ML19256F979

From kanterella
Jump to navigation Jump to search
Auxiliary Feedwater Sys Reliability Analyses.
ML19256F979
Person / Time
Site: Arkansas Nuclear Entergy icon.png
Issue date: 12/31/1979
From: Dorman R, Enzinna R, Weaver W
BABCOCK & WILCOX CO.
To:
Shared Package
ML19256F977 List:
References
BAW-1584, NUDOCS 7912270156
Download: ML19256F979 (32)
v  d  e


Text

. . . . _

BAW-1584 December 1979 AUXILIARY FEEDWATER SYSTEMS RELIABILITY ANALYSES A Generic Report for Plants With Babcock & Wilcox Reactors Dl0 rtliR2D U .*2D.2.R TY$ 2 1645 263 Babcock &Wilcox 7912270 l

BAW-1584 December 1979 2

AUXILIARY FEEDWATER SYSTEMS RELIABILITY ANALYSE 5 A Generic Report for Plants With Babcock & Wilcox Reactors by W. W. Weaver R. W. Dorman R. S. Enzinna A

BABC0CK & WILC0X Power Generation Group 1645 264 Nuclear Power Generation Division P. O. Box 1260 Lynchburg, Virginia 24505 Babcock & \Vilcox

EXECUTIVE

SUMMARY

This report presents a generic summary of the analysis methods and results of a reliability study of Auxiliary Feedwater Systems (AFWS) at operating plants with Babcock & Wilcox designed Nuclear Steam Supply Systems.

The objectives of this report were:

I

1) To identify, through reliability based' insights, dominant contributors to APWS unreliability.
2) To assess 9e relative reliability of B&W operating plant Auxiliary Feedwater Systems.

Dominant contributors to unreliability are identified in Table 2. These con-tributors vary widely in significance, ranging from the relatively unavoidable contribution of preventive maintenance to AC dependencies which preclude system operation on loss of AC power. In every case where significant contributors were, identified, improvements by design and/or procedural changes should be achievable. These contributors provide a rational basis for design changes to improve AR4S reliability.

A comparative perspective on the range of reliabilities which can be expected I

from B&W operating plant Auxiliary Feedwater Systems is shown in Figure 1.

The relationship of these values to the NRC-calculated reliabilities for plants of Westinghouse and Combustion Engineering design is not straight foraard in that certain assumptions appear to be more conservative in the B&W analyses than in the NRC analyses; the basis for this belief is explained in Appendix B.

- iii - 1645 265

CONTENTS Page EXECUTIVE

SUMMARY

, . . . . . . . . . . . . . . . . . . . . . . . iii

1.0 INTRODUCTION

.......................... 1 1.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Scope ........................... 2 1.4 Summary and Conclusions .................. 3 1.5 Limitations ........................ 4

2.0 DESCRIPTION

OF ANALYSIS . . . . . . . . . . . . . . . . . . . . . 5 2.1 Analysis Method ...................... 5 2.2 General Assumptions and Criteria . . . . . . . . . . . . . . 7 3.0 OVERVIEW 0F B&W AUXILIARY FEEDWATER SYSTEMS . . . . . . . ... 10 4.0 RELIABILITY EVALUATI0" ..........'........... 12 4.1 Quantitative Analysis Results ............... 12 4.2 Dominant Failure ContriLutors ............... 13 4.3 Single Point Vulnerabilities . . . . . . . . . . . . . . . . 15 REFERENCES ........................... 21 APPENDIX A -- NRC-Supplied Data ................. A-1 APPENDIX B - Comparability With NRC Analyses for the Reliability of Auxiliary Feedwater Systems . . . . . B-1 List of Tables

1. Summary of Major Characteristics of B&W Operating Plant AFW Systems .................. 16
2. Major Failure Contributors .................. 17 List of Figures 1A. Relative AFWS Reliabilities, LMFW ............... 18
18. Relative AFWS Reliabilities, LMFW/ Loop . . . . . . . . ..... 19 1C. Relative AFWS Reliabilities, LMFW/LOAC . . . . . . . . . . . . . 20 B-1 Effect of Assumption on Calculated AFWS Reliability ...... B-3 B-2 Comparison of B&W AFWS Reliability With NRC Results for 'f Plants B-4 Babcock & kViicox

-v-1645 266

1.0 INTRODUCTION

This report presents a generic summary of the analysis methods and results of a reliability study of Auxiliary Feedwater Systems at operating plants with Babcock & Wilcox (B&W) designed Nuclear Steam Supply Systems.

The Auxiliary Feedwater System functions as an emergency system for the removal of heat from the primary system when main feedwater is not available. Some B&W operating plants refer to this system as an Emergency Feedwater System; however, throughout this report, the term Auxiliary Feedwater System ( AFWS) will be used.

Also contained in th:s report is an overview of APAS designs at the B&W operating plants, a description of assumptions used during this study and appropriate limitations which should be observed when considering the results of the study.

2 1.1 Backaround As one outgrowth of the incident at Three Mile Island-2, the NRC requested all operating plants to consider means for upgrading the reliability .

of their Auxiliary Feedvater Systems. As a part of the response to this request, the B&W Owners Group utilities asked B&W to perform reliability analyses of the existing A xiliary Feedwater Systems at each B&W operating plant. The ultimate object le of this work is to determine what changes, i f any, will improve AFWS r .iability.

The NRC has conducted similar analyses for Westinghouse and Combustion 3

Engineering plants; descriptions of those analyses and the results are in References 1 and 2. The NRC requested that the B&W analyses be performed within a time frame and on a basis consistent with the NRC's own analyses.

Accordingly, the scope of B&W's study and arrangement of the schedule were made in agreement with the NRC's request.

B&W performed the requested analyses and has issued to each of the utilities a report containing a plant specific AFWS reliability evaluation. A aeneric summary of the analysis methods and results contained in these plant specific reports are presented herein.

I 1.2 Objectives The objectives of this study were:

o To perform simplified analyses to assess the relative reliability of B&W operating plant Auxiliary Feedwater Systems. It was intended that these analyses would be performed on a basis consistent with that used by the NRC in analyses for Westinghouse and Combustion Engineer-g ing plants. It was further intended that such consistency would be l achieved tiy use of the same evaluative technique, event scenarios, assumptions and reliability data used by the NRC.

o To identify, through the development of reliability-based insight, dominant contributors to AFWS unreliability.

I 1.3 Scope Auxiliary Feedwater Systems at the following B&W operating plants were analyzed:

Rancho Seco Oconee Units I, II & III Crystal River-3 Davis-Besse-1 Arkansas Nuclear One-1 Three Mile Island-1 The analysis for each plant was based on the configuration of the Auxiliary Feedwater System as it existed on August 1,1979, but also included were any near-term changes which were already in process and which would be in place by December 3,1979. An exception was made for the Three Mile Island-1 plant; a configuration date of early 1980, corresponding to the earliest anticipated startup of this plant was used.

Three event scenarios were considered in this study:

o Case 1 - Loss of Main Feedwater with Reactor Trip (LMFW) o Case 2 - LMFW coincident with Loss of Offsite Power (LMFW/ LOOP) o Case 3 - LMFW coincident with Loss of all AC Power (LMFW/LOAC).

l l

l -2 1645 268

These event scenarios were taken as given; that is, postulated causes for these scenarios and the associated probabilities of their occurrences were i

not considered. Additionally, external common mode events (earthquakes, fires, etc.) and their effects were excluded from consideration.

For each of the three cases, system reliability as a function of time was evaluated. Three times were considered: 5,15 and 30 minutes following LMFW (Refer to Section 2.2). A total of 54 detailed fault tree analyses were. performed covering the six AFWS designs with three event scenarios and at three times for each event. Each plant's specific event tree can be found in the respective plant specific report (References 4-9).

1.4 Summary and Conclusions The principal result of this study is the identification of dominant contributors to AFWS unavailability for each plant. Pending further evaluation by the utilities, these contributors may provide a rational basis for the selection of design changes to improve AFWS reliability.

The dominant contributors identified in Table 2 vary widely in significance, ranging from the relatively unavoidable contribution of preventive maintenance, to AC dependencies which will preclude system operation on loss of AC power. In every case where significant contrib-utors were identified, improvements by design and/or procedural changes should be achievable. If appropriate modifications are accomplished, B&W operating plant AFW Systems will exhibit, as a group, reliabilities close to the maximum reliability attainable for real, two-train systems.

The quantitative results of these analyses, shown in Figure 1, provide a general comparative perspective on the range of reliabilities which can be expected from B&W operating plant Auxiliary Feedwater Systems.

, Although it was intended that this study closely match the NRC study for Westinghouse and Combustion Engineering Auxiliary Feedwater Systems, the results of the two studies should not be directly compared; see Appendix B.

1645 269

1.5 Limitations Careful consideration must be given to the validity and applicability of the results of this study, these results could be misleading if taken out of context. Approrriate limitacions on the use of these results include:

(1) Relative reliability s tandinas. This report presents (Figure 1) the relative reliability standings of all the B&W plants, and while these results can show major differences, small differences between plants are not significant. Further, no direct comparison of the quanti-tative results for the B&W plants to the NRC calculated results for Westinghouse and C-E plants should be made without a thorough under-standing of the analyses. Even though a concerted effort was made to maintain uniformity with analysis methods and assumptions used by the NRC, B&W believes that certain inconsistencies exist. (See Appendix B.)

(2) Absolute values of availability. This analysis resulted in only relative reliabilities and not absolute values of AFWS unavailability.

Any inference o.f realistic AFWS reliability must address the probability of occurrence of the three event scenarios in addition to considering other defects which may accompany the conditions producing these scenarios.

(3) Dominant failure contributors. This analysis identified the dominant contributors to system unavailability, however, this report did not explore possible modifications to tnose contributors. While in some cases a simple change appears feasible, other cases are obviously complex situations with many possible solutions. Each utility must decide if cost-effective modifications are available for their dominant contributors. (Dominant contributors are discussed in Section 4.2.)

4 1645 270

2.0 DESCRIPTION

OF ANALYSIS 2.1 Analysis Method The analysis method used to evaluate the reliability of Auxiliary Feed-water Systems in operating B&W plants involved the construction and analysis of fault trees. The techniques used in this effort were cor.sistent with those described in the Reactor Safety Study, WASH-1400 (Reference 3).

The result of this analysis is the point unavailability of the AFWS, under three scenario conditions and at three points in time following the initial existence of conditions requiring AFWS initiation. Point unavailability is equivalent to the probability that the system will be unavailable at the point in time at which a demand is placed on it.

To support this analysis, each utility with a B&W NSSS furnished to B&W the

, plant specific system drawings, electrical schematic diagrams, operating, test and maintenance procedures and technical specifications for the Auxiliary Feedwater System and pertinent support systems. From this systems data, B&W extracted information necessary to prepare a detailed AFW system description (References 4 thru 9). This d'escription was reviewed for accuracy by the utility to ensure that the system analyzed was, indeed, the system that physically exists at the site.

A fault tree was constructed for each utility based on this detailed system description. The top level event in the fault tree was failure to achieve mission success (defined in Section 2.2). Top level sub-branches of the tree generally involved multiple failures resulting in the unavailability of all feedwater trains and included unavailability arising from preventive maintenance activities. Examples of multiple failures leading to system unavailability of a two-train system include:

failure of the pumps in both trains; or combination failures such as failure of one pump coupled with a discharge path failure in the opposite train and no available discharge cross-tie.

1645 271

^

From the top level event, fault tree branches were expanded downward to a level of detail corresponding to unavailability data which was supplied by the NRC. This level of detail was typically that associated with component failure cause (valve plugging, pump control circuit failure, etc.)

The NRC-supplied unavailability data consisted of expected unavailability numbers for typical fluid and control syster hardware, human failure probabilities as a function of time, and unavailability associated with preventive maintenance. This data was obtained as a part of Reference 1, and is shown in Appendix A. The data was supplemented when necessary by direct consultation with the NRC staff and by engineering judgment.

(The NRC has emphasized that these input data are largely unverified estimates of human and component reliability. According to the NRC, errors as large as an order of magnitude up or down may exist in tnis data. In spite of this uncertainty, such data can provide a uniform basis for obtaining reliability results for plants with substantially different system designs. Because of this uncertainty, ;5 solute values of calculated reliability must be strongly de-emphasized, and aven relative reliability standings are subject to uncertainty.)

Af ter construction of the fault tree, unavailability analyses were perfo rmed. These analyses were accomplished by .nserting the NRC-supplied data at the bottom-level basic events of the 'aul t tree and then working upward with hand calculations to assess the cumulation of unavailability.

Each tree was analyzed a total of nine times, this was necessary to incorporate appropriate modifications for the three event scenarios at each of three times following the initial demand.

Perfonning the analyses, at the level of detaii cescribed above, provided insights into the relative importance of various contributors to overall system reliability. Thus, the analysis approac1 used permitted the identification of major failure contributors which was a major objective of the study.

1645 272

2.2 General Assumotions and Criteria Agreement was reached with the NRC staff regarding the assumptions and criteria used in this study, with the goal of obtaining results which were on a consistent basis with those produced by the NRC in its Westinghouse and Combustion Engineering analyses. The assumptions and criteria which were used in this study and which have general applicability are described below. Other, plant specific, assumptions were used and these are con-tained in the reliability reports for each utility (References 4-9).

1) Definition of Mission Success - In order to evaluate the contribution of system components to overall reliability, it was necessary to

^

determine to what extent failure of those components might prevent su'cessful accomplishment of the AFWS mission. Tris in turn requires an explicit definition of mission success. The definition adopted for this study was the attainment of flow from at least one full capacity pump (or from at least two half-capacity pumps) to at least one steam generator. Attainment of flow from only one half-capacity pump was not considered system success.

System reliability was calculated at times of 5,15, and 30 minutes following the existence of initiating conditions to allow for a range of operator action. These times were specifically chosen because NRC-supplied operator reliability data for these times was available; these times are reasonable and consistent with LMFW mitiga-tion for B&W plants. In their study, the NRC staff has used steam generator dryout time as a criterion for successful AFWS initiation, and the 5-minute case represents a comparable result for B&W plants with anticipatory reactor trips on LMFW. However, steam generator dryout itself does not imply serious consequences; a more appropriate criteria is the maintenance of adequate core cooling. Recent ECCS analyses (Reference 10) have shown that adequate core cooling can be maintained for times in excess of 20 minutes without AFWS operation, providing that at least one High Pressure Injection Pump is operated.

(For Davis-Besse-1, the requirements are contained in References 7 and 11.)

1645 273

.w In general, the loss of flow, resulting from random component failures after successful AFWS initiation, was not considered within the scope of this study. However, system charac-teristics or component limitations which were known to potentially restrict the duration of system operation (to less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />) were considered in accordance with NRC guidance. Such limitations were included by assuming that they resulted in instantaneous unavailability of the affected components unless the underlying causes were correct-able within 5, 15 or 30 minutes. It must be emphasized that this

. method for accounting for latent failures results in a very conserva-tive analysis. It may not take credit for successful APAS operation until failure, nor does it allow for the possibility that corrective or mitigating measures can be used (such as restoring power or cycling components on and off).

2) Power Availability - The following assumptions were made regarding power availabili ty:

LMPA - All AC and DC power was assumed available with a probability o f 1. 0.

. LMPA/ LOOP - All DC power was assumed available with a probability of 1.0. Where applicable, one diesel generator was assumed available with a probability of 1.0 and the other was assumed unavailable with a probability of 10-2 .

LMPA/LOAC - DC and battery-backed AC were assumed available with a probabili ty of 1.0.

3) Interconnections with Other Units - In general, no credit was taken nor any penalty assigned for 5;eam, electric power or auxiliary feedwater supplied from, or diverted to, other adjacent plants.
4) NRC-Supolied Data - NRC-supplied unreliability data for hardware, operator actions and preventive maintenance were assumed valid and directly applicable.
5) Coupled Manual Actions - Manual initiation of valves with identical function and the same physical location was considered coupled. Such valves were assumed to be both opened manually or both not opened.

The case in which one valve was opened and the other valve was lef t closed was not considered.

1645 274

6) Degraded Failures - This was a binary type analysis as defined in Reference 3. Degraded failures were not considered; that is, components were assumed to operate properly or were treated as failed.
7) Small Lines Ianored - Typically, lines on the order of 1-inch were ignored as possible flow diversion paths.
8) Steam Supply for AFWS Turbines - Adequate steam to the turbine-driven-pump turbines was assumed for the 15 and 30 minute cases. These turbines and pumps are designed to deliver water to the steam generators using steam remaining in the steam lines after generator d ryou t.

r T

_g. i645 275

i 3.0 OVERVIEW OF B&W AUXILIARY FEECWATER SYSTEMS A summary description of the major characteristics of Auxiliary Feedwater Systems at B&W operating plants is contained in Table 1. This information was extracted from plant specific reliability reports which were prepared for each utility (References 4-9). As indicated in the table, there are many functional similarities between the AFWS analyzed. These similarities and some exceptions are summarized below.

Ail AFWS are capable of providing auxiliary feedwater to one or both steam generators under automatic (or manual) initiation and control.

Each system consists of multiple feedwater trains with a combined capacity of twice the flow of a nominal full capacity pump. This capacity is achieved by the use of at least one full-capaci ty turbine-driven pump and, with the exception of Davis-Besse-1, which has two turbine-driven pumps, each has either one full-capacity or two half-capacity motor-driven pumps. Wi th the exception of Crystal River-3 and the Oconee Units, all AFW turbines, motors and pumps are self-sufficient entities without dependence on secondary supporu ys tems .

Each AFWS has multiple suction sources available, including the condenser hotwe'll or other backup water supply. Switchover to the backup water supply requires manual action except for Davis-Besse-] for which this action is automatic.

Motive power for the motor-driven pump (s) is obtained from one (or two, as applicable) nuclear service busses. These busses are backed by diesel generators or, at Oconee, hydro generators. Manual loading of the pumn nutors onto the diesel generators is required at Rancho Seco and Crystal Ri ve r- 3. In each system, steam for the AFWS turbine (s) may be obtained from either steam generator.

Conditions which will cause AFWS initiation vary between plants with the only common initiating condition being loss of both main feedwater pumps. Every system will be initiated by at least one other condition; examples include: loss of all four reactor coolant pumps or low steam generator level . All AFWS pump initiation circui try is battery-backed and, except for Arkansas Nuclear One-1, is independent of the Integrated Control System (ICS) .

All AFWS but Davis-Besse-1 and the Oconee Units control the flow of auxiliary feedwater to the steam generators by flow control valves under ICS control. Oconee uses separate steam generator level control circuits and Davis-Besse-1 controls steam generator level by varying turbine speed.

With correct system alignment and no component failures, none of the plants require manual action to achieve mission success for Case 1 (LMR4).

In Case 2 (LMR4/ LOOP), none of the plants except the Oconee Units require manual action to obtain flow from the turbine-driven pump (s), but manual actions described earlier are required to energize the motor-driven pumps at Rancho Seco and Crystal River-3. In Case 3 (LMFW/LOAC), only Rancho Seco and Three Mile Island-1 will achieve sustained auxiliary feedwater flow from the turbine-driven pump without manual actions.

1645 277

4.0 RELIABILITY EVALUATION 4.1 Quan ti ta ti ve_ Anal ysis_Resul ts The quantitative results of the fault tree analyses are presented in Figures 1A, B and C. Indicated in these figures are the Auxiliary Feedwater System unavailabilities for each B&W operating plant for each of the three scenario cases and at each time 5,15 and 30 minutes. These figures provide a general comparative perspective on the range of relia-bilities which can ce expected from B&W operating plant Auxiliary Feed-wa ter Sys tems . Limitations described in Section 1.5, should be observed when considering data presented in these figures.

Shown in each figure is an approximate upper limit for the reliability of a two-train AFW system in which the pump in one train is electric-powered from a diesel generator during loss of offsite power. This limit

. is calculated for a two train system in which each train consists of one pump with drive, one check valve and one nomally open flow control valve.

Pump discharges are interconnected with a crosstie and pump suctions are connected to a " perfect" source. The system has no common mode vulnera-bili ties or human dependencies. This upper limit, which does not apply to Davis-Besse 1 in Cases 2 and 3 because of their two-turbine system, represents the reliability of an idealized system using only the number of components needed to approximate optimum reliability, this limit is calculated from NRC-supplied component failure data. The minimum reliability in each case represents unavailability of the system (i.e.,

probability of unavailability is 1.0). The presentation of reliability results in the format of Figure 1 demonstrates the range of reliabilities against a frame of reference which has physically meaningful limits for each case.

Consistent with the results reported by the NRC for Westinghouse and 3 Combustion Engineering Plants (References 1 and 2), B&W operating plant APWS designs exhibit more than an order of magnitude variability in the calculated reliability for each of the three event scenarios considered.

A 1645 278

The effect of regraded power availability is indicated clearly by the differences in the results for each of the three cases. Except for the Oconee Units, the loss of offsite power results in a relatively small decrease in system availability (typically one order of magnitude or less),

primarily resulting from the assumed unavailability of one of the two diesel generators (with a probability of 10-2). However, as indicated by the Case 3 results, a loss of all AC power will have significant consequences for all units. In Case 3, all but two of the units have AC dependencies which would inhibit system operability.

The effect of corrective operator actions is also shown in Figure 1. As the time allowed for operator action increases from 5 to 15 and 30 minutes, system unavailability usually improves because ht.inan reliability improves and because the range of possible operator action increases (to include for example, manual actions outside the control room). Reflecting the NRC-supplied human reliability data, this improvement is much more pro-nounced in the interval between 5 and 15 minutes than in the interval between 15 and 30 minutes. This improvement is also somewhat more pro-nounced in Case 1 than in Cases 2 and 3 where degraded power availability tends to reduce the number of available options for operator action.

In atypical cases, system reliability may decrease with time, even allow-ing for increased probability for operator corrective actions. This results from the treatment of latent failures discussed in Section 2.2.

4.2 Dominant Failure Contributors A summary tabulation of dominant failure contributors revealed during the fault tree analyses is presented in Table 2. It appears that improvement

~

of AFWS reliability, based on modifications of hardware-related failure contributors, should be achievable for all B&W plants. In ro case are the contributors so extensive in nature that the inherent APAS design is unacceptabl e. Impmvement in AFWS reliability with the removal of dominant contributors is expected to be dramatic in some cases. For example, the addition of a valve position indicator may result in a calculated system reliability improvement of nearly an order of magnitude.

1645 279 g ___.

The most common dominant contributor for Case 1 is outage for preventive maintenance-related activi ties. Such outages reduce system redundancy and increase the likelihood of unavailability if APAS use is required. Other typical contributors affecting more than one plant include: ficw diversion through normally-closed manually-operated recirculation test valves which may be lef t open inadvertently, and failure to obtain pump initiation and/or control valve opening because both APWS trains rely on common initiation / control circuit components.

In general, the loss of offsite power does not impose significant new conditions on the AFWS such that new and substantially different failure contributors become dominant. Thus, Case 2 major failure contributors tend to be identical with those identified during the Case 1 analyses.

Specific exceptions to this rule include: human failures associated with the manual loading of the motor-driven pumps onto diesel generator-backed busses at Rancho Seco and Crystal River-3; and human failure to perform actions necessitated by automatic load shedding at Oconee.

With the exception of Three Mile Island-l and Rancho Seco, the Case 3 analyses indicate significant AC dependencies for Auxiliary Feedwater Systems. These dependencies may be direct as is the case for Davis-Besse-1 and Arkansas Nuclear One-1 where certain valves required for APAS mission success are AC powered; or the dependencies may be indirect, as is the case for Crystal River-3 and the Oconee Units, where APAS support systems require AC power for continued AFWS operation.

The significance of failure contributors must be carefully evaluated before design and/or procedural changes are recommended. Such evaluation is required because even the significance for the sar.e contributor varies widely between plants. Such variation exists because the importance of failure contributors is distributed differently for different APdS designs.

A dominant failure contributor for a plant like Davis-Besse-1, which has a relatively uniform distribution of potential failure importance, may be almost insignificant by comparison to a dominant contributor for a plant with salient failure contributors. It is necessary to consider such factors in order to detemine the most effective utilization of resources for reliability improvement.

1645 280

4.3 Single Point Vulnerabilities A review of Table 2 reveals that two of the AFWS designs (Davis-Besse and Oconee) do not have single point vulnerabilities in Case 1. In Case 2 only one AFWS (Davis-Besse) has no single point vulnerabilities. In Case 3, all plants have single point vulnerabilities.

1645 281 i

M M M M M M~~~M M M W'W lABLE 1. Sutt1ARY Of M,UOR ChkAtllRISTICS Of B&W OPERATING PLANT AfW SYSTEMS Rancho Seco Oconee-1,II,Ill Cry sta l River-3 Davis-Besse-i Arkansas Nucl. One-1 Three Mile Island-l Pumps 1 turbine /notor 1 turbine driven 1 turbine driven 2 turbine driven I turbine driven I turbine driven driven i

l r:ntor driven 2 'g ap. motor dri ven 1 untor driven I aiotor driven 2 Scap. untor driven Prinary Soction 250,000 9. CST 50,000 9. USIA+B for 150,000 g. CST 2 CST's each 107,000 g. CST 2 CST's each Source TOP 250,000 g. 150,000 g.

, USI+100,000 g. Cond.

l Hotw. for MDP Alter. Suction Canal & r eservoir Condensor Hotwell Condensor llotwell 2 Svc. Water Trains Nucl . Svc. Water Sys. Riv. Water Sys.

Source connector {

i Switthover to Manual Manual for IDP fLnual A u to . Manual Manual Alt. Suction Discharge Yes, with N.O. fio (N.C. paths not Yes, two with Yes with N.C. valves Yes with N.O. valves Yes any pusp feeds trusstie valves j considered) check valves SFRCS/u n. control any S/G g Each MDP feeds 1S/G, I TDP feeds both  !

ha eup Power 2 diesel gen. Keowee hydro gen. 2 diesel gen. 2 diesel gen. 2 diesel gen. 2 diesel gen.

~ ~ ' ~~~ '

Cor:on 5 team Yes yes yes No, separa te s(m. Yes yes

% vly Header fed I supply lines with f mai both S/G

~ cross-over connec-  ! I T tions under SfRCS control P.ap TOP Esf AS. 4 PCP trip, 2 MIUP Lo Disch Press 2 ftlWP trip  ! MrW Viv. Hi Rev. AP 2 f1TWP Trip.1 s/g to 2 MIWP Lo t.P. 2 MfWP Trip initiation 2 lifuP trip 2 MfdP Trip 2 S/G lo Level ll S/G lolvl. ,4 RCP Lvl.

Trip 4 RCP Trip 4 kt'P 1 r ip fM' %une minus LSFAs Sann: Sarine N/A I Saine i Saire ciinus 2 8tf wP Trip I

tccation 1. to ICS Ext. to ICS E xt. tu ICS SIRCS ,All within ICS 'i n t. to ICS q

/f.4 Control ~ IG (ontr. f or f low S/G i vi . Con tr. u ts. Turbine speed contr !!CS (ontr. for flow ;ICS (notr. for flow

.. Valves Control Vlvs. S/P's llCScontr. fer I for each S/G fic,w flow contr. vivs. sprod-contr. vlvs, g contr. vivs. S/P's cnnt r. valves. S/P's for Loss of 4 RCP, contr. vivs Sl1:C5 Isol. vlvs.  ; for Loss of 4 PCP, for loss of 4 RCP, f 2 HfUP All contr. sep. from ,2 f YWP I 2 fil WP ICS 8 Case 1 None R'ipt.

-_l m it rator None R'qd. None R*qd. None R'(d. lNoneR'qd. Ihone 1:'qd.(Open (."

/w tions Case ?

i I Stu '.upply) for f t.ni. L o.id o t MOP on Open ILW Cool. Water Man. Load of HDP None R*qd. I llone R*qd. 'None R'qd. (0 pen 6" D Sustained D.G.(if IDP fails) V lv. ,rea tore load ' ( i f I DP tails)

(Ji Af W F low f Sim. Supply) shed PWR j l Case 3 None R'qd. N)ne Avail. Man. open. AC Vivs. ,Ibn. open AC Vivs. ,None R'qd. (0 pen 6" lNone Avai1.  ;

N _

_ J .__ _ _ __ _ _ _ . _

i ' Sl*- 5"PRI / ) - _ . - .

Note: for details, refer to plant specific T[P - Turbine Driven Pune itST - Upper Surge Tank S/G - Steou Nue tor N draf t re ports (References 4-9) MDP - Motor Driven Puce RCP - Reactor Coolant Pump S/P - Set Point CST - Condensate Sturage Tank MfWP -!!ain feedwater Pump ICS - Integrated Contrul System

, w w w- y .y_ _ _ _ _

T.A_CI_I_2 - f%IOR FAlt uRi LONipilluf 0RS R.incho seco Ocong ,1,[l.lil Crys tal River-3 fiavis Desse-1 Arkansas Nuc l. One-1 Threr Mile Island-l

1) Turbine support 1) Vahe plugging in 1) Preventive main-

.'l) both flow trains diversion via re-f rom system t ailures eg. 1) Preventive main- 1) failure to obtain a runam>ri cooling teniance of one tenance. outages. feeduater flow l circ. valve fuS-OSS, aux. le.be oi l purrp. wa ter line to both train coupled with 2) f ailure to obtairs i ifinada rtently 2) lun ninc pune bear- bec.tuse of actua-pumps. random failures pen. system initiatiori tin': ci rcui t Case 1- I ing tallure if 2) Outages for pre- in the other can ber mse f ailure of failures coumon to g,j ;2) 0utages for pre- va lve i Psu- 131 ventive mainte- defeat sinission ventive inain tenance. does n' t opt fi.

c oiisani c onponients both traisis.

nance. success. in the isiitiation 2) Preventive ri.iin-l 3) Loss of sur. tion and control equip-because upper surge tenarn.e outages.

snent f or both 3) Isolation valves tants are not trains.

replenished. inadvertently lef t closed I

3) f low diversion via after pump testing.
4) F lo.s di vers tor. via IWil A,12A.llb or f rec irc. val ve flM-88, 12B.

' i i f inadvertently 4) Suction related open, f ai lur es(incorrec t alignment of CV2003 and CV2600).

Ca .e 1 Contributors Case 1 Contributors jCase 1 Contributors Case 1 Contributor Case I Contributors Case 1 Contributcrs p[lus p[lus  : of tooling l

[ i aI'l'u'v I-~~~~

e to r.ia'n~~~ 1 toss p}lus

,l ~failur e to m.2r.ually I ually load motor ma ter to turbine load the iaotor driven paap onto pt. p t.ecau>e driven puup onto diesel. L Val- 1.1/ i s lo.nl the diesel.

r.a , e g shed. .

2) t v s of sin tion f or 7 f turbir.e unles  !

C-Al is opened  ;'

.u t i uwiual loading o f bo tw il pun.ps on 41(d 1,II bus.es ,

3) th- E s t..y i ny open l tuause lh PJ or i Mi- l/9 h e taiied
  • l

' l Opi n er.

ind nate steam f or tur bine,be.sofairf

  • Lis e. 1 Cont ributors it:ase 1 aml ' on t v i b - 'C a s . - I .. n.f ' t on t rib- Lase 1 Con tributors Case I f ontributors

'~

ovalving turbine Case 1 (ontributots

~

utne; inulving tur- ulois sinolving tur- plus:

~ ~ ~

pertaining to t'ui b i ne dri v'en purip. I b a r..

  • _t u r b i n ie jium .' kine turbinepoupI
[ilus : plo, IT AC Ileiernieiiie~u~f @)th.

1 AC dependen u of a'n d ~'uibine t pu y plus lase 3: 1) Ul tin.c te ;oss of._.

all AfWS valves valves necessary 1) poli nt ial t allur e [:

I Nf'1/ prohibi ts initial for sys teni ac tua- of HW o because of tbA:

tusbin? bicause of ^il) Ultimab turbine pump be- loss or AfWS mission tion prohibits loss of air leading inattaunte lube oil (.ause o f lack o f success initial AfWS mis- to degraded steam l coolin) f roni /.C bearing tooling sion success. supply and/or tur-

, opera t hi lube oil wa te r-supp l ied cooling water circu- from AC (ooling bine overspeed trip.

' l la ting puap.

' wa ter puups.

(> .- . . . . ~__

A. . _ . ._

LJ1 IM '

CO VJ

m ._

6 5 MIN O i5 min 30 MIN INCR EASlHG APPROX. MAX. FOR MIN =

RELIABILITY TWO TRAIN SYSTEM' l

I RANCHO SECO O 8c ._ J OCONEE I.II.III ^ l 1

CRYSTAL RIVER-3 -

1 DAVIS-BESSE-1 O 8'

ARXANSAS NUCLEAR ONE-l O .,

D I THREE MlLE ISLAND-l b 8 i 0 -1 -2 -3 -4 -5 -6 Log Scale -

POINT UNAVAILABILITY

' UPPER LIMIT IS DIFFERENT FOR RANCHO SECO BECAUSE OF THE MULTI-ORIVE PUMP.

FIG. lA RELATIVE AFWS RELIABILITIES, LMRI is 1645 284

,g 5 MIN O :s His O 30 MIN lNCREASING

~

MIN APPROX. MAX. FOR REll ASillTY TWO TRAIN SYS' RANCHO SECO OCON EE-I, H,E

%p--i O I CRYSTAL RIVER-3 O

DAV: 1 SESSE-1 O l ARK!iSAS NUCLEAR ONE-l 0 I O l b i THRE_ MlLE ISLAND-l 'g b l t

0 -l -2 -3 -4 -5 Log Scale =

POINT UN AVAlLABILI TY

' MERE ONE TRAIN IS ELECTRIC POWERED FROM A DIESEL GENERATOR

( ' E. . EXCLUDl HG D AV I S-BESSE-1 ). LIMIT IS DIFFERENT FOR RAriCHO SECO SECAUSE OF THE MULTI-DRIVE PUMP.

FIG. 1B RELATIVE AFWS RELIABILITIES, LMFW/LCCP 1645 285 19

6 5 MIN O 15 MIN O 30 HIN INCREASE APPROX. MAX.FOR MIN REllAB.

  • TWO TRAIN SYSTEM' 1

RANCHO SECO I

)l OCON EE-I. II,IE I l

CRYSTAL RIVER-3 l l

DAVIS 3 ESSE-l O ARK. NUCLEAR ONE-l b 8 i TPREE MILE I SLAND-1 l O -l -2 -3 -4 -5 Lo g Scal e ----

POINT UNAV AIL ABILITY

'hMERE ONE TRAIN IS ELECTRIC POWERED FROM A DIESEL GENERATOR (l E. . EXCLUDING DAVI S BESSE-l )

FIG. 1C RELATIVE AFWS RELIABILITIES, LMFWLCAC L 20 16A5 286

REFERENCES

1. DRAFT version of Appendix III (W), Auxiliary Feedwater Systems as transmitted in a letter from T. E. Murley (NRC) to E. A. Womack (B&W)

November 8, 1979.

2. " Nuclear Power and Public Risk", IEEE SPECTRUM - Pgs. 58 November,1979.
3. WASH-1400 (NUREG-75/014), " Reactor Safety Studf" USNRC, October 1975.
4. " Auxiliary Feedwater System Reliability Analysis for the Rancho Seco Nuclear Generating Station - Unit no.1" Babcock & Wilcox, Sept. 10, 1979.
5. " Emergency Feedwater System Reliability Analysis for the Oconee Nuclear Generating Station, Unit No. I, II, III" Babcock & Wilcox, Revision 1, November 1979.
6. " Auxiliary Feedwater System Reliability Analysis for Crystal River Unit No. 3" Cabcock & Wilcox, October 1979.
7. " Auxiliary Feedwater System Reliability Analysis for the Davis-Besse Nuclear Generating Station Unit No.1" Babcock & Wilcox, Revision 1, . November 1979.
8. " Emergency Feedwater System Reliability Analysis for Arkansas Nuclear One Generating Station Unit No.1" Babcock & Wilcox, Revision 1, November 1979.
9. " Emergency Feedwater System Reliability Analysis for the Three Mile Island Nuclear Generating Station Unit No.1" Babcock & Wilcox, Revision 1, Dec.1979.
10. " Evaluation of Transient Behavior and Small Reactor Coolant System Breaks in the 177 Fuel Asserbly Plant" Volume 1, May 7,1979, Babcock & Wilcox.
11. " Evaluation of Transient Behavior and Small Reactor Coolant System Breaks in the 177 Fuel Assembly Plant", Volume III - Raised Loop Plants (Davis-Besse) May 16, 1979, Babcock & Wilcox.

21- 1645 287

APPENDIX A NRC-SUPPLIED DATA USED FOR PURPOSES OF CONDUCTING A COMPARATIVE ASSESSMENT OF EXISTING AFWS DESIGNS & THEIR POTENTIAL RELI ABILITIES I Point Value Estimate of Probability of*

Failure on Demand l I. Compcnent (Hardware) Failure Data

a. Valves:

Manual Valves (Plugged) s1 x 10-4 Check Valves s1 x 10-4 Motor Operated Valves Mechanical Components Plugging Contribution s1x10j s1 x 10 Control Circuit (Local to Valve)

I w/ Quarterly Tests s6 x 10~

w/ Month'ly Tests s2 x 10-3 I b. (1 Pump)

Pumos:

Mechanical Components 11 x 10-3 Control Circuit w/ Quarterly Tests s7 x 10-3 w/ Monthly Tests 14 x 10~

c. Actuation Loaic s7 x 10-3 1

l

  • Error factors of 3-10 (up and down) about such values are not unexpected for basic data uncertainties.

l ^-

1645 288

Appendix A II. Iluman Acts & Errors - Failure Data:

+ Estimated fluman Error / Failure Probabilities +

e ibdi fying Factors & Situations +

Wi th Local Walk-Wi th Valve Posi tion Around & Double Indication in Control Room Check Procedures . w/o Ei' :r Point Est on Point Est on Point Es t Tn Value Error Value Erro r Value Error Es tima te Factor Es tima te Factor Es timate Factor A) Acts & Errors of a Pre-Accident fiature

1. Val ves . uos i ti oned during tL t/ maintenance, a) Specific single _l - x 10

-2 x 1 20 l- x 10-2 x1X 10 10

-2 x1X 10 p valve wrongly selected 20 X 20 N out of a population of valves during conduct of a test or maintenance act ("X" no. of valves in population at choice).

b) Inadvertently leaves 15 x 10 -4 20 s5 x 10 -3 10 ml0

-2 10 correct valve in wrong posi tion.

2. More than one valve is m1 x 10-4 20 ml x 10-3 10 s3 x 10-3 10 af fected (coupled errors).

CB 5>

L.D N

CD w

Appendix A II. Human Acts & Errors - Failure Data (Cont'd):

- Estimated Human Error / Failure Probabilitias +

Estimated Failure Prob. for Primary Time Actuation Operator to Actuate Needed AFWS Components B) Acts & Errors of a Post-Accident Nature

1. Manual actuation of %5 min. 15 x 10-AFWS from Control m15 min. N1 x 10-2

-3 Room. Considering %30 min. s5 x 10 "non-dedicated" operator to actuate AFWS and possible backup actuation of AFWS .

III. Maintenance Outaae Contribution Maintenance outage for pumps and EfDVS:

, 0.22 (= hours / maintenance act) gMaintenance 720

^-3 1645 290

APPENDIX B COMPARABILITY WITH NRC ANALYSES FOR THE RELI ABILITY OF AUXILI ARY FEEDWATER SYSTEMS B.1 Background A raajor objective, established at the outset of B&W's Auxiliary Feedwater System Reliability Study, was the production of reliability results which could be compared with the results cbtained by the NRC in its analyses of Westinghouse (W) and Combustion Engineering (CE) plants (References 1 and 2). The desired comparability was to be achieved by maintaining consist-ency with the NRC analyses; this consistency was to involve use of the same three event scenarios, the same fault tree analysis method, and the same assumptions, levels of detail and data employed by the NRC. Ques tions regarding the NRC's approach were to be resolved by direct consultation with NRC staff personnel who had participated in the W and CE analyses.

B&W did not have access to the fault trees used in tne NRC study and therefore had to rely on telephone consultations with the NRC and independ-ent engineering judgment in many cases. It is now evident to B&W that some inconsistencies have occurred which may invalidate a direct compari-son between the B&W and NRC results. In particular, the NRC calculated reliabilities reported for some W plants are higher than would be possible using the B&W approach. This implies that systematic differences in the calculated reliabilities may reflect differences in the B&W and NRC approaches, and do not necessarily signify actual differences in system rel iabil i ties .

B.2 Examoles of Evaluation Approach Differences and Their Effects One important area of difference between the NRC and the B&W approach involves an assumption concerning the number of operating pumps required to achieve mission success. It appears that, in some cases, the NRC gave credit for mission success upon successful operation of a single "hal f-capaci ty" pump. The effect of this on system reliability, depending on other areas of redundancy, is to shift reliability toward that of a three-train system.

1645 291 B-1

Two of the AR4 systems analyzed by B&W also employed half-capacity pumps; however, B&W assumed that mission success could not be achieved by operation-of one half-capacity pump by itself. An example of the effect of this assumption is shown in Figure B1 for the Oconee Units. As indicated in the figure, the assumption of mission success upon operation of a single half-capacity pump improves the calculated system reliability by more than an order of magnitude. An estimated reciprocal effect on one of the W plants analyzed by the NRC is also shown in Figure Bl. As expected, tne quoted reliability decreases by over an order of magnitude.

The use of different pump operation assumptions described above is a readily detectable difference between the B&W and NRC approaches; other differences may also exist. One such area of concern is the scope and level of detail of the fault tree analyses. The level of detail (fault tree failure rate data input level) used by B&W appears to be generally consistent with that used by the NRC; however, the scope (number of fault tree branches) of B&W's analyses may be greater. It is likely that, with more time available, B&W conducted a more comprehensive analysis; and a icre comprehensive analysis frequently results in a lower calculated reliability. ,

B.3 Comparison of Reliability Results Figure B2 shows a comparison of calculated reliabilities for the B&W operating plants with results obtained by the NRC for W and CE. The format for this figure was derived from References 1 and 2.

The figure demonstrates that, with allowances for analysis differences, the range of expected AFWS reliabilities for B&W plants is similar to

^

that cbtained by the NRC for }4 and CE.

1645 292 B-2

CASE 1: LMFW

/

OCONEE I,U, G _s 6 AFW WITHIN 5 MINUTES

_ (IMPROVEMENT WITH ~ ' '

NRC ASSUMPTION ON 1/2 CAP PUMPS)

PLANT X*

(EFFECT OF S&W ASSUMPTION ON Qd v AFW WITHIN 20 M.NUTES I/2 CAP PUMPS) 0 -l -2 -3 -4 -5 Log Scale =-

POINT UNAVAILABILITY

' DATA OBTAINED FROM REFERENCE i AND PLANT X FSAR.

FIG. 81 EFFECT OF ASSLNPTICN GN CALCULATED AFWS RELIABILITY 1645 293 9-3

umms - ummr umur - - mus-CASE 1: LMFW CASE 2: LMFW/ LOOP CASE 3: LMFW/LOAC AlW WITillN 5 HIN. LOW HED li f till LOW mfd lil Gli LOW HID 111 611 RANCil0 SECO , g ,

OCONEE UNIIS' g g

, _o

_ e ,

CRYSTAL HlVER-3 , e q ,

DAVIS DESSE-l , , y ,

ARK. HUC. ONE-l , g IllREE HlLE ISLAND-l , , ,

RANGE OF B&W*

PLANTS Willi NRC c, 0 4  : : =

ASSUHPi10NS AlW WIIlllN 20 MIN.

RANGE DI W = a 0 0 4 , c PL AHIS (BY HRC)

'R[LIABilllY CilANGE DERIVED FR0li ilG. ul Os 4

LD N

j FIG. 82 COMPARISON OF B&W AFWS RELIABILITY Willi NRC RESULTS FOR W PLANIS

_. - _ _ _ _ _ _ _ _ _ _ _ - .

Retrieved from "https://kanterella.com/w/index.php?title=ML19256F979&oldid=2385219"