ML20101Q308

From kanterella
Jump to navigation Jump to search
Draft App B, Pressurized Thermal Shock (PTS) Initiating Event Frequency & Branch Probability Screening Estimates for Hb Robinson Unit 2 Nuclear Power Station, to PTS Evaluation of Hb Robinson Unit 2 Nuclear Power Plant
ML20101Q308
Person / Time
Site: Robinson Duke Energy icon.png
Issue date: 11/20/1984
From: Austin R, Minarick J
OAK RIDGE NATIONAL LABORATORY, SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY
To:
NRC
Shared Package
ML20101Q289 List:
References
REF-GTECI-A-49, REF-GTECI-RV, TASK-A-49, TASK-OR NUDOCS 8501070544
Download: ML20101Q308 (34)
v  d  e


Text

{{#Wiki_filter:~ A PRESSURIZED THERMAL SHOCK EVALUATION OF THE DRNT H. B. ROBINSON UNIT 2 NUCLEAR POWER PLAIR Appendix B: Pressurized Thermal Shock Initiating Event Frequency and Branch Probability Screening Estimates for the H. B. Robinson Unit 2 Nuclear Power Station written by J. W. Ninarick R. A. Austin Science Applications, Inc. for The PTS Study Group of Oak Ridge National Laboratory Date of Draft: November 20, 1984 l NOTICE: This document contains information of ! a preliminary nature. It is subject to I revision or correction and therefore does not represent a final report. 1 l , *Research sponsored by U.S. Nuclear Regulatory Commission under Contract No. DE-AC05-840R21400 with the Martin Marie tta Energy Systems, Inc. with U.S. Department of Energy. 8501070544 841217 PDR ADOCK 05000261 P PDR

B.O. PRESSURIZED 'IEERMAL SHOCK INITIATING EVENT FREX1UENCY e AND DRANCH PROBABILITY SCREENING ESTIMATES H. B. ROBINSON UNIT 2 NUCLEAR POWER STATION B.I. Introduction B.2. Initiating Event Frequency Estimates B.3. Branch Failure Probability Estinates References Attachment A. Development of Main Feedwater End State Probability Estimates for Non-Specific Reactor Trip Initiator i Attachment B. Development of Main Feedwater Isolation Failure Probability Estimates (All Initiators Except Reactor Trip) Attachment C. Development of Multiple Steam Generator Blowdown Frequency Estimates i l I t l 1 l

re HBR-B.3 October 1984 FRES5Unvrun THERMAL SBDCE IIITIATING EVENT FREQUENCY AED BRANCH PennanTT. TTY SC M ESTIMATES H.B. BOBINSON UNIT 2 EUcfRAR POWER STATION B.I. Introl: c.cion Initiating event frequency and event tree branch probability estimates have f been developed for use in quantifying event sequences in the Robinson 2 pressurised thermal shock evaluation. These estimates have been developed for initiators and system / component failures specified by ORNL. l The complete LER data base for Robinson 2 was reviewed for initiating event ! occurrences and system failures, as well as for a general overview of the performance of plant systems of interest. However, in lieu of relying solely on Robinson information, Westinghouse-specific and PWR-specific operational information was employed when available and when it was considered that Robinson operational experience did not provide an adequate data base. Additional information was obtained from the NREP Generic Data Base (Ref. 1), the Nuclear Power Plant Operating Experience Summaries (Ref. 2, 3, 4 and 5), as well as other sources. With the constraints imposed by progranaatic needs and the availability of operational data, only simplified approaches to frequency and probability estimation were permitted. The estimates are, however, considered acceptable for use as screening estimates. Table 1 includes the estimates develope 1, the rationale used, relevant information, and information sources. As stated above, a number of th e estimates included in Table 1 have been developed from gereric sources. This is necessary, since many of the failures of interest are sufficiently infrequent that they will.only be seen (if at all) over a large operating period. The estimates may not be representative of Robinson failure probabilities if Robinson systems and components differ significantly from systems and components used throughout the industry; although potential differences have been considered in developing the estimates in Table 1. l

HBR-B. 4 A number of initiating transients have been found to be of significance from previous pressurized thermal shock analyses. In geraral these include three initiator classes: (1) reactor trip; (2) steam li.te break (SLB); and, (3) loss of coolant accident (LOCA), including steam generator tube ruptures. Several LOCA and SLB situations are of interest - whether a break is small or large; whether it is isolable or noniso'.able; and whether the plant is at full power or at hot standby. Although separate event trees may be appropriate to describe all these situations, many of the plant responses of interest are .. expected to be common among the trees. Also, considering the amount of data available, the frequency estimate developed for one of the initiating events is sometimes an appropriate estimate for others. B.2. Initiating Event Frequency Estimates j Initiating event frequencies have been developed based on the number of observed events within selected periods of operation. The calculational method is consistent with that developed in Ref. 9, and utilized the )'.2 distribution to estimate a conservative lower bound on mean time between failures, and hence a conservative upper bound on frequency. This frequency estimate is y2 9 (2r+2)/2T, where 1-o(is the confidence level, r the number of observed failures, and T the total observation time. A 505 confidence level was employed. For some initiators, it may be necessary to estimate the frequency of events in a particular operating mode. The 1980,1981 and 1982 operating experience of Robinson 2 identified in References 4 and 5 was reviewed to estimate the fraction of time the units were at power and in hot shutdown and cold shutdown modes. The fractions of time in these three states were: power operation, 6135; hot shutdown, 1.25; and cold shutdown, 37 55. For medium and large steam line breaks and medium break LOCAs, no data exists as to the relative incidence of these initiators at power and hot shutdown; and fractions based on the amount of time in hot shutdown and at power were used. These fractions are: power operation, 98.15; hot shutdown,1 95.

BBR-B. 5 Historic small steam line breaks and small LOCAs identified in reference 6 and 7 were revicwed to estimate the fraction of these initiators occurring at hot shutdown and at power. For small stema line breaks, 255 occurred at hot shutdown and 755 occurred at power. For small break LOCAs, 95 occurred at hot shutdown and 915 occurred at power. B.3. Branch Failure Probability Estimates l Branch failure probability estimates on a per-demand basis were developed using the effective number of failures observed within a period of time and estimating the number of demands expected within that same period.8' If no failures on demand were observed, and no other information was Evailable with which to estimate a failure-on-demand probability, then a Poisson approximation of a Binomial process (the number of demands was always large) was assumed applicable and the probability estimated by assuming there was a l 50% probability of observing the zero failures actually observed. In such a case, P(r = 0) = e-a (a)0/01, where r is the number of failures and a the 

                         -     expected number of failures.

The expected number of failures, m, is equal to the probability of failure (p) multiplied by the number of demands (D). If the probability of zero observations is 0.5, then P(r = 0) = 0.5 = e-a , e-pD. If an estimate of D is available, p c: .7/D. (It is interesting to note that the initiating event frequency estimate reduces to " .7/T for zero observed events.) seFailure-per-demand probability estimates developed primarily from test demands may overestimate the actual failure probability up to a factor of two if the actual failures are time dependent and the test demands are spaced at regular intervals. However, based on events dooumented in the ASP program (Ref. 6 and 7), there appears to exist in many cases a greater i likelihood of failure on demand following an actual initiating event than that determined based on testing. These two effects tend to offset one another; the per-demand estimates developed herein are considered acce ptable for screening purposes. 1 

                                                                                ~
      ~

HBR-B.6 In estimating the likelihood of multiple valve failures, conditional probabilities of subsequent component failure given failure of the first component were developed based on the multiple failure rates identified in Reference 10. These estimates are: o For air-operated valves in a system of three valves; 0.094 for a specific second valve failing given the first is failed, and 0.081 for both remaining valves failing given the first is failed. o For motor-operated valves in a system of three valves, 0.020 for a specific second valve failing given the first is failed, and 0.012 for both remaining valves failing given the first is failed. As with all event trees, the probability associated with a particular branch is conditional on the prior branches in the sequence. Althougb event tree development was not in the scope of this phase of the work, certain conditionalities were accounted for when appropriate. Questions of conditionality and potential system interaction effects (which are being considered separately) must be carefully considered prior to the use of Table 1 estimates with a particular event tree. In addition, quantification of human error was not in the scope of the study, and many of the estimates included in Table 1 do not consider plant-specific potential operator recovery actions. It should also be noted that, for traceability, numerical values included in Table 1 have been developed to two significant figures. This is not to imply a lack of error bands on the estimates. The error bands associated with many of the estimates are expected to be large - at least an order of magnitude in either direction considering the generic nature of much of the data base and the small amount of information on particular initiators and multiple component failures available.

1. Generic Data Base for Data and Models Chapter of the National Reliability Evaluation Program (NREP), EGG-EA-5887, June 1982.
2. Nuclear Power Plant Operating Experience - 1978, NUREG-0618, December 1979 3 Nuclear Power Plant Operating Experience - 1979, NUREG/CR-1460, May 1981.
4. Nuclear Power Plant Operating Experience - 1980, NUREG/CR-2378, October 1982.
5. Operating Units Status Reports - Licensed Operating Reactors, NUREG-0020, published monthly.
6. Precursors to Potential Severe Core Damage Accidents: 1969-1979, A Status Report, NUREG/CR-2497, June 1982.

7 Precursors to Potential Severe Core Damage Accidents: 1980-1981, A Status Report, NUREG/CR-3591, July 1984.

8. Generic Evaluation of Feedwater Transients and Small Break Loss-of-Coolant for Accidenta in Westinghouse-Designed Operating Plants, NUREG-0611, January 1980.

9 Mann, Schafer, an'd Singpurvalla, Methods f.or Statistioni Annivsis d I Reliability .sgul Lit.g Rata, John Wiley and Sons, New York,1974.

10. Common Cause Fault Rates for Valves, NUREG/CR-2770, February 1983
11. In-Plant Reliability Data Base for Nuclear Plant Components: The Valve Component, NURE0/CR-3154, November 1983
12. R.B. Robinson Unit 2 Nuclear Station, Updated Final Safety Analysis Report.

EBR-B.8 13 Staff Report on the Generic Assessment of Feedwater Transients in Pressurized Water Reactors Design by the Babcock & Wilcox Company - NUREG-0560, May 1979 e

_. HBR-D.9 i, . Table 1. Event Tree Frequencies and Branch Probabilities for Screening Pw--:::: Screening Function Discussion Eatinate Tnitiator s

1) Reactor Trip During 1980, 1981, and 1982 Robinson 2 8.7/ry experienced 26 manual and auto scraas from power (Ref. 4, Ref. 5). This results in a reactor trip estimate of 26/3 years = 8.7/yr.
2) Steam Line Break a) Large Break Two early events of potential impor- 1.2x10-3/ry tance to steam line break frequency have been recorded in the LER data:
1) Turkey Point Safety Valve Header Pailure i 2) Robinson Safety Valve Header Failure Both of these events occurred before t

criticality and in view of the fact l - that no large breaks have been observed in the 577 combined BWR and PWR years of post-oritical operation, an alter-nate estimate of main steam line break frequegeyhasbeendeveloped. Using the % distribution and zero observations with a 505 confit:ence level, this estimate is 1.2x10"3/ year. This estimate applies for breaks greater in area than typical valve-dominated small break and for both isolable and l nonisolable breaks. 1 b) Small Break One event at Robinson 2 was observed 2.0x10-2fpy involving failure of steam side relief valves to close (NSIC 76461). In addition, 4 small SLB occurrences were observed in the Accident Sequence Precursor (ASP) program (Ref. 6, Ref.

7) over a 288 year observation period. This screening est been developed using the %gaate has distribution with 5 occurrences in 288 reactor years. This estimate, 2x10-2/yr, does not include the

HBR-B.10 , I Table 1. (Continued) Screening Function Discussion Estimate potential for recovery. Small steam line break occurrences observed in the ASP program were considered 405 non-recoverable. However, the steam-side PORY's at Robinson 2 are not isolable using a series isolation valve; and therefore small SLB's associated with these PORY's will be less recoverable than in the industry in general, uniens the valve failures are dominated by valve operator failures and the valve operators are accessible.

3) Loss of Coolant Accident a) Due to No ma,ior events involving stuck open 1 7x10-3/ ry Fal. led Open safety valves have been observed.

Safety Valve However, a safety valve apparently did open below set point pressure at St. Lucie 1 and depressurized the RCS from 

         .                       2410 to 1670 psig in late 1981. Because of a lack of detailed information con-carning this event, it has not been used in developing a frequency estimate.

Using the V distribution with zero observations and an observation period from 1%9 through July 1983 (406 PWR reactor years), a value of 17x10-3 is estimated, b) Due to an NURE0-0611 (Ref. 8) reports 50 1.6x10-2/ ry Open PORY applicable PONY lifts at Westinghouse plants. Assuming NUREG-0611 covered the period up to September 1979, which includes 164 Westinghouse reactor years of operation, the Westinghouse PORY lift rate ist 50/(164 Westinghouse RY) = 0 30/ry. A value of 0.027 for PORY failure to close, once open, is developed from Reference 13 (4 failures to close in approximately 150 actuations). Utilizing these two values results in an estimate for LOCA due to an open PORY oft 0 30/ry 8 2 valves e 0.027, or

HBR-B.11 Table 1. (Continued) Screening Function Discussion Estimate 1.6x10-2/ry. Consideration of operator response to close the block valve associated with a stuck open PORY will reduce this estimate, c) LOCA Due to One minor event involving a leak from 1 7x10-3f ry Isolable the letdown piping, followed by SI, Breaks Other occurred at Robinson 2 (NSIC 164149). . Than POR7 Because of the minor nature of this Occurrences event and in light of no other substantial data, the %2 distribution with zero occurrences in the total number of PWR reactor years (406 yrs) has been used to estimate the recommended value of 1 7x10-3/ year. d) LOCA Due to Reactor coolant system leakage is Non-Isolable considered a LOCA if it is large enough Breaks to initiate safety injection. One such event was observed at Robinson 2 a reactor coolant pump seal failure (NSIC 103077). A seal failure at Arkansas Nuclear One, Unit 1 also initiated SI. Two events involving tube ruptures followed by SI occurred at Ginna and Prairie Island. (Robinson 2 experienced a significantly greater than average number of 30 tube leak LERs, but has plans to replace the 30 bundles in the near future.) The estimates provided here are based on the above events and are as follows:

1) 30 tube ruptures - 2 events in 406 6.6x10-3/ ry PWR reactor years (1969-July 1983).
2) Other LOCA's - 2 events in 406 PWR 6.6x10-3/ ry ,

reactor years. These values are considered consistent with the NREP screening values of 10-2/ year. No medium break LOCAs have en 1x10-3/ry observed. A screening value of 1x10-3/ ry is recommended, based on reference (1).

HBR-D.12 Table 1. (Continued) Screening Function Discussion Estimate e) Overall An overall estimate for a small break 8.9x10-3/ ry Small Break LOCA not immediately isolated ( 10 LOCA Not minute time frame) was obtained using Immediately the frequency estimates developed in Isolated (a), (b), and item (2) of (d), above and assuming a probability of 0.05 of the operator not isolating a blowing down POR7 and a probability of 0 9 that an initially blowing down safety valve will not reseat. s in an overall estimate Thisresulg/ry. of 8.9x10-f) Overall Small Assuming that 40% of all POR7 LOCAs 0.039 Break LOCA not isolated in the short tera are Isolated in eventually isolated and other small the Long Tera break LOCAs cannot be isolated results in a probability estimate for late isolation of (0.05

  • 1.6x10-2)f 8.9x10-3 = 0.039 It should be noted that several of the operational events used to develop the above estimates were associated with Robinson 2. While each of these events was considered a random event across the entire reactor population for the purposes of developing these screening estimates, the number which occurred at Robinson 2 any indicate an actual frequency for such events at this plant higher than that for the industry as a whole.

Braneh Probabilities

1) Turbine Fails to PWR LERs were reviewed for turbine 4x10-5 Trip on Demand trip, turbine stop valve, etc.,

failures. While there have been several failures of individual stop valves (single steam line) to close, only one event (NSIC 92449 at Turkey Point 3, 4) identified a total failure of turbine stop valves. Assuming 12 shutdowns / plant year (Ref. 3) and 406 FWR years applicable to this review, the number of turbine stop valve demands is 4900. One failure in this number of demands estimate of 2x10jesults 

                                                   . This in a failure estimate

HBR-B.13 Table 1. (Continued) Screening Function Discussion Estimate does not consider use of the turbine control valves in isolating the turbine if the turbine stop valves fail to close. Consideration of the turbine control valves would reduce this estimate somewhat, perhaps by a factor of up to 10. Assuming a value of 0.2 for the conditional probability of control valve failure given stop valve failure aults in a screening estimate of 2x10 p

  • 0.2 or 4x10-5 (Considering zero observed failures of the turbine to isolate on demand over the ~406 year period results in an estimate of 1.4x10-4 based on observation alone.)
2) Steam Side Based on a review of the Robinson 2 PORV's Fail to FSAR, these valves appear to open on Close on Demand power runbacks of greater than 70%.

Two failure-to-olose occurrences at Robinson 2 were reported in the same LER (NSIC 76461). Since the failures did not occur simultaneously, no de-ductions were made concerning cosmon mode ocupling and the events were assumed to be independent. The esti-mates provided here were based on the 2 failures and a demand estimate. The i number of demands was estimated based j on the number of reactor trips at l Robinson 2 from greater than 705 power l in 1978,1979 and 1980 (15), the number of PORT's (3), and 12 7 reactor years of operation at Robinson from criti-cality through May 1983 19 demands / valve e 12 7 reactor years 3 years e 3 valves = 190 demands l Recognizing that the valves open only I on trips above 705, the following effective demand probability estimates for a general reactor trip result l

HBR-B.14 Table 1. (Continued) Screening Function Discussion Estimate a) For a single valve failure ((2/190 6 3x10-3 1.05x10-2) e (5/8.7)) . b1 For failure of any one of 3 valves 1.8x10-2 (3

  • 1.05x10-2 e (5/8.7)).

c) For failure of any two valves 1 7x10-3 (3

  • 1.05x.0-2 e o,ogg e (5/8.7)).

d) For failure of all three valves 4.9x10-4 (1.05x10-2 e 0.081 * (5/8.7)).

3) Steam Dump No failures-to-close of SDV's at Valves (SD7s) Robinson 2 were reported in the LERs.

Fail to Close Based on zero observed failures, the on Demand failure on demand probability can be estimated using the Foisson approximation to the binomial discussed earlier and an estimate of the number of demands. All 5 SD7s open when demanded (Ref. 12) and assuming they are demanded on startup as well as on shutdown, the number of demands at Robinson 2 ist 5 valves

  • 12 7

. Robinson 2 reactor years a (17 3 startups/yr + 17 3 shutdowns /yr (Ref. 4 and 5)) or 2200 demands. The following probability estimates results a) For a single valve failure 3 2x10-4 (0 7/2200 = 318x10-4). b) For failure of any one of 5 1.6x10-3 valves (ac, e 3 18x10-4). c) For failure of any two of 5 3 0x10-g valves (5C2

  • 3 18x10-4
  • 0.094 "). 2.6x10-g d) Fce failures of any three of 5 vidves ($Cq e 3 18x10-4 ' O.081").

e) For' failure of any four of 5 1 3x10"4 valves ( Cg e 3 18x10-4

  • 0.081").

f) For fail e of five valves 2.6x10-5 (3 18x10- ' O.081es), g) For failure of three or more valves 4.2x10-4 ((d) + (e) + (f)). HReference 10 indicates no substantial differences in failure rates for air-operated valves in systems of greater than three components than those in three component systems. i l 

                                                                              \

                                  ~

HBR-B.15 Table 1. (Continued)

  • Screening Function Discussion Estimate
4) Main Feedwater Potential main feedwater end states Systen Fails tc following a non-specific reactor trip Correctly Run are developed in Attachment A. Based Back Following on the frequency estimates developed Non-Specific in Attachment A, the following end-Reactor Trip state conditional probability estimates (not applicable are developed:

for other initiators) a) Probability of utilizing main 0.89 feedwater systen and bypass valves following non-specific reactor trip ((A A II/P7N/ RT) s ((8 7 Ri)/8.7h0FW= 0.89. b) Probability of requiring auxiliary 0.14 feedwater following RT (( A RT - 

                                                                                     =               fpeUS         )h     ON4.

Development of steam generator overfill probabilities requires development of failure probabilities for main feedwater control valve closure and main feed pump trip Main Feedwater Control Valves Fall to Close on Demand. The feedwater control valves on Robinson 2 are run back on each shutdown. Failure to runback is usually not reportable, but has occurred at some PWR's. Because of the lack of observational information concerning these valves, the failure probability for an air operated valve included in reference 1 (1x10-3) has been utilized in conjunction with conditional probabilities of multiple valve failures developed from reference

10. This results in the following estimates: ,

o For a single valve failure, 1x10-3 o For failure of any ong of 3 valves, 3 Cg # 1.0x10-3 s 3x10-3

,1. HBR-B.16 Table 1. (Continued) Screening Function Discussion Estimate o For failure of any two of three valves,$2*1x10-3e0.094) 

                      = 2.8x10   .

o For failure of three valves, 1x10-3 e 0.081 8.1x10-5 Main Feedwater Pumps Fail to Trip on Demand. The main feedwater pumps are tripped on high SG level (2/3 signals in any SG) and by a safety injection signal. Given the existence of one of these signals, the likelihood of main feedwater trip, is considered high. A value of 10-3 per pump is recommended. Using the failure logic combinations developed in Attachment A, and recognizing that the probability of failing to generate a main feed pump trip signal on high steam generator 

   ,         level is small compared to the likelihood of failing to trip a main feed pump given the trip signal has been generated, the following probabilities of steam generator overfeed given a non-specific reactor trip are estimated:

o) Probability 'of one stes:a generator 5 3x10-6 overfeed following RT ((' ART ~ A topy) e P(any one feed control valve fails to close) e P(either main feed pump fails to trip /SG high level signal or failure to generate 1 30highlevelsign$))/Ae(E10-3)/ (8.7 - 1) e ( 8.7=53x10gxjo- . d) Probability of two uteam generators 5 0x10-7 erfeed following RT ((A RT - LOFW)

  • P(two of three feed control valves fail to close)
  • P(either main feed pump fails to trip /SG high level signal or failure to generate 30 high level j
        ~

HBR-B.17 Table 1. (Continued) Screening Function Discussion Estimate signal)/ (IO* ~1)* (2.8x10 )RI*(2x10-{)/8.7 

                                                        = 5.0x10-7 e) Probability of three stesa generator 1.4x10-7 overfeed following RT ((1 RT -

A topy)

  • P(all three feed control valves fail to close) e P(either main feed pump fails to trip /SG high level signal or failure to generate SG high level signal)/ A

((8.7-1)'.(8.1x10-5)IT(*2x10-3)/ 8.7 = 1.4x10-7

5) Failure of Failure to actuate ESFS will result 3x10-5 Engineered in unavailability of trip signals for Safety Features main steam line isolation, main feed-System to water isolation, and SI initiation, Actuate necessitating manual trip of the affected ocaponents and manual initia-tion of A W and SI. A general multi-channel instrumentation failure
   ,                                             probability of 3x10-5 is recommended for screening purposes.
6) Failure to Boolean expressions for the probability Isolate Main of continued main feed flow to one or Feedwater more steam generators are developed in Following Attachment B. Development of numeric l Initiators estimates requires estination of main Other Than feed isolation valve failure to close Non-Specific probabilities:

Reactor Trip (not applicable MFIYs Fail to Close. A preliminary for non-specific estimate developed in the IPRDS reactor trip) program (Ref.11) for the failure of a actor operated valve to close, based on review of maintenance records at a small number of PWR plants is 6.4x10~3/ demand. No failures of these valves have been observed at Robinson 2. Since these valves are tested quarterly, a failure estimate of 0 7/(12 7 ry

  • 3 valves / test e 4 tests /ry) =

4.6x10-3 can be developed, which is consistent with the IPRDS value. l

HBR-B.18 Table 1. (Continued) Screening Function Discussion Estimate The failure probability estimates for combinations of these valves are: o Any one of three valves fail to close 1.4x10 (3 C2), 3 8 4.6x10-3 = o Any two of three valves fail to

  • 4.6x10-3
  • 0.020 close
                       = 2.8x (}Cg4).

0 o All three valves fail to close (4.6x10-3 e 0.012 = 5 5x10-5), Based on this development, other component failure probabilities developed previously, the Attachment B Boolean expressions, and assuming limited failure coupling between main feed control valves and main feed isolation valves (a conditional probability of 0.01 was assumed, to 

   .         recognize some maintenance coupling),

the following estimates can be made: a) Continued feed flow to any one 2.8r10-7 generator = 6 m (probability of one MFW pump failing to trip) * (probability of a single MFIV failing to close) * (probability of the associated MFCY failing to close) = 6 8 1x10-3 e 4.6x10-3 e 0.01 = 2.8x10-7 b) Continued feed flow to any two 1.5x10-9 steam generators = 6 e (probability of one MW pump failing to trip) * (probability of two MFIVs failing to close) e (probability of both associated MFCYs failing to close) 

                 = 6 e jx10-3 e 2 8x104 * (0.01 8 0.094) = 1.5x104 c) Continued feed flow to all three             1x10-10 steam generators = 2 e (probability of one MFW pump failing to trip) *

(probability of all three MFlVs failing to close) e (probability of

l HBR-3.19 Table 1. (Continued) Screening Function Discussion Estimate all three MFCVs failing to close) = 2 e 1x10-3 e 5.5x10-5 e (0,01 e 0.081) = 1.0x10-10, The attachment B expressions for failure of main feedwater isolation while in hot shutdown require estimation of the probability of the main feed bypass valves failing to close on 

                                           ' demand. These valves are normally closed during power operation but are opened for decay heat removal using the main feed system while in hot shutdown. For this development, failure probability and common-mode coupling values equivalent to those used for the MFCYs have been assumed. Based on these values, the probability estimates for continued main feedwater flow given SI and while in hot shutdown are:

a) Continued feed flow to any one 9x10-0 steam generator = 3 * (probability of MFW pump failing to trip) e (probability of single MFBV failing to ci so) = 3x10-3 e 3x10-3 = 9x10 . b) Continued feed flow to any two 8.4x10-7 j steam generators = 3 * (probability of MW pump failing to trip) * (probability of two MFNs failin l 8.4x10-7.) to close 

                                                                            = 3x10-3 e 2.8x10-4 = g c) Continued feed flow to all three              8.1x10-8 steam generators = (probability of MFW pump failing to trip) e (probability of three MFNs failing to clos 8.1x10-*g) = 10-3
  • 8.1x10-5 =

It should be noted that the above i failure estimates have been developed i without considering potential common-cause failure effects, which, for the multiple steam generator overfeed

HBR-B.20 Table 1. (Continued) , ScreeninF Function Discussion Estimate situations, would be expected to dominate.

7) Failure to Given a failure to runback main Isolate Main feedwater to any steam generator, Feedwater on SI closure of the associated MFIV is Signal Given required for isolation. Based on the Failure to conditional probabilities utilized in Runback Main 6) above, for failure of these valves Feedwater (Non- to close given failure of the ' associated Specific Reactor MFC7 to close, results in the following Trip Only) probability estimates:

If one line fails to runback: a) One line fails to isolate. 1x10-2 If two lines fail to runback: a) One line fails to isolate. 2x10-2 b) Both lines fail to isolate. 9.4x10-4 If three lines fail to runback: a) One line fails to isolate. 3x10-2 b) Two lines fail to isolate. 2.8x10-3 o) Three lines fail to isolate. 8.1x10-4

8) Multiple Steam Boolean expressions for the probability Generators Blow of multiple steam generator blowdown Down Following given a steam line break are developed Steam Line in Attachment C. To develop numerio Break estimates from these expressions, the probability of multiple MSI7 failure  !

must first be estimated. Main Steam Isolation Valves Fail to I Close on Demand. One instance I potentially involving failure of an MSIY to fully close was reported at Robinson 2 (NSIC 146521). Considering this one occurrence, a demand failure probability is estimated for the 12.7 years of operation at Robinson 2 as (1)/ (12 7 yr 8 12 test demands /yr/ valve 

            ~

HBR-B.21 Table 1. (Continued) Screening Function Discussion Estimate (partial stroke testing) ' 3 valves) 

                                         = 2.2x10-3         Based on a revict' of all MSIV LER's, the number of failures to close for single valves is on the same order as for multiple valves failing to close.

Thus it can be concluded that the potential for common mode coupling among these valves is large. Consistent with these observations, 0 3 was chosen for the conditional probability of a specific second valve failing, given that one has failed; and 0.8 was chosen for the conditional probability of the third valve failing given that the other two have failed. This results in the following estimates: o For failure of a particular MSIV 2.2x10-3 to close: 2.2x10-3 

       .                                o     For failure of a particular set          6.6x10-4 of two MSIV's to close:

2.2x10-3 e 0 3 = 6.6x10-4 o For failure of three MSIV's to 5 3x10-4 close: 2.2x10-3 e 0 3

  • 0.8 =

5 3x10-4 Based on the probability expressions developed in Attachment C and the above valve failure probabilities, the following probabilities of steam generator blowdown following an arbitrary large steam line break can be estimated: a) No steam generator blows down. 0.5 b) One steam generator blows down. 0.5 c) Two steam gene ators blow down 9 9x10-4 (1 5

  • 6.6x10 ).

d) Three steam gegerators blow down 1 7x10-4 (0 5 ' 3.3x10-'). The above estimates are also applicable to small steam line breaks which result in MSIV olosure. For small breaks which

HBR-B.22 Table 1. (Continued) Screening Function Discussion Estimate do not result in MSIY elosua e, the following estimates, developed in Attachment C, are applicable: a) No steam generator blows down. 0.0 b) One steam generator blows down. 0.5 o) Two steam generators blow down. 0.0 d) Three steam generators blow down. 0.5 Operator action to close the HSIVs would reduce the estimate for three steam generator blowdown by the operator action probability.

9) High Pressure At Robinson 2, four failures of SI 6.1x10-4 Safety Injection pumps were reported in L?.Rs in 1979 Fails to Occur and subsequent years. Assuming half on Demand of the number of Robinson years of operation, since all the failures occurred after 1976, yields a demand estimate of 12 demands /yr a 6.4 yrs 8

- 3 pu ps a 228 demands; and a demand failure probability estimate of 1 7x10-2 per pump. With conditiona,1 probabilities of 0.1 and 0 3 applied for subsequent failures of a second pump and then the third, respectively, a failure pobability for the system of 5 2x10- is estimated. This is consistent with the estimate available from the ASP data base for Westinghouse plants of 4.8x104 (The estimate with potential recovery considered is  ; lower by a factor of 0 34.) The ' recommended estimate is 4.8x10-4, from the larger data base. Given HPI actuation success, successful HPI injection is dependent on the i primary side pressure dropping low t enough and check valves in the ) injection paths opening. There are 3  : check valves in each of three injection l paths that are inside containment and , are not typically tested during monthly ( HPI testing. Using the Ref. 1 value of j l

HBR-B.23 Table 1. (Continued) Screening Function Discussion Estimate 104 / demand for a check valve failing to open, the probability of any one of 3 valves failing in a given path is 3 0x10-4 Using coupling factors developed from reference 10 for check valves failing to open of 0.5 for failure of a second specific valve and 0.42 for both remaining valves in a set of 3, and assuming that dependent coupling is much more likely for equivalent valves, results in an estimate for the probability of not delivering HPI through any path given actuation success of 1 3x10-4 Combining these values for failure to actuate and failure to deliver flow through the injection paths results in an overall estimate of 6.1x10-4

10) APW Fails to An estime.ted AFW system failure See
    . Actuate on  probability, suitable for screening                              discussion l        Demand      purposes, has been developed based on the average PWR operational experience from 1969 through 1981 as evaluated in the ASP program (Ref. 6 Ref. 7). This value is 1x10-3 without considering potential recovery. Considering potential short term recovery results in an estimate of 3x10-4        Since these values are based on averaged experience and do not consider potential learning (except as evidenced in the averages),

they may not be representative of expected future experience at Robinson. However, they are considered consistent with the AFW component failure experience observed to date at Robinson 2: 7 motor pump failures, 2 steam turbine pump failures, and 13 failures of pump discharge valves to open. No total AFW system fallures have been observed at Robinson 2. l

HBR-B.24 Attachment A Development of Main Feedwater End State Probability Estimates for Non-Specific Reactor Trip Initiator I Following a general reactor trip, the main feedwater system is run back and an attempt is made (typically successfully) to utilize the main feed pumps and l the bypass valves for decay heat removal. Depending on power level and the l l extent of SG level shrink, AFW can be initiated on RT. Isolation of AFW following such initiation is a normal part of RT recovery, along with manual  ; opening of the bypass valves. I Following a non-specific RT, the following steam generator feed situations are possible: o Main feedwater using bypass valves (ncrual situation), o Auxiliary feedwater (main feedwater not recovered). o One steam generator overfeed. o Two steam generator overfeed. o Three steam generator overfeed. l l For the overfeed situations, auxiliary feedwater would be expected to be provided to the isolated steam generators once low level in one steam generator is reached. Responses which include partially or totally faulted auxiliary feedwater are possible, but have not been included because they are considered less conservative than the above situations with respect to PTS. The above states require the following~ reaponses: o Main feedwater on, bypass valves used for flow control - operator actions to open bypass valves following control valve closure and secure AFW it initiated due to shrink. o Auxiliary feedwater - operator action to open bypass valves and use main feedwater not effective or RT due to LOFW. o One steam generator overfeed - failure of feed control valve in one train to run back and failure of either main feed pump to trip on high SG 1evel.

HBR-B.25 o Two steam generator overfeed - failure of feed control valves in two of three trains to run back and failure of either main feed pump to trip on high SG 1evel. o Three steam generator overfeed - failure of feed control valves in all three trains to run back and failure of either main feed pump to trip on high SG level. The frequencies associated with the above states can then be written as: o k(on bypass valves following RT) T k RT

  • P(operator opens bypass valves following runback) k LOFW-o k(on AFW following RT) T (k RT - 0FW)
  • P(operator fails to open bypass valves following RT) + LOFW.

o k(oneSGoverfeed)T(k RT - LOFW)

  • P(one feed control valve fails to close)
  • P(either main feed pump fails to trip /SG high level signal or failure to generate SG high level signal).

o k(two SG overfeed) 'if ( k RT - LOFW)

  • P(two feed control valves fail to close)
  • P(either main feed pump fails to trip /SG high level in either SG or failure to generate SG high level signal in either SG).

o k(three SG overfeed) T (k RT - LOFW)

  • P(three feed control valves fail to close) * (either main feed pump fails to trip /SG high level in any steam generator or failure to generate SG high level in any SG).

Main feedwater isolation in the event of overfeed will occur due to closure of l the MFIVs on SI if SI occurs. If SI does not occur, or if the applicable MFI7(s) fail to close on demand, then operator action is required to trip the l condensate pumps or close the MF1Ya (if SI has not been initiated). l l l

HBR-B.26 Attachment B Development of Main Feedwater Isolation Failure Probability Estimates (All Initiators Except Reactor Trip) '

1. The H.B. Robinson 2 main feedwater system is arranged as follows:

g& + LA Y "[ 9 l 

             .g                     r            ma v 7,   Jai Fee k   hekb Mte. (MFIV)
           ;    sy C,,,hl h (MFSV)

CFeedo 4cc Civ1 Mw. ( MFCd On reactor trip plus safety injection initiation, the main feed control valves and feedwater isolation valves are commanded shut and the main feed pumps are tripped. Continued feedwater flow to a steam generator will occur if both of the valves in the associated feed line f ail to close and either main feed pump fails to trip.

2. Continued feedwater flow to one generator will therefore occur it:

(MTP A u MFP B) n (MF17 A n MFC7 A O (MF17 B U MFC7 B) A (MFIVC U MFC7 C) V other feed line combinations) 3 Continued feedwater flow to two steam generators will occur if two of the three feed lines fail to isolate and either main feed pump fails to trip: (MFP A U MFP B) n (MFIY A O MFC7 A O MFIV B n MFCV B A (MFIV C U MFC7 C) U atbar feed line combinations) .

HBR-B.27 [i For continued flow to all steam generators, the following is required: (MFP A U MFP B) A (MFIV A A MFCV A n MFIY B A MFC7 B A MFU C A MFC7 C)

4. To reduce the above equations, it is assumed that system response is symmetric (i.e., the likelihood of pump A failing to trip is equal to the likelihood of pump B failing to trip), and that pump and valve response is loosely coupled.
5. The probability of continued flow to N steam generators is then approximately:

P(flow to 1 SG) E 6

  • P(MFP)
  • P(MFIV)
  • P(MFC7lMFIV)

P(flow to 2 SGs) 7 6

  • P(MFP)
  • P(MFIV1)
  • P(MFIY2lMFIV1) e P(MFC71 lMF171, MF172)
  • P(MFC72lMFIV1, MFIV2, MFC71)

P(flow to 3 SGs) 7 2

  • P(MFP)
  • P(MFIV1)
  • P(MFIV2lMFH1)
  • P(MFH3 lMFIV1, MFN2)
  • P(MFC71 lMF171,. . . )
  • P(MFC72 ]MFIV1, . . . )
  • P(MFC73 lMF171, . . . )
 ,            P(flow to O SGs) = 1 - P(flow to 1 SG) - P(flow to 2 SGs)
                    - P(flow to 3 SGs)
6. In hot shutdown the bypass valves (MFB7s) are used to control feedwater flow to the steam generators. Feed flow is typically provided by one pump. The MFBVs are in parallel with the MFIV, MFC7 pairs, and hence the closure or MFP trip is necessary for steam generator isolation. In hot shutdown, then, the probability of continued flow to N steam generators is approximately:

P(flow to 1 SG) I 3

  • P(MFP) a P(MFBY)

P(flow to 2 SGs) 1 3

  • P(MFP)
  • P(MFBV1)
  • P(MFBY2lMFBV1)

P(flow to 3 Sas) i 3

  • P(MFP) e P(MFB71) e P(MFB72lMFB71)
  • P(MFB731MFB71, MFB72)

P(flow to O SGs) = 1 - P(flow to' 1 SG) - P(flow to 2 Sas) 

                    - P(flow to 3 SGs)

HBR-B.2 8 Attachment C Development of Multiple Steam Generator Blowdown Frequency Estimates J 1. The H.B. Robinson 2 steam line arrangement utili=es both MSI7s and check valves for steam generator isolation: ! t i b cv R l l l I I 

                                           &        cv 6        @

l t l 

                                    . I              I C.       cv c
2. Consider potential breaks at location (1) with frequency k , (2) with 1

frequency k 2 and (3) with frequency h . The break I cations and valve 3 states for n steam generator blowdown are:

BBR-B.29 Break Break Break End State Location (1) Location (2) Location (3) O SGs blowdown n/a A closed and A closed and (C7A closed or B closed and B closed and C closed C closed) 1 SG blowdown A closed or C7A A open and A open and B , closed or B closed (C7A closed or closed and C and C closed B closed and closed C closed) or or B open and A 1 closed and closed and C C7A open and closed (B open and C closed or B or closed and C open) C open and A closed and B closed 2 SG blowdown A open and C7A A open and C7A A open and B 

   .               open and (B open        open and (B open open and C and C closed or         and C closed or  closed B closed and            B closed and C open)                 C open)               or A open and C open and B closed or B open and C open and A closed 3 So blowdown   A open and C7A          A open and CVA   A open and B open and B open         open and B open  open and C open and C open              and C open

HBR-B. 3 0 Considering the frequency of breaks in locations (1), (2), and (3), the frequencyofnsteamgeneratorblowdown,b(n),is: b (0) = k 2

  • P[I A (CVA U B n C)] + k 3
  • P[I A B A 3]

b (1) = k

  • P[A U 5'"A U B A C] + k 2 8 P[ A A (C7 A U 1

B A C) U IL A C7A O (B A C U B O C)] + k3

  • P[A A B O C U AnBACU AA B O C) b(2)=kg*P[AO C7 A A (B A C U B A C)] + k 2 '

P[A A C7A A (B n C U B A C)] + k 3

  • P[A A B A C UAABACUAABAC]

A(3) = k1. Pti n C7A n B n C) + k2 PtA n C7A n B A C] + k 3

  • P( A A B A C]

The following assumptions have been made in reducing the above equations for an arbitrary large SLB:

1. Because of the proximity of the MSIVs and check valves, k2 is small compared to k j and k3*
2. Even if three MSIVs fail to close, the probability of check valve failure is less than 0.1.

3 Break locations (1) and (2) are equalir applicable to all steam generators. Furthermore, because of the lack of data, breaks in locations (1) (for all three steam generators taken together) and (3) are equally likely ( i. e. , breaks upstream of the MSIVs are as likely as breaks downstream of the MSIVs). The above equations can then be reduced to:

HBR-B.31 b(0)E3*h2+k A(1) r 3

  • A 1 + 3* 2 * [P(A) + P(B)
  • P(C7A!B) + P(C)
  • P(C7AIC)] + k 3 * [P(A) + P(B) + P(C)]

b(2) T 3

  • hj * [P(A)
  • P(AlB)
  • P(ClAB) e P(C7AlABC)
                                         + P(A)
  • P(CIA)
  • P(BlAC)
  • P(C7A!ACB)]
                                         + 3
  • h 2 * [P(A)
  • P(BlA) e P(ClAB)
  • P(C7AlABC)
                                         + P(A) e P(CIA) e P(BlAC)
  • P(C7AlABC)]
                                         + k 3 * [P(A)
  • P(BlA) e P(C!AB) + P(A)
  • P(C!A)
  • P(BIAC) + P(B) e P(ClB)
  • P(AlBC)]

A(3) 7 3

  • A 1 * [P(A) e P(Bl A)
  • P(CI AB)
  • P(C7Al ABC)]
                                         + 3'k e[P(A)  2       8 P(BlA)
  • P(CIAB) e P(C7AIABC)]
                                         + k 3 * [P(A)
  • P(BlA)
  • P(CIAB)]

Assumptions one and two result in the following further simplification: b(0)Tk b(1)23* b(2)!3* b (3) Y k 3

  • 3 P(A)
  • P(A)
  • P(BlA)
  • P(BlA)
  • P(CIAB)* P(CIAB) l Since 3
  • ik I k 3 and k 2 << 3 1, an event tree can be constructed representing potential SG blowdown following an arbitrary large steam line break.

no SG b1cws down 0.5 l 1 SG blows down

0.5 1 5
  • P(A) ' P(BIA)
  • P(CIAB) i 3 SGa blow down 1

0.5

  • P(A)
  • P(B!A) e P(CIAB)
           **Since P(A), etc., 1 10-2,                                   -

l

HBR-B.3 2 A review of historic small steam line breaks indicates approximately 50% have been associated with steam line relief valves located upstream of MSIVs, and the remaining have been associated with condenser dump valves, typically located downstream of MSIVs. Because of these ratios, the above development for large steam line breaks is also considered applicable to small steam line breaks, provided the break is sufficiently large to require MS17 closure. If a small steam line break is large enough to close the appropriate check valve (if it were located upstream of the check valve) but is not large enough to initiate MS17 closure and operator action is not taken to close the MSI7s, than the frequency of multiple steam generator blowdown can be estimated as: b(0)70 (1) If k

  • P[C7A] +

1 2

  • P[C7A]

b(2)?O A(3) 7 k 1

  • P[CVA] + k 2 ' P[C7A] + k 3 Small SLBs upstream of the check valves may be associated w3 th any of the steam generators. Since the number of relief valve-related breaks is consistent with the number of condenser dump valve-related breaks and the number of small SLBs associated with region (2) is expected to be s=all compared with valve-related breaks, the following simplifications of the above equations can be made:

A(0) = 0 A(i) 2 3 k ,i SSt3 2 0.5 X SSt3 b(2)10 A(3) T'k ,3SSLB 7 0.5

  • k SSL3 Potential steam generator blowdown, given a small steam line break which  !

does not initiate MS17 closure, can be represented by the following event tree:

I HER-B.3 3 no SG bi as down 0 1 SG blows down 1 0.5 2 Sos b1 w dcWD , S30 0 3 SGs b1 w down t 0.5 1 I e N 

                        ,,                            __ ..n---

__ ~

aost o mcE ao= x CAK RIDGE NATIONAL LABORATORY WA8tfiN MARLETTA ENERGY SYSTEus. peC November 21, 1984 OPERATED SV H. B. Robinson Review Document Number 2 TO: Distribution

SUBJECT:

Review H. B. Robinson PTS Report Chapter 3 - Development of 8 Overcooling Sequences Please find enclosed copies of the H. B. Robinson Unit 2 chapter 3 and appendix B. This material has now been reviewed internally and cleared It should be noted that some figures, as draft information for comment. references, and page numbering are incomplete and will be cleaned up If shortly. Please review and return comments by Friday, December 14. additional time is needed for review, please let me know. AD. L. Selb Engr. Physics and Mathmetics Div. DLS:nc Enclosures (2) i Distribution G. F. Flanagan 

                    /C. E. Johnson, NRC J. H. Phillips, CP&L l

l l i l l l l r 

                                  . _ .            ..                .    .         ..}}
Retrieved from "https://kanterella.com/w/index.php?title=ML20101Q308&oldid=2774191"