ML20209D547

From kanterella
Jump to navigation Jump to search
PRA Review & Recommended Approach for Completion of Project, Status Rept as of 841101
ML20209D547
Person / Time
Site: Seabrook  NextEra Energy icon.png
Issue date: 11/14/1984
From: Ariuska Garcia
LAWRENCE LIVERMORE NATIONAL LABORATORY
To: Davis S
Office of Nuclear Reactor Regulation
Shared Package
ML20209C800 List:
References
FOIA-87-6 RARE-84-112, NUDOCS 8411210194
Download: ML20209D547 (10)


Text

O N yr i

g Lawrence Livermore National Laborato: .

NUCLEAR SYSTEMS SAFETY PROGRAM RARE 84-112 November 14, 1984 Ms. Sarah M. Davis Reliability and Risk Assessment Branch Division of Safety Technology U.S. Nuclear Regulatory Commission Washington, D.C. 20555 RE: Status Report on Seabrook PRA Review and Recommended Approach for Completion of Project

Dear Ms. Davis:

The status of work on the Seabrook PRA Review Project as of November 1, 1984 is briefly outlined in tabular form in Attachment 1. This listing indicates the present state of completion of rough drafts for the various sections of the draft report, with comments on the state of the review work in some of these areas.

Our review and writing effort to date has concentrated on the identification of those errors and incorrect models in the PRA which are believed to have the potential to significantly change the results. In this process, we have identified many errors in both the event trees and the systems analyses that are believed to have little or no significant effect on the results.

We can also state, in an overall but preliminary sense that (1) we have identified differences with the plant model, particularly as it is embodied in the event trees, that we believe to have the potential to significantly change the results, and (2) we have no significant differences with the data set, even though we disagree with the philosophy of proprietary failure rate data in a report submitted to the NRC. We have not yet, and cannot in most cases describe the effect of correcting the models and errors. This would require the construction of new event trees and fault trees, and the performance of a limited requantification of these new models. The significant effort necessary to perform this work is beyond the scope of the project. This effort would, in turn, probably require the cooperation of, and some assistance from Public Service of New Hampshire (PSNH), although we believe that progress can be made without their active assistance. As we have previously indicated, we are also willing to hold meetings or discussions with representatives from PSNH and/or the contractor who performed the PRA for them to attempt to resolve all or part of the differences, but we believe the major differences are unlikely to be resolved even by this avenue because of fundamental differences concerned with the plant models. In any case, such discussions could not now occur in .ime to affect the work we expect to complete by December 15, 1984. [61 A -S ./w h.

210194 0 1 ;

L-~' .",00CX 0"000003

l g 0W0 A > EO..a Ctarwh E %w Lws % o* Ca%

  • 90 B0 602 Lwwe cam 44559
  • Teemnt*5 a:2-m T.o G': . : em..-..

) RARE 84-112 November 14, 1984 k

WORK TO BE COMPLETED BY DECEMBER 15TH The presently ongoing work will have drafts of the following material completed by December 15th:

  • event tree analysis
  • success criteria
  • system analysis
  • failure data
  • human reliability analysis The draft of the event tree analysis section will not include revised or new event trees. The drafts of the systems analysis will include some corrections and preliminary assessments of the effects of these corrections on system unavailability. One example of a correction occurs in the electric power (EP) system, where the PRA model inappropriately assumed that (1) the two unit auxiliary transformers provide redundancy to one another, and (2) the two reserve auxiliary transformers provide redundacy to one another. The overall effect of correcting the error is negligible. The significant point concerns understanding of system design and operation rather than the specific quantitative result.

This material will be useful to NRC because it will provide substantial documentation of the deficiencies that have been identified in the PRA as well as preliminary estimates of the significance of some of these deficiencies.

In particular, it will include:

  • a complete review of the data in the PRA a review of accident progression methodology and assumptions
  • an estimate of the significance of deficiencies in the system unavailability analyses
  • an assessment of the treatment of dependencies
  • identification and description of the type and extent of problems with the plant model embodied in the event trees
  • a qualitative discussion of the potential effects of many of the review comments

o RARE 84-112 November 14, 1984 g

PROBLEMS IN THE REVIEW The Review of the Seabrook PRA has been hampered and complicated by a number of factors having to do with the choice of evaluation methodology and the models employed in the analysis. In brief, the PRA presents a methodology, a plant model, and a data set. The final results are produced through the use of several proprietary computer codes and a proprietary data base. This approach creates a fundamental problem for the reviewer because the methodology presents an overall plant model and an evaluation process that are effectively cast in concrete as a " package". In other words, the material presented is relatively inflexible with respect to reevaluation and/or sensitivity testing, particularly for a reviewer who does not possess the plant logic models in a computer compatible format, and the proprietary codes and data. Both are necessary to accurately evaluate the qualitative and quantitative effects of a change. The reviewer cannot easily or directly verify (audit) the qualitative and quantitative results presented, but this is a relatively minor problem. A more important problem is that the reviewer generally cannot make a change in the data and perform a quantitative reevaluation to accurately assess the effect of the change; however, it is possible in most cases to make useful qualitative estimates about the effects of such changes. The most serious problem is that the reviewer cannot generally make a change in the plant model and perform qualitative and quantitative reassessments. Although it is possible to use engineering judgement to obtain rough estimates of the effects of some changes, particularly when they are considered one-at-a-time, it is generally not possible to evaluate the sensitivity of the results to perturbations in the plant model.

This shortcoming of this PRA methodology becomes a problem only when a difference in the model or data set must be assessed. There is no problem if there is no disagreement on these points; however, this is not usually the case.

A reviewer can perform a simple check of the quantitative results in the PRA by examining the dominant accident sequences presented. The effect of significant changes in the models requires a more complex effort in which it may be necessary to reevaluate the entire plant logic model to verify that the set of dominant accident sequences has not changed, or to identify a new set of dominant accident sequences and the dominant contributors to those sequences. This effort would almost certainly require the use of a computer code. (Note: It may also be necessary to reevaluate the risk profile of the plant.)

A reviewer can make a simple check of the quantitative results for individual system models or accident sequences presented in the PRA by combining, as appropriate, point estimate values (e.g., mean values) of the data element distributions, but the results of these simple calculations will not necessarily, nor generally provide the same result as given in the PRA.

Indeed, we do not expect the result of a point estimate calculation using mean values as the point estimates to correspond to the mean value of the result using distributions.

. . . _. .- . . - . . =- _ .

RARE 84-112 November 14, 1984 9

The effect of changes in the data alone can be estimated by the reviewers only on the basis of point estimate calculations, and the results obtained by

! this process are not directly comparable to the proprietary codes and data.

! The effect of changes in the model(s) alone can likewise be estimated by the reviewer only on the basis of a point estimate calculation, with the same limitations. Changes in the results for this case, however, are even more loosely related to the PRA results because the changes may be influenced by both the change in the model and the point estimate nature of the calculation. ,

If changes are made to both the model and the data, a comparison to the

, original PRA results becomes even more tenuous.

RECONHENDATIONS i

j We consider it necessary to evaluate the effect of a significant change i

in the model or a data element in a manner which provides assurance that a

{

change in the qualitative and/or quantitative results is not due to the simplified nature of the limited reevaluation. One way of approaching the quantitative part of this problem is to compare (1) " reference" result values developed for the existing PRA model using point estimates to (2) values obtained from an evaluation of the revised model (and data, if appropriate),

, again using point estimates. Results obtained this way would provide a

reasonable basis for judging the quantitative effect of the changes, even though this approach would not provide an uncertainty evaluation. .

The extent of disagreement with the event tree models in the Seabrook PRA is substantial. There are also disagreements with the reliability block

diagrams which make up the systems analyses. There is no significant disagreement with the data employed in the PRA. The disagreement with the i

structure of the event trees is such that it is considered necessary to

! construct a new set of event trees, and then proceed to evaluate them and compare the results to the original PRA results, as earlier described. The process would also require construction of (relatively small) fault trees based on the reliability block diagrams and boundary conditions used in the PRA. These fault trees would incorporate corrections to the logic in the system models. The limited qualitative and quantitative analyses of these models would requirs the use of a computer code. We propose to use the SETS code, a powerful publicly-available code presently operational on the LLNL computer system, which is familiar to both LLNL and contractor personnel working on the project.

The effort required to perform the above-described work is substantially beyond that envisioned in the original scope of work for the project. It can be performed only on a longer time schedule and at additional cost.

i i

i i

I l

l l

i l

}

RARE 84-112 November 14, 1984 The products that would result from the effort described above would include:

  • new or completely revised event trees
  • system fault trees based on the reliability block diagrams in the PRA
  • revised and/or new operator action trees
  • limited qualitative and quantitative evaluations of these models
  • accident sequence cut sets for subsequent use in the reassessment of internal and external

. initiating events

  • identification of the dominant accident sequences, and the dominant contributors to those sequences
  • plant damage state point estimate probabilities for use by NRC or BNL for off-site consequence calculations There would also be a comparison of the results from the new evaluation to the results in the Seabrook PRA. We estimate that this work, if begun by December 15, 1984, would be completed by May 1, 1985 at an additional cost of $160K above the existing contract value of $400K, for a total cost of $560K. A rough draft of the schedule is provided in Attachment 2.

It is important to note that one of the possible outcomes of a complete reevaluation is "no change" in the overall results, i.e., no increase in the core melt probability, and no change in the makeup of the dominant sequences. This would effectively provide a confirmation of the results obtained in the PRA, in spite of the many deficiencies identified in the analysis. It is also possible that the core melt probability may actually decrease, due to removal of conservative assumptions which may exist in the analysis. Other possible outcomes include no change in the overall core melt probability, but significant changes in the makeup of the dominant accident sequences, possibly significantly affecting plant risk.

The proposed new review schedule is largely self-explanatury. Tasks 1 and 2 are for the construction of event and fault tree models, using the information that was developed in the earlier work, and correcting the errors identified.

Tasks 3 and 4 are for fault and event tree evaluation. These tasks include the preparation of input for the code used to perform the limited qualitative and quantitative evaluations of the models constructed in Tasks 1 and 2, and the exercise of the code to obtain a new set of results.

RARE 84-112 November 14, 1984 Task 5 is included to cover problems with data that may be identified in the course of the work. This is a relatively small effort.

Task 6 is needed to provide human factors support in the process of performing Tasks 1 and 2. Like Task 5, this is also a relatively small effort.

The analysis of results developed in Tasks I through 4 is performed in Task 7.

A limited reevaluation of external events will be performed in Task 8.

This reevaluation is likely to be necessary because of the changes which will occur in the plant model. It is anticipated that the seismic and fire analyses will require reevaluation.

Task 9 is the report writing task.

OTHER The process of finishing the work which will be completed by December 15th, and pcrforming the work proposed above would greatly benefit if PSNH could be persuaded to cooperate with the review effort. If we could obtain cooperation with respect to providing additional information (principally procedures and answers to questions), the final products would be better and more useful to the NRC and the utility.

It would also be helpful to obtain descriptions of the specific plant damage states / release categories / source terms that will be used in the NRC/BNL work which uses our results as input.

If you should require additional information on any of this material, please give me a call.

Sincerely, M

Abel A. Garcia Principal Investigator Attachments cc: G. E. Cu:=ings I

, , . - - , - - -c. . , - - ~ ,

RARE 84-112 November 14, 1984 4

ATTACHMENT 1 SEABROOK PRA REVIEW PROJECT STATUS REPORT - NOVEMBER 1, 1984 Approx. Percent Complete Report ---- -

Section Title Review Writing

1. Executive Summary 0 0
2. Introduction 2.1 Background 0 0 2.2 Scope 0 0 2.3 Assumptions 0 0 2.4 Summary of Results and Partial draft Insights Presented in PRA 90 70 submitted to NRC 10-2-84
3. Internal Events Analysis 3.1 Initiating Events 90 70 3.2 Event Trees Review of old

, material is LOCA essentially 90 }

jcomplete. Need Transient 90 [ 70 Lto construct new trees & requant.

Other 90 Some procedures

'& human factors info needed.

3.3 Success Criteria 20 0 3.4 Systems 83 (see attached page) 3.5 Human Factors 60 0 (need procedures) 3.6 Failure Data 90 70 f 3.7 Operating Experience Anal. 0 0 4 % 12/'# .

I I

.. i l

RARE 84-112 l (Cont.)

3.8 Analysis Codes 0 0 3.9 Accident Sequences (Phenom.) 70 0 3.10 Dependencies & Common cause 20 0 3.11 Quantification 80 0

4. External Event Analysis 4.1 Seismic Events Seismic Hazard 80 0 Fragilities 20 0 4.2 Aircraft Crash 0 0 M+"h^ ,

%4.3 Fire 0 0b I g4

'"5 4 . 4 Internal Flood 0 0 4.5 External Flood 10 0 4.6 Hazardous Chemicals and Transportation Events 0 0 4.7 Wind and Tornado 100 50 4.8 Turbine Missiles 0 0

5. Summary and conclusions 5.1 Dom. Seq. Corresponding to Each Plant Damage State 0 0 5.2 Important Problems and Omissions 10 0 5.3 Treatment of Uncertainties 0 0 5.4 Overall Evaluation of Seabrook PRA 0 0 Appendices 80 N/A

g RARE 84-112 November 14, 1984 SEABROOK PRA REVIEW PROJECT  ;

STATUS REPORT - NOVEMBER 1, 1984 SYSTEMS Approx. Percent Complete System Review Writing

1. Electric Power System 100 80
2. Service Water System 100 80
3. Primary Component Cooling Water S'ystem 100 80
4. Instrument Air System 100 80
5. Reactor Trip, Solid State Protection, and Engineered Safety Features Actuation Systems 90 20
6. Containment Enclosure Air Handling System 100 80
7. Emergency Core Cooling Systems 70 0
8. Emergency Feedwater System 100 80
9. RCS Pressure Relief System 60 0
10. Main Steam System 100 70
11. Containment Building Spray System 60 0
12. Containment Isolation System 60 0
13. Control Room HVAC 0 0 l

t

.e O t

PROPOSED REVISED SEABROOK PRA REVIEW SCHEDULE gi n

Weeks After Start E g

w FG 0 2 4 6 8 10 12 14 16 Tasks 'l l l l l l l

1. Construct Event Trees  :---g
2. Construct Fault Trees _ _ _ _ . . .;
3. Evaluate Fault Trees .
_____ ____a
4. Evaluate Event Trees .
_ __ 4.___ a ,
5. Data Support . ..____ _
6. Human Factors Support :__________ _ _ _ _ _ - -s
7. Analyze Results  ;  : _ _ _ _ _ - - _ _t B. Reevaluate External Events =
. . . . . . . _ _ _q
9. Write Report i n e

I I I I I - 1 I I