ML20155C990
| ML20155C990 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 10/03/1988 |
| From: | NRC |
| To: | |
| Shared Package | |
| ML20155C988 | List: |
| References | |
| NUDOCS 8810110002 | |
| Download: ML20155C990 (18) | |
Text
s.
ENCLOSURE 1 i
SAFETY EVALUATION REPORT 1
y0GTLE ELECTRIC GENERATING PLANT UNITS 1 & 2 COMPLIANCE WITH ATWS RULE 10 CFR 50.62 4 DOCKET NOS: 50-424/425 t
1.0 INTRODUCTION
On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include ,
Section 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated
, Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants" (known as the ATWS Rule). The requirements of Section 10 CFR 50.62 ,
apply to all ccanercial light-water-cooled nuclear power plants.
An ATWS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that is accompanied by a failure r
! of the Reactor Trip System (RTS) to shut down the reactor. The ATWS Rule requires t
specific improveirents in the design and operation of commercial nuclear power facilitivs to reduce the probability of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an ATWS event.
Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirenents for Westinghouse plants. Equipnent, diverse from the RTS, is
, required to initiate the aux 111ery feedwater (AFW) system and a turbine trip for ATWS events. In response to paragraph (c)(1), the Westinghouse Owners Group g011oo02001003 1
p ADOCM 05000424 PNu I
(WOG) developed a set of conceptual ATWS mitigating system actuatiun circuitry (AMSAC) desigr.s generic tu Westinghouse plants. WOG issued Westinghouse Topical Report WCAP-10858, "AMSSC Generic Design Package," which provided information on the various Westinghouse designs.
The staff reviewed WCAP-108SJ and issued a safety evaluation of the subject l
topical report on July 7,1986 (Ref.1). In this safety evaluation, the staff concluded that the generic designs presented in WCAP-10858 adequately meet the ,
requirements of 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.
During the course of the staf f's review of the proposed AMSAC design, the WOG ,
issued Addendum 1 to WCAP-10858-P-A by letter dated February 26,1987(Ref.2).
l 1
This Addendum changed the setpoint of the C-20 AMSAC permissive signal from 70%
reactor power to 40% power. On August 3,1987, the WOG issued Revision 1 to WCAP-10858 P-A (Ref. 3), which incorporated Addendum 1 changes and previded details on changes associated with a new variable timer and the C-20 time delay. For thosc plants selecting either the feedwater flow or the feedwater pump / valve status logic option, a variable delay timer is to be incorporated into the AMSAC actuation logics. The variable time delay will be inverse to reactor power and will approximate j the time that the steam generator takes to boil down to the low-low level setpoint upon a loss of main feedwater (MFW) from any given reactor power level between 40%
and 100% power. The time delay on the C-20 pertnissive signal for all logics will be lengthened to incorporate the maximum time that the steam generator takes to i _- - - . - _ - _ _ -.
boil down to the low-low level setpoint upon a loss MFW with the reactor operating i
[ at 40% power. The staff considers the Revision 1 changes to be acceptable.
Paragraph (c)(6) of the ATWS Rule requires that detailed information to i dernonstrate compliance with the requirements be submitted to the Director, Office of Nuclear Reactor Regulation (NRR). Iri accordance with paragraph (c)(6) uf the ATWS Rule, Georgia Power Company (licensee) provided information l by letter detrd July 30, 1987 (Ref. 4). The letter forwarded the detailed design description of the ATWS mitigating system actuation circuitry proposed for installation at the Vogtle Plant, Units 1 arid 2.
1 The staff held a conference call with the licensee on September 30, 1987, to i discuss their AMSAC design. As a result of the conference call, the licensee responded to the concerns by letter dated Noverrber 18, 1987 (Ref. 5).
I On March 1,1988, the staff held another conference call with the licensee
! durtrig which the isolation devices and their compliance to the requirements of Appendix A of the generic SER (Ref.1) were discussed. The licerisee responded to the isolation device concerns by letter dated April 11, 1988 (Ref. 6).
2.0. REVIEN CRITERIA The sysr. ems and equipment required by 10 CFR 50.62 do not have to rneet all of
- the stringent requirenents normally applied to safety-related equipment. Howe,er, the equipment required by the ATWS Rule should be of sufficient quality and 4
reliability to perform its intended function while minimizing the potential for j i
transients that may challenge the safety systems, e.g., inadvertent scrams, i
I
l ..
4- ,
The following review criteria were used to evaluate the licensee's submittals:
- 1. The ATWS Rule, 10 CFR 50.62.
I
- 2. "Considerations Regarding Systerns and Equipment Criteria," ;
published in the Federal Register, Volume 49, No 124, dated l
June 26, 1984.
- 3. Generic Letter 85-06, "Quality Assurance Guidance for ATWS Equipment That Is Not Safety Related."
- 4. Safety Evaluatior of WCAP-10858. (Ref. 1)
- 5. WCAP-10858-P-A, Revision 1. (Ref. 3) 3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATWS event are present, the j licensee has elected to implemerit the WCAP-10858-P-A AMSAC design associated l with monitoring of main feedwater (ftFW) for low flow. The new variable timer and the time delay O!scciated with the C-20 permissive will be incorpurated l into the AMSAC design consistent with Revision 1 to the WCAP.
1 Many details and interfaces associated with the irnplementation of the filial AMSAC design are of a plant-specific nature. In its safety evaluation for
WCAP-10858, the staff identified 14 key elements that require resolution for eacn plant design. The following paragraphs provide a discussion on compliance with respect to each of the plant-specific elements.
- 1. Diversity The plant design should include adequate diversity between the AMSAC equipment and the existing Reactor Protection System (RPS) equipment.
Reasonable equiptrent diversity, to the extent practicable, is required to minimize the potential for common-cause failures.
The licensee has provided information confirming that the AMSAC logic circuits will be diverse frcm the RPS in the areas of design, equipment, dnd manufacturing. Where similar types of components are used, such as output relays, the AMSAC will utilize a relay of different make and 1
manufacturer. ;
l
- 2. Logic Power Supplies Logic power supplies need not be Class 1E, but must be capable of performing safety functions upon a loss of offsite power. The logic power must come from a power source that is it. dependent from the RPS power supplies.
The licensee has provided information to verify that the logic power supplies selected for the Vogtle ANSAC logic circuits will provide the maximum available independence from the RPS power supplies. The AMSAC
will se powered through the "N" train (Non-1E) distribution system which I
is independent of the RPS and will be capable ef operating upon a loss of offsite power.
- 3. Safety-Related Interface the implementation of the ATWS Rule shall be such that the existing Reactor Protection System (RPS) continues to meet all applicable safety criteria.
l The proposed Vogtle AMSAC design interfaces with the RP5 only in the area of Class 1E turbine impulse chamber pressure signals. This connection will be made downstream of approved Class 1E isolation devices. Thus, the applicable safety-related criteria that is in effect at the Vogtle plant will continue to be met after the implementation of AMSAC. Refer to item 9 for further discussion en this issue.
4 Quality Assurance The licensee is required to provide information regarding compliance with Generic Letter (GL) 85-06, "Quality Assurance for ATWS Equipment That is Not Safety Related."
The 18 criteria of the NRC quality assurance guidance (GL-85-06) were reviewed by the licensee. The licensee stated that the quality assurance practices at the Vogtle plant, as applied to nonsafety-related AMSAC equipment, comply with the guidance of GL-85-06.
e.
- 5. Maintenance Bypasses Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the control room.
The licensee provided information showing how inaintenance is to be accomplished at power. The staff was informed that maintenance at power will be accomplished by inhibiting operation of AMSAC's output relays using a permanently installed bypass switch. The indication of bypass status will be continuously illuminated in the main control room.
- 6. Operating Bypasses The operating bypasses should be intticated continuously in the control room. The independence of the C-20 permissive signal snould be addressed.
The licensee has provided information stating that an AMSAC operating bypass (C-20) will be used to enable the operators to bring the plant up in power during startup and to avoid spuricus AMSAC actuations at power levels below ,
40%reacturpower(theC-20setpoint). Above 40% reactor power, the C-20 will automatically arm the AMSAC logics. The C-20 permisshe signal will ,
1 I
originate from existing first-stage turbine impulse chamber pressure sensors and upun a turbine trip, the C-20 permissive signal will be maintained for 260 seconds by a C-20 timer. The licensee has detvrmined that this time delay is sufficient to ensure that AMSAC will perform its required function
in the event of a turbine trip (loss cf load ATWS). This signal will be taken downstream from qualified isolators and will not interfere with the RPS.
The operating bypass will be continuously indicated in the control room via a light box on the main control board. This is consistent with the licensee's design philosophy in which bypasses or blocking signals are indicated via a bypass permissive light box.
- 7. lieans for Bypasses The means for bypassing sh, be accomplished by the use of a permanently installed, human-factored, bypass switch or similar device. Disallowed methods for bypassing mentioned in the guidance should not be utilized.
The licensee's respont.e stated that a permanent.ly instelled control switch ,
will be used for the bypass function. The disallowed methods for bypassing, such as lif ting leads, pulling fuses, b1ncking relays, and tripping breakers will not be used.
l It is the staff's understanding that the licensee will conduct A human-factors r(view of all bypass cuntrols and indication consistent with the ploeit's detailed control room design process.
4 1
- 8. ??anuel initiation itanual initiation capability of the AMSAC mitigation function must be providea.
In the plant-specific submittal, the licensee discussed how manual turbine trip and auxiliary feedwater actuation are accomplished by the operator.
The operator uses existing manual controls to perform a turbine trip and to start auxiliary feedwater flow. The operator accomplishes these actions by utilizing plant Procedure 19000 *,, E-0 Reactor Trip Safety Injection. Thus, no additional manual initiation capability is required as a result of installing the AMSAC equipment.
l
- 9. Electrical Independence From Existing Reactor Protection System Independence is required f rom the sensor output to the final actuation I device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolators.
The licensee di. cussed how electrical independence is to be achieved. The existing safety systems with which the AliSAC interfaces will be the RPS, Auxiliary Feedwater, and Steam Generator Blowdown and Sampling Systems. The li cei.9 r- ,
' informed the staff that the required isolation will be achieved
- Jdl isolation devices that have been qualified and tested to
- . trical equipment requirements. In addition, the isolators were ion tested as cescribed in Appendix A to the WCAP safety evaluation
___. ._ _ _ _ _ _ _ _ _ _ _ __ _ _ - _ _ i
(Ref. 1). The staff has concluded tnat these isolators have been i
satisfactorily qualified for use at the subject plant.
- 10. Physical Separation From Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the separation criteria applied to the existing RPS are not violated.
The licensee has stated that the cable routing will be independent of protection system cable routing and that the ATWS equipment cabinets will i be located so that there will be no interaction with the protection system l ,
l cabinets. The licensee provided information stating that all existing train l l l and spatial sep4 ration requirements will be maintained in accordance with '
the existing Vogtle Project Design Criteria. Therefore, existing separation between the Reactor Protection System and nonsofety-related circuits will not be violated by the installation of the AMSAC equipment.
- 11. Environmental Oualification '
The plant-specific submittal should address the environmental qualification of ATWS equipment for anticipated operational occurrences. 3 t
The licentre stated that AMSAC mitigation equipment will be located in areas of the plant that are considered to be a mild environment and that the equipment follows the stme design standard as currently exists for other non-1E control grade equipmen+.. Based on the information provided, it is the staff's understanding that the equipment will be qualified for anticipated operational occurrences associated with the respective equipment locations.
O a i
I
- 1 i l i
i l 12. Testability at Power ,
s Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing of the system may be performed with the system in the bypass mode. Testing from the input sensor through to the final actuation device should be performed with the
- plant shut down.
1 l The licensee stated that a complete test of the AMSAC system, including the AMSAC outputs through to the final actuation devices, will be performed
) during each refueling outage. With the plant at power, the system can be tested with the AMSAC outputs bypassed. The testing capability will j consist of a series of overlapping tests which will verify analog channel 1
i accuracy, setpoint (bistable trip) accuracy, coincidence logic operation (including operation ano accuracy of all timers), and continuity through the output relay coils.
1 l
These tests will be performed with the AMSAC outputs bypassed. This bypass l
]
will be accomplished through the use of a permanently installed bypass j switch which will negate the need to lift leads, pull fuses, trip breakers, or physically block relays. Status outputs to the plant cor.:puter and main control board, indicating that a general warning condition exists with I AMSAC, will be initiated when the system's outputs are bypassed. Plant 1
procedures will be utilized for testing the AMSAC circuitry and the #1 SAC
- outputs. These procedures will ensure that AMSAC is returned to service once 1
the test is complete.
i e
4 It is the staff's understanding that the licensee will conduct a human-factors review of the controls and indications used for testing purposes consistent w7tn *he plant's detailed control room design process.
- 13. CompletionofMitjativeAction The licensee is required to verify that (1) the protective action, once l initiated,goestocompletionand(2)thesubsequentreturntooperation i requires deliberate operator action. ,
i The licensee responded that, once the AFW pumps receive a start signal from :
AMSAC, initiation will go to completion and the pumps will remain on line :
until plant conditions allow the operator to secure the pumps. The licensee i
also stated that, once a main turbine trip is initiated, there are no auto- i matic or manual actions which can prevent it from going to completion, j Following completion of mitigative action, deliberats operator action is !
I required to reset the AFW and turbine trip systems.
14 Technical Specifications i The plant specific submittal shculd address Technical Specification (TS) requirements for the AMSAC. j l
The licensee responded that no TS action is proposed with respect to the AMSAC. The licensee stated that the system does not meet NRC criteria for j
e *
?
l inclusion in the TS. The surveillance interval and actions required to service the AMSAC will be administratively controlled usint station i
j procedures. '
- The equipment required by the ATUS Rule to reduce the risk associated with ,
a j en ATWS event must be designed to perform its functions in a reliable 1
) manner. A method acceptable to the staff for demonstrating that the
] equipment satisfies the reliability requirements of the ATWS Rule is to i provide limiting conditions for operation and surveillance requirements in i 1 '
the TS.
)
4 !
In its interim Cornission Policy Statement of Technical Specification '
4 '
j Improvements fur Nuclear Pcwer Plants [52 Federal Register 3788, February 6, :
1987), the Commission established a specific set of objective criteria for l 4
determining which regulatory requirements and operating restrictions ,
should be included in TS. The staff is presently reviewing ATWS requirements l j to criteria in this Policy Stotement to determine whether and to what l
j extent TS on the ATWS Rule are appropriate. Accordingly, this aspect of 1 the staff review remains open periding completion of, and subject to tha I
results of, the staff's further review. The staff will provide guidance i i
regarding the TS requirements for AliSAC at a later date.
l 1
i
1 l
}
4.0 CONCLUSION
j Based on the above discussion and subject to final resolution of the technical specification issue, the staff concludes that the AMSAC design proposed by the !
licensee for Vogtle is acceptable and is in compliance with the ATWS Rule, t 10 CFR 50.62, paragraph (c)(1). The staff's conclusion is further subject to the successful completion of certain noted human factors engineering reviews to which the licensee has committed. Until staff review is completed regarding the ,
use of TS for ATWS requirements, the lic.isee should continue with the 6 scheduledinstallationandimplementation(plannedoperation)oftheATWS '
design utilizing administratively controlled procedures.
5.0 REFERENCES
- 1. Letter, C E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986.
- 2. Letter, R. A. Newton (WOG) to J. Lyuns (NRC), "Westinghouse Owners Group Addendum I to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Package," February 26, 1987.
- 3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners Group Transmittal of Topical Report, WCAP-1085< '
, Revision 1, AM~AC Generic Design Package," August 3, 1987.
I'. .
- 4. Letter, L. T. Gutwo (GPC) to U.S. NRC, "Ar,ticipated Transients Without Screm Modifications," July 30, 1987.
- 5. Letter, L. T. Gucwa (GPC) to U.S. NRC, "Anticipated Transients Without Scram Modifications," Novernber 18, 1987.
- 6. Letter, L. T. Gucwa (GPC) to U.S. NRC, "Anticipated Transients Without Scram Modification:,," April 11, 1988.
4 4
l l
1 ;
i l 1
i
__- _ - . , _ - _ _ - _ _ _