ML20126G557

From kanterella
Jump to navigation Jump to search
Forwards Request for Addl Info on CESSAR-DC,system 80+ Shutdown Risk Evaluation Rept
ML20126G557
Person / Time
Site: 05200002
Issue date: 12/23/1992
From: Mike Franovich
Office of Nuclear Reactor Regulation
To: Brinkman C
ABB COMBUSTION ENGINEERING NUCLEAR FUEL (FORMERLY
References
NUDOCS 9301040133
Download: ML20126G557 (22)
v  d  e


Text

'

t December 23, 1992 Docket No.52-002

,r. Charles B. Brinkman, Acting Director .

Nuclear Systems Licensing j ABB-Combustion Engineering ,

1000 Prospect Hill Road Windsor, Connecticut 06095-0500

Dear Mr. Brinkman:

SUBJECT:

REQUEST FOR ADDITIONAL INFORMATION ON CESSAR-DC, SYSTEM 80+

Enclosed is a request for additional information based on a review of the System 80+ Shutdown Risk Evaluation Report. Please respond within 45 days following the receipt of this request.

The reporting and/or recordkeeping requirements contained in this letter affect fewer than ten respondents; therefore, OMB clearance is not required under P. L. 96-51).

Sincerely, (Original signed by)

Michael X. Franovich, Project Manager Standardization Project Directorate Associate Directorate for Advanced Reactors and License Renewal -

Office of Nuclear Reactor Regulation

Enclosure:

As stated cc w/ enclosure:

See next page DISTRIBUTION:

r; Docket;fj"le". PDST R/F THurley/FMiraglia WRussell-

  • PDR DCrutchfield Wiravers JNWilson
RPlerson TVWambach RBorchardt MXFranovich L PShea JMoore, 15B18 EJordan, MNBB3701 GGrant, EDO
ACRS (10) AThadani SE2 RPerch, 8H7 GHolahan, 8E2 001 " , BE23 s .g 4 l OFC
LA:PDST AR PM:fpd ADAR SC: [T:ADAR DD:DSSA:ADT* DI(>Q$'T: ADAR L NAME: PShea MFranhvich:sg RB c ardt :AThadani -RPtprson DATE: 2- 12p9/92 12OJ/92 12/18/92 L 13f \ /92 l.

- 12 % __

  • SEE PREVIOUS CONCURRENCE I_ .\

OFFICIAL DOCUMENT COPY:. DOCUMENT NAMEi SDRAl.MXF j

9301040133 921223 2 mn PDR ADOCK 0520 _, .; yjg g g- l e

g m

.- t 1

., l ABB-Combustion Engineering, Inc. Docket No.52-002 l

Mr. C. B. Brinkman, Acting Director i cc:

Nuclear Systems Licensing Combustion Engineering, Inc.

1000 Prospect Hill Road Windsor, Connecticut 06095-0500 Mr. C. B. Brinkman, Manager .

Washington Nuclear Operations Combustion Engineering, Inc.

12300 Twinbrook Parkway, Suite 330 Rockville, Maryland 20852 Mr. Stan Ritterbusch Nuclear Systems Licensing Combustion Engineering, Inc.

1000 Prospect Hill Road Post Office Box 500 Windsor, Connecticut 06095-0500 Mr. Daniel F. Giessing U. S. Department of Energy .

NE-42 Washington, D.C. 20585 Mr. Steve Goldberg Budget Examiner 725 17th Street, N.W.

Washington, D.C. 20503 Mr. Raymond Ng 1776 Eye Street, N.W.

Suite 300 Washington, D.C. 20006 l-

. s

\* ,

CE SYSTEM 80+ SHU1DOWN RISK FINAL REPORT (CESDR)

REQUEST FOR ADD 1110NAL INFORMATION (REACTOR SYSTEMS BRANCH) 440.152 In Section 2.1, Procedures, ABB-CE has stated that vendor's operational guidance will be provided to instruct the-plant owners in the use of the design features to detect, mitigate and assist recovery from abnormal events that can occur during shutdown. However, there is no information on how ABB-CE operational guidance will be based on the guidelines of NUHARC 91-06, or some alternate approach, or how safety functions identified in NUREG-1449 would be maintained during shutdown. Please provide a detailed discussion to address how NUMARC 91-06 guidelines, or some alternate approach, would La implemented in ABB-CE operational guid-ance and ABB-CE's recommendations on the implementation of the NUMARC guidelines to combined license (COL) applicants.

In addition, ABB-CE operational guidelines should also address how key safety functions identified in NUREG-1449 will be maintained and provide recommendations to COL appli-cants to ensure that they will be maintained during shut-down.

Further, please discuss ABB-CE's recommended operating procedures guidance to COL applicants for conducting outage planning for shutdown operations. Outage planning and control should emphasize outage safety philosophy, outage scheduling, activities during high risk evolutions, defense-in-depth concept and safety margins, personnel training for outage activities, and appropriate review and approval.

440.153 Table 2.1-1 provides monitoring parameters for an unplanned draining of the reactor coolant system (RCS) using RCS level, inventory and temperature controls, in addition to the normal reactor water level indication system used during shutdown periods, is there any alternate and/or diverse method of measuring water level (e.g., ultrasonic), if the water level measuring system is not available?

440.154 Table 2.1-1, referenced report Section 2.4.3.2.2, discusses the System 80+ ac power availability as a strategy for outage maintenance during shutdown operations. There is no information on how effective outage planning and control will be achieved; and little information was given on how key safety functions (e.g., decay heat removal (OHR), reac-tivity, containment integrity, and electrical power) identi-fied in NUREG-1449 will be maintained. Please provide a discussion to address how effective outage and planning can Enclosure 1

i

I'.

1 .

be achieved (NUMARC 91-06 provides guidelines to the indus-try to effectively control outage activities), and how key safety functions will be maintained, including the need for a shutdown cooling system (SCS), and ac power during high decay heat loads and the later maintenance of the SCS when decay heat loads have been reduced.

440.155 CESDR, Appendix D, technical specifications (TS) for shut-down operations, defines inid-loop condition as when the RCS level is below the top of the hot legs at their junction to the vessel. The 15 also define shu F, with the shutdown m that is changed to > 135,F from 210,tdown margin with a T margin (SDM) being maintained at greater or equal to 6.5%

delta K/K. Please provide the basis for the changes in temperature (with tio same SDM), and clarify at what level below the top of the hot legs constitutes mid-loop level.

440.156 In Section 2.3.3.2, ABB-CE discusses the design features that will improve SCS performance during shutdown including an improved SCS suction piping layout which allows self venting. Provide layout detail of SCS suction nozzio inter-faces with the hot leg and of the improved SCS suction piping. Discuss how the SCS suction piping interface would reduce the potential of vortex in the SCS pumps. In addi-tion, a discussion is needed for the improved SCS piping design that allows self venting, and eliminates loop seals, thus increasing the reliability of the SCS systems. For loop seals, provide the piping configuration with respect to plant elevation that will minimize the loop seal problems.

Discuss the procedural actions which will be used to mini-mize, mitigate, and recover from loss of the SCS pumps.

440.157 Section 2.8.3.1 discusses the instrumentation used to measure RCS level. ABB-CE employs dP-based level sensors for wide range and narrew range indication. In addition, ABB-CE also employs heated-junction-thermocouples (HJTCs).

Together, ABB-CE indicates that these instruments are able to provide RCS level indication for the System 80+ from normal operating condition to shutdown for refueling. The HJTCs will not be available when the vessel head is removed and it is unclear to the staff that the wide and narrow range dP-based level sensors located at the SCS suction .

oiping will provide accurate level measurement given possi-ale dynamic effects due to fluctuating suction pressures when SCS pumps are in operation. Thus, the RCS level mea-surement method used during reduced inventory conditions may not be able to provide operators with a reliable level readings.

Provide an analysis to show that dP-based level sensors will provide accurate level readings and test results for the RCS level instrument during reduced inventory conditions. In 2

. s e

addition, when the reactor vessel head is off, ABB-CE has stated that temperature measurement is provided by using hot leg resistance temperature detectors (RIDS) and core exit thermocouples (CriM (prior to fuel movement). Provide a discussion on (1) hcd far from the vessel that the RTDs are located on the hot leg and how accurate is the temperature measured, if SCS pumps are not running, and (2) where are CETs located in order to measure core temperature when the vessel head is off?

440-158 in Section 2.8.3.2.1, ABB-CE has stated that a second HJTC provides narrow-range level indication for mid-loop opera-tions via measurement of reactor vessel water level in the hot leg region. The benefit of this design is that it permits very accurate measurement when the reactor vessel level is in the hot legs. Please clarify how this system can provide accurate measurement.

440.159 Section 2.8.3.2.2 discusses the RCS temperhture measurement methods. ABB-CE has stated that if the SCS is lost, the CETs, the hot leg RTDs, and the HJTCs inputs are available to track the response to the loss of shutdown cooling or the approach to boiling. ABB-CE has also stated that core exit fluid temperature can be measured through the use of hot leg RTDs as long as the SCS is operable, it appears to the staff that the two statements contradict each other. Please explain.

440.160 In Section 2.8.3.2.5.5, the Nu)1ex 80+ component control features provide operators wit 1 the capability to actuate equipment and systems, it is not apparent to the staff that when the operator has selected a SCS cooling mode that the SCS system will automatically align valves to allow cooling.

Provide a discussion to show whether or not a manual operc-tor action is needed to align important valves for the selected mode and whether or not the design features will automatically perform important functions to reduce the possible man-machine interface errors.

440.161 In Section 2.8.3.2.5.3, the Nuplex 80+ discrete indicators are used to provide operators with information to support shutdown cooling such as inlet and outlet temperatures, and heat exchanger inlet and outlet temperatures. Please explain the difference between inlet temperature and heat exchanger inlet temperature. Are they supposed to be the same temperature which are used to indicate RCS temperatures during shutdown cooling conditions? It appears that the Nuplex 80+ design features allow heat exchanger inlet tem-perature readings to be indicated in the control room.

However, CESSAR-DC Section 5.4.7.2.2, SCS component descrip-tion indicates that the inlet heat exchanger temperatures are indicated at a remote location, and temperatures are 3

recorded in the control room. Please, explain the inconsistency as to where the inlet heat exchanger tempera-ture indication is located. it is especially important that the operators have the RCS temperature readings accessible and visible within the visual range indicated in the control room.

440.162 In Section 2.3.3.3, ABB-CE has stated that given a heatup during mid loop the pressurizer cubicle volume is sufficient for venting the RCS pressure during RCS boiling and prevent-ing steam genera'or nozzle dam failure. In addition, a conservative RCS equilibrium pressure which is below the assumed stea*n generator nozzle dam design pressure had been calculated to occur 4 days after shutdown, indicating that the earliest time after shutdown from full power for operat-ing at mid-loop is recommended as 4 days. Please, provide the analysis results showing that the pressurizer cubicle volume is sufficient for relieving RCS pressure and prevent-ing nozzle dam failure. Also, provide the sensitivity study results to justify for the basis of the mid-loop operation at 4 days after the reactor had been shutdown from full power, in additici, ABB-CE has also stated that procedural guidance regarding the earliest time after shutdown for entry into reduced inventory operation is provided in Section 2.2 of time to boil assuming an ini-the CE50R submittal, tial RCS temperature of 150and the,F, is greater than 15 minutes.

The staff is unable to confirm the incorporated information in the procedural guidance regarding the time for entry into a reduced inventory condition, and the time to boil in Section 2.2 of the submitta'.. Please verify the accuracy of the statement made and provide the analysis results shoying the exact time to boil assuming RCS temperature at 150 F.

440.163 Table 2.4-1 indicates that an improved protection against pump excessive flow conditions is one of the many design features that increase resistance against loss of shutdown initiators. Please provide a broader discussion to address the features used to protect SCS pumps from excessive flow.

440.164 Section 2.4.3.1.3.1.1 discusses shutdown cooling recovery actions during Mode 5 for group 1 initiators including SCS pump suction failure and air ingestion. ABB-CE has stated that the containment spray system (CSS) pumps can be used to provide decay heat removal capability using the SCS heat exchanger. This response rebires the manual operator actions to open a safety depressurization system (SDS) valve, open a normally locked-closed cross-connect valve, and the actuation of the CSS pump from the control room.

This explanation is some what confusing to the staff. If the CSS were to be used to provide alternate decay heat 4

I l

l I

removal, it would appear that several actions need to take place: (1) operator has to isolate a normally opened CSS suction valve to the in-containment refueling water storage tank (IRWST), (2) realign the SCS system 10 the CSS by manually opening a normally locked-closed cross-connect valve S1-110 on the suction line to the CSS pump, and open-ing a normally locked-closed cross-connect valvo SI-430 on the discharge line of the CSS system, in addition, opening the SDS valve to allow rapid depressurization to take place is also used with SI pumps for feed and bleed operation to achieve alternato decay heat removal capability.

Please, (1) clarify the use of the SDS valve in conjunction with the CSS pump and cross-connect valves for DHR, and

(;-) since manual operator actions are needed to realign valves to achieve alternate DHR, clarify what ABB-CE has done to minimize the possible operator errors (man-machine interface) in terms of requirements, control procedures, and perhaps automatic actions.

440.165 In Section 2.3.3.4 and Section 2.4, Table 2.4-3, ABB-CE has consistently strnssed the available alternate makeup water which has a sources total volume usir.gofthe boric acid 180,000 gallons, storage and tank (BAST) injection the safety tanks (last line of defense) to supplement the normally preferred IRWST water source. Has ABB-CE considered the possibility of using the holdup tank as an additional alter-nate water source, which has a total volume of 435,000 gallons and contains the same 2.5 wt% boric acid as compared to the boric acid concentration of the BAST 7 440.166 Section 2.9 indicates that a minimum IRWST level has been calculated to be "7546." Please explain what "75+6' means.

In addition, ABB-CE has stated that a conservative margin has been provided between the elevation of the suction piping openings and the minimum IRWST water level to mini-mize the possibility of air ingestion. Please provide a discussion to address at what elevations with respect to the minimum IRWST level that the safety injection system (SIS) suction piping are located, and your basis to support con-servative margin.

440.167 Section 2.10 discusses the effects of loss of SCS with the PWR upper internals in position. ABB-CE has sta'ted that an analysis was done to predict the extent of natural circula-tion flow through the upper guide structure. Please provide (1) a description of your analysis and simulation model used, (2) calculation examples, (3) justification for the assumptions made, and (4) compare your calculation method and model with the NUREG/CR-5820, " Consequences of the Loss of the Residual Heat Removal Systems in Pressurized Water 5

Reactors" results to ju:tify the conservatism in your analy-sis, in addition, what assurance will be in plate to inhibit operators to enter the refueling conditions before two days after shutdown?

440.168 in Section 2.12, ABB-CE has determined criteria for major, and minor drain paths and certain mitigative actions for loss of coolant. For example, ABB-CE has stated that for a major leak path, a preferred recovery action would be to isolate the drainage source before the RCS level reaches the break level ar.d to add makeup to the RCS. In addition, for a minor drain path, a drain flow rate can be compensated by using available makeup, and "the identification of a minor drain path requires no further action." Some ABB-CE identi-fled minor drain paths such as in-core instrumentation (1C1) seal table leak path, steam generator tube rupture drain path, and reactor cavity seal leak path, can result in loss of ability to maintain effective thermal heat transfer.

Additionally, a loss of refueling water in case of reactor cavity seal leaks could potentially result in refueling water teinperature increases due to insufficient decay heat capability; and a loss of RCS coolant in case of ICI table seal leaks or tube thimble seals f ailure could result in the corn being uncovered. All of these minor leaks require more response than to just identify and provide makeup. ABB-CE should describe more ful'.y the actions for minor drain path leaks.

t 440.169 in Section 2.12.3.1.2, ABB-CE has stated that the System 80+

101 design does not employ temporary thimble tube seals.

Please provide a description of the ICI system design and replacement process during shutdown conditions that will preclude the potential losses of RCS coolant inventory.

440.170 in Section 2.12.3.2, ABB-CE has stated that an assessment of identified leak paths was made relating to the potential flow rates, and the time it would take for the RCS water level to reach the bottom of the hot-legs. Please provide a discussion of important leak paths such as inadvertent drainage of RCS coolant through SCS systems to the IRWST, SCS relief valve disc.harge, etc. The discussion should quantify the anticipated volume loss of ES coolant and the time it would take to reach the bottom of the hot-legs level, without makeup sources of water. Also, discuss how the system design would mitigate the leaks, what operator actions would be needed to mitigate the event, what opera-tional constrains would prevent the potential leaks, and how the system design and/or operating procedures would minimize operator errors. Also, provide a discussion of System 80+

design features that have advantage over ABB-CE operating reactors.

6

g,. .

5 '

6 440.:71 In Section 2.6.3, Table 2.6-1, ABB-CE has identified the possible non-borated water flow paths for the rapid boron dilution events. ABB-CE has only identified one credible o boron dilution event that is from the direct vessel injec-tion (DV1) lines where the RCS leakage through the first Si check valve with g possible diluted water volume is deter-mined to be 60 ft . ABB-CE did not take credit for using A

4 the pressure indication in the lines and the possible g divert %g capability by opening valves SI-648, 638, 628, and 618 to minimize the potential dilution to the DVI injection lines. In addition, ABB-CE has also identified leakage through SIC hot legs injection check valves SI-522-and 532.

?, However, in this scenario, A M-CE took credit for detecting O prersure changes using pressure indication in the line 3d the s'ility to divert water to SIT drain and fill lint -

Please provide:

(- (1) assumptions made for both scenarios and why credit was  ;

taken for using pressure indication and diverting i water capability in one situation but not for the other,

'2) consequences of tP .id boron diluttoa event from the diluted water .s.. age through hot legs injection check valves, if pressure indication in the lines and the diverting capability were not used, and (3) compere your P-D mathematical model with the staff's steady sthte :alculation using the NODEP-2 nodal code model (NURE' 1449, Section 6.8.3, Neutronics Analy-sis), and j s.ify the conservatism in your calcula-tion.

440.172 .The staff has identified several instances of gas binding in '

the charging pumps suction that took place at operating plaats. These events have occurred due to (1) a lower suction pressure at the operating pump in comparison to the volume control tank (VCT), pressure that_ allowed gas to come

' out of the solution coupled with the standby charging pump piping runs allowing the gas to effectively accumulato a sufficient volume to prevent the standby pump to success-fully start due to air entrapment, (2) inadvertent emptying of the VCT. Provide a discussion of how the System 80+

design venting capability, construction (elevotion between CVCS and pumps suction, and 5 .; ping runs), and operating procedures would prevent these problems during shutdown as ,

well as normal operating conditions. In addition, ABB-CE should address the impact of reactivity events as a result of being unabl , to borate the VCT due to gas binding in the boric acid transfer pumps and inadvertent c.nptying of'the VCT.

7

440.173 Section 3.4.1 gives the event tree for loss of PdR in Mode 4 and discusses each branch point of the event tree. Pmh point BOC (boil-off using CVCS) indicates that water can be injected into the vessel from the BAST by utilizing either charging pump or the boric acid makeup (BAMU) pumps as a backup and the BAST volume can provide up to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> of boil-off. Picase provide:

(1) discussion on the BAMU pumps capability as a backup, if SCS (DHR) is not operable, (2) basis for the 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> of water available #or boil-off.

3 440.174 The staff has identified that System 80+ does not have the  %

g~ capability for gravity drain from IRWST to the RCS, Provi6 a discussion of how CE System 80+ could provide Later to the RCS to maintain core cooling in case of station blackout (SBO) and also discuss the reflux cooling capability for W System 80+ design. Discuss what actions could be taxen u

{ allow for gravity drains and ABB-CE's plans to incorporate such actions.

440.175 Section 5.3.1 indicates that the limiting break is in a bottom of the hot leg or a lower head instrument line resulting in a loss of DHR in Modes 5 and 6. Provide the basis for the break in a bottom of the hot leg or a lower instrument line as the most limiting condition in comparison to other possiMc pipe breaks.

440.176 Section 3.0 presents the probabilistic risk assessment (PRA) study for shutdown conditions, including mid-loop operation with the refueling cavity water level less than 23 feet-above the vessel flange. It appears to the staff that loss- _

of offsite power (LOOP) and SB0 situations were not modeled in the event trees. The staff study indicates that LOOP and n SB0 situations can occur during shutdown conditions. As a result, the probability for core damage frequency during reduced inventory increases. It appears that System 80+ PRA models assumed that off-site power is always available for the entire shutdown conditions. Therefore, the availability of the emergency power is of minimal importance. Provide (1) justification for not modeling LOOP and SB0 in yo-shutdown risk analysis, especially during mid-loop opera-tions with water level less than 23 feet above the vessel flange, and (2) how would core damage frequency change 1 during reduced inventory conditions, including mid-loop {'

operation with water level in the refueling cavity less than 23 feet above the reactor vessel flange.

  • 8 1

i I

'3 4

440.177 Table 4.0-1 and Table 4.0-2 provides requiroents for the operating range _ of initial conditions' and RCP operating

' conditions. How would these requirements be controlled (e.g., TS)- for applicable modes?

440.178 Section 4.3.1, Total Loss of Reactor Coolant flow, concludes that the SCS relief valves will ensure that the P-T limits for brittle fracture are not violated for transients postu-lated in Modes 4 or 5 with RCS temperatures below LTOP enable / disable temperatures, and Figure 4.0-1 >rovides initial conditions for P-T limits in modes 3 tirough 6 with the SCS relief valve setting at 565 psia.- It appears to the staff that the operators can operate shutdown cooling at other conditions than the design initiating conditions of 350 'F and 400 psia for SCS systems. If the operators were to operate the SCS at temperatures and pressure higher than the system design initiating temperature and pressure condi-tions, provide-(1) procedreal guidance and design features to address the staff's Open Issue 5.4.3.2-2 in the Sys-tem 80+ draf t safety evaluation report- (DSER), and (2) provide an analysis to address that the relief valve sizing. design basis for overpressure protection for the SCS-system is still bounded by design criteria-discussed in CESSAR-DC, Section 5.2.2.

440.179 Section, 4.1.2 states that to maximize the cool down rate and the time requirad to reach the steam generator water (SG) level trip setpoint, the events were assumed to be initiated at the minimum Mode 3 technical specification with SG vater level of 25 percent wide range. Provide the basis for using SG water level of 25 percent wide range and justi-fy the onservatism in your assumption. In addition, ABB-CE also states that the ra+e of cooldown for the excess leed-water flow events is lus dependent upon the steam generator temperature than it is -for the steamline break events. What is the _ difference between selecting the_ initial conditions to_gener;te the lowest DNBR in coincident with.the pre-trip for the steamline break event and this case.

440.180 Section 4.1.5 disr.usses the evaluation of steam system piping failures inside and outside containment. The evalua-tion indicated the minimum transient DNBR for-the suutdown mode cases was greater than 2. ProvMe:

(1) assumptions used for DNBR calculation, including-peaking factors, pressure, flow rates, and provide the justification for the' assumptions mad in the analy-l sis, i (2) identify worst case for shutdown mode.

9 l

4

. - - - . - ~ , ,

T 440.181 Section 4.2.8, Feedwater System Pipe Breaks, states that the '

energy mismatch between the primary and secondary system is very much less for events postulated to occur in shutdown modes other than for event of Section 15.2.8 of CESSAR-DC.

Provide the technical basis for this assumption.

440.182 Section 4.6.3, Steam Generator Tube Rupture, indicates that-the leakage rate could range from 0.0 to approximately_

315 gallons, and at the maximum leakage rate, the operator would have more than 45 minutes to diagnose the event-and take appropriate actions. Provide (1) calculation results to show that 315 gallons is a maximum leakage rate and is a limiting case, (2) basis for the 45 minutes available time for operator's actions.

440.183 Appendix C, Reduced Inventory Operational Guidance, Precau-tien 3.4, states that operations directly affecting the reactor vessel pressure boundary, i.e., ICI Seal Table Evolutions, shall be minimized during mid-loop. ABB-CE also statec in CESDR Sections 2.12.3.1.2 and 2.3.3.5 that proce-dural-guidance prohibits In-core Instrumentation Seal Table Evolutions while the vessel head is on and mid-loop evolu-tions are in progress. These two statements appear to contradict each other. ABB-CE Reduced Inventory Operational Guidance would allow the seal table evolutions to take place -

during mid-loop operations, thus the potential less of inventory exists. Clarify whether the operational guidance allows or prohibits seal table evolutions to be performed during mid-loop operations. If the evolutions are permitted, discuss what actions are needed to prevent the potential loss of coolant inventory.

440.184 Section_2.12.3.1.2 discusses the potential _ failure of the reactor cavity seal during Mode 6, refueling. The cavity seal can fail in some circumstances. For example, the cavity seal can be displaced during an ' earthquake of certain magnitudes, thus creating a total seal failure during refueling process (i.e., refueling cavity is flooded, fuel

~

transfer gates are opened to connect with the spent fuel pool, and fuel transfer is in process, when the reactor cavity seal failure-occurs). Please provide' (1) time- to drain to _the reactor vessel flange if water is not added, (2) potential consequences to the spent fuel being trans--

ferred during the fuel transferring process, (3) radio-logical consequences, and (4) what actions are needed to mitigate and to maintain shutdown cooling.

440.185 Appendix C, Reduced n entory Operational Guidance, Opera--

tional Guidance 4.4. v 'vides RCS/SCS system parameters 10 a

b w .

i monitored during reduced inventory. This operational guid-ance does not address SCS pump suction and discharge pres-sures as part of system parameters monitored during reduced inventory as mentioned in Section 2.8. Please, clarify.

440.186 Section 5.0, Abnormal Operating Conditions, discusses the use of the combustion turbine generator as an alternate and a diverse method to provide ac power during station blackout events to maintain shutdown cooling. However, there is no information that addresses the reliability assurance for the combustion turbine unit. Please, provide combustion turbine reliability assurance program information, availability information, and address how ABB-CE would ensure the opera-bility (i.e., TS) of the combustion turbine unit during shutdown conditions.

440.187 ABB-CE indicated in the response to the staff RAI #440.135 that the combustion turbine will be utilized during shutdown to ensure adequate supply of ac power. This availability will be governed by a COL holder through administrative control s. Absent further information, the staff does not have assurance that said measures will be sufficient to require AAC availability of a future COL holder. The staff believes that for advanced PWR reactors that it may be appropriate to have two onsite sources of power available during reduced inventory conditions. These onsite sources of power would need to be controlled through specific shut-down TS requirements. Please define technical specifica-tions to reflect the staff's concerns.

However, it should be noted that the staff is currently finalizing its proposed requirements for operating reactor shutdown operations, therefore, ABB-CE shutdown TS will not be reviewed at this time.

440.188 In Section S.3, LOCA Analysis for Lower Modes of Operation, ABB-CE assumed different conditions in Mode 4. Please provide:

(1) basis for different conditions in Mode 4, and (2) results from the sensitivity study to confirm that Mode 4, case 4 is the worst case.

440.189 Section 5,3 evaluates a postulated LOCA event (break in the bottom of the hot leg) in Mode 5 as a result of a loss of 4 DHR. The postulated LOCA event analysis indicates that the water would reach the top of the active fuel in twelve minutes and t5e operators would have ten minutes to take actions to prevent core boiling. The Standard Review Plan (SRP), NUREG-0800 Section 6.3.8, item 19, states that opera-tor delay time should be greater than 20 minutes. The ten 11 I

  • t ~~

.4 minutes provided by ABB-CE appears to be too short for preventing core boiling. Provide justification for .the shorter operator delay time.

440.190 Section 5.3.1, Description of LOCA Scenario, indicates that-a severe LOCA wculd occur at lower operating modes when the RCS temperature are reduced slightly below the temperature where no SI pumps are required to be on automatic. Provide the RCS temperature at which-no SI pumps are required to be-on automatic.

440.191 Section 5.3.4, LOCA Analysis for Mode 4, discusses LOCA analysis for hot rod heatup. Provide a detailed description '

of the assumptions made including axial power shape and RCP conditions.

440.192 In Section 5.3.3, ABB-CE has indicated that the Realistic Evaluation Model (REM) was used to study the possible impacts of a small break LOCA in Mode 4.- Please, provide (1) detailed description of the assumptions made using the 1 REM version of CEFLASH-4AS and PARCH codes.

440.193 In Section 5.3.4, LOCA Analysis-for Mode 4, ABB-CE has used 10 minute time available for operator action to take credit for compliance with ECCS acceptance criteria. This assumed 10 minute time is inconsistent with SRP 6.3>8, Item 19 (see RAI question 440.190) 440.194 Section 2.6, Rapid Boron Dilution, discusses some poten'tial boron dilution events. NUREG/CR-0105, Vol. 2, " Seventeenth .

Water-Reactor Safety Information Meeting," identifies l

- several potential PWR boron dilution events that ABB-CE has not discussed in Section 2.6 of the submittal. Please provide the below discussions which emphasis in the use of design features, detection, mitigation, and prevention capability and relate these to resolutions in Table ~2.6-1:

(1) addition of diluted accumulator water during shutdown due to slow leakage'or blowdown thru single valve, (2) LOCA with diluted ECCS water from more than one accu- "

mulator or IRWST, (3) LOCA with sump water diluted, (4) uncontrolled boron dilution from CVCS during shutdown and the event of demineralized water from the purifi-

' cation system entered the core via the SCS system (the-L Belgians study),

(5) rod ejection accident.

i 12 L

4 m y

440.195 NUREG-1449 indicates that loss of coolant can result from the SCS pump suction relief valve opening. Please provide a discussion to address how your spring-loaded relief valve would not subject System 80+ to this vulnerability.

440.196 please provide a list of ITAAC Tier 1 items which are essen-tial to maintain safe operations during low power and shut-down conditions (e.g., piping configurations to support gravity drain and to eliminate loop seals, flow rates, water level,etc.)

13

- - - - - - - ~ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

REQUEST FOR ADDITIONAL INFORMATION (INSTRUMENTATION AND CONTROL SYSTEM BRANCH)

1. Table 2.1-1 discusses the procedural guidance related to shutdown operations. With .egard to unplanned draining of the reactor coolant, the staff notes that the heated junction thermocouple leve's are not monitored.
2. In discussing the instruments to be used for monitoring RCS temperature during a loss of flow event, Table 2.1-1 lists resistance temperature detectors; which will be very inaccurate after flow is lost. It may not be appropriate to include these instruments in the parameter list for loss of flow events.
3. Table 2.4-2, Shutdown Cooling System (SCS) Instrumentation, lists the _

instrumentation considered by the applicant to be critical to identifying Group 11 initiators. Group 11 initiators include a failure on the discharge side of the SCS pump. An additional initiator of an impending loss of shutdown cooling is High SCS flow in the suction line caused by too much SCS pump flow. High SCS pump flow can initiate air entrainment via vortex formation during midloop operations.

4. On Page 2.8-1, the applicant states that providing an adequate fluid level in the hot leg above the level at which vortexing occurs will ensure that the SCS fluid will not entrain air. It should be pointed out that vortex formation is a function of level and flow, not just level. Vortex formation caused by excessive SCS flow on the suction side of the SCS pump is not uncommon.
5. In Table 2.8-1, the staff notes that the RCS water level reference leg tap for the Refueling Water Level Indication System is located in the top of the pressurizer. There should be one tap for each channel to preclude a SONGS-type event wherein the common reference leg tap was inadvertently blocked during a draindown operation. _
6. In Table 2.8-1, RCS Temperature, the applicant appears to make a commitment that fuel shuffling activities will be scheduled in such a way as to ensure that availability of the CETs during midloop opera-tions. This commitment should be a Tier 1 commitment, since it directly impacts the availability of temperature instrumentation.
7. In Table 2.8-1, SCS Flowrate and SCS Pump /CS Pump Discharge Pressure are alarmed on low flow and low pressure, respectively. There should also be alarms for high discharge flow and high discharge pressure, because excessive flow can result in pump cavitation and subsequent loss of SCS flow.

14

h a i

4 REQUEST FOR ADDITIONAL INFORMATION (PROBABILISTIC SAFETY ASSESSMENT BRANCH)

1. Report the major findings and insights that were drawn from the shutdown PRA. Provide a list of shutdowr PRA insights that contributed to changes in design, technical specifications, administrative controls, procedures, etc.
2. Core damage frequencies were estimated for Modes of operation 4 through
6. It is mentioned that Modes 1 through 3 are covered in the PRA performed for operation at power. However, although this may be true for forced outages, it is probably not true for planned cutages. Please explain how the plant risk during Modes 2 and 3 was included in the risk estimate for power operation. Provide the assumed distribution.of time among the different plant configurations (plant states) during shutdown.

Also, for each plant configuration in Modes 2 and 3, provide an estirrate of the frequency of initiators, any relaxation in the technical specifi-cations, and systems or functions that are unavailable or require operator action.

3. In estimating the frequency of an initiating event wnile the plant is in a certain state, it was assumed that the frequency of each initiating-event (as calculated by operational history of current PWR plants) can be distributed among all plant states according to the fraction of. time the plant is in each configuration. However, some initiating events could occur only (or more frequently) during a particular plant state.

For instance, LOCA frequency will vary with pressure and maintenance activities allowed duiing the various plant configurations. Similarly, l loss of DHk may be more likely at the reduced inventory configuration and loss of power related frequencies may vary according to the allowed, and scheduled, maintenance activities. The affect of this assumption on the estimated core damage frequency (CDF) during shutdown must be investigated. The staff strongly recommends reviewing experience data,-

as well as the results of existing analyses, to resolve this issue.

l 4. Thq fractions of time that the plant is expected to be in a certain configuration (plant state) were used to estimate initiating event frequencies for the various plant states during shutdown. However, no complete information was provided on how the assumed 23-day refueling

! schedule wac divided among plant states, in addition, the assumption of-equal times in Modes 4 and 5 due to scheduled and forced outages may be optimistic. Please provide, details and justification of assumptions l made in determining _the initiating event frequencies for the various plant states.

5. Provide a list of al! dominant accident sequences that lead to coi*e

! damage during plant snutdown and associated frequencies. For-each-sequence, list all initiating events, including failures and successes.

l l 6. In the event tree for loss of DHR in Mode 4 (Figure 3.4-1), Technical Specifications (see Table 2.4-3, LCO 3.4.6) require: a) two RCS loops

! E two SCS trains E any combination of these to be operable; and b) one 15 l

4 RCS loop or SCS trair. to be in operation. This was not appropriately taken into account in the event tree, for example, in describing event 051 it is mentioned that "if a SCS train fails, the operator will try to start the second SCS train which is required to be available by the Technical Specifications." However, this statement contradicts LCO 3.4.6 of Table 2.4-3. Similarly, in describing event SG heat removal (SGHR), it is stated that "by Tech Specs, a SG will be available if the second SCS train is out of service." This contradicts both the statement made in describing event OSI and Table 2.4-3. Please clarify the applicable Technical Specifications and use them appropriately in the event tree model. In addition, clearly state all assumptions made in developing this event tree.

7. Please provide all information, assumptions, and sources used in determining the mechanical part of the " bran:h point" failure rates reported in Table 3.1-1 of the System 80+ Shutdown Risk final Report.

Information such as hourly failure rates, demand failure rates, test intervals, common cause f ailure rates, mission times, and assumed system configuration should be reported. Also, in determining the probabili-ties of the top events appearing in the event tree, it is important to keep in mind that these probabilities may be conditional on events that precede each branch point. Please discuss this issue when explaining how the " branch point" probabilities were derived.

8. One of the criteria for successful " Feed and Bleed" t.ooling is that it must be initiated at or before the time at which the primary safety valves lif t (see page 3-16). What is the basis for this criterion?

Present justification by referring to the results of related analyses.

How much time does the operator have to initiate feed-and-bleed under the several accident sequence scenarios? Explain the affect that this

" time window" has on the assessed probabilities and event tree model.

9. In discussing event BOC (Boil-off using CVCS), the following statement is made (page 3-17): "It was assumed that if BOC is successful, DHR is restored in the approximate 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> during boil-off." This statement implies that the DHR will be restored with certainty during boll-off.

However, the probability of event BOC (as estimated) was assumed to be dominated by the failure probability to repair the DHR. Please remove this inconsistency. Also, the assumed 12-hour window to restore DHR needs further justification.

10. The probability of event BOC (boil-off using CVCS) has high uncertainty and appears in all dominant sequences. It is necessary to investigate the sensitivity of shutdown CDF to variations in the probability of this event. If it is found that the shutdown CDF is sensitive to such probability, ther, it will be necessary to further justify the assumed probability (0.1). It should be noted that the assumed probability of event B0C is dominated by the failure probability to restore DHR capability in approximately 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. Given that these systems failed previously in the sequence and some repair needs to be performed on at least one of them, the assumed probability of 0.1 may be optimistic. In addition, the contribution of the unavailability of the CVCS (Tech Specs 16 I

require only one charging pump to be available) may be significant and should be calculated.

11. In the event tree for loss of DHR during Modes 5 and 6 (Figure 3.4-7),

using feed-and-bleed with SCS (event SCSFB) is needed only if feed-and-bleed with SIS (event SIFB2) fails. Event SIFB2 includes failure of the Safety injection System (515) as well as failure of the Safety Depressu-rization System (505). Event SCSFB includes failure of the Shutdown Cooling System injection as well as failure of the SDS. This implies that if SDS is not available for feed-and-bleed with SIS (event SIFB2) it will not also be available for feed-and-bleed with SCS (event SCSFB).

Therefore, the event tree should be modified by adding a branch for the SDS function. The same is true for the event tree for LOCA Modes 5 and 6 with IRWST available (Figure 3.5-15).

12. The event tree of Figure 3.4-9 was used to model: a) the loss of DHR during Mode 5 operation when the coola:i level is reduced and b) a LOCA during Mode 5 operation when the coolent level is reduced. Using the same event tree for these two initiators causes confusion (especially when no connection is made with the appropriate sections, where LOCAs, loss of DHR and reduced inventory are discussed). Please explain why the operator would " perceive" LOCAs as a loss of DHR. Does this mean that the leak will not be diagnosed prior to pump avitation? How was the leak location taken into account? Is the leak recoverable? Are operator actions and associated time windows following a LOCA same as those for a loss of DHR due to other reasons? Please document all the assumptions and try to connect them with Section 2.12 (potential for draining the reactor coolant system), Section 2.3 (reduced inventory operation and GL 88-17 fixes), and Section 2.4 (loss of DHR capability).
13. How were the probabilities in the event tree of Figure 3.4-9 (loss of DHR or LOCA in Mode E Mth reduced inventory) calculated? They were assumed to be identical given either a loss of DHR or LOCA initiating event. Please justify. For example, given a LOCA, is the probability l that the operator restores DHR still 0.167
14. Event MUI (" Operator checks coolant level" in event tree of Figure 3.4-
9) was assigned a probability of 4.1 x 10'3 This includes, in addition to the human error, the probability of a mechanical failure of the SCS l to make-up inventory (1.0 x 10'3). How was this probability estimated?

l Does this estimate take into account the fact that a loss of DHR (or a

! LOCA that causes a loss of DHR) and failure of the operator to restore DHR have preceded this event? Please explain.

15. The probability of event OSI (operator starts second DHR train) in Figure 3.4-9 is conditional on the failure of event OR (operator restores DHR) and the success of event MUI (operator uses SCS pumps to provide RCS makeup from the IRWST). How are these dependencies taken into account when assessing the probability for event OSl?
16. The success criteria for event SIFB2 in the event tree for " loss of DHR or LOCA in Mode 5 with reduced inventory" (see Figure 3.4-9) is not 17

.,. r

=

clear. 'How many SIS trains are required for success? If two SIS trains-arerequired(astheeventtreeheadipgsuggests),thentheassessed probability for this event (4,2 x 101) is wrong and should be recalcu-lated.

17. In discussing event SIFB2 (pages 3-24 and 3-25) for loss of DHR or LOCA in Mode 5 with reduced inventory, it is mentioned: "As noted in Section 3.4.1, in this mode, the pressurizer manway has been removed and opening =

the SDS valves is not necessary. . ." However, in Section 3.4.1, the ;,robability of a f ailure of the SDS (8.0 x 104) was included.

Please remove this inconsistency. Also, please relate the event _ tree modeling of Figure 3.4-9 to the plant states and termination points for restoration of DHR (Figure 2.4-1 and Tabli 2.4-3). Document All assumptions made.

18. The event tree for loss of DHR in Mode 6 with the refueling cavity-filled (Figure 3.4-11) does not model the effects of the potential presence in the vessel of the u)per internals. Please relate this event tree model and assumptions to tie criteria, analysis and resolution of the issue of the inhibition of natural circulation due to the presence of upper internals as discussed in Section 2.10 of the System 80+-

shutdown risk report. Also, provide the same information for the' event tree of Figure 3.4-17.

19. The event tree that models a LOCA in Mode 4 (Figure 3.4-12) is applica-ble when RCS temperatures are.above 317 *F and pressures are above 500 psig. The iow pressure and temperature part of Mode 4 is represented by the Mode 5 normal inventory event tree'(Figure 3.4-15).

This is not reflected in the estin.ates of the frequencies of the initiattag events M4LOCA and M561R. Please explain or_ correct-this discrepancy.

20. The event trees eitner do not model or they lump together many of the several major-plant configurations of interest to shutdown risk as identified by the termination points of Figure 2,4-1 and Table 2.4-3.

For example, no distinction is made in the event tree (Figure 3.4-1) for termination points 2 and 3 (related to a loss of DHR during plant Mode 4 with RCS cold leg temperature greater than and less than 317 'F, respectively). Please explain how figure 2.4-1 and Table 2.4-3'were used in constructing the event trees. Provide lists-_of.all the important assumptions (implicit and explicit) that were made. in con-structing the event' trees (for all che event tree headings by event tree).

21.- The probability of event 01 (operator isolates the leak loca'.ly) was-assumed to be the same for leaks inside the containment as for leaks outside'the containment. Justify this assun tion.- In addition, link the method for estimating the probability of event 01 to specific. leak-

~

paths, failure mechanisms, required operator. actions, available_ proce-dures, monitoring parameters that alert operators upon the occurrence of a leak, and other information present in Sections 1- and 2 of the shutdown risk report.

18

. _ . _~ - -

22. The frequencies _of event L60C and L6IC (LOCAs in Mode 6 with refueling

. cavity flooded outside and-inside containment, respectively) were estimated by assuming taat half of the LOCAs experienced in current

- plants during this plant configuration occurred inside containmer.; and i the other half occur outside containment. In view of-the high

)

sensitivity of the total shutdown core-damage frequency estimate to_the i frequency of event L60c (see event tree of Figure 3.4-I justifytheassumedfrequencyforeventL60C(5.5x10'f)),_please- .

23. Provide list (s) of Natures, human actions, technical specifications, administrative corirols and procedures, by shutdown phase and plant i i

configuration, that were found to be important in maintaining the '

shutdown risk levels as estimated in the PRA. Such lists could also provide part of the PRA input to reliability assurance. program (RAP) and i inspections, tests, analyses and acceptance-criteria / design acceptance l

criteria (ITAAC/DAC).

24. Provide important analysis that identifies the dominant contributors to the assessed CDF during plant shutdown. Also, determine, study ond characterize the dominant human errors in order to draw insights for the following:

(i) shutdown phase / plant configuration combinations'with highest human error contributions (ii) any additional procedures, administrative controls and technical specifications that can be used to further reduce risk during shutdown.

(iii) any guidelines that can be used for outage planning that would even the risk profile and reduce overall risk during shutdown.

(tv) sensitivity of the shutdown CDF estimate to variations in human error probabilities.

25. Provide a clear definition of what is assumed to be a stable end-state in the event trees. Also, define mission times for the va- s systems and accident scenarios.
26. The PRA indicates that the-refueling configuration is the most important-contributor to risk during shutdown. This is not in agreament with the results of other PRAs. Please discuss the reasons for this.
27. The human error probability (HEP) estimates are not clearly documented.

Please provide a concise description of the methodology used to assess human error probabilities. Also, provide clear references to tables or pages in NUREG-1278. Same HEPs were used in different event tree t+anch points (e.g., events OR, OSI, SIFB2,'BOC) regardless of the initiators (e.g., event trees in Figures 3.4-1 and 3.4-9). This needs to be justified since HEt depends strongly on the time available for operator actions and the failures that preceded in the sequence.

- 19

1 ,

\

28. It is not clear why the human error probabilities on page 3-29 (event SGCOM) are multiplied irstead of added, it seems that an error in either one of the two required operator actions would fail the top event. Please explain or correct.
29. The number of PWR years shown in Table 3.3-1 seems high. This, if true, results in underestimation of frequencies. For example, 1412.3 reactor years from June 7, 1973, implies an average of 76 PWRs operating in that period. Please provide or refer to a list of events that were used in calculating initiating event frequencies. Categorize these events according to the plant status at the time of their occurrence. A first categorization should be among events that can occur only at power, only at shutdown and both at power and shutdown. Next, the events that can occur at shutdown should further be categorized among the various plant configurations that exist during shutdown. -
30. In assessing the probability of event 01 (Operator isolates leak, pages 3-27 and 3-28) it was assumed that 4 percent of the leaks caused by mechanical failure; can not be isolated. However, the fraction of mechanical failures is not reported and the 4 percent assumption not justified. Please provide this information.
31. It is mentioned that the loss of offsite power events were not quanti-fied because they are small contributors to risk. Please provide the analysis that supports your conclust o since it is quite possible that, during shutdown, onsite emergency electrical power can be degraded due to maintenance. This analysis should include maintenance downtimes at the various plant configurations.
32. Knowledge of containment integrity status when a loss of shutdown cooling has occurred is very important. The operator, in addition to taking actions for re-establishing core cooling, must te in a position to ensure containment integrity (in case core damage results). Does the -

System 80+ design provide any diagnostic, time tracking, procedural and/or other means to aid the operator to close containment penetrations (such as cable lines) in time? Are there any accident scenarios, associated with specific plant configurations, for which the time window for closing the penetrations is greater than the time to core boiling?

Please provide related analysis.

33. Provide analyses for internal floods and fires during shutdown that are consistent with the related analyses performed for power operation (in progress at this time). This implies that similar methodologies should be used to assess the risk from internal fires and floods during shutdown as during power cperation. Analyses performed for power operation, as well as their findings, can be referenced in the shutdown analyses whenever applicable.

20 1

__ _ __ __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Retrieved from "https://kanterella.com/w/index.php?title=ML20126G557&oldid=2907276"