ML20046B366
| ML20046B366 | |
| Person / Time | |
|---|---|
| Site: | 05200001 |
| Issue date: | 07/26/1993 |
| From: | Fox J GENERAL ELECTRIC CO. |
| To: | Poslusny C Office of Nuclear Reactor Regulation |
| References | |
| NUDOCS 9308040120 | |
| Download: ML20046B366 (29) | |
Text
. -.,
.l'<.
GENuclear Energy.
i t-GeneralElectnc Company 175 CurtnerAvenue. San Jose. CA 95125 1
July 26,1993 Docket No. STN 52-001 -
-l f
r Chet Poslusny, Senior Project Manager Standardization Project Directorate
' Associate Directorate for Advanced Reactors and License Renewal l
Office of the Nuclear Reactor Regulation
Subject:
Sut mittal Supporting Accelerated ABWR Schedule - USIs/GSIs
,j
Reference:
-FAX, M. Malloy to J. Fox dated July 2,1993
~
Dear Chet:
Enclosed are the following items addre:, sing the referenced FAX:
1.
Issue Revisions'
'I
' Newly Revised.osues a.
A 25, A-29, A-31, B-5, B-17, B-56,40,67.3.3,75,128,142,145,151,155.1-b.
Changes to Index Only -
HF1.1, HF4.4, HF5.1, HF5.2 '
l c.
Scheduled for Early August-t
[
A-47
.i d.
Completed but on Hold for changes l
A-9, A-44
.{
2.
Page 6 of Referenced FAX-
.l a.
Items 1 and 2 - Provided on attached Pages 19B.1-1 and 19B.3-1" t
020057
.I l
l
_9309040120 930726' i
DR-ADOCK'05200001 d'/
PDR3 i:
d.
4 4
l b.
Item 3 - SSAR section references in the Safety issues Index reference the appendix which specifically addresses the issue. See Subsection 19B.1.1 for the content of the three TMI-related appendices.
c.
Items 4 and 5 - See Safety Issues Index.
Please provide a copy of this transmittal to Melinda Malloy.
Sincerely, ack Fox Advanced Reactor Programs cc: Alan Beard (GE)
Norman Fletcher (DOE)
Bernie Genetti (GE)
Carl Szybalski(GE) l' JfB14
ABWR nA6 m s Standard Plant Res y 1
19B'.1 INTRODUCTION practices. The RESOLUTION contain the technical.h 3
resolution of the issue for the ABWR standard plant $
19B.1.1 Purpose design. The REFERENCES identifies' documentation other than the SSAR.
i The ABWR has proposed technical resolutions of those Unresolved Safety issues (USI) and medium 19B.1.3 References and high priority Generic Safety Issues (GSI) which are identified in the version of NUREG 0933 (1) A Prioritization of Generic Safety Issues, I NUREG-0933, Including Supplement.
j (Reference 1) current on the data six months prior to
~
the ABWR application and which are technically relevant to the ABWR design in accordance with 10 (2) Generic Issue Management Control System -
I CFR 52.47(a)(iv). NUREG-0933 and associated Fourth Quarter FY 93 Update, Memorandum f
~
correspondence (References 2 & 3) were reviewed for James M. Taylor from E.S. 3eckjord dated and evaluated for the ABWR. The TM1 issues March 30,1993.
(
satisfying Section II of NUREG-0800, Standard Review Plan, are addressed in Appendix 1A and (3) Advanced Light Water Reactor Utility those satisfying 10 CFR 50.34(f) are addressed in Requirements Document, Electric Power Appendix 19A. The remaining issues satisfying Institute, Advanced LWR Program, severe accident recuirements are addressed in Subsection 19B.2.
The following guidelines were used in the review of NUREG-0933 to eliminate potentially non
- relevant issues to the ABWR design:
(1) Priority rating of low, dropped, or not yet prioritized.
(2) Operational, environmental, licensing, or other NRC impact with no plant design content.
1 (3) No design content applicable to the ABWR design except for five NRC selected issues.
(4) Resolved with no new requirements except for
'RC selected issues, i
in addition, the NRC staff assisted in i
6 identifyir g relevant and current issues and resolutions. The group of issues remaining are identified in Table 190 i J snd are evaluated in the pg,r CL#Mganp mgcejed, j jj, fg referenced Subsectiot The COL applicant wt fevaluate those issues reterencing the COL applicant 5 04/tc/f#n Co/
- d, fN /# Vf U "#b8M '.#
(in accordance with Subsection 19B.3.
fje COL //eepuny Mformdum AhdOd I f 5,5 /w /k i's L yf/4 w f 70 a& ^'
- 1
,ACC
'C
&#d &8/4/8. N W I /
/
/ comp ised of fo r s ctio
$ CRITERIA, RESOLUTION and REFERENCES.-
q gycJ fo pr, u !/g.ffe gjo/ch' M TWJC/*
o The ISSUES statement is a brief summary
.Y u dveud /ch
/
, descript,on of the issue. The ACCEPTANCE 7
i CRITERIA cre taken from NUREG 0933 and GIMCS (Reference 2) resolution references and where there is no formal NRC resolution, accepted industry codes and standards and good engineering 198 1-1 Amendmen
% es
.. ABWR nA6imas Standard Plant Rev A.
l
. 19BJ COL LICENSE INFORMATION i
19BJ.1 COL Applicant Safety Issues The COL applicant shall provide resolutions he issues identified as COL applicant in Table 19B.1-1 :sns/s fut un/4 & dowmenh} ion p.
hyrn o} dicus s& w Subse c /ian Ha,/,),
{
i, 1
/
/
e
/
i I
/
(
l I
4 3
f 1
l i
s Amendme 19B SI u
y21,/fys.
ABWR N *}
Standard Plant Table 19B.1-1 SAFETY ISSUES INDEX NRC SSAR Title Priority Subsection Generic Issues Resolved 19B.2.2 A-1 Water Hammer Resolved 19B.2.3 A-7 Mark I Long-Term Program A 8 Mark I Containment Pool Dynamic Loads - Long Term Resolved 19B.2.4 Program Resolved 19B.2.5 A-9 ATWS A-10 BWR Feedwater Nozzle Cracking Resolved 19B.2.6 Resolved 19B.2.7 A-13 Snubber Operability Assurance A-24 Qualificauon of Class IE Safety Related Equipment Resolved 19B.2.8 A-25 Non-Safety Loads on Class lE Power Sources Resolved 19B.2.9 A-31 RHR Shutdown Requirements Resolved 19B.2.10 Resolved 19B.2.11 A-35 Adequacy of Offsite Power Systems A-36 Control of Heavy Loads Near Spent Fuel Resolved 19B.2.12 A-39 Determination of Safety Relief Valve Pool Dynamic Loads Resolved 19B.2.13 and Temperature Limits A-40 Seismic Design Criteria. Short Term Program Resolved 19 B.2.14 A-42 Pipe Cracks in Boiling Water Reactors Resolved 198.2.15 A-44 Station Blackout Resolved 19B.2.16 A-47 Safety implications of Control Systems Resolved 19B.2.17 A-48 Hydrogen Control Measures and Effects of Hydrogen Burns Resolved 19B.2.18 on Safety Equipment B-10 Behavior of BWR Mark 111 Containments Resolved 19B.2.19 B 17 Criteria for Safety-Related Operator Acuons Resolved COL ".pp.797 B-36 Develop Design. Testing and Maintenance Criteria for gA pk ie A r
Atmosphenc Cleanup System Air Filtration and Absorption Units for Engineered Safety Feature Systems and for Normal Ventilation Systems Resolved 19B.2.21 B-55 Improved Reliability of Target Rock Safety Relief Valves Resolved 19B.2.22 B-56 Diesel Reliability Resolved 19B.2.23 B-61 Allowable ECCS Equipment Outage Periods Resolved 19B.2.24 B-63 Isolation of Low Pressure Systems Connected to the Reactor Coolant pressure Boundary Resolved 19B.2.25 B-66 Control Room Infiltration Measurements Resolved 19B.2.26 C-1 Assurance of Continuous Long Term Capability of Hermetic Seals on Instrumentation and Electrical Equipment Resolved 19B.2.27 C 10 Effective Operauon of Containment Sprays in a LOCA Resolved 198.2.28 i
C-17 Interim Acceptance Criteria for Solidification Agents for Radioactive Solid Wastes Resolved 19B.2.29 New Generic Issues 15 Radiauon Effects on Reactor Vessel Supports High 19B.2.30 23 Reactor Coolant Pump Seal Failures High 19B.2.31 25 Automatic Air Header Dump on BWR Scram System Resolved 19B.2.32 40 Safety Concerns Associated with Pipe Breaks in the BWR Resolved 19 8.2.33 Scram System 4f 2'2 /49) 198 I ! 2
/
A ndment i
e
ABWR 23^6scors REV 4 Standard Plant Table 19B.I-I i
SAFETY ISSUES INDEX (Continued)
NRC SSAR Title Priority Subsection New Generic issues (Continued) 45 Inoperability of Instrumentation Due to Extreme Cold Weather Resolved 19B.2.34 51 Proposed Requirements for Improving the Reliability of Open Resolved 19B.2.35 Cycle Service Water Systems 57 Effects of Fire Protection System Actuation on Safety-Related Equipment Resolved 19B.2.36 Resolved 10B.237 l
673.3 improved Accident Monitonng 75 Generic implications of ATWS Events at the Salem Nuclear Plant Resolved 19B.2.38 78 Monitoring of Fatigue Transient Limits for Reactor Coolant Resolved 19B 239 j
System 83 Control Room Habitability Near Res.
19B.2.40 86 Long Range Plan for Dealing with Stress Corrosion Cracking 19 B.2.41 Resolved in BWR Pipmg 87 Failure of HPCI Steam Line Without Isolation Resolved 19 B.2.42 Medium 19B.2.43 89 Suff Pipe Clamps 103 Design for Probable Maximum Precipitation Resolved 19B.2.44 105 Interfacing Systems LOCA at BWRs High
.19B.2.45 106 Piping and Use of Highly Combustible Gases in Vital Areas Medium 19B.2.46 Resolved 198.2.48 118 Tendon Anchorage Failure 120 On-Line Testability of Protection Systems Medium 19B.2.49 121 Hydrogen Control for Large, Dry PWR Containments Resolved 19B.2.50
[
124 Auxiliary Feedwater System Reliability Resolved 19B.2.51 128 Electncal Power Reliability Resolved 19B.2.52 142 Leakage Through Electrical Isolators in Instrun.entation Circuits Medium 19B.2.53 143 Availability of Chilled Water Systems and Room Cooling High
'19 8.2.54 145 Actions to Reduce Co nmon Cause Failures in BWRs Resolved 198.2.55 151 Reliability of Anucipated Transient without Scram Recirculation Resolved 19B.2.56 Pump Trip 153 Loss of Essential Service Water in LWRs High 19B.2.57 155.1 More Reahstic SourceTerm Assumptions Near Res.
19B.2.58 Human Factors Issues Resolved COL.m,.//J 2 HF.l.1 Shift Staffing High COL App.jg,[g,,
COL y. f.
HF.4.4 Guidelines for Upgrading Other Procedures HF.5.1 Local Control Stations High-y HF.5.2 Review Criteria for Human Factors Aspects of Advanced Control and Instrumentation High COL *7.//.88 Issues Resolved With No New Reauirements Resolved 19B.2.59 A-17 Systems Interaction 19B.2.60 A-29 Nuclear Power Plant Design for Reduction of Vulneralbility Resolved COL App.
. to Industrial Sabotage d/y 22, /fi3 gg i 3 Amendment i
i l'
==ss RFV '
j Standard Plant Table 19B.1-1 SAFETY ISSUES INDEX (Continued)
Title Priority Subsection luues Resobed With No New Reauirements (Continuedi B-5 Ductility of Two-Way Slabs and Shells and Buckling Behavior of Sicci Contamments Resolved 19B.2.61 l
C-8 Main Steamline Leakage Control Systems Resolved 19B.2.61.1 l l
29 Bolting Degradation or Failure in Nuclear Power Plants Resolved 198.2.62 Resolved 19B.2.63 -
82 Beyond Design B Ascs Accidents in Spent Fuel Pools 113 Dynamic Qualification Tes6ng of Large Bore Hydraulic Snubbers Resolved 19 B.2.64 TMI Issues
!.A.I.I Shift Technical Advisor Resolved COL App.
l.A.I.2 Shift Supervisor Administrative Duties Resolved COL App.
V Resolved COL App l.A.13 Shift Manning l
1.A.I.4 Long Term Upgrading Resolved COL /.pp A r.t 2 O P
Resolved COL App.
!.A.2.l(l) Qualifications Experience Resolved COL App.
j I.A.2.l(2) Training 1.A.2.l(3) Facility Certification of Competence and Fitness of Applicants for Operator and Senior Operator Licenses Resolved -
COL App.
l.A.2.3 Administration of Training Programs Resolved COL App.
l.A.2.6(1) Revise Regulatory Guide 1.8 Resolved COL App.
l.A.3.1 Revisc Scope of Criteria for Licensmg Examinations Resolved COL App.
- 1. A.J.l(2) Interim Changes in Training Simulators Resolved COL App.
l.A.4.2(1) Research on Training Simulators Resolved 40 A.2.O t 9 A. 3.5 1.A.4.2(2 ) Upgrade Training Simulator Standards Resolved l 7. 2. O 8 9 A. 3. t I.A.4.2(3) Regulatory Guide on Training Simulators Resolved L.2.O t9 A.3.t 1.A.4.2(4) Review Simulators for Conformance to Critena Resolved l7'.2. 0 19 A.1.1 l.C.l(l) Small Break LOCAs Resolved COL App.
l 1.C.l(2) Inadequate Core Cooling Resolved -
COL App.
i 1.C.l(3) Transients and Accidents Resolved 1 A.2.1 1.C.2 Shift and Relief Tumover Procedures Resolved COL App.
1.C.3 Shift Supervisor Responsibilities Resolved COL App.
1.C.4 Control Room Access Resolved COL App.
1.C.5 Procedures for Feedback of Operating Experience to Plant Staff Resolved
- 40. A.2.4 i S A.L s I.C.6 Procedures for Verification of Correct Performance of Resolved COL App.
Operating ActiviLies 1.C.7 NSSS Vendor Review of Procedures Resobed COL App.
1.C.8 Pilot Monitoring of Sdected EmerSency Procedures for Near-Resolved COL App.
Term Operating License Applicants I D.1 Control Room Design Reviews -
Resolved 1A.2.2 1.D.2 Plant Safety Parameter Display Console
. Resolved 1 A.2.3 Medium 19A.2.17 i
1.D.3 Safety System Status Monitoring 1.D.5(2) Plant Status and Post Accident Monitoring Resolved 19B.2.65 -
l.D.5(3) On Line Reactor Surveillance System Near Res.
198.2.66 1.F.2(2) Include QA Pctsonnel m Review and Approval of Plant Procedures Resolved 19 A.2.43 1.F.2(3) Include QA Personnel in all Design, Construction, Resolved 19 A.2.43 l-Installation, Testing,and Operation Activities l
Ny 22, /$2 19tlI 4 Amendment I.
l
~
1 1
1BWR
- onas REV
\\'
Standard Plant Table 19B.1-1 SAFETY ISSUES INDEX (Continued) i NRC-SSAR Title Priority Subsection i
TMI Issuet Wontinued) 1.F.2(6) Increase the Size of Licensces' QA Staff Resolved 19 A.2.43 1.F.2(9) Clarify Organvadonal Reporting Levels for the Resolved 19 A.2.43 j
QA Organizauon Resolved I.A.2.4 l
1.G.1 Training Requirements Resolved 19B.2.67 l.G.2 Scope of Test Program Resolved 1 A.2.5 ll.B.1 Rextor Coolant System Vents II.B.2 Plant Shiciding to Provide Access to Vital Areas and Protect Resolved 1A.2.6 Safety Equipment for Post Accident Operauon Resolved 1A.2.7
!!.B.3 Post-Accident Sampling Resolved COL App.
l lI.B.4 Training for Mitigaung Core Damage Resolved 49 A2.M 19 A.2.t.
ILB.8 Rulemaking Proceeding on Degraded Core Accidents Resolved 1A.2.9 l
II.D.1 Tesung Requirements.
Resolved 1 A.2.10 t
l
!!.D.3 Relief and Safety Valve Position Indication l
lI.E.1.3 Update Standard Review Plan and Develop Regulatory Guide Resolved COL Alap.
Resolved 1 A.2.13 i
l II.E.4.1 Dedicated Penetrations Resolved -
I A.2.14 i
ll.E.4.2 Isolation Dependability Resolved
.19B.2.68 l
II.E.6.1 Test Adequacy Study ll.F.1 Additional Accident Monitoring Instrumentation Resolved 1 A.2.15 i
l
!!.F.2 Identification of and Recovery from Conditions Leading to.
. Resolved 1 A.2.16 l
Inadequate Core Coolmg II.F.3 Instruments for Monitoring Accident Conditions Resolved 1 A.2.17 l
Resolved COL App.
l
!!J.4.1 Revise Deficiency Reporting Requirements Resolved 1 A.2.18 ll.K.l(5) Safety-Related Valve Position Description.
~~
V II.K.l(10) Review and Modify Procedures for Removing Safety-
~ 197 l
Resolved W244 i A. 3 2 Related Systems from Service
-i II.K.l(13) Propose Technical Specifications Changes Reflecting Resolved 19B.2.69 implementation of All Bulletin items II.K.l(22) Describe Automatic and Manual Actions for Proper Functioning of Auxiliary Heat Removal Systems When FW 1 A.2.20
}
Resolved System Not Opeiable l
l lI.K.l(23) Describe Uses and Types of RV Level Indication for.
1 A.2.21 Automaue and Manual Initiation Safety System Resolved ILL3(3) Report Safety and Relief Valve Failures Promptly and k Challenges Annually Resolved 412.2: 1 i A. 3. 4 l
II.K.3(ll) Control Use of PORV Supplied by Control Comnponents, 19B.2.70 i
Resolved l
Inc. Until Further Review Complete Resolved.
1 A.2.22 II.K.3(13) Separation of HPCI and RCIC System Initiation levels II.K.3(15) Modify Break Detection Logic to Prevent Spunous isolation Resolved i A.2.23 of HPCI and RCIC Systems i
II.K.3(16) Reduction of Challenges and Failures of Relief Valves-Resolved I A.2.24 l
Feasibility Study and System Modification l
II.K.3(17) Report and Outage of ECC Systems - Licensee Report and Resolved 1 A.2.25 Technical Specification Changes II.K.3(18) Modificauon of ADS Logic - Feasibility Study and l
Modification for increased Diversity for Some Event Sequences Resolved 1 A.2.26 i
!!.K.3(21) Restart of Core Spray and LPCI Systems on Low Level -
Resolved i A.2.27 l
Design and Modification 22, /Q4 19B I ~ 6 knendment
'ABWR mumss RfT A Standard Plant Table 19B.1-1 SAFETY ISSUES INDEX (Continued)
NRC SSAR Title Priority Subsection.
\\
TMI Issues i
lI.K.3(22) Automatic Switchover of RCIC System Suction Venfy Procedures and Modify Design Resolved 1 A.2.28 1
i II.K.3(24) Confirm Adequacy of Space Cooling for HPCI and RCIC Systems Resolved 1 A.2.29 II.K.3.(25) Effect of Loss of AC Power on Pump Seals Resolved 1 A.2.30 11.K.3(27) Provide Common Reference Level for Vessel Level Instrumentation Resolved 1 A.2.21 II.K.3(28) Study and Venfy Qualification of Accumulators on ADS Valves Resolved 1 A.2.31 II.K.3(30) Revised Small-Break LOCA Methods to Show Compliance with 10 CFR 50, Appendix K Resolved 1 A.2.32 l
ILK.3(31) Plant-Specific Calculations to Show Compliance with 10 CFR 50.46 Resolved 1 A.2.33 II.Vs.3(44) Evaluation of Anticipated Transients with Single Failure to Venfy No Sigmficant Fuct Failure Resolved I A.2.33.1 li.K.3(45) Evaluate Depressunzation with Other Than Full ADS Resolved 1 A.2.22.2 49 A.2.1t II.K.3(46) Response to List of Concems from ACRS Consultant Resolved 1 A.2.33.3 til.A.I.l(l) Impicment Action Plan Requirements for Promptly Improving Licensee Emergency Prepardness Resolved COL App.
Ill.A.I.2(1) Technical Support Center Resolved COL An.19 A.3.4 lil.A.1.2(2) On Site Operational Support Center Resolved COL App.t 9 A. 3.4 Ill.A.I.2(3) Near-Site Emergency Operations Facility Resolved COL.'.rp. t 9 A. 3. q lil.A.2.l(l) Publish Proposed Admendments to the Rules Resolved COL App.
Ill.A.2.l(2) Conduct Public Regional Meetings Resolved COL App.
l 111 A.2.l(3) Prepare Final Commission Paper Recommending Adoption of Rules Resolved COL App.
Ill.A.2.l(4) Revisc Inspection Program to Cover Upgraded Requirements Resolved COL App.
lil.A.2.2 Development of Guidance and Critena Resolved COL App.
lil.A.3.3(1) Install Direct Dedicated Telephone Lines Resolved COL App.
i i
til.A.3.3(2) Obtam Dedicated.Shon Range Radio Communication Systems Resolved COL App.
l Ill.D.I.l(l) Review Information Submitted by Licensee Pertaimng to Reducing Leakage from Operating Systems Resolved i A.2.34 l
lil.D.3.3(1) Issue Letter Requiring improved Radiation Sampling Instrumentation Resolved 19 A.2.39 Ill.D.3.3(2) Set Criteria Requiring Licensees to Evaluate Need i
for Additional Survey Equipment Resolved 19A.2.39 2
III.D.3.3(3) Issue a Rule Change Providing Acceptable Methods for Calibration of Radiation Monitonng Instruments Resolved P? L2.919 A.L5 til.D.3.3(4) Issue a Regulatory Guide Resolved
-i9 A.2.7? I 9 A. 3.5 I!!.D.3.4 Control Room Habitability
' Resolved 1 A.2.36 Y1dy 22,gg 19 0 I' '
Amendment i
t 4
-M.
19B.2.9 A.M NONS AFETY l_O ADS ON Cf A99 IE POWER SOi!RCES ISS.CE Generic Safety issue (OSI) A-25 in NUREG-0933 (Reference 1), addresses the potential safety degradation of a Class IE Power system caused by its connection to a non-safety-related power source or load.
Dere are two approaches to assuring the reliability of the safety-related system Class IE power supplies for future plants. De first approach is to allow only Class IE loads to be connected to Class 1E power supplies. [In l
previous designs, non-safety electrical equipment was connected to Class IE power supplies (i.e., the emergency diesel generators) to provide a source of power during loss-of-offsite power (LOOP) events.]
The second approach is to limit the connection of non-safety-related electrical equipment to the Class IE power systems and assure that when this equipment is connected to the Class IE power systems that the equipment and the connections conform to the requirements for independence, electrical isolation, and physical separation. Rese requirements are identified in IEEE Standard 384 1981 (Reference 2), and guidance is provided in Regulatory Guide 1.75 Revision 2 (Reference 3). [ Supplemental information on Class IE safety systems may be found in IEEE Standard 603-1980, IEEE Standard 279 1971, and IEEE Standard 308-1980, (References 4,5 and 6 respectively).]
Both industry and the NRC, through IEEE Standard 384-1981 and Regulatory Guide 1.75, have determined that these design requirements provide an acceptable means of achieving an adequate level of reliabi'ity for the Class IE power supplies. Therefore, a commensurate level of safety for the safety systems is assured.
ACCEPTANCE CRITERI A The acceptance criteria for the resolution of GSI A-25 is that the reliability and level of safety of Class IE power soumes and the safety systems which they supply may not be degraded by the sharing of loads between safety-related systems and non-safety-related systems.
Specifically, the second approach, identified in the issue statement, shall be used in establishing an acceptable level of reliability and safety for Class IE power sources and safety-related systems.
His shall be accomplished by assuring that the interface between safety-related and non safety-related equipment on Class IE power sources and safety-related systems is adequately controlled by meeting the independence, electrical isolation, and physical separation requirements identified in IEEE Standard 384-1981 and other applicable standards, References 2 and 4 through 6, respectively, taking into consideration the guidance provided in Regulatory Guide 1.75, Revision 2.
RESO1.1rTION The ABWR design assures the reliability and safety of the Class IE power sources and safety-related systems by a highly selective connection (i.e., only one subsystem) of non-safety related equipment and strict control of the interface between this subsystem and Class IE power system. Each safety related system conforms to the requirements of IEEE Standard 384-1981, Reference 2, and meets RGl.75. Reference 3, and addresses IEEE standard 279-1971, Reference 5.
The ABWR design incorporates three independent Class IE diesel generators (DGs) and a non-Class IE combustion turbine generator (CTG). The CTG is designed to automatically and independently assume the plant investment protection (PIP) loads, should a LOOP event occur. His is in much the same manner as the DGs assume the Class IE loads for the same event. Herefore, it is not necessary for the Class IE buses to assume the PIP loads.
(See Sections 8.2.1,8.3.1.)
The ABWR design excludes non-Class 1E from the Class IE busses, with the exception of the alternate rod insert on (ARI) function which is accomplished by the rod control and information system (RC&lS) and the fine.
motion control rod drive (FMCRD) subsystem. The reliability of this subsystem is enhanced for the anticipated transient wi hout scram (ATWS) event by using Class lE power for the drive motors.
i, July 22,199.I
%.h
=
'19B.2.9 A 2S (C owb #
.t Class IE load breakers in the switchgear are part of the isolation scheme between the Class IE power and the non-Class IE FMCRD loads. In addition to the normal overcurrent tripping of these load breakers, zone seleenve interlocking (ZST) is provided between them and the upstream Class IE bus feed breakers. The Class IE load breakers,in conjunction with the ZSI feature, provides the needed isolation between the Class IE bus and the non-Class IE loads. (See 8.3.1.1.1 for more details on this feature relative to the FMCRD power circuits.)
Since both the safety systems and their Class IE power supplies conform to the requirements of IEEE Standard i
3841981 and meet the intent of Regulatory Guide 1.75. Revision 2, an acceptable level of safety exists for both the safety systems and their Class IE power supplies. Therefore, this issue is resolved for the ABWR.
l REFERENCES 1.
NUREG-0933,"A Prioritization of Generic Safety Issues" (with supplements), U.S. NRC, July 1991.
2.
IEEE Stradard 384-1981,"Critena for separauon of Class IE Equipment and Circuits," The Institute of Electrical and Electronics Engineers, Inc.
j 3.
Regulatory Guide 1.75, Rev. 2," Physical Independence of Electric Systems," U.S. NRC, September 1978.
f 4.
IEEE Standard 603 1980," Standard Criteria for Safety Systems for Nuclear Power Generating Stations," The Institute of Electrical and Electronics Engineers,Inc.
5.
IEEE Standard 279-1971," Criteria for Protection Systems for Nuclear Power Generadng Stations," The Institute of Electreal and Electronic Engineers, Inc.
l 6.
IEEE Standard 308-1980, Criteria for Class IE Electric Systems for Nuclear Power Generadng Stadons," The Institute of Electrical and Electronic Engineers,Inc.
l i
e
)
i l
'l 4
l l
[
l l
1 l
I Iuly 22,1993 i
L:
,,, i
19B.2.60 A-29: NUCLEAR POWER Pi ANT DESIGN FOR TIfE RFDifCTION OF Vtit NFR 4Rif ITY ffA.gDtWrRI 41 9 ABOTAGE ISS12 j
Issue A 29 in NUREG-0933 (Reference 1), addresses the susceptibility of nuclear power r,anc to industrial sabotage, the resulting risk to plant safety, and the countermeasures to assure an acceptable leul of g.cotectico.
Consideration should be given to sabotage during the design phase of the plant. The goal would be to achieve an acceptable level of protection of a plant to industrial sabotage by emphasizing design features which reduce the likelihood of the plant incurring damage from industrial sabotage, both internal and external.
ACCEfrTANCE CRITFRI A The acceptance criteria for the resolution of issue A-29,is that plants shall be designed to be resistant to the effects of internal and external sabotage through prevention, deterrence and mitigation.
Specifically, plant safety related systems and components required for the safe operadon and shutdown of the plant shall be designed for protection against and mitigation of sabotage.
RESOLUTION Re ABWR design will mingate the acts of sabotage through physical separations in the plint arrangement of independent, engineered safety systems, and the design and location of barriers to resist threats. Refer to Section 9.5, Fire Protection, Section 3.4, Floods and Section 3.6, Pipe Whip Protection.
Appendix 19C, Design Consideration Reducing Sabotage Risk, describes and analyzes the ABWR design features that reduce the risk from postulated insider sabotage.
In addition, the ABWR design includes various methods of access control to prevent intrusion as well as provide detection during a breach of the system. Specifically, Subsection 13.6.3, Physical Security, describes the physical protection systems and controls for compliance with 10CFR73.55 (Reference 2).
De design of the decay heat removal system provides an inherent resistance to sabotage by its protection against tornado missiles, winds, carthquakes and floods.
GE has performed an analysis of the ABWR design for vulnerability to sabotage as discussed in the DFSER, and recommends that the COL applicant should perform a sabatoge vulnerability analysis per (Rev. I of ABWR Utility Rights Document Vol. II, Chapter 9, Section 5221) to optimize system designs and compatability of plant arrangement and system design from insider and outsider threats and, that before fuel loading, the COL applicant i
should confirm conformance to the ABWR design features identified in SS AR Section 19C4 enhancing resistance of the ABWR to sabotage. Further, that during cold shutdown, that the provisions of (SECY 91029) dealing with procedures for access will be in effect.
in summary,the ABWR design is highly resistant to sabotage, because of the feature described which protect.
i against internal and external sabotage. Therefore, this issue is resolved for the ABW1.
REFFRENCER 1.
NUREG-0933,"A Prioritization of Generic Safety issues",(with Supplements), July 1991.
2.
10CFR73.55," Requirements for physical protection of licensed activines in nuclear power reactors against radiological sabotage," Office of the Federal Register, National Archives Records Administration.
July 22,1993
l l
I 19B.2.10 A-3h RESIDliAL HEAT REMOVAL (RHR) SHUTDOWN RFOUIREMENTS issrz 4
Unresolved Safety Issue (USI) A-31 in NUREG-0933 (Reference 1), addresses the safe shutdown of the reactor, following an accident or abnormal condition other than a Loss of Coolant Accident (LOCA), from a hot standby condition (i.e., the primary system is at or near normal operating temperature and pressure) to a cold shotdown condition. Considerable emphasis has been placed on long-term cooling which is typically achieved by the residual heat removal system which starts to operate when the textor coolant pressure and temperature are substantially lower than the hot standby values.
Even though it may generally be considered safe to maintain a reactor in a hot standby condition for a long time, experience has shown that there have been abnormal occurrences that required long-term cooling until the reactor coolant system was cold enough to perform inspection and repairs. For this reason, the ability to transfer heat from the reactor to the environment, after a shutdown resulting from an accident or abnormal occurrence, is an important safety function. It is essential that a power plant be able to go from hot-standby to cold-shutdown condidons subsequent to any accident or abnormal occurrence condition.
AcrFirrANCE CRITFRI A ne acceptance criterion for the resolution of USI A-31 is that the RHR system shall be designed so that the reactor can be brought from a " Hot Standby" to a " Cold Shutdown" condition as described in SRP Secdon 5.4.7 Revision 3 (Reference 2).
Specifically, the RHR system shall meet the intent of the following functional requirements with respect to cooldown:
1.
The design shall be such that the reactor can be taken from normal operating conditions to cold shutdown using only safety-grade systesns. Rese systems shall sansfy 10CFR50 Appendix A (Reference 3) General Design Criteria (GDC) I through 5, and 34 l
2.
De system (s) shall have suitable redundancy in components and features, and suitable interconnections, leak connection, and isolation capabilities to assure that for onsite electrical power system operation (assuming offsite power is not available) the system function can be accomplished assuming a single failure.
3.
De system shall be capable of being operated from the control room with either onsite or offsite power available. In demonstrating that the system can perform its function assuming a single failure, limited operator action outside of the control room would be considered acceptable,if suitably justified.
4 He system (s) shall be capable of bringing the reactor to a cold shutdown condition, with either offsite or onsite power avaihble, within a reasonable period of time following a shutdown, assuming the most limiting single failure.
In addition to the functional requirements listed above, there are certain additional requirements for the RHR system incloding, pressure relief, pump protection, test and operation.
RESOLUTION i
ne Residual Heat Removal (RHR) system is composed of three electrically and mechanically independent divisions, except for the outboard containment isolation valves, which are in different electrical divisions than the l
inboard valves, designated as A, B, and C with each division containing the necessary piping, pumps, valves, and I
heat exchangers (see ABWR Section 5.4.7).
July 23,1993
i
~
19B.2.10 A 31( C o m vJ-One of the basic design functions of the RHR system is shutdown. Shutdown cooling to remove decay and I
sensible heat from the reactor, which also includes the safety.related requirements that the reactor must be brought to a cold shutdown condition using safety grade equipment. (See ABWR SSAR Subsection 5.4.7.1.1.7.)
)
'Ihe design basis for the RHR Shutdown Cooling subsystem is that it is manually acdvated by the operator from the control room following insertion of the control rods and normal blowdown to the main condenser. (See ABWR l
SS AR Subsection 5.4.7.1.1.7.)
For emergency operations where one of the RHR loops has failed, the RHR system is capable of bringing the reactor to the cold shutdown condition of 100*C within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> following reactor shutdown with any two of the three divisions. The subsystem can maintain or reduce this temperature further so that the reactor can be refueled
]
and serviced. (See ABWR SSAR Subsection 5.4.7.1.1.)
The RHR system is part of the Emergency Core Cooling (ECCS) System, and therefore is required to be designed with redundancy, piping protection, power separation, and other safeguards as required of such systems (see ABWR SSAR 6.3).
j i
Shutdown suction and discharge valves are required to be powered from both offsite and standby emergency power for purposes ofisolation and shutdown following a loss of offsite power. (See ABWR SSAR Subsection l
9 A.5.5.14.)
The RHR system is designed to meet General Design Criteria (GDC) 1,2. 3,4, and 5 for quality assurance, i
protection against natural phenomenon, environmental and internally ge crated missiles, pip. oreaks, seismic effects, and fires (see ABWR Subsection 5.4.7.1.6).
The RHR Shutdown Cooling System is designed to meet the intent of SRP Section 5.4.7 Rev. 3 with respect to providing a means of bringing the reactor plant from hot standby to cold shutdown under all accident or abnormal occurrence conditions, as described above. Therefore, this issue is resolved for the ABWR SSAR Standard Design.
l (See ABWR SSAR Subsection 5.4.7.1.1.7.)
REFERENCES 1.
NUREG-0933,"A Prioritization of Generic Safety issues",(with Supplements) U.S. NRC, July 1991.
2.
NUREG-0800," Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants -
LWR Edition", U.S. NRC.
3.
10CFR50 Appendix A," General Design Criteria for Nuclear Power Plants", Code of Federal Regulations, Office of the Federal Register, National Archives and Records Administration.
July 23,1993
I
'19B.M1 B e Dt?CTIlITY OF TWO W AY St ABS AND SHFI I S AND Bt!CKLINO BEH AVIOR OF STFFI CONTAINMENTS Generic Safety Issue (GSI) B-5 in NUREG-0933 (Reference 1), identifies two concerns relating to containment design. First that sufficient information is not available to predict the behavior of two-way reinforced concrete slabs; and second, that the structural design of a steel containment vessel subjected to unsymmetrical dynamic loadings may be governed by the instability of the shell.
1 (1) Duculity of Two-Way Slabs and Shells ne first concern was originally identified in NUREG-0471 (Reference 2) and involved concern over the lack of information related to the behavior of two-way reinforced concrete slabs loaded dynamically in biaxial membrane tension (resulting from in plane loads), flexure, and shear. If structures (concrete slabs) were to fail (floor collapse or wall collapse) due to loading caused by a loss-of coolant-accident (LOCA) or high-energy-line break (HELB), there would be a possibility that other portions of the reactor coolant system or safety-related systems could be damaged. Such loads would be caused by very concentrated high-energy sources causing direct impact on the structures of concern. The damage could lead to an accident sequence resulting in the release of radioactivity to the environment.
Because of NRC and industry concem, the American Concrete Institute addressed these d'ynamic loads by establishing the methodology identified in the Appendix C Commentary to ACI 349-85 (Reference 3).
(2) Buckling Behavior of Steel Containments ne second concem, also identified in Reference 2, involves concem over the lack of a uniform, well-defined approach for design evaluation of steel containments. The structural design of a steel containment vessel subjected to unsymmetrical dynamic pressure loadings may be govemed by the instability of the shell. For this type of loading, the curnnt design verification methods, analytical techniques, and the acceptance criteria may not be as comprehensive as they could be. Section 111 of the ASME Code (Reference 4) does not provide detailed guidance on the treatment of buckling of steel containment vessels for such loading conditions.
Moreover, this Code does not address the asymmetrical nature of the containment altell due to the presence of equipment hatch openings and other penetrations. Regulatory Guide 1.37 rr;ommends a minimum factor of safety of two against buckling for the worst loading condition provioed a detailed rigorous analysis, considering in-clastic behavior,is performed.
On the other hand, the 1977 Summer Addendum of the ASME Code permits three altemate methods, but requires a factor of safety between 2 and 3 against buckling, depending upon applicable service limits.
However, NUREG-0933 states that the issue was resolved and no new requi:ements were established.
[
ACCEPTANCE CRITFRT A The acceptance criteria for part I of this issue is that the design of safety-related concrete structures shall meet the ductility requirements of ACI 349, as endorsed by RG 1.142 (Reference 5).
j De acceptance c.riteria for part 2 of this issue is that the buckling design of steel containment vessels shall meet provisions of NE-3221 or code case N-284 of the ASME code.
l R FSOI-.lfTION he design of ABWR safety-related concrete structures (other than containment) is based on the latest edition of ACI 349 (1990). Part I of this issue is thus resolved for the ABWR.
i July 15,1993
1 4
a
'19R ?_61 B.5 ( Co w b\\ e
'Ihe ABWR containment is a reinforced concrete structure and it is designed according to ASME III, Division 2, Subsecuon CC. The steel components (not backed by concrete) of the containment vessel are designed in accordance with to ASME.III, Subsection NE including the buckling provisions as stated in the acceptance criteria li above. Part 2 of this issue is thus resolved for the ABWR.
4 RFFFRENCES 1.
NUREG-0933,"A Prioritiration of Generic Safety issues", (with Supplements) U.S. NRC, July 1991.
2.
NUREG-0471 " Generic Task Problem Descriptions (Categories B, C, and D)", U.S. NRC, June 1978.
3.
ACI 349-85," Code Requirements for Nuclear Safety Related Structures", American Concrete Institute,1985.
4 ASME Boiler and Pressure Vessel Code,Section III, Division I, Subsection NE. American Society of Mechanical Engineers,1986.
5.
Regulatory Guide 1.142," Safety Related Concrete Structures for Nuclear Power Plants (Other than Reactor Vessels and Containments) U.S. NRC, October 1981, Revision 1.
s NRC Comment < 07/09 T
ACI 349-85 is old; use ASME III Div. 2 Be explicit in statement on buckling.
i l
i l
i l
)
l 1
July 15,1993
19B.2.20 B.17 CRITFRIA FOR S AFETY-RFI ATED OPER ATOR ACTIONS ISS11 l
His issue B-17 involves developing criteria for safety-related operator action (SRO A) during the response to or recovery from transients and accidents. He criteria would include a determination of actions that shall be automated in lieu of operator action and the development of a time criterion for SROA. Specifically, to be determined for PWL,is whether or not to require an automatic switchover from the injection mode to the recirculation mode following a LOCA. His issue is not resolved and it has a medium priority. (Reference 1).
l ACCEL'TANCE CRITFRI A ne acceptance criteria for the resolution of issue B-17 is that the plant transient response time (i.e., time requind for safety systems or operator to act) shall be increased over current plants to improve operability, and that the plant design shall permit increased operator response Ome, including a determination on the need for automatic actuation. Required time before the operator must act shall be not less than 20 minutes with a target of 30 minutes, assuming a single failure. Best estimate methodology shall be used for analysis to show safety limits are not exceeded. Operational inputs should be obtained from experienced operators.
RESOLITTION The ABWR design satisfies the Acceptance Criteria concerning automation of safety-related operator actions and operator response times. He ABWR resolution is the same as the ALWR resolution. For example, the ABWR design requires no operator action earlier than thirty minutes for any design basis accident as described in responses to quesdons 420.81,420.82,420.83,430.26 in Subsections 20.3.8,20.3.2 on operator performance under the range of Loss-of-Coolant accidents. He ABWR design by incorporating the RHR heat exchanger in the ECCS injection loop, has eliminated the need for operator actions for several accidentsAransients (Subsection 5.4.7.1.1.1). In fact, even in the long term, operator acdon is only required for one situation -initiation of containment cooling (Subsection 5.4.7.1.1.6). This is a relatively simple action and some delay in this action should have no adverse consequences, thus eliminating the need to automate this function. In addition, advance CRTs in the control room shall be utilized for monitoring and alarm functions for safety-related and non-safety-related systems (References 2, 3,4). To achieve this goal, information displays, controls and other interface devices in the control room and other plant areas are designed and implemented with good human factors engineering and in compliance with pertinent reguladons regarding separation and independence, (Subsecdon 18.2). Therefore, this issue is resolved for the ABWR.
REFERENCES 1.
NUREG-0933,"A Prioritization of Generic Safety issues,"(with Supplements), July 1991.
2.
EPRI NP 4361," Power Plant Alarm Systems: A Survey and Recommended Approach For Evaluating Improvements", December 1985.
3.
EPRI NP-5693P," Evaluation of Altemative Power Plant Alarm Presentations" 4.
EPRI NP-3448,"A Procedure For Reviewing and Improving Power Plant Alarm Systems", April 1984 5.
ANSI /ANS 58.8," Time Response Design Criteria for Nuclear Safety Related Operator Actions," 1984 l
i l
July 22,1993
4 g
19B.2.23 B.% DiFSEL RFI T ABIIITY 15S1 1 1ssue B-56 in NUREG-0933 (Reference 1), addresses emergency diesel generator reliability. The reliability Boal identified in NS AC-108,(Reference 2) for emergency diesel generator stanup, is between 0.95 and 0.975 per demand.
Typical onsite electrical distribution systems for plants use diesel generators as an emergency source of power.
These emergency power sources supply safety-related equipment, which is used to prevent or mitigate accidents,in the event of a loss of offsite power.
Because of the safety significance of the emergency diesel generators, limiting conditions for operadon (LCOs) were developed and placed in the plant technical specifications, Dese LCOs require periodic testing. Licensee Event Reports (LERs) sent to the NRC document problems encountered during periodic testing of the emergency diesel generators (to demonstrate operability). As discussed in NUREG-0933, a review of the LERs conducted by the NRC revealed that a diesel generator's starting reliability is, on the average, about 0.94 per demand. Rus, the NRC determined that there was a need to upgrade the reliability of emergency diesel generators. A new reliability of between 0.95 and 0.975 per demand for emergency diesel generator design, operation and periodic testing, was established in Regulatory Guide 1.9, Revision 3 (DRAFT) (Reference 3).
De specific emergency diesel generator staning reliability identified in Regulatory Guide 1.155 (Reference 4) is the same as in Regulatory Guide 1.9, Revision 3 (DRAFT)(i.e.,it ranges from 0.95 to 0.975 per demand). De resoludon of a related Issue A 44, Station Blackout, addresses the plant response to station blackout conditions.
ACCEPTANCE CRITFRI A ne acceptance criteria for the resolution of issue B-56, is that emergency diesel generator design, operation, and penodic testing shall ensure, as a minimum, a starting reliability of 0.95 per demand, as identified in Regulatory Guides 1.9, Revision 3 (DRAFT),1.155 and 1.160.
RESOLUTION ne ABWR Standard Plant design includes an onsite electrical distribution system which employs three redundant and independent Class 1E load group divisions. De Class 1E safety loads are capable of being supplied power, in decreasing priority, from the unit main turbine generator, either of two offsite power sources, the emergency diesel generators (DGs), and the combustion turbine generator (CTG) [see Figure 8.3-1].
Each of the three Class IE divisions can be supplied with emergency standby pwer from an independent DG.
De DG is designed and sized with sufficient capacity to operate all the needed Class IE loads powered from its respective Class IE divisional bus. Furthermore, each division can be manually supplied from the non. Class IE CTG, which is diverse from the DGs. De reliability of the CTG is comparable to that of the DG (see Section 9.5.11).
Each DG is specified to start reliably and, with present technology, industry experience has shown that a starting reliability of 0.986 per demand may be achieved as identified in the EPRI ALWR Utility Requirements Document (Reference 5)..The time required for the DG to attain rated voltage and frequency, and to begin accepting load, has been cased from 13 to 20 seconds after receipt of a start signal. His reduces their starting stress and contributes to imprcved reliability over the life of the units. The extended time is still within the limiting case for opening of the RHR valves [see Subsection 8.3.1.1.8.2(4)].
A variety of tests are performed to assure DG reliability and operability. In addition to factory tests, a number of pre-operational and onsite acceptance tests and periodic tests are conducted on ea h DG system. These tests are identified in Subsection 8.3.1.1.8.2, and in the technical specifications. Also, conditions for operation are imposed to ensure continual reliability.
July 22,1993
j 19B.2.23 B 56 ( C o a bw* d )
In summary, the ABWR Standard Plant design utilizes three independent diesel generators as emergency power sources, which an: incorporated in the onsite electrical distribution system, and which have a diverse backup (i.e.,
the CTG).
The onsite electrical distribution system meets the intent of the guidance given in Regulatory Guides 1.9, Revision 3 (DRAFT),1.155, and 1.160. Therefore, this issue is resolved for the ABWR Standard Plant design.
l RFFFRENCES 1.
NUREG-0933,"A Prioritization of Generic Safety Issues" (with supplements), U.S. NRC, July 1991.
2.
NS AC 108," Reliability of Emergency Diesel Generators at U.S. Nuclear Plants," Electric Power Research Institute, September 1986.
3.
Regulatory Guide 1.9, Revision 3 (DRAFT)," Selection, Design, Qualification, Testing, and Reliability of Diesel Generator Units Used as Onsite Electrical Power Systems at Nuclear Power Plants," U.S. NRC, November 1988.
4 Regulatory Guide 1.155," Station Blackout," U.S. NRC, August 1988.
5.
EPRI," Advanced Light Water Reactor Utility Requirements Document," Electric Power Research Institute, Chapter 11, April 1989.
6.
Regulatory Guide 1.160, Monitoring the Effectiveness of Maintenance at Nuclear Power Plants.
l
\\
i I
l l
l l
July 22,1993
19B.2.33 40 SAFFTY CONCFRNS ASSOCIATFD WITil PIPE BREAKS IN THE BWR SCR AM SYSTFM ISSI.!E If a break or leak exists or develops in the scram discharge volume (SDV) piping during a reactor scram, this would result in the release of water and steam at 212'F into the reactor building at a maximum flow rate of $50 gpm and is postulated to result in 100% relative humidity in the reactor building. The principal means ofisolating this break would be to close the scram exhaust valves which are located on the hydraulic control units; however, this is dependent upon the ability to reset scram, which cannot be absolutely ensured immediately following the scram.
Derefore, a rupture of the SDV could result in the unisolable break outside of primary containment, which is postulated to threaten emergency core cooling equipment by flooding areas in which this equipment is located and by causing ambient temperature and relative humidity conditions for which this equipment is not qualified.
ACCEPTANCE CRITERIA NUREG.0803 (Reference 1) provides guidance to ensure SDV pipe integrity, detection capability, mitigation capability and qualification of the emergency equipment to the expected environment.
R ESOI.ItTION For the ABWR fine motion control rod drive (FMCRD) design, scram water is discharged through the drive directly into the reactor vessel. There are no CRD withdraw lines or SDV as used in previous BWR designs employing the locking piston control rod drive (LPCRD). Consequently, the issue of SDV isolation provisions as addressed in NUREG-0803 (Reference 1)is not applicable to the ABWR design.
l In addition, for protection against a scram insert line break, the ABWR FMCRD design incorporates a ball-check valve located in the FMCRD flange housing at the point of connection of the insert line with the drive scram port. In the event of a rupture of the insert line, the ball check valve will close to prevent reactor vessel flow out of the break. This feature is the same as used by the LPCRD in previous BWR designs.
For these reasons, this issue is resolved for the ABWR design.
REFERENCES 1.
NUREG-0803," Generic Safety Evaluation Report Regarding Integrity of BWR Scram System Piping," U.S.
NRC, August 1981.
July 22,1993
19B.2.37 67.3.3: LMPROVED ACCIDENT MONITORING ISSUE 1
This Generic Safety Issue addresses the wcakaess in the accident monitoring of the type observed at the Ginna steam generator es ent (steam generator isolation, reactcr coolant pump trip, thermal shock from cold high pressure injection water). The weakness. identified were: (1) non-redundant monitoring of RCS pressure;(2) failure of the position indication for the steam generator relief and safety valves;(3) the limited range of the charging pump flow indicator for morutoring charging flow during accidents. These conditions make it more difficult for correct action in response to such events. Subsequently, the NRC Staff prepared and issued Regulatory Guide (RG) 1.97 Rev. 2 which was implemented at Ginna (Reference 1).
l i
i ACCEPTANCE CRITFRIA The acceptance criteria for the resolution of this item is based on the full implementation of the post accident monitonng requirements of RG 1.97 (Reference 3) and NUREG-0737 TMl Action Plans into the design of the ABWR.
RESOLUTION The ABWR has implemented into its basic design RG 1.97 requirements and the TMI action plan requirements of NUREG4737 and NUREG-0737, Supplement 1 (Reference 1). Refer to Subsection 7.5.1.1," Post Accident Momtonng (PAM) System" and Table 7.5-2. "ABWR PAM Variable List." and "ABWR SSAR Subsection 18.2". The ABWR design is in full compliance with the latest issue of RG 1.97, and this issue 67.3.3 is resohed for ABWR.
REFE RENCE I
l
- 1. NUREG-0737. "Clanfication of TM1 Action Plan Requisements", U.S. NRC, November 1980.
i I
- 2. NUREG-0933,"A Priontization of Generic Safety issues" (with supplements), U.S.NRC. Apnl 1989..
- 3. Regulatory Guide 1.97 Revision 3,"Instmmentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Evirons Conditions During and Following an Accident". U.S.NRC, May,1983.
I i
l l
l I-N 2/;l'f95 l
1 L
i
,I.
e 19B.2.3h 7C-GFNFRIC IMPLICATIONS OF ATWS EVENTS AT SAI FM NUCI FAR PLANT l
i On two occasions. Salem Unit I failed to scram automatically due to failure of both reactor trip breakers to open on receipt of an actuation signal. In both cases the unit was successfully tripped by manual action. The failure of the breakers has been attributed to excessive wear due to improper maintenance of the undervoltage relays which receive the trip signal from the protection system and cause mechanical action to open the breakers.
Failure to scram (also commonly referred to as anticipated transient without scram, ATWS) could result in unacceptable consequences (Reference 1).
l ACCElrrANCE CRITFRI A l
De acceptance criteria for the resolution of this issue is that:
l l
the plant must have a program for a post trip review of unscheduled reactor shutdowns, i
l the plant must have a program for safety-related equipment classincation and vendor interface, the plant must have a program for post-maintenance operability testing, the plant must have a program to control vendor-related modincations, preventative maintenance and surveillance for reactor trip breakers.
l These acceptance criteria are described in Generic Letter 83-28 (Reference 2) and NUREG-1000 (Reference 3).
RESOLLTION l
De reactor protection (trip) system (RPS) design provides the capability for the ABWR to satisfy the NRC l
requirements indicated in Generic Letter 83-28 and in NUREG-1000.
j Execution of the programs in the Acceptance Criteria fall primarily into the phase of operations and i
maintenance that are the responsibility of the COL applicant. However, Section 3.2," Classification of Structures, Components, and Systems" provides the safety-related classification of principal components for the second criterion of the Acceptance Criteria.
Therefore this issue 75 is resolved for ABWR, REFERENCES 1.
NUREG-0933,"A Prioritization of Generic Safety issues",(with Supplements), July 1991.
2.
Generic Leuer No. 83-28," Required Actions Based on Generic Implication of Salem ATWS Events", July 8, 1983.
L 3.
NUREG 1000 " Generic Implications of ATWS Events at the Salem Nuclear Power Plant," Volumes 1,2, April 1983, August 1983.
i l
. July 22,1993 t
\\
l
\\
19B.2.52 128 ELECTRICAL POWER REll ABILITY ISSUE 4
?
1 l
Issue 128 in NUREG-0933 (Reference 1,6,7), addresses the reliability of on-site electrical systems.
l The minimum acceptable de power system is comprised of two physically independent divisions which supply l
l de power for control and actuation of redundant safety-related systems. Questions have been raised concerning the l
position of regulatory staff, including the application of the single failure criterion for assuring a reliable de power supply. These concerns stem from the dependence on de power of the decay heat removal systems required for l
long-term heat removal. Failure of one de division would generally result in a reactor scram which then would require removal of decay heat. The frequency of reported single de division failures gives rise to the concern that the second de division may not be available.
Two of the specific reasons for the concern that safety-related power may be unreliable are also addressed by this issue. One is that some operating nuclear power plants do not have technical specifications or administrative controls governing operational restrictions for Class 1E 120 Vac vital instrument buses and associated inverters.
Without such restrictions these power sources could be out of service indefinitely and thereby may place certain safety systems in a situation where they could not meet the single failure criterion. The other is that the design of some plants do not provide interlocks to prevent the inadvertent closure of the single tie breaker between the 4160 V Class IE buses.
ACCETFTANCE CRITERI A The NRC performed a generic evaluation of the reliability of safety-related de power and published the results in NUREG-0305 (Reference 2) and NUREG-0666 (Reference 3).
f NUREG-0666 provided recommendations and supporting technical bases for augmenting the minimum design l
criteria and procedural requirements which will provide greater assurance of de power supply reliability. These recommendations for augmenting the minimum requirements for de power systems are: (1) prohibiting certain i
l design and operation features of the de power systems, such as use of a bus tie breaker, which could compromise division independence;(2) augmenting the test and maintenance activities presently required for battery operability to also include preventive maintenance on bus connections, procedures to demonstrate de power availability from the battery to the bus, and administrative controls to reduce the likelihood of battery damage during testing, maintenance, and charging activities;(3) requiring staggered test and maintenance activities to minimize the potential for human error-related common cause failure associated with these operations; and (4) requiring design and operation features adequate to maintain reactor core cooling in the hot standby condition following the loss of any other system required for shutdown cooling.
For plants not yet built, the NRC is considering further enhancing the reliability of the de power supplies by (1) placing non safety-related loads on completely separate de power supplies (i.e., non-safety-related balance-of-plant and switchyard batteries), and (2) dividing the de power supplies which are safety-related or essential into separate systems to reduce the probability of a reactor trip in the event of the loss of a single de bus.
Also under consideration is NRC endorsement of IEEE Standards 603 (Reference 4) and 308 (Reference 5) with possible revisions to the related Regulatory Guides.
RESOLUTION The resolution for issue 128, as stated above, suggests elements which are applicable only to the design or the administrative operation of operating plants, and are not applicable to the design of the ABWR. For the ABWR, the problems described in this issue are completely avoided by the following inherent design features (which are described in detail in Section 8.3):
1.
The ABWR utilizes four completely independent Class lE de divisions which power two-out-of four logic to actuate safety systems. If a division is taken out of service, the logic reverts to two-out-of-three.
July 21,1993 l
l
19B.2.52 128 ( C o d u e el)
Because of this level of redundant trip channels, no single power supply failure results in a reactor scram, even when a division is out of service.
2.
Dere are no bus tie breakers between divisions. However,it is possible, through special administrative controls and key interlocks, to manually power one division's de loads from a different division through the spare charger (see Figure 8.3-4, and Subsection 8.3.4.18).
3.
All non-Class IE de loads are powered from non-Class IE de sources with only one exception. His special case is the Alternate Rod Insertion (ARI) function utilizing the Fine-Motion Control Rod Drive (FMCRD) motors. For ATWS considerations, the reliability of this subsystem is enhanced by using Class IE power for the drive motors. This power interface exists only on Division I, and is isolated by zone-selective interlocked circuit breakers (see 8.3.1.1.1).
4 Bree of the four de divisions are backed by independent Class IE diesel generators. (The fourth division battery charger is supplied power from Division 11, and hence, is backed by the Division 11 diesel.) ne non-Class IE plant investment protection (PIP) loads are backed by an on-site combustion turbine generator (CTG).
5.
Here are two separate and independent connections from the off-site sources to each of the three Class IE buses, and to each of the three PIP buses.
6.
De ABWR fully complies with IEEEs 308 and 603.
1 in summary, the ABWR design for the electrical power system avoids the problems described in this issue.
Each division of the engineered safety systems has emergency on-site sources of ac and de power, and at least two l
I connections for off-site power, all of which are separate and independent. There are three divisions of decay heat removal, each with its own emergency ac and de power source. This issue is considered resolved for the ABWR.
REFERFNCF9 1.
NUREG-0933,"A Prioritization of Generic Safety Issues" (with supplements), U.S. NRC, July 1991.
]
2.
NUREG-0305, ' Technical Report on DC Power Supplies in Nuclear Power Plants," U.S. NRC, July 1977.
3.
NUREG-0666,"A Probabilistic Safety Analysis of DC Power Supply Requirements for Nuclear Power Plants,"
U.S. NRC, April 1981.
4 IEEE Standards 603-1910," Standard Criteria for Safety Systems for Nuclear Power Generating Stations," The Institute of Elecuical m.1 Electronics Engineers, Inc.
{
1 5.
IEEE Standard ~08-1980," Criteria for Class IE Electric Systems for Nuclear Power Generating Stations," He InstNte of FLctrical and Electronic Engineers, Inc.
j 6.
NRC Letter to All Holders of Operating Licensees," Resolution of Generic issue A-30, ' Adequacy of Safety-Related DC Power Supplies,' Pursuant to 10 CFR 50.54(f)(Generic Letter 91-06)," April 29,1991.
i 7.
NRC Letter to All Holders of Operating Licenses," Resolution of Generic Issues 48,'LCOs for Class IE Vital Instrument Buses,' and 49," Interlocks and LCOs for Class IE Tie Breakers' Pursuant to 10 CFR 50.54(f)
(Generic Letter 91-11) " July 18,1991.
July 21,1993
i l
o l
19B.2.53 14h i F AK AGE THROUGH F1 FCTRICAI ISOL ATORS IN INSTRUMENTATION CIRCUITS ISSlT.
Electronic isolators are used to maintain electrical separation between safety and non-safety-related electrical l
systems in nuclear power plants, preventing malfunctions in the non-safety systems from degrading performance of safety-related circuits. Isolators are primarily used where signals from Class-lE safety-related systems are 1
transmitted to non-Class IE control or display equipment.
'lhere are a number of devices which may qualify as electrical isolators in a nuclear power plant, including fiber optic and photo-electric couplers, transformer-modulated isolators, current transformers, amplifiers, circuit breakers, and relays. These isolators are designed and tested to prevent the maximum credible fault applied in the transverse mode on the non-Class 1E side of the isolator from degrading the performance of the safety-related circuits (Class-IE side) below an acceptable level.
This issue was identified by the staff in June 1987 and arose from observations made during Safety Parameter Display System SPDS evaluation tests that demonstrated, for electrical transients below the maximum credible level, a relatively high level of noise could pass through certain types of isolation devices and be transmitted to safety-related circuitry. In some cases, the amount of energy that can pass through the isolator may be sufficient to damage or seriously degrade the performance of Class IE components, while, in other cases, electrically-generated noise on l
the circuit may cause the isolation device to give a false output.
l Due to the fact that there are a great number of each type ofisolator in the field, this issue would require the
(
staff to determine the extent to which potentially susceptible isolators are used in nuclear power plants and to identify the systems in which they are used. An NRC bulletin to all licensees to provide input on these questions t
would be necessary.
ACCEPTANCE CRITFRf A Assuming that the staff determines from the licensee responses to the proposed bulletin that a potential problem exists, a research program consisting of two major objectives would have to be initiated to develop the solution to this issue. The first objective would be to develop test procedures and acceptance criteria for isolators that licensees could use to determine the adequacy of installed isolators. The second objective would involve development of appropriate hardware fixes that could resolve the issue.
Therefore, with a reliable data base the final step in the solution to this issue would be the issuance of a generic letter to licensees with the following guidelines for: (1) inspection and testing of all electrical isolation devices between Class IE and non-Class IE systems; (2) repair / replacement of isolators that fail the tests, including description of acceptable hardware fixes to the isolators; and (3) implementation of an annual program to inspect and test all electronic isolators between Class IE and non-Class lE systems.
(
lssue 142 must meet the requirements of the Licensing Review Bases (LRBs) Criteria on isolators (the LRBs are contained in a letter from T. Murley of NRC to Artigas of G.E. dated 8/7/87, see Reference 3).
RESOLUTION Fiber optic data links are the only type of isolation device used in the ABWR for electrical isolation of logic level and analog signals between protection divisions and from protection divisions to non-safety-related equipment.
See Subsection 7A.3. Subsection 7A.3 resolves issues regarding the Licensing Review Basis Criteria on isolators.
Maximum credible electrical faults applied at the outputs of isolation devices do not apply to fiber optic j
systems. The maximum credible fault is cable breakage causing loss of signal transmission. Faults cannot cause l
propagation of electrical voltages and currents into other electrical circuitry at the transmitting or receiving ends.
l Conversely, electncal faults originating at the input to the fiber optic transmitter can only damage the local circuitry l
and cause loss or corruption of data transmission; damaging voltages and currents will not propagate to the receiving end.
)
July 23,1993 i
l l
19B.2.53142 ( Co M
Fiber optic isolation devices are expected to have less difficulty than previous isolation devices in complying with all qualification requirements due to their small size, low mass, and simple electronic interfaces. The basic materials and cotoponents, except for the fiber optic cable itself, are the same as those used in exisung, qualified isolation devices.
When using fiber opdc devices as Class IE isolation devices, only the input side of the transmitting device and output side of the receiving device use electrical power. De low vohage power supplies for these devices use the same power source as the logic that drives the isolating device. For ABWR safety systems, this power is:
1.
Divisional 120 Volt Vital AC (UPS)- For Reactor Protecdon System (RPS) logic and Main Steam Isoladon Valve (MSIV) logic.
2.
125 Volt Plant DC Power Supply - For ECCS logic and 1.eak Detection and Isolation System logic.
The isolating devices used for ABWR are similar to the Group I types referred to in Reference 2. They are of the long fiber optic cable design, so transmitting and receiving ends are separated by a significant distance (typically several feet to several hundred feet). Dese types of designs had the best isolating characteristics of the various isolators compared in the NUREG study, Reference 2.
Typically, the electrical to-optical interfaces are part of the general logic processing equipment within a channel and do not reside in separate isolator units. De fiber optic interfaces receive the protection from EMI and surge currents designed into the logic equipment (for example, power supply decoupling, shielding, filtering, single-point signal common connection to chassis ground, and chassis ground connection to ground bus). He equipment will undergo EMI and surge testing to the standards identified in the NUREG or equivalent.
De results of the NUREG tests show that the fiber optic type of isolators exhibited no or very little effects from the major fault and lightning surge tests. Only surge and EMI tests applied to the isolator power supplies caused damage to the isolator input side, mainly because of the output and input supplies sharing a common, commercial AC power line. For the ABWR, RPS and ESF functions are supplied from different plant power sources (120 Volt Vital AC and 125 Vde, respectively). The low voltage DC supplies fed from these sources are highly regulated and filtered. Dus, isolator circuits are isolated from most power source transients. Therefore this issue is resolved for the ABWR.
REFERENCE 9 1.
Memorandum for B. Morris from B. Sheron (NRC Staff)," Proposed Generic Issue on leakage Through l
Electrical isolators," June 23,1987.
2.
NUREGER 3453." Electronic Isolators Used in Safety Systems of U.S. Nuclear Power Plants," U.S. NRC, March 1986.
3, Advanced Boiling Water Reactor Licensing Review Bases, August 1987 (A letter from T.E. Murley of NRC to R. Artigas of G.E. dated 8/7/87).
July 22,1993 i
I 19.B.2.55 149 ACTIONS TO REDUCE CO%1%10N CAUSE FAILURES IStS.E lssue 145 is concerned that common cause failures can be a major cause of a system failure. The TMI-2 and David Besse incidents were examples of scenarios involving common cause failures. (Reference 1.)
Effective maintenance is important to ensure that design assumptions and margins in the original design basis are maintained. In the design of nuclear power plants, an important safety margin is the redundancy of equipment to perform safety functions. This redundancy, however, can be degraded by common cause failures. Therefore, defense against such failures (by root cause analyses and investigations) over the life of the plant is an important part l
of the licensee's maintenance program.
This issue is still under evolution within the NRC with a regulatory guide under development to supplement the maintenance rule,10CFR50.65, Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants. (Reference 2.)
1 ACCEPTANCE CRITERI A The acceptance criteria for the resolution of Issue 145 is to demonstrate compliance with the maintenance rule, 10CFR50.65.
RESOLUTION Compliance with 10CFR50.65 will be the responsibility of the COL applicant.
In addition, the dBWR design demonstrates in its " Response to Severe Accidents", Chapter 19,its capability to respond to system interactions and common cause failures,(Subsection 19.2.3.4).
Actions to reduce common cause failures may fall into the Operational Reliability Assurance Program (O.
RAP). The COL applicant will specify the policy and implementation procedures for the O-RAP as described in Subsection 17.3.9.
Therefore, this issue 145 is resolved for the ABWR.
i REFERENCES 1.
NUREG-0933, "A Prioritization of Generic Safety issues," (with Supplements), December 1992.
2.
10CFR50.65," Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants," Office of the Federal Register, National Archives and Records Administration, i
July 21,1993 j
)
e.
1 v
1
,e 19B.2.56 151 RFI T ARII ITY OF ANTICIPATED TR ANEIENT WITHOUT SCR AM RFCIRCIfL ATION PUMP TRIP IN BWRs ISSEE Issue 151 in NUREG-0933 (Reference 1), addresses the issue of the reliability of the ATWS RPT in BWRs.
-i Issue 151 specifically identifies a reliability problem with GE's type AKF 25 circuit breaker and trip hardware, (actually a type AKF 2-25 breaker, per NRC's IE Notice 87 12, Reference 2).
ACCEMANCE CRITERIA ne acceptance criterion for the resolution of Issue 151 is the use of reactor recirculation system pump trip hardware or method that is more reliable than the previously used AKF-2-25 breaker hardware or method.
l t
RESOLUTION l
De design for the ABWR reactor recirculation system and RPT method and hardware is completely different from the previously designed BWR reactor recirculation systems and RM trip methods. The design is more diverse and redundantly reliable. Rather than using only two recirculation pumps and the associated single RIFT breakers, the ABWR will use ten pumps and multiple pump and RPT trip logic, circuits and hardware. Adiustable speed drive (ASD), recirculation internal pumps (RIPS) are used. The ABWR RM trip hardware (not yet specifically identified) willbe completely different: 'Ihe ABWR does not use AKF-2 25 circuit breakers in the RPT logic circuits. Instead l
of using AKF-2-25 breaker switching hardware to provide a RFT, RFC controller switching and ASD gate inverter turn-off circuit hardware provides the RM. See Subsection 7.7.1.3(7) and 7.7.1.3(8). Thus, by diversity and redundancy in design, the ABWR addresses and resolves issue 151.
l This issue 151 may fall into the Operational Reliability Assurance Program (O RAP). The COL applicant will specify the policy and implementation procedures for O-RAP as described in Subsection 17.3.9.
l REFERENCF_9 1.
NUREG-0933,"A Prioritization of Generic Safety Issues" (with supplements), U.S. NRC, July 1991.
l 2.
IE !nformation Notice 87-12. " Potential Problems with Metal Clad Circuit Breakers, General Electric Type l
AKF-2-25", U.S. NRC, February 13,1987.
i l
July 21,1993 l
t
-~.
4 19B.2.58 1551-MORE REAI ISTIC S6tfRCE TERM ASSifMPTIONS ISSI.'E Current siting regulations (10 CFR Part 100) require that an accidental fission product release from the core into containment be assumed and that its offsite radiological consequences be evaluated against guideline doses given in Pan 100. The postulated source term is derived from TID 14844 (Reference 1) and is contained in Regulatory Guides 1.3 and 1.4. The regulatory guides specify a release into containment of 100 percent of the core inventory of noble gases and 50 percent of the iodine fission products. Half of the iodine is assumed to deposit on interior surfaces assuming instantaneous appearance within containment and that the iodine is predominately in elemental form (12).
Use of the T1D-14844 source term has not been restricted to evaluation of plant mitigation features and site suitability. Regulatory applications of the source term are broad, including use as the basis for (a) the post accident environment for which safety-related equipment should be qualified,(b) post-accident habitability requirements for the control room, and (c) post-accident sampling systems and accessibility.
A substantial amount of information has been developed to update knowledge about LWR severe accidents and behavior of fission products that could be released into containment. Studies have confirmed that, although the TID-14844 source tenn is substantial and that its use has resulted in a high level of plant capability, the present recipe can be substantially improved.
In their staff requirements memorandum (SRM) dated January 25,1991, the Commission approved the plan proposed by the staff to revise Part 100 to delete the source term and dose calculations and to directly specify site criteria: to issue (in parallel) an interim revision to Part 50 to retain the present source term and dose calculation (but not for siting purposes); to update the TID-14844 source term; and, in a second-rule making phase, to incorporate severe accident and revised source term insights for future plants. In their SRM dated April 11,1991, the Commission requested the staff to make recommendations on the values of releases into containment (to update TID-14844), to provide a discussion of the status of EPRI's comparable values, and to discuss the use of the updated source term in evaluations of existing and future plants.
ACCEPTANCE CRITERI A
'Ihe acceptance criteria for GSI 155.1 is that the plant shall be designed to ensure that the dose commitment to the public in the event of a licensing design basis accident shall be within those limits prescribed by existing regulations based upon the limitations of 10CFR100.
RESOLUTION The ABWR is being designal and analyzed to the existing Regulatory Guides, Standard Review Plans, and General Design Criteria which are based upon TID-14844 (e.g., Regulatory Guide 1.3, Standard Review Plan 15.6.5). The use of revised source terms based upon NUREG-1465 (Reference 2)is premature for the ABWR based upon the lack of clarification of what is a design basis event under the revised source terms and lacking adequate guidance from the Commission as to acceptable methods and conditions, i.e., revised regulatory guides and standard review plans.
REFERENCES 1.
DiNunno, J.J. et al," Calculation of Distance Factors for Power and Test Reactor Sites". Technical Information Document 14844, March 23,1962.
2.
Soffer, L et al," Accident Source Terms for Light-Water Nuclear Power Plants", NUREG-1465, USNRC, Draft Report for Comment, June 1992.
July 22,1993
.._