Text

{{#Wiki_filter:, , i NOV 5 1974 l Docket Nos. 50-460 l 50-513 9 Y. A. Moore, Assistant Director for LWRs, Group 2, L WASHINGTO'I PUBLIC POWER SYSTEM, UNITS 1 & 4 Plant Name WPPSS 1 & 4 Licensing Stage: Construction Permit Dockat Numbers: 50-460/513 Responsible Branch and Project Manager: LWR 2-3, T..Cox Requested Coapletion Date: October 31, 1974 Applicant's Responso Date: December 16, 1974 Description of Response: Second Set of Questions and Positions Review Status: Avaiting Information The enclosed second set of questions and positions was prepared by the Electrical. Instrumentation and Control Systems Branch for~ transmittal to the' applicant. It should be noted that the applicant has changed the originally proposed site and added another unit (No. 4) since the first set of questions was sent out. We have attempted to =in4=4ze the impact of these changes on the review schedule by transmitting to the applicant a l draft of ocst of our questions and positions on October 18, 1974. We held a neeting on October 30, 1974 with the applicant for i the purpose of discussing our questions and positions prior to their formal issuance. Although the ineeting was very useful in l clarf.fying a large nisaber of questions and statements on part i of the applicant as well as the staff, nevertheless, we have determined that it will be necessary to have a third set of Q questi6as and positions because cF the aforementioned changes kD f in the applicant's original application af ter the first set / Al l of questions and positions was issued. l l l 8605290237 741105 Victor Stello, Jr., Assistant Director ADOCK0500gO for Reactor Safety l PDR A Directorate of Licensing l l

Enclosure:

orrice > Wan,1 get-oi.-Ques f"i na" &3oSiti^"" e summams k ( onru b l Perus ABC 313 (Rev.9 53) AIOi 0240 W u. s. sovsmausNT PRINTlNG OFFICsa 1974e589 864

l V. A. Moore N0'v ?j)l4 cc w/o enc 1: l W. Mcdonald, L: OPS i ec w/ enc 1: S. Hanauer, DRTA F. Schroeder, L:TR A. Giambusso, L:RP i S. Varga, L:RP A. Schwencer, L: LWR 2-3 } T. Cox, L LWR 2-3 l T. Ippolito, L:EICS D. Tondi, L:EICS 3 D. Basdekas, L:EICS DISTRIBUTION: Cc.ntral File L Mg l EIC Rdg VStello i i t f f i i I i I, i i r L:EIC & IC ._L RS L:ETp_./ orries e. i DLBasdekas

• DTondi hkko 1Stello

$ N _ )).-{ -74 / - 4 '-74_ -14 earnw I Forum ABC 318 (Rev. 9 53) ABCM 0240 1lt u. s. sovsamassar raiattaa orricas sev4.sae see

~ 2'23.0 ELECTP.IC, INSTRUMENTATION & CONTROL SYL MS 223.1 (RSP) You state that Laboratory Tests will be performed for the (3.10.2, seismic qualification of electricci, instrumentarion and 3.11) control systems equipment. We require that documentation of the seismic qualification be submitted as part of this PSAR. Furthermore, it should be noted that BAW-10003, Revision 3 has not been found acceptable as a reference of your qualification program. Specifically, the following concerns must be satisfied before the environmental qualification program reported in BAW-10003, Revision 3 may be accepted for your application. 1. The subject report in its present form does not provide an acceptable basis for testing instrument and control devices to demonstrate the capability of this equipment to function with precision and reliability over the full range of transient and steady-state conditions of both the energy supply and the environment during normal, abnormal and accident circumstances throughout which the system must perform. 2. The testing which is presented in the subject report does not satisfy all of the requirements of IEEE Std 323-1974. 3. The subject report is not applicabic to solid state logic systems such as RPS-II. 4. The subject report is only applicable to specified portions of the reactor protection system. Documentation of your environmental and seismic qualification program of those systems not covered by BAW-10003, Revision 3, will be required, even after and if BAW-10003, Revision 3 is accepted. Furthermore, provide documentation of the environmental and seismic qualification programs that will cover systems and components supplied by others than B&W. 223.2 It is our concern that some of the systems described in the (5.3, 7.2 PSAR may have to be modified 'or new systems added, for the 7.3) purpose of meeting the requirements set forth in RASH-1270 "USAEC Technical Report on Anticipated Tr'ansients Without Scram for Water-Cooled Power Reactors," dated September 1973. Therefore, identify these systems and describe the extent of the modifications / additions that may result from implementation of WASH-1270.

223-2 223.3 Submit information describing your design for preventing or (5.3.6, 7.1 mitigating the consequences of reactor startup with an 7.6) inactive loop, and specify the Technical Specifications restrictions you propose for such' operation if any. 223.4 You state that manual overrides are provided for operational (6.2.2.5) control of certain automatically operated devices. Provide a list of all such manual overrides, giving their justification and design criteria. 223.5 (RSP) Your design provisions for manual switchover from injection (6.3.2.17, to recirculation mode of ECCS are not acceptable. 7.3, 7.4) We require that you provide fully automatic as well as manual initiation at the system level of the switchover from injection to the recirculation mode of ECCS and in conformance with the requirements of IEEE Std 279-1971. Submit additional information, including updated P& ids and one-line electrical schematics and lor,1c diagrams showing your'prdlininary design. 223.6 Provide a functional diagram of the trip channel bypass (7.0) logic for all safety related systems showing the interlock design that prevents the bypassing of more than one channel at a time, and specifically demonstrates compliance with Section 4.11 of IEEE Std 279-1971 and Regulatory Guide 1.47. 223.7 Identify any anticipatory trips or actuation signals for (7.0, 8.0) which you claim no credit in the accident analyses and specify the criteria to which their design is based. We require that all protective instrumentation channels meet the require-ments of IEEE Std 279-1971. 223.8 In discussing compliance with the requirements of IEEE Std (7.0, 8.0) 279-1971, S'ection 3.8, you state that buildings containing safety related equipment will protect the equipment from lightning. Describe how this will be accomplished. 223.9 Identify all safety related signals that are not derived (7.0, 8.0) from direct measurement of the desired process. Justify the use of indirect measurement for each one. 223.10 With regard to pump motors serving the DHR and other ESF (7.0, 8.0) systems and their auxiliaries provide the following information: Specify the minimum voltage required at the motor to successfully accelerate its pump load within the required period. Correlate these requirements with the recommendations contained in Regulatory Guide 1.9 for sequencing safety system loads on an onsite power system. State the minimum margin of motor torque allowed over the pump load torque during the accelerating period of the pump load, and provide criteria for selecting this minimum value.

223-3 Describe the features provided to moniter the temperature rises in large H. P. motor components to evaluate any ingress into their design temperature rise limitations, when a motor fails to accelerate its pump load within the number of starts prescribed by NEMA-MG-1. 223.ll(RSP) With regard to motors of safety related motor operated (7.0, 8.0) valves, we require that the following Regulatory Staff Position be met or made part of the interface requirements: (1) Thermal overload protection, if provided for safety related system motor operated valves, shall have the trip setpoint set at a value high enough to prevent spurious trips due to design inaccuracies, trip set-point drift, or variations in the ambient temperature-at the installed location. The trip setpoint chosen shall be consistent with that of any branch circuit protective device used. Periodic tests are required and shall be performed on each of the thermal overload devices to verify the accuracy and reliability of the overload trip setpoint. OR (2) Ihermal overload protection may be bypassed under accident conditions and the bypass circuitry shall be designed to IEEE Std 279-1971 criteria as appropriate for the rest of the safety related systems. 223.12 List and describe each way in which the operating personnel (7.1, 7.8) will use the informa, tion provided by the Incore Monitoring System (IMS). (See Questions No. 223.41 and 223.42) 223.13 " Engineered Safety Features Panels" was deleted. Explain (7.1.1.2) the reason. 223.14 Discuss your plans to comply with the recommendations of (7.1.2) IEEE Std 323-1974, 344-1971, 352-1972, 382-1974 and ? Regulatory Guides 1.62, 1.75, 1.78 and 1.81. Update Table 7.1-1 accordingly. 223.15 Several parameters listed in Table 7.1-2 for normal, worst (7.1.2) case accident, and des.ign conditions were changed in Amendment No. 6. Explain and justify each of these parameter changes. Complete Table 7.1-2 for all ESF Systems and their Supporting Systems, including pressure transnitters and RIDS. Your response to Question 7.4 did not address our concerns. 223.16 (RSP) Your exemptions to the provisions of IEEE Std 317-1972 (7.1.2.4) Paragraphs 4.6(2) and 5.15 are not acceptable. It is our position that the recommendations of IEEE Std 317-1972 be met fully.

4 223-4 Discuss the applicability of Industry Standards ANSI-C39.1, C39.2, and C39.5 listed in Table 7.1-1 and explain why they are needed to supplement the corresponding IEEE Standards and exactly how you propose to use their recommendations. 223.17 List all protective functions and related equipment that will (7.2, 7.3) not be tested while the reactor is at power, and discuss how each conforms to the provisions of Paragraph 4 of Section D of Regulatory Guide 1.22. 223.18 (RSP) Your commitment to comply with the recommendations of IEEE (7.2, 7.3) Std 379-1972 and Regulatory Guide 1.53 is acceptable. However, we require that the results of your analysis be submitted at this time as part of the Preliminary Safety Analysis Report (PSAR) and not the FSAR as stated in your response to Question 7.8. 223.19(RSP) Our position on interface criteria betueen the Reactor (Q7.14) Coolant System and low pressure systems, transmitted to you carlier should be supplemer.ted by the'following requirement. Appropriate design features should be provided to assure that a singic failure or operator error will not defeat not only 'the isolation function but also the availability of any system in this category when needed to perform its safety function. Supplement your response to the subject question by submitting P& ids and on-line electrical diagrams shouing that the stated requirements are met. 223.20 (RSP) Your response to Question 7.16 is.not applicable any more (7.2) to the present status of the RPS-II review. Babcock and Wilcox has submitted Topical Report BAU-10085 for our review of RPS-II which is presently under review. Our acceptance of the RPS for WNP - 1 and 4 is conditioned on the acceptance of BAW-10085. Identify any features of the design, hardware, installation and on-line testing of RPS for WNP 1 and 4 that are different from that described in BAW-10085. Furthermore, we require that you make the commitment at this time that in the event that RPS-II is not approved by the Regulatory staff by the time of the FSAR for WNP 1 and 4 you will incorporate in your design a RPS which has already been approved and in use such as RPS-I. 223.21 (RSP) Your discussion contained in your response to Question 7.17 (Q7.17) dealing with the reactor cutlet temperature trip set point is not acceptable including the numerical estimation of the

223-5 worst case error. The safety margins provided in these instrumentation channels are not acceptable and we will require that they be extended to 5% or more of the upper end of the calibrated range. 223.22 Provide a description of the RPS with regard to partial (7.2) loop operation in sufficient detail to permit an independent evaluation of the adequacy of the design. The description should address the following: (1) the envelope of the permissible operating limits for the various ccmbina'tions of reacto~r coolant pumps operating, (2) the method used to automatically adjust trip setpoints to a level corresponding to the number of pumps in operation, (3) the method used to establish how manyrpumps are operating and in which reactor coolant loop (4) identification of the RPS setpoints to be adjusted and (5) discussion of how the design conforms to the requirements of IEEE Std 279-1971. 223.23 (RSP) The Nuclear Instrumentation (NI)~ System is an integral part (7.2) of the RPS required to operate under normal as well as abnormal conditions thct may be accompanied by hostile environment. This hostile environment may prevail tor some-time before any plant RPS parameter exceeds its trip setpoint and initiation of the reactor trip ocents. Discuss what assurances you are providing by design and/or equipment qualification that the RPS will provide all protective functions it is intended to provide under the worst possible environmental conditions that may develop as a result of an incident such aa a small high energy fluid line break and/or a Safe Shutdown Farthquake (SSE). We require a substantiation that the entire RPS teets the recommendations of IEEE Std 323-1974 and IEEE Std 344-1971 as supplemented by Regulatory Staff Position. 223.24 (RSP) There is not sufficient information in the PSAR to determine (7.2, 7.3 ) that your design, utilizing the high and low pressurizer level (15.1.3) signal, in lieu of the high containment pressure signal, will provide an equivalent degree of assurance that the reactor will trip prior to or coincident with ECCS actuation. The staff concludes that if the analysis for the effectiveness of the ECCS performance takes credit for a reactor trip, we require that both diverse signals actuating the ECCS be used to trip the reactor; therefore, either (a) modify your design to include a high building pressure trip to trip the reactor; or (b) demonstrate that a high and low pressurizer level signal will perform satisfactorily for all accident conditions, and will trip the reactor prior to or coincident I with ECCS actuation, thereby assuring effective emergency core cooling. Include in your response what assurance is provided that this level measurement will maintain its accuracy during blowdown.

223-6 223.25 Provide location layout drawings of all RPS, ESF and their. (7.2.1) supporting auxiliary systems as specified in Section 7.2.1.2 of the " Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants", Revision 1. 223.26 Your provisions for the verification of trip response times (7.2.2.1) to be performed during plant shutdowns only as stated in your response to Question 7.13 is not acceptable. Discuss how you plan to determine the test interval to verify that response times for RPS and ESF channels remain within acceptable limits during normal operation. 223.27 Your response to Question 7.6 is not acceptable. Removal of (7.3.2.1) an actuation channel should not result in a situation that reliance is placed on manual actuation of another protective channel or systcm. 223.28 I Your discussion presented in the subject Section is not -(7.4) sufficient to ascertain that your design satisfics the requirements of GDC 19. Using the P& ids presently in the PSAR and those to be submitted in response to requests in this set of Questions and Positions, provide a listing of specific equipment, identified by the numbers shoun on the-P& ids, that are required to accomplish a safe shutdown of the reactor from outside the control room. 223.29 (RSP) Submit Figures 7.4-2, 3, 4 and 5 to reflect the preliminary (7.4) and not a typical design of the Auxiliary Feedwater System. Include and cross reference the component numbers in a P&ID for the Auxiliary Feeduater System. Your discussion of the Auxiliary Feedwater System is not adequate for our independent evaluation. Provide a complete description of the system, including P& ids, one-line electrical schematics and logic diagrams. It is the staff's position that the auxiliary feedwater system must be capable of satisfying its functional requirement after sustaining a break in its piping inside containment and a single electrical failure. The rationale that supports this position is that the auxiliary feedwater line break would result in generating an accident signal that will trip the unit causing a loss of offsite power. A heat sink must be maintained assuming a single electrical (active) failure anywhere in the auxiliary feedwater system or in the onsite power system. (See Question 223.61) 223.30 The Boron feed and bleed system is listed as a part of the (7.4, 7.7) ICS. Ascertain that you meet the requirements of GDC 26 with the systems listed in Section 7.4 with respect to achieving and maintaining a cold shutdown. Describe the protective instrumentation and protective actions provided by your design during fuel loading, refueling and maintenauce operations.

v. 223-7 223.31. Demonstrate that nTo electrical failure in the automatic trip (7e4) portion of the CRDCS could cause sufficient current to flow through two series switches so that their contacts could be welded together, thus negating the amanual trip function. Provide an electrical schematic for this sytem. 223.32 Provide a P&ID showing the system described under Item 5 (7.4.1.2.2) in the subject Section. Explain why you deleted the para-graph discussing the system's normal operation. 223.33 (RSP) The Essential Control and Instrumentation (ECI) System (7.4.2.2) must meet all the requirements for safety related systems including those of IEEE Std 279-1971, IEEE Std 379-1972 and the recommendations of Regulatory Guides 1.22, 1.47 and 1.62. (See Question 7.8) 223.34 You state that during some abnormal conditions, the pressurizer (7.4.1.2.2) heaters are manually controlled to maintain hot shutdown. List the incidents or accidents that may lead to such a need, justify your decision to rely on manual control, and state the consequences of the pressurizer heaters failure or operator error to provide pressure control function. Do the same for the pressurizer spray control system. State the consequences of the spray valve failing in the closed position. 223.'35 (RSP) Manual control for each redundant component is not acceptable. (7. 4. 2. 2.1) Manual initiation at the system level according to Section 4.17 of IEEE Std 279-1971 is required. Submit information to substantiate that your design meets this requirement. 223.36 (RSP) Your response.to Question 7.7 is not acceptable. We require (7.5.1.1.2) that the recorders used in safety related instrumentation be seismically qualified to continue to accurately record af ter the seismic event without requiring maintenance. Discuss the bases for determining that the instrumentation channels listed in Table Q7.7-1 are adequate to follow the course of any DBA and provide the operator with sufficient information to take necessary protective actions. It is our position that your design of the post-accident monitoring and safe shutdown display instrumentation systems include the following: i 1. Provide two redundant channels indicating in the control room with at least one channel recorded. 2. Have both channels powered from the onsite emergency power sources and meeting the require-ments of IEEE Std 279-1971. (Our position, as transmitted to you originally, was in error in that only the recorded channel should be powered from the emergency bus). . b,

I 223-8 ~ 3. Have the recorded channels permanently wired to the recorder. Selection capability between two channels, although desirable in some respects, would jeopardize the independence of the emergency buses, therefore, is not acceptable. The term " principles in IEEE Std 279-1971" used in your response to Question 7.7 is ambiguous. Amend your statement to read " requirements of IEEE Std 279-1971". 223.37 Explain the change in testing from individual actuated (7.5.1.2.1) devices to groups of actuated devices. 223.38 (RSP) Your response to Question 7.12 is not acceptable with the (7.6.1.2.1, exception of Item (b). We require that your design comply 7.6.1.2.2, with our position stated in the subject question. 7.6.2.2.2) 223.39 Your response to Question 7.15 is not acceptable because (7.7) it fails to address all modes of operation, failures and malfunctions of the ICS. Perform a failure mode and effects analysis for the ICS in which you evaluate its normal operation, failures, and mal-functions. Include in your considerations the effects of the dry-out time for the steam generators and state what this time is for each power level you address in your analysis. Submit information regarding this analysis to show the following for each case analyzed: (1) The assumptions used and their justification. (2) The worst case conditions and their bases. (3-) The specific subsystems of ICS involved in each action, the effects of its failure or malfunction on other subsystems of ICS, and the ultimate effect on safety of the plant. (4) A complete list of functions performed by the ICS in all modes of operation and analyzed failures and malfunctions. 223.40 Describe the bases for regrouping control rods during core (7.7.1.3) life. Discuss the possible errors which could result, especially the grouping of CRAs with the wrong group. Present safety analyses of the possible errors, and prove that they can be detected and safely controlled.

1 i 223-9 223.41 Describe the computer calculation of the depletion function (7.8) for the incore detectors. Describe all adjustments made to incore detector signals by use of the computer. Justify the absence of calibration of incore detectors. 223.42 Describe all corrections made to the excore power range (7.8) instrumentation singals before the signals are used to determine axial offset and tilt. 223.43 Your response to Question 8.4 is not sufficiently detailed .(8.2.1) for us to determine if your design is acceptable. Submit one-line diagrams showing the control power connections from the station emergency busec as well as the switchyard battery and discuss your provisions to assure the integrity and separation of Class IE power sources and distribution system of WNP-2. 223.44 Yo'r response to Question 8.3 is not complete for us to u (8.2.1.1) make an independent evaluation of the credibility of one transmission line and its associated towers structural failure to cause the adjacent and redundant of fsite power circuit to fail. Submit detailed one-line diagrams and sketches showing the relative location, distances and tower heights of the 500 and 230 kV circuits both between the units and the H. J. Ashe switchyard as well as beyond the H. J. Ashe switchyard. Include in your diagrams the locations at which the 500 and 230 kV lines cross over one another. A cascading failure possibility as the one described in your response to the subject question involving the lines in the vicinity of the H. J. Ashe switchyard will not be acceptable. 223.45 The qualification testing progran requi'rements for the (8.3.1) diesel generator sets to be used for WNP-1 and 4 should be clarified to remove an inconsistency that uas present in our position as transmitted to you in Question 8.8. We require 300 valid start and load tests that will give a.99 reliability factor with a. maximum confidence level of 95% which we consider an achievable goal. Part (c) of our original position is still valid in that a failure rate of no more than 3 per 300 tests will produce a.99 reliability factor with a confideace level less than 95% which we will accept unless any of the failures indicates a generic basic problem with that type of machine. Amend your response to Question 8.8 to reflect this clarification in our requirements.

223-10 223.46 Your response to Question 8.2 is not complete. Table (8.3.1) 8.1-1 is not all-inclusive in identifying the loads that are served from emergency buses EA and EB. The same is true for Figure 8.3-1. We need a complete listing of the emergency loads that are served from EA and EB x either 'directly or through the 4160/480 v transformers. 223.47 (RSP) With regard to the diesel-generator trip circuit bypasses (Q8.9, we require the following: 8.3.1.1) 1. The design should provide for bypass of all mechanical trips, except engine overspeed. (Electrical protective trips associated with the generator should be retained.) This concept will reduce the probability of spurious trips during emergency conditions, and will also reduce the exposure of the equipment to undue hazards during routine tests. Provisions should be included for the monitoring of all the bypassed parameters and the alarming of all excessive values in the control room. In addition, provisions should be included for testing the status and operability of the bypass circuits. 2. If mechanical trips in addition to overspeed are not bypassed, an acceptable design should provide two-or-more independent measurements of each of the non-bypassed mechanical trip parameters. Trip logic should be such that diesel trip would require specific coincident logic. 3. Bypasses for. diesel-generator protective trips should be designed to meet the requirements of IEEE Std 279-1971. Revise Table 8.3-5 to reflect conformance of your design to the above requirements. 223.48 Your justification of exemptions to Regulatory Guide 1.75 (8.3.3.3, are not acceptable. Either quantify your bases for 8.3.5.1) reaching the conclusions presented in Section 8.3.5.1 or propose alternate routing of mutually redundant Class IE raceways. 223.49 (15.0) DELETE

V = 223-11, 223.50 Since the operator has provisions to manually control (15.1.3) single rod motion, the single rod withdrawal accident should be analyzed as an anticipated event. Specifically, provide information justifying the selection of worst-case conditions of time-in-cycle, power level, power distribution, peaking factors, control rod worth, control rod position, etc. Justify any differences between these selected values and those used in the rod ejection accident. Provide a plot of maximum fuel centerline. temperature as function of time for the control rod misoperation accident. Demonstrate that the worst-case initial conditions have been analyzed. Justify that the following control rod misoperation accidents do not have to be analyzed: (1) Inadvertent withdrawal of two or more control rods at the same time (2) Leaving one or more rods behind (i.e., stuck rods) during rod bank withdrawal. (3) Insertion of a rod bank with one or more bank rods stuck. Discuss the derivation of the BOL and E0L rod worths in Table 15.1.3-1. How have uncertainties been included? Ghow the changes in minimum DNBR and minimum ku/ft for the control rod withdrawal and misoperation accidents. Describe the startup and full power control rod withdrawal and misoperation accidents. Supplement the analysis presented in Section 7.4.2 to show that the RPS and CRDCS designs meet the requirements of GDC 25. 223.51 For the case of a steam line break accident inside containment (15.1.14) it is assumed that the main steam isolation valves and the feedwater isolation valves to the affected steam generator close. Demonstrate that in the event of a steam line break inside containment concurrent with loss of offsite power, no single failure in the main steam and feedwater isolation valves will defeat these two protective actions. Identify all instrumentation, controls and electrical equipment that are not designed to Clas s IE requirements for which

223-12 credit is taken in this analysis. Supplement your discussion with a sketch showing the feedwater/ steam system and identify all components that need to be actuated in all cases of a feedwater/ steam line break inside and outside containment. Submit the results of a failure mode and effects analysis and ascertain that the requirements of IEEE Std 279-1971 and IEEE Std 308-1971 are met by all systems and components required for the feedwater/ steam line isolation while alJowing emergency core cooling. 223.52 It is not clear from the information presented in the (8.1.2.1 PSAR how the load break switch (LBS) is used to 8.2.1.3) disconnect the full rated generator load. Provide additional information describing in detail, the mode of the LBS operation, automatic and/or manual. ~ 223.53 (RSP) You state in the PSAR that "Two redundant Class IE (8.1.2.1) 100% capacity diesel generators are provided..." It should be pointed out that some margin beyond 100% will be required. See Questions 8.8 and 223.45. 223.54 (RSP) You state in the PSAR that "Any other non-Class IE (8.1.2.2) equipment required to maintain the station in a safe and orderly condition is supplied, etc." The implication of this statement is that some equipme~nt required for achieving and maintaining a safe shutdown condition of the plant are not Class IE. This ic unacceptable. s Provide a list of all such systems and equipment and state your plans to upgrade them to Class IE. 223.55 You state in the PSAR that "Furthermore, under conditions (8.1.2.2) where the Class IE system is required to perform 1.ts safety functions, the non-Class IE loads will be disconnected from the system thereby removing them as a potential source of degradation." Give your design bases and other reasons for this provision and the mechanism for accomplishing it. State whether you meet the provisions of Regulatory Guide 1.75, Section 4.5 and more specifically, with regard to the use of isolation devices in associated non-Class IE circuits. If you take an exemptiony state and justify it. 223.56 Submit the results of an analysis for the case that the (8.3) station auxiliary and backup auxiliary transformers have to accept and carry all loads following a turbine trip of one unit at full power while the other unit is in start-up. Show that the transformers have the required ratings and characteristics to carry the loads of both plants or that load shedding is provided to ensure continuous power availability to the emergency power buses I

~ 223-13 as required by GDC 17. If load shedding is used, provide a description and design criteria. Provide a. figure similar to Figure 8.3-1 to show the offsite and onsite power system connections for both units. 223.57 Diesel-generators have failed to perform their intended (8.3) function because of lack of combustion oxygen. The presence 'of extraneous and/or exhaust gases in the . vicinity of the engines was the cause. Supplement the information presented in the PSAR to provide assurance that proper combustion air is supplied to the diesel-generators under all operating conditions. Expecially consider wind direction, stored gases, and spurious initiation of the fire protection systems. 223.58 It is not clear from the information presented in the PSAR (8.2, 7.3) what your design provisions are with regard to disconnecting of the Reactor Coolant Pumps from thair electric power b,uses because of excessive grid frequency decay rates, to allow fthe pumps to coastdown. Provide additional information to show what your requirements are in this regard as applied to accident analyses presented in Chapter 15.0. Your response should state the limiting frequency decay rate in Hz/sec. 223.59 (RSP) We require that your Technical Specifications include a (8.3) requirement for'the periodic testing of the station batteries which meets the intent of Section 5.3.6 of IEEE Std 308-1971 uto determine battery capacity. The performance discharge test as listed in Table 2 of IEEE Std 308-1971 should be performed according to Section 5.4 of IEEE Std 450-1972 during each refueling operation or at some other outage with intervals between tests not to exceed 15 months. 223.60 (RSP) With respect to the application of the single failure (7.3) criterion to manually-controlled, electrically-operated valves, we require the following: (1) Single failures of both active and passive components in the electric systems of valves and other fluid system components should be considered in designing against a single failure, even t, hough the fluid system component may not be called upon to function in a given safety system operational. sequence. (2) Where it is determined that failure of :a single active or passive component in an electric system can cause mechanical motion of a passive component in a fluid system and this motion results in total loss of the system safety function, it is acceptable in lieu of design changes that also may be w

223-14 acceptable, to disconnect power to the electric systems of the component. The plant technical t specifications should include a list of all electrically-operated passive valves, and the required positions of these valves, to which the requirement for removal of electric power is applied in order to satisfy the single failure criterion. (3) Electrically-operated valves which are classified as active valves, but which are manually-controlled should be operated from the main control room. Such valves may not be included among those valves from which power is removed in order to meet the single failure criterion, unless: a) electric power can be restored to the valves from the main control room, b) valve operation is not necessary for at least 10 minutes following occurrence of the event requiring such operation, and c) it is demonstrated that there is reasonable assurance that all necessary operator actions uill be performed within the time shown to be adequate by the analysis. The plant technical specifications should include a list of the required positions of manually-controlled, electrically-operated valves and should identify those valves to which the requirement for removal of electric power is applied in order to satisfy the single failure criterion. (4) When the single failure criterion is satisifed by removal of electric power from passive valves or from active valves meeting the requirements of 3, above, the associated valves should have redundant position indication in the main echtrol room and the position indication system should itself meet the single failure criterion. (5) The phrase " electrically-operated valves" includes both valves operated directly by an electric device (e.g., a motor operated valve and a solenoid operated valve) and those valves operated indirectly by an electric device (e.g., an air operated valve whose air supply is controlled by an electric solenoid valve.) 223.61. (RSP) With respect to the design of the Auxiliary Feedwater -(7.3) System, it is our position that complete reliance on any one source of energy for the auxiliary feedwater systems is not acceptable. This includes not only the pump drives but whatever other powered components are required for the operation of the systems. An example of an acceptable auxiliary feeduater system would be one relying on d-c and steam plus one relying on only a-c, either one of which can provide the required flow.

... + 223-15 223.61 State'your intent with regard to meeting this position . or justify the.present design on some other defined basis. (See Question 223.29). b O 4 9 e}}