ML20072B126

From kanterella
Jump to navigation Jump to search
Review of Nuclear Plant Operating Experience & Application to AP600 Design
ML20072B126
Person / Time
Site: 05200003
Issue date: 07/31/1994
From: Kerch S
WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To:
Shared Package
ML20072B122 List:
References
WCAP-14115, WCAP-14115-R, WCAP-14115-R00, NUDOCS 9408160003
Download: ML20072B126 (23)
v  d  e


Text

., , . - . - -- -u =. a .a- u - -u.= z _ . - . . . . -

Westinghouse Non-Proprietary Class 3 WCAP-14115 Revision 0 Review of Nuclear Plant Operating Experience and the Application to the AP600 Design Preparation Coordinated By:

Steve Kerch July 1994 c1994 Westinghouse Flectric Cc;po.auon All Rights Reserved 9408160003 940005 PDR ADOCK 05200003 A PDR

TABLE OF CONTENTS SECTION TITI.E PAGE NO.

Review of Nuclear Plant Operating Experience and the Application of the AP600 Design 1 Types of M-MIS Deficiencies Identified 1 Responses of Engineering Design Groups to the Respective Portions of the INPO Document 6 A. Design Weaknesses 6 A.1 Feedwater Control 6 A.2 Neutron Monitoring 7 A.3 Decay Heat Removal Capability 7 A.4 Control System Stability 11 A.6 Instrument Air System 11 A.7 Electric flydraulic Control of Turbine Generators 12 A.8 Heating, Ventilation, and Air Conditioning 13 A.9 Turbine Generator Hydrogen Leaks and Fires 13 B. Unreliable Components 14 B.4 Main Generator Excitation 14 B.5 Valve Design and Application (Gate, Motor-operated Valve, Check) 14 B.9 Main Steam isolation Valves and Important Relief and Safety / Relief Valves 16 B.11 Fuel Failures 17 B.12 Main and Auxiliary Transformers 18 C. Fundamentals 19 C.1 Core Stability 19 C.2 Systern Lineups that Allow Pool Drainings (such as spent fuel pool) 19 D. Generic Factors 19 D.2 Built-in On Line Maintenance and Testability 19 D.4 System Performance 20 D.5 Radio Frequency Interference 20 D.6 Erosion / Corrosion 21 D.7 Biofouling 21 D.9 Radiation Source Term 22 D.10 Radiation Overexposure Sources 23 i

l 1:\l078w.wpf;1d&72894 1

)

l l

1 Review of Nuclear Plant Operating Experience and the Application to the AP600 Design ne Institute of Nuclear Power Operations (INPO) published a report entitled " Operating Experience to Apply to Advanced Light Water Reactor Designs" (INPO 93-004, rev. 02, April,1994) that reviewed significant operating experience reports (SOERs) and significant event reports (SERs) to identify problems and lessons learned that should be addressed during the advanced light water reactors (ALWR) design process. The INPO report is organized by systems, components and processes. As part of the Westinghouse effort to incorporate lessons learned into the AP600 design process, engineering design groups responsible for particular systems have reviewed tlie relevant portions of the INPO document with respect to potential impact on their system design. In addition, the report was reviewed by a human factors specialist to identify any generic issues raised that need to be considered in the design of the AP600 man-machine interface systems (M-MIS).

Types of M-MIS Deficiencies Identified:

The INPO document was reviewed to identify cases of human performance difficulties that were attributable to deficiencies in the M-MIS. Below are listed the types of M-MIS deficiencies that were identified. In each case specific examples that appeared in the INPO document are listed. (The INPO document page number where the example is described is presented in parentheses.) In addition indication is provided of how the M-MIS design process should reduce the potential for this type of M-MIS problem in the AP600 plant.

1. Data that was needed was not available; parameter readings were off-scale under certain conditions (e.g., mid-loop operation): measurements were inaccurate or not reliable (e.g.,

fails midscale) l 1

)

l l

l I

t A1078 w.wpt:Id-072804 1 l

Examples:

Neutron monitorine systems (on. 3)

Operators needed to adjust rods to obtain nuclear instrumentation readings for meeting interlock purposes. The INPO document indicated that the neutron monitoring system should minimize the need for manual actions that could divert the operators' attention from monitoring and controlling plant parameters.

Decay heat removal capability (oc. 4)

The INPO document indicated a need for reliable reactor vessel water level indication in the control

. room scaled for mid-loop operation and operable under vacuum or core boiling conditions. It recommended: providing independent reactor vessel water level indicators when fuel is present in a partially drained vessel; providing instrumentation for reactor vessel outiet and inlet temperature indication over the full temperature range; providing subcooling monitoring over the full temperature range; providing pressure recording over the full pressure range; providing accurate shutdown reactor water level indication when draining the vessel.

Auxiliary feedwater pump turbine trip and throttle valve indication (on.16)

Specific INPO reconunendation: indication of the latch reset status for the trip and throttle valve latching mechanism should be provided in the control room.

Unplanned Boron Dilution from Shutdown Conditions (oc. 41)

Specific INPO recommendation: on-line boron monitors with recorders in the ccmtrol room should be provided for all PWRs.

1 tA1078w.wpf:Id-072894 2 <

i How AP600 M-MIS Design Process Addresses issue:

'Ihe cases described above involve instances where data needed to perform a task were not available.

In many cases this was because the instrumentation was not designed for the full range of plant modes (e.g., the instrumentation became unreliable or was off-scale in some modes of operation such as shutdown). 'Ihe func -based task analyses that are being conducted for the AP600 systematically consider the instrumentation requirements for all plant modes. 'Ihis should insure the availability of data required to perform tasks in all plant modes.

1

2. An action taken had unintended side effect that the operator was not aware of Examples:

1 i

Loss of coolant transient from response to open check valve (on. 6) l Specific INPO recommendation: the residual heat removal pumps test line isolation valve should be interlocked to prevent opening the valve when the isolation valve in the residual heat removal lines to I and from the reactor vessel are open. l l

Inadvertent draininn of reactor vessel to suppression pool (on. 47)

Specific INPO recommendation: the residual heat removal system valves should be interlocked so that neither the suction valve from the suppression pool nor the shutdown cooling suction valve can be opened unless the other valve is closed.

How AP600 M-MIS Design Process Addresses issue: -

One solution to the problem of unanticipated side effects of actions is to provide interlocks. Interlocks among system are specified by system designers.

In addition, the AP600 workstation functional and physical displays are designed to support operators in identifying potential negative side effects of their actions.

(

tA1078w.wpf:1d-072894 3

_-__--___---.--_-_]

3. An action taken when preconditions were not met - Abnormal conditions were not alarmed Example:

Residual heat removal numn damage caused hv operation with suction valve closed (oc. 8)

Specific INPO recommendation: The residual heat removal system should have a low flow alarm in the control room that alerts when a pump is operating with less than the minimum flow required to prevent pump damage.

How AP600 M-MIS Design Process Addresses issue:

The Westinghouse alarm system design enables specification of alarms when conditions required for component operation are violated.

4. Failure to provide indication in the control room of availability status of critical systems Example:

Inadvertent disablement of the automatic start capability for all site diesel cenerators (oc. 20)

Specific INPO recommendation: status indication for the emergency diesel generators auto start capability should be provided in the control room.

How AP600 M-MIS Design Process Addresses issue:

The workstation functional displays are intended to provide goal-means information. This includes information on the availability status of critical systems, t:\1078w.wpf:ld-072894 4

l S. Failure to provide alarms in the control room to alert operators of degrading conditions of critical components Example:

Partial drain of spent fuel storace pool to spent fuel shippine cask pit due to deflated seal (on. 46)

Specific INPO recommendation: low pressure alarms for seal inflation systems should be provided in the control room for early detection of seal failures.

How AP600 hi-bf15 Design Process Addresses issue:

The Westinghouse alarm system design enables specification of alarms for early detection of degra:iing conditions of critical components.

tA1078w.wpf:Id-072894 5

Response of Engineering Design Groups to the Respective Portions of the INPO Document The following are responses by the responsible AP600 engineering design groups to the issues raised in INPO document 93-004 regarding operating plant problems. The design features of the AP600 to potentially alleviate these problems are described. The organization of these responses follows the same format (A through D) used in the Table of Contents of INPO document 93-004.

A. DESIGN WEAKNESSES A.1 Feedwnter Control Automatic stanup feedwater control will be provided for on the AP600; one of the items to be controlled will be modulation of startup feedwater during post-trip to mitigate the excessive plant cooldowns which have been noted in the field in present plants when uncontrolled cold emergency feedwater is supplied after a reactor trip. This automatic control will eliminate the batch / slug feeding now done by the operators of emergency feedwater.

Presently, a high-high water level signal will cause the following:

l l

  • Close the feedwater isolation valves. This design logic provides the desired redundancy to account for single failures.

l The feedwater control system is redundant, to the point that if a failure is detected in one control l system (processor failure, de power supply, signal selector), a transfer will automatically be made to the backup controller.

l l

tA1M8wmf:1d o72894 6

l A.2 Neutron Monitoring To prevent NIS miscalibration, startup procedure guidelines have been revised to allow for the development of NIS predictions in advance of plant startup and to ensure conservative setpoint 1

implementation. Manual actions are minimized by allowing for automatic reenergization of l

intermediate and source range signals and associated trips during power reductions as power is reduced below the associated permissives.

The location of the detector wells and ex-core detectors are fixed to prevent movement during installation.

'Ihe AP600 will perform calorimetrics both by monitoring core parameters via the core monitoring system (BEACON) and by secondary side on-line calorimetric. Indication will be provided to the )

operator when there is a mismatch between the ex-core measurement or a loop Delta-T against the calorimetric.

A power supply failure on any signal used for a protection function will generate a control room alarm.

'Ihe Direct Vessel Injection is supplied to the reactor vessel downcomer; no injection is provided into or at the core.

A.3 Decay llent Removal Capability Section A.3 of INPO 93-004, Revision 2, April 1994 identifies the following operating plant issues for the statdown decay heat removal systems that should be addressed in the plant design stage:

. rehaue reactor vessel level indication

. remove causes ofloss of decay heat removal capability a prevent inadvertent draining of RCS inventory

. reliable RCS/ core temperature monitoring LA1078w.wpf:ld-072894 7

. improve RCS pressure indication during natural circulation cooldown

= improve loss of shutdown cooling alarms SSAR Sections 1.9.5 and 5.4.7.2.1 discuss the AP600 design features addressing shutdown decay heat removal during reduced inventory operations. Provided below is a summary of the AP600 features that have been incorporated that address the operating plant issues identified by INPO 93-004. The majority of the features concentrate on removing the causes of the loss of decay heat removal capability.

A. Improved RCS level indication during RCS reduced-inventory operations (especially when operating at or near the centerline of the main coolant loops).

- Redundant hot leg level instruments provide indication and low level alarm in the main control room

. Pressurizer level reference leg to RCS hot leg allows continuous monitoring of RCS level during RCS draining operations to levels below the vessel flange. ,

l 1

  • Pressurizer level and hot leg level instruments are permanent and hard-piped.

B. Remove causes ofloss of decay heat removal

. Decay heat removal during normal plant operations (hot standby, hot shutdown, l cold shutdown, drain shutdown and refueling) is provided by active, nonsafety- l 1

related systems: startup auxiliary feedwater system, normal residual heat removal l

system, and the spent fuel pit cooling system. A separate passive system has been 1

provided to perform safety-related decay heat removal (passive core cooling l

system) which can function during all shutdown conditions--hot shutdown, hot I standby, cold shutdown, and drained shutdowns. The capac.ity of spent fuel pool is sufficient to provide safety-related core / spent fuel cooling upon loss of normal residual heat removal system and/or spent fuel pit cooling system during refueling l

operations.

l l

l tA1078w.wpf:Id472894 8

  • The passive core cooling system is automatically initiated by the DAS based on low level in hot leg or manually initiated by the operator during drained shutdown operations.
  • De normal residual heat removal pumps are automatically restarted following a loss of offsite power during hot shutdown, cold shutdown, drain shutdown, and  ;

i refueling operations.

i l

  • The startup auxiliary feedwater pumps (nonsafety-related) are automatically started following a loss of offsite power during hot standby.
  • Primary loop piping offset allows reduced inventory operations to be performed at an RCS level at a level above the loop centerline.
  • A specially-designed vortex breaker for the normal residual heat removal suction nozzle from the RCS hot leg lowers the allowable RCS level during reduced-inventory operations.
  • No RNS throttling is required during RCS reduced-inventory operation to prevent RNS pump cavitation--even with the RCS at saturated conditions.
  • A self-venting suction line eliminates local high points and allows for immediate restart of the RNS pumps after air-binding.
  • A rugged RNS pump design that tolerates continued operation with some alt ingestion and tolerates air binding without damage.

l t:M(r78w.wpf:14-072894 9

C. Prevent inadvertent draining of RCS inventory

. RCS draining operations are controlled from the main control room.

  • RCS draining to the level required for steam generator nozzle dam installation is automatically terminated when the required hot leg level is achieved.

D. Reliable RCS/ core temperature monitoring

. At least two, redundant core exit temperature with indication in the main control room.

. The RCS hot leg wide range RTD's are located below the mid-plane so that they provide an RCS temperature indication in the control room during all operations, including while operating with RCS reduced inventory near the centerline of the hot leg.

E. Improve RCS pressure indication during natural circulation cooldown

. Currently under investigation for the AP600 design.

F. Improve loss of shutdown cooling alarms

. Low RNS pump discharge now rJarm in the main control room indicates the loss of core decay heat removal via the normal residual heat removal system.

. Ixw SFS pump discharge flow alarm and/or spent fuel pool high temperature alarm in the main control room indicate the loss of shutdown cooling via the spent fuel pit cooling system.

t:\l078w.wpf:Id-072894 10

A.4 Control System Stability Control systems analysis are being performed using more detailed models than previously available, and the experience noted from operating plants is being incorporated. Examples include:

Negative moderator temperature coefficient during normal power range of operation.

Wider narrow-range steam generator level taps than customarily used.

Use of heated feedwater during startup.

Automatic control of steam generator level and NIS during plant startup.

Addition of Rapid Power Reduction system to allow for rapid nuclear power reduction on detection of a large load rejection (>50%) reduces sensitivity on steam dump valve stroke time and rod control response.

Automatic control of startup feedwater to prevent excessive plant cooldowns.

A.6 Instrument Air System The Instrument Air System is designed to avoid problems that have been identified in operating plants with air quality, supply, and volume. This is accomplished through the use of redundant oil free air compressors and purge air type air dryers, proper filtration methodology, and welded air line construction utilizing appropriate pipe restraints throughout the system.

The two compressors are in a lead-lag control scheme and the backup compressor starting sequence is initiated by a low pressure in the system header. Additionally, the installed air receivers provide enough capacity for approximately 10 minutes of operation after loss of both air compressors. Any l safety-related, pneumatically operated valves required to change position to achieve safe shutdown and l accident mitigation are provided with safety grade air accumulators or other devices to provide reliable short-term operation of these valves following loss of air (Reference SSAR Section 9.3.1.3).

t$1078 w,wp01d-M2894 11 l

1 7 - - - _ _ _ _ - - -- - --___ _ - -- -

A.7 Electric flydraulie Control of Turbine Generators Previous designs of the electric hydraulic control system have experienced a variety of problems such as tubing cyclic fatigue, plant trips caused by single component failures, lack of redundant power supplies for essential equipment, and failures associated with the main turbine protection system. The AP600 design addresses these system failure modes through the following design features.

  • Electrohydraulic control system (EHC) tubing is properly restrained to reduce cyclic fatigue problems. The tubing interface with the valve actuator uses short sections of _

flexible tubing to minimize vibration and thermal displacement.

  • Turbine control and protection systems are designed with sufficient redundancy to minimize trips due to single component failures. Trip signals identified in INPO 93-004 for the postulated failures are incorporated in the design.
  • The EHC fluid filtering system provides for 3 micron absolute filtration in order to remove particles large enough to interface with proper operation of the turbine trip system. Main turbine trip circuits are monitored through the plant control system and each individual trip solenoid can be tested while the unit is on !!ne.

- The EHC solenoid trip valves are designed to trip on loss of power in the AP600 plant.

Ilowever, a redundant power supply is available for these trip solenoids.

  • Redundant power sources (DC backed) for the main EHC system are included in the AP600 plant design. These power supplies are provided from independent buses.

= 'Ihe AP600 design incorporates a constant pressure pumping system and flexible tubing connecting the EHC lines to the valve actuators to climinate shock loading of the EHC system and tubing during expected system operating conditions.

A1078w.wpf:Id-072894 12 l

1

i l

A.8 licating, Ventilation, and Air Conditioning (IIVAC) Systems The normal liVAC systems are designed similar to current operating plant design, however, these systems are not relied upon to support safety-related functions. For the AP600, the Main Control Room Emergency liabitability System performs the functions of providing adequate ventilation and cooling to the main control room in the event of a loss of normal IIVAC. It also ensures that adjoining rooms, which contain safe shutdown or post-accident monitoring equipment, are maintained within acceptable temperature ranges for either a design basis accident or loss of offsite power event.

The heat rejected by equipment and personnel are absorbed by passive heat sinks incorporated into the room design, where analysis has shown this to be necessary. In the event that the system is actuated, the main control room is kept at a slight positive pressure by the flow of air from two physically separate, redundant trains of compressed air storage tanks. 'Ihe design of the system as well as the physical and operational independence from the normally operating IIVAC system provides for high reliability and ensures the case of maintenance and operability.

A.9 Turbine Generator 11ydrogen Leaks and Fires

'Ihe design of the turbine generator incorporates the following features to minimize the potential of hydrogen leakage and its associated fire hazard.

The ' area around the generator where hydrogen leakage may occur are open and well ventilated. This prevents the possible accumulation of explosive / combustible levels of hydrogen gas (4 to 70 percent hydrogen) external to the generator housing.

The generator bearing oil drain lines discharge to a loop seal tank. This loop seal tank is equipped with two vapor extractors which discharge through a demister to a roof vent. A drain line on the bottom of the blower drains any accumulated liquid. 'Ihis design minimizes the possibility of plugging the lines and accumulating water in the generator bearing drain lines.

flydrogen detectors with local and remote alarms will be evaluated for installation in any enclosed areas where a potential accumulation of hydrogen gas could occur. i i

l tA1078w.wpf;1d-072894 13 l

l

ne hydrogen supply to the main generator is provided with supports that are adequate to resist vibration induced fretting damage to the piping.

De lube oil piping will be routed so that it is adequately protected from missiles.

II. UNRELIAllLE COMPONENTS 11.4 Main Generator Excitation The main generator excitation system should have a pulse kill feature to provide a redundant method of generator field collapse in the event of a hydrogen fire following a main transformer fault.

De excitation system is provided with a redundant means of collapsing the field during fault conditions. Pulse kill will be evaluated as one of the techniques capable of achieving this redundancy.

11.5 Valve Design and Application (gate, motor operated valve, check)

De AP600 design is based on the proven systems and arrangements of current Westinghouse PWRs.

In addition, Westinghouse has drawn from the vast operating experience of the industry to improve the AP600 design. De following are a few examples of how the AP600 design addresses the operating plant issues discussed in this section of the INPO report.

- De valve specifications for the AP600 contain specific layout requirements and service conditions, as well as detailed requirements regarding valve orientation.

  • An interactive procurement process enables vendors to be aware of the-particular application of each valve to ensure that appropriate valves are selected for the intended

! applications. Procurement specification and data sheets verify the adequacy of standard components by detailed design and obtaining vendor interface in defining data, form, fit, and functions. This vendor interaction is a prerequisite for preparation of purchase I

specifications and data sheets for valves.

l l

ta1078w.wpf:Id472894 14

. Inservice testing of valves for the AP600 assesses their operational readiness including their actuation and position indication system. The AP600 inservice test program is developed based on Section XI of the ASME Code, ASME OM Code 1990. As part of the AP600 inservice testing program, all remotely-operated valves are evaluated. The AP600 inservice test program is discussed in NRC Request for Additional Information 210.24.

. Detailed Failure Modes Effects and Criticality Analyses (FMECAs) were performed for selected valves to identify limiting failure modes. Rese analyses incorporate operating experience through the use of applying historical experience data in evaluations.

- ne AP600 incorporates the use ofimproved diagnostics such as ultrasonic or acousde sensors where appropriate. The AP600 valve specifications require the valve suppliers to provide locations for the attachment of the ultrasonic or acoustic sensors. He valve specifications also require four train limit switches to provide accurate position indication, open and close, and torque switch bypass for safety-related motor-operated valves.

- Valve specifications require pressure relief devices to be provided on valves that can be subjected to bonnet overpressurization. These valves are identified in the valve specification. In addition, the valve vendor can specify the need for a relief device for their specific valve design based on the application. De active valve designs used for the plant will require qualification testing based on ANSI B16.41. As part of this test program, thermal testing is required to verify operability during and after thermal cycling.

- Special design check valves that have antislam devices or require opening at low flow or pressure differentials are evaluated as part of the design process against the required system operation.

. Valve specifications require valve operators to be sized using the latest valve test data and that issues such as switch repeatability, inertia, accuracy, etc. be addressed in the tAlo78wsptid-072894 15

l operator sizing. An operator sizing repon is required for review on all motor-operated valves. The valve design requirements such as pressure, temperature, flow, and operating voltage are also in the specification.

  • The effect of motor speed, temperature, running speed and load is taken into account in the operator sizing. In addition as part of the IEEE qualification, the effect of the environmental and seismic conditions will be factored in the motor / operator qualification. Electrical conditions such as cable temperature sizing will have to be factored into the operator sizing because of actual current and voltage at the valve.
  • The valve specification requires materials in contact with the reactor coolant fluid to be manufactured from corrosion resistant materials. These include components such as packing gland, gland, and associated bolting.
  • Valves are designed for a sufficient number of cycles to cover both operating cycles and testing. The specification cycles would include both. For example, the motor-operated valves are to be qualified for 3000 cycles. To preclude valve wear the guide area requires the use of hardfacing or hardened material.

11.9 Main Steam Isolation Valves and Important Relief and Safety / Relief Valves The recommendations grouped under the issue of improving reliability and reducing the frequency of sticking and setpoint drift for MSIVs, Safety / Relief Valves, and PORVs have been or will be addressed in Ole AP600 by the following design features: (i) the use of an MSIV in which the gas is self-contained in each MSIV, and in which the gas pressure is not required to maintain the valve open, which means that MSIV operation is not susceptible to the various problems that have been associated with pneumatic control systems, (ii) the use of spring-loaded safety / relief valves in both the primary and secondary side, (iii) the elimination of a primary side PORV, (iv) incorporation of means tc protect the pneumatic control system for the secondary side PORV from damage due to overpressure, such as use of relief valves in the pneumatic control system, (v) specification of electrical train assignments and " fail-to" positions for the secondary side PORV such that the failure of a single power supply will not result in a failed open PORV with an inoperable block valve, (vi) valve tA1078wgf:Id-072894 16

1 specifications that specify materials that prevent galling, reduce the amount of seat contact stress, and

~~

are specified in conjunction with the quality of the air supply to be used (to prevent material deterioration), and (vii) the use of locking devices, between the disc and the disc arm, on all check valves.

Regarding some specific problems attributed to valve hardware that were mentioned in the referenced event reports: Rubber hoses are not used in pneumatic supply systems. Neither Sulzer priot-actuated valves, nor Target Rock two-stage safety relief valves, are employed for the safety / relief valves, the secondary side PORV, or the MSIVs.

Regarding specific recommendations related to monitoring of parameters associated with these valves' operation: The AP600 DDS (Data Display and Processing System), which provides indication of the power-operated relief valve and pressurizer safety valve actuation, provides identification that the valve has actuated.

11.1 1 Fuel Failures The AP600 fuel assembly is based on the substantial design and operating experience of the current Westinghouse fuel technology. The Westinghouse fuel assembly design is discussed in SSAR Section 4.0. A feature of the AP600 fuel assembly includes a debris tilter bottom nozzle that minimizes fuel damage due to debris in the reactor coolant. In addition to the proven performance of the Westinghouse fuel assembly the AP600 incorporates the following design features which reduce the cause of fuel failures. These important AP600 design features address the operating plant issues discussed in this section of the INPO report,

  • The AP600 Fuel Handling and Refueling .mchines are equipped with load sensing devices (Limit Switches). These devic: , , w a continuous fuel assembly load monitoring during all lifting and icwerng operations. In addition to travel limit '

switches, the mast assemblies of the AP600 Fuel Handling and Refueling machines are ~h equipped with upper and lower limit hardstops. These hardstops prevent the inner mast (fuel gripper assembly) from over-traveling.

t:\l078w.mpf:ld-072894 17

I t

l l

  • The AP600 is equipped with a loose-part monitoring system that is designed in j conformance with Regulatory Guide 1.133. The loose-part monitoring system is equipped with sensors, located in strategic locations on the exterior surfaces of the RCS pressure boundary, capable of detecting acoustic disturbances. The system is equipped with two sensors located at each natural collection region (e.g. Reactor vessel upper and lower plenums, each steam generator reactor coolant inlet plenum, and strategic locations on the steam generator secondary side).
  • The AP600 reactor vessel does not incorporate a baffle joint design. He AP600 reactor vessel includes a radial reflector. The radial reflector contains no venical joints and the flow through the reflector is upflow. Therefore, fuel cladding damage resulting from flow jetting in a core baffle joint design is not a credible concern for the AP600.

11.1 2 Main and Auxiliary Transformers Reliability of main and auxiliary transformers can be improved through the use of transformers having the capability of withstanding anticipated voltage surges associated with switching, use of surge arresters, proper design of forced oil and air cooling systems, and enhanced monitoring instrumentation.

AP600 transformer design utilizes Basic Impulse Levels (BIL) per ANSI C57.12.00. Specific site conditions will be evaluated to insure that switching activities do not produce surges that could potentially damage the transformers. Auxiliary transformer's BIL levels are coordinated throughout the system to provide appropriate surge protection.

Metallic type surge arresters are used for AP600 surge suppression where required. -

Transformers are specified to be designed and constructed to permit energization with all pumps and fans having been in operation, in the manual mode, during an outage period and reenergization. The normal operation of the transformer oil pumps will be in the automatic mode which is based on temperature of the transformer. The pumps will only operate when needed based on transformer t:M078w.wpf:Id472894 18

loading. '11.c .nain step up transformer for the AP600 project is rated Forced Oil Air (FOA). The unit auxiliary transformers and reserve auxiliary transformers ate rated Oil Air (OA) (no pumps)

Instrumentation will be provided to allow monitoring of the oil temperatures, winding temperatures, and oil pump status.

C. FUNDAMENTALS C.1 Core Stability This item addresses BWRs. Since the AP600 is a pressurized water reactor, the affect of void on l

reactivity is not sigrdficant. The void content in coolant is usaelly less than one half of one percent and is due to local or statistical boiling. Therefore, this item is not a concern for the AP600 design.

C.2 System Lineups That Allow Pool Drainings (such as spent fuel pool)

The AP600 design has a Permanent Cavity Seal Ring (PCSR). The PCSR is made of stainless steel and designed to withstand the maximum design conditions during reactor vessel refueling. The PCSR does not contain any inflatable seal parts, therefore, most of the INPO SER's recommendations are not applicable.

'Ihc AP600 Spent Fuel Pool does not have inflaiable seals.

Reference:

AP600 Fuel liandling System - System Specification Document, FHS-M3-001 Rev.1 D. GENERIC FACTORS D.2 Iluilt In On Line Maintenance and Testability Requirements to ensure that the AP600 aJdwsses maintainability and testability features exists in  !

l Sections 2.1.5,2.2.4,3.6 and 3.7 of Chapter 10 of the URD. These requirements are included in the appropriate System Design Documents to ensure that the AP600 design eliminates those features of I

LA1078w.wpf;1d 072894 19

r 1

=

instrumentation design that have led to plant trips, transients, loss of annunciation and indication, and system unreliability. AP600 will make extensive use of so called " smart instrumentation." These instruments include the capability for remote rearranging, self testing, and automatic troubleshooting and diagnostics.

D.4 System Performance The features incorporated into the design of the AP600 normal residual heat removal system that focus on (1) reducing the opportunity for air binding and loss of suction due to component layout or piping _

design or (2) improving level monitoring to reduce the loss of suction are presented in the discussion addressing Section A.3--Decay IIcat Removal System Design Weaknesses.

To minimize spurious trips of the AP600 startup feedwater pump, the automatic low pressure trip on the startup feedwater system pump has been eliminated. Following receipt of a low suction pressure alarm, the operator can assess the situation and, if required, manually trip the startup feedwater pump.

The AP600 turbine lube oil system is designed to prevent known problems which have resulted in turbine-generator bearing failures. The tube oil pumps are self-benting to minimize entrainment of air which could result in decreased lubricant flow. Vapor extractors are installed on the bearing oil vent lines to prevent air entrainment and/or air binding on the turbine generator lubricating oil system.

The main turbine rotor is designed so that high-order torsional harmonic modes are not near twice the electrical grid frequency.

The service water system (SWS) and turbine building closed cooling water system (TCS) are provided with minimum flow lines to prevent pump damage that could result from low flow operation.

D.S Radio Frequency Interference 4

5 The AP600 wireless communication system is based on the latest cellular telephone type technology.

This decreases the output power required for the communication system and decreases the maximum RF field strength that any equipment may be subjected to. Requirements for ensuring that the AP600 cuo7sw*vt:1d4172894 20 i

1

l communication system does not interfere with other plant electrical and electronic equipment are provided in the AP600 Electrical Systems Design Criteria Document.

D.6 Erosion / Corrosion Erosion / corrosion of secondary plant piping is minimized in the AP600 design through the use of proper pipe material, by limiting fluid velocities, by avoiding piping configurations that are conducive to crosion/ corrosion, and through the use of chemical controls where necessary. Adequate pipe wall corTosion allowances are also incorporated in the system design.

Control valve bodies are made of erosion resistant material and the downstream piping from these valves is also constructed of crosion resistant material where the possibility of two phase flow exists.

An all-volatile secondary side water treatment process is used to minimize the probability of chemically induced corrosion. Selected plant systems (feedwater, heater drains, etc.) will be modeled using the EPRI Checkmate program to identify areas where erosion / corrosion is likely to occur. These identified areas will utilize erosion resistant piping materials.

D.7 liiofouling The service water system (SWS) and circulating water system (CWS) are open circulating water systems and therefore require protection against biofouling. These systems are protected using a chemical and/or ozone injection system which provides for corrosion control, biocide / algicide delivery, scale inhibition, silt dispersement, and Ph adjustment. This chemical and/or ozone injection system and blowdown control is used to control microbiologically induced corrosion (MIC) and system chemistry.

Additionally, materials selected for the SWS cooled heat exchangers and the condensers are optimized for corrosion resistance. The condenser is provided with a tube cleaning system and the capability to isolate one tube bundle in each shell is provided for on-line cleaning.

i t M078w.wpf:Id 4772894 21

Service water is strained through an automatically backflushed filter. The SWS and CWS are designed for on-line performance testing (flows and temperatures) to determine system cooling capability and provide trending of component efficiency.

D.9 Radiation Source Term The AP600 design includes features that are directed toward reducing the radiation source term and minimizing radiation exposures of the plant workers. Such efforts include the specification of limits on cobalt impurity level in all materials in the primary system that come into contact with the circulating reactor coolant and the use of zircaloy grid straps in the fuel assemblics. The AP600 design will result in a reduced cobalt input from valves since there are fewer valves in the simplified plant / system designs and the use of stellite seats is avoided except for a small number of isolation valves. In addition, several candidate materials have been selected as potential substitutes for stellite hard facing in the control rod drive latch mechanisms (CRDM). Upon completion of testing to ensure their acceptability for use in a PWR coolant environment, the substitute material (s) can be expected to provide further reductions in the source term from the CRDMs.

Systems design and layout include provisions for flushing, draining, sloped piping, larger radius bends as well as other features for minimizing crud traps in valves and piping and for adequate shielding of potentially radioactive pipes / components. Recommendations for such provisions are conveyed to the i plant designer via Utility Requirements and ALARA Guidelines documents, which reflect feedback and lessons learned from operating plants. De incorporation of such features is also checked and identified in the design review of systems and equipment. For example, formal design reviews include.

review and completion of an ALARA checklist.

Coolant chemistry controls are also expected to result in source term reductions. Re. radiation field reduction benefits of coolant pH control strategies and other coolant additives (e.g. zinc addition) that are currently being developed in the operating plants will be available for implementation in the AP600 plant.

tmo78-3pt:1&o72w4 22

_ - - - .. - _ .-_ ~

D.10 Radiation Overexposure Sources The AP600 design includes an integrated reactor vessel head package (IHP) which includes (top-mounted)in-core instrumentation. 'Ihis system differs from the bottom-mounted systems typically associated with Westinghouse PWRs; and most of the comments included in INPO 93-004, relative to monitoring the "in-core probe room", are not applicable. In the AP600 design, the activated detectors are shielded by the thick steel walls of the Integrated Head Package (IHP) during transit of the IHP from the refueling cavity to a shielded storage tank that is located on the operating deck. A permanent containment area radiation monitor provides indication and alarms, both locally and in the control room, which would be indicative of higher than anticipated radiation fields in the area. The monitor in conjunction with shielding provisions and portable monitoring, including a portable bridge monitor that is provided during refueling operations, provides assurance that potential overexposure of personnel will be avoided. The permanent area monitors and ponable bridge monitors in the containment and the fuel handling area serve to monitor the radiation environment while in-vessel activities and/or fuel movement is under way and provide indications ofincreasing radiation fields due to changing water levels. Permanent area radiation monitors are designed to fail high when exposed to radiation fields higher than the normal range of the monitor (10 R/hr); thus precluding false low readings when exposed to high radiation fields.

l l

1 tA1078w3pf:1d 072894 23

Retrieved from "https://kanterella.com/w/index.php?title=ML20072B126&oldid=3541712"