Text

o o

CCNTROL OF HEAVY LOADS AT NUCLEAR POWER PLANTS O!ABLO CANYON UNIT 2 (PHASE !!)

Occket No. 50-323 l

)

Author S. A. Jensen l

Principal Technical Investigator T. H. Stickley Pab11shed December 1983 EG&G Idaho, Inc.

Idaho Falls, Idaho 83415 Prepared for the U.S. Nuclear Regulatory Comission Under 00E Contract No. DE-AC07-761001570 FIN No. A6457 8 o/19o sco xk ng-t

O ABSTRACT The Nuclear Regulatory Commission (NRC) has requested that all nuclear plants, either operating or under construction, submit a response of compliancy with NUREG-0612. " Control of Heavy Loads at Nuclear Power Plants." EG&G Idaho, Inc., has contracted with the NRC to evaluate the responses of those plants presently under construction. This report contains EG&G's evaluation and recommendations for Diablo Canyon Unit 2 for j

the requirements of Sections 5.1.2, 5.1.3, 5.1.5, and 5.1.6 of NUREG-0612 (Phase II). Section5.1.1(Phase!)wascoveredinaseparatereport[1].

l l

l l

1 1

1

1 l

CONTROL OF HEAVY LOADS AT NUCLEAR POWER PLANTS DIABLO CANYON UNIT 2 (PHASE !!)

Docket No. 50-323 i

Author i

S. A. Jensen Principal Technical Investigator r

T. H. Stickley i

I Published December 1933 EG!,G Idaho, Inc.

Idaho Falls, Idaho 8341$

i Prepared for the l

U.S. Nuclear Regulatory Commission Under COE Contract No. DE-AC07-761001$70 FIN No. A64$7 l

l l

i l

\\

8$o//9 osco xA-a

~_

O ABSTRACT The Nuclear Regulatory Commission (NRC) has requested that all nuclear plants, either operating or under construction, submit a response of compliancy with NUREG-0612 " Control of Heavy Loads at Nuclear Power Plants." EG&G Idaho, Inc., has contracted with the NRC to evaluate the responses of those plants presently under construction. This report contains EG&G's evaluation and recommendations for Diablo Canyon Unit 2 for the requirements of Sections 5.1.2, 5.1.3, 5.1.5, and 5.1.6 of NUREG-0612 (Phase II). Section 5.1.1 (Phase !) was covered in a separate report (1].

l l

l l

1 f

A

t j

i s

EXECUTIVE

SUMMARY

l Diablo Canyon is not totally consistent with the guidelines of NUREG-0612. In general, information is insufficient in the*following areas:

Information on the effects of possible load drops from the o

containment area cranes is inadequate.

Information on cranes and hoists located over safe shutdown o

eculpment was inadequate for determining full compliance with NUREG-0612 criteria.

The main report contains recommendations which will aid in determining wrether the above referenced cranes are consistent with the appropriate guidelines.

11

CONTENTS ABSTRACT.............................................................

1 EXECUTIVE

SUMMARY

................................................... 11 1.

INTRODUCTION..................................................

1 1.1 Purpose of Review............................

1 1.2 Generic Background.......................................

1 1.3 Plant-Specific Background................................

3 2.

EVALUATION AND RECOMMENDATIONS................................

4 1

2.1 Overview..................................................

4 2.2 Heavy Load Overhead Handling Systems.....................

4 i

2.3 Guidelines...........................................

4 3.

CONCLUDING

SUMMARY

............................................. 22 3.1 Guideline Recommendations................................. 22 l

3.2 Additional Recommendations 22 23 4

REFERENCES......

TABLES 2.1 Crane /Woist Systems Considered as Potential Sources for Ca-age of Safety Components............................

5

CONTROL OF HEAVY LOADS AT NUCLEAR POWER PLANTS DIABLO CANYON UNIT 2 (PHASE II) 1.

INTRODUCTION 1.1 Purpose of Review This technical evaluation report documents the EG&G Idaho, Inc.,

review of general load-handling policy and procedures at Diablo Canyon Unit 2.

This evaluation was performed with the objective of assessing conformance to the general load-handling guidelines of NUREG-0612,

" Control of Heavy Loads at Nuclear Power Plants" [2], Sections 5.1.2, 5.1.3, 5.1.5, and 5.1.6.

This constitutes Phase II of a two phase evaluation. Phase I assesses conformance to Section 5.1.1 of NUREG-0612 and was documented in a separate report [1].

1.2 Generic Backereund Generic Technical Activity Task A-36 was established by the U.S.

Nuclear Regulatory Commission (NRC) staff to systematically examine staff licensing criteria and the adequacy of measures in effect at operating nuclear power plants to assure the safe handling of heavy loads and to recommend necessary changes to these measures. This activity was initiated by a letter issued by the NRC staff on May 17, 1978 [3], to all power reactor applicants, requesting information concerning the control of heavy loads near spent fuel.

I The results of Task A-36 were reported in NUREG-0612, " Control of Heavy Loads at Nuclear Power Plants." The staff's conclusion from i

this evaluation was that existing measures to control the handling of heavy leads at operating plants, although providing pr)tection from certain potential problems, do not adequately cover the major causes of load-handling accidents and should be upgraded.

1

a

,,/-

I~

v

~

In order to upgrade measures for the control of heavy loads, the staff-developed a series of guidelines designed to achieve a two phase objective using an accepted approach or protection philosophy. The first portion of the objective, achieved through a set of general guidelines identified in NUREG-0612, Article 5.1.1, is to ensure that all load-handling systems at nuclear power plants are designed and operated such that their probability of failure is uniformly small and appropriate for the critical tasks in which they are employed. The second portion of the staff's objective, achieved through guidelines identified in NUREG-0612, Articles 5.1.2 through 5.1.5, is to ensure that, for load-handling systems in areas where their failure might result in significant consequences, either (a) features are provided, in addition to those required for all load-handling systems, to ensure that the potential for a load drop is extremely small (e.g., a single-failure-proof crane) or (b) conservative evaluations of load-handling accidents indicate that the potential consequences of any load drop are acceptably small. Acceptability of accident consequences is quantified in NUREG-0612 into four accident analysis evaluation criteria.

The aoproach used to develop the staff guidelines for minimizing the potential for a load drop was based on defense in depth and is summarized as follows:

o Provide sufficient operator training, handling system design, load-handling instructions, and equipment inspection to assure reliable operation of the handling system o

Define safe load travel paths through procedures and operator training so that, to the extent practical, heavy leads are not carried over or near irradiated fuel or safe shutdown equipment o

Provide mechanical steps or electrical interlocks to prevent movement of heavy loads over irradiated fuel or in proximity to equipment associated with redundant shutdown paths.

2 1

9 Staff guidelines resulting from the for e ing are tabulated in Section 5 of NUREd-0612.

1.3 Plant-Specific Background On December 22, 1980, the NRC issued a letter [3] to the applicant for Diablo Canyon requesting that the applicant review provisions for handling'and control of heavy loads at Diablo Canyon, evaluate these provisions with respect to the guidelines of NUREG-0612, and provide certain additional information to.be used for an independent determination of conformance to these guidelines. Pacific Gas and Electric (PG&E) provided a response to this request for Unit 2 in July 1983.

l 3

~

\\.

r f

In order to upgrade measures for the control of heavy loads, the staff developed a series of guidelines designed to achieve a two phase objective using an accepted approach or protection philosophy. The first portion of the objective, achieved through a set of general guidelines identified in NUREG-0612, Article 5.1.1, is to ensure that all load-handling systems at nuclear power plants are designed and operated such that their probability of failure is uniformly small and appropriate for the critical tasks in which they are employed. The second portion of the staff's objective, achieved through guidelines identified in NUREG-0612, Articles 5.1.2 through 5.1.5, is to ensure that, for load-handling systems in areas where their failure might result in significant consequences, either (a) features are provided, in addition to those required for all load-handling systems, to ensure that the potential for a load drop is extremely small (e.g., a single-failure proof crane) or (b) conservative evaluations of load-handling accidents indicate tnat the potential consequences of any load drep are acceptably small. Acceptability of accident consecuences is quantified in NUREG-0612 into four accident analysis evaluation criteria.

The a:proach used to develop the staff guidelines for minimizing the potential for a load drop was based on defense in depth and is summarized as follows:

o Provide sufficient operator training, handling system design, load-handling instructions, and equipment inspection to assure reliable operation of the handling system o

Define safe load travel paths through procedures and operator training so that, to the extent practical, heavy loads are not carried over or near irradiated fuel or safe shutdown equipment o

Provide mechanical stops or electrical interlocks to prevent

~

movement of heavy loads over irradiated fuel or in proximity to equipment associated with redundant shutdown paths.

2

.o Staff guidelines resulting from the foregoing are tabelated in Section 5 of NUREG-0612.

1.3 Plant-Soecific Background On December 22, 1980, the NRC issued a letter [3] to the applicant for Diablo Canyon requesting that the applicant review provisions for handling and control of heavy loads at Diablo Canyon, evaluate these provisions with respect to the guidelines of NUREG-0612, and provide certain additional information to be used for an independent determination of conforr.ance to these guidelines. Pacific Gas and Electric (PG&E) provided a response to this request for Unit 2 in July 1983.

3 i

3

2.

EVALUATION AND RECOMMENDATIONS 2.1 Overview The following sections summarize the PG&E's review of heavy load handling at Diablo Canyon accompanied by EG&G's evaluation, cunclusions, and recommendations to the applicant for bringing the facilities more completely into compliance with the intent of NUREG-0612.

2.2 Heavy Load Overhead Handling Systems Table 2.1 presents the applicant's list of overhead handling systems which are subject to the criteria of NUREG-0612. The applicant has indicated that the weight of a heavy load for the facilities as greater than 1813 lbs per the NUREG-0612 definition. The auxiliary building, intake structure and solid radwasta storage building are common to the two units at Diablo Canyon, and were covered in their entirety in PG and E's Unit I response; therefore, they were not covered here. The turbine building was covered from column 19 south, 2.3 Guidelines 2.3.1 Scent-Fuel Pool Area [NUREG-0612, Article 5.1.21 (1) "The overhead crane and associated lifting devices used for handling heavy loads in the spent-fuel pool area should satisfy the single-failure proof guidelines of Section 5.1.6 of this report.

03 (2) "Each of the following is provided:

(a) Mechanical stops or electrical interlocks should be provided that prevent movement of the overhead crane load block over or within 15 feet horizontal (4.5 meters) of the spent-fuel pool. These mechanical stops or electrical interlocks should not be bypassed when the pool contains ' hot' spent fuel, and should not be bypassed without approval from the shift supervisor 4

g

_____A____

TABLE 2.1 CATEGORY 1 OVERHEAD HANDLING SYSTEMS Crane Description T

C-140-07 200 Containment Structure Polar Crane C-140-12 2T Reactor Head Stud Tensioner Monorail C-140-14 IST Missile Shield Hoist AF-140-08 125 Fuel Handling Area Crane T

AF-100-14 3 Monorail for Motor Driven Aux. Feedwater Pump 2-2 T

T-140-01 115 Turbine Building Bridge Crane T

T-140-02 115 Turbine Building Bridge Crane T

T-119-13 20 Monorail for Moisture Separator Reheater 2-2A O

e 9

5

(or other designated plant management personnel). The mechanical stops and electrical interlocks should be verified to be in place and operational prior to placing ' hot' spent fuel in the pool.

(b) The mechanical stops or electrical interlocks of 5.1.2(2)(a) above should also not be bypassed unless an analysis has demonstrated that damage due to postulated load drops would not result in criticality or cause leakage that could uncover the fuel.

(c) To preclude rolling if dropped, the cask should not be carried at a height higher than necessary and in no case more than six (6) inches (15 cm) above the operating floor level of the refueling building or other components and structures along the path of travel.

(d) Mechanical stops or electrical interlocks should be provided to preclude crane travel from areas where a postulated load drop could damage equipment from redundant or alternate safe shutdown paths.

(e) Analyses should conform to the guidelines of Appendix A.

0_3 (3) "Each of the following are provided (Note: This alternative is similar to (1) above, except it allows movement of a heavy load, such as a cask, into the pool while it contains

' hot' spent fuel if the pool is large enough to maintain wide separation between the load and the ' hot' spent fuel.):

(a) ' Hot' spent fuel should be concentrated in one location in the spent-fuel pool that is separated.as much as possible from load paths.

(b) Mechanical stops or electrical interlocks should be provided to prevent movement of the overhead crane load block over or within 25 feet horizontal (7.5 m) of the

' hot'. spent fuel. To the extent practical, loads i

should be moved over load paths that avoid the spent-fuel pool and kept at least 25 feet (7.5 m) from j

the ' hot' spent fuel unless necessary. When it is necessary to bring loads within 25 feet of the restricted region, these mechanical stops or electrical interlocks should not be bypassed unless the spent fuel has cecayed sufficiently as shown in Table 2.1 and 2.1-2, or unless the total inventory of gap activity for fuel within the protected area would result in off-site doses less than 1/4 of 10 CFR Part 100 if released, and such bypassing should require

,j t

6

the approval from the shift supervisor (or other designated plant management individual). The mechanical stops or electrical interlocks should be verified to be in place and operational prior to placing ' hot' spent fuel in the pool.

(c) Mechanical stops or electrical interlocks should be provided to restrict crane travel from areas where a postulated load drop could damage equipment.from redundant or alternate safe shutdown paths. Analyses have demonstrated that a postulated load drop in any location not restricted by electrical interlocks or mechanical stops would not cause damage that could result in. criticality, cause leakage that could uncover the fuel, or cause loss of safe shutdown equipment.

(d) To preclude rolling, if dropped, the cask should net be carried at a height higher than necessary and in no case more than six (6) inches (15 cm) above the operating floor _ level of the refueling building or other components and structures along the path of travel.

(e) Analyses should conform to the guidelines of Appendix A.

SE (4) "The effects of drops of heavy loads should be analyzed and shown to satisfy the evaluation criteria of Section 5.1.of this report. These analyses should conform to the guidelines of Appendix A."

A.

Summary of'Acolicant's Statements There are two cranes physically capable of carrying loads over the Spent Fuel. Pool (SFP). They are:

1.

The Fuel Handling Area Bridge Crane (AF-140-C3). This is a 125-tce capacity crane for general use.

1 2.

The Sp81t Fuel Bridge Crane (AF-140-16). This is a one-ton capacit soecial purpose bridge crane, used only for maneuveing fuel assemblies.

e e

e i

b i

i s

I l

7

The Spent Fuel Bridge Crane (AF-140-09) is excluded because it can be used only for moving fuel assemblies. Since its largest load is a spent fuel assembly (weighing 1,313 pounds, including its handling tool), and since a " heavy load" is defined in NUREG-0612 as weighing more than a spent fuel assembly and its handling tool, this crane is incapable of carrying a heavy load over the spent fuel pool.

The Fuel Handling Area Bridge Crane (AF-140-08) carries two heavy loads in the Spent Fuel Pool area: the spent fuel cask (assumed 67.5 tons), and the unloaded load block (2.5 tons).

This crane has been upgraded to meet the reliability criteria of Section 5.1.6 and Appendix C of NUREG-0612, for the load block load.

The load block is adequately protected against dropping, by redundant limits switches to eliminate two-blocking, and by extremely high design safety factors. Administrative procedures further protect the-spent fuel by restricting movement of the load block over the spent fuel pool. The spent fuel cask is protected against falling onto " hot" spent fuel by redundant bridge and trolley travel limit switches that keep the cask well away from this fuel, and thus the consequences of a cask drop will not violate NUREG-0612 criteria.

B.

EG&G Evaluation EG&G agrees with the applicant's statement that the Spent Fuel Bridge crane need not conform to this guideline since no heavy loads are handled by it.

Based on the statements made by the applicant the Fuel Handling Area Bridge Crane is consistent with the intent of NUREG-0612 criteria to a substantial degree. Areas of concern are as follows:

8

-j

~.

4

~

(1) Interlocks used at Diablo Canyon keep the main crane hook approximately 7 ft-1 in, from the storage pool. NUREG-0612 requirements are that a 15'ft-0 in. distance be used.

However, an adequate justification of the 7'ft-1 in.

distance is provided.

.i (2) The alternate 3 separation requirement of 25 ft is not strictly adhered to however EG&G feels that PG&E has shown i

that the intent of tha guidelines is met. PG&E presented summaries of analyses showing adequate distances to " hot spent fuel" after a cask drop and radiological consequences below the guideline requirements.

C.

EG&G Conclusions and Recommendations

+

EG&G concludes from the information presented that Diablo Canyon is consistent with the guidelines for cranes handling loads in the I

spent-fuel pool area.

2.3.2 Reactor Buildinc [NUREG-0612, Article 5.1.31 (1) "The crane and associated lifting devices used for handling heavy loads in the containment building should satisfy the single-failure proof guidelines of Section 5.1.6 of this report.

i OR i

~~

i

~

\\

l (2) " Rapid containment isolation is provided with prompt automatic actuation on high radiation so that postulated i

releases are within limits of evaluation Criterion I of Section 5.1 taking into account delay times-in detection and actuation; and analyses have been performed to show that evaluation criteria II, III, and IV of Section 5.1 are satisfied for postulated load drops in this area. These analyses should conform to the guidelines of Appendix A.

OR (3) "The effects of drops of heavy loads should be analyzed and shown to satisfy the evaluation criteria of Section 5.1.

Loads analyzed should include the following: reactor vessel head; upper vessel internals; vessel inspection platform; 9

___._, ~ _.

./

cask for damaged fuel; irradiated sample cask; reactor coolant pump; crane load block; and any other heavy loads brought over or near the reactor vessel or other equipment required for continued decay heat removal and maintaining shutdown. In this analysis, credit may be taken for containment isolation if such is provided; however, analyses should establish adequate detection _and isolation time.

Additionally, the analysis should conform to the guidelines of Appendix A."

A.

Summary of Applicant's Statements There are seven load-handling systems in the Diablo Canyon containment.

Five of these cranes are physically capable of carrying heavy loads over the reactor vessel. They are:

C-140-07 2007 Containment Polar Crane (Polar Gantry Type)

C-140-08 1T Manipulator Crane (Bridge Type)

C-140-10 1T Reactor Cavity Service Crane (Jib Boom Type)

C-140-12 2T Reactor Stud Tensioner Monorail C-140-14 15T Missile Shield Hofst The other two cranes in the containment, C-140-09 (the 1/2-ton Containment Come Service Crane) and C-140-11 (the 1-ton Containment Equipment Hatch Jib Boom) can be eliminated from further consideration. The first is incapable of carrying heavy loads, and the second is located approximately forty feet from the reactor.

The following two cranes are excluded because they are used only for carrying nonheavy loads:

C-140-08 IT Manipulator Crane C-140-10 1T Reactor Cavity Service Crane 10

1 The manipulator crane is a special purpose crane for removing spent fuel from the reactor, inserting new fuel, and rearranging fuel assemblies in the reactor during refueling operations. Its load-handling device is specially designed for carrying only fuel assemblies, which are by definition not heavy loads.

The reactor cavity service crane is for miscellaneous tool handling in the reactor cavity of the containment.

It carries the tool boxes for the head stud tensioners, supports the hydraulic hoses and electric cables for powering these tools, and moves the head studs between the reactor and the transfer crate.

The heaviest load is a 1500 pound tool box, and this load limitation is reinforced by a permanently mounted sign on the boem, forbidding the handling of heavier loads.

The following heavy loads are carried with sufficient design features to make the likelihood o' a load drop extremely small:

l i

Crane Load-Weight C-140-07 Reactor head with CROMs and he:d 172.5T lifting device C-140-07 Upper internals with internals lifting 77.5T device C-140-07 Unloaded internals lifting device 7.5T C-140-07 Unloaded head lifting device 12.5T C-140-07 Reactor vessel inspection tool (RVIT) 5.25T C-140-07 Unloaded lead block 7.3T l

C-140-07,-14 Missile shield (load is less than 17 T weight since shield is hinged) l The likelihood of dropping the reactor head and the reactor upper internals was analyzed, on a probabilistic basis. As presently modified, the containment polar crane can carry the four lightest heavy loads at a level of reliability that satisfies the i

NUREG-0612 requirements. Modifications to the missile shield load handling system have been made that provide complete redundancy of all functional parts.

1 1

i l

i i

11 i

r J

,o,,,

,4-,_

v

The following heavy loads were analyzed for post-drop compliance with Criteria I through III of Section 5.1:

Crane Load Weteht C-140-07 Lower internals, with lifting device 142.5T C-140-12 Reactor head stud tensioner 1.3T Criteria I through III are satisfied, no matter which load is dropped, if the drop occurs anywhere but over the reactor vessel.

The containment polar crane may carry other heavy loads besides those listed above, but the load paths for other loads are outwards to the annulus region. These loads are kept from moving i

over the reactor by administrative means.

i l

The lower internals are lifted only after all the fuel is out of I

I the reactor, 50 no radioactive release, criticality, or core uncovering is possible.

1 1

The reactor head stud tensioner is handled by a single-purpose menorail (C-140-12), which is permanently attached to the reactor head lifting device. Furthermore, the tensioner is mounted and j

used only while the head is installed on the reactor vessel, and it travels only over the vessel flange. Therefore, the stud j

tensioner presents no threat to the fuel, since it will not penetrate the six-inch thick reactor head at a location where i

only a glancing impact is possible.

1 B.

EG&G Evaluation The applicant has not provided enough information for EG&G to state that they are consistent with Article 5.1.3 of NUREG-0612.

I 4

12 i

'l

The applicant used a probability analysis to justify compliance for lifts by the polar crane of the reactor head and thc upper internals. The information provided does not conform to single-failure proof requirements as given in Appendix C of NUREG-0612, nor does it match the requirements of Appendix A for analysis of load drops. The probabilities for load drops as presented are low but they appear to be higher than those used by the NRC for single-failure-proof cranes. We feel that an analysis of the consequences for a load drop of the reactor head and upper internals is needed.

The carrying of other loads by the polar crane do meet the intent 4

of the guideline to some degree since the safety factors are 4

high. However information was not complete enough to make a good judgment. A more complete comparison with the single-failure proof requirements of NUREG-0612 as presented in Appendix C should be provided or an analysis of consequences due l

to load drops should be performed.

)

Lifting of the missile shield hoist appears to be consistent with the intent of the standards since two hoists are used and s

complete redundancy is met based on the applicant's statements.

Lifting of the lower internals and the reactor head stud tensioner also are consistent with the guidelines based on the applicant's statements regarding the analyses performed.

C.

EG&G Conclusions and Recommendations:

We recommend that an analysis of the consequences of load drops i

be performed for the majority of the loads handled by the polar crane. Please see our evaluation above.

I 13 i.

r.

t.

i*

~.3.3 Other Areas [NUREG-0612. Article 5.1.5J 2

(1) "If safe shutdown equipment are beneath or directly adjacent to a potential travel load path of overhead handling 2

systems, (i.e., a path not restricted by. limits of crane travel or by mechanical stops or electrical interlocks) one of the following should be satisfied in addition to satisfying the general guidelines of Section 5.1.1:

(a) The crane and associated lifti'ng devices should conform to the single-failure proof guidelines of Section 5.1.6

{

of this report; 0, R i

I (b) If the load drop could impair the operation of 1

equipment or cabling associated with redundant or dual safe shutdown paths, mechanical stops or electrical interlocks should be provided to prevent movement of j

loads in proximity to these redundant or dual safe shutdown equipment. (In this case, credit should not be taken for intervening floors unless justified by 4

analysis.)

OR (c) The effects of load drops have been analyzed and the i

results indicate that damage to safe shutdown equipment

}

would not preclude operation of sufficient equipment to achieve safe shutdown. Analyses should conform to the j

guidelines of Appendix A, as applicable.

4 1

(2) "Where the safe shutdown equipment has a ceiling separating 1

it from an overhead handling system, an alternative to j

Section 5.1.5(1) above would be to show by analysis that the largest postulated load-handled by the handling system would l

not penetrate the ceiling or cause spalling that could cause l

failure of the safe shutdown equipment."

i A.

Summary of Applicant's Statements i

The applicant uses five hazard elimination categories to show compliance with this portion of NUREG-0612. These categories are:

i i

i 14 4

. =

J f

1.

Mechanical stops or electrical interlocks 2.

Safe shutdown preserved by redundancy / diversity 3.

Site-specific considerations (load scheduling) 4 Probability of drop extremely small 5.

Damage prevented by intervening floors.

The following discusses each of these categories, Mechanical Stops. None of the Unit 2 cranes or monorails has 4

mechanical stops, so this hazard elimination category was not i

used in the Unit 2 analysis.

Redundancy. Diablo Canyon's safe shutdown systems were designed i

on the principle of redundancy of all active components, in order i

to meet the single failure criterion. The extensive equipment j

redundancy resulted in considerable redundancy of pipes, tubing, i

and ventilation ducts as well.

4

\\

Electric circuits and instrument tubing runs are all designed to serve only one piece of active equipment each, so equipment j

redundancy implies redundancy of these auxiliaries. Thus, i

electrical cabling and instrument tubing redundancy is treated by I

the effect of their failure on the redundant active components, i

The redundancy of a piping system cannot be analyzed by

,j individual piping segments (lines), but by the ability of the system as a whole to maintain flow and retain pressure after a failure. The piping system at Diablo Canyon provides ficw paths l

for five safe shutdown functions:

A = reactor coolant circulation B = core depressurization (pressurizer spray)

C = charging and boration a

D = high pressure cooling (steam dump)

E = low-pressure cooling (RHR).

i 1

l 15 f

1 The flow path for Function A is not redundant; the hazard from load drops onto the reactor coolant pressure boundary is eliminated by load scheduling. Two flow paths were chosen for each of the other functions (three for Function E). The individual lines were then listed for each flow path. Of the j

total of 277 lines, only fifteen are common to all redundant flow j

paths for any function, i

Redundancy based on physical separation eliminates the hazard unless a single drop of the largest load carried along a load l

path impacts all redundant active components or their attendant electric circuits or tubing runs, or unless a single drop hits enough pipes to eliminate all redundant flow psths for any function.

f One final consideration is the loss of an active component, such l

as a valve or its control wiring or tubing, that could eliminate t

j a flow path. Then the flow path could be lost even if no lines for that flow path were lost. Because of extensive use of j

cross-ties, most safe shutdown equipment can be valved into either of the redundant flow paths. But when the equipment loss also causes the loss of a flow path, its postulated loss is l

analyzed for its effect on both equipment redundancy and flow path redundancy.

Load Scheduling. Once cold shutdown is achieved, the components needed only to achieve it (not maintain it) can be impacted I

without creating a hazard.

Probability. The conservative. design of the Containment Polar Crane, combined with lifting procedures designed to catch any

{

problems before they cause a drop, results in a highly reliable

{

lifting system for the reactor head and upper internals.

Nevertheless, because of their importance to safety, these load I

drops were aralyzed both into the reactor and along their load l

16 i

m,_

paths to their laydown areas. The following heavy loads are sery light in relation to their cranes' capacity, and safety modifications have been made to the cranes, so the probability of dropping these particular loads is extremely small.

Weight

)

Crane Load (tons) l C-140-07 Main Hoist Load Block 7.3 C-140-07 Load Block + Internals Lifting Device-14.8 C-140-07 Load Block + Head Lifting Device 19.8 C-140-07 Load Block + RVIT 12.55 AF-140-08 Main Hoist Load Block 2.5 T-140-01(-02)

Main Hoist Load Block 3

i Intervening floors. There is one location where a load drop could cause a loss of safe shutdown capability if the load I

continued through all intervening floors. That is, the hazards from these drops are not eliminated by considerations of separation and redundancy, physical restraints on crane movement, load seneduling, or extremely small load drop probability.

1

! of Enclosure 3 requires that the consequences of I

postulated lead drops be evaluated to demonstrate compliance with Criteria III and IV of NUREG-0612, Section 5.1.

This was done using the following basic approach If there is an intervening floor or floors between the heavy load and its postulated target, and if it can be shown that the drop l

of the heavy load does not 1) result in structural collapse of the floor structure, or 2) result in the perforation of the floor slab, or 3) does not generate destructive secondary missiles that could hit the target, then the functioning of the safe-shutdown component is assured in spite of the load drop.

i 17 I

i l

t

1 Using this basic approach, the consequences of the postulated load drops were evaluated in terms of local damage and overall structural collapse. Local damage was assessed in terms of perforation and spalling using semi-empirical equations based on published test results. Actual floor thicknesses were compared to the minimum thicknesses required to preclude perforation and spalling. Overall structural ability to prevent collapse were evaluated using an energy balance technique. Accordingly, the strain energy capacity of the structure at the lower-bound collapse load and at its deformation limit (based on permissible ductility ratio) was equated to the kinetic energy of the postulated drop. In computing the strain energy capacity appropriate failure mode or modes (such as shear, bending, membrane action, etc.) were considered.

Using the results of local damage and overall structural response evaluation, the lift heights were modified so that the postulated load drop would not result in any of the following unacceptable consequences; Perforation (i.e., complete penetration) of the floor slab, a.

b.

Collapse of the floor structure, and Generation of secondary missile that can cause unacceptable c.

camage to essential components.

The lift height limitations have been incorporated into the applicable operating procedures. Thus, Criteria III and IV are satisfied.

B.

EG&G Evaluation E31G feels that the hazard elimination categories used by the acclicant are consistent with the intent of this portion of N'JREG-0612 except for those cases where probability is used. The section coes allow the use of " single-failure proof cranes,"

rowever the acplicant has not shown that they meet the criteria 18

necessary to satisfy the " single-failure proof" requirements.

High safety factors to meet the intent of portions of these requirements but other requirements are not clearly shown to be met. An example would be the requirements concerning braking systems. A comparison of " single-failure proof" requirements with actual conditions should be performed if the applicant feels that this is the method by which they wish to show compliance.

C.

EG&G Conclusions and Recommendations EG&G concludes that Otablo Canyon is consistent with the intent of this guideline to a substantial degree. We recommend that more information be provided for those loads / cranes for which low probability of a drop was used as a basis for compliance with NUREG-0612 requirements as stated above.

2.3.3 Single-Failure-Proof Handling Systems [NUREG-0612, Article 5.1.61 (1) " Lifting Devices:

(a) Special lifting devices that are used for heavy load's in the area wnere the crane is to be upgraded should meet ANSI N14.6 1978, ' Standard For Special Lifting Devices for Shipping Containers Weighing 10,000 Pounds (4500 kg) or More For Nuclear Materials,' as specified in Section 5.1.1(4) of this report except that the handling device should also comply with Section 6 of ANSI N14.6-1978. If only a single lif ting device is provided instead of dual devices, the special lifting device should have twice the design safety factor as required to satisfy the guidelines of Section 5.1.1(4). However, loads that have been evaluated and shown to satisfy the evaluation criteria of Section 5.1 need not have lifting devices that also comply with Section 6 of ANSI N14.6.

(b) Lift _in3 devices that are not soecially designed and that are used for handling heavy loads in the area where the crane is to be upgraded should meet ANSI B30.9-1971, ' Slings' as specified in Section 5.1.1(5) of this report, except that one of the following should also be satisfied unless the effects of a drop of the particular load have been analyzed and shown to satisfy the evaluation criteria of Section 5.1:

19

e (i) Provide dual or redundant slings or lifting devices such that a single component failure or malfunction in the sling will not result in uncontrolled lowering of the load; 93 (ii) In selseting the proper sling, the load used 1

should be twice what is called for in meeting Section 5.1.1(5) of this report.

j (2) "New cranes should.be designed to meet NUREG-0554,

' Single-Failure-Proof Cranes for Nuclear Power Plants.' For a

operating plants or plants under construction, the crane should be upgraded in accordance with the implementation guidelines of Appendix C of this report.

l (3) "Interfacina lift points such as lifting lugs or cask trunions should also meet one of the following for heavy loads handled in the area where the crane is to be upgraded unless the effects of a drop of the particular load have been evaluated and shown to satisfy the evaluation criteria of Section 5.1:

)

(a) Provide redundancy or duality such that a single lift point failure will not result in uncontrolled lowering of the load; lift points should have a design safety i

factor with respect to ultimate strength of five (5) i times the maximum combined concurrent static and dynamic load af ter taking the single lift point failure.

~

03 (b) A non-redundant or non-dual lift point system should have a design safety factor of ten (10) times the maximum combined concurrent static and dynamic load."

A.

Summary of Applicant Statements The applicant has not stated that they have any single-failure proof handling systems. However they did show that some systems have low probability of load drops.

B.

EG&G Evaluation 1

See evaluations in previous sections.

20

'l e

a C.

EG&G Conclusions and Recommendations See conclusions or recommendations in previous sections.

21

-.. _ = _ _

I 3.

CONCLUDING

SUMMARY

3.1 Guideline Recommendations i

i The NRC staff has established guidelines for judging the safety implications for handling heavy loads in the area of the reactor vessel, near stored spent fuel, or in other areas where an accidental q

Icad drop could damage safe shutdown systems. These guidelines are established to ensure that potential for load drops is extremely small

]

or that potential consequences of load drops are acceptably small.

1 j

3.2 Additional Recommendations i

l 1.

Spent-Fuel Pool Area The applicant has shown that they are j

Cranes NUREG-0612 consistent with the intent of NUREG-0612.

l Article 5.1.2 l

2.

Reactor Building Cranes The applicant should provide additional NUREG-0612 Article 5.1.3

, information showing the consequences of a serious load drop are minimal.

3.

Cranes Over Safe Shutdown The applicant should provide additional Equipment NUREG-0612 information showing that the guidelines of l

Article 5.1.5 NUREG-0612 are met.

l 4

Single-Failure-Proof The applicant has not designated any Handling Systems systems as single-failure proof. No j

NUREG-0612 Article 5.1.6 recommendations.

i 1

l 4

i i

i I

I 22 1

I

l 4

REFERENCES 1.

NUREG-0612, Control of Heavy Loads at Nuclear Power Plants, NRC.

l 2.

V. Stello, Jr. (NRC). Letter to all applicants.

Subject:

Request for l

Additional Information on Control of Heavy Loads Near Spent Fuel, NRC, 17 May 1978.

3.

USNRC, Letter to PG&E.

Subject:

NRC Request for Additional j

Information on Control of Heavy Loads Near Spent Fuel, NRC, 22 December 1980.

4 J. O. Schuyler (PG&E), Letter to F. J. Miraglia, Jr. (NRC).

Subject:

i Control of Heavy Loads Diablo Canyon Unit 2, PG&E, 29 July 1983.

5.

ANSI B30.2-1976, " Overhead and Gantry Cranes."

6.

ANSI N14.6-1978, " Standard for Lifting Devices for Shipping Containers Weighing 10,000 Pounds (4500 kg) or more for Nuclear Materials."

7.

ANSI 830.9-1971, " Slings."

8.

CMAA-70, "Specificatier,s for Electric Overhead Traveling Cranes."

9 l

+

e 9

23 I

i t

.