ML20086S661

From kanterella
Jump to navigation Jump to search
Review of PASNY Sys Interaction Study
ML20086S661
Person / Time
Site: Indian Point, 05000000
Issue date: 03/01/1982
From: Alesso H
LAWRENCE LIVERMORE NATIONAL LABORATORY
To:
Shared Package
ML20083L077 List:
References
FOIA-83-618 UCID-19130, NUDOCS 8403050038
Download: ML20086S661 (7)
v  d  e


Text

_ _ _ . - . -. .. - ___ __ __ - --_ - - - - __-_ _-- -. -- . _ _ _ _ _ ._ _

s .

,, UCID- 19130 l

l l

i l

s REVIEW OF THE PASNY SYSTEliS IITIERACTION STUDY l i

U. P. Alesso .

Lawrence Livermore National Laboratory v

.k.

( .. 5 .

1 e* ,

e-pt s

- -.Ifarch 1, 1982 5

.. u,

. d; i.N

.~

% . V in . 's" . +

... ~x. u. 4,. .>-

c., ,.,.., Q.;.?.,.9. s 3 a.- m..

,. 5,,*4..w.

me- v. ..;'*'s

. . . t, .  : 4. .' t',. ' .'f~ %

. .+c.... .

, Q .

w * ,, _

TWs is em inforemas report imeended pr6meray car inessmal or lhmked assrael di=nedhuesom.

The opinions and h sesend ese those of the author and seer or sesy not be those n' _ I-f ' *

  • ~

ff "T^ v.

orthet so,meery. -

.s j '

TWs wort was seppersed by the Uniend Steams Nacisar Regnineary f*- under _

, a heen of Underseendams with the Undeed Saeees t,_ _ :of Emmigr.. . .l9,, . , . . . ,

... .

  • a *..c.;, 1 ,.,. '- .s . .:= *. . .. %

A S.4's,*.C+3 . Y-,b...

.. . W Q ;s"' i'ie.. j?25. N I"3. D *.'.. N '<

v.

. * . ,- *, .e g, f, '.(s c ps

.' %, few.

.3 h.g* . .W.,*'

% . ,7 F :,i' 4 4.,*47.

t?i' e g .'*4.*. gM{'."a

  • .L-

?:I , .C . - - :., ,

.h. . . , ;. '

- U,~ ';, ~S' h.; p $.~.hf,_ 'f, yf ?y  :. hpgua. ,

y y: M. .w- .w1..wnw,,a.s.,r. F 7 .M.h. d. ra. . .. p.m ,,,;:... e,yg.g&.wdsm_ esme ;. m

w. .

....,.-.,3... s m. n.. ,.a -

y.....-

N* . .

h, Y ~

h, h5k'

'$p ti #.. #'*eMSMT

  • - ..M{

.YE? NlfbY0. d5@ h O yfE*Mt@NNdde$U51sW5h PDR FOIA WM ow J :'%g, SHGLLYO3-610 PDR FN.D+M.Ah5*h

-"" YIS -

M## 1" t#"m WM"G- *$:' -

[ h* [ b Ih5N. '::' y

1.0 UBJECTIVE Uf REvlEW i

Ine objective of this review is to evaluate ana make reconnendations on the Systems Interaction g$1) metnouology proposeu by tne Power Autnority of the State of New York (PAbnY) for application to indian Point ho. 3 (19-3).

2.0 oALKbROUNDANDMOTIVATIONOFR5 VIEW A systematic pruceaure for tne icentification and evaluation of systems interactions is being aevelopea oy tne NRC. Contributions oy Battelle Memorial Institute and drooxnaven National LaDoratory are being usea for tne development of future guidance aac regulations, in aaottion, the Lawrence Livermore National Laboratory (LLNL) is assisting NRC in reviewing PASNY's proposed methodology for application to IP-3. It is expected that experience and knowleoye gained from the IP-3 application will lead to moaifications of the 51 efforts in other areas of the NRC prog' ram.

3.0 STATEMENT UF PROBLEM

(

This review must juage if PASNY's,proposeo S1 metnodology can succeed in '

solving the following problems:

1. iaentity his for nonconnecteo anu interconnectea systems for IP-3,
2. evaluate the associatea safety nazarc or risk of the 51s for nonconnectea ano interconnected systems for IP-3, 2
3. ensure that the NRC proposeu scope of the problem is coverea, ana
4. provice insight for others working toward NRC Si regulations. _

4.0 UUR REVIEW APPROACH ,

Our preference for a 51 identification and evaluation procedure for application to Indian Point-3 was presented in our LLNL reports.3,4

,However, we have evaluated the PASNY proposal on the basis of its own merits to address the problems involved in sis (see Section 3.0).

(

' ' dam e e w .m

~h - .he *p-s

'M '

. _ _ _ . _ . _ . _ . _ _ _ . _ . .- _ _ _ _ _ . _ _ . _ - ._. _ _ i l

l In this section, we will continue witn our critique of tne PAShY SI stuoy under the rollowing four neadings: (1) the PASNY Nonconnecteo I

Procedures,(2) the PASNY Nunconnetleo AFa Example, (3) tne PASNY Interconnecteu Proceoure, and (4) tne PASky Interconnecteo AFW Example.

The uASNY Nonconnecteo Proceoure - Tne nunconnecteo SI proceoure examined common cause events (e.g., a fire) ano found all sources snon-safety-grace components) that could threaten the safety function of a target (safety-grade component).

Tnis is accomplisnea oy a multidisciplined team of experts conducting an on-sight walk-througn inspection. Such an inspection nas already Deen demonstrated as being a valuable 51 identification methoo.7 The PA5NY Nonconnecteo AFW 6xamole - Tne nonconnecteo portion of the AFW example presenteo in Vol. 2 was a satisfactorj example. It cemonstratea trie c4pability of the nonconnected procedure; anc we founo the pnotograpns, utscussion sneets, anu cross-inuexing to ud a good format.

( .

Tne PASNY intercennecteu Proc'euure - Interconnecteo systems were oefineo as those mechanical ano electrical compiexes wnicn are process-couplea to one anotner pnjsically via piping, instrumentation cuoing or electrical wiring.

Incluceo in tnis uefinition is HVAC equipment wnicn, altnougn not physically connecteo, may De necessary to support the continuous safe operation of interconnected systems.

Step 1 was the selection of specific sy" ams for evaluation ano is accomplisned by oeveloping functional snutdown logic diagrams tnat aescrioe ]

tne general functions necessary to prevent core camage. Tnese logic diagrams ,

are based upon system descriptions; instrumentation and control logic diagrams; and electrical schematic, block, and wiring oiagrams. In addition, important information aoout system interf aces is ootained at tne site by

, inspecting physical f acilities ano oy meeting with plant personnel f amiliar with the oesign, operation, and maintenance of tne system.

-3

~ - - - - - - .. __

we- ge -+ e - -- 4 me. w .w. _ _

. . . . . . = - .

In developing the Safety bysten Auxiliary Diagram the analyst ensures tnat each support requirement is functionally recunaant oy ceveloping aesign

(' information about tne plant sufficient to positively identify tne auxiliaries essential for tne requireo response of the safety system.

To complete tne Safety System Auxiliary Diagram tne analyst must review tne Snutdown Logic Diagrams for all tne postulated events to identify all safety sequences in which the subject auxiliary safety system appears.

After completion of the Shutoown Logic Diagrams for each postulated event and the Safety System Auxiliary Diagrams, the Auxiliary Safety System Coninonality Diagram (ASSCO) for each Auxiliary Safety System is oevelopeo.

This diagram indicates all the safety systems that a given Auxiliary Safety System supports. The ASSCO is developed mainly as an information ciagram, rather tnan a primary design-review diagram. The ASSCO allows evaluation of the overall plant response to tne operations of eacn Auxiliary Safety System.

The Shutdown Logic Diagrams (SLO), S'afety System Auxiliary Diagrams (SSAD), ano the Auxiliary Safety System Commonality Diagram (ASSCD) are

{

oasically devices employed for ioentifying the safety and support systems (including nonsafety systems) tnat are to be analyzed for interactions, and for correlating and combining the results of FMEAs on inoividual systems in order to understand ano portray how interconnections, couplings and cependencies among all systems can propagate nonsafety system f ailure(s) into tne safety systen. This analysis cescrioes the combinations of components wnicn would result in the loss of any of the four Dasic functions: (1) reactor- .

suocriticality, (2) decay heat removal, (3) reactor coolant pressure coundary, _

or (4) containment integrity. ,;

The third step, evaluation of the systems interactions through the determination of their relative importance to safety, is accomplished by using deterministic logic, f ailure modes ano effects analyses.

(

ym,.- . **..% p-, ..-e- - ~~-

In the PASNY Si interconnected proceoure, nowever, no attempt is to be made to find path-sets. Tne motivation for this is apparently the accitional work that PASNY is perfonning in a ProcaDilistic Risk Assessment (PRA) for 1P.3. By referring to the minimum cut-sets of the system fault trees completeo in their PRA, PASNY nopes to "short-circuit" tne steps we nave outlined in Table 1, thereoy jumping from Step 2 directly to Step 7.

in Alesso, we discuss tne relationsnip Detween ciagrams, patn-sets ano cut-sets, and state tnat a flawless f ault tree analysis of a system can in certain ways be a subset of a success-orienteo analysis carried out on tne same system.4 In the PASNY interconnected procedure, it is proposed to use their minimum cut-sets of their PRA as a "Dackdrop" to identify when interconnectivity between safety and nonsaf ety systems results in a systems interaction. In otner words, wnen a group of components can be traced oack to a common cause/ mode f ailure due to a single ncn-safety component, that group is comparea to tne PRA system fault tree's minimum cut-sets, if that group does not fcrm a cut-set it can be considered as much less important than if it does.

( .

It i; hignly debataDie if the use of minimum cut-sets as a backdrop can De considered satisfactory. Tneoretically, tne mathematical relationships could De valid. However, in practice this "short-circuit" is highly suspect.

In accition, if the PRA systems f ault tree covereo the 51 problem correctly down to tnis level of detail, why do a separate Sl? Why not merely expand the FRA stuoy to include the commonalities of nonsafety systems, sharec environmental conditions and dynamic human error?

Next, we critique the PASNY interconnectec evaluation procedure ,,

consisting of a FMEA review of a single component in light of a common cause ,

event.

9

-(

- 7-

  • * * * * * * " * * * - e -w- . .. . , , , , , __,

,s%.

..e9 -% ." , . . . - - . - * . . - - . . - . . . -

_..- _, i 71.

. - _ _ _ _ . . . _1 ._ _ _ _ _

Table 2 summarizes our review conclusions. It gives a grace of satisfactory or unsatisfactory to various aspects of tne two indepenoent PASNY  !

procedures for Dotn the general methodolugy and the AFW example.

l Taole 2 Sunandry of Review Conclusions .

- PASNY's General PASNY's AF'n Metnodology Example Example For Nonconnecteo Systems Procedure:

1. Identifying $1s SATISFACTORY SATISFACTORY
2. Evaluating sis SATISFACTORY SATISFACTORY
3. Covering NRC Scope SATISFACTORY SATISFACTORY 4 Usefulness to others SATISFACTORY SATISFACTORY

(

For Interconnected ,

Systems Procedure:

1. Icentifying Sls SATISFACTORY (?) UNSATISFACTORY
2. Evaluating sis UNSATISFACTORY UNSATISFACTORY a

J. Covering NRC Scope UNSATISFACTORY UNSATISFACTORY

4. Usefulnass to otners SATISFACTORY UNSATISFACTORY

'010 not include cyncaic human error sis. _

P e

9 m

M* Wh M= 4 MMfea g g e-' - s e e.-

REFERENCES I 1. Power Authority of the State of New York, Inotan Point No. 3 Systems Interaction Study, Vols. I ano 2, EBASCO Services, Inc. (January 1982).

2. U. 5. Nuclear Regulatory Connission, "The Systems Interaction Branch Approacn to Systems Interactions in LWRs," U. 5. Nuclear Regulatory Commission, Washington, DC, Staff Summary Letter Report Dr.af t (Feoruary 1981).
3. J. Lim, H. P. Alesso, T. R. Rice, R. K. McCora, and J. E. Kelly, Systems Interaction Evaluation Procedur* for Application to Inoian Point-3, Lawrence Livermore National Laboratory, Livermore, CA, NUREG/CR-20b0 Oraft (April 1981).

4 H. P. Alesso, Some Fundamental Aspects of Fault Tree and Digrapn-Matrix Relationships for A Systens Interaction Evaluation Procedure, Lawrence Livermere National Laboratory, Livermore, CA, UCIO Draf t (Maren 1982).

S. A. Busiik, 1. Papazoglou, and R. Bari, Review ano Evaluation of Systems Interaction Methoos, Brookhaven National Laboratory, Upton, NY, NRC Report NUREG/CR-1901 (January 1981) .

6.- P. Cybulskis, et al., Review of Systems Interaction Methodologies,

( Battelle Menorial Institute, ColuinDus, OH, NRC Report NUREG/CR-1896 (January 1981). .

7. Pacific Gas & Electric Co., " Description of the Systems Interaction
' Progran for Seismically-Inouced Events, Diablo Canyon Units 1 and 2, Revision 2," Dockets 50-275/323, Pacific Gas & Electric Co., San Francisco, CA (July 9,.1980).
  • B. J. H. Conran, " Meeting Sunnary ano Status Report," Dockets 50-247/286, Pacific Gas & Electric Co., San Francisco, CA (Octooer 20, 1961).

e6 O

G B

l .

- 11-

--% e ya - s eem -- 4 O eu e =D* w=i*6Srf'i4-v" wh4 N # - *-'e* *

  • 9 - -- - - . . . . . . - .

5 NUCLEAR RECULATORY COf.%'!!SION umTEo STATES @ #

.AAy e

& yCg ,n1 f ADVISORY COMMITTEE CN REACTOR SAi EGUARDS wAsmNGTON, D. C. 20666 M

e March 9,1982 f...... ._

Honorable Nunzio J. Palladino Chaiman -

U. S. Nuclear Regulatory Comission .

Washington, DC 20555

Dear Dr. Palladino:

Subject:

REPORT ON SYSTEMS INTERACTIONS STUDY FOR INDIAN POINT NUCLEAR l GENERATING UNIT 3 During its 263rd meeting, March 4-6, 1982, the Advisory Committee on Re-actor Safeguards reviewed the proposal of the Power Authority of the State of New York (PASNY) to perform a systems interactions study of the Indian Point Nuclear Generating Unit 3 (Indian Point 3). In its review the Comittee had the benefit of a Subcomittee meeting held on February 26, 1982. The PASNY proposal was made in response to prior recommendations by the ACRS in letters dated July 13, 1978 and October 12,1979 that a systems interactions study should be performed on Indian Point 3.

The ACRS believes that the PASNY proposal is generally respontive to the

( ACRS recomendations. The Comittee agrees with PASNY that for this study it is reasonable to limit the portion that deals with the investigation of control system influences on safety systems to effects of ir,terconnected lh

( systems. The ACRS also believes that, in view of prior efforts to review many aspects of possible adverse interactions between safety systems, it is reasonable in this study to place emphasis on the interactions between nonsafety systems and safety systems. However, the ACRS believes that where interactions between safety systems have not received prior study, they should not be ignored in this study.

The ACRS believes that it is time for the Indian Point 3 systems interac-tions study to begin and recommends that PASNY conduct the proposed " walk- -

down" phase during the upcoming plant shutdown for refueling.

A partial review of the NRC Staff's preliminary version of a generic ap-proach to systems interactions studies also took place at the Subcommittee meeting. The Committee will complete its review of this matter after the Staff has finished preparation of its proposed plan. However, it is clear that it will be several year.s before the Staff completes the development of its approach to systems interactions studies for all reactors. In the interim, the ACRS recomends consideration of the potential merits of simplified walk-through systems interactions studies for all operating

( '

q ,

o

,e ssoe pa"

Honorable Nunzio J. Palladino March 9, 1982 light-water reactors in order to look for relatively obvious interactions.

. a In addition, the ACRS recommends that a mechanism be developed for early dissemination and evaluation of any systems interactions observations arising from the ongoing studies and having potentially significant generic implications for a family of operating plants. _

Sincerely,

\.

P. Shewmon Chaiman I

L e

em=

ae

(

(

._ . , _ . . _ ~ - ,___ . , , _ . _ _ _ _ , _ ~ , . , . , _. ,.. .. . ,.

Retrieved from "https://kanterella.com/w/index.php?title=ML20086S661&oldid=2737300"