ML20154B985
| ML20154B985 | |
| Person / Time | |
|---|---|
| Site: | Davis Besse  |
| Issue date: | 08/19/1988 |
| From: | Crutchfield D Office of Nuclear Reactor Regulation |
| To: | Stalter L BABCOCK & WILCOX OPERATING PLANTS OWNERS GROUP, TOLEDO EDISON CO. |
| References | |
| NUDOCS 8809140206 | |
| Download: ML20154B985 (2) | |
Text
August 19, 1988 Mr. L. C. Stalter
.D STR BUTMONt Chairman BWOG/ATWC Comittee igMme% M es;, NRC & Local PDRs Davis-Besse Nuclear Power Station PDIII-3 r/f GHolahan 5501 Norths.R.2(MailStop3205)
XPerkins PKreutzer Oak Harbor, Ohio 43449 MDLynch OGC-WF1 EJordan BGrimes
Dear Mr. Stalter:
ACRS(10)
PDIII-3 Gray Files TMurley/JSniezek AThadant SNewberry VThomas DCrutchfield SNewberry
SUBJECT:
NRC EVALUATION OF BWOG GENERIC REPORT "DESIGN REQUIREMENTS 3
FOR DSS AND AMSAC" The purpose of this letter is to provide the staff's evaluation of BAW Document 47-1159091-00, "Design Requirements for Diverse Scram System (DSS) and ATWS Mitigation System Actuation Circuitry (ANSAC)," prepared by Babcock and Wilcox for the Babcock and Wilcox Owners Group (BWOG) ATWS Comittee. This BWOG generic report was submitted by letter dated October 9, '985 (from J. Ted Enos, Chainnan, BWOG ATWS Comittee, to Hugh L. Thompson, NRC) pursuant to requirements specified in Section 50.62 of 10 CFR Part 50, "Requirements for Reduction of Risk from ATWS Events for Light-Water-Cooled Nuclear Power Plants."
The BWOG generic report provides the generic design basis for ATWS modifications of B&W type nuclear power plants required by 10 CFR 50.62.
Subsequent to the generic report submittal, the staff met with members of the BWOG ATWS Standing Comittee on October 28, 1987 to discuss potential open items which were raised during the staff review of the generic report.
Following this meeting, the BWOG submitted another set of responses to the remaining open items by letter dated December 1,1987 from J. Ted Enos (BWOG) to Frank J. Miraglia (NRC).
Based on our review of the information provided in the BWOG generic report and the supplemental letter of December 1, 1987, the staff concludes that most sections of the generic report are acceptable for providing generic guidelines for plant-specific design submittals. However, some areas of the generic design are still of concern to the staff. Therefore, the staff has presented several design requirements in the attached safety evaluation (SE) which should be followed by the individual utilities when considering their plant-specific DSS and AMSAC designs. The following items are the areas of concern that plant-specific submittals must address, o The BWOG generic report is not acceptable where addressing the use of power supplies for DSS and AMSAC.
In this regard, the staff suggests that special attention be given to the acceptable methods as presented in Section 5.6 of the SE.
o The use of qualified isolation devices should also be addressed in detail in the plant-specific submittals. Whether diverse or exi, ting
)yp 8809140206 G80819 PDR ADOCK 05000346
\\
P PDC
i L. C. Stalter isolators are used, the staff suggests that the utilities use Section 5.1 and 5.2 of the SE for guidance when addressing this issue in their submittals, o The plant-specific submittals must provide detailed information which describes how a total loss of feedwater flow will be detected and why the measurements chosen are indicative of a total loss of feedwater flow. Section 6.5 of the SE provides additional guidance that the plant-specific submittals should consider when addressing the input parameters which have been chosen to initiate DSS and/or AMSAC.
o Other areas of concern to the staff include:
(1) bypasses and displays, and (2) surveillance and testing, Specific guidance for plant-specific submittals is presented in Sections 5.9 through 5.12 and 5.14 for "Bypasses and Displays" and Section 6.4 for "Surveillance and Testing."
Design details such as the physical and operational characteristics of those l
DSS and AMSAC components which are not addressed in either the BWOG generic report or the plant-specific submittals and which may influence the staff's conclusions concerning compliance with the ATWS requirements in 10 CFR 50.62, will te reviewed on a plant-specific basis.
In the Table of References, we have eliminated Reference 6 since we did not rely upon it as a basis for our conclusions.
Reference 4 will be placed in the Public Document Room shortly.
In summary, the staff has requested in separate letters to the licensees of B&W-designed nuclear power plants who are part of the BWOG and are comitted to i
the requirements.tpecified in 10 CFR 50.62, that they provide plant-specific t
submittals which address these design requirements and submit their schedules for installation of equipment no later than 90 working days from the date of receipt of this Safety Evaluation. We also stated our position that delay in proceeding with implementation efforts pending any further discussion of these requirements or review by NRC will not be considered adequate justification for delaying ATWS implementation beyond the next refueling outage except as provided for in 10 CFR 50.62(d).
l l
Should you have any questions concerning the matters discussed above or the content of the enclosed SE, please contact Vincent Thomas of our staff on (301)492-0786.
Sincerely, Dennis M. Crutchfield, Director Division of Reactor Projects - !!!, IV, V and Special Projects j
Office of Nuclear Reactor Regulation
Enclosure:
As stated i
i Office:
LA/PDij!-3 SPE/PDI!JQ@
KSB PD/PDhyf3 AD/DR5LD Surname: PKredter DLynch/th SN erry
[KPerk<
rt:sb GHold}/88 f//f/88 avDCrute field Date:
y '/ j7 /88
/$ /88
% q /88
/d/88 g/q
ENCLOSURE SAFETY EVALUATION OF TOPICAL REPORT (B&W DOCUMENT 47-1159091-00)
"DESIGN REQUIREMENTS FOR DSS (DIVERSE SCRAM SYSTEM) AND AMSAC (ATWS MITIGATION SYSTEM ACTUATION CIRCUITRY)"
.se INEL Project Engineer:
B. L. Collins NRC Lead Engineer:
V. D. Thomas Published February 1988 i
Idaho National Engineering Laboratory EG1G Idaho, Inc.
Rockville Office I
\\
i Prepared for the l
I U.S. Nuclear Regulatory Comission Washington, D.C.
20555 j
Under DOE Contract No. DE-AC07 761001570 FIN No. 06017 i
Project 2 2o
i SAFETY EVALUATION OF _ TOPICAL REPORT (B&W DOCUMENT 47-1159091-00)
"DESIGN REOUIREMENTS FOR DSS (DIVERSE SCRAM SYSTEM) AND AMSAC (ATWS MITIGATION SYSTEM ACTUATION CIRCUITRY)"
1.
INTRODUCTION i
In response to 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water Cooled Nuclear Power Plants," dabcock & Wilcox (B&W), on behalf of the B&W Owners Group (BWOG) ATWS Committee, submitted B&W Document 47-1159091 00, "Design Requirements for DSS (Diverse Scram System) and AMSAC (A1WS Mitigation System Actuation Circuitry)," for review. This document discusses the BWOG's generic Diverse Scram System (DSS) and ATWS Mitigation System Actuation Circuitry (AMSAC) proposals for compliance with 10 CFR 50.62.
The staff has reviewed the analyses and generic designs for the DSS and the AMSAC for generic compliance to 10 CFR 50.62.
For the most part, the B&W document presents an acceptable generic proposal to support the plant-specific submittals. However, several items exist which must Le addressed in the submittals for individual plants. An additional set of guidelines has been identified by the staff. These guidelines are presented in this safety evaluation report (SER) for use by the individual plants to ensure their plant-specific designs are in full compliance with the intent of the ATWS Rule.
2.
BACKGROUND On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, "Requirements for Reduction of Risk from AnticipatedTransientsWithoutScram(ATWS)EventsforLightWatercooled Nuclear Power Plants" (known as the "ATWS Rule").
The ATWS Rule requires 1
~~
I j
specific improvements in the design and operation of commercial nuclear
{
power facilities to reduce the likelihood of failure to shot down the I
reactor following anticipated transients and to mitigate tie censequences of an ATWS event, in the unlikely event that it occurs.
l
{
3.
CRITERIA i
r The basic requirements for Babcock and Wilc9x plants are specified in i
Parar c.phs (c)(1), (c)(2), and (d) of 10 CFR 50.62.
Paragraph (c)(1)
)
definws the require nents for the AMSAC systems; paragraph (c)(2) defines j
~
l the requirements fe;r the DSS, and paragraph (d) defines irplementation.
j I
I Paragraph (c)(1) slates: "Each pressurizoJ water reactor rust have l
I equipment from sent.or output to final actuation device, tl.at is diverse
]
from the reactor trip system, to automatically initiate the auxiliary (or l
emergency) feedwat er system and initiate a turbine trip utder conditions l
indicative of an MWS. This equipment must be designed to perform its function in a reliable nunner and be independent (from susor output to the final actuation device) from the existing reactor trip system."
l l
Paragraph (c)(2) states: "Each pressurized water r m cor manufactured by i
t Combustion Engineering or by Babcock end Wilcox must h vi. a diverse scram t
j system from the tensor output to interruption of power ta the control j
rods. This scran system must be deLigned to perform its function in a j
reliable manner and be independent from the existing reactor trip system j
(from sensor output to interruption of power to the cont rol rods)."
i l
The criteria used in evaluating the BWOG document includ (1) 10 CFR 50.62,
)
(2) guidance and information published in the Federal Rolister as the l
preamble to 10 CFR 50.62, and (3) Generic Letter 85 06, ' Quality Assurance J
Guidance for ATWS Equipment that is not Safety Related.' The evaluation I
was done on a generic basis, and the relevant criteria are presented below.
1 i
i j
The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normally applied to safety-related equipment. However, this equipment is part of th3 broader class of structures, systems, and components defined in th+ introduction to 10 CFR 50, Appendix A (General Dt: sign Criteria (fDC)).
GDC-1 requires that structures, systems, and components important to ;afety shall be designed, fabricated, erected, and tested to quality standttds comensurate with the importance of the safety functions to be perfore d.
Generic Letter 85 06 details the quality assurance criteria that mJsf. be applied to this equipment.
In general, the equipment to be installed in accordance with the ATWS Rule is required to be diverse from the existing Ren: tor Protection System (RPS) and must be testable at power. This equipment is intended to provide the needed diversity to reduce the potential for.ccmmon mode failures that could result in an ATWS leading to unacceptable plant conditions.
The DSS and AMSAC systems for the ATWS mitigation designs are not required to be safety related (i.e., to meet IEEE 279). However, thr. implementation should incorperate good engineering practice tnd must be such that the existing prottetion system continues to meet all applicable safety related criteria.
Eculpment diversity to the extent reasonable and practicable to minimize the potential for comon cause (mode) failures is required from the sensor to, but not including, tha final actuation device for the AMSAC systens; fron the sensor to and including the final actuation device for the DJS.
1 The rule requires that all 05S and AMSAC instrument channel components (excluding sensors and isolation devices) be diverse from the existing RPS.
It is desirable, but not required, to use sensors and isolation devices that are not part of the RPS. However, if existing RPS sensors and 1solators are used, analyses must be provided that indicate that the l
l 1solators have been qualified using an approved method similar to, and J
preferably identical to, "..he one presented in Appendix A of thi: report.
3 G
-_._m
\\
The capability for test and surveillance at power is required; however, surveillance frequencies have not yet been established. During surveillance at power, the mitigating system m6y be bypassed; however, the bypass condition must be automatically and continuously indicated in the main control roce. The DSS and AMSAC designs may also permit bypass of the mitigating function to allow for maintenance, repair, test, or calibration to prevent inadvertent actuation of the protective action at the system level.
The use of a maintenance bypass for the system should not involve lifting leads, pulling fuses, tripping breakers, or physically blocking relays.
A i
permanently installed bypass switch or similar device should be used for removing tha system from service.
The design should be such that, once initiated, the protective action at the system level shall gu to completion.
Return to operation should require subsequent deliberate operator action.
i The ATWS system should be designed to provide the operator with accurate, complete, and timely information pertinent to its own status.
Displays and controls for manual bypass and initiation of the ATWS mitigating systams should be integrated intu the main control room through system functional analyses and should conform to good human factors engineering practices in desigr. and layout.
It is important thtt the dispisys and controls added to the control room as a result of the ATWS Rule do not increase the potential for operator error.
The power supplies are not required to be safety related, but they must be capable of performing safety functions with a loss of offsite power.
Logic power for both the DSS and AMSAC and actuation power for the DSS must be from a power supply indeoendent (no comon mode failure for any design basis events) from the power supplies for the existing RPS.
Existing RPS 4
'i sensor and instrument channel power supplies may be used, and these supplies may be used only if a common mode failure cannot degrade both the RPS and the ATWS mitigating systems' functions.
4.
DESIGN BASES The B&W Owners Group reviewed previous analyses which had been performed for the ATWS transients a.J presented the results of that review in the document "Design Requirements for DSS and AMSAC." The results of the review were evaluated and approved by the staff and were determined to be acceptable for defining the dominant transients which pose the most risk to the plants.
It was determined that the most severe ATWS transients were those in which there was a complete loss of normal feedwater.
Two scenarios were identified which could lead to these transient events:
(1) loss of main feedwater and (2) loss of offsite power.
The limiting condition and primary safety concern associated with these two transients is the potential for high pressure within the Reactor Coolant System (RCS).
In the unlikely event that a common mode failure in the RPS and the Engineered Safety Features Actuation System (ESFAS) were to incapacitate the Auxiliary Feedwater System (AFW) flow initiation and/or turbine trip, in addition to prohibiting a reactor scram, then an alternate method of providing a scram, AFW flow, and turbine trip would be required to minimize the RCS pressure excursions.
' The final rule, approved by the Comission on November 11, 1983, requires that B&W plants install Diverse Scram Systems (DSS) to interrupt power to the control rods and ATWS Mitigation System Actuation Circuitry (AMSAC) to initiate a turbine t-ip and actuate AFW flow independent of the RPS (from thesensoroutput).
Because a loss of offsite power results in a loss of main feedwater and 4
i because the primary safety concern is reactor high pressure, feedwater flow 4
and reactor pressure measurements are acceptable inputs to the ATWS mitigating systems.
5
Loss of feedwater flow or high reactor primary pressure are the acceptable methods of initiating the DSS circuitry. Upon initiation, the DSS will use "energize-to-trip" logic to cause a reactor scram by interrupting power to the silicon control rectifier (SCR) gate drivers for at least rod groups 5, 6, and 7 by a means other than the existing SCR gate driver relhys controlled by the RPS.
Since a high reactor pressure signal would gecur too late for the NiSAC to be effective, the detection of a total loss of feedwater flow is the only acceptable measurement for initiating the MSAC.
Upon detection of a loss of feedwater flow, the MSAC will actuate the AFW system and initiate a turbine trip using existing actuation devices in these systems.
During the selection of the feedwater flow and reactor pressure measurements as DSS and MSAC inputs, the individual plant-specific submittals should justify the selection of the proposed ATWS mitigation systems inputs. The licensee should determine whether feedwater flow or reactor pressure or both will be used for the DSS initiation and how the total loss of feedwater flow will be determined for the DSS and MSAC.
The licensee should also specify the setpoints, both magnitudes and timing, at which the systems will be initiated.
The licensee must describe how a total loss of feedwater flow will be detected and why the measurements chosen are indicative of a total loss of feedwater flow.
The ATWS Rule, Federal Register guidance, requires the DSS logic and actuation device power and the MSAC logic power to be functional following a loss of offsite power and independent from the RPS power supplies.
Existing RPS power supplies can be used only for sensor channels and only if the possibility of comon mode failure is prevented. The BWOG document is not in complete compliance with this requirement.
Therefore, the plant-specific submittals should address the independence and diversity of the power supplies and describe how the power supplies and logic channels will function following a loss of offsite power.
i 6
l
1 ch: BWOG document indicates that test'ng at power is anticipated for the DSS and AMSAC systems. Test intervals comensurate with the desired reliability must be addressed on a plant-specific basis and should, therefore, be incluoed in the individual submittals.
The DSS and AMSAC systems should be designed to initiate mitigatirg actions in a reliable, timely manner without causing an increase in inadvertent scrams and actuations. The BWOG and staff has performed transient analyses which indicate that rod drop must occur within 30 seconds after the event initiation and that AMSAC must actuate within 8 seconds after the total loss of T'eedwater flow.
5.
DESIGN REQUIREMENTS This section presents the desiga requirements for meeting the design and implementation criteria for the DSS and AMSAC.
It is intended that the plant specific submittals address each of these generic design requiremer.ts. Most of these generic design requirements have been addressed at least in part by the BWOG "Design Requirements for DSS and AMSAC" document. Where the B&W document satisfies these generic requirements, the plant-specific submittals need only indicate agreement with the B&W document.
For those generic requirements which are not addressed or are not.tatisfied by the B&W document, the individual plant proposals should present the specifics required to allow the staff to review and approve their proposals for implementation of the ATWS systems.
The staff has found the BWOG generic design unacceptable or incomplete when addressing the design requirements for the equipment power supplies, the ute of isolation devices, the meti1od: of bypass and display, the detection of loss of feedwater flow, and the spacifications for surveillance and testing. The design requirements presented in this section address these i
issues and give the licensees guidance for preparing their plant-specific proposals in order to satisfy the intent of the ATWS Rule.
7
5.1 Diversity from Existina RPS For the DSS, equipment diversity to the extent reasonable and practicable to minimize the potential for comon cause (mode) failures is required from the sensors to, and including the components used to interrupt control rod power. The diversity of the DSS equipment from existing RPS equipment shall include all signal conditioners, bistables, logic channals, logic power supplies, and SCR de gating relays.
For the AMSAC, equipment diversity to the extent reasonable and practicable to minimize the potential for common cause (mode) failures is required from the sensors to, but not including the final actuation device, i.e.,
existing circuit breakers may be used for the auxiliary feedwater initiation, but signal conditioners, bistables, logic channels, and logic power supplies, must be diverse from the existing RPS equipment.
The sensors for the DSS and AMSAC need not be of a diverse design or manufacturer; however, it is preferred that existing sensors in the RPS not be used.
Existing protection system instrument sensing lines, sensors, and sensor power supplies may be used. Sensor and instrument sensing lines should be selected such that adverse interactions with existing control systems are avoided. All DSS and AMSAC instrument channel components (excluding sensors and isolation devices, but including all signal conditioning devices) must be diverse.
The B&W generic design meets the design criteria for this area, and is in compliance with this requirement, j
5.2 Electrical Indeoendence from Existina RPS i
i Electrical independence is required from the sensor output up to the final i
actuation device for AMSAC and from the sensor output up to and including the final actuation device for the 055.
Nonsafety related circuits must be isolated from safety related circuits by qualified Class lE isolators.
The use of existing isolators is acceptable; however, each plc.. specific 8
l l
l
submittal should provide information indicating compliance with analyses and tests which demonstrate that the existing isolators will function under the maximum worst case fault conditions. A method acceptable to the staff for qualifying either the existing or diverse isolators is presented in Appendix A.
The B&W generic design is acceptable in this area.
5.3 Physical Seoaration from Existino RPS Physical separation for the DS,5 and AMSAC from the existing RPS is not required.
However, the implementation must be such that separation criteria applied to the existing protection system are not violated.
The plant specific design should be such that RPS and ATWS mitigation channels will be separated and that separation between RPS channels will not be compromised by the ATWS installations.
The B&W generic design meets the design criteria in this area.
5.4 Environmental Oualifications The plant-specific submittal should address the environmental qualification of the DSS and AMSAC equipment for anticipated operational occurrences only; not for accidents.
5.5 Qualtty Assurance for Test. Maintenance, and Surveillance The plant specific submittal should provide information regarding compliance of the DSS and AMSAC equipment with Generic Letter 85 06, "Quality Assurance Guidance for ATWS Equipment that is not Safety Related."
l 5.6 Safety Related (IE) Power Sucolies i
The use of safety related (IE) power supplies is not required for the DSS and AMSAC systems. However, the power supplies must be capable of
)
performing their safety functions following a loss of offsite power.
Logic j
and actuation device power for the DSS and logic power for the AMSAC i
j designs must be from an instrument power supply independent (no comon mode j
9 l
4 1
failures for any design basis event) from the power supplies for the existing RPS. Therefore, the logic and actuation device power for the DSS and the logic power for the MSAC should be supplied from a source, such as a station battery, other than those used in the existing RPS. The batteries and/or inverters used for the DSS and MSAC system components need not be diverse from, but must be electrically independent of, the existing RPS.
Existing sensor channel power supplies may be used only if the possibility of comon mode failure is prevented (e.g., loss of power, overvoltage, undervoltage, overfrequency, etc. cannot degrade both the RPS and the DSS /AMSAC system functions).
Since the power supplies being used for the DSS and AMSAC logics are part of the RPS, the BWOG generic design for this requirement is not acceptable to the staff.
It is the staff's position that the following concerns exist because of this sharing of power supplies:
- 1) There is a potential of degrading the Class 1E RPS buses via faults / failures that may occur in the non-Class 1E ATWS mitigation system.
- 2) Minor voltage and frequency fluctuations could cause degradation of both the RPS and the DSS /AMSAC simultaneously. 3) It is clearly stated in the "Part 50 - Statements of Consideration" to the ATWS Rule that the power supplies for the DSS and AMSAC logics and the DSS actuation circuitry should be independent (and separate) from the existing RPS power supplies. Therefore, the plant specific submittals should address the use of power supplies and ensure that the systems are functional following a loss of offsite power.
5.7 Testability at Power The plant specific submittals should address testing of the DSS and the MSAC equipment prior to installation and periodically throughout the life of the plant.
The DSS and MSAC may be bypassed to prevent inadvertent actuation during testing at powar if the testing procedures are consistent with those previously approved by the staff for the individual plants and all applicable ATWS system byoass guidelines are observed.
The bypass condition must be automatically and continuously indicated in the main control room.
10
- e 5.8 Inadvertent Actuation The plant-specific design should be such that the frequency of inadvertent actuation and challenges to othy cafe *y systen caused by the DSS and MSAC are minimited. The Dt5 and MSAC systems een have a minimum of two channels witi,i two-out-of-two utuation ingic to be consistent with the BWOG gene.:'ic document. Tbs 3&W generic der,lgn maeu the design criteria in this area.
5.9 Maintenance Bvoasse:
The plant specific design may permit bypass of the DSS ar the MSAC functions to allow fir maintenance, repair, test, or calibration during power operation in order to avoid inadvertent actuation of protective actions at the system level. The plant specific submittal should discuss how maintenance at power is to be accomplished and how the bypass condition will be automatically and continuously indicated in the main control room.
5.10 Operatina Byoasses The plant specific submittal must identify whether operating requirements necessitate automatic or manual bypass of the DSS or MSAC systems.
Where operating bypasses are identified, the design or operating basis must be provided for such actions.
Removal of the bypass condition must be
' indicated in the main control room.
5.11 Indication of Bvoasses The plant specific design must provide for control room indication of all DSS and MSAC test, maintenance, and operating bypass conditions.
If the protective action of some part of the DSS or MSAC systems has been bypassed or deliberately rendered inoperative for any reason, the plant specific submittal must discuss how this condition will be continuously and automatically indicated in the control room.
11
5.12 Means for Bvoassina The use of DSS or AMSAC system maintenance bypasses should not involve installing jumpers, lifting leads, pulling fuses, tripping breakers, or blocking relays.
The plant-specific submittal should discuss what type of permanently installed bypass switch or similar device will be used and verify that the disallowed methods mentioned in the guidance are not used.
5.13 Comoletion of Protective Action The plant specific DSS and AMSAC designs shall be such that, once initiated, the protective action at the system level goes to completion.
Return to operation must require subsequent deliberate operator action, e.g., manual reset of the tripped circuits.
5.14 Information Readout The DSS and AMSAC systems should be designed to provide the operator with
)
accurate, complete, and timely information pertinent to their status.
5.15 Safety Related Interfaces The plant specific subrittal should describe how the implementation of the DSS and AMSAC circuitry design will be such that the existing RPS and ESFAS protection systems continue to meet all applicable safety criteria.
5.16 Technical Seecifications The plant specific proposals must address technical specification requirements related to surveillance and testing of the DSS and AMSAC systems.
12
6.
CONCLUSIONS The BWOG document. "Design Requirements for DSS (Diverse Scram System) and AMSAC (ATWS Mitigation System Actuation Circuitry)," was reviewed and the transient analyses and design requirements were evaluated by the staff.
Most sections of the BWOG document wert acceptable for providing generic guidelines for the plant specific design submittals.
However, five areas of the generic design are still of concern to the staff.
The staff would like to emphasize that most of the generic guidelines presented in Section 5 of this SER have been adequately addressed by the BWOG generic document.
In such cases, the plant-specific submittals need l
only indicate their intent to comply with these individual generic requirements.
However, for the five design areas that are not satisfactorily addressed in the BWOG generic document, the plant specific submittals must address, in detail how compliance with these areas will be implemented.
Specifically, in order to receive approval from the staff, the licensee must provide (as discussed in the following sections) design details for the use of diverse power supplies, approved isolation devices, the implementation of bypasses and displays, the requirements for surveillance and testing, and the parameters and methods to be used to indicate high reactor pressure and/or a total loss of feedwater flow.
j 6.1 Power Sueolies The description of the design requirements and the use of power supplies in the BWOG generic document is not acceptable to the staff.
Section 5.1 of this SER sumarizes the design requirements for diversity of j
equipment as presented in the supplementary information provided in the Federal Register.
Compliancewithparagraphsc(1)andc(2)oftheATWS Rule requires the ATWS equipment to be diverse from the existing RPS to minimize the potantial for comon cause (mode) failures.
Identical j
components (e.g.,powersupplies)usedinboththeRPSandthe055orAMSAC 13 l
i 4
are subject to potential comon mode failures. Therefore, power supplies used for the ATWS systems must be diverse from the power supplies ustd in the RPS at B&W plants.
Power supplies for both the DSS and MSAC are not required to be safety related (IE), but must be capable of performing their safety functions following a loss of offsite powar. This requirement, as defined in the Federal Register, prohibits the use of existing RPS power supplies for the DSS logic and actuation equipment and the MSAC logic circuitry.
Acceptable methods for complying with these requirements are presented in Section 5,6 of this SER.
in order to be in compliance with the ATWS Rule and receive approval from the staff, the plant specific submittals must indicate how the individual l
plant designs will provide adequate diversity in the use of power supplies l
for the DSS and MSAC systems.
In addition, the plant specific submittals must indicate how these power supplies (for both the DSS and M5AC) will remain functional or be backed up in the event of a loss of offsite power.
6.2 Isolation Devices The guidance given in the Federal Register requires nonsafety related equipment to be properly isolated from safety related equipn.ent, i
Therefore, only approved isolators, existing or diverse, may be used for isolating existing sensors and actuation devices for the ATWS systems where appropriate.
i l
Whether diverse or existing isolators are used, the plant specific j
submittals must provide analyses ensuring that the isolators are qualified
]
to function under the maximum worst case fault conditions. The analyses
)
j should follow the guidelines presented ir. Appendix A of this SER or be from I
some other previously approved procedure, i
4 14 i
4 I
6.3 Bypasses and Displays The plant-specific submittals must address the types and methods of bypasses used for the DSS and AMSAC equipment.
Sections 5.9, 5.10, and 5.12 of this SER provide so.ne guidance for acceptable bypasses of the systems. The submittr.ls should discuss requirements for maintenance, repair. testing, and calibration of the ATWS systems. Operating bypasses, l
such as those required during startup or low power operation, should also be addressed in the submittals. The proposals for the bypasses must address both administrative (i.e., types of procedures to be used) and i
]
hardware requirements.
i The status of the parameters monitored for the indication of an ATWS and the DSS and AMSAC mitigating equipment must be continuously provided in the control room.
Sections 5.11 and 5.14 of this SER discuss the requirements for the d.ndication of a bypass condition and the status of the equipment for the operato-The plant-specific submittals should also provide the design details c n)w the f aformation will be displayed.
6.4 Surveillance and Testica The BWOG, in their generic document and subsequent information, has not provided an acceptable generic proposal for defining the requirements for surveillance and testing.
Therefore, the plant specific proposals must address the use of technical specifications for the DSS and AMSAC equipment. The plant specific proposals must also address how surveillance and testing will be administrative 1y controlled and monitored.
6.5 Inout Parameters l
The BWOG generic document presents the results of analyses performed to j
justify the use of high reactor pressure and/or a loss of feedwater flow as the input parameters to be used for actuating the DSS and AMSAC systems.
However, the generic document does not give specific details regarding how these parameters are to be measured.
Therefore, the plant specific 3
15 J
i I
submittals must provide the details of whether pressure or flow is to be used and must specify the setpoints and timing at which the systems will be j
initiated.
Information must also be provided which describe how a total loss of feedwater flow will be detected and why the measurements chosen are indicative of a total loss of feedwater flow.
I i
l 4
L i
i l
I I
16
'I 7.
REFERENCES 1.
Code of Federal Regulations, Chapter 10, Section 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS)
Events for Light-Water-cooled Nuclear Power Plants," June 1,1984.
2.
Federal Register, Vol. 49, No. 124, "Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water Cooled Nuclear Power Plants," June 26, 1984.
3.
Babcock and Wilcox Company. "Design Reguirements for DSS (Diverse Scram System) and AMSAC (ATWS Mitigation System Actuation Circuitry),"
September 1985.
4.
NRC Memorandum, M. Wayne Hodges to Jerry L. Mauck, "Review of BWOG Submittal on ATWS.'
5.
NRC Letter, Hugh L. Thompson, Jr. to All Power Reactor Licensees and All Applicants for Power Reactor Licenses, "Quality Assurance Guidance for ATWS Equipment that is not Safety Related (Generic Letter 85 06),"
April 16, 1985.
6.
NRC Memorandum, Harold R. Denton to James H. Sniezek, "Proposed Generic Letter Regarding Implementation of the ATWS Rule."
February 1986.
7.
Rulemaking Issue, W. J. Dircks to The Commissioners, "Amendments to 10 CFR 50 Related to Anticipated Transients Without Scram (ATWS)
Events," SECY 83 293, July.19, 1983.
8.
NUREG 0460, "Anticipated Transients Without Scram for Light Water Reactors," Office of Nuclear Reactor Regulation, US Nuclear Regulatory Commission, December 1978.
9.
NUREG 1000, ' Generic Implications of ATWS Events at the Salem Nuclear Power Plant," Office of Nuclear Reactor Regulation, US Nuclear Regulatory Comission, April 1983.
I 1
1 i
)
i 17
AP.21.00.L1L.A DSS AND AMSAC ISOLATION DEVICE RE0 VEST FOR ADDITIONAL INFORMATION Each light-water-cooled nuclear power plant shall be provided with a system for the mitigation of the effects from t.nticipated transients without scram (ATWS). The Comission approved requirements for the ATWS are defined in the Code of Federal Regulations (CFR) Section 10, paragraph 50.62.
The staff has reviewed the B&W Owners Group generic functional DSS and AMSAC designs for compliance with the ATWS Rule. As a result, the staff has determined that the use of isolators within the DSS and AMSAC will be reviewed on a plant specific basis. The following additional information is required to continue and complete the plant-specific isolator review.
1 Isolation Devices Please provide the following:
a.
A description of the specific testing performed to demonstrate that the device used to accomplish electrical isolation is acceptable for its application (s).
This description should include elementary diagrams, when necessary, to indicate the test configuration and how maximum credible faults were applied to the devices, i
b.
Data to verify that the maximum credible faults applied during the test were the maximum voltage / current to which the device could be exposed, l
and define how the acximum voltage / current was determined.
c.
Data to verify that the maximum credible fault was applied to the non Class IE side of the device in the transverse mode (between signal i
andreturn)andthatotherfaultswereconsidered(i.e.,openandshort circuits).
A1 i
d.
A definition of the pass / fail acceptance criteria for each type of device.
e.
A commitment that the isolation devices comply with the environmental qualifications (10 CFR 50.49) and with the seismic qualifications which were the basis for plant licensing.
f.
A description of the meas,ures taken to protect the safety systems from electrical interference (i.e., Electrostatic Coupling, EMI, Common Mode, and Crosstalk) that may be generated by the ATWS circuits.
g.
Information to verify that the Class IE isolat.or is powered from a Class IE source.
A2