ML20040F830

From kanterella
Jump to navigation Jump to search
SEP Topic VII-3,Electrical,Instrumentation & Control Features of Sys Required for Safe Shutdown, Technical Evaluation Rept
ML20040F830
Person / Time
Site: Yankee Rowe
Issue date: 01/31/1982
From: Haroldsen R
EG&G, INC.
To:
NRC
Shared Package
ML20040F828 List:
References
TASK-07-03, TASK-7-3, TASK-RR 0608J, 608J, NUDOCS 8202100352
Download: ML20040F830 (14)
v  d  e


Text

.. _ _

=,----- ;s- ;;-
_-- _-------------- 2;w;x;;= ;---

0608J l

SYSTEMATIC EVALUATION PROGRAM TOPIC VII-3 ELECTRICAL, INSTRUMENTATION AND CONTROL FEATURES OF SYSTEMS REQUIRED FOR SAFE SHUTDOWN YANKEE R0WE NUCLEAR STATION DOCKET NO. 50-29 January 1982 R. O. Haroldsen EG&G Idaho, Inc.

b 1

4 1-5-82 8202100352 820202 PDR ADOCK 05000029 p

PDR

-.n

w. ~ _.. _ _ n._. -

e

.___n CONTENTS

1.0 INTRODUCTION

1 2. 0 R EV I EW CR I TE R I A................,.................................

2 3.0 RELATED SAFETY TOP ICS AND INTERFACES............................

2 4.0 REVIEW GUIDELINES...............................................

3 5.0 DISCUSSION AND EVALUATION........................................

4 5.1 Instrumentation...........................................

4 5.1.1 Evaluation........................................

6 5.2 Safe Shutdown Systems.....................................

6 5.2.1 Onsite Power Unavailable..........................

8 5.2.1.1 Evaluation..............................

6 5.2.2 Offs ite Power Unav ail ab le.........................

9 5.2.2.1 Ev al u ati o n..............................

9 5.3 Shutdown and Cooldown Capability Outside the Control Room..............................................

10 5.3.1 Evaluation........................................

10 5.4 RHR Rel iabil ity and Interlocks............................

10 6.0

SUMMARY

10 7.0 SAFE. SHUTDOWN EI&C FEATURES FOR CONSIDERATION BY SEP TOPIC III-l.................................................

11 8.0 R EF E R EN C E S......................................................

12 i.

ll I

e

a -

au :w m.

SYSTEMATIC EVALUATION PROGRAM TOPIC VII-3 ELECTRICAL, INSTRUMENTATION AND CONTROL FEATURES OF SYSTEMS REQUIRE 0 FOR SAFE SHUTDOWN YA*EE R0WE NUCLEAR. STATION

1.0 INTRODUCTION

This report is part of the Systematic Evaluation Program (SEP) review of Topic VII-3, " Systems Required for Safe Shutdown". The objective of this review is to determine whether the electrical, instrumentation, and control (EI&C) features of the systems required for safe shutdowm, including support systems, meet current licensing criteria.

The systems reaufred for safe shutdown have been identified by the NRC SEP staff. The systems were reviewed to ensure the following safety objectives are net:

1.

Assure the design adequacy of the safe shutdown system to automatically initiate operation of appropriate systems, including reactivity control systens, such that fuel design limits are not exceeded as a result of operational occurrences and postulated accidents, and to automatically initiate systems required to bring the plant to a safe shutdown

~

2.

Assure that required systens, equipment, and controls to maintain the unit in a safe condition during hot i

shutdown are appropriately located outside the control room, and have the capability for subsequent cold shut-down of the reactor using suitable procedures 3.

Assure only safety grade eauipment is required to bring primary coolant systems from a high pressure to low pressure cooling condition.

The scope of this review specifically includes an evaluation of the electrical, instrumentation, and control (EI&C) features necessary for l

l operation of the identified safe shutdown systems.

1 1

The review evaluates the systems for operability with and without off-site power and the ability to operate with any single failure. The EI&C review of safe shutdome systems only includes those features not covered under other SEP Topics. Specific items which will be covered urder other SEP reports are identified in Section 3.0, Related Safety Topics and Inter-faces.

r 2.0 REVIEW CRITERIA

~

Current licensing criteria for safe shutdown are contained in the following:

1 IEEE Standard 279-1971, " Criteria for Protection Systens for Nuclear Power Generating Stations" 2.

GDC-5, " Sharing of Structures, Systems, and Components" 3.

GDC-13, " Instrumentation and Control" 4

GDC-17, " Electric Pcwer Systems" 5.

GDC-19, " Control Room" 6.

GDC-26, " Reactivity Control System Redundancy and Capab ility" 7.

GDC-34, " Residual Heat Removal" 8.

GDC-35, " Emergency Core Cooling" 9.

GDC-44, " Cooling Water."

3. 0 RELATED SAFETY-TOPICS-AND INTERFACES The following SEP topics are related to the safe shutdown topic with respect to EI&C features, but are not being specifically reviewed under this topic:

1.

SEP III-10.A, " Thermal Overload Protection for Motors of Motor-0perated Valves" 2.

SEP VI-7.A.3, "ECCS Actuation System" 3.

SEP VI-7.C.1, " Independence of Onsite Power" 2

4.

SEP VI-10. A, "Tes ting of RTS and ESF Including Response Time Testing" 5.

SEP VII-1, " Reactor Trip System" 6.

SEP VII-2, "ESF Control Logic and Design" 7.

, $EP VIII-2, "Onsite Emergency Power Systems--Diesel Generators" 8.

SEP VIII-3, " Emergency DC Power Systems" 9.

SEP IX-3, " Station Service and Cooling Water Systems" 10.

SEP IX-6, " Fire Protection."

Where safe shutdown system EI&C response is affected by the above-mentioned topics, that particular SEP review has been consulted for deter-mination of overall safe snutdown system performance. Where the SEP topic review is not available, the effect on safe shutdown system performance has been identified as being based on an assumed operating condition of the affecting system. The safe shutdown review will be considered preliminary until resolution of the affecting topic is completed and found to be in accordance with assumptions made in this review.

The canpletion of this review impacts the following SEP topics, since capabilities relating to safe shutdown are required in the topic:

1.

SEP VIII-1. A, " Potential Eculpment Failures Associated with a Degraded Grid Voltage" 2.

SEP VIII-2, "Onsite Emergency Pcwer Systems--Diesel Generators. "

4. 0 REVIEW GUIDELINES The capability to attain a safe shutdown has been reviewed by evaluat-ing the systems used for normal shutdown (onsite power not available) and emergency shutdown (offsite power not available).

SRP 7.4 was applied to each system to ensure the following guidelines were met:

3

~. -

.. ~.

-w

+

1.

They have the required redundancy (SRP 7) 2.

They meet the single failure criterion (RG 1.53, ICSB

[

BTP 18) 3.

They have the required capacity and reliability to per-form intended safety functions on demand (SRP' 7).

Additionally, SRP 5.4 requirements contained in BTP RSB 5-1 were reviewed to determine if the systems required for residual heat removal meet the following criteria:

1.

The systems are capable of being operated from the control room with only offsite or only onsite power available 2.

The systens are capable of bringing the reactor to cold shutdown with only offsite or only onsite power available within a reasonable period, assuming the most limiting single failure The electrical equipment environmental qualification and physical separation are being reviewed under other topics, as is the seismic equipment Qualifi-cation, and are not reviewed in this report.

Section 7.0 consists of a list of safety related EI&C equipment necessary for safe shutdown to be used in resolving SEP Topic III-1, " Classification of Structures, Components, and Sys tems. "

5.0 DISCUSSION AND EVALUATION 5.1 Instrumentation. The NRC SEP Staff Review of Safe Shutdown Systems identified the instrumentation available in the control room neces-sary to bring the reactor from the hot shutdown to cold shutdown condition.

Various system parameters, such as pump runnino or valve position indica-tions, are not included in the list of safe shutdcwn instruments of the SEP Review of Safe Shutdown Systems because indication is provided by the control / operate circuitry.

Sone additional backup instrumentation has been installed since com-pletion of the NRC SEP Staff Review of the Safe Shutdown Systems. There are 4

-__.a

__m....___-

..._2

..____.___x 2 _ _. -

r a__ c _ _._ _.n.a _.

backup instruments for most but not all parameters monitored for safe shut-down. There are two wide-range pressurizer level indicating instruments.

One is powered from the vital bus. The other is powered from the "Trans-former B" bus. The pressurizer pressure and loop pressure indicating instruments are all powered from the vital bus. There is a backup non-electrical pressure gage with its sensor located on the high leg of the pressurizer level gage. The pressure gage has local indication and a pneumatically operated repeater located in the Control Room.

The loop pressure gages have sensors that are located on the loop side of the isolation valves. There is one exception on loop 1 where there is a pressure gage which senses pressure on the reactor side of the isolation valves. This particular gage is powered from the Transformer A Bus.

Inlet and outlet temperatures for all loops are powered from the vital bus.

Nuclear power monitors and control rod position indicators are all powered from the vital Bus. The area radiation monitors are all powered from the Transformer B Bus.

The vital bus is normally powered from a motor generator. An alternate emergency supply connection is available from MCCl Bus 2.

The Transformer A and B buses.are not class lE. The power for these buses normally comes from the Emergency Bus 1.

An alternate connection is available from the Emergency Bus 3.

Instruments providing indication of parameters in other systems (the Chemical and Volume Centrol System (CVCS), the Shutdown Cooling System (SCS), the Component Cooling Water System (CCWS), the Service Water System (SWS) and the High Pressure Safety Injection System (HPSIS) are generally non-redundant and powered through common group connections to power. There are, therefore, single failures within these systems that could result in the loss of indication of essential parameters. Pump running and valve monitor indicators, however, would not be affected by failure of any single set of system parameters and could be used to infer flow for these systems.

Several instruments, controllers and valves necessary for safe shutdown are air operated and therefore are dependent on the Control Air Supply 5

.__..m._

m..-

systems. The' NRC SEP Safety Review of Safe Shutdown Systems has adequately evaluated the C' ntrol Air Supply System and for this reason it is not o

repeated here.

The indications for power to the various AC.and DC buses are supplied by lights, meters, or alarms powered from the bus being monitored. Loss of power to the bus would be indicated in the control room, and no single failure of indications would affect the ability to monitor any other bus.

The description presented here. relating to instrumentation and power

. sources includes information obtained by a direct visit to the Yankee Rowe plant, December 17 and 18,1981. This newer description is substantially 1

different from that presented in the FSAR and the NRC SEP Safety Review of Safe Shutdown Systems.5 5.1.1 Evaluation. The instrumentation necessary for reaching and maintaining cold shutdom at Yankee Rowe does not meet current licensing criteria since there are potential single EI&C failures that could result in loss of vital indications necessary for maintaining plant control.

5.2 Safe Shutdown Systems. The SEP staff review of Safe Shutdpwn Sys tras identified the systems required for short-term cooling (immediately after reactor shutdown) and long-term cooling (when the reactor is cooled to the Reactor Heat Removal (RHR) design pressure limit) with only offsite or only onsite power available.

Normal short-term cooling is provided by dumping steam from the steam generator to the main condenser via the turbine bypass valves. The circu-lating water pumps provide cooling to remove heat by condensing the steam.

The feedwater system then returns the water to the steam generator. This cooling method is only available when offsite power is available. Failure of the feedwater control system, turbine bypass valves, cr loss of circulat-ing water flow to the condenser can render this method of cooling inopera-tive. The systems in this method are not class lE but are being considered as an available means to remove decay heat.

6

^

- _ ;.- w

.=

wa

--.a. - -

x The emergency or alternate short-term cooling requires operation of the Auxiliary Feed System (AFS) and the Main Steam Safety Valves (MSSV).

The safety valves have no electrical controls and operate automatically to relieve pressure from the Steam Generators (S/Gs), thereby cooling the rea ctor. A means of makcup to the S/Gs is necessary to continue this method of cooling. The AFS is capable not only of providing this water-inventcry, but can also relieve S/G pressure through the steam driven emergency boiler-feed pump (EBFP).

The AFS is not automatically ini tiated. However, it is not immediately reautred after a scram.

Two new elec rically driven emergency boiler feed pumps (P-79-1 and P-79-2) have been recently added to the system which provide backup for the steam driven EBFF. Makeup water can also be supplied from the Safety Injection System or from the charging pumps.

It is necessary to manually reposition several valves to place the AFS in operation. Once in operation the feed rate may be controlled from the control room if control power is available or locally if control power or air is lost.

Makeup water to maintain primary water inventory and necessary bora-tion levels is provided by the CVCS systems.

If the reactor pressure is sufficiently reduced, the Safety Injection System (SIS) may be used. The SIS is not included in the list of systems required for safe shutdown identified by the NRC SEP staff because the shutoff head of the SIS is less than operating pressure and may, therefore, be unavailable for providing primary make-up wa ter. The CVCS system will automatically provide water when pressurizer level is low.

The CVCS may take water from the Low Pres-sure Surge Tank (LPST), the Beric Acid Mix Tank, the Safety Injection tank or the Demineralized Water tank. The water is supplied to the reactor via the loop four hot leg or to any of the loops via the SIS. The CV'CS may also provide water to the reactor through the Pressurizer Auxiliary Spray System via a manually operated normally closed valve located inside the containment. Boron is added to the suction of the charging pumps from the Boric Acid Mix tank or the Safety Injection Tank.

Long-term cooling is provided by the SCS which takes suction on the loop four hot 1.eg and discharges back to the loop four cold leg. A single 7

. _ _. _ -. - - - - ~. -

- -- w -

=.w - - -- =:..=-

pump and heat exchanger provide the cooling. The CCWS provides cooling to the SCS heat exchanger which in turn is cooled by the SWS. The SCS pump and heat exchanger are backed up by the LPST cooling system heat exchanger and pump.

5.2.1.Onsite Power Unavailable (Offsite Power Only).

Yankee Rowe normally operates with the station turbine ge.nerator providing one of three 2400V buses. Two independent offsite power sources supply the other two buses. Loss of the main generator during power operation will result in a reactor scram and turbine trip. The two offsite power transformers are capable of supplying the lost 2400V bus.

Single failures of EI&C features, such as a loss of the feedwater con-trol system, could render the normal short-term cooling method inoperable.

l However, no EI&C single failure disabling the normal cooldown method would also render the AFS and MSSVs inoperable.

Long term cooling is provided by the SCS system which consists of a I

single cooler and coolant pump. The LPST pump and cooler provide backup for the SCS pump and cooler. Any combination of pump and cooler can be used to renove decay heat but all combinations are dependent on the same set of suction and discharge MOVs (SC-MOV 551 through SC-MOV-554). All four valves are located inside the containment building and are powered from MCCl Bus 1.

Single EI&C failures such as failure of motive or control power to any of the valves may render the systems inoperable. The valves may be manut.lly operated but require entry into the containment building.

An emergency procedure exists for entry into the containment building following power failure by jumping power to the personnel hatch control mech an ism.

5. 2.1.1 Evaluation. The systems recuired for short-term cooling at Yankee Rowe are capable of providing the required cooling assum-ing no onsite power is available and a single EI&C failure. The long-term cooling system (the SCS with the LPST cooling system as backup) is suscep-tible to single failures of EI&C features and does not meet the criteria of BTP RSB-5-1. However, the short-tem cooling system can be operated for an 8

I

.-- - --- _ - _ _. -_ _ _, = - =

indefinite period which would provide tine for manually correcting any mal-functions of the long-term cooling systems.

5. 2. 2 bffsite Power Unavailable. During normal operation, a loss of offsite power will result in a reactor scram, turbine trip, and temporary loss of power to the AC distribution system.. Subsequently, the diesel gen-erators wdl be automatically started to supply power to the three 480V emergency buses.. Other buses may be manually connected to diesel generators within the load limits of the generators.

The normal short-term cooling method (use of the main condenser) is _not available due to the loss of power to the circulating water pumps providing cooling to the main condenser. The AFS and MSSVs,are available to cool the reactor to the point of Reactor Heat Removal (RHR) initiation. There are no EI&C single failures which would prevent the AFS from operating to supply water to the S/Gs using the steam driven pump.

The long-term cooling capatiilities of the RH1 system are subject to the limitations previously discussed in Section 5.2.1.

The pumps and valves serving the RHR systems are powered from non-safety 480V AC buses. These buses are capable of being fed by the emergency diesel generators by remote manual operation of circuit breakers.

The CVCS utilizes three redundant charging pumps powered from independ-ent non-safety 480V buses. These buses are capable of being fed by the emergency diesel generators by remote manual operation of circuit breakers.

The three charging pumps are connected to a common header which connects to the loop 4 hot leg through two MOVs in series (CH-MOV-523 & 524). These valves are normally open and powered from the Emergency MCC Bus No.1.

5. 2. 2.1 Evaluation. The short-term cooling methods at Yankee Rowe are capable of providing the required cooling. assuming no off-site power is available and a single EI&C failure. The long-term cooling systr.:m is susceptible to single EI&C, failures and does not meet the criteria of BTP RSB-5-1.

9 l

. ~.

,. a

~'

5.3 Shutdown and Cooldown Capability Outside the Control Room. The capability to maintain the plant in hot shutdown from outside the control room exists at Yankee Rowe. Parameters such as pressurizer level, reactor pressure, and reactor coolant temperature can be monitored at local stations outside the control room. Procedures for taking the plant from hot to cold shutdown from outside the control room exist and the EI&C features of the ~

safe shutdown systems are capable of supporting this procedure.

5.3.1 Evaluation. Adequate capability ex'ists to maintain the reactor at hot shutdown from outsich the control room and to take the reactor from hot to cold shutdown from outside the control room.

5.4 RHR System-Reliability and Interlocks. The RHR system was eval-uated with respect to BTP RS8 5-1 (SEP topic V-II.8) and reported as a part of topic V-11. A.

6.0

SUMMARY

The systens required to take the reactor from hot shutdown to cold shutdown, assuming only offsite power is available or only onsite power is available and a single failure, are capable of initiation to bring the plant to a safe shutdown and are in compliance with current licensing criteria and the safety objectives of SEP Topic VII-3, except that long-term cooling

~(RHR) is susceptible to single EI&C f ailures which render long-term cooling inoperable.

The instrumentation available to control room operators to place and maintain the reactor in cold shutdown conditions does not meet current licensing criteria since single EI&C failures may render vital parameter indication inoperable.

The capability to maintain the reactor in hot shutdown from outside the control room exists and is in compliance with the safety objectives of SEP Topic VII-3. Procedures to take the plant from hot to cold shutdown from outside the control room satisfy the safety objectives of SEP Topic VII-3.

10 l

~

u..-_-.

.w _,

7.0 EI&C FEATURES FOR CONSIDERATION BY SEP TOPIC III-1 ELECTRICAL DISTRIBUTION (including support structure, but not individual loads) 1.

AC BUSES 1, 2, 3, 4-1, 5-2, 6-3, Emergency buses 1, 2, 3, and the MCC's powered from these buses--including incoming and outgoing feeders, control circuits, indi-cating circuits, bus work and support structures 2.

ALL DC BUSES--including batteries, chargers, breakers, bus work, and support structures 3.

DIESEL GENERATOR 1, 2, and 3--including control and indicating circuitry, and control and indication of vital DG auxiliaries such as lube oil, fuel, and cooling INSTRUMENTATION (including support structures) 1.

PRESSURIZER LEVEL 2.

REACTOR PRESSURE 3.

REACTOR TEMPERATURE 4.

REACTOR PROTECTION SYSTEM 5.

NEUTRON MONITORING 6.

AREA AND SYSTEM RADIATION MONITORING SYSTEMS (includes pumps, valves,' control, indication, and support structures) 1.

RESIDUAL HEAT REMOVAL SYSTEM 2.

COMPONENT COOLING WATER SYSTEM 3.

SERVICE WATER SYSTEM 4.

AUXILIARY FEED WATER SYSTEM 5.

PRESSURE CONTROL AND RELIEF SYSTEM 6.

MAIN STEAM SAFETY VALVES 7.

HPSI 11

+

a :. :.u

- u

u......

8.

CHEMICAL AND VOLtlME CONTROL 9.

MAIN CONDENSER AND FEE 0 WATER

10. CONTROL AIR SYSTEM

8.0 REFERENCES

1.

Final Safety Analysis Report, Yankee Nuclear Power Station, Docket 50-29, January 3,1974.

2.

Code of. Federal Regulations,10 CFR 50, Appendix A, " General Design Criteria for Nuclear Power Plants."

3.

IEEE Standard 279-1971, " Criteria for Protection Systems for Nuclear Power Generating Stations."

4.

MJREG 0800, Nuclear Regulatory Comission Standard Review Plan 7.4,

" Systems Required for Safe Shutdown" and 5.4.7, " Residual Heat Remov al. "

5.

Technical Evaluation Report- " Systems Needed for Safe' Shutdown--Yankee Nuclear-Power Plant," Franklin Research Center, August 14, 1981.

f 12

_.,_ _

Retrieved from "https://kanterella.com/w/index.php?title=ML20040F830&oldid=4552991"