ML20134P910
| ML20134P910 | |
| Person / Time | |
|---|---|
| Issue date: | 11/27/1996 |
| From: | Rosenthal J NRC OFFICE FOR ANALYSIS & EVALUATION OF OPERATIONAL DATA (AEOD) |
| To: | Collins M NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM) |
| References | |
| NUDOCS 9611290367 | |
| Download: ML20134P910 (196) | |
Text
.. -
s>m(8:oq t
UNITED STATES j)-
j NUCLEAR REGULATORY COMMISSION
+-
2' WASHINGTON, D.C. 2006tM001.
..... p' November 27, 1996 MEMORANDUM TO: Michael D. Collins Document Control Desk Information and Records Management Branch Office of Information Resources Management FROM:
Jack E. Rosenthal, Chief
[p Reactor Analysis Branch r
Safety Programs Division Office for Analysis and Evaluation of Operational. Data
SUBJECT:
LOSS OF SPENT FUEL POOL COOLING PRA: MODEL AND RESULTS (INEL-96/0334)- APPENDIX A-D Attached is Appendix A to the above report prepared, under contract, by staff at the Idaho National Engineering Laboratory. The original report was forwarded to you on September 10,1996. Please submit the Appendix to NUDOCS an'd Central Files, and l
make it available to the public.
i
Attachment:
As stated cc w/o enclosure: E. Hayden, OPA
\\ hC[
t 290036 fg-I-3 m, e w,PDR ht,bkC}l)ktg(gy[:p,f:p Mh.
c APPENDlX A - SPENT FUEL POOL MODEL This appendix summarizes the event tree / fault tme developed in this study to analyze spent fuel pool risk for a variety of plant configurations and operating practices. We following sections discuss the modeling approach, the key model featums, the initiating events tmated, the event tmes for sequences leading to pool heatup and event trees for post heatup sequences, and system fault trees. Appendix B discusses the quantincation of basic events, Appendix C discusses the human n: liability analysis, and Appendix D provides the key modeling assumptions.
A.1 Modeling Approach This study is aimed at the quantitative evaluation of loss of spent fuel pool cooling (SFPC) scenarios up to the point of pool boiling and the qualitative evaluation of the risk associated with these scenarios. The risk stems from three groups of scenarios: those that involve the active fuel in the core, those that involve the spent fuelin the spent fuel pool, and those that involve both. The models developed in this study address all three groups.
It is useful to note that, with respect to scenarios that can affect the core, the modeling approach employed is analogous to that used in the analysis of the so-called external events (e.g.,
intemal Gres). This approach divides the accident scenario analysis into three portions: a) the quantitative hazard analysis (e.g., the frequency of fires of a given size in a given location), b) the equipment fragility analysis (e.g., the conditional probability of damage to a given set of equipment, given the fire), and c) the plant response analysis (e.g., the conditional probability of core damage, given the loss of the given set of equipment). In simplified mathematical form, CDF = [ Aj$gj$cdij.ed (A.1) j whem A is the frequency of hazard scenario j, $
is the conditional probability of equipment j
4 damage, given hazard scenario j, and $y is the conditional probability of core damage, given equipment damage and hazard scenarioj.
In this study, it can be seen that A corresponds to the near boiling fmquency (NBF) j associated with a given scenario; this is assessed quantitatively. De term $, on the other hand, 4
is not quantined in this work. (This tenn is highly dependent on the particular geometry, equipment layout, and ventilation conditions for the plant being analyzed. Furthermore, the analysis of heat and mass transport needed to support quantification is beyond the scope of this limited study.) Qualitative issues affecting the likelihood of equipment damage are discussed in the main body of this report. The term $,is not treated in this work, but can be quantified using the j
intemal events model for the plant in question, as long as the likelihood of operator errors is not drastically affected by the spent fuel pool boiling event.
A.1
l A.2 Key Features he SAPHIRE Version 5.0 [A.1] software package is used to implement the event / tree fault tree model documented in this appendix. The fault tme linking approach employed by SAPHIRE ensures that shared equipment dependencies between top events (e.g., due to common support systems) are properly treated. Other dependencies (e.g., sequence-dependent human error probabilities) are treated using the SAPHIRE capability to employ user-defined rules for assigning different fault trees to different event sequences.
Note that the models described in the following sections are based largely on the Susquehanna plant, a two-unit boiling water reactor with two spent fuel pools, a SFPC system powemd off of a non-safety bus and cooled by non-safety service water, residual heat removal (RHR) assist cooling as backup to the SFPC system, and a safety-related emergency service water systern to provide makeup when nonnal pool makeup is unavailable or inadequate. He event tree models are expected to be generic enough to allow analysis of a variety of other plant configurations. (For example, they can treat plants where the fuel pools are not cross-tied, as they are at Susquehanna.) However, the success criteria and the fault trees developed are appropriate to Susquehanna.
A.3 initiating Events and Cases The initiating events modeled are derived from the master logic diagram shown in Figure A.1, comparison with the list ofinitiating events treated in Ref. A.2, and comparison with the list of initiating events treated in Refs. A.2 and A.3. He classes of initiating events treated in this study are as follows:
Loss of Spent Fuel Pool Cooling System (LOSFP)
His event includes loss of the SFPC system due to hardware failures and human errors. It also includes system loss due to loss of cooling to the SFPC heat exchangers and due to internal flooding and fires.
Note that in principle, the loss of heat exchanger cooling, internal flooding, and internal fires should be treated as separate initiating events, since these causes for loss of SFPC might also affect other parts of the plant. (At Susquehanna, heat exchanger cooling is nonnally provided by a non-safety service water system.) These events are intentionally grouped with direct losses of SFPC because of the limited scope of this study, and because the results of Ref. A.2 indicate that, at least in the case of Susquehanna, the contributions to risk from the loss of service water and internal flooding initiators are relatively small.
In this analysis, the LOOP event includes the extended LOOP and station blackout (SBO) events.
A-2
Spent Fuel Pool Heatup I
I Inadequate Excessive Loss of Heat Removal Heat Load Inventory i
I I
I Loss of Flow Inadequate Inadequate Loss From SFP Boundary Seal Through SFP HX Heat Xfr Heat Xfr Cooling Failure Failure Through SFP HX To UHS System L
I I
I I
I I
I I
I I
I I
Loss of Loss of Flow Loss of Loss of Boundary Flow Irpact Non-Impact Mechanical Support Suction Pumps Blockage Heat Xfr UHS Failure Diversion Failure Failure Failure Systen Path Failure l
I I
I I
I I
I I
I I
I I
I Kater less of Hardware Surport incorrect Fouling Fouling Lees of tRS Pipe fM hbe incorrect Missilee Lead Seismie Other Breakage Displaceswet Service Level NPSg thave11. System Velve SWS ter Heatg Failure Failure Velve Drty Failure (Corrosion, air Drop thavail.
Lineup equivalenti Lin=@
Vibration.
Cyclirq
.)
Figure A.1 - Master Logic Diagram for Spent Fuel Pools
l Imss of Spent Fuel Pool Inventory (LINVR) -
4 j
nis event includes losses of inventory from leaks / breaks from the failure of piping or.
i L
gates / seals. Only leaks / breaks for which the outgoing flow rate exceeds the normal i
. makeup flow rate are considered. Losses of inventory due to structural failure of the spent l
l fuel pool boundary (e.g., due to missiles, heavy load drops, thermal stresses) are not treated. This category of events may need to be re-examined, depending on the quantitative
- j results of the models documented in this study.
I i
_ Loss of Primary Coolant (PLOCA) i His event covers pipe break LOCAs in an operating unit and special outage-associated
]
- LOCAs (both "J" LOCAs, i.e., connected system LOCAs, and "K" LOCAs, i.e.,
)
maintenance-induced LOCAs)in a unit undergoing refueling. LOCAs during operation are i
j of potential concern because they can, for some plant designs, lead to an automatic trip of the SFPC system, and because they create a demand for the RHR system, which serves as i
an attemate cooling system for the spent fuel pool. In the case of the J and K LOCAs, the l
event provides a potential means for quickly draining the spent fuel pool down to the l
bottom of the transfer gate.
Seismic Events (EQE) l i
His event covers seismically-induced losses of offsite power, SFPC piping mtegrity, and
{
spent fuel pool boundary integrity. Two classes of earthquakes are treated: those with peak ground acceleration (PGA) between 0.2g and 0.6g, and those with PGA above 0.6g.
He specific initiating events addressed in this analysis are listed in Table A.I.
Events i
occurring during refueling are treated differently than those that occur during operation. In the case of LOSFP and LOOP, distinctions are also drawn for events occurring during a 1/3 core offload i
refueling and those occurring during a full core offload refueling.
i ne following different plant configurations (" cases") are analyzed. Table A.2 presents a comparison of the cases considered in this study and those considered in Ref. A.2.
Case 1 - Both units operating.
l j
1 Case 2 - Unit 2 operating, Unit I refueling (1/3 core offload).
1 Case 3 - Unit 2 operating, Unit I refueling (full core offload).
i T
A-4
I i
i i
Table A.1 - Initiating Event Fmquencies (Instantaneous) l Inhimuna Event Desabwian '
Ivm(/yr)
Sourm LSFPI loss of SFPC system, Case 1 2.4E-2 Data (see Am.B) f LSFP2 less of SFPC system, Case 2 2.8E-1 lhta(see Am.B)
LSFP3 less of SFPC system. Case 3 2.8E-1 Data (see Am. B)
LPI tm6s of offsite power. Case 1 8.0E-2 Ref. A.4 I.P2 less of offsite power. Case 2 8.0E-2 Ref. A.4 LP3 loss of offsite power. Casc 3 8.0E-2 Ref. A.4
[
LINVC larne loss of inventory, Case 1 2.0E 3 Data (see Am.B) l LINCS '
Smalllons ofinventory Case 1 5.0E-3 Data (see App.B) 1.INVR larse loss ofinventory, Cases 2 and 3 2.0E-2 Data (see App.B) 1.INRS Small loss ofinventory, Cam 2 and 3 3.0E-2 Data (see Am.B) f Pl.OCA Pnmary LOCA, Case 1 1.5E-2 Ref. A.5 PLOCR Pnmary LOCA, Cam 2 and 3 1.2E-1 Ref. A.6, A.7 (see A.pp. B)
EOE Seismic event (0.2g < PGA s 0.6g)*
1.2E-4 Ref. A.8 f
i
- Eanhquakes with PGA > 0.6g are for the purposes of this analysis, assumed to lead directly to core damage (with frequency 3.2E-6/yr).
i Table A.2 - Mapping ofINEL and Ref. A.2 Cases Unit 2 operating, Unit 2 operating, Unit I refueling Unit I refueling Both units operating (1/3 core discharge)
(full com discharge)
INEL Case #
1 2
3 Ref. 3 Case #
1,2 3, 4, S' 3,4,5
'Not clear if Ref. A.2 tmats 1/3 com discharges L'
1' A.5
i A.4 NSF Event Trees and Success Criteria
)
j In general, the structure and level of detail of the NBF event tmes am similar to those of j
j the event trees presented in Ref. A.2. The three key differences are as follows.
}
i i
1)
Dose tmes that modelinitiators with potential dimet impacts on the core (LOOP, seismic, PLOCA) include a top event (UNREC) indicating if mcovery is uncomplicated. Assuming
(
l that operators are generally more concerned with the core than the spent fuel pool, a
~
l complicated recovery can inhibit the operators from devoting sufficient resoumes to deal j
with the spent fuel pool in a timely fashion. Appendix B provides the operational defm' ition l
l for complicated scenarios used in this analysis.
i 2)
De trees explicitly allow for the possibility that operators will not respond to the initiating event until pool boiling occurs. This delay can be due to lack of awareness (e.g., failed instrumentation) or distraction (e.g., due to a complicated recovery). Note that the AEOD i
database includes a number of events in which operator response was delayed for many j
j hours, although none were delayed to such an extent that pool boiling occurred.
I 3)
De LOOP, seismic, and primary LOCA trees mpmsent the possibility of " direct core i
damage" (i.e., core damage not due to the consequences of a spent fuel pool scenario) for i
complicated scenarios. The purpose of this tmatment is to ensure that any final core j
damage frequency estimates developed from the results of this study do not double count risk contributing scenarios. (Thus, for example, station blackout scenarios which lead j-directly to core damage are not included in the NBF estimation, even though they could lead to pool boiling.)
l This section contains the event trees for near boiling frequency (NBF), the top event definitions, and the success criteria associated with each top event. The event trees appear on the l
1 following pages:
l I
initiating Event Cinc. Cace Unitiating Event)
Egggs Loss of spent fuel pool cooliag, Case 1 (LSFPI)
A.9-A.10 Loss of spent fuel pool cooling, Case 2 (LSFP2)
A.11-A.12 j
Loss of spent fuel pool cooling, Case 3 (LSFP3)
A.13-A.14 Loss of offsite power, Case 1 (LPI)
A.18-A.21 l
Loss of offsite power, Case 2 (LP2)
A.22-A.25 l
Loss of offsite power, Case 3 (LP3)
A.26-A.29 Large loss of inventory, Case 1 (LINVC)
A.35 L
Small loss of inventory, Case 1 (LINCS)
A.36 Large loss of inventory, Cases 2 and 3 (LINVR)
A.37 Small loss of inventory, Cases 2 and 3 (LINRS)
A.38 Primary LOCA, Case 1 (PLOCA)
A.42-A.43 i
Primary LOCA, Cases 2 and 3 (PLOCR)'
A.44 Seismic event (EQE)
A.48 A.6
i The endstates for these trees are defined as follows:
OK Scenario recovery is successful CD Core damage i
FPIS1 - Boiling; scenario involves loss of SFPC, spent fuel pool (SFP) level is not maintained FPIS2 Near boiling of SFP; scenario involves late restoration of SFPC FPIS3 Steaming; scenario involves use of attemate cooling system; SFP level is maintained FPSF1 Combination of end states FPISI (boiling) and FPISF (flooding) j FPSF2 Combination of end states FPIS2 (near boiling) and FPISF (flooding)
FPSF3 Combination of end states FPIS3 (steaming) and FPISF (flooding)
Note.that the direct core damage (CD) endstate is treated only to ensure that scenarios which lead to core damage before pool boiling are excluded from the analysis; the CD endstate is j
not modeled for some sequences where SFP cooling is assured. The resulting CD endstate frequencies are provided for accounting purposes only, and should not be interpreted as representing the total core damage frequency.
l 4
i r
i 1
i 4
A.7
A.4.1 Loss of Spent Fuel Pool Cooling Three event trees are used to model this class of initiating events. Event tree LSFP1 deals with Case 1 LSFP2 deals with Case 2, and LSFP3 deals with Case 3. The event trees, top event definitions, and success criteria are listed in the following pages. Note that each event tree has one transfer tree.
l A-8
5 31 231 T SSSSS1 V
F C
I I I I KKKKPPPP S
V OOOOFFFF L
S 1 23 5G78 0
Q 4
1 ES 9
C i
i T
i' L
A is I
y S
L Q'
i t
R*,,
IP
(
t i
R n
e u
do e
m N
n E
g f.
o n
PO R
i C
le n
u i
f i
s e
r t
m 5
t s
n S
V ty e
o G
N n
t t
op s
a 2
y U
c n
s R
o
'(e E
d T'w it O
c n
C a
e to n
n n
P o
1 s
c ea F
U e
s T
S te s
Gm A
o 1:
T S
rc
?
G f
e P
o s
FS a
C b
s E
1 t
T A
s
?
G o
F L
T Iy PTSL J"
?C t
lill
1 221 V
SSSS C
I I I I KKKPPPP VS OOOFFFF 1 234567 Q
E h
S
@7 C
T L
L A
i
- T s
R i
y
- 4 it 1
R l
i 4
b P(
a p
a
.c it n n
o 1
ui
- Y s
t
%L 1
c S
e e
n n 7
o no in c gs n s
'#c i o l
r R
or E
o c X'sm O
cP PF 2,
FS SOo LN f"s. T 1
- ea l
F e S E.
L
>5
3I 231 T SSSS3 2 V
F C
I I I I 1 KKKKPPPPpS V
OOOOFFFFpL S
1 23 567890 Q
4 1
ES i
C i
i1 i'
TL w
A e
do m
1 1
5 q
le SL g
in u
fe IP' r
t R
i,,
n 1
on t
2 i
N n
U E
g P
u O
G d
=
n o
.a lo i
f 1
m 3
y f
t o
S y
t e
g s
e t
e r
r s
o c
y c
n s
R w
3 y
/
r a
C t
1 o
n r
P n
n 1
e F
U s
c to~
T s
S s
A
=
G 2
T r
S c
G f
e W
o sa C
s E
- m T
s AG o
F
?v L
2 y
PFSL v
[~
k
e[
I 22I SSSS VC I I I I KKKPPPP V
OOOFFFF S
1 234567 Q
E e
e S
C C
-T a-L W
A 1
s
'y 1
S
@g L
T 1
R y
y R
it 1
l ff ibo e
po
,c it n n o ui t
y s
t lp e c 1
e S
n n
7 o n o
n c i
gs i
in s c
l o
d R
or oc J'
E O
c P
PF R
FS S
Oo LN
{
T EF S
T L
pG
^
31 231 T SSSSS 3 P
V I I I I I C
KKKKPPPPPS V
OOOOFFFFFL S
1 23 567890 Q
4 1
ES h
C a
i' i'
T d
LA L
e do s
m i
I "f
S
- 2 L
g f
n ileu 3
fe F
r
'1 I
- 3 R
8"%
1 non t
i N
n 2
E U
P u
O m.
G d
n o
2 lo i
m f
"o f
t S
y o
Au.
t4 e
b T
a t
e p
s r
o o
c y
c n
s R
.o l
e.
E i
l r
u i
i-O c
C F
e n
n P
2 o
1 F
U e
T 0
S ss A
2 o
3 a'"
T r
S c
s G
f e
P o
s FS a
C o
E N
s 4
T s
A A.
G o
F 7
L 7
3 P
_ F
%: _ S
_ L
>. U
I 221 SSSS VC I I I I KKKPPPP V
OOOFFFF S
1 234567 Q
E b
S C
-T LA 1s
%'Y*L I
S a
1 R
i y
- 4 it 1
R l
4a ib Fc opo
,c it n n o 1
ui s
%'YL tc 1
e e S
n n
?
o n
o n
i c gs n s
'#c i o l
r R
or oc
- 's,
E
,v c
O P
5 PF FS SOo LN T
Mi 3
WcJ-F S
L
>. E t
l i
i,
k Top Event Definitions - Loss of Spent Fuel Pool Cooling System Event Trees LSFPI Loss of SFPC system at Unit I while both units are operating (Case 1). (Inidating events LSFP2 and LSFP3 treat Cases 2 and 3.) This imtiating event is analyzed only for cases whem the spent fuel pools am not inidally cross-connected.
FGATE A flag event: the plant being modeled has the capability to cross-connect the spent fuel pool by opening a gate (or gates). (Note that the upward branches in the event tree, per the usual convention, represent a "yes or success" answer to the top event question.)
GSTAT Status of cross-connect gate (s): the spent fuel pools am cross connected or not at the dme ofinidating event.
OER Operator response to the loss of SFPC system: operator attempts to restom SFP cooling soon after the initiating event.
S1 Restoration of the SFPC system: operators successfully reestablish cooling.
GOPEN Opening of the gate: operators successfully open the gate (s) and cross-connect the spent fuel pools.
i R1 RHR cooling: operators successfully reestablish cooling using the Unit 1 RHR.
LSI Late mstoradon of the SFPC system: similar to the top event S1 except all the actions must be taken mmotely. (This top event is challenged when the pool has reached near boiling conditions. It is assumed that by this stage, there are a muldtude of indications and alarms that will notify the operators of the SFP problems.)
ALT-C Alternate cooling: operators successfully establish evaporative /boiloff cooling by providing water using alternate cooling (e.g., fire water system).
4 1
4 1
A.15
i n
Success Criteria - Loss of Spent Fuel Pool Cooling System Event Trees Case 1 (LSFP1) i S1 RI 131 ALTC i
1 of 3 SFPC pumps 1 train RIIR 1 of 3 SFPC pumps -
Any available si ernate t
4 cooling system 4
Case 2 (LSFP2)
S1 RI 131 ALIC l
2 of 3 SFPC pumps I train of RifR 2 of 3 SFPC pumps Any available alternate i
cooling system Case 3 (LSFP3) l SI R1 LSI AIJC 3 of 3 SFPC pumps I train of RIIR 3 of 3 SFPC pumps Any available alternate cooling system I
I i
s i
4 1
A.16 l
1
)
l A.4.2 Loss of Offsite Power Three event trees are used to model this class of initiating events. Event tree LP1 deals with Case 1, LP2 deals with Case 2, and LP3 deals with Case 3. The event trees, top event definitions, and success criteria are listed in the following pages. Note that each event tree has three transfer trees.
k J
l A-17 l
b 4
b
_2 2 _- E s 2 c s :______22_22___2_222 a'
.a_ _s _u _G _a _u _s _-a s _s _a _s
___ <=
k OIkkkkkkk okIkkkokkkkkkkkkkbkkkkkbI b b.
m
~~a+=**=aE=ta: cste 2st sC2tg28 gRg28RR e,
u t
a L;
- .' :i I'1 8 g
a sp It t" 8
!g m
o k'l{ k l
Nh k i
o 81) s j
a Il
-[
E a
1% t j
, {' 8 t
I O
In 5[
B 5
lE
' lt C-D 1*- =
E d(cib g,
[.
E mu 3
aa I
0-I.I
- t 3
o 3
i A.18
i g
t V
3123t231 23I23I31 231 C
SSSSSSSS SSSSSSSS SSS IIIIIIII IIIIIIII III KPPPPPPPPDPPPPPPPPDPPPDD
~VS OFFFFFFFFCFFFFFFFFCFFFCC 123456789012345678901234 Q
11111111112222P
'E S
C
-~
g T
LA 2
0
,i
,i
,i
,i 1
,i M
SL R
t.
W PL 2
0 "A.
1 ii R
S e
e r
lb W
R la E
io A
O v
o R
e W
d o
P m
V F
t is s
D s
W C
o N
R HR C
d E
o i
R N
N 2a U
n ep R
r;.
o W
.c P
s E
e t
o 2
G 1
0 1
Pe N-G Ss D
Oa LC 1
g A 4t PL
NE NE NE NENNENNE NENESENNE NEENENNENENNENNENE -
-co c.c cc cc ccc.c o c.h6kh.shhwowAshwks.c.cccc.h.c.ccccor cccccccc ccccccc c
chhowAokkCAshk$uch kAhEh h bbkhv.J
~m ocoEk N
E bN b MM E==
m = = = = = = NN N
~~~ T t
N E
5
!g "B b
N 5
a g
o g
t 5 "
I L
8 4
8 s
L
~
L 3
1 a
'.i
=
e j
E 6
8
=
-C v
b l D e
hw 5
N y#
Q E
b
. A.20
.~
. -. _. ~.. - -.
,,.~.
!~
i m-M-
M-M-NM-NM-NM=Nn-M-NM-D, ~
i M tn in th in th m mlo m m th tn to in in ta th m in v. 4 in to tn WWWEEMWEEMEEMEEEEEEEEQEEEEEEEECEEEQQ Q 0 0 6 6 0 0 6 6 0 6 6 0 6 6 6 6 6 6 6 6 0 6 6 6 6 6 6 6t*,U 6ta.6 0 0 rn anm aNM+0ChemO=NM*OcbemO-NM*cchemO=NMeOC
==aa======NNNNNNNNNNMMMMMMM O
O n
a g
N q*, =
i S
e is a
al1$
3 1
N 31 g I
m g
e E
8 O
LS N
~~
b
% =
1 e
el Q
v$*
- a lsi n E
c.
g b I
CL U
O f
E h
w
(
g B
q z
n a
O-t.=
i 1 i
- m u
00 N
JU a
gg C
1 16 b
l 2
o l
U A.
J l
A.21
te h
t
- 2 _2 _: 2 2 _W a _s s _s _N E _E E E. E _D :
~~
E.E._s_s_a_s_Wa_st t t t t t t t B E _2 _ 2 _2 _:t t t t t E _t t t t t t t t t t t t t t t t t t 6 b, b
<a o
E aweine*** 2 : 2 2 2 0 2 2 *
- 2 g % C g 2 2 2 2 2 R ;; M 2 M R R R R u
3 E
5'1 8 g
7 I'l a
j F
e f
b i
l'.J e
[II E 1
gl 9 l
bl s
e 14 t IF e
.ee B
li E
g l
E a
a g
h i
C
) 5
.~
O b
Oso a
3 m
e<
j-o N
b I,
a 1
A.22
k V
31231231 23123I31 23I C
SSSSSSSS SSSSSSSS SSS IIIIIIII IIIIIIII III V
KPPPPPPPPDPPPPPPPPDPPPDD S
OFFFFFFFFCFFFFFFFFCFFFCC 1234S6789012345678901234 Q
111111 111122222 ES h
C M
T r'
L A
2 0
l
,i 1
M S
L R
O.- W P
L 2
0
,i "J~
1 R
S e
lb R
T'v,,
O ia E
la 3
va R
e
'J 7-W do 7
P m
- J VF tsis D
s C
a I
N RHR C
E F
o R
N N
U nep O-.
R o
W
?
P s
E e
ta 2
G 2 0
1 Pe G
Ss N'
D Oa LC e
2 4
A m P L
> 9"
~ ~..
= _.... _
_. _. ~...
m 6
I i
I
. i.
NE- 'NE NE SENNENSE SENENENNE NEEEENSEEEEEENOENE g tr arturrurrrrrrrrourrrrrrrrcurrrrrrrrrrrrrrrrrr.
COCEEcokEchEckshAkhAbuckk6hAE66wowwLkhwwwkwwwwAb6LEUa s
m W4 dluit et g.6.ut WG G4 N
U t
eJ
__4 gg_g
~~
T
~~
~~
~~
L 1^ =s l
b N
a g1 l
Q g
1 P
't a
.I b
i T'
6 n
L L
a i
R e
_E D
U 1
~
by a.
8"8
~=
5 2
b A.24'
89 W
W W
W W
W W
W W
W Ge mm'Gm.mmmmmmmm mmmmmmmm mmm MMM55MM55M55M55555555055555555055500 k
O O O A A C O k h 0 A A O A A A A A A A AU A A A ta.k. A A A U A sa. A R U w
=
NNNNhN Mbn M o G
==
Wmm N
N U
1 3
~~
4 t
n.-
N
~~
s f,l1 m
3 4
N l
6 E
1 e
8 O
O
[
N
-~
a M
1
=m il O
5
' 01y II})
MW k
a.
g a
e
>{ 8 g
i a
k r
o M
Q) a g
E
g D
E x -
o O
i n
b n
Oo g
JU
}
7 i
}g O
E C
W j
S A.25
an
+u
_.,43
[
a II 81 h
a
- n.
6 dk 5 6
iF e.
m 8
k U
E=
II c'
1
=
b j
'e>
I:.
2 8
av 1
6 I
C j.
o
..g A.26
)
1'
- I
- 1
.I a
- l!.ijii l
i 2i t
s k
?
9 V
31231231-23123131 231 C
SSSSSSSS SSSSSSSS SSS IIIIIIII IIIIIIII III V
KPPPPPPPPDPPPPPPPPDPPPDD S
OFFFFFFFFCFFFFFFFFCFFFCC 123456789012345678901234 Q
111111111122222 E
S
's C
g T
LA 2
M's 0
,i ii
,i
,i 1
S L
R g"*W PL 2
- g 0
1
,i 1'J R
S e
V,e lalb R
y E
ia A.
O va R
e L*
W d
o I
P m
W V
F ts is D
7*,
s C
o N
R HR
- 4 C
E R
o N
N U
,n ep R
o J7 WP s
1 E
e ta 2
G 3 0
1 Pe G
Ss 9'
D Oa LC 3
3 AP 1
L a
>i*
i l14
-~
5-t i
i i.
k 1,,
i l
[
i 1
1 un-n-un-e-un-~n-n-b.
B-n-n-un-reerneer eressensesseresser a n-n-
n-n-nn-un-en en er enererne i
WWWAAWWAAWAAWAAAAAAAACWAAAAAAAAA AAAAAAAAAAAAAAAAAAAA a
e COOA600AbokkO6666A6hhvokAw6hw66h whhhhhhhAAAAAA66hhva 5
b n
er er er d')
me me====
N U
t t
ka l
0 j
4 N
~~
L
=
i 11 m
of b s
N a
a g1 i
a
?
l g
t 2
o g-g 1
s a
i a
v l
d_
s 5
f I
E a
E a
N
~ ~ ~
I
'!l m
b i
n b
g b
.n
\\
I W
N Q,v
-o e
c a
b A.28 i
,'i*,
e
-4OM@
e e4 4+&4_m.3 E,,-,s.4 a sas
_.e_m2_
J a._
.a 4.m 4..m,,.his..%--u_r._.314 shim.
L a-__.ibde-Am-4.-m--4.M-s,=4m=
44
_E.L--as.
mA-
.-4w.#---._e
.Je
..t '
l 1
I 4
)
I I
4 f
4 1
MM MM MM MMNMWNMM NMMNMMMM NMM mm wm mm mmmmmmmm wwwwwwww wmm AAAA&&AAQAAAAAAAACEEEQQ MMMEEMM AAMAAW
- d OOOAAOCAAQAAQAAAAAAAAUAAAA6AAAUAA600 w
==
f
- PIM + c @ b e m C = N M + c e b e e c = N M + 0 c h m m O a N M 9 0 0 mwa=======NNNNNNNNNNMMMMMMM 4
7 h
b 4
Uib I
A
-A i
t l
~~
~~
g y) 8 A
t t
'l E
- a >
i r
A f
J s
N k
g 4
0 i
i
[4 g
,k o
=
0 r
N b
6 i
i l
4 f
w:
i a
I g
e e)
'ih
{
e E
O r
y N
i g$ k
{
3 l
Q U
z i
b
[
v 8
l 4 i a
B x
}'
)
p m
o E
O y
on a
b Oo i
N
>U O
2 Q
u O
4 n.
A s
3 -
A.29
r Top Event Definitions - Loss of Offsite Power Event Trees LP1 Site-wide loss of offsite power while both units am in operating mode (Case 1).
(Initiating events LP2 and LP3 tmat Cases 2 and 3 refueling unit; i.e., unit 1, for 1/3 offload and full offload, mspectively.)
GSTAT Status of cmss-connect gate (s): the spent fuel pools am cross connected or not at the time ofinitiating event.
DG1N2 Availability of all (four) emergency diesel generators (EDGs).
EPWR Early offsite power recovery: offsite power is recovered in 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />. (If all EDGs fail, it is assumed that the com cannot be cooled past 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> since DC power will last only for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />.)
UNREC Uncomplicated recovery on primary side: operators are not distmeted from restoring spent fuel pool cooling prior to boihng.
NCD No com damage. This top event is questioned only during scenarios involving complicated recovery.
FVPWR A flag event: the plant being modeled has the capability to load SFPC pumps on EDGs.
OER Operator response to the loss of SFPC system: operator attempts to restore SFPC soon after the initiating event.
SR102 Restoration of the spent fuel pool cooling: operators successfully reestablish cooling using SFPC or RHR from either unit.
LPWR Late offsite power recovery: offsite power is mcovemd after 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br />. (After 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> it is assumed that RHR cannot be used.)
LS102 Late mstoration of the SFPC system: operators successfully reestablish cooling using SFPC from either unit.
A LT-C Allemate cooling: operators successfully establish evaporative /boiloff cooling by providing water using the alternate cooling system (e.g., fire water system).
DG102 No station blackout : between 1 and 3 EDGs are available.
S1 Restoration of the SFPC system: operators successfully mestablish cooling to Unit 1 SFP.
S2 Restoration of the SFPC system: operators successfully mestablish cooling to Unit 2 SFP.
GOPEN Opening of the gate: operators successfully open the gate (s) and cross connect the spent fuel pools if the SFPC in one of the unit fails.
RIR2 RHR cooling: operators successfully mestablish cooling in both SFPs using RHR for the respective units.
l LSIN2 Late restoration of the SFPC system: operators successfully reestablish cooling in both SFPs using SFPC for the respective units.
A.30
Success Criteria - Loss of Offsite Power Event Tree-Case 1, Gates Open DGs Available Offsite Power SRIO2 LSIO2 ALT-C All Early recovery 2 of 6 SFPC pumps or 2 of 6 SFPC pumps Any available alternate I train RIIR in any unit cooling system All Late recovery 1 train RIIR in any unit 2 of 6 SFPC pumps Any available alternate cooling system A!!
None I train RilR in any unit Not modeled Any available alternate cooling system Some Early recovery 2 of 6 SFPC pumps or 1 2 of 6 SFPC pumps Any available alternate train RIIR in any unit cooling system Some Late recovery Not modeled 2 of 6 SFPC pumps Any available alternate cooling system Some None Not modeled Not modeled Any available alternate cooling system None Early recovery Not modeled 2 of 6 SFPC pumps Any available alternate cooling system b
Case 1, Gates Not Open DG power Offsite Power St S2*
RIR2 LSIN2 ALTC All Early recovery I of 3 SFPC pumps in 2 of 3 STPC pumps in I train of RIIR in the 1 of 3 SFPC pumps in Any available alternate Unit 1 Unit 2 unit where no SFPC each unit cooling system pump is available All Late recovery I train of RllR in each I of 3 SFPC pumps in Any available alternate unit each unit cooling system All None 1 train RilR in each Not modeled Any available alternate unit cooling system Some Early recovery 1 of 3 SFPC pumps in 2 of 3 SFPC pumps in I train RIIR in the unit 1 of 3 SFPC pumps in Any available ahernate Unit 1 Unit 2 where no SFPC pump is each unit cooling system available Some Late recovery Not modeled Not modeled Not modeled 1 of 3 SFPC pumps in Any available alterns:e each unit cooling system Some None Not modeled Not modeled Not tr-odeled Not modeled Any available alternate cooling system None Early recovery Not modeled Not modeled Not modeled
, I of 3 SFPC pumps in Any available alternate I each unit cooling system
- Given SFPC system in Unit I fails
I 4
i Case 2, Gates Open f
DC power Offaite Power SRIO2 LSIO2 ALTC l
All Early recovery 3 of 6 SFPC pumps or 3 of 6 SFPC pumps Any available alternate I train RHR in any unit
'coolina system All late recovery I train RHR in any unit 3 of 6 SFPC pumps Any available alternate cooling system i
All None I train RHR in any unit Not modeled Any available alternate coolina system Some Early recovery 3 of 6 SFPC pumps or 3 of 6 SFPC pumps Any available alternate
[
l train RHR in any unit cooling system
[
Some Late recovery Not modeled 3 of 6 SFPC pumps Any available alternate coolina system Some None Not modeled Not modeled Any available alternate cooling system
{.
None ~
Early recovery Not modeled 3 of 6 SFPC pumps Any available alternate cooling system p
Case 2, Gates Not Open y
DG power Offsite Power St S2*
RIR2 LSIN2 ALT-C l
All '
Early recovery 2 of 3 SFPC pumps in 2 of 3 SFPC pumps in I train of RIIR in the 2 of 3 SFPC pumps in Any available alternate f
Unit 1 Unit 2 unit where no SFPC each unit cooling system
{
tiump is available All Late recovery I train of RHR in each 2 of 3 SFPC pumps in Any available alternate unit each unit cooling system
{
All None I train of RHR in each Not modeled Any available alternate unit coolina system Some Early recovery 2 of 3 SFPC pumps 2 of 3 SFPC pumps in I train of RilR in the 2 of 3 SFPC pumps in Any available alternate l
Unit i Unit 2 unit where no SFPC each unit cooling system I
pump is available j
l Some Late recovery Not modeled Not modeled Not modeled 2 of 3 SFPC pumps in Any available ahernate each unit coolina system i
Some None Not modeled Not modeled Not modeled Not modeled Any available ehernate coolina system None Early recovery Not modeled Not modeled Not modeled 2 of 3 SFPC pumps in Any available ahernate each unit cooling system
- Given SFPC system in Unit I fails i
Case 3, Gates Open DG power Offsite Power SRIO2 13102 ALT-C All Early recovery 4 of 6 SFPC pumps or 4 of 6 SFPC pumps Any available alternate 1 train RIIR in any unit cooling system All Late reovery I train RilR in any unit 4 of 6 SITC pumps Any available alternate cooling system All None I train RIIR in any unit Not modeled Any available alternate cooling system Some Early recovery 4 of 6 SFPC pumps or 1 4 of 6 SFPC pumps Any available alternate train RilR in any unit cooling system Some Late recovery Not modeled 4 of 6 SFPC pumps Any available attemate cooling system Some None Not modeled Not modeled Any available alternate cooling system None Early recovery Not modeled 4 of 6 SITC pumps Any available alternate cooling system p
Case 3, Gates Not Open d
DG power Offsite Power 51 52' RIR2 131N2 ALT-C All Early recovery 3 of 3 SFPC pumps in 3 of 3 SFPC pumps in I train of RllR in the 3 of 3 SITC pumps in Any available alternate Unit 1 Unit 2 unit where no SFPC Unit 1, I of 3 in Unit 2 cooling system pump is available All Late recovery I train of RIIR in each 3 of 3 SFPC pumps in Any available alternate unit Unit I, I of 3 in Unit 2 cooling system All None I train of RIIR in each Not modeled Any available alternate unit cooling system Some Early recovery 3 of 3 SFPC pumps 3 of 3 SFPC pumps in I train of RilR in the 3 of 3 SITC pumps in Any available alternate Unit 1 Unit 2 unit where no SFPC Unit 1.1 of 3 in Unit 2 cooling system pump is available Some Late recovery Not modeled Not modeled Not modeled 3 of 3 SFPC pumps in Any available alternate Unit 1,1 of 3 in Unit 2 cooling system l
Some None Not modeled Not modeled Not modeled Not modeled Any available alternate l
cooling system l
None Early recovery Not modeled Not modeled Not modeled 3 of 3 SFPC pumps in Any available alternate l
Unit 1. I of 3 in Unit 2 cooling system
- Given SFPC system in Unit I fails
[
l l
t
4 I
4 A.4.3 Loss of Inventory Four event trees are used to model this class of initiating events. Event tree LINVC deals I
with large losses of inventory during operation (Case 1), tme LINCS deals with small losses during operation, tme LINVR deals with large losses during refueling (Cases 2 and 3), and tree LINRS deals with small losses during refueling. The event trees, top event definitions, and success criteria ne listed in the following pages.
i L
I l
A.34 i
- F L
,<l
[
i
,I i
l' C
3I23I 3I 231231 31 21231 21 V
SSSSS SSFPFFFF SS FF SSS PF IISSSSSS IISSIIISS IIIII V
KPPPPPKPPPPPPPP KPPPPPPPPP S
OFFFFFOFFPFFFFFOFFFFFFFFF 5
123 5678901234567890123 4 e
4 11111111112222 2 2
Q E
S 1
W, i'
i' i'
i' i'
1 1a.
R S
P F
P S
U i'
e f
M n
J T
o L
n i
P U
A M
M 1'
C O
R J
eL E
e r,
Tl a L
c O
ti "w.
S nit er I
vc M
E s
yt i rn d'c R
ou t
i E
n T
O eh A
t v o n
iB L
f :
o1 O
- aw S
se I
ss A
oa LC P
F E.
S
's K
L C
- .r V
2c_
N I
L a'
>L"
@f PsrM JJ.,
3#'sr4 M
U@
U@
ygp LINCS LKSFP AISOL OER MISOL ERMUP LTMUP SR11 SEQ #
SV-CV.
,l t
1 OK t
i' 2
FPIS3 3
FPISI 4
FPIS2 i'
5 FPIS3 6
FPIS1
.7 OK l
i' 8
FPIS3 9
FPIS1 10 FPSF2 i'
11 FPSF3 t
L>
12 FPSF1 i
13 FPSP2 i
14 FPSF3 l
15 FPSF1 t
16 OK l
i' 17 FPIS3 18 FPIS1 19 FPSF2 i
20 FPSF1 21 FPIS2 i
i 22 FPIS3 i
23 FPISl~
t 24 FPSP2 i
25 FPSF1 Loss of Inventory Event Tree Case 1: Both units critical Smoll LOCA in one SFP
.. )
m
.-.._.m._
B
- _L*??.!.5 ' %'*
'ltL s.%??
W.
' 2M.
%_M mm _
mm m m LINVR LKSFP AISOL.
OER MISOL ERMUP LTM UP SR31 SEQ #
SV -CV i
1 OK i'
2 FPIS3 3
FPISI 4
FPIS2 i'
5 FPIS3 6
FPIS1 7
OK i'
8 FPIS3 9
FPIS1 10 FPSF2' i
11 FPSF3 W
12 FPSF1 13 FPSP2 i'
14 FPSF3 l
15 FPSF1' 16 OK i'
17 FPIS3 18 FPIS1 i
19 FPSP2 i'
20 FPSP1 21 FPIS2 i'
22 FPIS3 i
23 FPIS1 24 FPSP2
.25 FPSF1 9
Cases 2 and 3: y Event TreeOne unit in refueling mode.
I Loss of Inventor t
e e
. - -,.. -., ~.. -.. ~, ~ -
. ~ ~,. - - -
..,. ~. -
- - -. ~..,.
-,.... ~
,!!l(i!!!i
,a
- l;:
f[
V 31 231231 31 2123121 C
31231 SSSSS SS PPFPFF SS PF SSS FF IISSSSSS IISSIIISS IIIII V
KPPPPPKPPPPPPPPKPPPPPPPPP S
OFFFFFOFFFFFFFFOFFFFFFFFF 5
5678901234567890123 4
~
123 4 11111111112222 2 2
Q ES A
C O
L 1
ll "Y
3 i'
i' i'
i' i'
i' i'
o A
R m
- F S
S T
e P
d 2
U i'
o 2.
M m
T g
C L
n i
l P
e u
U M.
U..
M i'
fe r
V, E
enP.
R e
F i
rT S LO it ne t
W.
S nun e
o I
v e M
En n Oi y
r:
R o3 a;o m
E n
t O
ed v n y
Ina L
f2 O
o 6
s S
s e 0
I ss A
oa LC P
F S
~
m K
- m L
S f4 R
'i N
L*~
I L
>'w"'
l.
Top Event Definitions - Loss of Inventory Event Trees LINVC Large loss of inventory from Unit I spent fuel pool while both units am operating (Case 1). (Initiating event LINCS represents a smallloss ofinventory while both units i
am operating, LINVR mpmsents a large loss ofinventory while Unit 1 is refueling and Unit 2 is operating, and LINRS mpmsents a small loss of inventory while Unit 1 is 4
mfueling and Unit 2 is operating.)
LKSFP Irak is in SFPC system. (Lower branch indicates a leak resulting from failum of the spent fuel pool boundary.)
AISOL Auto isolation of leak due to siphon bmaker. (Applicable only if the leak is in the SFPC system.)
OER Operator msponse to the loss of spent fuel pool cooling system: operator attempts to mstore SFP cooling soon after the initiating event.
MISOL Manual isolation of leak: operator isolates the leak.
ERMUP Early spent fuel pool makeup: operator uses normal or alternate makeup systems. (In refuehng mode, the ECCS can be used to provide makeup.)
)
LTMUP Late spent fuel pool makeup: operator uses normal or alternate makeup systems. (Due to radiation hazards, the operator actions required, e.g., to provide makeup using an 4
alternate cooling system, may be difficult. All the actions must be taken remotely, in mfueling mode, the ECCS can be used to provide makeup.)
i SR11 Restoration of the SFPC system: operators successfully mestablish cooling using either j
SFPC.
i A.39
[
i l
4 1
I Success Criteria - Loss of Inventory Event Trees 1
Case 1 -
i ERMUP L1MtIP SRI 1 r
Normal makeup or any Normal makeup or any 1 of 3 Sf7C pumps or 1 alternate cooling alternate cooling RilR train
]
system system which can be operated remotely I
- Cases 2 and 3 ERMIJP L1MUP SR11 ECCS injection, ECCS injection, 3 of 3 SFPC pumps Normal makeup or any Normal makeup or Any alternate
' cooling available alternate system -
coolina system l
1 1
1 1
i l
1 1
i l
A.40
7 I
l i:
~
A.4.4 Loss of Primary Coolant P
Two event tmes are used to model this class of initiating events. Event tree PLOCA deals with a IDCA when both units are operating (Case 1) and PLOCR deals with a LOCA in Unit 1 when Unit 1 is refueling and Unit 2 is operating (Cases 2 and 3). He event trees, top event definitions, and success criteria are listed in the following pages. Note that the PLOCA event tive i
l has one transfer tme.
s 4
i E
l l
9 i
i a
l 4
I i
i 1
l 1
e l
4 1
4 5
J W
4 a
3 i
A.41 i
i
A 31 231 231 SSSSSSSS V
C I I I I I I I I C
KKKKPPPPPPPPDL V
OOOOFFFFFFFFCP S
2345678901 234 1
1 1 1 1 1 Q
ES e
C f
i' i'
i' T
L A
9a t
c-s S
Ji
- v L
N 7
E P
O 8F C
7a t
i S
5'v RCO A.
/-
D C
N
~
C E
R M
Jt
~.
T A
T L
S C
ee r
t E
T r
A A
3 C
C 4
F O
L y
L A
r S
a E
L im F
rP A
M' C
O L
P Jb
"Ta'T"
- ?;%",'"
J' f7 AT'sr'#c
?%5' 5 74 7,MCP L
h m
PLC-A UNREC NCD OER S1 LSI ALT-C SEQ f SV-CV 1
OK 2
FPIS3 3
FPISI 4
FPIS2 5
FPIS3
'D 6
FPISI 7
FPIS2 8
FPIS3 9
FPISI 10 CD Tr ansfer tree from Primary LOCA No SFP cross connection copobility 5
V 31231 31 C
SSSSS FF IIIIISS V
KKPPPPPPPD S
OOFFFFFFFC
-123 5G7890 4
Q_
1 ES 9
C
-T i'
L A
I S
S i'
L S
~
1 3
3 E
R S
S dna P
U 7
i' 2
V M
W
~
PS se S
s 7%
C a
CE C
E.
O A
C N
O A
L C
I O
E L
T Y
A y
G r
T a
A.
m A.
~
i D
r N
C P
N R
s
/ C E O L
Y.
F
>h i
l Top Event Definitions - Primary.LOCA Event Trees PLOCA Loss of coolant accident in primary system of Unit I while both units are oxrating (Case 1). (Initiating event PLOCR represents a LOCA in the primary system of Unit 1 1
during refuoing, i.e., Cases 2 and 3.)
FESA A flag event: the SFPC system does not trip on ESF actuation in the plant being modeled (rele. ant for Case 1).
FGATE A flag event: the plant being modeled has the capability to cross-connect the spent fuel i
pool by opening a gate (or gates) (relevant for Case 1).
GSTAT Status of cross-connect gate (s): the spent fuel pools are cross connected or not at the i
time of initiating event (only for Case 1).
UNREC Uncomplicated recovery on primary side: operators are not distracted from restoring i
spent fuel pool cooling prior to boilmg. (Relevant for Case 1.)
(NCD
- No core damage. 'Ihis top event is questioned only during scenarios involving i
complicated recovery. (Relevant for Case 1.)
OER Operator response to the loss of SFPC system: operator attempts to restore SFP cooling i
soon after the initiating event.
S1 Restoration of the SFPC system: operators successfully reestablish cooling using either SFPC.
j COPEN Opening of the gate: operators successfully open the gate (s) and cross connect the spent fuel pools.
SR31 SFPC and RHR cooling: operators successfully reestablish cooling using Unit 1 SFPC or RHR.
LSI Late restoration of the SFPC system: similar to the top event S1 except all the actions must be taken remotely.
ALT-C Alternate cooling:, operators successfully establish evaporative /boiloff cooling by providing water using the alternate cooling system (e.g., fire water system).
TGATE Status of a transfer gate: the refueling cavity and the spent fuel pool aie cross-connected at the time of initiatmg event (relevant for Case 2 and 3).
ILOCA lsolation ofleak (relevant for Cases 2 and 3).
OECCS Operators restore the level in the spent fuel pool using ECCS (relevant for Cases 2 and 3).
SFM U P. Operators restore the level in the spent fuel pool using SFP makeup or alternate cooling (relevant for Cases 2 and 3).
A.45
Success Criteria - Primary LOCA Event. Trees Case 1 i
SI LSI ALTC 1 of 3 SFPC pumps I of 3 SFPC pump '
Any available alternate cooling system Cases 2 and 3-OECCS SFMUP SR31 LSI ALTC ECCS Injection Main SFP makeup or 3 of 3 SFPC pumps 3 of 3 SFPC pumps Any available
.j alternate cooling or i RHR train alternate cooling system t
)
f
- (
4 A.46
i l
\\
- A.4.5 Earthquake One event tree is used to model this class of initiating events. Note that earthquakes with peak ground acceleration (PGA) below 0.2g are assumed to have negligible risk impact, and that earthquakes with PGA gmater than 0.6g are assumed to lead directly to com melt (for the purposes of this analysis.) %e event tree, top event defm' itions, and success criteria am listed in the following pages.
A.47
l
!e ir l!
i t
5 ETATS 1
IIS SS II N
KPPDKPPPDPPD E
OFFCOFFFCFFC 4
Q.
123456789012 111 E
S PU
^
A M
TL
,r 1
R
,i ii L
lo O
o C
S P
I J
A leu F
D tn C
i3 e
4 N
p S
ro K
f A
e e
E i
L e
Ms r
N T
t 9
P n
F em v
l S
Ee J**
t D
s N
ey kS au g q n hi E
lo t
d Q
rao E_
i EC
> g,
l Top Event Definitions - Seismic Event Tree l
EQE Seismic initiating event.
1 N DS FP _ No damage to the spent fuel pool structure from the seismic event.
NLEA K No leak through the SFPC system (caused by the seismic event).
NCD No dimet com damage from the seismic event.
AISOL Auto isolation of leak due to siphon bmaker. (Applicable only if the leak is in the SFPC system.)
R1 Restoration of spent fuel pool cooling using RHR.
LTMUP Late spent fuel pool makeup using alternate makeup systems. (Opemtor actions mquired would be difficult; all actions must be taken mmotely.)
i
?
i l
A.49
)
)
Success Criteria - Seismic Event Tree AllCases R1 LufUP No SFPC system or Any available alternate RilR makeup coolina system A.50
A.5 Post-Hestup Event Trees ne post-heatup event tmes (PHETs) treat the progression of selected accident scenarios past pool heatup; one or more separate tmes am developed for each non-successful endstate of the NBF tres. (Multiple imes am mquimd for endstates where steaming and flooding effects am of potentialconcern.) They address the following issues: the spatial isolation of the spent fuel pool from other safety equipment, the vulnerability of expose b
V YY C
KKK VS OOOYY 1 2345 Q
!i dmn R
eras eet vt V
osc c
S em a S
r o r Sfrp S
n M
on mi o t
aois M
e gr oe S pv T
t od S
i rp me tsy S
o.
g t
p V
nd t
o o ieloh lep N
n r
sb S
os Ci iam S
lb r
Sea a
Slne ets t
ut a e s
.v n
rene t
lAe b
)S S
e la S
hs i
a I
t tan-pop P
h r
SiF S
og ta (S P
f n glot i
lo l
Fisis eo x
eo e
rC t
e reta fs n r
nr o
3 e
f e at o S rl tan TA s
I nE er o P
r eo F
fsi c t
nc a
r
'T dr
V YY C
KKK V
OOONN S
1 2345 Q
ES 4
d R
edn oo reoi l t vf o V
o g c o S
emp roo S
r r f p SS M
le p
b o n ro la ps M
iov r
de T
o oiv lod S
t go F
nn i
loogn Cilo t
lo o o o.
nt p V
oC o
P er N
e Cl p S
lea t
b Pa Frd S
un Seo Fr no e
/f, f t
Stl tl Sv nA epd Sna o
)S S
nm to S
e i
I r
tan-p P P
ots S eF S
y f
S tS b
F e
g o (t e
lo ss rg ii Tn F
x lo e
i re o C
fsnaP r
rF o
F TS fCq S
sP n I
E rF eSo P
f o
F s c n o a n r
T m
du
A.6 Fault Trees This section presents the non trivial (i.e., more than one basic event) fault trees. For many of these trees, e.g., for treating the unavailability of the SFPC system and the RHR system (s), the models supporting Ref. A.2 have been used as a starting point. These tmes have been modified using a modeling approach similar in spirit to that used in developing Accident Sequence Precursor (ASP) models (see for example Ref. A.5). Using this approach, components on a single pipe segment are generally gmuped into super-components. In the case of makeup and alternate cooling i.
top events, entire trains or systems of equipment are treated with a single super-component. Also, a number oflow probability failure modes (e.g., normally closed manual valves transferring open during the scenario) am omitted. This simplified approach is judged to be adequate for treating spent fuel pool scenarios whose risk, as shown in Ref. A.2, tends to be dominated by human error contributions.
4 i
i i
1 A.56
I rat g o grm (BOTH UMTS)
+
I I
DCEL EMRATORS k
LI FAL gg 99
% 4 EPS-XK -NOREC g
4 I
l l
"KR 2^
attRA 28 EPS-OGN4C-H EPS-OGN-+ C-B EPS-OGN 4C-2A EPS-OGN4C-28 FAILURE OF UNIT 1 AND 2 DIESEL GENERATORS ALL DIESEL GENERATORS AVAILABLE FOR SUCCESS
W l
Y"'
Il
+
1 1
AtuE'#
Te#rcov[n" DEREfCY power DG 2-F I
I EPS-XFC-NOREC CA,USE DEsa TORS DESE EFERATORS oco2'-vo2
)
-w EPS-OGN-U-AR 00 I
I 1
U MR 2A At GD1 28 r
EPS-OGN-FC-u EPS-OCH4C-B EPS-OGN4C-2A EPS-OGN4C-20 FAILURE OF UNIT 1 AND 2 DIESEL GENERATORS PARTIA._ DIESEL GENERATORS AVAILABLE FOR SUCCESS
I d$b!S h) ocen 1
I
"'%"M "
- ??^l?Cols' tecocr eo.ER oc o -rR I
l EPS-XT -NOREC DESO.
FERATORS CAUSE DESEL EtEPATORS occhnE EPs-ocN<r-aa I
I I
Ett mm EtE OR B E4 2A g.
3 EPS-OGN-rC-MRE EPS-DGN -FC-URE EPS-OGN-FC-2ARE EPS-OGN4C-20RE FALURE OF UNIT 1 AND 2 DIESEL GENERATORS PARTIAL DIESEL GENERATORS AVAILABLE FOR SUCCESS ONE UNIT IN REFUELING
I eoT s
Il i
i AL CO EWfRGENCY POWER 01 l
l EPS-kFC--NOREC DESEL PERATORS CA E g
DESEL EPERATOPS DGALO2 P
EPS-oGN-cr-au 8
i i
I I
EPERA OR M EPE B
ggt pg EPE 20
{J T
EPS-OGN4C-MRE EPS M 4C-U E EPS-OGN4C-2 APE EPS-OGN4C-2fRE r
FAILURE OF UNIT 1 AND 2 DIESEL GENERATORS PARTIAL DIESEL GENERATORS AVAILABLE FOR SUCCESS l
ONE UNIT IN REFUELING
I ratg ogrm (BoTH (nis) b I
I
- sacEpe=S
_Te! Econ'5 Os EPS-XT -NOREC i
i i
ENF M
D-H B mg 2A GET 2B EPS-OGN 4C-ERE EPS-OGN 4C-OHE EPS-DCN4C-2ARE EPS-OGN4C-29RE FAILURE OF UNIT 1 AND 2 DIESEL GENERATORS ALL DIESEL GENERATORS AVAILABLE FOR SUCCESS ONE UNIT IN REFUELING 1
I RISicA*!!s 'dPec REftG LEAK EPSuKPLI I
I P
kEUP T ALCN F
SYSTEMS g CCS,p f g
( h
,f RLGIS01 WP-XK-XA-RCS -
1 I
1 hlTOPROVE t S u (P
S Eu ECCS SYSTEMS FALS FALS FAL T WE WATER S
~g
~
SFP-wtp--REG-F SFP-WLP-ALT-F SFP-W1.P-ECCS-F SVP-WUP-U2-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP ONE UNIT IS REFUELING LARGE LEAK, ISOLATED
I bkh Q
EPSMkRN I
I
[EEN N kCCY b FALURE OF "svS?ss""
- f2PWW i
rm achoi MKP-XtE-XA-RLGNI I
I I
yk39 g
L TO, SYT M S EM 00 m
f Srp-wtp-REG-f SF P-MKP-ALT -F SFP-WUP-ECCS-F SFP-MKUP-02-f SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP.
ONE UNIT IS REFUELING LARGE LEAK, NOT ISOLATED
.s I
RYSicEETE $ ?in AE)
E PSt I
l P
KEtP MA i ECC i
SYSTEMS (REF PC, LK,
- 3 r
RSiltS01 WP-ME-XA-RSh$
I I
I NLTOPR U$
UP S M
FALS FALS FAL TO OVE waygg g
~
SF P-MKtP-REG-F SFP-MKUP-ALT-F SFP-WtP-ECCS-F SFP-MKtP-02-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP ONE UNIT IS REFUELING SMALL LEAK, ISOLATED
l
$?
S?""
- NOT TED EPS N
^
I l
s'rPTKE EC N "Y WKEL C i
SYSTEMS (RE y g,
LK, RSdm01 WP-XK-XA-RSW I
I I
$LTOPR SY EM (P
y FALS FALS FAL TO NK WATER wg b
f SFP-MKtP-REG-F SFP-WlP-ALT -F SFP-WUP-ECCS-f SFP-MKtP-02-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP ONE UNIT IS REFUELING SMALL LEAK, NOT ISOLATED
-.---w-
- --'- - ---""- ~ ' ~ ' ' - ~ - - ' " "
. sa -,.o g
EP Ne I
^
srP P C S ( F 5="5 J. a.EE g,
WP-XFE-xA-RLNG I
I I
f" Y'$$f s
s w L
(
srP-WLP-REG-F SFP-WLP-ALT-F SFP-WUP-ECCS-F SFP-wUP-tJ2-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP ONE UNIT IS REFUELING SFP BOUNDARY FAILURE LARGE
- LEAK, NOT ISOLATED m
I n ?w* W T h.
- srPb*adb>
N Esr Ne I
l s'reTvde "uax'tOSksTIS"
^
s S's=
4%E%
<m as, WP-Xm-XA-QNO I
I NYs#E"
- YYO YE' i,'@N y
S
$FP-WUP-REG-F SFP-WUP-ALT-F SFP-wCP-U2-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION ESFP MAKEUP LARGE LEAK, NOT ISOLATED SFP BOUNDARY FAILURE
I RE T Tord (LG LK, ISOLATED)
E PLI I
l P
KE MAKE SYS SYSTEMS 4C LK ISOLATED)
CLd>01 WP-XHA-XA-CLCIS I
I P
9 SYTEM (P
S EW U2 SFP SYSTEWS FAL T, WE FALS FALS SFP-WUP-PEG-F SFP-WtP-ALT-r STP-WLP-02-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ESFP MAKEUP LARGE LEAK, ISOLATED
I RE TORATION (Lc tx. Not so.)
Fi%4 ne'r,1#5 'o SYSTEMS (LG LK, NOT EO.)
Il us, WP-Xt%-XA-CLGNI I
I ATSS"T" EEISE L*E,F'd*
SFP-WW-REG-f SFP-wP-ALT-4 SFP-WUP-U2-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ESFP MAKEUP LARGE LEAK, NOT ISOLATED
I REN TON (SM LK, ISOLATED) l E
St I
l P
KEP AE SYS SYSTEMS (SM LK. ISOLATED) r CSd601 WP-XT-XA-CSM6 I
I EK SYVEM ykCSSY WS E
S EM o
g s
h
)
{
SF P-mkt.P-REG-F SFP-WlP-ALT-F SFP-MKtP-U2-F I
SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ESFP MAKEUP SMALL LEAK, ISOLATED
I RE f TK)H (SM LK, NOT 150.)
/
I P
KELP SYSTEMS utKE SYS (SM LK. NOT ISO.)
)
cSato WP-XT-XA-CSMM i
I b$[$ SY Eu P
t SYS EM U2 WUP SYSTEMS ra 3ppu rus ruS 9
SFP-WlP-REG--F SFP-WUP-ALT-F SFP-wtP-U2-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ESFP MAKEUP SMALL LEAK, NOT ISOLATED
I Y E (EARLY MAKEtP)
O E5FWtP I
l P
FELP T
ON E
SYSTEMS SYSTEMS (EARLY) fh ESFWt'P-SYS EWLP-XK-XA-SFP 1
1 SY EM E
EM FAL.S FALS id SFP-WtP-REC-F SFP-WLP-ALT -r SPENT FUEL POOL COOLING PROVIDED BY REGULAR OR ALTERNATE MAKEUP SYSTEMS (EARLY MAKEUP)
I W TER EVEL RESTORATON ESF CCS I
l P
KEUP T AL N MAk SYSTEMS OR ECCS SYSTEMS (h
EsrOECbs-sys MUES-XT-XA-5FP 1
I p
of' "
rAL I l [ai E
e SFP-MKtP-REG-F -
SFP-MKUP-ALT-F SFP-MKUP-ECCS-F SPENT FUEL POOL COOLING WATER LEVEL RESTORATION USING ECCS OR ESFP MAKEUP
I sE#itE Es w
To scERcoretcT 1
I I
TNmYx #((
F[t To N 17E Cemet Trs HawE FALS OHN M
4 COPEN-E C-XA-94T I
I I
I I
GOPEM-XVM-CO-CP fAL$
REuM MW FROM CRArf OR DETLATE 2'
I I
emNr,c-r G0KN-CATE-FC-1 GCTYN-CATE-FC-2 COPEN-GAT-R-CRN GOPEN-AR 4C i
1
'$5 Y
'#Y Y C
G0HN4C-CRN1 COHN-FC-CRtc CAPABILITY OF SPENT FUEL POOLS TO INTERCONNECT m
m-m mm
"h I
"sdYe ?
m m= # m" mg ye'Nes;
'==s on==.
,m us.-
LS Ptf I
i asY M.
b bl L.-
L y
u (h
3 I
I I
I 1
I an,:r =a Cott.ee.s pa_rt arW1.
pg
- --.s.a.f.
a.
["
Ob E
R h.
x 2
3 2
3 LSee WuS4 LS Wus4 gg WCMem47-3 SytNem*C Colt ytte-GW WC W -7 EN-3DO WC Neve><IC-3pS yttcar-O-ess 3,
g%
4 S
N e
a Wu g
m. m.ac..
m>mse-o musmac-c mmm mem-se-m m ua=<c-a mm-re-aan wemem 1
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1)
LATE RECOVERY 2-OUT-OF-3 COOLING PUMPS AND 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS I
t i
m..
-_____..___.___.________m.-_.___.---,--,..-__..,_,_..,-,,_,-.-..m_e,---e,.,.+,,,..,...~,.~.-w,.ei._,,v
., +. +... -,,.. -.,. _ -.., -
1 Immel a
e s
awa mal R
O l=ca=1 Pcdcy Idus ine=1
_Q o
e e
l= aim!
lad =1
_Q.
_d I -si =r I Imwl l E,r I Iwwl e
._O.
_a_
._O.
_a law. I I 25.1 I sec. I l-4r_I law. I I M5.1 I sec. I l'erl O
O O
R.
O O
O M.
I I~
E I
I I
I F1l wI I e 1 I wI'
_O
_O-O O_
SUSQUEHANNA FUEL POOL COOlt4G SYSTEM FALURE-(UNITS 1 & 2)
LATE RECOVERY - CASE 1 2-OUT-OF-6 COOLING PUMPS FOR SUCCESS l
l
^
l
IECEI Q
L%wd
)semal R
O.
l=+wl Fws4 lee 4 IH s ul
_Q.
4 6
e l=alpl l== &=1
~@-
.b I rar I lewl I =7r I lewl m
m
_O___
_a
_O___
_a l a w.I I a v.I I 1 4;.I l ' 9 r l law. I I av.I I sc I l-=.rl t
O O
O 1L O
O O
a.
I t
I'- F I I '- F I l '- F 1 I ' F I O_ _O_
O_
O_
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNITS-1 & 2)
LATE RECOVERY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS i
5
. g
,-e,-
,,,m.m....-
, + -. --, - -
IE$ti G
Lwtycl NPim!
A O
I I
gq q l=e.FI Fa=1 l'e =1
_Q.
e e
Im w'l Inwl i;d
_Q
!d I se l InwI I =$r I lawl
__O_
A
_O A
law. l l ard.I l ses. I I-gel lamilmall_ w ll erl O
O O
_(L 0
0 0
ML I
l'O l l-b l l'O l l'M I O
_b-
_b_ _b-SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNITS 1 & 2)
LATE RECOVERY - CASE 3 4-OUT-OF-6 COOLING PUMPS FOR SUCCESS i
...m
i
" 'A',.ir miap n -
I I
IEnEES ENI s
E
<. 9-O I
I y
'v7ah J "r!&T
7,"t.1ll "AT.TF"
~
gu4 Q
<t.og.e LSE LSEt_
434 yte astewsc-Bice i
I I
I I
4 I
I I
I l,8d!,3',
M W E, n$Ea,
- =8@'"5 e
"' ?
E T.
E T.
N NP b, 4 O-C
<,.1 g
_.4-
=__
m-l I
I I
I I
i O
_O._._O'*-l U l '" O_
_ U_
l **O l 1: LM4 r.T, " l
- LM4
"!.*J7 L":t'
- are, ar.,:r, Or i
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1)
LATE RECOVERY - CASE 1 1-OUT-OF-3 COOLING PUMPS AND 1-OUT-OF-3 FEAT EXCHANGERS FOR SUCLESS 4
.~---.--.-- - ---
a ----n
s c.e,
,.-,--~n-
,n a--.,..,e,-
=
xim 9
L k.a winal D-
_O_
A is e
iwr/1
- __O_,
B.
.a, G-
~8 18dda,i
'U" i iIdis, i 88E i b8E"h i "'" i iTidl. i i =D'I i i Es i i 7 ? 'i
_O.
2 B 3 O O
O 2B 3 0 0
0
..M, -
4 1
i wy i i w. i i =e i imii
=i imi i eii ei O
O O
O O
O
. O O.
mm.
- m u-=
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1)
LATE RECOVERY - CASE 2 2-OUT-OF-3 COOLING PUMPS AND 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
4 he a.St5 I
I n
mm
..A O
I I
y ira an a
er O
A A
.A gmm I
I I
I I
I I
I I
E Laki LA i T
e M
N 3
at A
O
_O_
_O_. _O_
__O___O_ _O_
D_
- ~
o
=h.
"N
~&
ar=.
w,=.
O O
O O
_O__
SUSQUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1)
LATE RECOVERY - CASE 3 3-OUT-OF-3 COOLING PUMPS AND i
3-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS 4
4
-.-,a-w
---a
/-
,w.,
n s-m-c.,
x
---~~_,---
's e
s w
< - - - - - - - - - - - - - - - - - - - - - - ~
I SiriEPf%5^hs.
aETER COVERc LS 2C1 I
I SYSTE FALURE SYSTE FA URE
/ FTER LATE RECOVERY
/ FTER LATE REC < thy LS1C1 LS2C1 SPENT FUEL POOL COOLING SYSTEMS FOR UNITS 1 AND 2 (LATE RECOVERY)
SUCCESS REQUIRES 1-OF-3 SFP COOLING TRAINS FROM BOTH UNIT 1 AND UNIT 2 l
l
d 1 t AFTER LAT COVEhT LS,2C2 I
I SYSTE FALURE SYSTE FA URE
/FTER LATE RECOVERY
/fTER LATE RECOVERY
\\
LSIC2 LS2C2 SPENT FUEL POOL COOLING SYSTEMS SUCCESS REQUIRES 2-O(LATE RECOVERY)
FOR UNITS 1 AND 2 F-3 SFP COOLING TRAINS FROM BOTH UNIT 1 AND UNIT 2
I
^
SIrf t?!"r Iir!>^?
AFTER gTg COVER LS,2C3 I
I SYSTE FA URE SYSTE FALURE
/.FTER LATE RECOVERY
/ETER LATE RECOVERY x
LS1C3 LS2C1 SPENT FUEL POOL COOLING SYSTEMS FOR UNITS 1 AND 2 (LATE RECOVERY)
SUCCESS REQUIRES 3-OF-3 SFP COOLING TRAINS FROM UNIT 1
AND 1-OF-3 SFP COOLING TRAINS FROM UNIT 2
i
~,,.2.,a.'.w
--h I
IEJE
.NI J
gPt4 T
LSE-I I
y
~
Me"11 "r.:A1" WA "4.!D**
LS2 34 L
L g
I I
I I
I I
difS:
'M sint"fi
%%_9F" "d!Iih
.ET-1
= TIN-3?if.
~~4 *""
2 QWes4
^
Q 2 1(3
{T Q
3 u
L52 L
- Wit 24Wu G.y WC94SE4C4JXL WC2431%=G4FF WCIW4X WCI6MIP SIC 3=dep4lC-stb WC) QtW4F4lE g
I I
I l
1 I, %[
y 4
g a
g
,g
~
.O.-.
O
.O.-.
.O.-.
O
._O.
SUSQUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2)
LATE RECOVERY 2-OUT-OF-3 COOLING PUMPS AND 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
's 1
asm 9
w-awa A
_O_
Ai i,-L e
is O.
R.
R.
_GL sa e
sia m
-se-i
.=
m m
iam i
_O_ AL
_ 0_. __ 0_ __ 0_ __ D -. _O___O_
_O_ A
,i,
.b.<_.O.<_. d..
U 5 ' U..
1 1
. 5 m 5,_ -
m m..
SUSOUEHANNA FUEL POOL COOLING SYSTEM fat _URE (UNIT 2) -
LATE RECOVERY - CASE 1 1-OUT-OF-3 COOLING PUMPS AND 1-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
. ~. -
4 4
e i
sm 9
1 y
i.ns-em GL
_0_
l6
,o-Im 6
_O.
. 6L A
A a
ma as
-se-
=
ma a v.
as
,e 2_g_, o o o 2_g-? O O
O LL i
stb l' l sts l l ^~b l l5TGlli='lISTdMI l'N I I "N I
_ O_ _ O_._ O_
_O_. _O_. _O__
_O_ _O_
SUSQUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2)
LATE RECOVERY - CASE 2 2-OUT-OF-3 COOLING PUMPS AND 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS 1
b c
.._-------------_-,-,-n.,
~, -
~~
v
..n
-,,,,+a
.n~~-m,
,,s
..:.n--.v.,
-,n
4 b
I l
see Q
I u:aa was 1
GL O
Ai s
iei 16i
_O_.
.A.
BL
. 9--.
Im aaI \\ aaI I a
,e m
era m
t" AL O
O O
O O
O O
AL l
&c l "k7ll"N
{
- ww.
.m =.
_O._. _O.
_O..
_O_ _O_
F SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2) i LATE RECOVERY - CASE 3 3-OUT-OF-3 COOLING PUMPS AND 3-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS i
l i
i t
-I l
l..
. - ~...
~
.,... _. _.. -. _ _ _ _... ~.. _.. - _..
MSC^l 9
I las.wl 13567l
.9_.
1 I.arar I IwwI LAlt 1 Iwa l Is.a. I harsc.4 l*%"I I awt I 0
g 2 9.3 O
O O
2 G L3 0 Imm. I I eal l JWt I F4r-l
._O_.._O_. O
-.9_
lO1IeIIeI LwaiI = 1Isaul l + l1
- I O
O O
O O
O O
O SUSQUEHANNA FUEL POOL COOLNG SYSTEM fat _URE (UNITS 1 & 2)
LATE RECOVERY - CASE 1 2
-OUT-OF-6 COOLNG PUMPS FOR SUCCESS TRANSFERS TO LS12LPCI l
)
._.,.-.._,....m.
... -. _ ~ -.. -. - - -,. _, - -...... -. _.,.,
E t
%dir4 9
I i==im!
loaw.I Q
_ Q_
I d= 1 1wwI IsbteaI Iabt:ral I xb-c I I-sbm4 Pu=
Lau. I O__-~
A 2_.g; 2..g; leem.I I eal I sc I l 4rl s
O O
O
-.1 i 4. I i =e i i.e i isria, ! i m= i i sr4mi o
l i + ii-dei
_O_s _O_. _O_.
_O_
._O.
._O.
_O_
._O_
SUSOUEHANNA FUEL POOL COOLING SYSTEM FAl.URE (UNITS 1 & 2)
LATE RECOVERY - CASE 1 24UT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12PC1
[
?
I y
i 4
5 t
i
)
_._,. _ -....,,._ _,,~.-
r.
.._.s._,
v.
M-Ne I Q
l lese l Imm I
_.9._
-.6L.
IM3 - 1 INal inn.I HJIE4 PH*l 1 W--l lNalINE.11MKlP%5Al
_.6L
_ 0 _ _ O. _ _ Q -. 9.-
_Q _Q _Q_ -.9.-
Ir.r.1l e iI w l lirdiall u lIGNul I rs.1 l e l I e l IsNul l u l IsNal
.O..
.O..
O..
O O
O O
O O
O O
O SUSOUEHANNA FUEL POOL COOLRC SYSTEu FALURE (UNITS 1 & 2)
LATE RECOVERY - CASE 1 2-OUT-OF-6 COOLRC PUMPS FOR SUCCESS TRANSFERS TO LS12C1 F
t I
- .--...4-,.---..e
.e
---.,,r.
r.-
-.-._.-----,...--~...-,.4
-e-v-..
.----,--._________m__
M ir e l 9
I losimi laJiie.1 Q.-
_Q
- I -h I l=Fl l WLI IsaI l* % wl
_O
.a-
_Q-.
O--
9.-
l a.% II a % ll reir,II ~ r l O
0 0
_R._
iw=Ii=g.Ii>ebi issi,ii iiasui i
l pin-l l up-l O
O O
_O
_O.
. O-.
O...
SUSOUEHANNA FUEL POOL COOLt6 SYSTEM FALURE (UNTS 1 & 2) i LATE RECOVERY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12C2 l
4 m.
m-mm..
. 2....
m m
M $E4 W
I l==iiul Isl 9-
-Q I r=r I l'w I l *it-1 INal lad =1 O
A A
O 9L Im. I I m.I I FF". I l~nFl 8
_O. O OA i 4.1 i w i i + i ire ii
-llsdui
~-
O O
O O
O
-O r-* i i -* i
_O_
O_
SUSOUEHANtM FUEL POOL COOLING SYSTEM FALURE (Ut4TS 1 & 2)
LATE RECOVERY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12C2 1
m.
__ _. _ _ _ _.. _ _ _. _.., _.. ~... _. _ _ - -...... -,
-.. ~... -...
M-de I 9
i lo w l la s !
9-_
Q E
-la.x. I lp I L ' l wa l i-rerd P%=l I sex l Isal I RE.1 lwal I-i s c d P u w l l a u:.I
._O. 293 O
O 2_g; o
o 7 g; o
o 2_g; o g
a E
E I
I E
I Iww.IIse lI e I truell u lIrcil Iww 1I2m II w I
.lsce l l u l I feel
_O.
_O.
O O
O O
O O
O O
O O
= ~ ~-.
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UtJITS 1 & 2.)
LATE RECO'KRY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12C2 i
s i
i
drida 1 9
I ImAVl ImiseI
.S.
-S-I s g. s l L x 1 I Iwa l I sa. I l-re4 P%*l IJt16-1 Iwal lauwl
_O.
2 a _,
_ o. - _ o _ o.. 2_a 3
- _g_,
_o
_ct 3
8-I w II = ll w I ggg ;,,. ; ; gg I 9 Il e lI w I
- 4 ; m,.;; g g
_0_. __..()
0 0
0 O_ _.1 ).. O 0
0 0
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNITS 1 & 2)
LATE RECOVERY - CASE 3 4-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12C3
.. ~.
~.
L Sa M-de I 9
I INI lee I 6L.
_GL.
ISI-I imal lauv-i IM3 1 Iwal IMal I-rm4 l*%5'l I s-r I GL O
GL 93 O
O O
2 9. 3
._0_
i l e l l e l Lw l
* " 'o"'
l w ll e ll w l id
'5'* " '5*'
._O.
_O.
_O.
. _O.. _O.. _O.
O O
O SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNITS 1 & 2)
LATE RECCNERY - CASE 3 4-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO LS12C3
)
5 E
i i
v
I
_ ATE RESTORATION OF SFP MAKE-UP USNG ECCS LSF,CCS I
I FALURE OF T AL SFP UP OR E STEMS g
(h
>b LSFOECbS-SYS MUES-XFE-XA-LSFP 1
1 REGULAR SFP ALTERNATE SFP ECCS SYSTEMS WKEUP SYTEM WKEUP SYSTEM FAL TO PROV0E FALS FALS WATER SFP-MKUP-REG-F SFP-MKUP-ALT -F SFP-MKUP-ECCS-F '
LATE RESTORATION OF SPENT FUEL POOL MAKE-UP SYSTEMS USING ECCS m -
.-w w
.c
.-m
I s;ptgp79,;A VTER LATE RECOVER 1
( h LSd1U2 1
/fTER LATE RECOVERY
/fTER LATE RECOVERY LS1 LS2 SPENT FUEL POOL COOLING SYSTEMS FOR UNITS 1 AND 2 (LATE RECOVERY)
SUCCESS REQUIRES ONE OF TWO SPENT FUEL POOL COOLING SYSTEMS FROM EITHER UNIT
a OPERATOR FALS TO RESTORE SFP USING ECCS OE,CS l
l
?'
OPERATOR FALS ECCS SYSTEMS TO ALIGN ECCS FAL TO PROVDE SYSTEMS WATER T
A 2
SFP-XHE-XA-ECCS SFP-MKUP-ECCS-F OPERATOR FAILS TO RESTORE SFP USING ECCS I
k I
+m
~r
Indel-N4M Ed Q
- I M* l I=l Isan i Iel D.
Q O
.D l
l%"3Pl l JEAl lae'.1-I w' l O
de Isra.11r= ll=4=llna'wl
- O g
O B'
O gg l Mo j. ldj
~
0 0-8 4m.Tel IS!tsa,lI~V:"F"Il"iEJI
_Q
_0 _
O_.
0-i E
EI a
e 0
0 f
4 SUSOUEHANNA FUEL POOL COOLING SYSTEM (UNIT' 1)
RHR COOLING MODE ONLY 1 RHR TRAIN AVALABLE PER UNIT.
1-OUT-OF-2 RHR PUMPS AND 1-OUT-OF-1 RHR HEAT EXCHANGERS FOR ' SUCCESS
as e--
{
I "cEtAETSs58-MODE FALURE R 1 I
I
- b cEti;YYSE Y
O TO SFP (UNIT 1)
FALURE R1 CSS-RHR-FC-U1 UNIT 1 RHR ASSIST MODE OF SPENT FUEL POOL COOLING (INCLUDES CONTAINMENT SPRAY MODE) 1-OUT-OF-2 RHR PUMPS FOR SUCCESS
-.--..- -.....n-
~ - -
u ms
'-v
+-
v
-~
m e
s,
IdinI 9
Iw+ri LenJ a
O_
i l w ir I I=b I Ifin l I d ra I a
.a O
R 1
i nvl l 23*. I I -e l Ivsl C-O-
Isrs.1 I WF I I *+.: I las I
__o__u o_. _o d-
_0 i m. i i m. i 0
O a
lrAn-l l rw l
.R
.a g
3 I
I E
I I
E I
E 2
I I
I a s.1 l a s I bsx.n lIsu m.Il s -lI 3 ^l 1 s - l 1 E ' I b ='. a l -le n ta=4 l u m ! l c I l c I O
O O
O O
.R.
O
.R.
O D -.
O O
O I
i =e. i i =e. i i =a i i L. i O
O O
O l.wm l l 3g, l l 3E l 0
0 0
SUSOUEHANNA FUEL POOL COOLING SYSTEM' (UNIT 1)
RHR ASSIST COOLING MODE: CASE 3 1-OUT-OF-4 RHR PUMPS AND 1-OUT-OF 2 RHR HEAT ' EXCHANGERS FOR SUCCESS -
l
^
ASS t
OF mrc (an i & 2:
(3 R1thC1 I
I RtR UtMVALABLE N WIT 1 RtR t#MVALABLE N L24T 2 RN2C -RI-F RN2C -R2-F I
I I
I
[^o!5tYo ESYE HAY Y
IR
~
E1 g
To SFP (LRET 1)
FALURE TO SFP (Ut4T 2)
FALURE
/-.71 R2 CSS-RHR-FC-U1 CSS-RHR-FC-U2 RHR ASSIST MODE OF SPENT FUEL COOLING UNIT 1 AND 2 1-OUT-OF-4 RHR PUMPS FOR SUCCESS (1-OUT-OF-2 RHR PUMPS FROM UNIT 1 OR 1-OUT-OF-2 RHR PUMPS FROM UNIT 2) l t
I A
OF 200Lt-
- T 1 & 2:
(3 RY22C3 I
I Rm tMV E
R$
VALABLE A
R03 RfCC -R2-F I
I OOL 0 SY 4
Y HR o
TO SFP (UNIT 2)
FALURE R2 CSS-RHR-FC-U2 RHR ASSIST MODE OF SPENT FUEL COOLING UNIT 1 AND 2 CASE 3 1-OUT-OF-4 RHR PUMPS FROM UNIT 1 OR 1-OUT-OF-2 RHR PUMPS FROM UNIT 2 FOR SUCCESS
1 fat _
RHR DOCLNG (UNT 1 & 2:
R102C1 I
l RFR UfMVALABLE N M4T 1 Rm WuvA N E N UNT 2 R102C -R1-F R102C -R2-F I
I I
fp y g ft JG SYS EM YI RR sys q TO SFP (Ut#T 1)
FALURE TO SFP (UNIT 2)
FALURE R1 R2 CSS-RHR-FC-U1 CSS-RHR-FC-U2 RHR ASSIST MODE OF SPENT FUEL COOLING UNIT 1 AND 2 1-OUT-OF-2 RHR PUMPS REQUIRED FOR SUCCESS FROM EACH UNIT i
.m m
\\"
"I R D, C3 I
i RHR UNAV BLE RFR UNAVA BLE RE3 R02C -R2-F I
I 8
(S 4 SP Y M O
TO SFP (UNIT 2)
FALURE
\\
~
R2 CSS-RHR-FC-U2 RHR ASSIST MODE OF SPENT FUEL COOLING UNIT 1 AND 2 CASE 3 1-OUT-OF-4 RHR PUMPS FROM UNIT 1 AND 1-OUT-OF 2 RHR PUMPS FROM UNIT 2 FOR SUCCESS
7 l
i M3n Q
i
,a w R 'E b
l I
I WA-
'N nu
.w=2 9
O
.2.
t igre an.
_O__
_O_
wh
=i= l se n.
o*'
r-1 I
a.2-s*4-em
%)Mk M as f
as
- s O
O_
t E
I t
%b. AaC
.F.c o..& Mar.
.==s 1
-4 O
O O
.D-i
-.-e-.
i 1
5 t
N#,"C g
wa ma O_.
O_.
SUSOUEHANNA FUEL POOL COOLING SYSTEM.-(UNIT 2)
RHR COOLING MODE ONLY 1 RHR TRAIN AVAILABLE PER-UNIT 1-OUT-OF-2 RHR PUMPS AND 1-OUT-OF 1 RHR HEAT EXCHANGERS FOR SUCCESS f
i
9 I
EoIx$cYss5f MODE FALURE R.C1 I
I d
Coltec $s [*
sdIAY R
^"
OF R
Q TO SFP (UNIT 2)
FALURE R2 CSS-RHR-FC-U2 UNIT 2 RHR ASSIST MODE OF SPENT FUEL POOL COOLING (INCLUDES CONTAINMENT SPRAY MODE) 1-OUT-OF-2 RHR PUMPS FOR SUCCESS I
I "cEticTssif MODE FALURE I
1
^
^
ccEt % YYS Y
F R
e TO SFP (Urd 2)
FAtURE R2 CSS-RHR-FC-U2 UNIT 2 RHR ASSIST MODE OF SPENT FUEL POOL COOLING (INCLUDES CONTAINMENT SPRAY MODE) 1-OUT-OF-2 RHR PUMPS FOR SUCCESS L
-m m.
.. mm m
m.m
- m. -mm mmm
4 i
ex-9 i
w.s.
mai
.R O__
i IN@l I v"$i~rl l N!!! l I"=b="l
~
_O__
.R
.R A
-m e+
l-iuni i mi m
w.
,r e
2,g3 oo o
2.a3 o o
o o
.a o
i A.
l wa.- I I w =-
I
- k. - l l
-b 2.,=.
_O.
_O..O.
O
.O..
_O.
.O__
O__
l
-i
~
i SUSOUEHANNA FUEL POOL COO'_tNG SYSTEM FALURE (UNIT 1)
ONE REFUELING - ONE OPERATING 2-OUT-OF-3 COOLING PUMPS FOR SUCCESS 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
,w
+n..
w e
.lsh,I Q
.tt laii-J treal
.9.
_O_
i ldar I I-si rI I E!s i Inner 1 0
.a
.a A
1 I
I D
l' 4En l l Aliirn l ISe'dial Kn."a~r"i l E:F. I l
"?" l (2PIs l l.ML"Al l EdC. l l73-l
=
.A O
O O
O
.A O
O O
.A 1
I i
lsdr.ll3rb ll2PM l lNEllIib'll"'"l l'h ! l "4hP" l O
O O
O O
O O
O SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1)
CASE 1 1-OUT-OF-3 COOLING PUMPS Ato 1-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
4 4
L I
It i
O.e I
]
- Edna, Si?M.
i O
T-
.os,~
WPt.ame.as-s*
I I
I w" ~nf aiEiin" 305i "Aarp"
.h4
.o
~ l I
I I
I I
I
. tift *ZX
%"A*
aRN M
%W Me, _.
-u,A-A==, r 3:
%'i"E.
m,.y,-
= a. ?31.
w
_)
2 3
T 2o 3
ycmo.y.
Uts era 4C4:CIL 5'c e. car-a -sey Web.WP4F.3 Spe t-INtH3C-3DO WCNEDO Spc>@EpMF4BS
- wi='.
/J.W.
a." :"".
~r.y. -
~r.y -
~f T *
"W[:"
- L.."W. "
1
. )
wcmac..
we nz4c-e wew.er 4c-c we>=e4c-a wcs ee-re.e ms 4c-a mm4cm
,cm a e l
b SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 1) i~
2-OUT-OF-3 COOLING PUMPS AND i
CASE 2 i
2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS t
ll' I
I
Ji i
d e
9 I
~
g ou mai R-O-
iA esa-ai w.
O R.
R.
A Msww4pC-Stuit I
I I
I I
I
.u i e ian i i aai i.m
,e E
.A. _O_
__O
__O
_O___.M-.
m i
IsN=.lls~sll#bll'='Il"='ll"="]
- I "-NF" l l "M l
_0.
_0..
_0...
_0__. _0_.
_0__.
_0_ _0_
SUSOUEHANNA FUEL POOL COOLING SYSTEM FAL.URE (UNIT 1)
CASE 3 3-OUT-OF-3 COOLING PUMPS AND 3-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
I SE At MODE (CASE 1) r3 S1C3R1C1 I
I "IrSTE57FAL GTSS A
(CASE 3)
MODE FALURE
/
/
S1C3 R1C1 SPENT FUEL POOL COOLING SYSTEMS FOR UNIT 1.
SUCCESS REQUIRES UNIT 1
SFP COOLING SYSTEM (CASE
- 1) OR UNIT 1
RHR ASSIST MODE (CASE 1)
l-'NF I
. 9 Lara%j imEl a
O_
i l==1 14rda l I ndsi l Iwnel-0 2
2 9-l
~l I
~~
y I
f I
I I
I I
3 g
lea l I u - l larm i bawi l us. I 1
- 1 I:ea l 1:eal I.vac. I I erl
_O_
2.p_3 o o o 2.p_3 o o
o
.p_
i i
i I w IItymII M I 1 4 -11 4 1I Ol i + 1 l -se l j
O O
O O
O O
O O
I SUSOUEHANNA FUEL POOL COOlte SYSTEM FALURE (Ut4T 2)
ONE REFUELtO - OtE OPERATRO 2-OUT-OF-3 COOLtO PUMPS FOR SUCCESS 2-OUT--OF-3 HEAT EXCHANGERS FOR SUCCESS
- - -.....~. ~.... -. -.
-..._....-. ~.. -... _,
= ~
4 L
4 f.
.I l
l
^
fi&1 l G
1 La.w Lwai
.O,,.
_U
[
I 1
ig leg-ig-ig--i I
I I
I I
e t
.=wsiesii.-iim ii miweii,ri
<a e
om 5
_O._
D_
O
_O_
_O__ D-O
_O_
_O__ D-i p
I I
I E
I E@ i i 3!"@ l l "TF i i'E '
i i'E '
i i*T i i "E i "W i
_ O_._O... _O...
O O
_O.
_O
_O_.
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2)
CASE 1 1-OUT-OF-3 COOUNG PUMPS FOR SUCCESS 1-OUT-OF-3 FEAT EXCHANGERS FOR SUCCESS i
L 4
I f
?
r i
5 i
[
k
1
.6h?,
=
h i
I s ' "..
,ma m m
gFE-9 T
SKE-1 I
-?d7:1; TTn*'
iMd' TATF" h
()
sxWu
,x, 952-mar 43C-29.
')>
I I
I I
I I
I
.ia.,'"# 7%.
.5,.3, I
am =a" y,J,n_ ear J,e.E ".,
=*-
" a=
.m. n..?.
M 47 RAT'
=:7,. ;r"'
= - --
m
- - o, 2(hT3
'T 2.x 3
T u
yc34s G-N
.24dFMC4XN1 WCam-G-ePN
.3-espay -N
.pt2-arew-cr-str ytt-ede43C-EG 902470>G -06 ay, agg.
sch
~r.5n -
~r.h. -
"adp" "d.y
~rx,-
O 1
(
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2)
CASE 2 2-OUT-OF-3 COOLING PUMPS FOR SUCCESS 2-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
. chi 9
twel b-dal Q
o' iAi i,*- i iei isi
_O__
A A
9L i ce ii m aii = ii
= ii,= li m ii s.iis a ii~,ri E
0- 0 0
0 0
0 0
0
_LL I
lath-llM4% ll bl l'N I l 'N I O
O O
O O
m..
- -.+.
- -. m mee.
mom.
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (UNIT 2)
CASE 3 3-OUT-OF-3 COOLING PUMPS FOR SUCCESS 3-OUT-OF-3 HEAT EXCHANGERS FOR SUCCESS
N l% I O
Luwd
- l =- l l eI
.R
.9.
.Q.
I I
Iami Fic'51Imeil M rs=l-
^
_O_ e
_O_
l=dpl FteE51 I".eM4 F$=l
..Q.
A e
6 l
b laa.iml lad =1
.Q
--Q l== l Irwl l=el Ivvi m
e
_O_
.a
_O_
.a Izza.1 I m.I I as. I l'irl I s.1 I m.I l. w ;. I l ' e r l O
O O
.a.
O O
O R
I I
i f
I E
l ell eI l eiI eI
_O_
O-O O_
SUSOUEHANNA FUEL POOL COOLING SYSTEM FOR UNITS 1 & 2 EARLEY RECOVERY - CASE 1 2-OUT-OF-6 SPENT FUEL COOLING PUMPS OR 1-OUT-OF-2 RW PUMPS IN UNIT 1 OR 1-OUT-OF-2 Rm PUMPS IN UNIT 2 FOR SUCCESS
lad %I W
I L%i-Stl I "'m" l l bl
.i
.R
.O
.Q.
l t
Iessl Fit =1 IiidanI Fw=1 4
0 e
O l=+. w l Pr e I Ir+s4 Fis=1 Q.
e e
e i
i b
l==_wl I=a_wl t
.61.
._Q.
3 1
f I
l =u l Imwl l=el Iwwl
._O.
.R
_O.
.R 1
Im. I I m.I I sex l l'erl Im. I I s.1 I re.1 l'erl O
O O
D_
O O
O
.D-I i,
FeiI eI l'e I l e I
_O_
_O_
O__ _O_
1 1
SUSQUEHANtM FUEL POOL COOLING SYSTEM FOR UNITS 1 & 2 EARLY RECOVERY - CASE 2 3-OUT-OF-6 SPENT FUEL COOLING PUMPS OR 1-OUT-OF-2 RHR PUMPS IN UNIT 1 OR 1-OUT-OF-2 RHR PUMPS IN UNIT 1 FOR SUCCESS-
~ ~
.--..+.,-,+-,n,.-.--
-. +,, -
-. ~. - - -. -.
,r.-
,.,w---.,w n.,--.,n
,...,,..~.....a..~,.
d ILMI L.Y letl Irrami l bl
.R 4
.9 I
N l' M I
$'NPI 4
_0__
l =$L=1 l= s =l I"c4=l
.Q.
^
A l
b laswl l=nwl
~
.W.
.Q.
l -r= 1 Ivwl l =r= 1 Irvl e
m
_O.
R O
.R I,m.ll m llaw:,II'Lel I.m. l l.m.l l ss;. l l tel O
O O
.DL 0
0 0
.R I
I IN I !N I INlINI O
O O_.
O SUSQUEHANNA FUEL POOL COCUNG SYSTEM FOR UNITS 1 & 2 EARLY RECOVERY - CASE 3 4-OUT-OF-6 SPENT FUEL COOLING PUAPS OR 1-OUT-OF-4 RHR PUMPS IN tJ41T 1 OR 1-OUT-OF-2 RHR PUMPS IN UNIT 2 FCR SUCCESS
. _. =
~
M ic'l 9
I last,wl lame I
-.GL
_.1 I
E I
I I
3 y
y 1 -Kar I l=wI
! sea l I 7.72 1 Iwa I banarl 1-w I lauwl
-.0_ _ _
9L O
2 R3 O
O O
2_ g 3 I m a l I m m l I ri s. I l ' 9. r l is O
O O
-.9-i s i l =g l i w i i scali = iiscai O-0 0
0 0
O I -F I I.e l
_O_
_O_
SUSOUEHANNA FUEL POOL COOLING SYSTEM FALURE (Ut4TS 1 & 2)
EARLY RECOVERY - CASE 1 2-OUT-OF-6 COOLING PUMPS FOR SUCCESS' TRANSFERS TO SR12C1 1
f
h A rMe-I i W l
l==imi leiw-I -
-9.
I m= l l =s l IsfA Il. alt 1 Iasal MrarlI<<#Il=u ul
_.0... _._
9-
_0__ 2.R3
__O O_.
O._,
2_.g.3 3
Im. I I m.I I ass. I I77-l S
O_ _._.O. __. O._ _-.9-l 4. I i w. i i *k i issa i i i i sreal i
l-s l l -se l
_O_. _0_.
_O.
_ 0 _._ Q.. _ 0_ _.
N-N
~
SUSOUEHANtu FUEL POOL COOLING SYSTEM FALWE (UNTS 1 & 2)'
EARLY RECOVERY - CASE 1 2-OUT-OF-6 COOLING PUMPS FOR SLCCESS TRANSFERS TO SR12C1
dij-sde1 9
I I:_aw l I-wI
-.9
__9L.
4 Iass I l P 3 I I da l Mwi I 4s l l=-d=!
Isesd 9511 1Na l Mwl I 4ds-l Pu=l 0
LL 0
0 0
- W.-
O LL O
O O
.2L is l w lle=,Il w l I m l l =-j l m i l== l l w l l w l I m il u Il m i
^
O.
O O
O O.O O
O O
O O
O SUSOUEHANtM FUEL POOL COOLING SYSTEM FALURE (UNITS 1 & 2)
EARLY RECOVERY - CASE 1 2-OUT-OF-6 COOLitC PUMPS FOR SUCCESS TRANSFERS TO SR12C1 T
4 i
I h
i
"YY.
l 9
l l=Mrwi l#1b7-I
_hL.
_9_.
I
?Ji lYF!
i*E i
l FuiA l l%
0
_0_
9 O
Q m,
i i
i m.
l,WY. l l Y?IE-l { AYIs l l N'2d O
O O
_R-i=s=.ii =-ii e i l =_"_", ' _ _. l ' '_"_" I i
i + i i _.iy i
_ O_. _ O__._ O._._. O
. o.. o.
~~
_m SUSOUEHANNA FUEL POOL COOLING SYSTEM FOR UNITS 1 & 2 EARLY RECOVERY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO SR12C2
A cdr4 t
9 i
lanwl larbl A
9__
l rwI IvxrI l n 1~ 1 IwaI l=u=1 O
9-.
G-.
O 9-
- l. v_ma.I l. w J a l I a s I l,7 -l E
O O
OA i =h I i te.= i i >es i iaria i i = i i snai 1
l -b l l
.g:- l
_O._. _0_.. _O.
_O.
_O..
_ 0_..
_0_ _0_
4 SUSOUEHANNA FUEL POOL COOLING SYSTEM FOR UNITS 1 & 2 EARLY RECOVERY - CASE 2 3-OUT-OF-6 COOLING PUMPS FOR SUCCESS TRANSFERS TO SR12C2 1
.....-m
1 1
Ari-de I Q
l I ml leal O
Q.
15461l? 3 I INai Mwi I-v5 I Pd=1 1525=l1P.2LI INal Mwi I-vs I Pdul 4
O 2_g; o
o o
2_g; o
2_g; o o o 2_g; I
E I
E E
I I
I 5-I w Iles ll w I I m ll = Il m i O
O
_O_.
O O
O l=O O O
O O
O 5= 1 I rs I.I e l I m ll = II m l i
SUSQUEt%Ntu FUEL POOL COOLNG SYSTEM FOR UN!TS 1 & 2 EARLY RECOVERY - CASE 2 3-OUT-OF-6 SPENT FUEL PUMPS OR 1-OUT-OF-2 RHR PUMPS FOR SUCCESS TRANSFERS TO SR12C2 t
9 k
k
)
i i
i 5
h
- mm.
m
. m mm
--....,s->.
4-
-.+.%...,u
.v
....._,,,_-..=v,.4,..,
.-w.
A Mde 1 y
I Iwl Iwl A
A
- 1 lxLi I w IigwiI W Il*%*l M
IeI lauwl O
2 ?L3 U
U U
2 EL3 63 0
63 I
II I I =r I I
I I m, I I ".e I
.__2. ' M.
I!rra l I ** l L,___]
O O T)
_C. M'. M.
IsFe i I"o I L!r_ra_ J O_.
o_.
r oc i
SU50UEHAffa FLCL POOL COctro SYSTEu FOR t#4ffS 1 & 2 M
S S
INDMI
..T L
l.-setl InIni I bI
.R 6
.1 I
Inas 1 Fdr=1 4
0_
l =d.3=l F-is=1 le-a=1
.9_.
A_.
A_,
4 l
b Inwl lanwl
.6rl.
.R l
l -ru l Imbl I dv l Imbi t
._O.
.a
._O.
.R i
l.:ea l l mJ l.w, l l 4r l I m.ll m I L e s_.ll ' t*-1 O
O O
6L 0
O-O
..LL I
l N ll h l I N lI N I S S 0- N SUSOUEHANNA FUEL POOL COCLING SYSTEM FOR UtaTS 1 & 2 EARLY RECOVERY - CASE 3 4-OUT-OF-6 SPENT FUEL COOLING PUMPS OR 1-OUT-OF-4 RFE PUMPS IN UNIT 1 OR 1-OUT-OF-2 RHR PUMPS IN UNIT 2 FCR SUCCESS t
.. ~.. ~.. - _., _ _. _......
I FALURE OF SFP Uta S 1 2
( 3 sa!uz I
I I
l
'rhtb"
'EkI['"
h3h%
ho b
A b
b S1 52 R1 R2 SPENT FUEL POOL COOLING SYSTEMS FOR UNITS 1 AND 2 SUCCESS REQUIRES AT LEAST ONE SUCCESSFUL SiSTEM FROM EITHER UNIT
- ._-__.____c2___
_ _ _ _ _._._._-m._;
m.
w-w rw--ww'i
<www.-
-w-+
3
A.7 References A. )
K.D. Russell, et al., Systems Analysis Programs for Hands-on Integrated Reliability Evaluations (SAPHIRE), Version 5.0: Technical Reference Manual, NUREGICR-6116 July 1994.
A.2 T.V. Vo, T.R. Blackburn, T.M. Mitts, H.K. Phan, Risk Analysis for. Spent Fuel Fool Cooling at Susquehanna Electric Power Station (Draft Report), Pacific Northwest Laboratory, prepared for the U.S. Nuclear Regulatory Commission Office of Nuclear Reactor Regulation under Contract DE-AC06-76RLO 1830, October 1994.
A.3 U.S. Nuclear Regulatory Commission, Regulatory Analysis for the Resolution of Generic issue 82, "Beyond Design Basis Accidents in Spent Fuel Pools", NUREG-1353,1989.
A4 J.W.
Minarick, " Revised IDOP Recovery and PWR Seal LOCA Models,"
ORNUNRC/LTR-89/11, technical letter report prepared for the U.S. Nuclear Regulatory Commission, August 1989.
A.5 3.A. Schroeder, Simphfied Plant Risk Modelfor Susquehanna 1 & 2 (ASP BWR C),
Rev. 2, prepared for the U.S. Nuclear Regulatory Commission under JCN W6467-5, 1995.
A.6 J. Darby, et al. Evaluation of Potential Severe Accidents During Low Power and Shutdown Operations at Grand Gulf, Unit 1, NUREGICR-6143,1994.
A.7 T.L. Chu, et al, Evaluadon of Potential Severe Accidents During Low Power and Shutdown Operations at Grand Gulf, Unit 1, NUREGICR-6144,1994.
A.8 P. Sobel, Revised livermore Seismic Ha:ard Estimatesfor 69 Nuclear Power Plant Sites East of the Rocky Mountains, Draft Reportfor Comment, NUREG-1488,1993.
i A-131 i
i APPENDIX B - EVENT QUANTIFICATION 1
B.1 Basic Event Probabilities The fault trees used in this study am super-component based. The unavailability of a given i
super-component is approximated as the sum of the unavailabilities of the components contained in i
the super-component definition. The base component unavailabilities,in turn, am the same generic values used in the ASP models [B.1,B.2]. The basic events and associated probabilities used in this study (including a bmakdown into components where relevant) are listed in Table B.I.
In some cases, the basic event probabilides (e.g., for the relative fmquency of SFPC system leaks versus SFP boundary leaks) are derived. The estimation process used for each of
~
these values is presented in Section B.3 below.
B.2 initleting Event Frequencies B.2.1 Loss of SFPC System i
Over the time period 1987 through June 1996, the AEOD data base' includes 53 LOSPC events (see Table 5.5). Of these,21 occurred during operation and 31 occurred during refueling.
(The plant status for the one remaining event has not been determined.) Noting that the total number of reactor years for this time period is 1005 ry, and assuming 2-month refueling outages, 21 AIDSFP(Operation)=
16
= 2.4x10-2/ ry
- 1005 ry 18 i
21 AIDSFP(Refueling) 2
= 2.8x10-1/ ry j
-.1005 ry 18 B.2.2 Loss of Offsite Power According to Ref. B.3, the frequency of not recovering power by time t can be modeled using a mixture of exponential distributions:
A(t) = [Aoie*
i For Susquehanna, i = II, GIR2, S2R2, SS3 per Table 2 in the above reference. 'Ihe numerical values for the parameters are listed in Table B.2. (Note that GIR2 corresponds to G5 and S2R2 8 'Hiis study employs the June 13,1996 version of the database; changes to the datatutsc, e.g., additional entries, cui i
affect the conclusions drawn.
B-1
1 corresponds to SR7 in the reference.) The frequency of loss of offsite power (LOOP) is determined by setting t = 0; the result is 6, = 0.08/yr.2 B.2.3 Loss of Inventory Table 5.4 provides a bmakdown of loss of inventory events contained in the AEOD database. A categorization of the piping-associated SFP leaks by size and plant status is shown in Table B.3. In that table,1) the values in parentheses am for the entire database and the numbers outside of the parentheses am for the period 1987 - 6/96; 2) the values in the right-hand column don't add up because the severity of I event was not determined, and 3) a " medium" leak is assumed to contribute 0.5 to the count for small leaks and 0.5 to the count for large leaks.
A similar breakdown of scal-associated SFP leaks by size and plant status is shown in Table B.4.
Note that in both tables, the counts of non-refueling leakage events could be low (because the leak events are not necessarily reportable).
i The evidence is too weak to prove that the frequency of SFP leaks is dependent on the size of the leak or on the plant status (refueling vs. non-refueling). On the other hand, it might be assumed a pdori that there is such a dependence because: i) mechanisms that lead to small leaks appear to be more likely than mechanisms that lead to large ones; and ii) there is increased activity around the SFP during refueling, which leads to an increased possibility for error. Assuming that the loss of inventory initiating event fmquency is dependent on leak size and plant status, the following estimates are used:'
AuNv(Small Leak, Operation)
.g(5+0)
= 5x10-3/ ry
- 1005 ry
_18 (2 + 0)
AUNV(Large Leak, Operation) =
= 2x10-3/ry j
-.1005 ry i
_18 AUNV(Small Leak, Refueling)
= 3x10-2/ry i
- 1005 ry
_18 (1.5 + 1)
AuNV(Large Leak, Refueling) =
~ 2
= 2x10-2/ ry
- 1005 ry
_18 l
1 2 The model of Ref. D.3 is applicable to a single unit. In this analysis, it is used to repesent the frtquency of LOOP for two units as well, despite the large contribution of plant-antaed LOOPS O = II). 'Ihis conservative, simplified treatment is equivalent to assuming that the conditional probability of a LOOP at the second unit is virtually unity, given the occurrence of LOOP at the first unit.
' 'Ihese estimates am based on an earlier categorization of events; a leak now considered to be "smat!" was categorized as being "large." Changes in the estimates to reflect the categorization shown in Table D.4 will not significantly affect the results of this study.
B2
=.--_--
.B.2.4 Loss of Primary Coolant j
The frequency of LOCA _during operation is obtained from Ref. B.4; the value of i
1.5 x 10'2/ry is appropriate for small LOCAs.
For LOCAs during refueling, Refs. B.5 (NUREG/CR-6143, the Grand Gulf shutdown risk study) and B.6 (NUREG/CR-6144, the Surry shutdown risk study) defm' e the following non -
. pipe break events:
H LOCA = recoverable diversion of RCS coolant J LOCA = LOCA in connected system (e.g., RHR) l K LOCA = maintenance-induced LOCA Ref. B.5 indicates that 4 J LOCAs have been observed in 375 boiling water mactor (BWR) years. Ref. B.6 provides the following frequency estimates for J and K LOCAs:
J LOCA:
8E-3/yr l
K LOCA:
3E-3/yr Noting that the above estimates am annualized, the following estimate for the fmquency of a LDCA during refueling is derived. (Note also that H LOCAs am not treated in this study, due to their easy mcoverability, and due to the large amount of time generally available for the accidents being analyzed.)
4 AJ-lKA(Refueling Outage) =
~ 2
= 9.6x10-2/ ry
- 375 ry 18 AK-IKA(Refueling Outage) - 3x10-3 I8 = 2.7x10-2/ ry 2
AtKA(Refueling Outage) = Aj_im4(Refueling Outage)+ AK-LOCA(Refueling Outage)
= 0.12/ ry B.2.5 Earthquake According to Ref. B.7, the discrete frequency-magnitude distribution for earthquakes at the Susquehanna site is as shown in Table B.S. Summing the frequencies of earthquakes with peak ground acceleration (PGA) between 0.2g and 0.6g leads to an initiating event frequency estimate of 4
1.2 x 10 /ry. Earthquakes with PGA below 0.2g are assumed to have a negligible impact on the plant; earthquakes with PGA above 0.6 g are assumed to be direct core damage contributors (i.e.,
they are likely to cause severe damage, negardless of what happens to the spent fuel pool).
B-3
B.3 Derived Basic Event Probabilities Except for the human error probabilities (which are discussed in Appendix C), most of de
' basic event probabilities listed in Section B,1 are genenc values. This section documents the deriviations of the following non-generic basic event probabilities and split fractions *: a) the conditional frequency of failure to recover offsite power in 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, b) the fraction of loss of inventory events involving the spent fuel pool cooling system, c) the fracdon of events involving a complicated n:covery, and d) the fraction of complicated events leading directly to core damage.
B.3.1 Offsite Power Recovery The conditional fn:quency of failing to n: cover offsite power in time t, given a loss of offsite power event, is computed using the following equation.
Eloie*O Fr{Nonrecovery by tI LOOP} = i 1Aoi i
Using Table B.2 and evaluating the equation at t = 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, the nonrecovery fmquency is 0.045.
B.3.2 Loss of Inventory Events involving SFPC System The loss of inventory event tmes shown in Appendix A distinguish between losses originating from the SFPC system (e.g., valve misalignments) and those originating from the SFP boundary (e.g., pneumatic seal failums). The mlative frequencies of these two classes am estimated using the 1987 - 6/96 data shown in Tables B.3 and B.4.
Fr{SFPC System ISmall Leak, Operation}
5
- 0.8 5+1 9
Fr{SFPC System l Large Leak, Operation} = ~ - 0.7 2+1 Fr{SFPC System l Small leak, Refueling} = 3.5 + 1
-0.8 Fr{SFPC System l Large Leak, Refueling} 0.5 + 1
-0.3 Note that in the case of the estimates for leaks during operation, no seal failures am included in the database for the time period of interest. 'Ihe crude estimates developed am conservative with mspect to the occurrence of seal failures. Note also that the associated basic event probabilities in Table B.1 am the complements of the above estimates.
- A split fraction is the conditional frequency of taking the upper path at a given event tree branching point, given the sequence of events leading up to that branching point. In this model, split fractions are treated as basic events in trivial (single element) fault trees.
B-4
i l
i B.3.3 Complicated Scenarios In this study, it is recognized that complications in responding to a plant-wide event (e.g., a
\\
IlXP) can inhibit the operators from devoting sufficient sesources to spent fuel pool problems j
until late in the scenario. This section describes the simple model used to quantify the likelihood of
)
a complicated scenario.
De likelihood that' operators will not respond promptly, given a complicated scenario, is addressed in Appendix C.
a)
Operationalized definition
. The scenario is " complicated" when one or more of the following occur.
l Offsite power is unavailable early (including recovery), unless all emergency diesel generators (EDUs) are available
- One or more safety relief valves (SRVs) fail open or closed High Piessure Core Injection (HPCI)is unavailable RHR is unavailable j
A large seismic event (PGA 2 0.2g) occurs These conditions are based on a consideration of key safety functions. The operators are likely to be in difficulty. if they have problems with: i) primary system pressure, temperature, or level control; ii) suppression pool temperature or containment pressure control; iii) establishing shutdown cooling.
b)
Scenarios which are " complicated" by definition Loss of offsite power, some EDGs available, failure of early offsite power recovery Loss of offsite power, no EDGs available (station blackout - SBO)
All seismic scenarios c)-
Scenarios for which split fractions must be computed Loss of offsite power Primary LOCA d)
Model LOOP (non-SBO)
"Ihe scenario is complicated if either RHR, HPCI, or an SRV fails. Note that some
' power is available.
P(Complicated} = P{RHR} + P(HPCI} + P(SRV}
B-5
LOCA The scenario is complicated if a LOOP occurs or RHR or HPCI fails.
P(Complicated) = P(LOOP) + P(RHR} + P(HPCI) e)
Quantification
' Using the Accident Sequence Precursor model for Susquehanna [B.4], the following i
failure probabilities are computed:
Failure Probability Offsite Power -
2.7E-3' RHR 4.1E-4 HPCI 2.7E-2 SRV 3.2E-2 l
- Based on: i) a consequential LOOP fmquency 10 times higher than the base frequency, and ii) a time window of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.
The resulting split fractions am then as follows.
P(ComplicatedlLOOP) = 5.9E-2 P(ComplicatedlLOCA} = 3.0E-2 B.3.4 Core Damage Given a Complicated Scenario If a scenario is complicated, there is a reasonable chance that com damage may occur, mgardless of what happens to the spent fuel pool. This section describes the simple model used to quantify the likelihood of this occurrence.
a)
Scenarios for which split fractions must be computed Loss of offsite power, complicated recovery Primary LOCA, Case 1, complicated recovery Primary LOCA, Cases 2 and 3 Seismic event (PGA 2 0.2g), complicated recovery Note that the split fractions need to be quantified conditional on the recovery being complicated,i.e., on one or more of the defining conditions for a complicated scenario being true.
1 B-6 m
-s m
b)
Approach If:-
the conditional core damage probability (CCDP) given an accident scenario, the conditional probability of com damage given that the scenario is not complicated, and the pmbability that the scenario is complicated scenario are known, the conditional probability of core damage given a complicated scenario can be computed.
In the following equation, the overbars denote a complemented event. Thus, for example, P{ Complicated} is the probability that the scenario is not complicated.
P{CD} = P{CD IComplicated} P{ Complicated}
+ P{CD l Complicated] P{ Complicated}
.. P{CD I Complicated} =
P{CD}-P{CDl Complicated} P] Complicated}
P{ Complicated}
c)
Quantification Using the Accident Sequence Precursor model for Susquehanna [B.4], the following scenario-dependent probabilities are computed.
Scenario PICD1 PIComplicatedl P{ Complicated)
P{CDK'omplicated)
P(CDIComplicated) i
~
IDOP 4.40E-05 5.90E.02 9.41 E-01 3.00E-06 6.98E 04 PtDCA 5.80E-06 3.00E-02 9.70E-01 0.00E +00 1.93 E-04 Seismic 1.05 E-02 1.00E+00 0.00E+00 0.00E +00 1.05E 02 Notes:
1)
For LOOP scenarios, the only path to core damage given that RHR, SRVs, HPCI are all successful is station blackout.
2)
Seismic events are assumed to be complicated by definition 3)
P(CDIEQE) is computed using information from the NUREG-ll50 seismic analysis for Peach Bottom [B.9] because the results of the seismic assessment for Susquehanna weit not available. The Peach Bottom conditional probabilities of core damage given each of the three earthquake acceleration levels between 0.2g and 0.6g are used as follows. (Note that the g,in the second equation stands for the ith acceleration level, i = 1,2, or 3.)
B-7
M P{CD I EQE}' P{EQE} = P{CD I 0.23g}.P{0.23g} + P{CD 10.37g} P{0.37g}
4
+ P{CD I 0.53g} P{0.53g}
4
[P{CDIgi}P{gi}
~
P{CD I EQE} '= i=t.2.3
[P;,gi}
i=1,2,3 a
Pla) [B.7]
P(CDia} [B.9]
P[CDIs)*P[g) 0.23 1.02E-04 1.76 E-04 1.80E-08 0.37 1.34 E-05
~ 2.39E-02 3.20E 07 O.53 3.52E-06 2.59E-01 9.12E-07
'IUTALS
~ 1.19E-04 1.25E-06 i
> B.4 References 4
- B.1 M.T. Drouin, F.T. Harper, and A.L. Camp, Analysis of Core Damage Frequencyfrom Internal Events: Methodology Guidelines, NUREGICR-4550, Vol.1,1987.
J B.2 A. Mosleh, Procedure for Analysis of Common-Cause Failures in Probabilistic Safety l
Analysis, NUREG/CR-5801,1993.
. B.3 - J.W.
Minarick, " Revised LOOP Recovery and PWR Seal LOCA Models,"
ORN11NRC/LTR-89/11, technical letter report prepared for the U.S. Nuclear Regulatory Commission, August 1989.
B.4. J.A. Schroeder, Simplified Plant Risk Modelfor Susquehanna 1 & 2 (ASP BWR C),
Rev. 2, pn: pared for the U.S. Nuclear Regulatory Commission under JCN W6467-5, 1995.
B.5
- 3. Darby, et al, Evaluation of Potential Severe Accidents During Low Power and Shutdown Operations at Grand Gulf, Unit 1, NUREGICR-6143,1994.
B.6 T.L. Chu, et al, Evaluation of Potential Severe Accidents During low Power and Shutdown Operations at Grand Gulf, Unit 1, NUREG/CR-6144,1994.
l B.7 P. Sobel, Revised Livermore Seismic Hazard Estimates for 69 Nuclear Power Plant Sites East of the Rocky Mountains, Draft Reportfor Comment, NUREG-1488,1993.
B.8 G.M. Grant, et al, Emergency Diesel Generator Power System Reliability, 1987-1993, INEL-95/0035,' 1996.
- B.9 1.A. Lambright, et al, Analysis of Core Damage Frequency: Peach Bottom, Unit 2, External Events, NUREG/CR-4550, Vol. 4, Rev.1, Part 3, December 1990.
J 4
B-8 r
Table B.1 - Basic Event Data (Page 1 of 11)
BASIC EVFNTNAME COMPONENTDATA BASIC EVENT PROB.
j COMPONENT NAME FAILURE MODE FAILURE PROB ALT-XIIE-XM-SFP Operator Actxm Operator fails to establish 10E-2 1.0E '
altemate cooling early ALT-XIIE-XM-SFPL Operator Action Operator fails to establish 8.0E-2 8.0E-2 alternate cooling late ALT-XIIE-XM-SFPP Operator Action Operator fails to establish 3.0E-2 3.0E-2 I
alternate cooling during LOOP CSS-RIIR-FC-U1 Core Spray injection Unit 1 Fails to operate 4.0E-4 4.0E-4 l
CSS-RIIR-FC-U1 Core Sprar Iniertion Unit 2 Fails to operate 4.0E-4 4.0E-4 h
EPS-DGN-CF-ALL Diesel
~4 3 CCF to start 1.44E-3 1.44E-3 i
EPS-DGN-FC-1 A Diesel.m 4.1 A Fails to start /run i 1E-1 1.1E-1 Y
EPS-DGN-IC-1 ARE Diesel
&.1 A Fails to start /run (refuelina) 1.8E-l 1.8E-1 i
I EPS-DGN-IC-1 B Diesel menersenr IB Fails to start /run 1.lE-1 1.lE-1 EPS-DGN-FC-1BRE Diesel
-~&
1B Fails to start /run (refueling) 1.8E-1 1.8E-1 i
EPS-DGN-IC-2A Diesel m s 2A Fails to start /run 1.1E-1 1.1E-l EPS-DGN-FC-2ARE Diesel Au.os,-2A Fails to start /run (refuelina) 1.8E-1 1.8E-I EPS-DGN.lC-2B DieseI nenerator 2B Fails to start /run 1 IE-1 1.1E-1 EPS-IXiN-fC-2BRE Diesel is.m e. 2B Famils to start /run (refueling) 1.8E-1 1.8E-1 EPS-XilE-NOREC Operator Action Fails to recover emery.cy power 3.0E-2 3.0E-2 EPWR-XIIE-EA-REC litanan Action Fails to recover offsite power within Mvs 4.5E-2 4.5E-2 ESA-TRIP Flag Event SFP Trips with ESF Actuation
'IRUE
'IRUE FVPWR-FC-SFP Flaa Event VitalIbwer Available
'IRUE 1 RUE l
GOPEN-AIR-IC Gate air system Fails to shut off or deflate 1.0E-6 1.0E-6 i
GOPEN-IC-CRN1 Crane 1 Fails to operate 6.0E-3 6.0E-3 I
l GOPEN-FC-CRN2 C1ane 2 Fails to operate 6.0E-3 6.0E-3
\\
l GOPEN-GAT-RL-CRN Gene 1 Fails to release from crane 1.0E-4 1.0E-4 l
GOPEN-GA'E-IC-1 Gate 1 Fails to remove 1.0E-4 1.0E-4 l
GOPEN-GATE-IC-2 Cese2 Fails to remove 1.0E-4 1.0E-4 GOPEN-XIIE.XA INT Operator Action Fails to open gate 7.0E-3 7.0E-3 i
GOPEN-XVM-CO-CP
, Cast Pit manual valve Fails open 5.5E-7 5.5E-7 l
. _ ~ _ _ _ _ _.. - - _... _, _.
..m._
m. _.
i Table B.I - Basic Event Data (Page 2 of 11)
[
I BASIC EVENTNAME COMPONENT DATA BASIC EVENT
~
PROB.
{
COMPONENTNAME FAILURE MODE FAILURE PROB
- [
LMKUP-XilE-XA-SFP Operator Action Fails to align Makeup Systems (Late) 1.1E-2 1.lE-2 i
LPWR-XIIE-LA-REC Operatry Action Fails to recover power (Late) 0.5 0.5 MKP-XIIA-XA-CLGIS Operator Action Fails to align Makeup Systems 5.0E4 5.0E4 (Unit is critical, LINVC, isolated)
MKP-XIIA-XA-CLGNI Operator Action Fails to align Makeup Systems 2.5E-3 2.5E-3
[
GJnit is critical, LINVC, SFPC system, not isolated)
MKP-XIIA-XA-CLNIB Operator Action Fails to align Makeup Systems 1.8E-2 1.8E-2 Ginit is critical. LINVC, SFP boundary, not isolated)
MKP-XIIE-XA-CSMIS Operator Action Fails to align Makeup Systems 5.0E4 5.0E4 GInit is critical LINCS, isolated) f
[
MKP-XIIE-XA-CSMNI Operator Action Fails to align Makeup Systems 1.0E-3 1.0E-3 MKP-XIIE-XA-RLGIS Operator Action It gM Sy Systems 5.0E4 5.0E4 GInit is refueling, LINVR, isolated)
MKP-XIIE-XA-RLGN1 Operator Action Fails to align Makeup Systems or ECCS Systems 2.5E-3 2.5E-3 Ginit is refueling, LINVR, SFPC system, not isolated) j MKP-XIIE-XA-RIJ41B Operator Action Fails to align Makeup Systems or ECCS Systems 1.8E-2 1.8E-2 k
(Unit is refueling, LINVR, SFP boundary, not iselated)
[
MKP-XIIE-XA-RSMIS Operator Action Fails to align Makeup Systems or ECCS Systems 5.0E4 5.0E4 (Unit is refueling. LINRS. isolated)
MKP-XIIE-XA-RSMNI Operator Action Fails to align Makeup Systems or ECCS Systems 1.0E-3 1.0E-3 (Unit is refueling, LINRS, not isolated) 1 MUES-XIIE-XA-13FP Operator Action Fails to align Makeup or ECCS Systems Gate) 1.lE-2 1.lE-2 MUES-XIIE-XA-SFP Operator Action Fails to align Makeup or ECCS Systems 7.0E-3 7.0E-3 NCD-CORE-DM-12 Core Damate Alldiesels availaNe 6.98E4 -
6.98E4 l
NCD-CORE-DM-DGAL Core Damate All diesels availaNe 6.98E4 6.98E4 i
NCD-CORE-DM-DGPR CoreDemane Partial diesels avalaNe 6.98E4 6.98E4 NCDCORE-DM-PL Core Desr.aae During Primary LOCA 1.93E4 1.93E4 NCD-CORE-DM-PR CoreDamage Primary LOCA during refueling 1.93E4 1.93E4 NCD-CORE-DM-SBO Core Demaae During SBO 6.98E4 6.98E4 l
i I
h
Tab!c B.1 - Basic Event Data (Page 3 of 11)
BASIC EVENTNAME COMPONENT DATA BASIC EVENT PROB.
(X)MPONENT NAME FAILURE MODE FAILURE PROB RI-XIIE-XM-RIIR Operator Action Fails to iniate RIIR Assist Mode (unit 1) 7.0E-2 7.0E-2 R2-XHE-XM-RIIR Operator Action Fails to iniate RIIR Assist Mode (unit 2) 7.0E-2 7.0E-2 RIIRI-CKV-CF-AC Check valves 151 F031 A and 151 IV31C CCF to openhemain open 2.78E-5 2.78E-5 RIIR1-CKV-CF-BD Check valves 151 M31B and 151 IU31D CCF to open/ remain open 2.78E-5 2.78E-5 RIIRl-1ITX-CF-AB RHR heat exchanRefs 1 A and iB CCF to operate 13E-5 137E-5 RIIRI-IITX-FC-1 A RIIR beat exchanger i A Plugs 137E-4 2.67E-4 Manual valve IIV 151 IOt7A Plugs 4.0E-5 Manual valve IIV 151 F003A Plugs 4.0E-5 Relief valve PSV 151 F066A Fails open 1.0E-5 Manual valve IIV 151 IBt8B Ruptures / leaks 4.0E-5 Y
RIIRI-IITX-IV-1B RiiR beat exchanger iB Plugs 137E-4 2.67E-4 C
Manual valve llV 151 F047B Plugs 4.0E-5 Manual valve llV 1511003B Plugs 4.0E-5 Relief valve PSV 151 F066B Fails open 1.0E-5 Manual valve IIV 151 IBl8B Ruptures / leaks 4.0E-5 RIIRI-IITX-FC-C(X)l.
RIIR IITX cooling system Fails to operate 2.4E-4 2.4E-4 RIIRI-MDP-CF-AC RIIR pumps 1 A and IC CCF to start 4.5E-5 4.5E-5 RIIR1-MDP-CF-BD RilR pumps 1B and ID CCF to start 4.5E-5 4.5E-5 RilRI-MDP-FC-1 A RIIR motor driven pump I A Fails to start 3.0E-3 4.0E-3 RIIR motor driven pump 1 A Fails to run 7.2E-4 Manual valve llV 151 TV06A Fails to open/ remain open 1.4E-4 Check valve 151 F031 A Fails to open/ remain open 1.0E-4 Manual valve 151 ID34A Fails to remain open 4.0E-5 RilRI-MDP-FC-1B RIIR motor driven pump IB Fails to start 3.0E-3 4.0E-3 RIIR motor driven pump 1B Fails to run 7.2E-4 Manual valve IIV 151 F006B Fails to open 1.4E-4 Check valve 151 F031B Fails to open/ remain open 1.0E-4 Manual valve 151 F034B Fails to remain open 4.0E-5 4
Table B.1 - Basic Event Data (Page 4 of 11)
BASIC EVENTNAME COMPONENT DATA BASIC EVENT 3
PROB.
COMPONENT NAME FAILURE MODE FAILURE PROB RilRI-MDP-FC-IC RIIR motor driven pump 1C Fails to start 3.0E-3 4.0E-3 RIIR motor driven pump IC Fails to run 7.2E-4 Manual valve IIV 151 IV06C Fails to open 1.4E-4 Check valve 1511V31C Fails to open/ remain open 1.0E-4 Manual valve 151 F034C Fails to remain open 4.0E-5 RIIRI-MDP-FC-ID RIIR motor driven pump ID Fails to start 3.0E-3 4.0E-3 RIIR motor driven pump ID Fails to run 7.2E-4 Manual valve IIV 151 IV06D Fails to open 1.4E-5 Check valve 151 IV31D Fails to open/ remain open 1.0E-4 Manual valve 151 IV34D Fails to remain open 4.0E-5 tp R11RI-PSF-CC-DISA Manual valve 153070A Fails to open/ remain open 1.4E-4 2.4E-4 Check valve 153071 A Fails to open/ remain open 1.0E-4 g
RIIRl-PSF-CC-DISB Manual valve 153070B Fails to open/ remain open 1.4E-4 2.4E-4 Check valve 153071B Fails to open/ remain open 1.0E-4 RIIR1-TRNS-UA-B{
RIIR trains A and B Unavailable due to Test / Maintenance 1.3E-l 1.3E-1 RIIRl-XVM-CC-010A Manual valve 151 IU10A Fails to open/ remain open 1.4E-4 1.4E-4 RIIRI-XVM-CC-010B Manual valve 1511010B Fails to open/ remain open 1.4E-4 1.4E-4 RIIR1-XVM-CC-1070 Manual valve 151070 Fails to open/ remain open 1.4E-4 1.4E-4 RilRI-XVM-CC-SUC Manual valve 153021 Fails to open/ remain open 1.4E-4 2.8E-4 Manual valve 153060 Fails to open/ remain open 1.4E-4 RIIRl-XVM-OO-017A Manual valve IIV 151 IDl7A Fails to close 1.0E-4 1.0E-4 RIIRI-XVM-OO-017B Manual valve IIV 151 IU17B Fails to close 1.0F 4 1.0E-4 RIIRl-XVM-OO-4A Manual valve llV 1511004A Fails to close 1.0E-4 1.0E-4 RIIRI-XVM-OO4B Manual valve IIV 151 IV04B Fails to close 1.0E-4 1.0E-4 i
RilRI-XVM-OO4C Manual valve IIV 151 IV04C Fails to close 1.0E-4 1.0E-4 RilRI-XVM-OO-4D Manual valve IIV 151 IV04D Fails to close 1.0E-4 1.0E-4 RIIR1-XVM-OO-SFP1 Manual valve 153001 Fails to close 1.0E-4 1.0E-4 l
RIIR2-CKV-CF-AC Check valves 151 F031 A and 151 IV31C CCF to open/ remain open 2.78E-5 2.78E-5 RIIR2-IITX-CF-AB RIIR heat exchangers 1 A and IB CCF to operate 1.37E-5 1.37E-5
I Table B.1 - Basic Event Data (Page 5 of 11)
BASIC EVENTNAME COMPONENT DATA BASIC EVENT PROB.
COMPONENTNAME FAILURE MODE FAILURE PROB RIIR2-11TX-IC-1 A RIIR beat exchanger I A Plugs 137E-4 2.67E-4 Manual valveIIV 151 IV47A Plugs 4.0E-5 Manual valvellV 151 IV03A Plugs 4.0E-5 Relief valve PSV 151 F066A Fails open 1.0E-5 Manual valve llV 151 FV48B Ruptures / leaks 4.0E-5 RIIR2-IITX-FC-COOL RIIR llTX cooling system Fails to operate 2.4E-4 2.4E-4 RIIR2.MDP-CF-AC RIIR pumps I A and 1C CCF to start 4.5E-5 4.5E-5 RilR2-MDP-FC-1 A RIIR motor driven pump 1 A Fails to start 3.0E-3 4.0E-3 RIIR motor driven pump 1 A Fails to run 7.2E-4 Manual valveIIV 151 IV06A Fails to open/ remain open 1.4E-4 t?
Check valve 151 IV31 A Fails to open/ remain open 1.0E-4 C
Manual valve 151 IV34A Fails to remain open 4.0E-5 RilR2-MDP-FC-lC RIIR motor driven pump IC Fails to start 3.0E-3 4.0E-3 RilR motor driven pu np IC Faih to run 7.2E-4 Manual valve IIV 151 IV06C Fails to open 1.4E-4 Check valve 151 IV31C Fails to open/ remain open 1.0E-4 Manual valve 151 IV34C Fails to remain open 4.0E-5 RilR2-PSF-CC-DISA Manual valve 153070A Fails to open/ remain open 1.4E-4 2.4E-4 Check valve 153071 A Fails to open/ remain open 1.0E-4 l
RIIR2-PSF-CC-DISB Manual valve 153070B Fails to open/ remain open 1.4E-4 2.4E-4 Check valve 153071B Fails te open/ remain open 1.0E-4 RIIR2-TRNS-UA-TM RIIR trains A and B Unavailable due to Test / Maintenance 3.0E-3 3.0E-3 RIIR2-XVM-CC-1070 Manual valve 151070 Fails to open/ remain open 1.4E 4 1.4E-4 RilR2-XVM-CC-SUC Manual valve 153021 Fails to open/ remain open 1.4E-4 2.8E-4 Manual valve 153060 Fails to open/ remain open 1.4E-4 RIIR2-XVM-OO-017A Manual valveIIV 151 IV17A Fails to close 1.0E-4 1.0E-4 RIIR2-XVM-OO-4A Manual valveIIV 151 IV04A Fails to close 1.0E-4 1.0E-4 RIIR2-XVM-OO-4C Manual valve llV 151 IV04C Fails to close 1.0E 4 1.0E-4 R1IR2-XVM-OO-SFPI Manual valve 153001 Fails to close 1.0E-4 1.0E.4 SFP-LEAK-AITIDISO SFP Isolation Automatic Isolation 6.0E-6 6.0E-6 i
4 Table B.1 - Basic Event Data (Page 6 of 11) -
BASIC EVENTNAME COMPONENT DATA BASIC EVENT PROB.
COMPONENT NAME FAILURE MODE FAILURE PROB i
SFP-MKUP-ALT-F System Failure Alternate SFP Makup System fails 1.0E-2 1.0E-2 SFP-MKUP-ECCS-F System Failwe ECCS Systems fail to provide water 1.0E-1 1.0E-1 SFP-MKUP-REG-F System Failure Regular SFP Makup System fails 1.0E-1 1.0E-1 SFP-MKUP-U2-F System Failure Unit 2 makup system fail to provide water -
5.0E-2 5.0E-2 SFP-OP-GATE Flar Event SFPs are connectable
'IRUE
~IRUE SFP-OPEN-GATE Gate Status Open gate status of transfer gate 1.0E-1 1.0E-1 between pools i
SFP-XIIE-ISO-LK Operator Action Fails to isolate leak during 7.0E-3 7.0E-3 Primary LOCA SFP-XIIE-MANISO-E Operator Action Fails to isolate small SFP boundary 7.0E-3 7.0E-3 Y
leak (early)
E SFP-XIIE-MANIOS-L Operator Action Fails to isolate small SFP boundary 8.0E-2 8.0E-2 leak Cate)
SFP-XilE-XA-ECCS Operator Action Fails to align ECCS 1.0E 3 1.0E-3 SFP-XIIE-XE-LINVC Operator Action Fails to restore SFP (Loss of Inventory) 7.0E-2 7.0E-2 Unit is critical SFP-XIIE-XE-LINVR Operator Action Fails to restore SFP (Loss of Inventory) 4.0E-3 4.0E-3 Unit is refueling SFP-X1tE-XE-LP Operator Action Fails to restore SFP Cooling 7.0E-2 7.0E-2 during loss of power SFP-XIIE-XE-PLC Operator Action Fails to restore SFP Cooling 7.0E-2 7.0E-2 during Primary LOCA (Unit is entical)
SFP-XIIE-XE-PLR Operator Action Fails to restore SFP Cooling 4.0E-3 4.0E-3 during Primary LOCA (Unit is refueling)
SFP-XIIE-XE-UC Operator Action Fails to restore SFP Cooling 4.0E-2 4.0E-2 (unit is entical) l e
t l
1 m
,r u.,-.
v.m
1 Table B.1 - Basic Event Data (Page 7 of 11) 1 l
BASIC EVINTNAME COMPONENFDATA BASIC EVENF y
PROB.
COMPONENFNAME FAILURE MODE FAH,URE PROB SFP-XIIE-XE-UR Operator Action Fails to restore SFP Cooling 4.0E-2 4.0E-2 (unit is refueling)
SFPI-XIIE-XM-LSFP Operator Action Fails to iniate SFP Cooling 8.0E-2 8.0E-2 after late recovery (unit 1)
SFPI-XIIE-XM-SFP Operator Action Fails to iniate SFP Cooling 7.0E-3 7.0E-3 (early, unit 1)
SFP2-XilE-XM-LSFP Operator Action Fails to iniate SFP Cooling 8.0E-2 8.0E-2 after late recovery (unit 2)
SFP2-XIIE-XM-SFP Operator Action Fails to initate SFP Cooling 3.0E-2 3.0E-2 (early, unit 2) t?
SFPS-XilE-XM-LSFP Operator Action Fails to initate SFP Cooling 1.1E-2 1.1E-2 Gl (late, unit I and 2)
SPCI-CKV-CF-2F SFP heat exchanger dis. chk valves CCF to open/ remain open 1.87E-5 1.87E-5 SPCI-CKV-CF-DIS SFP discharge check valves CCF to open/ remain open 2.67E-5 2.67E-5 SPC1-CKV-CF-MP2F SFP pump discharge check valves CCF (2-of-3) to open/rer.utin open 3.16E-5 3.16E-5 SPCI-CKV-CF-MPA SFP pump discharge check valves CCF (all 3) to open/ remain open 1.69E-5 1.69E-5 SPC1-1ITX-CF-2F SFP heat exchangers CCF (2-of-3) IITXs 1.87E-5 1.87E-5 SPCI-IITX-CF-AIL SFP heat exchangers CCF (all 3) 1ITXs 3.7E-6 3.7E-6 SPCI-IITX-FC-1 A Manual valve 153002A Plugs 4.0E-5 2.17E-5 lleat exchanger 1 A Plugs 137E-5 Manual valve 153004A Plugs 4.0E-5 SPCI-IITX-FC-1B Manualvalve 153002B Plugs 4.0E-5 2.17E-5 Ileat exchanger 1B Plugs 137E-5 Manual valve 153004B Plugs 4.0E-5 SPCI-IITX-FC-1C Manual valve 153002C Plugs 4.0E-5 2.17E-5 1leat exchanger 1C Plugs 137E-5 Manual valve 153004C Plugs 4.0E-5 SPCI-IITX-FC-COOL SFP llTX cooling system Fails to operate 2.4E-4 2.4E-4 SPCI-MDP-CF-2F SFP MDP (early)
CCF to start /run (2-of-3) 5.86E-4 5.86E-4 1
l.
L l
Table B.1 - Basic Event Data (Page 8 of 11) l BASIC EVINTNAME COMPONENT DATA BASIC EVENT PROB.
COMPONINT NAME FAILURE MODE FAILURE PROB SPCI-MDP-CF-ALL SFP MDP(early)
CCF to start /run (all 3) 2.72E-4 2.72E-4 SPCI-MDP-CF-L2F SFP MDP (late)
CCF to start /run (2-of-3) 5.86E-4 5.86E-4 ~
j SPCI-MDP-CF-LAll SFP MDP (late)
CCF to start /run (all 3) 2.72E-4 2.72E-4 SPCI-MDP-FC-1 A Manual valve 153006A Fails to remain open 4.0E-5 3.88E-3 Motor driven pump i A Fails to start /run 3.7E-3 Check valve 153009A Fails to open/ranain open 1.0E-4 Manual valve 153010A Fails to remain open 4.0E-5 SPCI-MDP-FC-1 AL (late)
Manual valve 153006A Fails to remain open 4.0E-5 3.88E-3 l
Motor driven pump 1 A Fails to start /run 3.7E 3 Check valve 153009A Fails to open/ remain open 1.0E-4
-CD Manual valve 153010A Fails to remain open 4.0E-5 E
SPCI-MDP-FC-1B Manual valve 153006B Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IB Fails to start /run 3.7E-3 Check valve 153009B Fails to open/ remain open 1.0E-4 Manual valve 153010B Fails to remain open 4.0E-5 SPCI MDP-FC-1BL(late)
Manual valve 153006B Fails to remain open 4.0E-5 3.88E-3 i
Motor driven pump IB Fails to start /run 3.7E-3 Check valve 153009B Fails to open/ remain open 1.0E-4 Manual valve 153010B Fails to remain open 4.0E-5 SPCI-MDP-FC-1C Manual valve 153006C Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IC Fails to start /run 3.7E-3 Check valve 153009C Fails to open/ emain open 1.0E-4 Manual valve 153010C Fails to remain open 4.0E-5 SPCI-MDP-FC-ICL (late)
Manual valve 153006C Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IC Fails to start /run 3.7E-3 Check valve 153009C Fails to open/ remain open 1.0E-4 Manual valve 153010C Fails to remain open 4.0E-5 SPCI-PSF-IT-DISA Manualvalve 153018A Plugs 4.0E-5 1.4E-4 Check valve 153019A Fails to open/ remain open 1.0E-4 SPCI-PSF-FC-DISB Manualvalve 153018B Plugs 4.0E-5 1.4E-4 Ow* valve 153019B Fails to open/ remain open 1.0E-4 i
.m m
Table B 1 - Basic Event Data (Page 9 of 11)
BASIC EVENT NAME COMPONENT DATA BASIC EVENT PROB.
COMPONENT NAME FAILURE MODE FAILIIRE PROB SPCI-XVM-OC-3001 Manual valve 153001 Plugs 4.0E-5 4.0E-5 Sirl-XVM-OC-3013 Manual valve 153013 Fails to remain open/ Plugs 4.0E-5 4.0E-5 SPCI-XVM-OC-3017 Manual valve 153017 Fails to remain open/ Plugs 4.0E-5 4.0E-5 SPC2-CKV-CF-DIS SFP discharge check valves CCF to open/ remain open 2.67E-5 2.67E-5 SPC2-CKV-CF-M P2F SFP pump discharge check valves CCF (2-of-3) to open/ remain open 3.16E-5 3.16E-5 SPC2-CKV-CF-MPA SFP pump discharge check valves CCF (all 3) to open/ remain open 1.69E-5 1.69E-5 SPC2-IITX-CF-2F SFP heat exchangers (CF (2-of-3) 1ITXs 1.87E-5 1.87E-5 SPC2-1ITX-CF Al I.
SFP heat exchangers CCF (all 3) 1ITXs 3.7E-6 3.7E-6 SPC2-IITX-FC-I A Manual valve 153002A Plugs 4.0E-5 2.17E-5 IIcat exchanger I A Plugs 1.37E-5
[
Manual valve 1530G4A Plugs 4.0E-5 SPC2-IITX-IC-1B Manual valve 153002B Plugs 4.0E-5 2.17E-5 Ileat exchanger iB Plugs 1.37E-5 Manual valve 1530G4B Plugs 4.0E-5 SPC2-IITX-IC-IC Manual valm 153002C Plugs 4.0E-5 2.17E-5 IIcat exchanger IC Plugs 1.37E-5 Manual valve 15304tC Plugs 4.0E-5 SIC 2-IITX-FC-COOI.
SI'P IITX cooling system Fails to operate 2.4E-4 2.4E-4 SPC2-MDP-CF-2F SFP MDP (early)
CCF to start /run (2-of-3) 5.86E-4 5.86E-4 SIC 2-MDP-CF-AI.I.
SFP MDP (early)
CCF to start /run (all 3) 2.7211-4 2.72E-4 SPC2-MDP-CF-1.2F SFP MDP (late)
CCF to start /run (2+f-3) 5.86E-4 5.86E-4 SIC 2-MDP-CF-LAl.l.
SFP MDP (late)
CCF to start /run (all 3) 2.72E-4 2.72E-4 SPC2-MDP-IC-1 A Manual valve 153006A Fails to remain open 4.0E-5 3.88E-3 Motor driven pump 1 A Fails to start /run 3.7E-3 Check valve 153009A Fails to open/ remain open LOE-4 Manual valve 153010A Fails to remain open 4.0E-5 SPC2-MDP-IC-1 AL (late)
Manual valve 153006A Fails to remain open 4.0E-5 3.88E-3 Motor driven pump i A Fails to start /run 3.7E-3 Check valve 153009A Fails to open/ remain open 1.0E-4 Manual valve 153010A Fails to remain open 4.0E-5 l
t
Table B.1 - Basic Event Data (Page 10 of 11)
BASIC EVENTNAME COMPONENTDATA BASIC EVENT PROB.
COMPONENTNAME FAILURE MODE FAILURE PROB SPC2-MDP-FC-1B Manual valve 153006B Fails to remain open 4.0E-5 3.88E-3 Motor driven pump 1B Fails to start /run 3.7E-3 Check valve 153009B Fails to open/ remain open 1.0EJ Manual valve 153010B Fails to remain open 4.0E-5 SPC2-MDP-FC-1BL (late)
Manual valve 153006B Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IB Fails to start /run 3.7E-3 Check valve 153009B Fails to open/ remain open 1.0E-4 Manual valve 153010B Fails to remain open 4.0E-5 SPC2-MDP-FC-IC Manual valve 153006C Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IC Fails to start /run 3.7E-3 to Check valve 153009C Fails to open/ remain open 1.0E-4 h
Manual valve 153010C Fails to remain open 4.0E-5 SPC2-MDP-FC-ICL (late)
Manual valve 153006C Fails to remain open 4.0E-5 3.88E-3 Motor driven pump IC Fails to start /run 3.7E-3 Check valve 153009C Fails to open/ remain open 1.0E-4 Manual valve 153010C Fails to remain open 4.0E-5 SPC2-PSF-IE-DISA Manual valve 153018A Plugs 4.0E-5 1.4E-4 Check valve 153019A Fails to open/ remain open 1.0E-4 SPC2-PSF-FC-DISB Manual valve 153018B Plugs 4.0E-5 1.4E-4 Check valve 153019B Fails to open/ remain open 1.0E-4 SPC2-XVM-OC-3001 Manual valve 153001 Plugs 4.0E-5 4.0E-5 SPC2-XVM-OC-3013 Manual valve 153013 Fails to remain open/ Plugs 4.0E-5 4.0E-5 SPC2-XVM-OC-3017 Manual valve 153017 Fails to remain open/ Plugs 4.0E-5 4.0E-5 SSNV-SS-NV Safety Systems Not vulnerable to steam / flood prop.
1.0E-1 1.0E-1 SSV-XVM-NOREC Operator Action Fails to recover systems from steam / flood prop.
1.0E-1 1.0E-1 STM.XVM-XM-F Steam isolation Systems are not isolated from steam / flood prop.
1.0E-1 1.0E-1 TUATE-STAT Gate Status Fraction of time transfer gate is open 1.0 1.0 during refueling 6
Table B.1 - Basic Event Data (Page 11 of 11)-
BASIC EVENTNAME COMPONENTDATA BASIC EVENT PROB.
CT)MPONENT NAME FAILURE MODE FAILURE PROB UNREC-XIIE-RECV-1 Compiscated Recovery of Core Cooling, LOOP, EP recovered early SSE-2 SSE-2 UNREC-XIIE-RECV-2 Complicated Recovery of Core Cooling, LOOP, EP not om, c.cd SSE-2 SSE-2 UNREC-XIIE-RFfV-P Complicated Recovery of Core Cooling during Primary LOCA 3 M -2 3.0E-2 LKSMR leak fraction Fracten of small caks in SFP boundary 2.0E-1 2.0E-1 (s,s.
- ce and refueling) -
LKLGC Leak fraction Fraction of large leaks in SFP boundary 3.0E-1 3.0E-1 (coeration)
LKLGR leak fraction Fraction of large leaks in SFP boundary 7.0E-1 7.0E-1 (refuelma)
MIS 11GE Operator Action Fails to isolate large SFP iweid-y 1.8E-1 1.8E-1 Y
leak (early)
G MISLLGL Operator Action Fails to isolate large SEP boundary 8M-1 8.0E-1 leak Oase)
MISLSPCE Operator Action Fails to isolate SFPC system 8 M -2 8.0E-2 leak (refueling)
MISLSPIIN Operator Action Fails to isolate SFPC system 8.0E-2 8.0E-2 leak (critical)
M S
h
Table B.2 - LOOP Model Parameters for Susquehanna i
lo tr 11 0.0797 3.3136 0.7837 G1R2 0.01 1.4697 0.9899 S2R2 0.(X)5 0.1985 0.9759 SS3 0.002 0
0 l
Table B.3 - Breakdown of Piping-Associated SFP Leaks Refueling Non-Refueling Small 3.5 (3.5) 5 (5) 8.5 (8.5)
Large 0.5(Il)_
_. 2_(2) 2.5 (3.5) l 4 (5) 8 (8)
Table B.4 - Bn:akdown of Scal-Associated SFP Iraks Refueling Non-Refueling Small 1 (1) 0 (1) 1(2)
Large 1(2) 0 (0) 1(3) 4 (7) 1(2) l Table B.5 - Frequency-Magnitude Relationship for Earthquakes at :he Susquehanna Site i
elevel Mean Freauency_(/vr) 0.15 1.47E-04 0.26 5.29E-05 0.31 3.49E-05 j
0.41 1.71 E-05 0.51 9.28E-06 0.66 4.26E-06 l
0.82 2.19E-06 1.02 1.02E-06 I
'B-20 i
)
1 l
APPENDlX C - HUMAN RELIABILITY ANALYSIS C.1 Approach In keeping with the simple modeling appmach used in other parts of the analysis, a simple human reliability analysis (HRA) technique is employed. This technique, documented in Ref. C.1, is a worksheet-based approach developed for the Accident Sequence Precursor (ASP) program. A sample worksheet for a single action is shown in Figure C.I. The worksheet requires the analyst to evaluate performance shaping factors (PSFs) relevant to a given action and then to modify base human error probabilities (HEPs) based on the evaluation.
The likelihood of failum of subsequent actions is tmated using a second worksheet (see Figum C.2). This worksheet addresses issues that could increase the dependency between actions.
This study tmats multiple unit actions (e.g., failure of operators at Unit 2 to restore spent fuel pool makeup using Unit 2 sy(tems, given that operators at Unit I have failed using the Unit I systems) using the worksheet. In yncral, the result is that there is a moderate level of dependency between actions.
The base HEPS and modification factors used in this procedure are derived from the widely used Technique for Human Error Prediction (THERP) [C.2] methodology. Thus, the approach does not repmsent a fundamentally diffemnt approach to dealing with human errors; rather it is a consistent psychology-and human factors-based compilation which allows mlatively quick (if sometimes conservative) estimates of HEPs under a wide variety of conditions.
C.2 Performance Shaping Factors There are six performance shaping factors required by the ASP HRA technique and used in this analysis. The performance shaping factors are:
- 1. Complexity, stress, and workload
- 2. Experience / training
- 3. Procedures 4
- 4. Ergonomics
- 6. Crew dynamics.
The first four PSFs are of special interest to this study, due to the nature of the spent fuel pool accident scenarios hypothesi 7ed.
C-1
)
t h2 Scenarlos Sequence Numiber:
Cutset:
Task Erew
Description:
Esmemins Rasunu
'nadequate tine high threat uste tune 5 5
- 1. Couplexity, stress, and workiced j nadequate tine i
.ow tircat Auste time 1 1
& stress expansive tine 1 l
poor training 10 10 low expen.ence 8
8 I
I
- 2. Experience &aining 8
high experience good training 0.5 0.5 procedures absent 10 10
- 3. Procedure < procedures present pour procedures 5 5
good prcredures 1 1
pur ergonomics 5
5 good ergononnes I
3 3
retrofit plant (pour ergonomics
- 4. Ergonomics gmd ergonomics 0.7 0.7 pour ergonondes 2
2 new plant I
good ergonondes 0.4 0.4
- 5. Fitness fcr duty ( fd i 1
pour crew dynandes 10 10
- 6. Crew dynanu,ca good crew dynamics l
l Complexity. Expmence/ Procedures Ergonosub Fitness Cnw seus, and W
for nynandes Task Portion
- W day Proccuing: 10 E2 x x
x x
x x
g; pg Response Failure Probability Response 10 63 x x
x 1
1 x
=
+
Task Failure Probabihty Without Fornal Dependence Figum C.1 - ASP HRA Worksheet (Sheet 1 of 2)
C-2
1 i
DEPENDENCY CONDITION TABLE Condition Crew System location Time Cues Dependency Number of Number (same or (sarne or (same or (close m (additional Iluman Action differmt) diffen:nt) different) time or not or not Failures close in additional) time i
s s
a c
complete if this 2
s s
s oc na high 3
s s
s te a
moderate erroris the high 4
s s
d c
5 s
s d
oc na unierate third error 6
s s
d nc a
low 7
s d
s c
moderase in the 8
s d
s te na low 9
s d
s nc a
low sequerre m(xicraic 10 s
d d
c 11 s
d d
ne na low then the 12 s
d d
to a
low i
rrnierate deperxlercy 13 d
s s
c 14 d
s s
ne na low 15 d
s s
nc a
7ao is moderate, 16 d
s d
c rau 17 d
s d
rc na ran if it is the 18 d
s d
te a
zoo low fourth error 19 d
d s
c 20 d
d s
nc na rao 21 d
d s
nc a
rao deperxlency 22 d
d d
c rao 23 d
d d
nc na rau is high 24 d
d d
nc a
7ao Using N= Task Failure Probability Without Formal Dependence (calculated on previous page):
For Complete Dependence the probability of failure is 1.
For liigh Dependence the probability of failure is (1+Ny2 For Moderate Dependence the probability of failure is (l+6N)U For Imw Dependence the probability of failure is (1+19N)/20 For Zero Dependence the probability of failure is N (1 + (__t 1)/_ =
Task Failure Probability With Formal Dependence Figure C.2 - ASP HRA Worksheet (page 2 of 2) i C-3
_ ~. _
- 1. Comnlexitv. stress and workinadz For this PSF several diffemnt conditions would exist for
.l the hypothesized scenarios. For example, actions modeled such as placing RHR in a spent fuel pool assist cooling mode _can be fairly complex and time consuming. That is, operators am l
engaged in multiple tasks which require a good deal of time to complete. In addition, variations in l
scenario timing occur due to diffemnt decay heat loads that can affect the time available, size of leaks etc.,in tum affecting workload and the operators'stmss. The number of personnel available 4
i in mfueling vs. non fueling conditions can also be a factor.
i l
2.
Ru nerience> training. For this PSF we needed to consider the interaction of the operators' j
training on events of this type, with the novelty of the particular scenario. For example, in some i
cases, operators have literally never taken the actions described. Whatever historical evidence existed was brought into consideration for this factor. Also, the procedures we reviewed wem of a generic natum rather than a step-by-siep pmscription.
l
- 3. Procedums This PSF is particularly important because procedures may not be well developed for some spent fuel pool scenarios as they have not received as much attention as dimet com damage scenarios. Thus a distinction was made between those actions covemd by either the plant l
EOPs or plant NOPs, and those covered by the non-specific Fuel Pool cooling procedures we had reviewed. ~
t 4.
Ergonomics. This PSF is important in several ways. First, some of the needed accident t
mitigation equipment may not be accessible during the scenario (e.g., elevated radiation levels near the pool during a severe draining event). Another important ergonomics issue concerns the
[
human-machine interface, as this affects how operators am informed of spent fuel pool conditions and how they manipulate components in msponse to their indications. Also, many actions am mquimd outside of the control where typically the Human Machine Interface (HMI) is not as cleanly designed and controlled as in the reactor control room. 'Ihe number and type of manual 4
actions, and leak location also play a role.
5 & 6. Fitness for Duty and Crew dynamics. Due to the generic aspect of this analysis these j
factors were assumed to have no impact.
i C.3 Key Assumptions A number of assumptions were made to facilitate the analysis. These assumptions were made to assure consistencies across the human actions in the scenarios.
i 1.
Operators all have good training 2.
Procedums are generic 3.
Ergonomics inside the control room are good 4.
Ergonomics outside the control room am poor (as defined by the ASP HRA worksheet) 5.
Operators are fit for duty
)
6.
Crew dynamics are good
~
These assumptions wem then modified based upon the factors of event timing, type of leak, scenario complexity, reactor state, need for manual actions outside the control room, C-4 i
4
~
h i
environmental concerns, and the possibility for second checks and mcovery. Each of these issues I
were considered in completing the ASP quantification form. In general the kinds of considerations l
made for these factors are listed in Table C.1 below.
i We also attempted to consider the known operating experience. Operating experience i
played a role in checking the masonableness of the human error probabilities, as well as understanding how the factors in Table C.1 above might impact performance.
Table C.2 below shows the final msults of the human reliability analysis. For each human error basic _ event,. the failure mode, a description of.what factors wem considered in the j-quantification, and the resulting HEP am listed. Section C.4 of this appendix contains the ASP HRA worksheets for each of the human error. The worksheets occur in the approximate order of Table C.2.
4 4
i Table C.1 - Factors and Considerations Influencing Human Error Probabilities Factor Considerations / Assumptions Event timing Affected by leak si7c, location j.
Type ofleak Large leaks am more easily detected,- but give less time to act. Seal leaks are more t
easily detected than spent fuel pool cooling system leaks.
l Scenario complexity A non-isolated leak will increase event complexity and stress.
Reactor state If the reactor is mfueling personnel are more likely to be around increasing chance of i
detection of problems outside the control room.
However extra personnel and i
workload can decrease vigilance Actions outside control room Generally ergonomics are less favorable in the plant Environmental factors Radiation, high temperature, high humidity can negatively impact performance i
Second checks and recovery Second unit can serve as possible source of j_
recovery i
i i
C-5 i
i r
+m
,n
-~~-,a.-
- -.. ~.
_ -. ~.. - - -
Table C.2 - Results of the Human Reliability Analysis (HRA)(page 1 of 4)
Basic Event Name Faihue Mode Description liuman Error Pmbebility 0{EP)
ALT-X11F2KM-SFP Operator Fails to establish ALT cooling early early, procedures non-specific, no degradanon of
.01 conditions ALT-XlIE-XM-SFPL Operator fails to establish ALT cooling late late, reduced time available, more stess, poor
.08 environmental factors possible ALT-XIIE-XM-SI'PP Operneor fails to establish ALT cooling during uncomplicated, expansive time, acuans outsule
.03 LOOP-unconiplicated contml ALT-XIIE-XM-SFPP Operator fails to establish ALT cooling during crunplicated, increases stress, moderases expensive
.08 LOOP-complicated time, actions outside contrci room MKP-XIIA-XA-CSMIS Operaenr fails to align makeup systems early actions outside control roosa, early, reactor critical,
.0035 smallleak isolated 2nd Unit Recovery
.0035*.14=.0005 '
MKP-XIIA-XA-RSMIS -
Operator fails to a'ign makeup systems early actions outside control room, early, refueling, small
.0035 h
leak isolated 2nd Unit Recovery
.0035*.14=.0005 MKP-XIIA-XA-CLGIS Operator fails to align makeup systems early actions outside control room, early, reach critical,
.0035 j
large leak isolated l
2nd Unit Recovery -
i
.0035*.14=.0005 MKP-XIIA-XA-RLGIS Operator fails to align makeup systems early acuons outside control room, early, refueling, large
.0035
-[
leak isolated 2nd Unit Recovery
[
.0035*.14=.0005 Basic Event Name Faihue Mode Description HEP MKP-XIIE-XA-CSMN1 Operator fails to align makeup systems early actions outside control room, early, reactor critical,
.007 smallleak, not isolated 2nd Unit Recovery
.007*.14=.001 I
MKP-XIIE-XA-RSMNI Operator fails to align makeup systems early acuens outside control room, early, refueling, small
.007 i
leak, not isolated 2nd Und Recovery i
.007*.14=.001 1
t Table C.2 - Results of the Human Reliability Analysis (HRA) (page 2 of 4) i Basic Event Name Failure Mode Description Human Emr Protability GEP)
MKP-XHA'-XA-CLGNI Operator fails to align makeup systems early actions outside control room, early, reactor critical,'
.018 large leait, not isolated 2nd Unit Recovery
.018*.14=.0025 MKP-XIIA-XA-CIRIB Operator fails to align makeup systems early actmns outside control roosn early, reactor critical,
.018 large leak-boundary, not isolated MKP-X11E-XA-RLGNI Operator fails to align makeup systems early actons outside control room, early, refueling, large
.018 leak, not isolated 2nd Unit Recovery
.018*.14=.0025 MKP-XHE-XA-RINIB Operator fails to align makeup systems early actions outside cmtrol room, early, irfueling, large
.018 leak-boundary, not isolated EPS-XHE-NOREC Operator fails to recover ewm..c1 power actions outside control romn -
.03 l
- y. GOPEN-XHE-XA-INT Operators fail to open mate early, actiom outside control room-
.007 LMKUP-XIE-XA-SFP Operator fails to align makeup systems late late, reduces time, more stress
.08 2nd Unit Recovery
.08 *.14=.011 l
.i e
t
=,____,. _ _ _. -. _ _.,., _...
.., ~... _.,., _,...... _ _ _..
Table C 2 - Results of the Human Reliability Analysis (HRA) (page 3 of 4)
Basic Event Name Failure Mode Description IIEP MUES-XHR-XA-SFP Operator fails to alian makeup or ECCS systems early early
.007 MUES-X11E-XA-LSFP Operator fails to align makeup or ECCS systems late late, reduces time, more stress
.08 2nd Unit Recovery
.08 *.14=.011 SFP-XIIE-XF UC Operator fails to restore SFP Cooling System decision only, reactor critical, leak location
.035 SIP-XIIE-XE-UR Operator fails to restore SFP Cooling System decision only, reactor refuelina. leak lomtion
.035 SFP-XIIE-XE-IP Operator fails to restore SFP Cooling System decision only, loss of power. leak location
.07 SFP-XIIE-XE-LINVR Operator fails to restore SFP Cooling System decision only, reactor refuchng, girater
.0035 number of staff in plant, leak locanon SFP-XIIE-XE-LINVC Operator fails to restore SFP Cooling System decision only, reactor critical, leak location
.07 SFP-X11E-XE-PLR Operator fails to restore SFP Cooling System decision only, reactor refueling, greater 0035 number of staff in plant, leak locanon g
& SFP-XIIE-XE-Pl.C Operator fails to rewore SFP Cooling System decision only, reactor critical, leak locatson
.07 RI-XIIE-XM-RIIR Operator fails to initiate RilR mode of SFP cooling-early, uncomplicated, actions never
.07 Unit I gu fmmed, manual actions outsade control room R2-XilE-XM-RIIR Operator fails to initiate RIIR mode of SFP cooling-early, uncomplicated, actions never
.07 l
Unit 2 perfonned, manual actions outside control i
room SFP-XIIE-ISO-LK Operator fails to isolate leak during primary LOCA potential environmental factors
.05 l
i s
h
.-.v
- Table C.2 - Results of the Human Reliability Analysis (HRA) (page 4 of 4)
Basic Event Name.
Falure Mode Desmpoon HEP MISLSPilh Operator fails to isolate SFP beimdary leak, early early, pipe leak, reactor cnocal, non-specific
.006 i=mo;,.6, actions outside control com i
MISLSPCE Operator fails to isolate SFP boundary leak, early early, pipe leak. refueling, non-specific
.008L i-Tue cA accons outside metrol sooni MISLLGE Operator fails to isolate SFP boundary leak, early early,large seat leak (reducing time
.18 I
available), difficuk to mitigate, pw(4 m non-specific, accons outside control socin MISLLGL Operator fails to isolate SFP boundary leak, late late, large leak, gwce s non-specific, poor
.8 environmental factors possible, actions outside control room SFP-XilE-MANISO-E Operator fails to isolate SFP, early early, small seal leak, non-specific
.007 imud cs, accons outside control room SFP-X11E-MANISO-L Operator fails to isolate SFP boundary Leak, late late,non-specific psui, poor
.08 g
environmental factors possible, outside control room SFP-XilE-XA-ECCS Operator fails to align ECCS systems well tramed action
.001 SFPI-XIIE-XM-SFP (Unit Operator fails to initiate SFP cooling early early, actions outside control room
.007 1)
SFP2-XIIE-XM-SFP (Unit 2)
SFPI-XilE-XM-Operator fails to initiate SFP cooling after late late, actions outside control room
.08 LSFP(Unit 1) recowry SFP2-XIIE-XM-LSFP t
(Unit 2) 1
[
i B
h t
.-..~ -..
~
,en
..,-,--n
.~.,,-,-e,n--.--
,-a,.
C.4 HRA Worksheets The worksheets used to generate the results shown in Table C.2 are shown in the following pages.
a 1
C-10
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
ALT-XHE-XM-SFP Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Establish ALT Cooling Early Processine Resymse dequate time *
=
high threat equate time 5
5
& stress xpansive time 2 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress xpansive time 1 10 10 low experience < poor training good training 1
- 2. Experience / training 5
5
- high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures (procedures absent poorprocedures 5 h
procedures present goodprocedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty h
fit I
poor crew dynamics 10 10
- 6. Crew dynam,ics h
good crew dynamics I
Complexity Experience / Procedures Ergonomics Fitness Crew stress, and training for dynamics workload duty Task Portion Processing Failure Probability Processing: 10 E 2 x x
x x
x x
=
=
+.01 Response Failure Probability Response: 10 E-3 x 1
x 1
x 5
x 7
x 1
x 1 Task Failure Probability C-1]
Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) ALT-XHE-XM-SFPL Plant:
Scenario:
Sequence Number: -
Task Error
Description:
Operator Fails to Establish ALT conlinn Iat, Pr= =<h e
Response
- dequate time high threat uate time 5
& stress xpansive time 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress pansive time 1 1
Poor training 10 10 low expen.ence good training i
- 2. Experience /traim.ng high experience good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present Ngoodprocedures 1 1
poor ergonomics 5
5 good ergonomics 1
I 3
retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fitness for duty < unfit fit I
poor crew dynamics 10 10
- 6. Crew dynam,cs good crew dynamics i
Complexity, Experience / Procedures Ergonomics Fimess Crew for dynamics stress, and training Task Portion g rkload duty Processing Failure Probability Processing: 10E-2 x x
x x
x_
x
=
+.075 Response Failure Probability Response: 10 E 3. x 5 x
1 x_
5 x
a x
1
_x 1
=
C-12 rask Failure Probability Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
ALT-XHE-XM-SFPP Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Establish ALT Coolino Durino LOOP. unenmolicated Processmg
Response
quate time =
=
high threat equate time 5
5
- 1. Complexity, stress, and woridoad inadequate time =
=
low threat adequate time 1
1
& stress pansive time 1 1
10 10 low experience < poor training good training I
- 2. Experience / training high experience good training 0.5 0.5 10 10
- 3. Procedures (procedures absent poorprocedures 5 procedures present goodprocedures 1 1
poor ergonomics 5
5 good ergonomics 1
1 3
retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fimess for duty < unfit fit I
10 10
- 6. Crew dynamics < poor crew dynamicsh good crew dynamics I
Crew Complexity Experience / Procedures Ergonomics Fimess. dynamics stress, and training for Task Portion
%rk)ad duty Processing Failure Probability Processing: 10 E-2 x x
x x
x x
=
.03 ResponseFailureProbability Response: 10 E 3 x 2
x 1 x 5 x _1 x
1 x 1
=
+
C-13 Task Failure Probability Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
ALT-XHE-XM-SFPP Plant:
Scenario: '
Sequence Number:
Task Error
Description:
Operator Fails to Establish ALT coolina durino I nnp. enmnlicatad l
Processmr
Response
~ dequate time high threat unte time 5
& stress xpansive time 2
- 1. Complexity, stress, and workload madequate time low threatj&1 equate time 1
1
& stress pansive time 1 1
i Poor training 10 10 low expen.ence good training 1
- 2. Experience /traimng poor training 5
5 high expen,ence good training 03 0.5 procedures absent 10 10
- 3. Procedures poorprocedures 5 h
procedures present goodprocedures 1 I
i poor ergonomics 5
5 good ergonomics 1
1 3
retrofit plant (poor ergonomics
- 4. Ergonom.es~
good ergonomics 0.7 0.7
)
f poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fitness for duty < unfit fit 1
l Poor crew dynamics 10 10 good crew dynamics 1
- 6. Crew dynam.es Complexity, Experience / Procedures Ergonomics Fitness Crew l
stress, and training for dynamics Task' Portion ~
T rkload duty Processing Failure Probability Processing: 10E 2 x x
x x
x x
=
+.075 Response Failure Probability Response: 10 E 3 x 5
x 1=
x_
5-x 3
x 1
x 1-
=
C.14 Task Failure Probability Without Formal Dependence
MKP-XHA-XA-CLGIS MKP-XHE-XA-RLGIS ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) MKP-XHE-XA-CSMIS MKP-XHE-XA-RSMIS Plant;'
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Align h kenn syttome Farly emm11 1amb 4entm+od, Processmg Respnse large leak isolated.
dequate time =
=
high threat equate time 5
5
& stress pansive time 2 2
- 1. Complexity, stress, and workload madequate time =
=
low threat adequate time 1
1
& stress pansive time 1 10 10 Iow experience < poor training i
good training 1
- 2. Experience / training 5
5 4
poor trammg high experience good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present good procedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics h
good ergonomics 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty h
fit I
poor crew dynamics 10 10
- 6. Crew dynam,cs h
i good crew dynamics I
Complexity, Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics Task Ponion E'kl*d du'Y Processing Failure Probability Processing: 10 E-2 x x
x x
x x
=
.0035 Response Failure Probability
- Response: 10 E 3 x 1
x-1 x 5 x
.7 x _1 x
1
=
+
C-15 Task Failure Probability Multiply by.14 for moderate dependency with Unit Two Recovery
' ASP HUMAN ERROR WORKSHEET (Page 1 of 2)
MKP-XHE-XA-CSMNI MKP-XHE-XA-RSMNI Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator fails to alian makeup system eariv-small leak not isolated Processmg Rerponse quate time =
=
high threat quate time 5-5
& stress xpansive time 2
- 1. Complexity, stress, and workload f nadequate time =
i
=
low threat
- Jane time 1
1
& stress xpansive time 1 1
10 10 low experience < poor training h
good training I
- 3. Experience / training poor training 5
5 high experience < good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 5
procedures present good procedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrefit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fimess for duty h
fit I
poor crew dynamics 10 10
- 6. Crew dynamics h
good crew dynamics I
Complexity, Experience / Procedures Ergonomics Fimess Crew stress. and training for dynamics duty Task Portion wykload Processing: 10E-2 x x
x x
x x
=
Processing Failure Probability Response: 10 E 3 x 2
- x 1
x 5
x
.7 x 1 x
1
=.
+ nn7 Response Failure Probability C-16 Task Failure Probability Without Formal Dependence Multiply by.14 for moderate dependency with Unit Two Recovery 1
MKP-XHA-XA-CLGNI ASP HUMAN ERROR WORKSHEET (Page 1 of 2) MKP-XHA-XA-CLN1B MKP-XHE-XA-RLGNI MKP-XHE-XA-RLNIB Plant:
Scenario:
Sequence Number:
Tesk Error
Description:
Operator fails to alian makeuo system ear 1v-larae leak. not isolated Proce<<'m
Response
l
'nadequate time =
high threat quate time 5
& stress xpansive time 2
- 1. Complexity, stress, i
and workload
=
inadequate ume =
low threat adequate time 1
1
& stress xpansive time 1 1
10 10 l
low experience < poor training good training I
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 l
10 10
- 3. Procedures (procedures absent jpoorprocedures 5 5
pmcedures present <\\ good procedures !
I 5
5 old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good erEonomics 0.4 0.4 25 25
- 5. Fitness for duty (unfit fit 1
1 10 10
- 6. Crew dynamics (poor crew dynamicsh good crew dynamics I
l i
Complexiry. Experience! Procedures Ergonomics Fimess Crew stress, and training for dynamics j
duty Task Ponion
%rktad Processing Failure Probability Processing: 10E.2 x x
x x
x_
x
=
+ _ n1 R Response Failure Probability f
Response: 10 E-3 x 5 x_
1 x
5 x_
.7 x
1 x 1
=
Task Failure Probability r, n Multiply by.14 for moderate dependency foYMKP-XHA-XA-CLGNI(.0025)
Without Formal Dependence Recovery MKP-XHE-XA-RLGNI(.0025)
. ASP HUMAN ERROR WORKSHEET (Page 1 of 2) EPS-XHE-NOREC j
. Plant:
Scenario-Sequence Number:
Task Error
Description:
- Operator Fails to Recover Fmeroency pnwar 1
l Procesamt
Response
t
-i f"e"quate time =
j
'
- tune 5
i high threat
& stress xpansive time 2
- 1. Complexity, stress, j
and workload i
madequate time " -
low threat adequam time 1
I l
& stress xpansive time 1 I
i Pa training 10 10 low experience good training i
f
- 2. Experience / training r training 5
5 high experience good training 0.5 0,
n 0
10 j
- 3. Procedures.
poorprocedures 5 f Procedures present good procedures 1 1
Poor ergonomics 5
5 oldple good ergonomics 1
1 retrofit plant (good ergonomics
' 4. Ergonomics 0.7 0,7 2
8 8
new plant good ergonomics 0.4 0.4 25
- 5. Fimess for duty fit 1
Pu crew dynamics 10 10 6.' Crew dynarnics good crew dynamics 1
Q l
1 Complexity, Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics duty Task Portion yrkload Processing Failure Probability f
Processing: 10 E 2 x x
x x
x x
=
=
+.03 Response Failure Probability 1
Response: 10 E 3 x ' 2 1
5 3
1 x
x x
x x
Task Failure Probability C-18 Without Forma! Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 of 2) G0 PEN-XHE-XA-INT Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Open Gate, early Processing
Response
quate time high threat quate time 5
5
& stress xpansive time 2
- 1. Complexity, stress, and workload inadequate time==
low threat adequate time 1
1
& stress pensive time 1 1
Poor training 10 10 low expen.ence h
good training I
- 2. Experience /trainmg poor training 5
5 high expen.ence scod training 0.5 0.5 10 10
- 3. Pmcedures< procedures absent poorprocedures 5 h
pmcedures present goodprocedures 1 1
poor etgonomics 5
5 good ergonomics 1
1 retrofit plant (good ergonomics h
- 4. &gonomics 0.7 new plant good ergonomics 0.4 0.4 25 25
- 5. Fitness for duty < unfit fit I
poor crew dynamics 10 10
- 6. Crew dynamics h
good crew dynamics I
Complexity. Exprience/ Procedures Ergonomics Fimess Crew stress, and training for dynamics
- rkload duty Task Portion Processing Failure Probability Processing: 10E 2 x x
x x
x x
=
+.007 Response Failure Probability
.7 x 1 x
1 Response: 10 E-3 x 2
1 x
5 x
=
x C-19 Task Failm Probability Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Pege 1 cf 2) LMKUP-XHE-XA-SFP Plant:
Scenario:
Sequence Number:
Task Error
Description:
Doerator Fa#1s in Align Makoon tyctome lato Pror.essmg
Response
uate time =
=
high threat --adequate time 5
& stress xpansive time 2 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress pansive time. I 1
10 10 low experience < poor training (1) 1 good training 1
- 2. Experience / training 5
5 high experience < poor training good traming 0.5 0.6 10 10
- 3. Procedures (procedures absent poorprocedures 5 h
procedures present good procedures !
I 5
5 old plant < poor ergonomics i
good ergonomics 1
1 3
retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 1
poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fitness for duty < unfit fit I
h poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics 1
Complexity, Experience / Procedures Ergonomics Fimess Crew stress. and training for dynamics Task Portion yrktad duty Processing Failure Probability Processing: 10 E 2 x x
x x
x x
=
=
+.075 Response Failure Probability 1
x 5
x 3
x 1
x 1
' Response: 10 E 3 x 5
x C-20 Task Failure Probability i
Multiply by.14 for moderate dependency with Unit Two Recovery
ASP HUMAN ERROR WORKSHEET (Page I cf 2)
MUES-XHE-XA-SFP Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Alian Makeuo or ECCS Svstamt parly Processmr Respome
' dequate time a high threat uate time 5
& stress xpansive time 2
- 1. Complexity, stress, and woridoad inadequate time =
=
low threat adequate time 1
1
& stress xpansive time 1 1
10 10 low experience < poor training good training I
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present good procedures 1 1
5 5
f old plant < poor ergonomics good ergonomics 1
1 3
3
-retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2
% new plant < poor ergonomics good ergonomics 0.4 0.4
- unfit 25 25
- 5. Fimess for duty (% fit h
I poor crew dynamics 10 10 good crew dynamics I
Complexity. Experience / Procedures Ergonomics Fimess Crew stress, and traming for dynamics
- I *d d"'Y Task Portion Processing Failure Probability Processing: 10 E-2 x x
x x
x x
=
+.007 Response Failure Probability Response: 10 E-3 x 2 x
1 x
5 x
.7 x
1 x
1
=
Task Failure Probability C-21 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page I cf 2)
MUES-XHE-XA-LSFP l
Scenario:
Sequence Number:
Plant:_
Task Error
Description:
Operator Fails to Alian Makeup or ECCS Systems. late Processing
Response
i adequate time high threat equate time 5
& stress xpansive time 2
- 1. Complexity, stress, and workload inadequase ume =
=
low threat adequate time 1
1
& stress xpansive time 1 1
10 10 low experience < poor training good training 1
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures (procedures absent i
poorprocedures 5 procedures present goodprocedures !
l 5
5 old plant < poor ergonomics good ergonomics 1
1 3
retrofit plant (poor ergonomics
- 4. &gonomics good ergonomics 0.7 0.7 1
poor ergonomics 2
2 good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty h
fit I
poor crew dynamics 10 10
- 6. Crew dynamics good crew dynamics I
h Complexiry. Experience / Procedures Ergonomics Fimes:
Crew stress. and training for dynamics Task Portion I.rktad duty Processing Failure Probability Processing: 10 E-2 x x
x x
x x __.
=
+.075 Response Failure Probability Response: 10 E.3 x 5 x
1 x
S x
3 x
1 x 1
=
C-22 Task Failure Probability Multiply by.14 for moderate dependency with Unit Two Recovery
i ASP HUMAN ERROR WORKSHEET (Page 1 of 2) SFP-XHE-XE-UC i
L Plant:
Scenario:
Sequence Number:
l Task Error
Description:
Operator Fails to Restore SFP Cnnlinn e,vetem noc4cinn i
Processmg
Response
puate time =
=
high threat Auate time 5
5 l
A stress xpansive time 2 2
1.
p
- stress, made,uate ti,ne =
=
Iow threat adequale time 1
1 i
& stress xpansivetime @
l l
l F
10 10 low experience < poor training good training @
l l
- 3. Experience / training 5
5 high experience < poor training good training 0.5 0.5 l
10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present good procedures 1 I
i poor ergonomics 5
5 good ergonomics 1
1 i
3 3
retrofit plant (poor ergonomics
)
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics 1
good ergonomics 0.4 0.4 unfit 25 25 j
- 5. Fitness for duty 1
h 1
fit poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics h
I Completiry. Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics Task Portion grk)ad duty x
1 x
5 x
.7 x
1 x
1
=
-n% Processing Failure Probability Processing: 10 E-2 x 1
Response Failure Probability Response: 10 E 3 x x
x x
x x
=
+
Task Failure Probability j
C-23 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
SFP-XHE-XE-UR t
Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Restore SFP Coolina System Decision Procenine
Response
dequate time =
high threat equate time 5
5
& stress xpansive time 2 2
- 1. Complexity, stress, and workload inadequate time =
Iow threat adequate time 1
1
& stress xpansive time @
1 poor training 10 10 low expen.ence good training @
l
- 2. Experience / training high experience good training 0.5 0.5 i
10 10
- 3. Procedures < procedures absent poorprocedures 5 h
procedures present good procedures 1 1
poor ergonomics 5
5 good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics h
0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty h
1 fit poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics l
Complexity, Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics wwuond duty
. Task Portion b
.035 Processing Failure Probability 1
x 5
x
.7 x 1 x
1 Processing: 10 E 2 x 1 x
=
Response Failure Probability Response: 10 E-3 x x
x x
x x
=
+
Task Failure Probability C-24 Without Formal Dependence
1 ASP HUMAN ERROR WORKSHEET (Pcge 1 of 2)
I SFP-XHE-XE-LP 1
Plant:
Scenario:
Sequence Number:
e nor4e4nn Task Error
Description:
Operator Fails to Restore SFP Conling svetom l
Processine
Response
uate time =.
=
high threat uate time JL 5
2
& stress xpansive time Q2
- 1. Complexity,suess, and workload i
inadequate time =
=
Iow threat adequate time 1
1
& stress expansive time 1 1
U poor training 10 10 low experience good training h 1
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poor procedures h 5
procedures present good procedures !
l 5
5 old plant < poor ergonomics j
good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0,4 l
unfit 25 25
- 5. Fitness for duty h
fit I
10 10
- 6. Crew dynamics < poor crew dynamics good crew dynamics. h 1
Complexity, Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics
' w a ll ad duty Task Portion
.07 Processing Failure Probability Processing: 10 E-2 x 2
x 1
x 5 x
.7 x
1 - x 1
=
Response Failure Probability Response: 10 E-3 x x
x x
x x
=
+
Task Failure Probability C-25 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) SFP-XHE-XE-LINVR Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Restore SFP Coolino System Processing Resnonse
' dequate time =
=
high threat quate time 5
5
& stress xpansive time 2 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress pensive time 1 t
10 10 low experience < poor training h
good training I
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 5
procedures present goodprocedures 1 1
5 5
i old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics l
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty h
fit I
10 10
- 6. Crew dynamics < poor crew dynamicsh good crew dynamics I
1 Complexity. Experience / Procedures Ergonomics Fitness Crew for dynandes stress. and training Task Portion Y,.rki ad duty i
Processing Failure Probability Processing:.10 E 2 x x
x x
x x
=
+.0035 _ Response Failure Probability Response: 10 E-3 x 1_ x 1
x 5
x
.7 x
1 x
1
=
i Task Failure Probability C-26 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) SFP-XHE-XE-LINVC Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Restore SFP Coolina System Processmg
Response
' dequate time
=
high threat uate time 5
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress pansive time 1 1
poor training 10 10 low expen,ence good training @
1 i
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poor procedures @
5 procedures present good procedures !
1 5
5 old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonornics 0.7 good ergonomics 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 1
i 25 25
- 5. Fitness for duty (unfit fit 1
poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics h
I Complexity, Experience / Procedures Ergonomics Fitness Crew stress, and training for dynamics duty Task Portion g rkload
.07 Processing Failure Probability
.7 x
1 x
1
. Processing: 10 E 2 x 2
1 x 5 x
=
x Response Failure Probability Response: 10 E-3 x x
x x
x x
=
+
Task Failure Probability C-27 Without Formal Dependence i
ASP HUMAN ERROR WORKSHEET (Pcge 1 cf 2) SFP-XHE-XE-PLR ~
t Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Restore SFP Coolina System Processmg
Response
' dequate time =
=
high threat uate time 5
5
& stress xpansive time 2 2
and workload inadequate time =
=
low threat adequate time 1
1
& stress xpansive time I 10 10 low experience < poor training good training 1
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present good procedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 l
25 25
- 5. Fimess for duty (unfit h
fit I
10 10
- 6. Cmw dynamics < poor crew dynamicsh good crew dynamics I
Complexity. Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics duty Task Portion I. rkload Processing Failure Probability Processing: 10 E 2 x x
x x
x x
=
1 x
1
+.0035 Response Failure Probability
.7 x
Response: 10 E-3 x I
1 5
x
=
x x
C-28 Task Failure Probability Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) SFP-XHE-XE-PLC Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Restore SFP Conlina Svetam Processmr Esaunaa dequatetime =
=
high threat uate time 5
5
& stress xpansive time @
2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
& stress xpansive time 1 1
poor training 10 10 low experience good training @
l
- 2. Experience / training 5
5 high experience < poor trammg good training 0.5 0.5 10 10
- 3. Procedures (procedures absent poor procedures @
5 procedures present goodprocedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofitplant(poor ergonomics
- 4. Ergonomics 0.7 good ergonomics 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 1
25 25
- 5. Fimess for duty (unfit h
1 fit poor crew dynamics 10 10
- 6. Crew dynanu,cs good crew dynamics Complexity. Experience / Procedures &gonomics Fimes:
Crew for dynamics stress, and training duty Task Ponion T.orkload
.07 Processing Failure Probability Processing: 10 E-2 x 2 x
1 x
si x_
_7 x
1 x
1
=
Response Failure Probability Response: 10 E 3 x
_x x
x x
x
=
+
C-29 Task Failure Probability Without Formal Dependence i
ASP HUMAN ERROR WORKSHEET (Page 1 of 2)
RI-XHE-XM-RHR Sequence Number:
Plant:
Scenario:
Task Error
Description:
Operator Fails to Initiate RHR Mndo of SFP Coolino. pariv. uncomplicated ;
Pmeenine
Response
quate time =
=
high threat quate time 5
5
& stress xpansive time 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
& stress xpansive time 1 1
h poor training 10 Iow experience good training i
1 i
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 1
10 10
- 3. Procedures < procedures absent 5
poorprocedures 5 procedures present 1
goodprocedures 1 5
5
< poor ergonomics good ergonomics 1
1 i-3 3
retrofit plant (poor ergonomics h
- 4. Ergonomics good ergonomics 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 25 25 5 Fitness for duty < unfit fit 1
10 10
- 6. Crew dynamics < poor crew dynamicsh good crew dynamics I
Crew Complexiry, Experience! Procedures Ergonomics Fitness for dynamics stress, and training du'Y Task Portion 8" 'kl "d i
Processing Failure Probability Processing: 10 E-2 x x
x'
- t x
x
=
+.07 Response Failure Probability Response: 10 E 3 x 2 10
_x.
5 x_
.7 x
1 x
1
=
x Task Failure Probability C-30 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 of 2) R2-XHE-XM-RHR Sequence Number:
Plant:
- Scenario:
Task Error
Description:
Operator Fails to Initiate RHR Mode of SFP Coolino, early, uncomplicated Proceuine Restonse dequate time =
=
high thstat quate time 5
5
& stress pansive time 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress expansive ume 1 1
poor training 10 low experience good training 1
1
- 2. Experience / training high experience good training 0.5 0.5 10 10 poorprocedures 5 h
- 3. Procedures < procedures absent procedures present 1
goodprocedures 1 poor ergonomics 5
5 good ergonomics 1
1 l
i 3
3 retrofit plant (poor ergonomics l
- 4. Ergonom.ics good ergonomics 0.7 poor ergonemics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fimess for duty (unfit fit 1
l poor crew dynamics 10 10 good crew dynamics 1
C
- 6. Crew dynamics Crew Complexity. Experience / Procedures Ergonomics Fimess for dynamics stress, and training duty Task Portion y rkload -
Processing Failure Probability Processing: 10 E-2 x x
x x
x x
=
I
+.07 Response Failure Probability Response: 10 E 3 x 2
10
_x 5
x
.7 x
1 x
1
=
x Task Failure Probability C-31 Without Fonnal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 of 2)
SFP-XHE-ISO-LK Sequence Number:
Plant:
Scenario:
Task Error
Description:
Operator Fails to Isolate Leak nurinn pr4mmry i_nca Prm ninn
Response
dequate time a high threat quate time 5
& stress xpansive time 2
- 1. Complexity, stress, and woridoad inadequate time =
=
low threat adequate time 1
1
& stress xpansive time 1 1
poor training 10 10 low experience good training 1
' 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures (procedures absent 5
poorprocedures 5 procedures present 1
goodprocedures 1 4
5 5
old plant < poor ergonomics good ergonomics 1
1 3
retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant (poor ergonomics good ergonomics 0.4 OA 25 25
- 5. Fimess for duty (unfit fit I
10 10 l
- 6. Cmw dynamics (poor crew dynamicsa good crew dynamics 1
U/
Crew Complexity, Experience / Procedures Ergonomics Fitness 1
for dynamics stress, and training Task Portion 8" rkload duty Processing Failure Probability Processing: 10 E 2 x x
x x
x x
=
.045 Response Failure Probability 3
x 1 - x_
1
=
+
Response: 10 E 3 x 5 -'
1 1
x_
x x
Task Failure Probability C-32 Without Formal Dependence t
)
\\
MISLSPHN ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
MISLSPCE Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Isolate SFP Boundary leak Eariv-critical. refueling Processmg Respow pipe Ieak dequate time =
=
high threat le time 5
& stress xpansive time @
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress pansive time 1 1
10 10 low experience < poor training good training h h
- 2. Experience /traming 5
5 poor trammg high experience
' good training 0.5 0.5 10 10
- 3. Procedures (procedures absent poor proceduresh h
procedures present goodprocedures i 1
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics h
h poor ergonomics 2
2 good ergonomics 0.4 0.4 unfit 25 25
- 5. Fimess for duty fit 1
h poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics 1
Complexity. Experience / Procedures Ergonomics Fitness Crew stress, and training for dynamics Task Portion w,rkt ad duty 1
.07 Processing Failure Probability 1
x Processing: 10 E-2 x 2 1
5
.7 x
=
x x
x
+.007 Response Failure Probability Response: 10 E-3 x 2 1
5
.7 1
x 1 x
x x
x
=
.08 Task Failure Probability C-33 Without Formal Dependence
- ASP HUMAN ERROR WORKSHEET (Page 1 cf 2) MISLLGE Plant:
- Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Isolate SFP Boundary leak Early. larae seal leak Processmg
Response
' dequate time =
high threat uate time 5
Q)
& stress pansive time 2 2
- 1. gi
- stress, inadequaie dme -
Iow threat adequaic time 1
1
& stress xpansive time 1 1
h poor training 10 low experience good training 1
1
- 2. Experience / training poor training 5
5 high expen.ence good training 0.5 0.5 10' 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present goodprocedures 1 1
poor ergonomics 5
5 good ergonomics 1
1 3
3 retrofit plant (poor ergonomics h
- 4. Ergonom.es good ergonomics 0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fimess for duty < unfit fit I
poor crew dynamics 10 10
- 6. Cn:w dyname.s good crew dynamics 1
Complexity, Experience / Procedures Ergonomics Fimess Crew stress, and training for dynamics duty Task Portion
- wkload Processing Failure Probability Processing
- 10 E 2 x x
x x
x x
=
+ _1R Response Failure Probability Response: 10 E-3 x - 5 x '10
'x 5
x
.7 x __ 1 x_
1
=
C-34 Task Failure Probability Witivaut Formal Dependenec
ASP HUMAN ERROR WORKSHEET (Page 1 cf 2)
MISLLGL Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Isolate SFP Boundary leak late. larae leak Procenine
Response
dequate time =
=
high threat te time 5
& stress xpansive time 2 2
- 1. Complexity, stress, and workload inadequate time =
=
low threat adequate time 1
1
& stress xpansive time 1 1
h poor training 10 low experience good training 1
1
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures (procedures absent poorprocedures 5 procedures present good procedures !
l 5
5 old plant < poor ergonomics good ergonomics I
3 retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fimess for duty h
fit I
10 10
- 6. Crew dynamics < poor crew dynamics good crew dynamics 1
4 Complexity Experience / Procedures Ergonomics Fimess Crew mess. and training for dynamics Task Portion y rkload duty Processing Failure Probability Processing: 10 E-2 x x
x x
x
.x
=
Response: 10 E-3 x 5 x-10 x
5 x 1 x
1 x 1
=
+,g Response Failure Probability C-35 Task Failure Probability Without Formal Dependence
ASP H'UMAN ERROR WORKSHEET (Pr.ge 1 cf 2) SFP-XHE-MANIS0-E Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Isolate SFP Boundary Leak Eariv. small seal leak Processing Respnse c
adequate time a a
high threat uate time 5
5
& stress xpansive time 2
- 1. Cgigtress, inadequate time a a
low threat adequate time
- 1
& stress xpansive time 1 1
10 10 low experience < poor training good training I
- 2. Experience / training 5
5 high experience < poor training good training 0.5 0.5 10 10
- 3. Procedures < procedures absent i
poorprocedures 5 5
procedures present goodprocedures 1 1
5 5
old plant < poor ergonomics good ergonomics 1
I 3
3 4.' Ergonomics retrofit plant (poor ergonomics good ergonomics 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty fit 1
10 10
- 6. Crew dynamics < poor crew dynamics@
good crew dynamics I
Complexity, Experience / Procedures Ergonomics Fimess Crcw stress. and training for dynamics duty Task Portion
% rkload Processing Failure Probability Processing:-10E 2 x x
x x
x x
=
=
+.nn7 Response Failure Probability Response: 10 E-3 x ' 2 x
1 x 5 x
.7 x 1 x 1 C-36 Task Failure Probability Without Formal Dependence i
)
m ASP HUMAN ERROR WORKSHEET (Page 1 of 2) SFP-XHE-MANIS0-L Plant:
Scenario:
Sequence Number:
Task Error
Description:
Operator Fails to Isolate SFP Boundary Leak Late amall leak Emccasing
Response
~ dequate time high threat uate time 5
& stress xpansive time 2
- 1. Complexity, stress, and workload inadequate time Iow threat adequate time 1
1
& stress xpansive time 1 1
poor training 10 10 low expen.ence h
- 2. Experience /iraining poor training 5
5 high expen,ence good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present goodprocedures 1 1
poor ergonomics 5
5 good ergonomics 1
1 h
3 retrofit plant (poor ergonomics
- 4. &gonom.ics good ergonomics 0.7 0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 25 25
- 5. Fitness for duty < unfit h
fit I
poor crew dynamics 10 10 h
- 6. Crew dynamics good crew dynamics I
Complexity, Experience / Procedures Ergonomics Fimess Crew stess, and training for dynamics duty T. rkload o
Task Portion Processing Failure Probability Processing: 10 E-2 x -
x x
x
.x x
=
Response: 10 E 3 x 5 x
1 x_ S x_3 x
1 x 1
=
+ nn Response Failure Probability Task Failure Probability C-37 Without Formal Dependence
ASP HUMAN ERROR WORKSHEET (Page 1 of 2)
SFP-XHE-XA-ECCS t
Sequence Number:
Plant:
Scenario:
Task Error
Description:
Operator Fails to Alian ECCS Svstame Processmg
Response
l
=
quate time =
high threat uate time 5
5 3
i
& stress xpansive time 2 t
j I. Complexity, stress, and workload madequate time a i
=
low threat adequate time
-1 1
& stress xpansive time 1 1
poor training 10 10 low expen,ence good training i
5 5
l
- 2. Experience / training high experience < poor training i
good training 0.5 0.5 t
10 10
- 3. Procedures (procedures absent poorprocedures 5 5
goodprocedures I h
procedures present poor ergonomics 5
5 good ergonomics I
3 3
retrofit plant (poor ergonomics
- 4. Ergonomics good ergonomics 0.7 0.7 poor ergonomics 2
2 new plant good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty fit 1
poor crew dynamics 10 10
- 6. Crew dynam,cs i
good crew dynamics Crew Complexity, Experienec/ Procedures Ergonomics Fimess for dynamics stress, and training duty Task Portion.
% rkload Processing Failure Probability Processing: 10 E 2 x
_x x
x x_
x
=
+.001 Response Failure Probability
.7 x
1 x
1 Response: 10 E-3 x 2
1 I
x_
=
x x
Task Failure Probability C-38 Without Formal Dependence
ASP HUM'AN ER'ROR WORKSHEET (Page 1 of 2)
SFP1-XHE-XM-SFP SFP2-XHE-XM-SFP Sequence Number:
Plant:
Scenario:
Task Error
Description:
l Processmg
Response
i
=
Aauate timequate time =
'9 5
5 high threat
& stress xpansive time 2
- 1. Complexity, stress, t
and woridoad inadequate time =
=
low threat adequase time 1
1
& stress xpansive nme 1 1
i 10 10 low experience < poor training l
good training 1
t 5
5
- 2. Experience / training high experience < poor triunmg good training 0.5 0.5 i
procedures absent 10 10 poorprocedures 5
- 3. Procedure pmcedures present l
goodprocedures !
5 5
old plant < poor ergonomics good ergonomics 1
1 3
3 retrofit plant (poor ergonomics
- 4. Ergonomics' good ergonomics 0.7 2
2 new plant < poor ergonomics good ergonomics 0.4 0.4 unfit 25 25
- 5. Fimess for duty fit 1
poor crew dynamics 10 10
- 6. Crew dynam,ics C
good crew dynamics 1
Crew
)
Complexity. Experience / Procedures Ergonomics Fimess dynamics for stress, and training duty w rkload
- Task Portion:
Processing Failure Probability
=
Processing: 10E-2 x x
x-
.- x x
x_
.007 Response Failure Probability 2
1 5
.7 x _1 1
+
x
_x Task Failure Probability Response: 10E3x
_x x
C Without Formal Dependence i
i
ASP HUMAN ERROR WORKSHEET (Page I cf 2) SFP1-XHE-XM-LSFP SFP2-XHE-XM-LSFP Plant: '
Scenario:
Sequence Number:
- Task Error
Description:
Operator Fails to initiate SFP Coolina after Iato Reenvery haceasmg
Response
uste time a high threat uale time 5
& stress xpansive time 2 2
1.
- stress, inadequate time a Iow threat adequale time
'1 1
& stress pansive time 1 1
10 10-low experience < poor training good training I
- 2. Experience / training poor training 5
5 high experience good training 0.5 0.5 10 10
- 3. Procedures < procedures absent poorprocedures 5 procedures present good procedures 1 1
poor ergonomics 5
5 good ergonomics 1
1 3
retrofit plant (poor ergonomics 4 Ergonom,ics good ergonomics 0.7 0.7 poor ergonomics 2
2 good ergonomics 0.4 0.4 unfit 25 25
- 5. Fitness for duty fit I
poor crew dynamics 10 10
- 6. Crew dynam,cs good crew dynamics 1
i Complexity, Experience / Procedures Ergonomics Fimess Crew stress. and training for dynamics w rkload duty Tad Ponion Processing Failure Probability Processing: 10E-2 x x
x x
x x
=
+.075 Response Failure Probability Response: 10 E 3 x 5 x-1 x
5-x 3
x 1
x 1
=
Tad Failure Probability V
C-40 Without Formal Dependence
C.5 References C.1 U.S. Blackman and 1.C. Byers, ASP Human Reliability Methodology Development, draft report prepared for the U.S. Depanment of Energy under DOE Idaho Operations Office Contract DE.AC07-94ID13223 Idaho Nadonal Engineering Laboratory,1995.
C.2 A.D. Swain, Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, NUREGICR-1278,1983.
C-41
1 1
l APPENDIX D - KEY ASSUMPTIONS D.1 General Assumptions
. 1)
For those inidating events which affect mom than the SFPC system (i.e., LOOP, seismic, PLOCA), if the plant mcovery/ stabilization is complicated, either there will be no early attempts to mcover SFPC or such attempts will be ineffective. This assumes that the effective focus of the operators will be on safeguarding the core.
2)
If there is no early attempt to restore cooling to the spent fuel pool, the RHR supplemental cooling assist mode cannot be used. This is based on the length of time necessary to initiate this cooling method (the pool will have almady reached near boiling conditions in a late cooling mstoration attempt), and the possibility of a harsh environment inhibiting any local actions.
3)
If the operators' carly attempts to restore cooling using the SFPC system fails, no late restoration of SFPC is modeled. This treats the possibility that the ceason for the early failum still applies to later attempts.
4)
During normal operation, two of the three SFPC pumps and two heat exchangers am operating.
5)
If the pool cross-connect is open in a dual unit plant, the previously operating configuration of either units' SFPC system is adequate to prevent boiling in both units. For example, if Unit I loses SFPC with the pool cross-connect open, whatever combination of Unit 2 pump (s) that mmained mnning will be adequate to prevent boiling in the Unit 1 pool. This assumption applies to Cases 1 and 2.
6)
Once the spent fuel pool reaches near boiling conditions, the pool can not be cross-connected. This based on the possibility of a harsh environment prohibiting the action.
7)
Top event ALT-C (alternate cooling) represents boiling / makeup cooling. In this case spent fuel is not assumed to be vulnerable but safety system (s) could be vulnerable.
8)
A single pump RHR train in SFP cooling assist mode can provide cooling to both units if the pool cross-connect is open (in a dual unit plant).
10)
If the pool cmss-connect is closed, operators would first attempt to establish the cross connection prior to aligning RHR in the spent fuel pool cooling assist mode.
I1)
No cooling water systems can be cross-connected between the two units via piping connections, except Service Water. The only cross-connect of cooling systems is through the SFP cross-connect.
D-1
-.a.i n 4 A
m a
a.s-..n_.
- ..,.+
12)
If restoration of cooling to the SFP is late (i.e., the pool is near boiling or already boiling),
it is possible that reactor safety systems may be affected by the steam before cooling is restored.
13)
Once mactor safety systems are affected by the effects of a boiling spent fuel pool, no chance of system restoration exists unless the steaming effects am first mitigated. This does not necessarily have to involve cooling the pool; redimetion or venting of the steam from the mactor building is also possible.
14)
In the case of mactor scram concunent with loss of the SFPC system, the RHR train is modeled to be available for SFP cooling only if the operator establishes alternate shutdown cooling mode using a com spray injection system. No RHR train can be aligned in the spent fuel pool cooling assist mode if it is being used in the normal shutdown cooling mode.
15)
Since there are several direct and indirect alarma and indications when boiling initiates, the unavailability of these alarms and indicators is not modeled.
16)
The probability of direct core damage (i.e., core damage not caused by spent fuel pool steaming or flooding)is assumed to be negligible in the case of an uncomplicated recovery.
17)
The SFPC system is powered from a non-safety bus. It will automatically trip on LOOP or on an engineered safeguards featum (ESF) actuation signal.
D.2 Loss of SFPC (LOSFP) Modeling Assumptions I
1)
The loss of the SFPC system does not cause a plant transient or mactor scram.
2)
For Cases 1 and 2, one RHR train (two pumps) is assumed to be unavailable for use in spent fuel pool cooling.
4 D.3 Loss of Offsite Power (LOOP) Modeling Assumptions 1)
De pool emss-connect cannot be opened without offsite power. (The overhead crane necessary for gate removal is powered from non-diesel backed buses.)
i 2)
Two-unit plants can cross-connect vital power sources and share emergency diesel generator (EDG) power.
t 3)
Unless all EDGs am available or offsite power is recovered withiu 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, neither unit's RHR system is modeled on the basis that recovery would be complicated.
4)
Availability of only a panial set of EDGs causes operator distraction and will inhibit early restoration of SFPC.
-D-2
5)
SFPC systems which are powered from non-diesel backed buses cannot be powered without offsite power. In other words, credit is not taken for any ability to cross-tie vital and non-vital buses.
6)
Loss of all EDGs (SBO) followed by an early recovery of offsite power is assumed to be a complicated recovery.
7)
Early recovery of power is assumed to mean recovery of power within 4 hrs. After that, if all EDGs fail, the core cannot be cooled (DC power will last only for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />).
8)
Late recovery of power is assumed to mean recovery of power within 20 hrs. After that, the pool coolant will be near boiling in many cases.
D.4 Loss of Coolant Accident in Primary System (PLOCA) Modeling Assumptions 1)
Upon a PLOCA, the SFPC system pumps trip on ESF actuation.
2)
RHR is not available for spent fuel pool cooling assist mode for Case 1. This assumes that both trains of RHR are needed to cool the primary system.
3)
The transfer gate between the mactor cavity and the spent fuel pool is always assumed to be open during refueling.
4)
While in refueling mode, the operator must isolate the bmak and must establish the level using the ECCS prior to restoring spent fuel pool cooling.
5)
In Cases 2 and 3, the transfer gate cannot be put back in place once a PLOCA event has been initiated.
6)
While in Case 1, the operator will establish cooling on the primary side befom mstoring the spent fuel pool cooling.
7)
Failum to isolate the break is assumed to msult in a boiloff. Makeup systems are assumed j
not to be able to keep up with the loss from the break.
D.5 Loss of Spent Fuel Pool Inventory Modeling Assumptions 1)
Two leak sites am modeled: the SFPC system (e.g., pipe bmak) and the spent fuel pool boundary.
2)
Only leaks in the SFPC system with flow rates greater than the normal makeup rate am analyzed.
3)
If a siphon bmaker fails to isolate a leak in the SFPC system, the operator must isolate the break manually, otherwise leakage is assumed to continue until the level in the spent fuel D-3
pool drops below the end of the inlet piping and automatic siphon breaking (" isolation")
occurs.
4)
Failure to isolate a spent fuel pool boundary leak is assumed to result eventually in pool boiling (the leak rate gmatly exceeds the makeup rate). Also, the boiloff timing is not affected by the makeup rate.
If the operator fails to respond relatively early to a spent fuel pool boundary leak, late
- 5).
recovery is not possible.
6)
Early isolation of a leak is assumed to lead to a non-consequential flooding event.
D.6 Seismic Event Modeling Assumptions 1)
Thme levels of peak ground acceleration am considered. These ranges are as follows:
PGA < 0.2g 0.2g 5 PGA s 0.6g PGA > 0.6g i
Earthquakes with PGA < 0.lg am assumed to result in a mcoverable loss of offsite power and negligible component / structural damage. In this study, their effects am assumed to be included in the LOOP analysis. Earthquakes with PGA > 0.6g are assumed to cause failure of the spent fuel pool structure. (The high confidence oflow probability of failum capacity
- HCLPF - for spent fuel pool structural damage was estimated to be 0.5g for a mpresentative BWR and 0.65g for a representative PWR [2,19].)
2)
If the spent fuel pool structure is damaged by an earthquake (i.e., PGA > 0.6g), pool boiloff(of the remaining inventory)is assumed.
D-4
__