ML20082J260
| ML20082J260 | |
| Person / Time | |
|---|---|
| Issue date: | 11/30/1983 |
| From: | NRC OFFICE OF THE EXECUTIVE DIRECTOR FOR OPERATIONS (EDO) |
| To: | |
| References | |
| NUREG-1024, NUDOCS 8312020047 | |
| Download: ML20082J260 (34) | |
Text
.
NUREG-1024 Technical Specifications --
Enhancing the Safety Impact U.S. Nuclear Regulatory Commission Office of the Executive Director for Operations Task Group on Technical Specifications
,s>* *'%q, p
.j i
l
- n 26#e37 83223o 1024 R PDR
=
NOTICE Availability of Reference Materials Cited in NRC Publications j
Most documents cited in N RC publications will be available from one of the following sources:
- 1. The NRC Public Document Room,1717 H Street, N.W.
Washington, DC 20555
- 2. ihe N RC/GPO Sales Program, U.S. Nuclear Regulatory Commission, Washington, DC 20555
- 3. The National Technical Information Service, Springfield, VA 22161 Although the listing that follows represents the majority of documents cited in NRC publications, i
it is not intended to be exhaustive.
Referenced documents available for inspection and copying for a fee from the NRC Public Docu-i ment Room include NRC correspondence and internal NRC memoranda: NRC Office of Inspection and Enforcement bulletins, circulars, information notices, inspection and investigation notices; Licensee Event Reports; vendor reports and correspondence; Commission papers; and applicant and licensee documents and correspondence.
The following documents in the NUREG series are available for purchase from the NRC/GPO Sales Program: formal NRC staff and contractor reports, NRC-sponsored conference proceedings, and N RC booklets and brochures. Also available are Regulatory Guides, NRC regulations in the Code of
(
Federal Regulations, and Nuclear Regulatory Commission issuances.
t Documents available from the National Technical Information Service include NUREG series j
reports and technical reports prepared by other federal agencies and reports prepared by the Atomic Energy Commission, forerunner agency to the Nuclear Regulatory Commission.
Documents available from public and spe::ial technical libraries include all open literature items, such as books, joumal and periodical articles, and transactions. Federal Register notices, federal and state legislation, and congressional reports can usually be obtained from these libraries.
Documents such as theses, dissertations, foreign reports and translations, and non-NRC conference proceedings are available for purchase from the organization sponsoring the publication cited.
Single copies of NRC draft reports are available free upon written request to the Division of Tech-nical information and Document Control, U.S. Nuclear Regulatory Commission, Washington, DC 20555.
Copies of industry codes and standards used in a substantive manner in the NRC regulatory process I
are maintained at the NRC Library, 7320 Norfolk Avenue, Bethesda, Maryland, and are available there for reference use by the pblic. Codes and standards are usually copyrighted and may be g.urchased from the originating organization or, if they are American National Standards, from the American National Standards Institute,1430 Broadway, New York, NY 10018.
l
[
GPO Printed copy price: t'l 75 i
NUREG-1024 Technical Specifications -
i Enhancing the Safety Impact Manuscript Completed: November 1983 Date Published: November 1983 Task Group on Technical Specifications Office of the Executive Director for Operations U.S. Nuclear Regulatory Commission Washington, D.C. 20666
,s.....,
i m
ABSTRACT This report documents the work of an interoffice, interdisciplinary, NRC Task Group established in August 1983. The Task Group was established to identify Technical _and nature of problems with surveillance testing in currentSpecification the scope provide better assurance that surveillance testing does not adversely impact safety.
The Task Group concluded that some of the Technical Specifications have the potential for adversely affecting safety and some do not appear to be cost effective. The Task Group developed five recommendations for improve-ment.
l iii
TABLE OF CONTENTS Page ABSTRACT...............................................................
iii t
ABBREVIATIONS..........................................................
vii 1
INTRODUCTION........................................................
1-1 1.1 Task Group...................................................
1-1 1.2 Background...................................................
1-1 2
APPR0ACH............................................................
2-1 i
2.1 Review of Current Activities.................................
2-1 2.2 Identification of the Scope and Nature of Potential Problems.....................................................
2-4 2.3 Evaluation of Methodologies to Resolve Potential Problems.....................................................
2-5 2.3.1 FRANTIC Code..........................................
2-5 2.3.2 Risk Achievement Worth................................
2-6 3
FINDINGS.................
3-1 3.1 Test Frequencies.............................................
3-1 3.2 Action Statements............................................
3-2 3.3 Test Types...................................................
3-3 3.4 Outage Times.................................................
3-3 3.5 Testing After a Failure......................................
3-4 3.6 Mode Changes.................................................
3-5 i
3.7 Bases........................................................
3-5 3.8 Exposure to Plant Personnel..................................
3-6 3.9 Un n ece s sa ry Req u i reme nts..................................... 3-7 3.10 In fo rma ti on Col l ecti o n.......................................
3-7 3.11 Consistency in Standard Technical Specifications.............
3-8 4
RECOMMENDATIONS.....................................................
4-1 4.1 Scope of Recommendations and Priorities......................
4-1 i
4.2 Implementation...............................................
4-1 4.3 Schedule......:..............................................
4-3 4.4 Oversight Responsi bil i ty..................................... 4-4 l
5 REFERENCES..........................................................
5-1 I
t i
y
J ABBREVIATIONS ASME American Society of Mechanical Engineers ATWS anticipated transient without scram BWR boiling water reactor CFR Code of Federal Regulations l
CRGR Committee to Review Generic Requirements IEEE Institute of Electrical and Electronics Engineers IREP Integrated Reliability Evaluation Program LC0 limiting condition for operation NRC U.S. Nuclear Regulatory Commission OL operating license PRA probabilistic risk assessment PWR pressurized water reactor RES Office of Nuclear Regulatory Research RSSMAP Reactor Safety Study Methodology Applications Program RTS reactor trip system 9
.l vii
1 INTRODUCTION 1.1 Task Group On tugust 3,1983, a memorandum from Victor Stello, Jr., Deputy Executive Director for Regional Operations and Generic Requirements, to the NRC Program Office Directors and the Regional Administrators directed the formation of a Task Group to study the issue of surveillance testing in Technical Specifi-cations. The purpose of the Task Group was to identify the scope and nature of problems with current surveillance testing and to develop alternative approaches that would provide better assurance that surveillance testing did not adversely impact safety. The memorandum noted that once the scope of the issues and possible methods of solution are developed by the Task Group, an NRC Office would be assigned the task of designing a Technical Specification surveillance testing program that would resolve these issues.
Nominations to the Task Group were forwarded by the respective offices, and the following individuals were selected to serve on the Task Group:
James H. Sniezek, (Chairman), Director, Regional Operations and Generic Requirements Staff, Office of the Executive Director for Operations Donald S. Brinkman, Section Leader, Office'of Nuclear Reactor Regulation Nicholas J. Chrissotimos, Senior Resident Inspector, Region III William D. Johnson, Section Leader, Region IV Thomas Peebles, Technical Assistant, Region II Richard C. Robinson, Jr., Operations Research Analyst, Office of Nuclear Regulatory Research Charles E. Rossi, Section Leader, Office of Nuclear Reactor Regulation Steven K. Showe, Branch Chief, Office of Inspection and Enforcement Merrill A. Taylor, Senior Program Manager, Office of the Executive Director for Operations The Task Group was assisted by William M. Shields, Attorney, Office of the Executive Legal Director and William F. Kane, Senior Program Manager, Office of the Executive Director for Operations.
1.2 Background
The Atomic Energy Act of 1954, as amended, provides that the applicant shall state such Technical Specifications, including information of the amount, kind, and source of special nuclear material required, the place of the use, the specific characteristics of the facility, and other information the Commission may, by rule or regulation, deem necessary to enable it to find that the utilization or production of special nuclear material will be in 1-1
I accordance with the commou defense and security and will provide adequate protection to the health and safety of the public.
During the licensing i
I.
history of NRC and the Atomic Energy Commission (AEC), its predecessor, the volume of Technical Specifications included in a license has increased significantly. The scope of the licensing reviews has broadened as a result of the increased volume. Also, the increasing number of amendments to the licenses has created an additional licensing burden for the utilities and NRC.
Participants in NRC licensing reviews have long disagreed on which items should be included as Technical Specifications.
Following litigation of a contention on whether a facility feature and procedures should be subjected to Technical Specifications, the Atomic Safety and Licensing Appeal Board a
l (ALAB-531, in the Matter of Portland General Electric Company, et al., Trojan Nuclear Plant) addressed the statutory requirements on deciding those matters that should be subje;t to a Technical Specification (9 NRC 263(1979)).
In part, the Appeal Board stated, From the foregoing it seems quite apparent that there is neither a statutory nor a regulatory requirement that every operational detail set forth in an applicant's safety analysis report (or equivalent) be subject to a Technical Specification, to be included in the license as an absolute condition of 4
operation which is legally binding upon the licensee unless and until c..anged with specific Commission approval.
- Rather, as best we can discern it, the contemplation of both the Act and the regulations is that Technical Specifications are to be reserved for those matters as to which the imposition of rigid conditions or limitations upon reactor operation is deemed necessary to obviate the possibility of an event giving rise to an immediate threat to the public health and safety.
However, the absence of specific criteria for selecting items to be included in the Technical Specifications has resulted in numerous items included currently in the Technical Specifications that are of vastly different levels j
of importance to public health and safety, especially on a long-term basis, and that may not be required under Section 182a. of the Atomic Energy Act of 1954, as amended.
The regulatory basis for Technical Specifications is embodied in 10 CFR 50.34(b)(6)(vi) that requires as part of the Final Safety Analysis Report (FSAR), required for each application for a license to operate a facility, proposed Technical Specifications and bases or reasons for such Technical Specifications be provided in accordance with the requirements of 10 CFR 50.36.
Under current NRC regulations (10 CFR 50.36), Technical Specifications are incorporated into licenses authorizing operation of a production or utili-zation facility.
During the review of an application for an operating license, the applicant is required to submit proposed Technical Specifi-l cations prepared in accordance with the requirements of the regulations.
The 1-2
i j
Commission may also include additional Technical Specifications it finds appropriate.
After issuance of an operating license, the Technical Specifications can be i
changed only with prior NRC approval granted by issuance of an amendment to the license. However, for changes to the facility and procedures described j
in the Safety Analysis Report, NRC regulations (10 CFR 50.59) permit the licensee to make changes without prior NRC approval provided that the changes do not involve a ;hange in the Technical Specifications or an unreviewed
]
safety question.
As required by 10 CFR 50.36, plant Technical Specifications for power re-actors are to include (1) safety limits and limiting safety system settings, (2) limiting conditions for operation, (3) surveillance requirements, (4) design features, and (5) administrative controls.
The regulations also require that Technical Specifications on radioactive effluents from nuclear l
power reactors be incorporated in the operating license.
j Safety limits are limits on important process variables necessary to reason-ably protect the integrity of certain of the physical barriers that guard against the uncontrolled release of radioactivity.
If any safety limit is exceeded, the reactor is required to be shut down. The licensee is required to notify the Commission, review the matter, and record the results of the j
review, including the cause of the condition and the basis for corrective j
action taken to preclude recurrence. Operation may not be resumed until authorized by the Commission.
Limiting safety system settings are settings for automatic protective devices j
related to those variables having significant safety functions. Where a limiting safety system setting is spe'cified for a variable on which a safety limit has been placed, the setting is to be so chosen that automatic protective action will correct the abnormal situation before a safety limit is exceeded.
If the automatic safety system does not function as required 4
during operation, the licensee is required to take appropriate action which may include shutting down the reactor. The licensee is also required to notify the Commission, review the matter, and record the results of the review, including the cause of the condition and the basis for corrective action taken to preclude recurrence.
Limiting conditions for operation (LCOs) are the lowest functional capability l
or performance levels of equipment required for safe operation of the facil-ity. When a limiting condition for operation of a nuclear reactor is not met, the licensee is required to shut down the reactor or follow any remedial action permitted by the Technical Specifications until the condition can be i
met. The licensee is also required to notify the Commission, review the matter, and record the results of the review, including the cause of the i
condition and the basis for corrective action taken to preclude recurrence.
Surveillance requirements are requirements relating to test, calibration, or inspection to assure.that the necessary quality of systems and components is maintained, that facility operation will be within the safety limits, and that the limitina conditions for operation will be met.
1-3 E
Design features to be included are those features of the facility such as materials of construction and geometric arrangements, that if altered or modified would have a significant effect on safety.
Administrative controls are the provisions relating to organization and management, procedures, recordkeeping, review and audit, and reporting necessary to assure operation of the facility in a safe manner.
In the early 1970s, the NRC developed and required, on a forward-fit basis, the use of Standard Technical Specifications to make the Technical Specifica-tions process more effective and efficient.
Standard Technical Specifica-tions for plants containing nuclear steam supply systems supplied by each of the four light water reactor nuclear steam system suppliers (i.e., Babcock &
Wilcox Co., Combustion Engineering Inc., General Electric Co. and Westinghouse Electric Corporation) have been required for use in operating licenses issued subsequent to 1975.
Several licensees have also elected to convert to the Standard Technical Specifications. These Standard Technical Specifications are now contained in each utility plant application for an operating license with the necessary modifications to address any plant-specific differences.
Following the accident at Three Mile Island, Unit 2, both the industry and NRC staff expressed concerns suggesting that some aspects of the Technical Specifications actually may be adverse to safety.
In August 1981, the NRC published NUREG-0839, "A Survey by Senior NRC Management to Obtain Viewpoints on the Safety Impact of Regulatory Activities from Representative Utilities Operating and Constructing Nuclear Power Plants." The licensees involved in that survey were seriously concerned about surveillance testing. They characterized the surveillance requirements as "too much--too often." The licensees asserted that they were wearing out their equipment from surveil-lance testing alone. A frequent example cited was that of the diesel generators. They expressed concerns about the many problems, including plant transients, that have been initiated during surveillance testing. They asserted that by testing less frequently, they would reduce unnecessary challenges to safety systems. Some licensees, especially those who do not use Standard Technical Specifications, expressed concern that the compounding of test requirements that occurs whenever redundant trains of equipment need to be tested immediately following an unsuccessful test may have a detri-mental impact on safety.
Earlier this year, the Committee to Review Generic Requirements (CRGR) identified concerns with the staff proposals for surveillance testing in connection with generic requirements for reactor trip system (RTS) breakers and diesel generators.
In CRGR Meeting No. 37, the CRGR expressed concerns with certain proposed requirements that resulted from the NRC Task Force review of the anticipated transient without scram (ATW5) events at Salem Unit 2 in February 1983. With regard to post-maintenance testing requirements, the CRGR recommended that the staff advise licensees and applicants to notify NRC promptly if existing Technical Specifications were found to cause adverse safety actions, and to submit appropriate changes to the test requirements for staff approval.
l I
I 1-4
._~
Likewise, the CRGR expressed a concern with the staff's proposed testing intervals for on-line functional testing of the RTS in that too-frequent testir.g could be contrary to safety.
Too-frequent testing contributes to the wear of components (such as the undervoltage trip attachment), unnecessary test downtimes, RTS vulnerabilities to single-channel faults while in the testing mode, introduction of human errors and the potential for common-fault l
causes, and added maintenance downtimes resulting from component wear.
The CRGR noted that one goal of incorporating the automatic shunt trip was to improve trip breaker reliability to enhance overall RTS availability, yet this improvement could be lost if the overall RTS unavailability was dominated by testing and maintenance downtimes and by single-channel vulner-abilities during testing or maintenance.
It was also noted that for a given test frequency, the proposed individual testing of the shunt and the under-voltage trip attachments on the RTS breaker would essentially double the cyclic test demands on the breaker, would somewhat lengthen the test down-i times, and could serve to introduce a higher frequency of test-caused trips i
and plant outages. The Committee recommended that the staff ask licensees and operating license (0L) applicants to propose test schedules and intervals l
in view of these factors and the plant-specific RTS modifications to be made.
In CRGR Meeting No. 43, the CRGR expressed a concern with the testing of diesel generators. The CRGR endorsed the staff's view that there is a need to rectify those existing test and surveillance requirements that are known to be causing wear of diesel generator equipment. The overall effect of these requirements is to degrade the diesel generator reliability and plant availability, and thereby impact negatively on plant safety. Again, as with the scram breakers, the CRGR observed that a poorly defined safety rationale was used to support particular testing requirements for the diesel generator equipment. The excessive frequency of tests and the nature (e.g., fast cold startup, quick loadings, and lack of warmup and prelubrication) is unneces-sarily degrading the equipment. Moreover, the CRGR noted that the nature of the tests being required is not properly focused on those more probable demands expected of the diesel generators (i.e., loss of offsite power) where the need for fast starting and loading is substantially diminished.
In this respect, the CRGR encouraged a continuing effort by both the staff and industry towards establishing better balanced test and surveillance practices
)
aimed at improving rather than degrading overall safety and equipment reliability.
I 1-5
~
2 TASK GROUP APPROACH 2.1 Review of Current Activities The Task Group considered it important to review the significant ongoing activities at NRC that are related to the Task Group charter. A brief discussion of those activities follows.
On March 30, 1982, the NRr published in the Federal Register (47 FR 13369) a proposed amendment to 10 CFR 50.36. The proposed amendment would istablish a new system of specifications divided into two general categories--Technical Specifications and Supplemental Specifications. The Technical Specifications would be limited to those requirements governing operation of a facility f
deemed necessary to prevent the possibility of an abnormal situation or event giving rise to an immediate threat to the public health and safety. Supple-mental Specifications would be limited to those requirements governing operation of a facility deemed necessary to prevent the possibility of an abnormal situation or event giving rise to a threat to the public health and safety, even though an immediate threat to public health and safety would be prevented by the Technical Specifications. The proposed amendment would apply to all nuclear power reactors receiving an operating license 180 days after the effective date of the final rule and would be optional for oper-l ating licenses issued before 180 days after the effective date of the final rule. Only those specifications contained in the first general category as Technical Specifications would become part of the operating license and require prior NRC approval for any changes. The NRC review of the first general category of specifications would be the same as currently performed for current Technical Specification changes, which are considered amendments to the operating license. Those specifications contained in the second general category would become Supplemental Specifications and would not require prior NRC approval for any changes.
For Supplemental Specifications, the licensees would be allowed to make changes within specified conditions without prior NRC approval and the NRC would review these changes in a manner similar to that currently used for reviewing facility and procedures changes performed under the provisions of 10 CFR 50.59.
The proposed rule invited interested persons to submit written comments.
l Although the comment period expired on June 1,1982, comments received through Decembtr 1982 are being considered in the preparation of the final rule.
The current version of the final rule retains the basic concept presented in the proposed rule of dividing the Commission's existing Standard Technical Specifications into two sections with one section being part of the operating license (and, therefore, r1 quiring a license amendment to effect changes) and the second section being separate from the operating license. The final rule contains provisions permitting licensees to effect certain changes in the second section without prior NRC approval provided that they complete a 10 CFR 50.59 type evaluation.
On July 26, 1983, the Commission published in the Federal Resister a final rule (48 3 33858) that added 10 CFR 50.73, " Licensee Event Eeport System,"
2-1
to 10 CFR Part 50 (LER rule). On August 29, 1983, the Commission published in the Federal Register a final rule (48 FR 39039) that described changes in 10 CFR 50.72, " Notification of Significant Events." The LER rule included an amendment to 10 CFR 50.36 that required notification and reporting in response to the requirements of 10 CFR 50.36 be made in accordance with the provisions of 10 CFR 50.72 and 10 CFR 50.73.
Because the notification and reporting requirements of 10 CFR 50.72 and 10 CFR 50.73 are comprehensive, the staff concluded that all prompt notifi-cation and resulting reporting requirements in the current 10 CFR 50.36 are redundant to those in 10 CFR 50.72 and 10 CFR 50.73 and, therefore, such reporting requirements should be eliminated from the Technical Specifications.
Two of the Owners Groups (General Electric and Westinghouse) have established committees to address Technical Specifications improvements.
The Babcock and Wilcox and Combustion Engineering Owners Groups have not yet formally initiated activities in this area.
An initiative that is currently under review by the NRC staff was initiated by the Westinghouse Owners Group and resulted in the submittal in January 1983 of WCAP-10271, " Evaluation of Surveillance Frequencies and Out-of-Service Times for the Reactor Protection Instrumentation System." The primary impetus for this activity was to reduce (1) unnecessary transients and challenges to safety systems caused by testing, and (2) the time and effort expended by the utility operating staffs in performing, reviewing, documenting, and tracking the various surveillance activities. The Westinghouse Owners Group plans to extend this initiative to other systems provided that the NRC staff response to WCAP-10271 is favorable.
The Boiling Water Reactors Owners Group Technical Specifications Improvements Committee was formed in August Ib3 with plans to look into ways of optimizing surveillance requirements and limiting conditions for operation related to out-of-service limitations. To date, the Boiling Water Reactors Owners Group has not submitted any proposals to the NRC.
In its review of the staff's generic recommendations following the February 1983 ATWS events at Salem, Unit 2, the CRGR requested that analyses be performed by the Office of Nuclear Regulatory Research (RES) to assess the adequacy of test frequencies for the reactor trip system breakers.
RES selected the FRANTIC code as suitable for this purpose. The FRANTIC code is an extension of the probabilistic methodology described in WASH-1400,
" Reactor Safety Study," and is discussed in more detail in Section 2.3.1 of this report. The analysis was limited to the Westinghouse reactor trip system breaker design and considered two cases:
(1) The then-current DB-50 breaker design in which the sole automatic actuation of the breaker was accomplished by deenergizing the undervoltage coil.
2-2
l (2) A proposed modified breaker that would use both deactivation of the undervoltage coil and activation of a shunt trip coil to trip the l
breaker.
A total of 36 runs were made with the FRANTIC code, each with 7 appropriately spaced values of testing frequency.
Plots of unavailability versus test frequency were made in an effort to locate a test frequency yielding minimum system unavailabili ty.
Although a majority of the results did not exhibit a precise optimum test frequency, they provided a quantitative basis for making engineering judgments in specifying frequencies that are cost effective from the standpoint of system unavailability and plant personnel time required to perform tests.
1 An ongoing program in the Office of Nuclear Regulatory Research is to develop and apply methodologies to accomplish two activities.
The first activity (FRANTIC effort) would result in two products: (1) an improved FRANTIC III code that would provide additional information, increase user efficiency, and enhance application versatility; and (2) a documented generic application to an accident sequence in an Integrated Reliability Evaluation Program (IREP) for a pressurized water reactor (PWR) in an attempt to optimize test and maintenance procedures to minimize the unavailability of the sequence of systems in the event tree path. The work being done to modify FRANTIC is expected to be completed in calendar year 1983.
Using the revised FRANTIC code, the user would be able to: (1) determine the contributions of the overall system unavailability made by the various com-ponents; (2) conduct sensitivity studies to determine the impact of testing l
intervals on system unavailability; and (3) model those situations in which the logic structure of the fault tree changes as a result of specific com-ponents being tested or repaired.
1 For the generic accident sequence application, FRANTIC may be used to carry i
out an extended time analysis to optimize test and maintenance procedures to minimize unavailability of the sequence of systems in the event tree path associated with accident sequences.
The second activity (limiting condition for operation (LCO) effort) would result in a computer program and user's manual that permits allowed downtime to be determined for a wide variety of system configurations and assumed component reliability behaviors. This code will be demonstrated by applica-tion to the ten components in a PWR IREP that have the highest importance to core melt frequency.
Historically, maximum allowed downtines have been determined based on qualitative engineering judgments with little documented technical basis. When completed, this study is intended to provide the necessary capability for establishing optimum maintenance and testing pro-cedures, using a fault-tree, event-tree methodology that can be applied to many plant designs.
In the LC0 effort, a recent theoretical formulation for maximum allowed downtimes (EPRI RP 2142-1, August 1983) will be tailored for nuclear power plant applications.
This should result in a computer program that permits allowed downtime to be determined for a wide variety of system configurations 2-3
and assumed component reliability behavior.
This program would also allow pertinent risks to be considered, including both health risks and economic risks, and allow relative and absolute criteria to be used in establishing the allowed downtimes.
This new LC0 computer code may be used to perform three specific downtime evaluations for those components of highest importance to core-melt frequency.
In evaluating downtine based on multiplant probabilistic risk assessments (PRAs), three specific uses have been identified:
(1) Evaluating the risk impacts of different allowed downtines.
(2) Evaluating approaches for determining allowed downtines for possible Technical Specifications implementation.
(3) Evaluating approaches for determining when extension to allowed downtimes are justified.
It is expected that the LC0 computer code will be available later in fiscal year 1984.
2.2 Identification of the Scope and Nature of Potential Problems On September 7 and 8,1983, J. H. Sniezek and M. A. Taylor of the Task Group met with the Boiling Water Reactor Owners Group Technical Specifications Improvements Committee and the Westinghouse Owners Group Technical Specifi-cations Subcommittee to solicit their input regarding the Task Group activi-ties and to obtain a better understanding of the industry activities in this area.
Salient points stressed by the Boiling Water Reactor Owners Group Technical Specifications Improvements Committee included the need to develop criteria identifying what the NRC is trying to accomplish with the Technical Specifi-cations. They indicated that 10 CFR Part 50 requirements pertaining to Technical Specifications are much too general and that the desired safety objectives in current Technical Specifications appear very confusing. They recommended that the NRC correct the overall Technical Specifications problem and not limit the NRC effort to surveillance and the out-of-service limita-tions specified in the limiting conditions for operation. They indicated that the present Technical Specifications do not always exhibit bases that are consistent with the plant design criteria. They also noted that certain items, when resources, person-rem and plant unavailability are taken into account, may be counterproductive to safety. They urged the NRC to develop i
sound safety rationale and bases for each Technical Specification so that they could be clearly understood in the future.
The Committee also indicated that the Technical Specifications were very difficult to understand and needed a restructuring to prevent overlap and duplication.
For example, limitations on the same components and systems can be found in multiple portions of the Technical Specifications. Likewise, some duplication exists with components that are tested as a part of systems testing requirements in the Technical Specifications also being required to 2-4 i
. = - - - _
be tested under the inservice testing program for pumps and valves specified in Section XI of the American Society of Mechanical Engineeers (ASME) Code, The meeting with the Westinghouse Owners Group Technical Specifications i
Subcommittee identified many of the same concerns. Both groups were very interested in the potential methodology for implementing the results of the Task Group effort and urged that the overall project that will result in Technical Specification changes not be a prolonged effort.
They also urged i
that licensees be provided the opportunity to implement the results of the NRC effort as individual portions of the problem are solved. Subsequently, in letters to the Task Group Chairman dated September 16, 1983 and October 4, 1983, the Subcommittee identified and prioritized areas of the Technical Specifications that were considered to be problem areas.
I The Task Group met on September 19-20, 1983, and again on October 3-4, 1983.
j The Task Group reviewed specific problems raised during its independent review of the Westinghouse Standard Technical Specifications, the minutes of CRGR I
meetings, and input from the two owners groups and several utilities. The choice of the Westinghouse Standard Technical Specifications for specific review by the Task Group was for the sole purpose of identifying specific examples of potential generic problems. It was the consensus of the Task Group that the generic problems of significance would be common to all Standard Technical Specifications.
[
In addition, the Task Group identified a number of potential generic problems with the Technical Specifications that go beyond the Task Group's specific charter. The Task Group concluded that these problems also should be addressed in this report.
2.3 Evaluation of Methodologies To Resolve Problems The Task Group recognizes that the times associated with surveillance fre-quencies, allowable outage times, etc., have been established on a determin-istic basis using engineering judgment.
The Task Group also believes that engineering judgment must be the primary basis for any changes to the Technical Specifications.
However, the Task Group believes that the use of insights from probabilistic risk assessments could be a significant aid in arriving at these judgments.
Therefore, the Task Group evaluated some of the more promising methodologies available to NRC that could be used for that purpose.
2.3.1 FRANTIC Code FRANTIC is an acronym for Formal Reliability Analysis including Normal
-The FRANTIC code represents one exten-Testing Inspection and Checking.
sion of the probabilistic methodology described in WASH-1400.
It computes the time-dependent and average unavailability for any general system model whose failure can be described by a coherent fault tree. Accident sequences, such as those constructed from event trees, can also be evaluated for their instantaneous and average probability behavior, and the effects of outages of various systems can be explored.
l 2-5
i Components that are nonrepairable, monitored, and periodically tested can all i
be modeled by the FRANTIC code. One unique feature of the FRANTIC code is the detailed, time-dependent modeling of periodic testing, which includes the l
effects of test downtimes, test overrides, failure detection inefficiencies, j
test-caused failures, and human errors.
Burn in and wear-out effects are included by using a time-dependent failure rate for the components.
Continu-ous changes in the failure rate are modeled and the failure rate may also change discontinuously at each test. This allows for consideration of sudden deterioration on reaching a specified number of demands.
Periodic equations are developed and, optional'ly, renewals may occur at either test or repair, i
Common cause and human errors associated with the operational procedures can be included by assigning an appropriate constant probability for the fault i
contributors.
Uncertainties in the input data can also be effectively ex-plored by use of sensitivity analyses and bounding assumptions.
A major feature of the FRANTIC code is its ability to account for the effects j
of imperfect testing through the use of a variety of component input param-eters.
It can also moael time-dependent failure rates as a function of both time and test frequency. The FRANTIC code calculates the instantaneous un-availability of every component in the system before and after each time point at which any component might have a discrete change in its availability.
These times correspond to passage from standby, to active testing, to repair of failures found during testing in periodically tested components.
It then l
calculates the system unavailability at each time point and provides time averages of the instantaneous system unavailabilities over the periods of l
interest.
It outputs the average system unavailability for the periods of j
interest.
i l
The FRANTIC code can also differentiate between systems that may exhibit the j
same average unavailability but which differ in vulnerability during periods j
of interest, such as testing. A system may thus have a low average unavail-ability, and yet at particular times the instantaneous unavailability may be j
quite high.
Therefore, for example, when the demand on the system is equally probable at each time point, an important risk characteristic to measure, in addition to the average unavailability, is the percentage of time the system spends with unavailability above certain preassigned levels (i.e., vulner-j ability).
1 Additional discussion of the FRANTIC code is contained in NUREG/CR-1924, i
" FRANTIC II - A Computer Code for Time-Dependent Unavailability Analysis."
2.3.2 Risk Achievement Worth The Task Group was briefed on a methodology developed at Battelle Columbus Laboratories by Dr. William E. Vesely, et al.
The following is a summary of that activity.
Risk importance measures are used to evaluate a feature's importance in further reducing the risk and its importance in maintaining the present risk level.
One type of importance measure, called the feature's risk reduction worth, is useful for prioritizing feature improvements that can most reduce the risk. Another type of importance measure called the feature's risk 2-6
achievement worth, is useful for prioritizing features that are most impor-tant in reliability assurance and risk maintenance activities. The risk achievement worth has direct applicability to the Task Group's study.
Any type of feature can be evaluated for its risk reduction worth and its risk achievement worth. Safety functions, safety systems, components, surveil-lance tests, human activities, mitigation functions, and containments can all be quantified as to their worths. Eval-_ ting the worth in a structured manner allows one to successively focus on the important items. The worths also pro-vide important information for cost-benefit and value-impact analysis.
The defined risk worth measures have been applied to the risk analyses per-formed in the Reactor Safety Study Methodology Applications Program (RSSMAP) for the Oconee, Grand Gulf, Calvert Cliffs, and Sequoyah plants. These plants include nuclear steam supply systems from each of the four suppliers. The risk worths were applied to each of the plant's risk analyses.
Safety func-tions, safety systems, containment, and certain components and human activi-ties were specifically evaluated for their worths.
A summary of the findings of the RSSMAP evaluations for the systems have been presented as risk achievement ratios as a function of core-melt frequency, where core-melt frequency is the risk measure.
Risk achievement ratios are the factor by which core-melt frequency would increase if the system did not exist or were not operable.
The human action identified by RSSMAP evalua-tions that had the largest risk achievement worth has also been identified.
The risk achievement worths identify the features that contribute most to achieving the present risk level and toward which reliability assurance activities should be directed. What stands out the most is the very high worth of certain systems and the differences among the four plants that have been analyzed thus far. The high importance of auxiliary systems, such as the service water system that serve engineered safety features systems, was highlighted for all four plants.
From the importance evaluations performed, human actions as modeled by RSSMAP are found to be near optimal.
Improvement of any action would not reduce risk significantly, whereas any degraded human performance could markedly increase risk.
This methodology can also be applied using offsite public health effects and dose as risk measures rather than core-melt frequency.
Additional discussion of risk achievement worth is contained in NURFG/CR-3385, " Measures of Risk Importance and Their Applications."
2-7
3 FINDINGS This section contains the Task Group's findings resulting from its review of i
the Technical Specifications.
Each of the findings relates to a Task Group generic concern.
For each finding a description of the generic concern and its potential safety implications is provided.
In addition, the scope of the concern is given in terms of the Task Group's assessment of the number of Technical Specifications that might be affected.
At least one example from the Westinghouse Standard Technical Specifications, except where otherwise noted, is provided to illustrate each concern.
Finally, the Task Group has identified what it has determined to be an appropriate methodology to resolve each of the concerns.
The Task Group also endorses the general concept of separating the current Technical Specifications into Technical Specifications and Supplemental Specifications. The Task Group believes that the analytical methodology discussed in Section 2.3 could be used to augment the engineering judg-ments necessary to accomplish this in implementing the proposed revision i
to 10 CFR 50.36 discussed in Section 2.1 of this report.
3.1 Test Frequencies Originally, test frequencies were established on the basis of engineering judgment and manufacturers' recommendations considering the use of standard intervals (e.g., daily, weekly, monthly, etc.) Although this was a rational way to proceed at the time, the staff and industry now have better analytical l
tools available to augment this engineering judgment. These analytical tools can be used to optimize test frequencies.
It is not clear to the Task Group that existing test frequencies are optimized from a safety standpoint.
Test intervals that are either too short or too long could be adverse to safety by increasing the overall relative risk to the public.
In addition, frequent 4
periodic testing of systems, with no compensating reduction. in risk to the public, results in unnecessary diversion of operators and other plant personnel, economic costs, and, in some cases, excessive exposure to plant personnel, which may be adverse to safety.
In looking at problems with surveillance testing, the Task Group noted that some of the problems exist because the equipment designs do not include appro-l priate features to facilitate proper testing. The Connission's regulations have a number of requirements for equipment design that permit appropriate testing.
For example, Criterion 21 of the Generic Design Criteria, Appendix A to 10 CFR Part 50, states that the protection system shall be designed to permit periodic testing of its functioning when the reactor is in operation, including a capability to test channels independently to determine failures and losses of redundancy that may have occurred.
In some instances, equip-ment design changes may be required to improve equipment testability where warranted by the resulting safety benefit and the cost effectiveness of the change.
The Task Group believes that this concer, is generally applicable to all of Section 4 of the Standard Technical Specifications.
An example is Specifi-cation 4.3.4, Turbine Overspeed Protection, which requires cycling, at least l
l 3-1
i i
once per 7 days, of each of the four high-pressure turbine stop valves, turbine governor valves, turbine reheat stop valves, and turbine reheat inter-i cept valves. The Task Group believes it is likely that this test interval could be increased with an overall positive benefit to plant safety in that 4
1 the risk of a test-induced plant transient would be reduced.
The Task Group believes that this concern could be resolved using engineering judgment augmented by analytical risk-based insights.
The initial steps could involve an examination of the systems in the plant based on their overall con-tribution in reducing risk to the public.
The examination of the Technical i
Specifications should be made for those systems whose contribution is small to determine whether testing frequency is commensurate with the importance of 4
the system safety function.
Engineering judgment could be used to reduce the testing frequency for such systems if appropriate.
For those systems whose contribution to risk reduction is significant, an analytical tool such as the FRANTIC code could be used to determine test inter-vals and the benefits of testing at staggered intervals that more effectively optimize overall risk, taking into consideration diversion of plant personnel from other safety activities and radiation exposure to plant personnel from testing.
3.2 Action Statements j
The action statements of some Technical Specifications seem to be structured more as a punitive measure against utilities that have safety equipment out of service rather than as a function of the significance of the equipment outage from the standpoint of risk to the public. Unnecessary shutdowns i
result in plant transients and challenges to safety systems and are adverse
{
to safety.
The primary concern of the Task Group is with those specifications that pro-vide only 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> to restore equipment to meet limiting conditions for opera-tion. However, other specifications that permit longer time periods, such as 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, also may be too stringent depending on the system involved, the type of fault, or the repairs involved.
For example, Specification 3.0.3 states that when a limiting condition for operation is not met within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, except as provided in the associated action requirements, action shall be initiated to place the unit in a mode i
in which the specification does not apply by placing it, as applicable, in (1) at least hot standby within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (2) at least hot shutdown within the following 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (3) at least cold shutdown within the subsequent 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> l
This requirement is all-encompassing and should be reexamined as to its relationship to specific systems.
One example is Specification 3.3.3.6, Accident Monitoring Instrumentation, where loss of two channels of the 3-2
pressurizer power-operated relief valve position indicator would invoke Specification 3.0.3.
Specification 3.3.3.5, Remote Shutdown Instrumentation, is another example of what appears to be an inordinately short allowable out-of-service time taking into account the safety importance of the affected equipment. This specifi-cation requires that with less than one channel of instrumentation available at the remote shutdown panel (e.g., control rod position limit switches), the inoperable channels are to be restored to operable status within 7 days or the plant shall be placed in hot shutdown within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
The Task Group believes that resolution of this concern can be accomplished using engineering judgment that should be augmented by analytical risk-based insights. An analytical tool such as the FRANTIC code is capable of pro-viding such insights.
3.3 Test Types Particular types of testing called for by the Technical Specifications may be adverse to safety. Such testing may be the cause of equipment degradation and progressively r. educed system reliability. Alternative forms of testing may be available to enhance overall plant safety.
This concern potentially is applicable to several of the systems addressed in Section 3 of the Standard Technical Specifications.
An example is Specification 3.8.1, A.C. Sources, which requires that with either an off-site circuit or diesel generator of the required alternating current (ac) electrical power sources inoperable, demonstrate operability of the diesel generator within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> and at least once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.
The required test involves starting the diesel generator from ambient condi-tion and accelerating to at least 900 rpm (revolutions per minute) in less than or equal to 10 seconds.
Fast cold starts have been demonstrated to cause accelerated degradation of the diesel generators.
Further, from a safety standpoint, fast cold starts of diesel generators are required only in the event of the large break loss-of-coolant accident with loss-of-offsite power, a low probability event.
However, with ac equipment out of service the plant is more vulnerable to a higher probability event; i.e., loss of all ac power. This event does not require a fast start of the diesel generators.
Fast cold starting of the diesel generators will tend to make the plant more vulnerable to the loss of all ac power because testing the diesel generators in this manner will likely cause further degradation.
The Task Group believes that this concern can be resolved by engineering judgment augmented by insights received from a review of the sequences and consequences associated with the various accident scenarios.
I 3.4 Outage Times Allowable outage times for equipment have been established on the basis of l
engineering judgment considering the use of standard intervals (e.g., I hour, i
72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, 7 days). As with test intervals, it is not clear to the Task Group 3-3
i that outage times are optimized from a safety standpoint. Allowable outage times that are too short will subject the plant to unnecessary trips, trans-i ients and fatigue cycling. Outage times that are too short also may result in less thorough repair and post-repair testing before equipment is returned to service.
Likewise, outage times that are too long may cause an undesir-able increase in risk to the public.
The Task Group notes that current allow-able outage times are not based on the degree of system fault but rather on go, no-go criteria.
l This concern is generally applicable to all of Section 3 of the Standard Technical Specifications. An example is Specification 3.8.1, A.C. Sources, which requires, as a minimum, that the following ac electrical power sources be operable:
(1) Two physically indeperdent circuits between the offsite transmission network and the ons.ia Class 1E distribution system, and (2) Two separate and independent diesel generators, each with (a) separate day and engine-mounted fuel tanks containing a minimum volume of fuel, (b) a separate fuel storage system containing a minimum volume and fuel, and I
(c) a separate fuel transfer pump.
Failure to meet conditions 2(a) or 2(b) by even a small amount would require testing of the operable diesel generator and would eventually require plant shutdown.
The Task Group believes that resolution of this concern can be accomplished using engineering judgment that should be augmented by risk-based insights.
An analytical tool such as the FRANTIC code is capable of providing such insights.
In addition, specifications such as 3.8.1 could be reviewed to 1
determine if a second-level action statement is appropriate.
For example, if the volume of fuel is found to be outside of the primary LC0 but within the secondary LC0, then 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> might be an acceptable time to return the volume of fuel to the primary limit before initiating a plant shutdown.
Entry into a second level LC0 may require, for example, review by the Plant Safety Review Committee, increased surveillance frequency, and a summary provided in the annual report with an explanation of the cause, time to remedy, and corrective action.
3.5 Testing After a Failure Some specifications require that if equipment in one train of a system is i
inoperable, surveillance testing of the equipment in the other train is increased.
This has the potential for (1) damaging the redundant system, l
(2) placing the system or plant in a more vulnerable mode, and (3) failing to return it to an operable condition.
Such surveillance strategies may actually degrade the needed system and increase public risk.
l 3-4
This concern applies to only a few of the Specifications in Section 3 of the Standard Technical Specifications but likely is more prevalent in plant-specific Technical Specifications.
An example is Specification 3.8.1, A.C.
Sources, which requires that when one diesel generator is inoperable, the operability of the other diesel generator must be demonstrated within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> and at least 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.
The normal surveillance test interval for a diesel generator is 31 days.
The Task Group believes that this concern could be resolved using engineering judgment augmented by analytical risk-based insights. An analytical tool such as the FRANTIC code is capable of providing such insights.
3.6 Mode Changes Some Specifications contain action statements that, in the event of inoper-able equipment, require entry into what may be a less safe mode from an over-all safety standpoint.
In addition, there may be tests requiring the plant to bc placed in a less safe configuration to perfonn the test.
In such cases, the risk to the public may be increased by complying with the Technical Specifications.
This concern involves many of those specifications in Section 3 of the Standard Technical Specifications. An example is Specification 3.7.5, Ultimate Heat Sink, which requires that when the ultimate heat sink is not operable, the plant shall be placed in hot standby within 6-hours and in cold shutdown within the following 30 hours3.472222e-4 days <br />0.00833 hours <br />4.960317e-5 weeks <br />1.1415e-5 months <br />.
It may be preferable from a safety standpoint to maintain the plant in a hot shutdown condition.
In the hot shutdown condition, a larger number of options are available to remove decay heat from the core than in the cold shutdown condition.
If the ultimate heat sink is lost, there is no way to remove decay heat or comply with the require-ments of this specification.
Other examples are Specifications 3.7.3, Component Cooling Water System, 3.7.4, Service Water System, 3.8.11, A.C. Sources, 3.8.2.1, D.C. Sources, and 3.8.3.1, Onsite Power Distribution, which also require the plant to be placed in cold shutdown when any one of the systems that is needed to remove heat via one of the residual heat removal system loops fails.
This means that the one remaining residual heat removal system loop has to be used to maintain the reactor coolant temperature below 200 F.
It appears more appropriate that the plant be maintained in hot shutdown with the reactor coolant temperature between 200 F and 350 F where, in addition to having the one remaining resid-ual heat removal system loop, the reactor coolant system loops would also be available, any one of which would also be able to remove heat.
The Task Group believes that this concern can be resolved if the appropriate specifications are examined using engineering judgment augmented by risk-based insights. Analyses can be performed to demonstrate the preferred mode of operation from the standpoint of providing the least risk to the public.
3.7 Bases In most cases, the bases do not provide explicit justification for the limiting conditions for operation or the surveillance requirements. This 3-5
-~
i creates three problems. The first is that of deciding whether to permit short-term emergency exceptions when there is no base line from which to measure the effect of aF change.
Second, the present bases do little to inform the opera-l tor regarding the importance of the various Technical Specifications.
Expanded bases would enhance the operators' understanding of the Technical Specifica-tions.
A better understanding by operators of the bases for what they are doing should result in their doing a better job. Third, 10 CFR 50.59 requires an evaluation of the reduction in the margin of safety as defined in the bases for the Technical Specifications to determine whether a proposed change, test, or experiment involves an unreviewed safety question.
In general, the Technical Specification bases do not provide such information. A related problem involves those Technical Specifications whose bases are inconsistent with the requirements.
The Task Group believes that this concern generally applies to the bases for all Standard Technical Specifications. An example of this problem is Specification 4.4.7, Chemistry, which specifies certain limits on dissolved oxygen, chlorides and fluorides.
It also requires that samples of these parameters be taken every 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> and, if it is determined that any of the limits are not met, the parameters should be restored to acceptable values within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> or the plant should be shut down. However, the bases state that the surveillance requirements assure that concentrations in excess of the limits will be detected in sufficient time to take corrective action.
Thus, it would appear that 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> would be sufficient time to restore the parameter to an acceptable concentration.
l Another example is item 14 in Table 2.2.-1, the reactor trip on steam genera-tor low water level, coincident with steam /feedwater flow mismatch. The bases for including this trip function in the Technical Specification correctly indicate that it is not used in the transient and accident analyses. However, the bases do not indicate that this trip is necessary to satisfy the regula-tory requirements of the Institute of Electrical and Electronics Engineers (IEEE) Standard 279-1971 regarding interaction between control and protection systems and, thus, this trip is a necessary function even though credit is not taken specifically for it in the transient and accident analyses.
The Task Group believes that resolution of this concern could be accomplished by engineering-judgment that should be augmented by risk-based insights. An analytical tool such as the FRANTIC code is capable of providing such insights.
3.8 Exposure to Plant Personnel Certain surveillance requirements in radiation areas can result in significant exposure to plant personnel. These surveillance requirements need to be reviewed carefully to assure that their overall impact on safety is positive.
This concern is limited to those Specifications requiring plant personnel to perform surveillance testing in radiation areas.
An example is Specification 4.7.9, Snubbers, which defines the surveillance requirements for snubbers.
Snubbers, which are hydraulic or mechanical shock absorbers important to the safety of nuclear power plants, are periodically l
l 3-6 I
inspected and, if defective, replaced or repaired.
Inspection, removal and replacement of snubbers are usually performed in radiation areas.
The staff recently obtained data on snubber-related doses that were made available to the Task Group.
Data obtained from 4 PWRs and 11 BWRs showed collective snubber-related doses ranging up to 220 person-rems per year at one of the facilities.
The Task Group believes that this concern can be resolved using engineering judgment that should be augmented by risk-based insights, such as FRANTIC, and should also consider value-impact assessments.
Value-impact assessments should consider exposure to operators and increase to public risk when arriving at appropriate surveillance frequencies.
3.9 Unnecessary Requirements Some specifications contain requirements that appear to be unnecessary either due to the plant design or other limits or constraints.
Such requirements consume the time and attention of plant personnel that could be used for purposes more important to safety. Further, unnecessary requirements reflect poorly on the balance of the Technical Specifications.
The Task Group believes that this ' concern is limited to only a few places in the Standard Technical Specifications. An example is Specification 4.7.7, Control Room Emergency Air Cleanup System, that requires verification at least once every 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> that the control room air temperature is less than or equal to 120 F. The Task Group believes that the need to record this tempera-ture every 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (which will likely be done once every shift for adminis-trative reasons) is an unnecessary burden and that temperatures this high would be obvious to the control rcom operators.
The Task Group believes that this concern can be resolved using engineering judgment.
3.10 Information Collection l
Some of the requirements in the Standard Technical Specifications are for the purpose of collecting information and do not add to operational safety. The Technical Specifications should not contain such requirements.
This concern is limited to only a few of the Technical Specifications. One l
example is Specification 3.4.8, Specific Activity, which requires that when the specific activity of the primary coolant exceeds 1.0 microcurie per gram dose equivalent I-131 or is greater than 100/E microcuries per gram, a report be filed containing the following information:
(1) reactor power history starting 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> before the first sample in which the limit was exceeded (2) fuel burnup by core region (3) cleanup flow hi' story starting 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> before the first sample in which the limit was exceeded 3-7 l
(4) history of degassing operations, if any, starting 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> before the first sample in which the limit was exceeded (5) time duration when the specific activity of the primary coolant exceeded 1.0-microcurie per gram dose equivalent I-131.
l Section 4.4.8, which contains the bases states that the information obtained on iodine spiking, will be used to assess the parameters associated with the spiking phenomena.
The Task Group believes this is an administrative matter that, for the most part, should be resolved when the recent revision to 10 CFR 50.73 becomes effective on January 1,1984.
However, there is a potential for the Technical Specifications to be revised at that time to require this same information in another type of report (e.g., a Special Report). The Task Group believes that this would be inappropriate for the example presented above. Alternate means of acquiring this information should be considered.
3.11 Consistency in Standard Technical Specifications In some instances, requirements such as surveillance intervals vary from the Standard Technical Specifications of one type of nuclear steam supply system to another without apparent reason. Such variations may unfairly penalize some licensees and may not be appropriately balanced for safety in the case of other licensees.
This concern applies to all of the Standard Technical Specifications. How-ever, the anomalies are expected to be few in number. One example of this applies to reactor trip system surveillance testing. Section 4.3.1 of the Westinghouse Standard Technical Specifications requires that slave relays be tested quarterly. However, the General Electric Standard Technical Specifi-cations require such testing at 18-month intervals.
The resolution of the concern with surveillance test frequencies discussed in Section 3.1 of this report should also resolve this concern.
l t
l
, 8 i
t
4 RECOMMENDATIONS 4.1 Scope of Re ommendations and Priorities The Task Group findings in Section 3 were <: valuated to determine the specific recommendations and their priority. The Task Group established its priori-ties based on (1) the relative safety concern in terms of risk to the public, (2) licensee resource impacts and economic benefits to the licensees, (3) regulatory consistency, and (4) the time frame to resolve the concern.
The Task Group findings were then condensed into five recommendations and prioritized as follows:
Recommendation 1 The testing frequencies in the Technical Specifications should be reviewed to assure that they are adequately supported on a technical basis and that risk to the public is minimized (Findings 3.1 and 3.7).
Recommendation 2 The required surveillance tests should be reviewed to assure that important safety equipment is not degraded as a result of testing and that such tests are conducted in a safe manner and in the appropriate plant operational mode to assure that risk to the public is minimized (Findings 3.3, 3.5 and 3.7).
Recommendation 3 The action statements should be reviewed to assure that they are designed to direct the plants to a safe plant operational mode such that public risk is minimized and that unnecessary transients and shutdowns are precluded (Findings 3.2, 3.4, 3.6 and 3.7).
Recommendaticn 4 The surveillar,ce test requirements should be reviewed to assure that they do not consume plant personnel time unnecessarily or result in undue radiation exposure to plant personnel without a comensurate safety benefit in terms of minimizing public risk (Findings 3.7, 3.8 and 3.9).
RecommenJation 5 The preparation and organization of the Standard Technical Specifications should be reviewed to assure that they are consistent with 10 CFR 50.36 and only contain requirements that have a sound safety basis (Findings 3.7, 3.10 and 3.11).
4.2 Implementation The Task Group recomends that the responsibility for revising the Technical Specifications be jointly shared by industry and the NRC staff and that such activities do not hinder or delay ongoing related activities. To assure that 4-1
.=
i i
modifications to the Technical Specifications are made in a consistent manner, the Task Group recommends that the implementation of the recommendations discussed in Section 4.1 be conducted in the following manner:
(1) The first step should be to determine on a generic basis the overall l
importance of the systems addressed by the Technical Specifications for the four reactor types.
A methodology that uses risk importance measures, such as that developed at Battelle Columbus Laboratories and discussed in Section 2.3.2, shouid be used for that purpose. The product should be an assignment o# the systems into high, medium and low categories of relative risk worth.
The Task Group recommends that this activity be conductM by the staff with appropriate participation by owners groups.
1 (2) Using each of the four sets of Standard Technical Specifications, the Specifications and supporting bases for a selected system in the high risk worth category should be evaluated in accordance with recommenda-tions 1, 2, and 3 and modified as appropriate to assure the following:
(a) The testing frequencies are adequately supported on a technical basis so that risk to the public is minimized.
i (b) The surveillance tests do not degrade important safety equipment as a result of the testing, and that these tests are conducted in a safe manner and in the appropriate plant operational mode so that risk to the public is minimized.
t l
(c) The action statements direct the plant to a safe plant operational mode such that public risk is minimized and unnecessary transients and shutdowns are precluded.
The Task Group recommends that this activity be conducted by the staff with appropriate participation by owners groups. The staff's evaluation should be conducted using a methodology similar to the FRANTIC code l
discussed in Section 2.3.1.
Engineering judgment, taking these analyses into account should be used to develop the appropriate revisions to the Specifications and their bases.
(3) The staff should develop a NUREG report aescribing the procedures used to conduct steps (1) and (2), the changes that could be made to each of the Standard Technical Specifications, and the rationale used to develop the revised bases. This report should be issued to the industry by a generic letter that would encourage changes to the remaining systems with high risk worth using e methodology equivalent to that used by the staff. The letter to the industry should strongly urge that these activities be conducted by owners groups to more efficiently utilize the resources of both the staff and industry and to accomplish changes on an earlier schedule.
(4) The remaining high risk worth systems should be evaluated in accordance l
with recommendations 1, 2, and 3 as discussed in step (2).
However, the l
l 4-2 1
I 1
evaluation and proposed changes to the Standard Technical Specifications and their bases should be accomplished by owners groups and submitted to the staff for generic review and approval.
(5) Proposed changes to plant-specific Technical Specifications based on the staff's generic review in steps (3) and (4) should be submitted by licensees and reviewed and approved by the staff in the normal procedure.
At this time the staff would consider the applicability of the generic review to plant-specific Technical Specifications.
(6) The Technical Specifications for the medium and low risk worth systems should be reviewed in accordance with recommendation 4 to assure that surveillance test requirements do not consume plant personnel time unnecessarily or result in undue radiation exposure to plant personnel without a commensurate safety benefit in terms of a reduction in public risk. That evaluation may be conducted using engineering judgment with appropriate analyses to reflect the severity of requirements for these systems consistent with their importance in reducing public risk.
In doing so, consideration should be given to the use of two-level action statements as discussed in Section 3.4.
The use of two-level action statements could avoid unnecessary shutdowns, while at the same time assure that the necessary action is taken to restore the equipment to service.
The Task Group recommends that this activity be conducted by the staff with appropriate participation by owners groups.
(7) The final step is to review the Technical Specifications for all four nuclear steam supply system suppliers in accordance with recommendation 5 to assure ;nat they are consistent with 10 CFR 50.36 and contain only requirements that have a sound safety basis. The Task Group reconinends that this activity be conducted by the staff with appropriate partici-pation by the owners groups.
4.3 Schedule The Task Group anticipates that the recommended actions can be completed within 16 to 18 months after initiation of the NRC program office activities depending on the priority assigned by industry. The anticipated schedules for individual steps are as follows:
Step 1(staff) 2 to 3 months from program approval.
Step 2(staff) 8 to 10 months from program approval.
Requires completion of step 1.
Step 3 (staff) 8 to 10 months from program approval.
Requires completion of step 2.
l Step 4 (industry / staff) 8 to 10 months from program approval.
Requires completion of step 1.
Step 5(industry / staff) 16 to 18 months from program approval.
Requires completion of steps 1-4.
4-3 l
=.
Step 6 (staff) 8 to 10 months from program approval.
Requires completion of step 1.
Step 7 (staff)
Consistent with the final output from steps 1-6.
4.4 Oversight Responsibility The Task Group recommends that an oversight group be established within the staff to monitor the implementation of the recommendations and assure consis-tency in their application. The Task Group recomends that the oversight group include representatives from each of the affected Program Offices and at least one Region.
j The oversight group representatives should be selected so that the group has
]
the following collective attributes:
(1) Management perspective with regard to policy matters.
(2) Background and knowledge of the development and application of Technical Specifications issued for older plants as well as the Standard Technical Specifications.
(3) Knowledge of the conduct and application of risk analyses.
(4) Understanding,f the operation of boiling water reactors and pressurized water reactors.
(5) Continuity with the Task Group to assure understanding of the decision rationale that led to the development of the Task Group recommendations.
1 i
4-4
5 REFERENCES Code of Federal Regulations, Title 10. " Energy," U.S. Government Printing Office, Washington, DC
--, Section 50.34, " Contents of Applications."
--, Section 50.36, " Technical Specifications."
--, Section 50.59, " Changes, Tests and Experiments."
--, Section 50.72, " Notification of Significant Events."
--, Section 50.73, " Licensee Event Report System."
--, Appendix A " General Design Criteria."
Electric Power Research Institute (EPRI), EPRI RP 2142-1, " General Theory for Risk-Based Determinations of Allowed Downtimes," August 1983.
i U.S. Atomic Energy Commission (AEC), WASH-1400, " Reactor Safety Study,"
October 1975.
U.S. Nuclear Regulatory Commission (NRC), August 3,1983, memorandum from V.
Stello, Jr., to NRC Office Directors and Reginal Administrators, subject:
Formation of Task Group to Study Issue of Surveillance Testing in Technical Specifications.
--, Atomic Safety and Licensing Appeal Board, ALAB-531, "In the Matter of Portland General Electric Company, et al., Trojan Nuclear Plant,"
March 21, 1979
--, NUREG-0103, " Standard Technical Specifications for Babcock and Wilcox Pressurized Water Reactors," Revision 4, Fall 1980.
--, NUREG-0123, " Standard Technical Specifications for General Electric Boiling Water Reactors," Revision 3, Fall 1980.
--, NUREG-0212, " Standard Technical Specifications for Combustion Engineering Pressurized Water Reactors," Revision 2, Fall 1980.
--, NUREG-0452, " Standard Technical Specifications for Westinghouse Pressurized Water Reactors" Revision 4, Fall 1981.
--, NUREG-0839, "A Survey by Senior NRC Management to Obtain Viewpoints on the Safety Impact of Regulatory Activities from Representative Utilities Operating and Constructing Nuclear Power Plants," August 1981.
--, NUREG/CR-1924 " FRANTIC II - A Computer Code for Time-Dependent Unavailability Analysis," April 1981.
--, NUREG/CR-3385, " Measures of Risk Importance and Their Applications,"
July 1983, i
Westinghouse Electric Corporation, WCAP-10271, " Evaluation of Surveillance Frequencies and Out-of-Service Times for the Reactor Protection Instrumentation System," January 1983, and Supplement No.1, l
July 1983.
l 5-1
_=
--, September 16, 1983, Letter from J. J. Sheppard, Chairman, Westinghouse i
Owners Group to J. H. Sniezek, NRC.
t
--, October 4,1983, Letter from J. J. Sheppard, Chairnan, Westinghouse l
Owners Group to J. H. Sniezek, NRC.
i Industry Codes and Standards American Society of Mechanical Engineers, ASME Boiler and Pressure Vessel Code,Section XI, " Rules for Inservice Inspection of Nuclear Power Plant
{
Components."
Institute of Electrical and Electronics Engineers Standard IEEE Standard 279, " Criteria for Protection Systems fdr Nuclear Power Generating Stations."
i i
i, i
1 i
r 5-2
'U""
U.S. NUCLE AR REGULATO37 COMMIS$10N (7 77)
BIBLIOGRAPHIC DATA SHEET NUREG-102/
- 4. TITLE AN UBTITLE (Add Volume No.. if yprepnetel
- 2. (Lew b Technical ecifications - Enhancing the Safety Impact 3.RE ENT*S ACCESSION NO.
- 7. AUTHOR (S) 5.[ ATE REPORT COMPLE TED
/ MONTH l YEAR f November 1983
- 9. PERFORMING ORGANIZA NAME AND MAILING ADDRESS (/nclude 2,p Codel DATE REPORT ISSUED MONTH l YEAR Office of the Execut e Director for Operations November 1983 U.S. Nuclear Regulato Comission s ft,,
y,,,,,
t!ashington, DC 20555
- 8. (Leare blank)
- 12. SPONSORING ORGANIZ ATION N AME D MAILING ADDRESS (Inciude 2, Codel
- 10. PROJECT / TASK / WORK UNIT NO.
Same as 9, above.
- 11. CONTRACT NO.
1.1. TYPE OF REPORT PE RIOD COVE RE D (/ncAssire daars)
Technical Report
- 15. SUPPLEMENTARY NOTES
- 14. (Leave N8'*/
- 16. ABSTR ACT 000 words or less)
This report documents the work of n inte ffice, interdisciplinary, NRC Task Group established in August 1983 The Task roup was established to identi.fy the scope and nature of proble with survei ance testing in cuirent Technical Specifications and t develop alter tive approaches that will provide better assurance th'at urveillance tes 'ng does not adversely impact sa fety. The Task Group conc ded that some of e Technical Specifications have the potential for adversely ffecting safety and ome do not appear to be cost effective. The Task oup developed five re mendations for improvement.
- 17. KEY WoRDS AND DOCU NT ANALYSIS 17a. DESCRIPTO 17b. IDENTIFIERS / OPE ' -ENDED TERMS
- 18. AVAILABILITY JTATEMFNT
- 19. SECURITY CLASS IThis report) 21.NO. OF PAGES Unclassified 1
Un1imited Availability
- 20. SECURITY class trai,,
e>
- 22. PRICE s
NRC FORM 335 17 77)
UNITED STATE 3 NUCLEAR KEOULATORY COMMISSION c'os"E"'[,Ns tIso U5*ac 3
WASHINGTON. D.C. 20666 wasn a e m
pf ausine fdl Ql
..a i l
OFFICIAL BUSINESS
$, i PE!4ALTY FOR PRIVATE USE. 8300 e'
1 4
-4 moI2 o
r;1 r-mn 120555078877 1
99999 5
US NRC g
1 ADM-DIV 0F TIDC y
POLICY C PUB MGT BR-PDR NUREG
-4 W-501 3
WASHINGTON OC 20555 z
cn i
m2 I>Z9 2O
-4Im C4>
-n m
~44 5o>c
-l Z-O<
mE co m
3 a
.