ML20044G915
| ML20044G915 | |
| Person / Time | |
|---|---|
| Site: | South Texas  |
| Issue date: | 05/16/1993 |
| From: | Murphy R HOUSTON LIGHTING & POWER CO. |
| To: | Mary Drouin NRC |
| References | |
| NUDOCS 9306070028 | |
| Download: ML20044G915 (3) | |
Text
.
.\\
j HYRTT REGENCY ID:1224123550315 MRYc17'93 7:59 No.001~P.02 j
i i
To Mary Drouin, NRC FAX (301) 443-7836 From:
Richard Murphy, Houston Lighting & Power l
(512) 972-8919, FAX (512) 972-8081 i
),
subject:
Comments on Risk Technology Application
{
- i Date:
May_16, 1993 I
i These comments will focus on philosophical concepts ' rather I
than details of the draft report.
Rick Grantom has provided more detailed comments.
i 1.
The use of.PRA for regulation and/or regulatory applications should provide a demonstration that a safety culture is.an attitude, a frame. of mind to be' used.in making practical decisions 'affecting plant _ operations, maintenanceL'and j
modification.
The use of PRA is not a focus on a bottom-line number, but rather on a' risk profile which reflects " snapshots-in time,"
not in-the instantaneous sense-but in 'the-evolutionary sense (e.g., "living PRA," whatever that is), as management of the plant changes.
t 1
PRAs provide a number, referred to as the ' " core damage
{
frequency," which is a nominal' value and which is not correct, i
by definition and its probabilistic basis, at any.given time throughout plant life.
Evolutions'should not be regulated to this number, but perhaps to some incremental risk with respect to this number (both " " and "+").
The-risk profile is much more meaningful in this context.
i 2.
" Absolute risk" should be recognized as a metaphor which is l
useful from the standpoint of a thought process, but'which the l
technology today does not support and likely _ never will because it-implies absolute predictability of all constituents.
1 3.
standardization of assumptions, success criteria, data, etc.
l does not imply either a measure of absolute risk or relative i
risk.
It seems to me that in the. case of PRA, the use of the I
concepts of absoluto risk and' standardization only have administrative relevance in attempting to rank-order plants-
{
artificially in terms of safety. Standardization does not let 1
individual-plants take advantage of ' their unique. safety features, experience or management philosophy.
Neither-is a very useful concept.
Any PRA should be reviewed on its own merits and the use of that PRA for regulatory purposes should be determined on the basis of its objectively established perceived adequacy (i.e.,
by" consensus of technical experts).
9306070028 930516
~
PDR ADOCK 05000498
/P P
PDR s
f yQ/'l g.
L,
HYATT REGINCY TD:1224123550315 MAY 17'93 7:59 No,001 P.03 i
4.
Regulatory application of PRA should be based on level of j
detail, level of review, use of plant specific data, risk
- profile, sensitivity of safety to plant evolutions (i.e, redundancy, diversity, design features, human factors, etc.),
and an evolving risk concept.
5
" Risk profile" should include the concept that
- random, administrative and regulatory variations from historical and assumed values are acceptable.
It should not include the concept that some given level of safety is " safe enough."
6.
An " evolving risk" concept would provide for a utility to maintain plant safety profiles current, perhaps on a refueling cycle basis (not necessarily "on-line" or "living PRA"), not by evaluating changes on an " incremental" basis. An improving or maintained profile below its initial objectively i
established " base," if determined by the original review to be an acceptable PRA model of the plant, would allow for administrative variations and approved regulatory variations.
This would implicitly recognize 1) that plant operations
)
evolve, usually to the better, as a function of time, and 2) that some improvements in operations have costs which are readily captured in a PRA and benefits that more than offset the costs which are not readily captured in a PRA (e.g.,
preventive maintenance vs. improved reliability).
7.
Acceptability of the level of detail would be determined by
)
the level of review.
Guidelines for the level of detail and
)
the level review to suit the purpose should be established by industry technical experts.
8.
The concept of "living PRA" is not well defined.
This concept could mean "on-line."
A PRA that is maintained current on a refueling cycle basis should be adequate as'long as its level of detail is adequate.
I believe that the concept of "on-i line" is a use of PRA beyond its technological limitations and j
is pragmatically impractical in a detailed application.
1 9.
Plant specific data should be used to update the PRA, but guidelines should be established as to how individual events or sparse data should be treated in updating distributions.
10.
The importance of responsiveness must be stressed.
We have a risk-based evaluation of tech specs which has been before the NRC for 3-1/2 years.
A PRA would be updated at least twice j
during this time.
i 11.
In the first paragraph on page 25 of the draft, the term "deterministically important" seems to be defined as being on the "Q-list."
This same paragraph indicates that SScs not modelled in the PRA (and therefore implied to be not risk-important) but that are deterministically important (i.e., on the Q-list) would be defined to be relatively important to core damage prevention and would be subject to the current QA l
HYATT RE@ENCY D:1224123550315 MAY:17'93-8:bb:No.b0fP.54 1
i implementation requirements.
This is the vast majority"of
-items on the Q-list (tens of thousands).
- only ~ those' few components. (and _sub-components) on the. Q-list that are r
modelled in the PRA (perhaps a.thousand).and..that 'are relatively non-important, therefore, would be subject to
.i graded QA.-
' Combine--this. with equipmentt qualification 1 l
requirements, ASME Section XI requirements, etc.,
which j
further restrict reclassification as n' practical matter, the constraints c.n application of this example become substantial..
l 12.
Page 25, second paragraph: a non-safety diesel is.used at STP j
to power a positive displacement pump for-RCP seal. cooling in~
the event of a blackout. This diesel.is modeled in the PRA as a.non-safety diesel. (no QA) but-might come.under this l
provision.- This is counter to what the NRC accepted.when STP l
was licensed. 'Also,' the imposition of this requirement.would change the PRA.
13.
Page 25, fourth paragraph:
instrument air is a non-safety.
system at STP and does not perform a safety function.
By this paragraph the IA system at STP would be subject.to. graded QA
.i requirements since at other. plants IA is a safety grade system which performs safety functions.
t 14.
Page 32, last line:
the reference to " shutdown period" seems to imply.the need for a' shutdown risk assessment since-the next sentence indicates that "each of these phases should.be evaluated."
l 1
14.
Items 12, 13 and 14 are examples of instances where the PRA could be used to impose new requirements rather.than reduce regulatory requirements, which'was thought to be the objective i
of the Regulatory Review Group.
15.
Page 33, first full paragraph:
the analysis on this and the next page seems to assume that'a manual shutdown (interpreted a manual' trip) of the plant will be performed (since the it assumes an " initiating event probability of 1.0"). This would increase the " current estimated level of safety" since an orderly shutdown is' assumed (pwor reduction).
I A