ML20078N225

From kanterella
Jump to navigation Jump to search
Forwards Request for Enforcement Discretion,Allowing for Continued Operation of Plant for Up to 10 Days in Mode 1 W/One Train in RTS Automatic Trip Logic & ESFAS Manual Initiation & Automatic Actuation Logic Inoperable
ML20078N225
Person / Time
Site: Farley  
Issue date: 02/07/1995
From: Dennis Morey
SOUTHERN NUCLEAR OPERATING CO.
To:
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
NUDOCS 9502150199
Download: ML20078N225 (11)
v  d  e


Text

South 2rn Muctrar Optrating Company Post Omca Box 1295 1

1 Birmingham, Alabama 35201 Telephone (205) 668-5131

\\

L Southem Nudear Operating Company o... uor.y

~

i Vice President i

Farley Project the Southern electitC System February 7,1995 Docket No.

50-348 50-364 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555 Joseph M. Farley Nuclear Plant Reauest for Enforcement Disc.c;11gn Gentlemen:

On February 6,1995, at 7:55pm CST, the Regional Administrator, S. D. Ebneter, verbally granted enforcement discretion for Joseph M. Farley Nuclear Plant, Units I and 2. This discretion was granted relative to Technical Specifications 3/4.3.1, Table 3.3-1," Reactor Trip System Instrumentation," and 3/4.3.2, Table 3.3-3," Engineered Safety Features Actuation System Instrumentation," for a period of 10 days to cover the period of time to efTect a design change to electrically separate the electrical power feeds for the Solid State Protection System (SSPS) field inputs and the logic cabinet power supplies. As requested in that phone call, the Attachment has been prepared documenting our request using the recent enforcement discretion guidance published on January 5,1995 in the NRC Inspection Manual.

If there are any questions, please advise.

Respectfully submitted,

!J '{ }&w Dave Morey MGE Attachment cc:

Mr. S. D. Ebneter Mr. B. L. Siegel Mr. T. M. Ross Dp I).7E.,Williamson

.,.\\

a L g' y 9502150199 950207 PDR ADOCK 05000340 i

P PDR

i Attachment i

Joseph M. Farley Nuclear Plant Request for Enforcement Discretion i

February 7,1995

JOSEPH M. FARLEY NUCLEAR PLANT REQUEST FOR ENFORCEMENT D.lSCRETION BAtMGROUND On Febmary 2,1995 Diablo Canyon reported a new scenario that could result in the failure of one Solid State Protection System (SSPS) train. The scenario involves a hypothesized high energy steamline break near the turbine generator, which results in destruction of an electrical panel containing SSPS turbine stop valve position input signals associated with two protection system channels. If these input signals "short to ground,"

the redundant power supplies associated with one SSPS train will de-snergize rendering the Engineered Safety Feature (ESP) actuation logic ineffective. If a sing;e random failure of the other train is assumed, no automatic ESF protection functions will be r.'ailable.

After receipt ofinformation pertaining to the Diablo Canyon scenario, Southern Nuclear Operating Company (SNC) began an investigation to determine whether Farley Nuclear Plant (FNP) was susceptible to a loss of SSPS due to a steam break. In addition, on behalf of the Westinghouse Owers Group (WOG), Westinghouse initiated efforts to determine the potential generic applicability of the hypothesized scecario to other i

Westinghouse plants. On February 3,1995, Farley implemented a multi-part plan to:

explicitly evaluate the potential consequences of steam breaks within the turbine building near the vicinity ofjunction boxes containing input signals to SSPS; develop contingency plans and designs; assimilate additional industry experience; review design basis requirements; assess risk significance; and inform plant operators to ensure heightened i

awareness. Subsequently, the NRC issued Information Notice 95-10, " Potential For Loss i

Of Automatic Engineered Safety Features Actuation," and Westinghouse issued a generic justification for continued operation to all Westinghouse plants (NTD-NSRLA-OPL 053).

On February 6,1995, Farley Nuclear Plant determined that Train A SSPS in both Units 1 and 2 is susceptible to a postulated high energy steamline break inside the high pressure turbine enclosure due to the location of one electricaljunction box within the enclosure.

Thisjunction box contains the SSPS input signals from the 3 turbine auto stop oil pressure protection channels. Should these 3 channels "short to ground," the Train A automatic ESF actuation logic would be rendered inoperable. Train A SSPS was declared inoperable in Units 1 and 2 st 6:30pm CST, and the applicable action requirements for Technical Specifications 3/4.3.1 and 3/4.3.2 were entered. These actions require restoration of the inoperable trains within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> or both operating Units be placed in Hot Standby (Mode 3) within the following 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. To allow suflicient time for preparation of SSPS modification design packages and implementation procedures and for completion of the modifications and post-modification testing without interruption of Unit at-power operations, SNC requested an enforcement discretion for FNP Units I and 2.

On Febmary 6,1995 at 7:55pm CST, the Region 11 NRC Staffgranted verbal enforcement discretion for FNP Units 1 and 2, conditional upon receipt of an acceptable 1

written request within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> and its subsequent approval. To allow adequate time for design preparation and modification installation, the enforcement discretion is effective for 10 days or until completion of the post-modification testing, whichever is sooner.

B ASIS FOR THE ENFORCEMENT DISCRETION REQUEST

1. The Technical Specifications for which enforcement discretion is requested.

Technical Specification 3/4.3.1 specifies that the Reactor Trip System (RTS) must be operable. The SSPS provides redundant logic trains for the RTS. The operability requirements for the RTS automatic trip logic (Functional Unit 22) are shown in the FNP Technical Specifications on Table 3.3-1," Reactor Trip System Instrumentation." With one train inoperable, Action 15 requires the inoperable train to be restored within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> or the Unit must be pinced in Hot Standby within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.

Technical Specification 3/4.3.2 specifies that the ESF Actuation System (ESFAS) must be operable. The SSPS provides redundant logic trains for the ESFAS. The operability requirements for ESFAS manual initiation and automatic actuation logic (Functional Units 1.a,1.b, 2.a. 2.b, 3.a.1, 3.a.2, 3.b.1, 3.b.2, 3.c.1, 3.c.2, 4.a, 4.b, and 6.a) are shown in the FNP Technical Specifications on Table 3.3-3," Engineered Safety Feature Actuation System Instrumentation." Actions 13,17,18,21, and 22 are applicable with one train inoperable. Action 21 is most limiting, and it requires the inoperable train to be restored within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> or the Unit must be placed in Hot Standby within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and in at least Hot Shutdown within the following 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.

This request for enforcement discretion will allow for the continued operation of FNP Uniis I and 2 for up to ten (10) days in Mode I with one train of RTS automatic trip logic and ESFAS manual initiation and automatic actuation logic inoperable due to the potential consequences of a postulated high energy steamline break inside the high pressure turbine encbsure.

2. Circumstances surrounding the situation requiring prompt action.

The RTS turbine trip signal is provided by actuation of 4 out of 4 turbine throttle (stop) valve close limit switches or 2 out of 3 auto stop (control) oil low pressure switches. The turbine trip / reactor trip is anticipatory in that it is not assumed to occur in any of the Farley FSAR Chapter 15 accident analysis. However, in conformance with FSAR Section 7.2, this trip (being a reactor trip) is designed to meet the requirements ofIEEE 279-1971.

The scope ofIEEE 279-1971 addresses such requirements as single failure, independence, and interaction of circuits. As stated in Branch Technical Position ICSB 26, this standard applies to the entire trip function from the sensors to the final actuated devices.

Therefore, the RTS turbine trip sensors and circuit design should allow for the effects of credible faults (i e. grounding, shorting, or application of high voltage), and failures should not propagate back to the RTS or degrade RTS performance. However, the sensor mountings need not be seismic because of their location in the turbine building. A general 2

acceptance of this design is provided in Farley SER Section 7.2 (NUREG-75/034 dated May 2,1975).

Relative to HELBs in the turbine building, Farley FSAR Section 3K.4.1.1.3 states that the main steam system in the turbine building is not located near any safety-related equipment.

Therefore, it was not necessary to consider jet impingement and pipe whip effects of a main steam line break in the turbine building. As a result, the SER Section 6.4 discussion on the impact ofjet impingement and pipe whip effects does not address the turbine building. The FNP design for high energy line breaks is addressed in FS AR Section 3K, which stipulates a verification be made that the " rupture of a pipe carrying high energy fluid will not directly or indirectly result in loss of redundancy in any portion of the protection system (as defined in IEEE-279), Class IE electric system (as defined in IEEE-308), engineered safety feature equipment... required to mitigate the consequences of that accident and place the reactor (s)in a cold shutdown condition.. " IEEE 279 Section 4.7.4 also requires that protective equipment be designed against credible single events and an additional single failure.

Following receipt ofinformation pertaining to a new steamline break scenario in the Diablo Canyon turbine building which could potentially render one SSPS train inoperable, Farley initiated efforts (including background licensing research, field walkdowns, and engineering modeling) to determine the applicability to FNP Units 1 and 2. Subsequently, based on the Farley-specific as-built configuration and high energy line break analysis, the FNP designers determined the SSPS input circuits associated with the RTS turbine trip sensors are susceptible to a postulated high energy steamline break inside the high pressure turbine enclosure due to the location of one electricaljunction box with respect to a certain line break. Thisjunction box, which contains SSPS input signals from the 3 turbine auto stop oil pressure protection channels, could be severely damaged by the steam jet impact forces resulting from a line break near the turbine throttle valve.

Should these three RTS channels (I, II & III) "short to ground," the 120vac vital electrical power associated with the RTS/ESFAS channelized field input signals in SSPS Train A and Train B would be interrupted due to blown input power fuses in the respective input relay bays. In Train A, the loss of Channels I & 11 120vac input power de-energizes both sets of the logic cabinet redundant low voltage power supplies (15vdc and 48vdc), which renders the RTS automatic trip logic and the ESFAS manual and automatic actaation logic inoperable. Ilowever, the Train A reactor trip breaker would open, and the manual trip capability would be retained. In Train B SSPS, the loss of Channel 111 120vac input power de-energizes one set oflow voltage power supplies in the logic cabinet. The remaining set of redundant power supplies would ensure the RTS and ESFAS togic circuits remain operable. The Train B reactor trip breaker would open due to General Warnings in both SSPS Trains.

The root cause of this condition is attributed in part to the original SSPS design configuration, wherein each set oflogic circuit power supplies (15vde and 48vde) and the RTS/ESFAS field input circuits (e.g., RCP UV, RWST Lo-Lo Level, Turbine Stop Valve 3

l Position, etc.) are provided channelized 120vac input power through a common set of fuses. (If the common electrical power source for the logic power supplies and field input circuits had been fused separately, the logic circuit power supplies would not be affected by faults on the field input circuits.)

To resolve the SSPS design discrepancy, FNP Unit I and Unit 2 design changes must be incorporated. The proposed modifications include re-routing power supply wiring and the coordination ofbreaker and fuse sizing. Since the Farley designers and staff require sufIlcient time to ensure that the proposed modifications are correctly designed and implemented, SNC respectfully requests a 10 day enforcement discretion.

3. Safety basis for the request for enforcement discretion.

1 Background

The RTS/ESFAS sensors are divided into 4 protection channels (I, II, III & IV). The SSPS receives input signals from the protection channels through 4 separate input bays.

Input signals are provided by the Nuclear Instrumentation System (NIS), the 7300 Process Protection System, and field inputs. The NIS and 7300 System input signals to SSPS are powered by circuits from within these systems. The field input signals in each SSPS input bay are powered from one of the four 120vac vital instrument busses. The SSPS logic power is provided by redundant low voltage power supplies. In Train A, the logic cabinet power is provided by Channels I & II, and the ESF output relay power is provided by a separate Channel I feeder breaker. In Train B the logic cabinet power is provided by Channels III & IV, and the ESF output relay power is provided by a separate Channel IV feeder breaker.

The input signals are processed through the SSPS voting logic circuitry to determine when reactor trip and/or ESF equipment actuations will be generated to mitigate the consequences of an accident.

EfTect of Hypothesized Condition on Safety Function The failure of the fuses for the SSPS logic redundant power supplies in one train would render the train inoperable. If a single active failure renders the other SSPS train inoperable, no automatic ESF equipment actuation would occur to mitigate the consequences of the main steam line break.

Westinghouse Generic Evaluation Westinghouse has performed evaluations and analyses for two different four loop plants to determine the results of a main steamline break (MSLB) outside containment if the SSPS is inoperable. The evaluations determined that a MSLB initiated at-power would be bounded by the zero power analysis. The zero power analyses assumed the following: 1)

A double-ended rupture of a main steam header resulting in an effective break size of 5.6 4

I

~

square feet (1.4 square feet per steam generator), which corresponds to the total effective flow area of the flow restrictor in each steam generator; 2) Initial plant conditions of hot zero power to maximize the volume of water in the steam generators and minimize initial stored energy in the RCS; 3) End-of-life reactivity coefficients; 4) No decay heat; 5) All rods fully inserted with the exception of the most reactive rod fully withdrawn; 6) No operator action; 7) No automatic equipment actuation with the exception of the passive actuation of the safety injection accumulators; 8) 100% nominal main feedwater flow; and

9) Maximum auxiliary feedwater flow. The analyses results demonstrated that, even though the four steam generator blowdown transient results in a more severe RCS cooldown and depressurization, actuation of the passive cold leg accumulators and a more symmetric reactivity transient results in less-limiting peaking factors and DNBR value.

Westinghouse has evaluated these results and determined that since no aummatic mitigation functions were assumed, the results of these analyses indicate that the same j

conclusion (that is, the current FS AR licensing basis steamline break core response analysis would remain bounding) would be reached for other four loop plants. For three and two loop plants, the event would be even less limiting since these types of plants have higher shutdown margins than four loop plants. Thus, the conclusions of these analyses would also apply to a three loop plant such as Farley.

Although the cooldown evaluated was greater than that in the design basis MSLB, Westinghouse performed an evaluation on the effect of the condition on pressurized thermal shock (PTS) and concluded the increased cooldown had no appreciable effect on PTS risk. Westinghouse has also considered the effect of this scenario on long-term core cooling and determined that the core will remain in a coolable geometry, pressures will be maintained below 100% of design pressures, and fuel cladding integrity will be maintained assuming the operators take corrective action within the first 10 minutes of the event by starting at least one motor driven auxiliary feedwater pump.

Probability of Main Steam _Line Failure Coincident with SSPS Train Failun An FNP evaluation was performed to determine the impact on the core damage frequency resulting from a specific potential failure mode of the Solid State Protection System initiated by a secondary side break in the turbine building. The evaluation was performed using the Farley IPE Post Processing model. The increase in core damage frequency resulting from a postulated failure of the SSPS hardware with a secondary side break downstream of the MSIVs was determined to be on the order of 1.77E-07 per reactor-year. The probability of core damage with this condition over the next 10 days is 4.8E-09.

Based upon the drafl EPRI"PSA Applications Guide" transmitted by NEI on June 10, 1994, temporary increases in core damage probability ofless than 1.0E-06 over eighteen months are considered to be non-risk significant. Based upon this, continued operation

)

with the existing condition for a full 18 month fuel cycle would be considered non-risk significant. In addition, this condition does not increase the probability oflarge early releases from containment.

5 l

~

i Operator Action The Farley operations staff personnel training includes contingency actions including event diagnosis and manual alignment of ESF equipment. In addition, Farley emergency response procedures include contingency response guidelines should RTS/ESFAS automatic protective functions not be fulfilled in response to a plant transient requiring event mitigation. For the postulated steam break in the high pressure turbine enclosure with a concurrent failure of the Train A ESF logic, a reactor trip would occur when the SSPS logic cabinet power supplies de-energize. In addition, the Reactor Trip System and ESF Actuation System analog indications (e.g., pressurizer pressure, steam generator level, steam flow, etc.) and ESF equipment (e.g., main steam line isolation valves, high head safety injection pumps, etc.) will remain operable. Therefore, the control room operators can diagnose the event and perform emergency actions stipulated in emergency response procedures by staning ESF pumps and stroking valves; i.e., the operator would initiate main steamline isolation and start the auxiliary feedwater pumps.

Corrective Action To assure that a high energy line break in the Farley turbine building will not cause shon 3

circuits which could result in the failure of one SSPS train, a design change will be

)

implemented to electrically separate the electrical power feeds for the SSPS field inputs and the logic cabinet power supplies. Following approval of the design change, I&C crews responsible for the implementation of the design change will be briefed. When plant l

conditions permit, these crews will begin to implement the design change in one SSPS J

train at a time in only one unit.

4. Proposed compensatory measures.

i The following actions will be taken to provide additional assurance that the public health and safety will not be adversely affected by this enforcement discretion request.

1

1) The design change will be performed on only one train of the SSPS at any given

]

time. This action will provide assurance that at least one train of SSPS would j

perform its required function to mitigate the consequences of Condition II, III and IV transients. In addition, the modifications will be implemented in only one unit at a time.

2) Maintenance and surveillance activities which impact the RTS or ESFAS will be restricted during implementation of the design change.
3) High risk plant evolutions which could result in reactor or turbine trip will be avoided.

i 6

I i

~

4) An operations night order describing this condition and the proper implementation i

of the emergency procedure for responding to a MSLB that affects the SSPS has been routed to the on-shift operations staff.

5) Activities on the 187 foot elevation of the turbine deck which could result in damage to the steam lines (such as movement ofloads over the high pressure turbine) will be restricted until implementation of the design change is complete.

l

6) The proposed design change and implementation procedures will consider experience gained and lessons learned during the implementation of similar modifications at Diablo Canyon and Salem. In addition, the Farley designers will consider the proposed North Anna design changes.
5. Justification for duration of the request for enforcement discretion.

r As discussed above, approximately 10 days are required to complete the preparation and approval of a derign change; to finalize plans and procedures for implementation of the modification; to accomplish the SSPS modification; and perform post modification inspections and testing which may be required.

6. No significant safety hazards considerations.

In accordance with 10 CFR 50.92(c), the SNC evaluation of the proposed enforcement discretion for no significant hazards considerations is as follows:

1) Does the enforcement discretion involve a significant increase in the probability or consequences of an accident previously evaluated?

l The probability of a MSLB accident is not affected by the proposed enforcement discretion. The only equipment failure potentially affected is failure of one SSPS train. Using the EPRI drafl"PSA Application Guide," a PRA was performed that I

indicated the increase in probability resulting from the proposed enforcement i

discretion was insignificant. The effects of a malfunction of the SSPS due to a i

MSLB in the turbine building coincident with a single active failure of one train of the SSPS was evaluated generically by Westinghouse. The evaluation was supponed by analyzing two four loop Westinghouse plants. These analyses are considered bounding for three loop plants due to three loop plants having greater shutdown margin than the four loop plants. It was concluded the DNBR limits would be satisfied even if the MSLB occurred with no automatic ESF actuation.

With DNBR limits maintained no clad damage occurs; thus, there will be no significant increase in the consequences of the MSLB. Therefore, the request does not involve a significant increase in the probability or consequences of an accident or malfunction previously evaluated.

7 i

~

2) Does the enforcement discretion create the possibility of a new or different kind of accident from any accident previously evaluated?

A MSLB has been evaluated in the FSAR. The evaluation assumes that at least one train of the SSPS is available to mitigate the consequences of the MSLB.

However, the MSLB in the turbine building could render both trains of the SSPS inoperable when a single active failure is considered. NUREG-0800 allows operator action to be credited in mitigating the consequences of an accident. A j

review of the operator response to the MSLB without SSPS was performed. This review indicates that the operators would be capable of mitigating the consequences of the MSLB in adequate time to prevent core damage.

Westinghouse also performed a bounding evaluation of a MSLB without any SSPS available or operator action. The Westinghouse evaluation concluded that DNBR j

limits would be satisfied. Therefore, enforcement discretion does not create the i

l possibility of a new or different kind of accident from any accident previously evaluated.

3) Does the enforcement discretion involve a significant reduction in the margin of safety?

A PRA was performed that determined that the probability of a MSLB that disables one train of SSPS coincident with a single active failure of the other SSPS train during the period of the enforcement discretion was insignificant. A preliminary review of the operator response to the MSLB without SSPS demonstrates that the operators would be capable of mitigating the consequences of the MSLB in adequate time to prevent core damage. Westinghouse also performed a bounding evaluation of a MSLB without any SSPS available or operator action. The Westinghouse evaluation concluded that DNBR limits would be satisfied. Therefore, the enforcement discretion does not involve a significant reduction in the margin of safety.

In conclusion, based on the above safety evaluation, SNC believes that the activities i

associated with this enforcement discretion request will not be a detriment to the public health and safety and satisfy the requirements of 10 CFR 50.92(c). Accordingly, a no significant hazards consideration finding is justified.

7. Consequences to the environment.

SNC has evaluated the proposed request for enforcement discretion and determined the request does not involve a significant hazards consideration, any significant change in the types of efIluents that may be released ofTsite, or a significant increase in the individual or cumulative occupational radiation exposure. Therefore, this request for enforcement discretion does not involve any significant environmental consequences.

4 0

8. Review by the Plant Operations Review Committee.

Before requesting this enforcement discretion, the request was reviewed and approval was recommended by the organization tasked to advise the General Manauer - Nuclear Plant on all matters related to nuclear safety at Farley Nue car P &nt (i.e., the Plant Operations Review Committee).

DCSSPSX.MGE r

6 r

7 9

i

.

Retrieved from "https://kanterella.com/w/index.php?title=ML20078N225&oldid=4390430"