ML20199H062

From kanterella
Jump to navigation Jump to search
Rev 0 to 90459, Failure Modes & Effects Analysis DG Cross- Tie;DCP7048.00SE SONGS Units 2 & 3
ML20199H062
Person / Time
Site: San Onofre  Southern California Edison icon.png
Issue date: 11/13/1997
From: Basu B, Cabiling R, Shepherd S
SOUTHERN CALIFORNIA EDISON CO.
To:
Shared Package
ML20199H054 List:
References
90459, 90459-R, 90459-R00, NUDOCS 9711260008
Download: ML20199H062 (13)
v  d  e


Text

..

. i Fall,URE MODES & EFFECTS ANAINSIS

. DG CROSS-TIE; DCP7048.00SE.

SONGS Units 2 & 3 Document # 90459 Revision 0 November 13,1997 Prepared by: Mahg Bikash Basu Reviewed by: / b 4'<b P

/

lb'c Cabiling 9 Reviewed by: 7[

~

~S /ve Shepherd /

Approved Hy: M Kalillara 1

9711260000 971120 DR ADOCK 0 gi

i 4

l FAILURE MODES & EFFECTS ANALYSIS '

. DG CROSS TIE; DCP7048.00SE.

SONGS Units 2 & 3

1. INTRODUCTION AND BACKGROUND:

Edison's letter to the NRC dated October 24,1997 committed that a Failure Mode and Effect Analysis will be performed for the Cross Tie modification. The DCP considered all credible single failure events of the components installed. The effects of the newly installed components on the system as well as related systems or subsystems required to perform the safety function as described in the UFSAR, and Design Basis Document were evaluated, it was concluded during the process of the design modification that this design modification does not have any single failure that could cause a failure of either Unit's Class IE power system. Since either train ofone unit can supply the needs of both units, and the cross ties are separated this prosides implicit single failure protection against cross-tic failures. Ilowever, the DCP did not document this finding. The intent of this FMEA is to capture those findings.

The ftmetional objective of the DG crosstic modification is to allow, subsequent to satisfying 10 CFR 50.54(x) requirements, manual cross-connect of a unit's DG to the san.e train of the opposite unit's 4160VAC Engineered Safety Features (ESF) bus in the event ofloss of normal preferred power, alternate preferred power, and standby power to the opposite unit's 4160VAC Class IE bus.

Two dedicated Diesel Generator Cross-Tie permissive lland Switches (IIS-5054XA1 and ilS-5054XB1 for TRAIN A,11S 5054XA2 and ilS 5054XB2 for TRAIN B) with

" Normal" and "50.54X" maintained position will be used per ESF train per unit for 10CFR 50.54(x) operation. The hand switches will be located at the train A and Trali. B Exlasure Fire isolation Panels of both units. After switching the crosstic permissive switches at each unit's fire isolation panelin the Class IE switchgear room, all subsequent operations are completed in the main control room.

Normal Operations. Modes 1-6 During the normal operation mode (modes 1-6) all 50.54X hand switches must be placed in the " Normal" position for the DG and 4160VAC Class IE bus to be " OPERABLE."

In the " Normal" position, all existing design functions will be unafrected. The bypass INOP Status panel will annunciate if any of the switches are RO.I in the Normal position.

10 CFR 50.54(x) Oneration The hand switches on the affected train in both units (four total per train / two per bus in 2

each unit) must be selected manually in the IE switchgear rooms to the "50.54X" position

. for cross connection of the DG to the opposite unit at panel CR63 in the main control room.

The following are achieved upon placing the four afTected train lland Switches (IIS)( two per train of each unit) to the "50.54X" position:

1. Removes the "2 out of 4,4 sec. delayed LOVS/SDVS or DGVSS" trip signal to each tie breaker in order to permit the tie breaker to be closed onto a dead bus from CR63 (contact # 42-43 and contact # 52-53 from both redundant IIS of a train are used for this function).
2. Allows each tie breaker to close without initiating an associated DG breaker trip (contact # 11-12 from both redundant ils of a train are used for this function).
3. Disables each 4160VAC Class lE bus voltage reset relay circuit to stop automatic load sequencing on both units. This will prevent SIAS overloading of the DG.

Manual operator action in the control room will manually start the sequenced ESF loads that are neeved while maintaining the DG within allowable load limits (contact # 31-32 from both redundant IIS of a tra.:n are used for this function).

4. Initiates a diesel generator ESF system bypass / inoperable alarm and status indication in each unit (contact # 21-22 from both redundant ils of a train are used for this fbnction).
5. Forces the DG to operate in the droop mode when it is connected to the offsite power system through either unit (contact # 62-63 and contact # 66-67 from both redundant ilS of a train are used for this function).
2. SCOPE:

The configuration evaluated was the post design modifications per DCP 7048.00SE. This analysis considered all possible failure modes of the Unit 2 train A liand Switches (11S-5054XAl and ilS 5054XI31 for Unit 2, TRAIN A).

3. METilODOLOGY:

The methodology used for this single failure analysis is consistent with that of " Design Standard for Single Failure Analysis for Songs Generating Station Units 1,2 & 3" This analysis only includes U2 Train A. U2 Train B and both trains of U3 design changes are identical as such this FMEA is also applicable to these trains. Ilot short of newly added cables in the modified control circuit is not analyzed here as DCP considered the compliance with appendix R requirements and concluded that the newly added cables have 3

l 1

no impact on appendix R compliance.

I

4. CRITERIA:

The criteria used for this single failure analysis are consistent with that of Design Standard for Single Failure Analysis for Songs Generating Station Units 1,2 & 3, Standard No. TS-123-106, R0.

The components installed are ali considered passive. The affected control circuits are poweied by 125V DC ungrounded source. The modified annunciator circuit to initiate a diesel Eencrator ESF system bypass / inoperable alarm and status indication in each unit (contact # 21-22 from both redundant IIS of a train are used for this function) was not considered for this analysis. A normally closed IIS contact in the annunciator circuit if inadvertently opens in modes 1 6 operation of the Unit will proside an Alarm / Indication as designed. For any other postulated failure it may only impact the Alarm / indication circuit.

The following failure mode were considered for the remaining of the lland Switch contacts used in this modification:

Case 1. Operator Error, An incorrectly performed action by an operator. Operator placed a Iland Switch in the 50.54X position, in this event all contacts of the lland Switch will transfer to the state of 50.54X position.

Case 2. liand Switch failed in the normal position, in this scenario all open and close contacts of the lland Switch in the normal position will be ccasidered failed in the normal state (e.g switch seizes in the normal position, Ilandle loosens or comes ofi).

Case 3. Grounding of a pole of a liand Switch.

Case 4. liand Switch failed in the 50 ~4X position. This Case is same as Case 1.

Case 5. 110t short of a newly added cable in the modified control circuit.

( This is not included for this FMEA. All newly added cables are routed in the train oriented raceways. Cables were analyzed in the DCP for appendix R compliance.)

Case 6. Shorting of a contact of a liand Switch (other contacts from the same Hand Switch are unaffected).

Case 7. Opening of a liand Switch contact (other contacts from the same liand 4

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE.

ITEMS DEYlCE ID COMPf FAlli'RE LOCALE MET 110D OF INIIERENT EFTECTS ED REMARKS DEPEN MODE. DEFENDEhi DETECT 10*4 CO%IPENSA11NG s DENCY EFTECTS , PROVISIONS  ;

1 21155034XAl None Open(faded in None ( VR relay IIS Serve Rance None requiree Nane far medes 14 VR relav "441DVE er (42.43) cpen pasamon) cecun miatemsi (refueleg euangn) 10CFR $034(s)DG DGVSS.er SDYS*rese cita configwatamil crossee operataan items I threegh 16.

spryerable. Reduniassa ED 30192. (30323 shows trasm is es=rable ( band = tai &vek e nerst amoanned DG is crerable. Cme 2. 7 2 21155054XBI None Open (failed in None ( VR relav IIS SurmBance None required None kw anodes 14 Case 2. 7 (42.43) epen pasanon) circus in normal (refuchng estage) 10CTR $0.54(m) DG configurahon) ansene egeresan usoperaNe. Remandant tram is operable ir assoassed DG is operable.

3 2HS5054XAl None Open (faled a Name (VR relay IIS Surve: Hance None reqmred Nene for snades 14 Case 2.7 (52.53) crea possbon) cwcun a meanal (refueling esmage) 10CTR 5034(x)DG

( J:s e--) crosstie eperasam t emperaNe. Redundara t eram is operabie <

assooned DG is creraNe.

4 2nS5054xal None Open(fmaed m None (VR relay LCS Survenuance None requeed None fa andes 14 Cme 2.7 (52.53) epen rautaan) cwcast in normal (refueleg outage) 10CFR 5034(z) DG configuration) avuese egention innperaNe. Redundus trameis operaNe if assocassed DG is er==Ne C$netwp6\fmeadgxt.wpd 5

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE. -

ITEM 8 DEVICE ID COMPf FAILLIE LOCALA METilODOF INIIDtEN. T UTECTS EDi REMARKS DEFEN MODE DEPENDENT DETECTION COMPENSA11NG DENCY ETTECTS PROVISIONS 3 21135054XAl None Close(failed at None CR ANN andIND erdy None reipared Nome Can I (42.43) close possuan) ifcoreact is closed by VR relay cunut in crerator error then oornal credig since 27135054XAl (21.22) senes centact wd!also open and 2HS5054XBI pnmde CRless 4 (42.43)is gen witage/out deperaham ANN and IND LCS Surveillance

(&Ing outage) 6 21155054XBI None Close(fasted in None CR ANNandIND Name reqinred None Case 1 (42.43) close posstson) only ofcoreact is closed VR relay circent se by operator errw then nonnelconSg since I 21135054XBI (21.22) eenes contact usu also gen and 2ftS5054XAl pnmde CR loss of (42.43)is cpen vahagew ofereratsen ANN and IND.

LCS Survedlance (refuebng outage) 7 21tS5054XAl a Cleme(failed en None CR ANN arad IND None reqtured None Case I (52.51) Close powuan) erdy ifcereact is closed Vit relay curant in

! by crerster errw them mannel config ersce 21155054XAl (21.22) series contact will also open and 21155054XBI pnmde CR loss of (52.53)is open voltage'eut orgerauen ANN and IND.

IIS Surveillance (refinelmg outage)

Cdnetwp6Vmeadgxt.wpd 6

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE.

EtETilOD OF INIIERENT EFITCTS ED' REMARES TITais DEVICE ID COMP' FAILURE IDCAL &

DEPEN Ef0DE DEPENDENT DETECTION COitFEmTTNG DENCY EJTECTS FROVISK)NS CR ANNandIND None requwed None Case I 3 21IS5054XBI None Close (failed a None cbwe pasason) only ifceenacs is domed VR relay cuant a (52,53) by opernkr error tlwn normal configunce 2HS5054XBI (21.22) eenes certact wdl also cren and 21IS5054XAl pimJe CR loss of (52.53) e qwit wdtage' cut oroperation AN3 and INTA LCS Survedlance (refueleng outage)

ICS Survedlance None requecd None Case 6 9 21IS5054XAl None Short None (refueleg outage VR relay cuand a (42,43) normalcon6g mace senes cormaa 21tS5054XBI (42.43)is gen l

105 Surveillance None requwed Ncne Case 6 10 21IS$054XBI Noe Short Nenr (refueleg outage) VR relay cuant in (42,43) l nmnal config since j senes carnact 21IS3054XAl (42.43)is open Short None LCS Survedlance None requeed Nee Case 6 iI 25tS$054XAl None (refucisig outage) VR selsv cuent a

(' U3) normal config sace senes cet 21155054XBI

($2.53)iscren 105 Serveillance None repred None Case 6 12 21tS5054XBI None Short None (refuelmg cutage) VR relay cremt sa (52,53) swnnelconfg since senes contad 21155054*MI (12.53)e open C:\n-twp6\fmeadgxt.wpd 7

1 t .

l FAILURE MODES & EFFECTS ANALYSIS -

r i

DG X-TIE; DCP7048.00SE.

INifERENT EFFECTS Ery RLAIARKS ITElf* DEVICE ID C OifP/ FA111TRE IDCALA AIET110D OF Ef0DE I,EPENDENT - DETECTION CO%fPENSATING DFPEN ~

DENCY EITECTS PROVISIONS None required None Case 3 13 2ItS5054XAl None Ground Nane CRA%J VR relay poner (42,43) supply is 125VDC unrAd.

None required Nerm Case 3 21155054XBI None Ground None CR ANN 14 VR relay power (42,43) surply is 125VDC

- ,, -2 None required None Case 3 15 2ftS5054XAl Ncne d'sround None CR ANN VR relay piwer (52,53) supply is 125VDC ungeunded.

CR ANN None requ-td None Case 3 16 211S5054XB1 None Grourmi None VR relay pe+er (52,53) supply es 125VDC ungrourmied l

CR ANN andINDenly None required N.ne Tie lveaker Tnp cit.

17 2flS5054XAI None Open(failed in None ifIIS is placed by an Tie breater trip cL1 ftems 87through 24 ED (1I,12) epen position) cperator an the 50.54X in nonnsi confg as 30216 position parallel cnramct (ED 30328 shows band frtwa 2flS$054XBI switch " ..:m.a.:)

(11,12)is c+ned Case 1,7 If5 Surveillance (refucing outage)

OR AFN and IND only None required None Case I,7 I8 211S5054XBI None open(failed in None open position) ifIIS is placed by an Tie breaker trip ckt ,

(11,12) operator in the 50.54X in normal confg as positaan parallel caract from 21155054XAI IIS Surveillance (l1,12)is closed (refuelmg outage)

C:\netwp6\fmeadgxt.wpu 8

~

I FAILURE MODES & EFFECTS ANALYSIS .

D( X-TIE; DCP7048.00SE.

J IDCAL & METHOD OF INilER.ENT EFTECTS ED' REMARKS ITEM

  • DEVICE ID COMP / FAllfRE DEPEN MODE DEPENDENT DETECTION COMPEMATING DENCY EFFECTS PROVISIONS ICS Surveillance None required 10CFR 50.54(x) DG Case 2 19 2HS5054XAI None che(fadedin None (II,12) close posihan) (refuelmg outage) Tk breaker control cronstie crerstum crcuit in normal moperaNe. Redundsne con 6gurabon tramis cperable if associated DG is operaNe.

None requred 10CFR 50 5'4 % Cage 2 20 211S3054XB1 None Close (failed in  ? w LCS Surveillance (11,12) close pouhan) (refiseleg autage) Tie breaker control crosstie cesa6% g crcuit in normal awperable. Redt-cosignatwn. trainis M%.

assocssted DG is operaNe.

LCS Survedlance None requaed 10CTR 50.54(x) DG Case 6 21 211S5054XAl None Short None (refueleg outage) Tie Iveaker control ausstie opershon III,12) circuss in normal ineperaNc. Redundarit con 6guratxn ;l rain is operaNe if I

associated DG is operaNe.

LCS Surveillance None required 10CFR 5034(m) DG Cane 6 22 211S5054XB1 None Short None (refuelms cutage) Tie breaker cantrol aossaie operanon (I1.12) emperaNe. Redundard cucus in nmnal con 6guratun tram is operaNe if associated DG is operaNe.

None CR ANN None requaed Norm Case 3 23 211S5054XA1 None Ground (11,12) Tie breaker tnp cLt pm supply is 125VDC ungounded.

None CR ANN Nonc requ red Ncce Case 3 24 111S5054XBI None Ground Tie breakerinp ckt (11.12) pcmer supply as 125VDC w.n, =

C:\netwp6\fmeadgxt.wpd 9

4 '

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE. ~

ITEAfe DEUCE ID COtfP/ FA!1L'RE IDCALA KfETilOD OF INIIERINT EFFECTS ED' RElfARKS DEFEN 110DE DEPENDENT DETECTION COSfPENSATING DENCY EFFECTS PROVISIONS 25 21IS5054XAI None open(failed in None CR ANN and IND enly Nme required Nee DG tecaker Tnp Ckt ihns (31.32) open posnion) ifIls is placed by an DG Ieenker trip cLt 25 Geough 32 E/D 30323 operator in the 50 54X in normal config as (llan&wita a.4.,-. .; FA) position. parallel corsat 3032*)

211S5054XDI Casel,7 IIS Survei!!ance (31,32)is cloecd (refueleg castage) 26 21155054XBI None Open(failed in None CR ANN andINDonly None reqdoired None Case 1.7 (31,32) open position) ifIls is placed by an DG breaker tnp cLt p in the 50.54X in normal config as poniuon. parallel certad 211S5054XAl IIS SurveJiance (31,32)is clowd (refucimg outage) 27 211S5054XAl None Close (failed in None Ifs Su ve:11ance None requeed 10CFR 50.54(x) DG Case 2 (31.32) Close position) (refuelmg castage) DG breaker trip ckt crosstic operation in normal config moperable. Redundard train is operable if associated DG is operable.

28 211S5054XBI None Close (failed in None 1f5 Surves!!ance None required 10CFR 50.54(x)DG Case 2 (31,32) close position) (refuelmg outage) DG breakerinp cLt crosstic operation in nonnal config snoperable. Redundant tram is quable if assotsted DG is

  • Perable.

29 2IIS5054XAI None Short None IIS Surveillance None required IOCFR 50.54(x) DG Case 6 (31,32) (refbeling outage) DG breaker cLt in crosaie operation normal config. nioperable. Redundant tram is operable if associmied DG is operable.

C:\netwp6\fmeadgxt.wpd 10

s m

FAILURE MODES & EFFECTS ANALYS'.S DG X-TIE; DCP7048.00SE.

ITEM 8 DEVICE ID COMP / FAILURE LOCAL & METIlOD OF INHERENT EITECT3 ED' REMARKS DEPEN MODE DEPENDENT DFTECTION COMPENSATING DENCY EFFECTS PROVISIONS 30 2IIS5054XBI None Stunt None LCS Surveillance None required 10CFR 50 54(v)DG Case 6 (3I 32) (refueling outage) DG teraler cLt in croanic opwstaan normalconfig moperaNc_ Redundard tramis operable if asociated DG is operable, 31 2HS5054XAl None bround None CR ANN None required None Case 3 (31,32) DG breaker tnp ckt power supray is .

125V DC a, _La 32 211S5054XD1 None Ground None CR ANN None required None Case 3 (31.32) DG breakerinp ckt power supply is 125V DC wr, Ad 33 211S5054XAl None Open (failed in None( DG droop IIS Surveillance None required 10CFR 5034(x) DG DG droop ckt.

(62,63 or open position) cwcun in rFWmal (refueIntg outage) creadie operation Items 33 throuugh 40.

66,67) configuration). moperable. Redundard FO 30343, (30328 shows train is operable if band swna anwA associated DG is operable. Case 2,7 34 211S50 4XBI None Open(failed in None ( DG droop LCS Surveinance None require:S 10CFR 5034(x)DG Case 2,7 (62,63 er open positmn) circuit in normal (refuelmg outage) crosstie operation 66.67) configuration). anoperable. Redundare train is operable if a=ocimd DG is W

C:\netwp6\fmeadgxt.wpd 1I

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE.

ITEMS DEVICE ID COMPT FAI11'RE IDCAL A MET 110D OF INitERENT EFTECTS EDv REMARKS DEFEN MODE DEPENDENT DETECTION COMPCNSATINO DENCY EFFECTS I1tOVISIONS 35 2ftS$054XAl None Close (faded in None CR ANN and IND only None requeed Name Case I (62.63 or close positim) ifcontact is ckmed try DG droop cucuit in 66,67) cperator error then normalcor6g since 2HS5054XAI (21,22) series contact mill also open and 211S3054XB1 provide CR loss of (62,63 er 66,67)is voltage /out c(operation c:- m.

ANN and IND.

LCS Survei!!ance (refueleg outage) 36 21tS5054XBI None Close (failed in None CR ANN andIND None required None Case 1 (62,63 or close position) only if cornact is closed DG droop circuit in 66,67) by operator error then norrnal con 6g susce 211S5054XBI (21.22) series contact mill also open and 211S5054XAl provide CR loss of (62,63 or 66.67)is voltage /out of eperation open ANN and IND.

ifs Surveillance (refueling outage) 37 211S5054XAl None Short None irs Survedlance None required None Case 6 (62,63 or (refueling cutage DG drmy circuit in 66,67) normal config since series contact 21155054XBI (62,63 or 66,67)is ePc1 38 211S5054XBI None Sirrt None IIS Surmhnce None required None Case 6 (62,63 or (refuelmg outage) . DG drmy circuit in 56,67) rrrmal config since series ccewact 211S$054XAl (62,63 or 66.67)is C:\netwp6\fmeadgxt.wpd 12

4 -l..

FAILURE MODES & EFFECTS ANALYSIS DG X-TIE; DCP7048.00SE.:

  • ITEM # DEVICE ID . COMPf FAI11'RE IDCAL & METHODOF ' LNEERENT Ef7ECI3 ' ED' REMARKS DEFEN MODE DEPENDENT DETECTION COMPENSATING DENCY ElTECTS f ROVLSIONS ^

1 ~

39 2HS5054XAl None 6round None CR ANN onlyifcentact None regured None Case 3 (62,63 or - is grounded as the ..

DO droop skt

^

66,67) ' enersedlesortheUS - roast surely k consact. 125VDC engrounded 40 . 2HS5054XBl . None - Ground None CR ANNeelyifcarnact None requerd None Cane 3 (62.63 or is grounded at the DO droop ckt power .

66,67) . ' energized leg of the IIS supplyis 125VDC

~ w 4

e C:\netwp6\fmeadgxt.wpd -13 --

i i

9

-4 _

- . . o g . , _ -g.

Retrieved from "https://kanterella.com/w/index.php?title=ML20199H062&oldid=2998372"