ML20154R445
| ML20154R445 | |
| Person / Time | |
|---|---|
| Site: | Beaver Valley |
| Issue date: | 05/31/1988 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML20154R396 | List: |
| References | |
| NUDOCS 8806070305 | |
| Download: ML20154R445 (9) | |
Text
. l
/ o UNITED STATES
! 1 NUCLEAR REGULATORY COMMISSION
( :$ WASHINGTON, D C. 20555
...../
1 I
SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION BEAVER VALLEY POWER STATION, UNITS 1 AND 2 COMPLIANCE WITH ATWS RULE 10 CFR 50.62 DOCKET NOS: 50-334/412 l
1.0 INTRODUCTION
On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants" (known as the ATWS Rule). The requirements of Section 10 CFR 50.62 apply to all comercial light-water-cooled nuclear power plants.
l An ATWS is an anticipated operational occurrence (such as loss of feedwater, l loss of condenser vacuum, or loss of offsite power) that is accompanied by a l failure of the reactor trip system (RTS) to shut down the reactor. The ATWS :
Rule requires specific improvements in the design and operation of comercial l nuclear power facilities to reduce the probability of failure to shut down the !
reactor follcwing anticipated transients, and to mitigate the consequences of an ATWS event.
Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system ;
requirements for Westinghouse plants. Equipment, diverse from the RTS, is {
required to initiate the auxiliary feedwater (AFW) system and a turbine trip '
for ATWS events. In response to paragraph (c)(1), the Westinghouse Owners Group (WOG) developed a set of conceptual ATWS mitigating system actuation l
circuitry (AMSAC) designs generic to Westinghouse plants. The WOG issued Westinghouse Topical Report WCAP-10858, "AMSAC Generic Design Package," which provided infonnation on the various Westinghouse designs.
The staff reviewed WCAP-10858 and issued a safety evaluation of the subject topical report on July 7, 1986 (Ref. 1). In this safety evaluation, the staff concluded that the generic designs prescnted in WCAP-10858 adequately meet the requirements of 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.
8806070305 080531 PDR ADOCK 05000334 P PDR
During the course of the staff's review of the proposed AMSAC design, the WOG issued Addendum 1 to WCAP-10858-P-A by letter dated February 26, 1987 (Ref. ?).
This Addendum changed the setpoint of the C-20 AMSAC pemissive signal from 70%
reactor power to 40%. On August 3, 1987, the WOG issued Revision 1 to WCAP-10858-P-A (Ref. 3), which incorporated Addendum 1 changes and provided details on changes associated with a new variable timer and the C-20 time delay. For those plants selecting either the feedwater flow or tha feedwater pump / valve status logic options, a variable delay timer is to be incorporated into the AMSAC actuation logics. The time delay on the C-20 permissive signal for all logics will be lengthened to incorporate the maximum time that the steam generator takes to boil down to the low-low setpoint upon a loss of main feedwater (MFW) with the reactor operating at 40% power. The staff considers the Revision 1 changes to be acceptable.
Paragraph (c)(6) of the ATWS Rule requires that detailed information to demonstrate compliance with the requirements be submitted to the Director, Office of Nuclear Reactor Regulation (NRR). In accordance with paragraph (c)(6) of the ATWS Rule, Duquesne Light Company (licensee) provided information by letter dated February 27, 1987 '(Ref. 4). The letter forwarded the detailed design description of the AMSAC proposed for installation at the Beaver Valley Power Station, Units 1 and 2.
The licensee also responded to the changes and revisions to the WCAP by letters dated April 24, 1987 (Ref. 5) and August 31, 1987 (Ref. 6). These two letters addressed the C-20 setpoint and the variable timer, respectively.
The staff held a conference call with the licensee on November 19, 1987, to discuss their AMSAC design and the information contained in Addendum 1 to WCAP-10858-P-A. As a result of the conference call, the licensee responded with additional information on December 2, 1987 (Ref. 7). The response raised additional questions with respect to the AMSAC output isolators, and the staff held a second conference call with the licensee on January 12, 1988, to clarify information concerning the isolators. By letter dated March 3, 1988 (Ref. 8),
the licensee provided the detailed test data on the output isolators.
2.0, REVIEW CRITERI A The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringer t requirements nomally applied to safety-related equipment.
However, the equipment required by the ATWS Rule should be of sufficient quality and reliability to perform its intended function while minimizing the potential for transients that may challenge the safety systems, e.g.,
inadvertent scrams.
l l
i i
l The following review criteria were used to evaluate the licensee's submittals: !
- 1. The ATWS Rule, 10 CFR 50.62.
- 2. "Considerations Regarding Systems and Equipment Criteria,"
published in the Federal Register, Volume 49, No 124, dated June 26, 1984.
- 3. Generic Letter 85-06, "Quality Assurance Guidance for ATWS l Equipment That Is Not Safety Related." j
- 4. Safety Evaluation of WCAP-10858 (Ref.1). !
- 5. WCAP-10858-P-A, Revision 1 (Ref. 3). ;
3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATWS event are present, the l licensee has elected to implement the WCAP-10858-P-A AMSAC design associated I with mons toring the main feedwater flow (MFW) and activating the AMSAC when the l MFW flow is below the low flow setpoint. Also, the licensee will implement the new time delays as addressed in the introduction section associated with the C-20 pennissive timer and the variable timer as required by Revision 1 to the WOG report.
I The licensee provided a discussion relative to conditions that will exist upon i the failure of a single feedwater flow channel. The licensee stated that if any one of the three flow channels fail, the AMSAC outputs will be automatically blocked, and an AMSAC trouble annunciator will alarm in the control room to alert the operator. The licensee further stated that the failed channel will be placed in a tripped condition within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> which will remove the AMSAC output auto-block feature.
Many details and interfaces associated with the implementation of the final AMSAC design are of a plant-specific nature. In its safety evaluation of WCAP-10858, the staff identified 14 key elements that require resolution for each plant design. The following paragraphs provide a discussion on the licensee's compliance with respect to each of the plant-specific elements.
- 1. Diversity The plant design should include adequate diversity between the AMSAC equipment and the existing Reactor Protection System (RPS) equipment.
Reasonable equipment diversity, to the extent practicable, is required to minimize the potential for common-cause failures.
The licensee will use the existing Class 1E MFW flow-sensing instrumentation as input to AMSAC. The licensee has comitted to implement AMSAC equipment that will be of a different design and manufacturer which will be diverse from equipment used in the RPS. The AMSAC output signals will interface with existing auxiliary feedwater (AFW) pump and turbine trip circuitry. This interface will use equipment that will be diverse from the RPS actuation equipment.
1 I
The staff finds the licensee's commitment acceptable subject to the satisfactory implementation of diverse AMSAC logic equipment consistent with the ATWS Rule (10 CFR 50.62). ;
- 2. Loaic Power Supplies Logic power supplies need not be Class 1E, but must be capable of i perfoming the required design functions upon a loss of offsite power. l The logic power must come from a power source that is independent from i the RPS power supplies. l The licersee has, provided information verifying that the logic power ]
supplies used for AMSAC will he independent from the RPS power supplies i and will function during the loss of offsite power. Dual logic power i supplies will be used in the AMSAC equipment. These power supplies will be diode-auctioneered such that a single power supply failure will not negate the AMSAC function.
l
- 3. Safety-Related Interface The implementation of the ATWS Rule shall be such that the existing l RPS continues to meet all applicable safety criteria. I i
The licensee has stated that the implementation of the AMSAC/RPS ;
interface will be such that the existing RPS will continue to meet all applicable safety criteria as sumarized in the Unit 1 Final Safety Analysis Report (FSAR), Section 8.5 and the Unit 2 FSAR, Section 8.3. Refer to Item 9 for further discussion.
- 4. Quality Assurance (QA)
This element requires the licensee to provide infomation regarding compliance with Generic Letter (GL) 85-06, "Quality Assurance for l ATWS Equipment That Is Not Safety Related."
The licensee stated that the AMSAC equipment will be manufactured under a QA program that is in full compliance with 10 CFR 50, Appendix B.
The licensee has confinned that the QA requirements for installation and i operation of the AMSAC equipment will follow the guidelines presented 1 in GL 85-06.
l
e
- 5. Maintenance Bypasses Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the control room.
The licensee has stated that, during maintenance or surveillance of the AMSAC system or sensor inputs, the AMSAC output signals will be l bypassed using a permanently installed bypass switch located at the AMSAC test panel. Indication of the AMSAC bypass will be provided ;
continuously by the AMSAC trouble alann window that will be located 1 in the main control room. '
- 6. Operating Bypasses i The operating bypasses should be indicated continuously in the control room. Diversity and independence of the C-20 permissive signal should be provided, j The licensee has provided information stating that the AMSAC will be automatically bypassed below 40% reactor power, as indicated by the l turbine first-stage impulse pressure. The bypass condition will be indicated by a control room annunciator. It is the staff's understanding that the licensee will conduct a human-factors review of the bypass annunciators consistent with the plant's detailed control room design process. The C-20 permissive signal will be derived from existing protection system instrumentation and will be processed by the AMSAC logic circuitry which is to be diverse from the reactor protective system. The time delay on de-energization (TD00) timer associated with the C-20 pennissive will be set longer than the actuation variable timer, consistent with Revision 1 to WCAP-10858-P-A.
- 7. Means for Bypasses ,
The means for bypassing shall be accc;cplished by the use of a permanently installed, human-factored, bypass switch or similar device. Disallowed methods for bypassing mentioned in the guidance should not be utilized.
The licensee stated that bypassing AMSAC during testing and maintenance will be accomplished with a permanently installed bypass switch. The disallowed methods for bypassing, such as lifting leads, pulling fuses, blocking relays, or tripping breakers, will not be used.
It is the staff's understanding that the licensee will conduct a human-factors review of the bypass controls and annunciation consistent with the plant's detailed control room design process.
The issue is considered resolved pending satisfactory completion of j the licensee's human-factors review.
)
l l
- 8. Manual Initiation Manual initiation capability of the AMSAC function must be provided.
The licensee discussed how manual turbine trip and auxiliary feedwater actuation are accomplished by the operator. The licensee stated that existing manual controls for turbine trip and AFW actuation are located in the main control room and will be used by the operator to manually perform the AMSAC function if necessary. Thus, no additional manual initiation capability is required as a result of installing the AMSAC equipment.
- 9. Electrical Independence From Existing Reactor Prtte tion System Independence is reauired from the sensor output to the final actuation device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolators.
The licensee discussed how electrical independence is to be achieved.
The proposed design requires isolation between AMSAC and the Class 1E circuits associated with the MFW flow, the turbine first stage impulse chamber pressure, and the AFW pumps. The required isolation will be achieved using Westinghouse 7100 and 7300 series isolation devices on the AMSAC input and Magnecraft Model W199 ABX-14 relays for output isolation. These devices are acceptable for use as qualified isolation devices.
- 10. Physical Separation From Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the separation criteria applied to the existing RPS are not violated.
The licensee stated that the AMSAC circuitry will be located in separate cabinets and will be physically separated from the RPS. In addition, the AMSAC cable routing will be in accordance with the physical separation criteria originally established for the station at the time of initial plant licensing. Thus, the existing separation critoria for the RPS will not be compromised as a result of installing the AMSAC equipment.
- 11. Environmental Qualification The plant-specific submittal should address the environmental qualification of ATWS equipment for anticipated operational occurrences.
The staff was informed that the AMSAC cabinet and equipment will be located in the control room area, which is considered a mild environment area. The AMSAC equipment will be qualified for environmental conditions associated with anticipated operational occurrences.
m __ - . . _ _ -
i l
- 12. Testability at Power Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing of the system l may be performed with the system in the bypass mode. Testing from the sensor through final actuation device should be performed with the plant l
shut down. I The licensee has stated that the AMSAC equipment will be functionally tested before and after installation. The AMSAC system will be testable at power in the bypass mode in accordance with procedures approved for the Beaver Valley Power Station. Bypassing AMSAC for testing and returning the system to service will be controlled by administrative procedures. The bypassed condition will be continuously indicated in the control room.
The periodic at-power testing frequency will be based on manufacturer and engineering recommendations. The end-to-end test (including the AMSAC outputs through to the final actuation devices) will be performed during I plant shutdowns. l It is the staff's understanding that the licensee will conduct a !
human-factors review of the controls and indications used for testing purposes that is consistent with the station's detailed control room ;
design process.
l j
- 13. Completion of Mitigative Action The licensee is required to verify that (1) the protective action, once initiated, goes to completion and (2) the subsequent return to operation requires deliberate operator action, !
l The licensee responded that once the AMSAC is initiated, the circuits for starting the steam-driven AFW pump, the two motor-driven AFW pumps, and the turbine trip will go to completion in accordance with the existing plant circuit design. Deliberate manual action on the part of the operator will be required to reset the turbine trip circuitry and to restore the AFW pumps to standby status.
- 14. Technical Specifications 1
The plant specific submittal should address Technical Specification requirements for AMSAC.
The licensee responded stating that no technical specification action is proposed with respect to the AMSAC. The licensee stated that the l system does not meet NRC criteria for inclusion in the technical specifications. The surveillance interval and actions required to service the AMSAC will be administratively controlled using station procedures.
m
e The equipment required by the ATWS Rule to reduce the risk associated with an ATWS event must be designed to perform its functions in a reliable manner. A method acceptable to the staff for demonstrating that the equipment satisfies the reliability requirements of the ATWS Rule is to provide limiting conditions for operation and surveillance requirements in the Technical Specifications.
In its interim Comission Policy Statement of Technical Specification Improvements for Nuclear Power Plants [52 Federal Register 3788, February 6,1987], the Comission established a specific set of objective criteria for determining which regulatory requirements and operating restrictions should be included in technical specifications. The staff is presently reviewing ATWS requirements to criteria in this Policy Statement to determine whether and to what extent technical specifications are appropriate. Accordingly, this aspect of the staff review remains open pending completion of, and subject to the results of, the staff's further review. The staff will provide guidance regarding the technical specification requirements for AMSAC at a later date.
4.0 CONCLUSION
The staff concludes, based on the above discussion and subject to final resolution of the Technical Specification issue, that the AMSAC design proposed by Duquesne Light Company for the Beaver Valley Power Station is acceptable and is in compliance with the ATWS Rule, 10 CFR 50.62, paragraph (c)(1). The staff's conclusion is further subject to the successful completion of certain noted human-factors engineering reviews to which the licensee has committed. Until staff review is completed regarding the use of technical specifications for ATWS requirements, the licensee should continue with the scheduled installation and implementation (planned operation) of the ATWS design using administratively controlled procedures.
5.0 PRINCIPAL CONTRIBUTORS Robert Stevens was refewer.
- Art Nolen of EG&G, Idaho, was consultant.
Dated: May 31, 1988 a_ -
s
6.0 REFERENCES
- 1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986.
- 2. Letter, R. A. Newton (W0G) to J. Lyons (NRC), "Westinghouse Owners' Group Addendum 1 to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Package," February 26, 1987.
- 3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners' Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, AMSAC Generic Design Package," August 3, 1987.
- 4. Letter, J. D. Sieber (DLCo) to U.S. NRC, "10 CFR 50.62, ATWS Rule Implementation," February 27, 1987.
- 5. Letter, J. D. Sieber (DLCo) to U.S. NRC, "10 CFR 50.62, ATWS Rule Implementation," April 24, 1987.
- 6. Letter, J. D. Sieber (DLCo) to U.S. NRC, "10 CFR 50.62, ATWS Rule Implementation," August 31, 1987.
- 7. Letter, J. D. Sieber (DLCo) to U.S. NRC, "10 CFR 50.62, ATWS Rule Implementation," December 2, 1987.
- 8. Letter, J. D. Sieber (DLCo) to U.S. NRC, "10 CFR 50.62 ATWS Rule Imolementation," Harch 3,1988.
I l
l l
1 l
l n