ML19350D516
| ML19350D516 | |
| Person / Time | |
|---|---|
| Site: | Wolf Creek, Callaway  |
| Issue date: | 04/13/1981 |
| From: | Youngblood B Office of Nuclear Reactor Regulation |
| To: | Bryan J, Koester G KANSAS GAS & ELECTRIC CO., UNION ELECTRIC CO. |
| References | |
| NUDOCS 8104160139 | |
| Download: ML19350D516 (16) | |
Text
O lerq
, m(c UNITED STATES
.. /)' %
NUCLEAR REGULATORY COMMISSION Cd
.,,l i
d WASHINGTON, D. C. 20555 Y
APR 131981
/7 k
UR14 Q )
.d Docket Hos.: STN 50 482 and STN 50-483 J-Union Electric Company Kansas Gas & Electric Company ATTN: Mr. J. K. B ryan ATTN: Mr. Glenn L. Koester Vice President Vice President - Nuclear P. O. Box 149 201 North Market Street St. Louis, Missouri 63166 Wichita, Kansas 67201
Dear Gentlemen:
Subject:
Agenda Items for Meetings with SNUPPS Applicants on Instrumentation and Controls Enclosed is a list of items which the Instrumentation and Control Systems Branch would like to discuss at a series of meetings with you. The intent of the meetings is to obtain a better understanding of details of the SNUPPS design in order to expedite the operating license review. As a result of the meetings and continuation of our review, we anticipate that other questions and concerns will arise. Thus, the enclosed list should not be considered as a complete list of items to be resolved prior to issuing a Safety Evaluation Report.
We have not attempted to group items on the list in any particular way. We suggest that you group the items in convenient sets such that each set can be discussed at an individual meeting lasting between one and five working days. We also suggest that each individual meeting include the minimum number of participants necessary to fully discuss the topics to be covered. However, you should be prepared to discuss the pertinent details of fluid systen and mechanical equipment with which the instrumentation and controls interface.
As can be seen from the enclosed list, many of the items are related to the interface areas.
It would be useful if we could be provided with drawing nunters (and the drawings if not already submitted to us) of drawings to be used by you for discussion of each item.
If possible, we would like to have this infomation two weeks in advance of the meeting where the drawing will be discussed.
8104160
2_
L We anticipate to hold the first meeting during the last week of April. You will be contacted by the Licensing Project Manager to determine a mutually acceptable date.
/
. ~.
n*,
- 8. J. Youngblood, Chief Licensing Branch No.1 Division of Licensing
Enclosure:
As stated cc: See next page i
l i
i
=_ -
Wolf Creek STN 50-482 l
Mr. Glenn L. Koester Vice President - Nuclear Kansas Gas and Electric Company 201 North Market Street i
P. O. Box 208 Wichita, Kansas 67201 cc: Mr. Nicholas A. Petrick Ms. Wanda Christy Executive Director, SNUPPS 515 N. 1st Street 5 Choke Cherry Road Bulington, Kansas 66839 Rockville, Maryland 20750 Floyd Mathews, Esq.
Mr. Jay Silberg, Esquire Birch, Horton, Bittner & Monroe Shaw, Pittman, Potts & Trowbridge 1140 Conecticut Avenue. N. W.
1800 M Street, N. W.
Washington, D. C.
20036 Washington, D. C.
20036 Kansas for Sensible Energy Mr. Donald T. McPhee P. O. Box 3192 Vice President - Production Wichita, Kansas 67201 Kansas City Power and Light Company 1330 Baltimore Avenue Francis Blaufuse P. O. Box 679 Westphalia, Kansas 66093 Kansas City, Missouri 64101 Ms. Mary Ellen Salva Route 1, Box 56 Burlington, Kansas 66839 Mr. L. F. Orbi Missouri-Kansas Section:
American Nuclear Society 15114 Navaho Olathe, Kansas 66062 Ms. Treva Hearne, Assistant General Counsel Public Service Commission P. O. Box 360 Jefferson City, Missouri 65102 Mr. Tom Vandel Resident Inspector / Wolf C eek NPS c/o USNRC P. O. Box 1407 Emporia, Kansas 66801 Mr. Michael C. Kenner Wolf Creek Project Director State Corporation Commission State of Kansas Fourth Floor, State Office Bldg.
Topeka, Kansas 66612
~m..
_ ~., _ _. _.. _.
,,,__..m__,
~ _, _ _ _ _
Mr. J. K. Bryan Vice President - Nuclear Union Electric Company P. O. Box 149 St. Louis, Missouri 63166 cc: Mr. Nicholas A. Petrick Mr. William Hansen Executive Director - SNUPPS Resident Inscector/Callaway NPS 5 Choke Cherry Road c/o USNRC Rockville, Maryland 20850 Steedman, Missouri 65077 Gerald Charnoff, Esq.
l Shaw, Pittman, Potts &
Trowbridge 4
1800 M Street, N. W.
Washington, D. C.
20036 Mr. J. E. Birk Assistant to the General Counsel Union Electri: Company P. O. Box 149 St. Louis, Missouri 63166 Dr. Vern Starks Route 1, Box 863 Ketchikan, Alaska 99901 Ms. TrevaHearn, Assistant General Counsel Missouri Public Servica Commission P. O. Box 350 Jefferson City, Missouri 65102 Mr. D. F. Schnell Manager-Nuclear Engineering Union Electric Company P. O. Box 149 St. Louis, Missouri 63166 I
\\
i me e w em-mm
-sw e=
w y,
.w
,-e v.
-,r.
y
--y--,,-,,-
y,
PROPOSED AGEtiDA FOR MEETIf;3(S) WITH StiUPPS APPLICAt4E Oti If4STRUMEf4TATI0ti AfiD C0tiTROLS Following is a list of items for discussion at one or more meetings with the applicant to provide the fiRC staff with information required to under-stand the design bases and design implementation for the instrumentation and control systems on the StiUPPS projects.
The applicant should be prepared to use detailed instrument, control, and fluid system schematics at the meetings in explaining system designs and to provide verification that design bases and regulatory criteria are met.
1.
Identify where instrument sensors or transmitters supplying information to more than one protection channel are located in a comon instrument line or connected to a comon instrument ta p. The intent of this item is to verify that a single failure in a comon instrument line or tap (such as break or blockage) cannot defeat required protection system redundancy.
2.
Identify where instrument sensors or transmitters supplying infomation to both a protection channel and control channel or to more than one control channel are located in a comon instrument line or connected to a comon instrument tap. The intent of this item is to verify that a single failure in a common instrument line or tap can neither defeat required separation between control and protection nor cause multiple control system actions not bounded by analyses contained in Chapter 15 of the FSAR. For control systems, the discussion can be limited to channels used for control of reactivity, reactor coolant pressure, reactor coolant temperature, reactor coolant flow, reactor
~
coolant inventory, secondary system pressure, steam generator feedwater flow and steam generator steam flow.
2 3.
Describe the design bases used to insure that control system failures will not result in plant transients more severe than the bounding transients contained in Chapter 15 of the FSAR. The intent of this item is to verify that single credible failures within control systems (such as power supply or sensor failures) will not result in multiple control system malfunctions initiating transients more severe than the bounding transients contained in Chapter 15 of the FSAR.
4.
Describe the separation criteria for protection channel circuits, protection logic circuits, and non-safety related circuits. For example are channel circuits and logic circuits separated from one another?
5.
Using detailed system schematics, describe the implementation of the bypassed and inoperable status indication provided for engineered safeguards features.
6.
Using detailed system schematics, describe the sequence for automatic initiation, operation, reset, and control of the auxiliary feedwater system. The following should be included in the discussion:
l l
a) the effects of all switch positions on system operation.
I b) the effects of single power supply failures including the effect i
of a power supply failure on auxiliary feedwater control after l
automatic initiation circuits have been reset in a post ac.cident sequence.
l c) any bypasses within the system including the means by which it I
is insured that the bypasses are removed.
i I
. d) the safety classification and design criteria for any air systems required by the auxiliary feedwater system. This should include the design bases for the capacity of air reservoirs required for system operation.
e) design features provided to terminate auxiliary feedwater flow to a steam generator affected by either a steam line or feed line break.
f) system features associated with shutdown from outside the control room.
g) logic circuits used to transfer pump suction from the Condensate Storage Tank to the Essential Service Water System including verifica-tion that all equipment used for this function is seismically qualified and protected from failure of near-by structures which may not be seismically qualified.
h) design features to insure that no single failure can result in an open flow path from the Essential Service Water System to the Con-densate Storage Tank.
7.
Describe the electrical power supply arrangement, air supply design features, and any interlocks associated with control and operation of the steam generator power operated relief valves. This should include a discussion of the design bases for the capacity of air reservoirs used to operate the valves.
8.
Using detailed system schematics, describe the sequence for periodic testing of the a) main steam line isolation valves.
b) mair. feedwater isolation valves.
c) main feedwater control valves (safety features).
d) auxiliary feedwater system.
. The discussion should include features used to insure the availability of the safety function during test and measures taken to insure that equipment cannot be left in a oypassed condition after test completion.
9.
Table 7.1-4 (Sheet 2) Item 4 appears to address only the power supply example given in the Regulatory Guide position. Verification should be provided that failure made analyses have been performed for the collective protection system logic - actuator system for all types of single failures and not only for power supply failures.
- 10. Table 7.1-7 (Sheet 2) The statement of compliance under Item 3 re-lated to perturbing monitored variables implies that there are cases where perturbing the monitored variable is not practicable.
If this is the case, the specific variables involved should be listed and the method of testing stated.
11.
Figure 7.2-1 (Sheet 16) The f ogic for turbine trip following reactor trip or high high steam generator level should be provided.
~
12.
Identify any sensors or circuits used to provide input signals' to the protection system which are located or routed through non-seismically qualified structures. This should include sensors or circuits pro-viding input for reactor trip, emergency safeguards equipment such as the auxiliary feedwater system, and safety grade interlocks. Verifica-tion should be provided that the sensors and circuits meet IEEE-279 and are seismically and environmentally qualified. Testing or analyses performed to insure that failures of nonseismic structures, mountings, etc. will not cause failures which could interfere with the operation of any other portion of the protection system should be discussed.
- 13. Provide analyses indicating whether the pressurizer power operated relief valves will be actuated following a turbine trip below the power setpoint of P-9.
The analyses should cover core physics para-meters bracketing those expected throughout the lifetime of the core.
- 14. Provide or provide a reference to the detailed procedures used for pre-operational and periodic time response testing of the reactor protection and engineered safety feature actuation systems. The staff indicated in the Safety Evaluation Report issued for the con-struction permit that the details of the response time testing would be reviewed at the operating license stage.
- 15. Using detailed system schematics, indicate the extent to which the RTD bypass loop flow alarms in different loops are independent of one another. This should include consideration of power supplies.
- 16. Provide an analysis indicating the time between reaching each high pressurizer level alarm setpoint and filling the pressurizer with water assuming failure of the level channel used for control in the low di-rection.
Since only two out of three logic is used for the high pressurizer level trip and the level control signal is taken from one particular channel, assume that the reactor trip on high level does not occur. The analysis should include maximum charging flow including the effects of automatic start of back-up charging pumps if this is a consequence of the control system demanding maximum flow.
. 17. Provide an analysis indicating the time between reaching each high steam generator level alarm setpoint and filling the steam generator with water assuming failure of the level channel used for control in the low direction.
Since only two out of three logic is used for high steam generator level feedwater isolation and the level control signal is taken from one of these channels, assume that the isolation function does not occur. The initial plant power level resulting in the most rapid steam generatcr filling should be assumed. The applicant should also be prepared to discuss the probable consequences of filling the steam generator and causing water to flow into the steam piping.
- 18. Using detailed system schematics, discuss the bypass, bypass interlock, and test provisions for the containment purge isolation and the Control Room Ventilation Isolation Systems. The discussion should indicate those design features which insure that the safety function is not de-feated during system test and that portions of the system are not in-advertently left in a bypassed condition after test.
19.
Provide design details of the isolation devices shown in Figure 7.3-1, Logic Diagram for the Engineered Safety Features Actuation System. There appear to be considerable cross ties between " separation groups" and, thus, analyses or tests performed to demonstrate that proper isolation l
wil? exist should be discussed.
- 20. There are several items of equipment listed in Table 7.3-8 where the l
method of providing redundancy is not apparent. For example, Upper l
Cable Spreading Room Exhaust Isolation, Control Room Exhaust Isolation, l
and Control Building Outside Air. The applicant should explain the method of achieving redundancy for all of the items in the Table.
l
- 21. Table 7.3-11 indicates that " Loss of one Class lE instrument power supply" will result in " loss of one set of level information."
Clarification should be provided as to the particular level informa-tion involved.
- 22. Using detailed schematics and other drawings as necessary, de. scribe the main steam and feedwater isolation valve hydraulic operators in-cluding the interfaces with the safety system electrical circuits.
- 23. Using detailed schematics describe the logic circuits used to accomplish automatic switchover from the injection phase of emergency core cooling to the recirculation phase after a LOCA.
The discussion should include design features which insure that a single failure will neither cause premature switchover nor prevent switchover when required.
Can the reset of Safety Injection Actuation prior to the automatic switchover from injection to recirculation defeat the automatic switch-over? The use of the "TB" signal in Figure 7.6-3 (Sheet 2) should be discussed.
- 24. Page 7.3-35, Item a Portions of the discussion appear to not apply to ESFAS response times.
In particular, the discussion on reactor trip breakers, latching mechanisms, etc. should be replaced by a discussion of ESF pump and valve time responses. The applicant should provide a revised discussion.
- 25. Page 7.3-45 and Figure 7.3-3.
Discuss design features which insure that the blocking of the operation of selected protection function actuator circuits is returned to normal operation after testing.
Is reliance placed upon the operator doing this and then observing test
. lights in the safeguards test racks, or are there more positive means to insure that systems are returned to nomal operation?
- 26. Page 7.3-47 Testing During Shutdown. Describe provisions for insuring that the " isolation valves" discussed here are returned to their nomal operating positions after test.
- 27. Section 7.4.3, Safe Shutdown from Outside the Control Room. Discuss the likelihood that the Auxiliary Feedwater System will be automatically initiated on low steam generator level following a manual reactor trip initiated during a temporary evacuation of the control room.
Analyses and operating experience from plants similar to SNUPPS should be presented during the discussion.
If the Auxiliary Feedwater System has a high probability of being automatically initiated as a consequence of a manual reactor trip, the capability of resetting the initiating logic from outside the control room will be needed.
- 28. Section 7.4.3, Safe Shutdown from Outsida the Control Room.
Discuss the likelihood that emergency core cooling will be automatically initiated following a manual reactor trip initiated during a temporary evacuation of the control room. For example, is it possible for-the reactor coolant system to be cooled to the point that the pressurizer empties during the time interval between manual reactor trip.and the time an operator can take control of auxiliary feedwater outside the control room? Analyses and operating experience from plants similar to SNUPPS should be presented during the discussion. Based upon the likelihood of emergency core cooling actuation following a manual reactor trip, should the capability for resetting the equipment be pro-vided outside the control room?
. 29. Discuss the desirability of perfoming a plant test to verify the capability of maintaining the plant in a safe shutdown condition from outside the control room.
- 30. Describe provisions made to control access to the Auxiliary Shutdown Panel.
- 31. Describe the design features used to provide direct indication of pressurizer and steam generator safety and relief valve positions in the control room.
- 32. Using detailed schematics, verify that no single failure will preclude reactor coolant system letdown capability.
- 33. Page 7.5-1 The statement is made that: " Display instrumentation identified with the reactor trip actuation system (Section 7.2),
engineered safety feature actuation (Section 7.5.2.1), and hot shutdown control (Section 7.5.3.1) are safety related.
Is the intent that all indicators and circuits associated with these displays will meet all requirements applicable to safety grade equipment including seismic qualification?
- 34. Discuss the schedule for complying with Regulatory Guide 1.97, Revision 2.
- 35. Table 7.5-2 Discuss the basis for selection of only specific, safe shutdown displays as safety related. In particular, it is not clear why the displays under " Hot Shutdown System Perfomance" are not safety related.
- 36. Table 7.5-2 (Sheet 2) Provide additional detail on what is meant by the " Hot Shutdown System Bypasses" listed in the table. What is meant
. by " Actuation system signal bypass" and what specific " equipment bypass" displays are located at the Auxiliary shutdown control panel.
- 37. Using detailed system schematics, describe the sequence of operation for the Residual Heat Removal System Isolation Valves. The discussion should include the effect of various single failures in power supplies for the valves and the valve controls. Are there any single instrument bus failures which could cause inadvertent closure of RHR suction valves in both trains during a time when the system is in use for decay heat removal?
- 38. Using detailed system schematics, describe the power distribution for the accumulator valves and associated interlocks and controls.
- 39. Using detailed system schematics, discuss the degree of redundancy in the logic for the Low Temperature Interlocks for RCS Pressure Control.
It appears from Figure 7.6-4 that fallere of either auctioneer used in the system will defeat the safety function of the system.
- 40. Page 7.6-7 Clarify the function and location within the system of the valve referred to in Line 5 on this page as the " motor-operated (MOV) pressurizer relief valve."
Is this meant to be a block valve?
- 41. Using detailed system schematics, describe the operation of the circuits used for isolation of essential service water to the air com' pressors.
Can the system be periodically tested? Are all components (including sensors) located in seismic qualified structures?
- 42. As in Item 41 above, describe the operation of the interlocks used for isolation of the seismic qualified portion of the component cooling
. water system. This discussion should include reference to the fluid system schematics in indicating which specific valves are used for the isolation function.
Is there redundancy of instrumentation within each component cooling water train or is the redundancy actemplished by having one interlock for each train?
- 43. Describe the design features used in the rod control system which
- 1) Limit reactivity insertion rates resulting from single failures within the system.
- 2) Limit incorrect sequencing or positioning of control rods.
The discussion should cover the assumptions for determining the maximum control rod withdrawal speed used in the analyses of reactivity insertion transients.
- 44. Page 7.7-19 Describe the calibration technique to be used for the baron concentration monitoring system.
- 45. Will automatic equipment be provided to terminate an inadvertent buron dilution?
- 46. Figure 7.2-1 (Sheet 5) Will the reactor coolant pump breakers be designed and qualified to meet all criteria applicable to equipment l
performing a safety function? If not, the applicant should provide l
the basis for determining that tripping the pump breakers on under-i frequency is not-a safety function.
l l
l i
. 47.
Indicate the final resolution of those instrumentation and control items discussed in the Safety Evaluation Report (and supplements) issued for the construction permit which required resolution during the operating license review.
48.
Page 7.1-5 The statement is made that "The design of the safety-related systems rely on the provisions of IEEE Standard 384-1974, relative to overcurrent devices, to prevent malfunctions in one circuit from causing unacceptable influences on the functioning of the overall system." The applicant should provide information on the specific places where this is done and provide the basis that this design does not compromise protection channel independence.
- 49. Table 7.2-3 and Pages 7.3-35 and 7.3-36.
Provide clarification on the components to which the time response values apply. For example, in Table 7.2-3 do the time responses include sensors, analog channel components, logic circuitry, and reactor trip breakers?
..