ML20062H097
| ML20062H097 | |
| Person / Time | |
|---|---|
| Site: | Seabrook  |
| Issue date: | 08/10/1982 |
| From: | Devincentis J PUBLIC SERVICE CO. OF NEW HAMPSHIRE, YANKEE ATOMIC ELECTRIC CO. |
| To: | Miraglia J Office of Nuclear Reactor Regulation |
| References | |
| SBN-305, NUDOCS 8208130297 | |
| Download: ML20062H097 (49) | |
Text
PUBLIC SERVICE s u a su m U '. :: I-.,
Office:
Companyof NewHW 1671 Worcestw Road Framingham, Massachusetts 01701 (617) - 872 8100 August 10, 1982 SBN-305 T.F.
B 7.1.2 United States Nuclear Regulatory Commission Washington, D.C.
20555 Attention:
Mr. Frank J. Miraglia, Chief Licensing Branch #3 Division of Licensing
References:
(a) Construction Permits CPPR-135 and CPPR-136, Docket Nos. 50-443 and 50-444 (b) USNRC Letter, dated February 16, 1982, " Request for Additional Information," F.J. Miraglia to W.C. Tallman (c) USNRC Memo, dated March 23, 1982, " Additional Agenda Items for meeting with the Seabrook Applicant on Instrumentation and Controls," T.P. Spels to R.L.
Tedesco (d) PSNH Letter, dated April 1,1982, " Meeting Notes:
Instrumentation and Control Systems Branch (ICSB)"
J. DeVincentis to R. Stevens (e) PSNH Letter, dated June 10, 1982, " Meeting Notes; Instrumentation and Control Systems Branch (ICSB)"
J. DeVincentis to F. Miraglia
Subject:
Meeting Notes; Instrumentation and Controls Systems Branch (ICSB)
Dear Sir:
We have attached notes from the July 15 and 16 ICSB review meetings conducted at the Seabrook Station. This meeting was based on the ICSB Requests for Additional Information which were forwarded in Reference (b) and (c). The notes also include those items discussed at the March 23-25 and May 12 and 13 review meeting that have been revised. We have indicated the date of the review meeting at which the response or a revision to a respcase was made.
The attachments to the previous meeting minutes (reference (d) and (e) are not included with this letter. These notes are provided to assist you in the preparation of the Safety Evaluation Report, as they highlight open issues, resolved issues, and commitments which have been tendered.
8208130297 820810 PDR ADOCK 05000443 A
. Mr. Frcnk J. Miraglia Page 2 We understand future meetings with ICSB will be conducted, until the review has-been satisfactorily completed.
Very truly yours, YANKEE A' ionic ELECTRIC COMPANY John DeVincentis Project Manager l
cc:
Mr. Louis Wheeler, Project Manager Mr. Ralph Marback Licensing Branch No. 3 Argonne National Labs, Bldg. 301 Division of Licensing 9700 S. Cass Argonne, IL 60439 Mr. Robert Stevens Instrumentation and Control Systems Branch i
h i
Attendance Roater ICSB Meeting July 15, 1982 NRC Bob Stevens Ralph Marback PSNH Warren Smith Timothy Murphy YAEC Walter Reed Bill Fadden Bill Sanchez l
420.5 As called for in Section 7.1 of the Standard Review Plan, provide (7.1) information as to how your design conforms with the following TMI Action Plan Items as described in NUREG-0737:
(a)
II.D.3
- Relief and safety valve position indication, (b)
II.E.1.2 - Auxiliary feedwater system automatic initiation flow indication, (c)
II.E.4.2 - Containment isolation dependability (positions 4, 5 and 7),
(d)
II.F.1
- Accident monitoring instrumentation (positions 4, 5 and 6),
(e)
II.F.3
- Instrumentation for monitoring accident conditions (Regulatory Guide 1.97, Revision 2),
(f )
II.F.3
- Final recommendations
.9
- PID controller
.12 - Anticipatory reactor trip.
RESPONSE
(a)
II.D.3 The single acoustic device to monitor all safety 3/23 valses is not redundant but is safety grade. Limit switches for each PORV are not redundant but position indication is safety grade. Position indication system is seismically and environmentally qualified. There will be control room alarm for acoustical device and for either PORV not closed. There is backup temperature indication downstream of each safety valve and one temperature indication for both PORVs, all are alarmed in the control room. The FSAR will be revised.
(b)
II.E.1.2 Auxiliary feedwater system automatic initiation is safety grade. Flow indication meets Item 2a and b of II.E.1.2.5, NUREG-0737.
(c) & (d)
II.E.4.2 and II.F.1 will be handled by containment systems branch.
(e)
II.F.3 will be covered by Regulatory Guide 1.97, Response l
420.51.
l (f)
II.K.3.9 and.12, provided response in letter SBN-212, dated 2/12/82. Reviewed by staff and found acceptable.
ADDITIONAL
RESPONSE
(a) NUREG-0737, Item II.D.3, Clarification was made that the final 5/12 design of the safety and relief valve position indication is not complete. The project documents and the FSAR will be revised. The block valves, position indication and their i
manual controls will be Class lE.
(b) NUREG-0737, Item II.E.1.2, will be addressed in the overall discussions of the emergency feedwater system. _
FSAR Figure 7.2-1, Shcet 15 and Page 7.3-23, will be corrected to indicate that both A & B train actuate the turbine driven emergency feedwater pump.
420.6 Provide an overview of the plant electrical distribution system, (7.1) with emphasis on vital buses and separation divisions, as background for addressing various Chapter 7 concerns.
RESPONSE
Discussed at meeting, no further response required.
3/23 STATUS:
Closed.
5/12 420.7 Describe features of the Seabrook environment control system which (7.1) insure that instrumentation sensing and sampling lines for systems important to safety are protected from freezing during extremely cold weather. Discuss the use of environmental monitoring and alarm systems to prevent loss of, or damage to systems important to safety upon failure of the environmental control system.
Discuss electrical independence of the environmental control system circuits.
RESPONSE
Written response reviewed by the NRC and attached to meeting 3/23 notes. We reviewed the freeze prorection for the refueling water storage tank (RWST) after the meeting. It was determined that the instruments and sensing lines are in the building that encloses the RWST and is maintained above 320F by the heated RWST.
Additional freeze protection is not required. RAI 440.104 is related. This item is under review by the staff.
ADDITIONAL
RESPONSE
Fluid systems are protected from freezing by being 1) located in g g.
5/12 an area with a heating system; 2) located in an enclosure with a 7/15 heated tank; or 3) provided by heat tracing.
The majority of the safety-related piping is located in areas that are provided with heating systems. Low ambient temperature is alarmed in the control room. The alarms are not safety grade.
17j/ ~
/S The alarm is electrically independent of the heating system. The areas are accessed periodically as part of the operators inspections. The operator will be instructed to notice abnormal ambient temperatures that could result from failure of the heating system.
The tank form enclosure is maintained above the freezing temperature by the heat lost from the heated RWST. Low ambient, fgr RWST, and spray additive tank temperatures are alarmed in the control room to warn of abnormal conditions in the tank form enclosure.
Safety-related piping that is not in heated areas or that require the maintenance of temperatures higher than the design ambient temperatures is provided with dual heat tracing circuits and low temperature alarms. l
The alarm and heat tracing circuits are electrically independent, l72/5' therefore, failure of the heating circuit will not result in loss of the low temperature alarm. Loss of power to the low temperature alarm and heat tracing circuits will be alarmed in the control room.
RAND 0UT:
To ensure that instruments, including sensing and sampling lines, 3/23 are protected from f reezing during cold weather, electrical heat tracing is provided. Heat tracing on safety-related piping is protected by redundant, non-safety-related, heat tracing. On the boron injection line only, the primary heat tracing circuit is train A associated. The backup heat tracing circuit is train B associated. This backup circuit is normally de-energized. On the remaining lines, the redundant heat tracing circuit is energized from the same train as the primary circuit.
Integrity of each circuit is continuously monitored. Low and high temperature alarms are available at the heat tracing system control cabinet. Additionally, failures as detailed below are indicated at the heat tracing control cabinets that are located in the general vicinity of the systems being heat traced:
!7//#'
a)
Loss of voltage, b)
Ground fault trip for each heating element circuit, c)
Overload trip of branch circuit breakers, Trouble alarms are provided in the main control room.
420.8 Provide and eascribe the following for NSSS and BOP safety-related (7.1) setpoints:
(a) Provide a reference for the methodology used. Discuss any differences between the referenced methodology and the methodology used for Seabrook, (b) ?letify that environmental error allowances are based on the higinest value deteruined in qualification testing, (c) Document the environmental error allowance that is used for each reactor trip and engineered safeguards setpoint, (d) Identify any time limits on environmental qualification of instruments used for trip., post-accident monitoring or engineered safety features actuation. Where instruments are qualified for only a limited time, specify the time and basis for the limited time.
RESPONSE
Seabrook uses the same methodology as W used for DC Cook, North 3/23 Anna and Sumner, there are no differences. DC Cook and North Anna were submitted and approved. This is applicable for both NSSS and BOP safety-related setpoints.
WCAP 8587 and 8687 describe the determination of environmental error allowances. ~
i STATUS:
Discussions are being' held between Westinghouse and the NL J on the 5/12 detailed application of this methodology for Virgil Sumne~.
]
420.9 There is an inconsistency between the discussions in FSAR i
(7.1.2.5)
Section 1.8 and FSAR Section 7.1.2.5 pertaining to the compliance l
with Regulatory Guide 1.22.- FSAR Section 1.8 states that the main reactor coolant pump breakers are not tested at full power. FSAR Section 7.1.2.5 does not include these breakers in the list of equipment which cannot be tested at full power.
Please provide a discussion as to whether the operation of the reactor coolant pump breakers is required for plant safety. If not, then please justify. Also, please correct the inconsistency described above and, as a minimum, provide a discussion per the recommendations of 4
Regulatory Position D.4 of Regulatory Guide 1.22.
RESPONSE
Revised 1.8 provided to staff and attached to meeting notes, 3/23 reactor does not trip on opening of reactor coolant pump breakers.
STATUS:
Amendment 45.
7/15 420.10 Using detailed plant design drawings (schematics), discuss the (1.8)
Seabrook design pertaining to bypassed and inoperable status (7.1.2.6) indication. As a minimum, provide information to describe:-
(7.5) 1.
Compliance with the recommendations of Regulatory Guide 1.47, 2.
The design philosophy used in the selection of equipment / systems to be monitored, 3.
How the design of 'the bypass and inoperable status indication systems comply with Positions B1 through B6 of ICSB Branch Technical Position No. 21, and 4.
The list of system automatic and manual bypasses within the BOP and NSSS scope of supply as it pertains to the recommendations of Regulatory Guide 1.47.
The design philosophy should describe, as a minimum, the criteria to be employed in the display of inter-relationships and i
dependencies on equipment / systems and should. insure that bypassing or deliberately induced inoperability of any auxiliary or support system will automatically indicate all safety systems 'affected.
RESPONSE
Handout given to staff. Overview of systems covered and 3/23 description of operation given including automatic and manual
. modes, and interaction between systems. Handout as aumended during meeting will'be attached to the meeting minutes.
System description of computer and video alarm system (VAS) presented during meeting and will be followed up by: written description to staff as response to RAI 420.49. A meeting will be
' held with the staff in Washington at a later date to review all aspects of plant computer operation. i
,,_.h.-,
,_.,,r.
7, s.
, - - ~. -,...
Staff presented concern that some guarantee must to considered as to percent of time computer will be operating and that plant will not continue to operate for any length of time, without appropriate corrective action, when and if computer should be out of service. A possible solution would be to refer operating and n
repair times to safety review committee although it is agreed that the computer is not a safety-related system. Staff asked for additional information concerning level of validation and
. verification of software.
t RANDOUT:
1.
Systems are designed to meet the recommendations of 3/23 Regulatory Guide 1.47.
2.
Design philosophy is discussed in FSAR Section 7.1.2.6.
The selection of equipment is given in Item 4.
3.
System design meets the reconnendation of ICSB-21 as follows:
D1 - Refer to FSAR Section 7.1.2.6(a).
B2 - System design meets the requirements. Refer to logic diagrams listed in FSAR Section 7.1.2.6(f).
B3 - Erroneous bypassed / inoperable alarm indications could be provided by any of the following:
- dirty relay contacts
- dirty limit switch contacts.
B4 - The bypass indication system does not perform functions essential to safety.
(Refer to FSAR Section 7.1.2.6)
- A system design is supplemented by administrative procedures.
The operator will not rely. solely on the indication system.
i B5 - The indication system does.not perform any safety-related functions and has no effect on plant safety systems. The indication system is located at.the MCB separately for each train on system level basis.
i B6 - All bypass indicators and plant video annunciator systems are capable of being tested during normal system operation.
4.
The list of the equipments for which bypass / inoperable alarms and indication are provided.
Al - Service Water System (SW)
Se rvice Equipment Logic Diagram Schematic l-l Service Water Pumps SW-P-41A/41B M-503968 M-301107 Sh. AG3,AR3 1
-41C/41D
-M-503969 M-301107 Sh. AG4,AR4 Cooling Tower._ Pumps SW-P-110A M-503966 M-301107 Sh. AU2
-110B M-503967 M-301107 Sh. AU6 1 l
l
k Cooling Tower Fans SW-FN-51A M-503951 M-301107 Sh. AV4
-51B M-503452 M-301107 Sh. AW4 Cooling Tower / Service M-503973 M-310951 EH9/EHO Water Bypass /Inop.
Note: There are separate lights for the service water pump and the cooling i
tower subsystems.
A2 - Primary Component Cooling Water System (CC)
Service Equipment Logic Diagram Schematic Primary Cooling Water Pumps CC-P-11A.
M-503270 M-310895 Sh. A58/A78 11B/11C/11D A59,A79 i
PCCW Bypass Inop.
M-503277 M-310951 EH9/EHO A3 - Containment Building Spray (CSB_)_
e Service Equipment Logic Diagram Schematic Containment Spray Pumps CBS-P-9A/9B M-503257 M-310900 Sh. A61,A81 Containment Sump Iso. Viv.
CBS-V8/V14 M-503252 M-310900 Sh. B84,D40 Cont. Spray Add. Iso. Vlv..
CBS-V39/V44 M-503259 M-310900 Sh. 4b Cont. Spray Nozzle Iso. Viv. CBS-V13/V19 M-503259 M-310900 Sh. 4b Service Equipment Logic Diagram Schematic Primary Comp. Cooling Water to Containment HX CC-V131/V260 M-503259 M-310895 Sh. 4a Primary Comp. Cooling Water M-503259 A4 - Residual Heat Removal (RH)
Service Equipment Logic Diagram Schematic RH Cold Leg Inj. Iso. Viv.
RH-V14/26 M-50376S/503769 M-310887 Sh. B57,B65 RH Hot Leg Inj. Iso. Viv.
RH-V32/70 M-503768/503769 M-310887 Sh. B58,D90 Chg. Pump Suc. Iso. Viv.
RH-V35 M-503768/503763 M-310887 Sh. B59,B66 SI Pump Suc. Iso. Viv.
RH-36 M-503768/503763 M-310887 Cont. Sump Iso. V1v.
CBS-V8/V14 M-503252 M-310900 Sh. B84,D40 Prim. Comp. Cooling Water to HX CC-V133/V258 M-503768 M-310895 Sh. 4A l
Residual Ht. Removal Pumps RH-P-8A/8B M-503761 M-310877 Sh. A57,A77 A5 - Safety Injection System (SI)
Se rvice Equipment Logic Diagram Schematic i.
SI Pumps SI-P-6A/6B M-503900 M-310890 Sh. A56/A76 i
Cont. Sump Iso. Valve CBS-V8/V14 M-503918 SI Cold Leg Iso. Valve SI-V114 M-503918 M-310890 Sh. B49 i
SI-P-CA-6B to Hot Legs Isolation. Valve SI-V102/V77 SI-P-6A/6B to RWST i
Isolation Valve SI-V89/V90 M-503918 M-310890 Sh. B41/B42 l
- SI-Pump Cross Connect SI-Vill /V112 M-503918 M-310890 Sh. B47/B48
- Prim. Comp.' Cooling Wtr.
M-503918 M-310895 Sh. EH9/3 EA 4
- - ~
A6 - Chemical and Volume Control System (CS)
Service Equipment Logic Diagram Schematic Charging Pump CS-P-2A/2B M-503372,M-503330 M-310891 Sh. A62,A82 Prim. Comp. Cooling Wtr.
Service Equipment Logic Diagram Schematic Emer. Feedwater Pump FW-P-37B M-503586 M-310844 Sh. A80 Emer. FW Pump 37A/37B FW-V71/73 M-503599 M-310844 Sh. 4 Discharge and Bypass Vivs.
FW-V65/67 M-503599 M-310844 Sh. 4 A8 - Diesel Generator Service Equipment Logic Diagram Schematic DG Control Power Lost M-503495 M-310102 I
DG Breaker Control Power Lost M-503495 M-310102 g//3' EPS Control Power Lost M-503495 M-310102 Protection Relays not Reset M-503495 M-310102 DG - Barring Devices Engaged M-503495 M-310102 Starting Air Pressure Lo-Lo M-503495 M-310102 Control Switch Pull to Lock M-503495 M-310102 Selector Switch Maintenance M-503495 M-310102 B - Interrelationship Between Auxiliary Systems and Safety Systems Auxiliary systems such as service water system (SW) and primary component cooling water system (CC) have interrelationships and dependencies on the following safety systems.
SI - Safety Injection RH - Residual Heat Removal System CBS - Containment Spray System CS - Chemical and Volume Control System Bypassed or inoperability of these auxiliary systems (SW, CC) would automatically indicate, both on the VAS and the system inoperative status monitoring lights, all safety systems which are affected.
Reference logic drawings:
M-503277 - M-503973 M-503259 - M-503768 M-503918 - M-503372 3. -.
~ -.. - -
ADDITIONAL
RESPONSE
The handout will be revised to indicate that alarms and indicators 5/12 are provided. The indication on the bypass and inoperable status panel is on the. system level for each train. All automatic initiation is through the VAS.. Indication on the status panel is manually initiated in response to the VAS alarm or when the system is bypassed or made inoperable with devices not monitored by the i'
VAS. The VAS and the status panel have logic that will indicate all systems made inoperable when a support l 7//f system is inoperable.
i_
Typographical errors on A7 and A8 wi21 be corrected.
This items reartna open pending the review of the VAS.
After the meeting, a note to clarify the service water indicators was added to Al of the 3/23 handout. A8 was deleted as the Diesel Generator status monitoring lights and alarms are not considered part of the bypass and inoperable status monitoring system, since the events monitored occur less than once per year. FSAR 7.1.2.6, copy attached, will be revised.
ADDITIONAL
RESPONSE
Item A8, diesel generator, will be returned to the list as data 7/15 for other diesels indicate that they may require maintenance outages more than once per year.
The functions that are listed all initiate a VAS common alarm which indicates that a train is inoperable,-TRN EMERG POWER INOPERABLE.
)
Diesel generator status is indicated on the diesel generator status light panel on Section HF of the MCB, not on the bypass and inoperable status light panel on Section CF of the MCB. These status monitoring lights along with specific and common VAS alarms provide continuous status of the diesel generators.
We will add the bypass / inoperable status monitoring system i
pushbuttons to the computer inputs that initiate the VAS
~
+
bypass / inoperable alarms. A system level alarm will be initiated if'the redundant trains are bypassed /pade inoperable. This will ensure that the same information on system status is available at the monitoring system or through the VAS. A summary of the current status of the VAS bypass / inoperable alarms will be available on demand to ensure that operator is aware of the status of redundant systems when a system is bypassed /made inoperable.
420.21 Summarize the status of those instrumentation and control items (7.1) discussed in the Safety Evaluation Report (and supplements) issued for the construction permit which required resolution during the operating license review.
RESPONSE
There are no unresolved items relating to Chapter 7 of the SAR 3/23 identified in the construction permit SER (Supplements 1 to 4).
-g.
y
- s..,..
mi_._.-,.
,~,--.,.c
- - - ~,
STATUS:'
Closed.
5/12 420.12 Various instrumentation and control system circuits in the plant
-(7.1.2.2)
(including the reactor protection system, engineered safety features actuation system, instrument power supply distribution System) rely on certain devices to provide electrical isolation espability in order to maintain the independence between_ redundant safety. circuits and between safety circuits and non-safety circuits.
1.
Identify the type of isolation devices-which are.used as boundaries to isolate non-safety grade circuits from the safety grade circuits or to isolate redundant safety grade i-circuits.
-2.
Describe the acceptance criteria.and tests performed for each isolation device which is identified in response to Part 1 a bove. This information should address results of analyses or tests performed to demonstrate proper isolation and should assure that the design does not compromise the required protective system function.
RESPONSE
1.
BOP uses the same type W 7300 system, with the same 3/23 qualifications, as is used by NSSS (NSSS equipment f or Seabrook is identical to that for SNUPPS).
2.
Radiation data management system will require submittal of farther documentation of isolation devices used.
3.
Power supply distribution isolation is covered under RAI 430.40A.
STATUS:
The only open item is the description of the RDMS isolation 5/12 devices that is deferred to the next meeting.
-420.13 The discussion in Section 7.1.2.2 states that Westinghouse tests (7.1.2.2) on the Series 7300 PCS system' covered in WCAP-8892 are considered (7.5.3.3) applicable to Seabrook. As a result of these tests, Westinghouse (7.7.2.1) has stated that the isolator output cables will be allowed to be routed with cables carrying-voltages not exceeding 580 volts ac or 250 volts dc.
The discussion of isolation devices in Section -
7.5.3.3 of the FSAR, however, considered the maximum credible fault accidents of 118 volts ac or 140 volts de only. Also, the statement in Section 7.7.2.1 implies that the isolation devices were tested with 118 volts ac and 140 volts de only. In order to Jelarify the apparent inconsistency, provide the following:
(a) Specify the type of isolation devices used for Seabrook process instrumentation systan.
If they are not the same as the Series 7300 PCS tested by Westinghouse, specify the fault voltages for which they are rated and provide the supporting test results.
-(b) Provide information requested in (a) above for the isolation devices of the nuclear instrunantation system. As implied in WCAP-8892, the tests on Series 7300 PCS did not include the nuclear instrumentation system.
(c) Describe what steps are taken to insure that the maximum credible' fault voltages which could be postulated in Seabrook, as a result of BOP cable routing design, will not exceed those for which the isolation devices are qualified.
RESPONSE
The isolation devices used are as described in 420.12.
3/23 Isolation device design is identical and has been qualified the same as for SNUPPS. The routing of cables leaving the cabinets is consistent with the interf ace criteria in WCAP 8892A.
STATUS:
Closed.
5/12 420.14 The FSAR information provided describing the separation criteria (7.1.2.2) for instrument cabinets and the main control board is insufficient. Please discuss the separation criteria as it pertains to the design criteria of IEEE Standard 384-1977, Sections 5.6 and 5.7.
Detailed drawings should be used to aid in verifying compliance with the separation criteria.
RESPONSE
Handout submitted to staff. Overview of main control board was 3/23 presented using drawings and pictures. FSAR Sections 7.1.2.2 and 1.8 will be revised to be applicable to both balance of plant and NSSS control panels. The design criteria of IEEE Standard 384-1977, Sections 5.6 and 5.7 for the main control board and instrument cabinets has been met.
STATUS:
Amendment 45.
7/15 HANDOUT:
1.
Instrument Cabinets 3/23 Section 5.7 of IEEE-384-1977 is met by having independent cabinets for redundant Class 1E instruments, examples of this separation may be found on instrument cabinets MM-CP-152A and MM-CP-152B, both located in the main control room, control building Elevation 75'-0".
2.
Main Control Board (MCB)
Sections 5.6.1 through 5.6.6 of IEEE-384-1977 are met as follows, and as described in UE&C Specification 9763-006-170-1, Revision 5:
(a) Section 5.6.1 - The main control board, seismically qualified by analysis and testing per UE&C Specifications 9763-006-170-1 Revision 5, and 9763-SD-170-1, Revision 0, is located in the main. -
control room of the Seabrook station control building (Elevation 75'-0") which is a Seismic Category I structure.
(b) Sections 5.6.2 through 5.6.6 - MCB Zone "B" (front contains the low pressure safety injection; rear contains miscellaneous systems like steam generator blowdown, heat removal, spent fuel) will be used to describe compliance with above referenced sections of IEEE-384-1977. UE&C drawings 9763-F-510102 Revision 6, 9763-F-510ll5 Revision 4 and 9763-F-510ll6 Revision 4 could be used to ascertain the compliance with the standard.
b.1 Internal Separation (5.6.2) - the front section of Zone B is divided into Class 1E train "A" (and it's associated non-Class lE circuits train "AA")
on the lef t-hand side, separated from the Class lE train "B" (and it's associated non-Class lE circuits train "BA") by a full-size-top-to-bottom steel barrier. However, due to process requirements there are instruments of the opposite
- train, "B", on the train "A" side; they are separated by a steel enclosure fully surrounding the instrument or open at the rear after a depth 6" deeper than the instrument itself.
The rear section of Zone B is all Class lE train "A" or it's associated non-Class 1E circuit train "AA".
Again, as in the front section due to process requirements, there are instruments of the opposite train which are separated by a steel enclosure in the same fashion as in the front section.
Refer to next Item, b.2, for wiring separation.
b.2 Internal Wiring Identification (5.6.3) - All wiring within each section is identified by different jacket colors, as follows:
i L
Class lE train "A"
- red Class lE train "B"
- white i
Non-Class 1E train "AA" - black with red stripe Non Class lE train "BA" - black with white stripe Each wire / cable insulation is qualified to be flame retardant per either IPCEA-S-19-81 (NEMA l
WC3) paragraph 6.13.2 or UL-44 Section 85 or IEEE Standard-383 Section 2.5.
In addition, all wiring within each section is run in covered wireways formed from solid or punched sheet steel. Minimum j
wire bundles were allowed where it was physically impossible to install wireways or where it would have been hazardous to the operator / maintenance personnel.
l Class lE and Non-Class 1E wiring of the same train are run in the same wireway. The wireways were further identified with red "A" or white "B" to depict the train assignment of the wire being run within the particular wireway.
b.3 Common Terminations (5.6.4) - No common terminations were allowed in the MCB.
b.4 Non-Class lE Wiring (5.6.5) - Class lE and Non-Class 1E associated circuits wiring of the same train are run.together in the same metallic wireway but are separated by specific identifying jacket colors as described above (b.2).
b.5 Cable Entrance (5.6.6) - Field cables to be terminated on the MCB terminal blocks are routed in train assigned raceways through the cable spreading room which is located directly under the main control room (refer to UE&C Drawing 9763-F-500091, Revision 6).
The raceways run all the way up to the floor slots of the same assigned train located in the floor right underneath the MCB.
(The floor slots location and train assignment are shown on UE&C Drawings 9763-F-500100 Revision 6, 9763-F-101347 Revision 5 and 9763-F-310432 Revicion 8).
420.15 Identify all plant safety-related systems, or portions thereof, (7.1) for which the design is incomplete at this time.
RESPONSE
The design of all safety-related systems has been completed. The 3/23 design details associated with procurement and installation are on going in accordance with the project schedule.
STATUS:
Closed.
5/12 420.16 Identify where microprocessors, multiplexers, or computer systems (7.1) are used in or interface with safety-related systems.
l
RESPONSE
NSSS does not use microprocessors, multiplexers or computers in or l
3/23 to interface with safety-related systems (multiplexors are used for information transmission).
The radiation data management uses microprocessors and computers.
(
Detailed descriptions on how the system works will be submitted later.
I l
ADDITIONAL
(
RESPONSE
The RDHS is functionally identical to the systems installed at 5/12 Byron-Braidwood, St. Lucie 2, Waterford 3, SNUPPS and Comanche l
Peak.
l
! t l
l
NRC will review handout presented, copy attached. More information is needed on the 1E microprocessor sof tware and design features.
The Class lE monitors are identified in FSAR Tables 12.3-13, 12.3-14 and 12.3-15.
They are described in Section 12.3.4.
'420.17 The. FSAR information which ' discusses conformance to Regulatory (7.1)
Guide 1.118 and IEEE-338 is insufficient. Further discussion is (7.2) required. As a minimum, provide the following information:
(7.3)
(1.8) 1.
Confirm that the. Technical Specifications will provide detailed requirements for the operator which insure that blocking of a selected protection function actuator circuit is returned to normal operation' af ter testing.
2.
Discuss response time testing of BOP and NSSS protection systems using the design criteria described in Position C.12 or Regulatory Guide 1.118 and Section 6.3.4 of IEEE 338.
Confirm that the response time testing will be provided in the Technical Specifications.
- 3..
The FSAR states that, " Temporary jumper wires, temporary test instrumentction, the removal of fuses and other equipment not hard-wired into the protection sluten will be used where applicable". Identify where procedures require such operation. Provide further discussion to describe how the Seabrook test procedures for the protection systems conform to Regulatory Guide 1.118 (Revision 1) Position C.14 guidelines. Identify and justify any exceptions.
4.
Confirm that the Technical Specifications will include the RPS and ESFAS response times for reactor trip functions.
5.
Confirm that the Technical Specifications will include i
response time testing of all protection system componenta, from the sensor to operation of the final actuation device.
6.
Provide an example and description of a typical response time test.
RESPONSE
Handout was distributed and found acceptable with changes 3/23 discussed during meeting. The revised handout is included in the meeting minutes.
STATUS:
Amendment 45, will be. changed to commit to R2, 6/78 to correct 7/15 editorial error.
HANDOUT:
1.
Technical Specification Tables 3.3-1 reactor trip system, 3/23 3.3-3 engineered safety features actuation, and 3.3-5 reactor trip /ESF actuation system interlocks, provide the operator with the minimum operable channel criteria and the
[-
appropriate action statement.
l !
l l
2.
BOP and NSSS protection system time response tests will be conducted in accordance with Regulatory Guide 1.118 Revision 1, IEEE-338-1975, ISA dS67-06, and draft Regulatory Guide Task IC 121-5, January, 1982, with the following exceptions and positions:
(a) Task IC 121-5 Regulatory Position Cl states that the term " nuclear safety-related instrument channels in nuclear power plants" should be understood to mean instrument channels in protection systems.
4 (b) Response time testing will be performed only on those channels having a limiting response time established and credited in the safety analysis.
(c) The revised discussion of Regulatory Guide 1.118 in FSAR Section 1.8 (copy attached).
Response time testing is specified in Tables 3.3-2 and 3.3-4.
3.
It is not anticipated that any Seabrook test procedures performed on protection systems will require the use of temporary jumpers, lifted wires or pulled fuses. All procedures will, in fact, utilize the hard-wired test points within the system and therefore, comply with Regulatory Guide 1.118, Revision 1, Position C14.
If during plant operation, conditions or test requirements show that deviation from this guide is the only practical method of obtaining the desired test results, then all affected testing will be performed and documented under the control of a special test procedure. We will inform ICSB, prior to licensing, of any temporary modifications identified during preparation af the surveillance procedures.
4.
Response times are specified in Tables 3.3-2 and 3.3-4.
5.
Compliance with Regulatory Guide 1.118. Revision 1 IEEE-338-1975, and ISA dS67-06 ensures that the complete channel is tested with the exception noted on Table 3.3-2 of l
Seabrook Technical Specifications.
i l
6.
Response time tests have not yet been prepared. Test methods
(
to be eeployed are uutlined below:
Pressure Sensors The process variable will be substituted by a hydraulic ramp, the ramp rate to be selected based on the transient for which the sensor is required to respond.
I l
In the event that the sensor is required to respond to more I
than one transient, the ramp rates will be selected to represent the fastest and slowest transients.
i l
l l l
l i
Temperature Sensors Will be tested in place using the loop current step response (LCSR) method. See NUREG-0809.
Impulse Lines Tests will be conducted during the startup testing phase to establish the relationship between response time and impulse line flow, sub-sequent tests will be limited to flow testing.
Electronic Channel The signal conditioning and logic section of the instrument channel will be tested by inputting a step change at the input of the process racks, and measuring the time required until the final device in the channel actuates.
420.18 It is stated in FSAR Section 7.1.2.11 that, "A periodic (7.1.2.11) verification test program for sensors within the Westinghouse scope.for determining any deterioration of installed sensor's response time, is being sought". NUREG-0809, " Review of Resistance Temperature Detector Time Response Characteristics",
and draf t Standard ISA-dS67.06, " Response Time Testing of Nuclear Safety-Related Instrument Channels in Nuclear Power Plants", are documents which propose acceptable methods for response time testing nuclear safety-related instreeint channels. Please
]
provide further discussion on this matter to unequivocally indicate the test methods to be used for Seabrook.
RESPONSE
See our Response to 420.17 for a discussion of the proposed 3/23 response time testing program. The referenced portion of 7.1.2.11 will be deleted (see attached copy).
STATUS:
Amendment 45.
7/15 420.19 FSAR Section 7.1.1 does not provide sufficient information to (7.1.1.1) distinguish between those systems designed and built by the nuclear steam system supplier and those designed or built by others.- Please provide more detailed information.
RESPONSE
Draft revision of FSAR 7.lel provided to staff and found 3/23 acceptable and is attached to the meeting notes.
STATUS:
Acendment 45.
7/15 420.20 Section 7.1.2.7 of the FSAR discusses conformance to Regulatory (7.1.2.7)
Guide 1.53 and IF.EE Standard 379-1972. The information provided addresses only Westinghouse provided equipment and associated topical reports. Provide a conformance discussior. that addresses the BOP portions of the plant safety systems and auxiliary systems required for support of safety systems..
- - ~.
RESPONSE
FSAR has been revised to cover single failure criteria for B0P and 3/23 NSSS and is attached to the meeting minutes.
ADDITIONAL
RESPONSE
The change to FSAR 7.1.2.7 was reworded. Copy is attached.
5/12 STATUS:
Amendment 45.
7/15 420.21 The information in Section 7.2.1.1.b.6, " Reactor Trip on Turbine (7.2.1.1)
Trip", is insufficient. Please provide further design bases disc'sssion on this subject per BTP ICSB 26 requirements. As a minimum you should:
1.
Using detailed drawings, describe the routing and separation for this trip circuitry from the sensor in the turbine building to the final actuation in the res: tor trip eystem (RTS).
2.
Discuss how the routing within the non-seismic Category I turbine building is such that the effects of credible faults or f ailures in this area on these circuits will not challenge the reactor trip system and thus degrade the RTS performance. This should include a discussion of isolation devices.
3.
Describe the power supply arrangement for the reactor trip on turbine trip circuitry.
4.
Provide discussion on your proposal to use permissive P-9 (50% power).
5.
Discuss the testing planned for the reactor trip on turbine trip circuitry.
Identify any other sensors or circuits used to provide input l
signals to the protection system or perform a function required l
for safety which are located or routed through non-seismically l
qualified structures. This should include sensors or circuits
[
providing input for reactor trip, emergency safeguards equipment j
such as auxiliary feedwater syste.m and safety grade interlocks.
l Verification should be provided to show that such sensors and l
circuits meet IEEE-279 and are seismically and environmentally qualified. Identify the testing or analyses performed which insures that failures of non-seismic structures, mountings, etc.
will not cause failures which could interfere with the operation of any other portion of the protection syster.
RESPONSE
Add to the SNUPPS response to " Reactor Trip on Turbine Trip" that l
3/23 circuits and sensors used in a non-seismic structure are Class lE l
and are run in separate conduits meeting Regulatory Guide 1.75 with the exception of seismic qualification. Hydraulic pressure and limit switches on the turbine stop valves are two examples.
the response will be attached to the meeting minutes.
=.
Permissive P-9 has an adjustable setpoint between 10 - 50%.
Reactor trip on turbine trip circuitry is testable at power.
The turbine impulse chamber-pressure transmitters are Class 1E and routed as Class lE, with the seismic exception.
There are no other safety grade sensors routed through non-seismic areas. The only safety-related outputs in non-seismic areas are signals to close the feedwater-control valves, close the condenser dump valves and trip the turbine generator. These circuits are designed as described above.
ADDITIONAL
RESPONSE
The handout was discussed and revised.
5/12 Each turbine stop valve is monitored by two independent switches.'
STATUS:
Closed. ICSB will follow PSB review of separatica per Regulatory-7/15 Guide 1.75.
IIANDOUT:
Revised SNUPPS Submittal 3/23 Evaluations indicate that the functional performance of the protection system would not be degraded by credible electrical faults such as opens and shorts in the circuits associated with' reactor trip or the generation of the P-7 interlock. The contacts of redundant sensors on the steam stop valves and the trip fluid pressure system are connected through the grounded side of the ac supply circuits in the solid state protection system. A ground fault would therefore produce no fault current. Loss of signal caused by open circuits would produce either a partial or a full-reactor trip. Faults on the first stage turbine pressure circuits would result in upscale, conservative, output for open circuits and a sustained current, limited by circuit resistance, for short circuits. Multiple failures imposed on these redundant circuits-could potentially disable the P-13 interlock.
In this event, the nuclear instrumentation power range signals would provide the P-7 i
safety interlock. Refer to Functional Diagram, Sheet 4 of Figure 7.2-1.
SSPS input circuits and sensors in non-seismic structures are Class lE.
The electrical and physical independence of the connecting cabling conforms to Regulatory Guide 1.75 as discussed in FSAR Section 1.B.
420.22 FSAR Section 7.2.1.1.b.8 states that, "The manual trip consists of (7.2.1.1) two switches with two outputs on each switch. One output is used to actuate the train A reactor trip breaker, the other output actuates the train B reactor trip breaker." sPlease describe how this design satisfies the single failure criterion and separation requirements for redundant trains.
RESPONSE
Manual trip design is identical to SKUPPS, Watts Bar, 3/23 Byron-Braidwood. Drnwing was reviewed and found acceptable.._..
STATUS:
Closed.
5/12 420.23 Describe how the effects of high temperatures in reference legs of (7.2) steam generator and pressurizer water level measuring instruments subsequent to high energy breaks are evaluated and. compensated for in determining setpoints.
Identify and describe any modifications planned or taken in response to IEB 79-21.
Also, describe the level measurement errors due to environmental temperature effects on other level instruments using reference legs.
RESPONSE
The steam generator level transmitter reference legs will be 3/23 insulated to prevent excessive heating under accident conditions.
Setpoints will include errors for high energy line breaks with the insulation.
For the pressurizer level, we will review SNUPPS report and determine applicablity to Seabrook.
REVISED
RESPONSE
SNUPPS did not insulate reference legs in containment. We are 5/12 evaluating their approach for application to Seabrook and will advise the NRC on our final corrective action.
420.24 State whether all of the systems discussed in Sections 7.2, 7.3, (7.2) 7.4 and 7.6 of the FSAR conform to the recommendations of (7.3)
Regulatory Guide 1.62 concerning manual initiation. Identify (7.4) any exceptions and discuss how they do not conform to the (7.6) recommendations. Provide justification for nonconformance areas.
RESPONSE
Systems discussed in Sections 7.2, 7.3, 7.4 and 7.6 of the FSAR 3/23 conform to the reccamendations of Regulatory Guide 1.62 concerning manual initiation. There are no exceptions taken.
STATUS:
Closed.
5/12 l
420.25 The information provided in Section 7.2.2.2.c.10.(b) on testing (7.2.2.2) of the power range channels of the nuclear instrumentation system, covers only the testing of the high neutron flux trips. Testing of the high neutron flux rate trips is not included. Provide a l
description of how the flux rate circuitry is tested periodically l
to verify its performance capability.
RESPONSE
The power range nuclear instrumentation system and all associated l
3/23 bistables including the rate trips are testable at power.
l STATUS:
Closed.
5/12 420.26 Identify where instrument sensors or transmitters supplying l
(7.2) information to more than one protection channel are located in a l
(7.3) common instrument line or connected to a common instrument tap.
The intent of this item is to verify that a single failure in a common instrument line or tap (such as break or blockage) cannot l
defeat required protection system redundancy..
RESPONSE
Identical to SNUPPS except we do not share taps for pressurizer 3/23 pressure. There_are no shared taps for redundant BOP safety instruments.
STATUS:
Closed.
5/12 l
l 420.27 If safety equipment does not remain in its emergency mode upon (7.3) reset of an engf aeered safeguards actuation signal, system nodification, design change or other corrective action should be planned to assure that protective action of the affected equipment is not compromised once the associated actuation signal is reset.
This issue is addressed by I&E Bulletin 80-06.
Please provide a discussion addressing the concerns of the above bulletin. This discussion should assure that you have reviewed the Seabrook design per each of the I&E Bulletin 80-06 concerns. Results of your review should be given.
RESPONSE
We have reviewed the electrical schematics for engineered safety 3/23 feature (ESP) reset controls.
In the Seabrook design, all systems serving safety-related functions remain in the emergency mode upon removal of the actuating signal and/or manual resetting of ESF actuation signals. The required testing (per 80-06) will be performed as part of the start-up test program described in Chapter 14.
STATUS:
Closed.
5/12 420.28 The description of the emergency safety feature systems which is (7.3.1.1) provided in the FSAR Section 7.3.1.1 is incomplete in that it does not provide all of the information which is requested in Section 7.3.1 of the standard format for those safety-related systems, interfaces and components which are supplied by the applicant and mate with the systems which are within the Westinghouse scope of supply. Provide all of the descriptive and design basis information which is requested in the standara format for these systems.
In addition, provide the results of an analysis, as is requested in Section 7.3.2 of the standard format, which demonstrates how the requirements of the general design criteria and IEEE Standard 279-1971 are satisfied and the extent to which the recocmendations of the applicable Regulatory Guide are satisfied.
Identify and justify any exceptions.
RESPONSE
Tables supplied in response to 420.32 and the additional 3/23 information to be supplied when answering 420.29 will satisfy the requirements of this question.
ADDITIONAL
RESPONSE
See 420.29.
5/12 STATUS:
Closed.
7/15 1 l l
F 4
?
L
-420.29 Confirm that the FMEA referenced in FSAR Section 7.3.2.1:
(1) is (7.3.2.1) applicable to all engineered safety features equipment within the BOP and NSSS scope of supply, and'(2) is applicable to design changes subsequent to the design analyzed in the referenced WCAP.
Rf3PONSE:
Discussion of this item was deferred to the next meeting.
3/23 ADDITIONAL
RESPONSE
The Seabrook design complies with the interface criteria in (28&29)
Appendix B of WCAP 8584, Revision 1.
The FMEA in WCAP 8584 is 5/12 applicable to all BOP and NSSS safety features equipment at Seabrook including design changes made to the systems analyzed in WCAP 8584.
STATUS:
Closed.
7/15
- s
$2'0.30 Section 7.3.2.2 of the FSAR indicates that conformance to (7.3)
Regulatory Guide 1.22 is discussed in Section 7.1.2.8.
- However, 1
Section 7.1.2.8 addresses Regulatory Guide 1.63.
Correct this discrepancy.
RESPONSE
The reference to Section'7.1.2.8 will be changed in Amendment 45 3/23 to Section 7.1.2.5 where Regulatory Guide 1.22 is addressed.
STATUS:
Amendment 45.
7/15 4Lv.31 Using detailed drawings, discuss.the automatic and manual operation (7.3.2.2) of the containment spray system including control of the chemical additive system. Discuss how testing of the containment spray system conforms to the recommendations of Regulatory Guide 1.22 and the requirements of BTB ICSB 22.
Include in your discussion the tests to be performed for the fir.a1 actuation (
iices.
RESPONSE
Draft of response submitted to staff. Overview of containment 3/23 spray system was presented using drawings. System description and operation were reviewed. Staff questioned redundancy of temperature system. Tank temperature is monitored by a temperature indicating switch that actuates a VAS alarm and by an independent temperature indicating controller that controls auxiliary steam to the tank. Fluid systems are totally separable into trains "A" and "B".
The electrical systems are also completely separable into trains "A" and "B" as per the piping systems. Provisions are available for on-line testing of CBS system as described in FSAR 7.3.2.2.
The assignment of components to slave relays for on-line testing is indicated in the ESF table in the response to 420.32.
ADDITIONAL
RESPONSE
The response was clarified to specify that the spray additive 5/12 tank is the tank being discussed.
This' item is considered closed. !
~
420.32 Please provide a table (s) listing the components actuated by the (7.3) engineered safety features actuation system. As a minimum, the table should include:
1.
Action required, 2..
Component description, 3.
Identification number,
- 4..
Actuation signal and channel.
RESPONSE
Tables supplied at the meeting are attached.
3/23 STATUS:
Closed.
5/12 420.33 Section 7.3.2.2.e.12 discusses testing during shutdown. Describe (7.3.2.2) provisions for insuring that the " isolation valves" discussed here are returned to their normal operating positions after test.
RESPONSE
Administrative controls to ensure that equipment and systems are 3/23 restored to normal af ter testing will be addressed in equipment control procedures that follow the guidance of ANS 18.7, 1976.
The system inoperative status monitoring panel will be manually actuated when a system is made inoperative.
STATUS:
Closed.
[
5/12 420.34 Portions of paragraph 7.3.1.2.f, appear not to apply to ESFAS (7.3) response times. In particular, the discussion on reactor trip breakers, latching mechanisms, etc., should be replaced by a l
discussion of ESF equipment time responses. The applicant should provide a revised discussion for ESFAS (a) defining specific beginning and end points for which the quoted times apply, and (b) relating these times to the total delay for all equipment and to r
l the accident analysis requirements.
RESPONSE
FSAR 7.3.1.2.f will be revised as indicated on the attached markup.
3/23 l
STATUS:
Amendment 45.
7/15 1
1 420.35 Using detailed drawings, describe the ventilation systems used to i
(7.2 & 7.4) support engineered safety features areas including areas containing systems required for safety shutdown. Discuss the design bases for these systems including redundancy, testability, etc.
RESPONSE
Overview given at meeting on HVAC system for control room.
.3/23 Equipment for system is redundant and safety grade. The HVAC instrumentation and control required for safety-related equipment is Class 1E and trains "A" and "B" oriented. Radiation detectors j
_for intake air are redundant and safety related. Other systems in the control building are redundant and safety related.
Control of safety-related HVAC systems are operated from the control room and those systems required for remote safe shutdown
.also have local control. The control room outside air intake lines are shared between Unite 1 acd 2.
Each unit has its own controls and isolation valves.
STATUS:
Closed.
5/12 420.36
.Using detailed system schematics, describe how the Seabrook (7.3.2.3) auxiliary f eedwater system meets the requirements of NUREG-0737, TMI Action Plan Item II.E.1.2 (See question 420.01). Be sure to include the following information in the discussion:
a) the effects of all switch positions on system operation.
b) the effects of-single power supply failures including the effect of a power supply failure on auxiliary feedwater control af ter automatic initiation circuits have been reset in a post-accident sequence.
c) any bypasses within the system including the means by which j
it is insured that the bypasses are removed.
i d) initiation and annunciation of any interlocks or automatic isolations that could degrade system capability.
e) the safety classification and design criteria for any air systems required by the auxiliary feedwater system. This should include the design bases for the capacity of air reservoirs required for. system operation.
f) design features provided to terminate auxiliary feedwater flow to a steam generator affected by either a stear. line or feed line break.
g) system features associated with shutdown from outside the control room.
RESPONSE
Overview of emergency feedwater system was presented to staff 3/23 using drawings for description of system operation.
Emergency feedwater system was discussed with staff and it is considered an open item. Significant concerns identified:
I a)
Lack of safety grade air system.
b)
Single failure in pneumatic control valve.
c)
Loss of one train of power while operating from remote safe shutdown panel.
4 -
d)
On-off control of the EFW control valves.
STATUS:
Agenda items 420.36, 420.38, 420.39, 420.40, 420.41, 420.42, 5/12 420.45, 420.46,-420.47, 420.76, 420.77, the NRC letters dated 4/21/82 and 4/22/82, and RAI's from other branches are related to the general discussions of safe shutdown using safety grade equipment. We are developing our response 'to these issues and will present them in a meeting to be scheduled for Washington, D.C.
420.37 Using detailed system schematics, describe the sequence for (7.3) periodic. testing of the:
a) main steam line isolation valves b) main feedwater control valves c) main feedwater isolation valves d) auxiliary feedwater system e) steam generator relief valves f) pressurizer PORV The discussion should include features used to insure the availability of the safety function during test and measures taken to insure that equipment cannot be lef t in a bypassed condition af ter test completion.
RESPONSE
Periodic testing was discussed using detailed drawings.
3/23 Significant discussion items are:
a)
To be presented at next meeting.
b)
Standard Westinghouse testing system used.
c)
When testing main feedwater control and main feedwater isolation valves using train "A",
the system for train "B" remains completely operable.
d)
During testing of emergency feedwater pumps the discharge valve is closed and recirculation valve opened. The system inoperable indication is in accordance with Regulatory Guide 1.47.
During testing, the capability exists to test the entire ESFAS as including actuation of the EFW pump.
e)
Discussed with no comments.
f)
Discussed with no comments.
STATUS:
Discussion of the MSIV testing, Item a, is deferred pending 5/12 finalization of the design details.
The remainder of this item is closed..-
420.38 The information supplied in FSAR Section 7.4.1 does not adequately (7.4.1) describe the systems required for safe shutdown as required by Section 7.4.1 of the standard format. Therefore, provide all the descriptive and design basis information which is requested by Section 7.4.1 of the standard format. Also, provide the results of an analysis, as requested by Section 7.4.2 of the standard format, which demonstrates how the requirements of the general design criteria and IEEE Std. 279-1971 are satisfied and the extent to which the recommendations of'the applicable regulatory guides are satisfied. Identify and justify any exceptions.
RESPONSE
Staff to review handouts presented at this meet.ng and come back 3/23 with any further questions. Update list for 420.39 and submit with minutes. YAEC given written position on safe shutdown, to be forwarded formally. Rewritten FSAR 7.4 is attached.
ADDITIONAL
RESPONSE
The analog instruments associated with the remote shutdown panel 5/12 are Non-1E and are independent of the control room instruments.
The controls at the remote shutdown locations nave the same qualification as the controls at the main control board.
See 420.36.
420.39 The information supplied for remote shutdown from outside the control room is insufficient. Therefore, provide further discussion to describe the capability of achieving hot or cold shutdown from outside the control room. As a minimum, provide the following information:
a.
Provide a table listing the controls and display instrumentation required for hot and cold shutdown from outside the control room.
Identify the safety classification and train assignments for the safety-related equipment.
b.
Design basis for selection of instrumentation and control equipment on the hot shutdown panel.
c.
Location of transfer switches and remote control station (include layout drawings, etc.).
d..
Design criteria for the remote control station equipment includ$ng transfer switches.
e.
Description of distinct control features to both restrict and to assure access, when necessary, to the displays and controls located outside the control room.
f.
Discuss the testing to be performed during plant operation to verify the capability of maintaining the plant in a safe shutdown condition from outside the control room. _.
- g..
Description of isolation, ceparation and transfer / override provisions. This should include the design basis for preventing electrical interaction between the control room and remote shutdown equipment.
h.
Description of any communication systems required to coordinate operator actions, including redundancy and separation.
1.
Description of control room annunciation of remote control or overridden status of devices under local control.
j.
Means for ensuring that cold shutdown can be accomplished.
k.
Explain the footnote in FSAR Section 7.4.1.4 which states that, " Instrumentation and controls for these systems may require some modification in order that their functions may be performed from outside the control room".
Discuss the modifications required on the instrumentation and controls of the pressurizer pressure control including opening control for pressurizer relief valves, heaters and spray and the nuclear instrumentation that are necessary to shutdown the plant from outside the control room. Also discuss the means of defeating the safety injection signal trip circuit and closing the accumulator isolation valves when achieving cold shutdown.
RE',<0NSE :
Sce 420.38.
3/23 ADDITIONAL
RESPONSE
We will investigate the absence of pressurizer level indication in 5/12 the table that was provided in response to Item a.
Response to Item g should refer to 7.4.1.1 and 7.4.1.3.a.5 vice 7.4.11.
See 420.36.
HANDOUT:
a)
Table is attached.
3/23 l
b)
See response to item 440.13 (attached).
1 l
c)
Transfer switches are at the same location as the controls.
d)
Controls are the same safety classification as the ccatrols in the control room. Instrumentation is not safety-related.
l e)
The controls are located in areas that are controlled by the security system. The transfer switches are key-locked.
l f)
Verification of the capability of maintaining the plant in a safe shutdown condition from outside control room will be in j
accordance with commituent in Chapter 14, Table 14.2-5, Item 33.
Reactor coolant pumps will not be tripped for this j
l l.__
i test. Verification of natural circulation will be in accordance with commitment in Chapter 14, Table 14.2-5, Item 22.
g)
Isolation is discussed in FSAR 7.4.1.1 and 7.4.1.3.a.5.
h)
See response to 430.67 (attached).
1)
Any switch that is in the local position is alarmed by the L
VAS.
j)
See Items a and b.'
k)
The footnote has been deleted. See rewritten 7.4 submitted in 420.38.
)
420.40 Concerning safe shutdown from outside the control roos, discuss the likelihood that the auxiliary feedwater system will be automatically initiated on low-low steam generator level following a manual reactor trip and describe the capability of resetting the initiating logic from outside the control room. Dascribe the method of controlling auxiliary feedwater from outside the control room.
RESPONSE
'Even though the emergency feedwater system may be automatically 3/23 initiated as the main control room is evacuated, the emergency feedwater system can be controlled from the remote safe shutdown panel. Additional information required by staff is furnished in the response to 420.38 and 420.39.
l
. STATUS:
See 420.36.
s 5/12 420.41 Subsection 7.4.2 states that, "The results of the analysis which (7.4.2) determined the applicability to the Nuclear Steam Supply System safe shutdown systems of the NRC General Design Criteria, IEEE Standard 279-1971, applicable NRC Regulatory Guides and other industry standards are presented in Table 7.1-1".
This statement does not address the balance of plant (B0P) safe shutdown ~
l systems. Also, sufficient information giving results of the analysis performed for safe shutdown systems cannot be found from Table 7.1-1.
Therefore, provide the results and a detailed discussion of how the BOP and NSSS systems required for safe j
shutdown meet GDCs 13, 19, 34, 35, and 38; IEEE Standard 279
(
requirenents;_ Regulatory Guides 1.22, 1.47, 1.53, 1.68, and 1.75.
l Be sure that you include a discussion of how the remote shutdown
~
station complies with the above design criteria.
RESPONSE
Closely related to Items 38 and 39.
Staff will review to see if
(
.3/23 more response is required.
STATUS:
See 420.36.
j 5/12 l
! lL
420.42 FSAR Section 7.4.2 states that, "It is shown by these analyses, (7.4.2) that safety is not adversely affected by these incidents, with the associated assumptions being that the instrumentation and controls indicated in Subsections ).4.1.1 and 7.4.1.2 are available to control and/or monitor shutdown". Please provide a discussion pertaining to the phrase " associated assumptions". Your discussion should address loss of offsite power associated with plant load rejection or turbine trip.
RESPCNSE:
Covered in the response to 420.38.
3/23 STATUS:
See 420.36.
5/12 420.43 Please discuss how a single failure within the station service (7.4.2) water system and/or the primary component cooling water system affects safe shutdown.
RESPONSE
Each of the independent and redundant flow trains of the station 3/23 service water system and the primary component cooling water system is capable of performing their safety functions necessary to effect a safe shutdown assuming a single failure. See Sections 9.2.1, 9.2.2 and 9.2.5 for further details.
STATUS:
Closed.
5/12 420.44 Using detailed electrical schematics and logic diagrams, discuss (9.2.5.5) the tower actuation (TA) signal which is generated to isolate the normal service water system and initiate the cooling tower system. Be sure to include in your discussion the possibilities of inadvertent switchover (loss of offsite power, etc.) and the affects this would have.
RESPONSE
The tower actuation circuit is being revised. The revised 3/23 drawings will be submitted for review.
STATUS:
Implement the revised logic.
5/12 420.45 FSAR Section 7.4.2 states that, " Loss of plant air systems will not (7.4.2) inhibit ability to reach safe shutdown from outside the control room".
Using detailed drawings, please provide further discussion on this matter. Clearly indicate any function required to reach safe shutdown from outside the control room which is dependent on air and the means by which the air is provided.
RESPONSE
Instrument air system is redundant, piping is safety grade and 3/23 seismically supported but appropriate safety grade compressor has not been located. Critical to define how long system can operate from accumulator tanks. Staff questioned atmospheric relief valve as to safety classification - valve itself is safety grade but control system is not.
This item is still open.
STATUS:
See 420.36.
5/12 420.46 Describe the procedures to borate the primary coolant from outside (7.4) the control room when the main control room is inaccessible. How much time is there to do this?
RESPONSE
Handout given to NRC. Staff questioned if MOV's and controls 3/23 mentioned are safety grade. Items are safety grade. If problem exists during review, it will be covered under overall discussion of shutdown.
" Adequate time" mentioned in response is minimum of four hours.
STATUS:
See 420.36.
5/12 HANDOUT:
Boration of the primary coolant will require an alignment of the 3/23 suction of charging pumps from the refueling water storage tank (RWST) to the boric acid storage tank (BAST). This will be required once the plant starts its cooldown. The gravity feed from the BAST to the suction of the charging pumps contains manual-isolation valves located in the primary auxiliary building. The RWST suction valves contain motor-operated valves (MOV) that can be controlled from the motor control center in the switchgear. If need be, the MOV's can be operated locally. There is adeq: ate time for an operator to follow the procedure since the plant is in a safe hot shutdown condition.
420.47 Using detailed drawings (schematics, P& ids'), describe the (7.4) automatic and manual operation and control of the atmospheric relief valves. Describe how the design complies with the requirements of IEEE-279 (i.e., testability, single failure, redundancy, indication of operability, direct valve position, indication in control room, etc.).
RESPONSE
Operation of these valves from a renote location is not considered 3/23 a safety-related function; therefore, they are not designed to meet IEEE-279. Overview of operation given at meeting. Item j
still under review by staff and considered open.
I STATUS:
See 420.36.
5/12 l
420.48 Using detailed electrical schematics and piping diagrams, please l
(7.4.2) discuss the automatic and manual ope-ation and control of the l
(7.3) station service water system and the component cooling water
[
system. Be sure to discuss interlocks, automatic switchover, l
testability, single failure, channel independence, indication of l
operability, isolation functions, etc.
j
RESPONSE
Reviewed system design and operation from drawings and l
3/23 schematics. Staf f will review isolation of non-seismic portion of j
service water system during earthquake without another accident.
l l
l l..
ADDITIONAL
RESPONSE
Low service water pump discharge pressure (could be the result of 5/12 tunnel blockage due to an earthquake) will result in tower actuation (TA). The TA signal will isolate the non-seismic portion of the SW system.
420.49 The information supplied in FSAR Section 7.5 concentrates on the (7.5) post accident monitoring instrumentation and does not provide sufficient information to describe safety related display instrumentation needed for all operating conditions. Therefore, please expand the FSAR to provide as a minimum additional information on the following:
1.
ESF Systems Monitoring 2.
ESF Support Systems Monitoring 3.
Reactor Protective System Monitoring 4.
Rod Position. Indication System 5.
Plant Process Display Instrumentation 6.
Control Boards and Annunciators 7.
Bypass and Inoperable Status Indication 8.
Control Room Habitability Instrumentation 9.
Residual Heat Removal Instrumentation Please use drawings as necessary during your discussion.
RESPONSE
All except Item 6 will be covered in response to Regulatory Guide 3/23 1.97.
Summary of VAS and annunciator system will be provided.
ADDITIONAL i
RESPONSE
Letter SBN-268, dated 5/4/82, forwarded additional information on l
5/12 the main' plant computer system and the VAS.
The annunciators are standard lightboxes that respond to digital inputs. Power is supplied from inverters and the de system.
l Audible alarms and controls are shared with the VAS.
l l
The alarm sequence is:
Operator Alarm Ringback l
Condition Action Visual Audible Audible 1.
Normal Off Off Off 2.
Off Normal Fast On Off Flash 3.
Off Normal Silence Fast Off Off Flash.
4.
Off Normal Acknowledge Steady Off Off 5.
No rmal Slow Off On Flash
-(momentary) 6.
No rmal Reset Off Off Off
-The annunciator alarms are a subset of the VAS alaras and.were selected to provide essential alarms if the VAS is inoperable.
The alarm points are shown on Drawings 9763-C-509109 through 509114. Some VAS inputs are obtained from relays in the annunciator that duplicate the input to the annunciator. Failure of the VAS will not affect the annunciator.
FSAR 7.5 will be revised in our response to Regulatory Guide -1.97, Revision 2.
STATUS:
SBN-268 was-discussed on 6/21/82 by NRC/PSNH/YAEC.
Information 7/15 was requested on sof tware QA and security; control of alarm priority (criteria and method for assigning' priorities);
management-functions; and the use as a Regulatory Guide 1.47 monitor (see RAI 420.10).
420.50 If reactor controls and vital instruments derive power from common (7.5) electrical distribution systems, the failure of such electrical distribution systems may result in an event requiring operator action concurrent with failure of important instrumentation upon which these operator actions should be based. IE Bulletin 79-27 addresses several concerns related to the above subject. You are requested to provide information and a discussion based on each IE Bulletin 79-27 concern. Also, you are to:
1.
Confirm that all a.c. and d.c. instrument buses that could affect the ability to achieve a cold shutdown condition were reviewed. Identify these buses.
2.
Confirm that all instrumentation and controls required by emergency shutdown procedures were considered in the review.
Identify these instruments and controls at the system level of' detail.
l 3.
Confirm that clear, simple, unambiguous annunciation of loss l
of power is provided in the control room for each bus j
addressed in item 1 above.
Identify any exceptions.
4.
Confirm that the effect of loss of power to each load on each bus identified in item 1 above, including ability-to reach cold shutdown, was considered in the review.
5.
Confirm that the re-review of IE Circular No. 79-02 which is required by Action Item 3 of Bulletin 79-27 was extended to include both Class lE and Non-Class IE inverter supplied instrument or control buses.
Identify these buses or confirm that they are included in the listing required by Item 1 above.
RESPONSE
Refer to the uttached response to IE Bulletin 79-27 and two 3/23 attached responses to IE Circular 79-02.
1.
All 1E and non-lE 'ac 'and de instrument buses were reviewed.
l[!/I Refer to the listing of buses reviewed in the attached response to Bulletin 79-27.
2.
A list of instrumentation and controls required by emergency shutdown procedures. (Remote Safe Shutdown) will be included in the report "10 CFR 50, Appendix R; Fire Protection of Safe Shutdown Capability". No separate review of instrumentation and controls normally used for a control room shutdown has been planned.
3.
Annunciation of loss of power is provided in the main control room through Seabrook video alarm system. The wording of all alarms is subject to review by the station operating staff to insure clarity.
4.
The effect of loss of power to each load (instrument or control system) required for remote safe shutdown will be considered in the review of the fire protection of safe shutdown capability.
5.
Refer to the two attached responses to Circular 79-02.
The buses are listed in the response to Bulletin 79-27.
ADDITIONAL
RESPONSE
Item 1 was revised. We will clarify the reviews performed for 5/12 Items 2 and 4.
All required instrumentation and controls will be identified.
Our emergency procedures will contain the items requested by I&E Bulletin 79-27, Items 2.a, 2.b and 2.c.
We will provide additional information ou our inverters as requested by I&C Circular 79-02 (time-delay, modifications).
l ADDITIONAL j
RESPONSE
Item I was revised. The NRC clarified the additional information l
7/15 requested in Items 2 and 4.
A handout on inverters was reviewed I
and is included in the meeting sinutes.
HANDOUT:
Time Delay Circuits on Inverters 7/15 1.
Class IE 7.5 kVA inverters (I-1A, -1B, -IC, -1D, -lE and -lF).
There are no time delays on the voltage sensing circuits on the Class IE inverters. High de voltage at the output of the rectifier section will result in tripping the ac input only.
Power will continue,to be supplied from the 125 V de battery.
I 2.
Non-Class 1E 60 kVA inverters (I-2A and I-2B).,. _
M There are no time delays on the voltage sensing circuit, on these inverters. -High or low de voltage at the rectifier section output and high_ or low ac voltage at the inverter section output will trip the' inverter off and force en automatic transfer to the backup ac supply through the solid state transfer switch.
3.
Non-Class 1E 25 kVA inverter (1-4).
There are no time delays on the voltage sensing circuits.on l
this inverter. High or low de voltage at the inverter section input will trip the 1-7erter input breaker and force an automatic transfer to the backup ac supply through the solid state transfer switch.
No modifications to the 1E and non-1E inverter were found necessary as a result of the re-review of Id Circular 79-02.
420.51 Table 7.1-1 indicates that conformance to R.G. l.97 is discussed (7.5) in Section 7.5.3.2.
However, Section 7.5.3.2 is a section of definitions only. We find partial discussion on conformance in -
Section 7.5.3.1.
Correct Table 7.1-1.
Also, FSAR Section 1.8 states that Regulatory Guide 1.97, Revision 2, is presently being reviewed and the extent of compliance will be addressed at a later date. Discuss the plans and schedule for complying with R.G.
1.97, Revision 2.
RESPONSE
Applicant is working on response to Regulatory Guide 1.97, 3/23 Revision 2.
Schedule will be supplied at a later date.
STATUS:
We have continued to review Seabrook for compliance with Regulatory 5/12 Guide 1.97, Rev. 2.
We are following the applicable discussions within the NRC, particularly those of the CRGR in relation to SECY 82-111.
l 420.52 Provide a discussion (using detailed drawings) on the residual (7.6.2) heat removal (RHR) system as it pertains to Branch Technical Position ICSB 3 and RSB 5-1 requirements. Specifically address the following as a minimum:
s t
1.
Testing of the RHR isolation valves as required by branch I
position E of BTP RSB 5-1.
l-l 2.
Capability of operating the RHR from the control room with either onsite or only offsite power available as required by Position A.3 of BTP RSB 5-1.
This should include a
~ discussion of how the' RHR system can perform its function assuming a single failure.
3.
Describe any operator action required outside the control rcom af ter a single failure has occurred and justify.
In addition, identify all other points of interface between the Reactor Coolant System (RCS) and other systems whose design l
pressure is less than that of the RCS. For each such interface, f..
discuss the degree of conformance to the requirements of Branch Technical Position ICSB No. 3.
Also, discuss how the associated interlock circuitry conforms to the requirements of IEEE Standard 279. The discussion sh9uld include illustrations from applicable drawings.
RESPONSE
The RHR isolation valves can be tested while on RHR by operating 3/23 only one RHR pump, removing power from one valve associated with the operating pump, simulating high pressure in the isolation channel for the valve that has power removed and verifying that the associated valve in the non-operating loop closes. The system is restored, the sequence repeated for the other isolation channel, cooling shif ted to the other loop and the test sequence repeated.
NRC will review reply to RAI 440.23 and 440.24 that address power sources.
There is no other system interfacing with the reactor coolant system (RCS) whose design pressure is less than that of the RCS.
STATUS:
The NRC has concerns with the response to RAI 440.23. They are 7/15 continuing their review.
420.53 FSAR Section 7.6.4, Accumulator Motor-Operated Valves, states thac, (7.6.4)
"During plant operation, these valves are normally open, and the motor control center supplying power to the operators is de-energize d". Describe how power is removed and how the system couplies to Positions B.2, B.3 and B.4 of BTP ICSB 18 (PSB).
Also, identify any other such areas of design and state your conf ormance to the positions of BTP ICSB 18.
RESPONSE
Covered in response to 420.59.
3/23 STATUS:
Closed.
j 5/12 l
420.54 7SAR Section 7.3.1.1 states that, "The transfer from the injection (7.3.1.1) to the recirculation phase is initiated automatically and completed (7.6.5) ranually by operator action from the main control board".
j Describe automatic and manual design features permitting i
switchover from injection to recirculation mode for emergency core j
cooling including protection logic, component bypasses and overrides, parameters monitored and controlled and test I
capabilities. Discuss design features which insure that a single failure will neither cause premature switchover nor prevent switchover when required. Discuss the reset of Safety Injection actuation prior to automatic switchover fom injection to l
recirculation and the potential for defeat of the automatic i
switchover function. Confirm whether the low-low level refueling water storage tank alarms which determine the time at which the containment spray is switched to recirculation mode are safety grade.
RESPONSE
Will be discussed later.
3/23
RESPONSE
The step-by-step automatic and manual switchover operations are 5/12 described in detail in FSAR Section 6.3.2.8 and Table 6.3-7.
The ECCS/ Containment Spray Recirculation Signal is generated for each train by a combination of the safety injection signal and low-low level in the RWST. The level signal uses 2 out of 4 logic to prevent premature switchover and to ensure switchover is accomplished. Each ESF train uses completely redundant equipment for recirculation to ensure that the safety functions are accomplished. The operator is provided with safety grade indicators for RWST and containment sump level, and manual controls for all the valves required for recirculation so that rec.f rculation can be accomplished without any automatic action.
Non-safety grade but independent low-low level alarms are available from the VAS and the annunciator to alert the operator of the need for recirculation.
The safety injection signal sets latching relay K740 that requires separate action to reset af ter the safety injection signal has been reset. This ensures automatic recirculation on icw-low level in the RWST even if the safety injection signal is reset before the low-low level is reached. Lights will be provided on MCB AF and BF to indicate when K740 is latched to ensure that it is reset 7 fj-after periodic testing. The light has a lamp test feature. Its operation is also verified as part of the periodic testing.
1 ADDITIONAL
RESPONSE
The independence of the non-safety grade RWST low-low level alarms 7/15 was discussed. Details will be provided later. Level setpoints are provided in Figure 6.3-6 (Amendment 45).
420.55 FSAR Section 5.2.5.8 states that calibration and functional testing (5.2.5.8) of the leakage detection systems will be performed prior to initial (7.6) plant startup. Please provide justification since Position C.8 of Regulatory Guide 1.45 states that, " leakage detection systems should be equipped with provisions to readily permit testing for operability and calibration during plant operation".
i
RESPONSE
The electronics can be tested with plant at power. There are l
3/23 readouts that can be checked during plant operation. Radiation i
sensors can be tested at power because they have check source in them. Level sensors will be channel calibrated in accordance with l
Technical Specifications.
STATUS:
Closed.
5/12 l
420.56 As shown on Drawing 9763-M-310882 SH-B54a, two circuit breakers in (7.6) series are employed in the power and control circuits for the residual heat removal inlet isolation valves. Tripping of either breaker will remove power from the position indicating lights and valve position indication will be lost. Discuss how this l
l ;
i
arrangement complies with Branch Technical Position ICSB No. 3 which calls for suitable valve position indication to the control room.
- RESPONSE:
Handout submitted to staff. Valve position indicator lights will 3/23 be powered from different source so that true valve position will always be indicated when power is removed from valve motor.by racking out breaker. This applies to RHR interface valves.
STATUS:
Valve position indication to be revised.
5/12 RANDOUT:
Two circuit breakers in series are employed in the circuits of 3/23 motor-operated valves inside containment. This is part of the containment penetration protection provided in response to Regulatory Guide 1.63.
Refer to FSAR Section 8.3.1.1.c.7a.
Valve position' indication is provided on both RCS-RHR interface valves which are in series. As with any_ circuit, when power is removed because of a fault, indication will also be lost.-
We believe that our revised design meets the intent of ICSB 3 position B4.
In addition to the normal valve position indication lights, the valve full closed position is also monitored by the station computer to alarm whenever the valve is not fully closed and the reactor coolant system is above the pressure rating of the RHR system.
420.57 Section 7.6.2.1 indicates that the interlock circuits of the (7.6) residual heat removal isolation valves, RC-V22 and RC-V87, have a transmitter that is diverse from the transmitter associated with-valves RC-V23 and RC-V88.
Discuss the method (s) used to achieve this diversity.
RESPONSE
Different manuf acturers for pressure transmitters are used to 3/23 achieve the diversity.
STATUS:
Closed.
5/12 1
420.58 Discuss conformance of the accumulator motor-operated valves to (7.6) the recommendations of Branch Technical Positions ICSB No. 4.
RESPONSE
Handout submitted to staff. Change response to indicate valve 3/23 position is monitored through video alarm system (VAS). Details
[
of VAS will be in the response to 420.49.
Staff will review adequacy of alarm.
STATUS:
NRC review.
5/12 i. _
HANDOUT:
The design of the accumulator motor-eperated valves conforms to 3/23 the recommendations of ICSB No. 4.
Refer to FSAR Section 7.6.4 for a response to Branch Technical Positions B1 and B2.
Branch Technical Position B3:
Valve position is monitored and alarmed by the video alarm system.
Branch Technical Position B4:
The automatic safety injection signal bypasses all main control board switch functions which may have closed the SI accumulator valve.
The safety injection signal will not automatically return power to the de-energized motor control center.
420.59 Section 7.6.9 of the FSAR lists the motor-operated valves which (7.6) will be protected from spurious actuation by_ removal of _ motor and control power by de-energizing their motor control centers (MCC 522 and MCC 622). The FSAR also states that. control of the breakers supplying power to these MCCs is provided in the main control room. Provide the following information:
(a) The control the the MCC breaker from the Main Control Board for a typical Safety Injection System accumulator isolation valve is not shown on schematic diagram 9763-M-310890 Sh.
B35a. Identify the drawing where this is shown.
(b) The residual heat removal inlet isolation valves are not included in the list of valves. protected against spurious operation. State whether protection against spurious action of these isolation valves is planned and if so, provide information on how it is accomplished. If not, then justify.
RESPONSE
(a) Refer to FSAR Section 8.3.3.
Alarm is provided in the 3/23 control room when the breaker is closed.
(b) Reply given in response to RAI 440.23 and will be reviewed by the staff.
ADDITIONAL I
RESPONSE
We will explain the operation of valves 35, 16, 89, 90 and 93 and 5/12 the effects of failure of valve 93 or its position switches.
STATUS:
The valve interlocks were discussed during the meeting held 7/15 June 23, 1982. Additional information on interlock testing is required.
420.60 The following apparent errors have been noted in the schematic (7.6) diagrams.
l (a) Drawing M-310980, Sh. B35d, Rev. 0 l !
Contacts 5-5C on LOCAL REMOTE SWITCH SS-2403 appear incorrectly developed..An X indicating contacts closed should appear under the REMOTE column for contact 5 to allow remote closing of the accumulator valves.
(b) Drawing 9763-M-310900, Sh. B52a, Rev.1 l
Motor starter 42 open coil is mislabeled 42/C.instead of 42/0.
RESPONSE
We agree with your observation of drawing errors on the two 3/23 schematic sheets mentioned and.this will be corrected in the next revision of - these drawings.
STATUS:
Closed.
5/12 420.61 FSAR Section 7.6.6 discusses interlocks for RCS pressure control (7.6.6) during low temperature operation. Using detailed schematics, discuss how this interlock system complies with Positions B.2,.
B.3, B.4 and B.7 of BTP RSB 5-2.
Be sure to discuss the degree of redundancy in the logic for the low temperature interlock for the RCS pressure control. Also, include a discussion on block valve control.
RESPONSE
Reply f or the low temperature operation of the RCS pressure 3/23 control will be under RAI 440.11.
The block valves and manual controls are Class 1E, train oriented, l
with controls being on the main control board.
REVISED i
RESPONSE
Design of the cold overpressure interlocks will be changed to 5/12 make them single failure proof.
420.62 If control systems are exposed to the environment resulting from (7.7) the rupture of reactor coolant lines, steam lines or feedwater lines, the control systems may malfunction in a manner which would cause consequences to be more severe than assumed in ' safety analyses.
I&E Information Notice 79-22 discusses certain non-safety grade or control equipment, which if subjected to the
[
ddverse environment of a high energy line break, could impact the safety analyses and the adequacy of the protection functions performed by the safety grade systems.
The staff is concerned that a similar potential may exist at light water facilities now under construction. You are, therefore, requested to perform a review per the I&E Information Notice 79-22 concern to determine what, if any, design changes or operator actions would be necessary to assure that high energy line breaks will not cause control system failures to complicate the event beyond the FSAR analysis. Provide the results of your review including all identified problems and the manner in which you have resolved them.
. i
.=>.e.
-,o
.,-._..-..m_....
- -, - - - - -nm_,wr=
The speciff.c " scenarios" discussed in the above referenced.
Information N' tice are to be considered as examples of the kinds-o of interactions which might occur. Your review should include those scenarios, where applicable,- but should not necessarily be limited to them.
RESPONSE
We will identify key control systems that effect plant safety and~
3/23 analyze for ef fects of high energy line break. Review will be completed and formal response to I&E Information Notice _79-22 submitted.
STATUS:
We'have received the mezo-from Check to Tedesco that provides (420.62 &
additional guidance. Our review is in progress.
.63) 5/12 i
420.63 If two or more control systems receive power or sensor information 4
(7.7) from common power sources or common sensors (including common headers or impulse lines), f ailures of these power sources or i
sensors or rupture / plugging of a common header or impulse line could result in transients or accidents more severe than considered in plant safety analyses. A number of concerns.have been expressed regarding the adequacy of safety systems in mitigation of the kinds of control system failures that could actually occur at nuclear plants, as opposed to those analyzed in FSAR Chapter 15 safety analyses. Although'the Chapter 15 analyses are based on conservative assumptions regarding failures of single control systems, systematic reviews have not been reported to demonstrate that multiple control system failures beyond the Chapter 15 analyses could not occur because of single events.
Among the types of events that could initiate such multiple-failures, the most significant are, in our judgment, those resulting from failure or malfunction of power supplies or sensors common to two or more. control systems.
To provide assurance that the design basis event analyses adequately bound multiple control system failures, you are requested to provide the following information:
1 (1) Identify those control systems whose failure or malfunction j
could seriously impact plant safety.
}
(2) Indicate which..if any, of the control systems identified in
(
(1) receive power from common power sources. The power l
sources considered should include all power sources whose failure or malfunction could' lead to failure or malfunction-of more than one control system and should extend to the effects of cascading power losses due to the failure of higher level distribution panels and load centers.
(3). Indicate which, if any, of the contcol systems identified in j
Item 1 receive input signals from common sensors. The sensors considered should include, but should not necessarily be limited to, common hydraulic headers or impulse lines feeding pressure, temperature,- level or other signals to two or more control systems. -
(4) -Provide justification that any simultaneous malfunctions of the control systems identified in (2) and (3) resulting from f ailures or malfunctions of the applicable common power source or sensor are bounded by the analyses in Chapter 15 and would not require action or response'beyond the capability of operators or safety. systems.
RESPONSE
We will submit formal response similar to that submitted on other
-3/23 Westinghouse plants.
STATUS:
See 420.62.
5/12 420.64 FSAR Section 7.7.1 discusses steam generator water level control.
(7.7.1)
. Discuss, using detailed drawings, the operation of this control system. Include information on what consequences (i.e.,
overfilling the steam generator and causing water flow into the steam piping, etc.) might result from a steam generator-level control channel failure.- Be sure to discuss the high-high steam generator level logic used for main feedwater isolation.
RESPONSE
High-high steam generator ' level trip will be changed to' two out of 3/23 four logic.
ADDITIONAL
RESPONSE
S/G level is not programmed as a function of power level. - 420.67 5/12 from the draft memo dated 3/22/82 is now 420.70.
420.65 Recent review of a plant (Waterford) revealed a situation where (7.2) heaters are to be used to control temperature and humidity within (7.3) insulated cabinets housing electrical transmitters that provide
-input signals to the reactor protection system. These cabinet heaters were found to be unqualified and a concern was raised since possible failure of the heaters could potentially degrade the transmitters, etc.
Please address the above design as it pertains to Seabrook. If cabinet heaters are used, then describe as a minimum the design criteria used for the heaters.
I
RESPONSE
Class 1E electronic transmitters are not mounted in an insulated 3/23 cabinet with heaters for temperature and humidity control. The subject design, therefore, does not pertain to Seabrook.
STATUS:
Closed.
(
5/12 Note:
The NRC meno dated March 22, 1982, on the SSPS slave relay contacts is now 420.81.
420.66 It is not clear from the drawings provided and the description of (7.2) the turbine trip circuits and mechanisms that the equipa+ int used to trip the turbine following a reactor trip meets the criteria applicable to equipment performing'a safety function.
- ~
It is the staff position that the circuits and equipseent used to trip the turbine following a reactor trip should meet the criteria applicable-to a safety function with the exception of the fact that the circuits may be routed through non-seismic qualified.
structures and the turbine itself is not seismically qualified.
Please provide further discussion on how the Seabrook design meets the staff position.
. RESPONSE:
We will comply with the attached Westinghouse Interface Criteria 5/12 for Implementation of Turbine Trip on Reactor Trip. We are discussing the design changes required with. General Electric Co.,
the turbine. supplier.
420.67 The reactor coolant system hot and cold leg resistance temperature (7.2) detectors (RTD) used for reactor protection are located in reactor coolant bypass loops. A bypass loop from upstream of the steam generator.to downstream of the steam generator is used for the hot leg resistance temperature detector and a bypass loop from downstream of the reactor coolant pump to upstream of the pumps is used for the cold leg resistance temperature detector.' The magnitude of the flow affects the overall time response of the temperature signals provided for reactor protection.
1 It is the staff's position that the magnitude of the RTD bypass loop flow be verified to be within required limits at each refueling period and that this requirement be included into the plant technical specifications. Please provido discussion on how the Seabrook design complies with the staff's position. If there are any exceptions please describe and provide justification.
RESPONSE
Westinghouse letter SNP-4340, attached, evaluates the potential 5/12 for reduced flow in the RTD Bypass System due to corrosion product deposition. Based on their analysis, we do not consider flow reduction due to crud to be a problem.
i We will verify the bypass flow rates during the preoperational testing program. The low flow alarm in the combined return line will be set at a value to indicate unacceptable flow degradation l
in either the cold or hot leg bypass manifolds.
This response is the same as was made to Catawba.
[
l This item is open pending NRC review.
l l
STATUS:
The NRC reiterated the position that the bypass flow be 7/15 reverified each refueling. Technical Specification revision is required.
420.68 Operation of either of two manual reactor trip switches (7.2) de-energizes the reactor trip breaker undervoltage ' coils and, at the same time, energizes the breaker shunt coils for the breakers associated with both protection logic trains.
f s !
_ _ _. _ _ _ _ _ _ - ~ _, - _ _ _, -
It is the staff's position that the plant technical specifications include a requirement to periodically, independently verify the operability of the undervoltage and shunt trip functions. Please describe how the Seabrook design complies'with our position.
If' there are any exceptions please-identify with sufficient justification.
RESPONSE
We defer response pending generic resolution of this item by 5/12 Westinghouse and the NRC (Ref. NS-EPR-2588, dated 4/29/82).
STATUS:
The NRC has responded to the Westinghouse letter.. Issue is
?/15 still open.
420.69 Several. safety system channels make use of lead, lag or rate signal (7.2) compensation to provide signal time responses consistent with assumptions.in the Chapter 15 analyses. The time constants for these signal compensations are adjustable setpoints within the
~
analog portion of the safety system. The staff position in that the time constant setpoint be incorporated into the plant technical specifications. Please provide a discussion on thic matter.
RESPONSE
-The time constants are in Tables 2.2-1 and 2.2-2 of the Technical 5/12 Specification. Attached is a revised Table 2.2-2 with editorial.
corrections and inclusion of the time constants that clarify Item 4.E.
STATUS:
Amendment 45.
7/15 420.70 The present Seabrook design shows that three steam generator level (7.2) channels are to be used in a two-out-of-three logic for-isolation (7.3) of feedwater on high steam generator level and that one of the three level channels is used for control. This design for actuation of feedwater isolation does not meet Paragraph 4.7 of IEEE-279 on " Control and Protection System Interaction". For example, the failure of the level channel used for control in the i
low direction could defeat the redundancy requirements (i.e., a l
single failure of one of the remaining channels defeats the l
two-out-of-three requirements). Therefore it is the staff's l
position that the system be modified (i.e., addition of a fourth l
protection channel) to meet the redundancy requirements or provide an analysis justifying that isolation of feedwater on high-high i
l steam generator level is not required for sarety. Please provide a discussion based on the above staff requirements.
l
RESPONSE
This was addressed'in the March 23-25 meetings as Item 420.67.
5/12 Commitment was made to change the S/G high level trip to 2 out of 4 (see 420.64).
420.71 FSAR Figure 7.2-1, Sheet 2 shows a. reactor trip initiated by a (7.2)
General Warning Alarm from the Solid State Protection System. The-information presented in the FSAR does not eufficiently describe l
this trip signal. Therefore, please provide additional information to describe and justify this reactor trip. !
-.~.
RESPONSE
The Seabrook SSPS is functionally similar to that discussed at 5/12 Catawba. FSAR Section 7.2.2.2 will be revised par attached markup as was done at Catawba.
STATUS:
Amendment 45, was added as 7.2.2.2.c.10(e).
7/15 420.72 Using detailed drawings (schematics, P&ID's), describe the (7.3) automatic and manual operation and control of the main steam and feedwater isolation valves. Describe as a minimum how the design complies with the requirements of IEEE-279 (i.e., single failu e, redundancy indication of operability, direct valve position indication in the control room, automatic actuation, etc.).
RESPONSE
(a) Discussions on circuit modifications to the MISV controls 5/12 continue. Response is deferred pending resolution (see 420.37a).
(b) The MFWIV's were discus:ed with 420.37.
420.73 Instrumentation for process measurements used for safety functions (7.3) such as reactor trip or emergency core cooling typically are (7.4) provided with the following:
a)
An indicator in the control room to provide the operator information on the process variabic being monitored which can also be used for periodic surveillance checks of the instrument transmitter.
b)
An alarm to indicate to the operator that a specific safety function has been actuated.
c)
Indicator lights or other means to inferm the operator which specific instrument channel has actuated the safety function.
d)
Rod positions, pump flows, or valve positions to verify that the actuated safety equipment has taken the action required for the safety function.
e)
Design features to allow test of the instrument channel and actuated equipment without interfering with normal plant operations.
During recent reviews, it has been found that one or more of the features above was not provided for certain instrumentation used to initiate safety functions. Examples include instrumentation used to isolate essential service water to the air compressors, instrumentation used to isolate the non-safety-related portion of the component cooling water system, and instrumentation used to isolate the spray additive tank on low-low level.
The staff position is that instrumentation provided to perform safety functions such as isolating non-seismic portions of systems, closing valves when tank levels reach low level setpoints, and similar functions should be provided with alarms.__
and indicators commensurate with the importance of the safety function and should be testable without interfering with normal plant operations.- The applicants should provide the staff with a list of all instrument-channels which perform a safety function where one or more of the features listed in a through e of the concern above are not currently provided. For each of these instrument channels, the applicants should indicate which of the features e through e are not currently provided. The staff position on these instrument channels is further that the applicants should:
a).
Provide an alarm to indicate that the safety function has been actuated if such an alarm is not in the current design.
b)
If not in the current design, provide means to inform the operator which specific channel has actuated the safety function.
c)
If not in the current design, provide indication that the actuated safety equipment has taken the action required for the safety f unction.
d)
If not in the current design, provide the capability for testing each safety function without interfering with normal plant operations and'without lifting instrument leads or using jury rigs.
The capability for testing should include the transmitter where indicators are not provided to perform operability checks of the transmitters.
The staff will previde requirements in the plant technical specifications for testing these safety functions. Please provide discussion on how the Seabrook design meets the above stated staff position.
If there are any exceptions please describe and provide 1
justification.
RESPONSE
A pralisinary list was provided. We are evaluating the missing 5/12 features and will respond at the next meeting.
420.74 On November 7,1979, Westinghouse notified the Commission of a (7.3) potential undetectable failure which could exist in the engineered safeguards P-4 interlocks. Test procedures were developed to detect failures which might occur. The procedures require the use of voltage measurements at the terminal blocks of the reactor trip breaker cabinets.
In order to minimize the possibility of accidental shorting or grounding of safety system circuits during testing, suitable test jacks should be provided to facilitate testing of the P-4 interlocks. P ovide a discussion on how the above issue will be resolved for Seabrook.
RESPONSE
In SBN-120, dated May 15, 1980, we committed to the tests described 5/12-in NS-TMA-2204..
=- -
ADDITIONAL
RESPONSE
We will provide suitable circuits for testing the P-4 interlock.
7/15 Details will be provided later.
420.75 On May 21, 1981, Westinghouse notified the Commission of a (7.3) potentially adverse control and protection system interaction (9.3.4) whereby a single random failure in the Volume Control Tank level (6.3) control system could lead to a loss of redundancy in the high head safety injection system for certain Westinghouse plants. Please determine whether this generic probic= exists on Seabrook and, if so, how the problem is to be resolved.
RESPONSE
The generic problem is applicable to Seabrook. We are evaluating 5/12 Westinghouse recommendations for procedural changes.
420.76 Discuss the likelihood that emergency core cooling will be (7.4) automatically initiated following a manual reactor trip. initiated during a temporary evacuation of the control room. For example, is it possible for the reactor coolant system to be cooled to the point that the pressurizer empties during the time interval between manual reactor trip and the time an operator can take control of auxiliary feedwater outside the control room? Analyses and operating experience from plants similar to Seabrook should be presented during the discussion. Based upon the likelihood of emergency core cooling actuation following a manual reactor trip, should the capability for resetting the equipment be provided outside the control room?
RESPONSE
See 420.36.
5/12 420.77 The FSAR states that the pressurizer auxiliary spray valve is used (7.4) during cooldown when the reactor coolant pumps are not operating (5.4.10.3) and FSAR Section 7.4 lists the auxiliary spray as a system required for safe shutdown.
FSAR Figure 9.3-13 shows this system as a single path with a siagle diaphragm operated valve. A single failure could conceivably:
l 1)
Prevent the use of auxiliary spray for cooldown, l
2)
Cause inadvertent actuation, or l
l 3)
Prevent isolation of the system.
l l
Using detailed fluid and schematic drawings, please provide l
turther discussion describing the operation of the auxiliary spray l
systen.
RESPONSE
See 420.36.
5/12 420.78 Provide a discussion on the termination of possible inadvertent (7.4) boron dilution. Will automatic equipment be used for termination?
l i ;
RESPONSE
L The revised criteria for the boron dilution accident promulgated
~
F 5/12 by NUREG-0800 are under review.
~420.79 Describe the design features used in the rod control system which (7.7.1.2) 1)
Limit reactivity insertion rates resulting from single failures within the system.
2)
Limit incorrect sequencing or positioning of control rods.
The discussion should cover the assumptions for determining-the maximum control rod withdrawal speed used in the analyses of reactivity insertion transients.
RESPONSE
Section 7.7.1.2.2 of the FSAR will be revised per attached markup 5/12 to describe features that limit reactivity insertions, maximum rod speeds and incorrect sequencing resulting from single failures within the system. This evaluation is identical to that made for the SNUPPS review. The SNUPPS and Seabrook rod control systems are functionally identical.
STATUS:
Amendment 45.
7/15 420.80 The FSAR (Section 5.2.2.8) information describing direct position indication of relief and safety valves is insufficient to allow the staff to complete its review. Therefore, please provide additional information on how the Seabrook design complies with each specific requirement of NUREG-0737, TMI Item II.D.3.
RESPONSE
The FSAR will be revised when the details of the valve position 5/12 indication system are known (see 420.05 response).
a 480.81 During the Seabrook drawing review it was discovered that safeguards actuation circuits have parallel relay contacts to handle specific load requirements. The slave relays used for the output of the solid state protection system (SSPS) have apparently been qualified by Westinghouse for use in circuits drawing a maximum current of 4.4 amps. It is our understanding that the
-Seabrook 5 Kv and 15 Ky systens expose the SSPS elave. relay i
contacts to a magnitude of 5.2 amps upon safeguards actuation.
The applicant has decided to use parallel contacts to carry the current, relying on simultaneous closure (and opening) of the safeguards contacts upon protection signal actuation.
This design concept is unacceptable to the staff. We have
-concluded that paralleling contacts may-not solve the concern with the current ratings of the Westinghouse slave relay contacts since closure (or opening) of the SSPS slave relay contacts at the exact same time cannot be assured. One set of contacts will, in most-Instances, function before its redundant counterpart thus allowing l
the full 5.2 amps to that set of contacts. Also, it appears that j
the present test methods do not allow for checking operation of l
each individual set of contacts when paralleled.
It is the staf f's position that the relays used in the protection system should be qualified for the maximum expected current.
l
- l l
- - ~.
The applicant is requested to modify the Seabrook design to comply with the above staff position.
RESPONSE
We will perform an independent test to verify the contact current 5/12 carrying capabilities of the SSPS slave relays. The test will be performed on single contacts controlling actual switchgear components.
Upon completion of the tests, the NRC will be notified on the disposition of the issue regarding the use of these relays.
The NRC expressed concern that the testing meet similar requirements as were utilized during the W testing. Departures should be justified.
. i
.. _ _ -.