ML19331C692
| ML19331C692 | |
| Person / Time | |
|---|---|
| Site: | McGuire  |
| Issue date: | 07/31/1980 |
| From: | Anderson T, Shopsky W WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP. |
| To: | |
| Shared Package | |
| ML19331C687 | List: |
| References | |
| WCAP-9751, NUDOCS 8008190392 | |
| Download: ML19331C692 (54) | |
Text
-
(::)
ci Ef WESTINGHOUSE Class 3
!i!
Reliability Analysis of the Auxiliary Faedwater System For Yhe McGuire Nuclear Station Unit #1 July, 1980 1
l By:
W. E.
opsky
- ?f -
Approved By:
l T. M. Anderson, Manager Nuclear Safety Department Westinghouse Electric Corporation Westinghouse Electric Corporation P.O. Box 355 Pittsburgh, Pa.
15230 i
t 800819 03hf 0L
1 TABLE OF CONTENTS Section Page Summary 111 1.0 DETERMINISTIC EVALUATION 1-1
1.1 BACKGROUND
AND OBJECTIVE l-1 1.2 SCOPE l-1 1.3 ANALYTICAL TECHNIQUE l-2 1.4 ASSUMPTIONS 1-2 2.0 SYSTEM DESCRIPTION 2-1 2.1 CONFIGURATION AND OVERALL DESIGN 2-1 2.1.1 EMERGENCY OPERATION 2-3 2.2 Cytf0NENTDESIGNCLASSIFICATION 2-5 2.3 P0 DER SOURCES 2-6 2.4 IySTRUMENTATION AND CONTROLS 2-7 2.4.1 CONTROLS 2-7 2.4.2 INFORMATION AVAILABLE TO OPERATOR 2-8 2.4.3 INITIATION SIGNALS FOR AUTOMATIC OPERATION 2-13 2.5 TESTING 2-14 2.6 TECHNICAL SPECIFICATION 2-14 3.0 REALIABILITY EVALUATION 3-1 3.1 DOMINANT CONTRIBUTORS TO UNAVAILABILITY 3-1 3.2 DEPENDENCIES 3-3 3.3 COMPARATIVE RELIABILITY RESULTS 3-3
4.0 REFERENCES
4-1 APPENDIX A Fault Trees APPENDIX B NRC Supplied Data for Purposes of Conducting a Comparative Assessment of Existinn AFWS Designs and Their Potential Reliabilities i
5934A
_ ___ _ _ _ _.. = _
b 1
LIST OF FIGURES l
Figure Title Pg j
2.0 Simplified Diagram of The McGuire Auxiliary 2-17 Feedwater System 3.0 Comparison of McGuire AFWS Reliability to Other
.b5 i
AFWS Designs in Plants Using the Westinghouse MSSS e
i J
I 1
4 1
4 s
i i
t 4
t a
t 1
11 5934A 4
,,,. ~, - -
..m_,-y..-
y -...... -. ~., -.,,. - -.
.,.m____
SUMMARY
The NRC has requested all pending operating license aoplicants of nuc-lear steam supply systems designed by Westinghouse and Combustien Engi-neering to consider means for upgrading the reliability of their Auxil-iary Feedwater Systems.
(Sae note at end of summary). As a part o.f the response to this request, Duke Power, owner and operator of McGuire Nuclear Station, requested Westinghouse to perform a reliability evalua-tion of the auxiliary feedwater systems (AFWS) as designed for McGuire.
This report presents the results of that reliability evaluation.
i The primary objective of the study was to evaluate the reliability of the AFWS for the McGuira Station using an approach which would yield results that could be compared ta those obtained by NRC Staff analyses l
for Westinghouse Nuclear Steam Supply Systems {NSSS) as reported by NUREG-0611. A secondary objective of the study was to identify any dominant component failures or other faults affecting system unavaila-bility.
In a manner similar to t' at reported in NUREG-0611, AFWS unavailability was evaluated for three cases:
- 1) Loss of Main Feedwater (LMFW) with reactor trip, 2) Loss of Main Feedwater coincident with loss of offsite power (LMFW/ LOOP), and 3) Loss of Main Feedwater accom-panied by a total loss of all AC power (LMFW/LOAC). For each case, system unavailability was assessed through tne construction and analysis of fault trees.
The results of the study indicate that the reliability ranking of the McGuire AFWS, compared to the reliabilities as defined and reported for Westinghouse plants in NUREG-0611, is medium for a loss of main feed-water transient, low for a loss of main feedwater coupled with a loss of offsite power transient, and medium for the unlikely transient of a loss of main feedwater in coincidence with a total loss of both onsite and offsite AC power.
iii 5934A 4
Dominent centributcrs to system unavailability which t:ere identified in this study include: 1) component hardware failures, 2) ccmponent test outages, and 3) system outages resulting from unscheduled maintenance of components.
i i
i i
i
- Note: Studies of the AFW systems at Babcock and Wilcox (B&W) designed operating plants were the subjects of separate Commission Orders and other work performed by the NRC Staff.
i iv 5934A
1.0 DETERMINISTIC EVALUATION This report presents the results of a reliability evaluation of the AFWs conducted for the McGuire Nuclear Station, Unit No. 1.
The details of the deterministic evaluation being reported is suninarized in the para-graphs that follow.
1.1 BACKGROUND
AND OBJECTIVES The Three Mile Islano Unit 2 accident and subsequent investigations highlighted the importance of the AFWS in the mitigation of transients and accidents.
The NRC Staff, as part of its assessment of the accident and its implication for operating plants, evaluated the AFWS in opera-ting plants having nuclear steam supply systems (NSSS) designed.by West-inghouse. The approach employed in this study of the reliability of the AFWS for McGuire Station was developed, as directed by the NRC, Office of Nuclear Reactor RegulationEI3, and is therefore expected to yield result; that may be compared to the Staff's analyses as reported in NUREG-0611[3]
The objectives of this study are:
1.
To perform a simplified reliability analysis to evaluate the rela-tive reliability of the McGuire AFWS.
It is intended that the analysis yields results that may ve compared to those obtained by the NRC for the approach taken is similar to that taken in NUREG-0611, i.e., use of event scenarios, employment of the same evaluition technique, use of similar assuruptions, and the reliabil-ity data as reported in NUREG-0611.
2.
To identify dominant failure contributors to the McGuire AFWS unavailability.
1.2 SCOPE The design of the McGuirt. AFWS analyzed in this study is described in the Auxiliary Feedwater lyset. Description, Duke File No. MC-1223.42 l-1 5934A l
Revision No. 4, dated May 14, 1980. Three transient / accident event scenarios were analyzed:
1.
Case No. 1 Loss of Main Feedwater with a reactor trip (LMFW).
2.
Case No. 2 Loss of Main Feedwater coincident with loss of offsite power (LMFW/ LOOP).
3.
Case No. 3 Loss of Main Feedwater accompanied by a total loss of all AC power (LMFW/LOAC).
For each of the above cases, system unavailability was evaluated as a function of demand use.
The postulated causes for the listed scenarios and the evaluation of the probebilities of their occurrence were considered to be outside the bounds set for this siuay. Common mode causative factors such as fire, floodir.g, earthquakes, etc. and their effects on system reliablity were also excluded from consideration.
1.3 ANALYTICAL TECHNIQUE i
The principal technique used in this study was the construction and analysis of fault trees [2]. The technique allows for the development of insights which permit identification of the primary contributors to systemunavailability[3].
The deductive logic used in evaluating the relative reliability of the McGuire AFWS was based on the Boolean logic associated with constructed' fault trees. A simplified or reduced fault-tree approach was used to estimate the unavailability of the AFWS to a demand for operation.
In this study, as in NUREG-0611, unavail-ability was ts<en as being synonymous with the unreliabi'ity.
Illustra-tions of the simplified fault tree logic developed for the McGuire AFWS are given in Appendix A of this report.
1.4 ASSUMPTIONS Assumptions were similar to those used by the Staff in NUREG-0611.
Specific assumptions set for unit evaluation included:
1-2 5934A
1.
Crittricn for Missicn Success The McGuire AFWS is designed to supply a minimum of 450 gpm at 110*F to a minimum of three steam generators within one minute of any accident requiring the system to function.
This flow will ensure adequate heat transfer area coverage in the steam generators to prevent a temperature rise in the reactor coolant which would result in release of coolant through the pressurizer relief valves. The 4
AFWS must be capable of pumping this flow into the steam generators at a pressure corresponding to the lowest set point safety valve setting plus accumulation (1.03 x 1170 psig = 1205 psig).
Sufficient feedwater supply to the AFWS must be available under any accident condition to enable the plant to be taken to a safe condi-tion.
The amount of water required to hold the unit for two hours at hot standby and then cooldown the primary system at an average of 50*F per hour to the pressure (425 psig) where the Residual Heat Removal System (RHRS) is brought into operation is 200,000 gallons.
The criterion adopted for mission success for a LMFW transient was the attainment of flow from the AFWS pumps such that:
a.
The turbine-driven pump has adequate NPSH available and can supply as a minimum, 450 gpm total auxiliary feedwater flow through any three steam generators, or b.
two motor-driven pumps have adequate NPSH available and together can supply as a minimum, 450 gpm total auxiliary feedwater flow through any three steam generators.
System reliability was calculated to the above criterion allowing a steam generator dryout time of twenty-five (25) minutes.
This time is the amount of time it takes to boil away minimum water inventory in the steam generators based on decay heat curves (ANS plus 20 percent).
1-3 5934A
2.
Hardware and Human Error Failure Data The failure data given in NUREG-0611 sere assumed valid and directly applicable to the evaluation of basic events in this study. These i
data are listed in Appendix R.
1 3.
Test and Maintenance Outage Contribution The NRC-supplied calculational approach stated in NUREG-0611 was j
used in this study along with the data supplied for test and main-tenance outages. The calculational approach and data used is pre-sented in Appendix B.
4.
Offsite and Emergency Power Availability The following assumptions were made regarding all AC power source availability:
a.
The unavailability of essential AC offsite power was assumed as 1 x 10-3 b.
The unasailability of essential AC emergency onsite power (diesel AC generators) was assumed as 3 x 10-2 per emergency power bus.
The values listed above are the basic point estimate values used in i
l WASH-1400[2] to determine the probability of a total loss of AC power coincident with LOCA.
5.
Sample and Test Lines These lines were not considered as possible flow diversion and/or leakage paths in the development of f ault trees used in the study.
1-4 5934A
6.
Passiva Piping Compon:nts All piping components (i.e., section of pipes, flanges, reducers, etc.) were assumed available with a probablity of 1.0 and were not considered in the fault tree development.
7.
Control DC and 120 V AC Instrumentation Power These power sources were assumed available with a probability of 1.0.
An in-depth analysis of these power sources was considered beyond the bounds set for this study.
8.
Degraded Component Failures Degraded failures were not considered in the analysis; that is, components were assumed to operate properly or were treated as a total failure.
9.
Coupling f Human Errors Except for test and maintenance, no manual actions are required for the start-up operation of the McGuire AFWS. An automatic start is provided in system design to activate the AFWS upon loss of main feedwater flow. Coupled human errors for test and mainteriance was considered through the selection of the appropriate data for human acts and errors as supplied by the NRC.
- 10. AFWS Actuation Logic Reliability The probability M failure on demand for the actuation of a valve or pump component of the AFWS was assigned the valve (~ 7 x 10-3/ train) given in the NRC-supplied data.
1-5 5934A
- 11. Water 5:urco Availability - Nuclear Service Water System, Condensate System, and Standby Shutdorn Facilities The availability of water from the upper surge tank and the conden-ser hotwell of the Condensate System, from the Nuclear Service Water System to headers "A" and "B", and from the Standby Shutdown Facil-ities at their interface with the AFWS was assumed available with a probability of 1.0 and thus was not considered in the fault tree development. The analysis of systems that interface with the AFWS was considered beyond the bounds set for this study.
- 12. Quantitative Unavailability Evaluation The quantitative value of AFWS unavailability employed in the quali-tative comparison of the McGuire AFWS to other AFWS designs in 4
plants with a Westinghouse NSSS was derived using third and lower order minimum cut sets of the f ault tree analysis. Higher order cut sets yield unavailability values so small in magnitude that they may be neglected iri this study.
- 13. Coincident Test and Maintenance of Components The analysis assumes that coincident test and/or maintenance of components of more than one auxiliary feedwater pump and its associated flow paths, while the reactor is at full power, is in violation of the plant's Technical Specification; thus, minimum cut sets containing such basic events are treated as not being credible and are discounted in the quantitative evaluation of the fault tree.
An asstanption is also made that components for an individual auxiliary feedwater (AFW) pump and its associated flow paths are i
l tested one at a time and thus, any cut set containing basic events I
for testing two or more components at the same time are likewise treated as not being credible and are discounted.
i l
1-6 5934A l
2.0 SYSTEM DESCRIPTION The Auxiliary Feedwater System of a nuclear power plant assures a supply of feedwater to the steam generators for decay heat removal if the Con-densate System and Main Feedwater System are not available. A brief description of the McGuire AFWS is presented in the following paragraphs.
2.1 CONFIGURATION AND OVERALL DESIGN Figure 2.0 is a simplified flow diagram of the AFWS for McGuire, Unit No. 1.
The AFWS for McGuire, Unit No. 2 is of identical design. Each unit's AFWS consists of two motor-driven pumps (450 gpm 0 3200 ft. head) and one turbine-driven pump (900 gpm 0 3200 ft. head). The pump dis-charge headers are connected through associated piping, valves, and controls such that motor-driven AFW pump A supplies water to A and B steam generators and motor-driven AFW pump B supplies water to steam i
generators C and D.
The turbine-driven AFW pump supplies water to all steam generators.
Water to the suction of each units' AFWS is supplied from several non-safety grade water sources and one safety grade water source. The water is supplied from these sources on a priority base / on water quality as follows:
Source Safety Grade Maximum Capacity
- 1. Upper Surge Tanks No 85,000 gallons
- 2. Auxiliary Feedwater No 42,500 gallons Condensate Storage Tank
- 3. Condenser Hot Well No 170,000 gallons
- 4. Nuclear Service Water Yes Nuclear Service Water Pond 8
(1.8 x 10 gal) 2-1 5934A l
An additional 30,000 gal. (maximum) is available from the condensate storage tank wh:n the condensate storage tank pumps are available to fill the upper surge tanks.
A source of non-steam generator grade water is also available from the Standby Shutdown Facilities (SSF). Layout of piping for this source of water is constructed to run through designated " vital" areas of the plant with tight security controlled access to provide a source of water that is potentially safe against acts of sabotage by outside persons not employed at the nuclear site. Only the redundant isolation valves and their respective piping of this water source are safety grade components.
f The non-safety grade water sources are headered into a coninon line in the Service Building. This single line is then routed to the AFW pumps located in the Auxiliary Building. The safety-grade Nuclear Service Water System (NSWS) is connected to the AFWS of each unit such that redundant nuclear service water channels A and 8 are aligned to the t.urbine-driven pump of each unit; channel A is also aligned to motor-driven AFW pump A while channel B is aligned to motor-driven AFW pump B i
of each unit.
Safety class isolation valves are provided in the AFW pump suction lines to isolate the non-safety grade sources when supply from the NSWS is
)
required.
The discharge from each pump flows through an air-operated control valve and a motor-operated (remote controlled) isolation valve in individual feedlines to each steam generator. The discharge fram each AFW pump also has a loop for full flow pump. testing that is also used as a mini-mum flow loop for protecting the pump during low flow operation.
A locked closed interconnection for long-term use only in the case of a LOCA is provided between the AFW motor-driven pump discharge lines.
This permits flow from either pump to be fed to all four steam genera-tors.
The flow from the AFWS enters the steam generators through individual nozzles on each generator.
2-2 5934A
2.1.1 EMERGENCY OPERATION Start-up of the AFW pumps is automatic. As an accident initiated cool-down of the reactor progresses, the AFWS is controlled manually from the Control Room or locally at the pumps if the Control Room is not avail-able.
At start-up, motor-driven AFW pumps supply 170 gpm feedwater to each steam generator and the turbine-driven AFW p ep suppifes an addf-tional 180 gpm per steam generator. As less water is needed to maintain the water level in the steam generators, AFWS flow is diminished by adjusting the motor-driven AFW pump discharge control valves and/or adjusting the turbine ~ speed or pump discharge control valves on the turbine-driven pump. As the accident progresses the turbine-driven AFW pump is removed from service by the operator to minimize condensate loss to the atmosphere.
The AFWS is allowed to function during an accident shutdown until the reactor coolant temperature is reduced to 350*F and a pressure of 425 psig. At tnis point, the RHRS is placed into operation and the AFWS taken out of service.
Water supply for the AFWS during emergency plant operation is normally from the auxiliary feedwater condensate storage tank. Under highest flow condition (two unit blackout), each unit has a 10 minute minimum supply of condensate quality water.
Before depletion of this source, the operator is expected to take manual control of the AFWS and trip the turbine-driven p mp.
If this pump is needed, the operator can open a bypass valve (ICA152) to provide a parallel flow path from the upper surge tank and additional feedwater to prevent automatic switchover to the NSWS source.
The operator also has the option of defeating the auto switchover after taking manual control of the system.
If the AFW condensate storage tank is not available feedwater is next supplied from the Upper Surge Tank (UST). Makeup is required to the UST if it is used as the AFWS water source through an entire cooldown opera-tion.
Normal make-up to the UST is from the condensate storage tank of 2-3 5934A
the Cond;nsate System or from the Demineralized Water System. A maximum of 30,000 gallons can be supplied to the UST if two cond:nsate storage tank pumps are available. Each pump supplies flow at 300 gpm.
If two demineralized water pumps are available, a maximum of 127,500 gallons from the filtered water tanks at 475 gpm flow from each pump can be supplied to the UST. Operator action is required to align the UST to these sources.
In the event the AFW Condensate Storage Tank and the UST are both unavailable, supply to the suction of the AFW pumps is next supplied from the condenser hotwell.
The total gallons per minute flow from the hotwell is limited based on condenser vacuum and water level. Operator action is required to limit total flow from the AFW pumps.
Should all the previously mentioned non-safety grade feedwater sources be unavailable to the suction of the AFW pumps, the assured source of water is then supplied from the Nuclear Service Wate'r System.(NSWS).
The NSWS water source is aligned automatically when the suction pressure of the AFW pumps drops below 2 psig for 3 seconds.
The NSWS pumps are required to supply couling water to the motor-driven AFW planps. The suction lines of the AFW pumps are piped into the NSWS pump discharge piping downstream of all NSWS cooling control valves, and thus, the NSWS pumps do not have to operate to supply water to the AFW turbine-driven pump.
For non-seismic plant conditions and in the event steam generator
(
quality grade water is not available from the NSWS and from the Con-densate System as explained above, a source of dirty auxiliary feed-water may be supplied to the steam generators via the Standby Shutdown Facilities (SSF). The isolation valves that isolate the supply of water from the SSF open automatically when the suction pressure of the AFW turbine-driven pump drnps below a pre-set valve to align the AFW pumps to this source of feedwater.
2-4 5934A
2.2 COMPONENT DESIGN CLASSIFICATION.
The AFWS of each unit including its primary water supply from the NSWS are engineered safeguards systems. The major components of these system are designed according to seismic and other requirements as given in the following table:
System / Component ASME-B/PV Seismic Code Section OBE 08E 1.
AFWS - Turbine III
' Class 3 YES YES Driven Pumos 2.
AFWS - Motor III - Class 3 YES YES Driven Pumps 3.
AFWS - Valves III - Class 2 YES YES III - Class 3 YES YES 4.
NSWS - Pumps III - Class 3 YES YES 5.
NSWS - Strainers VIII YES YES 6.
NSWS - Valves III - Class 2 YES~
YES III - Class 3 YES YES l
The components listed above are also designed for tornado, wind and missile protection. Piping for the safety-related portior,s of AFWS and NSWS is so designed accordingly.
The motors of the motor-driven pur,'s of the AFWS and NSWS for each unit are designated Electrical Safety - Class 2E. This same classification is given to the motors of valve motor operators of these systems.
Elec-trical equipnent of 2E classification requires seismic qualification to a safe shutdown earthquake criterion and are so designed.
2-5 5934A
The NSkS is design:d to previde cooling t:ater for various Auxiliary Building and R; actor Building heat exchang rs during all phases of sta-tion operation.
Each unit has two redundant " safety-related" headers serving two trains of equipment necessary for a safe plant shutdown and a "non-essential" header serving equipment not required for a safe shutdown. Water is normally supplied to the system from a lake (Lake Norman). Should a seismic event cause a loss of the lake, a Standby Nuclear Service Water Pond (SNSWP) that is designed to meet seismic loads provides a source of water to the NSWS. As an Engineered Safe-guards Sysan the SNSWP is automatically valved to provide feed to the channel of the NSWS of both units following a safety injection signal from either unit.
More detailed information about component classification is given in the McGuire FSARE43, 2.3 POWER SOURCES The turbine-driven AFW pump of each unit is supplied with steam from redundant feedlines.
One feedline is supplied stesn from the unit's steam generator "B" outlet header upstream of its main steam isolation valve (MSIV) and the other from the unit's steam generator "C" outlet header upstream from its MSIV. This assures steam to the turbine-driven AFW pump even with these two MSIV's closed.
Each unit of the station is equipped with an "Essent.ial Auxiliary Power System" (EAPS) that includes onsite 4160 V, 600 V, 120 V AC and 125 V DC power. Thissystemsuppliespobernecessaryforasafeshutdownofthe reactor, containment isolation, containment spray and cooling, auxiliary feedwater flow, and emergency core cooling following an accident.
It consists of redundant switch-gear, load centers, motor control centers, panelboards, battery chargers, batteries, inverters, diesel-engine AC generators (two per unit), protective relays, control devices, and interconnecting cable supplying two redundant load groups of each unit.
The 120 V AC and the 125 V DC Vital Instrumentation and Control Power i
Systems of the EAPS supply continuous power for control and instrumenta-tion in the Reactor Protection and Control System.
2-6 5934A
Tha EAPS of each unit is designed to meet tha criteria set forth in th2 NRC General Design Criteria (GDC 17, GDC 18), IEEE 279-1971, IEEE 308-1971 and Regulatory Guides 1.6, 1.9, and 1.32.
/
The motor-driven pumps of a unit's AFWS receive power from its EAPS via two identical but separate 4160 V emergency buses.
In the event of a loss of offsite power, the pumps receive power via the emergency buses from two diesel AC generators (4160 V) designated "A" and "B".
Diesel generator "A" provides power to the emergency bus that feeds the unit's AFW motor-driven pump designated "A" and diesel generator "B" provides power to the bus feeding AFW pump "B".
Redundant motor-operated valves and other electrical equipment designated "A" and "B" receive power in a sirt.ilar manner.
2.4 INSTRUMENTATION AND CONTROLS The controls and instrumentation of the AFWS are designed to meet NRC imposed safety class separation requirements.
2.4.1 CONTROLS The control of auxiliary feedwater flow and steam generator water level is accomplished from the main control room by use of air-operated valves that automatically maintain a correct position, (set manually in the control room or at a local control panel) for the required auxiliary feedwater flow.
Since the instrumentation used in the automatic control of valve position is not qualified for all accident events, safety grade solenoids are provided to assure that the AFW control valves are in the
" fail-safe open" position following the automatic start of a correspond-ing upstream AFW pump.
The pump minimum flow valves are likewise pro-vided with safety-grade solenoids to isolate pump minimum flow on the same automatic start signal.
After any automatic start, the operator can reposition the solenoid valves from the control room and use the non-safety controls if oper-able.
If repositioning of the solenoid valves causes a flow upset, 2-7 5934A
as indicated by flow indication on each steam generator, the solenoid valvcs must be placed back in the fail-safe position, and the control valves manually throttled locally at the valve u? ng handwheels provided.
i All manual valves in the main flow paths of the AFWS are mechanically
" lock-opened" or " lock-closed" in their normal system operation posi-tion. The motor-operated valves in the flow path are designed to f ail in their "as is" position.
j 2.4.2 INFORMATION AVAILABLE TO OPERATOR The important information available to the operator at the control room and locally near the component's location include for each AFW p ep -
suction pressure; suction flow, and discharge pressure; flow to steam generators A, B, C, and 0; in addition to individual water level in steam generators A, B, C, and D; and individual pressure in steam genarators A, B, C, and D.
Additional information is given in the.
following instrumentation table:
Component NSSS Physical Location
]
Control System Control Room Local 1.
Motor (isFW Pump) - start /stop AFWS X
X pump 2.
Turbine (AFW Pump) - start /stop Main Steam X
X pWp 3.
Turbine (AFW Pump) - raise /
luin Steam X
X lower speed l
4.
AF'.4 pump auto defeat -
AFWS X
X 1
on/off 5.
U3T supply motor-operated AFWS X
X isolati'n valve (ICA4) -
)
open/close t
l 2-8 5934A
6.
Cend;nsar hstwell supply AFWS X
X motsr-op; rated isolation valve (ICA2) - open/close 7.
AFW condensate storage AFWS X
X tank supply motor-operated isolation valve (ICAS) -
open/close 8.
Nuclear service water supply AFWS X
X motor-operated isolation valves (ICA85A, ICA86A, ICA15A, ICA188, ICA1168, and 1CA1178) - open/close 9.
AFW pump suction motor-AFWS X
X operated isolation valves (ICA7A, ICA98, and ICA118) -
open/close
- 10. Feedwater air-operated A?WS X
X flow control valves (ICA40,ICA44,ICA56, ICA60, ICA36, ICA48, ICA52, and ICA64) -
flow position i
- 11. Feedwater motor-operated AFWS X
X isola' ion valves (ICA428, t
i 1CA468, ICA58A, ICA62A, ICA388, ICA50B, ICA54A, and ICA66A) - open/close
- 12. NSWS to AFW pump suction AFWS X
auto switch-over switch-defeat
- 13. Alternate SSF supply AFWS X
X motor-operated isolation valves (ICA161C and ICA162C) 2-9 i
5934A i
l
Precass/ Component NSSS Physical Location i
Status Indicator System Control Room Local 1.
AFW pumps motor - on/off AFWS X
X 2.
AFW pump turbine - on/off AFWS X
X 3.
AFW pump turbine - speed Main Steam X
X 4.
AFW pump turbine - steam Main Steam X
X pressure 5.
AFW pump auto start AFWS X
defeat - on/off 6.
Control room overt; fen AFWS X
by local control 7.
Upper surge tank -
Condensate X
water level 8.
Steam condansate storage Condensate X
tank - water level 9.
Condenser hotwell -
water level
- 10. AFW condenste storage AFWS X
tank - water level ll.NSWS p3nd - water level NSWS X
- 12. UST supply motor-operated AFWS X
X isolation valve (ICA4) -
open/close 2-10 l
5934A 1
I i
- 13. Cond:nstr hotwall supply AFWS.
X X
motor-operated isolation
.alve (ICA2) - open/close
- 14. AFW condensate storage AFWS X
X i
tank supply motor-opera-ted isolation valve (ICA6) - open/close
- 15. NSWS supply motor-operated AFWS X
X isolation valves (ICA85A, ICA15A, ICA1168 and ICA1178) - open/close
- 16. AFW pump suction motor-AFWS X
X operated isolation valves (ICA7A, ICA98, and ICAllB) - open/close
- 17. AFW air-operated minimum AFWS X
flow valves (ICA20, ICA27, and ICA32) - open/close
- 18. AFW air-operated feed-AFWS X
X j
water flow control valves (ICA40,ICA44,ICA56, l
ICA60, ICA36, ICA48, ICA52, ICA64) open/close and 0-100 percent open
X operated isolation valves (ICA42B,ICA468,ICA58A, ICA62A, ICA388, ICA508, ICAS4A, and ICA66A) -
open/close
2-11 5934A
Process /Componsnt NSSS Physical Location Alanns System Control Room 1.
AFW turbine stop valve -
closed 2.
AFW turbine speed setting -
less than 3600 rpm 3.
UST - low water level Condensate X-4.
UST supply motor-operated AFWS X
isolation valve (ICA4) -
closed 5.
AFW pump suction motor-AFWS X
operated isolation valve (ICA7A, ICA98, ICA11A) -
closed 6.
Individual AFW pump -
AFWS X
low sucticn pressure 7.
Individual AFW pump -
AFWS X
low suction flow 8.
AFW pump air-operated AFWS X
minimum flow valves (ICA20, ICA27, and ICA32) - open l
9.
Feedwater flow air-operated AFWS X
control valves (ICA40, ICAa4, ICA56, and ICA60) -
open or closed 2-12 5934A
- 10. Feedwat:r flow air-op: rated AFWS X
control valves (1CA36, ICA48, ICA52, and ICA64) -
above or below setpoir.t
- 11. Feedwater flow motor-operated AFWS X
isolation valves (1CA428, ICA468, ICA58A, ICA62A, ICA388, ICA508, ICAS4A, and ICA66A) - closed 2.4.3.
INITIATON SIGNALS FOR AUTOMATIC OPERATION The AFW motor-driven pumps starts automatically on the following signals:
1.
Two out of four low-low water level signals in any steam generator, 2.
Loss of all main feedwater pumps, 3.
Initiation of a safety injection "S" signal, 4.
Loss of offsite power (station blackout).
l An auto start defeat switch is provided for items 1 and 2 above for use during periods not requiring an automatic motor-driven AFW pump start.
The AFW turbine-driven pump starts automatically upon the generation of two out of four low-low water level signals in any two steam generators or upon loss of offsite power.
l The piston operated isolation valves (1SA48 and 1SA49) that control i
steam to the turbine-driven AFW pump are held closed with air through redundant normally-energized electrical solenoid control valves connec-ted in a series configuration.
De-energizing one of the redundant con-trol solenoids will vent air from the " fail-open" valve operator allow-ing the isolation valve to open and admit steam to the turbine of the AFW turbine-driven pump.
2-13 5934A
Whensv r any AFW pung starts automatically, the Steam Generator Blowdown System (SGBS) is automatically isolated by closing piston operated iso-lation valves. The SGBS does not isolate automatically on an operator induced AFW pump start, so that operation of the SGBS is maintained i
during all normal modes of plant operation.
f 2.5 TESTING The AFW pumps are periodically tested to meet inservice surveillance requirements. A full flow test loop to the UST is provided at the dis-l charge of each AFW pump. Adequate instrumentation is provided to verify pump performance.
l l
The motor-driven AFW pumps may be used during plant startup in their normal alignment to the steam generators.
Pump performance and auto-matic feedwater flow control can be verified during this mode of opera-tion. The turbine-driven AFW pump performance and its discharge control valve travel stop settings can also be verified during this mode of operation.
2.6 TECHNICAL SPECIFICATIONS A review of the Technical Specification indicates that for power, start-up, or hot standby plant status the limiting condition of the AFWS j
for plant operation include:
(
l.
At least three independent auxiliary feedwater pumps and associated l
I flow paths shall be operable with; a.
Two motor-driven AFW pumps, each capable of being powered from separate emergency buses, and, b.
One turbine-driven AFW pump capable of being powered from an operable steam supply system.
I i
l l
2-14 5934A
2.
With on2 auxiliary ferdwater pump inop rable, restore at 1 cast thres AFW pumps (two capable of being pow: red from separate emerg!ncy buses and one capable of being powered by an operable steam supply system) to an operable status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or be in at least hot standby condition within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and in a hot shutdown within the following 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.
The Technical Specification requires all valves of the AFWS to be given inservice tests and inspections in accordance with the ASME Boiler and Pressure Vessel Code (Section XI and applicable Addenda) for Safety Class 1, 2 and 3 components. Additional surveillance requirements include:
1.
At least once per 31 days a.
Verifying that each motor-driven pump develops a discharge pressure of greater than or equal to 1210 psig at a flow of greater than or equal to 450 gpm.
b.
Verifying that the steam turbine-driven pump develops a dis-chirge pressure of greater than or equal to 1210 psig at a flow of greater than or equal to 900 gpm when the secondary steam supply pressure is greater than 900 psig.
l l
c.
Verifying that each non-automatic valve in the flow path that is l
l not locked, sealed, or otherwise secured in position, is in its correct position.
l d.
Verifying that each automatic valve in the flow path is in the fully open position whenever the auxiliary feedwater system is placed in automatic control or when above 10 percent of RATED THERMAL POWER.
2.
At least once per 18 months during shutdown a.
Verifying that each motor-driven pump starts automatically upon receipt of each of the following test signals:
2-15 5934A
- 1) Loss of both main feedeater pumps.
- 2) Safety injection signal.
- 3) Steam Generator Water Level -- Low-Low from one steam gen-erator.
b.
Verifying that the steam turbine-driven pump starts automat-ically upon receipt of each of the following test signals:
- 2) Steam Generator Water Level -- Low-Low from two steam gen-erators.
c.
Verifying that the valve in the suction line of each auxiliary feedwater pump from the Nuclear Service Water System automat-ically actuates to its full open position within less than or equal to 10 seconds on a low suction pressure test signal.
2-16 5934A
f I
t i
muna 4
-. _,9 x.
=. _,
9 A
G
(
n f
- _cf,
- J7
-i
- =."
=J 4
m.
' w--
b;o T.:7,, -,
" 7.:7
.
g
.g
".8
-p-99.-.
'-.9 -
O.,
=~-
-~
m.
~.
T.:
~
e,.
T.:~.*
=~;;
~
.e-
==
ro e
.e
.e s
J r-5..
c e r '.
- 1,
.e
= = - =..
u.w.
=
=a wa,,,a **a m,
,r--@
l[---6 2 h. i l n',"*""*
s.
G.,
c ' :;
6
.L ;
o.
,,- g.
t.L s
.c4
.a EJ.,
44 l g(-O-d a*.-.
v 9
e
" j' a '-
J-
ae.
A.
1 1
.m a],,,,,
. O$
(
]
,.p,,,--=~,..
~
- p.. _. _. _._ _. _ _ _ _ _ g. J s,
.c
.c
.c.a 4.,
on ao N
Figure 2.0 Simplified Flow Diagram of Auxiliary Feedwater System - William B. McGuire Station Unit No.1 g
Duke Power Company o
3.0 RELIABILITY EVALUATION The McGuire AFWS reliability for the transient / accident scenarios pre-viously described in Section 1.0, was evaluated by constructing ard analyzing fault trees. The trees were developed for a top level event of failure to achieve mission success.
From this point, branches of the tree were developed downward to a level of detail corresponding to the NRC-supplied data. An example of fault tree development for transient events studied is presented in Appendix A.
Once constructed, the fault trees were analyzed using the KITT-1[5] computer code. The results of the analysis were then used to determine the dominant contributors to system unavailability; to establ'sh if component dependencies exist; and for reliability comparison to other studied AFWS. The analysis results are given in the following paragraphs.
3.1 DOMINANT CONTRIBUTION TO UNAVAILABILITY Case No. 1 - LMFW The c'ominant (controlling) contributors to system unavailability for this transient case analyzed were found to be the loss of the motor and turbine-driven pump systems as caused by such failure modes as the pumps I
failing to start and run due to a pump component failure; the motor-driven pumps fail to start or run as caused by an open pump circuit breaker or a fault in the electrical control circuit used for automatic closing of a pump circuit breaker; and the turbine-driven pump fails to start and run due to faults attributed to the turbine control stop valve and the turbine speed control valve.
Other dominant contributors to AFWS system unavailability were found to be unscheduled maintenance of ptsnps and the testing of valves in the feedlines to each steam generator from the motor-driven pumps and the turbine-driven pump.
3-1 5934A
Th2 rcdundancy employed in the design of th2 McGuire AFWS cas fcund to be of the type whereby no obvious single faults (active coeponents, manual valves or human errors) were identified that dominate the unavailability of the AFWS for a loss of main feedwater transient.
Case No. 2 - LMFW/ LOOP The dominant failure modes discussed above are not dependent on the source of AC power (onsite or offsite) and thus are also the dominant failure modes for this transient and the unavailability of the AFWS.
The reduction in AFWS system availability for this transient is caused by a loss of redundancy in AC power sources that results frce a loss of offsite power.
Case No. 3 - LFJW/LOAC In this transient, loss of both offsite and onsite AC power is postula-ted to occur with the coincident loss of main feedwater flow, so that the available operating pump subsystems of the AFks are reduced to only the steam turbine-driven p wp train. Thus, any single failures in this pump train alone would be sufficient to fail the AFWS for this tran-sient. The dominant contributors to system unavailability for this case were found to include:
- 1) the turbine-driven pumps is offline for unscheduled maintenan:e; 2) the pwp train is down due to testing of the motor-operated valve (ICA7A) in the pump's suction line 3) the manual valve (ICA19) in the ptr.:p suction line f ails closed dLe to hardware failure or human error, causing a loss of NPSH at the pug's suction; 4) various turbine-driven pwp faults (i.e., turbine /paj hardware compo-nent failure, the turbine control stop valve fails closed or the speed control valve fails closed) causes loss of discharge flow from the pwp; and 5) the r.anual valve (ICA21) or check valve (ICA22) in the pump's discharge line fails closed blocking flow from the turbine-driven pwp.
3-2 5934A
3.2 DEPENDENCIES No location dependencies were identified which could cause common-mode failures of the system. Although all auxiliary feedwater pumps are located in the same general area of the Auxiliary Building, the tur-bine-driven pump is enclosed in a room that forms a barrier between it and the motor-driven pumps.
The system has power diversity in that both motor-driven and steam tur-bine-driven pumps are used to provide auxiliary feedwater flow. No deperJencies were noted to exist between the two types of pump systems empicyed.
In addition, no common dependencies on AC or DC power were identified.
3.3 COMPARATIVE RELIABILITY RESULTS The results of the analysis are presented in Figure 3.0.
Indicated in this figure are the system reliability results for each of the three cases studied. The basis format for this figure, including the reli-ability characteristics of low, medium, and high reliability of the three cases studied for the AFWS of other Westinghouse NSSS plants, was adopted from NUREG-0611.
The intent of the figure is to show the rela-tive reliability ranking of the McGuire AFWS for each of the three cases studied and to compare these results to those obtained by the NRC.
Because the input data are only estimates of component and human error l
l failure probabilities, absolute values of calculated system reliability are de-emphasized in this report and the results are used on a relative basis for ourposes of comparison.
j As indicated in Figure 3.0, relative to other auxiliary feedwater sys-tems of plants having a Westinghouse NSSS, the McGuire AFWS has medium reliability for Case No. 1, LMFW; low reliability (high end) for Case No. 2, LMFW/ LOOP; and medium reliability (high end) for Case No. 3, LMFW/LOAC.
3-3 5934A
The primary difference in AFWS unavailability b:tw:en Case No. 1 and Case No. 2 is the loss of offsite AC power as other contributors to system unavailability remain essentially the same due to the diversity and automatic start features employed in the design of the McGuire AFWS.
The medium reliability ranking of Case No. 3 results reflects the lack of AC dependencies coupled with a continued capability for the automatic initiation of auxiliary feedwater flow.
It should be noted that no credit was taken for operator action in the analysis for the possible correction of a faulted component (i.e., the manual positioning of a failed valve to its correct position) the repor-ted results are therefore looked upon as conservative and the relative f
ranking of reliability is expected to be somewhat higher.
f I
3-4 5934A
l l
16820-9 TRANSIENT EVENTS LMFW LMFW/ LOOP LMFW/ LOSS OF ALL AC' PLANTS LOW MED HIGH LOW MED HIGH LOW MED HIGH WESTINGHOUSE HADOAM NECK G
15 4>
N ONOFRE G
G 4H-4)
PRAIRIE ISLAND tb di o
SALEM 4W4 4WD 4>
ZION 9
9 4>
YANKEE ROWE G
G th TROJAN di G
dp BNDIAN POINT 4>
G o
KEWANEE O
E 1>
H.B. ROBINSON 4>
G I>
BEAVER VALLEY di G
di GINNA G
G 4>
PT. BE ACH G
G 1>
l eOOx e
9 o
TURKEY POINT G
G
J.:.'."J:!"".
- J..?J *'ll:.
..J~.*"."*:...
- ';t
- '
- ".l.:....
I "l"l" b b 1 I I I I I I I I =..--a ...=..w =. * * *.
- =a
.- a a *aa. =;;- 74".'.*l.'"
- "4*.'7".**"
J*,". ' 4 1%il.a':"' .I'll04.'Jf *.
- '?.'M.'O.* *
'04l.~J !*.J.':"E m. =.;; ;* ?.?JI.T.C.. 'MrJ4:7.;:""
- l ;=;ll,,.
a.;';i. . r 4:*. .J.. J.;.%..'.. .?J.. Wa J.W 2.. = 6 6 6 6 6 6 I I I I .s..:.:.2... = = =.. =..... . =... =...
- '"".*="
- ll* ;."* "
".".*.*4.". .3. 7.'.'.:::. 6 6 6 6 b I I I I A 6 I f I I .~.. ~~:.- ~5: 6 A 6 A Figure A-1 Reduced Fault Tree Development - LMFW McGuire Auxiliary Feedwater System (Sheet 2 of 5) 16820 3 I I I I ~ =. =.. =.. .=: m. f.r. D b D^ D i i I I I I I I =.... - _=.. = _-. =.=. .= . ~. -. . ~,. - .=. m 6 6^ 6 6 6 6^ I I I I v. .~.=..w 3."'.:lTi!.T. ~ ~ * ~ ' .:". :"l72. 6 6 6 l 1 l ,.,,a,.,,., .. :1. "lOa. .."...ft=. _fa=,,=, l.: -a.. A I I I "t.* J.;;"'
- =.'.!ll1~. ~.:
M.. "~*:.J'.*.* .a.~
- .2,;.
- .' :;;"=.,.
_.c=::',., .. ~ .t. I I ..J** 0;".
- ('75E-J. ":T L..
~..4.0.,~,,,.* 6 6^ I I l l T.=*!.**i' l?.?.1,; .!!!lr!"' '.J' * * .;g. m;...,. 1 A 6 I i I i ) = =: = =: . =..,
- =
..i. 6 A 6 A i l Figure A-1 Reduced Fault Tree Development - LMFW McGuire Auxiliary Feedwatar System j (Sheet 3 of 5) l l 16820-4 I I I I .m I I I I I 1 I I
- a,7..;,;,,;
..a
- '"J.'"
.L*.:~ * . = ",. .*=,; r. ...= aa"" ., J ;. 6 6^ g 6 4 6 6 6^ I I I I .....c.. .,,.,.2. ;. ; . ~... =. ~ I I I I I ., " '. ". '. ~ .:'lf,.%"l" 6 6 6 d A I I I I j .... ~.... . +. 3., 6 i 1 I I I I ..I.*S.*JT. ".* ".h =... .....7
- ,;.;n
.g_. =,;, A 6 A 6 a i i i I I I i 1 6 A 6 ~ A Figure A.1 Reduced Fault Tree Development - LMFW McGuire Auxiliary Feedwater System (Sheet 4 of 5) 16820-5 1 1 7 I I I I ICA4T. ICASOS. GNSUFF. FLOW FROed FLOW LOST ICA48. OR ICA40 AFW TURSetet FLOW BLOCNED DUE TO TESTING VALVE F AULT ORIVE N PUMP NO 1 DUE TO COMPONENT OF COMPONENT CAUSES FLOW SUS $vsTEM TO FOR M"AIN"TENANCE
- E '
L'"I BLOCEAGE SG T S I I I I WALVE VALVE U8eSCHEDULED UteSCHE DULE D
- CAROS 8CATA MAIN T E ssARICE MAIN T E NANCE CLOSED FOR CLOSED FOR OF VALVE OF AFW T D TOST TEST SCAde OR ICA4g PUMP Beo.1 d
A e T l l l l ICA36. ICA30s. INSUF F. F LOW F Roes FLOW LOST eCA38ORICA37 AFW Tumes4g FLOW BLOCa ED DUE TO TESTING VALVE FAULT DRIVEN PuesP NO 1 DUE TO COntPOWENT OF COesPONENT CAUSES F LOW SUSSYSTEM TO Sten 4 OFF LINE BLOCKAGE SO "D-FOR MAINTENAmeCE I S I I I l WALVE VALVE U8vSCHE DULE D UNSCHE DULE D i ICA30s BCATA MAINTE N ANC E Mat 4 TE NANC E ) CLOSEO POR CLOSED FOR OF WALVE OF AFW T O TEST TEST ICA3S OR ICA37 PUMP NO.1 R T Figure A 1 Reduced Fault Tree Development - LMFW McGuire Auxiliary Feedwater System (Sheet 5 of 5) 1 h \\ 1 l l l $NEUFF.AFW YO 3 OF 4 51 GENE RATORE AFW T O P4 ( int M N GOR YQ
- NEUF F. APW BNSUFF. AFW FL0su 7 ROM TC FLOW FROM YO Pune TO STE AM PUMP TO STE AM GENERATOR A, GENERATOR A.
S OR C
- 5. OR O I
l thSUFF. AFW INSUFF. AFW IAtSUFF AFut INSUFF. AFW INSUFF. AFW INSUFF. AFW FLOW FROM YO FLOuu PROns TO FLOsurROMTO FLOW F ROM TO FLOW FROM TO FLOW FROh8 70 PladP TO Fune TO PUMPTO Pune TO FtasP TO PUhr TO SG "A" SG "B" SG T SG "A" SG "B" SG T* b th A th A A A f \\ l. f 168204 r E F L 085 l Aas B / Ya ANastNT eso,3 EA5. h' T A \\ 4 EsSUFF. AFW I M P.AFW FLOff FmOas 1e FLOm Faces Ye Flar TO 878Aas Steep TO sTE Aas GEssERATOR A, GEssERATOR3 C On O & On O ItsSUFF. AFW 48 M F.AFW ANBUFF. AFW 19MF. AFW te M F.AFW $DIEUFF. AFW floss Fnans Te floss Faons To FLOnFmCasTO FLon Facts TO flout FmCas TO FLOUU FmCas TO F.u.nsP YO F. tar 70 F.u.ne.TO F.u.er TO F.uer TO PN TO -r v o-r v o 0-b b b b b b I I Figure A-2 Reduceo fault Tree Development - 1 LMFW/LOAC - McGuire Auxiliary Feedwater System (Sheet 1 of 3) l
.-.n...,--.,
16820 7 I
I I
h O
h
[
I f
I I
I I
I 3
6 6^
g 6
g 6
6 6
I I
I I
6 6
i e
I t
6 I
., =.. -
6 I
1 I
I I
I 6
6 6
6 6
I I
I I
A 6
6 6
s I
I 6
I I
I I
A 6
A Figure A-2 Reduced Fault Tree Development - LMFW/LOAC-McGuire Auxiliary Feedwater System (Sheet 2 of 3)
16820-8 l
l I
tb l
i I
I I
I eCA.> eCA e
,,ic..
- 60. =0C..O floss LOST staes On stase AFw fusseessE OWE 70COtromte?
DUE TO 70 57188G vetytFaugt Omewf 4 mar esO 1 Og sass Op p 08ConspOweet cau.e5 FLO.ut Sues.v. Stem to
.As.eas.e.. fos.a.
t
. TOC &AG x-A C F
I I
I I
WAtWE VALWE uns.Cest DUL E D LM.C**E OWL E O E
8 CS OF taasesit4A,asCg 08 88A***'s e**e 'O eCatse sCAFA a
vat a CLOsa e 80s CL Osa e 80m P AEP 8001 i
YIST Tilt ecAaB OA staa.
1 l
l I
I I
I aCA. eC A e
- u...io...O
. O..<OC..e F,L O8e.L.M,s.T.OUG e,C A N.O. m.. eta 3.?
O.A..r.m.T.we e4.R DU.E.se CO.as,PO,h.f.41 TO 0
O A
u.eO.
O i LOe 90A esasseig4AssCE Compose 6 4 f C.AUS89. Aa.ut SLe$.*a,ite TO 9tO S
2 l
1 I
I l
watwf wALVE WasBCpt Out E o unsscent Oute o ESAsseTE 4AssCi esaseit maasta eC A B.
eCAPA osw&Lwt OsAsatc CLOSED f On CLOss D eon eC&JS On ACA37 PuesP asO g 1951 T.f St l
8 G
l i
i Figure A 2 Reduced Fault Tree Development LMFW/LOAC McGuire Auxiliary Feedwater System (Sheet 3 of 3) i
-a m
a
.&m-m.
.4 eu sw
-e_.
m_
a.
._m
(
k 4
APPENDIX 8 NRC-SUPPLIED DATA USED FOR PURPOSES OF CONDUCTING A COMPARATIVE ASSESSMENT OF EXISTING AFWS DESIGNS AND THEIR POTENTIAL RELIABILITIES i
l.
l l
l e
[
l f
5934A i
-u
TABLE B-1 NRC-SUPPLIED DATA USED FOR PURPOSES OF CONDUCTING A COMPARATIVE ASSESSMENT OF EXISTING AFWS DESIGNS AND THEIR POTENTI AL RELIANTOTIES Point Value Estimate of Probability of*
Failure on Demand l
I.
Component (Hardware) Failure Data a.
Valves:
4 Manual Valves (Plugged)
-1 x 10'4 Check Valves
-1 x 10"
)
Motor-0perated Valves Mechanical Components
-1 x 10-3 Plugging Contribution
~1 x 10-4 Control Circuit (Local to Yalve) 3 w/ Quarterly Tests
-6 x 10 3 w/ Monthly Tests
-2 x 10-b.
Pumps:
(1 Pump)
Mechanical Components
~1 x 10-3 fontrol Circuit w/Quartarly Tests
-7 x 10-3 w/ Monthly Tests
-4 x 10-3 c.
Actuation Logic
-7 x 10-3 Error factors of 3-10 (up and down) about such values are not unexpected for basic data uncertainties.
j B-1 5934A
f I
TABLE B-1 (Continu:d)
II. Test and Maintenrace Outage Contributions:
a.
Calculational Approach 1.
Test Outage TEST :
( hrs / test) ( tests / year)
Q hrs / year 2.
Maintenance Outage Q
- (0.22 ( hrs /milint. act)
MAINT.
720 b.
Data Tables for Test and Maint. Outages *
SUMMARY
OF TEST ACT DURATION Calculated Range on Test Mean Test Act Component Act Duration Time, hr Duration Time, t, hr D
Pumps 0.25 - 4 1.4 Valves 0.25 - 2 0.86 Diesels 0.25 - 4 1.4 Instrumentation 0.25 - 4 1.4 LOG-NDDMAL MODELED MAINTENANCE ACT DURATION Calculated Range on Test Mean Test Act Component Act Duration Time, hr Duration Time, t, hr D
Pumps 1/2 - 24 7
l 1/2 - 72 19 l
Valves 1/2 - 24 7
l Diesels 2 - 72 21 l
Instrumentation 1/4 - 24 6
l
{
Note:
These data tables were taken from the Reactor Safety Study (WASH-1400) for purposes of this AFW system assessment.
Where the plant technical specifications placed limits on the outage duration (s) allowed for AFW system trains, this tech spec limit was used to estimate the mean duration times for maintenance.
In general, it was found that the outages allowed for maintenance dominated those contributions to AFW system unavailability from outages due to testing.
B-2 5934A
TABLE B-1 (Continued) i 1
III.
Human Acts and Errors - Failure Data:
4 Estimated Human Error / Failure Probabilities +
4 Modifying Factors and Situations
- With Local Walk-With Valve Position Around and Double Indication in Control Room Check Procedures w/o Either Point Est on Point Est on Point Est on Value Error Value Error Value Error Estimate Factor Estimate Factor Estimate Factor l
A) Acts and Errors of a Pre-Accident Nature
- 1. Valves mispositioned during test /mainte-nance.
h a) Specific single 1 x 10-2 x1 20 1 x 10-2 x1 10 10-2 xi 10 W
valve wrongly N
Y N
Y Y
I selected out of a population of valves during conduct of a test or maintenance act
("X" no. of valves in population at choice).
b) Inadvertently
-5 x 10-4 20
-5 x 10-3 10 2 10 leaves correct valve in wrong position.
- 2. More than one valve
~1 x 10-4 20
-1 x 10-3 10
-3 x 10 3 10 is affected (coupled errors).
B-3
~.-
TABLE B-1 (Continued)
Estimated Failure Prob. for Primary Time Actuation Operator to Actuate Needed AFWS Componentr L B) Acts and Errors of a Post-Accident Nature 1.
Manual actuation of
-5 min.
-5 x 10-2 AFWS from Control
~15 min.
-1 x 10-2 Room. Considering
~30 min.
-5 x 10-3 "non-dedicated" f
operator to actuate AFWS and possible backup actuation of AFWS.
l l
I 1
i i
t B-4 5934A l'
l
._.