ML20059M724
| ML20059M724 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 08/20/1993 |
| From: | Rueger G PACIFIC GAS & ELECTRIC CO. |
| To: | |
| References | |
| OLA-2-I-MFP-F6, NUDOCS 9311190266 | |
| Download: ML20059M724 (8) | |
Text
,
O~2-Y5f32d-06A*2 hlWhEb
?,
i
- m. [h[ GregoryM.Rueger
'=
Pacific Gas and Electric Company 77 Beale Street Senior Vice President and l
San Francisco. CA 94106' 415/973-4684 GeieralManager Nuclear Power Generation
'93 0"T 28 P6 :27 December 28, 1992 l
PG&E Letter No. DCL-92-289 6
OIT U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C.
20555 l
Re:
Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-nPR-82 Diablo Canyon Units 1 and 2 Licensee Event Report 1-92-028-00 Technical Specifications 3.3.3.8 and 3.7.10 Not Het Due to Fire Detection Computer Malfunction.
Gentlemen:
Pursuant to 10 CFR 50.73(a)(2)(i)(B), PG&E is submitting the enclosed License Event Report regarding failure to meet the requirements of Technical Specifications 3.3.3.8 and 3.7.10.
This event did not affect the health and safety of the public.
Sincerely,
>/
,f
-"//~
Gregory M. Rueger cc: Ann P. Hodgdon John 8. Martin Mary H. Miller
~
~
m Sheri R. Peterson CPUC Diablo Distribution INPO 1-92-SS-N061 Enclosure manmme un'sw 5954S/85K/PGD/2246 boeket No.
"O
'O/.,_._ Official Exh. No. N in the rnatter of FMFid (Letf fLSch2/(L.Q Staff (p(NiiFIED 4PM 3t -
. RECEl/ED l.cr+ "ee pEJECTED C.crg Off r contrhtur kEk[jdyhe$ DATE ' 20 3
D DO 75 0
PDR c:n,,
Rn;orterh e (L e\\
)
J p/
LICENSEE EVENT REPORT (LER)
,4 DIABLO CANYON UNIT 1 0l5l0l0 0l217!5 1l 'l 7 TECHNICAL SPECIFICATIONS 3.3.3.8 AND 3.7.10 NOT MET DUE TO FIRE DETECTION COMPUTER nftsic MALFUNCTION EVENT DATE (S)
La petmesm (Si naruni OATR ITI OTHER FACIL1f!ES INVOLVED (8)
MOA DAY YM YM
&&QUENTIAL IWaeON MON DAY YM DOCKET NLA4SM L84 DIABLO CANYON UNIT 2 0l2l8 0l0 12 28 92 10 01 92 92 o a r,
ints aEPoaf IS SUBMITTED PURSUANT TO THE REQuiaEMENTS OF 10 CFAs (33) 1 LE7tL x
10 CFR 50.75f e)(2)f f)f 9)
(* '
1l 0l 0 OTHER (Spectfy in Abstract below and in text, NRC Tonn 366A) ueensu cowv AcT eon T>ss im n n TilfpHONE NOMS (R DAVID P. SISK, SENIOR REGULATORY COMPLIANCE ENGINEER
^^'*
05 545-4420 E.U,E
,, m -
y,,y.
,;p.:.gE cAU,.
,, m.
cc. o E.,
y,,g.
.;p. g l
lClPlU Hl 2l 6l 0 N
I Ill lll l
lll ll1 I
lll lll suretEuEntAL RKPORT EXPECTED H4)
EXPECTED SUBMISSION j X l YES (if yes, complete EXPECTED SUBMISSION DATE) l l NO 0
03 31 93
.ssiaAct (as)
On October 1, 1992, at 0731 PDT, with Unit 1 in mode 6 (defueled) and Unit 2 in Hode 1 (power operation), at 100 percent power, and on November 26, 1992, at 1948 j
PST, with Units I and 2 in Mode 1 (power operation), at 100 percent power, Technical Specifications (TS) 3.3.3.8 and 3.7.10 were not met when the fire oetection computer was inoperable for more than one hour without the required compensatory measure established.
On November 26,1992, at 1848 PST, the fire detection computer malfunctioned making the fire detection system inoperable and requiring a roving hourly fire watch in accordance with TS 3.3.3.8 and TS 3.7.10.
The computer malfunction was identified on November 27, 1992, at 0902 PST.
Compensatory measures were immediately established. The computer malfunction had not been previously identified and a roving fire watch had not been implemented, therefore TS 3.3.3.8
'j and 3.7.10 were not met.
A review of previous fire detection computer malfunctions determined that the action requirements of TS 3.3.3.8 and 3.7.10 had also not been met during a previous October 1,1992, computer malfunction.
PG&E is working with the vendor to determine the root cause and applicable corrective actions for this event.
the results of this investigation.
A supplemental LER will be issued to report 5954S/85K
R j
LICEN2EE EVENT REPORT (LER) TEXT CONTINUATION t Fs.CILITY MAME (1)
DOCEff MUMeta (2)
Lta paJMeta i s)
Past (3) viam o ammnat arveen DIABLO CANYON UNIT 1 0l5l0l0l0l2l7l5 92
- 0l2l8 0l0 2l"'l7 ICXT (17)
I.
Plant Conditions Event 1 (November 26, 1992).
Units 1 and 2 were in Mode 1 (power operation) at 100% power.
Event 2 (October 1, 1992).
Unit I was defueled and Unit.2 was in Mode 1 (power operation) at 100% power.
II.
Descriotion of Event A.
Summary:
Event 1.
On November 26, 1992, at 1848 PST, the fire detection computer (IC)(CPU) malfunctioned and disabled the fire alarm system.
At 1948 PST, the action requirements for Technical Specific-tion (TS) 3.3.3.8 and 3.7.10 were exceeded when the fire detection computer was inoperable for more than one hour without the required compensatory measure immediately established.
The computer malfunction had not been previously identified and a roving fire watch not implemented, therefore TS 3.3.3.8 and 3.7.10 were not met.
A review of previous fire detection computer failures determined that the action requirements of TS 3.3.3.8 and 3.7.10 had also not been met during a previous October 1,1992, computer malfunction.
Event 2.
On October 1, 1992, at approximately 0631 PDT, the fire detection computer malfunctioned and disabled the audible fire alarm in the control room. At 0731 PDT, TS 3.3.3.8 and 3.7.10 action statements (since fire barrier impairments existed) were exceeded when the fire detection computer system was inoperable for more than one hour without the required compensatory mec "re establ'ished.
The computer malfunction had not been identified and a roving fire watch not implemented, therefore TS 3.3.3.8 and 3.7.10 were not met.
B.
Background:
TS 3.3.3.8 action statement a. requires that with the number of operable fire detection instruments less than the minimum required on Table 3.3-11, within one hour establish a fire watch patrol to inspect the zone (s) with the inoperable instruments at least once per hour.
TS 3.7.10 requires that fire barrier penetrations in the fire area boundaries protecting su ety-related areas be functional whenever the equipment protected by the fire barrier penetrations is required to be operable.
With one or more required fire barrier penetrations non-functional, within I hour, either establish a continuous fire watch on at least one side of the affected penetration, or verify the 5954S/85K
LICENSEE EVENT REPORT (LER) TEXT CONT 1NUATION FAcsury na#e (3)
Docatr msern (a) tra en (s) past (3)
DIABLO CANYON UNIT 1 0lSl0l0l0l2l7l5 92
- 0l2l8 0l0 3 l 'l 7 TEAT (37) operability of the smoke detectors on at least one side of the non-functional fire barrier and establish an hourly fire watch patrol.
The fire detection system at Diablo Canyon Power Plant (DCPP) is comprised of individual detectors (IC)(DET) grouped into zones and a set of centralized alarm panels (IC)(PL) located within the control When an individual detector alara is activated, the signal is room.
received by the alarm panels and the associated indicator light (IC)(IL) illuminates for the affected zone.
When the fire detection computer receives an alarm signal, the fire detection computer initiates an audible alarm and the main annunciator window to alert the control room operators.
C.
Event
Description:
Event 1.
On November 26, 1992 at 1848 PST, the fire detection computer malfunctioned.
The malfunction inhibited the ability for detection alarm signals to annunciate on the control room main annunciator system, withcut providing a system trouble alarm to alert i
the operators of the problem.
On November 26, at 1948 PST, the one hour action requirements for TS 3.3.3.8 and 3.7.10 were exceeded when the fire detection computer was inoperable for more than one hour without the required 1
compensatory actions established in the control room. A review of the computer printout identified the malfunction. The required compensatory measure for a fire detection computer failure of this type is to station a continuous fire watch at the Data Gathering i
Panels (DGPs) so that an inaudible alarm at these panels can be l
identified and to immediately alert the Control Room operators of the condition.
On November 27, 1992, at 0902 PST, event I was identified during the performance of Standard Test Procedure (STP) M-64, " Deluge System Functional Test." The expected annunciator alarms (ANN)(ALM) were not received during the test and a continuous fire watch was immediately established.
At approximately 1030 PST, a detector was " smoke tested."
It was confirmed that the computer malfunction had rendered the detection annunciator inoperable and the earlier vendor information regarding the nature of this problem was incorrect. A cold reboot of the fire detection computer was performed and the system appeared to reboot successfully, restoring normal system operation.
At 1059 PST, a Unit I smoke detector was activated to verify the system operation and the fire watch was discontinued at 1105 PST.
A review of previous fire detection computer malfunctions determined that the action requirements of TS 3.3.3.8 and 3.7.10 had also not i
been met during a previous October 1,1992, computer malfunction.
5954S/05K
1 t
4
{'
UCENSEE EVENT REPORT (LER) TEXT CONTINUATION FACILITY MAME (1) 00CEff MuseEn (2) t.(4 NLMS(4 6)
PA4( O)
[
~
=
=
DIABLO CANYON UNIT 1 0l5l0l0l0l2l7l5 92 0l2l8 0l0 '4l"l7 IEAT (37) e Event 2.
On October -1,1992, at approximately 0631 PDT,' the. fire detection computer malfunctioned. The malfunction inhibited the-ability for detection alarm signals to annunciate on.the control room.
main annunciator system, without providing a system trouble alarm to' alert the operators-of the problem.
At 0731 PDT, the action requirements for TS 3.3.3.8 and 3.7.10 w: :
exceeded when the fire detection computer was inoperable.for.more than one hour without the required compensatory actions established.
At 0800 PDT, the fire detection computer: malfunction was identified by the system engineer during a subsequent review of the computer printout..The fire detection computer was-cold rebooted and ruonnal system operation was restored.
The vendor was contacted concerning this event 2 failure.
The vendor stated that this condition would cause an inability to query the computer for the status of points, but would still allow incoming.
q alarms to activate-the main annunciator.
The vendor stated at the.
time that this condition had been identified at other similar installations and that they would be providing some replacement components to prevent this condition from recurring.. Therefore, DCPP was led to believe that the fire detection system was operable during-l this time and no compensatory fire watch was required..
j D.
Inoperable Structures, Components, or Systems.thatl Contributed to the Event:
None.
E.
Cates and' Approximate Times fAr Major Occurrencesi 1.
October 1, 1992;.at 0631 PDT:
Fire detection computer
. malfunctioned.
2.
October 1, 1992; at 0731 PDT:
Event 2 date..The one hour action requirements for TS 3.3.3.8 and 3.7.10 were not met.:
3.
October 1, 1992; at 0800 PDT:
The fire detection computer was rebooted..
4.
November. 26, 1992; at 1848 PST:
The fire detection. computer j
malfunctioned.
)
l l
5954S/85K
--,-.w--,-.--.-_~
w-
=.
i LICENSEE EVENT REPORT (LER) TEXT CONTINUATION i
i racztsry name (a) oocrat man (a) tra en < s) east (s)
DIABLO CANYON UNIT 1 0l5l0l0l0l2l7l5 92
- 0l2l8 0l0 Sl"l7 itXT (17) 5.
November 26, 1992; at 1948 PST:
Event I date. The one hour action requirements for TS 3.3.3.8 and 3.7.10 were j
exceeded..
6.
November 27,.1992; at 0902-PST:
Discovery date for event 1, continuous fire watch was established.
)
7.
December 4, 1992:
Discovery date for event 2.
i The TRG determined that this j
event was reportable.
F.
Other Systems or Secondary Functions Affected:
1 None.
G.
Method of Discovery:
While performing STP M-64, " Deluge System Functional Test," the Unit 2 j
SCO identified that the main annunciator was not responding to the anticipated fire system alarms. A subsequent review of previous computer failures identified one similar occurrence.
1 H.
Operators Actions:
Event 1.
None.
i i
Event 2.
Control room personnel established a continuous fire watch at the fire panels in the control room.
I.
Safety System Responses:
None required.
l Ill. Cause of the Event A.
Immediate Cause:
The fire detection computer malfunctioned.
B.
Root Cause:
The malfunction of the fire detection computer inhibited the' ability for the detection alarm signals to annunciate in the control room, without providing a system trouble alarm to alert the operators of the problem.
The malfunction of the fire detection computer is under investigation.
5954S/85K
m LICENSEE EVENT REPORT (LER) TEXT C$NTINUATION rac Liry want (1)
DOCKET NUMBER (2)
LER 6 AMER it)
PM4 (3) samma musma DIABLO CANYON UNIT I 0l5l0l0l0l2l7l5 92 0l2l8 0l0 6l"l7 TEAT (17)
A supplemental LER will be issued to report any additional information on the root cause.
C.
Contributory Cause:
Based on information received from the vendor, three problems with the fire detection system were identified as follows:
1.
Two versions of DOS were loaded into the computer and running.
2.
The procedure for shutting down the system for maintenance was incorrect and may have caused corrupt data files.
3.
DCPP was omitted from the list of technical bulletins recipients and did not receive the vendor mandatory system repa:.s bulletin i
which is presently applicable to DCPP.
IV.
Analysis of the Event Based on a preliminary review of the problem and the condition of the plant during the time frame of these two events, PG&E believes that the conditions of these events would not have adversely affected the ability to achieve and maintain a safe shutdown, the safety of the plant, and the health and safety of the public in the event of a fire.
A detailed safety analysis will be submitted with the revision of this LER at a later date.
V.
Corrective Actions A.
Immediate Corrective Actions:
Following the November 26, 1992 event, the fire detection computer was cold rebooted, the system was verified to operate satisfactorily, and an hourly fire watch was established in the control room as a conservative measure to visually check the fire panels (IC)(CBD) for any alarms until the reliability of the computer is re-established.
B.
Corrective Actions to Prevent Recurrence:
PG&E is presently investigating, with the vendor, the cause of these two events.
Upon establishment of the cause of these events, corrective actions to prevent recurrence will be taken. This LER will be revised to report the results of this investigation and the corrective actions taken to prevent recurrence.
5954S/85K
UCENSEE EVENT REPORT (LER) TEXT CONTINUATIEN
'l
'c i,'
rccasin m (a) occrav mesa (a) tra w era,si paer on,
evemu vsam sammanat DIABLO CANYON UNIT 1 0l5l0l0l0l2l7l5 92 0l2l8 0 l0 7 l 'l 7 TEXT (37)
VI.
Additional Information i
A.
Failed Components:
l 1.
Component:
fire detect 4on computer.
2.
Manufacturer:
3.
Model number:
Deltanet FS90.
B.
Previous LERs on Similar Problems:
None.
l l
l i
5954S/85K 1