Text

Risk-Based Insp Guide for Sequoyah Nuclear Power Station Final Rept, Informal Rept
	ML20059H459
Person / Time
Site:	Sequoyah
Issue date:	07/31/1990
From:	Gregg R; EG&G IDAHO, INC., IDAHO NATIONAL ENGINEERING & ENVIRONMENTAL LABORATORY
To:	; NRC
Shared Package
ML19324H752	List: ML20059H451; ML20059H459;
References
	CON-FIN-A-6553 EGG-SSRE-8720, NUDOCS 9009170205
	Download: ML20059H459 (78)
	v • d • e

.. . . _ __

a I

i i

$s.s;WW~W; tm _

. _yFT843YC l

' \ ' > r[ - l I

EGG-SSRE-8720 i

]

l l .

i i INFORMAL REPORT i , -t-i - -- * * *

f

j '

RISK-BASED INSPECTION GUIDE FOR THE

] SEQUOYAH NUCLEAR POWER STATION

! l FINAL REPORT

,_ l

, -- _- n

-- u

.m_-_

a -- .

l w idiEiERE 6.,R

_=g m % gg >

j fEs0 -

R. E. GREGG

,,2 _M g

z...

3 3 ew i G

1. Mg[ - ' [f9N h'b9 . . , .,

[

. . ; g s .., 3 :. -

.a, wmo , : c,

.. Nh);i$j n - <

E@[ >

3 I

I e .

(

o i

\

+ l l

l '

i

I ,

i 5 46Dotcuneet j DEAWm00 .

l Prepared for the j .. U. S. NUCLEAR REGULATORY COMMISSION

, 6S%9DL.D5.

Y

s , l

ggyg%7/v @lo" P I

f EGG-SSRE-3720 j

INFORMAL REPORT l

RISK-BASED INSPECTION GUIDE FOR THE

SEQUOYAH NUCLEAR POWER STATION L FINAL REPORT j .

mwn t

I j

+g i R. E. GREGG A

?

i

- [!

YO i $ .

i

. Na .

t 4 .___,

1 a ,

's

'~h?m# . y L.

,Jj Prepared for the 3 y U. S. NUCLEAR REGULATORY COMMISSION

..: 009.LTD A.O 5 N

1 ,

f f.

EGG-SSRE-8720 b

y r

RISK-BASED INSPECTION

. GUIDE FOR.THE SEQUOYAH NUCLEAR POWER STATION-FINAL REPORT !

sg,os . , ,.,

n t ., R D. E . ; G re g g a a;;. ., ,- <

'34 i;'S $@ ^'

' O.: Y'QJ[%. 3

%;j/fp[;

O Q0%h2f'[.*

fy s.; ,,

'4yy'hiN -.;' . 3gE ,

t w3p., . ,, 3

. ,,g o . - -

5 Peblished July 1990 $

t EG&G Idaho, Inc.

Idaho Falls, Idaho 83415

. Prepared for the ;

U.S. Nuclear Regulatory Comission ,

Washington, D.C. 20555

. Under DOE Contract No. DE-AC07-761001570 -

FIN No. A6553 :

5 7

l l

.. y e---. y .- y w -yw-- -y,--e-w a er .-----

s_ m..r %,..

,.. w ..., m .-,. 1 DI. ,

.q:dtd9CM?ffi9A?/Ti.p.:?

p; -:

~0

-c

/g:% -

.,(

ay;s\

~ -

[gB' 3;d!' - 'ABSfRACT4' w

l' L

I g.'-

This report contains guidance for'the integration of Probabilistic Risk Assessment (PRA) results into the inspection program at the Sequoyah

.o. ...

Nuclear Power Station M T Ofm dhod forfappliing..PRA. techniques is

, . . g,a ,g,ygs ~ -

w _ . :. p a.,.-

described and th"a repose ba~se_ ;,,;. tat'Sequoyah is nspections

.. w s ppgq v. '^

fc, provided[i t e mma ables n'J I.

t i mump.*s

< evg %qnj.,. .

z-, .-

eW

,5 g, * ;- , ,

.:' :lb. e ty w 'n 5

i 9

4

4 i ?

i l

I a

4 4

t l

1 4

j 1

l A

i I

iI I

a

! b C

1

6 ,

F

SUMMARY

t The risk-based inspection guide (RIG) provided in this report was developed for the Sequoyah Nuclear Power Station, Unit I as part of work performed for the Office of Nuclear Reactor Regulation of the Nuclear ,

Regulatory Commission (NRC) by EG&G Idaho, Inc. at the Idaho National Engineering Laboratory. The RIG employs a previously developed method for using probabilistic risk assessment (PRA) techniques and results to provide plant-specific risk-based inspection guidance. It can be used in the ongoing inspection efforts at Sequoyah. A PRA provides insights that help identify the risk-significant events and equipment, and therefore, will assist NRC inspectors in focusing resources on those portions of the facility that contribute significantly to risk.

Core damage results obtained from NUREG/CR-4550 were-used to develop the Sequoyah RIG. Importance measures.were applied to the core damage results?tMdetENn$$I$Nb$ yon 1N$EthSOe'ntYsehuences,-the events that $kh N s um iNos Nqm iences wasw [andit~9.nh.., b cN k, au'ses of those events.

Major findings related to the risk of core melt are:

1. The most important sequence, a very small loss of coolant accident followed by failure of the high pressure recirculation cooling and the failure of the operator to stop containment spray injection, contains 25% of identified core damage frequency (CDF). The top six sequencer contain 75% of identified CDF. A total of 23 sequences are required to obtain 99% of identified core damage frequency.

2. Based on their probability of being involved in a core melt l accident, the most important systems include: the reactor coolant system, the high pressure recirculation system, the electrical I power system, the auxiliary feedwater system, the containment-spray system, and the low pressure recirculation system. A l

iii l

complete list of identified risk important systems is contained in the report.

Two kinds of inspection guidance tables are provided. First, system tables (Tables 3 through 14) provide the important failure modes and a-modified walkdown checklist for the important equipment in each risk-significant system. Second, the important failures are arranged in programmatic tables (Tables 15 through 17) that show functional inspection areas. Those tables can be used by the inspectors who will be performing .

the inspections called for in the Inspection and Enforcement Manual.

Use of the guidance provided in this report should assist the inspection effort to focus on those systems and components that are major contributors to risk at Sequoyah.

4 ,. , -:p.;,3;;

w unasy.w' - -~

g .,

Y y:ylm' m_ we iv

(

CONTENTS ABSTRACT ............................................................ ii

SUMMARY

............................................... ......... ... iii INTRODUCTION ..................... .................. .. ......... . 1 DOMINANT ACCIDENT SEQUENCES ..................................... ... 1 SYSTEM PRIORITY LIST .................................. ........ ... 7 COMMON CAUSE FAILURES ............ ............................ .... 8 IMPORTANT HUMAN ERRORS ............................... .......... ... 8

~

SYSTEM INSPECTION TABLES ............................................ 9 REFERENCES .......................................................... 11 TABLES

1. Most Important 3 Sequences ....................................... 12

+ive w n .;~a w p g ,e V:su ; w .

2. Most Important ystemsiBased,'onj Co: ret Damage: Freduency . . . . . . . . . . 16

. w m y,< n g .w e g g y a Reactok<CoolantESystem Failure' Mode'rgarenf-3A. Identification'............. 17 3B. Modified Reactor Coolant System Walkdown ................. .. 18 4A. Safety Injection System Failure Mode Identification .... ... ... 19

48. Modified Safety Injection System Walkdown ............. ........ 21 SA. Containment Spray System Failure Mode Identification ... ....... 23 SB. Modified Containment Spray System Walkdown ..... .......... .... 24 6A. Electric Power System Failure Mode Identification .............. 26 6B. Modified Electric Power System Walkdown ....................... 27 7A. Auxiliary Feedwater System Failure Mode Identification ........ 29 7B. Modified Auxiliary Feedwater System Walkdown ................... 31 8A. Low Pressure Injection / Recirculation System Failure Mode . .. .. 33 Identification 8B. Modified Low Pressure Injection System Walkdown . . . . . . . . . ... 36 9A. Primary Pressure Relief System Failure Mode Identification ..... 38 9B. Modified Primary Pressure Relief System Walkdown ............... 39 10A. Charging System Failure Mode Identification .................... 41 10B. Modified Charging System Walkdown .......... . ......... ..... 42 v

- .- - . - ..=. . - . - -

1 l

TABLES (continued) .i 1

a 11A. Reactor Protection System Failure Mode Identification ......... 44 118. Modified Reactor protection System Walkdown ................... 45 j 12A. Accumulator System Failure Mode Identification ................ 46 i 128. Modified Accumulato- System Walkdown .......................... 47 13A. Essential Raw Water Cooling Failure Mode Identification ....... 49 j 138. Modified Essential-Raw; Cooling Water r System Walkdown .......... 50 i

14A. CompodeNdb"o$Yi[ M5Neitiont.......... 52

~

l 14B. f.Mid$fi((y m

.n me mponen oo. m- n u.amm o

-~

.. . . .b. b .......... 53- !

15. Plant' Operations Inspection Guidance ~.'......................... 55

16. Surveillance Inspection Guidance .............................. 56 .

17. Maintenance Inspection Guidance ................... .d

........... 57 -

18. Containment Walkdown .......................................... 58 ;

1

19. Frontline System Dependencies ................................. 59

20. Support System Dependencies ....................... ........... 65 ;!

l FIGURES l

l 1 Dominant Contributors to Core Damage Frequency ................ 2 l 4-1 Simplified Schematic of Safety Injection System ............... 22 1

5-1 Simplified Schematic of the Containment Spray System .......... 25 l

[

6-1 Simplified Schematic of the Electric Power System ............. 28 l 7-1 Simplified Schematic of the Auxiliary Feedwater System ........ 32 8-1 Simplified Schematic o# Low Pressure Injection System ......... 37 9-1 Simplified Schematic of Primary Pressure Relief System ........ 40 10-1 Simplified Schematic of the Charging System ................... 43 12-1 Simplified Schematic of the Accumulator System ................ 48 13-1 Simplified Schematic of Essential Raw Cooling Water . . . . . . . ... 51 14-1 Simplified Schematic of Component Cooling Water ............... 54 .

vi r, .

n.

.v N - .f.h.y g * '

a s m- . -. -j q 1+'g t

l i

RISK-BASED INSPECTION Gul0E FOR l

_THE SEQU0YAH NUCI. EAR POWER STATION l INTRODUCTION

.w s

^

ThkN nwn a N kNrMhe Office of wwww, ion (NRC) as Nuc1~eariReactKRegulat ,,,

oryjconsniss '

~

part of FIN A6553. 'The1 purpose of this project is to provide guidance for l Probabilistic Risk Assessment (pRA) based _ inspections, which can'be used '

to focus the NRC inspection efforts towards risk-significant items. :

A review of NUREG/CR-4550 1, NUREG/CR-4551 2, and NUREG/CR-11503 .

was conducted to develop the following Risk-Based Insoection Guide (RIG).

Additionally, the results of a Seouoyah Individual plant Evaluation 4 --

(IPE) were reviewed. This R!G can de used to aid in the selection of -i areas to inspect and is not. intended either to replace the current NRC !

Inspection requirements, or to constitute an additional set of inspection reautrements. The information contained herein is based almost entirely l on the fladings of NUREG/CR-4550s published in June 1989. Hence, recent j plant experience, failures, and modifications should be taken into account _

when using the information'provided. Since plant modifications are ].

normally an ongoing process, it could prove helpful if relevant changes are catalogued so this inspection guidance can be periodically revised.

i DOMINANT ACCIDENT SEQUENCES NUREG/CR-4550 contains a number of different accident sequences that

a. The Sequoyah IPE has yielded somewhat different results regarding the dominant accident sequences and the relative importance ranking of j the various systems. Differences in the results obtained from NUREG/CR-4550 and the Sequoyah IPE will be discussed throughout this report.

k ;

t contribute significantly to the total core damage frequency (CDF), which is 5.7E 5 per reactor year.a The NUREG/CR-4550 CDF is calculated based on internal initiating events only External initiating events such as fires, flooding, tornadoes, and harthquakes were not included in the PRA.

Figure 1 shows the percentage each accident type, categorized by initiating events, contribute to core damage frequency at Sequoyah. Each i

accident type is composed of several similar but distinct sequences of system failures. The following discussions give a generalized description .

of the basic accident types. Table 1 lists all the individual dominant accident sequences and describes the plant failures which contribute to ,

them. l

$r. (

6:P. 17.

37. E toss or orrsnt s>owtR nes9

/

Q ANTICIPATED SCRAM TRANsitNT WitmOUT

. ) H,

, l. l STcAu CCNCRATOR Tvet RvPTve t

,,,,. : lwe ENT[RrACING LOCA (V) g wgme lc .j TRAN$l[NT 267. l te ,

l Figure ! Dominant Contributors to Core Damage Frequency.

Lpss of Coolant Accidents (LOCAs)

LOCA initiated sequences are the dominant contributors to CDF, contributing 627. of the total. There are several LOCA categories: Large -

LOCAs have a break size of greater than six inches in diameter, Intermediate LOCAs range from a two to six inch diameter break size. -

a. The Sequoyah IPE estimates CDF to be approximately a factor of 50 lower than that predicted in NUREG/CR 4550, 2

. I g $lc1L'^ $hhN$d' $5&f & . .

2 g4 %m ;

i and Small.n .ery - , OC, . e . ~ f,Dessithantwo/oneinches

, n:

~_ uw in diameter.

i 3, mall /Very Small LOCAs a

Small/Very Small LOCAs are important at Sequoyah because of the small size of the ice condenser containment, the low Containment Spray System (CSS) actuation set point, and the high CSS flow rate, cause the Refueling

) ,

Water Storage Tank (RWST) to drain faster than at other Pressurized Water l Reactors (PWR). It is estimated that small LOCAs will require recirculation cooling within 20 minutes of spray actuation. This does not.

allow sufficient time to dePressurize the Reactor Coolant System (RCS) and go on Residual Heat Removal (RHR) closed cycle cooling. Therefore, !

operator action is required to switch from the High Pressure Injection (HPI) mode to the High Pressure Recirculation (HPR) mode. The HPR mode has a functional dependency on the Low Pressure Recirculation System ;

(LPR), so failure of either HPR or LPR following a small LOCA results in core damage. Small/Very Small LOCAs contribute 45.9% of CDF. '

)

intermediate LOCAs Intermediate LOCAs contribute 11.8% of CDF. Successful mitigation of an intermediate LOCA requires the initial injection by two of the four l high pressure pumps (can be any combination of High PressJre Injection or ;

Charging pumps). Success of long term decay heat remove' re. i. es recirculation with one of the four high pressure vamps ' m te by the ,

discharge of one of the two low pressure pumps.

L3Loe LOCAs

%M ;

$45 ~ % .. .

Larghpa6%'kibut,e successful mitigation of a

-l0CAstco$I

. - - m CDF,Mdh!$Y large LOCA requires successful inje'etion by'both the Accumulator System )

(accumulator injection to three of three ' intact loops) and at least one of l the two low Pressure Injection (LPI) trains. If the injection phase succeeds then long term decay heat removal requires recirculation with one

! of the two low pressure pumps. )

3 l

)

-,r. _ _ ,,-m __

~

l Loss of Offsite Power (LOSP)

Station blackout sequences contribute to 26% of core damage ,

frequency. Station blackout sequences are LOSP initiated events .that involve the simultaneous failure of both emergency diesels, and the failure of the operator to supply power from the other unit. Following a complete loss of AC power, failure of the steam-driven Auxiliary Feedwater i pump, or the RCP seals, or failure of a PORV to close, or depletion of the -

station batteries results in core damage. L Steam Generator Tube Ruoture (SGTR) l SGTR sequences contribute 3.5% of CDF. These sequences require.the operator to depressurize the reactor coolant system within 45 minutes of the SGTR. Failure to do so results in a challenge of the steam generator pressure relief system. The subsequent failure of a steam generator PORV or safety valve to close result in a direct loss of RCS inventory to atmosphere. Failure of subsequent efforts to limit RCS inventory losses >

by either depressurizing the RCS or isolating the open relief valve ;

results in RWST. depletion and. core uncovery.3, -

l h '

The only transient event of concern is initiated by a loss of the main feedwater system. Loss of main feedwater challenges the auxiliary _

feedwater system. Should the auxiliary feedwater system also fail, core decay heat can be removed by feed and bleed cooling operations.

Successful feed and bleed cooling requires the successful operation of both trains of power operated relief valves (PORVs). This sequences -

contributes 3.4% of CDF. .

.l Anticipated Transients Without Scram (ATWS)

An ATWS event begins with some plant transient such as a turbine trip. The event is compounded by failure of the Reactor Protection System (RPS) to shutdown the reactor automatically. Following failure of the 4

_ _ _ _ _ _ . l

theoperatorcanmanuallyjtriptheRPS. j If scram automatic RPS trip,g$Ncha5551[faNiore~[o~f]tfNcon'U$i!Mds t'o insert, fallurMINA$(fih the bp$$U((canfpEfNa chemidalksIIutdown[dIk$Ei@bbarging O and Volume Control System (CVCS). ATWS events contribute 3.3% of CDF.

Loss of DC Power (LODC) i Because of the dependency of the feedwater regulating valves and the Power Operated Relief Valves (PORV) on 125V DC power, loss of either DC bus results in loss of Main Feedwater capability. With only one of the PORVs available following the loss of a DC bus, feed and bleed cooling l

cannot be successful. Therefore, if AFW fails subsequent to the loss of a DC bus, core damage results. Loss of a DC bus contributes 1.2% of CDF.

LOCAs Outside the Containment The V-sequence (or interfacing system LOCA) is a LOCA that occurs outside the containment boundary. It contributes to 1.1% of CDF. It is significant because it bypasses the Containment safeguards and the resulting relelse is potentially very severe. The only significant LOCA ,

of this type is through any of the four sets of LPI cold leg injection check valves. There is a potential recovery action in which the operator may be able to isolate the LOCA by closing :he appropriate cold leg injection icolation valve.

l l

Two additional interfacing system LOCA pathways have been identified by the Sequoyah IPE. One path is through any of four sets of safety

, injection system check valves. The other path is through the two motor operated valves in the RHR/RCS hot leg interface.

Loss of Essential Raw Coolina Water

' sd .?aVl$kh h $kh h{ Ohs Loss ~ of; Essential (RawyCooljng[W@ater (ERCW))i:

was; identified by the Sequoyah IPE as being a potentially severe initiating event. It results in loss of cooling flow to the component cooling system and the subsequent failure of the safety injection pumps and the CSS pumps. It also results 1 5 l

l

i in loss of ERCW cooling flow to and the subsequent failure of the charging pumps. It has the potential of resulting in a subsequent reactor coolant pump (RCP) saal LOCA due to loss of both seal injection flow (form the j charging pumps) and seal cooling flow (from the component cooling system). This is an important sequence at Sequoyah because the potential common cause failure of systems dependent upon ERCW ensures that both core damage and containment failure will occur.

Loss of Component Coolina Like the loss of ERCW system, loss of Component Cooling Water (CCW) was identified by the Sequoyah IPE as being a potentially severe event.

It can result in loss of cooling flow to and the subsequent. failure of the safety injection pumps and the-CSS pumps. Unlike the loss of ERCW system, it should not results in an RCP seal LOCA because seal injection flow remains available from the charging pumps, which are cooled by ERCW. Both complete failure of CCW or partial failure of CCW in conjunction with random failures of other safety related components are of concern. This ;

is a significant event at Sequoyah because it would result in the common cause failure of systems required to prevent both core damage and containment. failure. #ft,. -

,o ,

h @hk '

h .*

?

t 6

l i

SYSTEM PRIORITY LIST The systems at Sequoyah have been ranked and are presented in Table 2 according to their importance in preventing core melt. Under normal conditions, the left-hand column should be used. For degraded or l j inoperable systems, the right-hand column should be used, as discussed below. Other plant systems not appearing on the list are generally of ]

lesser importance than those listed here.

l The two system prioritization lists have been included in Table 2 because they provide different types of risk insights that are useful in l the inspection process. The left-hand column indicates the system's j contribution. to CDF..as provided.by. the.Fussell-Vesely Importance Measure, given that'thh[sydNii3ENENdkM, NelNIIab'ility assumed in the v % .utd r; mm.% . - .

PRA. Generallyi when~pla% w w fnning'antinspec ion without knowledge of specific system problems, those systems that contribute most to CDF should be given I priority attention in order to most efficiently minimize risk. ,

l However, when one or more systems exhibits unusually high failure

rates or unusual types of failures, then the probabilities assuraed in the

! PRA are not really appropriate for the failures of those systems. While ,

such problems persist, the affected systems contribute more to the risk of i core damage than is indicated by the left hand column. Based on the l Birnbaum importance Measure, the right hand column indicates the increase in CDF when the system is inoperable. The right-hand column can be used to estimate how much more important a system becomes when it is having problems. (Affected systems with high ra'nking in the right-hand column should be cor.sidered to have become much more important than indicated by ,

their ranking in the left-hand column, while systems with lower-ranking in l

the right-hand column would have smaller increases above the ranking l indicated in the left-hand column when affected.) Similarly, the.

right-hand column is appropriate for estimating the risk significance of inspection findings that indicate a system is inoperable or degraded. ;

l

Adjacent systems on the list should be considered as having approximately equal contributions to risk because of uncertainties l associated with the PRA. Where the difference between system importances is significant, they have been separated by dotted lines.

COMMON CAUSE FAILURES The failure of multiple items from some common cause can be very l l

significant to risk. The Sequoyah PRA has identified several comon cause ;

failures that are particularly important. l l

- Loss of Essential Raw Cooling Water,

- Loss of Component Cooling Water,

- Loss of Offsite Power with failure of both diesel generators, Loss of a 125V DC bus..

. :T m: M

j. # Of s d M: ,; ,

cause failures,'i@he@compone,nt level, ~ are identified and Other common. . on t

~

discussed in the various system failure mode tables. In general, these common cause failures involve the active failure of similar components.

IMPORTANT HUMAN ERRORS 1 Human errors can be very significant to overall plant risk. Human errors can be broken down in to two broad categories: pre-accident errors )

are those errors committed prior to the start of the initiating event, and post-accident errors are those committed while trying to mitigate an I accident. Pre-accident human errors can consist of errors committed during either maintenance or operations and generally result in a decrease in the availability of accident mitigating systems. Post-accident human errors are committed by the operators during the course of an accident ,

sequence. They can consist of errors of omission where the operator does not attempt to perform a particular mitigating action, or errors of commission where the operator attempts to perform the proper mitigating action incorrectly. Significant human errors are discussed in detail in the various system failure mode tables and are compiled in the Plant l j

Operations inspection Guidance Table (Table 15).

8 e

't gY x a

SYSTEM INSPECTION TABLES The systems listed in the first column of Table 2 are the systems that will have a significant impact on CDF should they fail. Those systems are associated with (contribute to) 98% of the total CDF at Sequoyah. For each of those systems, inspection guidance is provided in the form of a failure mode table and a modified system walkdown checkl i st. The failure mode tables generally cover those failures that contribute to the top 95% of a system's unavailability. The modified checklist contains those inspectable components or failure modes that I contribute significantly to system failure, where an inspectable component is defined as a component whose operating position or condition can be verified by observation (i.e. check valves are agi considered to be inspectable by walkdown). The modified checklists cover the normal' system configurations when the plant is operating. They are a good tool for an effective look at the systems, covering the components that contribute significantly to a system's unavailability, but usually includes less than 20% of the system's components. For that reason, a full checkoff list ;

should be used for major system reconfiguration applications, and the modified checklist should be used for efficient, frequent walkdowns.

It should be noted that the onsite inspector will decide how a system or componsnt should be inspected once it is selected for inspection. It is not the intent .or. purpose of this report to give guidance on how inspections should-b$.perfor$dN6$$.$Io!fEoddDinformation

~ gm n:w n that, will !

allow the inspector to' focus his inspections on those aspects that contribute significantly to risk.

Also included with most of the system checklists is a simplified system diagram (Figures 4-1 through 14-1). These diagrams can be used to get feel of basic system layout. However, it should be kept in mind that these are uncontrolled, simplified diagrams, and controlled diagrams should be obtained for any application requiring an exact up-to-date system description.

9

'~%- -

1 L

In .us trigithis~e ~ tabl'he systemstan

. .. a - mmm a 1steshdials:toiremember wsmsve . . . that the other i co,mp% oneny , ' an!- .s ,o* e ,come. mpu ;ortantM LIf,.through m . v m .1 .~

. , .r inattention, the failure probabilities of other systems are allowed to ,

increase significantly, their contributions to risk could equal or exceed ,

that of the listed systems. Consequently, a balanced inspection program is essential to ensure that the licensee is minimizing plant risk. The following tables allow an inspector to concentrate on systems and components that are most significant to risk. In so doing, however, cognizance of the status of other systems performing safety functions must <

be maintained.

Tables 15 through 17 list information given in the system failure mode tables in three functional areas. Those tables are designed to assist programmatic inspection in the areas of operations, surveillance, and maintenance.

j Table 18 lists those risk-significant components located inside the containment. Since the containment is inaccessible during normal .

operations, that checklist is provided for efficient inspection of those.

components when the opportunity arises.

Tables 19 and 20 are dependency matrices. Table 19 shows the dependencies of the frontline systems on the support systems. Table 20 t i

shows how the support systems depend on each other. The information j

supplied in these tables was provided by the Tennessee Valley l Authority (TVA).

l l

l 9

3 h ki1 , G; wg_

10

4

~

, l

! l l

REFERENCES

1. R. C. Bertucio and S. R. Brown, Analysis of Core Damace Frecuency:

Seouoyah. Unit 1. Internal Events, NUREG/CR-4550 Vol. 5, Sand 86-2084, Revision 1, June 1989.

. 2. A. S. Benjamin et al., Evaluation of Severe Accident Risk and the i Potential for Risk Reduction: Seouoyah Power Station. Unit 1,

. NUREG/CR-4551 Vol. 2, SAND 86-1309 (Draft for comment) February 1987.

i ,

3. Reactor Risk Reference Document. Main Report, U. S. Nuclear Regulatory Commission Report a.'G-1150 Vol. 1 (Draft for comment),

February'1987b:. ! J,4Q :' " *" W ge:;

p '

un @ w"

9. ,yg, _ , +.-<

4. To Be Supplied i

i I

7 I a

f 6

M

'I.

f 11

TABLE 1. MOST IMPORTANT SEQUENCES Secuence Seouence Descriotion Small/Very Small LOCAs S0H3C2 This sequence consist of a very small LOCA followed by failure of HPR cooling and failure of the operator to control containment spray injection. It contributes 25% of CDF. This is an important sequence at Sequoyah because the small size of the ice condenser containment, the low CSS -

actuation set point, and the high CSS flow rate cause the RWST to drain faster than at other PWRs. It is predicted that for all small LOCAs recirculation cooling will be .

required within 20 minutes of spray actuation. .This does not allow sufficient time to depressurize the RCS and go on RHR closed cycle cooling. Therefore, operator action is required to switch from the High Pressure Injection mode to the High Pressure Recirculation mode.

S,0 H~C3 This sequence is similar to the first sequence with failure

. of the LPR system to supply flow to the HPR system. It contributes 8.87. of CDF. In the high pressure recirculation mode, the high pressure pumps take their suction from the discharge of the LPR pumps which in turn take their suction from the containment sump. Therefore, failure of the LPR system results in failure of the HPR system and subsequent core damage.

SH22 This sequence is the same as the first sequence except it has a slightly larger break size and the operator manages to control the containment spray system. Its contribution to CDF is 7.9f..

5H23 This sequence is the same as the second sequence except it has a slightly larger break size and the operator manages to control;the containmentgsp@pray, system.' Its contribution to

.1 00Fils;3%

g >H'mb Q g jp;g m 3< Q{f;gfpah' l' ~in M loss of Offsite' Power SB0-L This sequence consist of a station blackout initiated by a LOSP. It contributes 16.9% of CDF. Following the LOSP, both diesel generators IA and 18 fail to operate and there is also a failure to get power from Unit 2 via the shutdown utility bus (this requires racking-in'and manually closing two supply breakers). The subsequent failure of the turbine driven auxiliary feedwater pump to supply steam generator feed flow, results in the gradual heat up and boil off of primary coolant. Core uncovery will occur if power is not restored within one hour from the loss of feed flow.

12

i l

l TABLE 1. (continued) l SBO SLOCA This station blackout sequence contributes 7.6% of CDF. It develops similarly to the previous sequence except the AfW system operates successfully. It is complicated by failure l of an RCP seal due to loss of both seal injection flow and l seal cooling flow. Failure to recover AC power and Safety ,

Injection capability following the seal LOCA results in ;

core uncovery. 1 SBO-Q This station blackout sequence contributes .7% of CDF. It i develops similarly to the first SB0 sequence except the AfW l system operates successfully. It is complicated by a PORV <

sticking in the open position. Failure to recover AC power i and Safety Injection capability following the PORV failure results in core uncovery.

SBO BATT This station blackout sequence contributes .5% of CDF. It develops simib rly to the first SB0 sequence except it is complicated by failure to recover AC power prior. to depletion of the station batteries.

Intermediate LOCAs_ .

f%9 my .. ;

SgH2

^

.pfgM&k%jigg) j,. intermediate LOCA followed by

.[ThatSgH2rsequence stan$

failure of HPR coo ing. It contributes 8.5% of CDF. This sequence is the same as $ H2 2 with the exception it has a larger break size.

SjH4 SHi4 is an intermediate sized LOCA with failure of LPI in either the miniflow mode, the recirculation mode, or the switch to hot leg recirculation. Its contribution to CDF )

is 3.3%. ,

l Laroe LOCA1 ADS AD5 represents a large LOCA followed by failure of one or more of the cold leg accumulators to inject into the intact loops. It contributes 2.3% of CDF.

l

, AH j AHg represents a large LOCA followed by failure of low pressure recirculation. It contributes 1.7% of CDF.

AD6 A0 6 is a large LOCA followed by failure of the low pressure inject system to inject into the intact loops. It contributes .6% of CDF.

Transients TtP pgj This sequence, which contributes 3.4% of C0F, is initiated by a transient that results in loss of main feedwater l coo ing. It is further complicated by loss of auxiliary l feedwater cooling and failure to open the PORVs. Failure ;

13 l

.____1

Wfj:,kffhh h?h~

TABLE 1. (continued) to open the PORVs results in failure of Feed and Bleed cooling.

Steam Generator Tube Ruotures T

SG00 0S This sequence is initiated by a steam generator tube !

rupture. Failure of the operator to depressurize the '

reactor coolant system within 45 minutes of the SGTR, '

results in a challenge of the steam generator pressure relief system. The subsequent failure of a steam generator PORV or safety valve to close result in a direct loss of RCS inventory to atmosphere. It contributes 2.3%

of CDF.

T3gt T3 nt. is a steam generator tube rupture with the su5 sequent failure of the auxiliary feedwater system. It contributes .7% of CDF.

15cKR T3 cKR is a steam generator tube rupture compounded with a subsequent failure of the reactor protection system (both automatic and manual) to scram the reacter. This SGTR/ATWS event contributes .5% of CDF.

Anticioated Transients Without Scram TKRZ This is an Anticipated Transient Without Scram event. It is initiated by some transient that requires a reactor scram. As the sequence progresses, both automatic and manual reactor scrams fail. The presence of an unfavorable moderator temperature coefficient at the time of transient initiation results in core damage. It contributes 2.4% of CDF.

TKRD 4 This ATWS event sequence contributes .4% of CDF. It is initiated by some transient that requires a reactor

. scram. ;As the sequence progresses both automatic and s . manualtreactoriscrams;fatisand the subsequent failure of t

4

' emergency;borationiusingithe' charging pumps results in core damage? Emergency boration failure is dominated by failure of the operator to perform the proper charging -

system alignment.

Loss of DC Power -

T DCll lP l g Sequence Tncil lPl i contributes .6% of CDF. It is initiated By the loss of DC bus !! followed by the failure of AFW flow. Failure of AFW cooling necessitates the use l of Feed and Bleed cooling. However, loss of the DC bus i prevents one PORV from opening and successful Feed and ;

Bleed cooling requires the opening of both PORVs. ;

14

l 1

1 I

l l

TABLE 1. (continued)

T DCllP l3 This sequence is exactly the same as the previous sequence except it is initiated by the loss of DC bus I.

t LOCAs Outside the Containment V .;The V sequence isjantinterfacing' systems LOCA. It IWof tCDFQtItgisgimportant because it

@. f 4 @ contributes th ~(: ntainmentisafeguards L The LOCA path is

~

' V bypasses}iif

' throughfa f'the'fourisets of LPI' cold leg injection

, check valves. There is' a potential . recovery action in ;

which the operator may be able to isolate the LOCA by closing the appropriate cold leg injection isolation i valve. j (Two additional interfacing system LOCA pathways have been identified by the Sequoyah IPE. One path is through any of four sets of safety injection system check valves. The .

other path is through the two motor operated valves in the :

RHR/RCS interface.)

6 p

3 3

r e

i 3 , *I # #4 7h$ / Q ,J ; e

> ,, q. . AMG3 ;,gg;;kg aq'is-eyggy

,,7 l

e i

TABLE 2. MOST IMPORTANT SYSTEMS BASED ON CORE DAMAGE FREQUENCY Ranked By Contribution To Ranked By Risk Significance gf

Core Damage Frequency a The System Being Unavailable Reactor Coolant System Reactor Vessel High Pressure Inject./Recirc.

3 Essential Raw Water Cooling .

i Containment Spray System .................................

l Electrical Power System Component Cooling Water .

............................... Low Pressure Inject. (V-sequence)

Auxiliary Feedwater System .................................

Low Pressure Inject./Recirc. Low Pressure Inject./Recirc. .

. ............................. High Pressure Inject./Recirc.

Primary Pressure Relief System Containment Spray System Charging System .

Reactor Protection System Reactor Protection System ................................. i Accumulator System DC Power Distribution '

Essential Raw Cooling Waterc Auxiliary feedwater System Component Cooling System c Ice Condenser System l Diesel Generators Accumulator System

a. For the ranking by contribution to CDF, the systems above the first '

dotted line contribute to greater than 25% of core damage sequences. Those j systems between the two dotted lines each contribute to core damage ;

sequences ranging from 10% to 25% of the total core damage frequency. The i systems below the second dotted line contribute to less than 10% of core damage sequences.

i

b. Fcr the ranking by risr. significance of the system being unavailable, the dotted lines indicate. orders of magnitude of change in importance level. ,.., %. -

,;.: . . u .. _._

.,Te % K4$.$1tigg g?pp.y

c. The Seqtioyah IPE included;these f syi@tems"as contributors to CDF. J 1

i 16 9

i 1

l TABLE 3A. REACTOR COOLANT SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria: !

TheRYahi b$ n ht coolantEloops?iand the' pressurizer:WYEach!1oop If f $khe$ t r vessel, four main J

~

contains a steam generator, a main coolant pump, and associated-instrumentation. The success criteria for the RCS is dependent upon the accident sequence involved.

Conditions That Lead to failure l

~

1. Reactor Coolant Boundary Failure. Due to the predominance of the LOCA as an initiating event, failure of any RCS piping, vessels, welds, penetrations or connections can have serious consequences. ,

l

2. Operator Fails to Deoressurize. Failure of the operator to depressurize the RCS (by using sprays or removing steam) within 45 minutes following a SGTR can result in loss of steam generator integrity.

3. Reactor Vessel Ruoture, i

l l

e E. Y

' y ,,*, * ,[y' ..

m 17

. , , , , , , . . . . . .. . ...,....-,...r.. .--......w.-----.-mm.-- -------..........m..... . . ......r. .. .... . ....s... . ... .. . .. ..u.... .Aha#

l l

l TABLE 3B. MODIFIED REACTOR COOLANT SYSTEM WALKDOWN i Walkdown is ineffective against the RCS failure modes. ;

M h*.-[jf ,

4 i

i i

l l

i l

I 1

. i 18

TABLE 4A. SAFETY INJECTION /HIGH PRESSURE RECIRCULATION SYSTEM FAILURE

! MODE IDENTIFICATION m d

, .armc.magesPh _ _ .c oGuNd A .

j MMNf5%Y%gM IMM[\

g The Safety Injection /High Pressure Recirculation functions can be performed by either of two redundant Safety Injection pump trains or by either of the Charging pump trains. During the injection phase, the SI pumps start automatically and provide flow from the RWST to'the cold leg injection

. points when RCS pressure is less than 1520 psig. If pressure remains above 1520 psig then the charging pumps must be used. The charging system is discussed in Table 10. When entering the recirculation phase, the operator

, must manually switch the system lineup to provide a suction path from the containment sump via the Low Pressure Injection purp discharges. The only significant system failure mode is failure to provide flow in the High Pressure Recirculation mode following a small LOCA. Success is taken to be one of the SIS pumps or Charging pumps taking suction from the discharge of the Low Pressure Injection pumps and supplying flow to.the cold leg injection points.

Conditions That Lead to failure

1. Ooerator Failure to Switch from In_iection to Recirculation. Because of the small size of the ice condenser containment, the low CSS actuation set point, and the high CSS flow rate, the RWST at Sequoyah drains faster than at other PWRs. It is predicted that for all small LOCAs.

recirculation cooling will be required within 20 minutes of spray actuation. This does not allow sufficient time to depressurize the RCS and go on RHR closed cycle cooling. Therefore, operator action is required to switch from the High Pressure Injection mode to the High Pressure Recirculation mode.

2. Failure of Miniflow Valves FCV 63-3/63-4/63-175 to Close. The miniflow valves are normally open. Because they are interlocked with the pump suction valves, they must close for success of High Pressure Recirculation. Failure can be caused by valve / motor faults, valve.

actuation faults, or faults involving the valve power supplies.

3. Failure of Valves FCV 63-8/63-11 to Open. Failure of either of these normally closed valves to open isolates the associated SIS pump suction and one of the Charging pump suction paths from the LPR water supply and results in failure of that train of HPR cooling. Both common cause and independent failures are of concern. Failure can be caused by valve / motor faults, valve actuation faults, or faults involving the valve power supplies.

4. Failure of Chick 1 Valve VM510 t'o 0hes ciThis check valve is a-potential' single point; failure of,thersafety injection system. Failures of concern are plugging, sticking' shut, 'and valve failure.

19 I

J i

TABLE 4A. (continued)

5. Failure of Valve FCV 63-5 to Remain Open. This motor operated valve is a potential single point failure of the safety injection system.

Failures of concern are plugging, improper positiening, and transferring closed.

a x- , -

/ -

9 4

20 g

TABLE 4B. MODIFIED SAFETY INJECTION SYSTEM WALKDOWNa ;

REQUIRED ACTUAL POWER COMPONENT NAME POSITION POSITION SUPPLYD FCV 63-3 S1 Pumps Recire. to RWST OPEN 1Al-A 118 f

FCV 63-4 S1 Pump A Recirc. to RWST OPEN 181-B 15E FCV 63-175 S1 Pump B Recire. to RWST OPEN IB1-B 9A FCV 63-5 RWST to S1 Pumps Supply OPEN IB1-B 9B FCV 63-8 S1 Pump A from RHR A CLOSED 1Al-A 11E FCV 63-11 S1 Pump B from RHR B CLOSED IB1-B 9E

a. Information obtained from 501-63.1 Emeraency Core Coolina System, "

Revision 56,3/22/89.

b. Supply breaker closed unless otherwise noted.

v ;Jm;;;/A i

. ,.~

l l

1 l

i 21

, .- ur ..

?. i

.A : ,e c .y n=<*

s ..

' .'Ik .

,mse ;. -

.ji3?;.

ww: -

.;*-- gra:-L?.

Y ..7 ;v

' Nl$.*

^_,

[h:2

- /. i~ . @ r FROW RHR ^ 63[{f+:., t

,g, J PUuP 18-9 ,T g, . ,

1 -. s s. ,, 10 hcl

w V a

se gg5 . p -f q . w ,

vi -

l ;4.- i 2 l.,g s -"G4 z

RwSI 4 $

sur

[ t k .s'!:s.

n-%c g.;g pS. p

,,.,', :u :u ;

h. . . , ,,

1-

- , y J k w o

~; ..

N:g t as-s

,c.

es-se

., .s ,,, . s. ., s 3, w 5 -22 4 tg.y

. . ch o J7 g, g) h M,

ir NI

,,'fl,3 pg yg

,c ,

aba as-sse os->sr as->ss k .j[E:'

i 4 303pC,c,y . ? fff TO m

y #,..g. ....

ms. ...,,,

p ....,,

.s.,s. .s.,s . ....

_e 3 1. Sgs,

, u.

'. 's -*

on-ssa ss-sss es-s , vg y

' U$ ( s$.'?ss M ~ b j[$

+

if 4 se, y,. ,,

as-sse as-sss es-san p ff j FRCu %:lE Q.~ ll e s -*

go 90g ~l

,", 9 M-x' MICT tEG5 '.j%

FC s te + FCT 1A - A 63 5 43-13, t s- t 5 U-JJ uesirt C=

10 PwSI (t) 88EAntp RACktD CUT Al P0wtP SUPPLY Figure 4-1 Simplified Schematic of Safety injection System _

4 9

e a

. . . - . _ . .-d'. _---.mammmr%i,--r e-

=__

TABLE SA. CONTAINMENT SPRAY SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The Sequoyah CSS acts ~with the Ice Condenser to provide the containment with pressure suppression and heat removal capabilities. The CSS consist of two 100% capacity trains and has two operating modes. In the injection mode, the pumps supply cool water. from the,RWSTlto. help condense the steam in the containment. Upon depletion of .the.waterfinithe,RWST,'the. CSS is shifted to

'^

a combination' automatic'and operator.

actions.pThelRHR als headers'ahdithusis?pum'therecirculation:modeithroughj erve it' ona

'up'plylthe} containment spray

' CSS 7M "' tFa'i * " 'ffo${ trains 0L Success is take th'eTfirst 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of the

~

to be' the#op'eratiorifb east recirculationphase?*', _ , " '{o'nTpTfa Conditions That Lead to failure

1. Failure of Operator to Control the Containment Soray System. During a very small LOCA sequence, the operator can conserve the injection water stored in the RWST by manually securing the CSS injection flow when the containment pressure drops below the spray initiation setpoint. This can greatly extend the injection phase of the accident, which in turn will decrease the likelihood'of failure in the recirculation phase.

2. Failure of Operator to Realion the Containment Sorav System for Recirculation. Like the high and low pressure injection systems, approximately 20 minutes after spray initiation the CSS must be realigned to the recirculation mode.

23

_ w & 8 % % Q t r e & fq t +fr - -

a 1

l e

, . :t

, pl*Q , - . '

,y.

,;. TABLE 5B. .1.MODIFIEDlCO.NTAINMENTjS.PR.AY;

,;,, age SYSTEM nlALKDOWN gg,,,,, ,

I ~<1 W allure modes, j i

l i

I l

1 e

J l

I e

r (

, , ,9 .._q ,.p.~

". r, '~ _ ..

. ~m ,h .

x. ,

{'

24 I

I 1

04900208

/\ s

.. s,

., es em tec .

I c' 's

-se: p, ts-M s, wasuu stow tsNC : :

iti. SQ

- ~ , , E.cf,, I o;%:.=

-- g -

o...

'g g ;%' e; c a .e ~5

,,e ,

y ,, ,,

..u n-,g <ss,e n- 3, m,sN _

m-,c3n ,,u-,.,

.e... ,,..., _ ,.m. .%

f , ess a te n - w.n '

r 1r te

..tig?' / n-s.s *********s -

g .,-8,3 .

I ,4 o n-3..

... , x mmmmmmmm 4 ;

(c e 1 Pt D*Y

C 7'2 2B -.1Cs, 72- 34 72-3 I, re te 4,r

(

D-SSS67-52e 72- A lh8 a s-s 72-333j g;'.v A (C

-,3, 3, smosaM TLOW tsnt

y; 7 . e a

^

72b re ?* e3 ,, b

) y, beendUed FLOW (INC ,,

gg h[ -

.: r'M4,;

, -, -, MCv 7 u- u tcw k-34 72-12 1p 7 .gj ' y'. y

-4k t 1

$to '

--rti .~ TO

,g. ,74-Sta 74.o 33 , 74.0324 " '"

(Cw, s a-a FCv D-5 FCv E 63-43 w .* ? ' ;'

O 74-33 .~ g P

p FCv 43- Jkte-35 ;; y, 63-t 302 E63-94

%,c, _ ,n l'

OOP 74-32 7 "*

dbI4*II to-33 s

"_ck g g, '

muu

'C' 74-S29 74-325 F

.*-O' me m,.a s e. s.Cv

e y, neauvu f TOW LINC ,, y,

SC*.,74-53t FCv

[ -:. ~:-s, y CC%

i n-n s.

m

.F3-=Cv l

Figure 5-1 Simplified Schematic of the Containment Spray System I

l l

I l'

1

_._.___m_ _ _ _ _ _ . . . . ~. . . , _ . . _.. - . . . , - _ - . _ . . . - , _ . _ _ . . . _ _ . . - _ . . __._.(

q

~

l TABLE 6A. ELECTRIC POWER SYSTEM FAILURE MODE IDENTIFICATION l i

Mission Success Criteria Emergency power to Unit 1 is normally supplied by two independent diesel l generators, with each generator capable of supplying the loads fed from its associated 69KV bus. In addition, it is possible to supply power to a unit from the other unit's diesel generators via the shutdown utility bus.

Mission success following the loss of offsite power is defined as either one of the unit's diesels running or power being supplied from the other unit . ,

through the shutdown utility bus.

DC power to Unit 1 is, in general, supplied by DC buses I and II. .

However, some DC loads, such as those required by the turbine-driven AFW pump are supplied by the other unit. DC power is normally supplied by converting 480V AC power to 125V DC power. On the loss- of AC power, station batteries act as a backup supply of DC. power.;, Mission success for the DC power supply is defined as.the

,c continued. operation of;both:DCtbuses..

, mu % ewatu%wm,w& -

Conditions:That Lead to failure

1. Failure of Diesel Generators to Start /Run._ Failure of DG 1AA or 1BB to start or run for six hours following a LOSP results in loss of ESF loads fed from the associated bus. Failure of both DGs is a significant contributor to station blackout scenarios. Both common cause and independent failures are included. Failure can be caused by faults in the css, DG output breaker faults, or faults in the DG support systems such as control power, starting air, fuel oil, lube oil, or cooling water.

2. Failure to Sucoly Power From the Other Unit. In the event a station blackout occurs, it is possible to supply power to a shutdown board via the shutdown utility bus using the other unit's diesel output. This operation involves racking in two breakers and manually closing them.

The dominant failure mode is human error to correctly perform the procedure. Equipment failure is also a contributor to the unavailability of power from the other unit.

3. Diesel Generator Unavailable Due to Maintenance. This includes both scheduled and unscheduled maintenance. This item contributes to both partial and complete loss of AC power following a LOSP. -

4. Loss of a DC Bus. The failure of concern is the loss of either DC bus I or DC bus II. Failure of either bus results in loss of Main Feedwater,

and the loss of one of the PORV trains. Loss of a DC bus was identified as an important initiating event.

l 26

l i p- , .

rs.

1 i

TABLE 6B. MODIFIED ELECTRIC POWER SYSTEM WALKDOWNa l Due to the integrated nature of the diesel generator fail. to start or run failure modes, each diesel generator should be checked for proper standby mode, alignment as discussed below., . 1

-kk $ 1 1t l'hhal bl)LisinAUTO.

- myy,.w. ,-

DG room exhaust fans IA/IB are in AUTO. l DG room exhaust fans 2A/2B are in STANDBY. !

Fault shutdown relays are RESET.

Auto-mainte1ance switch (on local panel) is in AUTO.

Hand reset switch LRX (on DG relay panel) is RESET (REMOTE). l l

Loss of field cutout switch (on local exciter panel) is ON. l 86 LOR (on DG relay panel) is RESET.

86 GA (on DG relay panel) is RESET.

l Annunciation panel is clear on 0-M-26 '

Unit-local parallel switch (on 0-M-26) is in UNIT. :

1 43 T(L)-(on 6.9kV logic panel) is in NORMAL.

a. Information obtained from S01-82.1/.2/.3/.4 Diesel Generator 1A-A/lB-B/

2A-A/18-B, Revision 34, 8/19/88.

l

. l l

[Oiy: *

27 I

SAR 7Y FROM sus - 4NON.0V .C

= uccA

. ~~

IE V LNT 1 m ,, , (NT 2 TRAst A TRAP 4B .a TRAN A TRAN 8 F m_ ml e ,sa.

e. -.e .

..a .. ..a.. ..a .. ...e..

F b* f b t T.

, I

.- 1 .

.c .

- .. * - - . . . -- . -- . Et - -- . - . - - . . -- .

M*

[]** *"* 0 0 'ff ve [ac= .

'.' E-]

~ y .:s ;% .; g e: g .:

c. . . . .. . ..

m,: m.:, s.

n i: 7: 3: r: r. ra r e .-.

I I l l

. .c i - I. .c . . ,e .I = = .c .

i =ai F =. El Pm P27 Pal F*.A' l P- Pal I

, , - . . . . . .- ... . . . . . . . . ~ . . . . . . - . . . . . . . . - . . . . . . . . - . . . . . - . . .

I Figure 6-1 Simplified Schematic of the Electric Power System 4

l

TABLE 7A. AUXILIARY FEE 0 WATER SYSTEM FAILURE MODE IDENTIFICATION I Mission Success Criteria The Auxiliary Feedwater System consist of one 100% capacity turbine driven ,

pump which feeds all four steam generators, and two 50% capacity motor driven i pumps which each feed two of the four steem generators.. Success for all j accidents except an ATW5 is taken to be any one pump running, supplying flow to .!

two steam generators. For an ATWS,. success is defined as flow to three of the four steam generators from either both motor driven pumps or the turbine driven

. pump.

, 4 , , ,1 . % ,

l ggi mmmmtwawk ugaConditions:That, o

%m ,Q,fs,g. .

<s Lead to: Failure

1. Failure of Ooerator to Manually Doen Failed Air Ooerated Valves. During a station blackout, AFW cooling is supplied by the turbine driven pump-train. If loss of' air to tha air operated valves on the pump discharge lines causes them to closo, the operator can manually open them. The time l frame for doing so is approximately one half hour. '

2. Turbine Driven Auxiliary Feedwater Pumo Failure to Start. Failure of the-turbine driven pump to start, in conjunction with a complete loss of AC results in complete loss of auxiliary feed capability. Also, failure in- .

conjunction with a partial loss of DC or AC power and an independent j failure in the operable motor driven pump train also results in the !

failure of auxiliary feed flow.

3. Steam Bindina of Auxiliary Feedwater Pumos. This is a possible common caure or independent fillure mode caused by the Icskago e,f steam into the pump discharge pipint. Once per shift checking of the MW pump's i discharge piping temperature should minimize these failures.

4. Turbine Driven Auxiliary Feedwater Pumo Unavailable Due to Maintenance.

Turbine driven pump maintenance unavailability in conjunction with station blackout, is an important factor contributing to loss of auxiliary feed !

capability.

5. Motor Driven Pumos Fail to Start /Run. Following a transient initiating event that results in the unavailability of one motor driven pump train and the subsequent failure of the turbine driven pump train, the unaffected motor driven pump must start and continue to run for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months to ensure adequate cooling is available to prevent core damage.

6. Auxiliary feedwater System Actuation Failure. Actuation f ailure of one.or more AfW trains can result in partial or total loss of Auxil.iary feedwater capability. Failure can be caused by either common cause or independent failures. There exist a possible operator recovery action to manually initiate flow following actuation failure.

7. Failure of Ooerator to Manually Initiate AFW Flow, in the event the automatic initiation of AFW falls, the operator has the ability to manually initiate flow by starting the appropriate pumps and establishing '

a flow path.

29

., . w; , < g .&p44 n -

.i v I' 1

^ *

, ? hh IT Y Conditions That Lead to Failure

8. Air Ooerated Valves LCV 3-148/3-156/3-164/3-171 Fail to Ooen.

following a transient initiating event that results in the unavailability of one motor driven pump train and the subsequent failure of the turbine driven pump train, both of the level control valves in the operating motor driven pump train must open to ensure adequate cooling to prevent core damage.

9. Air Ooerated Valvas LCV 3-172/3-173/3-174/3-175 Fail to Ooen.

Following a station blackout initiating event the turbine driven pump train must supply flow to at least two of the steam generators. .

Therefore, two of the four level control valves in the turbine driven pump train must open to ensure adequate cooling to prevent core damage. The failure of concern is the common cause failure of three or more of these valves to open.

10. Failure of Motor Ooerated Valve FC'> 1-51 to Ocen. In station blackout conditionr. the only source of AFW flow is from the turbine driven pump. F;' t re of the normally closed throttle / trip valve to open results in ioss of all AFW flow,

11. Failure of Check Valve 3-864 to Onen. This check valve must open for success of the turbine driven pump train. Its failure to open when the motor driven pump trains are not available could result in core damage.

e 30

__ _ _ . , ,_ - -, _ . _ _ _ _ _ _ _ + _

.a s

TABLE 78. MODIFIED AUXILIARY FEEDWATER SYSTEM WALKDOWNa REQUIRED ACTUAL POWER ;

D COMPONENT NAME POSITION POSITION SUPPLY TDAFWP Turbine Driven AFW Pump 0FF N/A MDP A-A Motor Driven AFW Pump A-A 0FF 1A-A 10 MDP B-B Motor Driven AFW Pump B-B 0FF 18-B 10 f h

LCV 3-148 SG 3 MDAFW Pump Level Cont. OPERABLE VBBc d

SG 2 MDAFW Pump Level Cont. OPERABLEh LCV 3-156 VBB d

LCV 3-164 SG 1 MDAFW Pump Level Cont. OPERABLEh VBB LCV 3-171 SG 4 MDAFW Pump Level Cont. OPERABLEh VBBc LCV 3-172 SG 3 TDAFW Pump Level Cont. OPERABLEh VBB' ,

LCV 3-173 SG 2 TDAFW Pump Level Cont. OPERABLE h VBB f

LCV 3-174 SG 1 TDAFW Pump Level Cont. OPERABLEh VBBf LCV 3-175 SG 4 TDAFW Pump Level Cont. OPERABLEh VBBe FCV l-51 Trip and Throttle Valve Closed 9 .__. N/A

a. Information obtained from 501-3.2 Auxiliary Feedwater System, Revision 46, 3/27/89. ,,

b. Supply breaker closed unless otherwise noted. ,

c. 125VDC Vital Battery Board II Breakers 210 and 211.

d. 125VDC Vital Battery Board I Breakers 210 and 211.

. e. 125VDC Vital Battery Board III Breakers 210 and 211.

f. 125VDC Vital Battery Board IV Breakers 210 and 211. l

g. Operable, latched, and mechanical overspeed trip reset.

h. In order for an air operated valve to be considered operable, its controller, positioner, and operator must have control air lined up to i them. It must appear properly assembled, with no obstructions or l excessive air leaks.

31 l l

J I

N

\

c c ei.S. e

%* e itm.e .s cs .

' . c.a s e no

e -*g H - e.' t Ci-til m 9

gy ng Y Y h x g"b s. ...,. _ .< c e% Matt b y

.ee.s.

y- W:9: n ,Wmr . . m - r. .

" e

~X,n- a

m. ;<r.,

H * *3 O ' e

'%. p s--

v, h

,in m . __

o ' b .Q e a. -

w aan % nsa T y, na.'s , , - , n; y-g sitans a, <

M~-

... ., .... $'c.{. .. . . . . .

s,.u.<tt w t= -

se

? ;

~. e 9'

.emre e esi ~,9-c7 M-8 2

<> ^

e 9 .

'* "'** F'"* '% 0,8 ,, s ,e,m p,., n.

" YE" s-eas scv nda 2 M ' *U T^ -

&cs

> I'-

5tt aan uramarans ,ma s.as:

i.~

? M9ti #-

.7."*e c

I,9, n"2 g; In.4 '%><

- s .us. s cae 7 -

s-a r scv s.ca s...s i

'o 5 - 8 8.* l

/- e

9 -

N N, %.

m 0,g u. ...

s m. ***

a as . r=w.

- - - - 9 9 t %.

n 7,9;

,, 3n .; 7n .;

s.

s u.

.,s s, so-se <

n- :e O O se,

..~ .:-..m :=? m9: .i. s.: .

. . = . . .,.,.

n. :: n- a Figure 7-1 Simpilfied Schematic of the Auxiliary Feedwater System p 9 6 . . .

I E- - -- _ - - _ _ = _ _________ _ _ _ _ _ _ _ _ _ _ _ _ _. l

~

t i

TABLE 8A. LOW PRESSURE INJECTION / RECIRCULATION SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The LPI/LPR system provides emergency coolant injection and i recirculation following an accident which results in Reactor- Coolant System depressurization. The LPR pumps can also be used to provide Containment Recirculation Spray flow. In addition, the LPR system provides the suction source to the Charging and SI pumps for High Pressure Recirculation :

operations. The success criteria for the LPI/LPR system varies depending on i the specific application. However, for all cases involving the use of I LPI/LPR, successful operation of one of the two LPI pumps is required. ;

Conditions That Lead to Failure ,

l I. Failure of Low Pressure In.iection Pumos to Start /Run. The failure of I concern is failure of_these pumps to start or run for.24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months :

following an, accident.:4 Failure canLbe due,to .either common cause i failure of:both pumps ~orothe; independent. failure.of.one pump when a ;

fault exist on the other pump' train. eFailure results in a complete or partial loss of low pressure injection / recirculation capability, and the inability to provide High Pressure Recirculation. Failure can be caused ;

by pump / motor faults, electric power supply faults, or actuation system i faults. ,

2. Miscalibration of the Refuelina Water Storaae Tank Level Sensors. !

Following the injection phase of a LOCA, there is an automatic i switchover from Low Pressure Injection to Low Pressure Recirculation. "

Switchover is initiated when the RWST level decreases to 29%. i Miscalibration of the RWST level sensors can result in failure of the automatic switchover feature, and the subsequent failure of Low Pressure Recirculation operations.

3. Failure of Motor Operated Valves FCV 63-72/63-73 to Ooen. These valves i open to provide the LPI pumps suction from the Containment Sump. Their i failure to open due to common cause or independent failure when a-fault i exist on the other pump train results in loss of low pressure l recirculation capability. Failure'can be caused by valve / motor faults, electric power supply faults, or actuation faults.

4. Pluaaina of the Containment Sumo. Common cause failure of the sump suction lines due to plugging results in loss of high/ low' pressure and containment spray recirculation capabilities.

5. Operator Fails to Remove Refuelina Drain Pluos. The refueling drain plugs prevent water passing from the upper containment compartment to the containment sump. They are installed prior to flooding the refueling canal for refueling operations. If these plugs were not removed after refueling, under accident conditions requiring use of the 33

.1 1

. I l

1 TABLE BA. (continued)

Conditions That Lead to Failure CSS, spray w'ater would accumulate Jn the upper containment compartment with no way to drain back to the containment sump for recirculation. +

6. Failure of Motor Ooerated Valves FCV 74-12/74-24 to Ooen. The miniflow valves open during the;high pressure; injection _ phase to prevent-the LPI 3

pumps,fromfoverheating 5 Theirifailure to;open due'to common cause or i :

independent! failure lwhenfMfaultiexist'on the other pump train can ,!

result in loss of low pressure recirculation capability. Failure can !

be caused by valve / motor faults, electric power supply faults, or actuation faults.

7. Low Head Safety Iniection Pumo Unavailable Due to Maintenance.

Maintenance unavailability of one of these pumps in conjunction with a fault on the other pump train results in loss of low pressure injection / recirculation capability-

8. Failure of Motor Operated Valves FCV 74-3/74-21 to Close. These valves must close to isolate the LPI pumps suction from the RWST to allow for recirculation from the Containment Sump. Their failure to close due to common cause or independent failure when a fault exist on the other pump train results in loss of low pressure recirculation capability.

Failure can be caused by valve / motor faults, electric power supply i faults, or valve actuator faults.

9. Failure of a Cold Leo Iniection Check Valve Pair. There are four pairs of check valves on the Low Pressure Injection lines,-63-633 and 63-560,63-635 and 63-563,63-632 and 63-561, and 63-634 and 63-562. Failure .I of any one of these pairs due to a combination of rupture or failure to close, results in an interfacing systems LOCA. There is a potential recovery action in which the operator can isolate the LOCA by shutting the appropriate cold leg isolation valve.

10. Failure of Motor Operated Valves FCV 63-93/63-94 to Close. After approximately 15 hours1.736111e-4 days 0.00417 hours 2.480159e-5 weeks 5.7075e-6 months of cold leg recirculation, the core must be '

recirculated through the hot legs to prevent the build up of boron and subsequent core damage. The cold leg isolation valves must close to allow flow from the LPI pumps to recirculate through the hot legs.

Their failure to close due to common cause or independent failure when a fault exist on the other pump train results in loss of the normal . -

method of hot leg recirculation. Failure can be caused by valve / motor faults, electric power supply faults, or valve actuator faults. ,

11. Operator Fails to Open RHR Header Cross Ties for Recirculation. Should one train of LPR be unavailable and the opposite train of HPR also be ;

unavailable, the operator can recover recirculation flow by opening the ~

RHR header cross tie valves FCV 74-33 and FCV 74-35.

12. Failure of Check Valve V 63-502 to Open. This check valve is a potential single point failure of the low pressure injection system.

Failures of concern are plugging, sticking shut, and valve failure.

+ , _

i

- 34

3 TABLE 8A. (continued) ,

l Conditions That Lead to Failure -

I

)

i 13. Failure of Valve FCV 63-1 to Remain Ooen. This motor operated valve is i a potential single point failure of the low pressure injection system. ;

Failures of concern are plugging, improper positioning, and transferring closed.

4

. 14. Failure of Valves FCV 74-1/74-2 to Remain Closed. Failure of these valves to remain closed, either through catastrophic failure or by

transferring open, has been identified by the Sequoyah IPE as a ,

i

. potential interfacing system LOCA pathway.

1 i

e t

35 !

t

TABLE 88. MODIFIED LOW PRESSURE INJECTION SYSTEM WALKDOWNa REQUIRED ACTUAL POWER COMPONENT NAME POSITION POSITION b SUPPLY RHR 1A-A RHR Pump 1A-J OFF 1A-A 14 RHR IB-B RHR Pump IB-B 0FF IB-B 14 FCV 63-72 Cont. Sump to RHR A

. CLOSED 1Al-A 13A .

s u n ge.e.e m.

FCV 63-73 . Cont.' Sump'to RHR B' giCLOSEDT IB1-B 11C FCV74-12 RHR Pump A Miniflow CLOSEDc 1Al-A 7C2 FCV 74-24 RHR Pump B Hiniflow CLOSEDc 1B1-B 14E FCV 74-3 RHR Pump A Suction Isol. OPEN 1Al-A 6E FCV 74-21 RHR Pump B Suction isol. OPEN IBl-B 14C FCV 63-93 Cold leg 2 and 3 Isol. OPEN 1Al-A 13B FCV 63-94 Cold Leg 1 and 4 Isol. OPEN IB1-B 12A FCV 74-33 RHR Htx A Bypass Isol. OPEN 1Al-A 7E FCV 74-35 RHR Htx B Bypass Isol. OPEN 181-B 15A FCV 63-1 RHR Supply from RWST OPEN 1Al-A 13A FCV 74-1 RHR Supply from Hot Leg 4 CLOSED 1Al-A 6C2d FCV 74-2 RHR Supply from Hot Leg 4 CLOSED 181-B 14Bd

a. Information obtained from 501-63.1 Emeraency Core Coolina System, Revision 56, 3/22/89.

b. Supply breaker closed unless otherwise noted. '

c. Closed and in Auto.

d. Supply breaker open unless RHR cooling operations in progress.

36 x . ,g. w a. .

V

...~ . . . - . . . . . - . . . . - . , , _ . , ~ , . . . - . . . - . _ - . _

w .ce:e.

/

~i, na: .E. u.a n p,

==si w

. .. n ;. ,J ,*g

" m+ B n-n nal h:c, Mn-= m

,;a,,

p"m n

>'a we n=ri

%= %g- .,'.a..,,

_4

.:c:.

a y

J+t+-

ww--

to acs 0

n_ . u= .-a

. -. , ,a;>,n ,,,. ,.,ato ee m .- n=e4 .. , .

=g s -

cao ac y

-~ ,

4,, H ..

I n=n

,o

,,, .N. .N, .- -

=

m., c n <my--.

,,. s .. e m n=al ,.g,yu n-n ; 23.~

p, W $,

n=22 n yy :e n-an n=at

-~

4,e. ,at,, -

.,o ==

nai "-.

mv,ja i .f, ,at,.of,,L. , f.'. u-a ym A ~J L-

,m, n.-a.1 A

.D, s n=**

re,'

a-n M TE S (*3 Nes Crth, Peets aEesC64E Figure 8-1 Simpilfled Schematic of the Low Pressure injection / Recirculation System

TABLE 9A. PRIMARY PRESSURE RELIEF SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The Sequoyah PPR system consist of three code Safety Relief Valves (SRV) and two Power Operated Relief Valve (PORV) trains. Each PORY train consist of a DC powered PORY and an AC powered motor operated block valve. The only failure mode of consequence is failure to support feed and bleed cooling operations. Successful feed and bleed cooling requires the opening of both PORV trains. , . ' , , y , {j ' ' ,

Conditions That Lead to Failure

1. Failure of PCV 68-334/68-340A to Ooen. Failure of a PORV to open coupled with failure of the AFW system following a transient results in core damage. This is because, if AFW fails then feed and bleed cooling is required, and the success criteria for feed and bleed cooling requires the opening of both PORVs.

2. Failure of a Block Valve FCV 68-332/68-333 to Onen. The block valves are normally open valves, however, they are sometimes shut for leak isolation purposes. Failure of a closed block valve to open on demand results in failure of that PORY train. !

i r

l l

38

I s

TABLE 98. MODIFIED PRIMARY PRESSURE RELIEF SYSTEM WALK 00WNa J

REQUIRED ACTUAL POWER ,

b COMPONENT NAME POSITION ' EQ111LQB SUPPLY PCV 68-340A Power Operated Relief Valve OPERABLEC VBB I PCV 68-334 Power Operated Relief Valve OPERABLEc VBB 11 ,

FCV 68-332 PORV Isolation Valve OPEN 181-8 FCV 68-333 PORV Isolation Valve OPEN lAl-A Pos. I d XS-68-3400 Pressure Channel Selector N/A I'

PIC-68-340A RCS Master Press Control AUTO VBBe

a. Information obtained from 501-68.3 Pressurizer Pressure and SoraY Control System, Revision 15, 3/22/89.

b. Supply breaker closed unless otherwise noted.

c. In order for an air operated valve to be considered operable, its controller, positioner, and operator must have control air lined up to them. ;It must appear properly.. assembled, with no obstructions or .

excessive air-leaks.r t

' ' h J. -

d. Or alternate position 2 or 3.

e. 125VDC Vital Battery Board I and 11 breaker 24.

1 I

1 l

39

t

'1

.a m TO PRESSURIZER RELIEF TANK r Ak Ak Ak

.k.

563 8s-s84 - ses

.h ag.g , A -'

,q y.'#

i'r

c. .; -

L -

& ^s- Q pj.

rm w FCV FCV?68-333 66-334 h FCV A,

FCV '

w 68-332 68-340A

_/

PRESSlHicirt ALL COMPONENTS INSOE CONTAINMENT Figure 9-1 Simplified Schematic of Primary Pressure Relief System CueCC*C4 O %

. . - , - . . - , - , . - , ,, ---m,v- , , , w. -

, .. .,, , ,,, , e

i j

TABLE 10A. CHARGING SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The charging system consists of two centrifugal pump trains. A third- l positive displacement pump train was not considered due to it being frequently out of service. The charging pumps act with the safety injection pumps (see Table 4A) to provide high pressure injection of makeup water to the cold leg j injection paths. The charging system additionally provides seal injection flow to the RCPs and provides a source of highly borated water for emergency _ ,

boration following an ATWS event. Mission success is taken to be successful l operation of one of the two centrifugal pump trains (or for high pressure ;

safety injection the successful operation of one of the two charging pumps or <

one of the two safety injection pumps).

Conditions That Lead to failure r

1. Failure of the Operator to Correct 1v Perform Feed-and Bleed Coolina, in s the event of auxiliary feedwater system failure following a plant transient, the operator ~can initiate l feed and bleed cooling._ This is accomplished by using the charging system to feeding cool water to the RCS :

while draining hot water via the PORVs. Failure of the operator to correctly line up the charging system and initiate feed and bleed cooling can result in core damage.

2. Failure of the Operator to Correctly Perform Emeraency Boration.

Following an ATWS event in which the control rods fail to drop, the operator can mitigate the effects of the ATWS by performing emergency boration. The dominant contributor to failure of emergency boration is failure of the operator to properly align the charging system to deliver flow from the boron injection tank to the reactor.

l l

l 41 l

TABLE 10B. MODIFIED CHARGING SYSTEM WALKDOWN Walkdown is ineffective against the charging system failure modes.

e 1

42

: = 10 sz-sse % L

, C T@

h TLCe e2-$2s a

w 2 fS .C3 e w VCT z e to nosung 2

%W r h mastLP s*0 y FD 83 s2-et F $2 133 s2- 532 s2-333 4J-535 to sz-53s SI8L

ACI" z $

rev rce ftv o z s* er e6 es s!-ss u O u

f2-C w

. v, ?

t.s LC * ?

u n-'n w ;

thCE ^ g3.gp w E3 C) ES Ci "-*2 " - ' * '

eess b * ' ~

~

mm PS-C7 ES:lC 1

Q n.sn n -s2, m-fl !E m I0 u-in "-"' "'"'

u.a af A e' 55- 2 5 "-M' pc

,r,c', "-"' coto

.'S3 N LEG

.9. ~ ss-see as-ses ES-C3 E5:1L

,c, 4 w FCU 4 o-us n-us FCW 6 3-se ES-15 E5=fl MW s)-Il M4 02-530 42-S36 w.stc.

g( Q2c.

'{' ,

L 62-99 (2- 28 0 'CI 92 $25 42 32s

, - ci-re Ort (ba9M a ,,

8 v7 t

ti) estakte sack [0 Cut at PCWER SUPPLY Figure 10-1 Simplified Schematic of Charging System

4 -

TABLE IIA. REACTOR PROTECTION SYSTEM FAILURE H0DE IDENTIFICATION Mission Success Criteria

)

The Reactor Protection System is designed to automatically scram the

! reactor when abnormal conditions exist. Should an insufficient number of control rods be inserted into the core to insure a safe shutdown margin, then the addition of boron to the reactor can achieve the same results.

Conditions That Lead to Failure

1. Failure of Automatic Reactor Scram. The failure mode of concern is failure of the Reactor Protection System to scram the reactor given an automatic trip signal. This could result from electrical or mechanical 7

failures in the Protection Logic, Scram Breakers, or Control Rod Drive Mechanisms.

4

2. Failure of Ooerator to Manually Scram the Reactor. For those ATWS events not caused by Control Rod Drive Mechanism mechanical failure, the operator can end the event by manually opening the Scram Breakers. This can be done by deenergizing the shunt trips from the control room or removing power at the motor-generator sets. The operator has one minute to perform one of these actions.

3. Presence of an Unfavorable Moderator Temoeralure Coefficient. The presence of an unfavorable moderator temperature following an ATWS event can lead directly to core damage. Care should be taken to ensure the reactor is always maintained with in the operating limits established by the technical specifications.

44 q

i i

a l TABLE 118. MODIFIED REACTOR PR0"ECTION SYSTEM WALKDOWNa

.. .. m :~; y py;nayg., ,

j -The failure modes'of T ble,8A are not allireadiky inspectable by walkdown. Surveillance of the RPS system while critical does not include inserting the control rods. Therefore, whenever any' surveillance is performed that would check this functions, it should be observed or reviewed ,

'J to ensure proper equipment response. Additionally, any surveillance l involving the automatic reactor trip functions should be observed or reslewed to ensure proper equipment response, l

j REQUIRED ACTUAL' POWER COMPONENT NAME POSITION POSITION SUPPLY b RTA Gear BKR RTA Trip CLOSED VBBc I 320 P BYA Gear Bypass Bkr BYA OPEN VBBc ; 339 l RTB Gear BKR RTB Trip CLOSED VBBc !! 320 ,

BYB Gear Bypass Bkr BYB OPEN VBBc 11 319 i

. a. Information obtained from 501-99.1 Reactor Protection System.

Revision 8, 3/22/89.

b. Supply breaker closed unless otherwise noted.

c. 125VDC Vital Battery Board.

}

s J

J I

l 1

i 45

! I I

TABLE 12A. ACCUMULATOR SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The Accumulator system consist of four pressure vessels filled with borated water and pressurized with nitrogen gas. During normal operation one accumulator is floating on each of ~the cold legs behind two closed check valves and a normally open motor operated isolation valve. Following a large LOCA, as primary pressure drops below that in the accumulator, the nitrogen gas expands and forces the accumulator water to inject into the primary. Success is taken to be the injection of water into the vessel -

from the three intact loop accumulators.

Conditions That Lead to Failure

1. Failure of Check Valves 63-622/-623/-624/-625 or 63-560/-561/-562/-563 to Ooen. Following a large LOCA,-core safety requires that the Accumulators on the intact loops inject to the core. Failure of any of these check valves to open in an intact loop would result in core damage. , Failure.can be caused by,mechanicalivalve faults or plugging.

,uwa;m? ;,

2. Valve FCV 63-67/63-80/63-98/63-118' Fails to Remain Ooen.~ Failure of any of these valves to remain open prior to or following a large LOCA can result in core damage. Failure can be caused by plugging, mispositioning, or transferring closed.

e 46 i

_. . u i

k h

i

-i TABLE 128. MODIFIED ACCUMULATOR SYSTEM WALKDOWNa l

REQUIRED . ACTUAL- POWER .

D 0

(_MPONENT NAME POSITION POSITION SUPPLY !

FCV 63-67 Accumulator 4 Isolation OPEN 181-8 llBc FCV 63-80 Accumulator 3 Isolation OPEN 1Al-A 13Cc ;

FCV 63-98 Accumulator 2 Isolation OPEN IB1-B-llEc FCV 63-118 Accumulator 1 Isolation OPEN- lAl-A 13Ec

a. Information obtained from 501-63.1 Emeroency Core Coolina System. I Revision 56,3/22/89. ,

b. Supply breaker closed unless otherwise noted. I

c. Supply breakers must be open whenever RCS pressure exceeds 2000 psig. '!

f t

i

)

l I

i i

l 47

y i

ACCUMULATOR 1

FCV 63-118 TO LOOP 1 N N OW EG -

63-622 63-560 ACCUMULATOR 2

FCV 63-98 TO LOOP 2 .

N N OW EG 63-623 63-561

$ ACCUMULATOR 3

FCV 63-80 N

. ,N % TO LOOP 3 C:

OW EG 8 63-624 63-562 ACCUMULATOR 4

FCV 63-67 N N > TO LOOP 4 OW EG 63-625 63-563 ALL COMPONENTS NSOE CONTAlWENT Figure 12-1 Simplified Schematic of Accumulators c- . c < n : l-e

' " " ' ' --s- m m .___ _ ., '- ,ey,__y _ _

O TABLE 13A. ESSENTIAL RAW WATER COOLING FAILURC MODE IDENTlf! CATION Mission Success Criteria ERCW is a system shared with Unit 2. Normally, four of the eight system pumps are running, with one pump supplying each train at a plant. The other four pumps are normally in an automatic standby mode, with cne pump aligned as back-up for each running pump. ERCW success is taken to be a minimum of two pumps running and supplying cooling water, with at least one pump supplying cooling water to each plant.

Conditions lhat Lead to failure

1. Pumos fail to Start /Run. Failure of a pump to start or failure of a running pump reduces the system's ability to recover should some independent system failure occur. Common cause failures of more than one pump are of particular concern.

2. Strainers Plucced. Each pair of ERCW pumps has a common traveling screen inlet strainer and a discharge strainer. The plugging of any of these strainers will reduce the system's ability to recover should some independent system failure occur. Common cause failure of more than one strainer is of particular concern.

3. Pumo Maintenance Unavailability. The unavailability of a pump due to maintenance reduces the system's ability to recover should some independent system failure occur. Time spent with a pump unavailable should be as short as possible.

l i

l l

49

.--. -... ..- _- . _ - _ . . .. - ... . . . - . ~ . - . ..-

i t; ,

If i

~ j.

1 1

[. 'l.

TABLE 138. MODIFIED ESSENTIAL RAW COOLING WATER SYSTEM WALKDOWNa f f

i REQUIRED ACTUAL POWER !

l COMPONENT NAME POSITIOND POSITION SUPPLYc QA ERCW Pump Q-A -ON 1A A f

J-A ERCW Pump J A STANDBY- 1A-A l

NB ERCW Pump N-B ON -18 B .

l LB ERCW Pump L-B STANDBY IB-B ;

k-A ERCW Pump R-A ON 2A-A

KA ERCW Pump K A STANDBY 2A-A I

MB ERCW Pump M B ON 28-B i i

P-B ERCW Pump P-B STANDBY 28-B i 4

l t

a. Information supplied by TVA.

l

b. Normally one of each pair of pumps is running with the other in standby.

f

c. Supply breaker closed unless otherwise noted. !

l 'I I

l i

S0 t

l

,.--e - =

,..s- -- - .

+. .. . - -. _ . - ,

.5;"Jm:3 ..u. .

~

.,,.-. .. ., m ,, .

y)

nu no n-20s on n-,,, s ".12'.,

q~

_ n-ror a nu rm. x. , x.- ,

" n-1os U::.% *

v",%> ot;" ,

Z.

~

5 n-ror =und: ej >J;::nt!'13 s . Ea ,

I g4 o".">

y)

n. n.

M*?I q9) D n-g g4 $5 aUs) n-ro2 x,

n. n. : a x,

_ " n-ros ~ '_ 03 "" o",%, v?;%>

$ i "- '8' :

d 2J >J!Lin!!'13

. @ C,.=. d. g".5.'.,

._li;n

M-r15 *****)

.$ _ n-ros

... ,-. m .x. ,

x.,

u n- r12 c-9 o",A3 o!;%,

I 'i3 ( '

n- r1i 'dd =J., J! L'. :!'i>

ua = >.

)

,(

9/ y -, e, c::,

o-

. = . , .

- n-ra: a

" o"e., at;" ,

,. -m ~ n -112 U::.2

) ( . Mas c, ,1

m. , . 3 ot, moi. . .o ..

m.s.==

w b. _e' .- o,. n...,. ...

{ s ) ac .ur eet=, ceareen. a esetsta ,g 2 1 ,-.,

a-u> o-= 3 Figure 13-1 Simpilfled Schematic of the Essential Raw Cooling System

VC ,

+

TABLE 14A. COMPONENT COOLING SYSTEM FAILURE MODE IDENTIFICATION Mission Success Criteria The component cooling water system (CCS) is a system shared with ,

Unit 2. Normally, three of the five system pumps are running, with one pump supplying the B-trains of both plants and separate pumps supplying the A trains for each plant. The other two pumps are normally in an automatic

. standby mode, with one pump aligned as back-up for each plant. CCS success is taken to be a minimum of one pump running, supplying cooling water to both plants. -

Conditions That Lead to failure t

1. Failure of the Ooeratino Pumos to Continue Runnino. The failure mode of concern is the simultaneous failure of all three operating pumps due to some common cause failure. This failure coupled with failure of the standby aumpstresultslin com late

loss'of.CCS ficw to the Unit. Because of the s1ortrtime:; frame $invo vedi(4-5 hours),: no. recovery actions are likelyhyg ggyyp@nyyNe ligt ~'

2. Failure of the Standby Pumos to Start and Run for 24 Hours. Following a simultaneous loss of all operating CCS pumps, a standby pump must start '

and continue running for approximately 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months to ensure sufficient :

time is available to restore the failed pumps. Failure of the standby pumps results in a complete loss of CCS. Pump failure can be caused by pump / motor faults, electric power supply faults, or actuation faults with failure of the operator to start manually.

3. Pumo Maintenance Unavailability. The unavailability of a CCS pump due to maintenance reduces the system's ability to recover should some independent system failure occur. Time spent with a pump unavailable should be as short as possible.

4. Heat Exchanaer Maintenance Unavailability. The unavailability of a CCS heat exchanger due to maintenance reduces the system's ability to recover should an independent system failure occur. Time spent with a heat exchanger unavailable should be as short as possible.

l.

52

. . - .=. . . .- .- . _

s TABLE 140. MODIFIED COMP 0NENT COOLING WATER SYSTEM WALKDOWNa REQUIRED ACTUAL POWER D

COMPONENT NAME POSITION POSITION SUPPLY 1A A CCS Pump 1A-A ON 1Al-A 48 181-B 3C IB B CCS Pump 18-B STANDBY

. 2A A CCS Pump 2A-A ON .2Al-A 4B 2B-B CCS Pump 2B-B STANDBY 281-B 3C C-5 CCS Pump C-S ON 2B2-B 2D Pump Hr.ater Breaker Closed LC-152c 18 h

a. Information obtained from 501-70.1 Comoonent Coolina Water, Revision 51, 5/24/89. ,

b. Supply breaker closed unless otherwise noted. .

c. Col. A2-S, El. 690. -

i i

=

?

E 53 ,

aescosas 1

1j OdM M aCICR ELDG if^

M-334 M ust 1 '3 M-323 9p' *-?t 4-o-?

-- W INNI -$'

s ec.c

,, 5d12 9 t's 5-R2 i n,. . o n-3 fd o

uat i f

5-131 ..- ... C,>^<

c, ug, M, uc s,

' &s -

/p, g x.e. xi.e c.:s ..,, r,- e re- or te.c.se p

_ .. , s .t.

= y ac, 5did u- n-124 =y w%

O f 4 3e _

r, r

,n h-n M',

d,,c,,,2 - [5F [WHI i*

-fi m

n ae can M"31Q 0j u-:s =, , ns A:

sc* n .ssr

.. ro .-

n-3rr; e,,

g-dL

,'L', qm

= se.. :?Y 6P,, yt*

to 3c3 r,r

,$'h n- 't' ~

4L 3038 i e-o & a n-32s MdM [8 _ E5F EOuPWNT

- 19 ~ $2h

_3,, n-3q M*]13l ,,

g-[

-e%- ;. N* n-330 k!R, a 5du us f gan %4>',n, . sui ,i> ?Q c.

W _ g MSTE BLDG

=, o-ro W

ri r x-: ,,i.

N'5

-s - C

sy'., ,'f*y. M-342 th n-3cy 5dn , M-126 Qy.

g'P '-

an

~

res78 n-3 r2

& 'gh r

Er og re,c, ...

5d3 [I ,_,c,

_ ESF [0.FWNT 2e

-iW-yp.

n-120 re-s . ,.c

-tc .;-7e 'I rc O p: -7o . se.e sc3 0-.t' n.s.a *&t-J scsa ;,.e y .re M-327 M-333_a n 5-12 f :ses enr WM 'y 2e O- - poot gar ~

M-321 C' OOR DOwClkS '?'

m G d M gVt-se 't' Cdia < *% vs 5-idQ :9: :y 4,.1 4

totc 4 tc...

et rc, et, 2

ec,

-7 3c.. :. , e-is . ?c- ess re- o.

ses

... s ie.

M-123 ,y

- 3E ACTOR ELDG U41 2

EJ tO.n(NT Figure 14-1 Simplified Schematic of the Component Cooling Water System e

_ ____1.__________ - - _ _ _ . . . - . - ~ - - - . - - - - - - - -

0 5 TABLE 15. PLANT OPERATIONS INSPECTION GUIDANCE Recognizing that normal system lineup is important to any given standby.

safety system, the following human errors are specifically identified in the PRA as important to risk.

System Failure Discussion Reactor Coolant To depressurize RCS following SGTR Table 3A, item 2 High Pressure To switch from injection to recire. Table 4A, item 1 Injection Containment Spray To control sprays Table SA, Jtem 1 To properly switch to recirculation Table 5A, item 2 Electric Power To provide power from other Unit Table 6A, item 2 Auxiliary Feedwater To manually open failed A0Vs Table 7A, item 1 To manually initiate AFW. flows Table 7A, item 7 Low Pressure Miscal. of RWST level sensors Table 8A, item 2 Injection To remove Refueling Drain Plugs Table 8A, item 5 To open RHR header cross ties Table 8A, Item 11 Charging System To perform feed and bleed Table 10A, Item 1 To perform emergency boration Table 10A, item 2 Reactor Protection To manually scram reactor Table llA, item 2

?

O Y

55

- --.i

TABLE 16. SURVEILLANCE INSPECTION GUIDANCE The listed components are the risk significant components for which proper surveillance should minimize failure.

System Component Discussion RCS RCS boundary Table 3A' item 1,3 High Pressure FCV-63-8/63-11 Table 4A, Item 3 Injection FCV-63-4/63-175 Table 4A, Item 2 V-63-510 Table 4A, Item 4 FCV-63-5 Table 4A,' Item 5 -

Electric Power Diesel Generator IAA, IBB Table 6A, Jtem 1 Auxiliary feedwater Turbine Driven Pump. Table.7A, Item 2,3 LCV 3-148/3-156/3-164/3-171 Table 7A, item 8 Motor Driven Pumps- Table 7A, Item 3,5 Actuation System Table 7A,-Item 6 FCV 1-51 . . Table 7A, Item 10 LCV 3-172/3-173/3-174/3-175 Table 7A, item 9 Check Vlv 3-864 Table 7A, Item 11 Low Pressure LPI pumps Table 8A, item 1 Injection FCV 63-72/63-73 Table 8A, item 3 FCV 74-3/74-21 Table 8A, ! tem 8 Containment Sump Table 8A, Jtem 4 FCV 74-12/74-24 Table 8A, item 6 Cold leg injection check valves Table 8A, item 9 FCV 63-93/63-94 Table 8A, item ~10 V 63-502 Table BA, item'12 FCV 63-1 Table 8A, item 13 FCV 74-1/79-2 Table 8A, item la Primary Pressure FCV PCV 68-334/68-340A Table 10A, item 1 Relief FCV 68-332/68-333 . Table 10A, item 2 Reactor Protection Automatic Scram System Table 11A, item 1 Accumulator Chk Viv 63-622/63-623/63-624/63-625 Table 12A, item 1

/63-560/63/561/63/652/63/653 FCV 63-67/63-80/63-98/63-118 Table 12A, Item 2 ERCW Pumps Table 13A, item 1 Strainers Table 13A, Item 2 Component Cooling Running pumps Table 14A, item 1 Standby pump Table 14A, item 2 Heat Exchangers Table 14A, Item 4 Containment Spray FCV 72-20/72-23 Table 6A, Jtem 2 FCV 72-2/72-39 Table 6A, item 3 Pumps CSS 1A-A/1B-B Table 6A, item 4 FCV 72-21/72-22 Table 6A, item 5 CSS Room Coolers Table 6A, item 6 56

TABLE 17. MAINTENANCE INSPECTION GUIDANCE The following components are risk significant due to maintenance unavailability. The dominant contributors.are frequency and duration of maintenance, with.some _ contribution.duelto; improperly performed maintenance. ,

System Comoonent Discussion Electric Power Diesel Generator lAA, IBB Table 6A, Item 3 DC Buses Table 6A, Item 4 Auxiliary Feedwater Turbine Driven-Pump Table 8A, item 2,4.

Motor Driven Pumps Table 8A, Item 5 Low Pressure LPI pumps Table 9A, Item 7 Injection Reactor Protection Automatic Scram System Table llA, item 1 ERCW Pumps Table 13A, item 3 Component Cooling Running pumps Table 14A, Item 1,3 Standby pump Table 14A, item 2,3 Heat Exchanger Table 14A, Item 4 4

4 57

4 1 i i j

j - i 4 i j TABLE 18. CONTAINMENT WALKDOWN 1 !

1 l l Since the containment is inaccessible during normal plant operation, ;

those components found to be risk-significant that are located inside the i j containment are listed below. !

j Required Actual

!- System Component Position Position -

! LPI/LPR FCV 63-172 ' Closed j Cont. Sump NA -

l Drain Plugs Removed ;

} FCV-74-1 Closed- :

FCV-74-2 Closed -

1 Pressure- PCV 68-304A Closed

! Relief PCV 68-334 Closed l FCV 68-332 Open

] FCV 68-333 Open j Accumulators FCV-63-67 Closed l 4

FCV-63-80 Closed 4

FCV-63-98 Closed :

FCV-63-ll8 Closed f l

i !

4 I

i W

i !

i j

=

i .I i .)

1

+

4

ss a

l

.l 4

l _

i

-. ~ ,

j,

? ? T T= = =-

2. = e, e

=

= a = " -

?! X X X l X >:

91 I I IXI I

~

XX l XI '

l l l l l X '

?IX IX l XJ)KX[X >#3Xl I X >

X X XlXM X XMX l il I'

? I i I X l- IX X XI XI XCv3 1 1 X il l I I I I I?l i I I I M XIX IX l i I I ,

Ei i i l i I MX X l I I l _I I I I I IX _

l :l l I l I I X I !

il I X l X 1

? X X T X X XI X vi I fX LXX IX >

1 I I ! l I )

l I I I I i

? I I I I I l

?l l I I I l. I I I l l i

? ><lXI X XIXIX i l Ii

?I I I I I IXI X MXIXD< l l IX 1 I i I I I j.

EI M l I l- 1 Ii si i l i l l I I "l I I X i i

I i

a

.o f v

<---+.n . m.,.. .

' =

= = a a = = :: = i i x. x. xiL .i.

a =. =. a. =, l (X 5< X X IX X:

' ~

X

~

D<! I l Xi (Xi X X! [>< l X- XX XI I I I I ! I I i i i I X) XI I ! I i i I !X) i l i :

X l IX IX l l I I I I !X) i

! I I I I I I I I ;

I I l l l l I

,I l l l 1 I I I I I I I I I I I I Jl ! I I l l I I i i l I I i l l I I I I l l 1 I I i I ! ! I I I I I

! i l i ; I I I I i l l l I I I I I !

. I I I l l l l l !

l I I I i i l I I I i i i l I L X) X >X ! ! X IX' I IX X

~XI IXi [X) l I I >

(X !Xi I !Xi X'

[lX l iX1 fX l l I i i l l I DK) l I D< l l DK Xi I l l 1 I I I IXl !

I IXI fX: fXL i I I [X ! I I I I IXl X X l i I IX l !

I I I I I I I I I I I I I I I I I I I l l ! ! I I I I I i ~

l I I ;

I I I I l 1 I I I l i I I I i ! I l i l l I i l i l I I I I I I I I l l I I I l l l ! ,

l I I I I I I I I I I I ! I I I I I l i Sl Al'ERTU R E TABLE 19. FRONTLitJE SYSTEM DEPENDENCIES CARD Also Available U" Aperture Card 59 r-- r ' , ~ . '- -

fRONTLINE--SUPPORT SYSTEM DEPENDENCY MATRIX NOTES A. Because of the short time required to accomplish the reactor trip function, it is assumed not to require HVAC.

B. ERCW is supplied to the room coolers for pump area cooling.

. C. Power is required to open the outlet valve in the CCS side of the heat exchanger.

D. 1&C power is required to open the PORV; 480-Vac power is required to close the block valve. .

E. The RPS shunt trip coil requires power to actuate; the UV' coil and the RPS logic do not require power to trip.

F. Each MSIV. receives both trains A and B. power. MSIV solenoids must actuate to close the MSIV. Power from either train is sufficient to close the MSIV.

G. Each MSIV receives signals from both trains A and B of ESFAS.

H. The MFW isolation valves are motor operated and require 480-Vac power to operate.

1. The HFW control valves fail closed on loss of I&C power.

J. The steam supply M0V isolation valves from steam generators 1 and 4 (FCV-l-17-A and FCV-1-1-18-B) require power from 4BO-V RMOV boards lA2-A'and IB2-B, respectively, to change position. The valves are only required to change position to isolate a faulted steam generator.

K. Raw cooling water supplies cooling to the condensate booster pumps and the standby main feed pump.

L. ERCW supply to the containment spray heat exchanger. ;

61 l

_..... _ . ,. - .. _ - , - - - - - U

l l

i

e M.

The condensate booster pumps and the hotwell pumps receive motive power I

, from 6900-V unit boards lA, 18, and IC.

I ,

N. The 120-Vac supplies power to the pressure indicating controller to modulate the power-operated atmospheric dump valves. >

l

0. The 125-Vdc supplies power to the solenoids to open and close the P0ADVs. !

P.

The turbine-driven pump's LCVs receive power from 125-Vdc board 1-IV, the !

motor driven pump's LCVs from board 1-1. . <

Q. The 120-Vac supplies the motor-driven pump discharge pressure control valve controller.

R.

The turbine driven pump LCVs and the motor-driven pump LCVs receive air :

i from different headers.

S.

The pressure control valve on the discharge of the pumps receives trained air. '

T.

The 125-Vdc control power is required for pump start and stop. It is not required for an already running pump to continue to run.

1 U.

The 125-Vdc power is to energize the solenoid to open the CDV; the 120-Vac is for control circuitry.

V.

The system designators used in Figure 4.3-2 for support systems are identified in the notes for Figure 4.3-1. The system designators for the frontline systems represent systems as follows: ,

RTS A - Reactor Protection System Train A ' I i

RTS B - Reactor Protection System Train B PORV A - Power-Operated Relief Valve Train A PORY B Power-Operated Relief Valve Train B l

{

62

. I TURB TRIP , Turbine Trip Function M*IV ISOL - Main Steam isolation Valve Closure CDvs - Condenser Dump Valves POADVs Power Operated Atmospheric Dump Valves !

AFW PHP A Auxiliary feedwater Motor Driven Pump A AFW PMP B - Auxiliary Feedwater Motor Driven Purr.p B ;

AFWPHP TO - Auxiliary feedwatar Turbine-Driven Pump AFW !NJ1 - Auxiliary Feedwater Injection Path to Steam Generator Number 1 ,

AFW INJ2 Auxiliary Feedwater Injection Path to Steam Generator Number 2 AFW INJ3 Auxiliary Feedwater Injection Path to Steam Generator Number. 3 ;

AFW INJ4 Auxiliary Feedwater Injection Path to Steam Generator Number 4 '

MFW ISOL Main feedwater Isolation Valves COND - Condensate System ;

RWST Refueling Water Storage Tank -

t CCPA Centrifugal Charging Pump A CCPB - Centrifugal Charging Pump B :

CCP INJA Centrifugal Charging Punp A Injection Path- !

CCP INJB Centrifugal Charging Punp B Injection Path >

SI PMPA - Safety injection Pump A '

St PHPB - Safety Injection Pump B RHR PHPA - Residual Heat Removal Pump A I RHR PHPD Residual Heat Removal Pump B i RHR HXA - Residual Heat Removal Heat Exchanger A RHR HXB - Residual Heat Removal Heat Exchanger B 63

._ . - - - , - - . . - .n,,-,,-,4-,,d-----....-.......-...--- . . -

)

LPI A - Low Pressure Injection Path Train A LP! B - Low Pressure Injection Path Train B HP RECIRC A - High Pressure Recirculation Train A HP RECIRC B - High Pressure Recirculation Train B LP RECIRC A - Low Pressure Recirculation Train A LP RECIRC B Low Precsure Recirculation Train B SD COOL - Shutdown Cooling .

il CNTMT SPRAY A - Train A Containment Isolation CNTMT SPRAY B - Train B Containment Isolation RB ISOL A - Train A of Containment Isolation RB ISOL B - Train B of Containment Isolation 9

64 L .' ; ;. .

l~' ..

t

m .,x in .

~,,,,iiiiiii . ,m 12 X X X l I lll l X ll E-19 I X lll x ill s i 19l l I l l >> llllllllllllll P !! E Illi is~ l l llllll l lMlHI lhi j is- 1 I I IX E l '+l

! X l l l l I i 11 s- li O Ill X ll ll 'lli > I 8- l ll1 l X ll Ill X

. !!! X.X l l X: ll ?? .X X >F

!!! X X l Ill XX l E ll XX l

. is; XX .X l l l l l i .XX, ri l I >;

e Ei- X X lill ll B il i i X l 9 E!- Xlll !Xlill.!X11Glilllli l l !!

se XX X X 1I IXXi l l I XIX S s: X X X X XXE I III IN !

se X l X X E Ill ILX f ie X X X 9 ll l l>& !3 jel X X H -

M II ll

!1 lllllll )9 A B ! ll 11 1 ! ! ! ~l l ! ! . e

!!illllll NllBllllllllliHilliHil! ;;

i!!Ii 11 ,-

IIE lillillillHilWill!

!sil N I X E Ill l b- ll llil ic X X E II I l lx ll Ll isel 9 ll X l X ll isEl lE IX X lI is=1 X E l l l- '+ l is- X E I I I l X ! I i! B I I l>' INM lll

!!e R X II i

!!:E N I ll l lN -l l lll

bk-5:ss.W %,EE kedessses;4k3!di

, g. 2 g _ cr .r= r:uin d~ +;d.:b r =r !h N

e O

4 d

THIS PAGE INTENTIONALLY LEFT BLANK 0

66 c -- -- - , , - _ _ . _ _~ '

M

l i

. SUPPORT- SUPPORT SYSTEM DEPENDENCY KATRIX NOTES A. Partial dependency - I&C power is normally fed from the shutdown boards. I Alternate feed from the batteries. ,

B. The common boards supply the 250-Vdc battery chargers. Power for the 250-Vdc boards is available from the batteries if the common boards are

. unavailable.

a

. C. Because of the long time frame that may be involved before an ESFAS signal ;

is generated for some sequences, Control Building HVAC' is assumed to be required to cool the ESFAS cabinets. This assumption should be verified '

for the full-scope PRA.

i 1

D. There are eight ERCW pumps available to feed the four headers. Four of the pumps are powered from the Unit I shutdown boards and four from the-Unit 2 shutdown boards.

E. The Unit I train A ERCW pump receives control power from 125-Vdc board I, train 8 pump from 125-Vdc board !!. The Unit 2 train A ERCW pump receives control power from 125-Vdc board !!!, train B from 125-Vdc board IV.

F. CCS pumps lA-A and IB B both are'normally aligned to feed the lA ESF '

header. Pump 1A-A receives motive power from 480-V shutdown board lAl A and control power from 125-Vdc board I. Pump IB B receives motive power from 480-V shutdown board IB1-B and control power from 125-Vdc board 11.

G. ERCW supplies the CCS pump area coolers. CCS pumps CS and 1AA area cooler is supplied from ERCW header lA. CCS pump 18B area cooler is supplied from ERCW header 18.

H. CCS pump CS supplies the IB CCS header. Pump CS can be powered from I either 480-Y SOB 1A2-A or 282-B. Control power for 480-V SDB 1A2-A is I supplied from 125-Vdc board I, 480-V SDB 282-B from board IV.

I. ERCW header 2A supplies cooling water to the train A CCS heat exchanger.

67

a l

J. ERCW header 28 supplies cooling water to the CCS heat exchanger. Valves !

are administratively controlled for Appendix R.

l I K. The 6900-V and 480-V SDBs receive control power from 125-Vdc boards I, II, i III, and IV. Control power is not required for the SOBS unless breaker }

cycling is required (i.e., LOOP).

L. MCR air conditioning water chillers A and B receive cooling water from ERCW headers IA and 18, respectively.

M. Shutdown board room water chiller AA receives cooling water from ERCW header lA, chiller BB fror., header 28. I

-k N. Diesel generators lAA, 188, 2AA, and 288 receive cooling water from ERCW t headers lA and 28.

0. Station air compressors are supplied by both ERCW headers lA and'lB.

P. The 125-Vdc boards supply power to the 120 Vac boards through the inverters if ac power is lost.

0. The 120-Vac boards are normally fed from the 480-V SOBS; boards 1 1 and !

l-II from 480-V SOBS IAl-A and IB2-B,~respectively; and boards I-III and 1-IV from 480-V SDBs 2Al-A and 2B2-B, respectively.

R. Compressors A and B are powered from the 480-V SDBs. Compressors C and D are powered from the 480-V comon boards. ;

S. !

Control power for the unit boards is from the 250-Vdc boards. l l

T. Auxiliary Building HVAC supplies cooling for the electrical board rooms. ;

I U.

Failure of both boards is required to fall the corresponding train of ESFAS. These boards are required to support the output relays only. The :

input relays are fail safe. 1 l

I 68

'4-O W*,* ,

' , ,. , s y .

.,e *

,b ,

ir 'Fi ' ' , . ,,

pc l9* .+

m, S.g/

h 'l _, ' .'y*s;*R'*, g$ %% ' $ " T' : ~.

h,R,~;; :* . I a tg i} .:i%

. T ll, - .- , "e:

ig8F%' > #y s ?' 4Wi J hf' %f-fll;y, . a .

!#t ,, f f AUX BtDG HVACf(=jykig?y;gh;th, Buildlng HVAC{ Systems'tr~ .. ?.

hh *hhAuxiliary; h I'

}:.s

$khhTrainADiese1* kkk' DG A = f " ' ~~ ~

Generators l'.+. DG B =' Train' B Diesel Generators 0.,

h.' - i tb RCW = Raw Cooling Water System !

..m' i k s.

2 250-Yde 1 = 250-Yde board 1 j

- f.E ('

II.Y:

ig 250-Yde 2 = 250-Vdc board 2

, }

E i

te Q . m W.

CCS train IB is only dependent on Aux Pwr 16 during pump C-5 maintenance

,f 7,; when pump IB is aligned to replace pump C-S.

v y'

y, I

f.'

f. .

1 t'

I r

i

< k b v

.(

L I

+ 1 I

1 0 .1 l

hb .

i

s. -

a ,

. l 1

1 l

70 h

c:,

(- t . !

+ c, J ., 1

y.,', k) . _

J h. * > * + ! 5 bi'?

e <

i _ _ _ _ _ _ _ _ _ _ ._ __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

r , T, *-,/*A .L. ^.I A'. t .*i 4 **i- 4 w. 4' ens & ~

c-= ,-> . w =**a u m'oa' co=** ' " * - ' " " ' " ' ' - * ' ' ' ' ' * " " * * * * ~ .{;

pF Mw M.9 ,n., u...> a ; . . c., c+. . y, .,. , . , . ,

. v. - .

g. g - gc,=,'; y. rt BIBUOGRAPHIC DATA SHEET

. EGG-SSRE-8720 r ....w............ r (lp g. ................. . .u .. ...

IQ ' ', Risk-Based Inspection Guide for the Sequoyah ;

4 NY Nuclear Power Station . ;.,.. o..;;..,.. 3

[f Final Report -o-

l b/ . ...-o..., July 1990 g . o . . . . . .c . . . . . . o l j, R. E. Gregg *-'-

l

"- I b- July 1990 gi, .......co.c..4...............oo.......,<,c, . ...c,..c..........

4 "- 5340 6 Idaho National Engineering Laboratory . ...c.c.... .. ...

s EG&G Idaho. Inc.

[!?

g P. O. Box 1625 Idaho Falls, ID 83415 A6553 g .. ..o.m ... o.c...u r . 3 .. . . ... . .oc. . . < . c_ . . . ....o....o.,

b Office of Nuclear Reactor Regulation h U.S. Nuclear Regulatory Comission Informal t- Washington. DC 20555 . *" c o co""o "- --

5 g .. .. 6 .e.....=ov .

!I p

t .. .....c,u-,

4 t( This report contains guidance for the integration of probabilistic risk assessment (PRA) results into the inspection program at the Sequoyah Nuclear Power Station.

'{.

y The method for applying PRA techniques is described and the proposed guidance for K risk-based inspections is provided in the form of system-based and programmatic P

o tables.

e fp ,

. i 7 J D

e e

i l

l 1' .

l Vo l & 1 m

t.

g ..

o oc... . . .. . . . . . . . . . . . . . . . .c. .n o. .

gkp: ;;,.;;gg-4 Unlimited bT . . . . cu... . e s . . . .c . .. s

[. . e . . .. . . on . . e . . .

E Unclassified

. r. -,

0 p Unclassified

, , ... . . c . . .c n H:

y

a . . .. .u Ik re: Ql f . . % .> , > : ia - - .,

. .

ML20059H459

Text

SUMMARY

SUMMARY

Navigation menu

Search