ML20127M073

From kanterella
Jump to navigation Jump to search
Provides Differing Professional Opinion W/Nrc Approach to Implementation & Enforcement of Regulatory & TS Requirements for Electrical Power Sys in Nuclear Power Plants (Directive 6.2)
ML20127M073
Person / Time
Issue date: 06/10/1992
From: Dunning T
Office of Nuclear Reactor Regulation
To: Taylor J
NRC OFFICE OF THE EXECUTIVE DIRECTOR FOR OPERATIONS (EDO)
Shared Package
ML20127M067 List:
References
NUDOCS 9301280101
Download: ML20127M073 (30)
v  d  e


Text

^

/ .o os%'o UNITED STATES

! 3y, 1 NUCLEAR REGULATORY COMMISSION i, wAsmNo TON, D. C. 20555

%, . . . . . /

June 10, 1992 f_gr: James H. Taylor Executive Director for Operations ff_gn: Thomas G. Dunning, Senior Reactor Engineer Technical Specifications Branch Division of Operational Events Assessment Office of Nuclear Reactor Regulation Subiect: Differing Professional Opinion on Regulatory and Technical Specification Requirements for Electrical Power Sources Referenc u Directive 6.2, Differing Professional Views or Opinions I wish to state my differing professional opinion with the NRC's approach to implementation and enforcement of regulatory and tech-nical specification requirements for electrical power systems in nuclear power plants. The requirements for the availability of operable diesel generators that are necessary to support the oper-ability of redundant residual heat removal systems during shutdown conditions is the specific area of concerm. Previously, I express-ed my concerns on this subject in a letter to Thomas E. Murley, Director of Nuclear Reactor Regulation on June 27, 1991, under the NRC Open Door Policy. Mr. Murley's memorandum of August 29, 1991, provided a response to those concerns following their evaluation as a differing professional view. My letter and Mr. Hurley's response were provided as enclosures to Board Notification 91-06 of September 12, 1991.

The enclosed discussion, stated in a question and answer format, provides the basis for my differing professional opinion on this matter. The safety of the operating nuclear power plants is a paramount concern. However, I believe that the manner in which the l

NRC addresses these issues, particularly with respect to its policy I

on enforcing regulatory and technical specification requirements, is just as important for avoiding any public perception that the NRC is deliberately ignoring public health and safety by not enforcing regulatory and operating license requirements.

The issues related to this differing professional opinion are the following:

1. For those plants that were reviewed and licensed to operate based upon compliance with the General Design Criterion (GDC) of Appendix A to Part 50 of Title 10 of the Code of federal Regulations, explicit requirements exist for the capability to EDO -- 007825 h 12 g 1 921220 _h,,c3 g 9301200090 PDR L. .
2

{ .'

f accomplish system safety functions assuming a single failure and with only the availability of either the onsite or the offsite electrical power systems, assuming the other is not available.

The NRC is not enforcing these requirements for the residual heat removal safety function of nuclear power plants when the reactor is shutdown.

2. The current standard technical specifications (STS) include explicit requirements for the operability of redundant residual heat removal systems and the associated onsite and offsite elec-trical power systems. 'However, previous versions of the STS and guidance provided to licensees in NRC letters have been incon-sistent with the requirements of the GDC that require both on-site and offsite electrical power systems to be available and operable to support the capability for residual heat removal.

Consequently, plant technical specifications (TS), that are based on this guidance, are inconsistent with the requirements of the GDC. However, the NRC is not enforcing the plant TS requirements for operable onsite electrical power systems, that are necessary to support the operability of residual heat removal systems, where such requirements do exist.

  • 3. The draft report, NUREG 1449, " Shutdown and low-Power Operation at Commercial Nuclear Power Plants in the United States,"

addresses regulatory requirements for shutdown and low power operation. However, the report ignores the requirements of GDC 19 and 34 for the availability of onsite and offsite electrical power systems, that are necessary to support residual heat re-moval, and for the capability of these power systems to accom-plish the system safety functions assuming a single failure.

The report does not address the inconsistencies of past guidance and existing plant TS with the requirements of the GDC. Thus, the report fails to acknowledge existing regulatory require-ments, the fact that the current STS are consistent with those requirements but many plant TS are not, or that some of its recommendations for TS improvement would simply implement exist-ing regulatory and STS requirements.

4. The staff's current draft of the new STS has defined the term operable / operability in a manner to imply that only the offsite or the onsite power systems need be available to satisfy TS requirements specifying that a system, subsystem, train, compon-ent, or device shall be operable. This is another example where the NRC is failing to make clear the proper application of TS requirements that are consistent with the regulatory require-ments of the GDC.
5. The lack of consistency in plant technical specifications and the NRC's failure to ensure that they are consistent with the requirements of the GDC should be addressed as the first step to the broader issue of shutdown and low power risks. Without this step, a common base will not exist from which to judge the l

3 l,* ,

l l

cost / benefit for evaluating the need or justification for back-fitting additional or new requirements. The staff's program for resolving concerns with low power and shutdown operation risks identified in SECY-91283 is not an appropriate nor timely forum to resolve these concerns.

In summary, the NRC is not enforcing regulatory and TS requirements for the ava'ilability and operability of onsite electrical power systems, for the operating nuclear plants, that are consistent with (1) the regulatory requirements of the GDC, (2) statements in the operating licenses that these facilities will operate in conform-ante to the Commission's regulations and the regulatory require-ments for the NRC to make such findings, or (3) the plant technical specifications. Consequently, the NRC is not taking action to ensure that the 15 for electrical power systems for al! plants are consistent witti the regulatory requirements, including the GDC.

Pespectfully submittad,

% / *

) C homas G. Dunning

Enclosures:

1. As stated
2. As sated in Enclosure 1 1

Enclosure 1 i -

The Regulatory and Technical Specification Requirements Foi Emergency Electrical Power Sourcrs What is the 'egulatory and technical specification requirements issuet The NRC should clearly state its position on the proper application of the regulatory requirements of the General Design Criteria (GDC) and the technical specification (TS) definition of the term operable.

The NRC position should address compliance with the regulatory requirements for the capability of accomplishing system safety functions, specifically residual beat removal, assuming a single failure and with only either the onsite or the offsite electrical power systems being available. The NRC position should also address compliance with the TS requirements for operable electrical support systems, namely diesel generators, that apply when the TS specify that residual heat removal (RHR) systems shall be oper able. Plant TS require operable redundant RHR systems during the cold shutdown and refueling conditions of operation.

What are the regulatory requirements of the GDC for residual heat removal?

The General Design Criteria in Appendix A to Part 50 of Title 10 of the Code of federal Regulations (10 CFR 50) specify design require-ments for RHR in GDC 34 as follows:

Fesidua? Heat Remova7. A system to remove residual heat shall be provided. The system safety function shall be to transfer fission product decay heat and other residual heat from ine reactor core at a rate such that specified acceptable fuel design limits and the design conditions of the reactor coolant pressure boundary are not exceeded.

Suitable redundancy in components and features, and suitable interconnections, Icak detection, and isolation capabilities shall be provided to assure that for onsite electrical power system operation (assuming offsite power is not available) and for offsite electric power system operation (assuming onsite power is not available) the system safety function can be accomplished, assuming a single failure.

Thus, the intent of this regulation is that (1) redundancy is provided in the capability to remove residual heat, (2) each RHR system has this capability when only the onsite or offsite electrical power system is available, and (3) a single failure in either the RHR or the electrical power systems will not result in the loss of the RHR capability. The intent of GDC 34 is met by TS requiring operable redundant RHR systems and the definition of operable that requires operable electrical power systems that are capable of performing their necessary support function.

Also, CDC 17 addresses similar regulatory design requirements as follows:

l

'l flectr(c Power Systems. An onsite electric power system and an offsite electric power system shall be provided to permit functioning of structures, systems, and components important to safety. The safety function for each system  !

i (assuming the other system is not functioning) shall be to pr( .ide sufficient capacity and capability to assure that (1) specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded as a result of anticipated operational occurrences and (2) the core is cooled and containment integrity and other vital functions are maintained in the event of post # ated accidents.

The onsite t;cctric power supplies, including the bat-teries, and the onsite electric distribution system, shall have sufficient independence, redundancy, and testability to perform their safety functions assuming a single failure.

This GDC restates the need for redundancy to satisf y the single f ailure criterion and for the capability to perform safety functions such as core cooling with only the onsite power system being avail-able. Appendix A to 10 CFR 50 defines anticipated operational occurrences as including the loss of all offsite power.

Is there any reason to conclude that the plants must operate in compliance to the requirements of the GDC7 10 CFR 50.34, ' Contents of applications; technical information,"

addresses the content of applications to construct and operate nuclear power plants and includes the following statements:

Each application for a construction permit shall include a preliminary safety analysis report. The minimum information to be included shall consist of the following:

(2) A summary description and discussion of the facility, with special attention to design and operating characteristics, unusual or novel design features, and prii..ipal safety considerations.

(3) The preliminary design of the facility including:

(i) The principal design criteria for the facility.

Apptndix A, General Design Criteria for Nuclear Power Plants, establishes minimum requirements for the principal design criteria for water cooled nuclear power plants similar- in design and location to plants for which construction permits have previously been issued by the Commission....

10 CFR 50.57, ' Issuance of operating license," includes the following statements:

2-

l (a) Pursuant to 6 50.56, an operating license may be issued by the Comission, up to the full term authorized by i 50.51, upon finding that:

(1) Construction of the facility has been substan-tially completed, in conformity with the construc-tion permit and the application as amended, the provisions of the Act._ and the rules and regulations of the Commission; and (2) The f acility will operate in conformity with the application as amended, the provisions of the Act, and the rules and regulations of the Commission; and Consequently, each operating license states that:

The liuclear Regulatory Commission has found that the facility will operate in conformity with the application, as amended, the provisions of the Act, and the rules and regulations of the Commission.

Therefore, it is explicit in the staff's safety evaluation findings and the operating license that nualear power plants operate in conformity with the Commission's reguiations that include the GDC.

What are the standard technical specification (STS) requirements related to this issue?

The STS for pressurized water reactors (PWRs) state that redundant RHR systems shall be operable during the cold shutdown condition of operation if the reactor coolant system (RCS) loops are not filied.

The STS require redundant RHR systems to be operable during the refueling condition of operation if the water level is less than 23 feet above the reactor vessel flange. If the RCS loops are filled during the cold shutdown condition, the PWR STS only require one RHR system to be operabic if the water level on the secondaryThe sideboiling of two steam generators it, greater than a specified limit.

water reactor (BWR) STS are the same except that they do no refer to RCS loops since they don't exist in the BWR design.

In contrast, the STS requirement for electrical power sources is that, as a minimum, one diesel generator shall be operable when the plant is in the cold shutdown and refueling conditions of operation.

Likewise, the STS require that, as a minimum, one 125 VOC battery shall be operable during these same conditions of operation. Diesel generators and batteries are the major onsite power sources.

The current version of the STS define operable / operability in a manner such that a system is operable only when it is capable of performing its specified functions and when all necessary attendant instrumentation, controls, electrical power, cooling or seal water, lubrication or other auxiliary equipment that are reqdited for the system to perform its functions are also capable of performing their

" ' - '- ' - r-- --- - - - _ - , . _ _ _ _ _ _ _ _ _ _ _ __

[

1 related support function. (Emphasis added)

The principle behind the definition of operable is very simple and similar to a chain is no better than its weakest link. Many of the TS limiting conditions for operation (LCOs) are stated in terms that a system or redundant systems shall be operable. Therefore, the def-inition of the term operabic ensures that not only must the specified system be capable of performing its function, but also that all necessary support systems are likewise operable and capable of per-forming their related support functions.

What is the impact of this definition on support systems and those plants that have TS that follow the format of tho STS described above?

The impact of the definition of operable is that when a TS specifies that a system shall be opetable all necessary support systems must likewise be operable, regardless of whether or not there is an indi-vidual TS specifying that those support systems shall be operable.

The TS specify that redundant RHR systems shall be operab',e during eration. There-specific cold shutdown and refueling conditions fore, the application of the definition of operab of o;le requires all electrical power systems, that perform a necessary support function, must also be capable of performing their related support functions.

This ensures that each RHR system is capable of performing its func-tion and includes consideration of the potential for the loss of of fsite power. Therefore, notwithstanding an LCO for electrical power systems stating that as a minimum, one diesel generator diesel generator shall be operable, each diesel generator must be operable to support its associated RHR system when the TS specify that the redundant RHR systems shall be operable.

What is the problem with NRC applying the stated TS requirements in the manner indicated?

The pioblem is that some of the NRC staff have taken the position that t ecause the definition of operable uses the term electric power as an example of a support system function, this doe' not imply that both the offsite and the onsite power sources must be operable. In contrast, earlier versions of the STS included a definition of operable that used normal and emergency electrical power sources as an example of a support system function. Some NRC staff conclude that only those plants with this version of the definition need to have an operable diesel generator to support those systems that the TS require to be operable. Still others on the NRC staff have advanced the argument that the definition of operable does not apply when a plant is shutdown.

As a result, the Director of NRR has not taken a position on this matter, other than to say that the TS requirements are not clear and are subject to differing interpretations, and the NRC has not yet clearly communicated to licensees or the staff its position on this issue.

I brought these concerns to the attention of the Director of NRR under the 'Open Door' policy for communicating views or concerns on issues related to public health and safety (see Directive 6.3).

These concerns were then given to the Chairman of the NRR Standing with a request Review Panel for Otffering Professional Views (DPV)f NRR requested for a review of the issue as a DPV. The Director o that a recommendation be made in accordance with NRR Office Letter No. 300 and NRC Manual Chapter 4125. While the DPV review panel agreed that _ there was a strong technical basis for the concern,- it concluded that the pivotal issue is whether NRC has consistently required both normal and emergency power to be operable for an RHR train to be considered operable. In this regard, the panel concluded that NRC had not been consistent and that either a compliance backfit or an enhancement backfit would be required to promulgate a new (i.e., not previously enforced or inconsistently applied) staff position. Therefore, no actions beyond those identified in the Revised Action Plan of the Draft Commission Paper on Evaluation of Shutdown and Low Power Risk were recommended as a result of the OPV 4 panel review. The review panel did not address the issue of whether licensees must operate plants in compliance with the requirements of the GDC.

What are your objectives in raising this issue as a differing professional opinion?

first, the NRC should take a position on plant operation and whether an operable onsite power source must be available for each residual heat ternval system to comply with the requirements of CJC 34.

Second, the NRC should take a state its position on what current plant technical specifications require for operable onsite power sources when the plant is in a cold shutdown or refueling condition of operation and the 15 require operable redundant RHR systems. It is not enough to say that NRC has been inconsistent and use the backfit argument to not act to resolve this issue. If NRC's incon-sistency has changed or rendered current operating license and regulatory requirements null or void, the NRC has a responsibility to publicly acknowledge such actions for those facilities.

Third, the NRC should communicate to licensees its position on oper-able diesel generators and any other.onsite power source that pro-l vides a necessary RHR support function during cold shutdown or refueling conditions. The Vogtle incident investigation team !!T) report, NUREG 1410. " Loss of Vital AC Power and the Residual (H Removal System During Mid loop Operations at Vogtle Unit I on March 20, 1990," states that this facility was in conformance with its TS requirements during this event. This event occurred during cold shutdown when the Vogtle TS required operable redundant RHR systems and the licensee had removed one diesel generator from service for routine maintenance. Therefore, with the stated position on an oper-able diesel generator to support an RHR system, this report gives an erroneous conclusion on compliance with TS requirements. This same conclusion was stated in the staff's reply to the second question in SECY-92-13). The staff quoted a selected portion of GDC 17 in its

_ ~ - _ _ _ _ - _ _ _ _ _ __

. -~ - - - _ _ - - . . - . _ - - - - - - - - - - - - - - -

response to question 3 but failed to mention the implications of the omitted portion that refutes the staff's justification for concluding that mid loop operation at Vogtle was acceptable with a single diesel generator available.

Licensees make extensive plans for the activities that are conducted during all phases of an outage. Therefore, they must have a proper understanding of TS requirements and how they are to apply then for systems required to be operable during these operating conditions.

This is necessary to ensure that licensees do not deliberately remove support systems from service for maintenance or testing purposes when such actions would render them inoperable or otherwise incapable of performing their necessary support function. These support systems include diesel generators, other onsite electrical power sources, and process systems such as component cooling and associated service water systems. Likewise, licensees must have a proper understanding '

of regulatory requirements and for operating plants in conformance to the GDC. .

Fourth, if the NRC is to waive TS requirements or to be apply them in a manner that is different than intended and appropriate, this should be done in a manner that is consistent with the NRC policy on such matters and that does not exclude public notice of such actions. If the NRC is to grant exceptions to regulatory requirements, this should be done in tre manner as prescribed by the regulations.

Fifth, the NRC should review the inconsistency of past actions on  !

this ;ssue should be reviewed to determine whether the NRC should request that licensees propose TS modifications such that they are consistent with the Commission's regulations and the findings published in the safety evaluation reports supporting the issuance of operating licenses. The latter includes the finding that the plant will operate safely in a manner that complies with the requirements of the GDC. h Sixth, if the NRC position is to not require that an operable onsite electrical power source to support a system that is required by the TS to be operable, then the implications of this position need to be considered with respect situations where the TS do not require redun-dant systems to be operable. The effect of this position would be to negate the requirement for the capability of a system to perform its function on the loss of offsite power when the TS require only one of two redundant systems to be operable. Therefore, while the TS for the electrical power system only require, as a minimum, that one diesel generator shall be operable during cold shutdown and refueling conditions, the result of this position would be that there is no relationship between this onsite emergency power source and any other system that is required to be operable during these shutdown condi-tions. Cross-ties may provide the capability to take power from one diesel generator and feed it to systems that are supplied power from a different power distribution system for which its diesel generator could be out of service. However, such cross-ties would not have to exist nor be operable under a position which does not require onsite power as a necessary support system function.

e- , , - ---

, u ,--- w ..w-.--

Seventh, a number of considerations are discussed below that have not been addressed in the draft report on the study of shutdown risks.

If both diesel generators must be operable to support the TS requirements for ]

operable redundant RHR systems, wouldn't the TS requirements for electrical power  ;

systems simply have stated this rather than stating that, as a minimum, one diesel generator shall be operable?

This would be a logical conclusion if the TS requirement for redun-dant RHR systems applied during all situations when the plant is in the cold shutdown and the refueling conditions of operation. How-e er, the TS only require o.ne RHR system to be operable in the re-fueling condition if the water level is 23 feet above the reactor vessel flange. The Bases Section in the STS for this requirement states the reason that the TS only requires one RHR system to be operable for this condition as follows:

With the reactor vessel head removed and 23 feet of water above the reactor vessel flange, a large heat sink is available for core cooling. Thus, in the event of a failure of the operating RHR loop, adequate time is provided to initiate emergency procedures to cool the core.

The TS only require one RHR system to be operable when the plant is in the cold shutdown condition, the reactor coolant loops are filled, and the secondary side water level of two steam generators is above a specified limit. The TS do not specify that the diverse means of residual heat removal, provided by one RHR system and two steam generators, have to be independent, that is, supplied power from separate onsite electrical sources. There is a least one situation where the TS only require one RHR system to be operable in the both the cold shutdown and refueling conditions of operation. Therefore, it is not illogical that the TS requirements for electrical power state that as a minimum, one diesel generator shall be operable.

Are there any other TS that address requirements for operable support syste.ns yet rely upon the definition of operable to ensure th'at they are operable to satisfy the requirements for operable RHR systems?

The RHR system transfers the residual heat removed from the reactor to the component cooling water system, and then it is transferred to the service water system. The latter discharges the heat to the ultiinate heat sink which can be a large body of water, such a lake, river, or ocean, or it can be the atmosphere by the use of a cooling tower.

The TS specify operability requirements for the component cooling water and service water systems that apply during operating condi-tions other than cold shutdown and refueling. However, the TS do not specify that these systems shall be operable during the cold shutdown and refueling conditions of operation. Nevertheless, these support systems must be operable and capable of performing their necessary 7

support function to ensure that the TS requirements for operable redundant RHR systems are satisfied. This is just another case where requirements exist for operable support systems as result of the of the definition of operable.

Are there any corresponding regulatory requirements for cooling water systems?

GDC 44 addresses cooling water an1 states the following:

Cooling water. A system to transfer heat from structures, systems and components important to safety, to an ultimate heat sink shall be provided. The system safety function shall be to transfer the combined heat load of these structures, systems, and components under normal operation and accident conditions, Suitable redundancy in components and features, and suitable interconnections, leak detection, and isolation capabilities shall be provided to assure that for onsite electrical power system operation (assuming offsito power is not available) and for offsite electric power system operation (assuming onsite power is not available) the system safety function can be accomplished, assuming a single failure.

This GDC concludes with the same statements on redundancy, the capa-bility of providing that function with only onsite or offsite power, and the consideration of single f ailures as does GDC 34 noted above, is there any regulatory basis that the TS should reflect the requirements of the GDC as limiting conditions for operating?

10 CFR 50.36, " Technical specificatfons," states in part:

The technical specifications will be derived from the analyses and evaluation included in the safety analysis report, and amendments thereto, submitted pursuant to Section 50.34.

and Limiting conditions for operat' ion are the lowest func-tional capability or performance levels of equipment required for safe operation of the facility.

Thus, it is reasonable to expect that the TS specify operating requirements that are consistent with the staff's review of the compliance with the requirements of the GDC, as addressed by the safety analysis report, And by the staff's finding on the accept-ability of the design and operation of the plant stated in its safety evaluation report.

It is also reasonable to expect that the TS specify cperating requirements that are consistent with the regulatory requirements for

~ ' . . . . . .

\ .

f 1

the design, as provided in the GDC, and the statement in the license I that the facility will operate in conformity with these requirements.

The application of the definition of operable in the stated manner that is appropriate fulfills these expectations.

While the above discussion addresses plant TS that follow the format of the STS, are there plant TS that have a definition of operable that is stated differently based upon earlier versions of the STS7 The STS have stated the definition of operable differently in some versions of the STS. The major difference is the manner in which this definition addresses electrical power as an example of a support system. Using the STS that are provided in NUREG-0452, " Standard Technical Specifications for Westinghouse Pressurized Water Reactors,' the following terms have been used:

Succort System Examole Version of NUREG-0452

. . , electrical power, . .

Revision 0 dated 10/1/75 (Issued 5/15/76)

Revision 1 dated 11/15/77 . . , normal and emergency (Issued 6/15/78) electrical power sources, . .

Revision 2 dated 4/15/79 . . , nermal and emergency (Issued July 1979) electrical power sources, . .

Revision 3 dated 7/15/B0 . . , normal and emergency electrical power sources, .

(Issued Tall 1980)

Revision 4 dated 9/15/81 . . , electrical power, . .

(Issued Fall 1981)

Section 1.0 of the STS provides definitions but does not have a corresponding Bases Section, as provided for LCOs, that provides the reason for each requirement. No reference has been found that explains the reasons for the changes in the definition of operable.

10 CFR 50 incorporated Appendix A, which includes the GDC, as noted on page 3256 of Volume 36 of the Federal Register (36 FR 3256) on February 20, 1971. Hence, the change in the definition of operable from Revision 0 issued in 1976 to Revision 1 issued in 1978 was not as a result of any change in the design requirements provided in the GDC, but did provide a clarification of the definition of operable that is consistent with the requirements stated in the GDC.

The change in this definition back to its original form that was made in Revision 3 issued in 1981 is addressed below. However, the design requirements of the GDC did not undergo any significant change be-tween 1971 and 1981, or later. In any case, the conclusion is that there is no difference in the neaning of the definition of operable regardless of the manner in which it addresses the need for electri-cal power as an example of a support system function.

)

m- _ _

i A letter issued to all power reactor licensees by Darrell G.

Eisenhut, the Acting Director of the Division of Operating Reactors in the Office of Huclear Reactor Regulation (NRR) dated April 10, 1980, (later identified as Generic Letter 80-30). This letter stated that some misunderstanding may exist on the use of the term operable as it applies to the single failure criterion for safety systems in power reactors. The following statements are taken from the text of this letter:

The purpose of this letter is to clarify the meaning of this term (operable) and to request licensees to take specific actions to assure that it is appropriately applied to their facilities.

The NRC's STS were formulated to preserve the single fail-ure criterion for systems that are relied upon in the safety analysis report. By and large, the single failure criterion is preserved by specifying LCOs that require all redundant components of safety related systems to be OPER-ABLE. When the required redundancy is not maintained, either due to equipment failure or maintenance outage, action is required, within a specified time, to change the operating mode of the plant to place it in a safe condition. The specified time to take action, usually

' called the equipment out-of-service time, is a temporary relaxation of the single f ailure criterion, which, con-sistent with overall system reliability considerations, provides a limited time to fix equipment or otherwise make it OPERABLE.

For any particular system, the LCO does not address multi-pie outages of redundant components, nor does it address the effects of outages of any support systems - such as electrical power or cooling water -- that are relied upon to maintain the operability of the particular system.

This is because of the large number of combinations of these types of outage that are possible. Instead, the STS employ general specifications and an explicit definition of the term OPERABLE to encompass all such cases. These provisions have been formulated to assure that no set of equipment outages would be allowed to persist that would result in the f acility being in an unprotected condition.

These specifications are contained in the enclosed liodel Technical Specifications.

Because of the importance of assuring safety system availability, the staff has concluded that all facility technical specifications should contain these require-ments, and that appropriate procedures should be imple-mented to assure that the necesiary records, such as plant logs or similar documents, are reviewed to determine com-pliance with these specifications (1) promptly upon dis-covering a component, train, or subsystem to be inoper-able, and (2) prior to removing a component form service.

1

p

  • Therefore, we request that you (1) submit proposed changes to your technical specifications, within 30 days, that incorporate the requirements of the enclosed Model Tech-nical Specifications, and (2) implement the above describ-ed procedures to assure compliance with your proposed changes within 30 days thereafter.

The model technical specifications enclosed with this letter included the STS definition of operable that used the terms normal and emerg-ency electrical power sources as an example of a support system.

Therefore, plants that did not have a definition of operable in their TS should have prr70 sed TS changes to include this version of the definition of operable. Those plants the NRC issued an operating license between about December 1977 and the Fall of 1981 would likely have the same definition of operable as stated in the then current version of the STS that refer to normal and emergency electrical power sources. Otherwise, plants licensed between about October 1975 ar.d November 1977 or after September 1981 would likely have a defini-tion of operable that is based upon the model of the then current versions of the STS which only refer to electric power as an example of a support system function.

Generic Letter (GL) 91-18, "Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Noncon-forming Conditions and on Operability," of November 7,1991, includes a copy of "Part 9900: Technical Guidance" of the NRC Inspection Manual with and enclosure titled " Operable / Operability: Encing the Functional Capability of a System or Component." Section 3.2 of this guidance addresses variations in the definition of operable in plant TS and notes that the application of the guidance on the definition of operable requires some judgement. However, it' states that the NRC does not view the word differences that exist to imply any signifi-cant overall difference in application of the plant specific TS.

Section 3.3 of this guidance addresses specified functions as used in

- the definition of operable, it is noted thtt the specified function of a system is that specified in the current licensing basis for the ,

facility that includes the GDC and, in addition, it is expected that a system will perform as designed. Also, Section 4.0 of this guidance states that the purpose of the TS is to ensure that the plant operates within its design basis and to preserve the validity of the safety analysis. The latter specifically includes consider-ation of single failures, for which Section 6.2 addresses . their treatment in operability determinations. Not the least of these considerations is the assumption that the system can perform its safety function when of fsite power is not available. This guidance reinforces the conclusion that the reference to electric power, as an example of a support system function in the definition of operable, does not have any different meaning than the reference to normal and emergency power sources.

Enclosed is a summary that indicates which definition of operable is used in the TS for each plant. As can be seen from the totals, the majority of operating plants, 56, have a definition of operable that addresses normal and emergency electrical power sources vs. 55 that

_ _ _ _ _ _ _ - _ . _ _ - _ . _ . . . _ _ . _ _ _ . . _ _ . _ _ __.-m. _ _ .

just refer to electrical power as an example of a support system function.

Is there any question that plants having a TS definition of operable which refer to normal and emergency electrical power sources, as an example of a support  ;

system function, must have an operable diesel generator for each RHR system that the TS specify shall be operable when the plant is in the cold shutdown or refueling conditions of operation?

The answer to this question should be an unqualified-no-(that there is no question about the truth of this statement). However, all plant TS do not address requirements for operable RHR systems in the manner noted above for the current .~TS. A review of the history of RHR requirements in the STS is helpful to understand the differences that exist in plant TS and to providing an answer to the above question.

The earliest version of the Westinghouse STS did not directly address -

o>erability requirements for RHR systems in an LC0 that would apply w1en the plant is in the cold shutdown condition of operation. Under the LCOs for the reactor coolant system, there was a requirement that all reactor coolant loops be in operation and this requirement appli-ed to all modes of operation except the refueling condition. The remedial action under this LCO stated that when the reactor was shutdown (Keff < 1.0) operation may proceed provided at least one reactor coolant loop is in operation with an associated reactor cool-ant or residual heat removal pump. This implies that when an RHR pump is in service, which would circulate coolant through the reactor coolant loops, the reactor coolant loop would be in operation, for ,

this situation, the RHR heat exchanger would remove the residual heat, rather than residual heat being removed by a steam generator.

The first version of the Westinghouse STS addressed requirements for the RHR system (LCO 3.9.8) in the refueling condition of operation by_

- specifying that at least one RHR loop shall be in operation.- This-LCO is under the heading " Coolant Circulation." The Bases for this specification states:

The requirement that at least one 19sidud heat removal loop be in operation ensures that 1) sufficient cooling capacity is available to remove decay heat and maintain the water in the reactor pressure vessel below 140*F as required during the REFUELING MODE, and 2) sufficient coolant circulation is maintained through the reactor core '

to minimize the effects of a boron dilution incident and prevent boron stratification.

The early versions of_ the STS for RHR did not require redundant RHR .

systems to be operable such that the single failure criterion would be met. However, a letter issued to all pressurized water reactors by Darrell G. Eisenhut, Director, Division of Licensing,-dated June 11,1980, (later identified as GL 80-53) addressed this matter. The following text from this letter addresses TS requirements for RHR.

12 - ,

~

% .. .. - . ... . . . . , . r , - . . . .- ,..4, - . ., , - . - . . . . , - - . .

\

l l

This letter transmits the request that you amend the Tech-nical Specifications (TS) for your facility with respect -

to reactor decay heat removal capability. The basis for our reques't is grounded in a number of events that have t occurred at operating PWR facilities where decay heat I removal capability has been seriously degraded due to in- ]

adequate administrative controls utilized when the plaats l were in shutdown modes of operation. One of these events occurred at the Davis-Besse, Unit 1 plant on April 19, l 1980, which was described in IE Information Notice 80-20 dated May 8,1980. In IE Bulletin 80-12 dated May 9, 1980, you were requested to imediately implement admin- i istrative controls wh'ich would ensure that proper means are available to provide redundant methods of decay heat  !

l removal. While the function of the Bulletin was to effect immediate action with regard to this problem, we consider j it necessary that an amendment of your license be made to 1 provide for permanent long term assurance that redundancy l in decay heat removal capability will be maintained.

You are requested to propose TS changes for your facility that provide for redundancy in decay heat removal capabil-ity for your plants in all modes of operation. To assist you in preparing your submittal, we have enclosed a copy of Model TS which would provide an acceptable resolution of our concern.

The model TS clarified the operability requirements for the reactor coolant loops for all modes of operation. The TS requirements for the hot shutdown and cold shutdown conditions of operation specified that at least two of the listed coolant loops shall be operable. It provided a list of those loops as (1) each reactor coolant loop and its associated steam generator and reactor coolant pump, and (2) each RHR loop. It also specified that at least one of these coolant loops shall be in operation. However, the listed RHR loops had a footnote stating that the normal or emergency power source may be inoperable in MODE 5, the cold shutdown operating condition.

The model TS included the then current STS specification that requir-ed one RHR loop to be in operation during the refueling condition of operation, and added a new specification requiring that two indepen-dent RHR loops shall be operable. The new specification applied when the water level above the top of the irradiated fuel assemblies seated within the reactor pressure vessel is less than 23 feet. The new specification included the same footnote stating that the normal or emergency power source inay be inoperable for each RHR loop.

The model TS incicded a Bases Section noting that single failure con-siderations require that at least two loops be operable for the RHR capability specified during the hot and cold shutdown conditions.

For the refueling condition specification, the Bases noted that the requirement for two operable RHR loops ensures that a single failure of the operating RHR loop will not result in a complete loss of RHR capability. However, neither the letter nor the Bases Section for

i the model TS provided any explanation for noted footnote or why it applies for both RHR loops.

The next version of the Westinghouse STS, Revision 3, specified that two RHR loops shall be operable and at least one RHR loop shall be in operation during the cold shutdown condition of operation. The same footnote was included as in the above model TS stating that the normal or emergency power source may be inoperable. This version of the STS also included the model 15 for the refueling condition of ,

but stated operation included in the June 11, 1980, letter that it applies when in H0DE 6 (refueling) when the water (GL 80-53) level above the top of the reactor pressure vessel flange is less than 23 feet.

> To consolidate the requirements, two other minor changes were made.

The first was that the older specification which stated that at least one RHR loop shall be in operation was changed to state that one RHR loop shall be operable and in operation. This requirement was changed so that it only applied when the water level above the top of the pressure vessel flange was greater that 23 feet. The second change involved the LCO for low water level that was change by adding ,

the statement that at least one RHR loop shall be in operation. The  ;

specification for low water level that requires redundant RHR loops to be operable also included the footnote from the older model TS noting that the normal or emergency power source may be inoperable for each RHR loop.

Two major changes were included in Revision 4 of the Westinghouse STS that was issued as the f ail 1981 version, about a year after Revision 3 was issued. As noted in the discussion on the definition of oper-able, this version of the STS dropped the reference to normal and emergency power sources in the definition of operable as an example of support systems and replaced it with the a reference to electric power. The second change removed the footnotes stating that normal or emergency power sources may be inoperable from the specifications for RHR systems that apply during the cold shutdown and refueling conditions of operation.

The situation for the BWR STS is as follows. Revision 2 to NUREG-0123, " Standard Technical Specifications for General Electric Boiling Water Reactors,' that was issued in August 1979 included requirements for the RHR system during the refueling condition of operation. The LCO (TS 3.9.11) stated that the shutdown cooling mode of the RHR sys-tem shall be operable with at least one operable RHR pump and one operable RHR heat exchanger. As with the PWR STS existing at this time, redundancy requirements were not addressed.

Revision 3 of NUREG-0123 that was issued in the Fall 1980 version of the BWR STS included a new TS that specified two independent shutdown cooling loops of the RHR system shall be operable, each with at least one operable RHR pump and one operable RHR heater exchanger. This LC0 applies during the refueling condition when tne water level above-the top of the reactor pressure vessel flange is less than 23 feet.

As with the then current version of the Westinghouse STS, this LCO included the footnote stating that the normal or emergency power sources may be inoperable for each RHR loop. In the Revision 3 I

l .

version, the LCO that specified one loop of the RHR system shall be operable and in operation when the plant is in the refueling condition of operation (without regard to water level, but now only applicable when it is above 23 feet) was also modifLd to include the noted footnote on power sources. This introduced a now concept since this exception would apply when only one RHR system was required to be operable but that RHR system would not have to be associated with the diesel generator required to be operable by the electrical power system specification.

Although a later revision of NUREG-0123 was not formally issued, the staff prepared updated drafts of the BWR STS that were provided to applicants for operating licenses as model TS guidance. These drafts made two significant changes. One change dropped the footnote on power sources for the RHR requirements that apply during refueling.

The second added a TS for RHR capability during the other conditions of operation.

Therefore, plant TS that were implemented in response to the request of the June 11, 1980, letter or that were modeled after a version of the STS that included the same footnote on power sources for the RHR LCO would not require an operable diesel generator to satisfy TS requirements specifying that redundant RHR systems shall be operable during cold shutdown or refueling conditions of operation. At least one operable diesel generator would be required by the TS for the electrical systems that applies during the cold shutdown and refuel-ing conditions of operation. However, this diesel generator might not be one associated with a single operable RHR loop for a BWR plant that has TS modeled based or. Revision 3 of NUREG-0123 because of the use of the footnote on power sources.

Thus, the response to the question is that the TS for some plants do not require a diesel generator to be operable to satisfy RHR oper-ability requirements on the basis of a definition of operable that references normal and emergency power sources as an example of support system functions. The reason being the exception provided by the footnote for the RHR LC0 noting that the normal or emergency power source may be inoperable. From the enclosed summary of plant TS, 23 plants have the subject footnote and have a definition of operable that references normal and emergency power sources. This leaves 33 plants that have this definition, but not the footnote or the TS for some BWRs were not checked for this footnote. Thus, the TS for some number of these plants would require an operable diesel generator for each RHR system that is specified to be operable when the plant is in the cold shutdown or refueling conditions of oper-ation. Of these 33 plants,19 are BWRs that were licensed prior to the incorporation of requiremerts into the BWR STS that specify redundant RHR systems are to be operable during the cold shutdown and refueling conditions of operation.

Letters were not sent to these BWR licensees requesting that they propose TS that address operability requirements for redundant RHR systems as was sent to the PWR plant licensees. Therefore, the nwber of plants that require an operable diesel generator for each l

l

,. l RHR system that is specified to be operable during the cold shutdown and refueling conditions of operation, based upon the explicit refer-ence to normal and emergency power sources as examples of support systems in the definition of operable, is estimated to be some where between 15 and 33 plants. However, it is implicit that other plants (36 cases per Enclosure 2) have an operable diesel generator to support each RHR system that is required to be operable where the TS definition of operable only references electrical power as an example of support systems and the RHR TS did not include a footnote to indicate otherwise. Thus, the TS for from 41 to 69 plants require an i operable diesel generator to support each RHR system that is required to be operable. l While the above discussion on the April 10, 1980, letter addresses the definition I of operable, were there any other considerations or specifications addretted by this letter that have any relevance to this matterf l I

The model TS provided with this letter included a general specifica-tion on LCOs from the then current STS and a new general specifica-tion on LCOs. The former was 15 3.0.3 which its associated Bases Section describes as delineating the action to be taken for circum-stances not directly provided in the action statements and whose occurrence would violate the intent of the specification (LCO).

TS 3.0.3 is a general shutdown requirement that implements the intent of 10 CFR 50.36, " Technical specifications," that states when a limiting condition for operation of a nuclear reactor is not met, the licensee shall shut down the reactor or follow any remedial action permitted by the technical specifications until the condition can be met.

The new general specification, introduced by the April 10, 1980, letter was TS 3.0.5 that for PWRs :;tated the following:

When a system, subsystem, train, component or device is determined to be inoperable solely because its emergency power source is inoperable, or solely because its normal power source is inoperable, it may be considered OPERABLE for the purpose of satisfying the requirements of its applicable Limiting Condition for Operation, provided:

(1) its corresponding normal or emergency power source is OPERABLE; and (2) all of its redundant system (s), sub-system (s), train (s), component (s) are OPERABLE, or like-wise satisfy the requirements of this specification. Un-less both conditions (1) and (2) are satisfied, the unit shall be place in at least HOT STANDBY within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, in at least HOT SHUTOOWN within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in at least COLD SHUTDOWN within the following 30 hours3.472222e-4 days <br />0.00833 hours <br />4.960317e-5 weeks <br />1.1415e-5 months <br />. This specification is not applicable in MODES 5 or 6.

For PWRs, modes 5 and 6 are the cold shutdown and refueling condi-tions of operation. The Bases Section that was provided for this specification stated in part:

- ._. ~. _

It (the provisions of this specification) allows operation to be governed by the time limits of the ACTION statement associated with the Limiting Condition for Operation for j the normal or emergency power source, not the individual ACTION stetements for each system. . subsystem, train, com-ponent or device that is determined to be inoperable sole-ly because of the inoperability of its normal or emergency ,

1 power source.

This specification delineates what additional conditions 1 must be satisfied to permit operation to continue, con- l sistent with the AC110N statements for power sources, when  !

a normal or emergency power source is not OPEPABLE. It  !

specifically prohibits operation when one division is in- I operable because its normal or emergency power source is inoperable and a system, subsystem, train, component or device in another division is inoperable for another l reason, J 1

The latter reference to a division is the designation to distinguish between redundant systems. The Bases for this TS does not imply that a system is operable or capable of performing its function when either its normal or emergency power source is inoperable. On the contrary, it makes the point that the provisions of this TS apply

. when a system is inoperable solely because its normal or emergency power source is inoperable. The statement that a system may be con-sidered operable for the purposes of satisfying the requirements of its LCO, under conditions (1) and (2) as noted in TS 3.0.5, is clar-ified by the Bases wherein it states that it allows continued oper-ation to be governed by the time limits of the ACTION statement asso-ciated with the LCO for the normal or emergency power source, not the individual ACTION statements for each system that is determined to be '

inoperable solely because of the inoperability of its normal or emergency power source.

The only impact of this specification is the time limits for remedial actions that apply when the facility is in a condition that the TS allow a relaxation of the single failure criterion. In contrast, the footnotes for RHR TS, that state that a normal or emergency power source may be inoperable, have the effect of waiving compliance with the operability requirements for having both of thnse power sources available and without imposing any time limit on continued plant operation with a normal or emergency power source inoperable. The definition ,of operable at that time referenced both normal and emergency power sources.

Revision 3 of NUREG-0123 (BWR STS) and Revision 3 of NURiG-0452 (Westinghouse STS) incorporated TS 3.0.5, but it removed from the next version of each. While the later versions of these STS removed TS 3.0.5, they retained a portion of its provisions under the TS for electrical power sources that require redundancy and apply in oper-ating conditions other than cold shutdown and refueling. The follow-ing action statement was added to the Westinghouse STS:

i

With one diesel generator inoperable ... verify that:

1. All required systems, subsystems, trains, compon- .

ents and devices that depend on the remaining OPER- l ABLE diesel generator as a source of emergency i power are also OPERABLE, and

2. When in MODE 1, 2, or 3, the steam driven auxiliary feed pump is OPERABLE.

If these conditions are not satisfied within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> be in at least HOT STANDBY within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and in COLD SHUTDOWN within the_following-30 hours.

Few plants would have been using the Revision 3 version as a guide for developing TS for an operating license because the difference in ,

time between Revirion 3 and next update of these TS was only about one year. Likewise, the fact that TS 3.0.5 was dropped from the next version of the STS, this would have down graded the requested action l in the April 10, 1980, letter to all licensees to propose adding this specification to their plant TS.

It is difficult to determine the intent of changes that were made to versions of the STS that followed Revision 3. However, there is no reason to conclude that the action to delete TS 3.0.5 was directly related to the change in the definition of operable that replaced the reference to normal and emergency power sources with electric power as an example of a support system.

Thus, the relevance of the coming and going of TS 3.0.5 is the re-laxed manner in which TS requirements have been treated by the staff.

In that a part of TS 3.0.5 was added to the TS on electrical power sources, it would appear to indicate that there was a perception that this was all that was necessary to retair its features, notably to circumvent the potential that some system could have a more limiting remedial action time that would shorten the time limit that a diesel generator could be out of service for maintenance before the TS would require a plant shutdown. However, the relief provided by TS 3.0.5 does not exist solely based upon the changes that were made to the electrical power source TS and the noted changes to the definition of operable that were incorporated into ^ versions of the STS subsequent to the issuance of Revision 3 of the BWR and Westinghouse STS.

On the contrary, the added action statement to the electrical power source TS noted above imposes shutdcwn requirements within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> when a diesel is inoperable and any system or component that is dependent upon the remaining diesel _ generator also inoperable. This recognizes that 'this condition is one in which there.is a loss of the capability to perform the safety function on a loss of offsite power and appropriately invokes the requirement to shut down the facility.

Such requirements or the footnotes in the RHR TS would not be necessary if the intent of the definition of operable was that only the onsite or offsite power source are required to operable to satisfy the capability of a system to perform its specified function.

Likewise, if TS do not include such provisions as were addressed in TS 3.0.5, those provisions can not be assumed apply just because they existed in the guidance provided by the STS at an earlier time. If the operability of a system is dependent upon a diesel generator that is inoperable and that system has an out of service time that is less than that for the diesel generator it: the electrical TS, that system TS would establish the out of service time for restoring the diesel generator to operable status.

Why are the staff actions to evaluate shutdown risks and develop appropriate requirements to address those risks an inappropriate response to the concerns that are raised in this differing professional- opinion?

The NRC licenses plants to operate in accordance with the provisions of the operating license that includes the TS. Operation in accord-ance with the provisions of the TS, as well as the regulatory requirements of the GDC, is one of the corner stones for the NRC's finding that such operation does not endanger the health and safety of the public. The NRC can not take the position that it just doesn't know or hasn'.t made up its mind as to what those TS require-ments mean with respect to the requirements to maintain emergency ensite power sources in an operable condition. Specifically, this question is directly related to a licensee's planning of plant outages and to maintenance and testing activities that render power sources, namely diesel generators or batteries, incapable of perform-ing their safety related support function to ensure the capability for residual heat removal during a plant shutdown.

Public confidence in the capability of NRC to regulate the safe oper-ation of nuclear power plants in compliance with operating license requirements and the regulations, namely the TS and the GDC, deserves a better response than that provided to date on this matter. The issue is not what new requirements are necessary to reduce the risks associated with residual heat removal during shutdown, that is a matter under evaluation by the NRC staff as a generic issue. Rather

' it is how NRC interprets and enforces existing requirements of plant TS. I believe that a legal review by the Office of the General Counsel of (1) staff conclusions and statements on the protection of the public health and safety in safety evaluation reports and operat-ing licenses, that are required'as a condition for the issuance of operating licenses by the regulations, and that are based upon plant operation in compliance with regulatory requirements, (2) regulatory requirements, including _the GDC, and (3) the history of the develop-ment of STS guidance and existing plant TS requirements, would support the validity of the concerns,- conclusions, and recommenda-tions raised in this differing professional opinion.

There are several considerations related to TS and regulatory requirements that are not addressed in the draft of NUREG-1449,

" Shutdown and Low Power Operation at Commercial Nuclear Power Plants in the United States," dated February 1992, most of which should be evident from the above discussion. However, the following are noted:

1. There is no mention of GDC 34 or compliance with its provisions for RHR systems capability. Does the NRC simply wish to take the position that GDC 34 only establishes requirements for the design of RHR systems and that it was never the NRC's intent that licen-sees would operate plants in a manner in which that capability would satisfy the single failure criterion with the availability of only onsite or offsite power? ,
2. The report notes that some older plants do not have basic TS covering the RHR system. While the report lists GL 80-53 in Table 5.1 on generic communications, it does not address it as one of interest to low. power and shutdown operations in Section 5.1.3 of the report. If any PWR is among those older plants without TS for RHR systems, it would be a result of the~ staff's failure to ensure  ;

that licensees took actions that were responsive to GL 80 53.

Likewise, it should be evident that a similar request was never made of the BWR licensees to resolve their TS requirements for RHR.

3. The operating plant visits do not address any plant as maintaining both or redundant diesel generators operable during cold shutdown conditions to comply with TS requirements for redundant RHR or +

having a TS definition of operable that includes both onsite and offsite power sources. As noted by the enclosed summary, more than half of the operating plants have the definition of operable that identifies onsite and offsite electrical power sources as an example of a necessary support system. However, any such plants that were visited could also have had the footnote in the RHR TS noting that the onsite or offsite power source may be inoperable, in any case, such TS requirements may have been observed and, if so, should have been acknowledged as pertinent TS considerations or weaknesses.

4. The report is not specific with respect to the conclusion that the current STS for PWRs are not detailed enough to address the number and risk significance of reactor coolant system configurations used during cold shutdown and refueling operations. While it is '

noted that the condensate storage tank, atmospheric dump valves, and one train of auxiliary feedwater (including instrumentation) ,

must be available to use a steam generator as a heat removal system, it does not clarify that the STS only requires the conden-sate storage tank and auxiliary feedwater to be operable in Modes 1 through 3 and that excludes the hot and cold shutdown condi-tions. During hot and cold shutdown with the reactor coolant loops filled and two steam generators filled to greater than a-specified water level, this provides an acceptable alternative that allows one RHR loop to be inoperable.

5. The STS do not require atmospheric dump valves to be operable at any time. Also, the STS do not specify that the steam generators are capable of decay heat removal which, if the STS did, would necessitate the operability of those support system components that are necessary to fulfill that function. Furthermore, there is no limitation in the STS with respect to independence between one RHR loop and whatever would be used in support of decay heat removal by either of the two steam generators that with the spec-ified water level may be a substitute for an operable RHR loop.

This is not consistent with single failure considerations and power source requirements of GDC 34. The report does not address these weaknesses in the STS requirements for RHR.

6. Section 5.1.1.3 of the report on RHR TS simply notes that only one division of electric power is required to be operable in cold shutdown. This is an over-simplified summary of actual plant TS requirements that in some cases have footnotes that allow one onsite or one offsite power source to be inoperable for any RHR system, or that in most cases requires both power sources for each RHR system that is required to be operable because of the explicit requirements of the definition of operable.
7. Finally, Section 6.5.2 on electrical power system technical spec-ifications notes that the current STS were written under the assumption that all shutdown conditions were of less risk than power operating conditions, and as a result most maintenance on electrical systems is done during shutdown. Consequently, it is noted that requirements were relaxed during shutdown conditions.

This explanation provides a somewhat different picture than the response that was provided to the concerns that were previously raised as noted herein and treated as a DPV. That response does not dispute the existence of TS requirements for the ava'1.d.lity of both onsite and offsite power sources, but rather-states that it would be a backfit to require compliance with thost require-ments because of a lack of a consistent regulatory and .aforcement policy with respect to such requirements. This is relevant as to whether new requirements are necessary in contrast to enforcing existing TS requirements. What is addressed by the suggestions for improvements under item (4)(a)(1) of Section 7.2 of the report is the existing TS requirement for two trains of operable RHR sys-tems that already covers a broader range of operating conditions than suggested.

What actions would your recomend that the NRC take to resolve this matter?

The NRC should inform all licensees that it considers a diesel generator, and any other onsite power, source which provides a neces-sary support system function, must be operable to support each RHR system that is required by TS to be operable during shutdown condi-tions. Consequently, licensees should not plan and implement main-tenance or testing activities during shutdown that would render an onsite power source inoperable when its associated RHR system is required by plant TS to be operable. Furthermore, if a diesel gen-erator or any other onsite power source becomes inoperable during shutdown when its associated RHR system is required to be operable, action should be taken to restore that onsite power source to an operable status as soon as possible.

Licensees should limit the performance of diesel generator maintenance and testing activities, that render a diesel generator inoperable, to when the plant is in the refueling mode and the water above the reac-tor vessel flange is at that level for which only one RHR system is required to be operable. If any licensee concludes that the removal from service of an onsite power source or any other necessary support system, during a time that its associated RHR system is required to be operable, is warranted or specifically allowed by the plant TS, such action should only be taken following NRC approval or notice to NRC that such restrictions are considered a backfit that will not volun-tarily be met. This recognizes that existing plant TS include pro-visions as previously noted herein that allow either the onsite or offsite power source to be inoperable for any RHR syst6m that is 1 required to be operable. If there are compensatory measures that justify such actions, licenses should state what they are and provide a commitment to implement then. If the staff has suggestions as to what compensatory measures should be considered, it should inform licensee what they are. Also, if any TS requirement is to be waived by NRC it should be done in accordance with the established procedures that do not exclude public notification of such actions.

The NRC should initiate action, along with the necessary consider-ations to address the backfit rule, to require all licensees to pro-pose TS changes to modify the definition of operable such that it sistes normal and emergency electrical power sources as an example of support systems rather than to simply reference electrical power as

' the example. There has been far too much confusion over the manner in which this definition is to be applied bacause of the manner that it addresses examples of support systems. Furthermore, all licensees 4

that have TS with a footnote or other statement for RHR systems that indicates that the normal or emergency power source may be inoperable should be requested to propose TS changes to delete such statements or footnotes. The current draft of the new STS has restated the defini-tion of operable such that normal or emergency electrical power is identified as an example of necessary support systems to support the capability of a system or component to perform its specified safety function. This is a further affront to the proper understanding and proper application of the definition of operable and the requirements of the GDC which require that a system be capable of performing its function with only either the onsite or offsite power system being available. As a minimum, the new STS should state the definition of operable such that it includes offsite and onsite electrical power sources as an example of a support system, consistent with the regulatory requirements of the GDC. The staff should consider any other changes to the definition that would make its intent more clear.

As part of the NRC action on TS, the NRC should- request that BWR licensees propose the addition of the current BWR STS requirements for RHR systems that apply during shutdown conditions, if such require-ments are not currently included in the plant TS. The NRC staff should review PWR licensees responses to Gl. 80-53 and if they did not propose TS for the RHR systems as was requested, appropriate action should be taken.

Unquestionably, the failure of the NRC to require TS consistent with the GDC is in part based upon the assumption that it would unneces-

sarily restrict the licensee's ability to schedule maintenance on diesel generators and upon a somewhat false reliance on shutdown conditions being a safe state that did not warrant such restrictions.

However, operating experience has shown that the risks to safety by the loss of RHR systems and offsite power during *,hutdown conditions are real. Therefore, any HRC relaxation of current limiting condi-tions for operation in plant TS, that are inconsistent with the requirements of GDC 34, should only be implemented after due consider-

' ation that allows public comment on the action proposed. The NRC effort to assess shutdown risks and any need for new requirements is a forum for such considerations. However, that forum is not a sub-l stitute for the NRC to not take a position on existing TS requirements and to state in clear terms, to licensees and the NRC staff, the requirements for electrical power sources that apply and that are based upon the definition of operabic as it applies to support sys-tems. Furthermore, this action should not be limited only to consid.

erations of electrical power sources but should also address the need i for other support systems such as component cooling water and asso-ciated service water systems.

l

- END -

(

I l

I

Enclosure 2

]

SUMMARY

OF THE ELECTRICAL SYSTEM REFERENCE USED IN PLANT TS FOR THE DEFINITION OF OPERABLE AND FOOTNOTES TO RHR SYSTEM REQUIREMENTS  !

l ALLOWING THE NORMAL OR EMERGENCY POWER SOURCE TO BE INOPERABLE j POWER SOURCE EXAMPLE IN DEFINITION OF OPERABLE RHR SYSTEM

' NORMAL AND

  • ELECTRICAL POWER SOURCE EMERGENCY" POWER" EXCEPTION DOCKET PLANT NAME X YES 50 313 ARKANSAS 1 X YES 50-365 ARKANSAS 2 X YES ,

50-334 BEAVER VALLEY 1 '

X YES 50 412 BEAVER VALLEY 2

  • X 50 155 BIG ROCK POINT X NO 50 456 BRAIDWOOD 1 X NO  ;

50 457 BRAIDWOOD 2 X NO 50-259 BROWNS FERRY 1 X NO 50 260 BROWNS FERRY 2 -

-50 296 BROWNS FERRY 3 X NO.

50 325 BRUNSWICK 1 X N0(1) 50 324 BRUNSWICK 2 X N0(1)

X NO 50 454 BYRON 1 X NO 50 455 BYRON 2 X NO 50 4B3 CALLAWAY X YES

50 317 CALVERT CLIFFS 1 X YES 50 318 CALVERT CLIFFS 2 X NO 50 413 CATAWABA 1 X NO 50 414 CATAWABA 2 X NO 50 461 CLINTON X NO 50 445 COMMANCHE PEAK 1 X YES 50-315 COOK 1 YES 50 316 COOK 2 X 50 298 COOPER X X YES 50-302 CRYSTAL RIVER 3 YES 50 346 DAVIS BESSIE X X NO 50-275 DIABLO CANY0ft 1 X N0 50-323 OlABLO CANYON 2
  • 50 327 DRESDEN 2 X 50 249 DRESDEN 3 X 50 331 DUANE ARNOLD X X YES50-34B FARLEY 1 X YES 50 364 FARLEY 2
  • X 50-341 FERMI 2
  • 50-333 FITZPATRICK X 50 285 FORT CALHOUN 1 X (2). YES 50-244 GINNA
  • X 50 416 GRAND GULF 1 X NO 50 213 HADDAM NECK X NO 50-400 HARRIS
  • NO RHR REQUIREMENTS, RHR REQUIREMENTS NOT CLEAR, OR NOT CHECKED FOR SOME BWRs.

(1) RHR SERVICE WATER (2) STATES NORM QB EMERG POWER

- . . _ _ _ . _ -- _ - - - . ._ . -= . - . ._. . _ _ - _ _ _ . _

POWER SOURCE EXAMPLE IN i DEFINITION OF OPERABLE RHR SYSTEM

  • NORMAL AND ELECTRICAL POWER SOURCE EMERGENCY" POWER" EXCEPTION DOCKET PLANT NAME
  • 50 321 HATCH 1 X 50-366 HATCH 2 X

$0 354 HOPE CREEK X X

50 247 INDIM POINT 2

  • X 50 286 INDIAN P0lta' 3 *

$0 305 KEWAUNEE X YES ,

50-373 LASALLE 1 X YES 50-374 LASALLE 2 X 50 352 LIMERICK 1 X X

50 353 LIMERICK 2 X NO 50-309 MAINE YANKEE X NO 50-369 MCGUlRE 1 X NO 50-370 MCGUIRE 2

  • 50 245 MILLSTONE 1 X X YES 50 336 MILLSTONE 2 X 11 0 50 423 MILLSTONE 3
  • 50 263 MONTICEi.LO X 50 220 Nil 4E MILE POINT 1 X 50 410 NINE MILE POINT 2 X .

X YES 50-338 NORTH ANNA 1 X YES 50 339 NORTH ANNA 2 X NO 50 269 OCONEE 1 X NO 50 270 OCONEE 2 50 287 OCONEE 3 X fl0 50 219 OYSTER CREEK X 50 255 PAllSADES X(3)

X NO 50 528 PALO VERDE 1 X N0 50 529 PALO VERDE 2 X NO 50 530 PALO VERDE 3

  • 50 277 PEACH BOTTOM 2 X 50-278 PEACH BOTTOM 3 X X NO 50-440 PERRY
  • 50 293 PILGRIM X NO 50 266 POINT BEACH 1 X X NO 50 301 POINT BEACH 2 50 282 PRAIRIE ISLAND 1 X NO X NO 50 306 PRAIRIE ISLAND 2
  • X 50 254 QUAD CITIES 1-
  • X

$0-265 QUAD CITIES 2

  • 50 458 RIVER bel 30 1 X 50 261 ROBINSON 2 X X YES 50 272 SALEM 1 YES 50-311 SALEM 2 X X

50 206 SAN ONOFRE 1 50-361 SAN ONOFRE 2 X NO 50 362 SAN ON0fRE 3 X NO 50 443 SEABROOK X NO X YES 50 327 SEQUOYAH 1 X YES 50 373 SEQUDYAH 2 (3) BASE 0 ON STANDING ORDER - 2-1"?P- +-'+Ta - - d--_. -

?

l POWER SOURCE EXAMPLE IN RHR SYSTEM l DEFINITION OF OPERABLE

' NORMAL ANO "El.ECTRICAL POWER SOURCE  !

EMERGENCY" POWER" EXCEPTION 00CKET PLANT NAME i l

50 498 SOUTH TEXAS 1 X N0 NO l 50 499 SOUTH TEXAS 2 X 50 335 ST LUCIE 1 X NO l N0 l 50-389 ST LUCIE 2 X 50 395 SUMM"! X NO 50 280 SURRY 1 X NO 50 281 SURRY 2 X NO 50 387 SUSQUEHANNA 1 X 50 388 SUSQUEHANNA 2 X ,

50-289 THREE MILE ISLANO 1 X NO i

50 344 TROJAN X YES l

50 250 TURKEY POINT 3 X NO 50 251 TURKEY POINT 4 X N0 i l

50 271 VERMONT YANKEE X N0 50 424 V0GTLE 1 X NO 50 425 V0GTLE 2 X NO 50 382 WATERFORD 3 X NO 50-397 WNP 2 X NO 1 50 842 WOLF CREEK X NO 50-029 YANKEE R0WE X NO 50 295 ZION 1 X YES(4) 50 304 ZION 2 X YES(4)

TOTALS 111 PLANTS 56 55 29-YES (4) FOR MODE 6 ONLY l

l

'#  % UNMEDSTATES 8 NUCLE AR REGULATORY COMMISSION f.

r

,cI W ASHINCT ON. D. C,20$b5 g /

EDO Principal Correspondence Control FROM: DUE: 07/10/92 EDO CotJTROL: 0007825 DOC DT: 06/10/92 FItJAL REPLY:

Thomac Ge Dunning NRR TO:

James M. Taylor FOR SIGtJATURE OF: ** GRt1 ** CRC tJ0:

Executive Director ROUTItJG:

DESC:

Taylor DPO OtJ REGULATORY AtJD TECHtJICAL SPECIFICATIOPJ W iszek REQUIREMEtJTS FOR ELECTRICAL POWER SOURCES Thompson DATE: 00/10/92 Blaha Hurley, tJRR COf1 TACT:

Bird, OP ASSIGtJED TO:

DEDR Bateman SPECI AL ItJSTRUCTIOtJS OR REMARKS:

n t

o 1

Enclosure 1

- ._ _ _ _ _ _ - -

Retrieved from "https://kanterella.com/w/index.php?title=ML20127M073&oldid=3465693"