ML20151U118
| ML20151U118 | |
| Person / Time | |
|---|---|
| Site: | Prairie Island  |
| Issue date: | 08/17/1988 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML20151U116 | List: |
| References | |
| NUDOCS 8808180407 | |
| Download: ML20151U118 (11) | |
Text
s p C **00 _
UNITED STATES
+4 0, i NUCLEAR REGULATORY COMMISSION
, [' W ASHINGTON, D. C. 20555 u :
l
- \, e .1 ..*
/
SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION COMPLIANCE WITH ATWS RULE, 10 CFR 50.62 NORTHERN STATES POWER COMPANY PRAIRIE ISLAND NUCLEAR GENERATING PLANT, UNITS NOS. 1 AND 2 00CKETS NJS. 50-282 AND 50-306
1.0 INTRODUCTION
On July 26, 1984, the Code of Federal Regulations (CFR) was arnended to include Section 10 CFR 50.6;. "Requirements for Reduction of Risk from Anticipated Transients Without Se in (ATWS) Events for Light-Water-Cooled Nuclear Power Plants'- (known as % ATWS Rule). The requirements of Section 10 CFR 50.62 apply to all comercial light-water-cooled nuclear power plants.
An ATWS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that is accompanied by a failure of the Reactor Trip System (RTS) to shut down the reactor. The ATWS l Rule requires specific improvements in the design and operation of comercial nuclear power facilities to reduce the probability of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATWS event. .
Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants. Equipn.ent, diverse from the RTS, is required to initiate the auxiliary feedwater (AFW) system and a turbine trip
~
forATsSevents. Inresponsetoparagraph(c)(1),theWestinghouseOwners Group (WOG) developed a set of conceptual ATWS mitigating system actuation circuitry (AMSAC) designs generic to Westinghouse plants. WOG issued kestinghouse Topical Report WCAP-10858, "AMSAC Generic Design Package," which f provided information on the various Westinghouse designs.
8908180407 880817 PDR P
ADOCK 05000155 '
PDC l
2-The staff reviewed WCAP-10856 and issued a safety evaluation of the subject topical report on July 7, 1986 (Ref. 1). In this safety evaluation, the staff concluded that the generic designs presented in WCAP-10858 adequately meet the requirements of 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.
During the course of the staff's review of the proposed AMSAC design, the WOG issued Addendum 1 to WCAP-10858-P-A by letter dated February 26, 1987 (Ref. 2). This Addendum changed the setpoint of the C-20 AMSAC permissive signal from 70% reactor power to 40% power. On August 3, 1987, the WOG issuec Revision 1toWCAP-10858-P-A(Ref.3),whichincorporatedAddendum1 changes and provided details on changes associated with a new variable timer and the C-20 time delay. For those plants selecting either the feedwater flow or the feedwater pump / valve status logic cptions, a variable delay timer is to be incorporated into the AMSAC actuation logics. The time delay on the C-20 pennissive signal for all logict will be lengthened to incorporate the maximum titre that the steam generator takes to boil down to the low-low setpoint upon a loss of MFW with the reactor operating at 40% power. The staff considers the Revision 1 changes to be acceptable.
Inaccordancewithparagraph(c)(6)oftheATWSRule,NorthernStatesPower Company (hPS) initiated the review of the proposed AMSAC design for the Prairic Island huclear Generating Plant by letter dated February 27,1987(Ref.4).
During the course of the review, the licensee submitted several documents (Refs.5 through 10) and conducted a presentation at the NRC offices (Ref.11).
The licensee consolidated all of the AMSAC design details from previous l submittals in Reference 10, which superseded the earlier submittals. The staff held several conference calls with the licensee. During the final conference call ( May 10,1988), the staff concerns regardina the isolation devices used in the AMSAC design were discussed wi a the licensee. The liceasee responded to these concerns by letter dated May 12,1988(Ref.10).
2.0. REVIEW CRITERIA The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normally applied to safety-related equipment.
However, the equipment required by the ATWS Rule should be of sufficient quality 1 and reliability to perform its intended function while minimizing the potential for transients that may challenge the safety systems, e.g., inadvertent scrams.
The following review criteria were used to evaluate the licensee's submittals:
- 1. The ATWS Rule, 10 CFR 50.62.
- 2. "Cor.siderations Regarding Systems and Equipment Criteria,"
published in the Federal _ Register, Volume 49, No 124, dated June 26, 1984.
- 3. Generic Letter 85-06, "Quality Assurance Guidance for ATus Equipment That is Not Safety Related." ,
- 4. Safety Evalu6 tion of WCAP-10858 (Ref. 1).
- 5. WCAP-10858-P-A, Revision 1 (Ref. 3).
3.0 DISCUSSION AND EVALUATION To determine that cunditions indicative of an ATWS eient tre present, the licensee has elected to implement the WCAP-10858-P-A AMSAC design associated with monitoring the main feedwater (MFW) flow ar.d activating the AMSAC when the MFW flow is below the low flow setpoint. Also, the licensee will implement the new time delays (described in the introduction section) associated with the C-20 pennissive timer and the variable timer as required by Revision 1 to the WCAP.
o f
t
_4_
The Prairie Island ATWS design consists of two AMSAC logic trains. Both logic trains are required to actuate to achieve AMSAC actuation. Thus, if either logic train fails, the AMSAC output signal will be blocked automatically.
This design minimizes actuation due to spurious trips. Should such a logic failure occur, an AMSAC trouble alarm will annunciate in the control room to al6rt the operator.
Many details and interfa es associated with the implementation of the final AMSAC design are cf a pla it-specific nature, in its safety evaluation of WCAP-10858, the staff idt ntified elements that Tequire resol'ution for
~
each plant design. The following paracraphs provide a discussion on the licensee's compliance with respect to these plant-specific elements. -
- 1. D_ivarsity The plant design should include adequate diversity between the AMSAC equipment and the existing Reactor Protection Syster. (RPS) equipment.
Reasonable equipment diversity, to the extent practicable, is required to minimize the potential for comon-cause failurt:s.
The AMSAC logic will be microprocessor-based and wil) receive MFW flow input signals from Prairie Island % upgraded main feeowater control system. The licensee has provided information to confirm that the microprocessor-based AMSAC logic circuits will be diverse from the logic circuits of the RPS in the areas of design, equipment, and manufacturing. Where similar types of components are used, such as relays, the AMSt.C will utili2e a rely of a different make anc mar.ufacturer.
- 2. Logic Power Supplies Logic power supplies need not be Class IE, but must be capable of performing the required design functions upon a loss of offsite power..
The logic power must come from a power source that is independent from the RPS power supplies.
The licensee has provided information to verify that the logic power supplies used for AMSAC will be independent from the RPS power supplies and will function during the loss of offsite power. The AMSAC power will be from a nonsafety-related power source with battery backup. The surject nonsafety-related bus will have the capability to be powered from a nonsafeguards diesel generator.
- 3. Safety-Related Interface The implementation of the ATWS Rule shall be such that the existing Reactor Protection System (RPS) continues to meet all applicable safety criteria.
The licensee has stated that the implementation of the AMSAC/RPS interface will be such that the existing RPS will continue to meet all applicable safety criteria as summarized in the Updated Safety Analysis Report (USAR),Section8.7. Refer to ltem 9 for further discussion on this issue.
- 4. Quality A,surance This element requires the licensee to provide information regarding compliancewithGenericLetter(GL)85-06,"QualityAssuranceforATWS Equipment That is Not Safety Related."
The licensee has confirmed that the QA requirements for installation and operation of the AMSAC equipment will follow the guidelines presented in GL 85-06,
- 5. Maintenance Bypassea Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the control room.
The licensee has stated that, during maintenance or surveillance of the AMSAC system or sensor inputs, the AMSAC output signals will be bypassed using a permanently installed bypass switch located at the AMSAC test panel. Continuous indication of the AMSAC bypass will be provided by an AMSAC trouble alann window that will be located in the main control room.
It is the staff's understanding that the licensee will conduct a human-factors review of the subject indication consistent with the plant's control room design process.
- 6. Op.eratino Bypasses The operating bypasses should be indicated continuously in the control room. Diversity and independence of the C-20 permissive signal should be provided.
The licensee has provided infomation stating that the AMSAC will be automatically bypassed below 40% reactor pcwer, as indicated by the turbine first-stage impulse pressure. The bypass condition will be indicated by a control room annunciator. it is the staff's underst nding that the li:ensee will conduct a human-factors review of the bypass annunciators consistent with .the plant's detuiled control room design process. The C-20 permissive signal will be derived from existing protection system instrumentation and will be processed by the AMSAC
! logic circuitry which is to be diverse from the reactor protective system.
The time delay on de-energization (TD0D) timer associated with the C-20 pennissive will be set for a time period that is longer than the actuation l
- variable timer consistent with Revision 1 to WCAP-10858-P-A.
l
- 7. Means for Bspasses The means for bypassing shall be accomplished by the use of a permanently installed, human-factored, bypass switch or similar device. Disallowed I mrthods for bypessing mentioned in the guidance should not be utilized.
l
The licensee stated that bypassing AMSAC during testing and maintenance will be accomplished with a permanently installed keylork bypass switch.
'The disallowed methods for bypassing, such as lifting leads, pulling fuses, blocking relays, or tripping breakers, will not be used. It is the staff's understanding that the licensee will conduct a human-factors review of tha bypass controls and annunciation consistent with the plant's detailed control room design process.
- 8. Manual Initiation Manual initiation capability of the AMSAC mitigation function must be provided.
The licensee discussed how manual turbine trip ano auxiliary feedwater actuation are accomplished by the operator. The licensee stated that existing manual controls for turbine trip and AFW actuation are located in the main control room and will be used by the operator to perform the AMSAC function manually, if necessary. Thus, no additional manual initiation capability is required as a result of irst6111ng the AMSAC equipment.
l 9. Electrical Independence From Existing Reactor Protection System i
Independence is required from the sensor output to the final actuation device, at which point nonsafety-related circuits must be isolated from h
safety-related circuits by qualified Class IE isolators.
The The licensee discussed how electrical independence is to be achieved.
l proposed design requires isolation between AMSAC and the Class 1E circuits f
l associated with the turbine first stage in. pulse chamber pressure and the AFW pumps. The licensee has informed the staff that the required isolation will be achieved using electrical isolation devices that have been qualified
'.- 8.
and tested to Class 1E electrical equipment requirements. In addition, the isolators will be tested as described in Appendix A to the Safety Evaluation (Ref,1). The data and information required by Appendix A is to be compiled by the licensee and should be available for review during a subsequent site audit in accordance with Temporary Instruction 2500/20 (Ref. 12).
- 10. Physical Separation From Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the separation criteria applied to the existing RPS are not violated.
The lisensee stated that the AMSAC circuitry wl.1 be located in separate cabinets and will be physically separated from the RPS. In addition, the AMSAC cable routing will be in accordance with the physical separation criteria originally established for the statioit at the time of initial plant licensing. Thus, the existing separation criteria for the RPS will
' not be compromised as a result of installing the AMSAC equipment.
- 11. Environmental cualification The plant-specific submittal should address the environmental qualificatior of ATWS equipment for anticipated operational occurrences.
The staff was informed that the AMSAC cabinet and equipment will be located in the control room area which is considered a mild environment. The AMSAC equipment will be qualified for environmental conditions associated with anticipated operational occurrences that might occur relative to the i respective equipment locations.
l t
L
. . 4
- 12. Testability at Power Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing of the system may be perfomed with the system in the bypass mode. Testing from the input sensor through to the final actuation device should be performed with the plant shut down.
The licensee has stated that the AMSAC equipment will be f'.in'cionally tested before and after installation. The AMSAC system will be testable at power in the bypass mode in accordance with procedures approved for the Prairie Island plant. Bypassing AMSAC for testing and returning the system to service will be centrolled by administrative procedures. The bypassed condition will be continuously indicated in the control room. The periodic at-power testing frequency will be based on manufacturer and engineering reconcendations. The end-to-end test (including the AMSAC outputs through to the final actuation devices) will be performec during plant refueling outages.
It is the staff's understancing that the licensee will conduct a human-factors review of the controls and inuications used for testing purposes that is consistent with the station's detailed control room design process,
- 13. Conpletion cf Mitigative Action The licensee is required to verify that (1) tha protective action, once initiated, goes to ccepletion and (2) the subsequent return to operation requires deliberate operator action.
The licensee respondeo that once the AMSAC is initiated, the circuits fer starting the AFW pumps and the turbine trip will go to completion in accordance with existing plant circuit design. Deliberate manual action en the part of the operator, in accordance with plant procedures, will be required to reset the turbine trip circuitry and to restore the AFW pumps to standby status.
4 ,h, Lr , __ mm__e + _ __ _-__ _ -
10-i-
4.0 CONCLUSION
Based on the above discussion, the staff concludes that the AMSAC design proposed by Northern States Power Company for the Prairie Island Plant is acceptable and is in compliance with the ATWS Rule, 10 CFR 50.62, paragraph (c) ,
(1). The staff's conclusion is further subject to the successful completion of certain noted human-factors engineering reviews and to the satisfactory completion of isolation devices qualification to which the licensee has committed.
It is the staff's position that the AMSAC should not be declared operational prior to successful qualification of the electrical isolation devices in accordance with Appendix A to the staff's SER (Ref. 1)
- Principal Contributor:
- k. Stevens Date: August 17, 1988 l
l l ,
l l
[.
11
5.0 REFERENCES
- 1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986,
- 2. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners' Group Acdendum 1 to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Package," February 26, 1987.
- 3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Ownerst Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, AMSAC Generic Design Package," August 3, 1987.
February 27, 1987.
- 5. Letter, D. Musolf (NSP) to U.S. NRC, "Response to NRC Request for Further Information on Prairie Island Plant Specific AMSAC Design,"
April 3, 1987. ,
- 6. Letter, D. Musolf (NSP) to U.S. NRC, "Revisions to Schedule for Implementation of AMSAC and to the Plant Specific AMSAC Design,"
August 28, 1987.
- 7. Letter, D. Musolf (NSP) to Director, NRR, "Revision to Plant Specific AMSAC Design," December 1, 1987. >
- 8. Letter, D. Musolf (NSP) to Director, NRR, "Additional in< omation Related to AMSAC Design," March 15, 1988.
Final AMSAC Design," May 12, 1988,
- 11. Meef.ing with the NRC staff, "Implementation of the Median Signal Selector in the Advanced Digital Feedwater Control System," Bethesda, Maryland, September 15, 1987.
- 12. Temporary Instruction 2500/20. "Inspection to Deternane Compliance with ATWS Rule,10 CFR 50.62," February 9,1987.
.