ML18261A161
| ML18261A161 | |
| Person / Time | |
|---|---|
| Site: | 05200046 |
| Issue date: | 09/28/2018 |
| From: | William Ward NRC/NRO/DLSE/LB2 |
| To: | |
| Ward W R/NRO/415-7038 | |
| Shared Package | |
| ML18087A364 | List:
|
| References | |
| APR1400 Chapter 13 | |
| Download: ML18261A161 (62) | |
Text
CONDUCT OF OPERATIONS 13.0 Conduct of Operations Chapter 13, Conduct of Operations, of this safety evaluation report (SER) describes the U.S. Nuclear Regulatory Commission (NRC) staffs review of Chapter 13, Conduct of Operations, of Revision 3 to the U.S. Advanced Power Reactor 1400 (APR1400) Design Control Document (DCD), submitted in August 2018. This chapter provides the information related to the preparations and plans for the design, construction, and operation of the APR1400 plant. Its purpose is to provide adequate assurance that the combined license (COL) applicant establishes and maintains a staff of adequate size and technical competence and that operating plans followed by the licensee are adequate to protect public health and safety. The review focuses on the following aspects related to the organizational structure of the COL applicant: training, emergency planning (EP), plant procedures, and physical security, as the areas of review for which the staff needs to be able to reach a conclusion about the safe conduct of operations at an APR1400 reactor plant.
Organizational Structure of the Applicant Introduction The organizational structure of the applicant includes the corporate-level management and technical support organization, and the onsite operating organization of the applicant. The description of the management and technical support organization includes a description of the corporate or home office offsite organization, the functions, activities, and responsibilities of the offsite organization, and the number and qualifications of personnel. The description of the operating organization includes a description of the structure, functions, activities, and responsibilities of the onsite operating organization, established to safely operate and maintain the facility.
Activities of the corporate-level management and technical support organization, and the onsite operating organization, include facility design, design review, design approval, construction management, testing, and operation and maintenance of the plant.
Summary of Application DCD Tier 1: There is no Tier 1 information associated with this section.
DCD Tier 2: In Design Control Document (DCD) Tier 2, Section 13.1, the applicant: (1) addresses the corporate-level management and technical support organization structure, positions, staffing, qualification requirements, and functional responsibilities in support of: (a) the design and construction of the facility, and (b) the onsite operating organization throughout the life of the plant; (2) addresses the onsite operating organization structure, positions, staffing, qualification requirements, and functional responsibilities in overseeing the safe operation of the facility; and (3) summarizes and lists the COL items.
Inspection, test, analysis, and acceptance criteria (ITAAC): There are no ITAAC for this area of review.
Technical Specifications (TS): There are no TS for this area of review.
13-1
COL information or action items: See Section 13.1.5 of this SER for the COL items.
Technical Reports: There are no technical reports associated with this area of review.
Topical Reports: There are no topical reports associated with this area of review.
APR1400 Interface Issues identified in the DCD: There are no APR1400 interface issues associated with this area of review other than those discussed above.
Site Interface Requirements identified in the DCD: There are no site interface requirements associated with this area of review.
Cross-cutting Requirements (Three Mile Island [TMI], Unresolved Safety Issue
[USI]/Generic Safety Issue [GSI], Op Ex: There are no cross-cutting requirements associated with this area of review.
Regulatory-Treatment-of Non-Safety Systems (RTNSS): There are no RTNSS issues for this area of review.
Title 10 of the Code of Federal Regulations (10 CFR) 20.1406: There are no issues related to 10 CFR 20.1406, Minimization of Contamination, for this area of review.
Regulatory Basis Acceptability of the APR1400 DCD, Section 13.1, Organizational Structure of Applicant, is based on meeting the relevant requirements of the following Commission regulations:
- Section 50.34 of 10 CFR, Contents of Applications; technical information, (a)
Preliminary safety analysis report, paragraphs (6) and (9)
- Section 50.34(b) of 10 CFR, Final safety analysis report, paragraphs (6)(i)-(iv)
- Section 50.34(f) of 10 CFR, Additional TMI-related requirements, paragraph (3)(vii)
- Section 50.40 of 10 CFR, Common standards, paragraph (b)
- Section 50.48 of 10 CFR, Fire protection, paragraph (a)(1)(ii)
- Section 50.54 of 10 CFR, Conditions of licenses, paragraphs (i)-(m)
- Section 50.71 of 10 CFR, Maintenance of records, making of reports
- Part 50 of 10 CFR, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants
- Section 52.47 of 10 CFR, Contents of applications; technical information, paragraph (a)(7)
- Section 52.79 of 10 CFR, Contents of applications; technical information in final safety 13-2
analysis report, paragraphs, (26)-(28) and (29)(i)
Acceptance criteria for the review and evaluation of the corporate-level management and technical organizational structure are based on the guidelines of Three Mile Island (TMI) Action Plan Item I.B.1.2, originally described in NUREG-0694, TMI-Related Requirements for New Operating Licenses.
Acceptance criteria for the review and evaluation of engineering expertise on shift is based on the Commission Policy Statement on Engineering Expertise on Shift (Generic Letter 86-04) and the guidelines of TMI Action Plan Item I.A.1.1 of NUREG-0737, Clarification of TMI Action Plan Requirements.
Acceptance criteria for the review and evaluation of the licensed operator license conditions are based on meeting 10 CFR 50.54(i)-(m) as they relate to manipulation of controls, the operator designated as at the controls of the facility, staffing requirements during facility operation, the responsibility for directing activities of licensed operators, and senior operator availability during reactor operations and other specific reactor conditions or modes of operation. In addition, staffing should follow the staff positions of TMI Action Plan Items I.A.1.1 and I.A.1.3 of NUREG-0737.
Technical Evaluation In APR1400 DCD Tier 2, Section 13.1, Organizational Structure of Applicant, the applicant stated that the combined license (COL) applicant is responsible for describing the corporate-level management and technical support organization, and the onsite operating organization.
The staff determined this approach to be acceptable based on examination of COL Items 13.1(1) - 13.1(11) and the subsequent determination that all areas in Subsection I, Areas of Review, of SRP 13.1.1, Management and Technical Support Organization, and SRP 13.1.2 -
13.1.3, Operating Organization, relevant to COL applicant submittals (i.e., those areas cited under elements (1) and (2) of the DCD Tier 2 paragraph in the Summary of Application section above) have been appropriately identified and sufficiently addressed, without the need to specify additional COL items.
Combined License Information Items In the APR1400 DCD Tier 2 Section 13.1, Organizational Structure of the Applicant, the applicant stated the COL applicant is responsible for describing the corporate-level management and technical support organization, and the onsite operating organization. Section 13.1 contains eleven COL items pertaining to the organizational structure of the applicant. The staff found all eleven COL items to be acceptable on the basis of the determination described in Section 13.1.4 of this report.
COL 13.1(1) The COL applicant is to provide a description of the corporate or home office organization, its functions and responsibilities, and the number and the qualifications of personnel. The COL applicant is to be directed to activities such as the facility design, design review, design approval, construction management, testing, and operation of the plant.
COL 13.1(2) The COL applicant is to develop a description of experience in the design, construction, and operation of nuclear power plants and experience in activities of similar scope and complexity.
13-3
COL 13.1(3) The COL applicant is to describe its management, engineering, and technical support organizations. The description includes organizational charts for the current headquarters and engineering structure and any planned modifications and additions to those organizations to reflect the added functional responsibilities with the nuclear power plant.
COL 13.1(4) The COL applicant is to develop a description of the organizational arrangement.
The description is to include organizational charts reflecting the current headquarters and engineering structure and any planned modifications and additions to reflect the added functional responsibilities associated with the addition of the nuclear plant to the applicants power generation capacity. The description shows how these responsibilities are delegated and assigned or expected to be assigned to each of the working or performance-level organizational units identified to implement these responsibilities. The description includes organizational charts reflecting the current corporate structure and the working- or performance-level organizational units that provide technical support for the operation.
COL 13.1(5) The COL applicant is to develop the description of the general qualifications in terms of educational background and experience for positions or classes of positions described in the organizational arrangement.
COL 13.1(6) The COL applicant is to develop a description of the structure, functions, and responsibilities of the onsite organization established to operate and maintain the plant.
COL 13.1(7) The COL applicant is to provide an organizational chart showing the title of each position, minimum number of persons to be assigned to duplicate positions, number of operating shift crews, and positions that require reactor operator and senior reactor operator licenses.
COL 13.1(8) The COL applicant is to provide organizational information such as the functions, responsibilities, and authorities of the plant position. The COL applicant is to develop a description of the line of succession of authority and responsibility for overall station operation in the event of unexpected temporary contingencies, and the delegation of authority.
COL 13.1(9) The COL applicant is to develop a description of the position titles, applicable operator licensing requirements for each, and the minimum numbers of personnel planned for each shift for all combinations of units proposed to be at the station in either operating or cold shutdown mode. The COL applicant is also to develop the description of shift crew staffing plans unique to refueling operations.
COL 13.1(10) The COL applicant is to provide a description of the education, training, and experience requirements for each management, operating, technical, and maintenance position in the operating organization.
13-4
COL 13.1(11) The COL applicant is to provide the qualification requirements of the initial appointees to plant positions for key plant managerial and supervisory personnel through the shift supervisory level.
Conclusion In APR1400 DCD Tier 2, Section 13.1, Organizational Structure of Applicant, the applicant stated that the COL applicant is responsible for describing the corporate-level management and technical support organization and the onsite operating organization. The responsibilities of the COL applicant are identified in the eleven COL Items (COL 13.1(1) - 13.1(11)). The staff has reviewed APR1400 DCD Tier 2 Section 13.1, Organizational Structure of Applicant, and determined that this approach to describing the corporate-level management and technical support organization, and the onsite operating organization, is acceptable to meet the requirements of 10 CFR 50.34, 10 CFR 50.40, 10 CFR 50.48, 10 CFR 50.54, 10 CFR 50.71, 10 CFR 50 Appendix B, 10 CFR 52.47, and 10 CFR 52.79.
Training Introduction The purpose of this section is to provide assurance that the applicant analyzes job performance to design, develop, implement, and evaluate licensed and non-licensed staff training programs to establish and maintain a staff of sufficient size, ability, and technical competence to operate and maintain the facility and to protect public health and safety.
DCD Tier 1: There is no Tier 1 information associated with this section.
DCD Tier 2: In DCD Tier 2, Section 13.2, the applicant has summarized the description and schedule of the training program for licensed reactor operators and non-licensed plant staff that the COL applicant is required to provide to support APR1400 plant operations.
ITAAC: There are no ITAAC for this area of review.
TS: There are no TS for this area of review.
COL information or action items: See Section 13.2.5 of this SER for COL items.
Technical Reports: There are no technical reports associated with this area of review.
Topical Reports: There are no topical reports associated with this area of review.
APR1400 Interface Issues identified in the DCD: There are no APR1400 interface issues associated with this area of review other than those discussed above.
Site Interface Requirements Identified in the DCD: There are no site interface requirements associated with this area of review.
Cross-cutting Requirements TMI, USI/GSI, Op Ex: There are no cross-cutting requirements associated with this area of review.
RTNSS: There are no RTNSS issues for this area of review.
13-5
Section 20.1406 of 10 CFR: There are no issues related to 10 CFR 20.1406 for this area of review.
Summary of Application In APR1400 DCD Tier 2 Section 13.2, Training, the applicant stated that the COL applicant is responsible for developing the description, content, and schedule of the site-specific training programs for licensed and non-licensed plant staff.
Regulatory Basis Acceptability of the APR1400 DCD Tier 2, Section 13.2, Training, is based on meeting the relevant requirements of the following Commission regulations:
- Section 19.12 of 10 CFR, Instruction to Workers
- Section 26.29 of 10 CFR, Training
- Section 50.34(a)(6) and (9) of 10 CFR
- Section 50.34(b)(6)(i)-(iv) of 10 CFR
- Section 50.34(f)(2)(i) of 10 CFR
- Section 50.40(a) and (b) of 10 CFR
- Section 50.48 of 10 CFR
- Section 50.54(a)(i-1) of 10 CFR
- Section 50.120(b)(1)-(3) of 10 CFR
- Part 50 of 10 CFR, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants
- Part 50 of 10 CFR, Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities
- Section 52.47(a)(7) of 10 CFR
- Section 52.79(a)(14), (33), (34), (39), (40) and (44) of 10 CFR
- Section 55.31(a)(4)-(5) of 10 CFR
- Section 55.41 of 10 CFR, Written Examination: Operators
- Section 55.43 of 10 CFR, Written Examination: Senior Operators
- Section 55.45 of 10 CFR, Operating Tests 13-6
- Section 55.46 of 10 CFR, Simulation Facilities
- Section 55.59 of 10 CFR, Requalification Acceptance criteria adequate to meet the above requirements include the following:
- RG 1.8, Qualification and Training of Personnel for Nuclear Power Plants
- RG 1.49, Nuclear Power Plant Simulation Facilities for Use in Operator Training and License Examinations
- NUREG-0711, Human Factors Engineering Program Review Model
- NUREG-1021, Operator Licensing Examination Standards for Power Reactors
- NUREG-1220, Training Review Criteria and Procedures Technical Evaluation In APR1400 DCD Tier 2, Section 13.2, Training, the applicant stated that the COL applicant is responsible for developing the description, content, and schedule of the site-specific training programs for licensed and non-licensed plant staff. This is captured in COL Items 13.2(1) -
13.2(6), which are listed in Section 13.2.5 of this SER.
Regulatory Guide (RG) 1.8, Qualification and Training of Personnel for Nuclear Power Plants, provides guidance to nuclear power plant licenses regarding the qualifications and training for nuclear power plant personnel. The guidance in RG 1.8 will aid the licensee in establishing a training program which meets the requirements identified in Section 13.2.3 above. This guidance is acceptable to the staff. NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR [light-water reactor] Edition (SRP),
Chapter 13, Conduct of Operations, Section 13.2.1, Reactor Operator Requalification Program; Reactor Operator Training, and SRP Section 13.2.2, Non-Licensed Plant Staff Training, both state that a licensee applicant should commit to RG 1.8, and NEI-06-13A, Template for an Industry Training Program Description. NEI-06-13A provides more specific guidance to licensees regarding following RG 1.8 to meet applicable requirements. Both SRP sections also state that for design certification (DC) reviews, the training program development will be designated as a COL applicant action item. Because the applicable regulations listed above also apply to a license applicant and because any training program developed by the licensee will be site-specific, the DC applicant only needs to provide acceptable COL items for staff to find Section 13.2 acceptable.
The staff reviewed COL Items 13.2(1), 13.2(5), and 13.2(6) and found them acceptable because they require the development of the description, schedules, and training program by the COL consistent with RG 1.8.
The staff reviewed COL Item 13.2(2) and found it acceptable because it required the COL to develop a training program using the guidance of NEI 06-13A, which follows the guidance of RG 1.8 as discussed above.
13-7
The staff reviewed COL Items 13.2(3) and 13.2(4) and found them inadequate because they failed to clearly commit to NEI 06-13A. To resolve this inconsistency, the staff issued Request for Additional Information (RAI) 485-8601, Question 13.02.01-1 (Agencywide Documents Access and Management System (ADAMS) Accession Number ML16138A348). In its response to RAI 485-8601, Question 13.02.01-1 (ML16175A684), the applicant confirmed that the licensed plant staff training program will be developed in accordance with NEI 06-13A and included its proposed markup of the DCD Section 13.2.3, Combined License Information, and Table 1.8-2, Combined License Information Items. The markups show that reference to NUREG-0800 will be replaced with a reference to NEI 06-13A in both COL items. The staff reviewed and determined that the applicants response to the RAI and the proposed Tier 2 changes are acceptable. Based on the review of the DCD, the staff has confirmed incorporation of the changes described above; therefore, RAI 485-8601, Question 13.02.01-1, is resolved and closed.
As described above, the staff determined that this approach to developing licensed and non-licensed plant staff training programs, is acceptable. The staff has determined that the COL items included in Revision 2 of the APR1400 DCD adequately address the COL applicant actions pertinent to development of the site-specific training programs and that no additional COL items are required in the DCD.
Combined License Information Items APR1400 DCD Tier 2, Section 13.2, Training, contains six COL items pertaining to the development of the description, content, and schedule of the site-specific training programs for the COL applicants licensed and non-licensed plant staff. The acceptability of the COL items is evaluated in Section 13.2.4 of this SER.
COL 13.2(1) The COL applicant is to develop the description and schedule of the training program for licensed reactor operators and non-licensed plant staff.
COL 13.2(2) The COL applicant is to develop the site-specific training program by using NEI 06-13A [Template for an Industry Training Program Description] as the template for the basic structure and content.
COL 13.2(3) The COL applicant is to provide a licensed plant staff training program in accordance with NUREG-0800, Section 13.2.1.I.3.
COL 13.2(4) The COL applicant is to provide a non-licensed plant staff training program in accordance with NUREG-0800, Section 13.2.2.I.3.
COL 13.2(5) The COL applicant is to develop training programs. The programs are to include a chart that shows the schedule of each part of the training program for each functional group of employees in the organization in relation to the schedule for preoperational testing, expected fuel loading, and expected time for examinations prior to plant criticality for licensed operators.
COL 13.2(6) The COL applicant is to determine the extent of the NRC guidance that is applicable to the facility training program or the justification of exceptions.
13-8
Conclusion In APR1400 DCD Tier 2, Section 13.2, Training, the applicant stated that the COL applicant is responsible for describing, developing, and documenting the training programs for licensed and non-licensed plant staff. This COL applicant responsibility is identified as six individual COL items (COL Items 13.2(1) - 13.2(6)). The staff has reviewed APR1400 DCD Tier 2, Section 13.2, Training, and determined that this approach to describing, developing, and documenting the training programs for licensed and non-licensed plant staff is acceptable to meet the requirements of 10 CFR 19.12, 10 CFR 26.29, 10 CFR 50.34, 10 CFR 50.40, 10 CFR 50.48, 10 CFR 50.54, 10 CFR 50.120, 10 CFR 50 Appendix B, 10 CFR 50 Appendix E, 10 CFR 52.47, 10 CFR 52.79, and 10 CFR 55.
Emergency Planning Introduction For a DC application, the staffs review of EP was conducted according to the requirements in 10 CFR 52.47 and 52.48, and addresses those design features, facilities, functions, and equipment that are technically relevant to the design, not site-specific, and affect some aspect of EP or the capability of a licensee to cope with plant emergencies. The review addresses design facilities such as a habitable technical support center (TSC) with adequate space, data retrieval capabilities and dedicated communications equipment, and an operational support center (OSC) with adequate communications.
The review of ITAAC relating to EP was conducted and the results are provided within this section.
Summary of Application DCD Tier 1: DCD Tier 1, Section 2.10, Emergency Planning, addresses certain features of the APR1400 plant design that support EP and the capability of the licensee to cope with plant emergencies. DCD Tier 1, Section 2.7.3.1, Control Room HVAC System, describes TSC habitability in support of personnel occupancy during plant accident conditions. DCD Tier 1, Section 2.6.9, Communication Systems, describes non safety-related communication systems.
DCD Tier 1, Table 2.10-1, Emergency Planning ITAAC, describes ITAAC for EP. Additional ITAAC that are associated with EP are included in Table 2.7.3.1-3, Control Room HVAC System ITAAC, and Table 2.6.9-1, Communication Systems ITAAC.
DCD Tier 2: The applicant has provided a Tier 2 design description in DCD Section 13.3, summarized here in part, as follows:
In DCD Section 13.3, the applicant stated that EP is the responsibility of the COL applicant.
However, design features, facilities, functions, and equipment necessary for EP are considered in the design bases for the standard plant. Interfaces of these features with site-specific designs and site parameters are the responsibility of the COL applicant. The following EP features are considered in the design bases for the standard plant:
- TSC:
The TSC is an onsite facility that provides plant management and technical support to the plant operations personnel during emergency conditions. The applicant included 13-9
descriptions of the location, size, structural requirements, environmental controls, installed radiological protection and monitoring equipment, voice communication and data display systems and how human factors engineering is used.
- OSC:
The OSC is an onsite facility that is separated from the main control room (MCR) and the TSC, where operations support personnel will assemble in an emergency. The applicant included a description of the location, size, structural requirements, and communication systems.
- Emergency Operations Facility (EOF):
The EOF supports the management of the licensee emergency response such as coordination with Federal, State, and local officials, coordination of radiological and environmental assessments, and determination of recommended public protective actions. The EOF is a licensee-controlled and operated offsite support center.
The ERDS is a real-time electronic data transmission system linked to the NRC Headquarters Operation Center that provides plant parameters from the onsite computer system. It allows the NRC to provide advice and support to the licensee, Federal, State, and local authorities.
- Near-Term Task Force Recommendation (NTTF) 9.3 - Emergency Plan (Post-Fukushima Accident):
Design features are incorporated into the onsite plant communication system to enhance emergency preparedness for a Beyond Design-Basis External Event associated with a simultaneous loss of all alternating current (AC) power and the loss of the ultimate heat sink.
The SPDS provides a display of plant parameters that an operator in the MCR, TSC, and EOF can use to assess the safety status of the APR1400.
- Decontamination Facilities:
Decontamination facilities are provided to remove or reduce radioactive contaminants from plant equipment, protective clothing, and personnel. They are located in the compound building for personnel decontamination and in the hot machine shop for equipment decontamination. More information for the decontamination facilities can be found in Section 12.3, General Arrangement Design Features - Personnel decontamination and change areas, in the DCD and in this SER.
- Post-Accident Sampling System (PASS):
13-10
The PASS provides the capability to sample and analyze liquid and gaseous samples following an accident. It is fully described in Section 9.3.2, Process and Post-Accident Sampling Systems, and Section 12.3, General Arrangement Design Features -
Personnel decontamination and change areas, in the DCD and in this SER.
- Additional descriptions of EP related design features are located in the following DCD Tier 2 sections:
o Section 2.3, Meteorology o Section 6.4, Habitability Systems o Section 7.5.1.5, Safety Parameter Display System o Section 7.5.1.6, Information Systems Associated with the Emergency Response Facility and Emergency response Data System o Section 7.7.1.4, Information Processing System o Section 7.9, Data Communication Systems o Section 8.1, Electric Power - Introduction o Section 8.3, Onsite Power Systems o Section 9.4.1, Control Room HVAC System o Section 9.5.2, Communication Systems o Section 12.3.1, Facility Design Features o Section 12.3.4, Area Radiation and Airborne Radioactivity Monitoring Instrumentation o Section 12.4.1, Dose Assessment and Minimization of Contamination o Section 15.6.5, Loss-of Coolant Accidents Resulting from Spectrum of Postulated Piping Breaks within the Reactor Coolant Pressure Boundary-Radiological Consequences - Technical Support Center Consequence Model o Section 18.0 Human Factors Engineering The staffs evaluation of these additional DCD sections is addressed in the respective sections of this report.
ITAAC: DCD Tier 1, Section 2.10, Table 2.10-1, and Tier 2 Section 14.3.2.10, ITAAC for Emergency Planning, describes various design-related aspects of EP ITAAC. These sections state that the ITAAC for EP are provided in accordance with the requirements of 10 CFR 52.47(b), and are consistent with the applicable generic ITAAC in Table C.II.1-B1 of Appendix C.II.1-B to Regulatory Guide (RG) 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition). In addition, the COL applicant will provide proposed ITAAC for the 13-11
facilitys EP not addressed in the DCD, in accordance with RG 1.206, as appropriate. (See COL Item 14.3(3), addressed in Section 14.3.1.5, Combined License Information Items, of this SER). These ITAAC provide for verifying the following:
- Location and size of the as-built TSC,
- Habitability of the TSC,
- ERDS, and
- OSC location.
Additional DCD Tier 2 information relating to EP is provided in Section 1.8, Interfaces with Standard Designs (including Table 1.8-2); Section 1.9.6, Conformance with Post-Fukushima NRC Recommendations and Requirements; Table 1.9-8, APR1400 Strategies for Addressing Tier 1, 2 and 3 NTTF Recommendations; Section 7.5, Information Systems Important to Safety; Section 9.4.1, Control Room HVAC System; Section 9.5.2, Communication Systems; and Section 13.3, Emergency Planning.
Technical Specifications (TS): TS 5.4.1.b, (under Procedures,) provides the requirement to have written emergency operating procedures established, implemented and maintained to conform to the guidance in NUREG-0737, Supplement 1 to NUREG-0737, and the requirements in General Letter (GL) 82-33, Supplement 1 to NUREG-0737 - Emergency Response Capability. TS 5.5.3, Post-Accident Sampling, provides the requirement to ensure the capability to obtain and analyze samples of reactor coolant, radioactive gases, and particulates in the plants gaseous effluents and containment atmosphere under accident conditions.
COL Information or Action Items: See Section 13.3.5 below.
Technical Report: There is no technical report associated with this area of review.
Topical Report: There is no topical report associated with this area of review.
APR1400 Interface Issues Identified in the DCD: Tier 2 Table 1.8-1, Index of System, Structure, or Component Interface Requirements for APR1400, identifies the EOF description as a conceptual design interface in accordance with 10 CFR 52.47(a)(24).
Site Interface Requirements Identified in the DCD: There are no site interface requirements associated with this area of review.
Cross-cutting Requirements TMI, USI/GSI, Op Ex: Regarding TMI Action Plan Item I.D.2, Plant-safety-parameter Display Console, and TMI Action Plan Item III.A.1.2, Upgrade Emergency Support Facilities, there are no USI or GSI or OP Ex cross-cutting requirements for this area of review, as addressed by 10 CFR 52.47(a)(21) and (a)(22), respectively. In relation 13-12
to Tier 2, Section 13.3, Tier 2, Table 1.9.3-2 identifies TMI-related requirements 10 CFR 50.34(f)(2)(iv) and (f)(2)(xxv), which reflect TMI Action Plan Items I.D2 and III.A.1.2, respectively. NUREG-0696, Functional Criteria for Emergency Response Facilities, includes the TSC and OSC requirements in TMI Items III.A.2(1) and (2), respectively, such that compliance with NUREG-0696 will resolve TMI Items II.A.1.2(1) and (2).
RTNSS: There is no RTNSS issue for this area of review.
Section 20.1406 of 10 CFR: There is no issue related to 10 CFR 20.1406 for this area of review.
Conceptual Design Information (CDI): There is no CDI associated with this area of review.
Regulatory Basis The relevant requirements of the Commission's regulations for EP and the associated acceptance criteria are given in Section 13.3, Emergency Planning, of NUREG-0800, the Standard Review Plan (SRP). Acceptance criteria are based on meeting the relevant requirements of the following Commission regulations:
- Sections 50.33, 50.34, 50.47, 100.1, 100.3, 100.20, and 100.21(g) of 10 CFR, as they relate to EP and preparedness.
- Appendix E to 10 CFR Part 50, as it relates to EP and preparedness and ERDS.
- Sections 52.47 and 52.48 of 10 CFR, as they relate to EP information submitted in a standard DC application.
- Section 52.47(b)(1) of 10 CFR, which requires a DC application to include the proposed ITAAC that are necessary and sufficient to provide reasonable assurance that, if the inspections, tests, and analyses are performed and the acceptance criteria met, a plant that incorporates the DC is built and will operate in accordance with the DC, the provisions of the Atomic Energy Act of 1954, as amended, and NRC's regulations.
- Sections 50.72(a)(3)-(4), 50.72(c)(3), and 73.71(a) of 10 CFR, as they relate to notification of the NRC for an emergency class declaration, ERDS activation, maintaining open, continuous communications with the NRC, and requirements for reporting safeguards events.
Specific SRP acceptance criteria acceptable to meet the relevant requirements of the NRC's regulations identified above, can be found in Part II of Section 13.3 of NUREG-0800.
- NUREG-0654/FEMA-REP-1, Revision 1, Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants, establishes an acceptable basis for NRC licensees and State, tribal and local governments to develop radiological emergency plans and procedures, and improve their overall state of emergency preparedness.
- NUREG-0696, Functional Criteria for Emergency Response Facilities, discusses the facilities and systems to be provided by nuclear power plant licensees to aid the licensees response to emergency situations.
13-13
- Supplement 1 to NUREG-0737, Clarification of TMI Action Plan Requirements, clarifies the guidance in Revision 2 of RG 1.97, Instrumentation for Light-water-cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident, and contains guidance related to upgrading emergency response facilities and meeting the requirements of 10 CFR 50.47, as it relates to EP, and Section IV.E of 10 CFR part 50.
Technical Evaluation 13.3.4.1 Technical Support Center The staff reviewed the information in the DCD for conformance with applicable standards and requirements identified in NUREG-0800, Section 13.3. DCD Tier 1, Section 2.10, Emergency Planning, Tier 2, Chapter 13.3, Emergency Planning, and other DCA chapters listed in Section 13.3.2 of the SER describe the mission, major tasks and design features of the TSC for the APR1400 standard design.
The TSC is an onsite facility that provides plant management and technical support to the plant operations personnel during emergency conditions. The physical description of the location and size of the TSC is provided in Section 13.3 of the DCD, and the physical description, location, and scaled size are illustrated in Figure 1.2-17 (Security-Related Information - Withheld Under 10 CFR 2.390) and Figure 6.4-1, Control Room Envelope. The TSC is within a two-minute walk from the MCR in the auxiliary building and is within the control room envelope (CRE). The TSC is sized to provide working space of approximately 7 square meters (75 square feet) per person to avoid crowding and designed to accommodate a minimum of 25 people, including five NRC staff members, as well as TSC equipment and storage of plant records and historical data.
The TSC protects personnel from direct, airborne, in-plant radiological hazards under accident conditions to the same degree as the MCR personnel. The CRE maintains control room habitability during normal, off-normal and emergency conditions. More information about the CRE and the control room heating, ventilation and air condition (HVAC) system and the staffs evaluations can be found in Sections 6.4, Habitability Systems, and 9.4.1, Control Room HVAC System, respectively, in the DC application and in this SER.
The technical data displays and plant records are available in the TSC to assist in the diagnosis of abnormal plant conditions and any significant release of radioactivity to the environment. The TSC relieves the reactor operators of peripheral duties and communications not related directly to reactor systems manipulations during emergency conditions. The TSC, once activated, relieves the MCR as the primary onsite communications center during emergency conditions.
The TSC technical data system receives, stores, processes and displays plant information to perform the TSC functions. The data available in the TSC are sufficient for plant management, engineering and technical personnel assigned to the TSC to aid the MCR operators in emergency conditions. The TSC provides land-line, cellular and satellite communication capabilities, including telephones and facsimile machines.
According to Section 2.6 of NUREG-0696, the purpose of the TSC is to provide direct management and technical support to the control room during an accident.Section II.B.2 of NUREG-0737 states that any area which will, or may, require occupancy to permit an operator to aid in the mitigation of, or recovery from, an accident be designated as a vital area. The control room and TSC must be included among those areas to which access is considered vital 13-14
after an accident. Further, the design dose rate for personnel in a vital area should be such that doses do not exceed the guidelines of Appendix A to 10 CFR Part 50, General Design Criteria for Nuclear Power Plants, Section 2, Criterion 19, during an accident. General design criterion (GDC) 19 requires that radiation protection be adequate to ensure that the dose to personnel does not exceed 0.05 Sieverts (Sv) (5 roentgen equivalent in man (rem)) whole body, or its equivalent to any part of the body, for the duration of the accident. In addition, Subsection 8.2.1.f of Supplement 1 to NUREG-0737, states that the TSC will be provided with radiological protection and monitoring equipment necessary to assure that radiation exposure to any person working in the TSC would not exceed 0.05 Sv (5 rem) whole body, or its equivalent to any part of the body, for the duration of the accident. These guidelines form the basic radiological habitability criteria for the TSC, since the TSC is located within the CRE for the APR1400 design.
The applicant proposed EP ITAAC in DCD Tier 1, Table 2.10-1, Emergency Planning ITAAC, relating to the TSC to verify the as-built size and location of the TSC. The staff reviewed the TSC-associated ITAAC and evaluated them against the EP ITAAC in Table 14.3.10-1 in NUREG-0800, Section 14.3.10. The staff has determined that the ITAAC are consistent with the content and intent of the respective generic ITAAC. See Table 13.3-1, Emergency Planning ITAAC, for the relationship between the proposed ITAAC and the generic ITAAC.
Since the MCR and TSC use the CRE HVAC, and the TSC ventilation is not designed to be isolated from the MCR ventilation, the staff determined that the design meets the TSC habitability acceptance Criterion 8.1.3 from NUREG-0800, Table 14.3.10-1.
CRE HVAC ITAAC related to the TSC habitability requirement for GDC 19 are located in DCD Tier 1, Table 2.7.3.1-3, Control Room HVAC System ITAAC.
Backup power to the CRE HVAC system components and instruments is provided by the respective Class 1E division as described in Table 2.7.3.1-1, Control Room HVAC System Components List, and Table 2.7.3.1-2, Control Room HVAC System Instruments List.
The staff evaluated the backup power supplies to the plant process computer and instrument &
control (I&C) systems. The means of supplying backup power to the TSC SPDS displays and lighting were not apparent in the application. In RAI 67-8019, Question 13.03-1, (ML15192A001), the staff asked the applicant to describe the backup power sources to the plant computer system, SPDS, and TSC displays and lighting, or provide a reason why the description is not necessary. In its response to RAI 67-8019, Question 13.03-1 (ML15244B372), the applicant described the backup power supplies as being integral to the TSC console. The TSC console has two independent, onsite power supplies: a normal source and an alternate source. The normal source is supplied through an ungrounded uninterruptible power supply. If power is lost through the normal source, the TSC console load is automatically transferred to the alternate battery back-up source without interruption in order to maintain continuity of TSC functions and to immediately resume data acquisition, storage, and display of TSC data in the event of a loss of power. The staff evaluated the RAI response and the information contained in Section 7.5.2.1, Accident Monitoring Instrumentation, of the submitted APR 1400 DCD application and finds it acceptable because it conforms to the guidance in NUREG-0696. The staffs complete evaluation of safety related display information associated with the APR1400 design is contained in Section 7.5, Information Systems Important to Safety, of this SER.
The staff concludes that the information provided in the application and the applicants response to RAI 67-8019, Question 13.03-01, pertaining to the TSC, are consistent with the guidance 13-15
identified in NUREG-0696, Supplement 1 to NUREG-0737, and NUREG-0800. The staff also determined that the information contained in the DC application meets the applicable requirements of 10 CFR 50.34(f)(2)(xxv), 10 CFR 50.47(b)(8) and (11), and Subsections IV.E.3 and IV.E.8 of Appendix E to 10 CFR Part 50. Based on the review of the DCD, the staff has confirmed incorporation of the changes described above; therefore, RAI 67-8019, Question 13.03-1 is resolved and closed.
13.3.4.2 Operations Support Center DCD Tier 1, Section 2.10, Emergency Planning, and Tier 2, Section 13.3, Emergency Planning, describe the mission and major tasks of the OSC for the APR1400 standard design.
The OSC is an onsite facility that is separated from the MCR and the TSC. It is located in the compound building and provides an assembly location for operations support in an emergency.
Direct communications with the MCR and TSC are established so that personnel assigned to respond to the OSC can be assigned support duties for emergency operations.
The applicant proposed EP ITAAC in DCD Tier 1 Table 2.10-1, Emergency Planning ITAAC, relating to the OSC to verify the as-built location of the OSC and the means to communicate with the MCR and the TSC. The staff reviewed the OSC-associated ITAAC and evaluated them against the EP ITAAC in Table 14.3.10-1 in NUREG-0800, Section 14.3.10. The staff has determined that the OSC-associated ITAAC are consistent with the content and intent of the respective generic ITAAC. See Table 13.3-1, Emergency Planning ITAAC, for the relationship between the proposed ITAAC and the generic ITAAC.
Because the information provided in the DCD pertaining to the OSC is consistent with the guidance identified in NUREG-0696, Supplement 1 to NUREG-0737, and NUREG-0800, the staff determined that the application meets the applicable requirements of 10 CFR 50.34(f)(2)(xxv), 10 CFR 50.47(b)(8) and (11), and Subsections IV.E.3 and IV.E.8 of Appendix E to 10 CFR Part 50.
13.3.4.3 Emergency Operations Facility DCD Tier 2, Section 13.3, Emergency Planning, describes the mission and major tasks of the EOF for the APR1400 standard design.
The EOF is a licensee-controlled and operated offsite support center. The primary functions of the EOF are as follows:
- a. Management of overall licensee emergency response,
- b. Coordination of radiological and environmental assessment,
- c. Determination of recommended public protective actions, and
- d. Coordination of emergency response activities with Federal, State, and local agencies.
The EOF is staffed to manage licensee resources and to provide continuous evaluation and coordination of licensee activities during and after an accident.
13-16
The EOF technical data system is designed to receive, store, process, and display information in order to perform assessments of the actual and potential onsite and offsite environmental consequences of an emergency condition. Data on the general condition of the plant are available for display in the EOF.
The applicant has identified COL Item 7.5(2) to have the COL applicant provide a description of the site-specific EOF. See Section 13.3.5 below.
The staff concludes that the information provided in the DCD pertaining to the EOF is consistent with the guidance identified in NUREG-0696 and Supplement 1 to NUREG-0737. As such, the staff determined that this information meets the applicable requirements of 10 CFR 50.34(f)(2)(xxv), 50.47(b)(8) and (11), and Subsections IV.E.3 and IV.E.8 of Appendix E to 10 CFR Part 50.
13.3.4.4 Emergency Response Data System DCD Tier 2, Section 13.3, Emergency Planning, describes the ERDS for the APR1400 standard design.
DCD Tier 2, Chapter 7, Instrumentation and Controls, Section 7.1, Introduction, states that the design of the accident monitoring instrumentation system conforms to RG 1.97, Revision 4, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants.
DCD Tier 2, Chapter 7, Section 7.1.1.5.f, Information Systems Associated with the Emergency Response Facilities (ERF) and the Emergency Response Data System (ERDS), states that the ERDS system is designed to transmit the set of variables from the plant to the NRC. DCD Tier 2, Table 7.5-1, Accident Monitoring Instrumentation Variables, provides the post-accident monitoring (PAM) variables that are important to safety and are needed to mitigate the consequences of anticipated operating occurrences and postulated accidents. These PAM variables, which are displayed in the MCR, are derived from the Type A, B, C, D, and E variables specified in and using the guidance of RG 1.97. The staffs complete evaluation of the design of the APR1400 information systems important to safety is provided in Section 7.5 of this SER.
DCD Tier 2, Chapter 7, Section 7.5.1.5, Safety Parameter Display System, and Section 7.5.1.6, Information Systems Associated with the Emergency Response Facility and Emergency Response Data System, provide details about the two systems, including the ERDS transmitting information to the NRC.
The normal and alternate sources of power are discussed in Chapter 8 and evaluated in Section 13.3.4.6 below.
The applicant proposed EP ITAAC in DCD Tier 1 Table 2.10-1, Emergency Planning ITAAC, relating to providing a port for the ERDS. The staff reviewed the ERDS ITAAC and evaluated it against the EP ITAAC in Table 14.3.10-1 in NUREG-0800, Section 14.3.10, and it has been determined that the ERDS ITAAC is consistent with the content and intent of the respective generic ITAAC. See Table 13.3-1, Emergency Planning ITAAC, for the relationship between the proposed ITAAC and the generic ITAAC.
The staff concludes that the ERDS meets the requirements in 10 CFR Part 50, Appendix E, Section VI and 10 CFR 50.72(a)(4).
13-17
13.3.4.5 NTTF Recommendation 9.3 Recommendation 9.3, as depicted in Enclosure 5 to SECY-12-0025, Proposed Orders and Requests for Information in Response to Lessons Learned from Japans March 11, 2011, Great Tohoku Earthquake and Tsunami, dated February 2012 (ML120690347), requires licensees to:
- 1) provide a means to power communications equipment to communicate onsite and offsite during a prolonged station blackout, and 2) analyze and develop staffing strategies necessary for responding to an extended station blackout, multiunit event.
DCD Tier 2, Section 13.3, Emergency Planning, describes the voice and data communication system for the APR1400 standard design. A voice and data communication system establishes the interface and link from the MCR to the TSC, OSC, and the EOF and allows complete data exchange with the plant.
DCD Tier 2, Section 19.3.2.6, Recommendation 9.3 - Emergency Plan, describes the design features incorporated into the APR1400 design to enhance emergency preparedness for a Beyond Design-Basis External Event (BDBEE). The APR1400 design includes additional power sources for the wireless communication system and provides for a satellite communication link, with roof-mounted antenna and transceiver.
COL applicants that construct an APR1400 are responsible for COL Item 19.3(14), which includes addressing the enhancements of the communication system and assessing the communication systems. Applicants are also responsible for COL Item 19.3(15), which includes conducting a staffing evaluation of the proposed unit(s) in response to the provisions of Recommendation 9.3. Section 19.3.1.5, COL Information Items, of this SER identifies the COL items related to these actions.
The staff determined that the APR1400 design provides for enhanced onsite communications and adequately describes normal and backup power supplies which would be used during an emergency event to ensure communications are maintained during a large scale natural event.
The staff also determined that the appropriate provisions are in place within the DCD to ensure that the referencing COL applicant will provide a detailed analysis of the communication capabilities and an analysis of the on-site and augmented staffing capabilities for response to multi-unit beyond design basis events. This information is consistent with NTTF Recommendation 9.3 and therefore, is acceptable.
The staffs complete evaluation of BDBEE is contained in Section 19.3, Beyond Design Basis External Event, of this SER.
13.3.4.6 Safety Parameter Display System DCD Tier 2, Section 13.3, Emergency Planning, describes the SPDS for the APR1400 standard design.
Section 7.1.1.5, Information Systems Important to Safety, and Section 7.5.1.2, Inadequate Core Cooling Monitoring Instrumentation, describe the data gathering, processing and transmitting equipment and the SPDS. The SPDS functions are implemented in the safety parameter display and evaluation system+ (SPADES+), which is designed to meet the criteria for SPDS in NUREG-0696 and Supplement 1 to NUREG-0737.
13-18
Section 7.5.1.5, Safety Parameter Display System, and Section 7.5.1.6, Information Systems Associated with the Emergency Response Facility and Emergency Response Data System, provide details about the two systems including the ERDS transmitting information to the NRC in accordance with Supplement 1 to NUREG-0737.
Section 8.3.2.1.1, Non-Class 1E 120 Vac Instrumentation and Control Power System, describes that the non-Class 1E 120 Vac power system supplies continuous, reliable and regulated AC power to the plant non-safety related I&C equipment, information processing system (IPS), and process-component control system (P-CCS), all of which require uninterruptable AC power for operation.
The SPDS in the MCR functions during all events expected to occur during the life of a plant, taking into account the human-system interface.
Duplication of the SPDS displays in the TSC and the EOF improves the exchange of information between these facilities and the MCR and assists corporate and plant management in the decision-making process.
The applicant proposed an EP ITAAC in DCD Tier 1 Table 2.10-1, Emergency Planning ITAAC, relating to the SPDS to verify the as-built capability to provide plant data exchange among the MCR, TSC and EOF. The staff reviewed the SPDS ITAAC and evaluated it against the EP ITAAC in Table 14.3.10-1 in NUREG-0800, Section 14.3.10. The staff has determined that the SPDS ITAAC is consistent with the content and intent of the respective generic ITAAC.
See Table 13.3-1, Emergency Planning ITAAC, for the relationship between the proposed ITAAC and the generic ITAAC.
The staff concludes that the information provided in the DCD pertaining to the SPDS is consistent with the guidance identified in NUREG-0696 and Supplement 1 to NUREG-0737. As such, the staff determined that this information meets the requirements of 10 CFR 50.34(f)(2)(iv).
13.3.4.7 Decontamination Facilities DCD Tier 2, Section 13.3, Decontamination Facilities, describes the purpose and locations of the decontamination facilities for the APR1400 standard design.
Decontamination facilities are provided to remove or reduce radioactive contaminants from plant equipment, protective clothing, and personnel. Personnel decontamination areas are located in the compound building, and equipment decontamination facilities are located in the hot machine shop. Hot laundry facilities are located in the compound building. Personnel and equipment decontamination facilities are described in Section 12.3.
The staff concludes that the information provided in the application pertaining to the decontamination rooms is consistent with the guidance identified in NUREG-0654. As such, the staff determined that this information meets the applicable requirements of 10 CFR 50.47(b)(8) and Subsection IV.E.3 of Appendix E to 10 CFR Part 50.
13.3.4.8 Post-Accident Sampling System The PASS is designed to take reactor coolant samples for boron concentration and total dissolved gas measurements within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> and 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, respectively, after a plant shutdown.
13-19
Reactor coolant and containment atmosphere samples for radiological measurements can be obtained within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after plant shutdown. These features are consistent with the recommendations in SECY-93-087, Policy, Technical, and Licensing issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs.
The PASS is provided for emergency response and is addressed in Subsection 9.3.2 and Section 12.3. The system provides the capability to take reactor coolant and containment atmosphere samples for the analyses identified above. These analyses are performed either continuously or by grab sample and analysis. Backup grab samples are provided for any online monitoring capability consistent with NUREG-0737, Item II.B.3, Clarification (8). Under the accident conditions, liquid samples are directed to the holdup volume tank (HVT), while containment air samples are directed back to containment atmosphere.
Provisions are made for dilution of liquid and gas grab samples for subsequent laboratory analysis. Dilution of the liquid and gas grab samples is performed either at the sampling station or in the laboratory, whichever leads to simpler equipment consistent with ALARA [As Low As Reasonably Achievable] practices. Collection and dilution of the post-accident samples is performed remotely to the maximum extent feasible.
All remotely operated valves for post-accident sampling have reliable power supplies and reset features that allow reopening of the valves after containment isolation without clearing the isolation signal for other containment isolation valves. Individual valve reset features are provided to allow opening of individual sampling valves after system reset. Valves inaccessible during an accident are environmentally qualified to provide reasonable assurance of operability under accident conditions.
The staff concludes that the information provided in the application pertaining to PASS is acceptable and meets evaluation criterion I.2 of NUREG-0654 pertaining to the applicants capability to continuously assess an accident. Therefore, the information provided meets the applicable requirements of 10 CFR 50.47(b)(8), (9), and (11).
13.3.4.9 ITAAC The staff reviewed the ITAAC relating to EP, which are provided in DCD Tier 1, Section 2.6.9, Communication Systems, Section 2.7.3.1, Control Room HVAC System, and Section 2.10, Emergency Planning, against the applicable requirements and guidance identified above in Section 13.3.3. The ITAAC consist of six individual design commitments included in the respective DCD Section ITAAC tables identified above, in Section 13.3.2. In addition, the staff reviewed various design-related aspects of EP included in DCD Tier 2, Section 1.8, Section 1.9, Section 7.5, Section 9.4, Section 9.5.2, Section 13.3, and Section 14.3.2.10.
Section 13.3 of NUREG-0800, states in part, that for a DC application, the review only addresses those design features, facilities, functions, and equipment that are technically relevant to the design and are not site-specific, and which affect some aspect of EP or the capability of a licensee to cope with plant emergencies. There is no minimum amount of design-related EP for the proposed reactor that must be addressed in the application. The applicant may choose the extent to which EP features are included in the application to be reviewed as part of the certified design. Section 14.3.10 of NUREG-0800, Table 14.3.10-1, Emergency Planning - Generic Inspections, Tests, Analyses, & Acceptance Criteria (EP ITAAC), provides examples of acceptable generic EP ITAAC that may be used, to the extent they are relevant to a specific application.
13-20
In addition, the staff determined that the proposed six ITAAC, identified within Table 2.10-1, Emergency Planning ITAAC of DCD Tier 1, Section 2.10, are technically relevant to the design and are not site-specific. Pursuant to 10 CFR 52.80(a)(2), at the COL application stage, these DCD ITAAC (contained in the certified design) must apply to those portions of the facility design which are approved in the DC. Table 13.3-1 contains a complete list of these EP ITAAC.
In RAI 558-9456, Question 14.03.01-1, (ML18074A402), the staff requested the applicant to: (1) ensure that the Acceptance Criteria (AC) for each EP ITAAC identified in Tier 1 DCD Table 2.10-1, Emergency Planning ITAAC, state clear design or performance objectives that will demonstrate that the Tier 1 design commitments (DCs) will be satisfied and (2) ensure that for each of the DCs identified in Tier 1 Table 2.10-1, the Inspections, Tests, and Analyses (ITAs) and ACs align as required by 10 CFR 52.47(b)(1). The staff confirmed that Revision 3 of DCD Tier 1, Table 2.10-1, identifies EP ITAAC with clear DCs that are aligned with ITAs and ACs in order to ensure performance objectives are met. Therefore, RAI 558-9456, Question 14.03.01-1 is resolved and closed.
The staff has determined that the EP ITAAC identified in Table 13.3-1, Emergency Planning ITAAC below and identified in Revision 3 of DCD Tier 1, Table 2.10-1, are technically relevant to the design and not site-specific, and are consistent with the generic EP ITAAC in Table 14.3.10-1 in Section 14.3.10 of NUREG-0800. Therefore, the staff determined that that the application meets the applicable requirements of 10 CFR 52.47(b)(1).
13-21
Table 13.3-1 Emergency Planning ITAAC Design Commitment Inspections, Tests, Acceptance Criteria NUREG-0800 Section Analyses 14.3.10 Acceptance Criteria
- 1. The TSC has 200 m2 1. Inspection of the 1. A report exists and *8.1.1 The TSC size is of floor space. as-built TSC will be concludes that TSC consistent with performed. has at least 200 square NUREG-0696.
meters of floor space.
- 2. The TSC is located 2. Inspection of the 2. The TSC is *8.1.2 The TSC is adjacent to the MCR in as-built TSC will be adjacent to the MCR, close to the MCR, &
the auxiliary building. performed. and the walking the walking distance distance from the TSC from the TSC to the to the MCR does not MCR does not exceed exceed two minutes. two minutes.
- 3. The means exists for 3. A test of the 3. Communications *6.1 Communications communications among communication are established among are established among the MCR, the TSC, the systems will be the MCR, the TSC, the the control room, TSC, EOF, principal state and performed. EOF, principal State EOF, principal State local emergency and local EOCs, and and local EOCs, and operations centers radiological field radiological field (EOCs) and radiological assessment teams. assessment teams.
field assessment teams.
- 4. The means exists for 4. A test of the 4. Communications *6.2 Communications communications from communication are established from are established from the MCR, TSC, and EOF systems will be the MCR, the TSC and the control room, TSC to the NRC headquarters performed. the EOF to the NRC and EOF to the NRC and regional office EOCs headquarters and headquarters and (including establishment regional office EOCs regional office EOCs, of the Emergency (including and an access port for Response Data Systems establishment of the ERDS [or its successor (ERDS) between the ERDS between the system] is provided.
onsite computer system onsite computer and the NRC Operations system and the NRC Center.) Operations Center).
- 5. The OSC is located in 5. Inspection of the 5. The OSC is located *8.1.6 The OSC is the compound building, location of the as- in compound building, located onsite, separate from the MCR built OSC will be separate from the MCR separate from the and the TSC. performed. and the TSC. control room and TSC.
- 6. The OSC has 6. An inspection of 6. The OSC voice *8.1.7 OSC voice equipment for voice the as-built OSC communications communications communication with the will be performed, equipment is installed, equipment is installed, MCR and the TSC. including a test of and voice transmission and voice transmission the equipment for to and reception from to and reception from voice the MCR and the TSC the MCR and the TSC communications. are accomplished. are accomplished.
- The original numbering of the Acceptance Criteria is retained in this column to provide a direct reference to the application materials.
13.3.4.10 COL Information Items Within DCD Tier 2 Section 13.3, the applicant provided information related to those aspects of emergency planning that are non-site-specific emergency planning features and technically relevant to the design (i.e., facilities and equipment). However, programmatic aspects of 13-22
emergency planning and preparedness are the responsibility of a COL applicant that references the certified standard design. In DCD Section 13.3, the applicant stated that the COL applicant will address most aspects of emergency planning and identified six programmatic EP responsibilities as COL items. These COL items are identified below in Section 13.3.5, Combined License Information Items. The staff reviewed COL Items 13.3(1) - 13.3(6) and found them to be in conformance with the regulatory standards set forth in 10 CFR 50.47(b) and 10 CFR Part 52, and with the guidance in RG 1.101, as well as RG 1.206. Therefore, the proposed COL items are acceptable.
Combined License Information Items APR1400 DCD Tier 2, Section 13.3, Emergency Planning, contains six COL items pertaining to certain design features, facilities, functions, and equipment necessary for EP. The acceptability of the COL items is evaluated in Section 13.3.4 of this SER.
COL 13.3(1) The COL applicant is to develop interfaces of design features with site-specific designs and site parameters.
COL 13.3(2) The COL applicant is to develop a comprehensive emergency plan. The plan is developed as a physically separate document and includes copies of letters of agreement (or other certifications) from state and local governmental agencies with emergency planning responsibilities.
COL 13.3(3) The COL applicant is to address an emergency classification and action level scheme as required by 10 CFR 50.47(b)(4).
COL 13.3(4) The COL applicant is to develop the security-related aspects of an emergency plan.
COL 13.3(5) The COL applicant is to develop a multi-unit site interface plan depending on the location of the new reactor on or near an operating reactor site with an existing emergency plan.
COL 13.3(6) The COL applicant is to develop EP ITAAC.
Conclusion The staff confirmed that Revision 3 of DCD Tier 1, Table 2.10-1, identifies EP ITAAC with clear DCs that are aligned with ITAs and ACs in order to ensure performance objectives are met.
Therefore, RAI 558-9456, Question 14.03.01-1 is resolved and closed. On the basis of its review, as described above, the staff concludes that the applicant has adequately addressed the EP design-related features and generic issues for the APR1400 standard plant. Therefore, the information is acceptable and meets the applicable requirements listed in Section 13.3.3 of the SER.
Operational Program Implementation Introduction NRC Commission Paper, SECY-05-0197 (October 28, 2005), Review of Operational Programs in a Combined License Application and Generic Emergency Planning Inspections, Tests, 13-23
Analyses, and Acceptance Criteria, described the staffs plan for reviewing operational programs in a COL application. The staff requested the Commission to approve the plan to require the COL to provide descriptions of operational programs in the COL applications. In SRM-SECY-05-0197 (February 22, 2006), the Commission approved the staffs request. In approving this approach, the DC applicant was relieved of the burden of describing operational programs which only the COL applicant could describe. As a result, NRC guidance states that the DCD should include a COL Item directing the COL applicant to develop operational programs in accordance with SECY-05-1997.
Summary of Application In Section 13.4 of the APR1400 DCD, the applicant stated that the development of operational program descriptions and implementation schedules is the responsibility of the COL applicant.
Regulatory Basis As discussed in SECY-05-0197, 10 CFR 52.79, Contents of applications; technical information, Subsection 52.79(b) requires a COL applicant to provide an application containing the technically relevant information required of applicants for an operating license by 10 CFR 50.34. SECY 05-0197 goes on to state that these requirements include the submission of information on operational programs. There is no similar requirement or expectation on a DC applicant. Therefore, there is no regulatory basis to require a DC applicant to describe operational programs.
Technical Evaluation Since there is no requirement for a description, there is no technical evaluation necessary.
Combined License Information Items The following are the COL item numbers and descriptions associated with Section 13.4 and Table 1.8-2 of the DCD.
COL 13.4(1) The COL applicant is to develop operational programs and provide schedules for implementation of the programs, as defined in SECY-05-0197. The COL applicant is to provide commitments for the implementation of operational programs that are required by regulation. In some instances, the programs may be implemented in phases, where practical, and the applicant is to include the phased implementation milestones.
COL 13.4(2) The COL applicant is responsible for developing a leakage monitoring and prevention program for the systems, as specified in Subsection 5.5.2 in Chapter 16 Technical Specifications. The leakage monitoring and prevention program is to provide suitable methods and acceptance criteria as defined in NUREG-0737 Item III.D.1.1.
The staff determined that these COL items are acceptable because the DC applicant appropriately directs the COL applicant to develop operational programs as described in SECY-05-0197.
13-24
Conclusion There are no operational program requirements to be evaluated. The COL items which were provided are appropriate and acceptable.
Plant Procedures Introduction Plant procedures include: (1) administrative procedures that provide for administrative control over safety-related activities for the operation of the facility, (2) operating and emergency operating procedures used to ensure that routine operating, off-normal (i.e., abnormal), and emergency activities are conducted in a safe manner, and (3) procedures for other safety-related plant operating activities not procedurally covered under the operating or emergency operating procedure programs, including related maintenance activities.
The staff reviews the application to: (1) evaluate the acceptability of COL items pertaining to COL applicant descriptions of plant procedures, (2) evaluate the acceptability of COL items pertaining to the COL applicants program for development and implementation of plant procedures, and (3) evaluate the technical adequacy of the APR1400 generic technical guidelines (GTGs) and determine their acceptability as a basis for development of COL applicant plant-specific technical guidelines (P-STGs).
Summary of Application Procedure development is not within the scope of the APR1400 DC application. This responsibility resides with the COL applicant. The DCD Tier 2, Revision 2, Section 13.5, addressed the basic approach to procedure development, and describes and lists the COL items. The applicant did not initially submit the APR1400 GTGs, hereafter referred to as the APR1400 Emergency Operating Guidelines (EOGs), with the DC application. The APR1400 EOGs were provided in the response to RAI 11-7889, Question 13.05.02.01-1 (ML15166A302).
Technical Reports:
The APR1400 specific design features were incorporated into the analyses for the operational transients and accidents that were used for the EOGs. The technical report for the analyses is:
- KEPCO E&C/ND/TR/11-005, Best Estimate Analyses for the Operational Transients and Accidents for APR1400 Emergency Operating Guidelines.
Regulatory Basis The relevant requirements for the Commission regulations for Plant Procedures, and the associated acceptance criteria, are identified, in part, in Section 13.5.1.1, Administrative Procedures - General, and Section 13.5.2.1, Operating and Emergency Operating Procedures, of NUREG-0800.
The applicable regulatory requirements for Plant Procedures are as follows:
- Sections 50.34(a)(6) and (10) of 10 CFR 13-25
- Sections 50.34(b)(6)(ii), (iv), and (v) of 10 CFR
- Section 50.34(f)(2)(ii) of 10 CFR
- Section 50.40(a) of 10 CFR
- Part 50, Appendix B of 10 CFR
- Sections 52.47(a)(8) and (9) of 10 CFR
- Sections 52.79(a)(17), (27), (29)(i), and (29)(ii) of 10 CFR The related acceptance criteria are as follows:
- RG 1.33, Quality Assurance Program Requirements (Operation), Revision 3.
- ANSI/ANS 3.2-2012, Managerial, Administrative, and Quality Assurance Controls for Operational Phase of Nuclear Power Plants, Appendix A, Typical Procedures for Pressurized Water Reactors and Boiling Water Reactors.
- NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 13, Conduct of Operations, Section 13.5.1.1, Administrative Procedures - General, Subsection II, Acceptance Criteria, Revision 1.
- NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 13, Conduct of Operations, Section 13.5.2.1, Operating and Emergency Operating Procedures, Subsection II, Acceptance Criteria, Revision 2.
- NUREG-0737, Clarification of TMI Action Plan Requirements, Item I.C.1, Guidance for the Evaluation and Development of Procedures for Transients and Accidents, 1980.
- NUREG-0737, Supplement 1, Requirements for Emergency Response Capability, Item 7, Upgrade Emergency Operating Procedures (EOPs), 1983.
- NUREG-0899, Guidelines for the Preparation of Emergency Operating Procedures, 1982.
Technical Evaluation This section presents:
- An evaluation of the acceptability of the COL items for Plant Procedures.
- An evaluation of the technical adequacy of the APR1400 EOGs and determination of their acceptability for use in the development of COL applicant P-STGs.
13.5.4.1 COL Information Items Procedure development is identified as a COL applicant responsibility in Section 13.5 of the DCD. A COL applicant referencing the APR1400 certified design will be required to submit the site-specific information described in the COL items, at the COL stage.
13-26
COL Item 13.5(1):
SRP Section 13.5.1.1, Subsection I, states that the SAR should describe procedures that provide for administrative control over safety-related activities for the operation of the facility, and contain a target date for their completion. SRP Section 13.5.2.1, Subsection I, states that the SAR should describe operating procedures that will be used by the operating organization to ensure that routine operating, off-normal, and emergency activities are conducted in a safe manner, and include preliminary schedules for their preparation. In Revision 0 of the APR1400 DCD, COL Item 13.5(1) required the COL applicant to provide descriptions of Plant Procedures and a schedule for the preparation of Administrative Procedures only and it did not properly specify the requisite information to be submitted in the SAR regarding the descriptions of Plant Procedures or schedule. Therefore, the staff issued RAI 112-8015, Questions 13.05.02.01-2 and 13.05.02.01-3 (ML15295A375), to address these issues.
In its revised response to RAI 112-8015, Question 13.05.02.01-2 (ML16064A421), the applicant modified COL Item 13.5(1) to enhance the descriptions of and clarify the distinction between the Administrative and Operating Procedures. In its revised response to RAI 112-8015, Question 13.05.02.01-3 (ML16109A212), the applicant further modified COL Item 13.5(1) to require the COL applicant to provide a description of the nature, content, and development process for the Administrative and Operating Procedures, including preliminary schedules for preparation and target dates for completion. The staff determined the applicants revised responses to both RAI questions and the associated FSAR markups to be acceptable. The staff has confirmed that Revision 1 of the APR1400 DCD contained the changes to COL Item 13.5(1) committed to in the RAI responses. Accordingly, the staff finds that the applicant has adequately addressed these issues. Based on the review of the DCD, Revision 3, the staff has confirmed incorporation of the changes described above; therefore, RAI 112-8015, Questions 13.05.02.01-2 and 13.05.02.01-3 are resolved and closed.
COL Item 13.5(2):
SRP Section 13.5.1.1, Subsection II, provides the technical rationale for application of SRP acceptance criteria to establishment of a program for development and implementation of the Administrative Procedures. In Revision 0 of the APR1400 DCD, COL Item 13.5(2) required the COL applicant to develop a description of administrative procedures. This version of COL Item 13.5(2) was both inaccurate and redundant, requiring information similar to that specified in COL Item 13.5(1). There is no COL item in the DCD to provide a program for development and implementation of the Administrative Procedures, comparable to COL Item 13.5(5) for the EOPs. Therefore, the staff issued RAI 112-8015, Question 13.05.02.01-4 (ML15295A375) to address this issue.
In its revised response to RAI 112-8015, Question 13.05.02.01-4 (ML16109A212), the applicant modified COL Item 13.5(2) to require the COL applicant to provide a program for development and implementation of the Administrative Procedures. The staff determined the applicants revised response to this RAI question and the associated FSAR markups to be acceptable. The staff has confirmed that Revision 1 of the APR1400 DCD contained the changes to COL Item 13.5(2) committed to in the RAI response. Accordingly, the staff finds that the applicant has adequately addressed this issue. Based on the review of the DCD, Revision 3, the staff has confirmed incorporation of the changes described above; therefore, RAI 112-8015, Question 13.05.02.01-4 is resolved and closed.
13-27
COL Item 13.5(3):
SRP Section 13.5.2.1, Subsection I.1, states that the SAR should: (1) describe the different classifications of procedures the operators will use in the control room and locally in the plant, (2) identify the group within the operating organization responsible for maintaining the procedures, and (3) describe the general format and content of the different classifications.
COL Item 13.5(3) in Revision 0 of the APR1400 DCD required the COL applicant to meet all three criterion. Accordingly, the staff determined COL Item 13.5(3) to be acceptable.
COL Item 13.5(4):
SRP Section 13.5.2.1, Subsection I.2, states that the staff will review the applicants program for development and implementation of the Operating Procedures. In Revision 0 of the APR1400 DCD, COL Item 13.5(4) only required the COL applicant to provide a program for development of the Operating Procedures. The implementation aspect of the program was not addressed.
Therefore, the staff issued RAI 112-8015, Question 13.05.02.01-5 (ML15295A375), to address this issue. This RAI question covered a similar issue applicable to COL Item 13.5(4) and COL Item 13.5(7).
In its revised response to RAI 112-8015, Question 13.05.02.01-5 (ML16109A212), the applicant modified COL Item 13.5(4) to require the COL applicant to provide a program for development and implementation of the Operating Procedures. The staff determined the applicants revised response to this question and the associated FSAR markups to be acceptable. The staff has confirmed that Revision 3 of the APR1400 DCD contained the changes to COL Item 13.5(4) committed to in the RAI response. Accordingly, the staff finds that the applicant has adequately addressed this issue in COL Item 13.5(4). See COL Item 13.5(7) for additional discussion.
COL Item 13.5(5):
SRP Section 13.5.2.1, Subsection I.3, states that the staff will review the applicants program for development and implementation of the EOPs. COL Item 13.5(5) in Revision 2 of the APR1400 DCD requires the COL applicant to provide a program for development and implementation of the EOPs. Accordingly, the staff determined COL Item 13.5(5) to be acceptable.
COL Item 13.5(6):
As stated in RG 1.33, Quality Assurance Program Requirements (Operation), Revision 3, the requirements included in ANSI/ANS 3.2-2012, Managerial, Administrative, and Quality Assurance Controls for Operational Phase of Nuclear Power Plants, are acceptable to the staff and provide an adequate basis for complying with the requirements of Appendix B to 10 CFR Part 50. ANSI/ANS 3.2-2012 requires the preparation of many procedures to carry out an effective quality assurance program. Appendix A of ANSI/ANS 3.2-2012, Typical Procedures for Pressurized Water Reactors and Boiling Water Reactors, provides guidance to ensure the minimal procedure coverage for other plant operating activities (i.e., operating activities not procedurally covered under the operating or emergency operating procedure programs),
including related maintenance activities. In Revision 0 of the APR1400 DCD, COL Item 13.5(6) required the COL applicant to provide procedural coverage for these other types of safety-related activities.
In its revised response to RAI 112-8015, Question 13.05.02.01-5 (ML16109A212), the applicant made significant enhancements to COL Item 13.5(6) that were not the result or subject of a 13-28
staff-initiated RAI. The enhancements were incorporated on the basis of changes made to COL Item 13.5(7) requiring the establishment of a program for development and implementation of procedures for operating activities not procedurally covered under the operating or emergency operating procedure programs, including related maintenance activities. The enhancements ensure the consistency and accuracy of COL items. The staff determined the enhancements to COL Item 13.5(6), in the applicants revised response to RAI 112-8015, Question 13.05.02.01-5, and the associated FSAR markups to be acceptable. The staff has confirmed that Revision 3 of the APR1400 DCD contained the changes to COL Item 13.5(6) committed to in the RAI response. Accordingly, the staff finds that the applicant sufficiently addressed the need to enhance COL Item 13.5(6) on the basis of changes made to COL Item 13.5(7). All changes to COL Item 13.5(6) have been confirmed in DCD Revision 3. Therefore, RAI 112-8015, Question 13.05.02.01-5 is resolved and closed.
COL Item 13.5(7):
SRP Section 13.5.2.1, Subsection I.1.B, identifies Operating Procedure classifications.
Procedures that provide instructions for shutdown operations fall under the General Plant Procedures classification of the Operating Procedures. Subsection I.1.B describes General Plant Procedures as Procedures that provide instructions for the integrated operations of the plant, e.g., startup, shutting down, shutdown, power operation and load changing, process monitoring, and fuel handling. In Revision 0 of the APR1400 DCD, COL Item 13.5(7) required the COL applicant to provide a program for developing Shutdown Procedures. The DC applicant appeared to make an intentional distinction between the Operating Procedures and Shutdown Procedures. It was unclear whether the reference to Shutdown Procedures was intended to identify a set of shutdown procedural instructions other than what is presently described in SRP Section 13.5.2.1, Subsection I.1.B. Therefore, the staff issued RAI 112-8015, Question 13.05.02.01-5 (ML15295A375), to address this issue.
In its revised response to RAI 112-8015, Question 13.05.02.01-5 (ML16109A212), the applicant acknowledged that Shutdown Procedures belong to the specific classification of Operating Procedures described as General Plant Procedures in SRP Section 13.5.2.1, Subsection I.1.B, and that a dedicated COL item for the Shutdown Procedures was not warranted. COL Item 13.5(4) ensures that the COL applicant provides the necessary operating procedures. The applicant modified COL Item 13.5(7) by deleting the requirement pertaining to Shutdown Procedures and replacing it with a requirement for COL applicants to provide a program for development and implementation of procedures for other safety-related plant operating activities (i.e., operating activities not procedurally covered under the operating or emergency operating procedure programs), including related maintenance activities. The staff determined the applicants revised response to this question and associated FSAR markups to be acceptable.
The staff confirmed that Revision 3 of the APR1400 DCD contains the changes to COL 13.5(7) documented in the final revised response to RAI 112-8015, Question 13.05.02.01-5 (ML18207A455). Therefore, RAI 112-8015, Question 13.05.02.01-5 is resolved and closed.
COL Item 13.5(8):
The purpose of this COL item is to provide provisions which ensure that removable walls/floor slabs in the auxiliary building are removed only for major equipment replacement during defueled conditions. See Section 19.1.6.1, Level 1 Internal Events PRA for Low-Power and Shutdown Operation, in the paragraph under, Accidence Sequence Analysis, of this report for 13-29
further discussion. The staff has confirmed that Revision 3 of the APR1400 DCD contained COL Item 13.5(8) as described in Section 19.1.6.1.
13.5.4.2 APR1400 EOGs NUREG-0737, Item I.C.1, and NUREG-0737, Supplement 1, Item 7, both require: (1) the preparation of technical guidelines for development of the emergency operating procedures, and (2) submittal of the technical guidelines to the NRC for review. The applicant initially did not submit APR1400 EOGs (generic technical guidelines) with the DC application. Therefore, the staff issued RAI 11-7889, Question 13.05.02.01-1 (ML15155B335) to address this issue. In its response to RAI 11-7889, Question 13.05.02.01-1 (ML15166A302), the applicant provided the APR1400 EOGs. The applicants response stated: (1) that the EOGs are based on the Combustion Engineering (CE) GTGs, with significant safety deviations identified and evaluated to develop the APR1400 EOGs, and (2) that the APR1400 specific design features were incorporated into the analyses for the operational transients and accidents used for the EOGs.
Given that the applicant used approved CE Owners Group GTGs as the basis for its EOGs, the major portion of the review of these technical guidelines has been accomplished generically.
Therefore, the staffs review of the APR1400 EOGs, which included SRP Chapter 15, Transient and Accident Analyses, review interface support, focused largely on the evaluation of the identified safety-significant deviations to assess the technical adequacy of the EOGs and determine their acceptability for use in the development of COL applicant P-STGs; the guidelines from which the plant-specific EOPs are developed.
The APR1400 EOGs have been developed as a generic technical guideline applicable to all APR1400 reactors. The APR1400 EOGs were developed by incorporating APR1400 design-specific information into the latest version of CEN-152, the CE Owners Group GTGs. CEN-152 has been reviewed and approved by the staff. The staff reviewed the technical report KEPCO E&C/ND/TR/11-005, Revision 1, Best Estimate Analyses for the Operational Transients and Accidents for the APR1400 EOGs, and the response to RAI 11-7889, Question 13.05.02.01-1, which included the EOGs for the APR1400, the EOG Writers Guide, and the significant safety deviation document. The staff determined that the applicants response to RAI 11-7889, Question 13.05.02.01-1, is complete in that it provided sufficient detail and information for the staff to make the determination that the APR1400 EOGs are adequate and acceptable for use in developing the COL applicants P-STGs. The staff has confirmed that Revision 3 of the DCD incorporated the changes described above. Therefore, RAI 11-7889, Question 13.05.02.01-1 is resolved and closed. The staffs acceptance of the APR1400 EOGs is based on the following:
(1) The EOGs retain the structural format and event mitigation strategies of CEN-152. The EOGs contain the Standard Post-Trip Actions (SPTAs), Diagnostic Actions (DAs), Optimal Recovery Guidelines (ORGs), and Functional Recovery Guidelines (FRGs). The ORGs (event specific guidance) include the procedural guidance for Reactor Trip (RT) Recovery, Loss-of-Coolant Accident (LOCA),
Steam Generator Tube Rupture (SGTR), Excess Steam Demand, Loss-of-All Feedwater (LOAF), Loss-of-Offsite Power (LOOP), and Station Blackout (SBO).
The FRGs (event diagnosis not possible or ORG actions not sufficient) address the safety functions of Reactivity Control, Maintenance of Vital Auxiliaries (Vital ac and dc power sources), RCS Inventory Control, RCS Pressure Control, RCS and Core Heat Removal, Containment Isolation, Containment Temperature and Pressure Control, and Containment Combustible Gas Control.
13-30
(2) The EOGs have been modified to reflect the APR1400 design, including design features such as:
- Four Safety Injection (SI) pumps (instead of the two High Pressure and two Low Pressure SI pumps in existing CE plants) with Direct Vessel Injection (DVI) vice RCS cold leg injection.
- Additional Auxiliary Feedwater pumps (two 100 percent capacity turbine-driven pumps and two 100 percent capacity motor-driven pumps).
- In-Containment Refueling Water Storage Tank (IRWST); provides water collection, delivery, storage, and heat sink functions inside containment during normal and accident conditions.
- Pressurizer Pilot-Operated Safety Relief Valves (POSRVs) (instead of the Pressurizer Primary Safety Valves (PSVs) in existing CE plants) which, in addition to providing overpressure protection of the RCS, can also be manually actuated for rapid depressurization for post-accident bleed-and-feed operations in the event of a LOAF.
- Interchangeability of Containment Spray System (CSS) and Shutdown Cooling System (SCS) pumps.
- Capability of the CSS to provide a backup to the SCS for cooling of the IRWST during post-accident bleed-and-feed operations using the SI System and Pressurizer POSRVs.
- Shutdown Cooling System with RCS return flow through the DVI nozzles vice the RCS cold legs.
- Additional onsite emergency ac power source capabilities (four safety-related emergency diesel generators).
(3) APR1400 specific design features have been incorporated into the analyses for the operational transients and accidents that were used for the EOGs. The technical report for the analyses, KEPCO E&C/ND/TR/11-005, Revision 1, Best Estimate Analyses for the Operational Transients and Accidents for APR1400 Emergency Operating Guidelines, provides the results of realistic transient analyses for the following events categorized in the Optimal Recovery Guidelines of the APR1400 EOGs:
- Main Steam Line Break
- LOAF
- SBO 13-31
Realistic transient analyses of typical events and accidents for the APR1400 assume that all modeled equipment, including NSSS control systems (non-safety I&C systems) and plant protection systems (safety I&C systems), function as designed, without operator mitigating actions. Sequence of event analyses do not consider single active failure for each system relied upon to function for a particular event. In addition, multiple system failures are not considered in the transient analyses. The staffs review of the technical report determined that the simulation results for each event are reasonable on the basis that transient plant response descriptions and plots/trends of key plant parameters aptly characterize the plants response to systems which function or actuate per design as part of an event-specific mitigation strategy. Therefore, the staff determined that the technical report, KEPCO E&C/ND/TR/11-005, is adequate and acceptable for use in the preparation and development of the APR1400 EOGs.
Combined License Information Items The APR1400 DCD Tier 2, Revision 3, Section 13.5, contains eight COL Items pertaining to Plant Procedures. COL item numbers and descriptions are cited in Table 1.8-2 of the DCD.
The COL items presented in the following table are as reflected in Revision 3 of the DCD. The staff determined COL Item 13.5(3) and COL Item 13.5(5) in Revision 0 of the DCD, to be acceptable. In addition, the staff confirmed that FSAR markup changes to COL Items 13.5(1),
13.5(2), 13.5(4), and 13.5(6) were properly incorporated into Revision 1 and subsequent revisions of the DCD. The staff confirmed that the specified FSAR markup changes for COL Item 13.5(7) have been properly incorporated into Revision 3 of the DCD.
APR1400, Section 13.5, Plant Procedures - Combined License Information Items COL 13.5(1)* The COL applicant is to describe the administrative and operating procedures.
Administrative procedures provide for administrative control over safety-related activities for the operation of the facility. Operating procedures are used to ensure that routine operating, off-normal, and emergency activities are conducted in a safe manner. The COL applicant is to provide a description of the nature, content, and development process for the administrative and operating procedures, including preliminary schedules for preparation and target dates for completion (Reference 1 through 3).
COL 13.5(2)** The COL applicant is to provide a program for developing and implementing administrative procedures.
COL 13.5(3)# The COL applicant is to describe the different classifications of procedures the operators use in the MCR and locally in the plant for plant operations. The COL applicant is to identify the group within the operating organization responsible for maintaining the procedures and describe the general format and content of the different classifications.
COL The COL applicant is to provide a program for developing and implementing 13.5(4)*** operating procedures.
COL 13.5(5)# The COL applicant is to provide a program for developing and implementing emergency operating procedures.
13-32
COL The COL applicant is to describe the procedures that provide coverage for other 13.5(6)**** safety-related plant operating activities (i.e., operating activities not procedurally covered under the operating or emergency operating procedure programs), including related maintenance activities. The COL applicant is to provide a description of the nature, content, and development process for the maintenance and other operating procedures, including preliminary schedules for preparation and target dates for completion. In addition, the COL applicant is to describe how these procedures are classified, describe the general format and content of the various classifications, and identify the group(s) within the operating organization responsible for performing and maintaining the procedures.
COL The COL applicant is to provide a program for developing and implementing 13.5(7)**** procedures that provide coverage for other safety-related plant operating activities (i.e., operating activities not procedurally covered under the operating or emergency operating procedure programs), including related maintenance activities.
COL 13.5(8) The COL applicant is to provide a program for developing shutdown procedure including the installation and removal order of the pressurizer manway and the nozzle dams.
- Original wording from Revision 0 of DCD Tier 2, Chapter 13.
- See first revised response to RAI 112-8015, Question 13.05.02.01-2 (ML16064A423) and second revised response to Question 13.05.02.01-3 (ML16109A214).
- See first revised response to RAI 112-8015, Question 13.05.02.01-4 (ML16064A423).
- See third revised response to RAI 112-8015, Question 13.05.02.01-4 (ML18207A456).
- See first revised response to RAI 112-8015, Question 13.05.02.01-5 (ML16064A423).
See third revised response to RAI 112-8015, Question 13.05.02.01-5 (ML18207A456).
Conclusion Review of the APR1400 DCD Tier 2, Chapter 13, Section 13.5, Plant Procedures, consisted of: (1) an evaluation of the acceptability of eight COL items, and (2) an evaluation of the technical adequacy of the APR1400 EOGs and determination of their acceptability for use in the development of COL applicant P-STGs. Of the initial seven COL items found in Revision 0 of the DCD, the staff found COL Items (13.5(2) and 13.5(5)) to be acceptable. As described above in Section 13.5.4.1, the remaining five COL items required modification and were identified as confirmatory items to be verified in later revisions of the DCD. The staff confirmed proper incorporation of the RAI response markups in Revision 3 of the DCD for all five COL items. RAI 112-8015, Questions 13.05.02.01-2 through -8 are resolved and closed. COL Item 13.5(8) was added and found acceptable in Section 19.1.6.1 of this report as described in section 13.5.4.1 above.
The APR1400 EOGs have been developed as a generic technical guideline applicable to all APR1400 reactors. The staff determined that the APR1400 EOGs are adequate and acceptable for use in developing the COL applicant P-STGs on the basis that: (1) the EOGs retain the structural format and event mitigation strategies of CEN-152, (2) the EOGs have been modified to reflect the APR1400 specific design features, (3) APR1400 specific design features have been incorporated into the transient analyses for events categorized in the Optimal Recovery Guidelines of the APR1400 EOGs, and (4) transient analyses results are provided in APR1400 technical report KEPCO E&C/ND/TR/11-005, Revision 1, which has been reviewed by the staff and determined to be acceptable for use in the development of the APR1400 EOGs.
Therefore, the staff concludes that Section 13.5 of the DCD meets the applicable requirements of 10 CFR 50.34, 10 CFR 50.40, 10 CFR 50 Appendix A, 10 CFR 52.47, and 10 CFR 52.79.
13-33
Physical Security Introduction The Korea Hydro & Nuclear Power Company (KHNP) APR1400 DCD (Tier 1 and Tier 2) and referenced Technical Report (TeR) APR1400-E-A-NR-14002-P-SGI, APR1400 Security Features, (technical report is not publicly available) describe the physical security systems, hardware, and features (referred to here on as PSS) that are within the scope of the APR1400 standard design. The APR1400 DCD establishes a design standard for PSS that will provide detection, assessment, communication, delay, and response functions to protect against malevolent acts, up to and including design basis threat (DBT) for radiological sabotage.
Specifically, the DCD Tier 1 and Tier 2 and TeR APR1400-E-A-NR-14002-P-SGI, incorporated by reference, provide the conceptual, functional, detailed design and performance requirements, along with supporting technical bases that a combined license applicant will incorporate by reference in its application. The scope includes the identification of vital equipment for designating vital areas and establishing required access controls, and establishing the design descriptions and bases for PSS, including layout and construction of plant structures, for the APR1400 design certification. Together with additional site-specific engineered and administrative controls to establish a physical protection system (PPS), security organization, and security programs, the design of PSS in the APR1400 standard design establish how the combined license (COL) applicant meets the requirements of 10 CFR 73.55, Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors against Radiological Sabotage. The TeR APR1400-E-A-NR-14002-P-SGI contains safeguards information (SGI) and is protected in accordance with requirements of 10 CFR 73.21, Requirements for the Protection of Safeguards Information. The DCD Tier 2 Section 13.6, Physical Security, provides descriptions of security design of systems and hardware that support the physical security inspections, tests, analyses, and acceptance criteria (ITAAC) in Tier 1, which are publically available.
The design of PSS for meeting the requirements of 10 CFR Part 73, but not included in the scope of the APR1400 standard plant, are to be addressed by a COL applicant that references the APR1400 certified design by means of COL information or in accordance with the requirements in 10 CFR 52.79. The APR1400 DCD establishes COL Item 13.4(1), which states that, [t]he COL applicant is to develop operational programs and provide schedules for implementation of the programs, as defined in SECY-05-0197. The COL applicant is to provide commitments for the implementation of operational programs that are required by regulation. In some instances, the programs may be implemented in phases, where practical, and the applicant is to include the phased implementation milestones. Regulations in 10 CFR 52.79(a)(35), 52.79(a)(36), Part 73, and COL Item 14.3(4) commit a COL applicant to develop site-specific physical security ITAAC. The regulations establish that a COL applicant that references the APR1400 design certification will establish operational programs and provide the security plan to the NRC to fulfill the requirements of 10 CFR 52.79. The security plan consists of a physical security plan, contingency plan, training and qualification plan, and a cyber security plan.
Summary of Application DCD Tier 1: DCD Tier 1, Chapter 2, Design Description and ITAAC, Section 2.12, Physical Security Hardware, provides descriptions of PSS and inspections, tests, analyses, and acceptance criteria for the APR1400 standard design. The design descriptions include the 13-34
figures in DCD Tier 1, which depict the functional arrangement of the significant structures, systems, and components (SSC) of the standard design. DCD Tier 1, Section 2.6, Electric Power, provides descriptions of auxiliary plant systems and associated ITAAC for meeting safety and non-safety related functions, and which selected auxiliary plant systems also provide security functions.
DCD Tier 2: The applicant provided design descriptions of the PSS in DCD Tier 2, Section 13.6, Physical Security, as summarized below:
- DCD Tier 2, Section 1.2, General Plant Description, and Section 1.2.3, Plant Description, provide descriptions for systems, structures, and components (SSC) within the scope of the design certification. The SSC and portions of the plant that are outside the scope are designated as out-of-scope in various sections of the DCD Tier 2 information. The portions of the APR1400 standard design for which design information is included in the DCD Tier 2 information are addressed in DCD Tier 2, Section 1.8, Interfaces with Standard Designs. The staff issued RAI 428-8412, Question 13.06-12 to confirm revisions to DCD Tier 2, Section 1.2.14, Subsection 1.2.14.9 and renumbering of subsections, and revisions to Figure 1.2-1 to indicate the Security Building 1 and Security Building 2 as part of the APR1400 standard plant. Revision 1 to ARP1400 DCD Tier 2, Section 1.2.14.9, Security Buildings, describes adequately the locations of Security Building 1 and Security Building 2, and Figure 1.2-1, Typical APR1400 Site Arrangement Plan, shows their locations for the APR1400 standard design. Therefore, RAI 428-8412, Question 13.06-12 is resolved and closed.
- DCD Tier 2, Section 13.6 includes design descriptions of PSS within the scope of the APR1400 standard design. The staff found the publicly-available design descriptions and associated ITAAC in Revision 0, Sections 13.6.1 through 13.6.6, insufficient to meet the requirements of 10 CFR 52.47(b)(1) and 10 CFR 52.48. In RAI 428-8412, Question 13.06-10 (ML16062A458), the staff requested additional information to demonstrate how these requirements would be satisfied. In its response to RAI 428-8412, Question 13.06-10 (ML16125A540), the applicant provided the publicly-available descriptions and ITAAC requested by the RAI. Original Section 13.6.2, Physical Security - Design Certification, was renumbered as Section 13.6.1. Original Sections 13.6.1, and 13.6.3 through 13.6.6 were removed and replaced with Sections 13.6.2 through 13.6.2.16.
Also, the applicant removed the three COL items (previously appearing as Section 13.6.7 in DCD Revision 0) as unnecessary. See Section 13.6.5 of this report for more discussion on COL items. Section 13.6.8, References, was renumbered as Section 13.6.3. The staff verified that the revisions to the information were correctly made to Revision 1 and subsequent revisions of the DCD. The staff found the RAI response acceptable and therefore, RAI 428-8412, Question 13.06-10 is resolved and closed.
- Subsections 13.6.2.1, Vital Areas and Vital Area Barriers, through Subsection 13.6.2.16, Communications Systems, provide general descriptions addressing the design and system performances supporting the DCD Tier 1 physical security ITAAC.
RAI 428-8412, Question 13.06-10 was identified to confirm revisions to provide descriptions for each of the physical security hardware ITAAC listed in NUREG-0800 SPR Section 14.3.2 and those contained in DCD Tier 1, Section 2.12. Revision 1 to APR1400 DCD Tier 2, Section 3.16, Physical Security, adequately incorporates descriptions correlated to each of the physical security ITAAC listed in NUREG-0800, SRP Section 14.3.12 and those contained in APR1400 DCD Tier 1, Section 2.12.
Therefore, RAI 428-8412, Question 13.06-10 is resolved and closed.
13-35
- DCD Tier 2, Section 13.6 incorporates by reference TeR APR1400-E-A-NR-14002-P-SGI, which provides descriptions of how PSS will be designed and performs security functions. The descriptions address how the designs of PSS (e.g., such as bullet-resistance features, alarm stations, secondary power supplies, vital area physical barriers, access controls, locking devices, intrusion detection and assessment systems, etc.) will meet regulatory requirements and achieve intended security functions. The applicant applied guidance in RG 1.206 to describe the details for designs. The details found in TeR APR1400-E-A-NR-14002-P-SGI contains information that are safeguards and/or security-related, and are protected in accordance with 10 CFR 73.21 and 10 CFR 2.390, Public Inspections, Exemptions, Requests for Withholding, respectively.
- TeR APR1400-E-A-NR-14002-P-SGI identifies PSS that are not within the scope of the APR1400 standard plant (e.g., the protected area (PA) barrier system, protecting unattended openings, isolation zone, vehicle barrier systems, PA security lighting, perimeter defensive fighting positions, personnel and vehicle access control portal, and protection of PA penetrations). The design descriptions of these PSS are to be addressed by the COL applicant addressing 10 CFR 52.79(a)(35) and (a)(36), which require security plans to describe how engineered and administrative controls, and management systems will meet the requirements of 10 CFR Part 73 applicable to an operating nuclear power reactor.
- DCD Tier 2, Section 1.8.1, Combined License Information, and Table 1.8.2, Combined License Information Items, include physical security ITAAC for verifying selected PSS for protecting the nuclear power plant. DCD Tier 2, Section 1.9.1, Conformance with Regulatory Guides, (Table 1.9-2, APR1400 Conformance with Regulatory Guides) did not identify any Division 5 regulatory guides applicable to physical protection, but identified conformance with RG 1.206, Combined License Applications for Nuclear Power Plants, and Section 1.9.2, APR1400 Conformance with Standard Review Plans, identifies conformance with NUREG 0800, SRP 13.6-2, Physical Security -
Design Certification, Revision 1, for the APR1400 standard design.
ITAAC: DCD Tier 1, Table 2.12-1, Physical Security Hardware ITAAC [9 sheets], provides the general design commitments, inspections, tests, and analyses (ITA), and acceptance criteria (AC) of PSS included in the scope of the APR1400 standard design. In addition, Section 2.6.9, Communication Systems, describes plant and plant-to-offsite communications for security-related events and plant security communication systems. Table 2.6.9-1, Communication Systems ITAAC, includes design commitments for communication systems meeting security functions. Section 2.6.8-1, Lighting Systems ITAAC, describes normal and emergency lighting systems for illuminations inside buildings and plant areas. Table 2.6.8-1 includes verification of design commitments for plant lighting systems. Plant primary and secondary power supply systems ITAAC are addressed in Tables 2.6.1-1, AC Electrical Power Distribution Systems Safety-related Equipment Characteristics, through Table 2.6.3-3, DC Power System ITAAC.
Technical Specifications (TS): There are no TS for this area of review.
Topical Reports: There are no topical reports associated with this area of review.
Technical Reports: There are two technical reports (TeRs) associated with this area of review as identified in the discussion.
13-36
- APR1400-E-A-NR-14001-P-SGI, Physical Security Design Response
- APR1400-E-A-NR-14002-P-SGI, Physical Security Design Features Cross-cutting Requirements (Three Mile Island [TMI], Unresolved Safety Issue
[USI]/Generic Safety Issue [GSI], Op Ex: There are no cross-cutting requirements associated with this area of review.
APR1400 Interface Issues Identified in the DCD: DCD Tier 2 contains information related to interface requirements that will be addressed by the COL applicant. DCD Tier 2, Table 1.8-1, Index of System, Structure, or Component Interface Requirements for APR1400, provides a summary of APR1400 plant interface with the remainder of the plant and 10 CFR 52.79 establishes that the COL applicant is to develop a physical security plan, training and qualification plan, and safeguards contingency plan. The COL Item 14.3(4) establishes that the COL applicant is to provide site-specific physical security ITAAC for the facilitys PSS not addressed in the APR1400 standard design.
Site Interface Issues Identified in the DCD: There are no site interface issues associated with this area of review.
Conceptual Design Information: There are no conceptual design issues associated with this area of review.
Regulatory Treatment of Non-Safety Systems (RTNSS): There is no RTNSS issue for this area of review.
10 CFR 20.1406: There is no issue related to 10 CFR 20.1406 for this area of review.
COL information or action items: See section 13.6.5 for COL items.
Initial Test Program: There is no Initial Test Program associated with this area of review.
Regulatory Basis Subpart B of 10 CFR 52, Section 10 CFR 52.47, requires that information submitted for a design certification must include performance requirements and design information sufficiently detailed to permit the preparation of acceptance and inspection requirements by the NRC, and procurement specifications and construction and installation specifications by an applicant.
Section 10 CFR 52.48 requires the applications filed will be reviewed for compliance with the standards set out in 10 CFR Part 73. Section 52.47(b)(1) of 10 CFR, requires that the application must contain proposed ITAAC that are necessary and sufficient to provide reasonable assurance that, if the inspections, tests, and analyses are performed and the acceptance criteria met, a facility that incorporates the design certification has been constructed and will be operated in conformity with the design certification, the provisions of the Act, and the Commission's rules and regulations. Following are key regulatory requirements that are considered and applied in addressing designs of PSS for design certification:
- 1. Part 73 of 10 CFR, which specifies performance-based and prescriptive regulatory requirements that, when adequately met and implemented, provide security for nuclear power reactors, including safeguarding information against unauthorized release.
13-37
- 2. Section 73.55(b) of 10 CFR, General Performance Objective and Requirements, which requires an applicant to establish and maintain an onsite physical protection program and security organization, which include reliance on adequate designs of physical security engineered systems, features, and hardware and administrative controls to protect against malevolent acts (e.g., design basis threat for radiological sabotage).
- 3. Section 73.55(b)(2) of 10 CFR, which establishes the performance-based regulation that requires the applicant to describe how a nuclear power plant is protected (e.g., threats up to and including a design-basis threat of radiological sabotage as described in 10 CFR 73.1(a)(1), Radiological Sabotage.)
- 4. Sections 73.55(e), 73.55(g), 73.55(i),and 73.55(j) of 10 CFR, which establish prescriptive design requirements for PSS design for providing physical barriers, access controls, intrusion detection and assessment, and communication functions.
The relevant guidance to NRC regulations for this area of review, and the associated acceptance criteria, are specified in NUREG-0800, SRP Sections 13.6, Physical Security, and 13.6.2, Physical Security Design Certification, along with regulatory requirements and guidance for nuclear power reactors. Acceptance criteria adequate to meet the above requirements include those set forth in various regulatory guides, such as RG 1.206 and Division 5 regulatory guides for the protection of plant and materials, and staff guidance captured in NUREG-0800.
Technical Evaluation The staff reviewed the design descriptions of PSS in the application for security design elements for the design of the buildings, structures, systems, and components that are within the scope of APR1400 design certification to determine whether they satisfy the requirements of 10 CFR Part 73 that are applicable to a nuclear power reactor. For the PSS that have been incorporated in the scope of the design certification, the staffs review consisted of determining whether the applicant has provided adequate and reasonable descriptions of design and technical bases, and has described how the proposed design will achieve intended security functions. Not reviewed as part of a DCD review are site-specific aspects reserved for review as part of a COL application which references the certified APR1400 standard design. At that time, the staffs review of a COL application will include the review of the security programs or integrations of engineered systems with administrative controls, along with management measures and organization, to determine whether it would provide high assurance of adequate protection and a finding of an adequate physical security program, as specified in 10 CFR 73.55(a), Introduction, through 10 CFR 73.55(r), Alternative Measures, for an operating license.
The staffs review and scope are limited to the adequacy of the design and bases for the PSS that are relied on to perform security detection, assessment, communication, delay, and response functions. The demonstration of a high assurance of adequate protection against the DBT and compliance with programmatic requirements (including administrative controls such as people and procedures) of 10 CFR Part 73 are to be addressed by the COL applicant who is seeking a combined license for a nuclear power plant. A regulatory determination on the adequacy of programmatic or administrative controls planned for meeting 10 CFR Part 73 will not be made during a design certification review and will be reserved for review of a COL application.
13-38
The staffs review includes the following applicant responses submitted to the NRC RAI Nos.
365-8411 and 428-8412, along with proposed revision to DCD Tier 2 Section 13.6 and revised TeR APR1400-E-A-NR-14002-P-SGI, for the design certification:
KHNP to the NRC, Response to RAI 365-8411, March 16, 2016.
KHNP to the NRC, SGI Attachments to Response to RAI 365-8411, March 16, 2016.
KHNP to the NRC, Response to RAI 428-8412, May 4, 2016.
KHNP to the NRC, SGI Attachments to Response to RAI 428-8412, May 12, 2016.
KHNP to the NRC, Second Response to RAI 428-8412, May 13, 2016.
The applicant also provided TeR APR1400-E-A-NR-14001-P-SGI, Physical Security Design Response, which is not incorporated by reference. It provides assessment and a method for how the APR1400 standard plant can be protected, but may not be the same method of how each COL applicant may choose to design its protection. Therefore, the details and information found in TeR APR1400-E-A-NR-14001-P-SGI are not relied on for the design certification.
13.6.4.1 Design Considerations for Physical Security In DCD Tier 2 and TeR APR1400-E-A-NR-14002-P-SGI the applicant considered and incorporates the standard PSS that provide security functions for protecting the APR1400 standard plant. Specifically, the DCD describes what and how engineered PSS, including configurations, buildings and site layout, are designed for performing security functions to detect, assess, communicate, delay, and respond against malevolent acts.
The applicants TeR APR1400-E-A-NR-14002-P-SGI provides descriptions for the design and performance of systems and configurations of security design features identified in DCD Tier 1, Section 2.12, Sub-Section 2.12.1, Design Description. The TeR APR1400-E-A-NR-14002-P-SGI descriptions of the design of PSS conforms to NUREG-0800, SRP 13.6.2, Physical Security - Review of Physical Security System Designs - Standard Design Certification and Operating Reactor Licensing Applications, Revision 1, which was in effect when the APR1400 DCD was docketed. Conforming to guidance, the design descriptions addressed eight physical security elements in SRP 13.6.2, Section 3 and addressed an additional twenty-one physical security elements which may be included within the scope of the design certification and/or reserved for the COL applicant that references the certified APR1400 standard plant. A site layout diagram identifies standalone structures that are within the scope of the design certification.
In TeR APR1400-E-A-NR-14002-P-SGI, Section 3, Design Features of Physical Security System Within the Nuclear Island and Structures, the applicant stated that: [t]his chapter provides the design of the APR1400 physical security element required within the DC applications, which consists of eight elements in accordance with NUREG-0800, SRP Section 13.6.2, Physical Security - Design Certification (Reference 12). The TeR APR1400-E-A-NR-14002-P-SGI supplements the information in DCD Tier 2 with design-related information, results of evaluations or analyses, and design and performance requirements for the following:
Vital areas and barriers Alarm Stations (Central Alarm Station (CAS) and Secondary Alarm Station (SAS))
Tamper indication and self-checking circuits 13-39
Secondary power supplies Bullet resistance of CAS, SAS, and MCR Protection against single act Alarm station and equivalency and redundancy Requirements for passage through two barriers Separation of vital areas and protected area barriers Locking devices Protection of vital area penetrations Security Communications PA exterior lighting (outside the isolation zone)
Backup power for protected area exterior lighting (outside the isolation zone)
Alarm annunciation and access control system Plant infrastructures (cabling, network, computers, and monitors, etc.) to process intrusion detection, assessment, access control, and security communications.
Identification of vital equipment and vital areas for the APR1400 standard design Vehicle barrier system analyses for nuclear island and structures standoff distances Security buildings No. 1 and No. 2 The applicant established the designs of PSS (e.g., alarm stations, secondary power supply, bullet-resistance of CAS, SAS, and MCR, single act protection, alarm station equivalency and redundancy, requirement for passage through two barriers, separation of VA and PA barriers, locking devices, protection of VA barrier penetrations, security communications, PA exterior lighting outside the isolation zones, and backup power for this lighting) for achieving security functions and criteria stated above in the scope of the design certification.
In TeR APR1400-E-A-NR-14002-P-SGI, the applicant also identified and established the following PSS that are not within the scope of the APR1400 design certification, which the COL applicant must provide and would include information required by 10 CFR 52.79(a)(35) and 52.79(a)(36):
- Last access control location (LACL) and Main Access Control Building (MACB)
- PA barrier
- Isolation zones and lighting
- Close caption television cameras for assessments
- Intrusion detection system at the PA
- Security specific radios
- Security fighting positions
- Vehicle barrier system The PSS that perform these security functions are not within the scope of the design certification. The applicant indicated that plant infrastructure to process the intrusion detection, assessment, last access control functions, security communications are addressed in the standard plant design.
The staff finds the following:
The APR1400 standard design includes PSS for security functions and considered site layout and plant structure configurations for spatial separation of security structures, systems, and components.
13-40
The independence, redundancy, and spatial separation of nuclear island and structures and safety-related structures, systems, and components for the APR1400 standard design facilitate the design of a physical protection system by: (a) increasing the number of tasks, sequences of tasks, and task times for malevolent acts to cause failures or loss of safety-functions that could lead to radiological sabotage; (b) providing hardening and configurations of the nuclear island and structures that can be credited for the physical security functions of delay, bullet resistance, access control, and explosive blast protection; (c) providing spatial separation that minimizes or prevents a single event or act from causing failure or loss of all safety or security functions; and (d) providing a standard plant configuration that would allow a layered defense or defense-in-depth protection of the nuclear island and structures.
The staff concludes that the applicant, in accordance with 10 CFR Part 52, has adequately considered physical security in the APR1400 standard design and included design descriptions of PSS addressing security functions meeting applicable requirements of 10 CFR 73.55 and within the scope of the APR1400 design certification.
13.6.4.2 Security Evaluations and Analyses 13.6.4.2(a) Vital Equipment Identification Process In TeR APR1400-E-A-NR-14002-P-SGI, Section 3.1, Vital Areas and Equipment (Element 1),
and Appendix B, Vital Equipment List, the applicant described a process for identifying vital equipment and provides a list of vital equipment for the APR1400 standard design, respectively.
The identification of vital equipment was accomplished with a multi-discipline team that evaluated reactor design and safety analysis information in the APR1400 DCD Tier 2 and supporting analyses and documentation, as the source for the identification process.
The applicant indicated that the vital equipment is based solely on the definition of vital equipment in 10 CFR 73.2. In TeR APR1400-E-A-NR-14002-P-SGI, Appendix B, Section B.1, Background and Purpose, the applicant indicated following criteria and assumptions in the process for identifying vital equipment, stated below:
The 10 CFR 73.2 definition for vital equipment, which states that Vital equipment means any equipment, systems, devices, or material, that failure, destruction, or release of which could directly or indirectly endanger the public health and safety by exposure to radiation. Equipment or systems which would be required to function to protect public health and safety following such a failure, destruction, or release are considered to be vital.
Equipment and components not reasonably expected to be required to keep the reactor fuel cooled and keep the coolant contained or required to function to mitigate the impact of a release do not meet the definition of vital equipment.
The equipment and components that are generally safety-related and systems and equipment that function to filter the internal plant atmosphere to strip out radioactivity are considered.
13-41
Non safety-related components are not considered to meet the definition of vital equipment, unless they are directly required for containment integrity or release mitigation in accordance with the definition of 10 CFR 73.2.
The following generic categories of systems are considered vital:
o Piping and valves that form a barrier to the release of radioactivity.
o Piping and valves that connect two vital components.
o Power cables between two vital components.
o Sensor cable between vital instrument channel sensors and vital I&C cabinets.
o Piping up to the first isolation device outside of containment.
o Instrument Air and Service Air Piping, up to and including the first IA/SA isolation valves, connecting containment penetration valves and IA/SA valves.
The applicant indicated that the process for identifying vital equipment considers the safety-related systems and equipment, important to safety systems and equipment, and risk significant systems and equipment. The safety-related systems and equipment are identified in DCD Tier 2 Section 3.2, Classification of Structures, Systems, and Components, systems and equipment performing functions that are important to safety in DCD Tier 2 Section 3.2.1, Seismic Classification, are reviewed to identify their functions for assessment to determine if they would be considered vital.
The process also included evaluation of systems and equipment identified as risk-significant by the design reliability assurance program and non-safety related systems, such as fire protection, radioactive-waste processing, post-accident monitoring, chemical tanks, etc., to determine whether they would have direct or indirect functions to be identified as vital. Non-safety related systems identified in Section 3.2, including Table 3.2-1, Classification of Structures, Systems, and Components, and Table 3.11-1, Ventilation Areas, were reviewed for identifying vital equipment.
The applicants process also included review of information provided in the DCD Tier 2 Chapter 15, Accident Analysis, on mitigating radiation release and mitigation actions and Chapter 19, Probabilistic Risk Assessment and Severe Accident Evaluation, for identifying vital equipment.
The staff finds the following:
In TeR APR1400-E-A-NR-14002-P-SGI, Appendix B, the applicant established a reasonable process and identified reasonable criteria and assumptions for identifying a complete and accurate list of vital equipment for the APR1400 standard design based on the definition of vital equipment in 10 CFR 73.2.
The applicant applied and relied on information from the design bases and safety analyses for the APR1400 standard design to establish an accurate and complete list of vital equipment that complies with regulatory requirements.
The applicant conformed to guidance in RG 5.81, Target Set Identification and Development for Nuclear Power Reactors, which states that technical recommendations in NUREG-1178, Vital Equipment/Area Guidelines Study:
Vital Area Committee Report, published in 1988, should not be utilized for the identification of vital equipment, as the assumptions in this document do not 13-42
consider all equipment that should be identified as vital in accordance with 10 CFR 73.2.
13.6.4.2(b) Vital Equipment List The applicant provided a listing of vital equipment for the APR1400 standard plant in TeR APR1400-E-A-NR-14002-P-SGI, Appendix B, Section B.2, Vital Equipment List, Table 1, APR1400 Vital Equipment List. The table identifies the SSC description, item numbers, principal structures, systems, and components, building, room, safety class, and rationale for identifying equipment as vital. The detailed listing of systems and equipment and their locations, along with boundaries designating the vital area boundaries, are SGI, and the information is protected in accordance with requirements of 10 CFR 73.21 and withheld from the public in accordance with provisions of 10 CFR 2.390.
The staff finds the following:
The applicant has identified and provided lists of vital equipment for the APR1400 standard design, based on the definition of 10 CFR 73.2. The detailed list of vital equipment is provided in Appendix B of TeR APR1400-E-A-NR-14002-P-SGI.
The staffs review of the applicants vital equipment list did not identify exclusion of frontline system/functions and primary supporting systems that meet the definition of vital equipment of 10 CFR 73.2. Based on the applicants representations for the list of vital equipment in TeR APR1400-E-A-NR-14002-P-SGI, Appendix B, the staff concludes that the applicants list of vital equipment for the APR1400 standard design is sufficiently complete and accurate to meet the definition of vital equipment as stated in 10 CFR 73.2.
13.6.4.2(c) Vital Areas The requirements of 10 CFR 73.55(e)(9)(i) states that Vital equipment must be located only within vital areas, which must be located within a protected area so that access to vital equipment requires passage through at least two physical barriers, except as otherwise approved by the Commission and identified in the security plans. The applicant established vital areas for the APR1400 standard plant based on the safety-related systems and components identified on the Vital Equipment List and others areas required by 10 CFR 73.55(e)(9) to designated the MCR, CAS, SAS, spent fuel pool (SFP), and security secondary power supply as vital areas.
In TeR APR1400-E-A-NR-14002-P-SGI, Section 3.1, and Appendix A, Vital Areas Figures, the applicant identified the vital areas for the APR1400 standard plant. The vital areas consist of the various structural boundaries of the nuclear island and structures and areas of the APR1400 standard plant. The applicant, on the basis of diverse locations of equipment that are considered vital, established certain building perimeters that enclose the vital equipment as boundaries of the vital areas. The applicant indicated that the designs and configurations of vital areas provide restriction of access and limit access pathways, which facilitate implementation of security for unauthorized access. The specific structures boundaries that form the vital area within the nuclear island and structures are shown in figures in Appendix A to TeR APR1400-E-A-NR-14002-P-SGI (Pages A-2 to A-20). The plant structures exterior boundaries that form vital areas are also shown in Appendix A. The detailed locations and 13-43
boundaries of the vital areas are SGI and are protected in accordance with requirements of 10 CFR 73.21.
TeR APR1400-E-A-NR-14002-P-SGI establishes the following design requirements for PSS that are standard for the protection of vital areas:
In Section 3.7, Control of Unoccupied Vital Area (Element 7), the applicant described the design of systems and components for providing access control, locking, and intrusion detection for securing unoccupied vital areas. The design descriptions include the system interfaces necessary for the redundant intrusion detection alarm indications and assessments of alarms. The design descriptions address system logic sequences for initiating alarm conditions and the supervision and monitoring of alarm signal integrity and system normal and trouble conditions, such as tampering, loss of or degraded signals, short of system signal circuits for detecting loss or abnormal system functions. The descriptions include the design of primary and secondary power supply, access controls, intrusion detection, and locking systems. The design descriptions specify the minimum duration and establish the configurations of secondary power supply designed for continuity of security functions. The applicant also established design requirements for interfaces between access control system and locking devices in the event of loss of both primary and secondary power and identifies the design requirements for protecting control and power wiring against physical tampering. Unoccupied vital area entry/exits are locked and alarmed with intrusion detection systems that annunciate at two alarm stations to comply with regulatory requirements.
The vital area physical boundaries are spatially separated from the PA boundary by an isolation zone. The vital area boundaries are as indicated in Appendix C, Site Layout Diagram, which shows the separation from a PA boundary that will be established by a COL applicant to comply with the requirements of 10 CFR 73.55(e)(8). The physical barriers for the PA perimeter and the vital area barriers and access controls allow for delay of unauthorized person access and security responders to interdict prior to reaching vital area boundary and delay access into a vital area, respectively. TeR APR1400-E-A-NR-14002-P-SGI, Appendix A, Vital Area Figures, shows the vital area boundaries as distinct from the PA physical barrier.
The design and construction of vital area barriers are described in Section 3.4, Vital Area Physical Barriers (Architectural Features)(Element 4). The descriptions include identification of walls, floors, and ceiling minimum construction requirements to establish physical barriers enclosing the designated vital areas, including design of the MCR, CAS, and SAS, to satisfy bullet-resisting requirements. The descriptions for the design and construction requirements for the vital area barriers also include the boundaries enclosing the spent fuel pool, security secondary power supply room for alarm annunciation and non-portable communications equipment that are specifically required by 10 CFR 73.55(e)(9).
The identifications of the walls, floor, and roof that form the boundaries enclosing the spent fuel pool, which is designated as vital in accordance with 10 CFR 75.55(e)(9)(v)(B), and the secondary power supply room, also designated vital in accordance with the requirements of 10 CFR 73.55(e)(9)(vi)(A) and 10 CFR 13-44
73.55(e)(9)(vi)(B), are described in TeR APR1400-E-A-NR-14002-P-SGI, Sections 3.1, 3.4, and 4.18 and Appendix A.
In Section 3.3, Bullet Resistance of the Main Control Room (Element 3), the applicant described the minimum design requirements of walls, floor, and ceiling needed for meeting the function of bullet-resisting barriers to protect the MCR.
The design descriptions include the requirement for doors to meet Underwriter Laboratories (UL) 752, Standard for Bullet-Resisting Equipment, and protection of heating and ventilation, and air condition (HVAC) penetrations using plates, baffles, bends, or a combination of features to prevent direct lines of sight or trajectory into the MCR. Drawing No. 1-300-A115-100 (Page D-11) in TeR APR1400-E-A-NR-14002-P-SGI describes typical security barriers for HVAC penetrations and other openings through the vital area barriers. The design for HVAC penetration openings requires installations of barriers that allow airflow but does not allow the passage of a person. The physical barriers installed to penetrations are redundant to restrict access and provide security delay against force entry.
Additional design descriptions for protection of penetrations through the vital area physical barriers are described in Section 3.5, Vital Area Physical Barriers (Penetration Features)(Element 5). All openings exceeding a standard opening too small for passage of an individual, are to be protected with engineered systems or features that delay, deny, control, detect, and monitor unauthorized access. TeR APR1400-E-A-NR-14002-P-SGI, Appendix D, shows the typical configuration of a vital area door and how the locking and alarm mechanism are mounted. Drawing No. 1-326-A116-100 (Page D-8) in TeR APR1400-E-A-NR-14002-P-SGI shows the locations for installations of bullet resistant doors. The penetrations of HVAC ducts, cable tray penetrations, ventilation fans, and others are protected to ensure the integrity of the vital area barrier is not decreased and not allow for the passage of a person. Drawing No. 1-300-A115-100 (Page D-11) indicates typical security barriers for HVAC penetrations and other openings.
The design configuration or installation of vital area access controls, locks, and alarms components are shown on figures provided in Appendix D, Functional Diagrams, for PSS that are included in the design for the APR1400 standard plant.
The applicant also indicated that barriers protecting to door penetrations through the vital area barriers will provide similar delay as the adjacent portion of the vital area barriers or delay needed and comply with regulatory requirements for a security barrier in 10 CFR 73.2. The security design features include hardened doors to provide delay to forced entry and resistance to mechanical and explosive breaching to allow for security responses. The TeR APR1400-E-A-NR-14002-P-SGI Drawing Nos. 1-271-A116-200 and 1-271-A116-300 (Pages D-9 and D-10) show locations and doors that will be designed to delay unauthorized entries into designated vital areas, controlling access to vital equipment.
In Section 3.6, Vital Area Portal Egress (Element 6), of TeR APR1400-E-A-NR-14002-P-SGI, the applicant described the design and construction requirements for delay to forced entry and locking mechanisms to secure vital area portals for ingress and egress. The design includes UL listed exit device or panic and locking hardware that accounts for normal and emergency operations and 13-45
functions in the event of a loss of power. The design for hardening of openings is also described in TeR APR1400-E-A-NR-14002-P-SGI Section 4.0, Other Physical Security Element.
The design for access control system, access control unit, door control, intrusion detection components, and network management systems for vital area is shown in system functional diagrams on Drawing No. 1-300-E153-010 (Page D-2) in Appendix D to TeR APR1400-E-A-NR-14002-P-SGI. The design provides redundant systems for access control functions at alarm stations. Similarly, the details for the design of the intrusion detection and assessment systems is shown on Drawing No. 1-300-E153-020 (Page D-3) and establish redundancy and separation of systems providing intrusion detection and assessment functions.
The staff finds the following:
- The applicant has identified in TeR APR1400-E-A-NR-14002-P-SGI, Appendix A, the areas designated as vital for the APR1400 standard plant. The APR1400 standard design vital areas consist of the various structural boundaries of the nuclear island and structures of the APR1400 standard plant. The applicant adequately addressed the requirements of 10 CFR 73.55(e)(9)(v) by designated vital areas that enclosed identified vital equipment, and the MCR, CAS, SAS, SFP, and security secondary power supply.
- The applicant identified and designated vital areas to include vital equipment listed in TeR APR1400-E-A-NR-14002-P-SGI, Appendix B, and established that no vital equipment within the scope for the APR1400 standard design is located outside of areas designated as vital. The results of the applicants evaluation and identification of vital equipment and vital areas for the APR1400 standard design are documented in TeR APR1400-E-A-NR-14002-P-SGI, which DCD Tier 2, Section 13.6 incorporates by reference.
- The applicant described the design for the PSS provided to protect the access to vital areas. Specifically, TeR APR1400-E-A-NR-14002-P-SGI described design requirements for protecting of unoccupied vital areas, vital area physical barriers and separation from the PA, protecting penetrations through vital area physical barriers, minimizing entry points, hardening vital area portal egress, controlling access to vital areas, and detecting and assessing unauthorized access or intrusion for security response.
- The applicant adequately described the design and performance requirements for physical barriers of the nuclear island and structures that have been designated as vital areas, and adequately addressed one of two physical barriers required for access to vital equipment in accordance with 10 CFR 73.55(e)(9)(i).
- The applicant adequately addressed the requirements of 10 CFR 73.55(e)(9)(ii) by providing a standard design that protects all vital area access points and vital area emergency exits with intrusion detection equipment and locking devices, which satisfy the vital area entry control requirements, and meet the 10 CFR 73.55(e)(9)(iii) requirement that unoccupied vital areas must be locked and alarmed.
13-46
- The applicant adequately described the design and performance requirements for PSS for access control. Specifically, the applicants design addressed the requirements of 10 CFR 73.55(g), Access Controls, as it is applied to the access to the nuclear island and structures of the APR1400 standard plant. The design of PSS included access controls systems to meet the requirements of 10 CFR 73.55(g)(1)(i)(A) and (i)(B) at the vital area boundaries to control personnel, protection of openings with physical barriers with locking devices to delay access, intrusion detection system for detection of unauthorized access, and equipment to assess physical conditions of designated vital areas.
- The applicant adequately described the design and performance of PSS that provide capabilities for surveillance, observations, and monitoring, in accordance with requirements of 10 CFR 73.55(i)(5). The design also included provisions for control of unattended openings by providing physical barriers and intrusion detection in accordance with 10 CFR 73.55(i)(5)(iii).
- The applicant has adequately considered the applicable requirements in 10 CFR 73.55 for the design of PSS within the scope of the APR1400 standard plant, to comply with requirements of 10 CFR Part 52 for design certification. The staff concludes that the applicant has designated vital area boundaries, as indicated in TeR APR1400-E-A-NR-14002-P-SGI, Appendix A and establish that vital equipment identified for the APR1400 standard design will be located within vital areas in accordance with the requirements of 10 CFR 73.55(e)(9)(i).
13.6.4.3 Security Computer Design Requirements and Cyber Security Program In Section 4.5, the applicant described the design of security computer systems for the APR1400 standard design. The design descriptions address the systems capabilities for what and how data will be communicated, along with interfaces with subsystems and components.
The design requirements of the security computer system addressed redundant capabilities to operate on-line to process alarm signals and video data, automatic switching for system malfunctions, automatic update of data, interfaces with access control features, data gathering and transmissions, features for operator interfaces with intrusion detection, assessment, access control functions, graphic displays of alarms, and video displays. TeR APR1400-E-A-NR-14002-P-SGI, Appendix D, provides systems functional diagrams showing the design interfaces of security computer systems with sub-systems for performing redundant intrusion detection and assessment and access controls, and the interfaces between alarm stations.
The applicant provided the following additional details for security computer systems in TeR APR1400-E-A-NR-14002-P-SGI, Section 5, Additional Security Features, Subsection 5.4, Computer Systems:
The security computer systems support the plant security functions by continuous access control and monitoring of doors and prompt reporting and permanent recording of all alarm points and system conditions (e.g., intrusions, tampers, and trouble conditions, etc.). The security computers are located within vital areas and access is restricted to authorized personnel. The redundant security computers, spatially separated, and independently powered by diverse security power subsystems, and each independently capable of providing required security functions. The security computer systems network is isolated and does not connect to any other plant systems, computer, or data networks.
Graphic monitors will be used to display the area originating alarm. Appropriate 13-47
software will be provided to ensure that the computer system can adequately control the peripheral equipment and the necessary operational function within the computer system, administer the access control system, control the security hardware assigned to the computer, monitor the security alarms, and prepare the necessary logs and reports.
The security computer systems will be capable of rapid data communications using the dedicated network. The computers, graphic displays, CCTV servers, digital video recording systems, and printers will be connected to the network.
The network configuration allows rapid communication between devices to provide information to the alarm station operators. TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-E153-030 (Page D-4) shows the functional diagram for the design of the security computer systems network. The drawing shows how the network will be configured and how the backbone and infrastructure will accommodate the security devices. The remote field devices, such as intrusion detectors, CCTV, door card readers, and security alarming devices are connected to the network and will be supplied by the COL applicant to complete the total integrated security systems. The security circuits are supervised and tamper indicating for monitoring of the systems conditions and operability.
The computer systems that process the inputs from remote field components to generate alarm indications from the intrusion detection operate on a dedicated network that is redundant and independent from other network systems.
Drawing No. 1-300-E153-020 (Page D-3) establishes the design requirement for the systems to be independent of each other, such that input form components that are transmitting to allow both alarm stations to receive, process, and display the same information. The configuration provides continuity of security functions if either system has a malfunction.
The computer systems are designed such that an alarm station operator cannot change the status of a detection point or deactivate a locking control device at a protected or vital area portal, without the knowledge and concurrence of the alarm station operator in the other alarm station. All wiring connecting the computer systems with remote access control components (card readers, controllers, etc.) and with other security subsystems (perimeter intrusion detection, etc.) are electronically supervised circuits. The primary and secondary cable between the alarm stations and controllers are separated to prevent simultaneous damage caused by sabotage attempt or any unintended actions.
The security computer systems also interface with the closed circuit television system to monitor the PA perimeter. The functions of the CCTV system include operating cameras and provide visual monitoring of the area with an alarm in the event of perimeter intrusion detection system actuating and allow assessment of the area in alarm.
The personnel access for the APR1400 is controlled by computer-based automatic access control system. The computer for the access control system will also interface with security subsystems, such as intrusion detection and CCTV images. The access control systems permits entry only to those persons authorized to enter specific areas at the access point into the PA, buildings, and 13-48
vital areas. Access point activities, including door status, open or closed, alarm, attempts of unauthorized entry, are recorded. The systems contain provisions for automatic switchover to UPS and secondary power in the event primary power is interrupted for continuity of access control functions.
The COL applicant that reference the certified APR1400 standard design is required to establish and describe how the requirements of 10 CFR 73.54, Protection of Digital Computer and Communication Systems and Networks, will be met. Guidance in RG 5.71, Cyber Security Programs for Nuclear Facilities, provides acceptable methods and approaches for developing and establishing a cyber security program for submission of a Cyber Security Plan, to satisfy the requirements of 10 CFR 52.79(a)(36)(iii).
The staff finds the following:
- The applicant described the physical and network controls and the isolation of security computer systems and interfaces that support PSS performing security functions of intrusion detection, assessment, and access control.
- The COL applicant referencing the APR1400 design is responsible for meeting the requirements of 10 CFR 73.54 for a cyber security program protecting digital computers and communication systems and networks.
- The determination and finding on whether the applicant has met the requirements of 10 CFR 73.54 for a cyber security program is beyond the scope of the design certification. Compliance with the regulatory requirements for an adequate cyber security program is to be reviewed as part of a COL application that references the APR1400 design certification.
13.6.4.4 Standard Physical Security Systems DCD Tier 2, Section 13.6.2, Physical Security - Design Features, describes the following PSS within the scope of the APR1400 standard design:
- Vital areas and vital area physical barriers
- Separation of vital area and protected area barriers
- Illumination within structures and the protected area outside of isolation zone
- Bullet resisting barriers
- Minimum safe standoff distance for installing vehicle barriers
- Access controls and intrusion detection for vital areas
- Alarm stations location and intrusion detection and assessment systems
- Secondary power supply for alarm annunciation and non-portable communications equipment
- Security Communications TeR APR1400-E-A-NR-14002-P-SGI provides additional design descriptions on the design, performance, and configuration for the PSS above. The specific details of design and performance of the PSS that would reveal SGI or security-related information is protected in accordance with 10 CFR 73.21 and 10 CFR 2.390, and are not described in publicly available documents. Section 13.6.2 also describes design of PPS that are to be address by a COL applicant that references the APR1400 certified design.
13-49
The previous discussions of this safety evaluation section addressed the design of PSS and configurations of plant and structures for meeting regulatory requirements for vital areas, and as such they are not further discussed in the following design requirements for PSS that have been incorporated as part of the APR1400 standard design.
13.6.4.4(a) Intrusion Detection and Assessment The applicant described the security computer systems for processing intrusion detection input signals from detectors to generate alarm indications of intrusion. The intrusion and assessment equipment operate on a dedicated network that is redundant and independent from other network systems. TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-E153-020 (Page D-3), shows that systems are independent to each other and receive alarm input from detectors that transmit to both systems. The independent systems receive, process, and display the same information and a system malfunction in one does not prevent the other to continue functioning for intrusion detection. The design requires that the system circuits are supervised and tamper indicating for continuous monitoring of integrity. The systems provide interface with the remote components and devices. The applicant indicated that the design of intrusion detection system sensors will be addressed by the COL applicant.
The APR1400 standard provides for the design and requirements for the PSS and configurations for alarm system infrastructure central processing units for processing alarm and video data from field installed intrusion detectors and assessment video cameras.
TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-E-153-030 (Page D-4) provides the functional diagram for the design of the overall security network system, showing the configuration of the network and how the infrastructure will accommodate security devices and data/video input that will be addressed by the COL applicant to complete the design of an integrated security intrusion detection and assessment system.
In TeR APR1400-E-A-NR-14002-P-SGI, Sections 4.5, Alarm Stations Equivalency and Redundancy, the design descriptions also address the PSS for video CCTV system monitoring capabilities for security assessment functions. The design for the CCTV system (i.e.,
infrastructure of the system) provides means to visually monitor and surveillance the PA perimeter, the isolation zones, the plant areas exterior of buildings within the PA, and access control locations. Drawing No. 1-300-E153-020 (Page D-3) provides the design functional diagram for the CCTV system and interfaces with the intrusion detection assessment and access control system for assessment needed for security responses.
In TeR APR1400-E-A-NR-14002-P-SGI, Section 4.16, Isolation Zone, the applicant addressed the design of security assessment system (CCTV) which will cover the isolation zones. The APR1400 standard design provides monitoring and control of the CCTV system and the transmission of video images and information to both the CAS and SAS. The design includes CCTV servers, digital video recording system, CCTV display and control station, and capabilities to connect to field devises to the CCTV network for assessment. The applicants design descriptions establish monitors for automatically displaying the scenes of alarms. The digital video recording system automatically records the scenes and provides capabilities for monitoring and recording multiple alarm sectors. The cameras remotely zoom, focus, and auto-iris function with pan and tilt functions as needed. Captured video can be played back for the operator to assess what the images are revealing concerning adversaries. The system will record pre-alarm and post-alarm video and display it along with live video so that the operator will have captured video to facilitate assessment of the alarm.
13-50
The APR1400 standard design provides the infrastructure computer systems necessary for processing the data and video coming from these components. TeR APR1400-E-A-NR-14002-P-SGI, Section 5.3, describes the computer systems supporting the security assessment system and its interfaces with the intrusion detection systems and redundant capabilities for assessment functions at the CAS and SAS. In TeR APR1400-E-A-NR-14002-P-SGI, Section 4.17, Intrusion Detection and Assessment Systems, the applicant indicated that intrusion detection and assessment components at the PA will be provided by the COL applicant.
13.6.4.4(b) Access Control In TeR APR1400-E-A-NR-14002-P-SGI, Drawing No.1-300-E-153-010 (Page D-2), the applicant showed the design for the access control system and sub-systems interfaces with the security alarm computers. The access switches and control units are included in the APR1400 standard design. The main system components that are part of the APR1400 standard plant and interfaces with the subsystem components for access controls are site-specific information provided by the COL applicant.
TeR APR1400-E-A-NR-14002-P-SGI, Section 4.5, Alarm Station Equivalency and Redundancy, describes design requirements for the access control systems that will be capable of a rapid reload of up-to-date access control data and access control program. The system will allow command and control functions from the CAS/SAS control console. The Controller provides remote collection, distribution, and transmission of data. The computer will interface and poll the remote controllers on a cycle time. The Controller will be installed to provide an alternate signaling path between any controller and the computer. Security control and monitoring consoles will be provided with standard operator keyboard functions to control the security system equipment, for calling out data display, and for altering the status, level of access, and time of access for individual key cards. Positive feedback indications of the execution of commands will be provided at the monitor and printer in the CAS and SAS.
13.6.4.4(c) Security Communication Systems DCD Tier 2, Section 13.6, Physical Security, references DCD Tier 2, Chapter 9, Auxiliary Systems, Section 9.5.2, Communication Systems, for descriptions of security communications. In DCD Tier 2 Sub-Sections 9.5.2.2.2.1, Commercial Telephone, and 9.5.2.2.2.2, Local Law Enforcement Communications, the applicant described the plant communication system for security communication functions. The design provides a dedicated, diverse, and independent telephone system for communications from and to various locations for security command, control, and responses. The dedicated security telephone system is isolated from outside the plant and is redundant and diverse from the plant telephone communication system. TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-D153-060 shows the design functional diagram for the design of the security telephone system.
Tier 2, DCD, Section 9.5.2.2.1.8, Wireless Communications System, and Section 9.5.2.2.2.3, Emergency Telephone System, describes dedicated security radio (wireless) communication system at each alarm station and plant security personnel for portable communications with plant security personnel.
TeR APR1400-E-A-NR-14002-P-SGI, Design Drawing No. 1-300-D153-060 (Page D-7) provides the design functional diagram for systems and components (e.g., transmitters, receivers, antenna network, repeaters, amplifiers and switching controllers, and other components that are standard for radio communications system) that is a part of the standard plant design 13-51
accommodating security wireless communication. The APR1400 standard design includes multiple communication systems to provide redundancies, diversity, and independence for reliable communications for the capabilities to initiate and maintain command and control of security onsite responses (e.g.,
between CAS, SAS, MCR, fixed posts, mobile patrols) and the initiation and coordination of assistance from offsite local law enforcement agencies (LLEAs).
The standard design provides communications with offsite law enforcement that relies on the plant conventional telephone system or the security telephone system and through a law enforcement base station. The applicant indicated that the radio frequencies, the base station units, mobile units, and the portable units are site specific design information to be addressed by the COL applicant.
In TeR APR1400-E-A-NR-14002-P-SGI, Sections 5.1, Communications, the applicant described the design for maintaining continuous communications capabilities for onsite and offsite resources, maintaining command and control during normal and emergency situations, communications at alarm stations to call for assistance and communication with on-site security force personnel for responses. Two-way communication for security response is provided by the plant dedicated security telephone and radio systems described above for continuity of security communications. The design provides alternative means that do not rely on wireless telephone communications from the alarm stations for the capability to maintain command and control to direct security officers even when radio is unavailable.
The secondary power supply for security communications consists of an UPS and then a continuous generator source. The secondary power supply is located in a vital area in accordance with regulatory requirements. In TeR APR1400-E-A-NR-14002-P-SGI, Section 5.1, the applicant provided additional details for the design that include primary and secondary power supply, which is a part of the APR1400 standard plant. The diversity and redundancy of the security communications address malevolent acts to interrupt security communications and provide security communications needed for command and control in responding to threats.
13.6.4.4(d) Alarm Stations The CAS and SAS are designated as vital areas as required by 10 CFR 73.55(e)(9). The applicant described the design for the CAS and SAS in TeR APR1400-E-A-NR-14002-P-SGI, Section 4.2, Definition of Alarm Station and Secondary Power Supplies as Vital. TeR APR1400-E-A-NR-14002-P-SGI, Drawing Nos. 1-271-A116-200 and 1-271-A116-300 (Pages D-9 and D-10) provide locations and configurations, along with details for doors, frame, and hardware, for design of the CAS and SAS. The CAS and SAS are locked and controlled to limit access. The CAS and SAS contain the equipment necessary for detection and assessment of intrusion alarms, controls and monitoring of access control points, command and control for security responses, summoning off-site assistance. The design of alarm stations includes spatial separation and system redundancy to provide protection against a single act that could lead to loss of security functions of both the CAS and SAS. The CAS and SAS are provided with the equivalent level of physical protection by placement in separate hardened structures and designed to provide required equivalent performance and redundant security functions.
The CAS and SAS enclosure is designed to meet bullet resistance are to a specific Underwriter Laboratories (UL) standard, and the required minimum thicknesses for construction material are as specified in TeR APR1400-E-A-NR-14002-P-SGI Section 4.3, Bullet-Resistance of the CAS, SAS, and Last Access Control Location (Voluntary Element 3). The CAS and SAS are located as described in TeR APR1400-E-A-NR-14002-P-SGI, Section 3.1, Vital Areas and Equipment 13-52
(Element 1). The design configuration, location of the CAS and SAS, is such that the interior of the SAS cannot be observed from the PA perimeter, in accordance with the requirement of 10 CFR 73.55(4)(ii).
The CAS and SAS are protected from blast effects of the design-basis threat vehicle bombs, as described in TeR APR1400-E-A-NR-14002-P-SGI, Sections 4.4, Single Act Requirements.
The applicant applied the method found in NUREG/CR 6190, Update to NUREG/CR-6190 to Reflect Revised Design Basis Threat, Section 2.6, Maximum Considered Standoff Distance for VAB, to establish the minimum safe standoff distances for the APR1400 nuclear island and structures. TeR APR1400-E-A-NR-14002-P-SGI, Appendix C, Site Layout Diagram, shows the minimum safe standoff distance for the installation of a vehicle barrier system that will protect the APR1400 nuclear island and structures, including the CAS and SAS and other vital areas, against the explosive effects of the DBT vehicle borne explosives. The distance between alarm stations and the distance for minimum safe standoff distance provide assurance that a single event initiated outside the PA from cannot damage both alarm stations.
The physical barriers for the vehicle barrier system (VBS), the vehicle portals, and the PA portals that are operated and monitored by the alarm stations are COL applicant provided information and are not part of the certification of the APR1400 standard plant. TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-E153-040, Typical equipment layout plan for CAS and SAS, (Page D-5) shows the layout of the alarm stations with the walls, door, console, CCTV racks, detection rack, broadcasting racks, access control system racks, communication system rack, and other features for the design. The TeR APR1400-E-A-NR-14002-P-SGI describes the design configurations for the areas within structures that are the locations of the CAS and the SAS. The plan views indicate the access control to the areas containing the alarm stations, the bullet resistance of the walls, floors, doors, and ceilings of the stations, and the layout of equipment in the alarm station for performing security functions. The primary and secondary power supplies are shown on diagrams along with security lighting and communications that are part of the APR1400 standard plant.
13.6.4.4(e) Security Lighting Systems DCD Tier 2, Section 13.6, Physical Security, refers to Subsection 9.5.3.2, System Descriptions, of the APR1400 plant lighting systems for security lighting. The plant normal and emergency lighting are credited for the illumination needed to perform security functions.
DCD Tier 2 Subsection 9.5.3.2.c, Security lighting system, states that [t]he plant general lighting system is being utilized for the security lighting in all indoor areas which requires security lighting. A minimum illumination level of 0.2 foot-candle is provided and measured horizontally at ground level in appropriate exterior areas within the protected areas. The security lighting is powered from offsite and backed up by the AAC [Alternate AC] sources upon loss of offsite power. The COL applicant is to provide security lighting for the protected area barrier and isolation zones and normal offsite power for all the exterior lighting systems (COL 9.5(11)). Table 1.8-2 identifies COL Item 9.5(11). RAI 428-8412, Question 13.06-8 is identified to confirm revisions to DCD Tier 2, Subsection 9.5.3.2 and Table 1.8-2 to describe security lighting and COL Item 9.5(11), respectively, that the staff found acceptable in the applicants response (ML16125A540). Revision 1 to APR1400 DCD Tier 2, Section 9.5.3.2(c), Security lighting system, incorporates the design descriptions, as stated above, for security lighting within structures and plant areas and includes a reference to site specific information as COL Item 9.5(11). Tier 2, Section 1, Table 1.8-2, identifies COL Item 9.5(11) for the COL applicant to 13-53
provide security lighting for the PA, isolation zone, and normal offsite power for all external security lighting systems. Therefore, RAI 428-8412, Question 13.06-8 is resolved and closed.
DCD Tier 2 Subsection 9.5.3.2 describes the plant general lighting system which provides illumination of all indoor areas which require security lighting. Normal lighting, emergency ac lighting, and security lighting systems are powered by the 480 VAC buses through dry type 480-208/120 V transformers. The lighting system power is distributed to each lighting fixture through lighting distribution panels. The normal power for security lighting is supplied from offsite power.
If there is a LOOP, then the AAC will pick up the security lighting load. The security lighting is powered from offsite and backed up by the AAC source upon loss of offsite power. DCD Tier 2, Section 9.5.3.2, indicates that self-contained battery lighting provides not less than an average of 1 foot-candle and at least 0.1 foot candle at the floor level for 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> for access and egress.
The normal and minimum emergency illumination level for security alarm stations are 75 foot-candle and 10 foot-candles, respectively.
The applicant indicated that the Emergency ac lighting provides more than 10 foot-candles of illumination at the above designated areas; emergency dc lighting powered from the station batteries provides more than 10 foot-candles of illumination and self-contained battery lighting provides more than 0.1 foot-candle of illumination at the areas where emergency ac lighting is provided. Backup power for the emergency AC lighting is described in Subsection 9.5.3.2, and consists of a Class 1E emergency diesel generator. If there is a station blackout, the AAC gas turbine generator provides backup for the loss of offsite power. The illumination for security functions in the exterior areas of the PA will be backed up by the AAC source upon loss of offsite power. A minimum illumination level of 0.2 foot-candles is provided and measured horizontally at ground level in appropriate exterior areas within the protected area.
DCD Tier 2, Section 13.6.2.5, Illumination Systems, states that: The illumination of the isolation zones is designed and provided by the COL applicant. The illumination of the exterior areas outside the isolation zones within the protected area is provided as part of the standard APR1400 design and is 0.2 foot candles measured horizontally or, alternatively, sufficient to permit observation of abnormal presence or activity of persons or vehicles. The lighting within structures that are part of the APR1400 standard plant is sufficient to allow security response actions and other emergency response activities within the structures. RAI 428-8412, Question 13.06-10 was issued to request the applicant to provide more non-SGI information to Section 13.6.2 to describe design descriptions for illumination and PPS, supporting physical security hardware described in DCD Tier 1. The staff found the response KHNP submitted acceptable (ML16125A540). Revision 1 to APR1400 DCD Tier 2, Section 13.6.2, incorporates the design descriptions for physical security structures, systems, and components within the standard design. Therefore, RAI 428-8412, Question 13.06-10 is resolved and closed.
In TeR APR1400-E-A-NR-14002-P-SGI, Section 5.2, Lighting, the applicant established the design requirement for providing a minimum illumination level of 0.2 foot-candle (2.152 lux) measured horizontal at ground level outside the isolation zone and appropriate exterior area within the protected areas. The applicant indicated that the design will be based on providing sufficient security power for an average external lighting level of 1 foot-candle (10.76 lux) to assure that a 0.2 foot-candle (2.152 lux) lighting level may be maintained in all areas requiring lighting for detection, assessment, and response. TeR APR1400 E-A-NR-14002-P-SGI, Drawing No. 1-300-E153- 050 (Page D-6) shows a line diagram for the design of lighting and the security power supply systems for the APR1400 standard plant.
13-54
The applicant indicated in Table 1.8-2 COL Item 9.5(11)), which establishes that [t]he COL applicant is to provide security lighting for the protected area barrier and isolation zones and normal electrical power for all the exterior security lighting systems.
13.6.4.4(f) Security Power Systems The secondary power supply will be from multiple sources as specified in DCD Tier 2, Chapter 8, Electric Power, and capable of supplying power for at least 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> at the specified design load of PPS. TeR APR1400-E-A-NR-14002-P-SGI, Drawing No. 1-300-E153-050 (page D-6) shows the single line diagram for the design of the security power supply systems. Critical security functions are powered by divisional uninterruptible power supplies to ensure continuity of functions during transfer from loss of normal power to diesel backup power.
The location for secondary power supply for security PSS is shown in Drawings No. 1-271-A116-200 (Page D-9) and provides the required backup power for the alarm station functions.
The design of the intrusion alarm systems includes redundant power supply, where plant normal power is lost to both alarm stations then the secondary power supply will provide power to continue the alarm annunciation functions. The UPS will maintain alarm station functions for a duration as indicated in TeR APR1400-E-A-NR-14002-P-SGI, Section 4.18, Backup Power for Intrusion Detection and Assessment. The single point failure cannot result from an act performed by the DBT adversaries at the PA to effect both alarm station functions. The power systems for the CAS and SAS are designed as equal and redundant divisions with reliable and separated power sources to prevent a single act from disabling critical functions.
The staff finds the following:
The applicant has adequately described the design bases for intrusion detection and assessment systems for meeting the requirements of 10 CFR 73.55(i)(1).
These systems provide the capabilities for intrusion detection and assessment unauthorized access to the nuclear island and structures that are designated as vital areas for the APR1400 standard design. In addition to meeting the prescriptive requirements of (10 CFR 73.55(i)(1), the design addresses the critical PSS capabilities for intrusion detection and assessment needed for design of a PPS meeting the performance requirement of 10 CFR 73.55(b).
The applicants design for intrusion detection and assessment included the application of technology that complies with the requirements of 10 CFR 73.55(i)(2) that an intrusion detection equipment must annunciate and video assessment equipment shall display concurrently, in at least two continuously staffed onsite alarm stations, at least one of which must be protected in accordance with the requirements applicable to the CAS.
The applicant has adequately described, within the scope of the design certification, the design for meeting requirements of 10 CFR 73.55(i)(3), by providing intrusion detection and assessment systems that are designed to provide visual and audible annunciation of the alarm; ensure that annunciation of an alarm indicates the type and location of the alarm; ensure that alarm devices, to include transmission lines to annunciators, are tamper indicating and self-checking; provide an automatic indication when the alarm system or a component of the alarm system fails, or when the system is operating on the backup power supply; support the initiation of a timely alarm for security 13-55
responses; and ensure intrusion detection and assessment equipment remains operable from an uninterruptible power supply in the event of the loss of normal power.
The applicant has adequately described the design for PSS for meeting the requirements of 10 CFR 73.55(e)(9)(ii) for protecting vital area access points and vital area emergency exits with intrusion detection equipment and locking devices that allow rapid egress during an emergency and satisfy the vital area entry control requirements of 10 CFR 73.55(e)(9) for locked and alarmed openings.
The applicant has adequately described the design for PSS that will be relied on to implement access controls. The applicants design satisfies the requirements of 10 CFR 73.55(g), Access controls, as it is applied to the access to the vital areas of the APR1400 standard design. The proposed design includes provisions for meeting the access control functions of 10 CFR 73.55(g)(1) at the vital area barrier to control personnel by locating access control portals outside of the physical barrier system through which it controls access, and equips openings with delay barriers with locking and intrusion detection devices to protect against unauthorized access.
The applicant has adequately described the design of plant systems and PSS for meeting communication requirements in 10 CFR 73.55(j), Communications requirements. The design of the communications addresses capabilities for establishing and maintaining continuous communication capability with onsite and offsite resources to ensure effective command and control during both normal and emergency situations, capabilities for all on-duty physical security personnel to maintain continuous communication with an individual in each alarm station, and continuous communication capabilities to terminate in both alarm stations. The applicant also adequately addressed prescriptive requirements for providing radio or microwave transmitted two-way voice communication, either directly or through an intermediary, in addition to conventional telephone service between local law enforcement authorities and the site, and a system for communication with the control room. Secondary power through uninterruptable power supply and continuous generator source are included in the PSS design for assurance that non-portable communications equipment must remain operable from independent power sources in the event of the loss of normal power.
The applicant proposed design and configuration of the CAS and SAS satisfies the requirements of 10 CFR 73.55(i)(4) that both alarm stations must be designed and equipped to ensure that a single act cannot disable both alarm stations. The applicant has adequately addressed by design the regulatory requirement for the survivability of at least one alarm station to maintain the ability to perform the functions of detection, assessment, and capabilities to initiate and coordinate alarm response, request offsite assistance, and provide command and control.
The applicants standard design for the location of the CAS and SAS meets the requirements of 10 CFR 73.55(4)(ii) that it is within a protected are, the interior of the central alarm station must not be visible from the perimeter of the protected 13-56
area, it has the capability to allow for assessing and initiating responses to all alarms, it provides assurance that an alarm station operator cannot change the status of a detection point or deactivate a locking or access control device without the knowledge and concurrence of the alarm station operator in the other alarm station, and it provides inter-connection of both alarm stations for knowledge of final disposition of all alarms.
The applicant has adequately described design of the CAS and SAS that meet requirements of 10 CFR 73.55(i), Detection and Assessment Systems, that the construction, location, protection, and equipment of both the central and secondary alarm stations be equal and redundant, such that all security functions needed to satisfy the requirements of 10 CFR 73.55(i) can be performed in both alarm stations.
The applicant has adequately described the design for meeting 10 CFR 73.55(i)(6), Illumination, that requires all areas of the facility are provided with illumination necessary to satisfy the design requirements of 10 CFR 73.55(b), General Performance Objectives and Requirements, and implement the protective strategy. The minimum design lighting density in accordance with 10 CFR 73.55(i)(6)(ii) required illumination level of 0.2 foot-candles (2.15 lux) in the exterior areas within the protected area will be met by the applicants design. The applicant has also established the design bases for crediting plant normal and emergency lighting within the nuclear island and structures for providing illumination for security functions.
The applicant has adequately described the design for the secondary power supply, including the uninterruptable power supply source, for complying with requirements of 10 CFR 73.55(e)(9)(vi)(A) for the continuity of PSS to perform their intended functions for detection, assessment, communications, and access control. The design provides for a secondary power supply capable of providing power for at least 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> at the design load of PSS.
13.6.4.5 Design for Physical Barriers 13.6.4.5(a) Bullet Resistant Barriers In TeR APR1400-E-A-NR-14002-P-SGI, Section 3.3, Bullet-Resistance of the Main Control Room (Element 3), Section 3.4, Vital Area Physical Barriers (Architectural Features)(Element 4), Section 3.5, Vital Area Physical Barriers (Penetration Features)(Element 5), and Section 4.3, Bullet-Resistant of the CAS SAS, and Last Access Control Location, the applicant provided descriptions for minimum construction and standards for walls, floors, and ceiling for the MCR, CAS, SAS, and Secondary Power Supply Room, and exterior and interior boundaries of buildings that have been designated as physical barriers enclosing vital areas. The applicant included the design for protecting openings and penetrations through the vital area barriers, as previously discussed in this safety evaluation.
The applicant indicated that the thickness of reinforced concrete for bullet resisting is based on guidance from Resistance of Exterior Walls to High Velocity Projectiles prepared by the Canadian Masonry Research Institute, to determine minimum thickness needed to meet UL 752 standard, and establish a conservative thickness of reinforced concrete. The structure design for walls, floors, and ceilings consists of varying thickness in reinforced concrete construction to 13-57
exceed the minimum thickness required for structures, walls, and locations of doors needed to meet bullet resistant requirements. The walls, floors, and ceilings of the alarm stations are a minimum thickness, beyond that chosen as a baseline minimum required for bullet resisting, and the as-built would provide additional design margin in the construction of the physical barriers.
The buildings housing the two alarm stations are designated as vital areas and will be constructed and installed with access controls and protection of openings and penetrations to meet vital area and bullet resistance requirements. The areas containing the alarm stations will also be designated as vital areas and will meet the appropriate vital area requirements. The applicant indicated that the design of Last Access Control Location (LACL) will be specified by the COL applicant, and the site-specific information will include the construction requirements for bullet resisting physical barriers.
The applicant indicated that the main control room, central and secondary alarm stations walls, floors, ceilings, doors, and windows are designed and constructed to meet a minimum bullet resistance to a UL Level as shown on Drawing No. 1-271-A116-200 (Page D-9) and Drawing No. 1-271-A116-300 (Page D-10). Drawing No. 1-271-A116-400 (Page D-11) shows the design for protecting penetrations through physical barriers for vital areas. Section 4.3 of TeR APR1400-E-A-NR-14002-P-SGI establishes the design requirement for construction of doors for bullet-resistance to a minimum standard of UL 752.
In TeR APR1400-E-A-NR-14002-P-SGI, Section 3.3, the applicant indicated that the walls, floors, and ceilings of the MCR have a minimum thickness of reinforced concrete that is credited to meet the physical protection requirement for a bullet resistant barrier. The thickness of concrete exceeds the bullet-resistance requirements of UL 752 standard. Any doors on the MCR boundary will be bullet-resisting to the minimum of UL752 standard. The physical barriers are designed without windows in the walls or doors leading into the MCR. The HVAC penetrations will use plates, baffles, bends, or other physical features to prevent straight shots into the room.
13.6.4.5(b) Vital Area Doors The applicant indicated that most of the doors will be hollow core steel doors that are UL fire rated for 2 or 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br />. Some of the doors will be blast doors and will be steel doors with internal bracing and materials that are designed for the blast overpressures created by aircraft impact or explosions. TeR APR1400-E-A-NR-14002-P-SGI, Section 3.7, Control of Unoccupied Vital Area (Element 7), describes design of doors with card reader access, lock, and alarm. The typical vital area access control doors and design configuration are shown in figures in TeR APR1400-E-A-NR-14002-P-SGI, Appendix D (Page D-12) for the installation of intrusion detection, access control, locking, and other design features for securing vital areas. To provide delay and access control, exterior doors are equivalent to the delay credited to the structure walls. The remaining exterior doors will be hardened to provide substantial resistance to penetrations with delay as stated in TeR APR1400-E-A-NR-14002-P-SGI.
TeR APR1400-E-A-NR-14002-P-SGI, Section 3.6, the design descriptions address requirements to provide exit devices on vital areas egress doors that require emergency egress capability. These devices and their operation are described in this section. Utility penetrations, such as HVAC ducts and other piping, will be equipped with installed barriers that allow air flow but do not allow the passage of a person. Usually the barrier will be constructed of steel bars or heavy duty steel grating.
13-58
13.6.4.5(c) Vehicle Barrier System The construction and installation of the vehicle barrier system is site-specific information that will be addressed by the COL applicant. However, in TeR APR1400-E-A-NR-14002-P-SGI, Section 4.4, Single Act Requirement, and Appendix C, Site Layout Diagram, the applicant established and shows the bounding minimum safe standoff distance for protecting the APR1400 nuclear island and structures, including the CAS and SAS, from the maximum DBT vehicle borne explosive. The figure in Appendix C shows the acceptable location for the construction and installation of a continuous vehicle barrier system (VBS) that meets or exceeds required bounding minimum safe stand-off distance.
TeR APR1400-E-A-NR-14002-P-SGI, Section 4.4 indicates that the VBS must be located at least the bounding minimum safe standoff distance from the nearest external surface of any vital areas. The distance required is based on NUREG-6190, Subsections 2.6.1 and 2.6.2 and the required minimum safe standoff distance exceeds that indicated in Section 2.6.2, which provides guidance on conservative design basis for establishing the bounding minimum safe standoff distance, and applied to a site layout to indicate that minimum distance can be met or exceeded. The distance at the VBS that is equal distance between both alarm stations was evaluated and determined to be adequate to allow survival of both the alarm stations from the DBT land (and a water) borne vehicle explosive threats.
The staff finds the following:
The applicant has adequately described the design bases for the physical barriers of the nuclear island and structures that are within the scope of the APR1400 standard design. The applicant has met, in part, 10 CFR 73.55(e),
Physical Barriers, that requires that each licensee shall identify site-specific conditions to determine the specific use, type, function, and placement of physical barriers. A COL applicant referencing the APR1400 design will identify site-specific conditions and describe the integrations and design of additional physical barrier for security responses.
The applicant has adequately described the design of physical barriers to control access to the vital areas within the scope of the design certification and satisfied the requirements of 10 CFR 73.55(e)(1). The design provided for the control and delay of access necessary to facilitate the implementation of security responses to protect against the DBT.
The applicant description of the design bases for physical barriers, as detailed in TeR APR1400-E-A-NR-14002-P-SGI adequately addresses the requirements of 10 CFR 73.55(e)(4) by providing the design of physical barrier systems that secure openings or penetrations into the structural boundaries of the nuclear island and structures.
The applicant has adequately described the design for the MCR, CAS, and SAS for meeting the requirements of 10 CFR 73.55(e)(5), Bullet Resisting Physical Barriers. The design provided for protecting the MCR, CAS, and SAS with a bullet-resistant enclosure by crediting structural elements of the APR1400 standard design and providing provisions of hardened doors and engineered system for protecting openings and penetrations of the bullet-resistant enclosure.
The design of the last access control to the protected area, required by 13-59
10 CFR 73.55(e), Physical Barriers, is outside the scope of the design certification and is to be addressed as site-specific.
The applicant has adequately described the design bases for physical barriers of the nuclear island and structures that have been designated as vital areas to address one of two barriers in accordance with the requirements of 10 CFR 73.55(e)(9)(i), which requires that the access to vital equipment requires passages through at least two physical barriers.
The applicant has adequately met the prescriptive requirements in the 10 CFR 73.2, definition for Physical Barrier, by providing design of PSS and/or credit of building structural systems that satisfy the requirements for building walls, ceilings, and floors to be constructed of brick, cinder block, concrete, steel, or comparable material (openings in which are secured by grates, doors, or covers of construction and fastening with sufficient strength such that the integrity of the wall is not lessened by any opening). The staff determined that 10 CFR 73.2 prescriptive requirements for physical barriers related to site-specific design for fence construction is not applicable to physical barrier systems described for the nuclear island and structures and plant areas that are within the scope of the design certification. The requirements for site-specific barriers must be addressed and satisfied by a COL applicant.
The applicant has adequately assessed and documented required minimum safe standoff distances for the APR1400 nuclear island and structures based on a maximum quantity of explosives associated with the adversarial characteristics of DBT. The applicant adequately established the design basis for a location of the VBS that would be sufficient to protect safety-related SSCs or loss of spent fuel pool cooling against the DBT vehicle borne explosive threats.
13.6.4.6 Design Features to Facilitate Security Response The applicant did not include design of PSS, such as hardened defensive fight positions that facilitate security in the scope of the APR1400 standard design. Other than the PSS that had been described previously, the design for the locations and how fighting positions (blast and/or bullet resistance, firing ports, material construction, fully or partially enclosed to protect of security personnel to attack, person or only body of mass, blast protection, environmental controls and protection, lighting, communications, etc.) and other features (i.e., delay, protection against hand thrown explosives, etc.) for security responses to interdict or neutralize the DBT threat is site-specific information, and are addressed by the COL applicant to meet the requirements of 10 CFR Part 73 for an operating license.
Combined License Information Items The staff reviewed the applicants descriptions and commitments for the COL items that are to be addressed by a COL applicant if the design is certified. The applicant provided three COL items in Revision 0 of the DCD, Tier 2, Section 13.6.7, Combined License Information, and in Table 1.8-2. In RAI 428-8412, Question 13.06-10 (ML16062A458), the staff requested additional information related to Section 13.6 (see Section 13.6.2 of this report). In its response to RAI 428-8412, Question 13.06-10 (ML16125A540), the applicant provided the Section 13.6.2 information requested by the RAI. Also in its response, the applicant removed the three COL items as unnecessary. The applicant noted the information that the COL items identified to be 13-60
provided, are required by regulations in 10 CFR 52.79 and Part 73. The COL items are duplicative, and the information provided for the COL items would necessarily be SGI information, inaccessible by the public. The staff verified that all references to the three COL items have been correctly removed from the DCD (including the deletion of DCD Section 13.6.7), and that the proposed additional information correctly added to Revision 1 and subsequent revisions of the DCD. As stated previously, the staff found the RAI response acceptable. Therefore, RAI 428-8412, Question 13.06-10 is resolved and closed.
The applicant identified the following site-specific information, in TeR APR1400-E-A-NR-14002-P-SGI, for the design and configuration of the PSS that will be addressed by the COL applicant that references the APR1400 standard design:
- Vital area and equipment not within the scope of standard design (TeR Section 4.1)
- Last access control location (Section 4.3)
- Vital areas physical barriers not within the standard design scope (Section 4.6)
- Protection of penetration openings not in the standard design scope (Section 4.10)
- Vital area portal egress not within the standard design scope (Section 4.10)
- Control of unoccupied vital area not within standard design scope (Section 4.11)
- Protected area barrier description (Section 4.13)
- Protection of penetration through the PA (Section 4.14)
- Protection of unattended openings (Section 4.15)
- Video, dimensions, and layout of the isolation zone (Section 4.16)
- Intrusion detection and assessment components at the PA (Section 4.17)
- PA perimeter lighting (Section 4.17)
- Security fighting positions (Section 4.19)
The staff concludes that the applicant has adequately identified and described site-specific information required to complete the design of a PPS that is not within the scope of the design certification. The applicant has adequately justified and determined the appropriate demarcation of site-specific design required of a COL applicant.
In addition to information that has already been captured in DCD Tier 2, 10 CFR Part 50 or Part 52 requirements require the COL applicant that references a certified design to develop a physical security plan, training and qualification plan, and safeguards contingency plan. Also, 10 CFR Part 73 requires the COL applicant to develop an access authorization program (10 CFR 73.56), and develop a cyber-security plan and implementation program (10 CFR 73.54).
Revision 1 to APR1400 DCD Tier 2, Section 13.6.2, incorporates the design descriptions design of physical security systems in the scope of the design and describe the site-specific information that would be addressed by a COL applicant that references the APR1400 certified design and deleted duplicating information (i.e., found in Section 13.6.7). Therefore, RAI 428-8412, Question 13.06-10 is resolved and closed.
Conclusion As described above, and with the exception of the identified confirmatory action items, the staff concludes that the applicant has considered and provided PSS in the standard APR1400 design, within the scope of the design certification, to facilitate the implementation of a physical protection program to protect against potential acts of radiological sabotage. The APR1400 proposed standard design has adequately described the plant layout for enhancing physical protection and identified vital equipment and areas for meeting, in part, specified requirements 13-61
of 10 CFR 73.55. The technical bases, including assumptions, are adequately described and provide support of ITAAC for PSS.
The applicants proposed design of PSS, including locations and configurations, is adequate to address the nuclear island and structures within the scope of the design certification with adequate details of technical or design basis to allow for detailed design and inspection verification of construction and installation (ITAAC verification) in accordance with requirements of 10 CFR Part 52. This conclusion is limited to the adequacy of applicant descriptions of the design of the PSS that are relied on to implement security response functions (i.e., detection, assessment, communications, delays, and neutralization) within the scope of the design certification. The high assurance of adequate protection against the DBT and compliance with programmatic requirements (including administrative controls such as people and procedures) of the NRC regulation for physical protection are to be addressed by a COL applicant that is seeking a combined license to construct and operate a nuclear power plant. The staff concludes that the design of the PSS within the scope of the APR1400 standard design certification is acceptable and is in accordance with the applicable requirements of 10 CFR Part 73.
Fitness for Duty Part 26 of 10 CFR, Fitness for Duty Programs, prescribes requirements and standards for the establishment, implementation, and maintenance of fitness-for-duty (FFD) programs (Reference 73, FR 17176, March 31, 2008). Section 26.3 of 10 CFR states, in part, that holders of a COL under 10 CFR Part 52 shall implement the FFD program before the receipt of special nuclear material in the form of fuel assemblies. Whether the COL holder is constructing the plant, has received special nuclear material onsite, or is operating the plant will determine the FFD requirements that it must implement. In addition, an applicant for a COL who has been issued a limited work authorization (LWA) under 10 CFR 50.10(e) must implement an FFD program if the LWA authorizes the applicant to install the foundations for safety- and security-related SSCs. Pursuant to 10 CFR 52.79(a)(44), COL applications must contain: [a]
description of the fitness-for-duty program required by 10 CFR Part 26 and its implementation.
DCD Tier 2, Table 1.8-2, for the APR1400 design certification contains COL items, which the applicant has deferred to the COL applicant to address in its application.
Table 1.8-2, APR1400 Combined License Information Items FSAR Tier 2 Item No. Description Section 13.7(1) The COL applicant is to develop the description of the 13.7 fitness-for-duty programs during construction and for the operating plant.
DCD Tier 2, Section 13.7.1, Combined License Information, restates the COL item and descriptions from DCD Tier 2, Table 1.8-2. The staff agrees that the FFD program is the COL applicants responsibility. The staff finds that COL Item 13.7(1) adequately describes actions necessary for the COL applicant or holder to address the regulatory requirements for fitness for duty program, and no additional COL items need to be included in DCD Tier 2, Table 1.8-2, for fitness-for-duty consideration.
13-62