ML20198F569
| ML20198F569 | |
| Person / Time | |
|---|---|
| Site: | Washington Public Power Supply System |
| Issue date: | 03/05/1974 |
| From: | NRC |
| To: | Moore V US ATOMIC ENERGY COMMISSION (AEC) |
| References | |
| CON-WNP-0958, CON-WNP-958 NUDOCS 8605290008 | |
| Download: ML20198F569 (12) | |
Text
_ _ _ _ _ _ _ _ _ . . . _ _ _ _ _ _ _ _ _ _ _ _ . _ ____ __-___ ____ ___
f GC.kd S Uua
- n. .
A MAR 5 1974
..>.: 0 :. i . 1 .
- 7. .\ . ~ ' con.. i..;;;iin.a.it ..irec tor f u e L L M ,- 'a ter : c*ictors, ccoup 2. I.
..- .. i . 7.s.. , ,,,,.?.'u.' r
.i w .r.*. s
.**I.e.,** . a v. c v. .
. ... ~. . .>.n 'u *.13 *~*
. r'*==
. .*O . .i ii.m t . .. c . . P:;f-1 Lic:aain:>, .: n ;: 'huc;;ruethu Pernit ai oc k.J C . ra i. a, . ' :
.,, t F- / . . .: e 6 ri" n i f.b 1'd . f ' '.C 3 .t'.l "roj a'.I' t . ; dull! ! 't.D. . ' - 3 . '.' . f'0 7.
'a ae;;.H w
- l. '- t vi . ..t t a : c '.rt ia r , . ,, 14 7/
- *) icaa t ' t., 's yo.;ae Ld td * : @ .T"t r ,' 85 0 :* a
'.'G :91t. 106 Of .i'T.t Ac tiGti i . k.'.ned .s . I~ 3 ] :C t * !.' t'il .* h D.* l.'s a.crl:'cloi ci a:1 .:.:e. M t. t 30 t of 4 a;:::ti,n. ta ' l'e qitiona
..V 2 . J.J 6 C."I t ' S : ' *?! 10 3.P ' In f o r* '4 010A
. a0id.3 e ' t ir:1t _ :L "I r:it e ' 1(
- 13 t ~ . S, :ltion 3 *
- a. ; , rt2
- i._ ; :s t
/ t;:s L. 2 . .. lac;ric 11. l y cru- . t.a l l o :s .tn ' t ac;ci 0; 1';c.;
. r.mc5 %r a c. -it : '. i to t;e . .c ,lica:.c.
' N.* C.111 td :r .1 t l.a.a tiML ( P.?
- d
- A iOO CJt1Cdra C.i,tG 1 11 t {.0 ~2 le CO
".>.. J. w j. -. . , . . , .q..,, .*4
. s .- .i -.' ...t. . .a...
.. . .. . . , , a. . ( .. 6 e v. ., , ... .
E .i l ia t'111:41 C '/1.1 b ' I. i' C001.
. . ' 11C 0'* il [O*i041 "O*Cr t ' .\%1;? '13 e' w :: l 'n1 ".u'. 11 . 9- I. I .
' tic . 2, ' C J' J . 5 a li, ba J.. ; on t;A C nCC't Of a.:1~ ::Ini : ip e r.,
trr.ev e f < t L::t] a t i- - .t vs L.
. ch re ctor ratcetiot votem chaaaci for t%
un:Lre*r r. : e .w .* L 1.; A
.r tr '.; .c. l r .+ . "i: rn r.ec:L:- s
.ali'.a v; . '. c v. i m c u t t ,vievN
-*-lously. V.'i . / has int boca fCr :all e:vic red. .it .m Ic..I tt
'.. , no t a : c ; ;._ ,. ; 'or a *;. orcu : . reri:'r of t::2 3 S Jecien. t'e
- .* wr: f ore rac.' :wn.i t. :at the r>plic. int, etr.har cut. nit all n :=.2.;arv hf occat toa f or .i cc .lete fir.:t-ci-e-lind reviou of tala cii:n :.
ar u':2 the e . ..ni t:.. .r. : t;ut it still ahJe to a '.* :nd n11 rr, htary c# i 4 a c.- ..>.a t. 6 . .. :. i . v o e . . eu ao a r<.49 u. o r. wr rc 'q .m nr. t'n ia'.:com. a maa.; . 'a -II c a t.ai vaica .i not r...-n
- .s rini. wei .v t.
J mht t'c. 2 :t ni t; .at ca :1.;a to ;es:1t .ill iafor.ation required for a crrr.:1 : t: rev.c. v2 t.. I'20 ..c.d a. us ..tvaeut review ue;ic.h le wil'.
ac t ce rea .' .. !.e to ::. air.t c la.
- 5. s t. t,. , (,3, *, ..t ,. v, e. .,.
m........t,. . .
ara,
. . . , .... c .4.
. ac. ,s .. s .. . i . .,. c.. a .,.. . _
8605290008 740303 PDR 6 DOCK 05000460 A PDR
I l
i j - . . . ,,.
I' MNIl 8 1974
. . ..,. 1
~ ,
! i c.;:. . . c.
. " 9 ; '.
t
, I
- I '/ ) .:
- .. :. , I l
.. g/ - , ;.s l
)
,, .. . )
. a ~- -n ;
6 *e -t)
F DISTRIBUTION: 1 Docket Files L Rdg EIC Rdg V. Stello l E. LEins *
)
i l
l 1
- * * 'a * .. L1E $ .. L ' LtRS _ _._
..L:E}GS .. ..._.
eu.a =e * .DBam]relissi _.DTondih'
~
__ .. .. T o to. VStello . . . _ . _ .
. . , . . 2-28-74 ._}_ /_- .7. 4.-.. . .1/
. _ . 7. . 4. .. .. _ -
._._ .. - 7 4 . . _ . . . . _
.rr,.4ec.usin .,.m ascu o *o =o ca ' ' ** * ' u
- e a h
WPPSS NUCLEAR PROJECT NO. 1 DOCKET NO. 50-460
,' FIRST SET OF POSITIONS & ,JESTIONS INSTRUMENTATION, CONTROL & EMERGENCY AUXILIARY POWER 7.1 The hostile environmental conditions inside containment following a DBA, th3t the safety related equipment will have to withstand without loss of a function are listed in Table 3.11-2. The listing of corresponding environmental conditions presented in Tabic 7.1-2 is appreciably
_. different from those cited above. State and justify your bases for thu environmental conditions that ESFAS equipment inside containment should be qualified to withstand without loss of required function.
Submit the corresponding information contained in Table 7.1-2 for all Engineered Safety Features Systems and their supporting systems, including pressure transmitters and RTDs.
7.2 ItisnotclearfromtheinformationprbsentedinthePSARwhetheryour design of the RPS and ESFAS will satisfy che requirements of Section 4.17 of IEEE Std 279-1971. Describe your design features on a system by
, system basis to show that they, at least, provide for the following:
(a) Redundant means for manual initiation of each protective action at the system level, regardless of whether or not means are also provided to initiate the protective action at the component or channel level (e.g. , individual control switches fcr each pump and valve).
(h) Mannat iniciarinn af a protective aa*da- ~~ *'- ---"- icval perfortis all functions performed by automatic initiation including such functions as " checking" for correct valve positions and starting the required auxiliary or supporting systems.
(c) The amount of equipment common to both manual and automatic initiation should be kept to a minimum. In general, it is preferabic to limit such sharing to the final actuating devices and the actuated equipment.
(d) Hanual initiation depends upon the operation of a minimum of equipment consistent with a, b, and c above.
73 On Page 7.3-9 of the PSAR, you state that the removal of a digital actuation channel from service will not produce a trip. State and justify the bases on which you have concluded that this will leave the ESFAS initiation capabilities adequate to perform their intended function.
7.4 Safety-related display instrumentation is discussed in Section 7.5. It is noted that no criteria were stated that required redundant monitoring channels with at least one channel of each variable recorded powered from the emergency power system and meeting the intent of IEEE 279-1971 as it has been required in recently reviewed plants. We will require that your plant provide this capability. Supplement Section 7.5 to indicate your design modifications to comply with this requirement.
7.5 Discuss in detail your plans to meet the recommendations of Regulatory Guider 1.40, 1.41, 1,47 and 1.53 and IEEE Std 334. Regulatory Guide
1.47 should be supplemented by the following criteria:
The design criteria for the indication systems should reflect the importance of both providing accurate information for the operator and reducing the possibility for the indicating equipment to affect adversely the monitored safety systems. In developing the design criteria, the following should be considered:
- a. The bypass status indicators should be arranged to enable the operator to assess readily the operating status of ;
each safety system and determine whether continued reactor operation is permissible.
- b. When a protective function of a shared system can be bypassed, indication of that bypass condition should be provided in the control room of each affected unit.
- c. Means by which the operator can cancel erroneous bypass indications, if provided, should be justified by demonstrating r
that the postulated causes of erroneous indications cannot be eliminated by another practical design.
I
- d. Unless the indication system is designed in conformance with criteria established for safety systems, it should not be used to perrorm tunctions that are essential to the health and safety of'the public. Neither should administrative procedures require immediate operator action based solely on the bypass indications. i
- e. The indication systems should be designed and installed in a manner which precludes the possibility of adverse effects on '
the plant's safety systems. Failure or bypass of a protective function should not be a credible consequence of failures occurring in the indication equipment and the bypass indication should not reduce the required independence between redundant safety systems.
f.
The indication system should include a capability of assuring its operable status during normal plant operation to the extent that the indicating and/or annunciating function can be verified.
7.6 Your partial compliance with the recommendations of Regulatory Guide 1.22 as stated in Section 7.1.2.8 of the PSAR will not suffice.
We require that your design comply fully with the recommendations of !
s 7.7 We require that conformance to 1EEE Std 344 be supplemented by the Regulatory Position on Electrical and Mechanical Equipment Seismic Qualification contain1d in Enclosure No. 1.
w e e, g g e, .. = .
o _ .,- ._-. - --y. - - . . - - - , - . , - - - . , - - . - - - - - . - - -
~s - .--..----
+
7.8 Section 7.1.2.4 discusses penetration design conformance to IEEE Std 317-1971. This standard is now obsolete and has been super-seded by IEEE Std 317-1972. Please revise this section to-show the degree of conformance to IEEE Std 317-1972, and Regulatory Guide 1.63. List, if any, exceptions you may have and justify
_, your design on some other defined basis.
7.9 The design of the control circuit for the motor operated isolation valves between the~ Core Flooding Tanks and the Primary Coolant System as discussed in Sections 7.6.1.2.1, 7.6.1.2.2 and 7.6.2.2.2 is not acceptable.
An acceptable des'ign should meet IEEE Std 279-1971 and incorporate the following features:
(a) Automatic opening of the valves when primary coolant system pressure _ exceeds a preselected value ( to be specified in the Technical Specifications).
(b) Visual indication in the control room of open or closed status of the valve,, actuated by sensors on the valve.
(c) An audible al'abm, independent of item (b), that is actuated by a sencor en the valve when the valve is not in the
. fully open position.
(d) Utilization of.a safety injection signal to. automatically remove (override) any bypass feature that may be provided to allow an isolation valve to be closed for short periods of time, when the reactor c.colant system is at pressure (in accordance with provisions cf'the Technical Specifications.)
Discuss your intent to comply with this position fully and describe the necessary design changes, or justify your present design by providing the rationale for concluding that your design provides equivalent assurance that these isolation valves will be open when required.
7.10 Supplement the analysis presented in Section 7.4.2 to show that the RPS and CRDCS designs meet the requirements of GDC-25. Specifically, show what protection your design provides to inhibit s single rod withdrawal (not ejection) while the plant is operating. State whether at worst case conditions for such an occurrence (startup or at power) unacceptable fuel damage would occur.
7.11 Outline your plans, for testing procedures and briefly.d.cs.cribe the methods used to periodically verify that response times of p'otective r x channels are within limits established by safety analyscs.
e
e
~4-7.12 Identify all points of interface between the Reactor Coolant System and systems whose design pressure is less than the design pressure of the Reactor Coolant System. Discuss the degree of conformance with the following AEC Regulatory positions for each such interface:
- a. At least two valves in series shall be provided to isolate any subsystem whenever the primary system pressure is above the pressure rating of the subsystem.
- b. For systems where both valves are motor operated, the valves shall have. independent and diverse interlocks to prevent the valves from being accidentally opened unless the primary pressure is below the subsystem design pressure.
- c. For those systems where both valves are motor operated, the valves shall also receive a signal to automatically close whenever the primary system pressure exceeds the subsystem design pressure.
- d. For those systems where one check valve and one motor operated valve are provided, the motor operated valve shall be interlocked to prevent valve opening whenever the primary pressure in ahnva rha anhayatem design preeeure, and te automatically close whenever the primary system pressure exceeds the subsystem design pressure.
- e. For those systems which are required for ECCS operation, the above requirements are recommended but are not mandatory, and the systems will be evaluated on an individual case basis.
- f. Suitable valve position indication should be provided for the above valves in the control room.
7.13 The Integrated Control System (ICS) is used for the control of certain safety related functions under accident conditions. Provide a list of functions and actions that are controlled through the ICS for these accidents. Identify the components such as interlocks, valves, and runback circuits that perform the functions and actions. Provide an evaluation of the effects of failure of each item listed above. For the purpose of tnis evaluation, assume that the failure or combination of failures occurring in the ICS (or ICS controlled equipment) are those which have the greatest potential for affecting, plant safety.
7.14 There'is not sufficient information in the PSAR to determine that your design, utilizing the high and low pressurizer level signal, in lieu of the high containment pressure signal, will provide an equivalent ',
degree of assurance that the reactor will trip prior to or coincident
- with ECCS actuation. The Staff concludes that if the analysis for the
. ' effectiveness of the ECCS performance takes credit for a reactor trip, '
we require that both diverse signals actuating the ECCS be used to trip the reactor; therefore, either (a) modify your design to include e
a high building pressure trip to trip the reactor; or (b) demonstrate that a high and low pressurizer level signal will perform satisfactorily for all accident conditions, and will trip the reactor pr'cr to or
_ coincident with ECCS actuation, thereby assuring effective emergency core cooling. Include in your response what assurance is provided that
, this level measurement will maintain its accuracy during blowdown.
7.15 The proposed design foe the Reactor Protection System has certain essential new features with respect to the Babcock & Wilcox design approved in recent licensing applications (RPS-I). This new design (RPS-II) has been recently submitted by Babcock & Wilcok in report BAW-10057 and provides for the use of a signal generating module in each RPS channel. These signal generating modules are basically small digital computers or mini-computers. The info-T.ation contained ic. the PSAR is not sufficient for us to make an evaluation of the RPS. Also, BAW-10057 has not been reviewed yet. Substantially more information, including preliminary design diagrams, will be required for us to perform the evaluation of the RPS.
7.16 Identify those trip set points, if any, of the Reactor Protection System and Engineered Safety Feasure Systems which are within 57. of the high or low eni! of the calibrated range. Provide an error analysis for each such c'ase that verifies that the required output signal is always conservative when viewed from a safety standpoint.
Provide the design criteria governing this aspect of your design.
8.1 Supplement the informatbn given in Table 8.-l of the PSAR to include the load sizes and the buses from which they will be supplied.
8,2 Submit a more detailed description and a drawing of the routing of rights-of-wayemanating from the switchyard to the grid, and to the - -
plant emergency buses including location, height, and distance between towers and the number of ciredits per tower. State whether ~
falling of a tower on an adjacent redundant circuit is a credible e've nt that may jeopardize the availability of both immediate access circuits from the transmission network. Your response should also cover the criteria for the location of any structure, such as microwave towers or hydrogen trailer ports, etc., to assure independence of offsite power sources.
8.3 Identify the sources of 125 V de control power to the 500 kV and 230 kV switchyard circuit breakers including A-9 substation and describe them to show that the design satisfies the single failure criterion.
emm , ww- -' ,
6-8.4 Section 8.3.5-1 of the PSAR presents your criteria for physical separation of Class IE circuits and equipment. Regulatory Guide 1.75 defines the Staff position in this regard in the form of
_ criteria that are acceptable for implementing the separation requirements of IEEE Std 279-1971 and GDC 17 and 21. We will require conformance with these separation criteria. Discuss the degree of conformance of your design with the.:e criteria and identify all tifferences between these criteria and the separation criteria proposed for your design. Where less strigent criteria are proposed, discuss the reasons for concluding that the less strigent criteria are adequate.
8.5 It is not apparent from the information presented in Chapter 8.0 of the PSAR tSat your design of the power system important to safety will meet the testability requirements of General Design Criterion (GDC) 18. Describe in more detail this aspect of your design. In particular, describe the capability for testing, during normal operation, all actuation devices, circuits, electrical protective relays and related instrumentation.
Identify and justify all parts of your design that do not meet the testability requirements of GDC 18 and the recommendations of Regulatory Guide 1.22. -
8.6 Describe the power grid frequency decay rates expected, at the WPPSS-1 plant, as a result of disturbances occurring anywhere in the grid _ system. Also, describe the type of disturbances considered in your study.
8.7 We understand that the diesel-generator set model and size you intend to procure has not been qualified for nuclear. power plant service.
We will require that you implement the following qualification test program:
~
- a. At least two; tests shall be performed on each diesel generator to demonstrate the start and load capability of these units with some margin in excess of the 2,000 hour0 days <br />0 hours <br />0 weeks <br />0 months <br /> rating.
- b. Prior to initial criticality per formance of at least 300 valid start and load tests shall be performed to demonstrate a .99 reliability factor with a 50% confidence level. At least five (5) of these tests shall be performed onsite on each diesel generator af ter installation. A valid start and load test is defined as a start from design cold ambient conditions with loading to at least 50% of the. continuous 9
O g _ em a *. -.
h, 1
7 rating within,the required time interval, and continued operation until temperature equilibrium is attained. The onsite testing is to be performed using the in plant diesel generator supporting auxiliary systems.
_. c . A failure rate in excess of one per hundred will require further testing as well as a review of the system design adequacy unless no more than a total of three failures occur, for the 300 start and load tests.
Your response should include the following:
- a. A detailed description of the proposed prototype qualification procedure including the number of tests of each type to be performed that conform to the Staff requirements (as stated above) and the criteria to be used in determining whether or not the unit passed or failed _each test; and
- b. Where it is intended to use data'from similar but not identical machines, discuss the criteria to be used in determining whether or not such data can be extrapolated to predict the performance of the actual machines to be used in WPPSS-1.
- c. n mnnetration of your compliance with the recc==cndntiene of IEEE 3S7,
- d. Demonstration of your compliance with the recommendations of Regulatory Guide 1.9.
8.8 Diesel generators have failed to perform their intended function because of the lack of combustion oxygen. The presence of extraneous and/or exhaust gases in the vicinity of the engines was the cause.
Supplement the information presented in'the PSAR to provide assurance that proper combustion air is supplied to the diesel generators under all operating conditions. Especially consider wind direction, stored gases, and spurious initiation of the fire protection systems.
8.9 Supplement the information in Section 8.3.1.1 as required to provide a complete description of the equipment protection trips associated with the emergency diesel generators. Your response should describe the number and type of trips; the number, type and location of alarm and indication; and the equipment protection' bypasses provided during emergency operation. Your response should also include an analysis that demonstrates that your design provides minimum Probability of false trips without unduly exposing the diesel generators to destructive hazards.
8.10 Incidents involving the inadvertent disabling of a component by racking out the circuit breaker for a different component have occurred in nuclear power plants. In view of .these occurrences, provide your design criteria that assures that disabling of one component does not, through incorporation in other interlocking or sequencing controls, render N
b-
other mutually redundant components inoperable. All modes of test, operation, and failure must be considered. In the cases cited above, the racked out position of breakers had not been included in the failure mode analysis of those control circuits.
Include this consideration in your failure code anaPtsis.
Also, your procedures should be developed to ensure that they provide that, whenever part of a redundant system is removed from service, the portion remaining in service is functionally tested immediately af ter the disabling of the affected portion and, if possible, before disabling of the affected portion.
8.11 State and justify your design criteria in sizing the four 125 Vdc station batteries. Your response should include a list of the emergency loads that the batteries will have to serve and the duration of this service for a case of a complete loss of a-c '
power. In recently licensed plants, an acceptable design provides batteries of sufficient capacity to carry their respective load for two hours without charger operation.
Provide & load profile for each battery for the period immediately following the limits (with respect to battery capacity) DBA, assuming loss of the battery charger. This should include battery voltage as a function of time and show the point in time when the design minimum enarge condition is reached.
- Supplement Section 8.3.2 for the design basis to include consideration of the design minimum temperature in the battery room.
8.12 We understand that certain equipment of the N-reactor will be utilized in the WPPSS-1 plant. Provide a complete description of all interfaces with existing systems of the N-reactor with an analysis of all interactive modes with the WPPSS-1 plant. State and justify your design criteria in incorporation in your design of all safety related systems of any portions of the N-reactor systems.
l l
l
Encloture 1
, ELECTRICAL AND MECHANICAL EQUIPME::T SEISMIC QuaLIyICATION PROCRA'1 I. Seismic Test for Ecuionent Operability
- 1. A test program is required to confirm the functional operability
' of all Seismic Category I electrical and cechanical equipment and instrumentation during and af ter an carthquake of magnitude up to and including the SSE. Analysis without testing may be acceptable only if structural integrity alone can assure the design intended function. When a complete seismic testing is impracticable, a combination of test and analycis may be accept-able.
- 2. The characteristics of the required input motion should be specified by one of the following:
(a) response spectrum (b) power spectral density function (c) time history Such characteristics, as derived from the structures or systems seismic analysis, should be representative of the input motion at the equipment mounting locations.
- 3. Equipment should be tested in the operational condition. Oper-ability should be verified during and after the testing.
- 4. The actual input motion should be characterized in the seme manner as the required input motion, and the conservatism in amplitude and frec acy content should be demonst-ated spectrum used shou' cov r the range from 1 through 33 h. z..
"TheAny frequency exceptions taken require justi catgon
- 5. Seismic excitation generally have a broad frequency content.
Random vibration input motion should be used. However, single frequency input, such as sine beats, cay be applicable provided one of the following conditions are met:
(a) The characteristics of the required input motion indicate that the motion is dominated by one frequency (i.e. , by structural filtering effects).
(b) The anticipated response of the equipment is adequately
, represented by one mode.
(c) The input has sufficient intensity and duration to excite all modes to the required magnitude, such that the testing response spectra will envelope the corresponding response spectra of the individual modes.
l :
o' n ..,w. . s m. .
Y "
.s
- 6. The input cotien should be applied to one vertical and one principal (or two orthogonal) horizontal axes si=ultaneously unless it can be demonstrated that the equip =ent response along the vertical direction is not sensitive to the vibratory motion along the horizontal direction, and vice versa. The time phasing of the inputs in the vertical and horizontal direc-
- tions cust be such that a purely rectilinear resultant input is avoided. The acceptable alternative is to have vertical and horizontal inputs in-phase, and then repeated with inputs 180 degrees out-of-phase. In addition, the test cust be repeated with the equipment rotated 90 degrees horizontally.
- 7. The fixture design should =cet the following requirements:
(a) Simulate the actual service mounting
, (b) Cause no dynamic coupling to the test item.
- 8. The in-situ application of vibratory devices to superimpose the seismic vibratory loadings on the complex active device for operability testing is acceptable when application is justifiable.
- 9. The test progran =ay be based upon selectively testing a repre-sentative nu=ber of mechanical components according to type, load level, size, etc. on a prototype basis.
II. Seisnic Design .idequecy of Sucoorts '
l.
Analyses or tests should be performed for all supports of electrical and mechanical equiptant and instrumentation to ensure their structural capability to withstand seismic excitation.
- 2. The analytical results must include the following:
(a) The required input motions to the counted equip =ent should be obtained and characterized in the manner as stated in Sectio: I.2.
(b) The combined stresses of the support structures should be.
within the limits of AS:2 Section III, Subsection NF -
" Component Support Structures" (draf t version) or other conparable stress limits.
- 3. Supports should be tested- with equipment installed. If the equipment is inoperative during the support test, the response at the equipment mounting locations should be monitored and char'acterized in the =anner as stated in Section I.2. In such a case, equipecnt should be tested separately and the actual input to the equip =ent should be more conservative in amplitude and frequency content than the conitored respense.
- 4. The requirements of Sections I.2. I.4, I.5, I.6 and I.7 are applicabic when tests are conducted on the equipment supports.
%