ML20135G738

From kanterella
Jump to navigation Jump to search
Final ASP Analysis - Comanche Peak 1 (LER 445-95-003)
ML20135G738
Person / Time
Site: Comanche Peak Luminant icon.png
Issue date: 05/14/2020
From: Christopher Hunter
NRC/RES/DRA/PRB
To:
Littlejohn J (301) 415-0428
References
LER 1995-003-00
Download: ML20135G738 (12)
v  d  e


Text

ADDendix B LER Nos. 445/95-003,-004 ABpnd1 BE LEs. Nos./45/95-03, -00 Event

Description:

Reactor trip, auxiliary feedwater (AFW) pump, trip, second IAFW pump unavailable Date ofEvent: June11, 1995 Plant: Comanche Peak 1 B.11.1 Event Summary While at 100% power on June 11, 1995, Comanche Peak 1 experienced a control power supply failure resulting in both main feedwater pumps (MFPs) tripping and operators subsequently initiating an anticipatory reactor trip. Flow from one of two motor-driven auxiliary feedwater pumps (MDAFWP) was initially unavailable and the turbine-driven auxiliary. feedwater pump (TDAFWP) started on low-low steam generator level but tripped on overspeed. The conditional core damage probability (CCDP) estimated for this'event is 6.5 x105 B.1 1.2 Event Description While at 100% power on June 11, 1995, Comanche Peak 1 experienced a control power supply failure resulting in both MFPs tripping and operators subsequently initiating an anticipatory reactor trip. Slave relay testing was under way when a nonsafety related inverter transferred from its normal inverter ac power supply to its alternate power supply. The alternate ac power supply was deenergized as required by the test procedure at the time, so associated loads were deenergized. The specific cause of the transfer is not certain but it may have been caused by an electrical transient in a static transfer switch control circuit. Loss of the power supply caused a spurious "MFP oil pressure low" signal when auxiliary relays in pump supervisory instrumentation deenergized and actuated. This change caused the condensate pumps to trip; loss of the condensate pumps caused both MFPs to trip. Operators then initiated a manual reactor trip in anticipation of an automatic one.

The MFP trips caused an auto-actuation of the MDAFWPs. MDAFWP 1-02 (Train B) started and supplied water to steam generators (SGs ) 3 and 4 (Fig. B.11. 1). MDAFWP 1-01 (Train A) was aligned to its test header at the time and was not immediately available to supply water to the SGs. The TDAFWP started on low-low SG level but tripped on overspeed, caused by a failure of the governor valve to control turbine speed.

The governor valve stem was found to be corroded and binding against the valve packing. Operators realigned MDAFWP 1-01 from the test header to its normal configuration, and the pump supplied cooling to SGs 1 and 2 within about 8 min.

B.1 1.3 Additional Event-Related Information The licensee event report (LER) provided additional information concerning the thermal-hydraulic effects of having only one AFW pump available immediately after a plant trip. Plant safety analyses assume for a "Loss of Normal Feedwater Flow" transient that the TDAFWP or both MDAFWPs provide a flow rate of at B.11-1 NUREG/CR-4674, Vol. 23

LER os. 445/95-003,-004 Annendix B Armendix B LER Nos. 445/95-003. -004 least 3,260 U/rn (860 gpm) to the SGs. During this transient, only one MDAFWP was initially available, providing a reduced flow rate to the SGs. However, the LER indicated that the reduced flow rate was adequate to remove plant decay heat from the SGs because of the early manual trip of the reactor and because initial water levels in the SGs were greater than the assumption used in the FSAR analysis. Because sufficient heat removal capability was available, the thermal expansion of the reactor coolant system inventory did not fill the pressurizer completely.

B.11.4 Modeling Assumptions This event was modeled as a reactor trip with the TDAFWP failed and flow from MDAFWVP 1-01 initially unavailable. Basic event AFW-TDP-FC-LC was set to "TRUE" (failed). (Table 1 provides a description of the basic event names.) It was assumed that if the remaining AFW pump had failed, operators would have attempted to recover the system by realigning MDAFWP 1-01 (as they did). Recovery of MDAFWP 1-01 was incorporated into the models using the methodology described in Reference 4. This methodology suggests a nonrecovery probability of 0. 1 when "[flailure appeared recoverable in the required period from the control room, but recovery was not routine or involved substantial stress." A similar nonrecovery value was estimated by assuming that nonrecovery as a function of time was lognormally distributed with a median response time of 8 min and a recovery window of 30 min. Assuming a burdened-recovery error factor of 6.4, the probability of nonrecovery within 30 min is approximately 0. 1, which is the same value as obtained using Ref. 4. Consequently, the nonrecovery probability for MDAFWP 1-01 was incorporated by setting the probability for event AFW-MDP-FC- lA equal to 0.1. In addition, because AFW is required without delay during anticipated transient without scram (ATWS) sequences, a new event, AFW-MDP-FC-AA, with a nonrecovery probability of 1.0 was substituted for AFW-MDP-FC- 1A in the ATWS model. Because it was assumed that the entire 30 min would be dedicated to recovery of AFW-MDP-FC- lA, the system nonrecovery, AFW-XHE-NOREC, was set to 1.0.

Because main feedwater (MFW) apparently could not have been recovered without correcting the inverter problem, restarting the condensate system, and restoring a feedwater pump to service, the feedwater system was. assumed not to be recoverable, (MFW-XHE-NOREC = "TRUE").

The failures in this event increase the potential significance of failure to trip/ATWS sequence s. To model potential reactor trip failures more accurately, the reactor trip model was modified (as shown in Fig., B. 11.2) to account for recoverable versus nonrecoverable reactor protection system (R.PS) failures.

The event trees for Comanche Peak assume that conditions requiring a reactor trip will first result in an automatic reactor trip demand and, if the automatic trip fails, a manual reactor trip demand. During this event, once operators recognized that a loss of main feedwater flow had occurred, they initiated a manual reactor trip. Because of the operators' quick response, consideration was given to the potential impacts of the early reactor trip on ATWS sequences. The Comanche Peak Final Safety Analysis Report (FSAR) indicates that 1 to 11/2 min may elapse between a loss of feedwater and an automatic reactor trip. The additional 1 min of response time available to operators during postulated ATWS sequences in this event was not believed to materially affect the event sequences or probabilities, and no related model changes were indicated.

NUREGICR-4674, Vol. 23 B.1 1-2 B1-

Appendix B LER Nos. 445/95-003,004 B.11.5 Analysis Results The CCDP estimated for this event is 6.5 x 10'. The dominant core damage sequence (sequence 20 on Fig. B. 11. 3) involves

" a successful reactor trip,

" failure of AFW

" failure of MFW, and

" failure of feed-and-bleed cooling.

The second highest core damage sequence (sequence 21-8 on Figs. B.11.3 and B.11.4) involves

  • failure to successfully trip,
  • successful control of reactor pressure, and
  • failure of AFW.

Definitions and probabilities for selected basic events are shown in Table B. 11. 1. The conditional probabilities associated with the highest probability sequences are shown in Table B. 11.2. Table B. 11.3 lists the sequence logic associated with the sequences listed in Table B. 11.2. Table B.11.4 describes the system names associated with the dominant sequences. Minimal cut sets associated with the dominant sequences are shown in Table B. 11.5.

B.11.6 References

1. LER 445/95-003, Rev. 1, "Loss of Both Condensate and Both Feedwater Pumps Due to Failure of Non-Safety Related Inverter Resulted in a Manual Reactor Trip," August 14, 1995.
2. LER 445/95-004, Rev. 1,"Allowed Outage Time Was Exceeded on Turbine-Driven Auxiliary Feedwater Pump Which Tripped on Overspend," September 8, 1995.
3. Texas Utilities Generating Company, Comanche Peak Steam Electric Station Final Safety Analysis Report.
4. M. B. Sattison et al., "Methods Improvements Incorporated into the SAPHIRE ASP Models," in Proceedings of the US. Nuclear Regulatory Commission, Twenty-Second Water Reactor Safety InformationMeeting, NUREG/CP-0 140, Vol. 1,April 1995.

NUREG/CR-4674, Vol. 23 B.1 1-3 B.11-3 NUREG/CR-4674, Vol. 23

LER Nos. 445/95-003, -004 AppendixB Figure removed during SUNSI review.

Fig. B.11.1. Auxiliary feedwater system for Comanche Peak (Source: Texas Utilities Electric Co., Comanche Peak Steam Electric Station Final Safety Analysis Report).

NUREG/CR-4674, Vol. 23 B.11-4

Appendix B LER Nos. 445/95-003, -004 Appendix B LER Nos. 445/95-003, -004 RPS-REC RPS-XHE-XM-SCRAM Fig. B. 11.2. Fault tree modeling recoverable and nonrecoverable failures for the failure to trip.

B. 11-5 NUREG/CR-4674, Vol. 23

LER Nos. 445/95-003,-004 Aimendix B Appendix B LER Nos. 445/95-003, -004 Fig. B. 11.3. Dominant core damage sequences for LERs 445/95-003, -004.

NUTREG/CR-4674, Vol. 23 B. 11-6

AnDendix B LER Nos. 445/95-003.

LER Nos. 445/95-003,004

-004 ADDendix B Fig. B. 11.4. Anticipated transient without scram (ATWS) event tree for Comanche Peak.

B.1 1-7 NUREG/CR-4674, Vol. 23

LER Nos. 445/95-003.-004 Appendix B Table B.1 1.1. Definitions and probabilities for selected basic events for LERs 445/95-003, -004 Modified Event Base Current for this name 'Description probability probability Type event JE-LOOP Loss-of-Offsite Power Initi .ating 8.5E-006 O.OE+OOO IGNORE No Event IE-SGTR Steam Generator Tube Rupture 1.6E-006 O.OE+OOO IGNORE No

____________________Initiating Event _______ ____

JE-SLOCA Small Loss-of-Coolant Accident 1 OE-006 O.OE+OOO IGNORE No Initiating Event _____ ______

JE-TRANS Transient Initiating Event 5.3E-004 L.OE+OOO Yes AFW-MDP -CF-AB Common-Cause Failure (CCF) 2.1IE-004 2.I1E-004 No of Motor-Driven Pumps ____

AFW-MDP-FC-AA AFW Motor-Driven Pump A 4.OE-003 L.OE+OOO TRUE Yes Fails During ATWS ____

AFW-MDP-FC-IA AFW Motor-Driven Pump A 4.013-003 1.OE-00 I Yes Fails AFW-MDP-FC-IB AFW Motor-Dniven Pump B 4.OE-003 4.OE-003 No Fails AFW-PMP-CF-ALL AFW Serial Component 2.8E-004 2.8E-004 No Common to all Trains Fails (i.e., Common-Cause Failure)

AFW-TDP-FC-lC AFW Turbine-Driven Pump 3.2E-002 1.OE+OOO TRUE Yes Fails AFW-XHE-NOREC Operator Fails to Recover AFW 2.6E-00 1 1 OE+OOO TRUE Yes

___________________ System _____

AFW-XHE-NREC-ATW Operator Fails to Recover AFW 1 OE+OOO 1 OE+OOO No

__________________System During an ATWS_____

AFW-XHE-XA-SSW Operator Fails to Align Suction 1 OE-003 LOE-003 No to Service Water System (SSW)_____

HPI-XHE-XCM-FB Operator Fails to Initiate 1.OE3-002 1 OE-002 No Feed-and-Bleed Cooling ____

MFW-SYS-TRIP MFW System Trips 1 OE+OOO 1 OE-4-OO No MFW-XHE-NOREC Operator Fails to Recover MFW 2.6E-00I L.0E4000 TRUE Yes NULREGICR-4674, Vol. 23 B.1 1-8 B1-

Avvendix B LER Nos. 445/95-003.-004 Table BILL.1 Definitions and probabilities for selected basic events for LERs 445/95-003, -004 Modified Event Base Current for this name Description probability probability Type event PPR-SRV-CC-1 Power-Operated Relied Valve 6.3E-003 6.3E-003 No (PORV) 1 Fails to Open on Demand PPR-SRV-CC-2 PORV 2 Fails to Open on 6.3E-003 6.3E-003 No Demand RPS-NONREC Nonrecoverable RPS Trip 2.OE-005 2.OE-005 NEW, Yes Failures RPS-REC Recoverable RPS Failures 4.OE-005 4.OE-005 NEW Yes RPS-XHE-XM-SCRAM Operator Fails to Manually Trip 1 OE-002 1 OE.002 NEW Yes the Reactor NUREGICR-4674, Vol.23 B.11-9 B.1 1-9 NLTREG/CR4674, Vol. 23

Appendix LER Nos. 445/95-003. -004 LER Nos. 445/95-003. -004 Appendix B B

Table B.1 1.2. Sequence conditional probabilities for LER 445/95-003, -004 Conditional core Event tree damage probability Percent name Sequence name (CCDP) contribution TRANS 20 4.313-005 66.8 TRANS 21-8 2.OE-005 31.2 Total (all sequences) 6.513-005 Table B.11.3. Sequence logic for dominant sequences for LER 445/95-003, -004 Event tree name Sequence name Logic TRANS 20 IRT, AFW, MFW, F&B TRANS 21-8 RT, /RCSPRBSS, AFW-ATWS Table B.11.4. System names for LER 445/95-003, -004 System name Logic AFW No or Insufficient AFW Flow AFW-ATWS No or Insufficient AFW Flow-ATWS F&B Failure to Provide Feed-and-Bleed Cooling MFW Failure of the MFW System RCSPRESS Failure to Limit RCS Pressure to <3200 psi RT Reactor Fails to Trip During Transient B.1 1-10 NLTREG/CR4674, Vol. 23 NUREGICR-4674, Vol. 23 B.11-10

Appendix B LER os. 445/95-003 -004 Table B.1 1.5. Conditional cut sets for higher probability sequences for LER 445/95-003, -004 Cut set Percent Conditional number contribution probability' Cut setSb TRANS Sequence 20 4.313-005 ...... . ..... .

1 22.9 1.OE-005 AFW-XGi-E-XA-SSW, AFW-XHE-NOREC, MFW-SYS-TRIP, MFW-XHE-NOREC, HPI-XHE-XM-FB 2 14.4 6.3E-006 AFW-XHiE-XA-SSW. AFW-XHE-NOREC, MFW-SYS-TRIP, MFW-XHE-NOREC, PPR-SRV-CC-1 3 14.4 6.3E-006 AFW-XHE-XA-SSW, AFW.XHE-NOREC, MFW-SYS-TRIP, MFW-XHiE-NOREC, PPR-SRV-CC..2 4 9.2 4.OE-006 AFW-MDP-FC-1A, AFW-MDP-FC-1B, AFW-TDP-FC-1C, AFW-XHE-NOREC, MFW-SYS-TRIP, MFW-XHiE-NOREC, HPI-XHE-XM-FB 5 6.4 2.8E-006 AFW-PMP-CF-ALL, AFW-XHiE-NOREC, MEW-SYS-TRIP, MFW-XHiE.NOREC, HPI-XHiE-XM-FB 6 5.8 2.5E-006 AFW-MDP-FC-1A, AFW-MDP-FC-IB. AFW-TDP-FC-1C, AFW-XHiE-NOREC, MFW-SYS-TRIP, MFW-XHiE-NOREC, PPR-SRV-CC-1 7 5.8 2.513-006 AFW-MDP-FC-1A, AFW-TDP-FC-IC, AFW-MDP-FC-1B, AFW-XHiE-NOREC, MFW-SYS-TRIP. MFW-XHiE-NORE-C.

PPR-SRV-CC-2 8 4.8 2. IE-006 AFW-PMP-CF-AB, AFW-MDP-FC-1IC, AFW-XHE-NOREC, MFW-SYS-TRJP, MFW-XHE-NOREC, HPI-XHE-XM-FB 9 4.0 1.7E-006 AF'W-PMP-CF-ALL, AFW-XHE-NOREC, MFW-SYS-TRIP.

MFW-XHiE-NOREC, PPR-SRV-CC-1 10 4.0 1.7E-006 AFW-PMP-CF-ALL, AFW-XHE-NOREC, MFW-SYS-TRIP, MFW-XHE-NOREC, PPR-SRV-CC-2 11 1.0 1.313-006 AFW-MDP-CF-AB, AFW-TDP-FC-IC. AFW-XHE-NOREC, MFW-SYS-tRIP, MFW-XHiE-NOREC, PPR-SRV-CC-1 12 3.0 1.3E-006 AFW-MDP-CF-AB, AFW-TDP-FC- IC, AFW-XHE-NOREC, MFW-SYS-TRIP, MFW-XHE-NOREC, PPR-SRV-CC-2 T..A.S Sequence.......

2.- 0 ......

TotAlS(alSequences)1- 6.5E-005 ......

B.11-11 .............. Vol..2 B.11-11 NUREG/CR-4674, Vol. 23

LER Nos. 445/95-003. -004 Appendix B Appendix B LER Nos. 445/95-003. -004 aThe conditional probability for each cut set is determined by multiplying the probability of the initiating event by the probabilities of the basic events in that minimal cut set. The probabilies for the initiating events and the basic events are given in Table B. 11. 1.

bBasic events AFW-MDP-FC-AA, AFW-TDP-FO-1IC. AFW-XHE-NOREC, and MFW-XHE-NOREC are all type TRUE events which are not normally included in the output of fault tree reduction programs. These events have been added to aid in understanding the sequences to potential core damage associated with the event.

23 B.II-12 NUREG/CR-46 74, Vol. 23 NURE-G/CR-4674,,,Vol.- B.11-1.2

Retrieved from "https://kanterella.com/w/index.php?title=ML20135G738&oldid=3375483"