ML20205F440
| ML20205F440 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 10/31/1985 |
| From: | Fresco A, Papazoglou I, Youngblood R BROOKHAVEN NATIONAL LABORATORY |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| CON-FIN-A-3702 BNL-NUREG-51876, NUREG-CR-4228, NUDOCS 8511120038 | |
| Download: ML20205F440 (95) | |
Text
.
NUREG/CR-4228 BNL-NUREG-51876 Review of the Vogtle Units 1 and 2 Auxiliary Feedwater System Reliability Analysis 4
1 Prepared by A. Fresco, R. Youngblood, l. A. Papazoglou Brookhaven National Laboratory Prep: red for U.S. Nuclear Regulatory Commission l
No$jp4 C
4 PDR
NOTICE This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government not any agency thereof, or any of their employees, makes any warranty, expressed or imphed, or assumes any legal liabihty of re-spnnsibihty for any third party's use, or the results of such use, of any infctmation, apparatus, product or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights.
NOTICE Availabihty of Reference Materials Cited in NRC Publications Most documents cited in N RC pubhcations will be available from one of the following sources-1.
The NRC Pubhc Document Room,1717 H Street N.W.
Washington, DC 20555
- 2. The Superintendent of Documents, U.S. Government Printing Oltice Pmt Of f we Box 37082, Washington, DC 20013-7082 3.
The National Technical information Service, Springfield, VA 22161 Although the hsting that follows represents the majority of documents cited in NRC oubhcations.
it is not intended to be exhaustive.
Referenced documents available br inspection and copying for a fee from the NRC Pubhc Docu ment Room include NRC correspondence and internal N RC memoranda; NRC Office of Inspection and Enforcement bulletins, circulars, information notices, inspection and investigation notices; Licensee Event Reports; vendor reports and correspondence; Commission papers; and apphcant and licensee documents and correspondence.
The following documents in the NUREG series are available for purchase from the GPO Sales Program formal NRC staff and contractor reports, NRC sponsored conference proceedings, and NRC booklets and brochures. Also available are Regulatory Guides, N RC regulations in the Code of federal Regulations, and Nuclear Regulatory Commission issuances.
Documents available from the National Technical Information Service include NUREG series.
reports and technical reports prepared by other federal agencies and reports prepared by the Atomic Energy Commission, forerunner agency to the Nuclear Regulatory Commission.
Documents available from public and special technical hbraries include all open hterature items, such as books, journal and periodical articles, and transactions. FedIrral Register notices. federal and state legislation, and congressional reports can usually be obtained from these hbraries.
Documents such as theses, dissertations, foreign reports and translations, and non NRC conference proceedings are available for purchase from the organization sponsoring the pubhcation cited Single copies of NRC draf t reports are available free, to the extent of supply, upon written request to the Division of Technical Information and Document Control, U S. Nuclear Regulatory Com mission, Washington, DC 20555.
Copies of industry codes and standards used in a substantive manner in the NRC regulatory process are maintained at the NRC Library, 7920 Norfolk Avenue, Bethesda, Maryland, and are available there for reference use by the public. Codes and standards are usually copyrighted and may be purchased from the originating organization or, if they are American National Standards, from the American National Standards institute,1430 Broadway, New York, NY 10018.
-_-w__ _ - - _ - - -- - _
__--_w---
NUREG/CR-4228 BNL-NUREG-51876 4
Review of the Vogtle Units 1 and 2 Auxiliary Feedwater System Reliability Analysis
_ _ _ _ - _ - ~ - _
Manuscript Completed: August 1985 Data Published: October 1985 Prtpared by A. Fresco, R. Youngblood, l. A. Papazoglou Brookhaven National Laboratory Upton, NY 11973 Prrpered for Divi lon of Systems Integration Offica of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission W::hington, D.C. 20555 NRC FIN A3702
~
-iii-1 4
i ABSTRACT t'
This report ' presents the results of the review of the Auxiliary Feedwater System reliability analysis for-the Vogtle Electric Generating Plant (VEGP)
Units 1 and 2. -The objective of this report is to ' estimate the probability that the Auxiliary Feedwater System will fail to perform its mission for each of three different initiators: (1) loss of main-feedwater with of fsite power available, (2) loss of offsite-power, (3) loss of all ac power except vital
{
instrumentation and control 125-V dc/120-V ac power. The scope, methodology, and failure data are prescribed by NUREG-0611, Appendix III. The results are i
compared with those obtained in NUREG-0611 for other Westinghouse plants.
4 4
I i
i t
i; i
i s
n
)
y e
e,,
w -,,,, -, -,
--,,n-,.-
,,.e,-,n.-
-n
~. --
-v-TABLE OF CONTENTS 4
Page ABSTRACT...............................................................
iii L I S T OF F I GUR E S........................................................
vii L I S T OF TA B L E S......................................................... v i i i EXECUTIVE
SUMMARY
ix 1.
INTRODUCTION.......................................................
1 4
2.
SCOPE OF BNL REVIEW................................................
1 3.
MISSION SUCCESS CRITERIA...........................................
2
{
4.
SY ST EM D E SCR I PT IO N.................................................
2 1
'5.
EM E RGE NC Y OP E R AT I ON................................................
3 5.1 Loss of Ma i n Feedwate r - (LMFW ).................................
3 5.2 Los s o f O f f s i t e Powe r (L O OP )..................................
3
]
5.3 L os s o f Al l a c Powe r (LOAC )...................................
4 6.
TESTING............................................................
4 7.
SURVEILLANCE REQUIREMENTS..........................................
6 8.
OUTAGE LIMITATIONS AND MAINTENANCE.................................
6 8.1 Outage Limitations............................................
6 8.2 Maintenance...................................................
7 j
9.
RELIABILITY ANALYSIS...............................................
8 9.1. Qu a l i t a t i v e As pe ct s...........................................
8 9.1.1 Mode of System Initiation..............................
8 9.1.2 System Control Followi ng Initiation....................
9 9.1.3 Effects of Test and Maintenance Activities.............
10 9.1.4 Avail abili ty of Alternate Water Supplies...............
10 9.1.5 Adequacy and Separation of Power Sources...............
11 l
9.1.6 C ommo n M o de F a i l u r e s...................................-
12 9.1.7 Single Point Failures..................................
12 l
9.1. 8. Adequa cy of Eme rgency Procedures.......................
12 9.2-Quantitative Aspects..........................................
13 9.2.1 Applicant's Use of NRC-Suggested Methodology and Data..............................................
13 L
9.2.1.1 Fault Tree - Construction and Evaluation.........
13 i
9.2.1.2 Failure Data..................................
14 9.2.2 Ap pl i c a n t ' s R es u l t s....................................
14 9.2.2.1 System Unavailabilities.......................
14 9.2.2.2 Dominant Failure Modes and Conclusions.........
15 i
1-
-vi
'Page 9.2.3 BNL Assessment.........................................
15 9.2.3.1 Fault Trees...................................
15 9.2.3.2 Failure Data..................................
16 9.2.3.3 System Unava il abil i ti es.......................
18 9.2.3.4 Dominant Failure Modes........................
19 9.2.3.5 General Compa rison to Other Plants............
20 9.2.3.6 General Comments..............................
21 REFERENCES.............................................................
22
-vil-LIST OF FIGURES
- Figure-Title Page 1
AFWS (Simpl i fi ed Fl ow Diagram).......................
xi 1-AFWS (S impli fi ed Flow Diag ram).......................
23 2:
Unit 1 Auxiliary Feedwater/ Steam Generators Intake...
xii 2
Unit 1 Auxiliary-Feedwater/ Steam Generators Intake....
24 3
AFWS Simpl i fi ed Pi pi ng Layout........................
25
.4 AFWS Reliability Evaluation Methodology Flow Chart...
26 5
Un i t 1 A FWS B l oc k Di ag ram............................
27 6
' AFWS. Expa nded ' Bl ock Di ag ram..........................
28
=7 Unit 1 AFWS Fault Tree Model.........................
29 8
VEGP -AFWS Unavailability' Assessment Dominant Failure Modes - Case No.~1 - LMFW...................
62 9.
.VEGP AFWS Unavailability Assessment Dominant Fail ure Modes - Case No. 2 - LOOP...................
64 10 VEGP AFWS Unavailability Assessment Dominant
-Failure Modes - Case No. 3 - LOAC...................
66 i
a i
r i
l
.... _... ~ -.., -. -....
-viii-LIST OF TABLES Table Title Page 1
VEGP AFWS Conditional Availability Comparison to Other Plants Usi ng the Westi nghouse NSSS................... xiii 2
Unavailabilities of the VEGP AFWS, Comparison of Applicant's Results to BNL Assessment................
xiv 3
BNL Assumptions of VEGP NSSS Steam Generator Makeup Requi rements Based Upon FSAR In formation.............
67 4
AFWS Componen t Fa il u re Da ta............................
68 5
NRC-Supplied Data Used for Purposes of Conducting a Comparative Assessment of Existing AFWS Designs and Thei r Potenti al Rel i abi l i ti es........................
71 6
Nomenclature Scheme for Fault Identifiers Added by BNL to the Applicant's Fault Tree....................
75 7
Comparison of Data Assumptions.........................
'76 8
VEGP AFWS Unavailability Sensitivity Comparison........
79 r
I l
4 9
o
-ix-EXECUTIVE
SUMMARY
Af ter the accident at Three Mile Island, a study was performed of the reliability of the auxiliary feedwater system (AFWS) of each plant then oper-ating with NSSS designed (gy Westinghouse.
The results 9 AttherequestoftheNRC,t{)thatstudywere presented in NUREG-0611 l
Georgia Power Corporation, an operating license applicant, has mad 9 q study of the Vogtle Electric Generating Plant (VEGP) Units 1 and 2 AFWS,13; performed using NUREG-0611 as a guideline. BNL has reviewed this study, and its conclusions are as follows (High, Medium, and Low refer to the NUREG-0611 reliability scale).
1.
For an accident resulting in a loss of main feedwater (LMFW with off-site power available) the reliability of the AFWS is in the High range (un-availability = 2.2E-5/ demand).
2.
For a loss of offsite power (LOOP) resulting in a concurrent loss of main feedwater (LMFW), the reliability of the AFWS is on the borderline of the High range (unavailability = 1.0E-4/ demand).
3.
For a loss of all ac power (LOAC), except for the 125-V dc/120-V ac vital instrumentation and control power systems, resulting in a concurrent loss of main feedwater (LMFW), the reliability of the AFWS is in the Medium range (unavailability = 3.2E-?/d_ emend).
A comparison of the VEGP AFWS reliability to other AFWS designs in plants using the Westinghouse NSSS is shown in Table 1.
The specific quantitative comparison between the applicant's results and those obtained by BNL is shown in Table 2.
The BNL results are based on the unavailabilities shown in Table 8 of this report. for Case C with Multiple Errors Assumed.
This evaluation incorporates certain fairly conservative assumptions which were made for lack of information. These are discussed in Section 9.2.3.
It is likely that additional information would reduce the uravail-ability estimates quoted above.
General Comparison to Other Plants The Vogtle AFWS design is similar to that of many other plants in that it consists nf two motor-driven pumps and a third pump which is steam turbine driven.
It does have several notable features such as two redundant safety-class condensate storage tanks each having sufficient capacity for an extended cooldown and satisfaction of the design basis requirements.
Transfer to the standby tank must be done manually. Another feature is the provision of a third, independent train of de power for the Turbine-Driven Pump (TDP) and its associated motor-operated valves, designated as 125-V dc Train C power.
In this manner, failure of either dc Train A or Train B f ails only one of the Motor-Driven Pumps (MDPs), not an MDP and the TDP simultaneously.
-x-Also, since the-motor-operated throttle valves on the TDP discharge lines to the Steam Generators (SGs) are de-powered by Train C, SG level control can be maintained' by the operator from the control room even during a LOAC transient.
The location of the test recirculation lines very close to the SG intakes allows verification by pump testing of the position of all valves on the pumps' discharge lines, except for the manually operated stop check valves on the inlet lines to each SG (113,114,115,116).
The MDP headers are joined together by two nonnally closed manual valves 055 and 056. By opening both of these valves, either MDP can be used to feed all four steam generators.
This feature is also available in several other AFWS designs.
Finally, the provision of the stop check valves 113, 114, 115, and 116 in the SG intake lines is unusual. Although, as mentioned previously, as the potential for human error blocking all AFW flow to an entire steam generator increases, the valv's may provide an additional safety margin in preventing e
the back-leakage of steam into the AFW lines.
General Comments The Vogtle AFWS is in general a very well-designed system. The pro-visions for pump testing allow for nearly complete verification of the valve positions on the pump's discharge, the exception being the steam generator intake lines themselves.
The inadvertent closure of the manually operated stop check valves on the intake lines does, however, have a significant effect on the unavailability analysis. This effect is substantially reduced if the valves have control room position indication or if the operator can credibly recognize the problem and take appropriate actions outside the Control Room within the 30 minutes allowable action time.
The actual procedure for and the sequencing of pump testing was not clearly explained in the applicant's analysis.
It is not clear how many of the recirculation bypass line valves to_the Condensate System are simul-taneously opened during the testing of any one pump.
Presumably, the re-circulation line valves for the two steam generators supplied by each MDP and the four valves for the four steam generators supplied by the TDP are opened simultaneously.
..-.m.._.. _ _. _ _
_.....__._..m.
_..__m.-
(y.
2nrg 006
@)
+
&O 4**
MAIN STE Au $v11g u 40 M
[t]
Mimou STE Au GthER ATON F l
We mis 007 TRIPAmo 1P4 3 0 itenOTTLE GOVs AssemG watwa watyg Cfht A 4
gg j
etNTAmt I
C$f
$106, av sv g
/
g,g 7"/
gg t8 M-8 I O
to TO st g au e,
ENERATOR
/
I0 S122 020 014 015
" ~ ' " '
40 LO g;
g,,
t9 7 ~
O LO, TO $Y g au e-CEhtnATOR e'
j j Oli
$17%
023 gigg,,g to 7
3 fg
/k
TO $TE Au 08 0 N
hI N
GtmenATOR M7 N
On StiF 026 N
CST gg, g y,
384TAsf 3
=>
x m,
$15e
[to LO 5113 06 t (1)
W W
'l 3 111-p LO tc gow x
a a..
-s 053 c as seu oeo (11 4
LO LO 5110 06:
N te][as.
- 2
~
'a.
y' c
N s:
col em 003 (1) CHECK VALVE g
to 4
go, FL APPE H HAS 4-h BCEN REMOVf D q
gig 046 SIM 046 Sett est (il s,pg a m
><3 LO 2 tit' Figure 1 v0GTLE AFWS F LECTRIC CENER ATING PLANT Georg. Power ia UNIT uNo our 2 s
-xii-3a
%a 2'3 2$'
\\
x s-s-
ww 0,
bx ae
},, !
L,_ _ __ _ _ _ _ _ l j,, Isk,__ _ _ __ _ _ _ _ l e;~
J
- 3r e-fl
- 3r a lf l m
m i
- ~l
- _JL I
- _J JL I.
1l I
al
?
T 6M I
s -
m s
i 4
r 30 o
e IT::
!l I :
s me l
< <2
-t':s l
>=
-c w
I :e
=2
=2
,r :
aw x
T 1r i:
ir
-z o
INN!!
i I
Ni!
b' h
t I
- ~
x
_ _I l ;
\\_
_I l
i, ~<
e
-Ek_ k__!l s
__J l
l ih EU l
E E
se eM u.
_J r_
r_
~
r I
8 8
l I
y v
I e
v y
I I
7
=
1 7
=
1 t_
i________J t_
l________J 5
s s
3
=
,s=
,=
a l
I a
- i
)
- i
%n xe
/
/
2 2 w3 0O O2 w@4 a
Uw-u_
33
%a es:
3 y :-
Oa2
>ma 2:
e, c-__--__
3 g
g o, r_______l I
.I
- 3 r 9-
- 1r 1rI
- l rl c.;
e 3
- -1 aJLl ll s
sL at i ;
a.
g
.l p
s I :
.l i
W D
.c_
N d[
h e
6 3 l
<3 37; l
lr q,.
1r, l
e o
E f
Ia i
i, =
-l l
_l l l
_l l j h_
l l
I i
5 Ii s
E 5
__a l
,__a l
r_
t I
s 1
8 x
I v
i y
v i
2 v
e l
l 7
5 l
7 I
t_
_________J t_
i________J x
s I
,a i
l
- - )
as 3
7
/
/
e
Table 1 VEGP AFdS Conditional Availability Corparison(*)
to Oth2r Plants Using ths W stinghouse NSSS TRANSIENT EVE NTS LMFW L Mf WItOOP L MF Wit OAC PLANTS LOW MED' HIGH PL AN T S LOW.
MED HIGH PLANTS LOW MED HIGH GH WE STINGHOUSE WESimCHOUSE WESTINGHOUSE
- I H AOD AM NECK e
HADO AM NECK HADDAM NECK di SAN ONOFRE e
SAN ONOFRE e
SAN ONOFRE q> - - -HD PR AtRIE ISL AND ti PR AIRtE ISL AND e
PRAIRIE ISL A ND a
SALEM
<>- 4
- SAL E M
<>-Is SAL E M ti 2 ION -
G 240N D
ZION O
V ANKEE ROWE e
yANKE E ROWE D
YANKEE ROWE t>
T RO JA N e
T ROJAN e
T ROJAN O
skDe AN POINT t
INOf AN POINT e
sNDIAN POINT 4>
K E W ANE E e
NEW ANEE e
NEWANEE 3
H 8. ROSINSON O
H 8. ROSINSON O
H 8 ROSINSON 1
BE AVER VALLEM, BE AVER V ALLE Y e
SE AVER VALLEY e
f t>
cmNA e
GmNA e
Gm4A O
POINT BE ACH e
POINT BE ACH e
POINT BE ACH e COOK e
COOK e
COOK O
t TURKEY POINT e
TURKEY PosNT e
TURKEY POINT 4i FARLEY e
FARLEY e
FARLEY ti SU R R Y e
SURRY e
SURRY NORTH ANNA e
NORTH ANN A 4
NORTH ANNA e
i voGTLE Q
VOGTLE ll VOCTLE A.~l t-ORDF R OF MAGNtTUDE IN UNAVAIL ABILITV REPRESE NTED IOW 3
- INCRE AssesG AVAILA88tITV.
@ Applicant's results i
e THE SCAT t soR THrS E vENr eS NOT THE SAME AS THAT rOR THE tun ^NO ium m w l
$ BNL assessment a
1
-xiv-Table 2 Unavailabilities of the VEGP AFWS, Comparison of Applicant's Results to BNL Assessment Transient Applicant's Results BNL Assessment 1.
LMFW 6.3E-6 2.2E-5 2.
LOOP 2.6E-5 1.0E-4 3.
LOAC 1.0E-2 3.2E-2
-_ - 1.
INTRODUCTION This report is a review by Brookhaven National Laboratory (BNL) of the Vogtle Electric Generating Plant (VEGP) Final Safety Analysis Report (FSAR)
Appendix 10A, entitled "VEGP Auxiliary Feedwater System Availability An-(3) alysis," prepared by Bechtel Corporation for Georgia Power Corporation.
After the accident at Three Mile Island, a study was performed of the Auxiliary Feedwater Systems (AFWS) of all the then-operating plants. The re-sults obtainN for operating Westinghouse-designed plants were presented in NUREG-0611. W At that time, the objective was to compare AFWS designs; ac-cordingly, generic failure probabilities were used in the analysis, rather j.
than plant-specific data.
Some of these generic data were presented in I
NUREG-0611. - The probability that the AFWS would fail to perform its mission on demand was estimated for three initiating events:
I (a) loss of main feedwater (LMFW) without loss of offsite power; (b) loss of main feedwater associated with loss of offsite power (LOOP);
(c) loss of main feedwater associated with loss of offsite and onsite ac (LOAC).
i j
Since then, each applicant for an operating license has been required to submitareliabil}i1y analysis of the plant's AFWS, similar to that in the i
NUREG-0611 study.
A quantitative criterion for AFWS reliability has been defined by the NRG in the current Standard Review Plan (SRP) for Auxiliary l
Feedwater Systemsl )-
4
"... An accep range of 10 gable AFWS should have an unreliability in the to 10-5 per demand based on an analysis using methods and data presented in NUREG-0611 and NUREG-0635. Compensating factors such as other methods of accomplishing the safety functions of the AFWS or other reliable methods for cooling the reactor core during abnormal conditions may be considered to justify a larger j
unavailability of the AFWS."
2.
_S_ COPE OF BNL REVIEW The BNL review has been conducted in accordance data, and scope found in Appendix III in NUREG-0611.(w{lth the methooology, l
It has two major objectives:
(a) to evaluate the applicant's reliability analysis of the AFWS; (b) to provide an independent assessment, to the extent practical, of the _ AFWS unavailability.
i I
,. Unavailability as used in this report has been defined as the "probabil-ity that the AFWS will not perform its mission on demand." The term unavail-ability is used interchangeably with unreliability. Specific goals of this review are then:
(a) to compare the applicant's AFWS to the operating plants studied in NUREG-0611 by following the methodology of the latter as closely as possible; (b) :to evaluate the applicant's AFWS with respect to the reliability goal set forth in SRP 10.4 4,to 10-5 9
i.e., that the unreliability of the AFWS is in the range of 10-per demand, using the above methodology.
i The NOREG-0611 methodology and the BNL review specifically exclude ex-ternally caused common mode failures such as earthquakes, tornados, floods, etc., and internal failures caused by pipe ruptures, i
3.
MISSION SUCCESS CRITERIA.
il l
According to Reference 3, the AFWS is composed of three mechanical trains which serve the four steam generators at a given unit.
The steam generators have been analyzed to require 510 gal / min.of flow under the most severe acci-1 dent conditions.. Each motor-driven pump of trains A and B has a capacity of l
630 gal / min and provides more than 100% of the required auxiliary feedwater flow. Train. A provides feedwater.to steam generators 1 and 4, and train B j
provides feedwater to steam generators 2 and 3.
The-(steam) turbine-driven j
pump of train C has a capacity of 1300 gal / min and provides more than 200% of 1
the required auxiliary feedwater flow. The turbine-driven pump provides feed-water to all four steam generators.
Furthennore, as outlined by the PRC eval-uation of AFWSs (NUREG-0611), the AFWS must actuate within the time it takes 2
for the steam generators to boil dry when no flow is provided to the steam j
generators. At VEGP, the boiloff time (a'nd therefore the limit on the AFWS l
actuation time) is approximately 30 min..as stated in Reference 3.
l In addition, FSAR Subject 10.4.9.2.1 states that normal flow is from the CST to the auxiliary feedwater pumps. The design of the CST provides for cold shutdown capability for a period of 9 h: 4 h at hot standby, followed by a 5-h i
cooldown period.
Table 3 of this report provides the nuclear steam supply system (NSSS) required makeup rates to the steam generators for the specific transients within the-scope of this ' review.
Initially, sensible heat is re-moved from the RCS to reduce the temperature from a full-power operation j
average temperature of 588'F to a' nominal hot standby temperature of 500*F.
j Subsequently, to bring the reactor down to 350'F at 50 F/h, an initial makeup rate of 500 gal / min is required.
l 4.
SYSTEM DESCRIPTION i
The BNL review of the AFWS reliability is based on the system as described in' the.VEGP FSAR Sections 10.4.9 and 10A currently on file in BNL's l
j 4
Nuclear Safety Library.
The simplified AFWS flow diagrams, fault trees, and other drawings from Section 10A have been included in this report for convenience (see Figures 1 to 7 of this report).
All figures and tables will be referred to by the present numbering scheme, e.g., Table 1 of this report, which is FSAR Table 10A-5, will be called simply Table 1.
5.
EMERGENCY OPERATION For the discussions below, refer to Figures 1 and 2.
5.1 Loss of Main Feedwater (LMFW)
Offsite power is available and the two motor-driven pumps (MDPs) start automatically upon trip of both Main Feedwater (MFW) pumps or low-low level in any one steam generator. Automatic actuation also occurs upon a Safety injec-tion signal. The turbine-driven pump starts automatically upon low-low level in any two steam generators by the opening of the dc Train C motor-operated steam admission valve 5106 Unless the normally aligned Condensate Storage Tank 091 contains an inadequate supply of water and pump suction has not already been aligned to the standby CST 002, no other closed valves need to be opened either manually or automatically to initiate auxiliary feedwater flow.
Transfer to the alternate CST 002 must be done manually, either from the Control Room or locally, by opening the motor-operated valves 5113, 5118 and 5119. The operator can remotely manipulate the position of the AFW flow con-trol valves (5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139) to control steam generator level.
This can also be done locally at the valves. Upon reaching pump a flow rate of 100 gal / min or greater, the motor-operated iso-lation valves in the recirculation miniflow lines of each MDP are automatical-ly isolated so that no recirt.ulr ion flow occurs during most of AFWS opera-tion, except for the continuous t ecirculation flow of the TDP.
If the motor-operated valves in the miniflow lines of trains A and 8 fail to close, there is still sufficient flow to the steam generators because of the presence of a flow-limiting orifice to the miniflow lines.
5.2 Loss of Offsite Power (LOOP)
In this case, with no offsite power available, the MDPs can be started only after receiving an automatic signal from the diesel generators sequencing logic. The TDP is automatically started upon LOOP. The Reactor Ccolant Pumps are not powered and thus cooldown of the reactor core is by natural circula-tion. For lack of information in the applicant's FSAR and reliability anal-ysis, BNL has assumed that the required flow rate is 510 gal / min, the same as for the LMFW case. This still results in only one MDP being required.
All valve orientations and manipulations are the same as for the LMFW case, except that the steam admission valve, 5106, is automatically opened to start the TDP directly upon a LOOP signal.
Steam generator level control is again either remote from the Control Room or local manually.
i i
-4 I
5.3 Loss of All ac Power (LOAC) l Since both offsite and onsite power are unavailable, only the steam turbine-driven pump is available to supply AFW flow. All valves in the TDP i
train, including the flow control valves, are supplied with dc power which allows the operator complete control of the single TDP train from the Control f.
Room without the need for local manual actions except during c6mponent fail-j ures. All motor-operated valves in the TDP train are powered from a separate de train designated Train C which derives power from ac Train A with backup power provided by batteries. Therefore, Train C dc power can be assumed to be independent of Train A de power because it is backed by dedicated batteries 1
1 which would become the sole power source for the LOAC condition.
Since the LOAC condition includes.a blackout sequence signal, the TDP is i
aute:aatically actuated upon LOOP by opening the steam supply valve 5106.
For i
the reasons explained above, BNL has assumed that the required flow rate is 510 gal / min. Again, the Reactor Coolant Pumps are not powered, and thus cool-down of the reactor core is by natural circulation.
Steam generator level control is performed manually either from the Control Room or locally at the valves.
6.
TESTING The applicant has based his analysis with regard to testing on the fol-lowing information taken from FSAR Appendix 10A. As of the date of the ap-plicant's evaluation, the Technical Specifications, operating procedures, maintenance procedures, and testing procedures applicable to the VEGP AFWS were not written. Thus, in order to model and analyze the contribution of hu-i man error, testing, and maintenance to the unreliability of the VEGP AFWS, re-levant generic documents were used.
1 The Technical Specifications yptd were extracted from the Westinghouse Standard Technical Specifications.P1 The most notable factors of these 2
preliminary Technical Specifications are (with respect to testing):
)
i a.
The testing frequency for AFWS pumps is once every 31 days.
j b.
The testing frequency of pumps and valves with automatic actuation is j
performed once every 18 months.
t j
c.
The testing frequency of each dc train is once every 7 days.
]
BNL interprets item b to mean that the automatic actuation signal of j
pumps and valves, not the pumps and valves themselves, is tested ~every 18
(
months. BNL also assumes that testing of the automatic actuation signals and j
the dc trains does not require *. hose components to be unavailable during the i
test..
In addition, according to Reference 3, the generic plant testing and maintenance procedures used in the AFWS reliability evaluation were a l
i I
{
1
.,,--y.-
,--,.---r,
..-~~:_,c-,
-i,--.
p,,w-,.
,. ww
,,3 14,,-..:---,w-+
-ry,-t"ter-~'
- synthesis of generic procedures.
These procedures are based on current industry practice, lessons learned from previous human reliability analysis, and the VEGP AFWS design capabilities.
Those procedures ralevant to testing are:
a.
The motor-operated valves in the discharge lines (5120, 5122, 5125, 5127, 5132, 5134, and 5137) are used to manuall) throttle AFWS flow and pressure during testing to keep AFWS flow from entering a steam generator, b.
The motor-operated valves in the discharge lines receive an automatic actuation signal to assume their full-open position even if they are being used for testing.
c.
The only valves requiring manual realignment for testing or flushing are the recirculation bypass valves (81, 82, 83, and 84).
d.
If a single recirculation bypass valve has not been closed, there is still sufficient flow to the steam generators due to the presence of a flow-limiting orifice in the recirculation line.
e.
The motor-operated valves from CST 002 (5113, 5118, and 5119) are manually controlled with no automatic sic,nals to close (if CST 002 is being used for testing or flushing of an AFWS train).
f.
Valve position after a test is checked by a single operation.
The pump testing procedure requires further discussion. According to Reference 3, the AFWS is designed to allow flushing or testing while the plant is operating with no effect on the main feedwater flow. Any train of the AFWS for testing or flushing is aligned such that suction is taken from a CST and the flow passes through the pump and discharge lines where the motor-operated valves in the discharge lines are used to throttle the flow and pressure.
The flow is then diverted away from the steam generators prior to the stop check valves by the manual opening of the bypass (recirculation) valves and dis-charged to the condensate system.
Each recirculation line is fitted with an orifice that limits the amount of flow diverted away from the steam genera-tors.
This ensures sufficient flow to the steam generators if the AFWS is required during flushing or testing. When not in use, the recirculation valves (81, 82, 83, and 84) remain closed. Also, upon receipt of any of the AFWS automatic actuation signals, the discharge (control) valves go to the full-open position if not already open. Although the applicant states that failure to close the recirculation valves after a test, or during a test in which the.AFWS is required, does not result in excessive flow diversion, it is not clear that this is true when only one MDP is available.
In particular, if i
either MDP has a capacity of 630 gal / min at steam generator pressure with the miniflow recirculation lines closed, a diversion of more than 120 gal / min through the test recirculation line would result in a flow rate below the required 510 gal / min LMFW (see Table 3). To see the effect of this, BNL has modeled failure to close the recirculation line valves as independent human errors coupled with testing of a single pump which can cause insufficient flow to the respective steam generator.
The net impact on the final results is, however, quite small.
7.
SURVEILLANCE REQUIREMENTS As explained in the preceding section, the Technical Specifications were extracted from the preliminary Westinghouse Standard Technical Specifications.
The most notable of them with respect to surveillance are:
a.
The verification frequency of the CSTs water volume is once every 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
b.
The verification frequency of valves in the flowpath is once every 31 days.
The table presenting the applicant's failure data in Reference 3, is in-cluded in this report as Table 4.
The above infonnation is used in conjunc-tion with the failure data for human acts and errors given in NUREG-0611, and appears in this report as Table 5.
From Table 4, it appears that the appli-cant has assumed operator errors for motor-operated valves only.
Pre-accident closure was given a 5x10-4 unavailability / demand which corresponds to the NUREG-0611 value for valves having control room position indication, which is typically the case for motor-operated valves. However, l
no pre-accident error was assumed for manual valves, which typically do not have such indication. BNL has assumed an error probability of 1x10-3/ demand of 5x10 gs whose position can be verified by the pump testing act and a value for valv i
/ demand for valves whose position can not be verified.
j I
Post-accident closure of motor-operated valves is given a failure prob-ability of 5x10-3/ demand, which is the NUREG-0611 value for a 30 min allow-able actuation time for a "Non-Dedicated" primary operator to actuate the AFWS.
This does not consider the probability of the backup control room operator taking the proper action.
In this case, the NUREG-0611 value for the overall estimated failure probability is 1x10-J, i.e., a 0.2 recovery f ac-tor, which is what has been assumed in the BNL analysis.
No unavailability l
due to post-accident closure of manual valves is assumed.
8.
OUTAGE LIMITATIONS AND MAINTENANCE 8.1 Outage Limitations
]
From the preliminary Westinghouse Technical Specifications, the limiting conditions of operation are:
a.
With one AFWS pump inoperable, the limiting condition of operation action time to hot standby is 78 hours9.027778e-4 days <br />0.0217 hours <br />1.289683e-4 weeks <br />2.9679e-5 months <br />.
b.
With two AFWS pumps inoperable, the limiting condition of operation i
action time to hot standby.is 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.
1 J
r-c. - With one or more steam generators inoperable, the limiting condition of operation action time is 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />.
d.
With less than 330,000 gal in the CSTs, the limiting condition for operation action time to hot shutdown is 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br />.
e.
With one 125-V de train inoperable, the.imiting condition for oper-ation action time to hot standby is 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.
The above requirements essentially define a maintenance policy which allows only one pump train or steam generator to be unavailable at one time because of maintenance. Any secondary t.navailability of a pump train or steam generator is assumed to be due to a failure discovered during testing of the remaining two pump trains.
It should be noted that testing by itself does not cause pump unavailability, only the failure to reclose the recirculation by-pass valve or reopen the throttled control valve to a steam generator. How-ever, it is assumed that testing of only one pump train at a time is allowed.
8.2 Maintenance The generic plant procedures contain the following items which pertain to maintenance:
a.
The performance of maintenance on a component requires that the com-ponent be manually isolated on both the upstream and downstream sides.
b.
The motor-operated valves in the miniflow lines of trains A and B (5154 and 5155) are subject to maintenance for calibration of the flow element actuation device in these valves.
The applicant has stated the required actions to perform component mainte-nance, i.e., the need for both upstream and downstream isolation. Maintenance has been assumed by the applicant for all pumps and valves, including check valves and manually operated check, gate, and butterfly valves, but not for the diesel generators.
Although the applicant references both NUREG-0611 and WASH-1400(6) as sources for maintenance unavailabilities, the data values for valves appear to be substantially lower than those given in the referenced sources.
In par-ticular, a comparison of the applicant's data with the sources is as follows:
Component in Maintenance Applicant's Data NUREG-0611/ WASH-1400 Check, stop check motor-operated valves, trip and throttle valve, speed governing valve 2.17x10-6 2.1x10-3 Manual gate valves and manual butterfly valves on pump suc-tion lines 7x10-8 2.1x10-3 Butterfly valves on CST discharge lines 4x10-7 2.1x10-3 Motor-and turbine-driven pumps 5.8x10-3 5.8x10-3 Diesel generators 0
6.4x10-3 125-V dc electric power 2.4x10-6
- Out of NUREG-0611 scope.
In the BNL analysis, the NUREG-0611/ WASH-1400 data were used. However, maintenance was assumed only for motor-operated valves. All other valve maintenance, with the exception of the maintenance on the stop check valves 017, 020, 023, 026, 037, 040, 043, and 046 on the pump discharge lines, was assumed to be zero.
The modeling of the fault trees and a complete comparison of the data as-sumptions are discussed in detail in Section 9.2 of this report.
9.
RELIABILITY ANALYSIS 9.1 Qualitative Aspects 9.1.1 Mode of System Initiation 1.
LMFW - As stated above in Section 5, both MDPs start automatically upon loss of both MFW pumps or upon low-low level in any one steam generator.
Should the MDPs fail to start, the TDP will start automatically upon low-low level in any two steam generators.
All three pumps can be manually started by the operator either from the Control Room or locally.
Therefore, the appli-cant complies with Recommendation GL-1 of NUREG-0611 that AFWS flow be initiated automatically using safety grade equipment and that manual start serve as a backup to automatic AFWS initiation.
2.
LOOP - Both MDPs are automatically initiated by the diesel-generator sequencing logic once power is received from the diesel generators. The TDP is also automatically initiated by opening dc-operated valve 5106 by means of i
i l
9-125-V dc Train C power provided either by the 120-V ac power of the Train A diesel-generator through the inverters 'or by the dedicated battery backup power. All three pumps can again be started manually by the operator eithe'r from the Control Room or locally.
Therefore, the applicant still complies with recommendation GL-1 mentioned above.
3.
LOAC - In this case, only the TDP is available. Since LOOP is im-plied, the TTP is again automatically initiated by opening valve 5106.
The pump is normally aligned to CST 001.
If the standby CST 002.must be used as the suction source, valve 5113 is powered by dc Train C and can be opened manually either from the Control Room or locally, although such alignment is normally perfonned prior to the transient.
The TDP can also be initiated manually either from the Control Room or locally in this case.
Therefore, the I
applicant complies with Recommendation GL-3 of NUREG-0611 which states that at least one AFW pump and its associated flow path and essential instrumentation
~
should automatically initiate AFW system flow and be capable of being operated independently of any ac power source for.at-least two hours.
9.1.2 System Control Following Initiation A,
According to Reference 3, the AFWS is aligned to be placed in service automatically in the event of a demand.
Following the receipt of a safety injection signal, a two-out-of-four low-low steam generator water level signal from any one steam generator, a trip signal from both main feedwater pumps, or a loss-of-offsite-power signal, the auxiliary feedwater discharge valves go to the full-open position if not already open and the two motor-driven auxiliary feedwater pumps are actuated and begin to deliver flow from the online CST to 4
the steam generators.
Once flow has been established, the motor-operated valves in the miniflow lines close automatically.
The turbine-driven pump is actuated automatically on two-out-of-four low-low water level in any two steam generators or on a loss-of-offsite-power signal. To' actuate the turbine-
)
driven pump, the nonnally closed dc motor-operated valve (5106) in the steam supply line to the turbine is opened automatically.
The speed-governing valve and the trip / throttle valve, which are in the same line as the steam inlet valve, are automatically controlled by the speed governor on the turbine-driven pump.
Following a transient or accident, the minimum flow is delivered l
to at least two effective steam generators within 1 min of an automatic auxiliary feedwater actuation signal. Once the system has been ' actuated, the operator can remotely manipulate the auxiliary feedwater control valves in order to control the steam generator water level.
For normal operation, the AFWS is used to fill and/or maintain the water -
level in the steam generators during startup, shutdown, and hot standby con-ditions. The AFWS may be actuated and controlled manually during normal oper-ation or abnormal conditions.
The motor-operated valves in the miniflow lines of mechanical trains A and B (5155 and 5154) can only be actuated automatical-ly. ~ Although not shown on Figure 1, safety-grade flow meters with both Con-
~
trol Room and remote shutdown rianel indication and instrument channels powered from emergency buses have been orovided to indicate flow to each steam gen-erator. This appears to satisfy the requirements of Additional Snort Term
. Recommendation 5.3.3 of NUREG-0611.
4 i
i
...r rs
-y
.y
y j
f
q
% For the specific.csses covered by this review, system control is as fol-lows:
1.
LMFW - Steam generator level control is maintained by the operator manually modulating the motor-operated flow control valves in the pump discharge lines to each of the four steam generators (M0Vs 5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139).
If suction must be transferred from the primary condensate storage tank CST 001 to the standby tank CST 002, the normally closed MOVs 5113, 5118, and 5119 can be manually opened either from the Control Room or locally.
There' is no automatic pump trip on low suction pressure. The r.dni, flow lines around the MDPs are automatically isolated when pump flow is above;100 gal / min while the miniflow line around the TDP operates continuously.
x c'
There are two'normally closed manual sate valves, 055 and 056, on a header which joins the two motor-driven pumps A and B together. Normally MDPA it supplies only-Steam Generators 1 and 4 while MDPB supplies only Steam Generators 2 and 3.
By ope'ning both these valves, either motor-driven pump f
alone can supply all four steam generators.
2.
LOOP - System control is basically the same as for LMFW. The only significant difference is that ac power is supplied by the diesel generators.
Leven control can still be maintained by modulating the flow control valves in the dit, charge lines to the steam generators.
Transfer to the standby condensete storage tank and use of one motor-driven pump to feed all four steam generators are also the same as for LMFW.
- In this case, only the turbine-driven pump and its fhw paths' '
3.
LOAC are available.
Since all motor-operated valves in its flow paths are d:-
O operated, the operator can still control the steam generator level byvnodu-lating the flow control valves either from the Control Room or locally.
In~
effect, the operator can perform all of the same functions as before with the s
TDP for LMFW and LOOP because the Train C dc power is backed up by its own dedicated batteries which are used when Train A 120-V ac power is unavailable.
a-9.1.3 Effects of Test and Maintenance Activities The ef fect of testing on this system was discuss'ed earlier in Section 6.
As noted in Section 8, the applicant has stated tha$ to perform maintenance on any component, the component must be manually isolated both upstream and downstream. This can easily incapacitate an enti e pump' train.- For example t
(see Figure 1), if maintenance must be performed ondnt 'oi"the' manual gate valves on any one.of the discharge lines to the four steam generators from the TDP, valves 016, 019, 022, or 025, all four valves must be ' closed, thereby incapacitating the TDP.
9.1.4 Availability of Alternate Wate'r Supplies:9I h*~
f-
)
There are two redundant condensate stdrage tanks whQhre eacir idin-tained above a minimun level of 330,000 gal. The minimuMMer level of s
4
(
Len=
i
. each CST is designed to maintain the reactor in a hot standby condition for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> followed by a 5 hour5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> cooldown period, at which time the residual heat removal system can be used to further cnol the reactor coolant system.
The combined minimum operating capacity of the CSTs (660,000 gal)'is designed to allow a hot standby condition for 31 hours3.587963e-4 days <br />0.00861 hours <br />5.125661e-5 weeks <br />1.17955e-5 months <br /> followed by a 5 hour5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> cooldown period until operation of the residual heat removal system is initiated.
Each tank is a Seismic Category 1 structure with a capacity of 480,000 gol. The minimum safety capacity is ensured by all nozzles of nonsafety systems being located on the storage tanks above the corresponding elevation.
The condensate level in each tank is automatically maintained by a level con-trol valve in the line (to the tank) from the demineralized water system, which actuates when the volume in the tank drops to 472,250 gal.
As the water in the online CST is depleted, the operator may manually realign the system so that the standby CST serves all three pumps.
A separate line connects each pump to each CST.
Therefore, the applicant has taken substantial measures to ensure an adequate supply of alternate water sources.
However, it should be noted that the flappers have been removed from the check valves on the suction side of the pumps, valves 013, 033, 051, 058, and 061, (see Figure 1).
No reason is oiven for this. Such being the case, if and when the operator must transfer to the standby CST 002, it seems that the level in CST 001 will precipitously rise while the level in CST 002 will precipitously fall to equalize the static head. This is because there are effectively no check valves on the pump sucticn side, so that flow from CST 002 does not isolate CST 001. This might lead to some momentary confusion on the operator's part and possible mis-interpretation of instrument readings.
The specific emergency procedures for transferring to the standby CST have not been provided in Reference 3.
The procedures should include criteria to inform the operator when the transfer to the standby CST should take place, and should meet all other requirements described in Recommendation GS-4 of NUREG-0611. Reference 3 does indicate that there are level indicators and alarms both in the Control Room and locally for the CST water level to allow the operator to anticipate the need for makeup water or transfer to the alternate CST to prevent a low pump suction pressure from occurring.
It does not indicate whether the indicators and alarms are redundant and whether the low-low level of such alarms allows at least 20 minutes for operator action, as described in Additional Short-Term Recommendation 5.3.1 of NUREG-0611, 9.1. 5 Adequacy and Separation of Power Sources According to Reference 3, physical separation between the trains of the AFWS is maintained with regard to the prevention of common cause failures created by fire, flooding, and missiles.
The simplified piping layout schematic of the AFWS is provided as Figure 3 of this report.
Excluding the containment building, the only two locations where a portion of all three trains lie in a common area are in the building that houses the CSTs and in a pipe chase in the auxiliary feedwater pumphouse.
Both locations:
i a.
are protected from external missiles and have no internal source for
- missiles, b.
have no components subject to disabling damage due to flooding, and c.
have minimal sources of fire.
Physical separation between electrical components of the AFWS is provided in accordance with Regulatory Guide 1.75 and Institute of Electrical and Elec-tronics Engineers (IEEE) Standard 384 9.1.6 Common Mode' Failures In BNL's judgment, two aspects of the Vogtle AFWS design yield poten-tially significant common mode failure contributions to the system unavail-ability (see Figures 1 and 2).
The first aspect involves the manual 11y operated stop check valves at the steam generator inlet lines, (113, 114, 115 and116).
If the operator inadvertently closes any three of the four valves, the mission success criterion is unmet.
Closure of one of these valves prevents the flow from both of the pumps which normally supply a steam generator.
Even if the normally closed interconnection between the two motor-driven pumps, valves 055 and 056, is open, flow still cannot enter the steam generator from the alternate motor-driven pump.
The other aspect is the testing of the turbine-driven pump coupled with conmon mode failure to close at least two of the recirculation line valves, (81,82,83,84) which causes excessive flow diversion from the steam generators.
Both of these cases are quantitatively assessed in Section 9.2.3.2.
The applicant's own common cause analysis, according to Ref. 3 was performed deterministically and in two parts. The first part was performed explicitly for common cause hardware failure by location, and is discussed in Section 9.1.5 on physical separation. The second part of the conmon cause analysis was performed implicitly throughout the evaluation. According to the applicant, the results of the entire canmon cause analysis revealed no significant common cause potential within the VEGP AFWS.
9.1.7 Single Point Failures No single point failures were discovered during the course of this review.
9.1.8 Adequacy of Emergency Procedures The applicant has not previded emergency procedures at this time.
Such procedures should be provided in the future.
i I
__ 9. 2 Quantitative Aspects 9.2.1 Applicant's Use of NRC-Suggested Methodology and Data 9.2.1.1 Fault Tree Construction and Evaluation In Reference 3, the applicant states that the initial fault tree was developed to the component failure mode level and then expanded to the component failure cause level.
The component failure causes considered were:
a.
Random failure on demand.
b.
Unavailability due to testing.
c.
Unavailability due to maintenance.
y d.
Independent human error during testing or maintenance.
e.
Common cause human error during testing or maintenance.
i The fault tree developed for the analysis in FSAR is included in this report with BNL modifications as Figure 7, Sheets 1 to 33.
Although the applicant states that unavailability due to testing and common cause human error during testing or maintenance were considered in the fault tree, BNL was unable to locate any such aspects in our review of both i
the fault tree and the applicant's assumptions in Table 3.
Neither the fault tree nor the data table contains specific fault identifiers, and therefore the applicant's results can not be unequivocally duplicated. Nevertheless, the fault tree is very comprehensive and great care was evidently taken to correctly model maintenance acts on all pumps and valves. However, the important contribution of diesel-generator maintenance was omitted.
In addition, the fault tree does not model maintenance acts excluded by technical specification requirements in(9n)y useful way, particularly consider-ing that the applicant used the WAM-CUT computer code.
Speci fical ly, i
Figure 7, Sheets 3 through 10, show that the inputs to the AND gates:
"N0lF TO SG FROM TRAIN DUE TO MAINTENANCE" and a NOT gate described as "D0ES NOT VTULATE TECHNIC'XE SPECIFICATIONS."
Obviously _the latter gate indicates only schematically how the calcula-tion was performed, because it does not identify exactly which coincident maintenance events are to be excluded.
It is therefore unclear just exactly how the applicant arrived at his numerical results.
In using the WAMCUT code, the two basic approaches to elimination of disallowed coincident test and/or maintenance ' acts are (1) to make extensive use of NOT gates, or (2) to define the top event so that disallowed maintenance and test acts are inherently-excluded.
i l
i BNL used the SETS code (8) to quantify the results.
SETS allows both methods mentioned above.
In addition, SETS allows a third in which the top i
event is defined so as to allow unlimited coincident test and maintenance acts; the cutsets are then processed by SETS to eliminate those which are to be disallowed by the Technical Specifications. This is discussed further in Section 9.2.3, BNL Assessment.
9.2.1.2 Failure Data The applicant's failure data (Table 4 in Reference 3), are reproduced in Table 4 of this report. The data are in substantial agreement with the data prescribed in Table III-2 of NUREG-0611 (see Table 5), with the very notable 4
exception of valve and diesel generator maintenance unavailabilities. The appligant's data vglues for valve maintenance are extremely low, ragging from 7x10- to 2.17x10
, as compared to the NUREG-0611 value of 2.1x10,
while diesel generator maintenance was neglected.
The references cited are NUREG-0611 and WASH-1400, but BNL cannot ascertain how the applicant derived his values from those sources.
Reference 3 states:
"All data were used to quantify point estimates of unavailability on demand, and uncertainty is not accounted for in the anal-ysis.
It should be noted that the data used in the reliability analysis is generic, and as such the results are an evaluation of the AFWS design. The implication of the data is that they do not account for the actual charact'er-istics of how the plant is to be operated and maintained" (emphasis by added).
The case of pre-accident operator error with respect to closing manually operated valves appears to have been omitted from Table 4.
This is further discussed in Section 9.2.3, since it has a significant impact on the quanti-tative results.
A minor comme the applicant's data include a maintenance unavail-abilityof2.4x10gt:for 125-V dc electric power, while random failure was neglected. Maintenance unavailability does not appear to have been included in the fault tree, while random failure was included.
9.2.2 Applicant's Results 9.2.2.1 System Unavailabilities According.to Reference 3, the quantitative results of the conditional unavailabilities for the three cases designated by the NRC for the AFWS are:
A.
Case 1 - LMFW - For the case where there is an assumed loss of main feedwaterwithareactortripoccurringandoffsiteacpowervailabge,the 6.3x10.
conditional unavailability of the AFWS was calculated to be B.
Case 2 - LMFW/ LOOP - For the case where there is an assumed loss of
+
main feedwater with a reactor trip occurring and offsite ac power not availab{e, the conditional unavailability of the AFWS was calculated to be 2.6x10.
C.
Case 3 - LMFW/LOAC - For the case where there is an assumed loss of main feedwater with a reactor trip occurring and no ac power availa e, the i
conditional unavailability of the AFWS was calculated to be 1.0x10-9.2.2.2 Dominant Failure Modes and Conclusions It is stated in Reference 3 that the quantitative measure of importance was used as an indication of the dominant contributors to the AFWS conditional 4
unavailability. The value of importance was then taken as the sum of all cut-set probabilities containing a category of failure divided by the top event probability. The failure categories analyzed for each case are random failure of valves on demand; unavailability of valves due to maintenance; operator error; and pump unavailabilities (random or maintenance).
The applicant's dominant failure modes and conclusions for each case are as follows:
A.
Case 1 - LMFW - The importance of the most significant contributor to system failure, pump unavailability, was calculated to be 86%.
Examination of the category of pump unavailabilities revealed that pump failures were occur-I ring in combination with electric power system failure.
Furthermore, unavail-ability of the turbine driven pump was determined to be the most significant single failure event, but this pump did not dominate system unavailability.
~
B.
Case 2 - LMFW/ LOOP - The findings for Case 2 revealed that pump unavailabilities contribute 80% to system unavailability. Examination of this l
category revealed, as did Case 1, that no single component of the AFWS can be thought of as dominating (or controlling) system unavailability.
The reduc-tion of the system conditional availability for this case was found to be i
directly attributable to the assumed loss of redundancy in ac power sources.
C.
Case 3 - LMFW/LOAC - In Case 3, the -AFWS is reduced to only the turbine-driven pump.
Thus, any single failure along this pump train would be sufficient to fail the AFWS. The dominant contributors to system unavailability were as follows:
3 i
1.
The turbine-driven pump package (pump, trip throttle valve, and I
speed governing valve).
2.
The steam inlet valve (motor-operated valve 5106).
i 9.2.3 BNL Assessment 9.2.3.1 Fault Trees Since the applicant's fault trees (Reference 3) seem to be substantially correct and complete, particularly with respect to the modeling of maintenance acts at the component level, these same fault trees with minor revisions were used.in the BNL analysis, provided in this report as Figure 7, Sheets 1 to 33.
i The major revisions which were necessary were the addition of fault identi-fiers and a finer separation of certain maintenance acts so the. top event l
. could be properly identified and the nonfunctional event "Does Not Violate
-Technical Specifications" eliminated. The fault identification nomenclature scheme is shown in Table 6 The applicant did not separate the steam gen-erator intake sections in the expanded block diagram, Figure 6, into random and maintenance contributors because no maintenance can be performed on either of the two check valves or the stop check valve in a typical 1,ntake section, e.g., check valves 121 and 125 and stop check valve 113 on Steam Generator 1 Intake. However, BNL did so in order to model maintenance on the stop check valves on the pump discharge lines to a given steam generator and also a possible unavailability due to testing if the operator fails to reclose the recirculation valve in the condensate system return line (see Figure 7, Sheets 12 and 13).
Another significant revision was the inclusion of diesel generator main-tenance unavailability on Sheets 14 and 15. Other minor revisions are identi-fied on the fault trees.
It shuuld also be noted that the top event on Sheet I was modified to show the actual gate names and the Boolean expression which was used to replicate the 3 out of 4 canbination gate used by the applicant in the WAM-CUT code. The SETS code used by BNL does not use combination gates.
.The fault trees as shown allow unrestricted coincident test and main-tenance acts. Those acts which are not allowed by the Technical Specifica-tions were then deleted from the cutsets by use of the DELETE TERM option of the SETS code.
Specifically, the equation establishing the terms to be deleted is based on the Expanded Reliability Block Diagram in Figure 6, and is given below:
DELETE = A*B + B*C + A*C A = PMPAMAINT + A1MAINT + A4MAINT + TAMDPA003 B = PMPBMAINT + B2MAINT + B3MAINT + TAMDPB002 C = PMPCMAINT + C1MAINT + C2MAINT + C3MAINT + C4MAINT + TATDPC001 l
After cutsets are obtained, they are processed to eliminate failure combina-tions which imply event DELETE.
This essentially disallows simultaneous maintenance on or testing of two or three pumps, or one pump and one of the discharge flow paths of another pump, or two or more discharge flow paths when each flow path is supplied by a different pump.
9.2.3.2 Failure Data A general comparison between theLapplicant's data assumptions and those used by BNL is provided in Table 7.
The most important aspects of the applicant's data in terms of sensitiv-ity in the quantitative results are the maintenance unavailabilities assumed for all valves and the pre-accident human error assumed for the operator inadvertently closing a manual valve.
The applicant's assumptions for valve maintenance arc extremely low compared with the NUREG-0611 data. The sub-mittal's values range from 7E-8 to 2.17E-6, while the BNL assumption was 2.1E-3, based on NUREG-0611 data, for all motor-operated valves and 0 for all manually operated valves and check valves, with the exception of the stop check valves on the pump discharge lines, as noted earlier in Section 8.2 Similarly, the applicar.t appears to have assumed 0 for the pre-accident operator error of inadvertent closure of a manually operated valve.
The BNL assumptions for this case were SE-3 for locked-open manual valves whose posi-tion cannot be verified as a result of the testing of its associated pump and 1E-3 if testing does allow position verification. This has very important implications for the manually operated stop check valves 113, 114, 115, and 116 at the AFW intake to each steam generator. Since each valve lies in a common discharge path for the two AFW pumps which supply any given steam generator, its inadvertent closure blocks all AFW flow to that steam gen-erator.
It does not appear that pump testing per se can verify the position of those valves because, during the pump test, the discharge pressure is throt-tied by the motor-operated valves (5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139) so that flow does not enter the steam generators but is diverted to the Condensate System through the recirculation bypass valves.
Thus, no flow passes through the locked-open stop check valves in question.
In the NRC Standard Technical Specifications (4), periodic surveillance is generally not required if a valve is locked into its emergency position.
Thus, the only way to verify the position of these valves appears to be by voluntary visual inspection during a pump test. However, for independent failures, use of the post-accident recovery factor of 0.25 as specified in Table 5 for 30 minutes allowable time, yields (SE-3)*(0.25) n, IE-3.
The common mode failures described in Section 9.1.6 have been quantified and added to the system un-availabilities for independent failures only (as shown in Table 8), as fol-lows:
N0FLOSGS1234 = CRVL0*0EFTCCRVS+CM0ESCVS*0EFTOSCVS (1)
CRVLO = CMOECRVS + TATDPC001 (2) where N0FLOSGS1234 = Multiple error contribution to the probability of insufficient flow to steam generators 1, 2, 3, and l
4 CRVLO
= probability of the condensate return valves (081,082,083,084) being in the open position, i
l l
~-
1
' I OEFTCCRVS
= probability of the operator failing to close the condensate return valves after automatic AFWS initiation,.5E-3.
CM0ESCVS'
= Common mode probability of pre-accident operator error in leaving the manually operated stop check valves 1
(113, 114, 115, 116) in the closed position,1E-3.
0EFTOSCVS
= probability of the operator failing to open the stop check valves after automatic AFWS initiation, SE-3.
CM0ECRVS-
= Common mode probability'of pre-accident operator error in leaving the condensate return valves in the open position, 1E-3.
TATDPC001
= probability of the turbine-driven pump undergoing test, which requires'that the condensate return valves be open, 6.4E-4.
I Substituting (2) into (1)
[
N0FLOSGS1234 = (CM0ECRVS+TATDPC001) (0EFTCCRVS)
+(CM0ESCVS )*(0EFTOSCVS)
=(1E-3+6.4E-4)*(5E-3)+(1E-3)*(SE-3)
= 8.2E-6+5E-6=1.3E-5 j
Therefore,1.3E-5 is the multiple error contribution to the top event
~
from misalignment of either multiple stop check valves or multiple condensate return valves.
For each initiator, and f ar different error probabilities associated with other valves, Table 8 provides results calculated with and without this con-tribution. The purpose of this is to display the 'ef fect 'of the assumptions which have been made, which,.in the present case, must be regarded.as ingredi-1 ents of a parametric sensitivity study.
It. is ' unclear whether opening all the condensate return valves really fails the system. If not, then the correspond-1 ing contribution of 5.E-6 (see above) should be subtracted from the system unavailability quoted in all Case b entries in Table 8, and from the results given in the Executive Summary.
9.2.3.3 System Unavailabilities A sensitivity comparison between the results of the applicant and of BNL is shown in Table 8 for various situations. ~.The results are given for the i
y
=
,m.,,_
three cases of LMFW, LOOP, and LOAC, in which the following assumptions have been made:
- 1) Case A - All manual valves ar6 assigned a pre-accident operator error rate of SE-3/ demand rlus a 1E-4/ demand for plugging.
- 2) Case B - All manual valves are assigned a pre-accident operator error rate of IE-3/ demand plus a 1E-4/ demand for plugging except the manually operated stop check valves at the steam genera-tor intake lines (113, 114, 115, 116) which have a pre-accident operator error rate of SE-3/ demand.
- 3) Case C - All. manual valves are assigned a pre-accident operator error rate of IE-3/ demand plus a 1E-4/ demand for plugging. The manually operated stop check valves 113, 114, 115 and 116 are evaluated with a recovery factor of 0.25, which also equates to a 1E-3/ demand failure rate.
The purpose of presenting results in this way is to displ y more clearly the effects of certain assumptions.
In many similar analyses e Westinghouse systems, credit has been taken both implicitly and explicitly for operator action to recover certain errors. Here, choosing lower error probabilities i
corresponds, in effect, to taking more credit for recovery.
For the purpose of selecting the proper assessment for compliance with the NUREG-0611 guidelines, and correspondence with the applicant's actual design, BNL has chosen Case C with multiple errors included for the final evaluation provided in Tables 1 and 2 in the Executive Summary.
9.2.3.4 Dominant Failure Modes The results of the BNL analysis are provided in Figures 8 to 10 for Case B of Table 8, assum49 independent failures only.
1.
Case 1 - LMFW The dominant failure modes are shown in Figure 8.
The leading group is random failure of one pump combined with maintenance outage of a second pump and random failure of one of the manual stop check valves on the steam gen-erator inlet lines supplied by the third pump.
The next significant set is random failures of three of the four manual stop check valves on the steam generator inlet lines, followed by random failure of two pumps and one of the manual stop' check valves supplied by the third pump.
2.
Case 2 - LOOP The dominant failure modes for this case are shown in Figure 9.
The leading group is random failure of both diesel generators (ACTRNAF and ACTRNBF) combined with random or maintenance acts on the turbine-driven pump train. The next major group is maintenance acts on one of the pumps combined
-2 0-with random failure of one of the diesel generators and of either one of the manual stop check valves'on the steam generator inlet lines supplied by the third pump or random failure of the third pump itself.
1 Case 3 - LOAC The dominant failure modes are shown in Figure 10 for this case. As expected, single random failures or maintenance acts on the turbine-driven
. pump itself.or one of the several valves on the turbine inlet supply line comprise the predominant group of failure modes.
At much lower failure prob-ability rates, the next group consists of double failures pertaining to random failures of the -locked-open manually operated butterfly valves on the conden-sate storage tank supply lines to the turbine-driven pump suction combined with random failure of or operator failure to open the normally closed motor-operated valves isolating the turbine-driven pump suction from the standby condensate storage tank.
9.2.3.5 General Comparison to Other Plants The-Vogtle AFWS design is similar to that of many other plants in that it consists of two motor-driven pumps and a third pump which is steam turbine driven.
It does have several notable features such as two redundant safety-class condensate storage tanks each having sufficient capacity for an extended cooldown and satisfaction of the design basis requirements. Transfer to the standby tank must he done manually. Another feature is the provision of a third,. independent train of dc power for the TDP and its associated motor-operated valves, designated as 125-V dc Train C power.
In this manner, fail-ure of either dc Train A or Train B fails only one of the MDPs, not an MDP and the TDP simultaneously.
Also, since the motor-operated throttle valves on the TDP discharge lines to the SGs are de-powered by Train C, SG level control can be maintained by the operator from the control room even during a LOAC transient.
The location of the test recirculation lines very close to the SG intakes allows verification by pump testing of the position of all valves on the pumps' discharge lines, except for the manually operated stop check valves on the inlet lines to each SG (113,114,115,116).
The MDP headers are joined together by two normally closed manual valves 055 and 056. By opening both of these valves, either MDP can be used to feed.
all four steam generators.
This feature is also available in several other AFWS designs.
Finally, the provision of'the stop check valves 113, 114, 115, and 116 in the SG. intake lines is unusual.. Although, as mentioned previously, as the potential for human error blocking all AFW flow to an entire steam generator increases, the valves may provide an additional. safety margin in preventing the back-leakage of steam into the AFW lines.
L :
9.2.3.6 General Comments The Vogtle' AFWS is in general a very well-designed system. The pro-visions for pump testing allow for nearly. complete verification of the valve 4
positions on the pump's discharge, the exception being the steam generator intake lines themselves.
The inadvertent closure of the manually operated stop check valves on the intake lines does, however, have a significant effect on the unavailability analysis. This ef fect.is substantially' reduced if. the valves have control room position indication or if the operator can credibly recognize the problem and take' appropriate actions outside the Control Room within the 30 minutes allowable action time.
The actual procedure for and the sequencing of pump' testing was not clearly explained in the applicant's. analysis.. It is not clear how many of the recirculation bypass line valves to the Condensate System are simul-taneously opened during the ' testing of any one pump.
Presumably, the re-circulation line valves for the two steam generators supplied by each MDP and the four valves for the four steam generators supplied by the_ TDP are opened simultaneously.
1 i
i 1
l
.. - -,. - -. ~ -.,. -, -.
^
4 i REFERENCES
- 1.. U.S. NRC, Generic Evaluation of Feedwater Transients and Small Break Loss-of-Coolant Accidents in Westinghouse-Designed Operating Plants, NUREG-0611, January 1980.
2.
Letter from D. F. Ross, Jr., U.S. NRC, addressed to All Pending Opera-ting License Applicants of Nuclear Steam Supply Systems Designed by Westinghouse and Combustion Engineering, dated March 10, 1980.
3.
Georgia Power. Corporation, VEGP Auxiliary Feedwater System Reliability Analysis, VEGP FSAR Appendix 10A, current edition.
4.
U.S. NRC, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants - LWR Edition - Section 10.4.9, ' Auxiliary Feedwater System', NUREG-0800, Revision 2, July 1981.
5.
U.S. NRC, Standard Technical Specifications for Westinghouse Pressurized Water Reactors, NUREG-0452, Revision 4, Fall 1981.
6.
U.S. NRC, Reactor Safety Study: An Assessment of Accident Risks in U.S.
Commercial Nuclear Power Plants - Appendices 3 and 4: Failure Data, WASH-1400 (NUREG75/014), October 1975.
7.
Erdmann, R. C., Leverenz, F. L., and Ki rch, H., WAM-CUT: A Computer Code for Fault Tree Evaluation, EPRI-NP-803, Science Applications, Inc., June 1978.
8.
Worrell, R. B. and Stack, D. W., A SETS Users Manual for the Fault Tree Analyst, NUREG/CR-0465, Sandia National Laboratory, November 1978.
v
006 y
- 3eo, F ROM $TE AM GENE RATOR t j
+
LO 4"
]
008 3019 007 TRIP ANO
$PE E D THROTTLE GOVE RNtNG WALVE VALVE LO LO TOSitAM g
Q X
GENERATOR
.T.
\\_ _ _,,7 a'~'A CST 5106 MV
$v
_g M
le g
LO LO TO $ff AM 002pl[0eo ee GENERATOR tRA C I'
LO O /LO /
W W
014 015 6"
SINTAuf to LO r *'
th
- -- T ir 10* 1r
'003' q'013 (1) t
.w I
X
) )
CENEnATOR 022 5125 023 2tNTAuf f-T
/'%
/\\
/L 029
'O 40 LO LO a-a~
TO $ r AM 006
%'[
M N
GENERATOR 8
t
/
/
gy 002 000 025 1127 026 094 05e (1) 31NTAKE 002 002 N
c.a 000 007 g,g, 036 5132 037 LO[LO,_O,_
5113 069(1) 10" 1r # )
\\
2 tir p
^
x x
x *~
g 063 Om m.
0A0 (1)
LO LO x
x..
(C)[0s6 in N
7%
8 '~
003 (1) CHtCK VALVs g
LO LO, 4"
F L APPE R H AS x
estuntuoveo e-
.2 (n
>C Figure 1 voGTLE AF14S E LECTRIC GENER ATING PLANT GeorgiaIbwer UMT 1 AND UMT 2 FSAR FIGURE 10A-1 433-9 e!!
s!!
k s-am t,
c, sx 3e 1 ;L
>s i, _ _-_ -- l az c._ _ ___ _ _ _ l ag rll
- , r 2-
- ,r 2-I
- l
- l N
?
- ,1 z
1P Wm 8
s 4
s s -
m
(
<l
>. 8
- _ak I el
- _sL i.
o l '* ::
l'*:
e m
11
!l
- I
,a
,e
- 3 Hd m
' ' t,r ;:
l
,r Tr:
==
am m
i i
1
-z o
i INN!!
f INN'!
!,~,!
l I
x s h_ \\_=rl l
3.
-I l
_I h_ \\_
s H<
m g
l 2
l !
E r
l ih es 5
a l
_rJ l
[
8 8
I 8
8 I
i e
a I
a v
v r
5 l
5 l
I 7
I 7
t_
i________J L_
i________J z
s s
3 a
4 s
sf 2
0 3
2
- 1 11
~
3 3
4" C>
$2 wo 0O O2
.a @ 4
.4 y e 4
- O Q
O w >-
of3 2 f.3 e
Ca2
-gj g*
g.g
>w3 c-e-
},., i AL,__
i, islPl
- l j,, IJL,________l r
2-
- 3r e-I e;
l il 5
1P t il 3
._JL !
[I JL I 7
z 21 P
r l ' * ::
.I e
il
!l l'*;
![
C
- 5 4
>t 4
h'-
l'v 81r*
l :
- 3 49P:
l l
}
f l'v l
O I N N !!
N'I l!
b
=
i
- l_ l.
l 5 1_
-I l
5 l
1 I i
_ __a Ii
__a I
E i
5 5
l s
8 I
8 s
1 l
a y
r l
a 2
y l
5 l
7 I
1 I
7 d:________J t_
i________J t_
s s
a 3;
l 1
15
- , s 3
3
/
/
e
4I l
2 3
1 T
T A
S S
0 C
C 1
ER U
G 3
I F
er 1
I u
R g
A i
F SF
~
B np e
r s
oe n
vmi u
t T
oi u a o
N r
r MDP T n
e C
h A
n n p m p
L o
0 i e n
mui m
P mp b ir e
5 v
a u
a u
G r
mih uDP R T P
I r
P N
r np A o
C T
C S
T oevm in W
A2 t
Rr oiu a F
E i r
MD P r
l N N T
A en E u nA Go u6 C,.
TT I A R
T, C
C T, E
N LN A
!A u
IN R
A T
R kn T
r B
c l
N N
e e
n I
I w
n8 A
A u6 R
R o
TT P
T T
aig roeG T
N E G mem MN NI mem n av o D
iavo n
ia elao IAL aelao t
MSVR t
TI MSVR U
N B
O C
9 3
3 4
i SYST EM SYST EM DESCRIPTIONS D R AWINGS I
I 1
SYSTEM SOUNOS R ELIABILITY BLOCKOIAGRAM DEVELOPMENT F AULT TR EE DEVELOPMENT TO COtrONENT FAILURE CAUSE TECHNICAL SPECIFICATIONS MINIMAL e
CUT SET ANALYSIS OPERATING PROCEDURES R EVISED F AULT TR EE DETERMINISTIC COMMON CAUSE ANALYSIS STATSSTICALLY INDEPENDENT FAILURE CAUSE QUANTIFICATION RESULTS ANO CONCLUSIONS 10967 3 Figure 4 AFWS RELIABILITY EVALUATION v0GTLE k
ELECTRIC GENERATING PLANT METHODOLOGY FLOW CHART Georgia Power n UNIT 1 ANO UNIT 2 FSAR FIGURE 10A-4 433-9
TRAIN A OlSCHARGE TO STE AM GENERATOR 1 PUMP A -
(All SECTION TR AIN A DISCHARGE TO STE AM GENERATOR 4 (A4)
GENERATOR 1
/
INTAKE SECTION GENE ATOR1 I O'I (CII TR AIN C STEAM DISCH AR GE GENERATOR 4 8 ^
INTAKE SECTION GENERATOR 4 (SG4) 8 I PUMP C SECTION 2/4 s
(PMPC)
TRAIN C N
^
ION GENERATOR 2 gy3 (C2)
GENERATOR 3 GENE ATOR 3 INTAKE SE,CTION
/
I (C3)
TRAIN 8 t
DISCHARGE TO STE AM GENERATOR 2 PUMPB (B2)
SECTION (PMPS)
TRAIN 8 DISCHARGE t
TO STE AM GENERATOR 3 (B3' Figure 0 Georgia Power d UNIH AND UNIT 2 ECTRIC GENE R ATING PL ANT FSAR FIGURE 10A-5 033 9
k=.
MARGA ID 4
2' K
6
~
C l
O A
L 0
B 1
D E
K T K T T
T K
4 N
r N
3 K s I AI S lN AI e
I SNAIN E
R l TN T
o O
T G T N
NA D
U sI W
M M
I M
6 N
G A
I er P
F ED KD K D KD l TN TN T N 3
u X
4 m
T N o
O o
G g
E R
S INA NA NA S lN A R
S I R s I R R
i F
A S
S W
F F
)
)
A T
N T
T T
T T
T T
T N
N N
N N
N N
N A
I I
I I
I I
A A
AI A
A AI A
A L
M M
M M
M M
M M
P 1
4 1
4 S
3 2
3 M
G A
A C
C C
C B
B A
N RG TI A
I A2 D
Rr K
Ei C
Nn O
u L
E B
Go
$w Cn D
D D
D D
D D
D F
E RI A N
N N
N N
N N
N A
L Ti A
A A
A A
A A
A R
R R
R R
R R
R Cr T
A t
4 t
3 2
3 GEi 1
A C
C C
C oLn 4
vEu rewo P
.a T
I T
i N
I gs I
N N
A A
AI r
M M
M o
A C
9 P
P P
e M
M M
G P
P P
D D
D N
N N
A A
A R
L R
E A
C S
P P
P M
M M
P P
P 9
3 3
A
'E'.e'RENs" FROM AFvv5 r,
IFTSGSl234, 3'*
I I
I I
l NOiF,TO NO4TO NO,ig,TO uOgTO NOlFTSGI NOlFTSG 2 NOlFTSG3 NOlFTSG4 1
1 i
i I
I I
$N TAKf
$$$ N tNTAK lNTAK e O I TAE Fans seCTiON Faits sect >ON Fasts seCriON Farts seCTeoN y
r, r,
r, r,
IFTSGilNTK IFTSG2lNTK IFTSG31NTK IFTSG41NTK (sGi sG2 sG sG4 STMG NI T
STMG N2 i
STMGEN 3 STMGEN4 T
I I
I I
I I
1 NOlF T SGI NOt F 0 SG1 NOlF 1 5G2 8sO8F T SG2 feOaF T $G3 NotF TO SG3 feOlF T SG4 NO4FTO 5G4 TRAIN A TRAIN C TRA4N 8 TRAIN C TRAIN 8 TRAIN C TRAIN A TRAIN C NOlf T1F A NotF T1FC.
NosF T2FS teOlF T 2F C NOt F13F S NOlF T 3FC NOe F T4 F A NOtFT4FC feOtF NO OR INSUFFaCleNT FLOW D IFTSGS1234 : STMGENS 123 + STMGENS' 124 + STMGENS 134 + STMGENS 234 -
STMGENS 123 : NOlFTSGI NOlFTSG2 NOlFTSG3 STMGENS 134 :NOlFTSGI NOlFTSG3 NOlFTSG4 STMGENS124: NOlFTSGI NOlFTSG2 NOlFTSG4 STMGENS 234 =NOlFTSG2 NOlFTSG3 NOlFTSG4 Finisre 7 (< hoots 1 nf 33) voGTLE UNIT 1 AFWS FAULT TREE MODEL Georgia Power A ELECTRICGENERATING PLANTFSAR UNIT 1 AND UFIT 2 FIGURE 10A-7 (SHEET 1 OF 30)1 4339
1
[\\
SG 2 INTAKE SGI INTAKE SECTION FAILS
\\
SECTION FAILS
/
STMGENI STMGEN2 m
7 I
I E
i SGI INTAKE SGI INTAKE SG2 INTAKE SG2 INTAKE SECTION IN SECTION FAILS SECTION IN SECTION FAILS MAINTENANCE RANDOMLY M AIN T E N AN C E R AN DOMLY OR TEST OR TEST SGilNTKRAND SG21NTKRAND SC21NTKM AINT SGilNTKMAINT SG3 INTAKE SG 4 INTAKE SECTION FAILS
_\\_
SECTION FAILS STMGEN3 STMGEN4 J
i i
l I
SG3 INThKE SG3 INTAKE SC4 INTAKE SG4 INTAKE SECTION FAILS SECTION IN SECTION FAILS SECTION IN RAN DOM LY M AINTE N A NCE R ANDO MLY MAIN TEN ANCE OR TEST OR TEST SG3fNTKRAND SG41NTKRAND t
SG3lNTKMAINT SG41NTKMAINT Ficure 7 (Sheet 2 of 33)
EL CTRIC GENERATING PLANT m ADN*
Georgia Power uNir i ANo uNir a FSAR FIG. LOA-7 SHEET lA b' 30 433-9
-~
NOlF TO SGI FHOM
\\
TRAIN A NOlF T1F A BNL REVISION T
\\
\\
\\
l k
NOf F TO SG1 -
R A
FROM TRAIN A
\\
DUE TO RANDOM IN FAILURE AIRPM PAR
\\
l I
g T
TRAIN A FLOW TRAIN A DIS-TRAIN A PUMP Y
VI AT TO SG1 UN AVAIL-CHARGE SECTION SECTION FAILS
\\SPE IF EC IC L A8LE DUE TO TO SG1 FAILS RANDOMLY T NS MAINT ENANCE RANDOMLY AIMPMPAM A1 RAND PMPARAND I
I TRAIN A DIS-TRAlN A PUMP CHARGE VALVE SECTION IN
,,,5fy,8,(g MAINTENANCE O
o AIMAINT-MOV5139 PMPAMAINT 109679 Figure 7 (Sheet 3 Of 33)
VOGTLE UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENERATING PLANT FSAR Georgia Power n unit i ANo uun 2 FIGURE 10A-7 (SHEET 2 OF 30)1 l
4339.
NOlF TO SG1 FROM
\\
T R AIN C NOlFTIF C O
BNL REVISION T
h i
\\
l NO F T SG NOlF TO SG1 R
TR IN FROM TRAIN C D E DOE TO RANDOM IN EN NC FAILURE ClRPMPCR
\\
l
_ l
\\
NO TRAIN C FLOW TR AIN C DIS-TRAIN C PUMP T
TO SG1 UNAVAIL CHARGE SECTION SECTION FAILS
-T CA A8LE DUE TO TO SG1 FAILS RANDOMLY E]FIC Tl MAINTENANCE RANDOMLY ClM PM PCM C1R AND PMPCRAND I
I TRAIN C DIS-TR AIN C PUMP CHARGE VALVE SECTION IN A
MAINTENANCE O
/\\
CIMAINT-MOV5122 PMPCMAINT 10967-3 Fiqure 7 (Sheet 4 Of 33) k LECTRIC GENER ATING PLANT Georgia Power n FSAR UNIT 1 AND UNIT 2 FIGURE 10A-7 (SHEET 3 OF 30) 433-9
i NOlF TO SG2 FRoM
\\
T R AIN G NOlFT2FB
)
BNL REVISION I\\
\\
t i
TR IN FROM TRAIN 8 D E1 DUE TO RANDOM IN EN C FAILURE 3
B2RPMPBR s
\\
l I
L, E
TRAIN B FLOW TRAIN B DIS-TRAL'N B PUMP 10 AT TO SG2 UNAVAIL.
CHARGE SECTION SECTION FA:LS T CH ICA ABLE DUE TO TO SG2 FAILS RANDOMLY E IFl Tl NS MAINTENANCE RANDOMLY 3
B2MPMPBM B2 RAND PMP8 RAP'J l
I TRAIN B DIS-TR AIN B PUMP CHARGE VALVE SECTION IN
^
MAI TENANCE O
fs 82MAINT-MOV5132 PMP8MAINT 1o967 3 Figure 7 (Sheet 5 of 33) k LECTRIC GENERATING PLANT Georg. Power M ia UNIT 1 AND UNIT 2 FSAR FIGURE 10A-7 (SHEET 4 OF 30) 433 9
NOlF TO SG2 FROM
\\
T H AIN C NOtFT2FC BNL REVISION 1 \\ \\
l N IF S
NOlF TO SG2 FROM T Al FROM TRAIN C QUE O DUE TO HANDOM Al TE NC FAILURE C2RPMPCR 1
I DOkS T.
TRAIN C FLOW TRAIN C DIS' TRAIN C PUMP l
VI TO SG2 UNAVAIL-CHARGE SECTION SECTION FAILS f
EC IC L ABLE DUE TO TO SG2 F AILS RANDOMLY SP IFl AT NS MAINTENANCE RANDOMLY C2 M P M PCM C2 RAND PMPCRANO I
I
^
CA E V LVE E ION N A
A CE MAIN NANCE O
A 10967 3 C2M AINT-MOV5125 PMPCMAINT Figure 7 (Sheet 6 of 33)
VOGTLE UNIT 1 AFWS FAULT TREE MODEL k
ELECTRIC GENERATING PLANT FSAR Georgia Power n Uuir i AND UNIT 2 FIGURE 10A-7 (SHEET 5 OF 30) 433 9 e
NO F YO SG3 FROM
\\
TRAIN S NOlFT3FB 8NL REVISION T
l\\
\\
t I
' NOlF TO SG 3 NOf T G FROM TRAIN 8 R
TR N DET DUE TO RANDOM IN EN C FAILURE
\\
83RPMPBR
-w
\\
h 1
I NO TRAIN 8 FLOW TRAIN B DIS.
TRAIN 8 PUMP AT TO SG3 UNAVAIL-CHARGE SECTION SECTION F AILS T
CA ABLE DUE TO TO SG3 FAILS RANDOMLY E
Tl S MAINTENANCE RANDOMLY-B3MPMPBM 83 RAND PMPSRANO I
I TR AIN B DIS-TRAIN B PUMP CHARGE VALVE SECTION IN
^
MAI NANCE O
fs 83MAINT-MOV5134 PMPBMAINT 30N 3 Figure 7 (Sheet 7 of 33) voGTLE UNIT 1 AFWS FAULT TREE MODEL EL ECTRIC GENERATING PLANT Georgia Power FSAR UNIT uus unit,
FIGURE 10A-7 (SHEET 6 OF 30) 433 9
NOlF TO SG3 FROM
\\
T R AIN C NOIFT37 C BNL REVISION 1
\\ \\
l F Th SG NOlF TO SG3 N
R T IN FROM TRAIN C E
DUE TO RANDOM IN EN NC F AILURE C3RPMPCR m
\\
h l
I TRAIN C FLOW TRAIN C DIS
- TRAIN C PUMP VIO AT TO SG3 UNAVAIL-CHARGE SECTION SECTION FAILS T CH IC ABLE DUE TO TO SG3 FAILS RANDOMLY E IF T
MAINTENANCE RANDOMLY C3 RAND PMPCRAND I
I TR^
CHARGE V L E E l MAI EN E
0
/\\
10967 3 C 3MAINT-MOV5127 PMPCMAINT.
Fiqure 7 (Sheet 8 of 33)
LECTRiC GENERATING PLANT GeorgiaIbwcr M FSAR UNIT 1 AND UNIT 2 FIGURE 10A-7 (SiiEET 7 OF 30) j 433-9
NOlF TO SG4 FROM
\\
TRAIN A NOlFT4 F A
\\
BNL REVISION i
\\
\\
}
I N
SG NOiF TO SG4 R
IN FROM TRAIN A DOE DUE TO RANDOM AIN{E NC FAILURE 3
A4RPMPAR
\\
DO T
TRAIN A FLOW TRAIN A DIS
- TRAIN A PUMP VI T-TO SG4 UNAVAIL CHARGE SECTION SECTION FAILS 8
EC L
ABLE DUE TO TO SG4 FAILS SPE IFl AT MAINTENANCE RANDOMLY RANDOMLY A4 MPM PA M A4 RAND PMPARAND l
^ ^
C AR EV VE E lM Al TENANCE MAINTENANCE A4 MAINT -MOV 5137 PMPAMAINT Figure 7 (Sheet 9 of 33) k LECTRIC GENERATING PLANT UNIT 1 AFWS FAULT TRE3 MODEL Georgia Power M IWIT 1 AND UNIT 2 FSAR FIGURE 10A-7 (SHEET 8 OF 30) 4349
NOlF TO SG4 FROM
\\
TR AIN C NOlF T4 F C BNL REVISION 1
g g
[
IF Th 5
\\
NOlF TO SG4 N
FROM TRAIN C FR i
l DUE TO RANDOM F AILOR E Al Q
N C4RPMPCR
^
-y 1
I 1
L T
TRAIN C FLOW TRAIN C DIS-TRAIN C PUMP E
TO SG4 UNAVAIL-CHARGE SECTION SECTION FAILS TECHN L
ABLE DUE TO TO SG4 FAILS RANDOMLY
~
CIFICA 10 MAINTENANCE RANDOMLY C4MPM PCM C4 R AND PMPCRAND
.,f g
TR AIN C DIS-TRAIN C PUMP CHARGE VALVE SECTION IN
~,#
^'"
MAINT H NCE
=e 10967 3 C4 M AINT-M OV5120 Pa4PCMAINT 4.
- A; s
Figure 7 (Shdet 10 of' 33) v0GTLE UNIT 1 AFWS FAULT TREE'MODEL k
E LECTRIC GENER ATING PL ANT FSAR
~
Georgia Power h UNIT i Auo UNIT 2 FIGURE 10A-7 (SHEET 9 OF 30)
I 483-9
l I BNL REVISION h
(NT AK), E YtON
. TYPIC AL SGilNTKRAND
" ^"D 0 " "
/1 /
I I
/ /1
//:OP HE CHECK VALVE CHECK VALVE a:: s //3.,y
~,E.y
=:
=
CH,ECK ALVE O
O O
ht V c.O RACHV121 RACHV125 RASCVil3 S
6 h
mr4K,e i,criou SG2iNTKRAND
" * " D 0 ""
/1 /
I I
~ / A a' E
" f2 F5f[s
[
i 12s F ts CHECK ALVE f
at g3
/
i un r
'gfs*lgS f
ctosto closEo i uni TE
=c O
O S O3 RACHVl22 RAC 12 6 RASCVil4 M
- O miaK,E $,ction SG31NTKRAND
"""D*""
l I
/ /t f[/
v7 E j'
- 'E*rlit s"'
- 'Es*rlfts '
cHEc'KE*LvE v7 E
$l5f,^lg5
/[/
i u
TE as ctosEo ctosto u
TE =
0 0
0 MS O6 RACHV124 RACHV128 RASCVil5 S
O mrAK,E E,creow SG41NTkRAND
"*"Do""
1/ /
I i
/ /l
//~J,~"r'./
'us#h5
'Esuh5
'g;;p f//J'11*~c//
rop ME CHECK VALVE CHECK VALVE CHECK LVE O
O O
A V 7 RACHV123 RACHVl27
'RASCVil6 S
0
-3 Figure 7 (Sheet 11 of 33)
VOGTLE b
ELECTRIC GENERATING PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power al UNIT 1 AND UNif 2 FSAR FIGURE 10A-7 (SHEET 10 OF 30) 433-9
- ~ -
. -. ~ ~..
.. _.. - ~. -
SGIINTAKE SECTION IN MAINTENANCE SGilNTKMAINT OR TEST N
l l
TRAIN A PUMP SECTION IN TRAIN C PUMP SECTION IN b STOP CHECK STOP CHECK FARS TEST & OPERATOR FARS R ECL'OPER ATOR VALVE O20 IN VALVE 046 IN OSE CONDENSATE TO RECLOSE CONDENSATE TO MAINTENANCE
' MAINTENANCE VALVE 0 81 VALVE ' 0 81 l
F3 r3 SGlPMPATEST SGIPMPCTEST
' ~
MASCVO2O MASCVO46 l
l TRAIN A PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 081 TEST VALVE 081 0
0 0
0 TAMDPAOO3 OEMGVO810P TATDPCOOI OEMGVO810P i
j 4
2 SG 2 INTAKE SECTION IN MAINTENANCE SG2iNTKMAINT OR TEST 1
l i
I I
TRAIN B PUMP SECTION IN TRAIN C PUMP. SECTION IN STOP CHECK STOP CHECK i
^
VALVE O23. IN VALVE 037.IN MAINTENANCE M AINT ENANCE VALVE 082 VALVE 082 O
O o
o MASCVO23 MASCVO37 SG2PMPBTEST SG2PMPCTEST
]
_ A
?
r l
l' l
TRAIN B PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEGT VALVE 082 TEST-VALVE 082 O
O O
O
' TAM D P BOO 2 OEGVO820P TATDPCOOI.OEMGVO820P Figure 7-(5heet 12 Of 33)
TM NE k
ELECTRIC GENERATING PLANr Georg. Pwer h unir i nuo unir 2 BNL ADDITION ia FSAR' FIG.-IOA-7 SHEET IO A OF 30 433 9 SG3 INTAKE SECTION IN j
\\
MAINTENANCE SG3tNTKMAINT OR TEST t
I I
I I
STOP CHECK STOP CHECK TRAIN B PUMP SECTION IN TRAIN C PUMP SECTION IN T S OPERATOR FARS TEST & OPERATOR FARS VALVE O26 IN VALVE 040 IN M AIN TENANC E M AIN TENANCE VALVE 083 VALVE 083 O
O n
O SG3PMPBTEST SG3PMPCTEST MASCVO26-MASCVO40 l
I TRAIN 8 PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 083 TEST VALVE 083 O
O O
O TAMDPBOO2 OEMGVO830P TAMDPCOOI OEMGVO830P i
SG4 INTAKE SECTION IN
\\
MAINTENANCE SG41NTKMAINT OR TEST I
I I
I STOP CHECK STOP CHECK TRAIN A PUMP SECTION IN TRAIN C PUMP SECTION IN TEST G OPERATOR FAILS TEST 8 OPERATOR FAILS VALVE' Ol7 IN VALV E 043 IN TO RECLOSE CONDENSATE TO RECLOSE CONDENSATE MAINTENANCE M AIN TE!;t,,9 C E VALVE 084 VA LVE 084 0
O o
o MASCVOl7 MASCVO43 SG4PMPATEST SG4PMPCTEST I
I TRAIN A PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 084 TEST VALVE 084 O
O O
O TAMDPAOO3 OEMGVO840P TAMDPCOOI OEMGVO840P Figure 7 (Sheet 13 Of 33)
ELECTRIC GENEf4 ATING PL ANT b
Georp. Power h a
unit i ANo uNn 2 BNL ADDITION l
FSAR FIG. LOA-7 SHEET 10 3 OF 30 433-9_
m T R AIN A PUMP SECTION F ALLS IN MAINTE N ANCE PMPAMAINT BNL ADDITION T
I I
I I
I l
/
DIESEL GE NER ATOR GATE VALVE PUMP ilF3 NOlF TO GATE VALVE CHECK VALVE GATE VALVE TRAIN A IN 942IN IN PUMP A DOE TO 935IN AIlIN 045IN E1 AINT E N A NC E M AINT E NANCE MAIN T EN ANCE MAINTENANCE M AINT E N ANCE M AINT E N ANCE MAINTENANCE O
O O
O O
^
O MADGA MAMGVO42 MAMDPAOO3 MAMGVO45 MACHVOOI MAMGVO45 I
IFTMDPAM AINT I
BUTTERF Y VALVE OV51 095 DUE TO DUE TO M AINT E N ANCE MAINT EN ANCE BYVO95MAINT MOV5119M AINT L
'?
I I
I I
BU TE FY BUTTERFLY MOV 5119 ALVE VA VALVE #95 IN IN gy IN MAINTENANCE MAINTENANCE MAINT E N ANCE MAINTENANCE O
O O
O MABYVO91 MABYVO95 MAMOV5tl9 MABYVO97 BUTTERFLY BUTT E R F LY BUTTERFLY BUTTERFLY VALVE 990 VALVE 992IN VALVE $99 IN VALVE 998 IN MAINTENANCE MAINTE N ANCE MAINTENANCE O
O O
O MABYVO90 MABYVO92 M ABY VO99 MABYVO98 NOlF = NO OR INSUFFICIENT FLOW Figure 7 (Sheet 14 of 33)
VOGTLE UNIT 1 AFWS FAULT TREE MODEL k
ELECTRIC GENERATING PLANT FSAR Georgia Power h UNIT uuo unit 2 FIGURE 10A-7 (SHEET 11 OF 30)!
433-9 l
T A AIN 8 PUMP SECTION F AILS
.M,.1T M ~ ~ ^~~ A ~-
BNL ADDITION I
N I
I i
i I
l EIESEL GENERATOR GATE VALVE PUMP 902 NOlF TO GATE VALVE CHECK VALVE GATE VALVE TRAIN 8 IN 036IN IN PUMP 8 DUE TO 866 IN 002IN 039 IN CI AI N T E N AN C E MAINT E N ANCE MAINTENANCE MAINTENANCE MAINTENANCE MAINTENANCE M AINT E NANCE O
O O
O O
O MADGB MAMGVO36 MAMDPBOO2 MAMGVO60 MACHVOO2 MAMGVO39 I
I IFTMDPBMAINT I
NO!F THROUGH NOlF THROUGH BUTTERFLY VALVE MOV 5118 094 OUE TO OUE TO MAINTENANCE MAIN T E N ANCE BYVO94MAINT MOV5Il8MAINT E
?>
I I
I I
BUTTERFLY BUTTERFLY MOV 5118 BUTTERFLY VALVE 999 VALVE 994 IN IN VALVE 999 IN MAINTENANCE MAINTENANCE MAINTENANCE IN MAINTENANCE O
O O
O MABYVO90 MABYVO94 MAMOV5118 MABYVO99 BUTTERFLY BUTTERFLY RUTTERFLY BUTTERFLY VALVE 992 IN 091IN VALVE 998 IN VALVE 997 MAINT EN ANCE MAINTENANCE MAINTE NANCE IN MAINTENANCE O
O O
O MABYVO92 MABYVO91 MABYVO98 MABYVO97 NOlF = NO OR INSUFFICIENT FLOW Figure 7 (Sheet 15 of 33) voGTLE UNIT 1 AFWS FAULT TREE MODEL k
ELECTRIC GENER ATING PLANT Georg. Power n FSAR ia UNIT i ANo Unit 2 FIGURE 10A-7 (SHEET 12 OF 30):
433-9
,_h, M A..c7..'E.. 7 M,,,
I I
I I
I I
I I
,',[,"'**
',' [,"u'
TunuYU[t aivah C"' C," V,* ' V '
G A',a, T,u e,v,t =
ALvg ha carevALyg cAfgvALyg i
=,g,,g
,AR,L,.,7g.,Tg M A,N,.. A m,
M A,N,,,, A,
M A.Nn A~C.
MA.Ti A c.
M A,N,,,. Am.
M A,,,,, A <.
O O
O O
O O.
MAMGVOl6 MAMGVOl9 MACHVOl4 MAMGVOIS..TDPCMAINT MAMGVO22 MAMGVO25 IFTTDPCMAINT coEia'Na4 au'#lm'""viffwi
- f.o'v"s"!!?"
,' ^"lA0"
!."foNL ru*aa' oa'v'*
c s
M PUMP W y AL yg 09] Dut TO DutTO V A' VI 'N SYSTE,M DUETO MAINT E N ANCE M AIN T1N ANCE MAIN 1mAM(
M A t% T( NANC E
.A AIN T E N ApsCf MAIN 5 HANCE MAINIINANCI BYVO93MAINT MOV5113MAINT 0
0 NOISMAINT O
O MATDPCOOl MASGV MATTV MAMOV5106 I
I e
4 suT T E Rs L v MOV gtt3 4
MAa NT t N A t MAINT E NANCE O
O MABYVO93 MAMOV5l13 l
]
I 1
I I
B71TERFLV SUTTERFLV SUTTERFLV BUTTERFLY CHfCE VALVE MOV 3819 CHECK VALVI MOV 3eep WALVE MS Walvt See lh V AL VE MF IN VALVI See -
308 IN IN
$36 6N IN th M4=4T EN ANCE M AINT t h ANCE MAINTE 4ApsCE IN MAlpsTf h ANCE MAsNT t 4ANCE MAINT E NAPsCE MAINT E NANCE mal %T E NAfsCE O
O O
O O
O
. O O
-g MABYVO90 MABYVO97 MABYVO98 MACHVOO8 MAMOV3Ol9 MACHVOO6 MAMOV3OO9 SUTTERFLV BUTTfRFLV
-8 WALVE $92 WALVE999 em M AINTE NameCE tN MAINTE 8sAmeCE I
MABYVO91 O O
MABYVO92 MABYVO99 Figure 7 (Sheet 16 of 33) voGTLE UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENERATING PLANT Georgia Power o FSAR unit uuo ouiT 2 FIGURE 10A-7 (SHEET 13 OF 30) 433-9
TR AIN C TR AIN C TR AIN C TR AIN C Ol$ CHARGE DISCHARGE DISCHARGE DISCHARGa
$ECTION TO $G1 SECTION TO $G2
$ECilON TO $G3
$ECTION TO $G4 F AILS C1RANO R ANDOesL Y.
F AIL $
F ABL$
F AILS C2 RAND RANDOMLV C3 RAND RANOOMLV CAR AND RANDOMLY I
I I
I I
I I
I CHECK LVE GATE VALvt CHEcu LVE GAtt VALvt CHECK ALVE GATEVALVE CHECI LVE GATE VALVE SJe F AILS
$19 F AILS
$23 F AILS
$22 F AILS
$26 F AILS EIS F AILS
$17 F AILS
$16 F AIL $
CLOSED CLOSE D CLOSE D CLOSE D CLOSE D CLOSE D CLO$E D CLOSED O
O O
O O
O O
O RASCVO2O RAMGVOl9 RASCVO23 RAMGVO22 RASC VO26 RAMGVO25 RASCVOl7 RAMGVOl6 ee asov 5122 -
esOV $125 MOV 5127 esOV 5128 8
F A4LS CLOSE D F AIL $ CLOSE D F AILS CLOSED F AILS CLOSED b
b b
b DCDuvsin DCD v$ irs DCo=vun DCO.vsiro 10967 3 Figure 7 (Sheet 17 of 33) k NEcSanc GENERATING PLANT Georgia Power M ' UNIT 1 AND UNIT 2 FIGURE 10A-7 (SHEET 14 OF 30) 433-9
,'i e*7 3
)
7 L
0 E
3 E
0 69 E
3 V
4 0
V S
S 4
LLD LLD D
1 O
0 PAIE OC O
F PAIE OC V
OVAS OVAS V
)
M O
I I
T FO SKFO T
SK 3
C S
C8L 3L 4C S
3 E
5 EMC A
E9 A
E 1
H H
C R
C R
fo RT T
8 E
1 T
E t
L H
e U
S e
A
(
N N
h OS
- OS F
ITILY 7
SILY 4
S 7
SI 7
3 ITI 4
3
(
i S R L
S M
1SE A5 IEGN OF M
v 7
WA A
AEF 1
E EF 8
NLGO I
. 5L v
S O 5ILS IS S O M
FS 0
I 4
VAO M
N 3 D VAO e
AF 1
L L
O IGSN OF O
AGS C
C r
RR A MC C
RR A M -
A u
A OR OR A
TAT g
1 E
TA T H
H R
i C
C F
T U
I G
N I
D D
\\
N
\\
N U
F h
A A
R R
/4 3
A E
2 8
E 9
VS 4
VS 3
LLD LLD O
OO OV AIE AIE T
AS AS V
N V
I V
I G
FO FO G
A E9L E2L T
M T 3 :'
M L
ANC A
A8-P A
G R
G G
R N
I T
A E R L
T i T
CT G Ei oLN vEu E
E 6
7 VS V S 3
4 LLD
. LL D 0
0 PAIE PAIAE OC OC OVAS OV S
V V
F TKFO I
I T K O r
7L SC C
S 3C S
e S
L C6 EM A
H A
w E$
HC R
C R
o P
.a i
g ro N
N e
.OS
- OS G
SILY.
9 SILY.
2 32 DCA 3 D 3
ITIL 3 D 9
ITIL DCA S
1 1
S A5 A
M 1
E M
1 E
5 8 EF 5LS EF 5L AS O I S v
v S O IO I
D VAO M
N 2
IEGD VA M
1 NEG L
L D
AGSN OF D
IGSN OF RR A M'C C
RR A MC C
A O
OR A
TA*R A
A T
T H
. H C
C D
D
\\
N
\\N A
AR R
.5 1
2 G
A E
8 E
3 VS 4
VS LLD O
LLD O
OM V
~ E6L AIE AIE V
VAS VAS G
I I
FO FO
- E6L T4C M
T3C A
A8 A9 A
- G R
- G R
9
-3 3
4 jl i
l.
- i
)
L 0
3 E
D F
O M
O
)
3 3
N O
3 6
g O
E v
TN O
1 A
3f E
- Ra n
- o R
o AM P
7 T
I m
p 5
T t
9 E
0' 1 o
t N
M 3
E o
O 3
O 2
T 2
m OA t
H a,
O O
t L
a OR S
N0, e
U a
$4 A
2 G
O D
l Ty hP
]
T
(
e A
OS e
N T
h F
Ro, D
S 7
S M
4 N
r
$g M
C C
(
S o
E A
S R l
r V3 i
O R
7 WA A
E iv oE 0
O"s i
n R
RN l, e
a A
FS 1
n I
r D
AF oEO P
R t
s M [
r r
o OU u
E T
N P
g 1
0 O
F R
A L
i A
M Nm a
A F
T U
N G
hT R
I
\\e l
Is a N
I F
3 n
e n
U F
t r A
P ao T
9
/
0 F
Nv IS 1
1 N
A 5
r JA N
(
os 4 hT MN V
R O
I s
A t
R C
M T
t I
A F
9 N
F 9
N 9
A ye s,
1 P
L O
I ters O OYI
$'o, O51 V
t G
I
's i
sV O aE s V
N V
g f', o, TL L
so O
I TA C B
M T
uV
.M A2 s
A c' R A
Rr Ei R
Nn S
Eu 3
5 Go s
I O
v Cm I A V
O O
o F
E R A
L
(
M a
T T i O
A i,
a O
0H Cr V
P
,T
'?C N
G f
I v
5 N
, oT I
D I
sO 1
Ea E i a 0 R
oLn v
y c
vE u C
M o15 r
m u
A N
T C
L c
R F
pa I
A tvi l
n=
I h
oP i
O ie r
P'v a
2 T
5 o
e A'
u v2 9
9=
w R
n F
U' 3
FN D O
"o5 o
3 L
P',J n
1o o
OV I
f"fvo, a
nE NO I
e P
I eV h1 I
t 5e P
r Y
A ll i
3 TA C B
Tt L
I o
T Iu VN
.a R'
u T'n N
V O
5 s
A l'g Oe i
5 o
ss 9
R o
Mc g
ti r
s
'a a
'aa O
r 2
V E=
o D
n N
e I
No fe O=
e
[\\
A o
P o
o Y
Ra M
B G
f a
P s
F5
'a T
V F
5 o
s s
e r3 L
F y5 9
o P
i O V
I t0 g
v ED t9 D
O N
OG I
'F I
rL L
I a O V
nE OY i
t S
E V
s EV V
L o
M t
C R
ta C B
I N
(
u r
V a
A f
o A
O c
T R
u R
O is i OS T
at 5' A C
c' A
R 9
-3 3
4 fl
~
T R AIN G PUMP MOTORDR4V(N A 5 RANDO y
PMP9 RAND yppgg 7, OPERAT&
Q Q
l I
I I
MoroR ORSvt N "w[pNo s*
itt R CAL
$ NA MJ $ Ast eA
- ,agN g,o;.p ~
ingi,A,R;p Cto$. c PUMP -2 Clos. o Q
IFFMDPBOO2 O Q
ISTMDPBOO2 O RAMGVO60 RACHVOO2 ACTRNBF RAMDPBOO2 1,
I I
l gf,0 MqT $7GNA\\
MOTORt,9tytN Note TO No auf OMAttC PUMP N2 Mof 0R ORgVg N ST ART $5GNAL 10 MOTOM LIIG PUMP 902 iO TRAIN B ggg DRtvt N PUMP M2 b
IFTMDPBOO2 O
O "o"" 2' iSTTRNBF OEMDeBOO2 T
I I
suTIE "0[VsNe v
LVE M
co
[
IFFBYVO94 IFFMOV5llB i
i I
suTTERFLv sUT TERFLY Mov st te suTT E R F L,g v
VALVE 9 CST M2 VALVE 991 V ALVE 094 05NOT F AILS CLO$f D FAILS CLOSED Ort Nf D F Att s CLOst 0
' A'L3 O
O g ovsilec' O O
RABYVO91 RABYO94 RABYVO98 RACSTOO2 I
, Y,,"t[yY atsNRfCAL pa$$gg CST wi
'"8LS R
O O
O RACSTOOl OEMOV5118FTO ACTRNBF RAMOV5118 nose -
~ ' ' " " " * ' " * ' ' " " ' "
Fiaure 7 (Sheet 20 of 33) vocTLE UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENERATING PLANT NM Georgia Power unit i Ano unir FIGURE 10A-7 (SHEET 17 OF 30)l 433-9
h SEC$50FYt$
PMPCRAND Q
l l
I CATE VALVE 015 NOiF TO ORlVE N CHECK VALVE c'tOSE o oRiUE N Pu'MP
"""'n'n^1'3 t ESES *
^
5' IFTTDPCOOl RAMGVOIS TDPF RACHVOl4 I
I su"TT[R vv4Lvt nog 9TH,A GH BNL ADDITION BNL ADDITION IFFBYVO93 IFFMOV5113 g
I I
I l
Gytvt TR Y S T Csr ool y
3 v LVE D fL T v LVE 7 CST 002 FAILS FAILS CLOSED F AILS CLOSE D OPEN F AILS CLOSED FAILS O
O O
O O
=ov5"3c' RACSTOOI RABYO93 RABYVO90 RABYVO97 RACSTOO2 I
I
[q Fall TO ELE R CAL OPEN MOV 5113 pot E sus ON DEMAND O
O O
OEMOV5113FTO DCTRNCF RAMOV5113FTO 10967 3 Figure 7 (Sheet 21 of 33) vocTLE UNIT 1 AFWS FAULT TREE MOI 4;L k
ELECTRIC GENER ATING PLANT Georgia Power h ouiT i suo unit 2 FSAR FIGURE 10A-7 (SHEET 18 OF 30)J C33-9
TURBINE DRIVEN PUMP F ALLS TO OPE R ATE i
l 1
TURBINE DRIVEN PUMP F AILS TO NOIS TO OPERATE ON TUR8INE DEMAND NOISTTDP RATDPCOOl I
I I
I TRIP AND SPE ED MOV 5106 NOIS TO THROTTLE GOVE RNING F AILS TO OPE N MOV 5186 VALVE F AILS VALVE FAILS CLOSED CLOSED NOISMOV5106 b b
e MV10sF TTVF SGVF 1
I I
NOIS FROM NOl$ FROM STEAM STEAM GENERATOR 2 GENERATOR NOISFSG2
- NOISFSGI s
I I
I I
GATE VALVE CHECK VALVE CHECK VALVE GATE VALVE wy 313 mm.
LS hAjLS h#'
F AILS CLOSED F AILS CLOSED ED ED O
O b
A O
O RACHVOO8 RAMGVOO7 stMvels stMvese RAMGVOO5 RACHVOO6 30967 3 NOIS = NO OR INSUFFICIENT STE AM Figure 7 (Sheet 22 of 33)
LECTRIC GENERATING PLANT MM Georgia Power unit i ANO unit 2 FIGURE 10A-7 (SHEET 19 OF 30) 433-9
I I
i.
MOV 5166 FAILS TO OPEN MV196F I
I LOSS OF DC NO OPEN MOV 5106 -
ELECTRICAL SIGNAL TO FAILS TO OPEN POWER ON MOV 5106 ON DEMAND -
TRAIN C O
O ln 1
ISTMOV5106 Y
DCTRNCF RAMOV5106
.l 1
1 NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5106 O
O ISTTRNCF OEMOV5tO6FTO a
109674 Figure 7 (Sheet 23 of 33)
UNIT 1 AFWS FAULT TREE MODEL j
GeorgiaPower. k EcTalc cENERATING PLANT M
UNIT 1 ANO UNIT 2 FIGURE 10A-7 (SHEET 20 OF 30) i 4334
TRIP AND THROTTLE VALVE FAILS TTVF
-s i
l I
TH[OTE LOSS OF DC SIGN AL TO ELECTRICAL TRIP AND VALVE FAILS POWER ON THROTTLE TO OPEN TRAIN C VALVE FAILS ON DEMAND lSTTTV DCTRNCF RATTVFTO g
I I
}
OPERATOR FAILS GOVERNOR SPEE FAILS GOVERNOR-O O
4 RASPDGOV OESPDGOV i
SPEED i
GOVERNtNG
?
VALVE FAILS SGVF i
em e
+ -
1 I
WEED LOSS OF DC SIGNAL TO GOVERNING 2
ELECTRICAL SPEED VALVE FAILS i
POWER ON GOVERNING TRAIN C VALVE FAILS ON AND
.p r3 v
ISTSGV:
DCTRNCF RASGVFTO I
I OPERATOR FAILS SPEED TO OVERRIDE GOVERNOR FAILS SPE ED GOVERNOR O
O l
RASPDGOV OESPDGOV so u r.3 Figure 7 (Sheet 24 Of JJJ -
y,,
UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENER ATiNG PLANT Georgia Power FSAR unit u NouNir2 l
,-FIGURE 10A-7 (SHEEU 21 OF 30) 4339
\\
FAILS CLOSED CLOSED SIMVG19 SIMV999 em em i
I I
I MOv3e19 MOV 3099 Mv FAILS CLOSED FAIL.S CLOSE D ON DEMAND NOT 0 N NOTO ON DEMAND 0
O
.O MOv3OI9CL MOV3OO9CL RA MOV3Ol9CL RAMOV3OO9CL MOV 3819 MOV 3019 MOV 3009 MOV 3009 CLOSED FAILS CLOSED FAILS BY ERROR TO OPEN BY ERROR TO OPEN MOV3Ol9FTO MOV3OO9FTO O EMOV3Ol9CL OEMOV3OO9CL
-s
-w I
I I
l L
F NO MANUAL MOV 3019 FAILS ELE TR ELE TR C L NO MANUAL MOV 3099 FAILS
^
TO WV 3019 DEMAW POWER ON OPEN SIGNAL TO OPEN ON POWE R ON TRAIN A TRAIN B TO MOV 3099 DEMAND O
O O
O O
O DCTRNAF OEMOV3Ol9FTO RAMOV3Ol9FTO DCTRNBF OEMOV3OO9FTO RAMOV3OO9FTO 10967 3 Figure 7 (Sheet 25 of 33)
Georgia Power h(
L CTRIC GENERATING PLANT UNeT 1 ANo UNIT 2 FS A R FIGURE 10A-7 (SHEET 22 OF 30)l 433-9
I.
' MOV 5132 FAILS
\\
CLOSED
'ACDMV5132 I
I if f
MOV 5132 FAILS MOV 5132 CLOSED NOT i
ON DEMAND OPEN 4
{
O
+
MOV5132CL
[
RAMOV5132CL i
CLOSED BY FAILS 1
ERROR TO OPEN MOV5132FTO O EMOV 5132CL l
1 l
LOSS OF NO OPEN MOV 5132 FAILS ELECTRICAL SIGNAL TO TO OPEN POWER ON MOV 5132 ON DEMAND TRAIN B O
O IS TMOV5132 j
ACTRNBF RAMOV5132FTO l
l I,
I I
i NO AUTOMATIC NO MANUAL
- OPEN SIGNAL OPEN SIGNAL
)
TO TRAIN B TO MOV 5132 i
o o
i ISTTRNBF OEMOV5132FTO 10947 3 i
. Figure 7 (Sheet 26 of 33J
- 0
.. UNIT 1 AFWS FAULT TREE MODEL I
ELECTRIC GENERATING PLANr l
Georgia Power'
.FSAR ouir u no unir 2 I
FIGURE 10A-7: (SHEET 23 OF 30) 433 9
- - - - ~ ~ - - - - - - - - -
. MOV 5134 FAILS
\\
CLOSED ACDMV5134 T
I I
MOV 5134 MOV 5134 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV5134CL R A MOV5134CL I
MOV 5134 MOV 5134 CLOSED BY FAILS ERROR TO OPEN O
A MOV5134 FTO OEMOV5134CL m
l l
LOSS OF ELECTRICAL NO OPEN MOV 5134 FAILS POWER ON SIGNAL TO TO OPEN TRAIN B MOV 5134 ON DEMAND O
V ISTMOV5134 ACTRN BF RAMOV5134 FTO I
I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN B TO MOV 5134 O
O ISTTRNBF OEMOV5134FTO 10967 3 Fiqure 7-(Sheet 27 of 33)
ELICTRIC CENE RATING PLANT GeorgiaPower m&
b A
unir uuo vuiT FSAR
~
FIGURE 10A-7 (SIIEET 24 OF 3UI 433-@
f MOV 5137 FAILS g
CLOSED r
ACDMV5137 T
I I
MOV 5137 MOV 5137 FAILS CLOSED NOT i
ON DEMAND OPEN O
MOVSI37CL RAMOV5137CL t
I i
= FAILS i
ERROR TO OPEN v
MOV5137FTO OEMOV5137CL n
j.
. g
'. LOSS OF NO OPEN MOV 5137 FAILS ELECTRICAL SIGNAL TO TO OPEN P WER ON MOV 5137 ON DEMAND f3 V
lSTMOV5137 ACTRNAF RAMOV5137FTO J
-l I-I f
NO AUTOMATIC NO MANUAL.
.{
OPEN SIGNAL OPEN SIGNAL TO TRAIN A TO MOV 5137 i
O O
ISTTRNAF OEMOV5137FTO
- *** 7 3
,i tigure / pneet cc or aa; UNIT 1;AFWS FAULT TREE MODEL l
ELECTRIC GE NE R ATING PL ANT Georg. Power FSAR ia uuif,A~o uuir FIGURE 10A-7 (SHEET 25 OF 30) 433 9 -. - - -
- - +
...------..---.--w.,,,,..,,-e+-----ee-. - ~ - * - - -
.---*e-m, w
y---,..----w y--,--
--=,-----w
-,.--..,-,w<
e
+.,. -..
MOV 5139 FAILS b
CLOSED ACDMV5139 T
I 1
MOV 5139 MOV 5139 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV5139CL RAMOV5139CL I
MOV 5139 MOV 5139 CLOSED BY FAILS TO ERROR OPEN i
l MOV5139FTO j
OEMOV5139CL
'I m
I 1
LOSS OF ELECTRICAL NO OPEN MOV 5139 FAILS POWER ON SIGNAL TO TO OPEN MOV 5139 ON DEMAND TRAIN A f3 v
ISTMOV5139 ACTRNAF RAMOV5i39FTO I
I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN A TO MOV 5139 O
O ISTTRNAF O EMOV5139FTO g,,,,,
vocitt Figure 7 (Sheet 29 of 33)
E!.ECTRIC GE NE R ATING PL ANT UNIT 1 AFWS FAULT TREE MODEL GeOrgla Power uNir 1 Amo unir 2 FSAR FIGURE 10A-7 (SHEET 26 OF 30) 033 9 g
- - - _ _ _ - _ _ _ _ - _ - - _ _ _ _ _ _ _ _ _ MOV 5129 FAILS
\\
CLOSED DCDMV5129 T
I I
MOV 5129 MOV 5129 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV5120CL RAMOV5120CL I
MOV 5129 MOV 5129 CLOSED BY FAILS TO ERROR OPEN O
A MOV5120FTO OEMOV5120CL m
i I
LOSS OF DC NO OPEN MOV 5129 FAILS ELECTRICAL SIGNAL TO TO OPEN ER ON MOV 5129 ON DEMAND C
O O
ISTMOV5120 DCTRNCF RAMOV5120FTO l
l 1
NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO THAIN C TO MOV 5129 O
O ISTTRNCF OEMOV5120F TO g,,,,,
Figure 7 (Sheet 30 of 33) kEcTnic cENER AriNG PLANT UNIT 1 AFWS FAULT TREE MODEL
^
Georgia Power d uNir uNo uNir FSAR j
FIGURE 10A-7 (SHEET 27 OF 30)
.u.,
j
C
' MOV 5122 FAILS
\\
CLOSED DCMV5122 e
V T
I 1
MOV 5122 MOV 5122 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV5122CL R A MOV5122CL I
MOV 5122 MOV 5122 CLOSED BY FAILS TO ERROR OPEN O
MOV5122 FTO OEMOV5122CL m
I I
LOSS OF DC NO OPEN MOV 5122 FAILS ELECTRICAL SIGNAL TO '
TO OPEN PNER ON MOV 5122 ON DEMAND Co (3
ISTMOV 5122 DCTRNCF RAMOV5l22FTO I
I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5122 O
O ISTTRNCF OEMOV5122FTO 10967 3 VOGTLE 9
Georgia Power'
- ELECTRIC GENERATING PLANT UNIT l'AFWS FAULT TREE MODEL unit i ANo u ir a FSAR FIGURE 10A-7 (S!!EET 28 OF 30) 433-9
MOV 5125 FAILS A
CLOSED DCMV5125 -
T I
I MOV 5125 MOV 5125 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV5125CL RAMOV5125CL I
MOV 5125' MOV 5125 CLOSED BY FAILS ERROR TO OPEN V
MOV5125FTO OE MOV5125CL m
i l
I LOSS OF DC NO OPEN MOV 5125 FAILS ELECTRICAL SIGNAL TO TO OPEN POWER ON MOV 5125 ON DEMAND TRAIN Co f3 ISTMOV5125 DCTRNCF RAMOV5125FTO I
I I
NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5125 O
O ISTTRNCF OEMOV5125FTO 10967 3 Figure 7 (Sheet 32 of 33)
VOGTLE UNIT 1 AFWS FAULT TREE MODEL k
E LECTRIC G ENE R ATING PLANT Georgia Power h uNir 1 ANo UNIT 2 FSAR FIGURE 10A-7 (SHEET 29 OF 30) 433-9 MOV 5127 FALLS
\\
CLOSED DCDMVS127 l
l 1
MOV 5127 MOV 5127 FAILS CLOSED NOT ON DEMAND OPEN O
O MOV 5125CL RAMOV5125CL I
MOV 5127 MOV 5127 CLOSED BY FAILS ERROR TO OPEN O
MOV5125FTO OEMOV5125CL I
I O2OFDC ELECTRICAL NO OPEN MOV 5127 FAILS POWER ON SIGNAL TO TO OPEN MOV 5127 ON DEMAND O
O ISTMOV5125 DCTRNCF RAMOV5125FTO I
l NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5127 O
O ISTTRNCF OEMOV5125FTO 10967 3 VOGTLE Figure / (Sheet 33 of 33)
ELECTRIC GENER ATING PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power uNir 1 ANo uNir 2 FSAR FIGURE 10A-7 ISHEET 30 OF 30)
T EF F---- PR0 8.
huMEEE CF TERM IFTSGS1234-TKGL4 =
- MATOFC001 +
1 1 4730E-07 RASCV115
- FAMOPA003 MATOPC001 +
2
- 1. 479 0 E- 07 RASCV114
- FAMDFA003.-- _'
3
- 1. 4 79 0E- 07 RASCV116
- FAMCP8002 ' MAT 0FC001 +
4
- 1. 479 0 E-07 R5SCV113
- FAMCP8002
- MATDFC001 +
5 5.4795h-07 RASch115*RATCFC001
- PAPOPA003 +
4 1.479CE-07 RASCV114 ' FATOPC001
- MAPOPA003 +
7 1.*793E-07 RASCV116
- FATOFC001
- MAM0F8002 +
8 1.4790E-07 RASCV113
- FAT 0FC001
- MAPDP9002 +
9 1.450 0E- 07 RANCPA003
- RAMOP8002
- HATCPC001 +
10 1.*500E-07 R AMCF A0 03
- RATOPC0J1 ' MANCP8002 +
11 1.45 0 0E- 07 RANCF80 G2
- RATOPC001
- MAMCPA003 +
- R ASCV115 +
12
- 1. 3 26 5E- 07 RASCV113
- FASCV114 ---1.- 3 2 e 5 E- 07 R ASCV 113 -* - F AS CV114
- -R ASCV ii6-;
-14 "-i. 3 26 5 E-07-R AS CV 114 *- RA SC V 115 *- 9 AS CV 116--+
e 15 - 1. 3265E-07 -R ASCV113 *4 ASCV115
- -R ASCV116 :
16 ---1. 2 75 0E-07 -- R ASCV115 * -F A MOP A0 0 3 '- R A TDPC 001--+-
17--14 275 OE-07---R ASCV 114-* -R ANOP A 00 3
- 4 ATOPC 001--+-
- 1. 2 75 CE R ASCV11e -* -F AMDP900 2- *-F ATOFC 001-+
19 --i. 2 7 5 0 E- 07--
R ASCV113
- F AMDP000 2--*- RAT 0PC 001-+
20 1c2500E-07 RAMOPA0 03 8-RAMOPe002 *-R ATOPC001 :
Figure 8 VEGP AFWS Unavailability Assessment-Dominant Failure Modes Case No.1-LMFW (Sheet 1 of 2)
TERP PR08.
NUM E ER - CF-T ER M - --
21---9.169 8 E-O d P. A SC V115 - * - F A S G VFTO ' -N AM 0P A 0 0 3 -+-
2 2 -9.-169 6 E- 0 8 R ASCV114
- -E AS GVFTO
- -M AMCP A 0 0 3-+
23-4 16 9 EE- 06 RASCViit *-FASGVFTO *-MANOFE002-+
24
- 9. ie9 dE- 08 R ASCV113- *-RAS GVFTO +-N ANCP80 02- + 9.169 eE- 08 -- R ASCV115 *- F AT TVFTO *~ N ANGP A0 0 3 -+
20 9.169EE-06 R ASCV114 8-F ATT VF T0 *-M AHOP A0 03-+-
27 9.169 eE-0 8 ---- R AS CVii E ' F AT T VF TO *- H AMCF 80 0 2 - + --
28--9 169 dE -- RASCV113
- FATTVFTO *-HAMCF8002 +
RASCV115 *-FAMOV5106 *-MANOPA003-+
29 - 9.16 9 8 E- 0 6 30 --4.16 9 6E- 08 R A S C V 114 - * - F A N O V 510 6 '- H A HO P A 0 0 3 --+
31 4.169 8E-0 8 ---R ASCV116 *- F A MOV 510 6 ' M A PDFB 00 2 - +
32 9.169 6E-06 --R ASCV113
- F AMOV5106 *" H AFDF0 00 2 -+-
3 3--8. 9 9 0 0E-06 --R AN CP A 0 0 3 '-- R A S GVFTG ' - M A ND F8 00 2 -+---
34
- 8. 993 0E R AHOFE0 02 *- R ASGVFTC ' -H ANOF A00 3-+-
35-8.99 0 0E-08 --R ANOF A0 03
- RATT VFTO *-PANOF000 2-+
i 36 d. 990 GE- 0 8 -----R AN CF 00 02 * -R ATT VFTO *-- M APC PA 0 0 3 -+
37 8.993 0E -- RANCF A0 03 ' R A NOV5106 ' -H ANCPB0 0 2-+ -
38 8 990 0E-06 --RANCF90 02 *-F ANOV5106
- -H ANCP A003-+
39
- 7. 9 05 0E- 08 --R ASCV 115
- -E AMOF A0 0 3 * - R ASGVFTC-+
Figure 8 (Sheet 2 of 2) m
s TERM Fo C t.
nut
- B E R-0 F - T Eo M --~ - - -- -- --- - =
--IF TSGS1234-T KDL 4 -
2 3r2200E-0*
AC T RN A F--*- AC T RN BF-+ ~M A T OP C0 01-+
2 us5000E-06 AC T RN A F-+- AC T RN CF-+- R AT 00 C 0 01-+-
3 217900E-06
--ACT RN A F -* --AC T RN t!F * -R A SGVF T O-+-
=-
2.-79 0 0 E- 0 6-
- AC T Rtl A F-
- AC T Rri eF* -R A T TVF T O- +
~--F-2.79005-06---
ACT Rit A F ~ AC T RN E F--*
6
- 1. 6 9 0 0E- 0 6- -- -AC T RN A F + - AC T RN E F-*
M AN OV 3 0 0 9 + --
7--1. 6 9 0 JE- 0 6 - - AC T RN A F
- AC T RN 8 F '
- M At*CV 3C 19 +
- - - -- 8 1.8900E-06 ACTRNAF
- AC T RN 6F
- MAMOV5106 + ^ - - - - - - -
9- -1.6900E-Oe
- ACT RN A F -* AC T RN t:F-* M A T T V + - - ---
=10
- 1. 8 9 0 tE-c t------ AC T fen A F
- AC T Rtt eF -+ H ASGV +-
11 9.9000E-07 ACTRNAF
- ACTRN8F
- RAMGV315 +
12 -1. 6 0 0 0E- 0 7 -
ACT PNOF- * 'R A T OP C001 -* -N AD G A +
l'3
- 9. 6100E-17 ACT RNA F-*-R A TOP C001-* H ADGB- +
i ts 8Te 78 0E-C7 R ASCV116-*-1CT RN3F-*- M A TOPC 001 +
15--- 8 v 8 74 0 E- 07 m-R A S C V113 -* - A C T R t40 F -+ - M A TO P C 0 01-+
I 16 87?740E-07
-RAS CV115-* -A CT Rtt A F-=-M A TODC0 01- +
17 8r874CE-07 R A S CV it 4-+- A CT R N A F-+-M A T OP C 0 01-+
i i
i8 6.7000E-97 ACTPtlBF-+-PAMOPA003-*-NATOPC001-+
19 --
tu? 00 0E- 07 AC T QN8 F -+ +R A T0 0C0 01--*
- M AN OF' A 0 0 3 -+
Figure 9 VEGP AFWS Unavailability Assessment-Dominant Failure Modes Case No.2-LOOP (Sheet 1 of 2)
TERM PRCS.
NUMBEo.
OF-T err-20 --- e.-7 0 0 0d- 0 7---- A C T Rrd A F ' R A MDP 80 0 2
- M ATDPC0 01--* '
21 e. 7 0 0 06- 0 7--
ACTRfAF *-RATDFC001--*-MANOF0002-+
2'2 - 7.6500E R A SCV116
- A CT R N6F -* -R A TDPC 0 01--+ - -
-2 3 -7. 6f 0 0 E-0 7---
R A SCV113
- A CT R t4BF - +- R A TDP C 001 - + - - - - - -
2h 7.6500E RASCV115- *- A CT RhAF-*- R A TDP C0 01 -+ -
25-
- 7. t 5 0 0E- 0 7---- R A S C V114
- A CT R N A C
- R A T D P C 0 01 - + ----
26
-7. 5 0 0 0 5- 0 7 ------ AC T RN 9 F--
- R A ND P A 0 0 3 *- R ATDPC0 01 + --
27 7.5 000E-0 7 ACT RN A F- *- RA NOP bCO 2-*- R ATDPC 0 01-+ -
28 T r95-20i= 0 7 AC-T RN 6F--* -R A SG V FT0 + - M A DG A -+
29 M r9520E-07 AC T RNE F-
- RA T T V FTO
- M A DG A-- + -
30 5.- 95 2 0.E- 0 7-AC T PNb F- * - R A NO V510 6 -* N ADG A - +-
31 5.-9' 2 0E-e 7-- A C T RN A F.-*
R A SG v FTo-* -M A cGe -
32 -5. 952 0E-0 7-- AC T RdA F * ' RA TT V FTO
- M A DGB
+
3 3 -9. 99 2 0c- 0 7
-- A C T R h A F '* - R A MOV S 10 6
- M ADG 6 +
--3 4--5.-3 9 4 0E- 0 7 -~- AC T RNb F
35 - 9.39*0E-07
-ACTGfibF
- RATTVFTO
- MANDP A00 3 +
3 E --5. 3 9 0E- 0 7--
ACTRNb F
- R A PO V510 6
- M AMDF A0 0 3 + --
37
- 5.39 4 0E- 0 7- ~--- ACTRN A F * -R A SGV FTO -*- M A MDPb 0 0 2 +
38-5.39.dE-07 ACTRNAF
- RA TT V FTO
- NANDP5 00 2 +
Figure 9 (Sheet 2 of 2)
A
- - \\
3 TERM PR06 NUMBER OF TERM s
IFTSGS1234-TKDL4 s' i
1 5 8000E-01 MATDPC001 +
t i
2 5.0000E 03
.,R A T O P C 0 0.1 +
3 3.1000E 03 RASGVFTO +
4 3 1000E-03 RATTVFTO +
l 5
3.1000E 03 RAMOV5106 +
6 2 1000E 03 MAMOV3009 +
~.1000E-03 MAM0V5106 +
s 7
2 i
1 8
2 1000E-03 MATTV +
9 2 1000E-03 MASGV +
i 10 2 1000E-03 MAMov3019 +
11 1.1000E-01 RAMGV015 +
i i
12 2.2000E-04 DCTRNCF +
13 1.0000E-04 RACHV014 +
4 l
14 7.0000E-06 ISTTRNCF
- OEMOV5106FT0 +
l 15 3 4100E-06 RABYV090
- RAMOV5113FT0 +
16 3 4100E-06 RABYV093
- RAMOV5113FT0 +
17 1.2100E-06 RABYV090
- R&BYV097 +
18 1 2100E 06 R AMOV 0 05'!
- RAMGV00T +
19 1.2100E 06 RABYV093 e'RABYV097 +
20 1 1000E 0A RABYV093*OEMO{5113FT0.
j 21 1.1000E 0A RABYV090
- OEMOV5113FTO +
22 5.0000E 07 RASPDGOV
- OESPDGOV +
Figure 10 VEGP AFWS Unavailability Assessment Dominant Failure i
Modes Case No.3-LOAC l
l Table 3 BNL Assumptions of VEGP NSSS Stean Generator Makeup Requirements Based Upon FSAR Information Flow Requirements (gal / min Power Levels Loss of Main Loss of Offsite Loss of All (MWt)
Feedwater (LMFW)
Power (LOOP)
AC Power (LOAC) 3425 510 510 510 AFW Flow Information Pump Discharge Flow Pump Recirculation (gal / min)
Flow (gal / min)
Turbine-Motor-Motor-Turbine-Motor-Motor-Driven Driven Driven Driven Driven Driven Pump Pump A Pump 8 Pump Pump A Pump B 852 552 552 144 0 (a) 0 (a) at 1235 psia 120*F (a) The motor-operated valves in the motor-driven pump recirculation lines are intended to close when the pump flow reaches the miniflow,100 gal / min, within a minute. Thus, the motor-driven pump recirculation flow was not considered.
7 Table 4 AFWS Component Failure Data Unavailability Failure on Repa i r f ir.e Due to Fault Event / Tree Description Component Demand Rgre rence l h L_
Maintenanco ge[efpnce Check valve (at steam gen-121
- 122, 1 x 10~"
1 NA NA NA erator intake) fails to 123, 124, open on demand 125, 126, 127, 128 Stop check valvc (at steam 113, 114, 1x 10 **
1 NA NA NA generator intake) fails to 115, 116 open on demand Stop check valve (on AFWS 017, 020, 1x 10 1
7 2.17 x 10~'
1, 3
~"
4 d i scha rge ) fails to open 023, 026, p3 on demand 037. 040, O
043, 046
'O
~
8 Motor-operated va lve (on 5120, 5122, 1 x 10~"
1 7
2.17 x 10 '
1, 3
]
discharge line) transfers 5125, 5127, y
closed 5132, 5134 g
5137, 5139 Gate valve (on discharge 015, 016, 1 x 10~"
1 7
7 x 10-e y,
3 g
O line) transfers 019, 022, closed 025, 035, 036, 039, Ofs2, 045, 060 Check vaive (on discharge 001, 002, 1 x 10~"
1 7
2.17 x 10 '
1, 3
~
line) fails to open on 014 demand Motor-driven pump 003, 002 5 x 10" 1
19 5.81 x 10
i fails (includes controls)
~3
~3 Turbine-driven pump 001 5 x 10 1
19 5,81 x 10 1
faiIs (includes
. controls) s a
l l
)
l
~
e$e 4 ] y : M t :* y $ y o*
ecn A
A A
A e N N
N N
3 re fe R
k y
a t
e i
r n
l e
Bs o
i oc
- n i
btn 0
li t
a a 1
l en l t c
ae ne ue x
ml uh i
aDt Sl ft v n 7
u n0 an i A
A A
A 1,
dB i0 ss a
n, 84 te U M N
N N
N 2
a s1 im 1
k-i s1 sH mt e
t6 iS r
m n0 RA oe i
e-W fr T
iC t
ru 1
sf n,
el rh A
A A
A nR0 en pi i[
N N
N N
7 aU8 do a
a rN9 ii or p
T 1
cs t
e r",y cs r
R Ai esr m
leo tta fm by anu oo ac wan C
nn dl a t
ue e
ePJ ny u
c e
er sq n
rg,
mo ie e
3 1
1 1
1 nn st r
)
r rio sa tf e
oti el i
t f
t at su ce n
e nr a sg nh O
R oel Ae ut C
ipu R
p
(
tog n
ms n _
3 a
e Ar oa o
3 0
ludR a
c 4
d 2 e
c d
en-1 anr 1
=. e e
r a 0 0
0 0
vgo yc ut l
um 1
1 1
1 x
Eit du ta b
t g sc uN l
iJ x x
x x
1 cea t
yu a
a T
iDe S.
bc F
3 5
5 5
1 rR S
el ee y.
ra nsr tU ec eua e
h Goc f",
ws d
" hi a
e gc Ss ei 92749 939227
,d e
,nu t
ce jn 12233 111233 e
pg niN rn nc 01111 011111 2er desn ot oa an e AB 35555 35555$
0 po nl i
isr tl na n
0sn at,n seo cP en q nn r
tere m ii 90527 9680549
,,e povev isW a
te p
o er nt aa 02233 0012233 13v rl vl mnc Re5 o rr 01111 0111111 00o irhaoa mii
" w7 i n ai C
Tt 35555 355555$ 00g Ttvgv o r o9 ma Csr
tO e
yn rr l_
bo re,
a_a e t
n ode eb o tic t
tl o te o
d s
iur r
ect u
i M
e rl s
o oi l co e uc dd uAF m
,N O e ip o
o t
a g
g ny r
e l
t er etk d Cl,
ifi t
c l
v Rns u a) c t
l a
l e aa J
. ck el s
i e
ae n
av rlT Nil di e
s v
nv D
n l
gl ig vl ao g
rO b
a e
t l
n leos n
,e/
sa o
a ia s
evd Cr ir em7 i.
nm5 e
v sv ce il
(
tga ufd e
so-eae r
r d
nd r
tnm s Nor e SCC cvm T
ce) e ee a
oie e
O n u E
nai
/
aw2 t
pt t
rnd c
.s i m
.R ant t
o a
oa s
hr n
S. s d s S. N g
U nu n
f pd r
r ten e
on n r
a e,i e
o n e l e l
vo r U l_ a E
RU(
t v
ca pr ap a
do e
E ei oo uo u
ngn f
in0a 5p rr1 r
n-n a e e
a1 e t
ut rr a r a
dp R
1 2
3 M/r l
l ce oe mo mp peo u
ies t
t m
ie a
al a oy uo ou rpo F
Fec Mb Nm Np Tst s
b l
ll 1
lllI
bo c'a" y yh o">'
)u 2
e 3
3 3
3 3
c A
A A A
n e
1 1
1 N
1 1
2 N N N
3 re fe R
i y
t l
e 6 6
6 6
ioc -
e btn 0
0 0
0 a
a 1
1 1
0 1
7 0
l en 1
1 t e x x
x x
0
+
iaOt x
1 x
v n 7
7 7
7 x
4 0
1 A A A
a i 1
1 1
A n
ta U
t 2
2 2
N 7
2 4
N N N 2 i _
e m
lL rt A
A A A
t ii 7
7 7
N 7
7 0
N N N 2 a
14 p
e R
e-:n A
e 1
1 1
1 1
1 1
3 1
3 N
r e
)
r e
t H
n O
3 n
C o
0 8
3
(
d 0
6
~
1
~
1 en 4
ra 0
0 0
0 0
0 0 un x
1 1
1 1
x 1
1 1
i e
l e 2
1 x
x x
x 1
x x x iD l
A b
a r
3 1
1 1
1 3
1 1
7 0 N a
T 9
8 t
1 1
n 8
0 7
- 4 1
179 2
,, r e
0 3
0 9
0 0
0 000 0
n 1
9 39
, iinndr nnn o
ee e iii p 6 m
0 6
0 5
35 11 028 1
aaev s
aaa 0
0 0
99 11 999 0 rrpo a rrr o
1 C 5 0
3 0
00 55 000 0 Ttsg C Ttt no l
i
)d p
en ka s
s Mc am er r
ste ne e
r e'
n end if f
e n
e e
vi bs ns v) n o
w c D
lv) e lamo ua (a
an e
p n rn on l e o
i o d
(
t p
ak o
e va n
va trd r
vi a
V e
td o o ed tn et ld e s u
e -
(
t dte n a v d
n v r t
t 5r r
dnn T
eia m
ess o)m l) ena l ee c
i 2e
/
t m
sal t
o (ee ae tom a gf a
s 1 w aie vrs r
o t
aee eei ael kd vni rtd an r
r fp e
ei lvta rnc ea n
rnd v
pb n a n
pbr l no lyl ec lyha l
o o o srd ei vtn s
pun cr c
E oro ve)a ore ai fn oso fst i e r
ei u
nem ur v d rod ri d
a rl o rr l
o l
cbad o n eas tts oml t
es lua ut t
rts kike rts me eie rps ed)e f
n s i c u
tni ert tna teo tco tui tTno T
ig s
ie a
ooa hunn oor atl uul opa uSil S
ai o
al r
M(r Ctio M(t Csc Bsc M(r BCl c C rs L
t e
.. _ - Table 5 NRC-SUPPLIED DATA USED FOR PURPOSES OF CONOUCTING A LORFAKAil ft AshtS5 MENT OF EXISTING AFWS DE5IGN5 AND THEIR POTENiiAL RELIABILITIES Point Value Estimate of Probability of*
Failure on Demand I.
Cmoonent (Hardware) Failure Data a.
Val ves:
Manual Valves (Plugged)
~1 x 10-4 Check Valves
~1 x 10-4 Motor-Operated Valves Mechanical Cceponents
'l x 10-3 Plugging Contribution
~1 x 10-4 Control Circuit (Lecal to Valve) w/Quartarly Tests 6 x 10-3 w/ Monthly Tests
'2 x 10-3 5.
Pumes: (1 Pump)
Mechanical Compone.1ts 1 x 10-3 Centrol Circuit w/ Quarterly Tests
~7 x 10-3 w/ Monthly Tests 4 x 10-3 c.
Actuation Locic
~7 x 10-3 m
I
.. Table 5 (Cont.)
II. Test and Maintenance Outage Contributions:
a.
Calculational Approach 1.
Test Outage
( hrs / test) ( tests / year)
QTES7 nrs/ year 2.
Maintenance Outage 0
- (0.22)( hrs /maint. act)
- 34337, ao b.
Data Tables for Test and Maint. Outages
- SG98ARY OF TEST ACT DURAT!CN Calculated Range on Test Mean Test Act Component-Act Duration Time, hr Duration Time, to, hr Pumos 0.25 - 4 1.4 Valves 0.25 - 2 0.36 Diesel s 0.25 - 4 1.4 Instrumentation 0.25 - 4 1.4 LOG-NORMAL M00ELED MAINTENANCE ACT 00 RATION Calculated Range on Maintenance Mean Maintenance Act Component Act Duration Time, hr Duration Time, t, hr 0
Pumps 1/2 - 24 7
1/2 - 72 19 Val ves 1/2 - 24 7
Diesels 2 - 72 21 Instr's.ientation 1/4 - 24 6
Note:
inese cata tables were taken fr:m the Reactor Safety Study
(*4 ASH-1400) for purposes of this AF4 system assessment.
Where the plant technical specifications placed limits on the cutage duration (s) allowed for AF4 system trains, this tech spec limit was used to estimate the mean duration times for maintenance.
In genersi, it was found that the outages allowed for maintenanca dcminated those centributions to AF4 systen unavailanili./ fran outages due to.esting.
Table 5 (Cont.)
III. Human Acts & Errors - Failure Data:
. Estimated Human Error / Failure Probabilities Modifying Factors & Situations' With Valve Position With Local Walk-Around &
W/0 Either Indication in Control Room louble Check Procedures Point Value Est Est. en Point Value Est Est. on Point Value Est On Error Error Estimate Error Factor Factor Factor a.
Acts A Errors of A Pre-Accident Nature 1.
Valves Mispositioned During Test /Maint (a) Specific Single Valve wrongly Selected out of A Population of Valves During Conduct of a
-2
-2
-2 Test or Maintenance Act (X No.
1 X 10 X 1 1 X 10 1
10 I
X X
of Valves in Population at Choice) 75 1
20 7
R 10 Y
10 (b) Inadvertently Leaves Correct
-4
-3
-2 Valva in Wrong Position 5 x 10 20 5 x 10 10 IC 10 h
~4
~3 2.
More than one valve is affected 1 x 10 20 1 x 10'3 10 3 x 10 10 (coupled errors) e 3.
Miscalibration of Sensors / Electrical Relays 5'x 10~3 10 10 39 (a) One Sensor / Relay Affected (b) More than one Sensor / Relay 3
3 1 x 10 10 3 x 13 10 Affected l
l I
1' m.
Table 5 (Cont.)
Time Actuation Needed Estimated Failure Estimated Failure Overall Estimated f
Prob. for Primary Pro 4. of other Estimate Error Factor l
Operator to (Backup) Control of Failure on Overall Actuate AFW5 Rm. Operator to Probability Probability Actuate AFWS b.
Acts & Errors of a Post-Accident Nature 1.
Manual Actuation of AFW system from Control Room
~
j (a) Considering " Dedicated" Operator 5 min.
2 x 10 3 2 x 10 3 10 I
to Actuate AFW system and Possible 15 min.
1 x 10 4 0.5 (mod. dep.)
5 54 10 10 Backup Actuation of AFWS 30 min.
5 x 10
.25 (Iow dep.)
10 10 5x10ll 5 x 10 2 10
(
(a) Considering "Non-Dedicated" 5 min Operator-to Actuate AFW system 15 min.
I x 10,3 0.5 (mod. dep.)
5 x 10 10 a
3 and Possible Backup 30 min.
5 x 10
.25 (Iow dep.)
10 10 8
Acutation of AFW system 1
Table 6 Nomenclature Scheme for Fault Identifiers Added by BNL to the Applicant's Fault Tree Basic Events RA = Random Acts (includes pre-accident operator error for manual valves)
MA = Maintenance Acts TA = Test Acts OE = Operator Error (includes both pre-and post-accident operator error for motor-operated valves)
CL = Closed OP = Open FT0 = Fails to Open ACTRNAF = Random failure of Train A ac power, i.e., Diesel Generator A.
ACTRNBF = Same for Train B.
Components BYV = Butterfly Valve MDP = Motor-Driven Pump CHV = Check Valve TDP = Turbine-Driven Pump SCV = Stop Check Valve DG = Diesel Generator MGV = Manual Gate Valve M0V = Motor-0perated Valve Table 7 Comparison of Data Assumptions Unavailability / Demand Description Applicant BNL I
A.
Maintenance 1.
Pumps 5.81x10-3 5.8x10-3
- 2. - Valves a.
Motor-operated gate and butterfly valves 2.17x10-6 2.1x10-3 b.
Manual butterfly valves on CST discharge lines 4.0x10-7 0
c.- Manual butterfly valves on ptsnp suction lines 7.0x10-8 0
d.
Speed governor and trip and throttle valves 2.17x10-6 2.1x10-3
- e.. Manual stop check valves at steam generator intakes 0*
O f.
Manual stop check valves on pump discharge lines 2.17x10-6 0
g.
Manual gate valves on turbine steam intake 0*
O h.
Manual gate valves on pump discharge lines 7.0x10-8 0
1.
Check valves at steam generator i ntakes 0*
0
- j. Check valves on pamp discharge 1ines 2.17x10-6 0
3.
Diesel Generators (0nsite ac Power) 0 6.4x10-3 4.
125-V dc Power 2.4x10-6 0
B.
Testing-1.
Pumps 0
6.4x10-4
- 2. - Val ves 0/
Of 3.
Diesel Generators 0
0 It is assumeo that no maintenance can be performed on these components owing to their proximity to the stean. generators.
,/ Valve testing does not cause unavailability.
_ Table 7 (Cont.)
Unavailability / Demand Description Applicant BNL C.
Human Errors-1.
Pre-accident nature a.
Motor-operated. valves with Control Room position indication 5x10-4 5x10-4
- b. -Manual valves with no Control Room position indication
- 1) Post-accident operator recovery not possible within 30 minutes 0
-11) Post-accident operator recovery possible within 30 minutes 0
1x10-3 2.
Post-accident nature a.~ Operator fails to open motor-operated valves (includes transfer to alternate Condensate Storage Tank) 5x10-3 1x10-3
- b. ~ 0perator fails to start pumps 5x10-3 1x10-3 D.
Mechanical and Electrical Faults 1.
Plugging of all valyes 1x10-4 1x10-4 2.
Failure of mechanical components including pumps and motor-operated valyes 1x10-3 1x10-3 3.
Diesel generator fails to start 3x10-2 3x10-2 4.
125-V.de power failure 0
.0 5.
Failure of actuation logic for. pumps and motor-operated valves (per train) 7x10-3 7x10-3
-6.
Control' circuit failure a.
Pumps (monthly tests)'
4x10-3 4x10-3 b.- Valves (monthly tests) 2x10-3 2x10-3
_ - _ _ _ _ - _ _ - _ - _ _ Table-7 (Cont.)
Unavailability / Demand Description Applicant BNL E.
Summation of Random Failures (Human Errors and Mechanical and Electrical Faults)-
1.
Pumps, both motor-and turbine-driven 5x10-3 5x10-3 2.
Val ves a.
Motor-operateo, position change required (plugging plus control circuit failure) 3.1x10-3 3.1x10-3 b.
Manual valves (locked open)
- 1. ' No post accident operator recovery possible within 30 minutes (Valve position not verifiable by pump testing) 1x10-4 5.1x10-3 ii. Post accident operator recovery possible within 30 minutes (Valve position verifiable by pump testi ng) 1x10-4 1.1x1g-3 c.
Check valves 1x10-4 1x10-3.
Diesel Generators 3x10-2 3x10-2
Table 8 VEGP AFWS Unavailability Sensitivity Comparison A. All Manual Valves B. All Manual Valves C. All Manual Valves Applicant's Results 5.1E-3 Random Error 1.1E-3 Random Error 1.1E-3 Random Error Except SG Intake Valves at 5.1E-3 Case Random Error
- 1. LMFW a) Independent Fail-ures Only 4.1E-5 1.4E-5 8.8E-6 b) Multiple 6.3E-6 Errors Assured 5.4E-5 2.7E-3 2.2E-5 L?
- 2. LOOP a) Independent Fail-ures Only 2.0E-4 1.1E-4 8.7E-5 b) Multiple 2.6E-5 Errors Assumed 2.1E-4 1.2E-4 1.0E-4
- 3. LOAC a) Independent Fail-ures Only 3.6E-2 3.2E-2 3.2E-2 b) Multiple 1.0E-2 Errors Assuned 3.6E-2 3.2E-2 3.2E-2
=,c,,.oa-m u s.uctu.=.ouaro., co-s5c
i *=>o 1 ~vo.e a <4 ~
r<oc
- a.. <.e, 2"3#
BIBLIOGRAPHIC DATA SHEET NUREG/CR-4228 BNL-NUREG-5187 sis,~5reuct o~,......,,
2 T TLt &%D SLt E
3 LEavi tL ANE Review o the Vogtle Units 1 and 2 Auxiliary Feedwater System Re ' ability Analysis
[DATE REPCat COMPLtTED l
Auguf 1985
.s, f
. o...... oar.
ao A. Fresco, R. Yo gblood, and I. A. Papazoglou
/
wo~r-l veAa pEtober 1985
, +,0
..~ao.a.,,2.i.o,....
..u ~a.co. 5s,,_,,,, C,
onCia.a wo-u~a Brookhaven National
> oratory
,,,,,ooo.,,,,,,,,,
Upton, New York 1197 A-3702 10 SPONSOwsNG ORGANilaitO% %Awt 4%3 esastamG a etts stacs ee le Cape, tia YvPt Os atPomi w
Division of Safety Technolo Final Office of Nuclear Reactor Reg ation
,,,,,,,co,,,,,,,_,,,,,,
U.S. Nuclear Regulatory Commis 'on Washington, DC 20555 12 SvPPLEMENTany NOf ts 13 A85f maCT <JG0 seseos er esos This report presents the resul f the review of the Auxiliary Feedwater System reliability analysis for the o le Electric Generating Plant (VEGP)
Units 1 and 2.
The objective of t is r rt is to estimate the probability that the Auxiliary Feedwater Syst n will il to perform its mission for each of three different initiators: (
loss o ain feedwater with offsite power availatle, (2) loss of offsite wer, (3) 1 s of all ac power except vital instrumentation and control 12 V dc/120-V a ower. The scope, methodology, and failure data are prescrib by NUREG-0611, ppendix III. The results are compared with those obtained n NUREG-0611 for her Westinghouse plants.
to QQC6Wt %T A% ALYSr5.. RE * *QMD5-QESCMtPT 9 5 Av 4aL&3s tai v Reliability Analysis NUREG-0611 Auxiliary Feedwater Sys ms Unlimited Pump and Valve Failure tes Vogtle Generating Stat l an Units 1 and 2
'* 55 cua'" c'*5"' car'o*
<r..~,
..ei r..es oai i~oro via-s Unclassified a r.~,
L Unclassified a nu~.. o
.G 5
....C.
l UNITED STATES souxtwctass miit NUCLEAR REGULATO7.Y COMMISSION
'055'*l,usraio WASHINGTON, D.C. 20666 wasa o c
(
f
.. -1 o.,
OFFICIAL BUSINESS PENALTY FOR PRIVATE USE. 6300 1 1 0 1205550730 t;U RE 6 RC o-TICC pog.PCR 4G1 2 0 W.
hyICly g ;gg DC PollC b'[,wthgTON
.m C
D E
E
-4<\\
>(
Zl r;
E!
.m, 5
a