ML20041C228
| ML20041C228 | |
| Person / Time | |
|---|---|
| Site: | Seabrook  |
| Issue date: | 02/16/1982 |
| From: | Miraglia F Office of Nuclear Reactor Regulation |
| To: | Tallman W PUBLIC SERVICE CO. OF COLORADO |
| Shared Package | |
| ML20041C229 | List: |
| References | |
| NUDOCS 8202260381 | |
| Download: ML20041C228 (30) | |
Text
>
DISTRIBUTION:
_D_o_cument Control:
Docket File NRC PDR FEB 161982 LB#3 File Local PDR DEisenhut NSIC Docket Hos:'50;443-RTedesco TERA and 50-444 FMiraglia TIC LWheeler ACRS JLee g
hr. William C. Tallman IE q,
'/
Chairman and Chief Executive Office IE Region I g
4 Public Service Company of hew ilampshire
^d g v3D h'/ W -
Post Office Box 330 96 T
11anchester, hcw Haapshire 03106 Z
z, v.,
6 s
Dear Hr. Tallnan:
s 8
j'
Subject:
Request for Additional Inforcation N
~
a)
Enclosed are requests for additional information f rom the Instruaentation dnd Control Systems Urdnch (IC$b). Your responses should be provided to the hRC staff at one or raore nectings to be held between now and publication of tne Satery Evaluation neport. The first meeting is scheduled for Harch 23-25. 1962 at the United Eng1ncers and Constructors.
Incorporated ottices in Philauciphia, Pennsylvania.
The questions are grouped roughly according to Standard Review Plan t
structure, but there is no requireuent to review the questions in this sequence.
If another system of grouping these questions would facilitate the review of your responses, you are encouraged to adjust the sequencing accordingly. At each session of the three-day raceting, you should have all persons present who are required to fully discuss the specific questions being covered.
It is noted that several questions are related to areas where instrunentation and control systems interf ace with a fluid system or an item of racchanical equipment. Your participants at each session should be prepared to discuss these fluid systems and ucnanical equipment.
At least two weeks prior to the meeting you should provide the kkC staff with a list of drawing numbers (and the drawings, if not already subuitted) of drawings to be used for the discussion of each iten.
A meeting notice is enclosed.
Sincerely.
Original signed by Trank J. Miraglia Frank J. Hira911a. Chief 8202260381 820216 Licensing Branch ho. 3 DR ADOCK 05000 Division of Licensing 2
Enclosures:
l.
1Chu Questions 2.
Neeting Hotice
.g.L.g:' Bh3.g.g.....
cc: Set next
..........pa ge D
..D..L. g..j.g.g..
orncEt su o
2/
...../.r.. /..82r........
. 2./..../ 3. 2........
DATE)
OFFICIAL. RECORD COPY vsomm mae nac ronu m ooencu auo
SEABROOK William C. Tallman Chairman and Chief Executive Officer Public Service Company of New Hampshire P. O. Box 330 Manchester, New Hampshire 03105 John A. Ritscher, Esq.
E. Tupper Kinder Esq.
Ropes and Gray Assistant Attorney General 225 Franklin Street Office of Attorney General Boston, Massachusetts 02110 208 State House Annex Concord, New Hampshire 03301 Mr. Bruce B. Beckley, Project Manager Public Service Company of New Hampshire The Honorable Arnold Wight P. O. Box 330 New Hampshire House of Representatives Manchester, New Hampshire 03105 Science, Technology and Energy Committee State House G. Sanborn Concord, New Hampshire 03301 U. S. NRC - Region 1 631 Park Avenue Resident inspector King of Prussia, Pennsylvania 19406 Seabrook Nuclear Power Station c/o V. S. Nuclear Regulatory Commission Ms. Elizabeth H. Weinhold' P. O. Box 700 3 Godfrey Avenue Seabrook, New Hampshire 03874 Hampton, New Hampshire 03842 Mr. John DeVincentis, Project Manager Robert A. Backus, Esq.
Yankee Atomic Electric Company O'Neill, Backus and Spielman 1671 Worcester Road 116 Lowell Street Farmingham, Massachusetts 01701 Manchester, New Hampshire 03105 Mr. A. M. Ebner, Project Manager Norman Ross, Esq.
linited Engineers and Constructors 30 Francis Street 30 South 1.7th Street Brookline, Massachusetts 02146 Fost Office Box 8223 Philadelphia, Pennsylvania 19101 Karin P. Sheldon, Esq.
Sheldon, Harmon & Weiss Mr. W. Wright, Project Manager 1725 I Street, N. W.
Westinghouse Electric Corporation Washington, D. C.
20006 Post Office Box 355 Pittsburg, Pennsylvania 15230 Laurie Burt, Esq.
Office of the Assistant Attorney General Thomas Dignan, Esq.
Environmental Protection Division Ropes and Gray One Ashburton Place 225 Franklin Street Boston, Massachusetts 02108 Boston, Massachusetts 02110 D. Pierre G. Cameron, Jr., Esq.
General Counsel Public Service Company of New Hampshire P. O. Box 330 Manchester,- New Hampshire 03105
~
9 ENCLOSURE 1 4
420.5 (7.1 ) As called for in Sectica 7.1 of the Standard Review Plan, provide information as to how your desiga conforms with the following TMI Action Plan Itens as described in NUREG-0737:
(a).II.D.3 - Relief and safety valve position indicatio, (b)
II.E.1.2 - Auxiliary feedwater system automatic initiation and flow indication-(c)
II.E.4.2 - Containment isolation dependability (positions 4, 5 and 7)
(d)
II.F.1 - Accident monitoring instrumentation (positions' 4, 5,.and 6)
(e)
II.F.3 - Instrumentation for monitoring accident' conditions (RG 1.97, Rev. 2)
(f)
II.K.3 - Final recommendations
.9 - PID controller
.12 - Anticipatory reactor trip.
a20.6 (7.1 ) Provide an overview of the plant electrical distribution system, with emphasis on vital buses and separation divisions, as background for addressing various Chapter 7 concerns.
y
n 420.7 (1.1 )
Describe features of the Seabrook environmental control system which insure that instrumentation sensing and sampling lines for systems important to safety are protected from freezing during extremely cold weather.
Discuss the use of environmental monitoring and alarm systems to prevent loss of, or damage to systems important. to safety upon failure of the environmental control system.
Discuss electrical independence of the. environmental control s.ystem circuits.
?
420.8 (7.1 )
Provide and describe the following information for NSSS and BOP safety related' setpoints: (a) Provide a reference for the methodology used. Dis-cuss any differences between the referenced methodology and the methodology used for Seabrook. (b) Verify that environmental error allowances are based on the highest.value determined in qualification testing. (c) Document the environmental error allowance that is used for each reactor trip and engineered safeguards setpoint. (d) Identify any time limits on environ-mental qualification of instruments used for trip, post-accident mon-itoringorengineeredshetyfeaturesactuation.'Whereinstrumentsare qualified for only a limited time, specify the time and basis for the limited time.
e e
e 4
420. 9 There is an inconsistency between the discussions in FSAR Section 1.8 (7.1.2.5) and FSAR Section 7.1.2.5 pertaining to the-compliance with Regulatory FSAR Section 1.8 states that the main reactor coolant pump Guide 1.22.
FSAR Section 7.1.2.5 does not breakers' are not tested at full power.
include these breakers in the list of equipment which cannot be tested Please provide a discussion as to whether the operation at full power.
If of the reactor coolant pump br,eakers is required for plant safety.
Also, please correct the inconsistency described not then please justify.
ab.ove and, as a minimum, provide a discussion per the recommendat of regulatory position D.4 of R. G.1.22.
420, 10 Using detailed plant design drawings (schematics), discuss the
'(1. 8)
Seabrook design pertaining to bypassed and inoperable status indication.
(7.1. 2. 6.)
As a minimum, provide info.wition to describe:
(7.5)
Compliance with the recommendations of R. G.1.47, 1.
The design philosophy used in the selectio6 of equipment / systems 2.
to be monitored, How the design of the bypass and inoperable status indication systems 3.
comply with positions B1 through B6 of ICSB Branch Technical Positi No. 21, and The list of system automatic and manual bypasses within the BOP and 4.
NSSS scope of supply as it pertains to the recomendations of R.G.1 The design philosophy should describe as a minimum the criteria to be employed in the F., play of inter-relationships and dependencies o ment / systems and shculd insure that bypassing or deliberately indu inoperability of any auxiliary or, support system will automatically in dicate all safety systems affected.
uS I
420. 11'
( 7.~1 )
Summarize the status of those instrumentation and control items
~
discussed in the Safety Evaluation Report (and supplements) issued for the construction permit which required resolution.during the
~
operating license review.
420. 12 (7.1.2.2)
Various instrumentation and control system circuits in the plant (including the reactor protection system, engineered safety features actuation system, instrument power supply distribution system) rely on certain devices to.
provide electrical isolation capability in order to maintain the independence w
between redundant safaty cjrcuits and between safety circuits and non-safety circuits.
1)
Identify the type of isolation devices which are used as boundaries to isolate non-safety-grade circuits from the safety-grade circuits or to isolate redundant safety-grade circuits.
Describe the acceptance criteria and tests performed for each isolation 2)
- device which is identified in response to Part 1 above. This informa-tion should address results of analyses or tests perforred to demon-strate proper isolation and should assure that the design does not compromise the required protective system function.
O 1
420,13 (7.1.2.2)
The discussion in Section 7.1.2.2 states that Westinghouse tests on (7.5.3.3) the Series 7300 PCS system covered in WCAP-8892 are considered applicable (7.7.2.1) to Seabrook. As a result of these tests, Westinghouse has stated that the isolator output cables will be allowed to be routed with cables carrying voltages not exceeding 580 volts a.c. or 250 vo. ts d.c.
The discussion l
of isolation devices in Section 7.5.3.3 of the FSAR, however, considered the maximum credible fault accidents of 118 volts a.c. or 140 volts d.c.
only. Also, the' statement in Section 7.7.2.1 implies that the isolation devices were tested with 118 volts a.c. and 140 volts d.c. only..In order to clarify the apparent inconsistency, pro, vide the following:
a) Specify the type' of isolation devices use,d for Seabrook Process Instrumentation System.
If they are not the same as the Series 7300 PCS tested by Westinghouse, specify 'the fault voltages for which they are rated and provide the supporting test results, b) Provide information requested in (a) above for the isolation devices of the Nuclear Instrumentation System. As implied in WCAP-8892, the tests on Series 7300 PCS did not include the Nuclear Instrumentation System.
f e
4 e
.?
m
e c) Describe what steps are taken to insure that the maximum credible fault voltages which could be postulated in Seabrook, as a result of B0P cable routing design, will not exceed those for which the isolation devices are qualified.
420.14 (7.1.2.2)
The FSAR information provided describing the separation criteria for Please instrument cabinets and the main control boar'd is insufficient.
discuss the separation criteria as it pertains to the design criteria of IEEE Std. 384-1977, Sections 5.6 and 5.7.
Detailed drawings should be used to aid in verifying compliance with the separation criteria.
420 15 p
~
(7.1)
Identify all plant safety-related systems, or portions thereof, for which the design is incomplete at this time.
420.16 (7.1)
Identify where microprocessors, multiplexers, or computer systems are used in or interface with safety-related systems.
420.17 The FSAR information which discusses conformance to Regulatory Guide 1.118 (7.1)
(7.2) and IEEE 338 is insufficient.
Further discussion is required. As a
.(7.3) minimum, provide the following information:
Confirm that the technical specifications will provide detailed requiiem (1.8) 1)
for the operator which insure that blocking of a selected protection function actuator' circuit is returned to normal operation after testing.
- 2) ' Discuss response time testing of BOP and MSSS protection' systems using p
the design criteria described in position C.12 of R.G.1.118 and Section Confim that the response time testing will be provided 6.3.4~of IEEE 338.
in the technical soecifications.
c
r.
- 3) The FSAR states that, " Temporary jumper wires, temporary test instrumentation. the removal of fuses and other equipment not hard-wired into the protection system will be used where applicable."
Identify where procedures require such operation.
Provide further discussion to describe how the Seabrook test.
procedures for the protection systems conform to Regulatory Guide 1.118 (Rev.1) position C.14 guideline's.- Identify and justify any exceptions.
Confirm that the technical specifications will' include the RPS and 4)
ESFAS response times for reactor trip functions.
Confirm that the technical specifications will include response time 5) testing of all protection system components, from the sensor to operation of the final actuation device.
Provide an example and description of a typical response time test.
6) a20.18 It is stated in FSAR Section 7.1.2.11 that, "A periodic verification (7.1.2.11) test program for sensors within the Westinghouse scope for determining any deterioration of ' installed sensor's response time, is being sought."
NUREG-0809," Review of Resistance Temperature Detector Time Response Cha'racteristics", and draft standard ISA-dS67.'06, " Response Time Testing of Nuclear-Safety-Related Instrument Channels in Nuclear Power Plants", are, documents which propose acceptable methods for response time testing nuclear safety-related instrument channels.
Please pro-vide further discussion on this matter to unequivocally indicate the test methods to be used for Seabrook.
e.
E
m 420.19 (7. [.l.1 )
FSAR Section 7.1.1, does not provide sufficient information to distinguish between those systens designed and built by the nuclear steam system supplier and those designed or built by others.
Please ' provide more detailed infornation.
420 20 (7.1.2.7)
Section 7.1.2.7 of the FSAR discusses conformance to Regulatory Guide 1.53 and IEEE Standard 379-1972. The information provided addresses only Westinghouse provided equipment and associated topical reports.
Provide a conformance discussion that addresses the BOP portions of the plant safety systems and auxiliary systems required for support
?
of safety systems.
420. 21
~
( 7. 2.1.1 )
The information in'Secti.on 7.2.1.1.b.6, " Reactor Trip on turbine
, trip", is insufficient.
Please provide further design bases discussion on this subject per BTP ICSB 26 requirements.
As a minimum you should:
- 1) Using detailed drawings, describe the routing and separation for this trio circuitry from the sensor in the turbine building to the final actuation in the. reactor trip system (RTS).
- 2) Discuss how the routing within the non-seismic. Category I turb.ine building is such that the effects of credible faults or failures in this area on these circuits will not challenge the reactor trip system and thus degrade the RTS performance.
This should include a discussion of isolation devices.
e D
- 3) Describe the power supply arrangement for the reactor' trip o.n turbine trip circuitry.
Provide discussion on your proposal to use permissive P-9 (50% power).
4)
Discuss the tes' ting planned for the reactor trip on turbine trip 5) circuitry.
Identify any other sensors or circuits used to provide input signals to the-protection system or perform a function require.d for safety which are This located or routed through non-seismically qualified structures.
should include sensors or circuits providing input for reactor trip, emer-gency safeguards equipment such as auxiliary feedwater system and safe
~
Verification should be provided to show that such sensors grade interlocks.
and ci,rcuits meet IEEE-279 and are seismically and environmenta 2,
Identify the testing or analyses performed which insures that failures of non-seismic structures, mountings, etc. Will not cause failures which could interfere with' the operation of any other portion of the protection system.
420. 22 FSAR Section 7.2.1.1.b.8 states that, "The manual trip consists of (7. 2.1.1 )
two switches with two outputs on each switch. One output is used to actuate the train A reactor' trip breaker, the other output actuates the train.B i fies the
. reactor' trip breaker."
Please describe how this design sat s single failure criterion and separation requirements for redundant trains.
420.23 Describe how the effects of high temperatures in reference legs of steam (7.2) generator and pressurizer water level ceasuring instruments' subsequ high energy breaks are evaluated and ccmaensated for in determ Identify and describe any modificatiens planned or taken in respon Also, describe the level measurement errors due to environmental 79-21.-
t m
^
temperature effects on other level instruments using reference legs, 420. 24 (7.2)
State whether all of the systems discussed in Sections 7.2, 7.3, 7.4 (7.3) and 7.6 of the FSAR conform to the recommendations of Regulatory (7.4)
Guide 1.62 concerning manual initiation.
Identify any exceptions and (7.6) discuss how they do not conform to the recommendations.
Provide justification for non-conformance areas.
420. 25
( 7. 2.'2. 2 )
The information provided in Section 7.2.2.2.c.10.(b) on testing of the power range channels of the Nuclear Instrumentation System, covers only P
the testing of the high neutron flux ' rips. Testing of the high neutron t
flux rate trips is not included. ' Provide a_ description of how the flux rate circuitry is tested periodically to verify its performance capability.
420.26 (7.2)
Identify where instrument sensors or transmitters supplying inf.ormation (7.3) to more than one protection channel are located in a common instrument line or connected to a common instrument tap.
The intent of this item is to ver'ify that a singl'e failure in a common instrument line or tap (such as break or block' age) cannot defeat required protection system redundancy.
g a
4
420.27 (7.3)
If safety equipment does not remain in its emergency mode upon reset of an engineered safeguards actuation signal, system modification, de-sign change or other corrective action should be planned to assure
~
that protective action of the affected equipment is not ' compromised once the associated actuation signal is reset. This issue is addressed by I&E Bulletin 80-06.
Please provide a discussion addressing the concerns of the above bulletin.
This discussion should assure that you have re-viewed the Seabrook design per each of the I&E Bulletin 80-06 concerns, Re-sults of your review should be given.
420.28 (7. 3.1.1 )
The description of the emergency safety feature systems which is pro-vided in th'e FSAR Section 7.3.1.1 is incomplete in that it does not provide all of the information which is requested in Section 7.3.1 of the standard format for those safety related systems, interfaces and T
components which are supplied by the applicant and mate with the systems whi'ch are within the Westinghouse scope of supply. Provide all of the descriptive and design basis information which is requested in the standard format for these systems.
In addition, provide the results of an analysis, as is requested in Section 7.3.2 of the standard fonnat, which demor-trates how the requirements of the general design criteria
'and IEEE Std. 279-1971 are satisfied and the ex' tent to which the recomenda-tions of the apolicable regulatory guides are satisfied'.
Identify -
and justify any exceptions.
.120.29
- (7. 3. 2.1 )
Confirm that the FMEA referenced in FSAR Section 7.3.2.1: (1) is appli-cable to all engineered safety features e.quipment within the BOP and NSSS scope of supply, and (2) is applicable to design changes subsequent to the 2
a
design analyzed in the referenced WCAP.
420 J0' (7.3)
Section 7.3.2.2 of the FSAR indicates that conformance to RG 1.22 is discussed in Section 7.1.2.8.
However, Section 7.1.2.8 addresses RG 1.63.
Correct this discrepancy.
42031 (7.3.2.2)
Using detailed drawings, discuss the automatic and manual operation of the containment spray system including control of the chemical additive system.
Discuss how testing of the containment spray system conforms to the re-commendations of Regulatory Guide 1.22 and the requirements of BT9 ICSB 22.
p Include in your discussion the tests to be performed for the final actuation devices.
420. 32 (7.3)
Please provide a table (s) listing the components a'ctuated by the' er.gineered safety features actuation system.
As a minimum, the table should include:
1.
Action required, 2. Component description, 3. Idantification number, 4
A'ctuation signal and channel.
420.33' (7.3.2.2)
Section 7.3.2.2.e.12 discusses Testing During Shutdown.' Describe provisions for fnsuring that the " isolation valves" discussed here.
are returned to their normal operating positions after test.
r
t#
420. 34
'(7. 3)
Portions' of paragraph 7.3.1.2.f appear not to apply to ESFAS response In particular, the discussion on reactor trip breakers, latching times.
mechanisms, etc. sho'uld be replaced by a discussion of,ESF equipment Th'e applicant should provide a revised discussion time responses.
for ESFAS (a) defining specific beginning and end points for which the quoted times apply and (b) relating these times to the total delay for all equipment and to the accident analysis requirements.
420.35 Using detailed drawings, describe the ventilation systems used to (7.2) engingpred safety features areas including areas containing s (7.4)
D'iscuss the design bases for these systems ' including for safe shutdown.
redundancy, testability, etc.
420.36 Using detailed system schematics, describe how the Seabrook auxi (7.3.2.3) feedwater system meets the requirements of NUREG-0737, TMI Acti Item II.E.1.2 (See question 420.01). Be sure to include the following information in the d'iscussion:
'a) the effects of all switch positions on syst6m operation.
~
b) the effects of single power supply failures including the effect of a power supply failure on auxiliary feedwater con-trol after automatic initiation circuits have been reset in a post accident sequence.
c) any bypasses within the' system including the means by which it is insured that the bypas.ses are removed.
O e.
2
~
- e
6 i
d) initiation and annunciation of any interlocks or automatic i
isolations that could degrade system capability.
~
e) the safety classification and design criteria for any air systems required b'y the auxiliary feedwater system. This should include
~
the design bases for the capacity of air reservoirs required for system operation.
f) design features provided to teminate auxiliary feedwater flow to a steam generator affected by either a steam line or feed line break.
g), system features associated with ' hutdown from outside the control s
room.
a20.37 (7.3)' Using detailed system schematics, describe.the sequence for periodic testing of the:
a.) main steam line isolation valves b.) main fee'dwater control valves c.) main feedwater isolation valves d.)
auxiliary feedwater system e.) steam generator relief valves
')
pressurizer PORV The discussion should include features used to insure the availability of the safety function during test and measures taken to insure that equipment cannot be left in a bypassed condition after test completion.
~
420.38 a
(7'.4.1 ) The information supplied in FSAR Section 7.4.1' does not adequately describe the systems r.equired for safe shutdown as required by Section 7.4.1 of the
~
standard fomat. Therefore, provide all the descriptive and design basis
information which is requested by Section 7,4.1 of the standard format.
Also, provide the results of an analysis, as requested by Section 7.4.2 of the standard format, which demonstrates how the requirements of-the general design criteria and IEEE Std. 279-1971 are satisfied and the extent to which th'e recommendations of the applicable regulatory guides are satisfied.
Identify and justify any exceptions.
420.37
."A (7.4.1. 3) The information supplied for remote shutdown from outside the control room is insufficient. Therefore, provide further discussion to describe the 3
capability of achieving hot or cold shutdown from outside the control roomc a
As a minimum, provide the following information:
a.) Provide a table listing the controls and display instrumenta-tion required for hot and cold shutdown.from out. side the control room.
Identify the safety classification and train assignments for the safety related equipment.
b.) Design basis for selection of instrumentation and control equip-ment on the hot shutdown panel, c.) location of transfer switches and remote control station (in-cludelayoutdrawings,etc.).
d.) Design criteria for the remote control station equipment inclu-ding transfer switches.
e.) Description of distinct control features to both restrict and to assure access, when necessary, to the displays and controls located outsi'de the control room e
e.
- f. ) Discuss the testing to be performed during plant operation to verify.the capability of maintaining the plant in a safe shut-down condition from outside the control room.
g.) Description of isolation, separation and transfer / override provisions.. This should ' include the design basis for preven-ting electrical interaction between the control. room and remote shutdown equipment.
h.)
Description of any communication systems required to coordinate operator actions, including r,edundancy and s,eparation.'
i.)
Description of control room annunciation of remote control or
~ overridden status of devices under loc'al control.
7 J.) tieans for Ansuring that cold shutdown can be accomplished.
k.)
Explain the footnote in FSAR Section 7.4.1.4 which. states that,
" Instrumentation and controls for these systems may require some modification in order that their functions may be performed from outside the control room."
Discuss the modifications re-quired on the instrumentation and controls of the pressurizer pressure control including opening control for pressurizer relief valves, heaters, and spray and the nuclear instrumentation that are necessary to shutdown the plant from outside the control room.
Also discuss the means of defeating the safety injection signal trip circuit and closing th accumulator isolation valves when achieving cold shutdown.
P-
420.40 Concerning safe shutdown 'from outside the control room, discuss the (7.4) hood that the auxiliary feedwater system will be automatically initiated on low-low steam generator level following a manual reactor trip and the capability of resetting the initiating logic from outside the contro Describe the method of controlling auxiliary feedwater from outsid room.
the control room.
420.41 Subsection 7.4.2 states that, "The results of the analysis which deter (7.4.2) mined the applicability to the Nuclear Steam Supply System safe sh 279-1971,.appli-systems of the. NRC, General Design Criteria, IEEE Standard cable, NRC Regulatory Guides and other industry standard
?
This stacement does not address the balance of plant in Table 7.1-1".
Also, sufficient information giving results of t9
'(BOP) safe shutdown systems.
analysis perfomed for safe shutdown systems cannot be found f Therefore, provide the results and a detailed discussion of how 7.1 -1.
the BOP and NSSS systems required for safe shutdown meet,GDC 34, 35, and 38; IEEE Standard 279 requirements; Regulatony Ee sure that you include a discussion of 1.47,1.53,1.68, and 1.75.
how the remote shutdown station complies with the above desig 420., 2 '
4 FSAR Section 7.4.2 states that, "It is shown by these analyses, th (7.4.2) safety is not 4 versely affected by these incidents, with the d
assumptions being that the instrumentation and controls indica Subsections 7.4.1.1 and 7.4.1.2 are available to c Please. provid'e a discussion pertaining to the phrase "ass shutdown".
Your discussion should address loss of offsite ciated assumptions".
power associated with plant load rejection or turbine trip.
1
4,20.43 (7.4.2)
Please discuss how a single failure within the station service water system and/or the primary component cooling water system affects safe shutdown.
420.44 (7.4)
Using detailed electrical schematics and logic diagrams, discuss the tower (9.2.5.5) actuation (TA) signal which is generated to isolate the normal service water system and initiate the cooling tower system.
Be sure to include in your discussion the possibilities of inadvertent switchover (loss of offsite power, etc.) and the affects this would have.
7 420.45 (7.4.2)
FSAR Section 7.4.2 states that, " Loss of plant air systems will not inhi-bit' ability to reach safe shutdown from outside the contro'1 room".
Using detailed drawings, please provide further discussion on this matter. Clear-ly indicate any function required to reach safe shutdown from outside the control room which is dependent on air and the means by which the air is provided.
e G
?
i r
d the-420.46 Describe the procedures to borate the primary coolant from (7.4)
How much time control room when the main control room is inaccess is there to do this?
tic and 420.47 Using detailed drawings (schematics, P& ids'), describe the lief valves.
Describe (7.4) manual operation and control of the atmospheric re (i.e., testa-how the design complies with the requirements of IEEE 279 direct bility, single f ailu're, redundancy, indication of operability, valve position, indication in control room, etc.)
420.48 l
e discuss (7.4.2). Using detailed electrical schematics and piping d h
tation service the automatic and manual operation and control of t e s Be sure to discuss (7,3) water system and the component cooling water system.-h nnel interlocks, automatic switchover, testability, s. ingle failure independence.. indication of operability, isolation funct 420.49 h
ost The information supplied in FSAR Section 7.5 concentra ide sufficient (7.5) accident monitoring instrumentation and does not prov i
needed information to describe safety related display instrumenta Therefore, please expand the FSAR to for all operat3f ng conditions.
following:
provide as a minimu'm additional information on the ESF Systems Monitoring 1.
ESF Support Systens Monitoring 2.
Reactor Protective System Monitoring 3.~
6
~
m**
e p
4
~.
4.
Rod Position Indication System 5.
Plant Process Display Instrumentation 6.
Control Boards and Annunciators Bypass and Inoperable Status-Indication' 7.
Control Room Habitability Instrumentation 8.
Residual Heat F..toval Instrumentation 9.
Please use drawings as necessary during your discussion.
420.50 If reactor controls and vital instruments derive power from cormon (7.5)
~
electrical distribution systems, the failure of such electrical dis-tribution systens may result in an event requiring operator action P
concurrent with failure of important instrumentation upon which these I & E Bulletin 79-27 addresses operator actions should be based.
You are re' quested to several concerns related to the above subject.
provide information and a 'iscussion based on each I & E Bulletin d
79-27 concern.
Also, you are to:
Confirm that all a.c. and d.c. instrument buses that 1.
could affect the ability to achieve a cold shutdown condition were reviewed.
Identify these buses.
Confirm that all instrumentation and controls required 2.
by emergency shutdown procedures were considered.in the Identify these instruments and controls at
. review.
. the system level of detail.
Confirm that clear, simple, unambiguous annunciation of 3.
loss of power is provi'ded in the control room for each Identify any exceptions.
bus addressed in item 1 above..
I i
m i
f Confim that the effect of loss of power to each load on
~
4.
each bus identified in item 1 above. including ability to reach cold shutdown, was considered in the review.
Confirm that the re-review of IE Circular No. 79-02 which 5.
is required by Action Item 3 of Bulletin 79-27 was extended -
to include both Class 1E and non-class 1E inverter supplied instrument or control buses.. Identify these buses or confirm that they are included in the listing required by Item 1, above.
~
420. 51 Table 7.1-1 indicates that conformance to R.G.1.97 is discuss (7.5) 7 We However, Section 7.5.3.2 is a section of definitions only.
7.5.3.2.
Correct Table find partial discussion on confomance in Section 7.5.3.1.
Also, FSAR Section 1.8 states that Regulatory Guide 1.97, Revision 7.1 -1.
2 is presently being reviewed and the extent of compliance will be addre Discuss the plans and schedule for complying with R.G.1.97, at a later date.
Revision 2.
420.52 Provide a discussion (using detailed drawings) on the residual heat rem (7.6.2)
(RHR)I system as it pertains to Branch Technical Position ICSB 3 and Specifically address the-following as a minimum:
RSB 5-1 requirements.
Testing of the RHR isolation valves as required by branch 1.
9.
position E. of BTP RSB 5-1.
Capability of operating the RHR from the control room with 2.
either onsite or 'only offsite power. available as required This should include a by Position A.3 of BTP RSB 5-1.
discussion of how the RHR system can perform its function i
'issuming,a single failure.
l
3.
Describe any operator action required outside the control room after a single failure has occurred and justify.
In addition, identify all other points of intsrface between the Reactor Coolant System (RCS) and other systems whose design press 0re is less than that of.the RCS.
For each such interface, discuss the degree of confor-mance to the requirements of Branch Technical Position ICSB No. 3.
- Also, discuss how the associated interlock circuit'ry conforms to the requi.re-
.ments of IEEE Standard 279.
The discussion should include illustrations from applicable drawings.
w 42053 (7.6.4) FSAR' Section 7.6.4, Accumulator Motor-Operated Valves, states that,'"During plant operation, these valves are nornally open, and the motor control center supplying power. to the operators is deenergized".
Dascribe how power is removed and how the system complies to Posi'tions B.2, B.3, and B.4 of BTP ICSB 18 (PSB).
Also, identify any other such areas of design and state your con'armance to the positions of BTP ICSB 18.
e 4
e
)
O
420. 54 FSAR Section 7.3.1.1 states that, "The transfer from the injection to (7. 3.1.1 )
the recirculation phase is initi$ted automatically and completed (7.6.5)
Describe manually by operator action from the main control board."
automatic and manual design featurespermitting switchover from injection to recirculation mode for emergency core cooling including pro-tection logic, component bypasses and overrides, parameters monitored and controlled, and test capabilities.
Discuss design features which insure that a single failure wili neither cause premature switchover nor prevent switchover when required.
Discuss the reset of Safety Injection actuation prior to automatic switchover from injection to recirculation and.the po-tenIial for defeat of the automatic switchover function.
Confirm whether
^2 the low-low level refueling water storage tank alarms which det'e'rmine the time at which the containment spray is switched to recirculation mode are safety grade.
420. 55 FSAR Sect'on 5.2.5.8 states that calibration and functional testing of (5.2.5.8) the leakage detection systems will be performed prior to initial plant (7.6)
Please provide justification since Position C.8 of' Regulatory startup.
Guide 1.45 states that, " leakage detection systems should be equipped
'with provisions to readily permit testing for operability and calibration during plant operation."
e.
420.56 (7.6)
As shown on drawing 9763-M-310882 SH-854a, two circuit. breakers in series are em'loyed in the power and control circuits for the residual.
~
~
p heat removal inlet isolation valves. " Tripping of either breaker will remove power from the position indicating lights and valve position indication will be lost.
Discuss how this arrangement complies with Branch Technical Position ICSB No. 3 which calls for suitable valve position indication in the control room.
420.5'7 Section 7.6~.2.1 indicates that the interlock circuits of.the residual F
i
- (7.6) heat removal isolation valves, RC-V22 and RC-V87, have a transmitter that is diverse from the transmitter associated with valves RC-V23 and RC-988. ' Discuss the method (s) used to achieve this diversity.
420.58 (7.6)
Discuss conformance of the accumulator motor-operated valves to the recommendations of Branch Technical Positions ICSB No. 4.
420.59 (7.6)
Section 7.6.9 of the FSAR lists the motor-operated valves which will be protected from spurious actuation by removal of motor and. control, power by de-energizing their motor control centers (NCC 522 and MCC 622). The FSAR also states that control of the breakers supplying power to these MCCs,is provided in the main control room.
Provide the following information:
~
(a) The control of the FiCC breaker from the Main Control Board for a t'ypical Safety Injection. System accumulator isolation valve is not shown on schematic diagram 9763-M-310890 Sh. B35a.
Identify the drawing where this is shown.
(b) The residual heat removal inlet isolation valves are not included in the list of valves protected against spurious operation.
State whether protection against spurious action of these isolition valves is planned and if so, provide information on how it is accomplis,hed.
If' not then justify.
420.60 (7.6)
The following apparent errors have been noted in the schematic diagrams.
(a) Drawing M-310980 Sh. B35d Rev. O
~
Contacts 5-5C' on LOCAL REM 01E SWITCH SS-2403 appear incorrectly developed. An X indicating contacts closed should appear under the REMOTE column for contact 5 to allow remote closing of the accumu-lator valves.
(b) Drawing 9763-M-310900 Sh. B52a Rev.1 Motor st'aiter 42 open coil is mislabeled 42/C instead of 42/0.
420[61 FSAR Section 7.6.6 discusses interlocks for RCS pressu're control during (7.6.6) low temperature operation.
Using detailed schematics, discuss how this interlock system complies with Positions B.2, B.3, B.4 and B.7 of BTP Be sure e discuss the degree of redundancy in the logic for RSB 5-2.
the low temperature interlock for the R.CS pressure control. Also,
include a discussion on block valve control.
.e
)
420.62
>(7.7)
If control systems are exposed to the environment resulting from the
~
ruptur' of reactor coolant lines, steam lines or feedwater lines, the e
control systems may malfunction in a manner which would cause consequences to be more severe than assumed in safety analyses.
I&E Infonnation Notice 79-22 discusses certain non-safety grade or control equipment, which if i
subjected to the adverse environment of a.high energy line break, could
, impact the safety analyses and the adequacy of the protection functions performed by the safety grade systems.
~
Th'e staffis concerned that a similar potential may exist at light. water fa,cilities now under construction. You are, therefore, requested to per-y form a review per the I&E Information Notice 79-22 concern to determine what, 'if any, design changes or operator actions would be' necessary to H..
assure that high energy line breaks will not cause control system failures to complicate the. event beyond the FSAR analysis.
Provide the results of your review including' all identified problems and the manner in which you have resolved t' hem.
The specific " scenarios" discussed in the above referenced Information Notice are to be considered as examples of the kinds of interactions which Your review should include those scenarios, where applicable, might occur.
but should not necessarily be limited to them.
j 420.f3 (7.7)
If two or more control systems receive power or sensor information from comon power sources or comon sensors (including common headers er impulse lines), failures of these power sources or sensors or rupture /
)
plugging of a comon header or, impulse line could result in transients or accidents more severe than considered in plant safety analyses.
t
^
.. ~ _
j ',
(4) Provide justification that any simultaneous malfunctions of the
~
control systems identified in (2) and (3) resulting from failures or malfunctions of the applicable connon power source or sensor are bounded by the analyses in Chapter'15 and woJ1d not require
~
action or response beyond the capability of operators or safety systems.
420. 6,4 (7.7.1)
FSAR Section 7.7.1 discusses steam generator water level control. Discuss, Include using detailed drawings, the operation of this control system.
information on what consequences (i.e., overfilling the steam generator and ca'Osing water ficw into the steam piping, etc.) might result from a steam generator level control channel failure. Be sure to discuss the high-high steam generator level logic used for main feedwater isolation.
420, 65
('7. 2)
Recent review of a plant (Waterford) revealed a situation where heaters (7.3)
.are to be used to control temperature and humidity with'in insulated cabinets housing electrical transmitters that provide input signals to the reactor protection system. These cabinet heaters were found to be unqualified and a concern was raised since possible failure of the heaters could
?
potentially degrade.the transmitters, etc.
If cabinet Please address,the above design as it pertains to Seabrook.
heaters ar'e used then describe as a minimum the design criteria used for the heaters.
.I
,(
A number of concerns have been expressed regarding the' adequacy of
~
safety systems in mitigation of the kinds of control system. failures that could actually occur at nuclear plants', as opposed to those analyzed in FSAR Chapter 15 safety arialyses. Although-the Chapter 15 analyses are based on conservative assumptions regarding failures of,
s'ngle control systems, systematic rev'iews have not been reported to ^
demonstrate that multiple control system failures beyond the Chapter 15 analyses could not occur because of single events. Among the types of
~
. events that could initiate such multiple failures, the most significant are in our judgment those resulting from failure or malfunction of pow'er j
s'upplies or sensors commore to two or more control systems. '
To prov'ide assurance that the design basis everit analyses adequatr ly bound multiple control system failures you are requested to provide the following informat. ion:
4 (1)
Identify those control systems whose failure or malfunction could seriously impact plant safety.
(2)
Indicate which, if any, of the control systems identified in (1) i receive power from common power sources. The power sources considered should include all power sources whose failure or malfunction could lead' to failure or m'alfunction of more than one control system and
}
should extend to the effects of cascading power losses due to.the failure of higher level distribution panels and load centers.
(3)
Indicate which, if any, of the control systems identified in (1) receive input ~ signals from comon sensors. The sensors considered should include, but should not necessarily be limited to, common hydraulic headers or impulse lines feeding pressure, temperature, level, or other signals to two or more control systems.
~
m a
^