ML20004E014
| ML20004E014 | |
| Person / Time | |
|---|---|
| Site: | Browns Ferry  |
| Issue date: | 05/12/1981 |
| From: | Mark J Advisory Committee on Reactor Safeguards |
| To: | Hendrie J NRC COMMISSION (OCM) |
| Shared Package | |
| ML20004E012 | List: |
| References | |
| NUDOCS 8106100581 | |
| Download: ML20004E014 (3) | |
Text
f Cl% '
6 Ic, UNITED STATES
'8 l,
.b j
NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS L
y wAss mcion. o. c. 2osss 0;
May 12,1981 l
Ob Honorable Joseph M. Hendrie Chairman U. S. Nuclear Regulatory Commission Washington, D. C.
20555 SU3 JECT:
RESPONSE TO INQUIRY CONCERNING THE SAFETY IMPLICATIONS Or CONTROL SYSTEMS FAILURES
Dear Dr. Hendrie:
t In response to a request from Dr. Ahearne in a letter dated December 12, 1980, the ACRS has reviewed the NRC Staff's evaluation of the safety implications of possible interactions of control systems with safety systems.
Specific attention has been given the NRC Staff's rationale for concluding that the existing approach for dealing with this problem is adequate until a study can be conducted to determine whether a different approach should be adopted.
We recommended, in a letter of August 12, 1980 to Dr. Ahearne, that con-trol system reliability be added to the list of Unresolved Safety Issues being compiled by the NRC Staff.
In that letter we wrote:
"Recent experience has indicated that more attention must be given to reactor control system reliatility. Most safety analyses in the past have given minimum attention to control system reliability based partly on the assumption that failure of the system makes it unavailable. and ignores the fact tha,t this failure may actually produce an unsafe mode of reactor behavior. This problem should receive further study to detemine appropriate reliability stand-ards for control systems.
Appropriate reliability of nonsafety system infomation displayed for use of the reactor operator is a related important issue."
The NRC Staff subsequently added to its list of Unresolved Safety Issues an item designated " Safety Implications of Control Systems."
In the Staff's description of this issue, emphasis was on a study of control i
system failures that might disable safety systems.
In spite of somewhat different descriptions of the problem, we conclude that the NRC Staff and the ACRS agree to a need for further study which may lead to a change in the approach currently used by the NRC Staff in its specifications of the perfomance to be expected of control systems.
In the course of our review of this question, we han held several meetings with the Staff. We conclude that there is a Staff Ormensus, based on en-gineering judgment, that the risk involved in pemitting existing plants to continue to operate while further studies are made is acceptable.
N f
8106 100 i
Honorable Joseph M. Hendrie,May 12,1981 e
It is an accepted precept of control that a single control system cannot be devised with the reliability required to assure protection of a reactor against the spectrum of normal and abnomal events that might be expecte(! to Hence, two systems are provided, one of which, in order to be occur.
made as reliable as possible, is comparatively simple, and is required to operate only in emergency situations.
In order to decrease the probability that f ailures in other systems will disable this reactor protection system, it is designed insofar as is feasible, to be functionally and physically separate from the other systems responsible for nonnal reactor operation.
This separation, reinforced by the assumption that an appropriately designed protection system can protect the reactor against malfunctions of the con-trol system, has led to the current NRC approach that places emphasis on the design and operation of reliable reactor protection systems and much less emphasis on control and other systems.
f The accident at TMI-2, and a number of other systems malfunctions that have i
occurred since', have led to a gradual change in the approach taken by the Staff.
In some cases, for example after a study of the importance of auxil-l iary feedwater systems, this has caused the Staff to reclassify a system from i
"nonsafety" to " safety-grade." This somewhat piecemeal approach can serve a useful purpose and is appropriate for certain cases needing prompt resolution.
In te long run, however, a more systematic approach is needed to detemine the *cpropriate way to deal with the total reactor system.
The NRC Staff reported that-a. Task. Action Plan ( A-47, Safety Implications of Control Systems) is being set up to deal with this issue.
We believe that a study of this kind on a generic basis is appropriate.
We are told, however,
' that becalise"of other~ activities which have 'been~ assigned higher priority,
~
this issue has not yet received very much attention. We believe that this issue is important enough that within two to three months a program for re-solving it should be in place.
The question has been raised as to whether operating plants should be shut-down, should be derated, or should continue to operate at current power level s.
We discussed this question with the Staff and also with one Staff member who has recomended that existing plants be operated at 65% of rated power until further studies of control system characteristics are carried out.
We found no justification for his choice of derating to 65%, other than engineering judgment, nor was it clear what studies or resu'.ts there-from would be required before he would recommend that a resumption of full power operation could be permitted. We do not recommend either shutdown or i
derating of operating plants.
I This most recent examination of the issue of control system reliability and the potential for adverse interactions reinforces the earlier conclusion of the ACRS that a better approach to the specification of control system perfom-ance might reduce risk. We therefore recommend that increased priority be I
l
~ -
o t
.?
Honarable Joseph M. Hendrie
-3.
,May 12,1981
^
s given to the recently designated Unresolved Safety Issue entitled, " Safety Implications of Control Systems" and that the needed resources be allocated for this purpose.
We expect to review and comment on the Task Action Plan as it is developed.
Sincerely, J. Carson Mark Chaiman e
H
&=
em m mmea e-en r 6 m o e
l