Text

Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating
	ML18281A010
Person / Time
Site:	Catawba
Issue date:	10/08/2018
From:	Capps S; Duke Energy Carolinas
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	RA-18-0094
	Download: ML18281A010 (141)
	v • d • e

Steven Capps

( ~ DUKE 526 S. Church Street ENERGY Charlotte, NC 28202 Mailing Address:

EC07H / P.O. Box 1006 Charlotte, NC 28202 980.373.1295 Steven.Capps@duke-energy.com Serial: RA-18-0094 10 CFR 50.90 October 8, 2018 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 CATAWBA NUCLEAR STATION, UNIT NOS. 1 AND 2 DOCKET NOS. 50-413 AND 50-414 RENEWED LICENSE NOS. NPF-35 AND NPF-52

SUBJECT:

SUPPLEMENT TO LICENSE AMENDMENT REQUEST PROPOSING CHANGES TO CATAWBA AND MCGUIRE TECHNICAL SPECIFICATION 3.8.1, AC SOURCES - OPERATING

REFERENCES:

1. Duke Energy letter, License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating, dated May 2, 2017 (ADAMS Accession No. ML17122A116).

2. Nuclear Regulatory Commission letter, McGuire Nuclear Station, Units 1 and 2 and Catawba Nuclear Station, Units 1 and 2 - Supplemental Information Needed for Acceptance of Requested Licensing Action RE: License Amendment Request Proposing Changes to Technical Specification 3.8.1, AC Sources - Operating (CAC Nos. MF9667 through MF9674), dated June 30, 2017 (ADAMS Accession No. ML17167A317).

3. Duke Energy letter, Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating, dated July 20, 2017 (ADAMS Accession No. ML17201Q132).

4. Nuclear Regulatory Commission letter, Catawba/McGuire - Acceptance of Requested Licensing Action Re: EDG AOT Extension/Shared Systems LAR (CACs MF9667 through MF9974), dated August 10, 2017 (ADAMS Accession No. ML17226A002).

5. Duke Energy letter, Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating, dated November 21, 2017 (ADAMS Accession No. ML17325A588).

U.S. Nuclear Regulatory Commission RA-18-0094 Page 2

6. Nuclear Regulatory Commission letter, Catawba/McGuire - Regulatory Audit to Support Commission Approval of Proposed Amendments for Changes to Technical Specifications 3.8.1, AC Sources - Operating and 3.7.8, Nuclear Service Water System (CAC Nos. MF9667, MF9668, MF9671, MF9672, MG0245, and MG0246),

dated May 2, 2017 (ADAMS Accession No. ML18117A187).

Ladies and Gentlemen:

By letter dated May 2, 2017 (Reference 1), Duke Energy Carolinas, LLC (Duke Energy) submitted a License Amendment Request (LAR) for Catawba Nuclear Station (CNS), Units 1 and 2 and McGuire Nuclear Station (MNS), Units 1 and 2. The proposed change would extend the Completion Time for an inoperable diesel generator in Technical Specification (TS) 3.8.1, AC Sources - Operating at both stations. The proposed change would also alter the AC power source operability requirements for the Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES) (i.e., shared systems).

By letter dated June 30, 2017 (Reference 2), the Nuclear Regulatory Commission (NRC) requested supplemental information from Duke Energy. By letter dated July 20, 2017 (Reference 3), Duke Energy provided responses to the supplemental information request. The NRC concluded that Duke Energy did provide technical information in sufficient detail to enable the NRC staff to complete its detailed technical review and make an independent assessment regarding the acceptability of the proposed amendment in terms of regulatory requirements and the protection of public health and safety and the environment by letter dated August 10, 2017 (Reference 4).

Subsequent to a public meeting on September 20, 2017 held between Duke Energy and the NRC staff to discuss the proposed change, Duke Energy provided a supplement to the LAR with revisions to the portion of the proposed change associated with AC power source operability requirements for shared systems (Reference 5). Specifically, two new Limiting Conditions for Operation (LCO) were proposed to be added to CNS and MNS TS 3.8.1. As a result of discussions between Duke Energy and the NRC staff during an audit (Reference 6) of the subject LAR for CNS and MNS, Duke Energy is further supplementing the LAR in the Enclosure to this letter to revise the proposed TS 3.8.1 LCOs and corresponding Conditions (CNS only) to adequately reflect the equipment required to be operable. provides revised TS markups for CNS to reflect the proposed change.

Attachments 2 and 3 provide CNS TS Bases pages marked up to reflect the proposed change (for information only). The TS Bases changes will be processed after LAR approval under the TS Bases Control Program for CNS. Attachment 4 provides additional CNS information from the NRC audit. Since one regulatory commitment is being added to support the proposed change, Attachment 5 provides the comprehensive list of regulatory commitments that are associated with the subject LAR.

The conclusions of the original Significant Hazards Consideration Determination and Environmental Considerations contained in the May 2, 2017 LAR (Reference 1) are unaffected as a result of this LAR supplement.

U.S. Nuclear Regulatory Commission RA-18-0094 Page 3 Should you have any questions concerning this letter, or require additional information, please contact Art Zaremba at 980-373-2062.

I declare under penalty of perjury that the foregoing is true and correct. Executed on Bc+/-oker- % I

2. o \~ .

Sincerely, JW~

Steven Capps Senior Vice President, Nuclear Operations S.C.

Enclosure:

License Amendment Request Supplemental Information Attachments:

1. Revised Catawba Technical Specification Marked Up Pages

2. Revised Catawba Technical Specification 3.8.1 Bases Marked Up Pages (For Information Only)

3. Revised Catawba Technical Specification 3.7.8 Bases Marked Up Pages (For Information Only)

4. Additional Information from NRC Audit

5. Regulatory Commitments

U.S. Nuclear Regulatory Commission RA-18-0094 Page 4 cc:

C. Haney, Region II Administrator U.S. Nuclear Regulatory Commission Marquis One Tower 245 Peachtree Center Avenue NE, Suite 1200 Atlanta, GA 30303-1257 M. Mahoney, Project Manager U.S. Nuclear Regulatory Commission 11555 Rockville Pike Mail Stop 8 G9A Rockville, MD 20852-2738 J.D. Austin NRC Senior Resident Inspector Catawba Nuclear Station L. Garner, Manager Radioactive & Infectious Waste Management Division of Waste Management SC Dept. of Health and Env. Control 2600 Bull St.

Columbia, SC 29201

U.S. Nuclear Regulatory Commission RA-18-0094 Page 5 bcc:

S.D. Capps M.C. Nolan A.H. Zaremba N.D. Edwards J.L. Vaughan R.I. Rishel ELL File: (Corporate)

T. Simril C.E. Curry L.A. Keller C. Bigham C.A. Fletcher A. Michalski NCMPA-1 PMPA NCEMC T. Lowery (For CNS Licensing/Nuclear Records)

CNS Master File 801.01 - CN04DM

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 1 of 21 Enclosure License Amendment Request Supplemental Information

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 2 of 21

1. DESCRIPTION OF THE PROPOSED CHANGE (REVISED)

The proposed change submitted May 2, 2017 (ADAMS Accession No. ML17122A116) and supplemented July 20, 2017 (ADAMS Accession No. ML17201Q132) and November 21, 2017 (ADAMS Accession No. ML17325A588) to modify Catawba (CNS) Technical Specification (TS) 3.8.1, AC Sources - Operating, is being revised in the following sections to reflect the sufficient amount of AC sources that are required to be operable at each station in order to mitigate a design basis accident (i.e., Loss of Coolant Accident on one unit and a dual-unit Loss of Offsite Power). The corresponding Conditions are also proposed to be revised for CNS. The changes that are presented in this Enclosure and that are also reflected in Attachments 1 and 2, supersede the requested CNS TS 3.8.1 changes from the November 21, 2017 License Amendment Request (LAR) supplement submittal entirely. The marked-up CNS TS 3.7.8 Bases, included in Attachment 3 of this Enclosure, also supersedes the CNS TS 3.7.8 Bases from the original proposed change submitted May 2, 2017 (ADAMS Accession No. ML17122A116). The remaining marked-up CNS TS Bases (AC Sources - Shutdown, Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS), and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES)) included in the May 2, 2017 submittal are still valid.

Note: The requirement for shared systems to have both an operable normal and emergency power supply in order to be considered operable is still proposed to be deleted from the CNS TS Bases.

1.1 Catawba Technical Specification 3.8.1 Change Request contains CNS TS 3.8.1 markups that reflect the proposed change and will be revised as follows:

A new LCO 3.8.1.c is added that states: The qualified circuit(s) between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES); and A new LCO 3.8.1.d is added that states: The DG(s) from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES; A Note is added to the APPLICABILITY that states: The opposite unit electrical power sources in LCO 3.8.1.c and LCO 3.8.1.d are not required to be OPERABLE when the associated shared systems are inoperable.

Condition A is revised to state: One LCO 3.8.1.a offsite circuit inoperable.

Required Action A.1 is revised to state: Perform SR 3.8.1.1 for required OPERABLE offsite circuit(s).

The Completion Time (CT) for existing RA A.3 is revised to state:

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 3 of 21 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months AND 17 days from discovery of failure to meet LCO 3.8.1.a or LCO 3.8.1.b Condition B is revised to state: One LCO 3.8.1.b DG inoperable.

A new RA B.1 with an AND connector and the associated CT are inserted as follows:

B.1 Verify both DGs on the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months opposite unit OPERABLE.

AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND The existing RA B.1 is renamed B.2 and is revised to state: Perform SR 3.8.1.1 for the required offsite circuit(s).

The existing RA B.2 is renamed B.3.

The existing RA B.3.1 is renamed B.4.1 and is revised to state: Determine OPERABLE DG(s) is not inoperable due to common cause failure.

The existing RA B.3.2 is renamed B.4.2 and is revised to state: Perform SR 3.8.1.2 for OPERABLE DG(s).

A new RA B.5 with an AND connector and associated CT are inserted as follows:

B.5 Ensure availability of Prior to entering the Emergency Supplemental extended Completion Power Source (ESPS). Time of ACTION B.6 AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 4 of 21 The existing RA B.4 is renamed B.6. The associated CT is revised to state:

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months from discovery of unavailable ESPS AND 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from discovery of unavailable ESPS when in extended Completion Time AND 14 days AND 17 days from discovery of failure to meet LCO 3.8.1.a or LCO 3.8.1.b New Condition C and associated RAs and CT are added as follows:

C. Required Action and C.1.1 Restore both DGs on the 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months associated Completion opposite unit to Time of Required Action OPERABLE status.

B.1 not met.

OR C.1.2 Restore LCO 3.8.1.b DG to OPERABLE status.

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 5 of 21 New Condition D and associated RAs and CTs are added as follows:

D. One LCO 3.8.1.c offsite -------------------NOTE------------------

circuit inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems Operating," when Condition D is entered with no AC power source to a train.

D.1 Perform SR 3.8.1.1 for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months required offsite circuit(s).

AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND D.2 Declare NSWS, CRAVS, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from CRACWS or ABFVES with discovery of no no offsite power available offsite power to one inoperable when the train concurrent with redundant NSWS, CRAVS, inoperability of CRACWS or ABFVES is redundant required inoperable. feature(s)

AND D.3 Declare NSWS, CRAVS, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CRACWS and ABFVES supported by the inoperable offsite circuit inoperable.

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 6 of 21 New Condition E and associated RAs and CTs are added as follows:

E. One LCO 3.8.1.d DG -------------------NOTE------------------

inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems Operating," when Condition E is entered with no AC power source to a train.

E.1 Verify both LCO 3.8.1.b 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months DGs OPERABLE, the opposite units DG AND OPERABLE and ESPS available. Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND E.2 Perform SR 3.8.1.1 for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months required offsite circuit(s).

AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND E.3 Declare NSWS, CRAVS, 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months from CRACWS or ABFVES discovery of supported by the Condition E inoperable DG inoperable concurrent with when the redundant inoperability of NSWS, CRAVS, CRACWS redundant required or ABFVES is inoperable. feature(s)

AND

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 7 of 21 E. (continued) E.4.1 Determine OPERABLE 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months DG(s) is not inoperable due to common cause failures.

OR E.4.2 Perform SR 3.8.1.2 for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OPERABLE DG(s).

AND E.5 Declare NSWS, CRAVS, 14 days CRACWS or ABFVES supported by the inoperable DG inoperable.

New Condition F and associated RAs and CT are added as follows:

F. Required Action and F.1.1 Restore both LCO 3.8.1.b 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months associated Completion DGs and opposite units Time of Required Action DG to OPERABLE status E.1 not met. and ESPS to available status.

OR F.1.2 Restore LCO 3.8.1.d DG to OPERABLE status.

OR F.1.3 Declare NSWS, CRAVS, CRACWS and ABFVES supported by the inoperable DG inoperable.

Existing Condition C is renamed G and is revised to state:

Two LCO 3.8.1.a offsite circuits inoperable.

OR One LCO 3.8.1.a offsite circuit inoperable and one LCO 3.8.1.c offsite circuit inoperable.

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 8 of 21 OR Two LCO 3.8.1.c offsite circuits inoperable.

Existing RA C.1 is renamed G.1 and the associated CT is revised to state: 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from discovery of Condition G concurrent with inoperability of redundant required features Existing RA C.2 is renamed G.2.

Existing Condition D is renamed H and is revised to state:

One LCO 3.8.1.a offsite circuit inoperable.

AND One LCO 3.8.1.b DG inoperable.

The Note above existing RA D.1 is revised to state: Enter applicable Conditions and Required Actions of LCO 3.8.9, Distribution Systems - Operating, when Condition H is entered with no AC power source to any train.

Existing RA D.1 is renamed H.1 and existing RA D.2 is renamed H.2.

Existing Condition E is renamed I and is revised to state:

Two LCO 3.8.1.b DGs inoperable.

OR LCO 3.8.1.b DG inoperable and one LCO 3.8.1.d DG inoperable.

OR Two LCO 3.8.1.d DGs inoperable.

Existing RA E.1 is renamed I.1.

Existing Condition F is renamed J. Existing RA F.1 is renamed J.1.

Existing Condition G is renamed K and is revised to state:

Required Action and associated Completion Time of Condition A, C, F, G, H, I, or J not met.

OR Required Action and associated Completion Time of Required Action B.2, B.3, B.4.1, B.4.2, or B.6 not met.

OR

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 9 of 21 Required Action and associated Completion Time of Required Action E.2, E.3, E.4.1, E.4.2, or E.5 not met.

Existing RA G.1 is renamed K.1. Existing RA G.2 is renamed K.2.

Existing Condition H is renamed L and is revised to state:

Three or more LCO 3.8.1.a and LCO 3.8.1.b AC sources inoperable.

OR Three or more LCO 3.8.1.c and LCO 3.8.1.d AC sources inoperable.

Existing RA H.1 is renamed L.1.

A new NOTE is added at the beginning of the SURVEILLANCE REQUIREMENTS section of TS 3.8.1 which states: SR 3.8.1.1 through SR 3.8.1.20 are only applicable to LCO 3.8.1.a and LCO 3.8.1.b AC sources. SR 3.8.1.21 is only applicable to LCO 3.8.1.c and LCO 3.8.1.d AC sources.

New Surveillance Requirement (SR) 3.8.1.21 and associated Frequency is added as follows:

SR 3.8.1.21 For the LCO 3.8.1.c and LCO 3.8.1.d AC electrical In accordance with sources, SR 3.8.1.1, SR 3.8.1.2, SR 3.8.1.4, SR 3.8.1.5, the Surveillance and SR 3.8.1.6 are required to be met. Frequency Control Program

2. TECHNICAL EVALUATION Specific technical justification for each aspect of the proposed change is below and will be presented in the same order that was used in Section 1.1 to describe the TS 3.8.1 change requests.

2.1 Catawba Evaluation of the TS 3.8.1 Change Request In order to continue to meet Criterion 3 of 10 CFR 50.36 with the removal of the requirement from the CNS TS Bases to maintain both normal and emergency power for operability of the shared systems (NSWS, CRAVS, CRACWS and ABFVES), the opposite units AC power sources that are necessary to support the NSWS (including the shared NSWS pumps), CRAVS, CRACWS and ABFVES are incorporated into TS 3.8.1 within new LCOs 3.8.1.c and 3.8.1.d.

Each train of NSWS, CRAVS, CRACWS and ABFVES (Train A and Train B) that is powered at the 600V level is connected to an onsite Class 1E electrical power distribution subsystem from either unit. Each of the four NSWS pumps, also considered a shared component of the NSWS at CNS, receives power at the 4160V level via an ESF bus that is supported by a train and unit

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 10 of 21 dedicated offsite source and DG. For example, the 1A offsite circuit and 1A DG are the normal and emergency power supplies for the 1A NSWS Pump.

In a normal alignment at CNS, Unit 1 Essential Bus 1ETA supplies Train A of shared systems that is powered at the 600V level of the onsite Class 1E AC Distribution System and Unit 2 Essential Bus 2ETB supplies Train B of shared systems that is powered at the 600V level of the onsite Class 1E AC Distribution System. Thus, for this normal plant configuration, the 2B offsite circuit and 2B DG, both of which supply power to 2ETB, would be LCO 3.8.1.c and LCO 3.8.1.d AC sources for Unit 1 TS 3.8.1. The 2A offsite circuit and 2A DG, both of which supply power to 2ETA to support the 2A NSWS Pump, would also be LCO 3.8.1.c and LCO 3.8.1.d AC sources for Unit 1 TS 3.8.1. Similarly, the 1A offsite circuit and 1A DG, both of which supply power to 1ETA, would be LCO 3.8.1.c and LCO 3.8.1.d AC sources for Unit 2 TS 3.8.1. And the 1B offsite circuit and 1B DG, both of which supply power to 1ETB to support the 1B NSWS Pump, would also be LCO 3.8.1.c and LCO 3.8.1.d AC sources for Unit 2 TS 3.8.1.

The Note that is added to the Applicability section takes exception to the requirements for the required AC sources in LCO 3.8.1.c and LCO 3.8.1.d provided the associated shared systems are inoperable. This exception is intended to allow declaring the shared systems supported by the opposite unit inoperable either in lieu of declaring the LCO 3.8.1.c and LCO 3.8.1.d AC sources inoperable, or at any time subsequent to entering ACTIONS for an inoperable LCO 3.8.1.c or LCO 3.8.1.d AC source. This exception is acceptable since, with the shared systems supported by the opposite unit inoperable and the associated ACTIONS entered, the LCO 3.8.1.c and LCO 3.8.1.d AC sources provide no additional assurance that acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of abnormal transients and also provide no additional assurance that adequate core cooling is provided and containment operability and other vital functions are maintained in the event of a postulated design basis accident (DBA).

The primary need for the Note is during Engineered Safeguards Features (ESF) testing. The testing is performed when one unit is in Modes 1 through 4 and the other unit is shutdown. A single train of shared systems (NSWS, CRAVS, CRACWS and ABFVES) is aligned to the outage unit. In this instance, the outage unit AC sources cannot support operability of the train of shared systems for the online unit. The Applicability Note allows Catawba and McGuire to declare the entire train of shared systems (NSWS, CRAVS, CRACWS and ABFES) inoperable in lieu of applying proposed LCOs 3.8.1.c and 3.8.1.d for the online unit. With the Applicability Note, there is no potential for Catawba or McGuire to flip back and forth between entering and exiting shared systems LCOs and LCOs 3.8.1.c and 3.8.1.d such that operation could continue indefinitely with inoperable equipment.

Adding LCO 3.8.1.a to Condition A clarifies that the Condition pertains to a qualified circuit between the offsite transmission network and the Onsite Essential Auxiliary Power System rather than a qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System.

Changing OPERABLE offsite circuit to required OPERABLE offsite circuit(s) in RA A.1 reflects that it could be necessary to verify the operability of more than one offsite circuit when a LCO 3.8.1.a offsite circuit is inoperable, since an offsite circuit may be aligned to the opposite unit Onsite Essential Auxiliary Power System that is supplying power to a train of the NSWS, CRAVS, CRACWS and ABFVES (i.e., a LCO 3.8.1.c offsite circuit).

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 11 of 21 The proposed maximum CT of 17 days for RA A.3 limits the total time that LCO 3.8.1.a or LCO 3.8.1.b is not met while concurrently or simultaneously in Conditions A and B. The existing CT is the sum of the CT for RA A.3 (i.e., 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ) and existing RA B.4 (i.e., 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ). CNS is proposing to increase the CT for existing RA B.4 to 14 days; thus, the maximum CT for RA A.3 will be increased from 6 days to 17 days.

Adding LCO 3.8.1.b to Condition B clarifies that the Condition pertains to unit-specific DG rather than a DG from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES.

New RA B.1 provides assurance that both opposite unit DGs are operable when a LCO 3.8.1.b DG is inoperable.

Renaming RAs B.1, B.2, B.3.1, B.3.2 and B.4 are administrative changes.

OPERABLE DG is changed to OPERABLE DG(s) in new RAs B.4.1 and B.4.2 to reflect that the RAs are to be performed for a LCO 3.8.1.d DG in addition to the OPERABLE LCO 3.8.1.b DG.

New RA B.5 is added as a prerequisite for entering the extended CT of new RA B.6 (i.e., 14 days). As specified in the TS Bases markups (Attachment 3), Emergency Supplemental Power Source (ESPS) availability requires that:

1. The load test has been performed within 30 days of entry into the extended CT.

2. The ESPS fuel tank is verified locally to be greater than or equal to a 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months supply.

3. The ESPS supporting system parameters for starting and operating are verified to be within limits for functional availability (e.g., battery state of charge).

The CT of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months from discovery of unavailable ESPS of new RA B.6 (formerly RA B.4) is based on the existing CT for an inoperable DG. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT of new RA B.6 is based on Branch Technical Position 8-8 and indicates that if the ESPS unavailability occurs sometime after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of continuous DG inoperability (i.e., after entering the extended CT for an inoperable DG), then the remaining time to restore the ESPS to available status or restore the DG to operable status is limited to 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . The 14 day CT of new RA B.6 is in accordance with Branch Technical Position 8-8, which indicates that operation may continue when a DG is inoperable for a period that should not exceed 14 days, provided a supplemental AC power source is available. The ESPS is the supplemental AC power source for CNS. The 17 day CT of new RA B.6 limits the total time that LCO 3.8.1.a or LCO 3.8.1.b is not met while concurrently or simultaneously in Conditions A and B. The existing CT is the sum of the CT for RA A.3 (i.e.,

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ) and existing RA B.4 (i.e., 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ). CNS is proposing to increase the CT for existing RA B.4 to 14 days; thus, the maximum CT for new RA B.6 will be increased from 6 days to 17 days.

New Condition C reflects that with an opposite unit DG inoperable, the remaining operable unit-specific DG and the required offsite circuits are adequate to supply power to the onsite Class 1E Distribution System. The CT of new RAs C.1.1 and C.1.2 are in accordance with Regulatory Guide 1.93, which indicates operation may continue in this condition for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT takes into account the capacity and capability of the

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 12 of 21 remaining AC power sources, a reasonable time for repairs and the low probability of a DBA occurring during the period.

New Condition D is added for one inoperable qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES. The Note above new RA D.1 indicates that when Condition D is entered with no AC source to a train, the Conditions and RAs for LCO 3.8.9, Distribution Systems - Operating, must be immediately entered. This allows new Condition D to provide requirements for the loss of a LCO 3.8.1.c offsite circuit and LCO 3.8.1.d DG without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train.

New RA D.1 ensures a highly reliable power source remains with the one necessary LCO 3.8.1.c offsite circuit (necessary only when the offsite circuit is aligned to the opposite unit Onsite Essential Auxiliary Power System that is supplying power to a train of the NSWS, CRAVS, CRACWS and ABFVES) inoperable by verifying the operability of the remaining required offsite circuits. The CT for new RA D.1 is consistent with NUREG-1431 and the CT for existing RA A.1.

New RA D.2 only applies if the train cannot be powered from an offsite source and is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function for the NSWS, CRAVS, CRACWS or the ABFVES.

The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT for new RA D.2 is considered acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining operable offsite circuits and DGs are adequate in this condition to supply power to the Class 1E Distribution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT also takes into account the component operability of the redundant counterpart to the inoperable NSWS, CRAVS, CRACWS or ABFVES, the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during this period.

New RA D.3 reflects that if the inoperable qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES cannot be restored to operable status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , then the NSWS, CRAVS, CRACWS and ABFVES components associated with the inoperable offsite circuit must be declared inoperable. The ACTIONS associated with the LCOs for those shared systems will ensure that appropriate action is taken. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT for new RA D.3 takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during this period.

New Condition E is added for one opposite unit DG necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES inoperable. The Note above new RA E.1 indicates that when Condition E is entered with no AC source to a train, the Conditions and RAs for LCO 3.8.9, Distribution Systems - Operating, must be immediately entered. This allows new Condition E to provide requirements for the loss of a LCO 3.8.1.c offsite circuit and LCO 3.8.1.d DG without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train.

The new RA E.1 to verify both unit-specific DGs are operable, the other opposite units DG is operable and the ESPS is available forms the basis for the 14 day CT of new RA E.5. The

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 13 of 21 verification in this RA provides assurance that the other three safety-related DGs and the ESPS are capable of supplying the Class 1E AC Electrical Power Distribution System.

New RA E.2 ensures a highly reliable power source remains with the one necessary LCO 3.8.1.d DG (necessary only when the DG is aligned to the opposite unit Onsite Essential Auxiliary Power System that is supplying power to a train of the NSWS, CRAVS, CRACWS and ABFVES) inoperable by verifying the operability of the remaining required offsite circuits. The CT for new RA E.2 is consistent with NUREG-1431 and the CT for existing RA A.1.

New RA E.3 is intended to provide assurance that a loss of offsite power, during the period a LCO 3.8.1.d DG is inoperable, does not result in a complete loss of safety function for the NSWS, CRAVS, CRACWS or the ABFVES. Four hours (i.e., the CT for new RA E.3) from discovering the LCO 3.8.1.d DG inoperable coincident with one train of NSWS, CRAVS, CRACWS or ABFVES inoperable that is associated with the other train that has emergency power is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown. The four hour CT also takes into account the capacity and capability of the remaining NSWS, CRAVS, CRACWS and ABFVES train, a realistic time for repairs and the low probability of a DBA occurring during this period.

The remaining operable DGs and offsite circuits are adequate in this condition to supply electrical power to the onsite Class 1E Distribution System. Thus, on a component basis, single failure protection for the NSWS, CRAVS, CRACWS or ABFVES may have been lost; however, function has not been lost.

New RA E.4.1 provides an allowance to avoid unnecessary testing of operable DGs. If it can be determined that the cause of the inoperable LCO 3.8.1.d DG (opposite unit DG necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES) does not exist on the operable DGs, then SR 3.8.1.2 does not have to be performed. In accordance with new RA E.4.2, if the cause of the initial inoperable LCO 3.8.1.d DG cannot be confirmed not to exist on the remaining DGs, then performance of SR 3.8.1.2 suffices to provide assurance of continued operability of the DGs. According to Generic Letter 84-15, Proposed Staff Actions to Improve and Maintain Diesel Generator Reliability, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months CT is reasonable to confirm that the operable DGs are not affected by the same problem as the inoperable LCO 3.8.1.d DG.

New RA E.5 reflects that if the opposite unit DG that is needed to supply power to the NSWS, CRAVS, CRACWS and ABFVES cannot be restored to operable status within 14 days, then the NSWS, CRAVS, CRACWS and ABFVES components associated with the inoperable DG must be declared inoperable. The Actions associated with the NSWS, CRAVS, CRACWS and ABFVES will ensure the appropriate actions are taken. The CT of 14 days is justified by new RA E.1 (verify both unit-specific DGs are operable, the other opposite unit DG is operable and the ESPS is available). The 14 day CT is also consistent with the proposed CT in ACTION B when ESPS is available.

New Condition F is added to indicate that with an additional safety-related DG inoperable or the ESPS unavailable, the remaining operable DG and qualified circuits are adequate to supply electrical power to the onsite Class 1E Distribution System.

New RA F.1.1 is provided to restore both of the unit-specific DGs to operable, the other opposite unit DG to operable and the ESPS to available. New RA F.1.2 is provided to restore the LCO 3.8.1.d DG to operable. Either of the new RAs F.1.1 and F.1.2 must be completed within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT for RAs F.1.1 and F.1.2 is consistent with Regulatory Guide 1.93, Availability of Electric Power Sources. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT also takes into account the capacity

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 14 of 21 and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during the period.

New RA F.1.3 reflects that if the opposite unit DG that is necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES cannot be restored to operable status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , then the NSWS, CRAVS, CRACWS and ABFVES components associated with the inoperable DG must be declared inoperable. The ACTIONS associated with the LCOs for those shared systems will ensure that appropriate action is taken. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT for new RA F.1.3 takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during this period.

Renaming Condition C to Condition G is an administrative change. Adding LCO 3.8.1.a to new Condition G clarifies that the portion of the Condition pertains to the qualified circuits between the offsite transmission network and the Onsite Essential Auxiliary Power System rather than a qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System. The second part of Condition G after the OR connector is added to reflect when the offsite circuit required by LCO 3.8.1.c and one offsite circuit required by LCO 3.8.1.a are concurrently inoperable. The third part of Condition G after the OR connector is added to reflect when two offsite circuits required by LCO 3.8.1.c are inoperable.

Renaming RAs C.1 and C.2 to G.1 and G.2 is an administrative change. Changing Condition C to Condition G in the CT for new RA G.1 is an administrative change.

Renaming Condition D to Condition H is an administrative change. Adding LCO 3.8.1.a and LCO 3.8.1.b to new Condition H clarifies that the Condition pertains to a qualified circuit between the offsite transmission network and the Onsite Essential Auxiliary Power System (rather than a qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System) and to a DG capable of supplying the Onsite Essential Auxiliary Power Systems (rather than a DG from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES).

Changing Condition D to Condition H in the NOTE above new RA H.1 is an administrative change. Renaming RAs D.1 and D.2 to H.1. and H.2 is an administrative change.

Renaming Condition E to Condition I is administrative change. Adding LCO 3.8.1.b to new Condition I clarifies that this portion of the Condition pertains to the unit-specific DGs rather than a DG from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES. The second part of Condition I after the OR connector is added to reflect that with one LCO 3.8.1.d DG inoperable and one LCO 3.8.1.b DG inoperable, there are no remaining standby AC sources to the shared portions of the NSWS, CRAVS, CRACWS and ABFVES.

The third part of Condition I after the OR connector is added to reflect that with two DGs

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 15 of 21 required by LCO 3.8.1.d inoperable, there are no remaining standby AC sources to the shared portions of the NSWS, CRAVS, CRACWS and ABFVES.

Renaming RA E.1 to I.1 is an administrative change.

Renaming Condition F to Condition J is an administrative change. Renaming RA F.1 to J.1 is an administrative change.

Renaming Condition G to Condition K is an administrative change. All of the proposed revisions to new Condition K reflect instances where the RA and associated CT of a Condition (or RA) are not met.

Renaming RAs G.1 and G.2 to K.1 and K.2 is an administrative change.

Renaming Condition H to Condition L is an administrative change. Adding LCO 3.8.1.a and LCO 3.8.1.b to new Condition L clarifies that the Condition corresponds to a level of degradation in which all redundancy in the unit-specific (i.e., LCO 3.8.1.a and LCO 3.8.1.b) AC electrical power supplies has been lost. The second part of Condition L after the OR connector is added to reflect that the Condition corresponds to a level of degradation in which all redundancy in LCO 3.8.1.c and LCO 3.8.1.d AC electrical power supplies has been lost.

The new NOTE added to the SURVEILLANCE REQUIREMENTS section of CNS TS 3.8.1 clarifies that not all of the SRs are applicable to all the components described in the LCO.

New SR 3.8.1.21 lists the SRs that are applicable to new LCO 3.8.1.c and new LCO 3.8.1.d.

These SRs are 3.8.1.1, 3.8.1.2, 3.8.1.4, 3.8.1.5 and 3.8.1.6. The Frequency of new SR 3.8.1.21 is to be in accordance with the CNS Surveillance Frequency Control Program.

3. ADDITIONAL TECHNICAL JUSTIFICATION FOR CATAWBA PROPOSED CHANGE Based on questions received during a recent NRC staff audit for the subject LAR (see ADAMS Accession No. ML18046B077 for audit plan), Duke Energy is providing additional information in the following sections to justify the proposed change.

3.1 NRC Issue #1 and Duke Energy Response Issue #1 Case 7 represents a scenario where initially before the accident event, Unit 1 meets the LCO requirements of proposed TS 3.8.1 with the 1A, 1B, and 2A EDGs operable. Since Unit 1 meets the LCO, the equipment specified to be operable should meet single failure criteria. Unit 2 is in proposed TS 3.8.1 Condition B with the 2B EDG inoperable. After the DBA (Unit 1 LOCA, LOOP both units) occurs as represented in Figure 7b, and the single failure (i.e. EDG 1A) occurs in Unit 1 that is meeting its proposed TS 3.8.1 LCO, Catawba is left with one NSWS pump and one EDG for each NSWS loop or channel, i.e. A channel and B channel. Each NSWS channel supplies an ESS header for each unit. This NSWS lineup is as shown in Figure 7b. Table 1 and 2 describe Case 7 and show the NSWS flow rates to each safety related component. But these tables and Figure 7 bring the non-accident unit to hot standby instead of cold shutdown as specified in the design basis. Furthermore, the NSWS availability as shown in Figure 7b with one pump per loop and the loops isolated from each other may not match the

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 16 of 21 operability requirements as stated in the TS Bases for TS 3.7.8 which has two NSWS pumps supplying a NSWS loop to meet the design basis of mitigating an DBA and bringing the non-accident unit to cold shutdown.

Tables 1, 2 and Figure 7a and 7b do not necessarily demonstrate that the proposed changes to TS 3.8.1, with only one EDG from the opposite unit required to be operable, along with the proposed changes to the definition of power requirements for shared systems (i.e. both normal and emergency power for shared components must be operable) meet the regulatory requirements of 10CFR50.36 and the UFSAR in Case 7 above.

Discussion Item #1 The NRC staff requests the licensee provide an explanation of the regulatory adequacy of proposed TS 3.8.1 for Unit 1 in this scenario, as to whether sufficient equipment is specified to be operable, such that the LOCA in Unit 1 is mitigated and Unit 2 can be brought to cold shutdown.

Duke Energy Response to Issue #1 For clarity, the term loop refers to the two NSWS pumps and associated supply header. For example, Loop A would refer to NSWS Pumps 1A and 2A and the associated supply header.

The term train refers to the unit specific header. For example, Train 1A refers to the portion of NSWS loop A supplying the 1A train of component cooling, containment spray, auxiliary feedwater, control room chilled water and diesel generator jacket water cooling. Loop A supplies trains 1A and 2A. Loop B supplies trains 1B and 2B.

The following response utilizes the proposed TS 3.8.1 presented in Section 1.1 of the Enclosure above.

The initial conditions for Case 7 from the November 2017 LAR supplement specify that the 2B EDG is inoperable. The normal Catawba plant configuration is to have the Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System aligned to receive power from Unit 1 and the Train B shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System aligned to receive power from Unit 2.

Because the 2B EDG is inoperable initially, the Train B shared systems (excluding the NSWS pumps) would be re-aligned to receive power from Unit 1 in accordance with Commitment #9 of . Also in accordance with Commitment #9, the Train A shared systems (excluding the NSWS pumps) would be re-aligned to receive power from Unit 2. The 1A and 1B EDGs would be LCO 3.8.1.d AC sources for Unit 2 TS 3.8.1 in this configuration because both EDGs are necessary for supplying power to shared systems (the 1A EDG supplies the 1A NSWS Pump and the 1B EDG supplies the Train B shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System). The 2A and 2B EDGs would be LCO 3.8.1.d AC sources for Unit 1 TS 3.8.1 in this configuration because both EDGs are necessary for supplying power to shared systems (the 2A EDG supplies the Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System and the 2B EDG supplies the 2B NSWS Pump).

For the conditions of Issue #1, Unit 1 LCO 3.8.1.d would require the 2A and 2B EDGs to be operable since they are necessary for supplying power to Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System and to the 2B NSWS

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 17 of 21 Pump. Unit 2 LCO 3.8.1.d would require the 1A and 1B EDGs to be operable since they are necessary for supplying power to the Train B shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System and to the 1A NSWS Pump. Thus, sufficient equipment (the 1B and 2A EDGs) is specified to be operable in proposed TS 3.8.1 for both units in this scenario.

The following discussion will demonstrate how cold shutdown (vice hot standby) is achieved on the non-LOCA unit (Unit 2) utilizing the 1B and 2A EDGs that are required to be operable by proposed TS 3.8.1.

For the scenario in Issue #1, the station is left with two operable EDGs, 1B and 2A. This results in two Nuclear Service Water System (NSWS) Pumps (1B and 2A) and one train of safety equipment on each unit.

With the loops isolated from each other, this results in each unit operating with one NSWS pump serving the train related header for each unit. Each unit will have one train of Residual Heat Removal (RHR) and Component Cooling Water (CCW).

For Unit 1 with a LOCA and LOOP, the Catawba large break LOCA and Containment analysis only assumes one train of RHR/CCW/NSWS for core cooling and heat removal from containment. The analysis assumes the minimum NSWS flows for heat removal from containment during cold leg recirculation.

For Unit 2 with a LOOP only, one train of RHR/CCW/NSWS is available for cooldown of the unit.

Cooldown of Unit 2 to RHR entry conditions (Tavg -< 350 °F) is accomplished via feeding the steam generators with the Auxiliary Feedwater System (AFW) and steam release to the atmosphere via the steam generator power operated relief valves (PORVs). A Catawba calculation has determined the time history of reactor coolant temperature following a main steam line break. The calculation bounds a cooldown following a LOOP for the following reasons:

1. Three PORVs are credited for cooldown from 557 °F to 350 °F. For purely a LOOP, four PORVs would be available.

2. The calculation conservatively assumes the reactor coolant pumps are still in operation. During a LOOP, the reactor coolant pumps (RCPs) lose power and coast down. Therefore, the heat input from the RCPs is not present in a LOOP.

The same calculation that has determined the time history of reactor coolant temperature following a main steam line break also makes the following conservative assumptions to bound the cooldown analysis:

1. Minimum NSWS flow rates from approved NSWS test acceptance criteria are used.

These flow rates factor in one pump serving one units CCW heat exchanger on each unit.

2. Maximum NSWS temperature allowed by Technical Specifications.

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 18 of 21

3. Maximum fouling and tube plugging in the CCW heat exchanger allowed by the approved CCW System test acceptance criteria and the acceptable NSWS flow and fouling criteria.

The Catawba calculation demonstrates that under the aforementioned limiting conditions, the non-LOCA unit (Unit 2 in Issue #1 scenario) can achieve cold shutdown in 23.7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months .

-1

'\ ........ ,., ............ ____ . . _____ -*-*******1,------ --,,...,. ....... ..

lime All..- Shr::du,a,n (hQUQI)

- 01\e Tuia of ND

- **

Two Trains of ND Furthermore, a separate Catawba calculation demonstrates that the Standby Nuclear Service Water Pond (SNSWP) can reject the necessary heat to accommodate the heat input from a LOCA on one unit and cold shutdown on the other unit. The current analyzed limits for Containment Spray heat exchanger tube plugging and fouling ensures that the actual heat transfer will always exceed that assumed in the accident analysis.

In conclusion, sufficient equipment is specified to be operable in proposed TS 3.8.1 (namely the 1B and 2A EDGs) for the scenario presented in Issue #1 such that the Unit 1 LOCA is mitigated and Unit 2 can be brought to cold shutdown.

The other aspect of the NRC staff's Issue #1 asserts that the configuration of one NSWS pump per loop and the NSWS loops isolated from each other may not match what is stated in TS Bases 3.7.8. The following excerpt from TS 3.7.8 is relevant to the discussion.

"One NSWS loop containing two OPERABLE NSWS pumps has sufficient capacity to supply post loss of coolant accident (LOCA) loads on one unit and shutdown and coo/down loads on the other unit. Thus, the OPERABILITY of two NSWS loops assures that no single failure will keep the system from performing the required safety function . Additionally, one NSWS loop containing one OPERABLE NSWS pump has sufficient capacity to maintain one unit indefinitely in MODE 5 (commencing 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 19 of 21 following a trip from RTP) while supplying the post LOCA loads of the other unit. Thus, after a unit has been placed in MODE 5, only one NSWS pump and its associated emergency diesel generator are required to be OPERABLE on each loop, in order for the system to be capable of performing its required safety function, including single failure considerations.

For the scenario provided in Case 7, the 2B EDG is already inoperable. If the 1A EDG is taken as the single failure, then the plant is left with one OPERABLE NSWS pump on each NSWS loop. This condition is essentially the same flow and heat transfer capability as described in the TS 3.7.8 Bases, except the OPERABLE NSWS pumps in this scenario are on opposite trains.

Since the failure of DG 1A counts as the single failure, no further failures are postulated.

The TS 3.7.8 Bases will be marked up as reflected in Attachment 5 to clarify that one OPERABLE NSWS pump on each NSWS loop meets the design basis of mitigating a LOCA on one unit and bringing the non-accident unit to cold shutdown.

3.2 NRC Issue #2 and Duke Energy Response Issue #2 Case 9 scenario represents a more significant challenge to the completeness of proposed TS 3.8.1 d, where initially before the accident event, Unit 1 meets the LCO requirements of proposed TS 3.8.1 with the 1A, 1B, and 2A EDGs operable. If Unit 1 meets the proposed TS 3.8.1 LCO, the equipment specified as to be operable should meet single failure criteria. Unit 2 is in proposed TS 3.8.1 Condition B with the 2B EDG inoperable. After the DBA (Unit 1 LOCA, LOOP both units and the loss of Lake Wylie) occurs as represented in Figure 9b, and the single failure (i.e. EDG 1A and/or 1RN 3A) occurs in Unit 1 that is meeting its proposed TS 3.8.1 LCO, Catawba is left with NSWS Pump 1A supplying the 2B and 1B essential safety system (ESS) headers. With 2B EDG inoperable the 2B ESS header has no Component Cooling Water (CCW). As discussed in Table 1-NSWS Scenarios and System Response, the non-accident Unit 2 is brought to hot standby, vice cold shutdown, and the mitigating action relies on the Emergency Supplemental Power Source (ESPS) which may not be available because there is no requirement for it to be available.

Tables 1, 2 and Figure 9a and 9b do not necessarily demonstrate that the proposed changes to TS 3.8.1, with only one EDG from the opposite unit required to be operable, along with the proposed changes to the definition of power requirements for shared systems (i.e. both normal and emergency power for shared components must be operable) meet the regulatory requirements of 10CFR50.36 and the UFSAR in Case 9 above.

Discussion Item #2 The NRC staff requests the licensee provide an explanation of the regulatory adequacy of proposed TS 3.8.1 for Unit 1 in this scenario, as to whether sufficient equipment is specified to be operable, such that the LOCA in Unit 1 is mitigated and Unit 2 can be brought to cold shutdown.

Duke Energy Response to Issue #2 After further review of the Case 9 scenario provided to the NRC staff in the November 2017 License Amendment Request supplement, Duke Energy has identified a more prudent action to

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 20 of 21 take at Catawba when using the extended 14 day Completion Time for an inoperable EDG.

This action meets all single failure criteria prescribed in the design bases. Duke Energy is adding a regulatory commitment (Commitment #9) to the table of commitments provided in the original LAR submittal which states that prior to entering the extended Completion Time for an inoperable DG, the station will ensure that each train of shared systems is powered by an operable Class 1E AC Distribution System, with an operable DG, from opposite units. The new table of regulatory commitments is provided in Attachment 6.

This regulatory commitment will ensure two NSWS pumps and one train of safety equipment on each unit are available to mitigate the Design Basis Accident (i.e., LOCA on one unit, a LOOP on both units and a loss of Lake Wylie (Catawba)) as demonstrated in the following example.

The example has the same set of initial conditions as stated in the NRC staffs Issue #2 below (Case 9 from the November 2017 LAR supplement).

The 2B EDG is declared inoperable for planned maintenance. The normal plant alignment for Catawba is for the 1A EDG to serve as the emergency power supply for Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System and the 2B EDG to serve as the emergency power supply for Train B shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System. However, in accordance with the regulatory commitment above and the risk mitigation plan that would be put in place associated with the 2B EDG inoperability, power sources and nuclear service water are re-aligned such that the 2A EDG is now the emergency power supply for Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System. Power and nuclear service water are also re-aligned such that the 1B DG is now the emergency power supply for Train B shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System. A LOCA occurs on Unit 1 and a LOOP occurs on both units. There is a loss of Lake Wylie (for Catawba) and a Loss of Lake Norman (McGuire). At least two NSWS pumps are required to mitigate the LOCA on Unit 1 and bring Unit 2 to cold shutdown.

The single failure for Unit 2 is the 2B DG based on Generic Letter 80-30, which states the following in part:

The specified time to take action, usually called the equipment out-of-service time, is a temporary relaxation of the single failure criterion, which consistent with overall system reliability considerations, provides a limited time to fix equipment or otherwise make it OPERABLE.

A postulated failure of a 2A DG, 2A Train NSWS Pump or a Train A shared NSWS valve is not assumed as that would then be considered two failures for Unit 2.

Unit 1 is still required to take a single failure. A single failure of a Unit 1 related component that supports operation of Unit 1 is required. Failures of shared components are not postulated in accordance with the Catawba design basis when one unit is in a Technical Specification Action statement and the other unit is fully operable. The single failure for Unit 1 is a failure of the 1A DG (Note: the single failure could also be a failure of the 1A NSWS Pump but the consequence of the 1A DG and 1A NSWS failing are the same.). A failure of the valve 1RN3A (NSWS Pump Pit A Intake from the Standby Nuclear Service Water Pond (SNSWP) Isolation Valve) to open, which renders the entire Train A of NSWS inoperable, is not postulated. 1RN3A is a shared component and failure of the valve to open would result in the unit in an Action statement (Unit

2) taking two single failures instead of one. Since there is a LOOP on Unit 1, the impact of a 1A DG failure does not result in a failure of the 1RN3A to open (and unavailability of the entire Train

U.S. Nuclear Regulatory Commission RA-18-0094, Enclosure Page 21 of 21 A of NSWS) because the 2A EDG is now the emergency power supply for shared valve 1RN3A to open in accordance with the regulatory commitment described above. For this scenario, failure of the 1A DG does cause a failure of the 1A NSWS Pump and train.

Given the single failures presented above (the 2B DG on Unit 2 and the 1A DG on Unit 1),

Catawba would have both the 1B and 2A NSWS Pumps (and 1B and 2A DGs) available to mitigate the LOCA on Unit 1 and bring Unit 2 to cold shutdown.

The response for Issue #2 becomes identical to Issue #1 with the regulatory commitment to re-align shared systems and power sources as described above. Duke Energys response to Issue #1 demonstrates sufficient equipment is specified to be operable in proposed TS 3.8.1 (namely the 1B and 2A EDGs) such that the Unit 1 LOCA is mitigated and Unit 2 can be brought to cold shutdown.

3.3 NRC Issue #3 and Duke Energy Response Issue #3 Proposed TS 3.8.1.d requires one DG from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS, and ABFVES. If 1EMXG is powered by EDG 1A and 2EMXH is powered by EDG 1B, Unit 2 needs both Unit 1 EDGs to supply emergency power to both trains of shared systems, yet the proposed TS 3.8.1 LCO does not require operability of both opposite units EDGs.

Discussion Item #3 The NRC staff requests the licensee provide an explanation how of proposed TS 3.8.1 meets the requirements of 10CFR50.36 for the conditions of issue #3.

Duke Energy Response to Issue #3 The NRC staffs statement in the introduction to Issue #3 above that the proposed TS 3.8.1 LCO does not require operability of both opposite units EDGs. is correct. Duke Energy had intended in the November 2017 License Amendment Request supplement to reflect the requirement that a Catawba unit in Modes 1 through 4 must be in a Technical Specification 3.8.1 Action statement any time an EDG on the opposite unit that is necessary for supplying power to shared systems is inoperable. However, for the configuration described in Issue #3 (i.e., both trains of shared systems aligned to receive power from Unit 1), one inoperable Unit 1 EDG (either the 1A or 1B EDG) would not result in entering a TS Action statement on Unit 2 for the proposed TS 3.8.1 that was submitted to the NRC staff in November 2017 because the proposed Limiting Condition in that LAR supplement requires only one DG from the opposite unit necessary to supply power to shared systems to be operable.

Therefore, the proposed TS 3.8.1 change is revised above in Section 1 of this Enclosure for Catawba to reflect the sufficient equipment required to be operable by the LCO. The revised TS markups are provided in Attachments 1 and 2 and the revised TS Bases markups are provided in Attachments 3 and 4.

RA-18-0094 Attachment 1 Catawba Technical Specification Marked Up Pages

AC Sources - Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC SourcesOperating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a. Two qualified circuits between the offsite transmission network and the Onsite Essential Auxiliary Power System; and

b. Two diesel generators (DGs) capable of supplying the Onsite Essential Auxiliary Power Systems; and

c. The qualified circuit(s) between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES); and

d. The DG(s) from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES; AND The automatic load sequencers for Train A and Train B shall be OPERABLE.

APPLICABILITY: MODES 1, 2, 3, and 4.

NOTE-------------------------------------------

The opposite unit electrical power sources in LCO 3.8.1.c and LCO 3.8.1.d are not required to be OPERABLE when the associated shared systems are inoperable.

Catawba Units 1 and 2 3.8.1-1 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS

NOTE----------------------------------------------------------

LCO 3.0.4.b is not applicable to DGs.

CONDITION REQUIRED ACTION COMPLETION TIME A. One LCO 3.8.1.a offsite A.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months circuit inoperable. required OPERABLE offsite circuit(s). AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from A.2 Declare required feature(s) discovery of no with no offsite power offsite power to one available inoperable when train concurrent with its redundant required inoperability of feature(s) is inoperable. redundant required feature(s)

AND A.3 Restore offsite circuit to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OPERABLE status.

AND 6 17 days from discovery of failure to meet LCO 3.8.1.a or LCO 3.8.1.b Catawba Units 1 and 2 3.8.1-2 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B. One LCO 3.8.1.b DG B.1 Verify both DGs on the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months inoperable. opposite unit OPERABLE.

AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND B.12 Perform SR 3.8.1.1 for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months required offsite circuit(s).

AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND B.23 Declare required feature(s) 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months from supported by the discovery of inoperable DG inoperable Condition B when its required concurrent with redundant feature(s) is inoperability of inoperable. redundant required feature(s)

AND B.34.1 Determine OPERABLE 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months DG(s) is not inoperable due to common cause failure.

OR 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months B.34.2 Perform SR 3.8.1.2 for OPERABLE DG(s).

AND (continued)

Catawba Units 1 and 2 3.8.1-3 Amendment Nos. 173/165

AC Sources - Operating 3.8.1 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B. (continued) B.5 Ensure availability of Prior to entering the Emergency Supplemental extended Completion Power Source (ESPS). Time of ACTION B.6 AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND B.4B.6 Restore DG to OPERABLE 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months from status. discovery of unavailable ESPS AND 6 days from discovery of failure to meet LCO 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from discovery of unavailable ESPS when in extended Completion Time AND 14 days AND 17 days from discovery of failure to meet LCO 3.8.1.a or LCO 3.8.1.b Catawba Units 1 and 2 3.8.1-4 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS C. Required Action and C.1.1 Restore both DGs on the 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months associated Completion opposite unit to Time of Required Action OPERABLE status.

B.1 not met.

OR C.1.2 Restore LCO 3.8.1.b DG to OPERABLE status.

D. One LCO 3.8.1.c offsite -------------------NOTE------------------

circuit inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems Operating," when Condition D is entered with no AC power source to a train.

D.1 Perform SR 3.8.1.1 for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months required offsite circuit(s).

AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND D.2 Declare NSWS, CRAVS, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from CRACWS or ABFVES with discovery of no no offsite power available offsite power to one inoperable when the train concurrent with redundant NSWS, CRAVS, inoperability of CRACWS or ABFVES is redundant required inoperable. feature(s)

AND D.3 Declare NSWS, CRAVS, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CRACWS and ABFVES supported by the inoperable offsite circuit inoperable.

Catawba Units 1 and 2 3.8.1-5 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS E. One LCO 3.8.1.d DG -------------------NOTE------------------

inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems Operating," when Condition E is entered with no AC power source to a train.

E.1 Verify both LCO 3.8.1.b 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months DGs OPERABLE, the opposite units DG AND OPERABLE and ESPS available. Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND E.2 Perform SR 3.8.1.1 for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months required offsite circuit(s).

AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND E.3 Declare NSWS, CRAVS, 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months from CRACWS or ABFVES discovery of supported by the Condition E inoperable DG inoperable concurrent with when the redundant inoperability of NSWS, CRAVS, CRACWS redundant required or ABFVES is inoperable. feature(s)

AND Catawba Units 1 and 2 3.8.1-6 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS E. (continued) E.4.1 Determine OPERABLE 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months DG(s) is not inoperable due to common cause failures.

OR E.4.2 Perform SR 3.8.1.2 for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OPERABLE DG(s).

AND E.5 Declare NSWS, CRAVS, 14 days CRACWS and ABFVES supported by the inoperable DG inoperable.

F. Required Action and F.1.1 Restore both LCO 3.8.1.b 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months associated Completion DGs and opposite units Time of Required Action DG to OPERABLE status E.1 not met. and ESPS to available status.

OR F.1.2 Restore LCO 3.8.1.d DG to OPERABLE status.

OR F.1.3 Declare NSWS, CRAVS, CRACWS and ABFVES supported by the inoperable DG inoperable.

Catawba Units 1 and 2 3.8.1-7 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS CG. Two LCO 3.8.1.a offsite CG.1 Declare required feature(s) 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from circuits inoperable. inoperable when its discovery of redundant required Condition C G OR feature(s) is inoperable. concurrent with inoperability of One LCO 3.8.1.a offsite redundant required inoperable and one features LCO 3.8.1.c offsite circuit inoperable. AND OR CG.2 Restore one offsite circuit 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months to OPERABLE status.

Two LCO 3.8.1.c offsite circuits inoperable.

(continued)

Catawba Units 1 and 2 3.8.1-8 Amendment Nos. 253/248

AC Sources - Operating 3.8.1 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME DH. One LCO 3.8.1.a offsite -------------------NOTE------------------

circuit inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, AND "Distribution Systems Operating," when Condition D H is One LCO 3.8.1.b DG entered with no AC power source inoperable. to any train.

DH.1 Restore offsite circuit to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months OPERABLE status.

OR DH.2 Restore DG to OPERABLE 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months status.

EI. Two LCO 3.8.1.b DGs EI.1 Restore one DG to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months inoperable. OPERABLE status.

OR LCO 3.8.1.b DG inoperable and one LCO 3.8.1.d DG inoperable.

OR Two LCO 3.8.1.d DGs inoperable.

FJ. One automatic load FJ.1 Restore automatic load 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months sequencer inoperable. sequencer to OPERABLE status.

Catawba Units 1 and 2 3.8.1-9 Amendment Nos. 173/165

AC Sources - Operating 3.8.1 ACTIONS (continued)

GK. Required Action and GK.1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time of Condition A, -BC,- -AND C, D, E, or F, G, H, I, or J not met. GK.2 Be in MODE 5. 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months OR Required Action and associated Completion Time of Required Action B.2, B.3, B.4.1, B.4.2, or B.6 not met.

OR Required Action and associated Completion Time of Required Action E.2, E.3, E.4.1, E.4.2, or E.5 not met.

HL. Three or more LCO HL.1 Enter LCO 3.0.3. Immediately 3.8.1.a and LCO 3.8.1.b AC sources inoperable.

OR Three or more LCO 3.8.1.c and LCO 3.8.1.d AC sources inoperable.

Catawba Units 1 and 2 3.8.1-10 Amendment Nos. 173/165

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS

NOTE-------------------------------------------------------------

SR 3.8.1.1 through SR 3.8.1.20 are only applicable to LCO 3.8.1.a and LCO 3.8.1.b AC sources. SR 3.8.1.21 is only applicable to LCO 3.8.1.c and LCO 3.8.1.d AC sources.

SURVEILLANCE FREQUENCY SR 3.8.1.1 Verify correct breaker alignment and indicated power In accordance with availability for each offsite circuit. the Surveillance Frequency Control Program SR 3.8.1.2 ---------------------------------NOTES-------------------------------

1. Performance of SR 3.8.1.7 satisfies this SR.

2. All DG starts may be preceded by an engine prelube period and followed by a warmup period prior to loading.

3. A modified DG start involving idling and gradual acceleration to synchronous speed may be used for this SR as recommended by the manufacturer.

When modified start procedures are not used, the time, voltage, and frequency tolerances of SR 3.8.1.7 must be met.

Verify each DG starts from standby conditions and In accordance with achieves steady state voltage > 3950 V and < 4580 V, the Surveillance and frequency > 58.8 Hz and < 61.2 Hz. Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-11 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.3 -----------------------------------NOTES-----------------------------

1. DG loadings may include gradual loading as recommended by the manufacturer.

2. Momentary transients outside the load range do not invalidate this test.

3. This Surveillance shall be conducted on only one DG at a time.

4. This SR shall be preceded by and immediately follow without shutdown a successful performance of SR 3.8.1.2 or SR 3.8.1.7.

Verify each DG is synchronized and loaded and operates In accordance with for > 60 minutes at a load > 5600 kW and < 5750 kW. the Surveillance Frequency Control Program SR 3.8.1.4 Verify each day tank contains > 470 gal of fuel oil. In accordance with the Surveillance Frequency Control Program SR 3.8.1.5 Check for and remove accumulated water from each day In accordance with tank. the Surveillance Frequency Control Program SR 3.8.1.6 Verify the fuel oil transfer system operates to transfer fuel In accordance with oil from storage system to the day tank. the Surveillance Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-12 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.7 --------------------------------------NOTE----------------------------

All DG starts may be preceded by an engine prelube period.

Verify each DG starts from standby condition and In accordance with achieves in < 11 seconds voltage of > 3950 V and the Surveillance frequency of > 57 Hz and maintains steady-state voltage Frequency Control

> 3950 V and < 4580 V, and frequency > 58.8 Hz and Program

< 61.2 Hz.

SR 3.8.1.8 Verify automatic and manual transfer of AC power In accordance with sources from the normal offsite circuit to each alternate the Surveillance offsite circuit. Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-13 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.9 --------------------------------------NOTE-----------------------------

If performed with the DG synchronized with offsite power, it shall be performed at a power factor < 0.9.

Verify each DG rejects a load greater than or equal to its In accordance with associated single largest post-accident load, and: the Surveillance Frequency Control

a. Following load rejection, the frequency is < 63 Hz; Program

b. Within 3 seconds following load rejection, the voltage is > 3950 V and < 4580 V; and

c. Within 3 seconds following load rejection, the frequency is > 58.8 Hz and < 61.2 Hz.

SR 3.8.1.10 Verify each DG does not trip and generator speed is In accordance with maintained < 500 rpm during and following a load the Surveillance rejection of > 5600 kW and < 5750 kW. Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-14 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.11 ----------------------------------NOTES------------------------------

1. All DG starts may be preceded by an engine prelube period.

2. This Surveillance shall not be performed in MODE 1, 2, 3, or 4.

Verify on an actual or simulated loss of offsite power In accordance with signal: the Surveillance Frequency Control

a. De-energization of emergency buses; Program

b. Load shedding from emergency buses;

c. DG auto-starts from standby condition and:

1. energizes the emergency bus in

< 11 seconds,

2. energizes auto-connected shutdown loads through automatic load sequencer,

3. maintains steady state voltage

> 3950 V and < 4580 V,

4. maintains steady state frequency

> 58.8 Hz and < 61.2 Hz, and

5. supplies auto-connected shutdown loads for > 5 minutes.

(continued)

Catawba Units 1 and 2 3.8.1-15 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.12 --------------------------------------NOTE----------------------------

All DG starts may be preceded by prelube period.

Verify on an actual or simulated Engineered Safety In accordance with Feature (ESF) actuation signal each DG auto-starts from the Surveillance standby condition and: Frequency Control Program

a. In < 11 seconds after auto-start and during tests, achieves voltage > 3950 V and < 4580 V;

b. In < 11 seconds after auto-start and during tests, achieves frequency > 58.8 Hz and < 61.2 Hz;

c. Operates for > 5 minutes; and

d. The emergency bus remains energized from the offsite power system.

(continued)

Catawba Units 1 and 2 3.8.1-16 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.13 Verify each DG's non-emergency automatic trips are In accordance with bypassed on actual or simulated loss of voltage signal on the Surveillance the emergency bus concurrent with an actual or Frequency Control simulated ESF actuation signal. Program SR 3.8.1.14 ---------------------------------NOTE-------------------------------

Momentary transients outside the load and power factor ranges do not invalidate this test.

Verify each DG operating at a power factor < 0.9 In accordance with operates for > 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months loaded > 5600 kW and the Surveillance

< 5750 kW. Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-17 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.15 ----------------------------------NOTES-----------------------------

1. This Surveillance shall be performed within 5 minutes of shutting down the DG after the DG has operated > 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months loaded > 5600 kW and

< 5750 kW or until operating temperature is stabilized.

Momentary transients outside of load range do not invalidate this test.

2. All DG starts may be preceded by an engine prelube period.

Verify each DG starts and achieves, in < 11 seconds, In accordance with voltage > 3950 V, and frequency > 57 Hz and maintains the Surveillance steady state voltage > 3950 V and < 4580 V and Frequency Control frequency > 58.8 Hz and < 61.2 Hz. Program SR 3.8.1.16 ---------------------------------NOTE---------------------------------

This Surveillance shall not be performed in MODE 1, 2, 3, or 4.

Verify each DG:

a. Synchronizes with offsite power source while In accordance with loaded with emergency loads upon a simulated the Surveillance restoration of offsite power; Frequency Control Program

b. Transfers loads to offsite power source; and

c. Returns to standby operation.

(continued)

Catawba Units 1 and 2 3.8.1-18 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.17 --------------------------------NOTE----------------------------------

This Surveillance shall not be performed in MODE 1, 2, 3, or 4.

Verify, with a DG operating in test mode and connected In accordance with to its bus, an actual or simulated ESF actuation signal the Surveillance overrides the test mode by: Frequency Control Program

a. Returning DG to standby operation; and

b. Automatically energizing the emergency load from offsite power.

SR 3.8.1.18 Verify interval between each sequenced load block is In accordance with within the design interval for each automatic load the Surveillance sequencer. Frequency Control Program (continued)

Catawba Units 1 and 2 3.8.1-19 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.19 --------------------------------NOTES--------------------------------

1. All DG starts may be preceded by an engine prelube period.

2. This Surveillance shall not be performed in MODE 1, 2, 3, or 4.

Verify on an actual or simulated loss of offsite power In accordance with signal in conjunction with an actual or simulated ESF the Surveillance actuation signal: Frequency Control Program

a. De-energization of emergency buses;

b. Load shedding from emergency buses; and

c. DG auto-starts from standby condition and:

1. energizes the emergency bus in

< 11 seconds,

2. energizes auto-connected emergency loads through load sequencer,

3. achieves steady state voltage > 3950 V and < 4580 V,

4. achieves steady state frequency > 58.8 Hz and < 61.2 Hz, and

5. supplies auto-connected emergency loads for > 5 minutes.

(continued)

Catawba Units 1 and 2 3.8.1-20 Amendment Nos. 263/259

AC Sources - Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.20 --------------------------------------NOTE----------------------------

All DG starts may be preceded by an engine prelube period.

Verify when started simultaneously from standby In accordance with condition, each DG achieves, in < 11 seconds, voltage of the Surveillance

> 3950 V and frequency of > 57 Hz and maintains steady Frequency Control state voltage > 3950 V and < 4580 V, and frequency Program

> 58.8 Hz and < 61.2 Hz.

SR 3.8.1.21 For the LCO 3.8.1.c and LCO 3.8.1.d AC electrical In accordance with sources, SR 3.8.1.1, SR 3.8.1.2, SR 3.8.1.4, SR 3.8.1.5, the Surveillance and SR 3.8.1.6 are required to be met. Frequency Control Program Catawba Units 1 and 2 3.8.1-21 Amendment Nos. 263/259 RA-18-0094 Attachment 2 Catawba Technical Specification 3.8.1 Bases Marked Up Pages (For Information Only)

AC SourcesOperating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC SourcesOperating BASES BACKGROUND The unit Essential Auxiliary Power Distribution System AC sources consist of the offsite power sources (preferred power sources, normal and alternate(s)), and the onsite standby power sources (Train A and Train B diesel generators (DGs)). As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems.

The onsite Class 1E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to two preferred offsite power sources and a single DG.

At the 600V level of the onsite Class 1E AC Distribution System, each unit has one motor control center (MCC), 1EMXG and 2EMXH, that each supply power to a train of shared systems. The term shared systems is defined as the shared components of Train A or Train B of Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES). The MCC 1EMXG is normally aligned to receive power from load center 1ELXA but if desired or required to maintain operability of the Train A shared systems, can be swapped to receive power from load center 2ELXA. The MCC 2EMXH is normally aligned to receive power from load center 2ELXB but if desired or required to maintain operability of the Train B shared systems, can be swapped to receive power from load center 1ELXB. The four NSWS pumps (1A, 2A, 1B and 2B) are part of the shared systems and receive power at the 4160V level of the onsite Class 1E AC Distribution System.

There are also provisions to accommodate the connecting of the Emergency Supplemental Power Source (ESPS) to one train of either units Class 1E AC Distribution System. The ESPS consists of two 50%

capacity non-safety related commercial grade DGs. Manual actions are required to align the ESPS to the station and only one of the stations four onsite Class 1E Distribution System trains can be supplied by the ESPS at any given time. The ESPS is made available to support extended Completion Times in the event of an inoperable DG as well as a defense-Catawba Units 1 and 2 B 3.8.1-1 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES BACKGROUND (continued) in-depth source of AC power to mitigate a station blackout event. The ESPS would remain disconnected from the Class 1E AC Distribution System unless required for supplemental power to one of the four 4.16 kV ESF buses.

From the transmission network, two electrically and physically separated circuits provide AC power, through step down station auxiliary transformers, to the 4.16 kV ESF buses. A detailed description of the offsite power network and the circuits to the Class 1E ESF buses is found in the UFSAR, Chapter 8 (Ref. 2).

A qualified offsite circuit consists of all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1E ESF bus(es).

Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the transformer supplying offsite power to the onsite Class 1E Distribution System. Within 1 minute after the initiating signal is received, all automatic and permanently connected loads needed to recover the unit or maintain it in a safe condition are returned to service via the load sequencer.

The onsite standby power source for each 4.16 kV ESF bus is a dedicated DG. DGs A and B are dedicated to ESF buses ETA and ETB, respectively. A DG starts automatically on a safety injection (SI) signal (i.e., low pressurizer pressure or high containment pressure signals) or on an ESF bus degraded voltage or undervoltage signal (refer to LCO 3.3.5, "Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation"). After the DG has started, it will automatically tie to its respective bus after offsite power is tripped as a consequence of ESF bus undervoltage or degraded voltage, independent of or coincident with an SI signal. With no SI signal, there is a 10 minute delay between degraded voltage signal and the DG start signal. The DGs will also start and operate in the standby mode without tying to the ESF bus on an SI signal alone. Following the trip of offsite power, a sequencer strips loads from the ESF bus. When the DG is tied to the ESF bus, loads are then sequentially connected to its respective ESF bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of a loss of preferred power, the ESF electrical loads are automatically connected to the DGs in sufficient time to provide for safe reactor shutdown and to mitigate the consequences of a Design Basis Accident (DBA) such as a loss of coolant accident (LOCA).

Catawba Units 1 and 2 B 3.8.1-2 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES BACKGROUND (continued)

Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the DG in the process.

Approximately 1 minute after the initiating signal is received, all loads needed to recover the unit or maintain it in a safe condition are returned to service.

Ratings for Train A and Train B DGs satisfy the requirements of Regulatory Guide 1.9 (Ref. 3). The continuous service rating of each DG is 7000 kW with 10% overload permissible for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months in any 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. The ESF loads that are powered from the 4.16 kV ESF buses are listed in Reference 2.

APPLICABLE The initial conditions of DBA and transient analyses in the UFSAR, SAFETY ANALYSES Chapter 6 (Ref. 4) and Chapter 15 (Ref. 5), assume ESF systems are OPERABLE. The AC electrical power sources are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System (RCS), and containment design limits are not exceeded.

These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS);

and Section 3.6, Containment Systems.

The OPERABILITY of the AC electrical power sources is consistent with the initial assumptions of the Accident analyses and is based upon meeting the design basis of the unit. This results in maintaining at least one train of the onsite or offsite AC sources OPERABLE during Accident conditions in the event of:

a. An assumed loss of all offsite power or all onsite AC power; and

b. A worst case single failure.

The AC sources satisfy Criterion 3 of 10 CFR 50.36 (Ref. 6).

LCO Two qualified circuits between the offsite transmission network and the onsite Essential Auxiliary Power System and separate and independent DGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an anticipated operational occurrence (AOO) or a postulated DBA.

Additionally, the qualified circuit(s) between the offsite transmission network and the opposite unit onsite Essential Auxiliary Power System when necessary to power shared systems and the opposite unit DG(s)

Catawba Units 1 and 2 B 3.8.1-3 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES LCO (continued) when necessary to power shared systems ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an AOO or a postulated DBA.

Qualified offsite circuits are those that are described in the UFSAR and are part of the licensing basis for the unit.

In addition, one required automatic load sequencer per train must be OPERABLE.

Each offsite circuit must be capable of maintaining rated frequency and voltage, and accepting required loads during an accident, while connected to the ESF buses.

The 4.16 kV essential system is divided into two completely redundant and independent trains designated A and B, each consisting of one 4.16 kV switchgear assembly, three 4.16 kV/600 V transformers, two 600 V load centers, and associated loads.

Normally, each Class 1E 4.16 kV switchgear is powered from its associated non-Class 1E train of the 6.9 kV Normal Auxiliary Power System as discussed in "6.9 kV Normal Auxiliary Power System" in Chapter 8 of the UFSAR (Ref. 2). Additionally, a standby source of power to each 4.16 kV essential switchgear, not required by General Design Criterion 17, is provided from the 6.9 kV system via two separate and independent 6.9/4.16 kV transformers. These transformers are shared between units and provide the capability to supply a standby source of preferred power to each unit's 4.16 kV essential switchgear from either unit's 6.9 kV system. A key interlock scheme is provided to preclude the possibility of connecting the two units together at either the 6.9 or 4.16 kV level.

Each train of the 4.16 kV Essential Auxiliary Power System is also provided with a separate and independent emergency diesel generator to supply the Class 1E loads required to safely shut down the unit following a design basis accident. Additionally, each diesel generator is capable of supplying its associated 4.16 kV blackout switchgear through a connection with the 4.16 kV essential switchgear.

Each DG must be capable of starting, accelerating to rated speed and voltage, and connecting to its respective ESF bus on detection of bus undervoltage. This will be accomplished within 11 seconds. Each DG must also be capable of accepting required loads within the assumed loading sequence intervals, and continue to operate until offsite power can be restored to the ESF buses. These capabilities are required to be Catawba Units 1 and 2 B 3.8.1-4 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES LCO (continued) met from a variety of initial conditions such as DG in standby with the engine hot and DG in standby with the engine at ambient conditions.

Additional DG capabilities must be demonstrated to meet required Surveillance, e.g., capability of the DG to revert to standby status on an ECCS signal while operating in parallel test mode.

Proper sequencing of loads, including tripping of nonessential loads, is a required function for DG OPERABILITY.

The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.

For the offsite AC sources, separation and independence are provided to the extent practical.

LCO 3.8.1.c and LCO 3.8.1.d both use the word necessary to clarify when and how to apply these LCOs on a per unit basis. The word necessary clarifies that the qualified offsite circuit(s) in LCO 3.8.1.c and the DG(s) from the opposite unit in LCO 3.8.1.d are required to shut down the reactor and maintain it in a safe shutdown condition after an AOO or a postulated DBA.

LCO 3.8.1.c specifies that the qualified circuit(s) between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System be OPERABLE when necessary to supply power to the shared systems. LCO 3.8.1.d specifies that the DG(s) from the opposite unit be OPERABLE when necessary to supply power to the shared systems. The LCO 3.8.1.c AC sources in one train must be separate and independent (to the extent possible) of the LCO 3.8.1.c AC sources in the other train. These requirements, in conjunction with the requirements for the applicable unit AC electrical power sources in LCO 3.8.1.a and LCO 3.8.1.b, ensure that power is available to two trains of the shared NSWS, CRAVS, CRACWS and ABFVES.

With no equipment inoperable, two LCO 3.8.1.c AC sources are required to be OPERABLE and two LCO 3.8.1.d AC sources are required to be OPERABLE for each unit. For example, with both units in MODE 1, Unit 1 LCO 3.8.1.c is met by an OPERABLE 2A offsite circuit and an OPERABLE 2B offsite circuit. LCO 3.8.1.d is met by an OPERABLE 2A DG and an OPERABLE 2B DG. In a normal plant alignment, the 2A offsite circuit and the 2A DG are relied upon as the normal and emergency power supplies for the 2A NSWS Pump. The 2B offsite circuit and the 2B DG are relied upon as the normal and emergency power supplies for the 2B NSWS Pump as well as the Train B shared Catawba Units 1 and 2 B 3.8.1-5 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES LCO (continued) systems that are powered at the 600V level of the onsite Class 1E AC Distribution System. For Unit 2, LCO 3.8.1.c is met by an OPERABLE 1A offsite circuit and an OPERABLE 1B offsite circuit. LCO 3.8.1.d is met by an OPERABLE 1A DG and an OPERABLE 1B DG. In a normal plant alignment, the 1A offsite circuit and the 1A DG are relied upon as the normal and emergency power supplies for the 1A NSWS Pump as well as the Train A shared systems that are powered at the 600V level of the onsite Class 1E AC Distribution System. The 1B offsite circuit and the 1B DG are relied upon as the normal and emergency power supplies for the 1B NSWS Pump.

APPLICABILITY The AC sources and sequencers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:

a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and

b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.

A Note has been added taking exception to the Applicability requirements for the required AC sources in LCO 3.8.1.c and LCO 3.8.1.d provided the associated shared systems are inoperable. This exception is intended to allow declaring the shared systems supported by the opposite unit inoperable either in lieu of declaring the opposite unit AC sources inoperable, or at any time subsequent to entering ACTIONS for an inoperable opposite unit AC source.

This exception is acceptable since, with the shared systems supported by the opposite unit inoperable and the associated ACTIONS entered, the opposite unit AC sources provide no additional assurance of meeting the above criteria.

The AC power requirements for MODES 5 and 6 are covered in LCO 3.8.2, "AC SourcesShutdown."

An opposite units operable DG can be credited as an emergency AC power source in any TS MODE of applicability.

Catawba Units 1 and 2 B 3.8.1-6 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS A Note prohibits the application of LCO 3.0.4.b to an inoperable DG.

There is an increased risk associated with entering a MODE or other specified condition in the Applicability with an inoperable DG and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.

When entering Required Actions for inoperable offsite circuit(s) and/or DG(s), it is also necessary to enter the applicable Required Actions of any shared systems LCOs when either normal or emergency power to shared components governed by these LCOs becomes inoperable.

These LCOs include 3.7.8, Nuclear Service Water System (NSWS);

3.7.10, Control Room Area Ventilation System (CRAVS); 3.7.11, Control Room Area Chilled Water System (CRACWS); and 3.7.12, Auxiliary Building Filtered Ventilation Exhaust System (ABFVES).

A.1 To ensure a highly reliable power source remains with one LCO 3.8.1.a offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met.

However, if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition CG, for two offsite circuits inoperable, is entered.

A.2 Required Action A.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function of critical redundant required features.

These features are powered from the redundant AC electrical power train. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three independent AFW pumps are required to ensure the availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis.

The Completion Time for Required Action A.2 is intended to allow the Catawba Units 1 and 2 B 3.8.1-7 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:

a. The train has no offsite power supplying it loads; and

b. A required feature on the other train is inoperable.

If at any time during the existence of Condition A (one LCO 3.8.1.a offsite circuit inoperable) a redundant required feature subsequently becomes inoperable, this Completion Time begins to be tracked.

Discovering no offsite power to one train of the onsite Class 1E Electrical Power Distribution System coincident with one or more inoperable required support or supported features, or both, that are associated with the other train that has offsite power, results in starting the Completion Times for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to Train A and Train B of the onsite Class 1E Distribution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the component OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

A.3 According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action A.3 establishes a limit Catawba Units 1 and 2 B 3.8.1-8 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. If Condition A is entered while, for instance, a LCO 3.8.1.b DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months s14 days. This could lead to a total of 144 hour0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months s17 days, since initial failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months s14 days (for a total of 9 31 days) allowed prior to complete restoration of the LCOLCOs 3.8.1.a and 3.8.1.b. The 6 17 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 6 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock."

This will result in establishing the "time zero" at the time that the LCOLCO 3.8.1.a or LCO 3.8.1.b was initially not met, instead of at the time Condition A was entered.

B.1 It is required to administratively verify both opposite-unit DGs OPERABLE within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and to continue this action once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter until restoration of the required LCO 3.8.1.b DG is accomplished. This verification provides assurance that both opposite-unit DGs are capable of supplying the onsite Class 1E AC Electrical Power Distribution System.

B.12

_- I To ensure a highly reliable power source remains with an inoperable LCO 3.8.1.b DG, it is necessary to verify the availability of the required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

Catawba Units 1 and 2 B 3.8.1-9 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

B.23 Required Action B.2 3 is intended to provide assurance that a loss of offsite power, during the period that a LCO 3.8.1.b DG is inoperable, does not result in a complete loss of safety function of critical systems.

These features are designed with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three independent AFW pumps are required to ensure the availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis. Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable LCO 3.8.1.b DG.

The Completion Time for Required Action B.2 3 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:

a. An inoperable LCO 3.8.1.b DG exists; and

b. A required feature on the other train (Train A or Train B) is inoperable.

If at any time during the existence of this Condition (one LCO 3.8.1.b DG inoperable) a required feature subsequently becomes inoperable, this Completion Time would begin to be tracked.

Discovering one required LCO 3.8.1.b DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the Completion Time for the Required Action. Four hours from the discovery of these events existing concurrently is Acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not Catawba Units 1 and 2 B 3.8.1-10 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) been lost. The 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

B.34.1 and B.34.2 Required Action B.34.1 provides an allowance to avoid unnecessary testing of OPERABLE DG(s). If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed. If the cause of inoperability exists on other DG(s), the other DG(s) would be declared inoperable upon discovery and Condition E and/or I of LCO 3.8.1, as applicable, would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action B.34.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG(s), performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.34.1 or B.34.2, the problem investigation process will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition B.

These Conditions are not required to be entered if the inoperability of the DG is due to an inoperable support system, an independently testable component, or preplanned testing or maintenance. If required, these Required Actions are to be completed regardless of when the inoperable DG is restored to OPERABLE status.

According to Generic Letter 84-15 (Ref. 8), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG.

B.5 In order to extend the Completion Time for an inoperable DG from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days, it is necessary to ensure the availability of the ESPS prior to entering the extended Completion Time of Required Action B.6 (i.e., 14 days) and every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter. The extended Completion Time of ACTION B.6 is defined as 14 days. ESPS availability requires that:

Catawba Units 1 and 2 B 3.8.1-11 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

1) The load test has been performed within 30 days of entry into the extended Completion Time. The Required Action evaluation is met with an administrative verification of this prior to testing; and

2) ESPS fuel tank level is verified locally to be 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months supply; and

3) ESPS supporting system parameters for starting and operating are verified to be within required limits for functional availability (e.g., battery state of charge).

On discovery of an unavailable ESPS, the Completion Time for Required Action B.6 starts the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months or 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months clock.

The ESPS is not used to extend the Completion Time for more than one inoperable DG at any one time.

B.46 According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition B for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

In accordance with Branch Technical Position 8-8 (Ref. 14), operation may continue in Condition B for a period that should not exceed 14 days, provided a supplemental AC power source is available.

In Condition B, the remaining OPERABLE DGs, available ESPS and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 72 hour14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

If the ESPS is or becomes unavailable with an inoperable LCO 3.8.1.b DG, then action is required to restore the ESPS to available status or to restore the DG to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months from discovery of an unavailable ESPS. However, if the ESPS unavailability occurs sometime after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of continuous DG inoperability (i.e., after entering the extended Completion Time for an inoperable DG), then the remaining time to restore the ESPS to available status or to restore the DG to OPERABLE status is limited to 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Times allow for an exception to the normal time zero for beginning the allowed outage time clock. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time only begins on discovery that both an inoperable DG exists and the ESPS is unavailable. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time only begins if the extended Completion Time for the inoperable DG has Catawba Units 1 and 2 B 3.8.1-12 Revision No. 6 - I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) been entered and the ESPS is unavailable.

Therefore, when one LCO 3.8.1.b DG is inoperable due to either preplanned maintenance (preventive or corrective) or unplanned corrective maintenance work, the Completion Time can be extended from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days if it is ensured that ESPS is available for backup operation.

The second fourth Completion Time for Required Action B.4 6 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. If Condition B is entered while, for instance, an a LCO 3.8.1.a offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 144 hour0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months s17 days, since initial failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b, to restore the DG. At this time, an a LCO 3.8.1.a offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9 20 days) allowed prior to complete restoration of the LCOLCO 3.8.1.a and LCO 3.8.1.b.

The 6 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour14 day and 6 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.23, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCOLCO 3.8.1.a or LCO 3.8.1.b was initially not met, instead of at the time Condition B was entered.

C.1.1 and C.1.2 In Condition C with an opposite-unit DG inoperable, the remaining OPERABLE unit-specific DG and required qualified circuits are adequate to supply electrical power to the onsite Class 1E Distribution System.

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition C for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs and the low probability of a DBA occurring during this period.

Catawba Units 1 and 2 B 3.8.1-13 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

D.1 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in de-energization. Therefore, the Required Actions of Condition D are modified by a Note to indicate that when Condition D is entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9 must be immediately entered. This allows Condition D to provide requirements for the loss of a LCO 3.8.1.c offsite circuit and LCO 3.8.1.d DG without regard to whether a train is de-energized. Limiting Condition for Operation 3.8.9 provides the appropriate restrictions for a de-energized train.

To ensure a highly reliable power source remains with one required LCO 3.8.1.c offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuits on a more frequent basis. Since the Required Action only specifies perform, a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition A and G, as applicable, for the two offsite circuits inoperable, is entered.

D.2 Required Action D.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function for the NSWS, CRAVS, CRACWS or the ABFVES. The Completion Time for Required Action D.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal time zero for beginning the allowed outage time clock. In this Required Action, the Completion Time only begins on discovery that both:

a. The train has no offsite power supplying its loads: and

b. NSWS, CRAVS, CRACWS or ABFVES on the other train that has offsite power is inoperable.

If at any time during the existence of Condition D (one required LCO 3.8.1.c offsite circuit inoperable) a train of NSWS, CRAVS, CRACWS or ABFVES becomes inoperable, this Completion Time begins to be tracked.

Discovering no offsite power to one train of the onsite Class 1E Electrical Catawba Units 1 and 2 B 3.8.1-14 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

Power Distribution System coincident with one train of NSWS, CRAVS, CRACWS or ABFVES that is associated with the other train that has offsite power, results in starting the Completion Times for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to Train A and Train B of the onsite Class 1E Distribution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the component OPERABILITY of the redundant counterpart to the inoperable NSWS, CRAVS, CRACWS or ABFVES. Additionally, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

D.3 Consistent with the time provided in ACTION A, operation may continue in Condition D for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one required LCO 3.8.1.c offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.

If the LCO 3.8.1.c required offsite circuit cannot be restored to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , the NSWS, CRAVS, CRACWS and ABFVES components associated with the offsite circuit must be declared inoperable. The ACTIONS associated with the NSWS, CRAVS, CRACWS and ABFVES will ensure the appropriate actions are taken.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

E.1 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in de-energization. Therefore, the Required Actions of Condition E are modified by a Note to indicate that when Condition E is entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9 must be immediately entered. This allows Condition E to provide requirements for the loss of the LCO 3.8.1.c offsite circuit and LCO Catawba Units 1 and 2 B 3.8.1-15 Revision No. 6 - I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) 3.8.1.d DG without regard to whether a train is de-energized. Limiting Condition for Operation 3.8.9 provides the appropriate restrictions for a de-energized train.

The 14 day Completion Time for Required Action E.5 is based on the OPERABILITY of the other three safety-related DGs and the availability of the ESPS. The ESPS is available to power the inoperable DG bus loads in the event of a station blackout or loss of offsite power event. It is required to administratively verify the three safety-related DGs OPERABLE and the ESPS available within one hour and to continue this action once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter until restoration of the required DG is accomplished. This verification provides assurance that the three safety-related DGs and the ESPS are capable of supplying the onsite Class 1E AC Electrical Power Distribution System.

E.2 To ensure a highly reliable power source remains with one required LCO 3.8.1.d DG inoperable, it is necessary to verify the OPERABILITY of the required offsite circuits on a more frequent basis. Since the Required Action only specifies perform, a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

E.3 Required Action E.3 is intended to provide assurance that a loss of offsite power, during the period one required LCO 3.8.1.d DG is inoperable, does not result in a complete loss of safety function for the NSWS, CRAVS, CRACWS or the ABFVES. The Completion Time is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal time zero for beginning the allowed outage time clock. In this Required Action, the Completion Time only begins on discovery that both:

a. An inoperable LCO 3.8.1.d DG exists; and

b. NSWS, CRAVS, CRACWS or ABFVES on the other train that has emergency power is inoperable.

If at any time during the existence of this Condition (the LCO 3.8.1.d DG inoperable) a train of NSWS, CRAVS, CRACWS or ABFVES becomes inoperable, this Completion Time begins to be tracked.

Catawba Units 1 and 2 B 3.8.1-16 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

Discovering the LCO 3.8.1.d DG inoperable coincident with one train of NSWS, CRAVS, CRACWS or ABFVES that is associated with the other train that has emergency power results in starting the Completion Time for the Required Action. Four hours from the discovery of these events existing concurrently is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The four hour Completion Time also takes into account the capacity and capability of the remaining NSWS, CRAVS, CRACWS and ABFVES train, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

E.4.1 and E.4.2 Required Action E.4.1 provides an allowance to avoid unnecessary testing of OPERABLE DGs. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG(s), SR 3.8.1.2 does not have to be performed. If the cause of inoperability exists on other DG(s), the other DG(s) would be declared inoperable upon discovery and Condition B and I of LCO 3.8.1, as applicable, would be entered. Once the failure is repaired, the common cause failure no longer exists and Required Action E.4.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG(s),

performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of the DG(s).

In the event the inoperable DG is restored to OPERABLE status prior to completing either E.4.1 or E.4.2, the problem investigation process will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition E.

According to Generic Letter 84-15 (Ref. 8), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG.

E.5 Consistent with the time provided in ACTION B, operation may continue in Condition E for a period that should not exceed 14 days. In Condition E, the remaining OPERABLE DGs, available ESPS and offsite power circuits are adequate to supply electrical power to the Class 1E Catawba Units 1 and 2 B 3.8.1-17 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

Distribution System.

If the LCO 3.8.1.d DG cannot be restored to OPERABLE status within 14 days, then the NSWS, CRAVS, CRACWS and ABFVES components associated with this DG must be declared inoperable. The Actions associated with the NSWS, CRAVS, CRACWS and ABFVES will ensure the appropriate actions are taken.

The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

F.1.1 and F.1.2 In Condition F, with an additional safety-related DG inoperable or the ESPS unavailable, the remaining OPERABLE DG and qualified circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. According to Regulatory Guide 1.93 (Ref. 7),

operation may continue in Condition F for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

F.1.3 If the LCO 3.8.1.d DG cannot be restored to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , then the NSWS, CRAVS, CRACWS and ABFVES components associated with this DG must be declared inoperable. The Required Actions associated with the NSWS, CRAVS, CRACWS and ABFVES will ensure that the appropriate actions are taken.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

CG.1 and CG.2 Condition G is entered when both offsite circuits required by LCO 3.8.1.a are inoperable, or when the offsite circuit required by LCO 3.8.1.c and one offsite circuit required by LCO 3.8.1.a are concurrently inoperable.

Condition G is also entered when two offsite circuits required by LCO 3.8.1.c are inoperable.

Required Action CG.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a Catawba Units 1 and 2 B 3.8.1-18 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatory Guide 1.93 (Ref. 7) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE. When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. These features are powered from redundant AC safety trains. This includes motor driven auxiliary feedwater pumps.

Single train features, such as turbine driven auxiliary pumps, are not included in the list.

The Completion Time for Required Action CG.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action the Completion Time only begins on discovery that both:

a. All required offsite circuits are inoperable; and

b. A required feature is inoperable.

If at any time during the existence of Condition C G (two LCO 3.8.1.a offsite circuits inoperable or one LCO 3.8.1.a offsite circuit and one LCO 3.8.1.c offsite circuit inoperable or two LCO 3.8.1.c offsite circuits inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked.

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition C G for a period that should not exceed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds to a total loss of the immediately accessible offsite power sources.

Because of the normally high availability of the offsite sources, this level of degradation may appear to be more severe than other combinations of two AC sources inoperable that involve one or more DGs inoperable.

However, two factors tend to decrease the severity of this level of degradation:

a. The configuration of the redundant AC electrical power system that Catawba Units 1 and 2 B 3.8.1-19 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) remains available is not susceptible to a single bus or switching failure; and

b. The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source.

With both of the required offsite circuits inoperable, sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a DBA or transient. In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety analysis. Thus, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.

According to Reference 6, with the available offsite AC sources, two less than required by the LCO, operation may continue for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If two offsite sources are restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , unrestricted operation may continue. If only one offsite source is restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , power operation continues in accordance with Condition A or D, as applicable.

DH.1 and DH.2 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in de-energization. Therefore, the Required Actions of Condition D H are modified by a Note to indicate that when Condition D H is entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9, "Distribution SystemsOperating," must be immediately entered. This allows Condition D H to provide requirements for the loss of one offsite circuit and one DG, without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train.

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition D H for a period that should not exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

In Condition DH, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition C G (loss of both two required offsite circuits). This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The Catawba Units 1 and 2 B 3.8.1-20 Revision No. 6 - I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued) 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

EI.1 With Train A and Train B DGstwo LCO 3.8.1.b DGs inoperable, there are no remaining standby AC sources to provide power to most of the ESF systems. With one LCO 3.8.1.d DG inoperable and a LCO 3.8.1.b DG inoperable, or with two DGs required by LCO 3.8.1.d inoperable, there are no remaining standby AC sources to the NSWS, CRAVS, CRACWS and ABFVES. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions. Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk associated with continued operation for a very short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the time allowed for continued operation is severely restricted. The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with this level of degradation.

According to Reference 7, with both LCO 3.8.1.b DGs inoperable, with the LCO 3.8.1.b DG and the LCO 3.8.1.d DG inoperable, or with two DGs required by LCO 3.8.1.d inoperable, operation may continue for a period that should not exceed 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months .

FJ.1 The sequencer(s) is an essential support system to both the offsite circuit and the DG associated with a given ESF bus. Furthermore, the sequencer is on the primary success path for most major AC electrically powered safety systems powered from the associated ESF bus.

Therefore, loss of an ESF bus sequencer affects every major ESF system in the train. When a sequencer is inoperable, its associated unit and train related offsite circuit and DG must also be declared inoperable and their corresponding Conditions must also be entered. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time provides a period of time to correct the problem commensurate with the importance of maintaining sequencer OPERABILITY. This time period also ensures that the probability of an accident (requiring sequencer OPERABILITY) occurring during periods when the sequencer is inoperable is minimal.

Catawba Units 1 and 2 B 3.8.1-21 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES ACTIONS (continued)

GK.1 and GK.2 If the inoperable AC electric power sources cannot be restored to OPERABLE status within the required Completion Time,If any Required Action and associated Completion Time of Conditions A, C, F, G, H, I, or J are not met, the unit must be brought to a MODE in which the LCO does not apply. Furthermore, if any Required Action and associated Completion Time of Required Actions B.2, B.3, B.4.1, B.4.2, B.6, E.2, E.3, E.4.1, E.4.2, or E.5 are not met, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.

HL.1 Condition H L corresponds to a level of degradation in which all redundancy in the LCO 3.8.1.a and LCO 3.8.1.b AC electrical power supplies has been lost or in which all redundancy in LCO 3.8.1.c and LCO 3.8.1.d AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. Therefore, no additional time is justified for continued operation. The unit is required by LCO 3.0.3 to commence a controlled shutdown.

SURVEILLANCE The AC sources are designed to permit inspection and testing of all REQUIREMENTS important areas and features, especially those that have a standby function, in accordance with 10 CFR 50, Appendix A, GDC 18 (Ref. 9).

Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions). The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3), Regulatory Guide 1.108 (Ref. 10), and Regulatory Guide 1.137 (Ref. 11), as addressed in the UFSAR.

Where the SRs discussed herein specify voltage and frequency tolerances, the following is applicable. The minimum steady state output voltage of 3950 V is 95% of the nominal 4160 V output voltage. This value allows for voltage drop to the terminals of 4000 V motors whose minimum operating voltage is specified as 90% or 3600 V. It also allows for voltage drops to motors and other equipment down through the 120 V level where minimum operating voltage is also usually specified as 90%

Catawba Units 1 and 2 B 3.8.1-22 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued) of name plate rating.

The specified maximum steady state output voltage of 4580 V is equal to the maximum operating voltage specified for 4000 V motors. It ensures that for a lightly loaded distribution system, the voltage at the terminals of 4000 V motors is no more than the maximum rated operating voltages.

The specified minimum and maximum frequencies of the DG are 58.8 Hz and 61.2 Hz, respectively. These values are equal to +/- 2% of the 60 Hz nominal frequency and are derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3).

The SRs are modified by a Note which states that SR 3.8.1.1 through SR 3.8.1.20 are applicable to LCO 3.8.1.a and LCO 3.8.1.b AC sources. The Note also states that SR 3.8.1.21 is applicable to LCO 3.8.1.c and LCO 3.8.1.d AC sources. This Note clarifies that not all of the SRs are applicable to all the components described in the LCO.

SR 3.8.1.1 This SR ensures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that appropriate independence of offsite circuits is maintained. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.2 and SR 3.8.1.7 These SRs help to ensure the availability of the standby electrical power supply to mitigate DBAs and transients and to maintain the unit in a safe shutdown condition.

To minimize the wear on moving parts that do not get lubricated when the engine is not running, these SRs are modified by a Note (Note 2 for SR 3.8.1.2) to indicate that all DG starts for these Surveillances may be preceded by an engine prelube period and followed by a warmup period prior to loading.

For the purposes of SR 3.8.1.2 and SR 3.8.1.7 testing, the DGs are started from standby conditions using a manual start, loss of offsite power signal, safety injection signal, or loss of offsite power coincident with a safety injection signal. Standby conditions for a DG mean that the Catawba Units 1 and 2 B 3.8.1-23 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued) diesel engine coolant and oil are being continuously circulated and temperature is being maintained consistent with manufacturer recommendations.

In order to reduce stress and wear on diesel engines, the manufacturer recommends a modified start in which the starting speed of DGs is limited, warmup is limited to this lower speed, and the DGs are gradually accelerated to synchronous speed prior to loading. These start procedures are the intent of Note 3, which is only applicable when such modified start procedures are recommended by the manufacturer.

SR 3.8.1.7 requires that the DG starts from standby conditions and achieves required voltage and frequency within 11 seconds. The 11 second start requirement supports the assumptions of the design basis LOCA analysis in the UFSAR, Chapter 15 (Ref. 5).

The 11 second start requirement is not applicable to SR 3.8.1.2 (see Note 3) when a modified start procedure as described above is used. If a modified start is not used, the 11 second start requirement of SR 3.8.1.7 applies.

Since SR 3.8.1.7 requires a 11 second start, it is more restrictive than SR 3.8.1.2, and it may be performed in lieu of SR 3.8.1.2. This is the intent of Note 1 of SR 3.8.1.2.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to the equivalent of the maximum expected accident loads. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.

Although no power factor requirements are established by this SR, the DG is normally operated at a power factor between 0.8 lagging and 1.0.

The 0.8 value is the design rating of the machine, while the 1.0 is an operational limitation to ensure circulating currents are minimized. The load band is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

Catawba Units 1 and 2 B 3.8.1-24 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by four Notes. Note 1 indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized. Note 2 states that momentary transients, because of changing bus loads, do not invalidate this test. Similarly, momentary power factor transients above the limit do not invalidate the test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations. Note 4 stipulates a prerequisite requirement for performance of this SR. A successful DG start must precede this test to credit satisfactory performance.

SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is at or above the level at which fuel oil is automatically added. The level is expressed as an equivalent volume in gallons, and is selected to ensure adequate fuel oil for a minimum of 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months of DG operation at full load plus 10%.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation. There are numerous bacteria that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks eliminates the necessary environment for bacterial survival. This is the most effective means of controlling microbiological fouling. In addition, it eliminates the potential for water entrainment in the fuel oil during DG operation. Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and breakdown of the fuel oil by bacteria. Frequent checking for and removal of accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is for preventative maintenance.

The presence of water does not necessarily represent failure of this SR, Catawba Units 1 and 2 B 3.8.1-25 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued) provided the accumulated water is removed during the performance of this Surveillance.

SR 3.8.1.6 This Surveillance demonstrates that each required fuel oil system operates and transfers fuel oil from its associated storage tanks to its associated day tank. This is required to support continuous operation of standby power sources. This Surveillance provides assurance that the fuel oil valve is OPERABLE, and allows gravity feed of fuel oil to the day tank from underground storage tanks, to ensure the fuel oil piping system is intact, the fuel delivery piping is not obstructed, and the controls and control systems for fuel transfer systems are OPERABLE.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.7 See SR 3.8.1.2.

SR 3.8.1.8 Transfer of each 4.16 kV ESF bus power supply from the normal offsite circuit to the alternate offsite circuit demonstrates the capability of the alternate circuit distribution network to power the shutdown loads. The alternate circuit distribution network consists of an offsite power source through a 6.9 kV bus incoming breaker, its associated 6.9 kV bus tie breaker and the aligned 6.9/4.16 kV transformer to the essential bus.

The requirement of this SR is the transfer from the normal offsite circuit to the alternate offsite circuit via the automatic and manual actuation of the 6.9 kV bus tie breaker and 6.9 kV bus incoming breakers upon loss of the normal offsite source that is being credited. The 6.9 kV bus tie breaker provides a means for each of the offsite circuits to act as a backup in the event power is not available from one of the circuits. The Catawba power system design, without the tie breaker, meets all GDC 17 requirements as well as all other standards to which Catawba is committed. If the tie breaker is incapable of closing manually or automatically during its required MODE of applicability, then the Surveillance is not met and the normal offsite circuit that supplies that Class 1E ESF bus is inoperable and the applicable Condition shall be entered and the Required Actions shall be performed. Table B 3.8.1-1 identifies the offsite circuit affected by a non-functioning tie breaker.

Catawba Units 1 and 2 B 3.8.1-26 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

The intent of the tie breaker is to provide an alternate means of power to a Class 1E ESF bus; this assumes there are two available offsite circuits.

In the event an offsite circuit is lost for any reason, the function of the tie breaker is to close, and the offsite circuit that is supplying its normally connected Class 1E ESF bus is fully OPERABLE. With the tie breaker closed, then both Class 1E ESF buses are provided power from a single offsite circuit. The normally connected offsite circuit of the Class 1E ESF bus that is being supplied through the tie breaker shall be declared inoperable and the applicable Condition shall be entered and the Required Actions shall be performed. If the tie breaker does not close, then the associated Class 1E ESF bus will be supplied power from its associated DG. In this event, the associated offsite circuit is inoperable and the applicable Condition shall be entered and the Required Actions shall be performed. Capability of manually swapping to a standby transformer is not required to satisfy this SR. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Catawba Units 1 and 2 B 3.8.1-27 Revision No. 6 - I

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

Table B 3.8.1-1 (page 1 of 1)

Relationship between Tie Breakers and Offsite Circuits Tie Breaker Description Essential Load Center and Affected Offsite Transformer Circuit 1TA-7 7kV Bus 1TA 1ETA from 1ATC Tie Breaker 1TC-7 7kV Bus 1TC 1ETA from SATA from Unit 1 Tie Breaker 1A 2TC-7 7kV Bus 2TC 1ETA from SATA from Unit 2 Tie Breaker 1TD-7 7kV Bus 1TD 1ETB from 1ATD Tie Breaker 1TB-7 7kV Bus 1TB 1ETB from SATB from Unit 1 Tie Breaker 1B 2TB-7 7kV Bus 2TB 1ETB from SATB from Unit 2 Tie Breaker 2TA-7 7kV Bus 2TA 2ETA from 2ATC Tie Breaker 1TC-7 7kV Bus 1TC 2ETA from SATA from Unit 1 Tie Breaker 2A 2TC-7 7kV Bus 2TC 2ETA from SATA from Unit 2 Tie Breaker 2TD-7 7kV Bus 2TD 2ETB from 2ATD Tie Breaker 1TB-7 7kV Bus 1TB 2ETB from SATB from Unit 1 2B Tie Breaker 2TB-7 7kV Bus 2TB 2ETB from SATB from Unit 2 Tie Breaker Catawba Units 1 and 2 B 3.8.1-28 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.9 Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single load without exceeding predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the single load for each DG and its horsepower rating is as follows: Nuclear Service Water pump which is a 1000 H.P. motor. This Surveillance may be accomplished by:

a. Tripping the DG output breaker with the DG carrying greater than or equal to its associated single largest post-accident load while paralleled to offsite power, or while solely supplying the bus; or

b. Tripping its associated single largest post-accident load with the DG solely supplying the bus.

As required by Regulatory Guide 1.9 (Ref. 3), the load rejection test is acceptable if the increase in diesel speed does not exceed 75% of the difference between synchronous speed and the overspeed trip setpoint.

The value of 63 Hz has been selected for the frequency limit for the load rejection and it is a more conservative limit than required by Reference 3.

The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequence intervals. The 3 seconds specified is equal to 60% of a typical 5 second load sequence interval associated with sequencing of the largest load. The voltage and frequency specified are consistent with the design range of the equipment powered by the DG. SR 3.8.1.9.a corresponds to the maximum frequency excursion, while SR 3.8.1.9.b and SR 3.8.1.9.c are steady state voltage and frequency values to which the system must recover following load rejection. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. In order to ensure that the DG is tested under load conditions that are as close to design basis conditions as possible, the Note requires that, if synchronized to offsite power, testing must be performed using a power factor 0.9. This power factor is chosen to be representative of the actual design basis inductive loading that the DG would experience.

Catawba Units 1 and 2 B 3.8.1-29 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.10 This Surveillance demonstrates the DG capability to reject a full load without overspeed tripping or exceeding the predetermined voltage limits.

The DG full load rejection may occur because of a system fault or inadvertent breaker tripping. This Surveillance ensures proper engine generator load response under the simulated test conditions. This test simulates the loss of the total connected load that the DG experiences following a full load rejection and verifies that the DG does not trip upon loss of the load. These acceptance criteria provide for DG damage protection. While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG is not degraded for future application, including reconnection to the bus if the trip initiator can be corrected or isolated.

Although not representative of the design basis inductive loading that the DG would experience, a power factor of approximately unity (1.0) is used for testing. This power factor is chosen in accordance with manufacturer's recommendations to minimize DG overvoltage damage during testing.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.11 As required by Regulatory Guide 1.108 (Ref. 10), paragraph 2.a.(1), this Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source. This test verifies all actions encountered from the loss of offsite power, including shedding of the nonessential loads and energization of the emergency buses and respective loads from the DG. It further demonstrates the capability of the DG to automatically achieve the required voltage and frequency within the specified time.

The DG autostart time of 11 seconds is derived from requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability is achieved.

Catawba Units 1 and 2 B 3.8.1-30 Revision No. 6- I

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

The requirement to verify the connection and power supply of the emergency bus and autoconnected loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, Emergency Core Cooling Systems (ECCS) injection valves are not desired to be stroked open, or high pressure injection systems are not capable of being operated at full flow, or residual heat removal (RHR) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG systems to perform these functions is acceptable.

This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations. The reason for Note 2 is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. This restriction from normally performing the Surveillance in MODE 1, 2, 3, or 4 is further amplified to allow portions of the Surveillance to be performed for the purpose of reestablishing OPERABILITY (e.g. post work testing following corrective maintenance, corrective modification, deficient or incomplete surveillance testing, and other unanticipated OPERABILITY concerns) provided an assessment determines plant safety is maintained or enhanced. This assessment shall, at a minimum, consider the potential outcomes and transients associated with a failed partial Surveillance, a successful partial Surveillance, and a perturbation of the offsite or onsite system when they are tied together or operated independently for the partial Surveillance; as well as the operator procedures available to cope with these outcomes. These shall be measured against the avoided risk of a plant shutdown and startup to determine that plant safety is maintained or enhanced when portions of the Surveillance are performed in MODE 1, 2, 3, or 4. Risk insights or deterministic methods may be used for this assessment. Credit may be taken for unplanned events that satisfy this SR.

Catawba Units 1 and 2 B 3.8.1-31 - I Revision No. 6

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.12 This Surveillance demonstrates that the DG automatically starts and achieves the required voltage and frequency within the specified time (11 seconds) from the design basis actuation signal (LOCA signal) and operates for 5 minutes. The 5 minute period provides sufficient time to demonstrate stability. SR 3.8.1.12.d ensures that the emergency bus remains energized from the offsite electrical power system on an ESF signal without loss of offsite power.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note.

The reason for the Note is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

SR 3.8.1.13 This Surveillance demonstrates that DG non-emergency protective functions (e.g., high jacket water temperature) are bypassed on a loss of voltage signal concurrent with an ESF actuation test signal. Non-emergency automatic trips are all automatic trips except:

a. Engine overspeed;

b. Generator differential current;

c. Low - low lube oil pressure; and

d. Voltage control overcurrent relay scheme.

The non-emergency trips are bypassed during DBAs and provide an alarm on an abnormal engine condition. This alarm provides the operator with sufficient time to react appropriately. The DG availability to mitigate the DBA is more critical than protecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG. Currently, DG emergency automatic trips are tested periodically per the station periodic maintenance program.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Catawba Units 1 and 2 B 3.8.1-32 - I Revision No. 6

AC SourcesOperating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.14 Regulatory Guide 1.108 (Ref. 10), paragraph 2.a.(3), requires demonstration that the DGs can start and run continuously at full load capability for an interval of not less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . The DG starts for this Surveillance can be performed either from standby or hot conditions. The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual loading, discussed in SR 3.8.1.3, are applicable to this SR.

In order to ensure that the DG is tested under load conditions that are as close to design conditions as possible, testing must be performed using a power factor of 0.9. This power factor is chosen to be representative of the actual design basis inductive loading that the DG would experience.

The load band is provided to avoid routine overloading of the DG.

Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This Surveillance is modified by a Note. The Note states that momentary transients due to changing bus loads do not invalidate this test. Similarly, momentary power factor transients above the power factor limit will not invalidate the test.

SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency within 11 seconds. The 11 second time is derived from the requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY. The requirement that the diesel has operated for at least an hour at full load conditions prior to performance of this Surveillance is based on Catawba Units 1 and 2 B 3.8.1-33 - I Revision No. 6

AC SourcesOperating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued) manufacturer recommendations for achieving hot conditions. Momentary transients due to changing bus loads do not invalidate this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing.

SR 3.8.1.16 As required by Regulatory Guide 1.108 (Ref. 10), paragraph 2.a.(6), this Surveillance ensures that the manual synchronization and automatic load transfer from the DG to the offsite source can be made and the DG can be returned to standby operation when offsite power is restored. It also ensures that the autostart logic is reset to allow the DG to reload if a subsequent loss of offsite power occurs. The DG is considered to be in standby operation when the DG is at rated speed and voltage, the output breaker is open and can receive an autoclose signal on bus undervoltage, and the load sequence timers are reset.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. This restriction from normally performing the Surveillance in MODE 1, 2, 3, or 4 is further amplified to allow the Surveillance to be performed for the purpose of reestablishing OPERABILITY (e.g. post work testing following corrective maintenance, corrective modification, deficient or incomplete surveillance testing, and other unanticipated OPERABILITY concerns) provided an assessment determines plant safety is maintained or enhanced. This assessment shall, at a minimum, consider the potential outcomes and transients associated with a failed Surveillance, a successful Surveillance, and a perturbation of the offsite or onsite system when they are tied together or operated independently for the Surveillance; as well as the operator procedures available to cope with these outcomes. These shall be measured against the avoided risk of a plant shutdown and startup to determine that plant safety is maintained or enhanced when the Surveillance is performed in MODE 1, 2, 3, or 4. Risk insights or deterministic methods may be used for this assessment. Credit may be taken for unplanned events that satisfy this SR.

Catawba Units 1 and 2 B 3.8.1-34 - I Revision No. 6

AC SourcesOperating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.17 Demonstration of the test mode override ensures that the DG availability under accident conditions will not be compromised as the result of testing and the DG will automatically reset to standby operation if a LOCA actuation signal is received during operation in the test mode. Standby operation is defined as the DG running at rated speed and voltage with the DG output breaker open. These provisions for automatic switchover are required by Regulatory Guide 1.9 (Ref. 3).

The requirement to automatically energize the emergency loads with offsite power is essentially identical to that of SR 3.8.1.12. The intent in the requirement associated with SR 3.8.1.17.b is to show that the emergency loading was not affected by the DG operation in test mode.

In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the emergency loads to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. This restriction from normally performing the Surveillance in MODE 1, 2, 3, or 4 is further amplified to allow portions of the Surveillance to be performed for the purpose of reestablishing OPERABILITY (e.g. post work testing following corrective maintenance, corrective modification, deficient or incomplete surveillance testing, and other unanticipated OPERABILITY concerns) provided an assessment determines plant safety is maintained or enhanced. This assessment shall, at a minimum, consider the potential outcomes and transients associated with a failed partial Surveillance, a successful partial Surveillance, and a perturbation of the offsite or onsite system when they are tied together or operated independently for the partial Surveillance; as well as the operator procedures available to cope with these outcomes. These shall be measured against the avoided risk of a plant shutdown and startup to determine that plant safety is maintained or enhanced when portions of the Surveillance are performed in MODE 1, 2, 3, or 4. Risk insights or deterministic methods may be used for this assessment. Credit may be taken for unplanned events that satisfy this SR.

Catawba Units 1 and 2 B 3.8.1-35 - I Revision No. 6

AC SourcesOperating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.18 Under accident and loss of offsite power conditions loads are sequentially connected to the bus by the automatic load sequencer. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents. The load sequence time interval tolerance in Table 8-6 of Reference 2 ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF equipment time delays are not violated.

Table 8-6 of Reference 2 provides a summary of the automatic loading of ESF buses.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.8.1.19 In the event of a DBA coincident with a loss of offsite power, the DGs are required to supply the necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.

This Surveillance demonstrates the DG operation, as discussed in the Bases for SR 3.8.1.11, during a loss of offsite power actuation test signal in conjunction with an ESF actuation signal. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations for DGs. The reason for Note 2 is that the performance of the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. This restriction from normally performing the Surveillance in MODE 1, 2, 3, or 4 is further amplified to Catawba Units 1 and 2 B 3.8.1-36 Revision No. 6- I

AC SourcesOperating B 3.8.1 BASES SURVEILLANCE REQUIREMENTS (continued) allow portions of the Surveillance to be performed for the purpose of reestablishing OPERABILITY (e.g. post work testing following corrective maintenance, corrective modification, deficient or incomplete surveillance testing, and other unanticipated OPERABILITY concerns) provided an assessment determines plant safety is maintained or enhanced. This assessment shall, at a minimum, consider the potential outcomes and transients associated with a failed partial Surveillance, a successful partial Surveillance, and a perturbation of the offsite or onsite system when they are tied together or operated independently for the partial Surveillance; as well as the operator procedures available to cope with these outcomes. These shall be measured against the avoided risk of a plant shutdown and startup to determine that plant safety is maintained or enhanced when portions of the Surveillance are performed in MODE 1, 2, 3, or 4. Risk insights or deterministic methods may be used for this assessment. Credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.20 This Surveillance demonstrates that the DG starting independence has not been compromised. Also, this Surveillance demonstrates that each engine can achieve proper speed within the specified time when the DGs are started simultaneously.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

SR 3.8.1.21 This SR lists the SRs that are applicable to LCO 3.8.1.c and LCO 3.8.1.d (SRs 3.8.1.1, 3.8.1.2, 3.8.1.4, 3.8.1.5 and 3.8.1.6). Meeting any single SR for LCO 3.8.1.c and LCO 3.8.1.d will satisfy both Unit 1 and Unit 2 requirements for that SR.

Catawba Units 1 and 2 B 3.8.1-37 Revision No. 6- I

AC SourcesOperating B 3.8.1 BASES REFERENCES 1. 10 CFR 50, Appendix A, GDC 17.

2. UFSAR, Chapter 8.

3. Regulatory Guide 1.9, Rev. 2, December 1979.

4. UFSAR, Chapter 6.

5. UFSAR, Chapter 15.

6. 10 CFR 50.36, Technical Specifications, (c)(2)(ii).

7. Regulatory Guide 1.93, Rev. 0, December 1974.

8. Generic Letter 84-15, "Proposed Staff Actions to Improve and Maintain Diesel Generator Reliability," July 2, 1984.

9. 10 CFR 50, Appendix A, GDC 18.

10. Regulatory Guide 1.108, Rev. 1, August 1977 (Supplement September 1977).

11. Regulatory Guide 1.137, Rev. 1, October 1979.

12. ASME, Boiler and Pressure Vessel Code,Section XI.

13. Response to a Request for Additional Information (RAI) concerning the June 5, 2006 License Amendment Request (LAR) Applicable to Technical Specification (TS) 3.8.1, AC Sources-Operating, Surveillance Requirement (SR) 3.8.1.13, (TAC NOS. MD3217, MD3218, MD3219, and MD3220), April 4, 2007.

14. Branch Technical Position 8-8, February 2012.

Catawba Units 1 and 2 B 3.8.1-38 Revision No. 6- I RA-18-0094 Attachment 3 Catawba Technical Specification 3.7.8 Bases Marked Up Pages (For Information Only)

NSWS B 3.7.8 B 3.7 PLANT SYSTEMS B 3.7.8 Nuclear Service Water System (NSWS)

BASES BACKGROUND The NSWS, including Lake Wylie and the Standby Nuclear Service Water Pond (SNSWP), provides a heat sink for the removal of process and operating heat from safety related components during a Design Basis Accident (DBA) or transient. During normal operation, and a normal shutdown, the NSWS also provides this function for various safety related and nonsafety related components. The safety related function is covered by this LCO.

The NSWS consists of two independent loops (A and B) of essential equipment, each of which is shared between units. Each loop contains two NSWS pumps, each of which is supplied from a separate emergency diesel generator. Each set of two pumps supplies two trains (1A and 2A, or 1B and 2B) of essential equipment through common discharge piping.

While the pumps are unit designated, i.e., 1A, 1B, 2A, 2B, all pumps receive automatic start signals from a safety injection or blackout signal from either unit. Therefore, a pump designated to one unit will supply post accident cooling to equipment in that loop on both units, provided its associated emergency diesel generator is available. For example, the 1A NSWS pump, supplied by emergency diesel 1A, will supply post accident cooling to NSWS trains 1A and 2A.

One NSWS loop containing two OPERABLE NSWS pumps has sufficient capacity to supply post loss of coolant accident (LOCA) loads on one unit and shutdown and cooldown loads on the other unit. Thus, the OPERABILITY of two NSWS loops assures that no single failure will keep the system from performing the required safety function.

Furthermore, one OPERABLE NSWS pump on each NSWS loop has sufficient capacity to supply post LOCA loads on one unit and shutdown and cooldown loads on the other unit. Additionally, one NSWS loop containing one OPERABLE NSWS pump has sufficient capacity to maintain one unit indefinitely in MODE 5 (commencing 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months following a trip from RTP) while supplying the post LOCA loads of the other unit.

Thus, after a unit has been placed in MODE 5, only one NSWS pump and its associated emergency diesel generator are required to be OPERABLE on each loop, in order for the system to be capable of performing its required safety function, including single failure considerations.

Additional information about the design and operation of the NSWS, Catawba Units 1 and 2 B 3.7.8-1 - I Revision No. 5

NSWS B 3.7.8 BASES LCO (continued)

The NSWS system is shared between the two units. The shared portions of the system must be OPERABLE for each unit when that unit is in the MODE of Applicability. Additionally, both normal and emergency power for shared components must also be OPERABLE. If a shared NSWS component becomes inoperable, or normal or emergency power to shared components becomes inoperable, then the Required Actions of this LCO must be entered independently for each unit that is in the MODE of applicability of the LCO, except as noted in a.2 above for operation in the normal dual supply header alignment. In this case, sufficient flow is available, however, this configuration results in inoperabilities within other required systems on one unit and the associated Required Actions must be entered. Use of a NSWS pump and associated diesel generator on a shutdown unit to support continued operation (> 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ) of a unit with an inoperable NSWS pump is prohibited. A shutdown unit supplying its associated emergency power source (1EMXG/2EMXH) cannot be credited for OPERABILITY of components supporting the operating unit.

APPLICABILITY In MODES 1, 2, 3, and 4, the NSWS is a normally operating system that is required to support the OPERABILITY of the equipment serviced by the NSWS and required to be OPERABLE in these MODES.

In MODES 5 and 6, the requirements of the NSWS are determined by the systems it supports.

ACTIONS A.1 Condition A is modified by a Note indicating that this Condition is not applicable while in Condition C of this LCO unless entry is directed by Note 2 of Condition C.

If one NSWS train is inoperable, action must be taken to restore OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . In this Condition, the remaining OPERABLE NSWS train is adequate to perform the heat removal function. However, the overall reliability is reduced because a single failure in the OPERABLE NSWS train could result in loss of NSWS function. Due to the shared nature of the NSWS, both units are required to enter a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Action when a NSWS Train becomes inoperable on either unit. Required Action A.1 is modified by two Notes. The first Note indicates that the applicable Conditions and Required Actions of LCO 3.8.1, "AC SourcesOperating," should be entered if an inoperable Catawba Units 1 and 2 B 3.7.8-4 - I Revision No. 5 RA-18-0094 Attachment 4 Additional Information from NRC Audit RA-18-0094 Additional Information from NRC Audit:

By letter dated May 2, 2017 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML17122A116), as supplemented by letters dated July 20, 2017 (ADAMS Accession No. ML17201Q132) and November 21, 2017 (ADAMS Accession No. ML17325A588), Duke Energy Carolinas, LLC (Duke Energy) submitted a license amendment request (LAR) to extend the Completion Time for an inoperable diesel generator in Technical Specification (TS) 3.8.1, AC Sources - Operating. The proposed change would also alter the AC power source operability requirements for the Nuclear Service Water System (NSWS),

Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES) (i.e., shared systems).

On May 8-9, 2018, Duke Energy hosted a regulatory audit for the U.S. Nuclear Regulatory Commission (NRC) and its contractors to support the review of the above-mentioned LAR (ADAMS Accession No. ML18117A187). In order for the NRC staff to complete its review of the request, the following additional information is requested. The Duke Energy responses pertain to Catawba Nuclear Station, Unit Nos. 1 and 2 (CNS) only. The McGuire Nuclear Station, Unit Nos. 1 and 2 (MNS) responses were provided in a separate supplement, dated July 10, 2018 (ADAMS Accession Nos ML18191A500, ML18191A545, and ML18191A564).

APLA RAI Disposition of PRA F&Os The license amendment request (LAR) for the McGuire Nuclear Station (MNS) and Catawba Nuclear Station (CNS), dated May 2, 2017, states that the proposed change to the Technical Specification (TS) completion time has been developed using the risk-informed processes described in Regulatory Guide (RG) 1.174, Revision 2, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis" (Agencywide Documents Access and Management System (ADAMS) Accession No. ML100910006), and RG 1.177, Revision 1, An Approach for Plant-Specific, Risk-Informed Decision making: Technical Specifications (ADAMS Accession No. ML100910008). Based on Section 2.3.1 of RG 1.177, the technical adequacy of the probabilistic risk assessment (PRA) must be compatible with the safety implications of the Technical Specification change being requested and the role that the PRA plays in justifying that change. The RG 1.177 endorses the guidance provided in RG 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities (ADAMS Accession No. ML090410014), on PRA technical adequacy. The RG 1.200 describes a peer review process utilizing American Society of Mechanical Engineers/American Nuclear Society (ASME/ANS) PRA standard RA-Sa-2009, "Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008," as one acceptable approach for determining the technical adequacy of the PRA once acceptable consensus approaches or models have been established for evaluations that could influence the regulatory decision.

Page 2 of 47 RA-18-0094 , PRA Peer Review Findings and Resolutions, of the LAR provides PRA peer review findings and dispositions for the CNS internal events and high winds PRAs. Address the following questions related to the dispositions of the internal events and high winds PRA facts and observations (F&Os) that do not seem fully resolved for this LAR.

APLA RAI-01.a The CNS F&O 22-7 states that the DA recovery rules were inappropriately implemented by applying them first to HEP combinations with low probabilities, rather than to higher order HEPs combinations. The CNS disposition indicates that this treatment has not been corrected, because the result of using this approach has no impact on the LAR. The licensee explained that the impact is zero, because the same recovery rules are applied to both the baseline case with no EDG unavailable and the variant cases with an EDG unavailable and the ESPS credited. It is the NRC staffs position that quantification of the variant cases (EDG unavailable and the ESPS credited) produces somewhat different cutsets compared to the cutsets produced by the baseline model (for the non-completion time cases supporting RG 1.174 and RG 1.177 calculations). Accordingly, given that the cutsets are different, the error in the recovery rules may have a different impact between the variant cases and the baseline case. Therefore, it is unclear to the NRC staff that the improperly applied recovery rules have no adverse impact on the RG 1.174 and RG 1.177 calculations. To address the above observations, the staff requests the following additional information:

i. Justify the acceptability of the existing recovery rules (i.e., recovery rule files used in the PRAs). Include explanation of how the recovery rules specifically impact each quantification case (i.e., baseline, CT, and non-CT cases).

ii. If the retaining of the incorrect recovery rules cannot be justified, then use the corrected recovery rules in the CNS PRA models used for the LAR that aggregate the PRA updates requested in APLA RAI-14.

Duke Energy Response to APLA RAI-01.a:

i. This issue only applies to the CNS Internal Events PRA model, as the F&O is an Internal Events F&O. The other hazards order the HRA combination recovery rules in the appropriate manner (by number of events), per the peer reviews. Duke is electing not to justify the use of the existing rules.

ii. This issue only applies to the CNS Internal Events PRA model, as the F&O is an Internal Events F&O. The other hazards order the HRA combination recovery rules in the appropriate manner (by number of events), per the peer reviews. The Internal Events HRA combination recovery rules have been reordered, and the corrected recovery rules will be utilized in the PRA model that is used for the LAR that aggregates the PRA updates requested in APLA RAI-14.

Page 3 of 47 RA-18-0094 APLA RAI-01.b The CNS WPR-C3-01 is a high winds F&O related to reviewing model assumptions. The finding was concerned with the use of eight modelling assumptions. The CNS response stated that four assumptions were removed from the analysis and the other four were revised and enhanced.

Given that modeling assumptions can have a significant impact on CDF and LERF results, the staff requests the following additional information:

i. Describe and justify the revised and enhanced assumptions.

ii. Alternatively, explain why resolution of this F&O has a negligible impact on the EDG extended CT or risk.

Duke Energy Response to APLA RAI-01.b:

High Winds F&O WPR-C3-01 asks for additional clarification for multiple assumptions pertaining to the HWPRA. Standard Requirement (SR) WPR-C3 requires the PRA to DOCUMENT the sources of model uncertainty and related assumptions associated with the high wind plant response model development.

The peer review team determined that the assumptions identified in the F&O required clarification. Three of the assumptions listed in the F&O were not applicable to the peer-reviewed model but were incorrectly included in the peer-reviewed report; these assumptions were Assumptions 1, 6, and 7 of Revision 0 (the peer-reviewed version) of the report and were subsequently removed in Revision 1 of the report. Assumption 5 was removed in Revision 1 of the report due to a model change associated with a different F&O. These assumptions are described in detail below.

Specifically:

Assumption 1: Deleted in Revision 1 Assumption 1 stated that a functional failure of the main transformers required two missile hits.

This was an assumption used early on in the fragility analysis that was later abandoned due to possible non-conservatism and was not included in the fragility analysis that supported the peer-reviewed model. The assumption was included in earlier drafts of the report and should have been removed for Revision 0.

Assumption 5: Deleted in Revision 1 Assumption 5 stated that a reactor trip was only assumed following a high wind-induced failure of an SSC. The peer-reviewed model was revised per the resolution of F&O WPR-A1-02 to assume a plant trip for all high wind events; and therefore, Assumption 5 was removed in Revision 1 of the report. The provided F&O resolution for WPR-C3-01 discusses the model change, but only because it is associated with the removal of Assumption 5, and thus, Assumption 5 was no longer applicable to the model.

Page 4 of 47 RA-18-0094 Assumption 6: Deleted in Revision 1 Assumption 6 stated that conservatism was introduced by ORing the high wind-induced LOOP events with the internal events LOOP event, %T3. This assumption is not needed, as the high wind-induced LOOP events should be mapped to the internal events LOOP initiating event, in order to impact the correct model logic. The assumption was included in earlier drafts of the report and should have been removed for Revision 0 as it is not an assumption but represents the model logic as developed.

Assumption 7: Deleted in Revision 1 Assumption 7 stated that some components were modeled in the high winds analysis but had no representation in the fault tree, specifically the MSSVs and MSIVs. The purpose of this assumption was to indicate that fragilities were calculated for all MSSVs and MSIVs, but the internal events model, which the high wind model was built on, only included a SGTR on SG B, so only the fragilities for the B MSSVs and MSIVs were included in the high winds fault tree model. This assumption was removed because this is not an assumption made for the high winds analysis, it was an internal events simplification to only model the B train. Since high wind fragilities were generated for each MSSV and MSIV, they were included in the high wind analysis. The assumption was included in earlier drafts of the report and should have been removed for Revision 0.

The remaining four assumptions were Assumptions 4, 8, 11, and Assumption 1 of Appendix A Section B.1, which were enhanced for Revision 1 of the report to clarify the basis for the assumption and discuss the impact that the assumption has on the HWPRA results. These are described in detail below:

Assumption 4:

Assumption 4 stated that a LOOP is assumed for all F2 and greater high wind events, but did not provide the basis for this assumption. The assumption was enhanced in Revision 1 to explain that failure of LOOP-related equipment, such as the switchyard structures, are likely to fail at F2 and greater wind speeds; and therefore, it is realistic to assume a LOOP for all F2 and greater wind events.

Assumption 8:

Assumption 8 stated that the Drinking Water System (System YD) was assumed failed for all high wind events, but did not provide basis. In Revision 1, this assumption was enhanced to explain that the system is only a backup cooling system to the charging pumps, and the normal cooling supply from the component cooling water system is unlikely to fail. Also, the drinking water system requires offsite power, so it would not be available for F2 or greater high wind events or anytime there is a LOOP at F1 speeds. Therefore, failing of the system would have little impact on the risk.

Page 5 of 47 RA-18-0094 Assumption 11:

Assumption 11 stated that the HWPRA analysis was for Unit 1 with shared Unit 2 SSCs, and that the analysis is assumed applicable to Unit 2 with shared Unit 1 SSCs. In Revision 1, this assumption was updated to state that this is realistic because there is a high level of symmetry between the Units.

Assumption 1 in appendix A Section B.1 (Revision 0):

Assumption 1 of Appendix A Section B.1 stated that straight line or tornado wind conditions will not prevent access to the SSF after one hour, but no basis was provided. In Revision 1, the assumption was moved to Section G.2.1 and was enhanced to explain that the duration of the high wind events is expected to be less than one hour that multiple travel pathways are available for the operators to take to the SSF, and debris from F1 wind events are not expected to block access to the SSF.

Summary:

As this is a documentation issue only, resolution of F&O WPR-C3-01 does not have any impact on the results of the HWPRA. Therefore, the resolution of this F&O does not impact the results of the High Winds analysis performed in the LAR submittal to revise the CNS TSs associated with EDG CT.

APLA RAI Use of ASME/ANS RA-Sb-2013 The LAR states that the proposed change to the TS completion time has been developed using the risk-informed processes described in RG 1.174, Revision 2, and RG 1.177, Revision 1.

Based on Section 2.3.1 of RG 1.177, the technical adequacy of the PRA must be compatible with the safety implications of the TS change being requested and the role that the PRA plays in justifying that change. RG 1.177 endorses the guidance provided in RG 1.200, Revision 2, on PRA technical adequacy. RG 1.200 describes a peer review process utilizing ASME/ANS RA-Sa-2009 as one acceptable approach for determining the technical adequacy of the PRA once acceptable consensus approaches or models have been established for evaluations that could influence the regulatory decision.

Section 6.1.3 in LAR Attachment 6 explains that certain peer reviews were conducted using the ASME/ANS RA-Sb-2013 PRA standard (i.e., peer reviews of the CNS and MNS high winds PRAs, a peer review of the CNS internal events PRA, a focused-scope peer review to address F&Os against the CNS LERF modeling, and a focused-scope peer review to address F&Os against the CNS internal flooding PRA). The technical adequacy of PRAs used for risk-informed activities is evaluated using RG 1.200, Revision 2, which endorses, with clarifications and qualifications, ASME/ANS RA-Sa-2009. The NRC does not endorse ASME/ANS RA-Sb-2013.

Provide detailed justification that the peer reviews that utilized the 2013 PRA standard meets the technical adequacy guidance in RG 1.200, Revision 2, for the internal events, internal flood, Page 6 of 47 RA-18-0094 and high winds PRAs identified above (e.g., perform a comparison between ASME/ANS RA-Sb-2013 and ASME/ANS RA-Sa-2009, as qualified by RG 1.200, Revision 2).

Duke Energy Response to APLA RAI-03:

To clarify, the Catawba Internal Flooding, LERF, and High Winds PRA Peer Reviews utilized ASME/ANS RA-Sa-2009, which is endorsed by the NRC through RG 1.200, Revision 2.

The Catawba Internal Events PRA peer review report states that the Internal Events PRA was performed against the requirements of the American Society of Mechanical Engineers (ASME)/American Nuclear Society (ANS) PRA standard ASME/ANS RA-Sb-2013, Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, American Society of Mechanical Engineers, New York, NY, September 2013 and any Clarifications and Qualifications provided in the Nuclear Regulatory Commission (NRC) endorsement of the Standard contained in Revision 2 to Regulatory Guide (RG) 1.200.

The peer review team utilized a database that contained the wording for supporting requirements (SRs) from ASME/ANS RA-Sa-2009 and as such was aware of the differences between the two standards. Duke Energy made an assessment of the differences between ASME/ANS RA-Sa-2009 and ASME/ANS RA-Sb-2013 and the impacts to RG 1.200 Revision 2 with respect to Clarifications and Qualifications. Of the SRs in Part 2, (excluding LERF), 16 represented changes to SRs potentially significant enough to require further investigation.

Detailed review of these 16 SRs indicated no gaps were identified between the internal events peer review and the requirements in RG 1.200 Revision 2.

APLA RAI Exceedance of RG 1.177 Risk Acceptance Guidelines Using NUREG-2169 Fire Ignition Frequencies Section 2.5.3 of RG 1.174, Revision 2, states, [t]he impact of using alternative assumptions or models may be addressed by performing appropriate sensitivity studies or by using qualitative arguments, based on an understanding of the contributors to the results and how they are impacted by the change in assumptions or models. In addition, Section 2.5.5 of RG 1.174 states, [i]n general, the results of the sensitivity studies should confirm that the guidelines are still met even under the alternative assumptions (i.e., change generally remains in the appropriate region).

Based on LAR Attachment 6, Section 6.2.4, the fire PRA does not incorporate the most current fire ignition frequencies from NUREG-2169, Nuclear Power Plant Fire Ignition Frequency and Non-Suppression Probability Estimation Using the Updated Fire Events Database, United States Fire Event Experience Through 2009, dated January 2015 (ADAMS Accession No. ML15016A069). The LAR Section 6.2.4 presents the results of a sensitivity study that shows the impact of using the fire ignition frequencies from NUREG-2169 on the ICCDPs and the ICLERPs. Tables 6-50 and 6-52 presented in the LAR Section 6.2.4 show an increase from the Page 7 of 47 RA-18-0094 baseline CDF of between 20 and 22 percent for CNS and 25 percent for MNS from using the updated fire ignition frequencies provided in NUREG-2169. The tables also show an increase in baseline LERF between 32 and 34 percent for CNS and 33 percent for MNS. Table 6-53 in the LAR Section 6.2.4 shows the results of the adjusted analyses (to produce the ICCDP and ICLERP values) for MNS to be above the RG 1.177 risk acceptance guidelines of 1E-06 for ICCDP and 1E-07 for ICLERP.

In accordance with regulatory guidance, provide a detailed justification for not using the most current fire ignition frequencies provided in NUREG-2169 to support the conclusion of the LAR that the risk acceptance guidelines in RG 1.177 are met for MNS when using the updated fire frequencies from NUREG-2169. The justification should be based on understanding the contributors to the results and how they can be impacted by changes in assumptions or models.

Include a discussion of the conservatisms in the analysis and the risk significance of these conservatisms. [Note, the results of the sensitivity study in LAR Section 6.2.4 and discussed in this RAI may change due to APLA RAI-14, as such, the response to this RAI should be relative to the latest LAR results.

Duke Energy Response to APLA RAI-04:

As was noted in the LAR submittal, there were potential impacts from multiple new NRC fire guidance documents. Only the potential negative impact due to the increase in fire frequency from NUREG-2169 was evaluated in the fire portion of the aggregated sensitivity. The reduction in peak heat release rate from NUREG-2178 would result in a decrease in fire impact. The impact of NUREG-2178 was not calculated as it would require re-evaluating fire scenarios for the sources.

The ignition frequencies from NUREG-2169 were used to update the fire scenario frequencies in the ESPS Catawba fire model. The results of the updated fire frequencies are included in the aggregated and best estimate results that provide the comparison to the Regulatory Guide 1.177 CT ICCDP and ICLERP limits. The results are presented in the APLA RAI-14 response.

APLA RAI Basic Event Failure Rate Anomalies Section 5, Quality Assurance, of RG 1.174, Revision 2, states, [w]hen a risk assessment of the plant is used to provide insights into the decision making process, the PRA is to have been subject to quality control.

NRC staff noted in LAR Attachment 7, PRA Quantification Data Tables, which provides a listing of basic events and their corresponding probabilities, some apparent anomalies that could impact the LAR. The staff requests the following information to address these basic event anomalies:

Page 8 of 47 RA-18-0094 APLA RAI-05.a It was observed that diesel generator basic events for the same failure mode (fail-to-start (FTS),

fail-to-load/run (FTLR), and fail-to-run (FTR)) were assigned different probabilities in the PRAs for different hazards for each class of diesel generator (i.e., EDG, Standby Shutdown Facility (SSF), and ESPS). For example, basic event 1JDG001ADGS from the CNS internal events PRA, which is represented by basic event JDG001ADGS in the other CNS hazard models, is assigned three different failure probabilities across the CNS hazard group PRA models (i.e., the internal flooding, fire, and high winds PRAs). Basic event JDG001ADGS from the MNS internal events PRA is assigned two different failure probabilities across the MNS hazard group PRA models. It appears that the source of some of these anomalies in the MNS internal events PRA basic events may have been caused by using events from the CNS hazard group PRA models (e.g., MNS internal events basic event JDG001ADGS is used in the CNS high winds and fire PRA models instead of 1JDG001ADGS). To address the above observations, provide the following information:

i. Explain the apparent inconsistent application of diesel generator (i.e., EDG, SSF, ESPS) failure probabilities across the sites hazard group PRA models. As part of the discussion, describe each sites process to ensure data consistency across the sites PRA models. Justify any anomalies in diesel generator failure probabilities that will be retained in the risk assessment supporting this LAR.

ii. If basic events used in the CNS model are from MNS (or vice versa), describe Duke Energys process to ensure determination of basic event probabilities are appropriate for the plants PRA model(s).

iii. If the apparent anomalies in diesel generator failure probabilities cannot be justified, then incorporate the appropriate generator failure probabilities into the PRA models used for this LAR that aggregate the CNS and MNS PRA updates requested in APLA RAI-14.

Duke Energy Response to APLA RAI-05.a:

i. Since the different hazard models are updated at different times, the data sources have varied with the latest information at the time of the update.

ii. The corresponding site specific diesel failure rates were used consistent with the peer reviewed models.

iii. To address the concern, the latest site specific diesel failures from the most recently updated hazard model were used for the SSF and Emergency Diesel Generators in the aggregate sensitivity analysis presented in Duke Energy responses to APLA RAI-14. The ESPS diesel used the generic fail to start and fail to run probabilities from the 2016 update of the NUREG-6928 data for station blackout diesels for the aggregate sensitivity analysis.

Page 9 of 47 RA-18-0094 The values used for the sensitivity case were:

TC RATE UNITS DESC I SOURCE DIST PARM2(EF) 1.43E-03 H Emergency Diesel Generator @@@@ Fails to CNC-1535.00 G 3.17E-07 Run 0182 2.82E-03 N Emergency Diesel Generator @@@@ Fails to CNC-1535.00 B 8.66E-07 Start 0182 5.82E-03 H Emergency Diesel Generator @@@@ Fails to CNC-1535.00 G 5.00E-06 Load/Run (less than or equal to 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months ) 0182 1.38E-02 H Standby Shutdown Facility Diesel Generator CNC-1535.00 G 3.19E-06

@@@@ Fails to Run 0182 2.07E-02 N Standby Shutdown Facility Diesel Generator CNC-1535.00 B 1.91E-05

@@@@ Fails to Start 0182 1.50E-03 H ESPS Diesel Generator @@@@ fails to run NUREG 6928 data G 8.96E-07 2016 2.98E-02 N ESPS Diesel Generator @@@@ Fails to Start NUREG 6928 data B 7.44E-07 2016 For the best estimate case the diesel generator failure rates were Bayesian updated with plant specific information to generic data presented in the 2016 update of the NUREG-6928. Specific values are provided in APLA RAI 14.

APLA RAI-05.b It was observed that in some cases the ESPS and SSF diesel generators had the same failure rate as the Class 1E EDGs (specifically, the fail-to-start values). It is noted that the generic industry fail-to-start rate since 2010 is an order of magnitude higher for non-safety-related diesel generators than for Class 1 EDGs.

i. Provide clarification of how the CNS and MNS SSF and ESPS diesel generators were classified when assigning industry data (i.e., were they classified as an EDG, hydraulic turbine generator (HTG), combustion turbine generator (CTG), or station blackout generator (SBOG)). As part of the response, justify why the failure rates used for the SSF and ESPS diesel generators appear to be equivalent to the failure rates used for the Class 1E EDGs.

ii. If the use of safety-related failure rates for non-safety equipment cannot be justified, then incorporate the appropriate probabilities into the CNS and MNS PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Page 10 of 47 RA-18-0094 Duke Energy Response to APLA RAI-05.b:

i. The SSF failure rates presented in the LAR were developed using generic diesel rates and partitioning them out by size, and then updating with plant-specific data (both plants underwent this same method). The results presented in the LAR used the safety related Emergency Diesel Generator failure rates for the ESPS diesel generators. The ESPS data has been updated from what was presented in the LAR and now uses generic SBO diesel data. Justification as to why the failure rates used for the SSF and ESPS diesel generators appear to be equivalent to the failure rates used for the Class 1E EGDs is provided in part ii below.

ii. For the SSF diesel generators, a study of diesel generator reliability was developed.

In part, this study analyzed the influence of diesel generator output on reliability and determined that smaller diesel generators at nuclear facilities tended to have better reliability. The output of the standby shutdown facility (SSF) diesel generator at both MNS and CNS is approximately 750 kW, which is significantly smaller than that of the emergency diesel generators. It is also less complex in that it does not have associated automatic start logic. To provide a better generic estimate for this component, the observations from the work developed in the study are used to adjust the baseline generic failure data from NUREG/CR-6928. The study concluded that diesels with capacities less than 2500 kW show a reduction on failure rates of 57 percent for the failure to start failure mode and 40 percent for the failure to run failure mode as compared to the other diesel generator sizes. Further, the study of the available data indicated that the use of diesels within this size range could result in a reduction in station blackout frequency. The study was based on an assessment of operational data for 52 U.S. nuclear power plants and collected data based on diesel generator output, testing duration, failure and count data. Precautionary stops were counted in the baseline assessment as failures and a sensitivity performed that excluded these events.

The data was sorted based on diesel generator size. Seven size ranges were initially chosen. These were: less than 1500 kW, 1500-2000 kW, 2000-2500 kW, 2500-3000 kW, 3000-3500 kW, 3500-4000 kW, and greater than 4000 kW. Each diesel was placed into one of the size ranges and the total number of start and run failures tabulated. Totals for diesel generator demands and run hours were also generated for each size range. The results presented in a normalized fashion are shown in Table 1. The failure rate is normalized to the average value.

Page 11 of 47

Attachment 4 RA-18-0094 Table 1. Baseline Diesel Generator Failure Rates Diesel Output Population Fails to Fails to Start Run

<1500 kW 5 4.72E-1 7.93E-1 1500 - 2000 kW 8 4.85E-1 NFR1 2000 - 2500 kW 19 8.56E-1 7.26E-1 2500 - 3000 kW 73 1.16E+0 1.03E+0 3000 - 3500 kW 4 1.38E+0 2.26E+0 3500 - 4000 kW 27 1.60E+0 9.89E-1

>4000 kW 17 1.05E+0 1.22E+0 Average 153 1.00E+0 1.00E+0

1. No failures reported Table 1 shows that a trend is clearly visible for the start failure and that in general there is an increasing failure to run rate as size increases. Given that the SSF diesel generators are less than 1500kW the reduction factor is 47.2% for fails to start and 79.3% for fails to run. These factors are used to adjust the parameters for the uncertainty characteristics. The alpha parameter is representative of the number of failures while the beta parameter is associated with the number of hours or demands. The number of trials (hours or demands) is not changed by improved reliability and the beta parameter remains constant. The alpha factor, however, is reduced by the factor to account for a corresponding reduction in the number of failures. Table 2 provides a summary of the calculation process.

Table 2 Development of SSF Diesel Generator Failure Rate Prior Parameters Reduction Updated Parameters Updated Mean Failure Mode Units Factor Value Fails to Start 7.89 2.80E+3 0.472 7.89 3.02E+3 2.62E-3 N Fails to Load/ Run 14.16 7.31E+2 0.472 17.16 9.47E+2 1.81E-2 N Fails to run 57.34 4.09E+3 0.793 59.34 4.31E+3 1.81E-2 H Plant-specific failures were factored into the final probability rates for each plants model.

For the aggregate sensitivity presented in Duke Energy responses to APLA RAI-14, the generic failure rates for station blackout diesels from the 2016 update of NUREG-6928 data was used for the ESPS diesel generators.

Page 12 of 47 RA-18-0094 APLA RAI ESPS Operator Action HRA Anomalies Section 5, Quality Assurance, of RG 1.174, Revision 2, states, [w]hen a risk assessment of the plant is used to provide insights into the decision making process, the PRA is to have been subject to quality control.

NRC staff noted anomalies in LAR Attachment 6 regarding the addition of HFEs to the PRA hazard models and LAR Attachment 7 regarding the use of different HEP values for the same HFE used in the PRA hazard models. The staff requests the following information to address these anomalies:

APLA RAI-06.a As discussed in Attachment 6 of the LAR, two HFEs were developed for the ESPS in both the CNS and MNS PRAs. One HFE (i.e., 0OPER-ESPS14 for CNS and JESPS14DHE for MNS) is applied to the extended CT model case and is described in LAR Attachment 6, Section 6.1.4.1 as, Operator Fails to Power 4kV Bus from ESPS During 14 Day AOT. The other HFE (i.e.,

0OPER-ESPSNA for CNS and JESPSNADHE for MNS) is applied when the EDG is available (e.g., non-extended CT model case) and is described as, Operator Fails to Power 4kV from ESPS when Not Aligned for 14 Day AOT. The LAR Section 6.1.4.1 states that the HEP for the non-extended CT HFE (i.e., 0OPER-ESPSNA for CNS and JESPSNADHE for MNS) is assigned a screening value of 0.1 and the HEP for the extended CT HFE (i.e., 0OPER-ESPS14 for CNS and JESPS14DHE for MNS) is assigned a value 5.4E-02.

The LAR Attachment 7 tables appear to indicate that the ESPS HEP values are not consistently applied across all hazard group PRAs. For example, human failure event JESPSNADHE (which is assigned to the non-extended CT case) is assigned the value of 5.4E-02 in both the CNS fire PRA importance results [presented in LAR Tables 7-44, 7-47, 7-50, and 7-53 and described as, Operator Action to power 4kV from ESPS when Not Aligned for 14 Day AOT] and in the MNS fire PRA importance results [presented in LAR Tables 7-56, 7-59, 7-62, and 7-65 and described as, Operator Fails to power 4kV from ESPS], but this HFE is assigned a value of 0.1 in the original internal events analysis as explained earlier. To address the above observations, provide the following information:

i. Explain the apparent inconsistent application of HEP values for the same ESPS HFEs cited above across each sites hazard group PRA models.

ii. Justify any anomalies in the cited HEPs that will be retained in the risk assessment supporting this LAR.

ii. If the use of the apparent inconsistent HEP values cannot be justified, then apply the correct HEPs to the CNS and MNS PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Page 13 of 47 RA-18-0094 Duke Energy Response to APLA-RAI-06.a:

i. The values applied for the recovery HEP for each Site and Hazard are listed below. Except for the Catawba Internal Flooding CDF CT (14-day AOT) case the appropriate values were used. For the Internal Flooding CT case the more conservative 0.1 HEP was used which would result in greater ICCDP/ICLERP and delta CDF/LERF. The nominal base CDF/LERF were calculated without crediting ESPS so there are no HEP values. No values are listed for seismic, since ESPS is not credited in the original LAR response.

CNS ESPS Alignment Action Recovered Hazard Configuration Basic Event Name Value Additional Information Fire non-AOT JESPSNADHE 1.00E-01 Fire AOT JESPSNADHE 5.40E-02 HW non-AOT JESPSNADHE 1.00E-01 HW AOT JESPS14DHE 5.40E-02 IE non-AOT 0OPER-ESPSNA 1.00E-01 Recovered with HFE_IND_89 IE AOT 0OPER-ESPS14 5.40E-02 Recovered with HFE_IND_88 IF non-AOT JESPSNADHE 1.00E-01 IF AOT JESPSNADHE 1.00E-01 Inappropriate value (conservative) ii. The anomaly produces a slightly higher delta AOT risk in the internal flooding case.

iii. The aggregate sensitivity presented in APLA RAI-14 uses the conservative (doubled) values. The best estimate uses the nominal HEP estimate.

APLA RAI-06.b The NRC staff observed that the CNS high winds PRA model (based on LAR Tables 7-31 through 7-36) utilizes an HFE (i.e., JESPS14DHE) which is identified in LAR Attachment 6, Section 6.1.4.1 as being specific to the MNS PRAs.

i. If the HFEs used in the CNS model are from MNS (or vice versa), describe Duke Energys process to ensure determination of HFE probabilities are appropriate for the plants PRA model(s).

ii. Confirm that the ESPS HFEs and HEPs are correct for both CNS and MNS (take into account the HFEs described in Part a). If there are incorrect ESPS HFEs and HEPs used in the CNS or MNS PRAs, then incorporate the correct HFEs and HEPS into the PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Page 14 of 47 RA-18-0094 Duke Energy Response to APLA RAI-06.b:

i. The critical actions required to utilize the ESPS diesels are common to both sites and ESPS arrangements. Before exercising the extended Diesel CT, the ESPS system will need to be incorporated into the model using the as-built/as operated characteristics of the systems to properly monitor the risk per 10 CFR 50.65 A(4) program. With this incorporation, the remaining HEP actions will be evaluated for the ESPS related procedural steps and HRA dependencies will be evaluated per the peer reviewed methods.

ii. The aggregate sensitivity case uses the limiting doubled Human Error Probabilities listed above for comparison to the Regulatory Guide 1.177 14-day CT ICCDP and ICLERP limits.

APLA RAI Reasonableness of HEPs for ESPS operator actions The LAR states that the proposed change to the TS completion time has been developed using the risk-informed processes described in RG 1.174, Revision 2, and RG 1.177, Revision 1.

Based on Section 2.3.1 of RG 1.177, the technical adequacy of the PRA must be compatible with the safety implications of the Technical Specification change being requested and the role that the PRA plays in justifying that change. Based on Section 2.3.2 of RG 1.174, the risk assessment supporting a risk-informed LAR should properly account for the effects of the changes on operator actions.

Based on the risk assessment results presented in LAR Attachment 7 for CNS and MNS, operator failures associated with implementing ESPS are a significant contributor to the change in risk results for this LAR. This demonstrates the importance of calculating realistic HEPs for these operator actions. In addition, the licensee does not have the applicable procedures in place for these actions, which queries the validity of the analysis of these actions. Therefore, the NRC staff has a general need to confirm the reasonableness of these calculations.

In addition, Sections 3.1.2 and 3.2.2 of the LAR for CNS and MNS describe the EDG load sequencer associated with the station blackout (SBO) signal, but there is no mention of load sequencing of the Engineered Safety Features (ESF) bus that has lost power and must be restored by the ESPS system. Section 6.1.4.1 in LAR Attachment 6 does not describe how the required ESF loads are aligned for the scenarios that involve the ESPS system. The NRC staff is unclear if additional restoration actions have been excluded from the ESPS model logic.

To address the above observations, provide the following information:

APLA RAI-07.a Describe the operator actions associated with ESPS that are required to start, perform load sequencing, and align ESF loads. Identify whether these actions are included in the PRA model used to support the LAR.

Page 15 of 47 RA-18-0094 Duke Energy Response to APLA RAI-07.a:

The HEP for operator action to use the ESPS system consists of the following actions:

Opening of the Normal Incoming power breaker Push button start of the ESPS system Position of Kirk-Key interlock to allow emergency bus to be powered by ESPS system Load Shed - manual (confirmation of automatic action)

Closing in of ESPS breaker to bus Placing required emergency loads on bus These actions were assessed and included in the execution portion of the HEP failure probability calculation.

APLA RAI-07.b For the operator actions identified in Part a, provide the following additional information:

i. For those operator actions not modeled in the PRA, but required in Part a, provide a justification for not modeling these actions.

ii. For those operator actions used to support the ESPS function that were previously used in the PRA whose HEPs were not modified in support of the LAR (e.g., to reflect use of revised procedure(s) and different timing analyses),

provide sufficiently detailed justification for not modifying these HEPs.

iii. For those operator actions used to support the ESPS function that were previously used in the PRA whose HEPs were modified in support of the LAR (e.g., to reflect updated manpower utilization and different timing analyses),

justify how these HEPs were modified and that the inputs used are appropriate.

iv. For those new operator actions added to the PRA in support of the LAR, explain how their HEPs were developed. Provide sufficient details to justify the basis for these HEPs.

v. If any HFEs/HEPs discussed in Parts (i) through (iv) cannot be justified, then modify the HRA using a justifiable basis and incorporate the results into the CNS and MNS PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14. Explain how the HRA was modified and provide sufficient details to justify the basis for the modification(s).

Page 16 of 47 RA-18-0094 Duke Energy Response to APLA RAI-07.b:

i. Critical actions for this HEP were included in part a of this response. No additional justification required.

ii. Currently the use of the ESPS system is assumed to occur after the other possible actions to recover AC power have been attempted. No changing to timing analysis would be required.

iii. Currently the use of the ESPS system is assumed to occur after the other possible actions to recover AC power have been attempted. No changing to man power limitations would be required.

iv. THERP was used for the execution failure probabilities. No recovery credit was applied, even though the lack of power to the emergency bus to load on required emergencies loads would be a very clear indication that the initial attempt to use ESPS was not successful.

v. Since the procedures for the operator action have not been developed, the HEP failure probability was doubled and the impacts of this increase are included in the aggregate sensitivity for comparison to the Regulatory Guide 1.177 14 day CT ICCDP and ICLERP limits.

APLA RAI Seismic Analysis Contribution to the Application Section 2.3.2 of RG 1.177, Revision 1, states, [t]he scope of the analysis should include all hazard groups (i.e., internal events, internal flood, internal fires, seismic events, high winds, transportation events, and other external hazards) unless it can be shown that the contribution from specific hazard groups does not affect the decision.

The impact of seismic risk on the LAR was estimated using a bounding approach, but aspects of how Duke Energy applied seismic risk contribution to overall risk values generated for the LAR are not clear.

APLA RAI-08.a Section 6.1.5.7 of LAR Attachment 6 states a seismic bounding analysis was performed for both CNS and MNS in which the assessment did not credit the ESPS for the hazard interval up to the safe shutdown earthquake (SSE) level. The LAR states that the hazard interval including the SSE is assumed to result in a dual unit loss of offsite power (LOOP) with no credit for offsite power recovery. Section 6.1.5.7 of LAR Attachment 6 presents seismic CDF and LERF increases for a 14-day CT determined using the seismic bounding analysis. The footnotes to Tables 6-26 through 6-37 of the LAR state that [s]eparate base case and CT case values were not generated since no seismic PRA exists. Without a seismic PRA model or partial seismic PRA, it is not clear how the bounding seismic CDF and LERF increases were determined.

Page 17 of 47 RA-18-0094 Describe and justify the modeling that was performed to determine the bounding seismic CDF and LERF increases.

Duke Energy Response to APLA RAI-08.a:

To assess the CDF and LERF impact of ESPS in response to a seismic event, the seismic analysis was re-performed. The internal events model was used to determine the resulting conditional core damage probability (CCDP) and conditional large early release probability (CLERP). In addition, the following key assumptions and bounding conditions were considered in the assessment:

1. The desired diesel maintenance window with ESPS available is 14 days.

2. The most recent Catawba site-specific seismic hazard data is used for this assessment.

3. This assessment does not include a low magnitude earthquake not resulting in a LOOP which is subsumed in the internal events PRA model. Considering a generic High Confidence of Low Probability of Failure (HCLPF) of 0.1g for a seismic-induced LOOP event, the lower bound acceleration hazard interval of interest for this assessment is defined as 0.1g. Therefore, earthquakes up to this acceleration level are not assumed to fail offsite power.

4. Catawba is operating 'at-power' at the time of the event.

5. The LOOP event affects both units (i.e., no recovery from opposite unit). Offsite power is not assumed to be recovered.

6. The 'A' trains of equipment are operating with the 'B' trains in standby.

7. The comparative case includes the 'B' diesel generator out of service for testing and maintenance when the seismic event occurs. The opposite unit's diesels are protected (i.e., maintenance events set to 0.). All other equipment is available with their maintenance events retained at their nominal values.

8. The ESPS diesel generator fails in response to the seismic hazard interval of interest under consideration, which includes the SSE. (This is a conservative assumption.)

9. Based upon the initial fragility assessment of the Catawba SSF, it is assumed that the SSF structure is not available for the seismic hazard interval of interest under consideration including the SSE. (This same assumption was made for the CNS IPEEE submittal.)

10. The HRA values were not adjusted in response to the seismic hazard interval of interest.

With the lower and upper bounds defined, the delta seismic CDF and LERF can then be evaluated over the Catawba seismic hazard from 0.1g to 1.24g. Using Table A-1a of the Catawba seismic hazard report, the mean probability of exceedance at peak ground acceleration (pga) at various points along the hazard can be obtained. (This is depicted both graphically and in tabular form):

Page 18 of 47 RA-18-0094 Total Mean Soil Hazard by Spectral Frequency at Catawba Q,l 1E*3 u

C cu -- - 25 Hz 1Q,l - l OH!.

~ lE-4 Q,l S Hz

'o

- PGA

~

C cu - 2.SH!.

!l 1E*S

...iiif Q"

- 1 Ht

- 0 .5 Hz.

J C

C 1E*6 0.01 0.1 1 10 Spectral acceleration (g)

Table A- 1a . M ea n an d Fractile S eismic Hazard Curves for PGA at C atawba AMPS(g ) MEAN 0 .05 0 .16 0 .5 0 0 .84 0 .95 0 .0005 5 .10 E-02 3 .33E-02 4 .37E-02 5 .20E-02 5 .91E-02 6 .36E-02 0 .001 4 .11 E-02 2 .39E-02 3 .42E-02 4 .13 E-02 4.90E-02 5 .42E-02 0 .005 1.64E-02 7 .77E-03 1.15 E-02 1.60E-02 2.04E-02 2 .92E-02 0.01 8.84E-03 3.90E-03 5 .35E-03 8 .12 E-03 1.11 E-02 1 .9 5 E-02 0 .015 5 .77E-03 2 .25E-03 3 . 14 E-03 5 .05E-03 7 .55E-03 1.44E-02 0.03 2.49E-03 6 .83E-04 1.01 E-03 1.87E-03 3 .63E-03 7 .66E-03 0 .05 1.22E-03 2 .42E-04 3 .73E-04 7 .77E-04 *1.84E-03 4 .43E-03 0 .075 6 .5 1E-04 1.01 E-04 1.69E-04 3 .73E-04 9 .65E-04 2 .64E-03 0 .1 4 .06E-04 5 .27E-05 9 .79E-05 2 .25E-04 5 .91 E-04 1.72E-03 0 .15 2 .0 1E-04 2 .19 E-05 4 .63E-05 1.13 E-04 2 .84E-04 8 .47E-04 0 .3 5 .54E-05 4.43E-06 1.20E-05 3 .47E-05 8 .23E-05 2 .04E-04 0 .5 2 .00E-05 1.18E-06 3 .90E-06 1.32E-05 3 .23E-05 6.26E-05 0 .75 8 .41E-06 3.47E-07 1.46E-06 5 .50E-06 1.42E-05 2 .57E-05

1. 4 .36 E-06 1.32E-07 6 .73E-07 2 .72E-06 7 .45E-06 1.36E-05 1 .5 1.59E-06 3. 14 E-08 1.95 E-07 9 .11E-07 2 .76E-06 5 .3 5E-06

3. 2 .15E-07 1.82E-09 1.42E-08 9 .5 1E-08 3 .52E-07 8 .72E-07

5. 3 .69E-08 2.64E-10 1.40E-09 1.2 1E-08 5 .50 E-08 1.7 2E-07 7 .5 7 .4 1E-09 1.53 E-10 2 .60E-10 1.90 E-09 1.02E-08 3 .79E-08

10. 2 .10E-09 1.13 E-10 1 .53E-10 5 .12E-10 2 .7 2E-09 1.15E-08 Page 19 of 47 RA-18-0094 The hazard was divided into six segments, or "bins", to provide an assessment over relatively uniform intervals. The bins selected are shown below. (Note the last bin encompasses all earthquakes greater than 1.0g.)

Lower Upper Bin No.

Bound (g) Bound (g) 1 0.1 0.15 2 0.15 0.3 3 0.3 0.5 4 0.5 0.75 5 0.75 1 6 >1 -------

The Safe Shutdown Earthquake (SSE) for Catawba is 0.15g. From Table A-1a, the mean probability of exceedance at peak ground acceleration (pga) for Catawba's SSE of 0.15g is 2.01E-04 / yr. Similarly, for the LOOP HCLPF value of 0.1g, the probability of exceedance is 4.06E-04 / yr. Applying the VLOOKUP function in EXCEL, the delta between these two probabilities is 2.05E-04 / yr. Since the hazard is plotted on a log scale, the midpoint between the two acceleration levels can be determined by adding the ln value of the upper and lower bounds and dividing by 2. This results in a value of 0.1225g.

Finally, the LOOP fragility for the bin is calculated by applying a normal distribution of the bin midpoint and the generic LOOP fragility from NUREG / CR-6544 as follows:

Norm. Distr. (ln (midpoint / LOOP frag. median ) / LOOP frag. c) =

Norm. Distr. (ln (0.1225 / 0.3) / 0.54) = 0.048812 This process was repeated for all six bins, resulting in the following:

Frequency Lower Upper LOOP Bin Bin No. Contribution Midpoint (g)

Bound (g) Bound (g) Fragility (g) 1 0.1 0.15 2.05E-04 0.122 0.049 2 0.15 0.3 1.46E-04 0.212 0.261 3 0.3 0.5 3.54E-05 0.387 0.682 4 0.5 0.75 1.16E-05 0.612 0.906 Page 20 of 47 RA-18-0094 5 0.75 1 4.05E-06 0.866 0.975 6 >1 ------- 4.36E-06 3.0 1 Next, the Unit 1 Catawba Rev. 4 (CR4) internal events model (CAF-CNSU1-4b.caf) was used to determine the resultant conditional core damage probability (CCDP) and conditional large early release probability (CLERP) contributions from each bin. Accordingly, the fault tree was modified by replacing the LOOP (%T3) initiator with the values determined above. All other initiators were set to 0. The updated results of the aggregate and best estimate cases are presented in APLA RAI-14.

APLA RAI-08.b For a number of cases in the LAR where risk results are presented, including LAR Attachment 6, Section 6.1.5.7, the results provide or include seismic CDF and LERF results based on the seismic bounding analysis. While in other cases, the seismic CDF and LERF contribution is excluded. For example, the last four entries in Table 6-23 lists the ICCDP and ICLERP values for CNS non-14 day CT risk, which could be verified by NRC staff to exclude the seismic values contribution, and the same observation was made for the middle two entries of LAR Table 6-25.

Also, based on assessment of LAR Table 6-24 and the last two entries in Table 6-25 using values provided in other tables of the LAR, it appears that the seismic contribution for the CT cases is included but is excluded for the non-CT cases. Other apparent inconsistencies were also noted. To address the above observations, the staff requests the following additional information:

i. Provide clarification for LAR Table 6-23 for why seismic values were excluded for the non-14 day CT case when they appear to have been included in the other calculations.

ii. For Tables 6-24 and 6-25 of the LAR, explain how the values presented are calculated (note, this same information is also in Tables 3 and 4 of the LAR).

Include clarification and justification of how the seismic contribution is incorporated.

iii. Explain why the change in CDF (CDF) value for seismic presented in LAR Tables 6-26 through 6-29 is not the same as the much lower and presumably correct value of 5.79E-07 presented in LAR Attachment 6, Section 6.1.5.7. This inconsistency is also noted for the change in LERF (LERF) for the apparent correct value of 1.02E-07 presented in LAR Attachment 6, Section 6.1.5.7, compared to the values used in LAR Tables 6-30 through 6-33.

iv. If incorrect seismic CDF and LERF values were used or were incorrectly applied to the risk estimates determined for this application, then apply the correct seismic CDF and LERF values or apply them correctly to the risk estimates Page 21 of 47 RA-18-0094 determined for this application after new PRA results are generated in response to APLA RAI-14. Present these revised seismic risk values.

Duke Energy Response to APLA RAI-08.b:

i. For the LAR submittal, the bounding seismic risk was evaluated for the CT case only as the baseline seismic risk could not be computed due to a lack of seismic PRA. This is why seismic values were included for the CT cases in Table 6-24 while they were excluded for the non-CT cases and the baseline case where the ESPS is loaded, but no credit taken for analysis.

ii. In the LAR submittal, Table 6-25 applies to MNS and has been addressed in a separate submittal. Table 6-24 presents differences in ICCDP and ICLERP between the CT and non-CT cases for CNS. For Unit 1A Train, the ICCDP difference is computed by subtracting the CT ICCDP from the non-CT ICCDP (e.g., 5.92E-06 (ICCDP difference) = 6.51E-06 (non-CT ICCDP) - 5.86E-07(CT ICCDP)). The CT ICCDP of 5.86E-07 (small differences due to rounding) in Table 6-24 can be obtained by multiplying the CT delta CDF of 1.53E-05 (See Table 6-26) with 14/365 while the non-CT ICCDP of 6.51E-06 can be obtained by multiplying the non-CT delta CDF of 6.77E-06 (See Table 6-38) with 351/365.

The bounding seismic CDF was only considered for those cases where the ESPS is aligned to the emergency bus during AOT (i.e., CT CDF) while it is not included in the baseline and non-CT CDF values. The same process is used for computing the ICLERP difference in Table 6-24.

iii. The updated analysis results presented in response to APLA RAI-08.a uses the equations given in Regulatory Guide 1.177 ICCDP and ICLERP. The new analysis has CDF/LERF values for both the base and CT cases.

iv. The seismic analysis described in APLA RAI-08.a was used for the results presented in the APLA RAI-14 response.

APLA RAI External Events Analysis Section 2.3.2 of RG 1.177, Revision 1, states, [t]he scope of the analysis should include all hazard groups (i.e., internal events, internal flood, internal fires, seismic events, high winds, transportation events, and other external hazards) unless it can be shown that the contribution from specific hazard groups does not affect the decision.

Section 6.1.5.8 in LAR Attachment 6 states, [f]or both CNS and MNS, the remaining external hazards would not be impacted by the 14 day CT completion time (i.e., hazards other than those modelled in the PRAs). The LAR does not explain how it is concluded that the risk associated with the EDG 14-day CT is not impacted by other external hazards. Provide the results of a systemic assessment of other external hazards (such as those listed in Appendix 6-Page 22 of 47 RA-18-0094 A of Part 6 of the PRA Standard ASME/ANS RA-Sa-2009) demonstrating that the LAR is not impacted by other external hazards.

Duke Energy Response to APLA RAI-09:

The Catawba site was extensively assessed against external hazards during the IPEEE evaluation. Table 1 presents the initial external event listing given in the 1994 IPEEE submittal reports for both CNS and MNS sites. Table 2 provides the screening justification for the majority of these events.

The remaining events were addressed in detail in the IPEEE submittal. Besides seismic, fire, high winds and flooding, Catawba also analyzed aircraft crashes, transportation events, impact of nearby military and industrial facilities, on-site storage of toxic materials, on-site storage of explosive materials and gas pipeline ruptures. Since the screening criteria found in SPR EXT-B1 of Section 6 in the ASME / ANS RA-Sa-2009 Standard is essentially the same as that used in the IPEEE submittal, none of these hazards are deemed to be significant contributors to plant risk.

Since the IPEEE response was submitted, updated fire and high winds analyses have been developed and peer-reviewed against the ASME / ANS RA-Sa-2009 Standard. Furthermore, as part of the Fukushima NTTF 2.1 response, external flooding concerns for Catawba were addressed via updated analyses and mitigating strategies. The sites were evaluated for flooding from the following sources:

Local Intense Precipitation

Flooding in Reservoirs

Dam Failures

Storm Surge and Seiche

Tsunami

Ice-Induced Flooding

Channel Diversion

Combined Effects The results of these analyses demonstrate that Catawba external flooding events meet their licensing design basis for local intense precipitation and thus screen out per Section 6, SPR EXT-B1 of the ASME / ANS RA-Sa-2009 Standard.

Page 23 of 47 RA-18-0094 Table 1 McGuire and Catawba Preliminary External Initiating Events List

1. Aircraft 20. Low Lake or River Water Level

2. Avalanche 21. Low Winter Temperature

3. Coastal Erosion 22. Meteorite

4. Drought 23. Pipeline Accident (gas, etc.)

5. External Flooding 24. Intense Precipitation Release of Chemicals in On-site

6. Extreme Winds and Tornadoes 25.

Storage

7. Fire 26. River Diversion

8. Fog 27. Sandstorm

9. Forest Fire 28. Seiche

10. Frost 29. Seismic Activity

11. Hail 30. Snow High Tide, High Lake Level, or High

12. 31. Soil Shrink-Well Consolidation River Stage

13. High Summer Temperature 32. Storm Surge

14. Hurricane 33. Transportation Accidents

15. Ice Cover 34. Tsunami

16. Industrial or Military Facility Accident 35. Toxic Gases

17. Internal flooding 36. Turbine-Generated Missile

18. Landslide 37. Volcanic Activity

19. Lightning 38. Waves Page 24 of 47

Attachment 4 RA-18-0094 Table 2 Catawba Screening Justifications for Other External Initiating Events Event Remarks There are no mountains in the vicinity of Catawba 1 Avalanche from which a significant avalanche could be

_ _ _ _ _ _ _ _ _ _ _ _ _ _ generate~=-----------------------------

Catawba is located more than 150 miles from the nearest coastal area. However, to protect the lake edge from erosion, the yard areas subjected to 2 Coastal Erosion waves are protected by riprap underlain by a thick subgrade of filter material. Therefore, lake edge

- - - - - - - - - - - - - - - - - ~ ~ . Q ~ J _ o n will not be a significant proble~_._______________________

The effect of a drought, high summer temperatures, low lake level, or low river water Drought, High Summer Temps. ,

3 level at Catawba is insignificant because there are Low Lake or River Water Level upstream dams that provide water level control on

_ _ _________________L_a_k_e_Wylie. __________________________

Fog Accident data involving surface vehicles or aircraft 4

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _w_o_u_ld include the effects of fog_. __________________

Bush and local forest fires are handled by the local fire department. Such fires are not considered to 5 Forest Fire have any impact on the station because the site is cleared and the fire cannot propagate to station buildings or equipment Both the Reactor Building and the Auxiliary Building are designed for a combination of snow, 6 Frost, Hail, Snow, Ice Cover ice, and rain. Low winter temperatures causing failure of instruments is included in the plant trip frequency data.

[Hurricanes are handled under the high winds analysis.] The effect of water from a hurricane is 7 Hurricane considered similar to the effect of intense precipitation.

Landslides are considered an insignificant hazard at Catawba. The Standby Nuclear Service Water Pond (SNSWP) dam is the only natural or man-8 Landslide made slope which, upon failure, would prevent safe shutdown of the plant. Therefore, the SNSWP was statically designed for stability under all loading conditions.

The most probable effect of lightning is the loss of off-site power due to a strike in the switchyard.

9 Lightning These occurrences are accounted for in the loss of off-site power initiating__~~ent frequency.

Page 25 of 47

Attachment 4 RA-18-0094 Event Remarks This event has significantly lower frequency than other events with similar uncertainties. The occurrence of a meteorite event could not result in 10 Meteorite worse consequences than other external events of a higher frequency. Therefore, this event is excluded because it will not significantly influence the total risk. -------------------------------------

Per response to NTTF 2.1, Catawba meets its licensing basis for local intense precipitation and 11 Intense Precipitation thus screens out per Section 6, SPR EXT-B1 of the

ASME / ANS Standard.

No present means exist to divert or reroute the river 12 River Diversion flow through the dams other than insignificant

_ _____ ____________ a_m_o_u_n_ts_o_f_water _used for munic~pal_ supply~ _____________ _

Catawba is located more than 150 miles from the 13 Sandstorm nearest area with a large sand deposit. The

_ _ _ _ _ __ _ _ _ _ _ __ _ likelihood of occurrence is insignificant __________________ _

Since the flood examined in the [U]FSAR uses the largest rate and volume (for external sources) , this 14 Seiche analysis provides a reasonable estimate of the effects of all TB flooding events.

Per the Catawba [U]FSAR, hazards associated 15 Soil Shrink-Well Consolidation with soil shrink-well consolidation will be

_ _ _ _ _ _ _ _ _ _ _ __ _ _in_significant ___________________

Since the flood examined in the [U]FSAR uses the largest rate and volume (for external sources), this 16 Storm Surge analysis provides a reasonable estimate of the effects of all TB flooding events.

Catawba is located more than 150 miles from the nearest coastal area at an elevation of 760 ft. mean 17 Tsunami sea level. Therefore, tsunami effects are insignificant.

The majority of the structures at Catawba are located either along or within close proximity to the longitudinal centerlines of the respective turbines.

18 Turbine-Generated Missile Calculations on turbine missiles prepared for the Catawba [U]FSAR indicate that the contribution to plant risk from the turbines would be insignificant No active volcanoes exist within the vicinity of 19 Volcanic Activity Catawba.

Since the flood examined in the [U]FSAR uses the largest rate and volume (for external sources), this 20 Waves analysis provides a reasonable estimate of the

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _e_ff_e_c_ts_o_fa_l_lT_B_f_lo_o_ding,,.__e_v_e_nt_s_._ _ __ __ _

Page 26 of 47 RA-18-0094 APLA RAI Avoiding Plant Configurations that Contribute to Significant Risk Section 2.3 of RG 1.177, Revision 1, cites the need to avoid risk-significant plant configurations and discusses Tier 2 of a three-tiered approach for evaluating risk associated with proposed TS CT changes. According to Tier 2, the licensee should provide reasonable assurance that risk-significant plant equipment outage configurations will not occur when specific plant equipment is out of service consistent with the proposed TS change. Once the specific plant equipment are identified, an assessment can be made as whether certain enhancements to the TS or procedures are needed to avoid risk-significant plant configurations. In addition, Section 2.4 of RG 1.177 states, as part of the TS acceptance guidelines specific to permanent CT changes, the licensee should demonstrate that there are appropriate restrictions on dominant risk-significant configurations associated with the change.

Based on LAR Tables 3 and 4 for CNS and MNS, respectively, the margin between the calculated ICCDP and ICLERP results and the risk acceptance guidelines in RG 1.177 is small.

Therefore, it is important that plant configurations contributing to risk be avoided when the EDGs are taken out of service. Section 3.12.2 of the LAR provides a discussion of Tier 2 (Avoidance of Risk-Significant Plant Configurations) and identifies in LAR Tables 1 and 2 those SSCs for both CNS and MNS that are important to the 14 day EDG CT based on SSC risk importance values presented in LAR Attachment 7. LAR Section 3.12.2 states that unavailability of the identified SSCs should be avoided during the CT. However, the LAR does not describe a mechanism or a set of controls that will be used by the plants to avoid the unavailability of these SSCs.

To address the observations above, explain how the unavailability of SSCs identified in LAR Tables 1 and 2 (which represent high risk configurations for CNS and MNS) will be avoided during the 14 day EDG CT. Include explanation of the mechanism that ensures high risk configurations will be avoided.

Duke Energy Response to APLA RAI-10:

Duke Energy relies on several methods to limit work on high risk configurations. These methods consists of Technical Specifications (Tech Specs) and Selected Licensee Commitments (SLC), Cycle Schedule, Protected Equipment schemes, and the Electronic Risk Assessment Tool (ERAT.)

Tech Specs and SLC specify requirements for structures, systems or components (SSC) to be operable or functional. Tech Specs and SLC specify Completion Time (CT) for SSCs.

Generally, when multiple trains are out of service, the CT is very short or a shutdown is required.

Duke Energy's online work management practices are described in AD-WC-ALL-0200 (On-Line Work Management.) A key provision of this practice is the use of a Cycle Schedule. "Plant systems are grouped in a rotating cycle of Work Weeks. System groupings are based on Technical Specification requirements, Probabilistic Risk Assessment (PRA) and resource Page 27 of 47 RA-18-0094 loading." Work on EDG requiring entry into the extended CT will be scheduled for the work week associated with the EDG's respective train. Work on the opposite train and work on key equipment (e.g., SSF and TDCA pump) will not be scheduled during this time period.

Protected equipment plans have been developed for important SSCs. These plans are maintained by the Operations group. AD-OP-ALL-0201 provides guidance for the management of protected equipment. Protected equipment plans have been developed for the EDGs. As an example, the MNS EDG Protected Equipment Plan specifies the following:

Unit Related Relay House Area

Unit Related Switchyard Busline Area

Unit Related Main Transformer Yard

SSF

Normal Incoming Breaker for 4160 Bus

Opposite Train's 4160 Switchgear Room

Opposite Train's RN Pump (pump area)

Unit Related 6900V Switchgear Room

Opposite Train's EDG Room For entry into the extended CT, this list will be updated to include the diesel driven Instrument Air compressors "G" and "H."

Work on those SSCs which is not prohibited by Tech Specs or SLC, the Cycle Schedule, or the Protected Equipment Plan will be managed using the Electronic Risk Assessment Tool. The ERAT calculates the CDF and LERF for equipment out of service. The tool displays the risk as one of four colors - Green (lowest), Yellow, Orange, or Red (highest.) Colors above Green represent a configuration where the ICCDP (ICLERP) could exceed 1.0E-06 (1.0E-07) within 7 days. Colors above Green receive extra review, consideration of risk management plans, and consideration of rescheduling to remove or reduce the color.

APLA RAI Risk Calculations for the EDG CT Extension Section 2.3 of RG 1.177, Revision 1, provides guidance on PRA modeling detail needed for technical specification changes. Section 2.3.3.1 of RG 1.177 states that the PRA model should also be able to treat the alignments of components during periods when testing and maintenance are being carried out. It also states that [s]ystem fault trees should be sufficiently detailed to specifically include all the components for which surveillance tests and maintenance are performed and are to be evaluated.

Page 28 of 47 RA-18-0094 It is not clear how certain aspects of the risk evaluation in support of the LAR meet the guidelines in RG 1.174, Revision 2, and RG 1.177, Revision 1. Therefore, the staff requests the following additional information:

APLA RAI-11.a The CNS internal flooding and high winds PRA risk results reported in Tables 6-26 through 6-33 of LAR Attachment 6 are unchanged across units.

i. Explain why the CNS internal flooding and high winds PRA risk results reported in Tables 6-26 through 6-33 of LAR Attachment 6 are identical between units. If these PRAs were performed only for a given unit and assumed to represent both units, then justify that the PRA model is an adequate representation of Units 1 and 2. [The NRC staff notes that the CNS internal events results show a difference between units.] Include a discussion of systems, structures, and components (SSCs) that are shared between units and how these were implicitly or explicitly modeled. If the PRAs were performed for each unit separately, briefly explain why the risk results are identical.

ii. If the current modeling cannot be justified because the PRAs do not reflect the differences between units, then update the PRAs to reflect the difference between units in the CNS PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Duke Energy Response to APLA RAI-11.a:

The CNS internal flooding and high winds PRA risk results reported in Tables 6-26 through 6-33 of LAR Attachment 6 were derived from the Catawba Unit 1 model.

Internal Flood The PRA model used to determine consequences from an internal flooding scenario only includes Unit 1 SSCs, with several instances of credit taken for Unit 2 SSCs that support Unit 1.

This model was found to be applicable to both units with only minor differences noted and accounted for. The only significant difference identified is that the feedwater tempering line is not secured at power for Unit 1, which allows for potentially diverting flow from the auxiliary feedwater pumps should a break occur in the main feedwater piping inside the doghouse of Unit 1 that results in the loss of both main and auxiliary feedwater. This is the only difference that impacts accident sequences or success criteria, and it does not significantly impact the quantification results. This unit difference has been captured in the flood scenario characterization and in the quantification analysis.

Page 29 of 47 RA-18-0094 High Winds CNSs high wind analysis models Unit 1 SSCs and shared unit SSCs. The applicability of the results to Unit 2 was considered to be realistic due to the high level of symmetry between units.

This assumption was found to be reasonable based on an update to the high winds analysis that incorporated the Unit 2 internal events model and was completed after the ESPS LAR submittal.

Shared Systems SSCs shared among Units 1 and 2 include:

Nuclear Service Water (RN) System

Instrument Air (VI) System

Standby Shutdown (SS) System electrical power Conclusion The Unit 1 results are deemed applicable to Unit 2 due to nearly identical SSC design and operation, and similar spatial configuration. The only significant operational difference identified is that the feedwater tempering line is not secured at power for Unit 1 as it is for Unit 2. This difference results in an additional flood scenario for Unit 1 and has been captured in the flood scenario characterization and quantification.

The primary reason the internal event results differ is due to the different configurations used for the base case solves. For example, there is a modeling asymmetry with respect to the RN system. One RN pump normally runs to supply cooling water for both Units. In both the Unit 1 and Unit 2 models, that pump is RN pump 1A.

APLA RAI-11.b Section 2.3.4 of RG 1.177, Revision 1, states:

When calculating the risk impacts (i.e., a change in CDF or LERF caused by CT changes), the change in average CDF should be estimated using the mean outage times (or an appropriate surrogate) for the current and proposed CTs. If a licensee chooses to use the zero maintenance state as the base case (i.e., the case in which no equipment is unavailable because of maintenance), an explanation stating so should be part of the submittal.

Section 2.4 of RG 1.177 provides the risk acceptance guidelines for permanent CT changes, which also includes demonstrating that there are appropriate restrictions on dominant risk-significant configurations associated with the CT change.

Page 30 of 47 RA-18-0094 Section 6.1.5 of LAR Attachment 6 states for CNS, [t]he CT case for Catawba has restricted test and maintenance on the items listed in Table 6-58 [of LAR Attachment 6]. Table 6-58 of the LAR provides the CNS SSCs important to the 14-day EDG CT. However, it is not clear what is meant by restricted test and maintenance and how the SSCs subjected to restricted test and maintenance are characterized in the CNS PRA for the CT case.

i. Clarify what is meant by the phrase, restricted test and maintenance on the items listed in Table 6-58, and explain how these restricted test and maintenance items are credited in the CNS PRA. Discuss how the CNS risk evaluation for the CT case meets the requirements of Section 2.3.4 of RG 1.177, Revision 1, related to use of test and maintenance unavailabilities.

ii. Explain how the CNS licensing basis (LB) will ensure that the SSCs associated with restricted test and maintenance will be prevented from being taken OOS during the CNS EDG CT, or propose a license condition that would meet this objective for CNS.

iii. Alternatively, remove credit for restricted test and maintenance for the SSCs listed in LAR Table 6-58 (i.e., use nominal unavailability values for all components) in the CNS PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Duke Energy Response to APLA RAI-11.b:

i. The term restricted test and maintenance refers to components in which the test and maintenance was set to zero for the CT case to support the evaluation of delta risk for the submittal. For the APLA RAI-14 results, the following components had test and maintenance set to zero for the CT case:

ESPS System

Opposite train Emergency Diesel Generator

Turbine Driven AFW pump

Safe Shutdown Facility ii. CNS has Protected Equipment and Work Management procedures in place to ensure that the SSCs associated with restricted test and maintenance will be prevented from being taken OOS during the EDG CT. The On-Line Work Management procedure provides guidance for the protected equipment process, methodology and posting. Operations identifies equipment requiring protection and how it will be protected and provides input to the Work Week Manager. This procedure addresses both planned and emergent work. For planned work, Operations has a checklist item that states:

any applicable redundant/mitigation equipment required to be protected is considered and any required schedule tasks (such as actions to post/remove postings) is scheduled.

Page 31 of 47 RA-18-0094 Operations also has an Emergent Work Response Checklist that includes an item to:

Ensure appropriate personnel are notified of the problem. This includes the Work Week Manager (risk assessment, need for posting Protected Equipment, and schedule support), appropriate management personnel and the NRC resident inspector as appropriate.

The above administrative controls protect and prevent work on opposite train SSCs. The current CNS licensing basis prevents removing SSCs that would result in a condition prohibited by TS, as will the proposed TS 3.8.1. Additional information is provided in the Enclosure, Section 3.9 of the May 2, 2017 license amendment request (ADAMS Accession No. ML17122A116).

APLA RAI Implementation Verification of ESPS System Regulatory Guide 1.174, Revision 2, provides quantitative guidelines on CDF, LERF, and identifies acceptable changes to these frequencies that result from proposed changes to the plants licensing basis and describes a general framework to determine the acceptability of risk-informed changes. The NRC staffs review of the information in the LAR has identified additional information that is required to fully characterize the risk estimates.

The estimated risk associated with the EDG CT extension is based on assumptions about an ESPS system that has not yet been installed and operator actions for which procedures have not been completed. Upon completion of these plant modifications and procedures, the PRA models will need to be assessed against the as-built, as-operated plant and updated, as necessary. Then new risk estimates will need to generated and evaluated to confirm that the conclusions of the LAR have not changed. Some examples of items that require future evaluation and/or confirmation include:

When each sites ESPS-related procedures are finalized, the HRA will need to be reviewed and revised, as necessary, to reflect the as-built, as-operated plant. This may include the need to perform new walk-throughs, operator interviews, timing analyses, determination of other Performance Shaping Factors, and updated dependency analyses.

When the ESPS hardware (including instrument and power cabling) is installed, the fault tree models will need to be reviewed for consistency with the as-built configuration.

ESPS cable routing, capabilities, flood heights, and other geospatial design information will need to be reviewed and confirmed unchanged for the fire and internal flooding analyses.

With regard to fire F&Os CNS CS-B1-01 and MNS CS-C4-01, the newly installed ESPS equipment will need to be evaluated for proper overcurrent protection and coordination.

Page 32 of 47 RA-18-0094 To address the above observations, propose a license condition requiring that after the ESPS system is installed (and applicable procedures updated) and prior to implementing the 14-day EDG CT, the PRAs for the hazards evaluated in this risk assessment will be updated, as necessary, to reflect the as-built, as-operated plant. The risk results in the LAR will be updated, as necessary, and compared with the risk acceptance guidelines in RG 1.177 and RG 1.174 to confirm the conclusions of the LAR. Also, include a plan of action if RG 1.177 and RG 1.174 risk acceptance guidelines are exceeded.

Duke Energy Response to APLA RAI-12:

As part of modification close-out and Tech. Spec. change implementation, action assignments have been created to ensure that upon completion of the ESPS plant modifications and associated procedures, the PRA models will be assessed against the as-built, as-operated plant and updated, as necessary. New risk estimates will be generated as needed and evaluated to confirm that the conclusions of the LAR have not changed.

The assignments include:

When each sites ESPS-related procedures are finalized, review and revise the HRA, as necessary, to reflect the as-built, as-operated plant. This may include the need to perform new walk-throughs, operator interviews, timing analyses, determination of other Performance Shaping Factors, and updated dependency analyses. If HRA changes are needed, make the changes and inform those tasked with updating the hazard models.

Following installation of the ESPS system and origination of the associated plant documentation, review the internal events model analysis to ensure that assumptions and inputs match the as-built, as-operated plant. Ensure the ESPS hardware (including capability, instrument and power cabling) is consistent with the ESPS model. If model changes are needed, make the changes and inform those tasked with updating the other hazard models. Update the analysis and risk estimates to reflect changes as necessary.

Following installation of the ESPS system and origination of the associated plant documentation, review the internal flood model analysis to ensure that assumptions and inputs match the as-built, as-operated plant. Review flood heights and other geospatial design information for impact on the analysis. Update the analysis and risk estimates to reflect changes as necessary.

Following installation of the ESPS system and origination of the associated plant documentation, review the high winds model analysis to ensure that assumptions and inputs match the as-built, as-operated plant. Update the analysis and risk estimates to reflect changes as necessary.

Following installation of the ESPS system and origination of the associated plant documentation, review the fire model analysis to ensure that assumptions and inputs match the as-built, as-operated plant. Some examples of items that require future Page 33 of 47 RA-18-0094 evaluation and/or confirmation include: 1. Review ESPS cable routing and other geospatial design information. 2. With regard to fire F&Os CNS CS-B1-01, evaluate the newly installed ESPS equipment for proper overcurrent protection and coordination.

Update the analysis and risk estimates to reflect changes as necessary.

Following installation of the ESPS system and origination of the associated plant documentation, review the seismic model analysis to ensure that assumptions and inputs match the as-built, as-operated plant. Update the analysis and risk estimates to reflect changes as necessary.

Revise the LAR PRA calculations to reflect any changes to the analysis from the previous tasks.

Update the LAR best-estimate risk results based on the as-built configuration, as necessary, and compare with the risk acceptance guidelines in RG 1.177 and RG 1.174 to confirm the conclusions of the LAR. If the updated risk results do not meet the risk acceptance guidelines of RG 1.174 and RG 1.177, then the NRC will be notified and additional analytical efforts, and/or procedure changes, and/or plant modifications will be made to assure the RG 1.174 and RG 1.177 risk acceptance criteria are met. The sensitivity analysis will not be redone since it uses overly conservative SSF diesel failure rates and ESPS operator action failure probabilities. The response to RAI 14.d identifies significant conservatisms that are included in the best-estimate analysis as well as the sensitivity analysis.

APLA RAI Updated Internal Events Logic Transferred to Other Hazard Models The LAR states that the proposed change to the TS completion time has been developed using the risk-informed processes described in RG 1.174, Revision 2, and RG 1.177, Revision 1.

Based on Section 2.3.1 of RG 1.177, the technical adequacy of the PRA must be compatible with the safety implications of the Technical Specification change being requested and the role that the PRA plays in justifying that change. The RG 1.177 endorses the guidance provided in RG 1.200, Revision 2, on PRA technical adequacy. The RG 1.200 describes a peer review process utilizing ASME/ANS RA-Sa-2009 as one acceptable approach for determining the technical adequacy of the PRA once acceptable consensus approaches or models have been established for evaluations that could influence the regulatory decision.

Section 6.1.3.1 of LAR Attachment 6 states that peer reviews were performed for both CNS and MNS internal events PRAs in 2015. For MNS, it is stated that resolution of 64 F&Os were implemented and approved by an Independent Review in 2016. For CNS, it is not clear to what extent the internal events PRA was updated in response to F&Os. It is generally understood that the mitigation logic (particularly system modeling) from the internal events PRA model is used as the basis for other PRA hazard models. The LAR indicates that the peer reviews for the high winds PRAs for CNS and MNS were performed in August 2013 and October 2014, respectively.

Also, the LAR indicates that the peer reviews for CNS and MNS fire PRAs were performed in July 2010 and September 2009, respectively. Accordingly, it is not clear how the CNS and MNS Page 34 of 47 RA-18-0094 fire and high winds PRAs incorporate updates performed for the internal events PRAs needed to align with the PRA quality expectations prescribed in RG 1.200, Revision 2. It is also not clear, given that the high winds and fire PRAs were already peer reviewed, what prompted the need for a peer review of the internal events PRAs (e.g., incorporation of new methodologies or changes in PRA scope/capability that impacted the significant accident sequences). To address the above observations, provide the following information.

APLA RAI-13.a Explain what prompted the need for a peer review of the CNS and MNS internal events PRAs.

Include explanation of whether significant changes had been made in the CNS and MNS internal event PRAs such as important equipment modifications or model upgrade since the last time the PRAs had been peer reviewed.

Duke Energy Response to APLA RAI-13.a:

The CNS internal events PRA was originally peer reviewed in 2001, using the technical element checklists contained in NEI 00-02, Industry PRA Peer Review Process Guidelines. After the Findings from the peer review were addressed, the decision was made to have the PRA peer reviewed to RG 1.200 and the ASME/ANS PRA Standard, since the model was significantly upgraded. The old F&Os would not need to be revisited as part of a PRA quality review, thereby eliminating unnecessary work.

The Catawba internal flood, high wind and fire PRA models are based on minor revisions to the Catawba Rev. 3 internal events PRA model. Subsequently, the internal events model was updated and issued as Catawba Rev. 4. Significant internal events model changes between revisions 3 and 4 include the following:

Updated model data

Re-performed HRA and dependency analysis

Developed unit-specific models.

Developed a Condensate System model

Developed a Condenser Circulating Water System model

Added and deleted initiators

Switched from single to multiple alignment system models

Included support system initiator fault trees in the PRA model (upgrade)

Switched from the Multiple Greek Letter approach to the alpha-factor method for quantifying common cause failure events (model upgrade).

Page 35 of 47 RA-18-0094 APLA RAI-13.b Explain how the CNS and MNS fire and high winds PRAs incorporate updates performed for the internal events PRA in response to F&Os generated from the 2015 peer reviews.

Duke Energy Response to APLA RAI-13.b:

These models have not been revised to incorporate updates from the 2015 peer reviews.

APLA RAI-13.c If the CNS and MNS fire and high winds PRAs do not incorporate updates performed for the internal events PRAs in response to F&Os generated from the 2015 peer reviews, then justify that the CNS and MNS fire and high winds PRAs meets PRA quality expectations prescribed in RG 1.200, Revision 2, for risk-informed applications. Alternatively, incorporate updates performed for the internal events PRAs in response to F&Os generated from the 2015 peer reviews into the CNS and MNS fire and high winds PRA models used for this LAR that aggregate the PRA updates requested in APLA RAI-14.

Duke Energy Response to APLA RAI-13.c:

The acceptability of the fire and high wind models for the ESPS LAR is justified by the peer reviews on those models (see Section 6.1.3.1 of LAR Attachment 6) and the resolutions of Finding F&Os generated during those reviews, as discussed in Attachment 8, section 8.7 (Catawba High Winds) and section 8.9 (Catawba Fire). In addition, for ESPS, the CNS fire PRA model was updated to incorporate the latest fire modeling information used for the NFPA 805 RAI #3 submittal.

The fire and high wind models are based on minor revisions of the Rev. 3 internal events model, as noted in the response to RAI 13.a above. The 2015 peer reviews were performed on the Rev. 4 internal events models, which are significantly different from the Rev. 3 models.

Thus, F&Os generated from the 2015 peer reviews are not necessarily applicable to the fire and high wind models.

APLA RAI Aggregate Update Analysis Regulatory Guide 1.174, Revision 2, provides quantitative guidelines on CDF and LERF and identifies acceptable changes to these frequencies that result from proposed changes to the plants licensing basis and describes a general framework to determine the acceptability of risk-informed changes. Regulatory Guide 1.177, Revision 1, provides risk acceptance guidelines on ICCDP and ICLERP and identifies acceptable changes to these probabilities that result from proposed changes to permanent changes to the licensees TSs. The NRC staff review of the information in the LAR has identified additional information that is required to fully characterize the risk estimates.

Page 36 of 47 RA-18-0094 The PRA methods and treatments discussed in the following RAIs may need to be revised to be acceptable by the NRC:

APLA RAI-01.a regarding application of the DA recovery rules in the CNS PRAs.

APLA RAI-04 regarding potential impacts of updated fire frequencies.

APLA RAI-05.a regarding use of appropriate EDG, SSF, and ESPS failure probabilities in the CNS and MNS PRAs.

APLA RAI-05.b regarding use of appropriate non-safety equipment failure probabilities for the SSF and ESPS diesel generators in the CNS and MNS PRAs.

APLA RAI-06.a regarding consistent application of HEP values for ESPS in the CNS and MNS PRAs.

APLA RAI-06.b regarding incorrect ESPS HEPs in the CNS and MNS PRAs.

APLA RAI-07.b regarding the reasonableness of the ESPS HFEs and HEPs in the CNS and MNS PRAs.

APLA RAI-11.a regarding modeling the differences between units in the CNS PRAs.

APLA RAI-11.b regarding modeling restricted test and maintenance in the CNS PRAs.

APLA RAI-13.c regarding incorporation of internal events PRA modeling updates in response to F&O into the CNS and MNS fire and high winds PRA models.

To fully address the RAIs cited above, provide the following:

APLA RAI-14.a For PRA updates required in response to the RAIs cited above, provide the results of an aggregate analysis that reflect the combined impact of the updates on the LAR risk results (i.e.,

CDF, LERF, ICCDP and ICLERP). PRA updates that cannot have a synergistic impact with other updates can be performed one-at-a-time. Also, provide an update of the sensitivity studies (e.g., the sensitivity study referred to in RAI 04) discussed in the LAR that reflect the combined updates to the PRA performed in response to other RAIs that support the LAR risk results.

Duke Energy Response to APLA RAI-14.a:

The 14-day CT best estimate values are shown below. They include the revised methods and data identified in previous APLA items. The results are below the 1E-6 ICCDP and 1E-7 ICLERP RG 1.177 guidelines.

The internal event risk analysis uses the limiting unit and train alignment. The fire model uses the limiting unit.

Page 37 of 47 RA-18-0094 Best Estimate RG 1.177 ICCDP Summary Hazard 14 Day CT Base Multiplier ICCDP Internal Events 4.64E-06 4.40E-06 14/365 9.21E-09 Internal Flooding 2.60E-05 2.19E-05 14/365 1.57E-07 High Winds 1.31E-05 9.31E-06 14/365 1.45E-07 Fire (limiting Unit) 2.99E-05 3.30E-05 14/365 -1.19E-07 Seismic 5.42E-06 5.44E-07 14/365 1.87E-07 Sum = 3.80E-07 Best Estimate RG 1.177 ICLERP Summary Hazard 14 Day CT Base Multiplier ICLERP Internal Events 3.43E-07 3.25E-07 14/365 6.90E-10 Internal Flooding 7.51E-07 2.58E-07 14/365 1.89E-08 High Winds 1.14E-06 9.08E-07 14/365 8.90E-09 Fire (limiting Unit) 2.53E-06 2.90E-06 14/365 -1.42E-08 Seismic 7.96E-07 1.19E-07 14/365 2.60E-08 Sum = 4.03E-08 The overall CDF and LERF impact of the CT and addition of the ESPS system still represents a risk decrease. (The values presented include the conservatism and changes required for the aggregate risk calculation).

Since the seismic modeling does not credit the ESPS system, the ESPS credit and the base case models and values are the same.

Best Estimate 351 Day ICCDP Risk Contribution Summary Hazard ESPS credit Base Multiplier ICCDP Internal Events 3.58E-06 4.40E-06 351/365 -7.89E-07 Internal Flooding 2.19E-05 2.19E-05 351/365 0.00E+00 High Winds 1.65E-06 9.31E-06 351/365 -7.37E-06 Fire (limiting Unit) 3.19E-05 3.30E-05 351/365 -1.06E-06 Seismic 5.44E-07 5.44E-07 351/365 0.00E+00 Sum = -9.21E-06 Best Estimate 351 Day ICLERP Risk Contribution Summary Hazard ESPS credit Base Multiplier ICLERP Internal Events 1.88E-07 3.25E-07 351/365 -1.32E-07 Internal Flooding 2.58E-07 2.58E-07 351/365 0.00E+00 High Winds 7.09E-08 9.08E-07 351/365 -8.05E-07 Fire (limiting Unit) 2.78E-06 2.90E-06 351/365 -1.15E-07 Seismic 1.19E-07 1.19E-07 351/365 0.00E+00 Sum = -1.05E-06 Page 38 of 47 RA-18-0094 Total risk result from assuming a 14-day CT entry and ESPS nominal availability the remainder of the year.

Best Estimate CDF For Entire Change Hazard 14-day CT 351 Day CDF Internal Events 9.21E-09 -7.89E-07 -7.79E-07 Internal Flooding 1.57E-07 0.00E+00 1.57E-07 High Winds 1.45E-07 -7.37E-06 -7.22E-06 Fire (limiting Unit) -1.19E-07 -1.06E-06 -1.18E-06 Seismic 1.87E-07 0.00E+00 1.87E-07 Sum = -8.83E-06 Best Estimate LERF For Entire Change Hazard 14-day CT 351 Day LERF Internal Events 6.90E-10 -1.32E-07 -1.31E-07 Internal Flooding 1.89E-08 0.00E+00 1.89E-08 High Winds 8.90E-09 -8.05E-07 -7.96E-07 Fire (limiting Unit) -1.42E-08 -1.15E-07 -1.30E-07 Seismic 2.60E-08 0.00E+00 2.60E-08 Sum = -1.01E-06 The 14-day CT aggregate sensitivity case results are shown below. The results are above the 1E-6 ICCDP and 1E-7 ICLERP RG 1.177 guidelines.

Aggregate Sensitivity RG 1.177 ICCDP Summary Hazard 14 Day CT Base Multiplier ICCDP Internal Events 6.84E-06 4.36E-06 14/365 9.51E-08 Internal Flooding 2.65E-05 2.28E-05 14/365 1.42E-07 High Winds 2.74E-05 1.29E-05 14/365 5.56E-07 Fire (limiting Unit) 4.87E-05 4.04E-05 14/365 3.18E-07 Seismic 3.60E-06 2.90E-07 14/365 1.27E-07 Sum = 1.24E-06 Aggregate Sensitivity RG 1.177 ICLERP Summary Hazard 14 Day CT Base Multiplier ICLERP Internal Events 7.15E-07 3.50E-07 14/365 1.40E-08 Internal Flooding 6.95E-07 2.48E-07 14/365 1.71E-08 High Winds 2.73E-06 1.32E-06 14/365 5.41E-08 Fire (limiting Unit) 4.86E-06 3.91E-06 14/365 3.64E-08 Seismic 7.96E-07 6.26E-08 14/365 2.81E-08 Sum = 1.50E-07 The overall CDF and LERF impact of the CT and addition of the ESPS system still represents a risk decrease. (The values presented include the conservatism and changes required for the aggregate risk calculation).

Page 39 of 47 RA-18-0094 Since the seismic modeling does not credit the ESPS system, the ESPS credit and the base case models and values are the same.

Aggregate Sensitivity 351 Day ICCDP Risk Contribution Summary Hazard ESPS credit Base Multiplier ICCDP Internal Events 3.78E-06 4.47E-06 351/365 -6.64E-07 Internal Flooding 2.28E-05 2.28E-05 351/365 0.00E+00 High Winds 4.54E-06 1.29E-05 351/365 -8.04E-06 Fire (limiting Unit) 3.96E-05 4.04E-05 351/365 -7.69E-07 Seismic 2.90E-07 2.90E-07 351/365 0.00E+00 Sum = -9.47E-06 Aggregate Sensitivity 351 Day ICLERP Risk Contribution Summary Hazard ESPS credit Base Multiplier ICLERP Internal Events 2.20E-07 3.49E-07 351/365 -1.24E-07 Internal Flooding 2.47E-07 2.48E-07 351/365 -9.62E-10 High Winds 3.77E-07 1.32E-06 351/365 -9.07E-07 Fire (limiting Unit) 3.81E-06 3.91E-06 351/365 -9.62E-08 Seismic 6.26E-08 6.26E-08 351/365 0.00E+00 Sum = -1.13E-06 Total risk result from assuming a 14-day CT entry and ESPS nominal availability the remainder of the year.

Aggregate Sensitivity CDF For Entire Change Hazard 14 Day CT 351 Day CDF Internal Events 9.51E-08 -6.64E-07 -5.68E-07 Internal Flooding 1.42E-07 0.00E+00 1.42E-07 High Winds 5.56E-07 -8.04E-06 -7.48E-06 Fire (limiting Unit) 3.18E-07 -7.69E-07 -4.51E-07 Seismic 1.27E-07 0.00E+00 1.27E-07 Sum = -8.23E-06 Aggregate Sensitivity LERF For Entire Change Hazard 14 Day CT 351 Day LERF Internal Events 1.40E-08 -1.24E-07 -1.10E-07 Internal Flooding 1.71E-08 -9.62E-10 1.62E-08 High Winds 5.41E-08 -9.07E-07 -8.53E-07 Fire (limiting Unit) 3.64E-08 -9.62E-08 -5.97E-08 Seismic 2.81E-08 0.00E+00 2.81E-08 Sum = -9.78E-07 APLA RAI-14.b For each RAI listed above, summarize briefly how the issue(s) cited in the RAI were resolved for the PRA or LAR. If the resolution involved an update to the PRA models, then briefly summarize the PRA update.

Page 40 of 47 RA-18-0094 Duke Energy Response to APLA RAI-14.b:

APLA RAI-01.a:

The Human Reliability Action recovery rules were ordered with the most complex (most recovered actions) rules first. Within the groups of equal complexity, the recoveries were ordered from smallest HEP value to largest. The results of this change are included in the aggregate sensitivity and best estimate cases.

APLA RAI-04:

The updated fire frequencies were used for both the best estimate and aggregate sensitivity cases.

APLA RAI-05.a:

To address the issue, the aggregate sensitivity study used the latest plant specific failure rates from the most recent internal events model for the existing diesel generators. The generic station blackout diesel failure rates from NUREG/CR-6928 2016 updated parameter estimates were used for ESPS failure rates for the aggregate sensitivity case. The diesel generator output breakers were removed from the internal flood, high winds and fire models to match the component boundary assumptions used for the updated data source.

For the best estimate case, the latest Catawba failure data was used to Bayesian update the NUREG/CR-6928 2016 updated parameter estimates for the diesel generators. The extensive factory acceptance testing data was used to update the ESPS diesel generator failure rates.

Component Failure Mode Type Distribution Prior 5th Prior 95th 1/Units a b Description Description Code Type Percentile Percentile Emergency Diesel Fails to Run DGR Gamma H 2.53 1.66E+03 3.53E-4 3.36E-3 Generator Emergency Diesel Fails to Start DGS Beta N 9.19 3.18E+03 1.52E-3 4.60E-3 Generator Emergency Diesel Fails to DGX Gamma H 3.47 9.33E+02 1.14E-3 7.49E-3 Generator Load/Run Standby Shutdown Fails to Run SDR Gamma H 2.50 1.67E+03 3.43E-4 3.31E-3 Facility Diesel Generator Standby Shutdown Fails to Start SDS Beta N 12.50 4.08E+02 1.75E-2 4.45E-2 Facility Diesel Generator ESPS Diesel Generator Fails to Run DSR Gamma H 2.50 1.67E+03 3.43E-4 3.31E-3 ESPS Diesel Generator Fails to Start DSS Beta N 12.50 4.08E+02 1.75E-2 4.45E-2 Page 41 of 47 RA-18-0094 Posterior Posterior Component Failure Mode CNS Demands Updated Mean a' b' 5th 95th Description Description Failures or Hours Failure Rate Percentile Percentile Emergency Diesel Fails to Run 2 432 4.53 2.09E+3 8.03E-4 4.06E-3 2.17E-3 Generator Emergency Diesel Fails to Start 1 432 10.19 3.61E+3 1.54E-3 4.40E-3 2.82E-3 Generator Emergency Diesel Fails to 4 432 7.47 1.37E+3 2.64E-3 9.13E-3 5.47E-3 Generator Load/Run Standby Shutdown Facility Diesel Fails to Run 2 216 4.50 1.89E+3 8.82E-4 4.49E-3 2.39E-3 Generator Standby Shutdown Facility Diesel Fails to Start 3 216 15.50 6.24E+2 1.52E-2 3.50E-2 2.48E-2 Generator ESPS Diesel Generator Fails to Run 0 151 2.50 1.82E+3 3.15E-4 3.04E-3 1.37E-3 ESPS Diesel Generator Fails to Start 0 108 12.50 5.16E+2 1.39E-2 3.54E-2 2.42E-2

APLA RAI-05.b The aggregate sensitivity case ESPS failure rate used the generic station blackout diesel failure rates from NUREG/CR-6928 2016 updated parameter estimates. Explanation of SSF failure rate development provided in APLA RAI-05.b response.

The ESPS diesel start and run failure rate based on factory acceptance testing (0 failures out of 108 starts; 0 failures in 151 run hours) were used to Bayesian update the SBO diesel failure rates from NUREG/CR-6928 2016 updated parameter estimates for the best estimate case.

APLA RAI-06.a In the internal flooding case the conservative (non-CT, doubled) HEP was used in the CT instance, resulting in a larger ICCDP and ICLERP results for internal flooding. The appropriate case specific HEP values were used for this response.

APLA RAI-06.b The appropriate case specific HEP values were used. The aggregate sensitivity case uses the doubled best estimate values.

APLA RAI-07.b The estimated HEP values have been doubled for the aggregated sensitivity case.

APLA RAI-11.a Based on the response to APLA RAI-11.a, no additional model changes were required for the aggregate sensitivity or best estimate cases.

APLA RAI-11.b The restricted test and maintenance items are listed in the response to APLA RAI-14.d

APLA RAI-13.c The models used, were as described and justified in the response to APLA RAI-13.c.

Page 42 of 47 RA-18-0094 APLA RAI-14.c Confirm that the updated results still meet the risk acceptance guidelines in RG 1.177, Revision 1, and RG 1.174, Revision 2.

Duke Energy Response to APLA RAI-14.c:

The best estimate results presented in part a show the 14-day CT ICCDP and ICLERP are within the RG 1.177 guidelines and the overall change results in a risk reduction which is within the limits of RG 1.174.

APLA RAI-14.d If the risk acceptance guidelines are exceeded, then identify which risk acceptance guidelines are exceeded and provide qualitative or quantitative justification that support the conclusions of the LAR. If applicable, include discussion of conservatisms in the analysis and the risk significance of these conservatisms.

Duke Energy Response to APLA RAI-14.d:

The ICCDP and ICLERP guidelines were not exceeded using the best estimate risk values.

The ICCDP and ICLERP for the sensitivity case were above the RG1.177 guidelines.

The addition of an alternate AC source that can support an entire safety train AC load, which is required by BTP 8-8 to request the extended EDG CT, results in a significant reduction in total CDF and LERF. (Approximately 10% total CDF and LERF reduction including the impact of a full 14-day CT in addition to normal historical EDG unavailability.)

The extended EDG CT will help increase the reliability of the existing EDG by facilitating maintenance that would take longer than the existing CT limit.

There are conservatisms in both the best estimate and aggregate risk estimates:

No credit is given for the ESPS and SSF systems for the seismic portion of the risk evaluation. For the lower seismic intervals, commercial buildings would have some seismic ruggedness, that could be credited and these are the same codes and standards that were used for design of the ESPS structures and systems.

Both the best estimate and sensitivity cases were performed with the updated fire frequencies provided in NUREG-2169. The reduction in heat release rates from NUREG-2178 were not incorporated, resulting in conservatism in the fire risk analysis results. In addition, the EPRI/NRC draft Methodology for Classification of Growth Modeling and Revised Manual Suppression for Fire Events indicates that there would be additional conservatism in the fire risk analysis results.

Conservative assumptions were still used in the fire PRA circuit analysis concerning loss of offsite power.

Page 43 of 47 RA-18-0094

The operator action did not include any credit for recovery. The lack of power to the required loads off of the safety bus following the start and alignment of ESPS power would be a clear chance for recovery. Without a procedure, this was conservatively not credited and would provide a significant improvement in the HEP values used.

The alignment of the ESPS system for the CT risk assessment was assumed to only support the emergency bus of the EDG in the extended CT. This results in not crediting the ESPS system for the opposite train emergency bus, effectively reducing some of the available redundancy of available equipment.

Minimal credit is given in the high winds case for the SSF due to operator action feasibility. Many of the hypothesized wind events would allow the operator action to occur later, which would allow the igniters to be powered from the SSF, reducing the LERF contribution.

The risk analysis does not include any credit for the FLEX equipment.

The only equipment test & maintenance explicitly excluded from the 14-day CT best estimate and aggregated risk sensitivity case were the ESPS system, the SSF facility, the turbine driven AFW pump, and the opposite train diesel generator.

APLA RAI LAR Anomalies Section 4, Element 4: Documentation and Submittal, of RG 1.177, Revision 1, states that the evaluations performed to justify the proposed TS changes should be documented and included in the LAR submittal. Address the following clerical oversights in the LAR.

APLA RAI-15.a The LAR states as a reference RG 1.200, but does not provide a revision.

Clarify what revision is being referenced in the LAR and ensure other LAR references have the appropriate revision or date.

Duke Energy Response to APLA RAI-15.a: , Section 6.3, Reference 2, Regulatory Guide 1.200 is Revision 2.

APLA RAI-15.b For CNS, LAR Attachment 6, Section 6.1.3 states the peer review for the internal events PRA was conducted in October 2015. However, LAR Attachment 6, Section 6.1.3.1 states it was performed in December 2015.

Clarify the date of the peer review for the internal events PRA.

Duke Energy Response to APLA RAI-15.b:

The internal events PRA peer review was held the week of December 7, 2015.

Page 44 of 47 RA-18-0094 APLA RAI-15.c of the LAR lists that there are 648 pages, but only 646 were provided.

Clarify the number of pages in LAR Attachment 7 and provide any missing pages.

Duke Energy Response to APLA RAI-15.c:

There are no missing pages in the LAR. Attachment 7 should say out of 646 pages.

APLA RAI-15.d Table 6-25 of the LAR lists the results as CDF(/yr) and LERF(/yr), yet the values in the first two rows of those columns appear to be ICCDP and ICLERP.

Clarify the correct column labeling for this table in the LAR.

Duke Energy Response to APLA RAI-15.d:

Table 6-25 is correct as labeled. It is a combination of the same units of information that Table 6-23 and 6-24 presents, combined into one table. The first 4 entries could have extra labels for identifying ICCDP and ICLERP if it were determined necessary.

APLA RAI-15.e For CNS, Section 6.1.5.7 of LAR Attachment 6 provides ACUBE calculated changes in CDF of 3.87E-07 and 3.18E-08 for LERF for the 14-day CT case. Whereas, Tables 6-26 through 6-33 show a change in CDF of 1.01E-05 and 8.16E-07 for LERF.

Clarify in the LAR the correct values in these sections and ensure consistency of values.

Duke Energy Response to APLA RAI-15.e:

The correct values are a CDF of 1.01E-05 and LERF of 8.16E-07.

APLA RAI-15.f Section 3.12.1 of the LAR lists four PRA assumptions, while LAR Attachment 6, Section 6.1.6 lists five PRA assumptions.

Clarify the correct number of PRA assumptions used in the analysis.

Duke Energy Response to APLA RAI-15.f:

Section 3.12.1 of the LAR is incorrect. Five PRA assumptions were used in the analysis, as listed in Attachment 6.

Page 45 of 47 RA-18-0094 APLA RAI F&O Closure Assessment Process During the PRA audit, the NRC requested documentation of the appendix X gap closure process Duke Energy Response to APLA RAI-16:

Internal Flooding F&O Resolutions The Catawba Internal Flooding Peer Review was conducted in 2012. Subsequent to the 2012 Peer Review, the Internal Flooding PRA model and documentation was updated to resolve the Peer Review F&Os. As part of the December 2015 Internal Events Peer Review, an independent review was performed on the CNS Internal Flood F&O resolutions to determine if they were resolved and that the corresponding SRs are MET at CC-II or greater. This independent review was documented within the Internal Events Peer Review report. The independent review was performed prior to NRC acceptance of NEI Appendix X.

Upon NRC acceptance of NEI Appendix X, a gap assessment was performed internally by Duke Energy to assess the acceptability of the 2015 independent review for Internal Flooding F&O resolutions against the current industry guidance for independent reviews (NEI Appendix X) as accepted by the NRC. This gap assessment identified certain shortcomings of the 2015 report, specifically pertaining to the lack of justification that F&O resolutions are considered to be maintenance/updates as opposed to PRA upgrades.

In order to close the identified gap to meeting the NEI Appendix X requirements, the same individuals who performed the 2015 Independent Review were contracted again in 2017 to perform a second independent review, including an assessment of whether or not each F&O resolution constitutes an upgrade to the PRA. This 2017 independent review also included an assessment of how each requirement of NEI Appendix X and NRC Expectations was met by the 2015 and 2017 reviews. Duke Energy provided the 2017 independent review team with documentation of F&O resolutions and a self-assessment of whether or not each resolution could constitute a PRA upgrade.

The 2017 Independent Review report shows that each requirement of NEI Appendix X and NRC expectations for independent F&O closure assessments is met with no exceptions. Therefore, it is shown that all Internal Flooding F&Os determined to be closed by the 2015 and 2017 independent reviews are indeed closed in accordance with NEI Appendix X and NRC expectations.

LERF F&O Resolutions The Catawba LERF Peer Review was conducted in 2012. Subsequent to the 2012 Peer Review, the LERF PRA model and documentation were updated to resolve the Peer Review F&Os. As part of the December 2015 Internal Events Peer Review, an independent review was performed on the CNS LERF F&O resolutions to determine if they were resolved and that the Page 46 of 47 RA-18-0094 corresponding SRs were MET at CC-II or greater. This independent review was documented within the Internal Events Peer Review report. The independent review was performed prior to NRC acceptance of NEI Appendix X.

Upon NRC acceptance of NEI Appendix X, a gap assessment was performed by Duke Energy to assess the acceptability of the 2015 independent review for LERF F&O resolutions against the current industry guidance for independent reviews (NEI Appendix X) as accepted by the NRC. This gap assessment identified certain shortcomings of the 2015 report, specifically pertaining to the lack of justification that F&O resolutions are considered to be maintenance/updates as opposed to PRA upgrades.

In order to close the identified gap to meeting the NEI Appendix X requirements, the same individuals who performed the 2015 Independent Review were contracted again in 2017 to perform a second independent review, including an assessment of whether or not each F&O resolution constitutes an upgrade to the PRA. This 2017 independent review also included an assessment of how each requirement of NEI Appendix X and NRC Expectations was met by the 2015 and 2017 reviews. Duke Energy provided the 2017 independent review team with documentation of F&O resolutions and a self-assessment of whether or not each resolution could constitute a PRA upgrade.

The 2017 Independent Review report shows that each requirement of NEI Appendix X and NRC expectations for independent F&O closure assessments is met with no exceptions. Therefore, it is shown that all LERF F&Os determined to be closed by the 2015 and 2017 independent reviews are indeed closed in accordance with NEI Appendix X and NRC expectations.

Internal Events F&O Resolutions The CNS Internal Events PRA Peer Review was performed in December of 2015. Subsequent to the 2015 Peer Review, the Internal Events PRA model and documentation were updated to resolve the Peer Review F&Os. These resolutions were not independently reviewed prior to the ESPS LAR submittal. Therefore, all Internal Events F&Os are dispositioned in the LAR submittal.

Page 47 of 47 RA-18-0094 Attachment 5 Regulatory Commitments RA-18-0094 The following table identifies the regulatory commitments in this document by Duke Energy Carolinas, LLC (Duke Energy) for the Catawba Nuclear Station, Units 1 and 2. Any other statements in this submittal represent intended or planned actions, and are provided for information purposes. They are not considered to be regulatory commitments.

TYPE SCHEDULED Continuing COMPLETION COMMITMENT One-time Compliance DATE

1. The preplanned diesel generator (DG) maintenance will not be scheduled if severe X weather conditions are anticipated. Weather Prior to conditions will be evaluated prior to intentionally implementing entering the extended DG Completion Time (CT) the approved and will not be entered if official weather forecasts Technical are predicting severe weather conditions (i.e.,

Specification thunderstorm, tornado or hurricane warnings).

3.8.1 diesel Operators will monitor weather forecasts each shift generator during the extended DG CT. If severe weather or Completion Time grid instability is expected after a DG outage extension.

begins, station managers will assess the conditions and determine the best course for returning the DG to operable status.

2. Component testing or maintenance of safety Prior to systems and important non-safety equipment in X implementing the offsite power systems that can increase the the approved likelihood of a plant transient (unit trip) or loss of Technical offsite power (LOOP) will be avoided during the Specification extended DG CT. 3.8.1 diesel generator Completion Time extension.

Page 1 of 3 RA-18-0094

3. No discretionary switchyard maintenance will be Prior to performed during the extended DG CT. X implementing the approved Technical Specification 3.8.1 diesel generator Completion Time extension.

4. The turbine-driven auxiliary feed water pump will Prior to not be removed from service for elective X implementing maintenance activities during the extended CT. the approved The turbine-driven auxiliary feed water pump will Technical be controlled as protected equipment during the Specification extended DG CT. 3.8.1 diesel generator Completion Time extension.

5. During the extended DG CT, the Emergency Prior to Supplemental Power Source (ESPS) will be X implementing routinely monitored during operator rounds, with the approved monitoring criteria identified in the operator rounds. Technical The ESPS will be monitored for fire hazards during Specification operator rounds. 3.8.1 diesel generator Completion Time extension.

Page 2 of 3 RA-18-0094

6. Licensed Operators and Auxiliary Operators will be Prior to trained on the purpose and use of the ESPS and X implementing the revised emergency procedure (EP) actions. the approved Personnel performing maintenance on the ESPS Technical will be trained. Specification 3.8.1 diesel generator Completion Time extension.

7. The system load dispatcher will be contacted once Prior to per day to ensure no significant grid perturbations X implementing (high grid loading unable to withstand a single the approved contingency of line or generation outage) are Technical expected during the extended DG CT. Specification 3.8.1 diesel generator Completion Time extension.

8. TS required systems, subsystems, trains, Prior to components and devices that depend on the X implementing remaining power sources will be verified to be the approved operable and positive measures will be provided to Technical preclude subsequent testing or maintenance Specification activities on these systems, subsystems, trains, 3.8.1 diesel components and devices during the extended DG generator CT. Completion Time extension.

9. Prior to entering the extended CT for an inoperable Prior to DG, the station will ensure that each train of implementing X

shared systems is powered by an operable Class the approved 1E AC Distribution System, with an operable DG, Technical from opposite units. Specification 3.8.1 diesel generator Completion Time extension.

Page 3 of 3

v t e Letter Sequence Supplement
CAC:MF9667, Control Room Habitability (Approved, Closed)
Initiation Request, Request, Request, Request, Request Acceptance, Acceptance Supplement, Supplement, Supplement, Supplement, Supplement, Supplement Administration Meeting Questions Answers 10 July 2018 3 December 2018 10 July 2019 Results Approval, Approval, Approval Other: ML18046B077, ML18117A187, ML18249A046
MONTHYEAR2018-05-02 [Table View]

RA-18-0094, Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating

Text

SUBJECT:

REFERENCES:

Enclosure:

Navigation menu

RA-18-0094, Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating

Text

SUBJECT:

REFERENCES:

Enclosure:

Navigation menu

Search