ML20126M918
| ML20126M918 | |
| Person / Time | |
|---|---|
| Issue date: | 06/12/1985 |
| From: | Harold Denton Office of Nuclear Reactor Regulation |
| To: | Rahe E WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP. |
| References | |
| NUDOCS 8506200507 | |
| Download: ML20126M918 (27) | |
Text
'o,,
UNITED STATES
,8 NUCLEAR RECULATORY COMMISSION o
t a
wAsHWGTON, D. C. 20555
%,,,,, #,5 o,
June 12, 1985 Mr. E. P. Rahe, Jr., Manager Nuclear Safety Department Water Reactor Division Westinghouse Electric Corporation Pittsburgh, Pennsylvania 15230
Dear Mr. Rahe:
SUBJECT:
REVIEW 0F THE WESTINGHOUSE 1000 MWe NUCLEAR STEAM SUPPLY SYSTEM DESIGN By letter dated April 19, 1985, (NS-NRC-3031), Westinghouse submitted a proprietary document entitled " Design and Licensing Description of the Westinghouse 1000 MWe Nuclear Steam Supply System," and requested that we review the proposed nuclear steam supply system (NSSS) design concept described therein and provide ".... an advisory opinion on the licensability of the proposed design...."
This letter describes the limited review that we conducted in response to Westinghouse's request and the overall conclusions that we reached as a result of that review. A more detailed description of our review is provided in the enclosed evaluation report.
Westinghouse's report describes, principally by comparison with previously-reviewed design features, its 1000 MWe NSSS design that it is developing for
"... domestic and international application in the current time frame." The report also briefly describes the upgraded features of the proposed design and provides a limited safety assessment of the design with respect to current regulatory guidance and requirements.
In addition, the report addresses a number of the issues, but not all, that would be required by the Comission's proposed severe accident policy statement.
Our review was based upon the information provided in Westinghouse's report, supplementary information in specific areas provided by Westinghouse in response to our informal requests for additional information and our previous evaluations of design features similar to those of proposed design. The design features which we had not previously reviewed were evaluated for general consistency with current regulatory guidance and requirements. Our review also included a limited review of Westinghouse's approach to the proposed severe accident issues for new plants.
Based upon our limited review, we conclude that the proposed design, as presented by Westinghouse in its report and by supplementary information, is generally similar to designs recently approved by us for construction and/or operation in the United States.
For those features which differ from
, //
,gpnv
+ q@
i B506200507 850612 PDR TOPRP EtMEST l
C PDR:
i
June 12, 1985 Mr. E. P Rahe, Jr. previously-approved designs, we determined that such features could reasonably be expected to satisfy the intent of~ current regulatory guidance and requirements if they were properly designed.
Finally, our review revealed that substantial additional analyses would be required to satisfy the requirements of proposed severe accident policy statement; however, we see no reason that the design could not meet the requirements as proposed without major modifications.
In summary, we believe there is reasonable assurance that the proposed design, if properly developed, could satisfy current regulatory guidance and requirements and would, therefore, be licensable. This conclusion is an advisory opinion on the potential licensability of the proposed design and is provided without prejudice as to the acceptability of a license application incorporating the design.
Sincerely, Od$td Bluesd by L 5 st.aectu Harold R. Denton, Director Office of Nuclear Reactor Regulation
Enclosure:
As stated DISTRIBUTION:
sCentrol D ieA NRC PDR
+
CPatel RBernero CThomas JKnight DCrutchfield TSpeis FMiraglia WRussell HThompson DEisenhut HDenton kS7m f
- SEE PREVIOUS CONCURRENCE:
DL:SSPB* DL:SSPB*
DL: AD/SA*
DL: )IR N
N R.D R
CPatel:ac CThomas DCrutchfield HThompson i
t HD on 05/ /85 05/./85 05/ /85 06/ g/85 ~
/Q /85 QE/tt/85 ob
Mr. E. P Rahe, Jr. previously-approved designs, we determined that such features could reasonably be expected to satisfy the intent of current regulatory guidance and requirements if they were properly designed. Finally, our review revealed that substantial additional analyses would be required to satisfy the reouirements of proposed severe accident policy statement; however, we see no reason that the design could not meet the requirements as proposed without major modifications.
In summary, we believe there is reasonable assurance that the proposed design, if properly developed, could satisfy current regulatory guidance and requirements and would, therefore, be licensable. However, it must be emphasized that this conclusion is an advisory opinion on the potential licensability of the proposed design; it is provided without prejudice as to the acceptability of a license application incorporating the design.
Sincerely, l
Harold P. Denton, Director Office of Nuclear Reactor Regulation Erclosure:
As stated a
4 l
DISTRIBilTION:
Central File SSPP/ Reading file CPatel CThomas DCrutchfield FMiraglia HThompson DEisenhut HDenton
(?f))
DL:3SPB D
DL:DIR NRR:DD NRR:DIR CPatel:ac i o.a s 4D DC field HThompson DEisenhut HDenton 06/od/85 ($///85 h/ ///85 05/ /85 05/ /85 05/ /85
Mr. E. P Rahe, Jr. previously-approved designs, we determined that such features could reasonably be expected to satisfy the intent of current regulatory guidance and requirements if they were properly designed.
Finally, our review revealed that substantial additional analyses would be required to satisfy the requirements of proposed severe accident policy statement; however, we see no reason thet the design could not meet the requirements as proposed without major modifications.
In summary, we believe there is reasonable assurance that the proposed design, if properly developed, could satisfy current regulatory guidance and requirements and would, therefore, be licensable. This conclusion is an advisory opinion on the potential licensability of the proposed design and is provided without prejudice as to the acceptability of a license application incorporating the design.
Sincerely,
/
w Harold R. Denton, Director Office of Nuclear Reactor Regulation
Enclosure:
As stated 3
r
Enclosure OFFICE OF NUCLEAR REACTOR REGULATION UNITED STATES flVCLEAP PFGULATORY COMMISSION ADVISORY OPINION ON THE LICENSABILITY OF THE IlESTINGHOUSE ELECTRIC CORPORATION 1000 MWE NUCLEAR STEAM SUPPLY SYSTEM Introduction and Summary By letter dated April 19,1985, (NS-t:PC-3031), Westinghouse Electric Corporation (Westinghouse) submitted a proprietary document entitled " Design and Licensing Description of the Westinghouse 1000 MWe Nuclear Steam Supply System," and requested that the staff review the proposed nuclear steam supply system (NSSS) desion concept described therein and provide "...an advisory opinion on the licensability o' the proposed design...."
This report describes the limited review the staff conducted in response to Westinghouse's recuest and the overall conclusiens that the staff reached as a result of that review. The report is organized to correspond to the sections of Westinghouse report.
Westinghouse's report describes, principally by comparison with previously-reviewed design features, its 1000 MWe NSSS design that it is developing for i
"... domestic a,d international application in the current time frame." The report also briefly describes the upgraded features of the proposed design and provides a limited safety assessment of the design with respect to current regulatory guidance and reoufrements.
In addition, the report addresses a number of the issues, but not all, that would be required by the Connission's proposed severe accident policy statement.
The staff's review was based upon the infomation provided in Westinghouse's report, supplementary in#nrmation in specific areas provided by Westinghouse in response to the informal staff requests for additional information and previous ste#f evaluations of design features similar to those of proposed desion. The desion features which the staff had not previously reviewed were evaluated for general consistency with current regulatory guidance and recuirements. The staff review riso included a limited review of Westinghouse's approach to the proposed severe accident issues for new plants.
Pased upon the limited review, the staff concludes that the proposed desion, as presented by Westinghouse in its report and by supplementary information, is generally similar to designs recently approved by the staff for construction and/or operation in the United States.
For those features which differ frnm previously-approved designs, the staff determined that such features could reasonably be expected to satisfy the intent of current regulatory guidance and requirements if they were properly designed.
- Finally, the review revealed that substantial additional analyses would be required to
l i
.. satisfy the requirenents of proposed severe accident policy statement; however, the staff sees no reasnn that the design could not meet the requirements as proposed without refor modifications, j
i In sumary, the staff believes there is reasonable assurance that the proposed l
conceptual design, if properly developed, could satisfy current regulatory I
guidance and requirements and wout<f, therefore, be licensable. This conclusion I
is an advisory opinion on the potential licensability o' the proposed design and is provided without pre,iudice as to the acceptability of a license
]
application incorporating the design.
l I
l
- i l
1.0 OVERVIEW l
1.1 Background
l Westirghouse has developed a design for a FSSS with a core output of 2910 MWt i
(1000 MWe) and with design features primarily based upon existing technology.
The 1000 MWe plant design includes several changes and upgrades that were made
-to its previously-approved, standard three-loop plant design. The design goals
{
and ob.iectives were aimed at improved safety, reliability / availability and i;
increased operational margins in plant operation, l
1.2 Desion Sumary The 1000 MWe NSSS utilizes a standard four-loop size reactor vessel (e.g.,
SNUPPS) integrated into a three-loop design with a four-loop size,193 fuel assembly core. The reactor vessel thus has:six nozzles instead of the eight i
nozzles of the standard four-lcop plant. The Westinghouse optimized fuel i
assembly is used in the core design. This configuration results in lower reactor vessel and internals fluence, lower core power density and increased i
margin for safety and operation.
In addition, this configuration incorporates larger accumulators, pressurizer, and pressurizer relief tank than the three-loop design. The reactor vessel internals are, with minor modifications, identical to those used in existing four-loop Westinghouse plants.
The proposed MSSS design utilizes Westinghouse Model 100 reactor coolant pumps j
with minor design modifications.
Provisions are made to assure reacter coolant pump (RCP) seal injection under accident conditions to further i
reduce the probability of seal failures.
4 The 1000 MWe NSSS includes Westinghouse Model F steam generators, which are similar to those used in several recently-licensed Westinghouse NSSS designs.
i Westinghouse has made several modifications to this steam generator design to j '
radiation exposure, improve structural margins, enhance reliability and reduce occupational j
The safety injection system (SI) consists of two independent and redundant i
subsystems and three accumulators. Each of the SI subsystems receives power j
from one of two separate and redundant safety class IE electrical power trains, i
and each receives actuation signals from one of two separate and redundant j
actutation trains. The major components in each SI subsystem are 'one high-head safety injection (HHSI) pump, one low-head safety injection / residual heat l
removal (LHSI/RHP) pump and one RHR heat exchanger. There is also a single positive displacement pump which serves the purpose of emergency RCP seal injection. The charging and safety injection functions have been separated in the design of emergency core cooling system.
The residual heat removal (RH') system is functionally identical to standard j
Westinghouse RHR systems. However, a number of design changes have been made j
to simplify the system and/or improve the reliability / availability of the system.
The design includes an emergency feedwater system which consists of two l
1
i
)
s 4.
identical subsystems, each of which receives electrical power from one of the two safety / class IE electrical power trains.
Each subsystem consists of one fifty-percent capacity motor-driven and one fifty-percent capacity turbine-driven pump. Pump runout protection is provided by cavitating venturies located in discharge line of each pump. These venturies are also used to control cooldown, and containment mass and energy release following postulated pipe breaks.
The chemical and volure control system (CVCS) for the 1000 MWe NSSS is essentially identical to those used in current Westinghouse three-loop plants.
The primary differences between the system designs originate from systen refinenents as well as the separation of safety-related functions from the CVCS.
Adverced instrumentation and control (ISC) systems have been incorporated into the design to upgrade technology. The advanced 18C designs include the Festinghouse integrated protection and control systems, end an advanced control room concept.
a Finally, the applicable requirements from the Tit! Action Plan have been incorporated in the design.
)
d
s 2.0 REACTOR COOLANT SYSTEM COMPONENTS 2.1 Peactor Coolant System Design The reactor coolant system (RCS) in the 1000 MWe NSSS design is composed of standard Westingbouse components which have been modified for incorporation in the 1000 MWe NSSS application. The primary equipr'ent associated with the reactor coolant system is as follows:
- Four-loop reactor vessel with three inlet and three outlet nozzles.
- Four-loop size reactor internals,
- Three Model F steam generators.
- Three Model 100 reactor coolant pumps.
- Pressurizer,
- Pressurizer Relief Tank, and
- Control Rod Drive Mechanisms.
The design of the RCS components closely follow the designs which have been previously reviewed and approved by the staff for construction and operation.
Where changes or modifications have been made, the emphasis was placed on improving design margin and reliability, as well as reducing occupational radiation exposure.
Westinghouse states that t.1e structures, systems and components within the NSSS scope of supply rely extensively on the application of industry codes and standards that have been used as accepted industry practice. These codes and standards are the same as those reviewed by the staff and found acceptable for recently-licensed Westinghouse plants. Also, Westinghouse states that the design conforms to the NRC general design criteria and regulatnry guides in a manner comparable to recently-licensed Westinghouse plants.
Westinghouse's report presents an analysis of flow-induced vibration of the reactor internals and makes plausible arguments that the behavior of the 1000 MWe reactor internals is well-characterized and that the structural adequacy of its components is assured.
In addition, the report presents seismic analysis for the reactor vessel and internals.
Only limited data and information were provided as to materials selection and the thermal and/or mechanical processing of materials used in the control rod drives, reactor internals, reactor coolant pressure boundary, reactor vessel, steam generators and engineered safety feature systems.
Inconel 690 and'Inconel 800 are used in the 1000 MWe NSSS design.
Although no detailed list of conformerce to codes and standards, general design criteria (GDC) and regulatory guides has been provided, the use of previously-accepted codes and standards, and previously-accepted interpreta-tions of the GDC and regulatory guides provide reasonable assurance that the i
design of the RCS components would be found acceptable.
a
d i
- The 1000 MWe NSSS employes a four-loop reactor vessel and internals in a three-loop configuration.
In addition, certain modifications have been made to the reactor internals. The flow pattern in 1000 MWe reactor will thus be different
' rom that in either three-loop or four-loop plants.
The matter of flow-induced vibration would, therefore, have to be evaluated for this design. The staff did not have sufficient information to conclude that the 1000 MWe NSSS can qualify as a non-prototype plant as defined in Regulatory Guide 1.20.
After reviewing the data from several nuclear plant sites, Westinghouse developed a representative floor response spectra 'or the seismic design of the reactor vessel and internals for the 1000 Mwe NSSS. The staff would require considerable additional information in order to draw any conclusions
~ regarding the conformance of the design to the provisions of Regulatory Guide 1.60.
s The use of Inconel 690 and Inconel 800 are under generic review, and conclusions as to the acceptability of these materials have not been reached at this time.
However, Inconel 690 has been approved for use as a tube sleeve material for the repair of Inconel 600 tubes in Westinghouse steam generators, and at present, the data 'available shows Inconel 690 has at least equivalent perfor-mance compared to Inconel 600.
The staff concludes ~that the materials to be used should generally be acceptable and should meet the requirements of 10 CFR Part 50 provided that:
- 1) the materials and their thermal and mechanical processing are similar to other plants recently licensed; ?) the recommendations of the regulatory guides applicable to materials are followed; and 3) if alternative approches are taken, the alternative approaches are acceptably justified.
2.2 Core Design The 1000 MWe fuel system design is comprised of 193 fuel assemblies, 53 rod cluster control assemblies (RCCAs) and, initially,1888 burnable absorber rodlets. The fuel assemblies are the Westinghouse 17 x 17,12-foot, eight-grid optimized desigt. The RCCAs are full-length hafnium. The burnable absorbers are the hestinghouse wet annular design.
The standard optimized fuel assembly (OFA) has been reviewed and approved by the sta#f on a generic basis (WCAP-9500 " Reference Core Report for 17x17 t-Optimized Fuel Assembly") and for application in several operating reactors designed by Westinghouse. These reviews have covered both generic and plant-specific details, and have addressed the use of hafnium control rods and the use of the improved thermal design procedure (ITDP) and the WRB-1 correlation for thermal-hydraulic design and transient analysis.
The 1000 MWe core performance differs from that of previously-reviewed designs primarily in the core power level and core flow. Most of the other design features and parameters are similar to those of previously-reviewed designs.
There are certain differences which should be mentioned, however.
~ The design utilizes wet annular burnable absorber rods rather than the usual borosilicate glass rods. These rods have not been reviewed for first-cycle use, however, they have been reviewed and approved for use in several reactor reload applications (e.g., Zion and Cook). Therefore, there is reasonable assurance that they would be found acceptable in the 1000 MWe design.
The design burnup for the fuel is larger than that in previously-approved designs. However, it falls within the range of burnups considered in recent
" extended burnup" reviews for Westinghouse fuel (WCAP-10414. " Extended Fuel Burnup Generic Technical Studies") which we expect to find acceptable. We would, therefore, also expect it to be acceptable for the 1000 MWe NSSS design.
Pelated core physics parameters, e.g., fuel enrichment, kinetic and reectivity parameters, are expected to fall within or close to previously-reviewed ranges and should, therefore, be acceptable.
The core power level and average power density are lower than usual. This provides edditional safety margin for many events.
It also permits the use of an increased design total peaking factor, F, while meeting LOCA criteria with the analysis methods used for this design. SThe peak power density with this F is still less than usual. Thus, no new fuel problems are introduced. The n
1Frger F can permit greater freedom in power change maneuvers and flexibility n
of contr51 rod moves and axial xenon control, particularly in connection with the improved excore neutron detector axial power distribution monitoring system.
The design enthalpy rise peaking factor (F
) appears to remain at the usual value, but minimum nominal departure from $cleate boiling ratio (DNBR) initial condition for transient analyses have been calculated with a larger value.
The incore power distribution measuring system is the same as that used in previously-reviewed designs, but the excore system, as part of the new integrated protection system, will use four axial-segment detectors instead of the usual two. Axial power distribution control and monitoring with this system have had only limited review thusfar (in connection with RESAR-414 and RESAR-SP/90). The procedures and limits for operation with this surveillance system, potential axial power distribution extremes (particularly with the higher Fn potential of this reactor) and the uncertainties attributed to the associated analyses have not been reviewed. However, it is recognized that this is an improved axial distribution surveillance system with increased resolution.
It is expected that procedures and limits, possibly related to relaxed axial offset control (RAOC), can be easily devised to maintain suitable distributions compatible with F limits and with axial shapes used for n
DNBR analyses.
While the design power density is reduced, the coolant flow is reduced even more than would normally be expected. An additional assumed design flow decrease is provided to allow for steam generator tube plugging. Unlike the power density, reduced coolant flow results in a decrease in the margin for DNB-associated events. Westinghouse has indicated a decreased (from usual) minimum DNBR at nominal conditions (using, however, the increased F ),and increased core and exit coolant temperatures. They have also indica ed
_a.
a reduced minimum (limiting) DNBR for transients by not including the usual
" plant allowance," " design flexibility" extra margin, and thus the difference between initial and limiting DNBP remains closer to usual.
Furthemore, for the previous designs, using ITDP, there are larger margins to DNB limits for relevant design transients. The methodologies for analysis in these areas are acceptable assuming appropriate limits are placed on the axial power distribution. The increased coolant tenperatures are still in a reasonable range. The margins are such that there should be no significant problems of acceptability in this area.
Based upon the substantial licensing precedents and satisfactory operating experience with the similar fuel system design, the staff concludes that the 1000 MWe NSSS fuel design should perform acceptably and should, therefore, be acceptable.
h 3.0 FLUID SYSTEMS 3.1 Reactor Coolant System The 1000 MWe reactor coolant system (RCS) design is basically the same as that of standard Vestinghouse three-loop NSSS designs. However, a number of modifications have been made to improve design margins, erhance safety and reduce personnel radiation exposures. Specifically, these modifications include safety-grade reactor vessel and pressurizer vent paths to vent non-condensible gases, reactor coolant systen safety and relief valves of the type included in the industry /EPRI testing program, indication of pressurizer power-operated relief and safety valve position in the control room, emergency power supplies for the pressurizer heaters, a reactor vessel level indication system (RVLIS), a cold overpressure mitigation system (COMS), and deletion of the het leg manifold and incorporation of the N-16 power monitor.
The substantial licensing precedent for the Westinghouse three-loop designs coupled with the design improvements described above provides reasorable assurance that the 1000 MWe NSSS RCS design would satisfy the applicable licensing requirements.
3.2 Chemical and Volume Control System The 1000 MWe NSSS chemical and volume control system (CVCS) design and capabilities are essentially identical to those of current three-loop plants, e.g., Shearon Harris. The primary differences between the sys.em designs originate from system refinements and enhancements, as well as the separation of safety-related functions from the CVCS.
The CVCS of the Westinghouse 1000 MVe NSSS uses two charging pumps, of a higher design pressure than the Shearon Harris' CVCS charging pumps, for normal plant operation. Separate safety injection pumps in the emergency core cooling system of the Westinghouse 1000 MWe NSSS provide the high-head safety injection capability during emergency core cooling and, in conjunction with the refueling water storage tank, provide the borated water to maintain reactor shutdown margins.
The Shearon Harris plant uses three CVCS charging pumps to meet redundancy requirements, to maintain reactor shutdown margins and for use in high-pressure safety injection during emergency core cooling. However, since the proposed CVCS in the Westinghouse 1000 MWe NSSS is not designed to maintain reactor shutdown margins, and will not be used for high-pressure safety injection during emergency core cooling, the two CYCS charging pumps in the Westinghouse 1000 MWe NSSS appear to be adeouate to meet the reduced design functions of the CVCS.
Given that the functions important to safety are perfomed independently of the CVCS, and that the CVCS for the 1000 MWe NSSS is otherwise essentially identical to current Westinghouse CVCS designs, we conclude that this design should meet current licensing requirements.
.. 3.3 Emergency Core Cooling System The safety infection (SI) system consists of two independent and redundant subsystems and three accumulators. Each SI subsystem receives electrical power from one of two separate and redundant safety Class IE electrical power trains, and each receives actuation signals from one of two separate and redundant actuation trains.
Each subsystem consists of one high-head SI pump, one low-head SI pump (which also serves as an RHR punp), and one RHP heet exchanger.
No piping connections which are subject to a single feilure are provided between the subsystems with the exception of a single line from the refueling water storage tank (RWST).
A branch line from each high-head and low-head SI pump discharges into each RCS cold leg via the accunulator discharge piping during the injection and recirculation modes of operation. During hot leg recirculation, isolation valves in each of the high-head and low-head pump headers are closed to deliver flow simultaneously to the cold legs and to one hot leg.
No operator actions are necessary during the in,iection phase of operation.
Changeover from the in,iection mode to recirculation is accomplished automati-cally when the RWST water level reaches a predetennined level in conjunction with an SI actuation signal. An alarm is provided to alert the operator that a switchover is in progress. The operator would then verify completion of the switchover operation and manually secure the RWST by closing appropriate valves.
As discussed in previous section, the CVCS is not a part of the ECCS for the 1000 MWe NSSS design. High-head safety injection functions are provided by separate high-head SI pumps.
In addition, the 1000 MWe design is such that if the charging pumps are unavailable to provide RCP seal in)iection, supplementary seal injection is provided by a positive displacement (PD pump within the safety injection system.
The PD pump starts automatically on either low charging header pressure or a signal indicative of both centrifugal charging pumps being stopped. With these features and the fact that PD pump is automatically loaded onto one of the diesels on a loss-of-offsite-power signal coincident with a LOCA or a steamline break accident, a more reliable RCP seal injection is provided with the 1000 MWe design. Automatic pump start and the availability of emergency power ensure additional seal support under accident conditions. Westinghouse also states that a small diesel dedicated to the PD pump can easily be added to the design if it becones desirable to include a diverse power source for the alternate pump. The staff agrees that this or similar modifications could be incorporated into the 1000 MWe NSSS design at a later date should it prove desirable. Such changes should #urther reduce the probability of RCP seal LOCAs.
The other features of the 1000 MWe NSSS ECCS include:
- A design and component sizing that keeps the core covered for break sizes up to the equivalent of a five-inch diameter pipe when the calculations are perforried on en Evaluation Model (EM) basis.
The shutoff head of the high-head SI pumps is lower than the RCS operating pressure so that an inadvertent SI ectuation will not result in injection into the RCS, repressurization under steam lire break conditions is reduced and PORVs and safety valves will not be lifted due to actuation of the SI system. At the same time, the pressure is high enough that injection is obtained at relatively high PCS pressure, which should be effective in mitigation of some accident and transient conditions.
The need to isolate low-head SI pump miniflow valves during safety injection or recirculation has been eliminated.
The low-head SI pump design head is somewhat greater than in other Westinghouse designs to provide more overlap with injection from the accumulators.
Portions of the high pressure side of the low-head system also have a higher design pressure than previously provided.
These features appear beneficial. The basic concept for the SI system is similar to other Westinghouse designs that the staff has reviewed and approved.
The staff's review of the 1000 MWe design did not reveal any feature that is axpected to impact unfavorably upon the acceptability of the design.
3.8 Residual Heat Removal System The 1000 MWe NSSS residual heat removal (RHR) sytem is functionally identical to other Westinghouse RHR systems. The design consists of two independent and redundant subsystems. Each subsystem receives electrical power from separate and redundant safety class IE electrical power trains. Each RHR subsystem consists of one RHR pump, which also serves as a low-head safety injection (SI) pump; one RHR heat exchanger; and the required piping, valve, and instrumente-tion. Each RHR pump is provided with a minimum flow bypass line which returns
- flow to the pump suction to provide continuous recirculation flow.
System overpressure protection is provided by three spring-loaded relief valves in each train--one on the discharoe side of the RHR pump, and two in parallel on the suction side.
A number of design changes have been made to simplify the system and improve its reliability / availability. The changes include a higher design pressure, changes in pump capacity, automatic control of bypass for low-flow conditions, upgrading of flow control ard design simplifications. Pressure control provisions are provided for low-pressure operation.. Isolation valves are provided to protect the RHR system from the high pressure of the reactor coolant system during normal operation.
However, there is no obvious provision for checking the actual closure condition of individual suction line valves. This may impact on the probability of LOCA outside containment.
4 g
- The RHR system for the 1000 We NSSS is essentially identical to that of previously-approved designs except that it includes certain improvements.
Therefore, there is reasonable assurance that such system would meet current regulatory requirenents.
3.5 Emergency Feedwater System The emergency feedwater system consists of two identical subsystems each of which receives electrical power from one of two safety Class IE electrical power trains. Each subsystem consists of a primary emercency feedwater tank, one fifty-percent capacity motor driven emergency feedwater pump, one fifty-percent capacity turbine driven emergency feedwater pump and the required piping, valves, instruments and controls necessary for system operation.
The use of both motor-driven and turbine-driven pemps satisfies the requirement that the pumps be powered by diverse power sources.
The emergency feedwater pumps take suction from the primary emergency feedwater tanks and discharge into the main feedwater piping between the steam generator feed nozzle and the last check valve in the main feedwater line. Alternatively, the emergency feedwater can be pumped directly into the auxiliary nozzles on the steam cenerators. A primary emergency feedwater supply tank, to which the suction of the emergency feedwater pumps are normally aligned, is provided in each subsystem. The tanks are safety grade and seismically qualified.
Each tank contains e cuantity of condensate-quality water sufficient to allow the
~
plant to be maintained in hot standby for several hours followed by a five-hour cooldown of the plant to 350'F.
A cavitating venturi is located in the discharge line of each emergency feedwater pump. The cavitating venturies serve to prevent pump runout, prevent overfill of the steam generators, minimize mass and energy release to the containment and prevent excessive flow rates of emergency feedwater which could cause an excessive cooldown rate of the RCS components.
Based on the limited review, the staff determined that the emergency feedwater i
system is comparable to or possibly better than those of pre /iously-epproved Westinghouse designs. Therefore, the staff conclude that the 1000 We NSSS emergency feedwater system design should meet current reculatory requirements.
I
i.. 4.0 INSTRUMENTATION AND CONTROL 4.1 Instrumentation and Control Systems The 1000 MWe NSSS instrumentation and control systems are similar to those used in the RESAR-414 design. The results of our the staf#'s review of RESAR-414 are sunnarized in NUP.EG-0491, " Safety Evaluation Report Related to the Preliminary Design of the Standard Reference System RESAR-414," dated Noventer 1978.
The Festinghouse RESAR-414 and 1000 MWe NSSS designs share the following design features:
Same regulatory bases and design criteria as previously-licensed plants, Four-channel redundancy for all protection functions, Automatic reactor power control and power distribution via a power control system, Fiber optic signal transmission, Automatic periodic testing and channel bypassing during testing, Continuous on-line failure detection with automatic placement of a failed channel into a preferred state.
Two-out-of-four configuration for the reactor trip breakers, Redundant signal selectors integrated into the control system, and Microprocessor-based hardware.
The following.new design concepts of the 1000 MWe NSSS were not included in the PESAP,-414 design:
ATWS mitigating system (AMSAC) wich generates turbine trip and emergency feedwater actuation signals independent of the integrated protection system and which are intended to meet the requirements of 10 CFR 50.6?.,
Automatic reactor trip system actuation of the breaker shunt trip coils similar to the modifications provided in response to Generic Letter 83-28 for Westinghouse near-term operating license and i
operating plants, Two independent reactor trip groups and two independent enoineered safety feature actuation groups intended to provide functional diversity and enhance reliability..
A control room design that fully integrates R.G.1,47 and R.G.1.97 provisions into early design phases, Engineered safety features logiy cabinets which are distributed throughout the plant which are e tended to provide an additional n
degree of fault tolerance, and
" Fail-safe" logic which is dynamically and magnetically coupled such that any logic failure will cause de-energization of the corresponding j
reactor trip breaker undervoltage coil.
I In NUREG-0493, "A Defense-in-Depth and Diversity Assessment of the RESAR 414 r
Integrated Protection System," the staff documented the results of its review of the RESAR-414 integrated protection system (IPS). As part of that review, l
- the staff developed what was referred to as the " Block Concept" to help assess the system architecture. This approach provided a method for assessing the merits of the IPS architecture with respect to defense-in-depth without performing a detailed design review. Using the block concept, the staff concluded that the design principles of the IPS architecture were sufficiently consistent with the defense-in-depth guidelines to support the issuance of a PDA. As part of its review, the staff identified the following topics which were to be evaluated as part of the IPS verification program:
Environmental qualification of the system, Interface requirements of the system, Pypass logic and interlocks, Failure modes and effects analysis, Reliebility analysis, Analysis and test to be performed in response to the reoufrements of NUREG-0493, and Limiting Conditions for Operation (LCO).
These topics will be reviewed as part of the review of the conceptually-similar RESAR-SP/90 design.
The IPS for the 1000 MWe NSSS design is similar to that of RESAR-414, has some additional improvements and is consistent with the principles and guidelines of NUREG-0493. Based on these considerations, the staff concludes that a plant design utilizing the IPS should be acceptable.
The integrated control system (ICS) extends the range of automatic control beyond the current range used in operating plants in the U.S.
Automatic rod control will be available over the entire range of power operation, including power escalation from turbine synchronization and loading. This rod control system will operate on the basis of cold-leg temperature in lieu of the average reactor coolant temperature currently used today. Even though the extended range should relieve the workload for control room operators and reduce the challenges to safety systems caused by human errors, the extended use of automatice control systems may require new instrumentation to enable control room operators to properly monitor the plant's operation. This matter will be evaluated as part of the RESAR-SP/90 review.
The ICS will receive some input signals from the IPS via redundant signal selectors. Our review of the signal selector for RESAR-414 concluded that the proposed design was acceptable. However, the staff suggested that several tests of the selector were necessary to validate and demonstrate the proposed design. Based on the similarity ot the RESAR-414 and the staff's on-going review of RESAR-SP/90, which utilizes a similar ICS design, the staff concludes that a plant design utilizing the ICS should be accepta ble.
Westinghouse's approach for software development is a structured, disciplined systematic program for all phases of software design. A module concept is used in the development of the software. A module is defined as the smallest
i
- 4 element of software with only one entry point and one exit point. The module concept is used in con.iunction with structured progransning and top-down j
development. Also, extensive use will be made of the library concept as stringent requirements will be placed on programs before they are accepted by )
the library. The staff reviewed the software verificatien and validation (V&V i
l program during the evaluation of RESAR-414 and concluded that the Festinghouse i
software development approach worked very efficiently towards achievement of a highly reliable software package. The staff also concluded that the Westinghouse V8V program was equivalent to similar efforts used in aerospace and defense-i related programs within the 11.S.
Based on these conclusions and the staff's on-going review of RESAR-SP/90, which utilizes a similar Westinghouse V&V program, the staff concludes that a plant design utilizing software developed under a Westinghouse V8V program should be acceptable.
i Fiber optic data transmission war used extensively within the RESAR-414 design to maintain the required electrical separation between redundant safety-related channels and to maintain electrical isolation between safety and non-safety related systens. The staff detemined that this was acceptable. Based on this, the similarity to the RESAR-414 design, and the staff's on-going review of RESAR-SP/90, which also utilizes fiber optic data links, the staff concludes that a plant design utilizing fiber optic data transmission should be acceptable.
1 1
4.2 Control Room The 1000 MWe NSSS control roon uses advanced computer graphics presentation systems in the form of high-resolution color graphics cathode ray tubes (CRTs) and qualified monochromatic plasma display panels to present the data base to the operators. The information system consists of two parts--the alam systen and the general infomation system.
The alam system uses plasma flat panels to provide a high level overview of the state of the plant from a functional or goel achievement point of view (alam) and to allow the operator to cuery the alarm data base and to ask for additional details about the causes and implications of the alarms.
4 The general information system consists of a coordinated set of four CRTs.
The general infomation system provides the operator with display access to any and all data that is in the data base and, as in the case with the alam system, displays the requested data in its appropriate context, i.e., shows the links or relationships that the requested data has with all other appropriate data in the' data base.
A circular arrangement has been selected for control room design. The control room design' includes three work stations as described below:
A main board, from which any and all decision / control actions can be
- made, G
9
,n
-n--
>aw.
. A primary control center, from which decision can be made and control actions are limited to system level operation relevant for 0-100% power operation, and A supervisory station, from which decision can be made and which is the
~
focal point for communications. No contrni actions can be accomplished at this station.
Ergonomics is included in the design of the information and alarm system, and in the control room and main control board layouts.
In addition, the interfacing control centers of the remote shutdown panel and technical support center are included using the same design process as the control room so that transition from one facility to another is accomplished in a sinple ard straightforward manner.
Westinghouse states that the control room design methodology is another applica-tion of the process described in WCAP-10170, " Emergency Response Facilities Design and Verification and Validation Process," which was submitted as part of the documentation for the staff's review of the Westinghouse generic safety paraneter display system. The staff accepted the design and design verification methods for the development of the generic Westinghouse safety parameter display system.
The qualifications of the individuals that make up the multidisciplinary design team were not addressed. However, the disciplines that were identified may be adequate to conduct the detail control room design review.
In addition, the process described for conducting the function and task analysis appeared adequate for identifyino operator information and control requirements.
Based on the information presented, there is reasonable assurance that the proposed control room design and design methodology could satisfy the current regulatory requirments for control raom design.
i l
5.0 SAFETY ANALYSES 1
5.1 General Discussion Westinghouse has either analyzed or evaluated the most limiting applicable i
accidents of Section 15 of the Standard Peview Plan to demonstrate the licensability of the 1000 MWe NSSS. Many of the usual non-LOCA accidents were not analyzed because the 1000 We NSSS safety margins are comparable to those of previously-reviewed three-loop Westinghouse plants.
5.2 Non-Loss-of-Coolant Accidents l
Westinghouse has provided evaluations for loss of non-emergency AC power to station auxiliaries, loss of normal _feedwater, feedwater system pipe breaks, i
and inadvertent opening of a steam generator safety or relief valve. A review of these analyses, as described in Westinghouse's report, revealed no unexpected behavior. The staff concludes.that there is reasonable assurance that the j
1000 MWe NSSS would be acceptable with respect to non-LOCA accidents.
5.3 Loss-of-Coolant Accidents Westinghouse presented typical results for a spectrum of large and small break loss-of-coolant accidents. The results indicate no core uncovery for small breaks up to approximately five inches in diameter, with uncovery for breaks of larger size. Large break analyses are presented for discharge coefficients ranging down to 0.4.
It is not clear that a maximum peak clad temperature has been detemined as a function of break characteristics as is required by Appendix K to 10 CFR Part 50. However, this is not expected to impact upon the acceptability of the 1000 MWe NSSS due to the similarities with other previously-analyzed plants where there was no difficulty in meeting the regulatory requirements, and due to the low peak clad temperatures reported for the 1000 l
MWe NSSS design, Overall characteristics of the 1000 MWe NSSS design are similar to those of.
i
{
other previously-analyzed Westirghouse NSSS designs. - The analyses indicate somewhat better performance for the 1000 MWe NSSS under small-break LOCA 4
conditions. Core uncovery does not occur in the smaller break size spectrum, j
which probably represent the more probable LOCA accident.
l Although additional information would be required to demonstrate confomance i
to the 10 CFR 50.46 acceptance criteria,'it-is expected that the calculations will meet the regulatory requirements, and will not impact upon the acceptability of the 1000 PWe NSSS design.
5.4 Steam Generator Tube Ruoture Accident Westinghouse did not provide analyses of 1000 Mwe NSSS behavior under steam generator tube rupture conditions.
However, they provided some summary-information indicating that break flow rate and the time to overfill of the steam generator for a rupture.of one tube were roughly comparable to those l
l
- of previously-analyzed three-loop Westinghouse plants. This information indicates that there are no significant differences between the 1000 MWe NSSS design and other Westinghouse designs. Therefore, it is expected that 1000 ti'le t'SSS would satisfy applicable regulatory requirements.
5.5 Containment Analysis Westinghouse does not include a specific containment design nor has it indicated a specific range of containment design parameters which would be applicable to the assessment o' containment-related issues. However, Westinghouse has advised the staff that it is their intent to incorporate the 1000 MWe NSSS with a dry containment similar to those conventionally utilized for three-loop reactors of a lower pcwer rating (on the order of 2785 MWt). Westinghouse has utilized a specific set of containment systems parameters for a three-loop plant in order to analyze the consequences of selected accidents. Thus, the staff's evaluation and conclusions are based on the paraneters selected by Westinghouse in Section 5.5 of its report for analysis.
As part of its evaluation, the staff has considered the following in its assessment of the impact of the larger reactor in a conventional three-loop containment design:
Containment response to design basis loss-of-coolant accident (LOCA),
Containment response to design basis main steam line break accident, Subcompartment analyses, H considerations, and p
Severe accidents.
With regard to the containment atmosphere pressure and temperature response to a design basis LOCA, Westinghouse has provided analyses to demonstrate substantial margin between peak calculated pressure and the 60 psig design pressure for the selected containment parameters.
Furthermore, Westinghouse has demonstrated the adeouacy of active heat removal systems to reduce the atmosphere pressure. Therefore, we believe that the containment safety nargins with regard to the design basis LOCA can be shown to be adequate.
Westinghouse has not perfonned specific analysis of the containment atmosphere response to main steam line breaks to demonstrate acceptable consecuences.
Westinghouse her asserted that the consequences would not be significantly different from those of other three-loop Westinghouse plants. The staff generally agrees that the peak pressure resulting from a postulated main steam line break is likely to be well below the design pressure. However, it is not clear whether the atmosphere temperature transient, using the methodology of NUREG-0588, " Interim Staff Position on Environmental Qualification of Safety-Related Electrical Equipment " would be similar to that calculated for existing three-loop plants. Nevertheless, Westinghouse has comitted to provide environmentally-qualified eouipment.
Westinghouse has not analytically assessed the effects of locating the 1000 MWe NSSS, which uses a reactor vessel sized for four-loop plants, in a subcompart-
. ment geometry associated with a three-loop plant. Since a larger reactor vessel is to be located within the reactor cavity, the staff questioned whether consideration of pipe breaks could show an effect on asymetric loads and subccirpartment pressures. Westinghouse informed the staff that discussions with Bechtel have lead them to conclude that modifications to existing designs (such as strengthening of walls with additional rebar) could compensate for such effects if shown to be necessary.
In addition to other design modifications, the 1000 MWe NSSS contains a reactor. core with more Zircaloy than either conventional three-er four-loop Westinghcuse reactors. While outside the scope of the 1000 MWe NSSS design, it appears likely that a plant utilizing the 1000 MWe NSSS would be reovired to provide additional hydrogen control capability in order to comply with the requirements of 10 CFR 50.34(f).
In considering the ability of the containment to mitigate the consequences of severe accidents, Westinghouse has compared selected containment parameters for the 1000 PVe NSSS design with the parameters associated with the Zion nuclear plant. From this comparison, and without specific analyses, Westinghouse concludes that a plant utilizing the proposed NSSS design would not respond in a significantly dif'erent manner from the Zion plant. The staff, is unable to reach any definitive conclusions on this matter at this time given that plant responses are dependent on specific-plant features.
It is feasible, however, that for a given containment design, the effect of incorporating the 1000 MWe NSSS design may be minimal.
l l
- 6.0 CUPPENT LICENSING ISSUES 6.1 Proposed Severe Accident Policy Statemnt Comission policy is being fomulated with regard to severe accidents..This policy is described in a draft version of NUREG-1070, "NRC Policy on Future Reactor Designs: Decisions on Severe Accident Issues in Nuclear Power Plant Regulation," dated October 1984..The proposed policy would require that the following steps be accomplished in order for the design to be shown acceptable for severe-accident concerns.
Demonstration of compliance with the procedural requirements and criteria of the current Comission regulations, including the Three Mile Island requirements for new plants as reflected in the CP Rule [10 CFR 50.34(f)?;
Demonstration of technical resolution of all applicable Unresolved Safety Issues and the medium-and high-priority Generic Safety Issues, including a special focus on assuring the reliability of decay heat removal systems and the reliability of both AC and DC electrical supply systems; Completion of e Probabilistic Risk Assessment (PRA) and consideration of the severe accident vulnerabilities the PRA exposes along With the insights that it may add to the assurance of no undue risk to public health, safety, and property; and Completion of a staff review of the design with a conclusion of safety acceptability using an approach that stresses deteministic engineering analysis and judgernent complemented by PRA.
Westinghouse provided a brief description of 1000 We NSSS design features which address those CP Rule items related to the design. The staff has reviewed this discussion and concludes that the 1000 We NSSS design appears responsive to the requirements of the 10 CFR 50.34(f) items considered. Detailed evaluations would require additional infomation, however, the staff sees no reason why the design could not be acceptable.
The applicable Unresolved Safety Issues (USI) are discussed in Section 6.2 of Westinghouse's report. The text offers plausible arguments that the NSSS design could be construed to satisfy USIs A-1, A-3, A-9, A-11, A-12, A-46, and A-49.
Better documentation would be required for licensing. but the staff sees no reason to anticipate problems with the design.
In the absence of a generic resolution for A-17, Systems Interactions, the staff would expect that careful attention be paid to the potential for fault propagation between interconnected systems and interaction due to external events particularly in areas where support systems are clustered and a single event has the potential to negate multiple safety systems.
j The text on Station Blackout, USI A-44, fails to mention the design basis ten-hour loss of all AC power with the single failure criterion mentioned in the section on the Design Goals and Objectives.
It is expected that emergency -
- feedwater system for the 1000 We NSSS will improve system reliability. The staff would expect a reactor coolant pump seal LOCA to be postulated for extended blackouts in the absence of sustained seal cooling or strong evidence of seel reliability without injection. Westinghouse has considered provision of a dedicated diesel-driven positive displacement pump for RCP seal injection.
Such a system would be expected to prove useful under station blacknut conditions.
The diesel could also be used to perform a battery charging function. Although, these features are clearly not current reovirements, they could be added should future studies show then desirable. With due consideration to this matter, the 1000 We NSSS design could be expected to satisfy USI A 44 for most domestic sites.
USI A-45 is broader in scope than suggested in Westinghouse's report. Provided that the PPA and system reliability analyses confirm the high reliability of emergency feedwater, safety injection and residual heat renovel systems, the design could be expected to satisfy A-45.
There is no nention of Generic Safety Issues in the Westinghouse report.
Nevertheless, the staff sees no reason why the 1000 We NSSS design could not be expected to satisfy the applicable issues.
The report purports to deal with severe accident issues.
It develops plausibility arguments that the containment, based upon the design for the Vandellos plant in Spain, would resemble the Zion containment in its ability to contain or mitigate severe core damage and meltdown accidents. The staff's review of this matter is discussed in Section 5.5 of this report.
Other severe accident issues that would need to be reviewed for domestic licensing include the hydrogen control requirements of 10 CFR 50.34(f), which are outside the scope of the NSSS, and PRA-related issues such as external events, interfacing system LOCA, etc..
The staff sees no reason to suppose that, with a suitable balance of plant design, the 1000 We NSSS would prove to be unsatisfactory.
Westinghouse provided a brief discussion of the expected results of PRA analyses of the 1000 We NSSS design.
It appears that no PRA has been done, but rather, guestimates of some internal event accident seouence frecuencies have been made. The 1000 We NSSS design appears to represent an improvement over many existing Westinghouse NSSS designs in such areas as the improved emergency feedwater system and provision for RCP seal injection. These features should reduce core melt probability. The design is expected to utilize a large dry containment concept, which PRAs have consistently shown to be effective under severe eccident conditions. The battery capacity is sufficient for approximately 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br /> of plant operation under loss of all AC power conditions. On the other hand, features such as only two SI systems and two diesels may increase the core melt probability as contrasted to plants with a laroer contingent of these equipment. Previous PRAs have identified loss of all AC electrical power and loss of feedwater as significant contributors to core melt.
.. From the limited information provided, there is no basis for the staff to assess the accuracy of the selected sequences as dominating risk or the frequencies cited. Obviously, the contribution form externally-initiated sequences is site-specific. However, it appears that the sequences cited are typical of the dominant accident sequences for other pressurized water reactor plants, particularly Westinghouse plants.
Based on above evaluation, the staff concludes that the 1000 MWe NSSS design could reasonably be expected to satisfy the reouirements of the proposed severe accident policy statement.
a
}
a 7.0 FUTURE DIRECTIONS 7.1 Upratino Capability Westinghouse surriarized the results of a scoping study which concluded that 1
it is feasible to uprate the thermal power rating fonn 2910 MWt to 3150 MWt while still retaining sufficient operational and safety margins. Critical components and systems were examined to discern the potential for redesign.
As a result, some modification to the steam generators are necessary to maintain moisture carryover specifications.
The staff concludes that the 1000 MWe NSSS design appears to have margins which makes uprating feasible; however, additional infonnation would be required for a more definitive conclusion.
7.2 Alternate Pipe Break Criteria Westinghouse is considering the application of the following " state-of-the-art" concepts to the piping support design for the 1000 MWe NSSS:
. The application of mechanistic (alternative) pipe break criteria for high energy piping systems.
The use of non-mechanistic postulated break locations in high energy fluid system piping (in lieu of Standard Review Plan requirements for arbitrary intennediate breaks), and The use of frequency-dependent damping values.
The staff has reviewed and approved the application of mechanistic (alternative) pipe break criteria for high energy piping systems (main coolant lines for PWRs) for both generic and plant-specific applications.
However, additional informa-tion would have to be provided before any conclusions could be reached by the staff on the 1000 MWe NSSS design. The staff believes that issues of arbitrary intennediate breaks and damping values could be reviewed and approved for plants utilizing the 1000 MWe NSSS design on a plant-specific besis when detailed justifications are provided, l
.-.