ML20050Q900
| ML20050Q900 | |
| Person / Time | |
|---|---|
| Site: | Calvert Cliffs, San Onofre, 05000000 |
| Issue date: | 03/31/1982 |
| From: | Clark R Office of Nuclear Reactor Regulation |
| To: | Lundvall A BALTIMORE GAS & ELECTRIC CO. |
| References | |
| TAC-7089, NUDOCS 8204140487 | |
| Download: ML20050Q900 (10) | |
Text
MAR 31 1932 DISTRIBUTION:
dcket File RAClark Docket Hos. 50-317 NRC PDR Econner and 50-318 L PDR DJaffe NSIC ORB #3 Rdg RECEfVEDI y
9J Mr. A. E. Lundvall, Jr.
DEisenhut Vice President -Supply JHeltemes APR 8 1982m C "4"gy
' /
Baltimore Gas & Electric Company OELD g
P. O. Box 1475 ACRS-10 ra Baltimore, Maryland 21203 I&E f
4 Gray File O
N
Dear Mr. Lundvall:
PMKreutzer-3 GMI This is to inform you of a modified staff position on the length of time a reactor protection system (RPS) or an engineered safety features actuation system (ESFAS) channel may be bypassed. Your Technical Specifications (TS) currently limit the inoperable channel bypass time to 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />.
If it can be verified that three protection system channels in two-out-of-three logic are sufficient to satisfy all protection system criteria, then one channel of a four channel system may be bypassed for a lengthy period of time with no degradation to safety. Action Statement 2 of the Enclosure 1 TS page (San Onofre - Unit 2 type) may be proposed in place of the appropriate present action requirements. delineates the criteria which must be satisfied to ensure that three channels are sufficient for plant protection. However, we believe that it is prudent that an inoperable channel be repaired and returned to service as quickly as practicable. Action Statement 2 of Enclosure I would allow the flexibility of continued plant operation with an inoperable channel in bypass where it is not feasible to repair the channel (for example, if the failure is inside the containment in a location inaccessible during plant operation). The model TS, however, do place responsibility on the licensee to repair the channel as quickly as possible and in any event during the first cold shutdown after the failure has occurred.
If you have any questions on this subject, please contact your assigned NRC project manager.
Sincerely.
Original signed by Robert A. Clark Robert A. Clark, Chief 8204140487 820331 Operating Reactors Branch #3 PDR ADOCK 05000317 Division of Licensing P
Enclosures:
As stated
.n /
.[..
.P
, h,.,
A l
sun 3gze2,.
gcyez 3f.982.,
33j,/82.,,
om>
unc ronu m oow ancu om OFFICIAL RECORD COPY usanoam-m.eo
P Baltiinore Gas and Eiectric Company cc:
James A. Biddison, Jr.
Ms. Mary Harrison, President G;neral Counsel Calvert County Board of County Commissioners Baltimore Gas and Electric Company Prince Frederick, MD 20768 P. O. Box 1475
. Baltimore, MD 21203 U. S. Environmental Protection Agency Region III Office G;orge F. Trowbridge, Esquire Attn:
Regional Radiation Representative Shaw, Pittman, Potts and Trowbridge Curtis Building (Sixth Floor) 1800 M Street, N. W.
Sixth and Walnut Streets Washington, D. C.
20036 Philadelphia, PA 19106 Mr'. R. C. L' Olson, Principal Engineer Mr. Ralph E. Architzel Nuclear Licensing Analysis Unit Resident Reactor Inspector Baltimore Gas and Electric Company NRC Inspection and Enforcement Rcom 922 - G&E Building P. O. Bos 437 P.'O. Box 1475 Lusby, MD 20657 Baltimore, MD 21203 Mr. Charles B. Brinkman Mr. Leon B. Russell' Manager - Washington Nuclear Operations Plant Superintendent Combustion Engineering, Inc.
Calvert Cliffs Nuclear Power Plant 4853 Cordell Avenue, Suite A-1 Maryland Routes 2 & 4 Bethesda, MD 20014 Lusby, MD 20657 Mr. J. A. Tiennan, Manager Bechtel Power Corporation Nuclear Power Department
. Attn: Mr. J. C. Judd Calvert Cliffs Nuclear Power Plant Chief Nuclear Engineer Maryland Routes 2 & 4 15740 Shady Grove Road Lusby, MD 20657 Gaithersburg, MD 20760 Mr. W. J. Lippold, Supervisor Ccmbustion Engineering, Inc.
Nuclear Fuel Management Attn: Mr. P. W. Kruse, Manager Baltimore Gas and Electric Company Engineering Services Calvert Cliffs Nuclear Power Plant P. O. Box 500 P. O. Box 1475 Windsor, CT 06095 Baltimore, Maryland 21203 Public Document Room Mr. R. E. Denton, General Supervisor Calvert County Library Training & Technical Services Prince _ Frederick, MD 20678 Calvert Cliffs Nuclear Power Plant Maryland Routes 2 & 4 Dircctor, Department of State Plannin9 Lusby, MD 20657 301 West Preston Street Baltimore, MD 21201 Mr. R. M. Douglass, Manager Quality Assurance Department Fort Smallwood Road Complex Administrator, Power Plant Siting Program Energy and Coastal Zone Administration P. 0. Box 1475 Department of Natural Resources l
Baltimore, MD 21203 Tawes State Office Building Annapolis, MD 21204 Mr. T. L. Syndor, General Supervisor t
l Operations Quality Assurance Calvert Cliffs Nuclear Power Plant Regional Administrator Maryland Routes 2 & 4 Nuclear Regulatory Commission, Region I Lusby, MD 20657 Office of Executive Director for Operations 631 Park Avenue King of Prussia, Pennsylvania 19406
?
~
^
4 Enclosure l' v
. d af Uk'kij ]; 9 TABLE 3.3-1 (Continued) o
,i U
TABLE NOTATION
- With the protective' system trip breakers in the closed position, the CEA -
drive spstem capable of CEA withdrawal,,and, fuel in the reactor vessel.
- The provisions of. Specification 3.0.4 are not applicable..
~4
~
(a) Trip may be manually bypassed ab'ove 10 % of RATED THERMAL POWER; bypass to10}%ofRATEDTHERMALPOWER.shalT. e automatica11y' removed when THERMAL P (b) Trip may be manually bypassed below 400 psia; bypass shall 'be automatically removed whenever pressurizer pressure is greater than.6r equal to 400 psia.
~4 (c)' Trip may b,e manually bypassed below 10 % of RATED THERMAL.P0VER; bypass shall be auy% of RATED THERMAL POWER.matically removed when THERMAL POWER equal to-10 During testing pursuant to Special Test Exception 3.10.3, trip may be manually bypassed below 1% of RATED THERMAL POWER; bypass shall be automaQcally' removed-when THERMAL POWER is greater than or equal to 1% of RATED THERMAL POWER.
(d) Trip m'ay be bypassed during testing pursuant.to Special Test
, Exception 3.10.3.
(e)
See Special Test Exception 3'.10.2.
(f)
Each channel shall be comprised of two trip breakers; actual trip logic
~
l-shall.be. one-out-of,two,taken twice.
(g)', Trip'may be bypassed below 5S% RATED THERMAL POWER.
ACTIONSTATEM5NTS With the number of channels OPERABLE one less than required by ACTION 1 the, Minimum Channels OPERABLE requirement, restore the
'.s*
N ino;ierable channel 'to OPERABLE status within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> or be in
~
at least HOT STANDBY within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and/or open the protective system trip-breakers.
~
With the number of channels OPERABLE one less than the Total
~
ACTION 2 Number of Channels, STARTUP and/or POWER OPERATION may continue provided the inoperable channel is placed-in the bypassed or tripped condition within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />.
If the inoperable' channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with-Specification 6.S.I.6k.
The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN..
3/4'3-4 SAN ONOFRE-UNIT 2
"+
g
i PR00F &IHiEVCDPY
~
~
ADMINISTRATIVE CONTROLS MEETING FREOUENCY The OSRC,shall meet at least once per calendar month and as ' conv 6.5.1.4 by the OSRC Chairman or his designated alternate.
000 RUM The minimum quorum of the OSRC necessary for the performance of the" OSRC responsibility and authority provisions of these Technical Specifica 6.5.1.5 shall consist of the Chairman or his designated alternate and four members including alternates.
. i,._
RESPONSIBILITIES The Onsite. Review Committee, shall be res'ponsible for:
N a.
6.5.1.6 Review of 1) all procedures required by Specif,ication 6.8 and changes thereto, 2) al1 programs required 'by Specification 6.8 and changes-a.
thereto, 3) any other proposed procedures or changes thereto as
. determined by the Station Manager to affect nuclear safety.
Review of all proposed tests and exp.erjments that affect nuclear -
7 b.
safety.
Review of all proposed changes to Appendix "A" Technical c.
Specifications.
' Review of all proposed changes or modifications to unit systems or, d.
equipment.that affect nuclear safety.
Investigation of all violations of the Technical Specifications ~
including the preparation and forwardi.ng of rep
'b e.
~
~
re" rol Board (NCB).
Review of even'ts requiring 24-hour written notification to the
' f.
/'
Commission.
itial nuclear safety hazards.,
t
. Review of unit operations to detect po er
.~:
\\
., g.
Performance of special revieks, investigations or analyses reports thereon as requested by the Station Manager or the N h;
Review of the Security Plan and implementing procedures and 1.
submit recommended changes to the NCB.
Revie'w of the Emergency Plan ard implementing procedures j.
submit recommended changes to the NCB.
Review and documentation of judgment coricerning prolo bypass, channel trip, and/or repair of defective protectio
' k.
- of process variables placed in bypass since the last OSRC 6-7
)
SAN ONOFRE-UNIT 2
)
^
L.
~
y ENCLOSURE'2 *
.t'
-DESIGN CRITERIA 1
In present and various past Combustion Engineering (CE) applications,
~
applicants have proposed to. operate four-channel protection systems (Reactor protection System and specific Engineered Safety Feature Systems) with one of the four channels of a given proce'ss variable in bypass for an ind'efinite period of time.
Operating reactor licensees who desire to use the Technical Specifications of Enclosure 1 must verify that they have re-viewed the design and installation of their protection system and determined that the system meets the criteria below.
The licensees must also confirm that detaile'd information verifying compliance with.the criteria isIavail-able at the licensee's facilities for staff aiidit.
Until the licensee's -
confirmation that. the protection system meets the criteria below has been co'mpleted and submitted to the staff, bypass of a protection system channel.
should be limited to 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> at.which time the channel shall be placed in the trip mode.
1.
Hich Eneray Line Break
~
The protection system should be reviewed for the effects of high energy line breaks.
Each licensee must analyze the protection. system to verify that high energy line hazards in coincidence with the b'ypass' of', a channel will not negate the minimum acceptable redundancy required by IEEE Std. 279-1971.
It should be noted that credit is not to be taken for the " fait-safe" mode of the channels affected by high energy.
r line b'reaks.
s l
i
=
a
-s 2.
Sinole Failure In Combination With-Prolonced Bypass Th'ere may be cases. where the piolonged bypass
- of a specific protection channel in combin'ation with a single failure might jeopardize plant protection (i.e., channels remaining will not sufficiently detect associ'ated transients and accidents without causing unacceptable consequences such" as core damage, etc.)
The lice'nsee should review the accident analyses.(i.e... rod drop accident, rod ejection, etc.) to
' verify that the bypass of a specific prot,ection channel in coincidence with a single failure of-a redundant channel will not prevent re- -
quired protection for any transient or accident.
~
~
3.
3.
Channel Independence The four protection channels mus.t be reviewed for physical in( '
, dependence.
Each. licensee should confirm,that the four protection channels as installed meet the physical independence criteria of Regulatory Guide 1.75. '.
4.
Independence-of.the Vital Buses
~
Each plant must be reviewed for independence of the vital buses.
The Combustion Engineering (CE) reactor protection system (RPS) is made up of foui- (4) p/otection channels for each trip parameter.
Each parameter channel consists of bistable relays and associated contacts which are arranged into six logic ' ANDS (AB, AC, AD, BC, BD, -
CD matricies) which represent all possible coincidences of two com-binations (e.g., combinations of two-out-of-four logic).
Each logic matrix is powered by two of four Class 1E independent 120 Vac vital, buses as shown i.n Figure 1.
This arrangement may challenge the isolation and hence independence of the redundant ac vital power e
e e
e *
~
y
' buses.
It i's typical of lic nsees using the CE design to' assure that the independence of these buses is ma.intained through the use of qualified isolators.
~
L'icensees desiring to use the Technical Specifications of Enclosure
~
1 should confirm that tests' and analyses have been performed to demonstrate independence of the redundant vital buses. The. tests.
and supporting information should include:
a)
The use of a plant.-specific mock-up representing one protection logic matrix system (i.e., two matrix power supplies, each with its own simulated 120 Vac vital bus supply, matrix relays, bistable power supplies, bistable.
=
trip units, and isolation circuitry),.
b) The application of surges (internal and external transient voltages) and faults '(including continuous phase-to-phas.e short-circuits, phase-to-ground short-circuits and the application of continuous external high voltages) to t'he sinulated 120 Vac vital bus supplying power to an associated matrix power supply, c)
Application' of the surges ind. faults between each matrix power su' ply input conductor and. ground (common mo'de) and across (line-p to-line) the matrix power supply irput conductors (transverse mode), '
d) Monitoring the redundant simulated 120 Vac vital bus supp) ing l
l power to its matrix power supply'to measure any effect as a re-sult of ' application of the faults or surges on the other bus, 9
q v
4-u e)
Acceptance criteria for perturbations which would be allowed within the redundant vital bus without interfering with any protection sy'ste'm actions, f) Justification that the faults and surges used during the testing exc'eed the maximum worst-case failures which could
. occur within the protsetion systems circuits. - --
5.
looic Matrix Circuitiry Failure Due to a Vital Bus Sinole Failure Each plant must be reviewed to assure that, with a channei in.
bypass, a single failure of a vital bus will not prevent the protection systsm from performing its protective function'.
As stated in item 4 above, the C' reactor protection system forms E
six logic matricies (AB, AC,.AD, 'BC, BD an'd CD) from all possible coincidences of two comb.inations of the four protection channel bistables and associated contacts.
Due to the vital bus arrange-
~
mnt a single failure of a vital bus coincident with the bypass of a channel could prevent the required prote.ctive function of the RPS.
- l. coking at figure 1, assume that a channel A trip parameter is bypassed.' :This results in negating the AB, AC an,d AD logic matricies protective functions.
This now leaves the BC, BD, and CD logic matricies for protection.
However, as shown in figure 1.
these remaining matricies are being supplied by a common vital bus.. it can now be postulated that a single failure (fault, surge, etc.) within the common vital bus system might propogate through the
' logic matrix power supplies into the matr,ix circuitry.
This' could l
thereby cause 'a failure (we1 ding' of~ ' contacts) of the remaining logic matricies such th.at the required prot;ective function cannot be per '
L
.m g
.,0,
-5.
formed.
Licensees desiring to use the Technical Specifications of Enclosure
~
1 should confir.m. that sufficient tests and analyses have been per-formed to assure that with a channel bypassed, a ' vital bus single failure will not negate the required prote.ctive function.
The tests and supporting information should include:
a) The use of a plant-specific mock-up representing cne pro-tection logic matrix system (i..e;, two matrix power supplies, each with its own simulated 120 Vac. vital bus supply, ' matrix -
relays, bistable power supplies, bistable trip units', and
~
isolation circuitry),
b) The application of surges (internal and external transient voltages) and faults -(including continuous phase-to-phase short circuits, phase-to-ground short-circuits and the application.of continu' us external high voltages) to the o
simulated 120 Vac vital bus supplying power to an associated matrix power supply, cl. The application of surges and faults between each matrix power supply input conductor and ground (common mode) and across (line-to-line) the matrix power supply input con-ductors (transverse mode),
~
d) Moni.toring the auctioneered matrix. power supply output to measure any effect on the. logic matrix circuitry as 'a resul't of application i
of the faults or, surges,
g_
e e)
Verification that during and after the application of the surges and faults, the protection circuits will perform th'eir protective actions, f)
Justification ~ that the faults and surges used'during the testing exceed the maximum worst-case failures which could occur within the protection systems circuits.
4 4
e e
O g
..e e
4 O
O 0
e 4
s 4
O ee a
4@
f
- e g
6 m
8 9
e
)
e l.
w