ML20135G734

From kanterella
Jump to navigation Jump to search
Final ASP Analysis - Catawba 1 and 2 (LER 413-93-002)
ML20135G734
Person / Time
Site: Catawba  Duke Energy icon.png
Issue date: 05/14/2020
From: Christopher Hunter
NRC/RES/DRA/PRB
To:
Littlejohn J (301) 415-0428
References
LER 1993-002-00
Download: ML20135G734 (5)
v  d  e


Text

A. 12-1 A. 12 LER No. 413/93-002 Event

Description:

Essential Service Water Potentially Unavailable Date of Event: February 25, 1993 Plant: Catawba I and 2 A. 12.1 Summary On February 25, 1993, with Catawba Unit I at 100% power and Catawba Unit 2 in a refueling shutdown, three of four essential service water (ESW) pump discharge valves failed to open during surveillance testing.

Four ESW pumps serve both units. During normal operation, only one pump is used. If the pump with the operable valve tripped, it would result in the loss of ESW to both units. The conditional core damage probability estimated for this event is 1.5 x 10- . The relative significance of this event compared to other potential events at Catawba is shown in Fig. A. 12. 1.

LER 413/93-002 1E-7 1E-6 I E-5 IE-4 1E-3 I E-2 L LOW&L360 h EP L TRIP1 MIDOFW&

LOOP TRIP I 1DAL

Precursor Cutoff 360 h AFW Fig. A. 12. 1 Relative event significance of LER 4 13/93-002 compared with other potential events at Catawba 1 and 2 A. 12.2 Event Description Catawba Unit 2 was in a refueling outage on February 25, 1993, when in-service pump testing was begun on the B train of ESW pumps. The cross-connect line between the trains was closed; this depressurized the ESW header downstream of the ESW motor-operated discharge valves. When the 2B pump was started at 1424 hours0.0165 days <br />0.396 hours <br />0.00235 weeks <br />5.41832e-4 months <br />, the discharge valve failed to open. When the lB pump was started at 1426 hours0.0165 days <br />0.396 hours <br />0.00236 weeks <br />5.42593e-4 months <br />, its discharge valve also failed to open. The failures were attributed to higher than expected torque to open the valves when the downstream header was depressurized. Because the A train valves had a similar setup, and therefore were suspectable to the same failure, the A train of ESW was declared inoperable. When the 2A pump was started, the actuator for the discharge valve tripped and reset several times while trying to open. The valve finally opened but it took an additional 25 s.

In 1989, the "open" torque switch settings (TSSs) for 56 butterfly valves were to be set to the maximum value to address the problems of opening these valves under high differential pressure. The four ESW pump discharge valves were included in these 56 valves. The "open" TSSs for the Unit 1 ESW pump discharge LER No. 413/93-002

A. 12-2 valves were set to the maximum value (3. 0). However, the "open" TSSs for the Unit 2 valves were incorrectly left at 1.5. The "close" TSS was adjusted to the maximum value instead on these two valves.

In August 1992, the Unit I ESW pump discharge valves were set-up per Generic Letter (GL) 89- 10 criteria.

This resulted in the "open" TSSs being reduced from the maximum value of 3. 0 to 2. 0. The Unit 2 valves were not reset to the GL 89- 10 criteria at the time of the event.

Following the failure of the B train valves on February 25, 1993, the licensee realized that the TSSs for the Unit 2 ESW valves were mistakenly reversed. The TSSs for the Unit 2 valves wvere changed to the maximum setting. The discharge valves for the Unit 1 pumps were set to 20 deg open. Following these changes, all valves were successfully opened against maximum differential pressure.

The licensee conducted a study of the history of TSSs for the ESW valves and discovered that (1) ESW pump IA was affected between August 1992 and February 1993, (2) ESW pump IlB was affected between November 1985 and July 1989 and between August 1992 and February 1993, and (3) ESW pump 2B was affected between November 1985 and February 1993. As a result, from August 1992 through February 1993, three of the four ESW pump discharge valves (lA, 1A and 2B3) were unable to open against full differential pressure. This results in a potential loss of ESW to both Catawba units, assuming a single failure of the one operable ESW pump discharge valve or failure of the single ESW pump associated with the operable valve.

A. 12.3 Additional Event-Related Information One ESW pump has sufficient capacity to supply all cooling water requirements during normal power operation of both units or during postaccident conditions if the unaffected unit is already in cold shutdown.

Typically, only one pump is run at a time. The running pump is rotated to equalize run time on the four pumps such that each pump is run for -~1 week each month. The "2A" ESW pump had operated for 10 15 h during the period from August 1992 through January 1993.

The ESW pump discharge valves are closed when their associated pump is not operating. The valves do not have to complete a closure stroke if commanded open while the valve is in midposition. The valve stroke time is about 55 s.

A standby shutdown facility (SSF) is located in a separate building on the Catawba site. This facility, which is not normally manned, is capable of providing limited high-pressure injection for reactor coolant system makeup and reactor coolant pump (RCP) seal cooling [provided an RCP seal loss-of-coolant accident (LOCA) does not occur]. It can also supply limited steam generator (SG) makeup. The facility includes a separate diesel generator that can power SSF loads in the event of a station blackout. SSF systems consist of single trains and are therefore not single-failure-proof. In conjunction with the turbine-driven auxiliary feedwater (AFW) pump and the availability of SGs, the SSF facility can maintain hot standby conditions for both units.

A. 12.4 Modeling Assumptions During a loss-of-offsite power (LOOP), the operating ESW pump discharge valve would be commanded closed but would not be able to close because no power was available. When the EDG was started and loaded or offsite power was recovered, the ESW pump would receive a start signal that would, in turn, command the ESW discharge valve to open. Because the valve would not have had time to close (because of the loss of power), the valve would reopen. In addition, every other ESW pump would also receive a start command. It is assumed that the successful operation of one ESW train would pressurize the header LER No. 413/93-0.02

A. 12-3 downstream of the discharge valves and reduce the differential pressure across the unopened valves. This would have allowed the other ESW pump discharge valves to open.

There are two other cases to consider during at-power conditions. The first case occurs when an ESW pump other than "2A" is providing normal service water and fails. The second case is when ESW pump "2A" is providing normal service water. The first case is not a problem because it is assumed that pump "2A" would have been started upon failure of the other pumps and its discharge valve would be able to open against the high differential pressure. This would pressurize the ESW headers and allow the other operable ESW pumps and discharge valves to operate.

The second case does present a scenario of concern. If the "2A" ESW pump were the only running pump and it tripped or failed, then the remaining ESW pump discharge valves would not be able to open against the high differential pressure. Information from the licensee indicates that the ESW header pressure would decay rapidly enough that the remaining pump discharge valves would have to open under full differential pressure conditions (conditions from which they failed to open during testing). This would result in failure of the ESW system. Upon failure of the ESW system, the RCP seals would lose cooling. All other safety-related systems would also lose cooling, with the exception of the turbine-driven AFW pump. Without the recovery of ESW or the use of SSF to provide RCP seal injection, a seal LOCA without makeup would result about 50 min after the failure of the ESW system and would lead to core damage.

Therefore this event was modeled as a potential failure of the "2A" ESW pump to run. The event tree for this event is shown in Fig. A. 12.2. Following the failure of the "2A" ESW pump, two mitigation strategies are possible.

The first involves the recovery of one other ESW pump before an RCP seal LOCA (50 min). Recovery of the one ESW pump would supply sufficient cooling water for both units, assuming that a LOCA did not occur. A LOCA concurrent with a trip of the running ESW pump was considered unlikely Even in this case, once the first ESW pump is running, the second could be started from the control room because the discharge valves would not have to open against full system differential pressure. Once ESW is recovered, the operability of the systems cooled by ESW is restored.

The other recovery strategy would be to place the SSF in service to provide RCP seal cooling and start the turbine-driven AFW pump to provide secondary-side heat removal. This would allow the plant to achieve a hot shutdown condition even without the restoration of the ESW system.

The failure probability for the ESW pump to run is obtained from Table A. 6-9 of the Catawba individual plant examination (IPE) by multiplying the failure frequency (1.4 x 10-5 /h) by the number of hours the 2A pump was running during the period of concern (1015 h). The nonrecovery probability for the remaining ESW trains was estimated by the licensee using the Human Cognitive Reliability (HCR) Model with 20 min required for the recovery action within a 50-mmn period. Using the HCR Model, a nonrecovery probability of about 0. 1 was obtained. The failure probability of the SSF with offsite power available was determined to be about 0.06 (from page 1 of Table A. 18-8 of the Catawba IPE). The failure probability for secondary-side heat removal was estimated by summing the failure probability of the turbine-driven AFW pump and its corresponding turbine inlet valve. Failure probabilities for the AFW pump to start (1.2 x 10-2 )

and run (1.5 x 10-3 /h) were obtained from Table A.5-8 of the Catawba IPE. A 24-h mission time was LER No. 413/93-002

A.12-4 assumed in the analysis. The failure probability (4.0 x 10-3) of the ESW pump discharge valve was also obtained from Table A. 5-8 of the Catawba IPE.

A. 12.5 Analysis Results The conditional probability of core damage estimated for this event is 1.5 x 10 The dominant core damage sequence highlighted on the event tree in Fig. A. 12.2, involves a failure of the running ESW pump, failure to recover ESW within 50 mmi, and failure of the SSFE The second core damage sequence involves a failure of the operating ESW pump, failure to recover ESW within 50 min,- successful SSF operation, and failure of the secondary-side heat removal.

LER No. 413/93-002

A. 12-5 End Sequence State Probability 0.9 OK 0.0 14 0.95 OK (see note 1)

CD 6.9 E-05 CD 8:5E-05 Total 1.5E-04 (1) (Failure of ESW motor-driven pump to run) x (run time required) = (1.4E-05 /h,)x (1,015 h) = 1A.E-02 (2) Summation of (a)turbine-driven pump (TDP) failure to start (b)TDP failure to run for a specified time (c) TDP inlet valve fails to open (1.2F-02) + (1.5E-03/h) x (1.0 d) x (24 h/d) + (4.OE-03) = &2E-02 Fig. A. 12.2 Dominant core damage sequence for LER 4 13/93-002 LER No. 413/93-002

Retrieved from "https://kanterella.com/w/index.php?title=ML20135G734&oldid=3375487"