ML20205L256
| ML20205L256 | |
| Person / Time | |
|---|---|
| Site: | Davis Besse  |
| Issue date: | 04/02/1986 |
| From: | Partlow J NRC OFFICE OF INSPECTION & ENFORCEMENT (IE) |
| To: | Ebneter S, Starostecki R, Walker R NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I), NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION II) |
| References | |
| NUDOCS 8604080426 | |
| Download: ML20205L256 (7) | |
Text
_
i 1
/
UNITED STATES NUCLEAR REGULATORY COMMISSION 8
g ff WASHINGTON, D. C. 20655 April 2, 1986 MEMORANDUM FOR:
Those on Attached List FROM:
James G. Partlow, Director Division of Inspection Programs Office of Inspection and Enforcement
SUBJECT:
SAFETY SYSTEM FUNCTIONAL INSPECTION APPROACH Enclosed for your review and comment is proposed guidance for regional implementation of a special approach for a team inspection at operating reactors.
One of the major conclusions from the NRC investigative team that reviewed the June 9, 1985, loss of all feedwater event at Davis-Besse (discussed in detail in NUREG-1154) was that the operational readiness of safety systems is highly dependent on the quality of the maintenance, engineering design, testing, and evaluation of operating experience provided for system components. Many of the specific safety system weaknesses that led to the June 9,1985, event at Davis-Besse had gone undetected by the NRC despite the aggressive implementa-tion of the 2515 Program. Consequently, a specialized inspection method was formulated with the expectation of being more effective in identifying the type of problems that can degrade the operational readiness of safety systems.
This type of inspection has been termed a Safety System Functional Inspection (SSFI).
SSFIs have been performed at Turkey Point, Pilgrim, ANO-1 and TMI-1. The results t
i have been encouraging. Specific safety concerns were identified that probably l
would not have been found through the implementation of the routine inspection program.
We plan to incorporate the SSFI methodology into the IE Manual as an appendix to the 2515 Program for the purpose of allowing regional implementation on a voluntary and selective basis. SSFIs are resource intensive and are intended for implementation at plants where regulatory performance history or operational performance history would indicate such an effort is justified.
Please review the proposed appendix and submit comments within 30 days of the issue date of this memorandum.
If you have minor coments or no comments, a phone call is sufficient.
If there are any questions on this matter, contact Joe Callan (FTS 492-9497) or Phil McKee (FTS 492-9650).
0-Edb Jame G. Partlow, Director Divibion of Inspection Programs Office of Inspection and Enforcement
Enclosure:
As stated o40%O W M
y e
Richard W. Starostecki, Director Division of Reactor Projects Region I Stewart D. Ebneter, Director Division of Reactor Safety Region I Roger Walker, Director Division of Reactor Projects Region II Albert F. Gibson, Director Division of Reactor Safety Region II Charles E. Norelius, Director Division of Reactor Projects Region III Carl J. Paperiello, Director
. Division of Reactor Safety Region III Eric H. Johnson, Director
~
Division of Reactor Safety and Projects Region IV Dennis F. Kirsch, Director Division of Reactor Safety and Projects Region V Edward L. Jordan, Director Division of Emergency Preparedness and Engineering Response Office of Inspection and Enforcement l
I
~
Enclosure Appendix C Safety System Functional Inspection i
I.
INSPECTION OBJECTIVE The objective of a Safety System Functional Inspection is to assess the operational readiness of selected safety systems by determining whether:
The systems are capable of performing the safety functions required by their design bases.
Testing is adequate to demonstrate that the systems would perfom all of the safety feactions required.
System maintenance (with emphasis on pumps and valves) is adequate to ensure system operability under postulated accident conditions.
~
Operator and maintenance technician training is adequate to ensure proper operations and maintenance of the system.
Human factors considerations relating to the selected systems (e.g., accessibility and labelling of valves) and the systems' supporting procedures are adequate to ensure proper system operation under normal and accident conditions.
II.
INSPECTION METHODOLOGY A.
Review the design basis requirements for the selected system (s) and determine the operating conditions under which each active component
' will function under accident or abnormal conditions.
1.
For valves: What permissive interlocks are involved? What differential pressures will exist when the valve strokes?
Will the valve be repositioned during the course of the event? What is the source of control / indication power?
j What control logic is involved?
2.
For pumps: What are the various flow paths the pump will experience during accident scenarios? Do the flow paths change? What permissive interlocks / control logic apply?
How is the pump controlled during accident conditions? What suction / discharge pressures can the pump be expected to experience during accident conditions? What is the motive j
power for the pump during all conditions?
3.
For instrumentation: What plant parameters are used as inputs to the initiation and control systems? Is operator intervention required in certain scenarios?
2515, APPENDIX C Issue Date:
B.
Review the design of the selected system (s) as installed in the plant.
1.
Determine if the as-built design matches the current design basis requirements (e.g., are fuses and themal overloads properly sized? are current D.C. loads within the capacity of the station batteries?, is the instrumentation of adequate range and accessibility for operations to control the system under nomal and abnormal conditions?, etc.).
2.
Determine if system modifications implemented subseq u nt to initial licensing have introduced any unreviewed safety ques-tions.
3.
Evaluate the licensee's drawing control and update, the control and use of design input information, and adequacy of design calcu-lations from the perspective of modifications made to the selected safety system.
C.
Review the maintenance and test records for the selected system (s).
'~
1.
Determine if the system components have been adequately tested to demonstrate that they can perform their safety function under all conditions they might experience in an accident situation.
2.
Determine if the system components are being adequately maintained to ensure their operability under all accident conditions (e.g., are limit and torque switch settings proper? is the instrument air system adequately maintained to ensure the reliability of pneumatic valves? are fuse and themal overload sizes correct?, etc).
D.
Perform walkdown of selected systems.
- 1.
Determine if components are labelled and accessible (can the components be operated locally / manually if required?
is there HP/ security interference?, etc.).
2.
Determine if MOV operators and check valves (particularly lift-type),are installed in the orientation required by the manufacturer.
3.
Determine if system lineup is consistent with design basis requirements.
Included in this lineup should be considerations of the normal and backup power supplies, control circuitry.. indication and annunciation status, and sensing lines for instrumentation.
E.
Review abnormal, emergency, and nomal eperating procedures; maintenance procedJres; and surveillance procedures for the selectedsystem(s).
l 1.
Determine the technical adequacy of the procedures.
Issue Date:
C-2 2515, APPENDIX C
2.
Determine if the procedural steps for nomal, abnomal, and emergency conditions are consistent with the design basis.
3.
Determine if operations and maintenance personnel receive adequate training pertaining to the selected system (s) and if the degree of training provided is consistent with the amount of technical detail included in procedures.
F.
Review the operational experience of the selected system (s) (LERs, NPRDS, 50.72 reports, enforcement, maintenance work requests, etc.).
1.
Determine the historical reliability of the system and its components.
2.
Detemine if the licensee has aggressively pursued, identified, and corrected root cause problems.
3.
Detemine the extent of the maintenance backlog and ascertain if the licensee has a program to ensure that priority safety-related maintenance is performed in a timely manner.
III. INSPECTION GUIDANCE A.
Past experience with SSFIs at Turkey Point, Pilgrim, ANO-1, and TMI-1 have demonstrated that identifying the detailed design basis require-ments for the selected safety systems can be quite difficult and time consuming for the inspection team as well as for the licensee. The difficulty in clearly identifying design basis requirements e older plants is related to the fact that the information often has never been assembled together before, and is typically scattered among the records stored at the plant, at the licensee's corporate offices, at the architect engineer's offices, and at the NSSS vendor's offices.
Consequently, an effort should be made to provide the licensee with adequate advanced notice regarding the safety systems to be inspec-
, ted to allow them time to begin collecting the needed documentation.
B.
The design review portion of the inspection should be performed by inspectors with extensive nuclear plant design experience, pre-ferably comparable to the experience gained through previous employment with an architect engineering firm.
It is also important that the inspectors performing the design review have a good understanding of plant operations, maintenance, surveillances, and quality assurance so that they are able to relate their findings to the other functional areas being inspected.
C.
When performing the review of maintenance and test records, it is essential for the inspector to focus on the technical details of how the activities were performed (e.g., were the closing limit switches set with the motor-operated valve fully shut or four turns offtheshutseat?). Also, the review of test records should go beyond a review of the in-service testing and Technical Specifica-tion surveillance programs. The inspector should seek the answer to the fundamental question of whether or not the safety systems 2515, APPENDIX C C-3 Issue Date:
y
and all included components have been tested to demonstrate that they will perform their intended safety functions as defined in the design basis.
D.
As part of the system walkdown, the inspector should analyze the adequacy of the system lineup, accessibility, indications, etc, from the vantage point of the need to operate the system under the most limiting design basis conditions (e.g., degraded power and lighting, single failure, loss of non-safety-related indications, harshenvironments,etc.).
E.
As was the case for the review of maintenance and test records (discussed in item III.C), it is essential for the inspector to focus on the technical details of the operating, maintenance, and surveillance procedures reviewed. The inspector should verify that the emergency and abnormal operating procedures are adequate to handle the most limiting design basis events. Where it is not reasonable for procedures to provide detailed guidance, the in-spector should verify that the licensee's training program ensures that the operators are knowledgeable in the areas of concern.
F.
The effectiveness of the SSFI methodology is greatly enhanced if the various inspection team members are able to benefit from each other's inspection efforts. Accordingly, frequent, even daily, team meetings are encouraged to allow the team members to share their findings.
It has been the experience of the Headquarters-based SSFI effort that many of the more significant findings originate from team meeting discussions that allow related inspection findings in different functional areas to be pieced together.
IV.
INSPECTION APPROACH A.
Team Composition The following recommended team composition has evolved from previous SSFrs conducted by IE Headquarters.
' One inspector should cover each of the following areas: electrical design, mechanical design, maintenance, surveillance and testing, operations, and training. The detailed system walkdown can be done by an additional inspector participating for only part of the on-site activities, or this aspect can be covered by the operations inspector.
A full time team leader without any specific area assignments should have the primary responsibility to provide guidance and coordinate team activities. The Senior Resident Inspector for the site being inspected should not be assigned as a participating team member.
B.
Schedule of Inspettion Activities The following recommended schedule of inspection activities has evolved from the previous SSFI's conducted by IE Headquarters:
Week 1:
The mechanical and electrical inspectors start inspection of design activities focusing on recent design changes Issue Date:
C-4 2515, APPENDIX C
.? -
of the selected safety system. These activities should be conducted at the licensee's engineering offices.
Week 2:
The inspection team starts their on-site activities.
Week 3:
No on-site or engineering office inspection activities are conducted. The licensee has time to produce reques-ted design information. The inspection team can brief management and review the issues in-office.
Week 4:
Inspection team is back on-site. The exit meeting usually is held Friday morning. A pre-exit meeting and rehearsal of inspector presentations is conducted late Thursday afternoon with the participation of NRC management representatives.
At least two weeks prior notification should be provided to the licensee before the inspection begins. The licensee should be told which safety system (s) will be inspected. At least one week of preparation time should be allowed for the inspection team members prior to beginning their on-site activities.
C.
Credit for Inspection Activities 4
Input should be made as appropriate to the 766 data base for the coverage of inspection procedures in IE MC 2515.
Inspection proce-dures that would be likely to be covered in whole or in part by the conduct of this inspection are as follows:
35701 61700 62705 37700 61725 71707 37701 61726 71710 37702 62702 72701 41700 62703 73051 41701 62704 73755 42700 END i
2515 APPENDIX C C-5 Issue Date:
I
- i
.i
-h l.
bb e
,i g
h A A-#
,a w.1 /2tc 3M ~+ -
/Am.
L
. r %
~.
T l;-
5O' s
~
f 6
-j
,4
+
Ja
'4$
Multiple Addressees Distribution:
DCS ORP8 reading DI reading L. J. Callan, IE R. W. Cooper, II IE J. A. Isom IE R. C. Paulus, IE L. L. Wheeler. IE P. F. McKee, IE R. L. Spessard, IE J. G. Partlow. IE R. H. Vollmer IE J. M. Taylor IE H. Denton, NdR J. Sniezek ELD M
i
~
b
,?
QCD<>u)v c
\\
i b
IE: PAS:0RP8 I
- 0RP8 IE:bI:DD IE-LJCallan:jj P(M ee RLSpessard JGPa low 03/,f /86 03/@/86 03/Af/86 03/s /86
.