ML20195D539

From kanterella
Jump to navigation Jump to search
Safety Evaluation Supporting ATWS Rule,10CFR50.62
ML20195D539
Person / Time
Site: Farley  Southern Nuclear icon.png
Issue date: 10/31/1988
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML20195D531 List:
References
NUDOCS 8811070046
Download: ML20195D539 (9)
v  d  e


Text

_ _ _ _ _ _ _ - _ _ _ - _ _ _ _ _ _

6 ,%, UNITED STATES E-  ?, NUCLEAR REGUt-TORYt COMMISSION 5 l W ASHINGTON. D. C. 20655

\...../

SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACT 0F. REGULATION COMPLIANCE WITH ATWS RULE 10 CFR 50.62 JOSEPil 11. FARLEY NUCLEAR POWER Plant, UNITS 1 and 2 00CKET NO. 50-348 AND 50-364 1.0 _ INTRODUCTION On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include 10 CFR 50.62, "Requirements for Reduction of Risk from Anticipated Transients Withovt w am (ATWS) Events for Light-Water-Cooled huclear Power Plants" (know, as the ATWS Rule). The requirements of 10 CFR 50.62 apply to all commercial light-water-cooled nuclei

  • power plant,.

An ATWS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) thai is accompanied by a failure of the Reactor Trip System (RTS) to shut do.n the reactor. The ATWS Rule requires specific improveser1s in the design and operation of conrercial nuclear power facilities to raiuce the probabiHty of failure to shut down the reactor following anticipated transients ar.J to mitigate the consequences of an ATWS event.  ;

Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants. Equipment, diverse frcm the RTS, is requireo to initiate the auxiliary feedwater (AFW) system and a turbine trip for ATWS events. In response to paragraph (c)(1), the e Westinghouse Owners Group (WOG) developed a set of conceptual ATWS nitigating system actuation circuitry (ANSAC) designs generic to Westinghouse plants. WOG issued Westinghouse Topical Report WCAP-10858,

! "AHSAC Generic Design Package," which previded information o' the various Westinghouse designs.

i We reviewed WCAP-10858 and issued a safety evaluation on tha subject topical report on July 7,1986 (Ref.1), in this safety evaluation, we concluded that the generic designs preser ;ev VCAP-10858 adequately meet the recuirements of 10 CFR 50.62. The ap; m ,ee version of the WCAP is labelec WCAP-10858-P-A.

During the course of the staff's review of the proposed ANSAC design, the WCG issved Addendum 1 to WCAP-10858-P-A by letter dateo February 26, 1987 (Ref. 2). This Addendum changed the setpoint of the C 20 AHSAC pennissive signal from 707, reactor power to 407, power. On August 3, 1987, the WOG

< Issued Revistun 1 to WCAP-10858-P-A (Ref. 2), which incorporated Adder.dum 1 changes and provided details on changes associated with a new variable timer and the C-20 tire delay. For those plants selecting either the feedwater flow or the feedwater pump / valve *'Itus logic option, a l GG11070046 081031 PDR ADOCK 05000348 .

t P PDC

s variable delay tirer is to be incorporated into the AMSAC actuation logics. The variable time delay will be inverse to reactor power and will approximate the time that ths steam generator takes to boil down to the low-low level setpoint upon a loss of main feedwater (MFW) from any given reactor power level between 40% and . 0% power. The time delay on the C-20 permissive signal for all logics will be lengthened to incorporate the maximum time that the steam generator takes to boil down to the low-low level setpoint upon a loss 01 MFW with the reactor operating t 40% power. We consider the Revision 1 changes made by WOG to be acceptable.

Paragraph (c)(6) of the ATWS Rule requires that detailed information to demonstrate compliance with the requirements be submitted to the Director, Office of Nuclear Reactor Regulation (NRR). In accordance with paragraph (c)(6) of the ATWS Rule, Alabama Power Company ( APCo or the licensee) provided information by letters dated February 27,1987 (Ref, 4) and Decerber 9, 1987 (Ref. 5). The letters forwarded the detailed design description of the AHSAC proposed for installation at the Joseph li. Farley Nuclear Power Plant, Units 1 and 2. The AMSAC is installed and operating at this time at the Farley site.

On February 9,1988, the NRC staff held a conference call with the licensee to discuss their AMSAC design. As a result of the conference call, the licensee responded to the staff concerns by letter dated April 28, 1988 (Ref. 6). Also, by letter dated August 12, 1988 (Ref. 7) APCo submitted WCAP-8687 (proprietary and non-proprietary versions) relating to qualification tests for the AMSAC relays that interface with the plant RTS, 2.0 REVIEW CRITERIA The systems and equipment required by 10 CFR 50.62 de not have to meet all of the stringent requirements normally applied to safety-related equipment, liowever, the equipment required by the ATWS Rule should be of sufficient quality and reliability to perform its intended function while minimizing the potential for transients that may challenge the safety systems, e.g., inadvertent scrams.

The following review criteria were used to evaluate the licensee's submittals-1, The ATWS Rule, 10 CFR 50.62. ,

2. "Considerations Regarding Systems and Equipment Crtteria,"

published in the Federal Register, Volume 49, Ne 124, dated June 26, 1984

3. Generic Letter 85-06, "Quality As wrance Guidance for ATWS Equipeent That is Not Safety Rel*s d," dated April 16, 1985.
4. The WOG Generic Design, WCAP-li A, Revision 1 (Ref.3).
5. The NRC Saf ety Evaluatien of WCAP-10858 (Ref.1).

3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATNS event are present, the licensee has elected to implement the WCAP-10858-P-A AMSAC design which monitors three separate existing narrow range steam generator water level transmitters and activates the AMSAC when the steam generator water level is below the low-low water level setpoint established for the RTS. Also, the licensee impleme.ited the new time delay associated with the C-20 permissive signal consistent with the requirements of Revision 1

Many details and interfaces associated with the implementation of the final AMSAC design are 9f a plant-specific nature. In the safety evaluation of WCAP-10858, the NRC staf f identif ied fourteen key elements that require resolution for each plant design. The following paragraphs are a discussion of each of the plant-specific eierents for the Farley ANSAC:

1. Diversity i

The plant design should include adequate diversity between the AMSAC equipment and the existing RTS equipment. Reasonable equip-ment diversity, to the extent practicable, is required to minimize the potential for conunon-cause f ailures.

The licensee provided information to confirm that the microprocessor-based AMSAC logic t ircuits are diverse from the logic circuits of the RTS in the areas of design, equipment, and manufacturing. Where similar types of ccmponents are used, such as relays, the ANSAC utilizes a relay of a different make and manufacturer.

2. Logic Power Supplies Logic power supplies need not be Class 1E, but must ce capable of L performing the ree,uired design function upon a loss of offsite power.

The logic power must cae from a power source that is independent from the RTS power supplies.

The licensee provided information verifying that the logic power supplies selected for the Farley AMSAC logic circuits provide the maximum available independence from the RTS power supplies. The AMSAC is powered from nonsafety-related power supplies which are independent of the RTS and are capable of operating upon a loss of offsite power.

3. Safety-Related Interface The implementation of the ATWS Pxle shall be such that the existing RTS continues to meet all applicable safety criteria.

~

l. .

The proposed Farley AMSAC design has no safety-related interfaces at the input. At the output, the ANSAC interfaces with the Class 1E-circuits of the AFW pumps. Connections with these Class 1E circuits are made through the use of approved Class 1E isolation devices. The licensee confirmed that the existing safety-related criteria in effect at the Farley plant and detailed in Section 8 of the FSAR continue to be met after the implementation of AMSAC (i.e., the RTS continues to perform its safety functions without interference from j AMSAC). (Refer to paragraph 9 for further discussion.)

4. Quality Assurance The licensee is required to provide information regarding compliance with Generic Letter (GL) 85-06, "Quality Assurance for ATWS Equipment That Is Not Safety Reinted."

i The criteria of the NRC quality assurance (QA) guidance (GL 85-06) -

were reviewed by the licensee. The licensee stated that the quality assurance (QA) practices at the Farley plant, as applicable to nonsafety-related AMSAC equipment, are based upon 10 CFR Part 50, Appendix B, and, therefore, exceed the QA requirements of GL 85-06.

5. Maintenance Bypasses Information showing now maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incorporated into the continuous indication of bypass status in the Control room.  ;

I The licensee provided information showing how maintenance on ANSAC will be accomplished at power. The licensee performs such main-tenance at power by inhibiting the operation of the AMSAC output relays. These relays block the output signal, thus preventing the  ;

4 signal from reaching the final actuation devices. The continuous "

indication of bypass status is provided in the main control room through the use of status lights and annunciation. The licensee has  !

conducted a human-factors review of the indications consistent with the control room design review process. ,
6. Operating Bypasses j The operating bypasses should be indicated continuously in the I control room. The independence of the C-20 permissive signal should

! be addressed.

i 3

i The licensee provided information stating that an AMSAC operating permissive signal, C-20, is used to enable the operators to bring the plant up in power during startup and to avoid spurious AMSAC ,

. actuations at power levels below 40% reactor power (the C-20 6

setpoint). Above 40% reactor power, the C-20 permissive will t l automatically arm the AMSAC Icgics. Upon the loss of the C-20 input  !

4

. . . , _ _ _ _ - - _ _ _ _ _ _ . _ _, , _ , _ . _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ , _ _ . _ ~ . _ _ _ _ _ _ _ _

(turbine impulse pressure signal), the permissive signal will be maintained by a timer for a period of 260 seconds. This value is based on the results of a plant-specific analysis which the NRC staff considers acceptable. The licensee determined that the C-20 time delay is sufficient to ensure AMSAC will perform its function in the event of a turbine trip (loss-of-load ATWS). The C-20 permissive signal originates from two new, diverse turbine first stage impulse chamber pressure transmitters. Thus, the transmitters are completely independent from the RTS. The C-20 permissive signal is processed by the AMSAC logic, which is also diverse from the RTS, and the C-20 status is continuously indicated in the main control room when the reactor is below the 40% power level. This indication is consistent with the accepted human-factors guidelines in effect at the Farley plant.

7. Means for Bypasses The means for bypassing shall be accomplished using a permanently installed, human-factored, bypass switch or similar device.

Disallowed methods for bypassing mentioned in the guidance should not be utilized.

The design for bypassing AMSAC during testing and maintenance is accomplished with a permanently installed bypass switch. The disallowed methods for bypassing, such as lif ting leads, pulling fuses, blocking relays, or tripping breakers are not used. In addition, the licensee conducted a human-factors review of the bypass controls and annunciation consistent with the detailed control room design review process.

8. Manual Initiation Manual initiation capability of the AMSAC mitigation function must be provided.

In the plant-specific submittal, the licensee described how manual turbine trip and AFW actuatinn are accomplished by the operator. In sumary, the operator uses existing manual controls located in the main control room to perform a turbine trip and to start AFW flow should such actions be necessary. Thus, no additional manual initiation capability is required as a result of installing the AMSAC,

9. Electrical independence From Existing Reactor Trip System Independence is required from the sensor output to the final actuation device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolators.

The licensee described the electrical independence as it is achieved.

The design requires isolation between the non-Class 1E AMSAC and the Class 1E circuits associated with the AFW pumps. The licensee

4 informed the staff that the required isolation is achieved using <

electrical isolation devices that are qualified and tested to Class IE electrical equipment requirements. The isolators were tested as described in Appendix A of the NRC Safety Evaluation (Ref.1). In addition, the licensee provided qualificaiton test reports (Ref. 7) for the output relays. The NRC staff concludes that these isolators are satisfactorily qualified for use at the Farley plant. The implementation of the AMSAC design is consistent with the electrical separation criteria established for the plant during the original Farley plant licensing.

10. Physical Separation From Existing Reactor Trip System l
The implementation of the ATWS raitigating system must be such that I

the separation criteria applied to the existing RTS are not violated.

. The AMSAC is physically separated from the RTS circuitry. The cable l routing is independent of RTS system cable routing. The AMSAC cabinets are located so that there is no interaction with the RTS cabinets. Also, the RTS design continues to meet the separation criteria originally established for the Farley plant during initial plant licensing.

11. Environmental Qualification The plant-specific submittal should address the environmental qualification of ATWS equipment for anticipated operational occurrences.

The AMSAC mitigation equipment is located in areas of the plant that are considered to be a mild environment. The equipment is environ-entally qualified for anticipated operational occurrences that might occur at the respective equipment locations. The NRC staff requires that only the isolation devices comply with environmental qualifi-cation (10 CFR 50.49) requirements and seismic qualification requirements.

12. Testability at Power Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing may be performed with the system in the bypass mode. Testing from the input sensor through to the final actuation device should be performed with the plant shut down.

The licensee stated that a complete end-to-end test of the AMSAC system, including the AMSAC outputs through the final actuation devices, will be performed during each refueling outage. However, with the plant at power, the system is tested with the AMSAC outputs bypa s sed. The testing capability consists of a series of overlapping tests. These tests use internally generated calibration signals to verify analog channel accuracy, setpoint (bistable trip) accuracy, and coincidence logic operation, including the operation and accuracy of all timers. The at-power tests tre performed on a quarterly basis similar to the RTS surveillances.

- s t

i The at-power tests are performed with the AMSAC outputs bypassed, as noted above. This bypass action is accomplished by a permanently installed bypass switch, which negates the need to lift leads, pull fuses, trip breakers, or physically block relays. Status outputs to '

the plant computer and main control board, indicating that a general i warning condition exists with AMSAC, are initiated when the AMSAC t outputs are bypassed. Also, plant procedures are used when testing l the AMSAC and the AMSAC outputs. These procedures ensure that AMSAC is returned to service when testing is complete. .

The licensee has conducted a human-factors review of the controls and indications used for testing purposes that is consistent with the ,

detailed control room design review process.  ;

i

13. Completion of Mitigative Action The licensee is required to verify that: (1) the protective action, once initiated, goes to completion, and (2) the subsequent return to  ;

operation requires deliberate operator action.

l The AMSAC system design is consistent with the circuitry of the AFW  ;

and turbine trip control systems. Once initiated, the design ensures that the protective action goes to completion. Following completion i of the mitigative action, deliberate operator action is required to ',

return the actuated devices to normal operation. l

14. Technical Specifications The plant specific submittal should address Technical Specification I requirements for AMSAC.

i The licensee responded that they agree with the WOG (letter 0G-171,  !

dated February 10,1986) that Technical Specifications are not L necessary for the AMSAC system. The surveillance interval and  !

actions required to service the AMSAC are administratively controlled ,

j using station procedures. Also, the AMSAC surveillance schedule is L controlled by the same administrative system as the Technical L l Specification surveillances.

However the NRC staff considers that the equipment required by the I

ATWS Rule to reduce the risk associated with an ATWS event must be  ;

designed to perform its functions in a reliable manner. A method l

{ acceptable to the NRC staff for demonstrating that the equipment

) satisfies this reliability requirement would be to have limiting i conditions for operation and surveillance requirements in the I l Technical Specifications. I

(

l Further, in its Interim Comission Policy Statement of Technical t Specification Improvements for Nuclear Power Plants (52 Federal Register 3788, February 6,1987), the Comission established a  :

specific set of objective criteria to determine which re5ulatory l

l I I

I

! o ,

-8; requirements and operating restrictions should be included in Techr.ical Specifications. The NRC staff is presently reevaluating ATWS requirements to these criteria to determine whether or not, and to what extent, Technical Specifications are appropriate. According-ly, this aspect of the review remains open pending completion of, and subject to, the results of our reevaluation. We will provide further guidance, if necessary, regarding any future Technical Specification requirements for AMSAC.

4.0 CONCLUSION

We conclude, based on this discussion and evaluation and subject to final resolution of the Technical Specification issue, that the AMSAC design installed by APCo for the Joseph M. Farley huclear Plant, Units 1 and 2, is ac:eptable and is in compliance with the ATWS Rule, 10 CFR 50.62, paragraph (c)(1). Until our staff review is completed regarding the need for Technical Specifications for AMSAC the licensee should continue to maintain and operate AMSAC utilizing the existing administratively controlled plant procedures.

Principa'. Contributors: R. Stevens E. Reeves Date: October 31, 1988

REFERENCES

1. Letter, C E. Rossi (NRC) to L. D. Butterfield (WOG), "Acceptance for Referencing of Licensing Topical Report," July 7, 1986,
2. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners Group Addendum 1 to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Package," February 26, 1987.
3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), "Westinghouse Owners Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, e AMSAC Generic Design Package," August 3, 1987.
4. Letter, R. P. Mcdonald (APCo) to U.S. NRC " Anticipated Transient Without Scram (ATWS)," February 27, 1987.
5. Letter, R. P. Mcdonald (APCo) to U.S. NRC " Anticipated Transient WithoutScram(ATWS),"December 9,1987.
6. Letter, R. P. M: Donald (APCo) to U.S. NRC " Anticipated Transient WithoutScram(ATWS),"April 28, 1988.
7. Letter, W. G. Hairston, III (APCo) to U.S. NRC "Joseph M. Farley Nuclear Plant - Units 1 & 2 Anticipated Transients Without Scram (ATWS)," dated August 12, 1988.

-- -- .- - - - - . _ , - _ - _ , _ _ - - - _ - - . . . -_ _ , , ~ , .

r.---_ - - - , , _ . . - . . _ . - . . . - - . _ ,,

Retrieved from "https://kanterella.com/w/index.php?title=ML20195D539&oldid=3346374"