant Phase During this phase, the Combined License applicant assumes RAP responsibilities. The RAP procedures are reviewed to ensure that they remain applicable. The COL applicant updates the RAP list of risk-significant SSCs and their DFMs with site-specific design information. The RAP list is then distributed to the affected organizations.

17.4-10 Rev. 3

APR1400 DCD TIER 2 The COL applicant is also responsible for describing how it will integrate reliability assurance activities into existing programs (e.g., Maintenance Rule, surveillance testing, ISI, IST, maintenance and QA). Program procedures are developed for the operation phase, at which time the RAP functions will be assumed by the regulatory programs identified below.

Procedures are developed to ensure that maintenance will be timely and effective for RAP equipment. QA procedures are developed for appropriate oversight of these programs.

17.4.3.10 The RAP During the Operations Phase Once construction ends and the initial fuel load begins, the RAP also ends. However, its functions are assumed by specific operational programs including the Maintenance Rule, surveillance testing, ISI, IST, maintenance and quality assurance.

17.4.4 Reliability Assurance Program Information Included in the COL Application The Combined License applicant shall provide the following in Chapter 17 of the safety analysis report:

COL 17.4(1) An updated description of the D-RAP to include relevant site- and plant-specific information (e.g., design, program, procedural, and organizational information). This includes identifying the SSCs within the scope of the plant-specific RAP (i.e., the RAP SSCs identified in the DC, updated using COL site- and plant-specific information) and establishing the programmatic controls of D-RAP to be applied during the COL design and construction activities prior to initial fuel load.

COL 17.4(2) Appropriate QA controls for the non-safety-related RAP SSCs in accordance with the provisions in Part V, "Non-safety-Related SSC Quality Controls," of SRP Section 17.5. This includes providing corrective actions for potential design and pre-operational errors that could degrade non-safety-related RAP SSCs. These controls are not applicable to SSCs that are not on the RAP list.

COL 17.4(3) The process for integrating the RAP into operational programs (e.g.,

maintenance rule program, QA program, inservice inspection, inservice testing, surveillance testing, and maintenance programs). The process should also address the (1) establishment of reliability, availability, or 17.4-11 Rev. 3

APR1400 DCD TIER 2 condition performance goals for the RAP SSCs, (2) establishment of performance and condition monitoring requirements to provide reasonable assurance that RAP SSCs do not degrade to an unacceptable level of reliability, availability, or condition during plant operations, (3) for non-safety-related RAP SSCs, establishment of QA controls for activities during the operations phase in accordance with the provisions in Part V of SRP Section 17.5, and (4) consideration of dominant failure modes of RAP SSCs in meeting the objectives of the RAP during plant operation.

17.4.5 References

1. APR1400-K-Q-TR-11005-NP-A, KHNP Quality Assurance Program Description (QAPD) for the APR1400 Design Certification, Rev. 2, KHNP, October 2016.
2. 10 CFR 50.65, Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, U.S. Nuclear Regulatory Commission.
3. 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, U.S. Nuclear Regulatory Commission.
4. NUREG-0800, Standard Review Plan, Section 17.5, Quality Assurance Program Description - Design Certification, Early Site Permit and New License Applicants, U.S. Nuclear Regulatory Commission, March 2007.
5. NUMARC 93-01, Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, Rev. 4a, April 2011.
6. Regulatory Guide 1.160, Monitoring the Effectiveness of Maintenance at Nuclear Power Plants, Rev. 3, U.S. Nuclear Regulatory Commission, May 2012.
7. KHNP Procedure DC-DG-03-09, Implementation of the Reliability Assurance Program (RAP).
8. KHNP Procedure DC-DG-03-10, Expert Panel Roles and Responsibilities.
9. KHNP Procedure DC-DG-03-11, Risk Significance Determination of RAP SSCs.
10. KHNP Procedure DC-DG-03-24, Risk Management Procedure.

17.4-12 Rev. 3

APR1400 DCD TIER 2

11. APR1400-K-X-FS-14002-P, Tier 2, Chapter 19, Probabilistic Risk Assessment and Severe Accident Evaluation, Rev. 3, KHNP, July 2018.
12. NUREG-0800, Standard Review Plan, Section 19.0, Probabilistic Risk Assessment and Severe Accident Evaluation for New Reactors, Rev. 3, U.S. Nuclear Regulatory Commission, December 2015.
13. NUREG-0800, Standard Review Plan, Section 17.4, Reliability Assurance Program, Rev. 1, U.S. Nuclear Regulatory Commission, May 2014.
14. APR1400-K-X-FS-14002-NP, Tier 2, Chapter 14, Verification Programs, Rev. 1, KHNP, March 2017.
15. KHNP Procedure DC-DG-03-01, Design Change Control.
16. KHNP Procedure DC-DG-16-01, Corrective Action Program.
17. KHNP Procedure DC-DG-03-05, Technical Audit at Suppliers Facility.
18. KHNP Procedure DC-DG-03-23, Implementation of Severe Accident Mitigation Design Alternatives.
19. ASME/ANS RA-Sa-2009, Addenda to ASME/ANS RA-S-2008, Standard for Level 1/Large Early Release Frequency Probabilistic Risk for Nuclear Power Plant Applications, The American Society of Mechanical Engineers, 2009.

17.4-13 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (1 of 32)

Reliability Assurance Program Systems, Structures & Components (8)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Motor-Driven Auxiliary Feedwater Pump trains AF PP02A/B Motor-Driven Pumps Level 1 AP: IE, FIRE, FLD, SMA Test & Maintenance Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD, SMA Fail to run Level 2 SD:

MDP Normal Discharge to Steam Generators AF CV1003A/B Motor-Driven Pump Discharge Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FLD Level 2 AP: IE, FLD Level 2 SD:

AF SOV0035/0036 Motor-Driven Pump Discharge Modulation Solenoid-Operated Level 1 AP: IE, FIRE, FLD Spurious closure Valves Level 1 SD: Fail to operate Level 2 AP: IE Level 2 SD:

AF MV043/044 Motor-Driven Pump Discharge Isolation Motor-Operated Level 1 AP: IE, FIRE, FLD Spurious operation Valves Level 1 SD: FLD Fail to open Level 2 AP: IE, FLD Fail to close Level 2 SD:

AF CV1007A/B Motor-Driven Pump Discharge Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FLD Level 2 AP: IE, FLD Level 2 SD:

17.4-14 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (2 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

MDP Recirculation Discharge AF CV1012A/B Motor-Driven Pump Mini-flow Line Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FLD Level 2 AP: IE, FLD Level 2 SD:

Turbine-Driven Auxiliary Feedwater Pump trains AF PP01A/B Turbine-Driven Pumps Level 1 AP: IE, FIRE, FLD, SMA Test & Maintenance Level 1 SD: IE Fail to start Level 2 AP: IE, FIRE, FLD, SMA Fail to run Level 2 SD:

Expert Panel : seismic TDP Normal Discharge to Steam Generators AF CV1004A/B Turbine-Driven Pump Discharge Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE Level 2 AP:

Level 2 SD:

AF SOV0037/0038 Turbine-Driven Pump Discharge Modulation Valves Expert Panel Spurious closure AF MV045/046 Turbine-Driven Pump Discharge Isolation Motor-Operated Level 1 AP: IE, FIRE, FLD Spurious operation Valves Level 1 SD: Fail to open Level 2 AP: IE, FIRE, FLD Fail to close Level 2 SD:

AF CV1008A/B Turbine-Driven Pump Discharge Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE Level 2 AP:

Level 2 SD:

TDP Recirculation Discharge AF CV1014A/B Turbine-Driven Pump Mini-flow Line Check Valves Level 1 AP: IE Fail to open Level 1 SD: IE Level 2 AP:

Level 2 SD:

17.4-15 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (3 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Steam Supply to the Turbine-Driven AF Pumps AT CV1020A/B AF Turbine-Driven Pump Steam Supply Check Valves Level 1 AP: IE Fail to open Level 1 SD:

Level 2 AP:

Level 2 SD:

AT AV009/010 AF Turbine-Driven Pump Steam Supply Isolation Air-Operated Level 1 AP: IE, FLD Fail to open Valves Level 1 SD:

Level 2 AP: IE Level 2 SD:

Auxiliary Feedwater Storage & Transfer Normal Suction to AF Pumps AX TK01A/B Auxiliary Feedwater Storage Tanks Expert Panel Leak or rupture Alternate AF suction from CST AX CV1630 CST Suction Check Valve Expert Panel Fail to open AX CV1628/1629 CST Suction Check Valves Level 1 AP: FIRE CCF to open Level 1 SD:

Level 2 AP:

Level 2 SD:

AF Tank Refill AX CV1600 Demineralized Water Common Header Check Valve Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD:

Level 2 AP:

Level 2 SD:

Condenser Vacuum System CA CV1023 Containment Isolation Check Valve Level 1 AP: Fail to close Level 1 SD:

Level 2 AP:

Level 2 SD: FIRE 17.4-16 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (4 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Component Cooling System CC TK01A/B Component Cooling Water Surge Tanks Level 1 AP: IE, FIRE, FLD Leak or rupture Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE Level 2 SD: IE, FIRE, SMA CC V1121/1122/1123/1124 CC Pump Suction Manual Valves Level 1 AP: Spurious closure Level 1 SD: FLD Level 2 AP:

Level 2 SD:

CC PP01A/B Component Cooling Water Pumps Level 1 AP: IE, FIRE, FLD Test & Maintenance PP02A/B Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE, SMA Expert Panel : seismic CC CV1001/1002/1003/1004 Component Cooling Water Pump Discharge Check Valves Level 1 AP: IE Fail to open Level 1 SD: FLD Fail to close Level 2 AP: FIRE, FLD Level 2 SD: SMA CC V1007/1008/1009/1010 CC Pump Discharge Manual Valves Level 1 AP: Spurious closure Level 1 SD: FLD Level 2 AP:

Level 2 SD:

CC V1013/1014 HE Header Inlet Isolation Manual Valves Expert Panel Spurious closure CC HE01A/B Component Cooling Water Heat Exchangers Level 1 AP: IE, FIRE, FLD Loss of heat transfer HE02A/B Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA CC HE03A/B Component Cooling Water Heat Exchangers Expert Panel (should be same as Loss of heat transfer HE01A/B & HE02A/B) 17.4-17 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (5 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Component Cooling (cont.)

CC V1211/1212 HE01A/B Outlet Manual Valves Level 1 AP: IE Spurious closure Level 1 SD:

Level 2 AP: IE Level 2 SD:

CC MV021/022/023 Component Cooling Water Heat Exchanger Discharge Motor- Expert Panel Fail to operate MV024/025/026 Operated Valves CC MV027/028 Component Cooling Water Heat Exchanger Bypass Motor- Expert Panel Fail to operate Operated Valves Various CC Loads CC MV097/098 CS Heat Exchanger 1A/1B CC Inlet Motor-Operated Valves Level 1 AP: IE Fail to open Level 1 SD:

Level 2 AP: IE, FLD Level 2 SD:

CC MV131/132 Essential Chiller 2A/B CC Outlet Motor-Operated Valves Level 1 AP: FLD Fail to open Level 1 SD: FLD Level 2 AP: FLD Level 2 SD:

CC MV143/145/147/149 Non-Safety Load Supply and Return Isolation Motor-Operated Level 1 AP: IE, FLD CCF to close MV144/146/148/150 Valves Level 1 SD: IE, FLD Level 2 AP: IE, FLD Level 2 SD: IE, FIRE CC MV181/182 EDG CC Inlet Motor-Operated Valves Level 1 AP: IE Fail to open MV191/192 Level 1 SD: IE, FLD, SMA Level 2 AP: FIRE Level 2 SD: IE, FIRE, SMA 17.4-18 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (6 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Various CC Loads (cont.)

CC MV351/352 Shutdown Cooling Heat Exchanger 1A/B CC Inlet Motor- Level 1 AP: Fail to open Operated Valves Level 1 SD: FLD, SMA Level 2 AP:

Level 2 SD: IE CC MV383/384 Essential Chiller 1A/1B CC Outlet Motor-Operated Valves Expert Panel Fail to operate CC V1561/1562 Essential Water Chiller Condenser CH01A/B Iutlet Manual Expert Panel Spurious closure Valves (similar to CH02A/B valve)

CC V1563/1564 Essential Water Chiller Condenser CH01A/B Outlet Manual Expert Panel Spurious closure Valves (similar to CH02A/B vlave)

CC V1261/1262 Essential Water Chiller Condenser CH02A/B Inlet Manual Level 1 AP: Spurious closure Valves Level 1 SD: FLD Level 2 AP:

Level 2 SD:

CC V1263/1264 Essential Water Chiller Condenser CH02A/B Outlet Manual Level 1 AP: Spurious closure Valves Level 1 SD: FLD Level 2 AP:

Level 2 SD:

CC V1281/1282 DG 01A/B/C/D Outlet Manual Valves Level 1 AP: IE Spurious closure V1291/1292 Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: FIRE, SMA Containment Spray System CS PP01A/B Containment Spray Pumps Level 1 AP: IE, FLD, SMA Test & Maintenance Level 1 SD: IE Fail to start Level 2 AP: IE, FLD, SMA CCF to run Level 2 SD: IE, SMA CS CV1001/1002 Containment Spray Pump Discharge Check Valves Level 1 AP: IE, FLD CCF to open Level 1 SD: IE Level 2 AP: IE Level 2 SD:

17.4-19 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (7 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Containment Spray System (cont.)

CS HE01A/B Containment Spray Heat Exchangers Level 1 AP: IE, SMA Loss of heat transfer Level 1 SD: Test & Maintenance Level 2 AP: IE, FLD, SMA Level 2 SD:

CS MV001/002 Containment Spray Heat Exchanger Discharge Isolation Motor- Level 1 AP: IE Spurious closure Operated Valves Level1SD:

Level 2 AP: IE Level 2 SD:

CS MV003/004 Containment Spray Heat Exchanger Discharge Isolation Motor- Level 1 AP: IE Fail to open Operated Valves Level 1 SD:

Level 2 AP: IE, FLD Level 2 SD:

CS CV1007/1008 Containment Spray Heat Exchanger Discharge Check Valves Level 1 AP: IE Fail to open Level 1 SD:

Level 2 AP: IE Level 2 SD:

CS Pumping Device Key Components in Emergency Containment Spray Backup Expert Panel Fail to operate Connections Water System (ECSBS)(10)

Source CS Mini-flow Recirculation CS HE02A/B Containment Spray Mini-flow Line Heat Exchangers Level 1 AP: IE Test & Maintenance Level 1 SD:

Level 2 AP: IE, FLD Level 2 SD:

17.4-20 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (8 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Chemical & Volume Control System CV CV189 IRWST Return Line Check Valve Level 1 AP: Fail to open Level 1 SD:

Level 2 AP:

Level 2 SD: FIRE CV AV505/506 Containment Isolation RCP to VCT AOVs Level 1 AP: Fail to close Level 1 SD:

Level 2 AP: FLD Level 2 SD: FIRE CV AV522/523 Regenerative HX outlet AOVs Expert Panel Fail to close CV AV560/561 Reactor Drain Tank outlet AOVs Expert Panel Fail to close Alternate AC Diesel Generator DA TK01 AAC Fuel Oil Storage Tank Expert Panel (SBO) Leak or rupture DA PP01/02 AAC Fuel Oil Transfer Pumps Expert Panel (SBO) Test & Maintenance Fail to start Fail to run DA CV1005/1007 AAC Fuel Oil Transfer Pump Discharge Check Valves Expert Panel (SBO) Fail to open DA TK02 AAC Fuel Oil Day Tank Expert Panel (SBO) Leak or rupture DA AACTG AAC Gas Turbine Generator Level 1 AP: IE, FIRE Test & Maintenance Level 1 SD: IE Fail to run Level 2 AP: IE, FIRE Level 2 SD: IE 17.4-21 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (9 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

DC Buses & Batteries DC BC01A/B/C/D Class 1E 125V DC Battery Chargers Level 1 AP: IE, FIRE Fail to operate BC02A/B/C/D Level 1 SD:

Level 2 AP: IE Level 2 SD:

DC BT01A/B/C/D Class 1E 125V DC Batteries Level 1 AP: IE, FIRE, FLD Test & Maintenance Level 1 SD: IE, FLD Fail to operate Level 2 AP: IE, FIRE, FLD, SMA Level 2 SD: IE, FIRE, SMA Expert Panel : seismic DC MC01A/B/C/D Class 1E 125V DC Buses Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD, SMA Level 2 SD: IE, FIRE, SMA DC MC01M/01N Non-Class 1E 125V DC Buses Level 1 AP: IE Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

Radioactive Drains System DE AV006 Radioactive Drain System - Containment Isolation Valve Level 1 AP: Fail to close Level 1 SD:

Level 2 AP: FIRE, FLD Level 2 SD: IE, FIRE DE MV005 Radioactive Drain System - Containment Isolation Valve Expert Panel Fail to close 17.4-22 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (10 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Emergency Diesel Generators DG DG A/B/C/D Emergency Diesel Generators, including the day tanks Level 1 AP: IE, FIRE, FLD, SMA Test & Maintenance (DOTK02A/B/C/D) Level 1 SD: IE, FIRE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD, SMA Fail to run Level 2 SD: IE, FIRE, SMA Expert Panel : seismic DG SEQ A/B/C/D DG Load Sequencers Level 1 AP: IE, FIRE, SMA Fail to operate Level 1 SD: IE, FLD, SMA Level 2 AP: IE, FIRE, SMA Level 2 SD: IE, FIRE, SMA Diesel Fuel Oil Transfer System DO TK 01A/B/C/D Diesel Fuel Oil Storage Tanks Level 1 AP: Leak or rupture Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: FIRE DO LS3025A/B/C/D Fuel Oil Tank Level Switches Level 1 AP: IE Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD: IE DO V1002A/B/C/D FOTP Suction Manual Valves Level 1 AP: IE Spurious closure V1009A/B/C/D Level 1 SD: IE, FLD V1010A/B/C/D Level 2 AP:

Level 2 SD: FIRE, SMA DO PP01A/B/C/D Diesel Fuel Oil Transfer Pumps Level 1 AP: IE, FIRE CCF to start PP02A/B/C/D Level 1 SD: IE, FLD CCF to run Level 2 AP: IE Level 2 SD: IE, FIRE 17.4-23 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (11 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Diesel Fuel Oil Transfer System (cont.)

DO CV1005A/B/C/D FOTP Discharge Manual Valves Level 1 AP: IE, FIRE CCF to open CV1007A/B/C/D Level 1 SD: IE Level 2 AP:

Level 2 SD:

DO V1015A/B/C/D FOTP Discharge Manual Valves Level 1 AP: IE Spurious closure V4011A/B/C/D Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: FIRE, SMA Diverse Protection System DP HS071A/B Diverse Protection System Manual Trip Push Buttons ATWS, Expert Panel Fail to operate DP PLC1/PLC2 Diverse Protection System (DPS) Signal Processors ATWS, Expert Panel Fail to operate Fire Protection System FP Fire barriers between rooms:

Fire suppression Control Room & Switchgear Room fire suppression Expert Panel Fail to operate subsystems F000-ADGD Diesel Generator room D and General access area at 100 D Level 1 AP: FIRE Barrier Failure

& F100-A06D Level 1 SD: FIRE F078-AGAC General access areas 78 C and 78 D Level 2 AP: FIRE

& F078-AGAD Level 2 SD: FIRE F100-A06D General access areas 100 D and 100 C

& F100-AGAC F120-A05D Electrical equipment room 120 D and general access area 120

& F120-AGAD D F120-AGAC General access areas 120 C and 120 D

& F120-AGAD F137-A02D Electrical equipment room 137 D and Main control room

& F157-AMCR 17.4-24 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (12 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Feedwater System FW V1025 Startup Feedwater Pump Suction Valve Level 1 AP: IE Spurious closure Level 1 SD:

Level 2 AP:

Level 2 SD:

FW PP07 Startup Feedwater Motor-Driven Pump Level 1 AP: IE Test & Maintenance Level 1 SD: Fail to start Level 2 AP: IE Fail to run Level 2 SD:

FW CV1026 Startup Feedwater Pump Discharge Check Valve Level 1 AP: IE Fail to open Level 1 SD:

Level 2 AP:

Level 2 SD:

FW CV058 Startup Feedwater Pump Discharge Stop Check Valve Level 1 AP: IE Fail to open Level 1 SD:

Level 2 AP:

Level 2 SD:

FW MV093 Startup Feedwater Pump Discharge Isolation Motor-Operated Level 1 AP: IE Fail to open Valve Level 1 SD:

Level 2 AP:

Level 2 SD:

17.4-25 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (13 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Gaseous Radwaste System GW SV002 Gaseous Radwaste System - Containment Isolation Valve Level 1 AP: Fail to open Level 1 SD:

Level 2 AP: FIRE, FLD Level 2 SD: IE, FIRE GW MV001 Containment Isolation Valve Level 1 AP: Fail to close Level 1 SD:

Level 2 AP:

Level 2 SD: FIRE Hydrogen Control System HG HI01 through 10 Hydrogen Igniters Expert Panel Fail to operate HG PARs Passive Autocatalytic Recombiners Level 1 AP: Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD: IE, FIRE Instrument Power (120 VAC) System IP IN01A/B/C/D Class 1E 120V AC Inverters Level 1 AP: IE, FIRE, FLD Test & Maintenance Level 1 SD: Fail to operate Level 2 AP: IE, FIRE, FLD Level 2 SD:

In-Containment Refueling Water Storage Tank System IW (11) HVT trash racks In-containment Refueling Water Storage Tank (IRWST) Level 1 AP: IE, FIRE, FLD Plugged ST01A/B/C/D Holdup Volume Tank (HVT) trash racks IRWST sump strainers Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE Expert Panel (confirms both racks and strainers) 17.4-26 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (14 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Main Steam System MS ADV101/102/103/104 Main Steam Atmospheric Dump Valves Level 1 AP: IE CCF to open Level 1 SD: FIRE (mechanical, electrical or Level 2 AP: IE I&C faults)

Level 2 SD:

MS SV1301 through 1320 Main Steam Safety Valves Level 1 AP: IE, FIRE, FLD CCF to open Level 1 SD:

Level 2 AP: IE Level 2 SD:

MS MSIV011/012/013/014 Main Steam Isolation Valves Level 1 AP: IE Fail to close Level 1 SD:

Level 2 AP: IE Level 2 SD:

MS AV109/110 Auxiliary Feedwater Pump Turbine Steam Supply Air-Operated Level 1 AP: IE, FLD Fail to open Valves Level 1 SD:

Level 2 AP: IE Level 2 SD:

Non-Class 1E 4.16 kV System NB SW01M Non-1E 4.16KV Switchgear Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

17.4-27 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (15 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Non-Class 1E 480V Load Center System NG LC05N/10M Non-1E 480V Load Centers Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

NG TR05N/10M Non-1E 480V Load Center Transformers Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

Non-Class 1E 480V MCC & Low Voltage System NH MC03M/20N Non-1E 480V MCCs Level 1 AP: IE, FIRE Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

13.8 kV Power System NP SW02N Non-1E 13.8 kV Switchgear for FW PP07 Level 1 AP: IE Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

NP TR01/02/03 Main Transformers Level 1 AP: IE, FLD Fail to operate Level 1 SD: IE, FIRE Level 2 AP: IE, FLD Level 2 SD: IE, FIRE NP TR01M/01N Unit Auxiliary Transformers Level 1 AP: IE, FLD Fail to operate Level 1 SD: IE, FIRE Level 2 AP: IE, FLD Level 2 SD: IE, FIRE 17.4-28 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (16 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7) 13.8 kV Power System (cont.)

NP TR02M/02N Standby Auxiliary Transformers Level 1 AP: FIRE, FLD Test & Maintenance Level 1 SD: FIRE Fail to operate Level 2 AP: FIRE, FLD Level 2 SD: FIRE NP IPB43000A Iso-Phase Bus Level 1 AP: IE, FLD Fail to operate Level 1 SD: IE, FIRE Level 2 AP: IE, FLD Level 2 SD: IE, FIRE I&C Equipment Rm & Computer Room Panels & Cabinets PA (listed as EF PA06C/D Digital Output Modules Level 1 AP: IE, FIRE, FLD Fail to operate in the last RAP (PA06C/D branches 01/02/03/04) Level 1 SD: IE, FIRE, FLD list) Primary Loop Controller (PA06C/D) Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA ESF Component Control System (All PE components were identified as LOOP CONTROLLERS in the last RAP list revision)

PE LX01A/B/C/D Analog Input Modules Level 1 AP: IE, FIRE Fail to operate LX02C/D Level 1 SD: FLD LX05A/B Level 2 AP: IE, FLD Level 2 SD: SMA PE LX03D Digital Input Module Level 1 AP: Fail to operate Level 1 SD: FLD Level 2 AP:

Level 2 SD:

17.4-29 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (17 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

ESF Component Control System (cont.)

PE LX001A/B/C/D Digital Output Modules Level 1 AP: IE, FIRE, FLD Fail to operate LX02B/D Level 1 SD: IE, FIRE, FLD LX03C/D Level 2 AP: IE, FIRE, FLD LX04B Level 2 SD: IE, FIRE, SMA LX05A/B/C/D LX08A LX09B PE LX01A/B/C/D Primary Loop Controllers Level 1 AP: IE, FIRE, FLD Fail to operate LX02B/D Level 1 SD: IE, FIRE, FLD LX03A/B/C/D Level 2 AP: IE, FIRE, FLD LX04B Level 2 SD: IE, FIRE LX05A/B/C/D LX08A LX09B Class 1E 4.16 kV Subsystem PF SW01A/B/C/D Class 1E 4.16 kV Switchgear Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD: IE, FIRE Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA PF SW01A/B-A2 Class 1E 4.16 kV Switchgear PCB from SAT Level 1 AP: FIRE, FLD Fail to close Level 1 SD: FLD Level 2 AP: FIRE, FLD Level 2 SD:

PF SW01A-H2 Class 1E 4.16 kV Switchgear PCB (UAT) Level 1 AP: IE, FLD, SMA Fail to open SW01B-H2 Level 1 SD: IE, FIRE, FLD SW01C-C2 Level 2 AP: IE, FLD, SMA SW01D-G2 Level 2 SD: IE, FIRE 17.4-30 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (18 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Class 1E 480V Load Center Subsystem PG LC01A/B/C/D Class 1E 480V Load Centers Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA PG TR01A/B/C/D Class 1E 480V Load Center Transformers Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA Class 1E 480V MCC & Low Voltage Subsystem PH MC01A/B/C/D Class 1E 480V Motor Control Centers Level 1 AP: IE, FIRE, FLD Fail to operate Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: FIRE, SMA PH MC02A/B/C/D Class 1E 480V Motor Control Centers Level 1 AP: FIRE, FLD Fail to operate Level 1 SD: IE, FLD Level 2 AP: FLD Level 2 SD: FIRE, SMA PH MC03A/B/C/D Class 1E 480V Motor Control Centers Level 1 AP: Fail to operate Level 1 SD: FLD Level 2 AP:

Level 2 SD: FIRE 17.4-31 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (19 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Class 1E 480V MCC & Low Voltage Subsystem (cont.)

PH MC04A/B/C/D Class 1E 480V Motor Control Centers Level 1 AP: IE, FIRE Fail to operate Level 1 SD: FLD Level 2 AP:

Level 2 SD:

PH MC05A/B Class 1E 480V Motor Control Centers Level 1 AP: Fail to operate Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: FIRE, SMA Process-Component Control System PO LX-54/58/70 P-CCS Loop Controllers Level 1 AP: IE, FLD Fail to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

Plant Protection System PP - BPM, GC, LC, LCL application software and Operating system Level 1 AP: IE, FIRE, FLD CCF to operate software Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE Reactor Coolant System RC SRV200/201/202/203 Pressurizer Pilot-Operated Safety Relief Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: Fail to close Level 2 AP: IE, FIRE, FLD Level 2 SD:

RC MV130/131/132/133 POSRV Pilot Motor-Operated Valves Level 1 AP: FIRE, FLD Fail to open 134/135/136/137 Level 1 SD:

Level 2 AP: FIRE, FLD Level 2 SD:

17.4-32 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (20 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Reactor Coolant System (cont.)

RC INV01A/B/C/D Inverters for Motor Operated POSRVs Level 1 AP: FIRE, FLD Fail to operate Level 1 SD: FIRE, FLD Level 2 AP:

Level 2 SD:

RC PP01A/B RC Pump trip circuits Expert Panel Fail to operate PP02A/B RC Core Exit Thermocouples Expert Panel Fail to operate RC LT 40 Shutdown Level Transmitters LT 40 (spool piece) Expert Panel Fail to operate LET 41 LET 41 (ultrasonic level measurement)

Reactor Coolant Gas Vent System RG SOV410/411/412/413 Pressurizer Gas Vent Line Isolation Solenoid-Operated Valves Expert Panel Fail to operate RG SOV414/415/416/417 Reactor Vessel Gas Vent Line Isolation Solenoid-Operated Expert Panel Fail to open Valves RG SOV418 Reactor Vessel Gas Vent Line RDT Discharge Isolation Expert Panel Fail to operate Solenoid-Operated Valve RG SOV419/420 Reactor Vessel Gas Vent Line IRWST Discharge Isolation Expert Panel Fail to operate Solenoid-Operated Valves Reactor Protection System RP PA14A/B/C/D Plant Protection System Cabinets (Analog input modules Level 1 AP: IE CCF to operate Bistable process modules Digital output modules Protection Level 1 SD:

relays) Level 2 AP: IE Level 2 SD:

RP SW01A/B/C/D Reactor Trip Switchgear (UV/shunt trip devices) Level 1 AP: IE CCF to energize Level 1 SD:

Level 2 AP: IE Level 2 SD:

RP TCB A-1/B-1/C-1/D-1 Reactor Trip Circuit Breakers Level 1 AP: IE, FIRE, FLD CCF to open TCB A-2/B-2/C-2/D-2 Level 1 SD: IE Level 2 AP: IE, FIRE, FLD Level 2 SD:

17.4-33 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (21 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Safety Injection Normal Suction and Discharge SI CV157/158 IRWST Suction Check Valves Level 1 AP: IE, FLD CCF to open Level 1 SD: IE Level 2 AP: IE Level 2 SD:

SI MV304/305/308/309 IRWST Suction MOVs to SI/SC Pumps Level 1 AP: FIRE Spurious closure Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: IE, FIRE SI V130/131/402/470 Safety Injection Pump Suction Manual Valves Level 1 AP: FIRE Spurious closure Level 1 SD: IE, FLD Level 2 AP:

Level 2 SD: IE SI PP02A/B/C/D Safety Injection Pumps Level 1 AP: IE, FIRE, FLD, SMA Test & Maintenance Level 1 SD: IE, FIRE, FLD, SMA Fail to start Level 2 AP: IE, SMA Fail to run Level 2 SD: IE, FIRE, SMA SI CV404/405/434/446 Safety Injection Pump Discharge Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FLD Level 2 AP: IE Level 2 SD: IE, FIRE SI V435/447/476/478 Safety Injection Pump Discharge Manual Valves Level 1 AP: IE, FIRE Spurious closure Level 1 SD: IE, FIRE, FLD Level 2 AP:

Level 2 SD: IE 17.4-34 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (22 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Safety Injection Normal Suction and Discharge (cont.)

SI MV616/626/636/646 Safety Injection Pump Discharge Isolation Motor-Operated Level 1 AP: IE, FIRE, FLD Fail to open Valves Level 1 SD: IE, FIRE, FLD Level 2 AP: IE Level 2 SD: IE, FIRE, SMA SI CV113/123/133/143 Safety Injection Pump 2A/B/C/D Injection Line Check Valves Level 1 AP: FIRE Fail to open Level 1 SD: IE, FIRE, FLD Level 2 AP:

Level 2 SD: IE, FIRE, SMA SI CV540/541/542/543 Safety Injection Pump Discharge Check Valves Level 1 AP: FIRE Fail to open Level 1 SD: IE, FIRE, FLD Level 2 AP:

Level 2 SD: IE, FIRE, SMA SI CV217/227/237/247 Safety Injection Line DVI Nozzle Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FIRE, FLD Level 2 AP: IE Level 2 SD: IE, FIRE, SMA Safety Injection Recirculation to IRWST SI CV424/426/448/451 Safety Injection Mini-flow Check Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD:

Level 2 AP: IE Level 2 SD:

SI V410/411/412/413 Safety Injection Pump Mini-flow Line Manual Valves Level 1 AP: FIRE Spurious closure Level 1 SD:

Level 2 AP:

Level 2 SD:

17.4-35 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (23 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Safety Injection Recirculation to IRWST (cont.)

SI MV302/303 Safety Injection Pump 2A/B/C/D Mini-flow Line Isolation Level 1 AP: Spurious closure Motor-Operated Valves Level 1 SD:

Level 2 AP: FIRE Level 2 SD:

SI CV100/101 Safety Injection Pump 2A/B/C/D IRWST Return Line Check Level 1 AP: IE, FIRE, FLD Fail to open Valves Level 1 SD:

Level 2 AP: IE, FIRE Level 2 SD:

Shutdown Cooling Subsystem SDC Alternate Suction from IRWST SI CV159/160 IRWST Suction Check Valves Level 1 AP: IE, FLD CCF to open Level 1 SD: IE Level 2 AP: IE Level 2 SD: SMA SDC Pump Suction and Discharge SI PP01A/B Shutdown Cooling Pumps Level 1 AP: IE, FLD, SMA CCF to start Level 1 SD: IE, FLD, SMA Fail to run Level 2 AP: SMA Level 2 SD: SMA SI CV568/569 Shutdown Cooling Pump Discharge Check Valves Level 1 AP: Fail to open Level 1 SD: IE, FLD Level 2 AP: IE Level 2 SD: SMA SI HE01A/B Shutdown Cooling Heat Exchangers Level 1 AP: SMA Loss of heat transfer Level 1 SD: FLD Level 2 AP: SMA Level 2 SD:

SI CV168/178 Shutdown Cooling Heat Exchanger Discharge Check Valves Level 1 AP: Fail to open Level 1 SD: FLD Level 2 AP:

Level 2 SD: SMA 17.4-36 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (24 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Shutdown Cooling Mini-flow Lines SI HE02A/B Shutdown Cooling Mini-flow Line Heat Exchangers Level 1 AP : SMA Loss of heat transfer Level 2 AP : SMA Expert Panel SDC Recirculation to IRWST SI MV395 Shutdown Cooling Pump PP01A Mini-flow Isolation Valve (the Level 1 AP: IE, FIRE Spurious closure redundant valve opposite 395 is manual valve 959) Level 1 SD:

Level 2 AP:

Level 2 SD:

SI V959 Shutdown Cooling Pump PP01B Mini-flow Isolation Valve (the Level 1 AP: IE, FIRE Spurious closure redundant valve opposite V959 is motor-operated valve Level 1 SD:

MV395) Level 2 AP: FIRE Level 2 SD:

Essential Service Water System SX (9) PP01A/B Essential Service Water Pumps Level 1 AP: IE, FIRE, FLD Test & Maintenance PP02A/B Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE, SMA SX (9) CV1001/1002 Essential Service Water Pump 1A/B & 2A/B Discharge Check Level 1 AP: IE Fail to open CV1003/1004 Valves Level 1 SD: FLD Fail to close Level 2 AP: FLD Level 2 SD: SMA SX (9) MV045/046/047/048 Essential Service Water Pump Discharge Motor-Operated Level 1 AP: Spurious closure Valves Level 1 SD: FLD Level 2 AP:

Level 2 SD:

17.4-37 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (25 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Essential Service Water System (cont.)

SX (9) FT01A/B Essential Service Water Debris Filters Level 1 AP: IE, FIRE, FLD CCF plugging FT02A/B Level 1 SD: FIRE, FLD FT03A/B Level 2 AP: IE, FIRE, FLD Level 2 SD: FIRE SX (9) MV071/072/073/074 Ultimate Heat Sink Cooling Tower Control Valves Level 1 AP: IE, FIRE, FLD Fail to open Level 1 SD: IE, FLD Spurious closure Level 2 AP: IE, FIRE, FLD Level 2 SD: FIRE, SMA SX (9) MV075/076/077/078 Ultimate Heat Sink Cooling Tower Line Bypass Valves Level 1 AP: IE, FIRE, FLD Spurious opening Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FLD Level 2 SD: IE, FIRE, SMA SX (9) AH01A/B Ultimate Heat Sink Cooling Tower Fans Level 1 AP: IE, FIRE, FLD Test & Maintenance AH02A/B Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE, SMA Control Room HVAC System VC AH01A/B Main Control Room Air Handling Units (AHs), Chillers Expert Panel Fail to operate AH02A/B (HVs) and Air Cleaning Units (AUs)

HV01A/B AU01A/B Emergency Diesel Generator Area HVAC System VD HV12A/B/C/D DG Room Emergency Cubicle Coolers Level 1 AP: IE Test & Maintenance HV13A/B/C/D Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE Fail to run Level 2 SD: IE, FIRE, SMA 17.4-38 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (26 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

ESW Intake Structure/CCHX Bldg HVAC System VG (7) AH01A/B ESW Pump Room Supply Fans Level 1 AP: IE, FIRE, FLD Test & Maintenance AH02A/B Level 1 SD: IE, FLD Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE VG (7) Y1011A/B ESW Pump Room Fans 2A/B - Exhaust Dampers Level 1 AP: Fail to open Level 1 SD: FLD Level 2 AP:

Level 2 SD:

Auxiliary Building Controlled Area HVAC System VK HV13A/B CC Pump Cubicle Coolers Level 1 AP: IE, FIRE, FLD Test & Maintenance HV14A/B Level 1 SD: IE, FLD Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE Auxiliary Building Clean Area HVAC System VO HV31A/B Essential Chiller 1A/B Room Coolers Level 1 AP: IE, FIRE, FLD Fail to start Level 1 SD: IE, FLD Fail to run Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE VO HV32A/B Essential Chiller 2A/B Room Coolers Level 1 AP: IE, FIRE, FLD Test & Maintenance Level 1 SD: IE, FLD Fail to start Level 2 AP: IE, FIRE, FLD CCF to run Level 2 SD: IE, FIRE VO HV33A/B Auxiliary Feedwater Motor-Driven Pump 2A/B Room Coolers Level 1 AP: IE, FIRE, FLD Test & Maintenance Level 1 SD: FLD Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD:

17.4-39 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (27 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Makeup Demineralizer System WM V1201A Raw Water Pump Supply Isolation Manual Valves Level 1 AP: IE, FIRE, FLD Spurious closure Level 1 SD:

Level 2 AP:

Level 2 SD:

WM V1205A/1220/1700 Raw Water Pump Discharge Isolation Manual Valves Level 1 AP: IE, FIRE, FLD Spurious closure Level 1 SD:

Level 2 AP:

Level 2 SD:

Essential Chilled Water System WO V1008A/B Quadrant Return Header Isolation Manual Valves Expert Panel Spurious closure WO TK01A/B Essential Chilled Water Compression Tanks Level 1 AP: IE, FIRE, FLD Leak or rupture Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA WO TK02A/B Essential Chilled Water Air Separator Tanks Level 1 AP: IE, FIRE, FLD Leak or rupture Level 1 SD: IE, FIRE, FLD Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE, SMA WO V1009A/B ECW Pumps 01A/B & 02A/B Suction Manual Valves Level 1 AP: Spurious closure V1013A/B Level 1 SD: FLD Level 2 AP:

Level 2 SD:

17.4-40 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (28 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Essential Chilled Water System (cont.)

WO PP01A/B Essential Chilled Water Pumps Level 1 AP: IE, FIRE, FLD Test & Maintenance PP02A/B Level 1 SD: IE, FLD Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE WO CV1010A/B ECW Pump Discharge Check Valves Level 1 AP: IE Fail to open CV1014A/B Level 1 SD: FLD Level 2 AP: FIRE Level 2 SD: SMA WO V1012A/B ECS Pump Discharge Manual Valves Level 1 AP: Spurious closure V1016A/B Level 1 SD: FLD Level 2 AP:

Level 2 SD:

WO V1019A/B Essential Chiller 01A & B and 02A & B Inlet Manual Valves Level 1 AP: Spurious closure V1023A/B Level 1 SD: FLD Level 2 AP:

Level 2 SD:

WO CH01A/B Essential Chilled Water Chillers (includes evaporator, Level 1 AP: IE, FIRE, FLD Test & Maintenance CH02A/B compressor, condenser and associated piping) Level 1 SD: IE, FLD, SMA Fail to start Level 2 AP: IE, FIRE, FLD Fail to run Level 2 SD: IE, FIRE, SMA WO V1020A/B Essential Chiller 01A & B and 02A & B Outlet Manual Valves Level 1 AP: Spurious closure V1024A/B Level 1 SD: FLD Level 2 AP:

Level 2 SD:

WO V1027A/B Quadrant Header Supply Isolation Manual Valves Expert Panel Spurious closure V1028A/B 17.4-41 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (29 of 32)

Dominant Failure Modes System (1) SSC ID(s) (2) SSC Description Risk Significance Basis (3), (4), (5) (6),(7)

Turbine Generator Building Closed Cooling Water System WT TK01 Turbine Generator Building Closed Cooling Water Tank Level 1 AP: IE Leak or rupture Level 1 SD:

Level 2 AP: IE Level 2 SD:

WT PP01/02 Turbine Generator Building Closed Cooling Water Pumps Level 1 AP: FIRE Test & Maintenance Level 1 SD:

Level 2 AP:

Level 2 SD:

WT PT04 PP01 & 02 Pump Discharge PT Interlock Level 1 AP: FLD Fails to operate Level 1 SD:

Level 2 AP:

Level 2 SD:

Miscellaneous

- - Control Room Emergency Lighting Remote Shutdown Console Expert Panel Fail to operate Emergency Lighting

- - Containment Building Expert Panel Integrity failure

- - Containment Equipment Hatch Level 1 AP: Fail to close Level 1 SD:

Level 2 AP: IE, FIRE, FLD Level 2 SD: IE, FIRE

- - Remote Shutdown Console (RSC) Expert Panel Fail to operate 17.4-42 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (30 of 32)

NOTES:

(1) System codes are defined below.

(2) In some cases, additional SSCs may have been added by symmetry; i.e., if at least one train or division met the PRA importance criteria but the redundant trains did not, then those trains may have been added to the current RAP list. These are not specifically identified for purposes of brevity.

(3) AP = Full power; SD = Low Power & Shutdown; IE = Internal Events; FLD = Internal Flooding; FIRE = Internal Fires; SMA = PRA-based SMA.

(4) Individual components are included if any modeled basic event (a failure event or a maintenance unavailability) has a Risk Achievement Worth (RAW) > 2, or a Fussell-Vesely (FV) > 0.005, for at least one redundant train, for any of the available AP or SD analyses of Internal Events, Fire or Flood initiating events, for Level 1 (CDF) or Level 2 (LRF). Components are also included if they are part of a Common Cause Failure (CCF) event with a RAW > 20. If the basis is listed as the Expert Panel then the SSC has been included on the basis of professional judgment or another qualitative consideration. By definition, all SSCs within the RAP scope have been designated as risk-significant by the RAP Expert Panel (5) Due to PRA model changes, the individual bases for risk-significance may have changed. These changes are not identified. However, if individual rows of SSCs have been added or deleted, these are identified in Tables 2 and 3 below.

(6) All run, run-first-hour, run-after-first-hour and load-and-run failure events are listed as Fail to run in this column.

(7) Battery failures between tests or following an initiating event are both classified as Fail to operate in this column.

(8) Potential RAP SSCs associated with loss of large area (LOLA) and aircraft impact assessment (AIA) described in DCD Sections 19.4 and 19.5 are not included in this table.

(9) The SX (including UHS) and VG systems are parts of the conceptual design information (CDI), and the SSC applicability will follow the conditions specified in DC Section 1.8.

(10) The ECSBS design has not been finalized. However, the function has been qualitatively determined to be risk significant.

(11) In earlier versions of the RAP notebook, the IW strainers were classified as risk significant. However, the September 2017 panel designated the coarse filtration trash racks as risk significant, but excluded the fine filtration strainers. Upon subsequent review of the strainer design report, the November 2017 panel determined that both the trash racks and the sump strainers should be designated as risk significant. PRA has an action to clarify the description of the associated basic event.

System Codes:

AF - Auxiliary Feedwater System NH - Non Class 1E 480V MCC & Low Voltage System AT - Auxiliary Feedwater Pump Turbined System NP - 13.8 kV Power System AX -Auxiliary Feedwater Storage and Transfer PA - I&C Equipment Room Panel System CA - Condenser Vacuum System PE - ESF Component Control System CC - Component Cooling Water System PF - Class 1E 4.16 kV System CS - Containment Spray System PG - Class 1E 480V Load Center System CV - Chemical and Volume Control System PH - Class 1E 480V MCC & Low Voltage System DA - Alternate AC Diesel Generator System PO - Process-Component Control System DC - DC Distribution System RC - Reactor Coolant System DE - Radioactive Drain System RG - Reactor Coolant Gas Vent System DG - Emergency Diesel Generator System RP - Reactor Protection System DO - Diesel Fuel Oil Transfer System SI - Safety Injection/Shutdown Cooling System 17.4-43 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (31 of 32)

System Codes (cont.) :

DP - Diverse Protection System SX - Essential Service Water System FP - Fire Protection System VC - Control Room HVAC System FW - Feedwater System VD - Emergency Diesel Generator Area HVAC System GC - Group Controller Cabinet VG - ESW Pump Building/CCW HX Building HVAC System GW - Gaseous Radwaste System VK - Auxiliary Building Controlled Area HVAC System HG - Containment Hydrogen Control System VO - Auxiliary Building Clean Area HVAC System IP - Instrument Power System VU - Miscellaneous Building HVAC System IW - In-Containment Water Storage System WM - Makeup Demineralizer System LX - Loop Controller Cabinet WO - Essential Chilled Water System MS - Main Steam System WT - Turbine Generator Building Closed Cooling Water System NB - Non Class 1E 4.16 kV System WV - Liquid Radwaste System NG - Non Class 1E 480V Load Center System 17.4-44 Rev. 3

APR1400 DCD TIER 2 Table 17.4-1 (32 of 32)

Component Codes:

ADV - Atmospheric Dump Valve MC - Motor Control Center (bus)

AH - Air Handler (fan) MSIV - Main Steam Isolation Valve AV - Air-Operated Valve MV - Motor-Operated Valve BC - Battery Charger PP - Pump BT - DC Battery PT - Pressure Transmitter CH (or HV) - Chillers or Coolers RV - Relief Valve CV - Check Valves SEQ - Diesel Generator Load Sequencer DG - Emergency Diesel Generator SW - Switchgear FT - Filter SOV - Solenoid-Operated Valve HE - Heat Exchanger SRV - Pilot-Operated Safety Relief Valve HS - Handswitch SV - Safety Valve HV (or CH) - Chillers or Coolers TA - Turbine IN - Inverter TCB - Trip Circuit Breaker IPB - Iso-Phase Bus TK - Tank LC - Load Center (bus) TR - Transformer LIS - Level Indicating Switch V - Manual Valve Y - Damper 17.4-45 Rev. 3

APR1400 DCD TIER 2 17.5 Quality Assurance Program Description - Design Certification KHNP is the applicant for the APR1400 design certification. The QA program for the APR1400 design certification is described in Topical Report APR1400-K-Q-TR-11005-NP-A, Rev. 2, KHNP Quality Assurance Program Description (QAPD) for the APR1400 Design Certification (Reference 1). The QAPD is based on the requirements of 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants ASME NQA-1-2008, and NQA-1a-2009 Addenda, Quality Assurance Program Requirements for Nuclear Facilities, as endorsed by NRC RG 1.28, Rev. 4, Quality Assurance Program Criteria (Design and Construction) (References 2, 3, 4, and 5).

The QAPD has been prepared to comply with the guidance in SRP 17.5 (Reference 6).

The Nuclear Energy Institute (NEI) 06-14, Rev. 9, Quality Assurance Program Description (QAPD) template has been used as a reference in preparing the QAPD (Reference 7).

The QAPD is a top-level document that describes the quality assurance policy, functional responsibilities, and administration control among organizations that perform the design activities for the APR1400 project. The applicant and its suppliers commit to conform to the QAPD. The QAPD applies the requirements of 10 CFR Part 50, Appendix B, for safety-related SSCs.

Selected elements of the QAPD are applied to SSCs that are important to safety but are not considered safety-related SSCs. These SSCs are defined as non-safety-related SSCs.

The controls applied to non-safety-related SSCs are defined as augmented quality assurance controls. Representative examples of augmented SSCs are anticipated transients without scram (ATWS), station blackout, fire protection, seismic Category II SSCs, and risk-significant non-safety-related SSCs determined by the design RAP described in Section 17.4. Specific elements of the QAPD are applied to each augmented SSC in a selective manner to accommodate its characteristics or critical attributes for plant safety.

Procedures establish practices for certain activities that are common to KHNP organizations that perform these activities. Procedures are developed to provide reasonable assurance that activities are controlled and performed in a manner that meets the requirements of the QAPD. Organization-specific procedures establish implementation requirements and may be used to implement particular work activities.

17.5-1 Rev. 3

APR1400 DCD TIER 2 17.5.1 Combined License Information COL 17.5(1) The COL applicant is to establish and implement a QA program that is applicable to site-specific design activities related to the plant construction and operation phases.

17.5.2 References

1. APR1400-K-Q-TR-11005-NP-A, KHNP Quality Assurance Program Description (QAPD) for the APR1400 Design Certification, Rev. 2, KHNP, October 2016.
2. 10 CFR Part 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, U.S. Nuclear Regulatory Commission.
3. ASME NQA-1-2008, Quality Assurance Program Requirements for Nuclear Facilities, The American Society of Mechanical Engineers, 2008.
4. ASME NQA-1a-2009, Addenda to ASME NQA-1-2008 Quality Assurance Program Requirements for Nuclear Facilities, The American Society of Mechanical Engineers, 2009.
5. Regulatory Guide 1.28, Quality Assurance Program Criteria (Design and Construction), Rev. 4, U.S. Nuclear Regulatory Commission, June 2010.
6. NUREG-0800, Standard Review Plan, Section 17.5, Quality Assurance Program Description - Design Certification, Early Site Permit and New License Applicants, U.S. Nuclear Regulatory Commission, March 2007.
7. NEI 06-14, Quality Assurance Program Description (QAPD), Rev. 9, Nuclear Energy Institute, May 2010.

17.5-2 Rev. 3

APR1400 DCD TIER 2 17.6 Maintenance Rule The combined license applicant is responsible for the establishment and implementation of a Maintenance Rule according to 10 CFR 50.65.

17.6.1 Combined License Information COL 17.6(1) The COL applicant is to provide in its Final Safety Analysis Report a description of the Maintenance Rule program and a plan for implementing it to meet the requirements of 10 CFR 50.65.

17.6-1 Rev. 3