l eM9eew t.wyt

tuloson-toom '

3.g i

~,_a _ _ .- .. _ _ _ , ,. ,_ _ - - _ . , .

n  ;, , . - . . - _ ~ . . . -. - - - . - - . - -

A ,

1

.o ;

?

4 - -

?

3

• llithe ATWS frequency cakulation; however, automatic and manual reactor trip are modeled as top ' -

} lI events iri the ATWS event trees, Chapter 4.1herefore, if either the automatic or manual reactor trip -

-)

~

il? are successful,' the event does not dEveldp into an ATWS event.L Since the failure'of 6fety relatedl l

~

@ SSCs determines if an initiating event develops into an ATWS event, nonsafety-related SSCs do not  !

l(significantly affect the calculation of the probability _of an ATWS; the response to Criterion 2 is "No."- , j i

Since the response to Criterion 2 is "No," the nonsafety-related i .ssocitd a e with this event are not ' j considered to be important with respect tr '7ir effect on this initiating event .

l

~

3.72 .- MISCELLANEOUS' SPECIAL INITIATORS a

. For several initiating events, plant specific fault trees were developed and evaluted for the specified [

nonsafety related systems to determine the initiating event frequencies for these events. 'Ihese

+

miscellaneous events are typically referred to as special initiators and they include the following:

lk

• 1hss of component cooling water / service water ,

i o? Im of compressed and instrument air -

l-Il Since the' plant response to the loss of service water or component cooling water is the same, the l Jinitiating event frequencies are combined under the same initiating event category.

t

^

l

- I Since these initiating events consider nonsafety related SSCs in the calculation of the mitigating event frequencies, the response to Criterion 1 is "Yes."

4

>Ihe unavailability of these nonsafety-related systems completely determines the initiating event

= frequency of the associated special initiator, For example, if the overall component cooling water system unavailability increases by a specified amount, the initiating event frequency directly increases by this same amount. Since nonsafety-related SSCs significantly affect tne calculation of these initiating event frequencies, the response to Criterion 2 is "Yes."

[ l L As shown in Tables 52 5 and 52-12 of the PRA, these initiating events are not important contributors

. to the core damage frequency and large release frequency for the focused PRA. . Since these initiating.

events do not significantly contribute to the core damage frequene or large release frequency, the response to Criterion 3 is "No."

I Since the response to Criterion 3 is'"No," the nonsafety related SSCs (the are required for normal

' l # plant power operation) associated with these events are not considered to be important with respect to

$\ their effect on these four initiating events.  ;

I w WCAP 13856 - .

Revision: 1

esseawawyeib.oloses-1aam- - - - 39; P

y ,r-t y 4 y p,.-,er-nr  % ., , r w 3lhe g e -

. 4a

1 .

SHUTDOWN INITIATING EVENTS 3.8 . SHUTDOWN LOCA For the shutdown LOCA event, as with the at power LOCA events, the initiators are caused by piping l ' leaks and breaks, with one exception. As discussed in Chapter 54, the PRA methodology identifies the pipe segments and calculates the initiating event frequency based on a basic failure rate for these pipe segments. De shutdown evaluation considers a number of additional normal residual heat removal system pipe segments in containment that are not included in the at power calculation (almost three times as many pipe segments). For the shutdown LOCA event, the normal residual heat removal-system is assumed to be the source of the LOCA. De normal residual heat removal system piping is safety related. Therefore, no nonsafety-related SSCs are considered in the calculation of the initiating event frequency from niping breaks or leaks.

An additional mechanism that contributes to the initiating event frequency is included in the calculation of the !nitiating event frequency for shutdown LOCAs. De calculation includes the potential for inadvertent operator opening of the normal residual heat removal system discharge l valve (s) to the in-containment refueling water storage tank. This mechanism reduces the reactor coolant system inventory by diverting flow from the shutdown cooling flowpath. This operator error in this initiating event mechanism has no relationship to nonsafety-related SSCs.

De piping sections for the nonsafety-related normal residual h.;at removal system included in the initiating event frequency calculation are designed using safety-related piping. The potential for the

- operator to erroneously initiate a loss of reactor coolant system inventory is not related to the unavailability of nonsafety related SSCs. Since this initiating event does not consider nonsafety-related SSCs in the calculation of the initiating event frequency, the response to Criterion 1 is "No."

l Berefore, nonsafety-rel:Md SSCs are not considered to be important with respect to their effect' on l this initiating event.

3.9 SHUTDOWN LOSS OF OFFSITE POWER A calculation was completed to determine the initiating event trequency for the loss of offsite power during shutdown conditions. The calculation uses the initiating event frequency for this event from the -

historical data with an adjustment for the length of time spent in shutdown conditions. The calculation

- considers effects from onsite nonsafety-related systems such as the transmission switchyard and the main ac power systems, as well as the offsite power system. Since this initiating event considers nonsafety related SSCs in the calculation of the initiating event frequency, the response to Criterion 1 is "Yes."

A review of the historical data used in the calculation of initiating event frequency for this event shows that the contribution from onsite nonsafety-related SSCs such as transformers, high voltage switchyard circuit breakers, or the main ac power circuit breakers are significant to the calculation of

..WCAP 13856 -

~ Revision: 1 o99sul.wpr.m.olos98-1:20ru 3 10

_. 4 .

t N

.a i m

.~ "the'inidating ' event frequency.H Since nonsafety-related SSCs significantly affect the calculation of

~

Linitiating event frequency, the response to Criterion 2 is "Yes "

~

lfAs seen from T5ble $215 of the PRA, this event during RCS * ' 2 conditions contributes to the

~

l fcore damage frequency for the fdcused PRA.; Since this initist vent contributes to the core?

. damage frequency, the response to Criterion 3 is "Yes."' ,

The responses to CWeria 1,2,=and 3 for this initiating event are "Yes," Since.the responses to all Lthree criteria are "Yes," the _nonsafety-related SSCs (that are sequired to provide offsite power;during ;

. [! shutdown RCS drained conditions) associated with this event are important with respect to their effect -

on this initiating event.' Section 10 provides a list of important SSCs, the functions they perform, and

' the proposed regulatory; oversight recommendations.

q L 3.10 i : SHUTDOWN LOSS OF DECAY HEAT REMOVAL DA plant-specific fault tree was developed and evaluat'ed to determine the initiating event frequency for (l . two initiating events that represent a loss of decay heat removal during shutdown corditions.- De two -

l L initiating events include the loss of decay heat removal capability due to failure of the normal residual =

l heat removal system and the loss of decay heat removal capability due to failure of the component

= l cooling water or service water system. De evaluation for a loss of decay ' neat removal during I

-l: shutdown'is provided in Chapter 54 of the PRA iport. This initiating event results from the loss of a

-l? nonsafety related system normally used to provide decay heat removal during shutdown conditions.

The_nonsafety related SSCs considered in this evaluation include the normal residual heat removal l system, the component cooling water system, and the service water system. . Since this initiating event

. considers nonsafety related SSCs in the calculation of the initiating event frequency, the response to Criterion 1 is "Yes."

- The unavailability of these nonsafety-selated systems significantly affects the initiating event frequency. Since nonsafety-related SSCs significantly affect the calculation of these initiating event

. . frequencies, the response to Criterion 2 is "Yes."

l /As seen from Table 5215 of the PRA, this event is an important contributor to the core damage

' l frequency;for the focused PRA. . Since this initiating event contributes significantly to the core damage

, . l[ frequency,' the response to' Criterion 3 is "Yes." .

q De responses to Criteria 1,2, and 3 for this initiating event are "Yes." Since the responses to all

. three criteria are "Yes," the nonsafety related SSCs (that are required for decay heat removal during

i plant shutdown conditions) associated lwith this event are considered to be important with respect to L i

. their effect on this initiating event. Section 10 provides a list of important SSCs, the functions they _

1 perform, and the Nposed regulatory oversight recommendations.

L -

) WCAP-13856 r . . .

Revision:' l' Nee l.wyt.lb.olose6 laom1 - 3 13:

L '

. - . . .- -- ., , , ,. - . -- - - . . - ~ - . - . . . . .

m a 4

1c

-l l/ 3.11 ; REACTOR' COOLANT SYSTEM OVERDRAIN1 ,s-q

.l 5 For the reae:or~coblant system overdrain event, two scenarios have been identified for which this 4 l f accideat could occur.' The first scenatio is a combination 'of thE failure of the hot leg level instmment -

~

- lIand operator failure to recognize that the hot leg Jevel instruments have failed.' Scenario two is the -

$ l combination of a failure of the valves CVS V045 and V047 to close on the receip* of a closure single, :

l l1 in conjunction' with an operator failure to recognize that the valves have not closed and manually

. l ? isolate % valves.l The failure mechanisms for these two scenarios are detailed in Chapter 2 of the.'

lhPRAE ,  ;

I

. l Ihe SSCs considered in the reactor coolant system overdrain event include the hot leg level -

l s instruments', valves CVS V045 and V047, and protection r.nd safety monitoring system to actuate the ~

lL componentsi Since these SSCs are safety-related and the operator errors that contribute to this

-- li initiating event have ne relationship to nonsafety-related systems, the response to C'iterion 1 is "No." q l?

~ l8 The response to Criterion 1 is "No." 1herefore, nonsafety-related SSCs are not considered to be

. l. important with respect to their effect on this initiating event.

l 3.12 -

SUMMARY

l The results of the screening criteria application for each initiating event category are provided in l Table 31. Section 10 provides a list of important SSCs, the functions they perform, and the proposed

. regulatory oversight recommendations for nonsafety related SSCs that impact the calculation of the l focused PRA sensitivity study initiating event frequencies, based on the initiating event criteria

. application,

+

b-A A

WCAP 13856 - Revision

1 f CAM 64w 1.wyf:Ib-010$41:20PM

. '3-12 ~

~ l,

l i

l Table 31 .l INITIATING EVENT CRITERIA APPLICATION I l

l l

Criterion ? Criterion 2 Criterion 3  ;

Are nonsafety related Does the unavailability of Does the initiating event  !

SSCs considered in the nonsafety related SSCs sig.ilficantly affect core )

the calculation of the significantly affect the damage frequency and 1 Initiating Event initiating event calculation of the initiating large release frequency Category frequency? event frequency? for the focused PRA?

l 3.1 - Main Yes No' N/A Steam Line Stuck Open Safety Valve 3.2 RCS Leak Yes Yes No 3.3 LOCAs No N/A N/A 3.4 Seco idary Yes Yes No Side Breaks 3.5 Transient Yes Yes Yes with MFW Flow Other Yes Yes No Transients 3.6 ATWS Yes No N/A 3.7 Miscellane Yes Yes No ous Special Initiators 3.8 Shutdown No N/A N/A LOCA 3.9 Shutdown Yes Yes Yes loss of offsite power.

3.10 Shutdown .Yes Yes Y4 loss of decay heat removal 3.11 Shutdown No N/A N/A RCS Overdrain g WCAP-13856 - Revision: 1 eM984w-l*p(.lM10598-1:20PM 3 13

4 Unavailatsity of Cettorion 1 the assoaisted Are non='-;i,_L^z f SSCs considered in re.1 :i related the 8=hd% of the initiating event SSCs is not 7 7__ a f? Important to the focused PRA Yes 2

U"***Ii*tdY'I Does the unevelletdlity of the nonsalsty-related esca significantly enect the -  % Seceis not

• # important to the Yes Ur c ' - ri of Cetterton 3 the m'8 Does the initiating event significantly nonealoty related atteot covo damage frequency and large SSCsis not

' ; mf er the t tooused PRA' c_; r r.: to the focused Pfu Yes Identify nw ^ ^, n' red 99Cs, proposed miselons, and proposed regulatory W Figure 3-1 Evaluation of Nonsafety related SSCs Impact on Initiating Event Frequency WCAP 13856 0* I eM984w-1 wpt;nb clo398-1.20m 3,34

3 y -

y -

.< u q- : , ,

? 4.0 ' . le CFR 50.62 (ATWS RULE)-  :

' ~

L4.1 z '.10 CFR $0.62 EVALUATION - _ q 110 CFR 50.62 sets forth the requirements for reduction of risks from anticipated transients without'- r scram (ATWS). : 1he rule requires diverse actuation of auxiliary feedwater (for decay. heat removal) l

, L and turbine trip /~Ihe AP600 design _ includes a diverse actuation system, diverse from the protection-

~

. _ and safety monitoring system, that trips the turbine and actuates passive residual heat removal, to i l1 provide decay heat rt.Jwval for AP600 'Ihe DAS also provides reactor trip.  !

~i The diverse actuation system is nonsafety-related." 1he diverse actuation system is powered by the

= non-Class IE de and UPS system. ; To support the diverse actuation system functions, a power supply -

jh must be provided! The following nonsafety related system supports the diverse actuation system functions needed to meet the requirements of 10 CFR 50.62.

-l-* . Non-class IE de and UPS system 4

Since the diverse actuation system relies upon power to actuate, the function of the non class IE dc-and UPS system to provide the diverse actuation system with power is needed to meet the L requirements of 10 CFR 50.62.' The diverse actuation system is designed to function for at least one

. . :hour following loss of HVAC. 'Ihe diverse actuation system can perform its required functions

~ l (reactor trip, turbine trip and passive residual hsat removal actuation) prior to the point where environmental conditions degrade the diverse actuation system capabilities,-_'Iherefore, environmental

- l - control ~ systems are not necessary to meet the requirements of 10 CFR 50.62, t

4.2 10 CFR $0.62 CONCLUSION -

The following nonsafety-related system functions are needed to meet the requirements of 110 CFR 50.62:

I

~ lI

• Diverse actuation system functions of reactor trip, turbine trip and passive residual heat

. l- removal actuation functions during power operation -

l7 d- Non-class IE de 'and UPS system support of the' diverse actuation' system and required l1 - component actuation associated with reactor trip, turbine trip and passive residual heat removal-

- l4 actuation functions during power operation' Ihe missions for these systems along with the corresponding proposed regulatory oversight -

recommendations are included in Section 10 of this documerit.'

g l'

N LWCAP-13856 - Revision: 1-

. e.wse t.wyrwoloses-imu- 41 ,

. -..- . .~,. ,

l 5.0 , 10 CFR 50.63 (LOSS OF ALL AC POWER RULE) ,

5,1 10 CFR 50.63 EVALUATION 10 CFR 50.63 sets forth~the requirements for addressing the capabilities to safely shutdown a reactor-

~

following a loss of all ac power.

l ' De'AP600 design minimizes the potential tisk contribution of station blackout by not requiring ac _  ;

power sources for design basis events. Safety related systems do not need nonsafety-related ac power sounes to perform safety related functions.

De AP600 safety related systems automatically establish and maintain safe shutdown conditions for-the plant following design basis events, including an extended loss of ac power sources, The safety-related systems can mentain these safe shutdown conditions after design basis events, without operator 1 action, following a loss of both onsite and offsite ac power sources. Derefore, no nonsafety-related

-SSCs are relied upon to establish and maintain safe shutdown conditions following a loss of all ac power for a period of up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. For an extended loss of ac power beyond 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, Section 6 provides an evaluation of the post-72 hour actions.

5.2 10 CFR 50.63 CONCLUSION No installed nonsafety-related SSCs are relied upon to meet the requirements of 10'CFR 50.63.

l-WCAP-13856 - - -

Revision: 1

- ossow-1.wyttt410598-1:20m : 5-1 l

.~ . - . - - . - . - . .- - - - . . . . - - - ~ . - - -. . .

Y  ; '} .

j ll/6.0 POST.72 HOUR ACTIONSL -

,6,1 POST 72 HOUR ACTIONS EVALUATION- ,

> l)1he AP600 includes safety-related passive systems and equipment that are sufficient to automatically--

3 l 0 wablish and maintain safe shutdown conditions for the plar.t following design basis events, assuming  ;

l5 tigthe most limiting single failure occurs.- The safety related passive systems maintain safe shutdown -- 0 l? conditions after an event - without operator action, without onsite and offsite ac power sourcesc

'l; 4

li'Ihe AP600 includes nonsafety related active systems 'and equipment designed to provide multiple .

~

l11evels of defense for a wide range of events. For the more probable events, these nonsafety-related-- j

\i systems automatically actuate to provide'a first level of defense to reduce the likelihood of y ll unnecessary actuation and ' operation of the safety-related passive systems. 'Ihese nonsafety-related -

!lj systems establish and maintain safe shutdown conditions for the plant following design basis events, ll$ provided that at least one of the standby nonsafety related ac power sources is available. ,

l:  ;

l .. Although event scenarios that result in an extended loss of the nonsafety related systems or both l

'll offsite and onsite ac' power sources for more than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> are very unlikely, this potential is 1l: considered in the AP600 design.

.l  :

-l' 'Ihe safety' functions required following an extended loss of these nonsafety-related systems include the l: following: -

l

l. Core cooling.' inventory, and reactivity control

'.- l :

• Containment cooling and ultimate heat sink l:.-

• Main control room habitability ~

l f *~ - Post accident monitoring il? * - Spent fuel pool cooling g, I?

lL In ords to support extended operation of the passive safety-related systems, the AP600 includes both l l j nonsafety-related onsite' equipment and safety-related connections for use with transportable equipment zl dand' supplies to provide the following extended support actions:

-- l c Provide electrical power to supply the post-accident and spent' fuel pool monitoring instrumen-

~

l1 tation, using the ancillary diesel generators or transportable, engine-driven ac generators that ,

l1 Lconnects to safety-related electncal connections, j l:

l Provide makeup water to the passive containment cooling water storage tank to maintain (l) *'  : external containmer.t cooling water flow, ustug a PCS recirculation pump powered by an -

, ;l( ancillary diesel generator or a transportable, engine-driven pump that connects to a safety-l~~  : related makeup connection.

, WCA -

Revision: 1 -

'3 o .um.P-13856,rsomm. uo c 6.t n

, . . . . - - . . ~ . ,. . -.- - . . .

's- .l l

7l * :

Ventilation' and cooling of the main control room, the instrumentation and control rooms, and.

l. _ the de equipment rooms is provided by open doors and ancillary fans.

l --

. ll . Provide makeup water to the spent fuel pool from the passive containment cooling water ;  ;

' lI - storage tank and from the long term makeup connection. ,

lt .

l- Dese actions are accomplished by the site' support personnel, in coordination with the main control ,

l . room operators. Dese actions are performed separate from, but in parallel with, other actions taken lj by the plant operators to directly mitigate the consequences of an event.

I

'l-6.2 Poss72 Hour Actions Conclusion i l- I li No nonsafety related SSCs are required to operate to support post 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> actions.- However, in order lL- to provide margin for events that may challenge the ability to secure offsite transportable equipment N l - within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, the following nonsafety-related onsite equipment should be available:

. l .l

-l' * - Ancillary diesel generator and ancillary diesel generator fuel oil storage tank l<* PCS recirculation pump and ancillary PCS water storage tank .

l..- Main control room ancillary fan .

Instrumentation room ancillary fan

ll.

l *Ihe missions for this equipment along with the contsponding proposed regulatory oversight l recommendations are included in Section 10 of this document.

1 l

.WCAP 13856- >

Revision: 1- l o0984* l*pf:ltN)lDS96-l:20ru .. g

+ l

7.0' CONTAINMENT PERFORMANCE 7.1 : CONTAINMENT PERFORMANCE EVALUATION The SSCs relied upon to support containment performance assumptions in the baseline PRA were l evaluated using the MAAP code as described in Chapter 44 of the AP600 PRA report, ne following l containment performance criteria is identified in SECY 93-087 and used in the AP600 PRA:

De containment should maintain its role as a reliable, leak-tight barrier by ensuring that containment stresses do not exceed ASME ser ice level C limits for a minimum period of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> following the onset of core damage, and that following this 24-hour period the containment should continue to provide a barrier against the uncontrolled release of fission products, ne containment performance evaluation includes consideration for the following functions:

• Reactor coolant system depressurization-

• - Passive core cooling system injection

• Containment isolation

• ' Passive containment cooling

• Ex vessel coolable geometry l The only nonsafety-related SSCs included in the evaluation of the containment integrity are the l hydrogen igniters and the reactor vessel insulation.

l ' He bounding evaluation performed in Chapter 41 of PRA for containment performance following l hydrogen combustion shows that the AP600 containment design is sufficient to meet the containment l performance criteria without credit for the nonsafety-related hydrogen igniters, in addition, the AP600 l meets the safety margin basis which examines the containment % ability to satisfy the structural l requirements in 10 CFR 50.34(f) when subjected to the pressure and temperature loads associated with l a LOCA, combired with the burning of hydrogen produced by the oxidation of 75 percent of the

_l active cladding and without credit for the hydrogen igniters.

l l In order to support in vessel retention of a damaged core, water in the containment must be able to l flow to the reactor vessel and steam (generated on the reactor vessel outside surface) must be vented l away from the reactor vessel. The AP600 reactor vessel insulation is designed to allow this to occur.

l, 7.2 ' CONTAINMENT PERFORMANCE CONCLUSION l The reactor vessel insulation design is required to support in vessel retention.

WCAP-13856 Revisien: I eM984w.l.wpf:lb-010598-120rnt 7.{

.,_ 7 - .

l[~Altngh not required to meet the containment performance functions, at least one hydrogen ignitor -

~ l ;- group should'be available. -

_l lh The missions for this equipment along with the conesponding proposed regulatory oversight =

-l'. recommendations are included in Section 10 of this document.1 H

+ 4

?

T 4

WCAP-13856 - -

+

leMee*=-1.wyr w io m t m ; .72'

= ear < -

w s- ,w-r-r *'tde*- *me v _- - - -- _ _ . - --- _ . - - - -- _ . _ - _ _--_ - - -m -

i

! F.0 - . ADVERSE SYSTEMS INTERACTION  ;

'8.1- ADVERSE SYSTEMS INTERACTION EVALUATION

'l . De potential adverse systems interactions considered here are those where nonsafety-related systems l : may adversely interact with the, safety related systems. 'Ihe following three types of interactions have been addressed:

• - Functional intenctions Spatial interactions l* Human intervention interactions -

l The AP600 Adverse System Interactions Evaluation Report'(WCAP-14477) summarizes the systematic llf and through approach used to evaluate the AP600 for potential adverse system interactions. Potential

lc- sdverse systems interactions that reduce the capability or degrade the performance of the safety-related l systems to perform their safety related missions are identified in this report.

8.2 Adverse Systems Interactions Conclusion l De AP600 Adverse System Interactions Evaluation Report documents that the AP600 SSAR and the l AP600 PRA have properly considered potential adverse system interactions. As a result, no nonsafety-l related SSC's are captured by this evaluation,

[ ..

WCAP-13856 P.evision: 1 emes 4w.l.wyt:Ib.01059s-120m g.1

(--

3 9.0 - SEISMIC CONSIDERATIONS 9.1 SEISMIC CONSIDERATIONS EVALUATION The seismic margins analysis used to perform the AP600 seismic evaluation does not credit nonsafety.

related SSCs. SSCs relied upon to address design basis events are designed in accordance with the AP600 seismic design criteria provided in Section 3.7 of the SSAR. -

9.2 SEISMIC CONSIDERATIONS CONCLUSION No nonsafety related SSCs are reliec upon to support the AP600 seismic margins evaluation.

1 r

WCAP-13856 Revision: 1 oA39s4. l.wyr tutoS98-tm 91

.i 10.0' MISSION STATEMENTS AND PROPOSED REGULATORY OVERSIGHT RECOMMENDATIONS 10.1 IMPORTANT NONSAFETY RELATED SSCS '

- Following are the nonsafety related SSCs that are identified as important by the evaluations summarized in Sections 2 through 9 of this report:

l '10.1.1 Focued PRA

-l- No nonsafety-related SSCs are identified as important.

l ' 10.1.2 Initiating Event Frequency l Three initiating events are identified (in' Section 3) as having nonsafety-related SSCs that are l- important.' nese events include transients with main feedwater available, shutdown ioss of offsite

~

l power and shutdown loss of decay heat removal.

l ' -- Transients with Main Feedwater Available l De evaluation of the at-power turbine trip / spurious reactor trip and loss of main feedwater l transient events identifies several nonsafety-related secondary plant systems whose continuous l operation during power production prevents plant trips. These nonsafety related systems.

l therefore, impact the at-power turbine trip / spurious reactor ip and loss of main feedwater l transient initiating event frequencies for the focused PRA. Rese nonsafety related systems l ' include the following:

l l + Main steam system i

• Maii feedwater system l

• Condensate system l -= Main turbine ,

= Main turbine control and diagnostics system l

-l' -* Plant control system portions which control main steam, main feedwater (including

-l steam generator water level control subsys. 7), condensate and main turbine whose l malfunction can cause a reactor trip l

-l: Section 10.2 provides the missions for these nonsafety-related systems. Section 10.3 provides

~

l an evaluation of the need for additional regulatory oversight based on the impact on the l - focused PRA initiating event frequencies.

WCAP-13856 .

Revision: 1

. au9s4 4.pcitrotb598 lh 10-1

- ,, . -- - n. .- ....- -- -. .. - -. .- -_- .

,t ..

- hl

-l-- . Shutdown Losi of Offsiti Power / Loss of Decay Heat Removal LThe evaluation of the shutdown loss of offsite power and loss of decay heat removal events ildentifies several nonsafety-related SSCs whose continuous operation during shutdown, RCS > _

l i

open conditions prevents'a loss of shutdown decay heat removal.' lhese nonsafety-related -

systems, therefore, impact the shutdown loss of offsite power and loss'of decay heat removal -  ;

~ . initiating event frequencies for the. focused PRA.

l

l. J ihe following nonsafety related SSCs are identified as imponant for these two shutdown, RCS l li open initiating events:

• L Offsite power system (only portions of the system needed to provide electrical power ll -

to onsite equipment required to support decay heat removal operation during _RCS ' l lw- open conoitions) 1 l

• Onsite standby power system (only need diesel generators as a. backup source of  ;

'l. electrical power to support decay heat removal operation during RCS open conditions) -

• : Normal residual' heat removal system (only portions of the system needed to provide  ;

l- shutdown decay heat removal during RCS open condition.s)

• . Component cooling water system (only portions of the system needed to support

- normal residual heat removal system shutdown decay heat removal operation during l RCS open conditions)

- Senice water system (only ponions of the system needed to suppon component l cooling water system shutdown decay heat removal operation during RCS open i

conditions)-

Section 10.2 provides the missions for these nonsafety related systems. Section 10.3 provides an evaluation of the need for additional regulatory oversight based on the impact on the focused PRA initiating event frequencies.

- l L10.li PRA Uncertainty .

ll .

l 1he' following nonsafety-related SSCs are identified as important.

e

.l' _

Tl: --

DAS ATWS and ESF actuation (provide margin for T&H uncenainty) li ,

l Normal residual heat removal system injection (provide margin for ADS / IRWST z

l~ injection / containment recirculation valve reliability uncenainty, long term cooling

--l i T&H uncertainty)

WCAP-13856 .. . .

Revision: 1-

.Ane4w-t=pr:ib-oloses-1:2cw 10-2

, . _ - . . - =_. . a. . . a. - . . - .- - . . - .

l -

Onsite AC power supplies (provide margin for ADS / IRWST injection / containment

-l recirculation valve reliability uncertainty, long term cooling T&H pncertainty)_

Hydrogen !gnitors (provide margin for uncertainty in hydrogen bum consequences)

Section 10.2 provides the missions for these nonsafety related systems. Section 10.3 provides the proposed regulatory oversight r'ecommendations for these systems.

l 10.1.4 10 CFR 50.62 (ATWS Rule) l The following nonsafety related SSCs are identified as important.

l- Diverse actuation system (only portions of the system needed to provide reactor trip, turbine trip and passive residual het.t removal actuation functions during power operation) l-- -

Non class lE DC and UPS system (only portions of the system needed to support the diverse l- actuation system and required *:tuation components to provide reactor trip, turbine trip and passive residual heat removal actuation functions during power operation)

Section 10.2 provides the missions for these nonsafety-related systems. Section 10.3 provides the proposed regulatory oversight recommendations for these systems.

l 10.1.5 10 CFR 50.63 (Loss of all AC Power Rule) l No nonsafety related SSCs are identified as important.

l 10.1.6 Post 72 Hour Actions

-l l The following nonsafety related SSCs are identified as important.

l- PCS ancillary water makeup l- Main control room ancillary cooling l_- Instrumentation room ancillary cooling l- Onsite AC ancillary power supply (to supply post accident monitoring and above functions)

Section 10.2 provides the missions for these nonsafety-related systems. Section 10.3 provides the proposed regulatory oversight recommendations for these systems.

WCAP-13856 Revision: 1 eM964w.t.wpf.It>010598-1:20PM 10 3

4-l 10.1.7 - Containment Performance l De following nonsafety.related SSCs are identified as important.

l- Reactor vessel insulation (to support in. vessel' retention) l Section 10.2 provides the missions for these nonsafety related s? 8tems. Section 10.3 provides the

. l . proposed regulatory oversight recommendations for these systems.

l - 10.1.8 ' Adverse Systems Interaction l No nonsafety related SSCs are identified as important l 10.13 Seismic Considerations ~

l No nonsafety related SSCs are identified as important 10.2 MISSION STATEMENTS This section provides the mission statements for the nonsafety-related SSCs identified as important in the l evaluations summarized in Sections 2 through 9. The mission statements are grouped by type of system l (instrumentation, plant, electrical systems).

l 10.2.1 Instrumentation Systems l- Diverse Actuation System (ATWS) l The diverse actuation system provides the capability to automatically actuate reactor and turbine trip and initiate passive residual heat removal under conditions indicative of an ATWS during power operation.

l- Diverse Actuation System (ESP)

I l De diverse actuation system provides the capability to automatically actuate passive safety related features l during ' ta power and shutdown MODES.

I l 10.2.2 Plant Systems

- Miscellaneous Secondary Plant Systems Continuous operation of the following nonsafety-related secondary plant systems during power production prevents plant trips:

WCAP-13856 -

Revision: 1 OM984w l.wpf.lb.ol0598-120PM 30 4

k Main steam system

'* Main feedwater system

• - Condensate system

-* Main turbine Main turbine control and diagnostics system

- l--

• Plant control system ponions which control main steam, main feedwater (including steam l- generator water level control subsystem), condensate and main turbine whose malfunction l can cause'a reactor ti;p

-l- Normal Residual Heat Removal System (RCS Open)

-l De normal residual heat removal system provides shutdown decay. heat removal during RCS open

- l shutdown conditions.-

l= Component Cooling Water System (RCS Open)

The component cooling water system provides cooling to support normal residual heat removal systern l shutdown decay heat removal operation during RCS open shutdown conditions. ,

l- Service Water System (RCS Open)

The service water system providea cooling to support component cooling water system shutdown decay l ' heat removal operation during RCS open shutdown conditions.

-l - Passive Containment Cooling Water Makeup (Long Term Shutdown)

' l De PCS recirculation pumps provide the capability to transfer water from the PCS ancillary water storage l tank to the PCS water storage tank to support post 72 hou, operation of passive safety-related SSCs. Bis l capability is required when the decay heat of the core is sufficient to require PCS water evaporative l cooling.

l- Main Control R' om Cooling (Long Term Shutdown) l he MCR ancillary room fans provide cooling of the MCR to suppe.. post 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> MCR habitability l during all modes of plant operation.

-l--- InstruCGM En. Cooling (Long Term Shutdown) l ne Inrtrumentation Room Fans provide cooling of the 1E instrumentation rooms to support post-72 hour l ' post accident moriitoring during all modes of plant operation.

WCAP-13856 Revision: 1-o:ues4w.t.wpr;iwios9s-im . n3 5 ;

l- Hydrogen Ignitors l De hydrogen ignitors prevent combustion of hydrogen that may cause failure of the containment l . following a core melt.

l- Reactor Vessel Insulation

'l The reactor vessel insulation supports in-vessel retention of a moltant core during a severe accident by l allowing water from the containment remove heat fron the reactor vessel outer surface from plant l eperating or shutdown conditions.

l 10.2.3 Elect ical Systems l

l l- Onsite AC Power Sulply l

l The onsite standby power system provides a backup source of electrical power to onsite equipment needed l to provide PMS actuation and to support normal residual heat removal operation during at power and l shutdown conditions following a loss of offsite power.

l l- AC Power Supplies (RCS Open) l l he offsite power system provides electrical power to onsite equipment needed to sups. . decay heat l removal operation during RCS open shutdown conditions.

I l- AC Power Supply (Long Term Shutdown) l l The ancillary diesel generators provide power to support post 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> nperation following at power and l shutdown events.

l- Non-class IE DC and UPS System (DAS) l Re non-class IE DC and UPS system provides electrical power to the diverse actuation system and l actuation components to actuate reactor and turbine trip and initiate passive residual heat removal under conditions indicative of an ATWS during power operation.

10.3 PROPOSED REGULATORY OVERSIGHT RECOMMENDATIONS l De proposed regulatory oversight recommendations are grouped in the same manor as the mission l statements (by system type). Table 101 lists the nonsafety-related SSCs that have short-term availability l controls. Table 10-2 contains the short term availability controls WCAP-13856 Revision: 1 oM984=-1.wpr;1b.oloS9s-tco 10-6

y

_l[ 10.3.I' lastrt spentation Systems i

.lE* . ' Divene Actuation System (ATWS) -l l A description of the diverse actuation system is incloded in SSAR Subsection 7.7.1.11. De  ;

4l~ - AP600 D-RAP includes the DAS in SSAR Table 17.4 l.' ITAACs are pravided in Section 2.5.1.

De quality l assurance guidance provided in Generic Letter 8546 is applicable to the diverse' actuation system.

r

- l -- - Table 10 2. (item 1.1) provides recommendations for diverse actuation system short-term l- availability controls covering the ATWS function.

5 l~e: Diverse Actuation System (EFS) .

l l A~ description of the diverse actuation system is included in SS.^A Subsection 7.7.1.11. De - i l AP600 D RAP includes the DAS in SSAR Table 17.4-1. = ITAACs are provided in Section 2.5.1.

l l- Table 10-2 (item 1.2)- provides recommendations for diverse actuation system short term l availability controls covering the ESF actuation function, iL l 10.3.2 Plant Systems 7

l+ Reactor Trip Initiating Event Systems l For these initiating events, the impact of nonsafety-related SSCs on the focused PRA initiating event frequencies is identified as important, There are several factors that must be considered in evaluating the potential benefit of additional regulatory oversight to the initiating event frequencies calculated in the focused PRA. Derefore, these factors must be considered in identifying missions for these nonsafety related systems and developing-proposed additional regulatory

oversight based on these missions. De four initiating events are the following:

• _ Turbine trip / spurious reactor trip.

+ Loss of main feedwater -

For purposes of this discussion.-the turbine trip / spurious reactor trip and loss of main feedwater transients can be= grouped together as they, were in the trensient initiating event frequency- -

evaluation in Section 3.5.

-.De responses to the three.yriteria for these two initiating events indicate that some of the associated nonsafety related SSCs are significant to -the calculation- of the-initiating event .

L WCAP-13856, .

. Revision: I oANs4..l..pr:ib.otm9s-taom 10 7

. . . :.. . - . , - - - _ _ . . = .- .- ..

O frequencies and these initiating events affect the focused PRA results 11( ever, there are other considerations related to the nonsafety related SSCs that contnbute to the calculation of these initiating events that must be considered in deciding upon the benefit of additional regulatory oversight for these SSCs.

The rionsafety related SSCs contributing to the historical data for these two events in curicit J pla.its are also nonsafety-related systems and perfonn essentially the same functions for the j AP600. These nonsafety related systems include the following: l

• Main s'eam system

. Main feedwater system

• Condensate system

• Main turbine

. Main turbine control and diagnostics system

-l + Plant control system portions which control main steam, main feedwater (including steam i

l generator water level centrol subsystem), condensate and main turbine whose malfunction l can cause a reactor trip The AP600 nonsafety related systems include varices design features nnd improvements that help to increase system reliability ami availability. There is currently regulatory oversight in the design for these nonsafety related syittms and the associated design improvements, based on the descriptions of the various systems provided in the AP600 SSAR. Examples of these design improvements and the SSAR subxction that describes the trecific AP600 design features are p.uvided below:

• Digital steam generator water level system (7.7)

+ Variable speed, motor-drivsi mairt feedwater pumps (10.4.7.2.2)

• Improved main feedwater r:gulating valve throttling control features (10.4.7.2.2)

+ Elimination of main feedwater bypass control valves (10.4.7.2.2)

+ No plant trip following the loss of one main feedwater pump (10.4.7.1.2)

+ Full load irjection capability (10.4.4)

• Digital turbine electrohydraul;c convol system C0.2.2.3)

Although the nonsafety selated SSCs affect the inidating event fiequencies for these two transientt, there are several considerations in evaluating the need for and benefit from additional regula'. cry oversight for the associated nonsafety-related SSCs.

WCAP 13856 - Revision: 1 oV964w.l.wyd.lt41c598-l:20N l0 8

As discussed above, the AP600 ayste.ns, including the nonsafety related systems listed above, contain numerous design improvements that incorporate current regulatory oversight provided by the NRC to address various plant safety issues. De nonsafety related systems that impact these two initiating events are required to continuously operate to support normal plant power operation.

%erefore, there is strong incentive to establish and maintain reliable system performance. By providing rnore fault tolerarit system designs that increase plant relishility and availability, the design improvements also directly increase plant safety by reducing the potential for plant transierits or trips that could present challenges to the plant.

De PRA benefit frorn these design improvements is not fully reflected from the perspective of the initiating event frequency calculation. As discuired in Section 3.5, the accepted PRA methodology for calculating the initiating event frequencies for these two transient events is to use the available historical data for these eveats, as the histoneal data is applicable to die AP600. In calculating the initiating event frequency, it is possible to adjust the calculated initiating event frequency for some design improvements. For example, t. ; calculation can ignete historical events where the loss of one main fe 4ater pump taused a plant tr4. Ilowever, there is no attempt to adjust the historical data to compentate for improvernents such as increased main feedwater pump or main feedwater control valve reliability Either the events in the historical data for a component failure are included or they are not included, without consideration of whether the AP600 component is more reliable. De calculation includes events where the loss of both main feedwater pumps causes a plant trip and these evente are not adjusted to account for increased AP600 main fetdwater pump reliability.

Based on this PRA methodology, the AP600 design improvements are not fully credited in the calculation of the initiating event frequencies for these two events, he increased reliability of the AP600 systems, when compared to the same systems in current plants, results in a conservative calculation of initiating event frequency for the ArQ0 PRA. His historical data, which conservatively bounds the calculadon of initiating event frequency for these events,is based upon the cuneat level of regulatory oversight for similar nonsafety related SSCs in cunent plants.

Derefore, additional regulatory oversight for the AP600 nonsafety related SSCs that impact these two initiating events, beyond that provided via the SSAR design details and via existing operational controls on current plants, will not provide significant benefit in reducing either the initiating event frequency, core damage frequency, or large release frequency. In addition, it is not meaningful to consider additional regulatory oversight, that is intended to increase the reliability of nonsafety related systems that are nonnally in standby operation, to nonsafety related syttems that are required to operate during powe' production.

De cunent level of regulatory oversight, including the SSAR design oversight, is sufficient to assure that the changes in unavailabilities of the nonsafety related SSCs that impact these two specific initiating events are conservatively bounded from the perspective of calculating the WCAP 13856 Revision: I ou984w.I wpr tulos98-120m 10 9

focused PRA initiating event frequency, and the resulting core damage frequency and large release frequency.

Derefore, from the perspective of initiating event frequencies for the focused PRA, the evaluation for these two initiators identify no nonsafety related SSCs where additional regulatory oversight would significantly reduce the associated init..iting event frequencies, the core damage frequency, and the large release frequency. No proposed regulatory oversight recommendations have been identified for these nonsafety related SSCs.

l* Shutdown loss of Offsite Power De shutdown loss of offsite power is only significant from the perspective of core damege l frequency and large relear.c frequency during shutdowns with the RCS open conditions. Als initiating event is not important duting any of the other shutdov.n conditions considered in the l shutdown PRA and discussed in Appendix F.4.3 of the PRA report, j herefore, the missions developed for these nt ,tafety related SSCs as a resuh of this initiating event, and any associated additional regulatory overright rec, mendations, are only applicable l during RCS open shutdown conditions, which represent a small percentage of the overall time spent in plant shutdown. j

%e responses to the three criteria for this initiating event indicate that the associated nonsafety- f related SSCs are significant to the calculation of the initiating event frequency and this initiating event affects the focused PRA results.

Dis initiating event is impacted by the loss of electrical power from the offsite grid sources, which is independent of onsite nonsafety related SSCs. De initiating esent is also impacted by nonsafety related SSCs such as the transmission switchyard system, which is site-specific and not part of the AP600 de.ign as described in the SSAR or modeled in the PRA report. However, the onsite nonsafety related SSCs contributing to the historical data for this event in current plants are ,

also nonsafety related systems and perform essentially the sann functions for the AP600. Dese nonsafety telated systems include the following:

• Offsite power system equipment including the main step-up, unit auxiliary, and reserve auxlary transformers 1

+

Main ac power system equipment including the offsite power supply circuit breakers to the onsite switchgear buses De nonsafety related SSCs identified w ve required to be in continuous operation to support shutdown plant operations during reduced reactor coolant system inventory conditions. - These

WCAP-13856 Revision: I

oM9 sew lwpf Ib-01059s-120rM 10-10

--, , - ,, , .- a, ,- ., -

nonsafety related SSCs prov'<de electrical power to onsite ac power system. The desigr. and operation of these nonsafety-related SSCs are described in Chapter 8 of the AP600 SSAR.  ;

l Additicnally, the operation of these nonsafety related SSCs during RCS open shutdown operations follow industry guidelines and practices, which minimize the potential for, and enhance mitigation of, this event.

Even though not specifically required for the evaluation of initiating event frequency impact, adMinnel neplatory oversight recommendations are also proposed for the nonafety-relsted diesel-gm1itors of the onsite standby power system. This initiating event frequency evaluation corisiders only nonsafety related SSCs that impact the probability of an event occuning. From this perspective, where the failure of a site transformer can cause a loss of offsite power event, failure of a nonsafety related diesel Eenerator does not initiate a loss of offsite power and availability of the diesel generators does not prevent a loss of offsite power. Diesel-generator unavailability does impact the plant response and mitigation of this event. 11owever, mitigation impact is not the intent of this evaluation.

In oc, eloping the proposed regulatory oversight recommendations for this event, the need for shon tenn availability control of the offsite power sources can benefit from credit for availability of the diesel generators. The proposed oversight recommend &ns are not onerous, considering l the normal plant actions expected in preparing for RCS opest a dtdowr operations, in addition, the proposed oversight enhances plant safety during these conditions and provides flexibility by l allowing for preventive or corrective maintenance that may need to be performed while in RCS l open shutdown conditions, such as during special plant evolutions that are required over the lifetime of the plant.

• Shutdown Loss of Decay lleat RemovJ As with the shutdown loss of offsite power, the shutdown loss of decay heat removal is only significant from the perspective of core damage frequency and large release frequency during l l shutdowns with RCS open conditions. This initiating event is not imponant during any of the i other shutdown conditions considered in the shutdown PRA and discussed in Appendix F.4.3 of the PRA report.

l Therefore, the missions developed for these nonsafety-related SSCs as a result of this initiating event, and any associated additional regulatory oversight recommendations, are only applicable l during RCS open shutdown conditions, which represent a small percentage of the overall time spent in plant shutdown.

The responses to three criteria for this initiating event indicate that the associated nonsafety related SSCs are significant to the calcula' On of the initiating event frequencies and these initiating events affect the focused PRA results.

WCAP 13856 Revision: 1

,\19s4.1+pr ab-oios9s 100rsi 30 1}

His initiating c: vent is impacted by the loss of nonsafety related SSCs that are used to provide core decay heat removt.! - the normal residual heat removal system and its support systems.

He AP600 includes a number of various design features and improvements that help to improve plant safety by increasing thutdown decay heat removal reliability and availability. Dere is currently regulatory oversight in the design for these nonsafety related systems and the associated design improvements, based on the descriptions of the various systems provided in the AP600 SSAR. A discussion of these design features and specific design improvements to support shutdown decay heat removal is included in Subsection 5.4.7 of the AP600 SSAR.

Dere is also regulatory oversight in the operation of the shutdown decay heat temoval systems through industry documents such as Generic Letters 8712 and 8817. Subsection 1.9.5.1 of the SSAR provides the AP600 response to the SECY 90-016 issue of midloop operation, which references the guidance provided in the generic letters.

Examples of these design improvements, which are discussed in Subsection 5.4.7 and l Appendix 1.9.5.1 of the SSAR, include the following:

+ Loop piping offset

+ llot leg level instrumentation

• Self venting pump suction line

• No residual heat removal system throttling required during midloop operation

• Capability for full normal residual heat removal system flow with saturated fluid conditions ne nonsafety related systems identified above are required to be in continuous operation to support shutdown core decay heat removal during reduced reactor coolant system inventory conditions. De nonsafety related normal residual heat removal system and its nonsafety related support systems are normally available and fully operational to support the plant cooldown prior l to entering RCS open shutdown maintenance conditions. In addition, these nonsafety-related systems are required to be available prior to initiating reduced textor coolant system inventory operations during a plant shutdown. Planned maintenance for these systems will not be scheduled l during RCS open shutdown conditions.

l Additionally, the operation of these nonsafety related SSCs during RCS open shutdown operations follow industry guidelines and practices, which minimize the potential for, and enhance mitigation of, this event.

WCAP-13856 Revision: 1 0V954=-lmrt Ib410595-I 20ru .

g().12

Normal Residual lleat Removal System A description of the normal residual heat removal system is included in SSAR Subsection 5.4.7.

l The AP600 D-RAP includes the normal residual heat removal system in SSAR Table 17.41.

l ITA.ACs are provided in Section 2.3.6.

l Table 10 2 (item 2.2) provides recommendations for normal residual heat removal system shon.

term availability controls.

+

Component Cooling Water System l A description of the component cooling water system is included in SSAR Subsection 9.2.2. De l AP600 D RAP includes the component cooling water system in SSAR Table 17.41. ITAACs are l provided in Section 2.3.1.

l Table 10 2 (item 2.3) provides recomrnendations fo* component cooling water system short-term availability controls.

+

Senice Water System l A description of the service water system is included in SSAR Subsection 9.2.1. De AP600 D.

l RAP includes the service water system in SSAR Table 17.41. ITAACs are provided in l Section 2.3.8.

l Table 10-2 (item 2.4) provides recommendations for service water system short term availability controls.

l* PCS Water Makeup (Long Term Shutdown) l Makeup to the PCS water supply post 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> is provided by the PCS recirculation pumps taking

\ suction from the PCS ancillary water storage tank. A description of this arrangement is provided l in SSAR Section 6.2.2. ITAACs are provided in Section 2.2.2.

l l Dis equipment should be available following seismic and high vind events that may make l procurement of offsite equipment more difficult. As a result, this equipment is Seismic 11 as l 2hown in SSAR Table 3.2 3. Tabic 10-2 (item 2.5) provides recommendations for PCS water makeup short term availability controls.

WCAP-13856 Revision: 1 eM9s4w l wr(It@l059s 1;20ru 10 33

1 l

l* MCR Cooling (Long Term Shutdown) l MCR cooling post 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> is provided by opening doors and using the MCR ancillary fans. A l description of this cooling capability is provided in SSAR Section 9.4.1. ITAACs are provided l in Section 2.7.1.

l l This equipment should be available following seismic and high wind events that may make l procurement of offsite equipment more difficult. As a result, this equipment is Seismic !! as l shown in SSAR Table 3.2 3. Table 10-2 (item 2.6) provides recommendations for MCR fan l short term availability controls.

l* Instrumentation Room Cooling (Long Term Shutdown) l Instrumentation room cooling post 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> is provided by opening doors and using the l instrumentation room ancillary fans. A description of this cooling capability is provided in SSAR l Section 9.4.1. ITAACs are provided in Section 2.7.1.

l l This equipment should be available following seismic and high wind events that rnay make l procurement of offsite equipment more difficult. As a result, this equipment is Seismic !! as l shown in SS AR Table 3.2 3. Table 10 2 (item 2.7) provides recommendations for instrumentation l room fan short-term availability controls.

l* lydrogen Ignitors A description of the hydrogen ignitors is provided in SSAR Section 6.2.4. 'Ihe AP600 D-RAP l includes the hydrogen ignitors in SSAR Table 17.41. ITAACs are provided in Section 2.3.9.

Table 10-2 (item 2.8) provides recommendations for PCS water makeup short term availability controls.

l* Reactor Vessel Insulation l

l A description of the features of the reactor vessel insulation that provide in vessel retention of a l molten core are described in SSAR Section 5.3.5. ITAACs are provided in Section 2.2;3. Short-l ' term availability controls are unnecessary for this passive component.

WCAP 13856 Revision: I oV0s4w 14pr It>01059s-lZ8u l0 34

l l 10.3J Doctrical Systeens j

• AC Power Supply System [

l_ _ A descrii nion of the onsite power system is included in SSAR Subsection 8.3. De AP600 D-l RAP includes the onsite standby power system in SSAR Table 17.41. ITAACs are provided in l l Section 2.6.4.

j i

I l Table 10 2 (item 3.1) provides recommendations for onsite power system short term availability

- controls. -

I .

l*.

AC Power Supplies (F.CS Open) f i

l A description of the offsite power system is included in SSAR Subsection 8.2. A description of lf the main AC power system is included in SSAR Subsection 8.3.1. i i

l Table > 2 (item 3.2) provides recommendations for AC power supply short term availability f

' controls. l l*- AC Power Supply (Long Term Shutdown)-

I '

l De ancillary diesel generators provide power for post accident monitoring, PCS water makeup l -(recirculation pumps), MCR cooling (MCR ancillary fans), and Instrumentation room cooling t i

l (Instrumentation room ancillary fans). A description of the ancillary diesel generators is included l in SSAR Section 8.3.1. The AP600 D RAP includes the ancillary diesel generators in SSAR ,

l Table 17.41. ITAACs are provided in Section 2.6.1. ,

I  !

I l Table 10 2 (item 3.3) provides recommendations for the ancillary diesel generator short term

l availability controls.

l* AC Power Supply (DAS) l De non class IE de and UPS system provides power to the DAS. A description of the non class f l lE de and UPS system is included in SSAR Subsection 8.3.2. ITAACs are provided in l Section 2.6.2.  !

l> - Table 10 2 (item 3.4) provides recommendations for non class IE de and UPS system short term ,

availability controls. l 1

i i

WCAP 13856 ' Revision: I oues4w t wpr Ibet059s 1.2w 30 15  ;

_ . . _ . . . _ _ . . , _ . . . . - . . _ . . - - _ . . _ . ,, a . . _ _ _ n_ _ . , . . _ _ . . _ . . _ . , _ . _ _ , , _ - . c.;

,._,.a,___,~.,.

l Table 101 LIST OF INVESTMENT PRO'IT.CTION SilORT. TERM AVAILABILITY CONTROLS Systems, Stevctures, Components Number MODES Trains (a) Operation (n) 1.0 instrumentation Systems 1.1 DAS ATWS Mitigation 2 1 1.2 DAS ESF Actuation 2 1,2,3,4,5,6 (3) 2.0 Plant Systems 2.1 RNS 1 1,2,3 2.2 RNS RCS Open 2 5,6 (2,3) 2.3 CCS RCS Open 2 5,6 (2,3) 2.4 SWS RCS Open 2 5.6 (2,3) 2.5 PCS Water Mateup . Long Tenn Shutdown i 1,2,3,4,5.6 (4) 2.6 MCR Cooling Long Term Shutdown i 1,2,3,4,5,6 2.7 I&C Room Coohng . Long Term Shutdown 1 1,2,3,4,5,6 2.8 Ilydrogen Ignitors 1 1,2,5,6 (2,3) 3.0 Electrical Power Systems 3.1 AC Power Supplies 1 1.2.3,4 J 3.2 AC Power Supplies RCS Open (1) 5.6 (2.3) 3.3 AC Power Supplies . Long Term Shutdown i 1.2.3,4,5,6 3.4 DC Power Supplies DAS 2 1,2,3,4,5,6 (3)

Alpha Notest (a) Refers to the nutWr of trains covered by the availability controls.

(b) Refers to the MODES of plant operation where the availability controls apply, Nett11 (1) 2 of 3 AC power supplies (2 standby diesel generators and I offsite power supply).

(2) MODE 5 with RCS open.

(3) MODE 6 with upper internals in place and cavity level less than full.

(4) MODES 5 and 6 with the calculated core decay heat greater than 6 Mwt.

WCAP 13556 Revision: 1 om&4* t+pf it clos 98-tmu 10 16

_~

c - . .__ . _

l Table 10 2 INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS l

1.0 instrumentation Systems 1.1 Diverse Actuation System (DAS) ATWS Mitigation OPERABILITY: DAS ATWS mitigation function listed in Table 1.1-1 should be operable

< 4 APPLICABILITY: MODE 1  !

I r

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. DAS ATWS Function A.I Notify (chief r.uclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />

/ith one or mote required [on call attemate).

channels inoperable.

AND A.2 Restore required channels to 14 days operable status. -

B. Required Action and B.1 Submit report to (chief nuclear i day i, associated Completion officer) or [on-call alternate)

Time of Condition A not detailing interim compensatory .

met, measures, cause for inoperability,  !

and schedule for restoration to OPERABLE.

AND B.2 Document in plant records the i month justification for the actions taken .

to restort the function to OPERABLE. ,

l 1

i

- WCAP.I3856 Revision: 1

. oves 4w.1wg IHimmt:20* ~- 10-17

0 l Table 10 2 (cont)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 1.0 Instrumentation Systems .

1.1_ DAS ATWS Mitigation ,

l SURVEILLANCE REQUIREMENTS l SURVEILLANCE FREQUENCY j SR 1.1.1 Perform CHANNEL CliECK on each required channel. 30 hours3.472222e-4 days <br />0.00833 hours <br />4.960317e-5 weeks <br />1.1415e-5 months <br /> SR 1.1.2 Perfonn CHANNEL OPERATIONAL TEST on each required 92 days chenel.

SR I.l.3 Perform CHANNEL CALIBRATION on each required 24 months channel.

i -_

Table 1.11, DAS ATWS Functions DAS Initiating Number Channels Setpoint Function Signal Installed Required Rod Ddve MO SO Wide 2 per SG 1 per 50 > [25,000 lb]

Set Tdp, Turbine Range Level Trip and PRHR HX Actuation WCAP 13856 Revision: I r

atws4 -tar ib-otos98 idoru 103 g

l . Table 10 2 ' cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS -

i 1.0 Instmmentation Systems 1.1 DAS A*IWS Mitigation BASES:

De DAS ATWS mitigation function of reactor trip, turbine trip and passive residual heat removal heat exchanger (PRHR HX) actuation should be available to provide ATWS mitigation capability. This ,

function is important based on 10 CFR 50.62 (ATWS Rule) and because it provides margin in the

~ PRA sensitivity perfonned assuming no credit for nonsafety rela'ed SSCs to mitigate at power and shutdown events. De margin provided in the PRA study acumts a minimum availability of 90% for this function during the MODES of applicability, considering both maintenance unavailability and  ;

failures to actuate.

De DAS uses a 2 out of 2 logic to actuate automatic functions. When a required channelis unavailable the automatic DAS function is unavailable. SSAR section 7.7.1.11 provides additional information. De DAS channels listed in Table 1.1 1 should be available.

Automated operator mids may be used to facilitate performance of the CHANNEL CHECK. An automated tester may be used to facilitate performance of the CllANNEL OPERATIONAL TEST.

De DAS ATWC mitigation function should be available during MODE I when ATWS is a limiting event. Planned maintenance affecting this DAS function should be performed MODES 3,4,5,6; these MODES are selected because the reactor is tripped in these MODES and ATWS can not occur.

. WCAP-13856 .

Revision: I 99:4 v.it4tos9s-th 30 39

C l Table 10 2 (cont) l INVESTMENT PROTECTION SHORT-TERM AVAILABILITY CONTROLS 1.0 Instrumentation Systems 1.2 DAS Engineering Safeguards Futures Actuation (ESFA)

OPERABILITY: DAS ESFA functions listed in Table 1.21 should be operable APPLICABILITY: MODE 1,2, 3,4,5, MODE 6 with upper internals in place and cavity level less than full l

ACTIONS

] i CONDITION REQUIRED ACTION COMPLETION TIME {

A. DAS ESrA Functions A.1 Notify [ chief nuclear officer] or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> with one or more required [on-call altemate]. '

channels inoperable. AND A.2 Restore required channels to i operable status. 14 days B. Required Action and B.I Submit report to [ chief nuclear I day associated Completion officer] or [on-call altemate]

Time of Condition A not detailing interim compensatory met. . measures, cause for inoperability, and schedule for restoration to OPERABLE.

AND B.2 Document in plant records the I month justification for the actions taken to restore the function to OPERABLE.

4 i

i

.W CAP-13856 Revision: 1 i om .impt.ib410sw 1:20* '10 20

l Table 10 2 (cont.)

INYFJ!iTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 1.0 instrumentation Systems 1.2 DAS ESFA SURVElu.ANCE REQUIREMENTS SURVEILLANCE FREQUENCY S R ~1.2.1 Perform CilANNEL CilECK on each required 30 hours3.472222e-4 days <br />0.00833 hours <br />4.960317e-5 weeks <br />1.1415e-5 months <br /> CHANNEL.

SR 1.2.2 - Perform CHANNEL OPERATIONAL TEST on each 92 days  ;

required CllANNEL.

SR 1.2.3 Perform CHANNEL CALIBRATION on each required 24 months CHANNEL.

Table 1.2-1 DAS ESFA FUNCTIONS .

DAS Initiating Number Channels Setpoint Function Signal Installed Required PRilR HX SG Wide 2 per SG 1 per SG > [25,000 lb]

Actuation Level or '

llL Temp 1 per HL 1 per HL < [620]F CMT Actrion Pzr Level 2 2 > [7]%

and RCP t'.p Passive Cont.. Cont. Temp 2 2 < [200]F Cooling and -

Selected Cont.

-Isolation Actuation-WCAP.13856 Revision: I wo9s4.-t*pt.ibol0598-120ru 10 21

1. . . . . _ _ _ _ _ _ _._ _. ._. _ __ _ .

.lc >

Table 10 2 (cost.)

INVESTMENT PRO 1ECTION SHORT. TERM AVAILABILITY CONTROLS '

- 1.0 lastrumentation Systems l 1.2 DAS ESFA-  !

l BASES:

• !he DAS ESFA functions listed in Table 1.21 should be available to provide accident mitifation capability.; This function is important because it provides margin in the PRA sensitivity performed .

assuming no credit for nonsafety related SSCs to mitigate at power and shutdown events. The raargin-provided in the PRA swdy assumes a minimum availability of 90% for this function during the; 1 MODES of applicability, considering both maintenance unavailability and failures to actuate. -l

'Ihe DAS uses a 2 out of 2 logic to actuate automatic functions. When a required channel is' .

unavailable the automatic DAS function is unavailable. SSAR section 7.7.1.11 provides additional--

information.D1he DAS channels listed in Table 1,21 should be available.  ;

Automated operator aids may be used to facilitate performance of the CHANNEL CHECK. An I automated tester may be used to facilitate performance of the CHANNEL OPERATIONAL TEST. .

l 1he DAS ESFA mitigation functions should be available during MODES 1, 2, 3, 4, 5, 6 when  !

- accident mitigation is beneficial to the PRA results. 'The DAS ESFA should be available in MODE 6 l

. with upper intemals in place and cavity level less than full. Planned maintenance affecting dese DAS functions should be performed in MODE 6 when the refueling cavity is full; this MODE is selected because requiring DAS F.SFA are not anticipated in this MODE. j i

i k

?

+

. a A

4

I

[

- WCSP 13856 - ,

'e e 'wpr m io m-12 w - g Revision: :.1 -

] o i

~- . t. w - , ;.  ; ,

l Table 10 2 (coat.)

INVESTMENT PROTECTION SHORT TERM AVAH. ABILITY CONTROLS 2.0 Plant Systems 2.1 Nonnal Residual Heat Removal System (RNS)

OPERABILITY: One train of RNS injection should be operable APPLICABILITY: MODE 1,2,3 ACTIONS CONDITION REQIflRED ACTION COMPLETION TUdE

' A. - One required train not A.1 Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> operable. [on-call alternate).

AND A.2 Restore one train to operable status 14 days B. Required Action and B.! Submit report to [ chief nuclear 1 day ast.ociated Completion officer) or [on-call alternate)

Time not met. detailing interim compensatory measures, cause for inoperability, and schedule for restoration to OPERABLE.

AND B.2 Document in plant records the I month justification for the actions taken to restore the function to OPERABLE.

WCAP 13856 : Revision: 1 omIwpr italoses 120* 10-23

O l Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 2.0 Plant Systems 2.1 RNS l SURVEILLANCE REQUIREMENTS _

SURVEILLANCE FREQUENCY SR 2.1.1 Verify that one RNS purnp develops a differential head of 92 days ,

[330] feet on recirculation flow 1

SR 2.1.2 - Verify that the following valves stroke open 92 days j RNS V0ll RNS Discharge Cont. Isolation RNS V022 RNS Suction Header Cont. Isclation RNS V023 RNS Suction from IRWST Isolation  ;

t t WCAP 13856 =

Revision: I nws4w I wpr;tbalows-im - 10-24

l Table 10 2 (cont.)

INVESTMENT PROTECTION SIIORT TERM AVAILAlllLITY CONTROLS 2.0 Plant Systems 2.1 RNS BASES:

%e RNS injection function provides a nonsafety related means of injecting IRWST water into the RCS following ADS actuations. De RNS injection function is important because it provides margin in the PRA sensitivity perfonned assuming no credit for nonsafety related SSCs to mitigate at power and shutdown events. De margin provided in the PRA study assumes a minimum availability of 90%

for this function during the MODES of applicability, considering both maintenance unavailability and failures to opera'e.

One train of RNS injection includes one RNS pump and the line from the IRWST to the RCS. Eree of the valves in the line between the IRWST and the RCS are normally closed and need to be opened to allow injection. His equl[ ment does not normally operate during MODES 1,2,3. Refer to SSAR section $.4.7 for additional information on the RNS.

The RNS injection function should te available during MODES 1. 2,3 because decay heat is higher and the need for ADS is greater.

Planned maintenance on redundant RNS SSCs should be performed during MODES 1,2,3. Such maintenance should be perfonned on an RNS SSC no', required to be available. The bases for this recommendation is that the RNS is more risk important during shutdown MODES when it is normally operatirig than during other MODES when it only provides a backup to PXS injection.

Planned maintenance on non redundant RNS valves (such as V0ll, V022. V023) should be performed to minimize the impact on their RNS injection and their containment isolation capability. Non-pressure boundary maintenance should be performed during MODE 5 with a visible pressurizer level or MODE 6 with the refueling cavi'y full. In these MODES, these valves need ta be open but they do not need to be able to close, Containment closure which is required in these MODES can be satisfied by one nonnally open operable valve. Pressure boundary maintenance can not be performed during MODES when the RNS is uwd to cool the core, therefore such maintenance should be performed during MODES 1,2,3. Since these whes tre also containment isolation valves, maintenance that rtnders the valves inoperable requires that the containment isolation valve located in series with the inoperable valve has to closed and de-activated. Be baies for this recommendation is that the RNS is more risk important during shutdown MODES when it is nonnally operating than during other MODES when it only provides a backup to PXS injection. In addition, it is not possible to perform pressure boundary maintenance of these valves during RNS operation, WCAP 15&56 Revision: 1 eM964.13pr.it410598-1.20ne 10 25

4 a

l Tame 16 2 (eemt.)

INVES1 MENT PROTECTION BHORT.1ERM AVAILABILITY CONTROLS

' 2.0 ~ Mant Systems

~ 2.2 Normal Residual Heat Removal System (RNS) . RCS Open _ _

1 OPERABILITY: . Both RNS pumps should be eperable for RCS cooling

. AvPLICABILITY: MODE $ with RCS pressure boundary open,.

MODE 6 with upper intemals in place and cavity level less than full 5 ACTIONS-

- CONDITION: REQUIRED AC110N COMPLETION TIME _ ,

-4

- A. One pump not operable. A.1 Remove plant from applicable 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> MODES B. Required Action and B.1 Submit report to [ chief nuclear i day

. associated Completion officer)'or [on. call allemate)

Time not met. detailing interim compensatory measures, cause for inoperability, and schedule for restoration to OPERABLE.

AND o B.2 Document in plant records the 1 month justification for the actions taken to restore the function to OPERABLE.

i

' k S

iWCAP-13856 . .bvision: I s- t o9ete=,t.wyr.lbelopes-1:3cm : 10 26

I l Table 10 2 (cont.)

INVENTMENT PRO 1ECTION SHORT. TERM AVAILABILITY CONTROLS ,

2.0 Plant Systems l 2.2 RNS - RCS Open i

SURVEILLANCE PEQUIREMENTS i

SURVEILLANCE FREQUENCY i SR 2.2.1 Verify that one RNS pump is in operation and that each Within I day prior tv ,

RNS pump operating individually circulates reactor entering the MODES l coolant at a flow > [900] gpm of applicability OR Verify that both RNS pumps are in operation and ,

circulating reactor coolant at a flow > [1800] spm F

i

?

.t i

.WCAP-13856 Revision: 1 wovm.. .wyr.tdatoses.ty

~ # y,,,r,- , - , - , - . . ..r . . -- . - , --

l  : Table 10 2 (cont.)

INVESTMF.NT PROTECTION SHORT TERM AVAILABILITY CONTROLS 2.0 Plant Systems i

2.2 RNS RCS Open BASES:

]

ne RNS cooling function provides a nonsafety related means to normally cool the RCS during shutdown operations (MODES 4,5,6). His RNS cooling function is important during conditions when the RCS pressure boundary is open and the refueling cavity is not flooded because it reduces '

the probability of an initiating event due to loss of RNS cooling and because it provides margin in the PRA sensitivity performed assuming no credit for nonsafety related SSCs to mitigate at power and shutdown events. %e RCS is considered open when its pressure boundary is not capable of being re-i established from the control room. %e RCS is also considered open if there is no visible level in the pressurizer. De margin provided in the PRA study assumes a minimum availability of 90% for this function during the MODES of applicability, considering both maintenance unavailability and failures to operate.

%e RNS cooling of the RCS involves the R. :3 suction line from the RCS HL, the two RNS pumps and the RNS discharge line returning to the RCS through the DVI lines. De valves located in these lines should be open prior to the plant entering these conditlons. One of the RNS pumps has to be operating: the other pump may be operating or may be in standby. Standby includes the capability of being able to be plactd into operation from the main control room. Refer to SSAR section 5.4.7 for 1 additionalinformation on the RNS.

Both RNS pumps should be available during the MODES of applicability when the loss of RNS cooling is risk important. If both RNS pumps are not available, the plant should not enter these conditions. If the plant has entered these conditions, then the plant should take action to restore system operation or leave the MODES of applicability.

Planned maintenance affecting this RNS cooling function should be performed in MODES 1,2,3 when the RNS is not normally operating. The bases for this recommendation is that the RNS is more -

risk important during shutdown MODES, especially during the MODES of applicability conditions than during other MODES when it only provides a backup to PXS injection.

WCAP 13856 Revision: I

. o*.39s4w t.wpf.It41059s t:20N 30 2g

s. r .. _ . _ _ . _ . _ - . _ _ _ - , ._ _ . _ _ _ . _ . _ .

o

'l Table 10 2 (cont.) -  !

-INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTitOLS i 2.0 Plant Systems t

2.3 Component Cooling Water System (CCS) . RCS Open OPERABILITY: Both CCS pumps should be operable for RNS cooling l APPLICABILITY: - MODE $ with RCS pressure boundary open, MODE 6 with upper intemals in place and cavity level less than full .;

i i

ACTIONS  !

CONDITION - REQUIRED ACTION COMPLETION TIME i

-A. One pump not operable. A ! Remove plant from applicable 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />  ;

MODES l B. Required Action and .

B.1 Submit report to [ chief nuclear i day ,

associated Completion officer) or [on-call attemate)

Timo not met. detailing interim compensatory  ;

measures, cause for inoperability, and schedule for restoration to ,

OPERABLE. j AND ,

B.2 Document in plant records the 1 month i justification for the actions taken  ;

to restore the function to OPERABLE.

I b

F

, iWCAP 13856-- Revision: I

. o9964w.t.wyr tb-oloses 120m -

.10-29

, - ~ .,, . . , _ _ _ .. . - _. - _ . -

l Table 16 2 (cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 2.0' Plant Systems 2.3 CCS . RCS Open 4

SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY -

S R 2.3.1 Verify that one CCS pump is in operation and each CCS Within 1 day prior to pump operating individually provides a CCS flow through entering the MODES ~ ,

one RNS heat exchanger > [2$20) gpm of applicability I OR I Verify that both CCS pumps are in operation and the CCS  !'

flow through each RNS heat exchanger is > [2$20] gpm -

i l

I b

l 4

WCAP 13856 "I I

• WW1.wgit4tosw.t m, 10 30

+

- . 4 , - - = , , , . . . , ----

3 I TaWe 16 2 (cov.)

. INVESTMENT PROTECTION #HORT.'IERM AVAILABILITY CONTROLS -  !

i

+2.0 Plant Systems' l 2.3 CCS + RCS Open j

~

BASES: ' i ne CCS cooling of the RNS HXs provides a nonsafety related :neans to normally cool the RCS  :

- dudng shutdown operations (MODES 4,5,6). , This RNS cooling function is important because it - l reduces the probability _of an initiating event due to loss of RNS cooling and because it provides _

- margin la the PRA sensitivity performed assuming no credit for nonsafety related SSCs to mitigate at.  !

power and shutdown events; he RCS is considered open when its pressure boundary is not capable  ;

of being re established from the control room. %e RCS is also considered open if there is no visible- j level in the pressuriser. %e margin provided in the PRA study assumes a minimum availability of j 90% for this function during the MODES of applicability, considering both maintenance unavailability -  !

' and failures to operate, j

- De CCS cooling of the RNS involves two CCS pumps and HXs and the CCS line to the RNS HXs.

he valves around the CCS pumps and HXs and in the lines to the RNS HXs should be open prior to the plant entedng these conditions. One of the CCS pumps and its HX has to be operating. One of i the lines to a RNS HX also has to be open. De other CCS pump and H.X may be operating or may - =;

be in standby. Standby includes the capability of being able to be placed into operation from the main  :

control room. Refer to SSAR section 9.2.2 for additional information on the CCS.  !

Both CCS pumps shot.id be available during the MODES of applicability when the loss of RNS  !

cooling is risk importar.t. . If both CCS pumps are not available, the plant should not enter these j conditions. If the plant has entered these conditions, then the plant should take action to restore both l

. CCS pumps or to leave these conditions.  !

Planne.d maintenance affecting this CCS cooling function should be performed in MODES 1,2,3 when the CCS is not supporting RNS operation.- De bases for this re:ommendatice is that the CCS is  ;

more risk important during shutdown V' DES, especially during the MODES of applicability {

conditions than during other MODES.  ;

i

l 7

i 4

I e

I 4 . WCAP 13856 .

Revision: 1 8

, 7 eussewimpr.ib4toses im , 10 31- ,

d 1

• 4 - g y - e e.-, ghe w- , . . . .m y ,p , g -g.,g-e eh , _%r - w e-r ow.- g,

l Table 10 2 (cont.)

INVESThtENT PROTECTION SilORT TERht AVAILABILITY CONTROLS 2.0 Plant Systems 2.4 Service Water System (SWS) RCS Open OPERABILITY: Both SWS pumps and cooling tower fans should be operable for CCS cooling APPLICAlllLITY: hiODE 5 with RCS pressure boundary open, hiODE 6 with upper intemals in place and cavity level less than full ACTIONS CONDITION REQUIRED ACTION COhfPLETION TIhtE A. One pump or fan not A.I Remove plant from applicable 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> operable. htODES T1. Required Action and D.1 Submit report to [ chief nuclear i day associated Completion officer] or (on-call alternate)

Time not met. detailing interim compensatory measures, cause for inoperability, and schedule for restoration to OPERABl.E.

AND D.2 Document in plant records the I month justification for the actions taken to restoit the function to OPERABLE.

WCAP-13856 Revision: I e 0964= 1 mpr.lbalos9s 1;20ru lg32

a l Table 16 2 (cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 2.0 Plant Systems .

2.4 SWS RCS Open

,. SURVEILLANCE REQU'EMENTS SURVEILLANCE FREQUENCY SR 2.4.1 Vedfy that one SWS pump is operating and that each Within I day prior to SWS pump operating individually provides a SWS flow entedng the MODES

> [6200) spm of applicability SR 2.4.2 Operate each cooling tower fan for > 15 min Within 1 day pdor to entedng the MODES of applicability

- WCAP-13856 . Revision: I e09 4w 1.wyt.iboloses tJona 10 33

l Table 10 2 (cont.)

INVESThtENT PROTECTION SilORT.TERht AVAILABILITY CONTROLS 2.0 Plant Systems 2.4 SWS . RCS Open BASES:

%e SWS cooling of the CCS IlXs provides a nonsafety related means to normally cool the RNS IlX which cool the RCS during shutdown operations (hiODES 4,5,6). This RNS cooling function is important because it reduces the probability of an initiating event due to loss of RNS cooling and because it provides margin in the PRA sensitivity performed assaming no credit for nonsafety related SSCs to mitigate at power and shutdown events. He RCS is cr+sidered open when its pressure boundary is not capable of being re-established from the control room. The RCS is also considered open ;f there is no visible level in the pressurizer. De margin provided in the PRA study assumes a minimum availability of 90% for this function during the htODES of applicability, considering both maintenance unavailability and failures to operate.

The SWS cooling of the CCS llXs involves two SWS pumps and cooling tower fans and the SWS line to the RNS IlXs. De valves in the SWS lines should be open prior to the plant entering these conditions. One of the SWS pumps and its cooling tower fan has to be operating. The other SWS pump and cooling tower fan may be operating or may be in standby. Standby includes the capability of being able to be placed into operation from the main control room. Refer to SSAR t,ection 9.2.1 for additional information on the CCS.

Both SWS pumps and cooling tower fans should be available during the h10 DES of applicability when the loss of RNS cooling is risk important. If both SWS pumps and cooling tower fans are not available, the plant should not enter these conditions, if the plant has entered these conditions, then the plant should take action to restore both SWS pumps / fans or to leave these conditions.

Planned maintenance affecting this SWS cooling function should be performed in MODES when the SWS is not suplerting RNS operation, i.e., dunng h10 DES 1,2,3. De bases for this recommendation is that the SWS is more risk important during shutdown h10 DES, especially during the htODES of applicability conditions than during other h10 DES.

l WCAP 13856 Pevision: 1 au9:4. I wg it,-olos9s.im io.34

l Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 2.0 Plant Systems 2.5 Passive Containment System Water Storage Tank (PCCWST) Makeup . Long Term Shutdown OPERABILITY: Long term makeup to the PCCWST should be operable APPLICABILITY: MODES 1, 2, 3, 4 MODES 5 and 6 with calculates cora decay heat > 6 MWt.

ACTIONS CONDITION REQUIRED ACTION CCMPLETION TIME

- A. Water volume in PCS A.! Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> ancillary tank less than [on-call alternate).

limit.

AND A.2 Restore volume to within limits 14 days B. One required PCS B.I Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> recirculation pump not [on-call alternate).

operable, AND B.2 Restore pump to operable status 14 days C. Required Action and C,1 Submit report to (chief nuclear i day

- associated Completion officer) or [on call attemate)

Time of Condition A, B - detailing interim compensatory not met. measures, cause for inoperability, and schedule for restoration to OPERABLE.

AND C.2 Document in plant records the 1 month justification for the actions taken to restore the function to

. OPERABLE.

WCAP 13856 .

Revision: 1

. oV964w iwpr.lb010594120PM 10 ._-_ __-___-- __ _-__-_--_ _

. ,,-. . - . . . . _ . _~ .

'~'

a ll  ! Table 10 2 (cont)-

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS 2.0 Plant Systems

~ 2.5 PCCWST Makeup - Long Term Shutdown -

. 1 i

1 SURVEILLANCE REQUIREMENTS-I SURVEILLANCE - FREQUENCY S R -2.5.1- Verify water volume in the PCS ancillary tank is 31 days

-> [362,000] gal. ,

SR'2.5.2 Record that the required PCS recirculation pump provides 92 days recirculation of the PCCWST at > [62) gpm.

SR 2.5.3 Verify that each PCS recirculation pump transfers 10 years

> [62] gpm from the PCS ancillary tank to the PCCWST, During this test, each PCS recirculation pump will be '

powered from a ancillary diesel.

l i

k

-z 4 WCAP 13856 - .

Revision: 1 0:09tuw l.wpf.It>010596. .20PM 1 'l0-36

{r ,

!l~ Tab 8e 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 2.0 ' Pla.7t Systems 2.5' PCCWST Makeup Long Term Shutdown BASES:

The PCS recirculation pumps provide long term shutdown support by transferring water from the PCS ancillary tank to the PCCWST, his water is used to maintr'n PCS cooling during the 3 to 7 day time .

. per od fellowing an accident. After 7 days water brought in from offsite allows the PCCWST to i

continue to provide PCS tooling and also to provide makeup to the spent fuel pit. This PCCWST makeup function is important because it supports lor.g term shutdown operation. A minimum svailability of H)% is assumed for this function during the MODES of applicability, considering both l maintenance unavailability and failures to operate.

' De PCCWST makeup function involves the use of one PCS recirculation pump, the PCS ancillary tank and the line connecting the PCS ancillary tank with the PCCWST, One PCS recirculation pump

- normally operates to recirculate the PCCWST. Refer to SSAR section 6.2.2 for additional information on the PCCWST makeup function.

The PCCWST makeup function should be available during MODES of operation when PCS cooling is required; one PCS recirculation pump and PCS ancillary tank should be available during MODES

- 1,2,3,4, and MODES S and 6 with calculated core decay heat > 6 MWt. De PCS is required to be available during these MODES; it is not required to be available in MODE 5 or 6 with calculated core decay heat < 6 MWt.

Planned maintenance affecting the required PCCWST recirculation pump should not be performed during required MODES; planned maintenance should be performed on tac redundant pump (i.e., the pump not required to be available).' Planned maintenance affecting the PCS ancillary tank that requires )ess than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to perform can be performed in any MODE of operation. Planned maintenance requiring more than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> should be performed in MODES 5 or 6 when the calculated core decay heat is < 6 MWt. De bases for this recommendation is that the long-term PCS makeup is not required in this condition.

.s

~

~

.WCAP 13856 - Revision: I

_ oM984 4wpr:150tos9s-th 30 37

.=

l Table 10-2 (cont.)

. !NVESTMENT PROTECTIGX SHORT. TERM AVAILABILITY CONTROLS -

2.0 - Plant Systems -

2.6. Main Control Room (MCR) Cooling - Long Term Shutdown OPERABILITY: Long term cooling of the MCR should be operable -

APPLICABILITY: MODES 1, 2, 3, 4, 5, 6 ACTIONS _

CONDITION - REQUIRED ACTION COMPLETION TIME 1

I A. One tegttired MCR A.! Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />

- ancillary fans not . [on-call altemate).-

operable. ^

l AND A.2 Restore one fan to operable status 14 days B. Required Action and B.1 Sub@ report to [ chief nuclear i day associated Completion offiv ; or [on<all attemate]

Time not met, detailing interim compensator, measures, cause for inoperability, and schedule for restoration to OPERABLE.

AND

. B.' Document in plant records the 1 month justification for the actions taken to restore the function to OPERABLE.

i

= WCAP-13856 -

Revision: I a.u96:w.13pt: belosw120'M 10-38

,n

. . .l! Table 10 2 (cont.)-

INVESTMENT PROTECTION SHORT-TERM AVAILABILITY CONTROLS

~

2.O Plant Systems-2.6 MCR Cooling Long Term Shutdown SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 2.6.1 . Operate required MCR ancillary fan for > 15 min 92 days Sk 2.6.2 Verify that each MCR ancillary fan can provide a flow of 10 years . .

air into the MCR for >l5 min During this test, the MCR ancillary fans will be powered from the ancillary diesels.

I

(-

t WCAP-13856 Revision: 1

. o:u984 i*rf',1 bates 9s-1:20ru 10-39

I l- Table 10 2 (cont.)

' INVESTMENT PROTECTION SHORT-TERM AVAILABILITY CONTROLS- l 2.0 Plant Syster.is

' 2.6 MCR Cooling - Ing Term Shutdown -

-l BASES:

The MCR ancillary fans provide long term shutdown support by cooling the main control room. For the first three days after an accident the emergency HVAC system (VES) together with the passive ,

. heat sinks in the MCR provide cooling of the MCR. After 3 days, the MCR ancillary fans can be used to circulate ambient air through the MCR to provide cooling. The long term MCR cooling

. function should be available during all MODES of operation. This long term MCR cooling function is important because .t supports long-term shutdown operation. A minimum availability of 90% is assumed for this function during the MODES of applicability, considering both maintenance unavailability and failures to operate.

'Ihe long term MCR cooling function involves the use of a MCR ancillary fan, During SR 2.6.1 the fan will be run to verify that it operates without providing flow to the MCR. During SR 2.6.2 each fan will be connected to the MCR and operated such that they provide flow to the MCR. Refer to SSAR section 9.4.1 for additional information on the long term MCR cooling function.

One MCR ancillary fan should be available during all MODES of plant operation.- Planned maintenance should not be performed on the required MCR ancillary fan during a required MODE of operation; planned maintenance should be performed on the redundant MCR ancillary fan (i.e., the fan not required to be available) during MODES 3 or 4, MODE 5 with a visible pressurizer level or MODE 6 with the refueling cavity full; these MODES are selected because the reactor is tripped in these MODES and the risk of core damage / hydrogen generation is low.

i 1

. WCAP-13856 Revision: 1 oM984w.lapr:lt>010398-l:20m 10-40

- - . . . . . . . . . ~

_. u .~ ,_ . .

- - _ _ . - , . ~

'lh.i: p? '

T

= Table 10 2 (cont.) .. _

1

'N

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS c ,

'i

~

2.0 Plant Systems -

[

2.7. I&C Room Cooling - Long Term Shutdown

=

q OPERABILITY: = Long term cooling of I&C rooms B_& C should be ~ operable  ;

- APPLICABILITY:1 MODES 1, 2, 3, 4, 5, 6 :

i ACTIONS CONDITION'- REQUIRED ACTION: COMPLETION TIME -

" A. - One required I&C room L ' A.1 Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> - ,

ancillary fan not operable, ' [on-call altemate]. 4 AND A.2 Restore one fan' to operable status 14 days -

B. Required ' Action and B.I. Submit report to [ chief nuclear i day [

associated Completion officer) or [on-call.altemate]

Time not met . detailing interim compensatory -

measures, cause for inoperability, <

ane schedule for restoration to OPERABLE.

AND:

B.2 Document in plant records the 1 month

.: justification for the actions taken to restore the function to OPERABLE.

9 a

i

. h.. .

WCAP.13856 . . . . .

Revision:' I s,  ; oA)es4w l#:st4tomt:20rw l . t(y l '

9

,, ,, . . . . . ~ . , . , . - _ , ,*-5.mi..- - ,, , ,- . , = , ,-

.g - , y-

+

.y y j

~

1 . : Table 16 2 (cont.) - .. q n

/ C INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS e  :

.r q

t

2.0 Plant Systems -

. 2.7. l&C Room Cooling Long Term Shutdown SURVEILLANCE REQUIREMENTS _

4 SURVEILLANCE FREQUENCY.-)_ -

.i SR ' 2.7.1 '  ; Operate required I&C room ancillary fan for > 15 min 92 days f

- SR :.2.7.2. LVerify tiist each I&C room ancillary fan can provide a: 10 years flow of air into an I&C room for >15 min' ' During this test, the I&C room ancillary fans will be powered from an -  :;

. ancillary diesel, e

k t

..: I r

. .i l

=

l

WCAP-13856 . ..-

Revision: 1

- tuossw.I,wyt.l u tM w tao m . 3().42

.'. . , . - . . . . - . . . . .:. - - , ,  ; a - .. - ,.

e ,

z.: -

k .

LTable 10 2 (cont.)" ,

= INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS- ,

' 2.0: Plani Systems.

2.7 il&C Room Cooling Long Term Shutdown - l i

BASES: -

I The I&C room' ancillary fans provide long term shutdown support by cooling'I&C rooms B & C ;

I which contain post accident instrument processing equipment. For the first three days after an accident the passive heat sinks in the I&C rooms provide cooling. After 3 days, the I&C room -  :

.  ; ancillary fans can be used to circutaw ambient air through the I&C room to provide cooling. The long :

term IAC room cooling function.should.be available during all MODES of operation.' 'Ihis long term ~

IAC room cooling fanction is important because it supports long term shutdown operation. A a l minimum availability of 90% is assumed for this function during the MODES of applicability,--

?considering both maintenance unavailability and failures to operate.

l'Ihe long term 1&C room cooling function involves the use of two I&C room ancillary fans; each fan is associated with one 1&C room (B or C). During SR 2.6.1 the required fan will be run to verify that fit operates without providing flow to the I&C room. During SR 2.6.2 each fan will be connected to

~

~ its associated 1&C room and operated such that flow is provided to the I&C room. Refer to SSAR section 9.4.1 for additional information on the long term I&C room cooling function.

- One I&C room ancillary fan should be available during all MODES of plant operation. Planned maintenance should not be performed on the required I&C room ancillary fan during a required --

• MODE of operation; planned maintenance should be performed on the redundant I&C room ancillary fan.

5 A 4 7

li l

~

4 4

> !_WCaP 13856 ~ - . Revision: ~ -

*09:4w,1.wyr.lt>01059s th c 10 # '

- ,,-o.e, .-, e e - , , vn- mn e w ~~, e- +g en

. , . . - . . - . - ~. , - - . . .~

)N Table 10 2 (cont.)i

^ ~

INVESTMF.NT PROTECTION SHORT. TERM AVAILABILITY CONTROLS ~

m.

/2.0: Plant Systemst 2.8 Hydrogen Ignitorsi

.z

- OPERABILITY: '

'Ihe hydrogen ignitors listed in Table 2.8-1 should be operable APPLICABILITY: - MODE 1, 2, ~ ._ .!

' - MODE 5 with RCS pressure boundary open,;

iMODE 6 with upper intemals in place and cavity' level less than full 4

-c ACTIONS - -l CONDITION REQUIRED ACTION COMPLETION TIME l

. . . i A. One or more required A.I Notify (chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> -

hydrogen ignitor .. (on-call altemate).-

inoperable.

AND-  !

A.2 Restore required ignitors to - 14 days 1 operable status.-  ;

B.- Required Action and B.1 Submit report to [ chief nuclear i day ,

associated Completion -officer) or (on-call altemate)

Time of Condition A not detailing interim compensatory met. measures, cause for inoperability, and schedule for restoration to OPERABLE.-

AND B.2 : Document in plant accords the I month justification for the actions teken to restore the function to

' OPERABLE.

~

WCAP-13856 Revision:- l~

- orws4..t.wyt.ibelos96-120m - Ig.g ;

?L

. 3 7...

- g 5l Table 10 2 (coat.) -

'1 INVESTMENT PROTECTION SHORT - TERM AVAILAL- TY CONTROLS

~2.0 Plant Systems  ;

2.8 Hydrogen Ignitors -  !

s ,

- SURVEILLANCE REQUIREMENTS

- SURVEILLANCE ' FREQUENCY - .

SR 2.8.1 Energize each required hydrogen ignitor and verify the surface Each refueling outage..

tempera *ure is > [1700] . .

I s

4 4

I t-4 4

WCAP-13856 . Revision: I n:0964 l.wyt:lb-01059s-t;.w 10 45 ,

O l- Table 10 2 (cont.)

INVESTMENT I'ROTECTION SHORT. TERM AVAILABILITY CONTROLS Table 2.81, hydrogen Ignitors (1)-

Location Hydrogen Ignitors Group 1 Group 2 Reactor Cavity note 2 note 2 Loop Compartment #1 12,13 11,14.

Loop Compartment #2 5,8 6,7 Pressurizer Compartment 49,60 50,59 Tunnel connecting Loop Compartments 1,3,31 2,4,30 Southeast Valve Room & Southeast 21 20 I Accumulator Room ,

East Valve Room. Northeast Accumulator 18 17,19 Room, & Northeast Valve Room North CVS Equipment Room 34 33 Lower Compartment Area 22,27,28,29,31,32 23,24,25,26,30 (CMT and Valve Area)

IRWST 9,35,37 10,36,38 IRWST inlet 16 15 Refueling Cavity 55,58 56,57 Upper Compartment

- Lower Region 39,42,43,44,47 40,41,45,46,47

- Mid Region -51,54 52,53

- - Upper Region 61,63 62,64 Notes:

1) 'Ihe tatic lists the hydrogen ignitors. In each location, all of the ignitors in Group 1 or Group 2 should be u wilable. It is not nec,:ssary for all of the available ignitors to be in one group.

2) Ignitors in this lu:ation are shared with other locations.

~ WCAP-13856 Revision: 1 oM984w.l.wpf.lb410$98-120m 10 46

+ l lI - Table 10 2 (cont.)

INVESTMENT PROTECTION SHOPT. TERM AVAILABILITY CONTROLS 2 0 Plant Systems 2.8 Hydrogen Ignitors BASES: ,

The hydrogen ignitors should be available to provide the capability of burning hydrogen generated during severe accidents in order to prevent failure of the containment due to hydrogen detonation.

- These hydrogen ignitors are required by 10 CFR 50.34 to limit the buildup of hydrogen to less than 10% assuming that 100% of the active zircaloy fuel cladding is oxidized.

~

This function is also important because it prodoes margin in the PRA sensitivity performed assuming no credit for nonsafety related SSCs to mitigate at-power and shutdown events. The margin provided in the PRA study assumes a minimum availability of 90% for this function during the MOD 2J of applicability, considering both maintenance unavailability and failures to operate.

The ignitors are distributed in the containment to limit the buildup of hydrogen in local areas. Two groaps of ignitors are provided in each area; one of which is sufficient to limit the buildup of hydrogen. When an ignhor is energized, the ign; tor surface heats up to 2 [1700] F. This temperature is sufficient to ignite hydrogen in the vicinity of the ignitor when the lower flammability limit is reached. SSAR section 6.2.4 provides additional information.

The hydrogen ignitor function should be available during MODES 1 and 2 when core decay heat is high and during MODES 5 when the RCS pressure boundary is open and in MODE 6 when the refueling cavity is not full. - Planned maintenance should be performeJ on hydrogen ignitors when they are not required to meet this availability control.

s WCAP 13856 ' Revision: 1 o \3984*-1.wpf.lM10596-1:20PM 10-47 i

A l Table 10-2 (cont.) '

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 3.0 Electrical Power Systems i 3.1 AC Power Supplies -

' OPERABILITY: - One standby diesel generator should be operable

' APPLICABILITY: . MODES 1, 2, 3, 4, 5 -

ACrlONS CONDITION ' REQUIRED ACTION COMPLETION TIME A. Fuel volume in one A.1 Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> required standA 4 1iesel - [on-call alternate).

fuel tank less than limit. -

I AND l

A.2 Restore volume to within limits 14 days l l

B. One recuired fuel transfer B.1 Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> pump or standby diesel - [on-call attemate).

generator not operable.

AND l B.2 Restore pump and diesel generator 14 days to operable status C. Required Action and C.1 Submit report to [ chief nuclear I day associated Completion officer) or [on-call attemee]

Time not met detailing interim compensatory measures, cause for inoperability and schedule for restoration to OPERABLE.

AND C.2 Document in plant records the 1 month ,

justification for the actions taken to restore the function to OPERABLE.

WCAP 13356 Revision: 1 eM9s4w l. pf;nb.ot0598-1:_w - 3 o.4g

.. - . . . - ~ -

'I

~

. Table 10 2 (cont.)

' INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS -

7 3.0 : Electrical Power Systems 3.l AC Power Supplies SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENC's SR 3.1.1 Verify that the fuel oil volume in the required standby diesel 31 days-generator fuel tank is > [50,000] gal.

SR - 3.1.2 Record' that the required fuel oil transfer pump provides a ' 92 days recirculation flow of > [8] gpm.

SR 3.1.3 Verify that the required standby diesel generator starts and- 92 days operates at > [3800) kw for > 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. This test may utilize diesel engine prelube prior to starting and a warmup period  ;

prior to loading.

SR 3.1.4 Verify that each standby diesel generator starts and operates at 10 years

> [3800] kw for > 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. This test may utilize diesel-engine prelube prior to starting and a warmup period prior to loading. Both diesel generators will be operated at the same 7 tirne during this test.

WCAP-13856 - - ,. Revision: I eM964w.1*pr ibolos98-icom . 10 49

l Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 3.0 Electrical Power Systems :

3.1 AC Power Supplies BASES:

AC power is required to power the RNS and to provide a nonsafety-related means of supplying power to the safety related PMS for actuation and post accident monitoring. De RNS provides a nonsafety-related means to inject water into the RCS following ADS actuations in MODES 1,2,3,4 (when steam generators cool the RCS). His AC power supply function is important because it adds margin to the ,

i

PRA sensitivity performed assuming no credit for nonsafety-related SSCs to mitigate at-power and-shutdown events. De margin provided in the PRA study assumes a minimum availability of 90% for this function during the MODES of applicability, considering both maintenance unavailability and failures to operate.

. Two standby diesel generators are provided. Each standby diesel generator has its own fuel oil transfer pump and fuel oil tank. De volume of fuel oil required is that volume that is above the connection to the fuel oil transfer pump. Refer to SSAR section 8.3.1 for additional information.

This AC power supply function should be available during MODES 1,2,3,4,5 when RNS injection end' PMS actuation are more risk imponant. Planned maintenance should not be performed on required AC power supply SSCs during a required MODE of operation; planned maintenance should be performed on redundant AC power supply SSCs during MODES 1,2,3 when the RNS is not normally in operation. The bases for this recommendation is that the AC power is more risk important during shutdown MODES, especially when the RCS is open as defined in availability control 2.2, than during other MODES.

- WCAP 13856 Revision: 1 o:u964 twpt tt4tos98- :20PM 10 50

. -. y  ;

. _ _ _ . . ._ .m.____ ,

< = ,

g I~ ' l5

- Tame 10 2 (coat.)  :

i i INVESTMENT PROTECTION SHORT TERM ' AVAILABILITY _ CONTROLS ..

j

,j 13.0 ' Elostrical Power Synems ; _;

L -

2

?3.O AC Power Supplies RCS Open j e

OPERABILITY:: . Two AC power supplies should be operable to support RN5 operation :

APPLICABILITY: MODE $ with RCS pressure boundary open, I MODE 6 with pyytt intemals in place 'and cavity level less than full . , _

ACTIONS l CONDITION.  ; REQUIRED ACTION COMPLETION TIME

'A. . One required AC power A.1 Remove plant from applicable 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />

= supply not operable.E . MODES B, . Required Action and B.! Sr* ' woort to [c5ief nuclear i day.

associated Completion-  : o' s pn-call altemate]

Time not met, det. . interim compensatory measures, cause for inoperability.

and schedule for restoration to OPSRABLE. -

e AND- .

B.2 Document in plant records the . I month justification for the actioas taken

' to testore the function to

-OPERABLE. 'l s Y

{

s 1

4 c

e -

s WCAP-13856 ... .  : Revision: - 1i nau964= twyrhol0598-lh 10 _. _ _ _ . _ _ - o  ; .. ,_._ i .. , _ _ , _. _ . _ _ .

, . , , . ~ . . - - .. - ..- . . . ~ ..... . . .. -

< $ , /T ae bl i0 2'(cont.)~

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS :

3.b: Electrical Power Sptems

~

3.2' AC Power Supplies RCS Open. ,

-j

! SURVEILLANCE REQUIREMENTS

-SURVEILLANCE - FREQUENCY.-

SR : 3.2.1 Verify that the required number of AC power supplies are Within 1. day prior to- 3

operable entering the MODES'  : j of applicability i 4

5 k

i?

.F F

4 d

i e

c..

9 T WCAP-13856

o u es4w-t.wpr.t w ios9s-loo " " 10 . . ..

N 9 W# vw ,Vv'&- -'

w- e v &g- 4 e i

-i e . t l ,

, Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 3.0 Electrical Power Systems 3.2 AC Power Supplies - RCS Open

. BASES:

AC power is required to power the RNS and its required support systems (CCS & SWS); the RNS provides a nonsafety related means to normally cool the RCS during shutdown operations. This RNS cooling fun: tion is important when the RCS pressure boundary is open and the refueling cavity is not flooded because it reduces the probability of an initiating event due to loss of RNS cooling during these conditions and because it provides margin in the PRA sensitivity performed assuming no credit for nonsafety related SSCs to mitigate at power and shutdown events. Th: RCS is considered open when its pressure boundary is not capable of being re-established from the control room. The RCS is also considered open if there is no visible level in the pressurizer. De n.argin provided in the PRA-

study assumes a minimum availability of 90% for this function during the MODES of applicability, considering both maintenance unavailability and failures to operate.

Two AC power supplies, one offsite and one onsite supply, should be available as follows:

a) Offsite power through the transmission switchyard and either the main step-up transformer

/ unit auxiliary transformer or the reserve auxiliary transformer supply from the

- transmission switchyard, and b) Onsite power from one of the two standby diesel generators.

Refer to SSAR section 8.3.1 for additional infonnation on the standby diesel generators. Refer to SSAR section 8.2 for information on the offsite AC power supply.

One offsite and one onsite AC power supply should be available during the MODES of applicability when the loss of RNS cooling is important. If both of these AC power supplies are not available, the plant should not enter these conditions. If the plant has already entered these conditions, then the plant should take action to re> tone this AC power supply function or to leave these conditions.

Planned maintenance should not be performed on required AC power supply SSCs, Planned maintenance affecting the standby diesel generators should be performed in MODES 1,2,3 when the RNS is not normally in operation. Planned maintenance of the other AC power supply should be performed in MODES 2,3, or MODE 6 with the refueling cavity full. He bases for this recommendation is that the AC power is more risk important during shutdown MODES, especially

'during the MODES of applicability conditions than during other MODES.

WCAP-13856 Revision

1 3

. oV984w.impr:idoios9s-1:20ru g().53

. . . .. ~,. . - . .., -. - -- . . - - - - ,

NV

]: '

Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS '

3'.01 Electrical Power Systems -- a 3.31 AC Power Supplici- Long Term Shutdown OPERABILITY:) One' ancillary diesel generator should be operable APPLICABILITY: MODES 1, 2, 3, 4, 5, 6 '

- ACTIONS" )

-CONDITION 1 REQUIRED ACTION- COMPLETION TIME .

A. Fuel' volume.in ancillary A.1 Notify [ chief nuclear officer) or 72 he its diesel fuel tank less than [on call alternate].

? limit. .

AND .;

A.2 Restore volume to within limits - '14 days {

. B. One required ancillary - -B.! Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> diesel generator not [on call attemate). .

. operable. .

AND-B.2. Restore one diesel generator to 14 days ,

, operable status

. C.. Required Action and C ! Submit report to [ chief nuclear l' day associated Completion officer) or [on-call alternate] .

- Time not met, detailing interim compensatory measures, cause for inoperability, t and schedule for restoration to OPERABLE.

AND C.2 Document in plant records the 1 month justification for the actions taken to restore the function to

-OPERABLE.

J J

~

a

'WCAP 13856 : Revisioni 1 -

b o ues4w 1.wpr:iwice9s 1com .30-54

-v -

,<s- . .-.r_-. -

, , . ,_ . . , , . . + ~ , . . ~ , . . . , , r-

d.

l Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 3.0' Electrical Power Systems 3.3 AC Power Supplies - kng Term Shutdown ,

SliRVEILLANCE REQUIREMENTS

' SURVEILLANCE FREQUENCY f

l lSR _ 3.3.l! Verify fuel volume in the ancillary fuel tank is >[450] gal 31 days SR 3.3.2 Verify that the required diesel generator starts and operates for 92 days l >l hour connected to a test load > [24] kw.- Ris test may utilize diesel engine warmup period prior to loading.

SR 3.3.3 Verify that each diesel generator starts and operates for 4 10 years hours while providing power to the regulating transformer, an ancillary control room fan, an ancillary I&C room fan and a passive containment cooling water storage tank recirculation pump that it will power in a long term post accident condition.

Test loads will be applied to the output of the regulating transformers that represent the loads required for post accident monitoring and control room lighting, his test may utilize .~

diesel engine warmup prior to loading. Both diesel generators will be operated at the same time during this. test.

t 4

4

?WCAP lD856 = - -

Revision: 1

_ oM984..Inyt. t-0t0398-tsw I0 55

[ Table 10 2 (cont.)

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS

'3.0 Electrical Power Systems 3.3 ' AC Power Supplies - 1xmg Term Shutdown BASES:

l%e ancillary diesel generators provide long term power supplies for post accident monitoring, MCR

]

and 1&C room cooling, PCS and spent fuel water makeup. For the first three dsys after an accident

]

the 'E batteries provide power for post accident monitoring. Passive heat sinks provide cooling of the '

MCR and the I&C rooms. The initial water supply in the PCCWST provides for at least 3 days of PCS cooling. = The initial water volume in the spent fuel pit normally provides for 7 ' days of rpent fuel -

cooling; in some shutdown events the PCCWST is used to suppiement the spent fuel pit. A minimum

- availability of 90% is assumed for this function during the MODES of applicability, considering both maintenance unavailability and failures to operate.

After 3 days, ancillary diesel generators can be used to power the MCR and I&C room ancillary fans, the PCS recirculation pumps and MCR lighting. In this time frame, the PCCWST provides water makeup to both the PCS and the spent fuel pit. An ancillary generator should be available during all MODES of operation. This long term AC power supply function is important because it supports long-term shutdown operation.

The long term AC power supply function involves the use of two ancillary diesel generators and an ancillary diesel generator fuel oil storage tank. Refer to SSAR section 8.3.1 for additional information on the long term AC prever supply function.

One ancillary diesel generator and the ancillary diesel generator fuel oil storage tank should be available during all MODES of plant operation. Planned maintenance should not be performed on the required ancillary diesel generator during a required MODE of operation.: planned maintenance should be performed on .he redundant ancillary diesel generator. Planned maintenance affecting the ancillary diesel fuel tank that requires less than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to perform can be performed in any MODE of operr. ion. Planned maintenance requiring more than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> should be performed in MODE 6 with the refueling cavity full. De basis for this recommendation is that core decay heat is low and the risk of core damage is low in these MODES he inventory of the refueling cavity results in slow response

. of the plant to accidents.

- WCAP 13856 Revision: 1

- - oM984w.l wpt.lt>.0105981:20rs: 10 56 4

, .- . . . . . . . ~.. . .. - . -. . . , . - - - .

. 1 4

~

l1 4 Table 10 2 (c at.)

-INVESTMENT PR'OTECTION SHORT TERM AVAILABILITY CONTROLS :l 3.0 = Electrical Power Sjstems : Ei 3.4 6DC Power Supplies - i LOPERABILITY: - Power for DA3 ' automatic actuation functions listed in 1.1 and 1.fiould be operable'; .,

P APPLICABILITYi MODES 1, 2, 3, 4, 5,-

-- MODE 6 with upper internals in place and cavity level less than full j ,

2 ACTIONS -

CONDITION REQUIRED ACTION - COMPLETION TIME - ,

i TA. Power to DAS Function - - A.1 Notify [ chief nuclear officer) or 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />  !

inoperable. . [on-call altemate).

i ANDx A.2 Restore power supply to DAS to 14 days ,

operable status B.- Required Action and - B.1 Submit report to [ chief nuclear i day associated Completion officer) or [on-call altemate]

2 -Time of Condition A not detailing interim compensatory met, measures, cause for inopere. 3ty, and schedule for restoration to OPERABLE

-AND B.2 Document in plant records the 1 month justification for the actions taken

_ to restore the function to -

OPERABLE.

n 1

-f s

b '

,  ? WCAP-13856 : .

. Revision: 1

o:0904w-tmpt:Iwios98120m 10-57

~

_ j i

4 l - Table 10 2 (cont.)-

INVESTMENT PROTECTION SHORT TERM AVAILABILITY CONTROLS 3.0 Electrical Power Systems 3.'4 ' Non Class IE DC and UPS System (EDS)

SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR~ ~3.4.1 Verify power supply voltage at each DAS cabinet is 120 92 days -

volts i 5% 1 1

d

,W CAP 13856 Revision: 1 a:\3984*-l.wpf.lM10598-lh 10-58

- ~. .

j l ,,

Tame' 10 2 (cont.)

INVESTMENT PROTECTION SHORT. TERM AVAILABILITY CONTROLS i

3,0_ Electrical Power Systems 3.41Non Class IE DC and UPS System (EDS)

BASES:

The EDS function of providing power to DAS to support ATWS mitigation is importrant based 'on 10 CFR 50.62 (ATWS Rule) and to support ESFA is important based on providing margin in the PRA sensitivity performed assuming no credit for nonsafety related SSCs to mitigate at-power and shutdown events. The margin provided in the PRA rtudy assumes a minimum availability of 90% for

. this function during the MODES of applicability, considering both maintenance unavailability and ,

failures to operate, i De DAS uses a 2 out of 2 logic to actuate automatic functions. EDS power must be available to the DAS sensors, DAS actuation, and the devices which control the actuated components. Power may be provided by EDS to DAS by non.1E batteries through non lE inverters. Other means of providing -

powe' to DAS include the spare battery through a non-1E inverter or non lE regulating transformers.

The EDS support of the DAS ATWS mitigation function is required during MODE 1 when ATWS is a limiting event and during MODES 1,2,3,4,5,6 when ESFA is important. The DAS ESFA is required in MODE 6 with upper internals in place and cavity level less than full. Planned maintenance should not be pe formed on a required EDS SSC during a required MODE of operation; planned maintenance should be performed on redundant supplies of EDS power

- WCAP-13856 Revision: 1

. an9s4 impr.thotos9s-icom 10 59