Text

Corrected Proposed Tech Specs Re Diesel Generator Testing
	ML20210P630
Person / Time
Site:	San Onofre
Issue date:	08/10/1999
From:	; SOUTHERN CALIFORNIA EDISON CO.
To:	;
Shared Package
ML20210P624	List: ML20210P622; ML20210P630;
References
	NUDOCS 9908130047
	Download: ML20210P630 (110)
	v • d • e

AC Sources-Operating 3.8.1

. SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.2 -------------------NOTES-------------------

1. Performance of SR 3.8.1.7 satisfies this SR.

2. All DG starts may be preceded by an engine prelube period and followed by a warmup period prior to loading.

3. A modified DG start involving idling and gradual acceleration to rated l speed may be used for this SR as recommended by the manufacturer. When modified start procedure are not used, the time, voltage, and frequency tolerances of SR 3.8.1.7 must be met.

Verify each DG starts from standby As specified in conditions and achieves: Table 3.8.1-1 l

a. Steady state voltage a 4297 V and s 4576 V; and

b. Steady state frequency 2 59.7 Hz and l s 61.2 Hz.

(continued) 1 9908130047 990810 PDR ADOCK 05000361 p PDR

. SAN ON0FRE--UNIT 2 3.8-5 C

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.7 -------------------NOTES-------------------

1. All DG starts may be precedea by an engine prelube period. ,

2. Credit may be taken for unplanned 184 days events that satisfy this SR.

Verify each DG starts from standby condition and:

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency a 59.7 Hz;

b. Maintains steady state voltage 2 4297 V and s 4576 V; and

c. Maintains steady state frequency ;

2 59.7 Hz and s 61.2 Hz. j SR 3.8.1.8 -------------------NOTE------------------

1. Credit may be taken for unplanned events that satisfy this SR.

2. Testing to satisfy this SR shall 24 months include actual automatic and manual transfer to at least one alternate offsite circuit. The other alternate offsite circuit may be verified by overlapping circuit tests.

Verify capability of automatic and manual transfer of AC power sources from the normal offsite circuit to each alternate required offsite circuit.

(continued)

SAN ON0FRE--UNIT 2 3.8-7 C

AC Sources-0perating l

3.8.1 l- . -

SURVEILLANCE REQUIREMENTS (continued) l SURVEILLANCE FREQUENCY

- SR 3.8.1.9 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

-Verify each DG rejects a load greater than 24 months or equal to its associated single largest j post-accident load, and:

a. Following load rejection, the frequency is s 66.75 Hz; l

b. Within 4 seconds following load rejection, the voltage is a 4297 V and s 4576 V; and I c. Within 4 seconds following load rejection, the frequency is 2 59.7 Hz and s 61.2 Hz. l l l SR 3.8.1.10 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify each DG, when connected to its bus 24 months in parallel with' offsite power and operating with inductive loading that offsite power conditions permit, during and following a load rejection of a 4450 kW and s 4700 kW: l

a. Does not trip; and l

b. Voltage is maintained s 5450 V. l (continued)

SAN,0N0FRE--UNIT 2 3.8-8 C-

AC Sources-Operating 3.8.1 i SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.11 -------------------NOTES-------------------

1. All DG' starts may.be preceded by an engine prelube period.

2. Credit may be taken for unplanned events.that satisfy this SR.

Verify on an actual or simulated loss of- 24 months offsite power signal:

a. De-energization of emergency buses;

b. Load shedding from emergency buses;

c. DG auto-starts from standby condition and: I

1. energizes permanently connected loads and resets the 4.16kV bus undervoltage relay logic.in s 10 seconds;

2. Emaintains steady state voltage 2 4297 V and.s 4576 V; l

3. maintains steady state frequency

- 2 59.7 Hz and s 61.2 Hz; and j

4. supplies permanently connected loads for 2 5 minutes.

(continued)

SAN ON0FRE--UNIT 2 3.8-9 L

C.

AC Sources-0perating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.12 -------------------NOTES-------------------

1. All DG starts may be preceded by an engine prelube period.

2. Credit may be taken for unplanned events that satisfy this SR.

Verify on an actual or simulated SIAS, each 24 months DG auto-starts from standby condition and:

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency 2 59.7 Hz;

b. Maintains steady state voltage 2 4297 Y and s 4576 V;

c. Maintains steady state frequency 2 59.7 Hz and s 61.2 Hz; and

d. Operates for 2 5 minutes. l SR 3.8.1.13 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify each DG automatic trip is bypassed 24 months on actual or simulated SIAS except: l

a. Engine overspeed;

b. Generator differential current; and

c. Low-low lube oil pressure.

(continued)

SAN ON0FRE--UNIT 2 3.8-10

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.14 -------------------NOTES-------------------

1. Momentary transients outside the load range does not invalidate this test. l

2. Credit may be taken for un)lanned events that satisfy this St.

Verify each DG, when connected to its bus 24 months in parallel with offsite power and operating with inductive loading that offsite power conditions permit, operates for 2 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months s:

a. For 2 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months loaded a 4935 kW and s 5170 kW; and

b. For the remaining hours of the test loaded 2 4450 kW and s 4700 kW.

SR 3.8.1.15 -------------------NOTES------------------- l

1. This Surveillance shall be performed within 5 minutes of shutting down the DG after the DG has operated 2 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months loaded 2 4450 kW and s 4700 kW.

Momentary transients outside the load l range do not invalidate this test.

2. All DG starts may be preceded by an engine prelube period.

Verify each DG starts and: 24 months l

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency 2 59.7 Hz;

b. Maintains' steady state voltage 2 4297 V and s 4576 V;

c. Maintains steady state frequency 2 59.7 Hz and s 61.2 Hz; and

d. Operates for 2 5 minutes. l (continued)

SAN ON0FRE--UNIT 2 3.8-11

I AC Sources-0perating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.16 --__-----

_----__--NOTE--------------------

Credit ma be taken for unplanned events that sati fy this SR.

Verify each DG: 24 months

a. Is capable of being synchronized with l 4 offsite power while loaded with I emergency loads upon a simulated i restoration of offsite power;

b. Transfers loads to offsite power source; and

c. Returns to ready-to-load operation, with:

1. steady state voltage 2 4297 V and s 4576 V;

2. steady state frequency 2 59.7 Hz and s 61.2 Hz; and

3. the DG output breaker open. l l SR 3.8.1.17 ---------

NOTE--------------------

Credit ma be taken for unplanned events that sati fy this SR.

Verify, with a DG operating in test mode 24 months and connected to its bus in parallel with offsite power, an actual or simulated SIAS overrides the test mode by:

a. Returning the DG to ready-to-load operation, with:

1. steady state voltage 2 4297 Y and s 4576 V;

2. steady state frequency 2 59.7 Hz and s 61.2 Hz; and

3. the DG output breaker open; and l

b. Automatically energizing the emergency loads from offsite power.

(continued)

SAN ON0FRE--UNIT 2 3.8-12 i

C

AC Sources-0perating 3.8.1 ;

i SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE . FREQUENCY j l

SR 3.8.1.18 .-------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify interval between each sequenced load 24 months block is within i 10% of design interval i for each emergency and shutdown load '

programmed time interval load sequence.

(continued)

I l

l i

1 l l l

SAN.ONOFRE--UNIT 2 3.8-13 C

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.19 -------------------NOTES-------------------

1. All DG starts may be preceded by an engine prelube period.

2. Credit may be taken for unplanned events that satisfy this SR.

Verify on an actual or simulated loss of 24 months offsite power signal in conjunction with actual or simulated ESF actuation signals:

a. De-energization of emergency buses;

b. Load shedding from emergency buses;

c. DG auto-starts from standby condition and:

1. energizes permanently connected loads and resets the 4.16 kV bus undervoltage relay logic in s 10 seconds;

2. energizes auto-connected emergency loads through the programmed time interval load sequence;

3. achieves steady state voltage 2 4297 V and s 4576 V; l

4. achieves steady state frequency 2 59.7 Hz and s 61.2 Hz; and l

5. supplies permanently connected and auto-connected emergency loads for 2 5 minutes.

(continued)

SAN ON0FRE--UNIT 2 3.8-14

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued) i SURVEILLANCE FREQUENCY SR 3.8.1.20 -------------------NOTE--------------------

All DG starts may be preceded by an engine ]

prelube period.

Verify, when started simultaneously from 10 years standby condition, each DG:

a. In s 9.4 seconds, achieves voltage 2 4'297 V and frequency 2 59.7 Hz;

b. Maintains steady state voltage 2 4297 V and s 4576 V; and

c. Maintains steady state frequency a 59.7 Hz and s 61.2 Hz.

l l

SAN ON0FRE--UNIT 2 3.8-15

AC Sources-Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources-Operating BASES BACKGROUND The Class 1E Electrical Power Distribution System AC sources consist of the offsite power sources (normal preferred and alternate preferred power sources), and the standby (onsite) power sources (Train A and Train B Diesel Generators (DGs)).

As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1), the design of the AC electrical power system provides ,

independence and redundancy to ensure an available source of '

power to the Engineered Safety Feature (ESF) systems.

The onsite Class 1E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to two preferred (offsite) power sources and a single DG. l In Modes 1 through 4, the normal preferred power source l (Offsite circuit #1) for each unit is Reserve Auxiliary Transformers XR1 and XR2 for the specific unit. XR1 feeds .

one 4.16 kV ESF bus (Train A) A04 and XR2 feeds the other 4.16 kV ESF bus (Train B) A06 of the onsite Class 1E AC

)

1 distribution system for each unit. The alternate preferred j power source (Offsite circuit #2) is the other unit's '

Reserve Auxiliary Transformers XR1 and XR2, or the other unit's Unit Auxiliary Transformer XU1 through the train f oriented 4.16 kV ESF bus cross-ties between the two units.

The 4.16 kV ESF bus alignment in the other unit determines !

which transformer (s) serves as the alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Reserve Auxiliary Transformer (XR1 or XR2), then that j transformer is the required alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned j totheUnitAuxiliaryTransformer(XU1),thenthat j transformer is the required alternate preferred power !

source. !

In Modes 5 and 6, when the main generator is not operating, l l each Class IE Switchgear can be connected to a third '

areferred power source via the Unit Auxiliary Transformers

)y manually removing the links in the isolated phase bus between the Main Generator and the Main (continued)

SAN ON0FRE--UNIT 2 B 3.8-1 i u

T AC Sources-0perating B 3.8.1 BASES BACKGROUND transformer of the non-operating (Modes 5 and 6) unit and (continued) closing the 4.16 kV circuit breaker to the Unit Auxiliary transformer of the same unit. In this alignment, the Unit Auxiliary Transformer (XU1) serves as the required normal preferred power source of the unit and the alternate preferred power source for the ESF bus (es) in the other unit.

An offsite circuit includes all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1E ESF bus or buses.

During a Safety"Injectioi)~Actifa~ tion Signal (SIAS), certain required ESF loads are connected to the ESF buses in a predetermined sec uence. Within 77 seconds after the SIAS, all automatic anc permanently connected loads needed to recover the unit or maintain it in a safe condition are placed in service. l The standby (onsite) power source for each 4.16 kV ESF bus l is a dedicated DG. DGs G002 and G003 are dedicated to ESF buses A04 and A06, respectively. A DG starts automatically on a SIAS (i.e., low pressurizer pressure or high l containment pressure signals) or on an ESF bus degraded voltage or undervoltage signal. After the DG has started, it will automatically connect to its respective bus after the offsite power supply breaker is tripped as a consequence of ESF bus undervoltage or degraded voltage, independent of or coincident with a SIAS signal. The DGs will also start and operate in the standby mode without tying to the ESF bus on an SIAS alone. Following the trip of offsite power, an undervoltage signal stri)s selected loads from the ESF bus.

When the DG is tied to tie ESF bus, the permanently connected loads are energized. If one or more ESF actuation signals are present, ESF loads are then sequentially connected to their respective ESF bus by the programmed time interval load sequence. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of a loss of preferred power in conjunction with one or more ESF actuation signals, tho ESF electrical loads are automatically connected to the DGs in sufficient time to provide for safe reactor shutdown and to mitigate the consequences of a Desi loss of coolant accident (gn Basis Accident (DBA) such as a LOCA).

l (continued)

SAN ON0FRE--UNIT 2 B 3.8-2 u

AC Sources-Operating B 3.8.1 BASES BACKGROUND Ratings for Train A and Train B DGs satisfy the requirements (continued) of Regulatory Guide 1.9 (Ref. 3). The continuous service rating of each DG is 4700 kW with 10% overload permissible for u) to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months in any 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. However, for stand)y class of service like the San Onofre DGs the manufacturer allows specific overload values up to 116.1% of continuous duty rating based on the total hours the DG is operated per year. The ESF loads that are powered from the 4.16 kV ESF buses are listed in Reference 2.

APPLICABLE The initial conditions of DBA and transient analyses in the SAFETY ANALYSES UFSAR, Chapter 6 (Ref. 4) and Chapter 15 (Ref. 5), assume ESF systems are OPERABLE. The AC electrical power sources are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of I necessary power to ESF systems so that the fuel, Reactor Coolant System (RCS), and containment design limits are not exceeded. These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS); and Section 3.6, Containment Systems.

The OPERABILITY of the AC electrical power sources is consistent with the initial assumptions of the accident analyses and is based upon meeting the design basis of the unit. This results in maintaining at least one train of the onsite or offsite AC sources OPERABLE during accident 4 conditions in the event of:

a. An assumed loss of all offsite power or all onsite AC power; and

b. A worst case single failure.

The AC sources satisfy Criterion 3 of NRC Policy Statement.

LCO Two qualified circuits between the offsite transmission network and the onsite Class 1E Electrical Power Distribution System and separate and independent DGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an Anticipated Operational Occurrence (A00) l or a postulated DBA.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-3

AC Sources-Operating B 3.8.1 BASES LC0 Qualified offsite circuits are those that are described in (continued) the UFSAR and are part of the licensing basis for the unit.

Required offsite circuits are those circuits that are credited and required to be Operable per LC0 3.8.1.

Each required offsite circuit must be capable of maintaining frequency and voltage within specified limits, and acce) ting required loads during an accident, while connected to tie ESF buses.

In Modes 1 through 4, the normal preferred power source l (Offsite circuit #1) for each unit is Reserve Auxiliary Transformers XR1 and XR2 for the specific unit. XR1 feeds one 4.16 kV ESF bus (Train A) A04 and XR2 feeds the other 4.16 kV ESF bus (Train B) A06 of the onsite Class IE AC distribution system for each unit. The alternate preferred power source (Offsite circuit #2) is the other unit's Reserve Auxiliary Transformers XR1 and XR2, or the other unit's Unit Auxiliary Transformer XU1 through the train oriented 4.16 kV ESF bus cross-ties between the two units.

The 4.16 kV ESF bus alignment in the other unit determines which transformer (s) serves as the alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Reserve Auxiliary Transformer (XR1 or XR2), then that transformer is the required alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Unit Auxiliary Transformer (XU1), then that transformer is the required alternate preferred power source.

In Modes 5 and 6, when the main generator is not operating, l each Class 1E Switchgear can be connected to a third

) referred power source via the Unit Auxiliary Transformers.

)y manually removing the links in the isolated phase bus between the Main Generator and the Main transformer of the non-operating (Modes 5 and 6) unit and closing the 4.16 kV l circuit breaker to the Unit Auxiliary transformer of the I same unit. In this alignment, the Unit Auxiliary I Transformer (XU1) serves as the required normal preferred ;

power source of the unit and the alternate preferred power l source for the ESF bus (es) in the other unit.

Each DG must be capable of starting, accelerating to within specified frequency and voltage limits, connecting to its respective ESF bus on detection of bus undervoltage, and resetting the 4.16 kV bus undervoltage relay logic, in less than or equal to 10 seconds. Each DG must also be capable of accepting required loads within the assumed loading (continued)

SAN ON0FRE--UNIT 2 B 3.8-4

m AC Sources-Operating B 3.8.1 BASES LC0 sequence intervals, and continue to operate until offsite (continued) power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as: DG in standby with the engine hot, DG in standby with the engine at ambient conditions, and DG operating in a parallel test mode. A DG is considered already operating if the DG voltage is 2 4297 and s 4576 volts and the frequency is a 59.7 and s 61.2 Hz.

Proper sequencing of loads, including tripping of nonessential loads on a SIAS, is a required function for DG l OPERABILITY.

The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete.

For the offsite AC sources, separation and independence are to the extent practical. A circuit may be connected to more than one ESF bus, with transfer capability to the other circuit, and not violate separation criteria.

APPLICABILITY The AC sources and associated automatic load sequence timers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:

a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of A00s or abnormal transients; and

b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.

The AC power requirements for MODES 5 and 6 are covered in LC0 3.8.2, "AC Sources - Shutdown."

ACTIONS L1 To ensure a highly reliable power source remains with the one offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit on (continued)

SAN ONOFRE--UNIT 2 B 3.8-5

l AC Sources-Operating B 3.8.1 BASES ACTIONS M (continued)

, a more frequent basis. Since the Required Action only l specifies " perform," a failure of SR 3.8.1.1 acceptance l criteria does not result in a Required Action not met. l However, if a second required circuit fails SR 3.8.1.1, the '

second offsite circuit is inoperable, and Condition C, for two offsite circuits inoperable, is entered, i

U According to Regulatory Guide 1.93 (Ref. 6), operation may l continue in Condition A for a period that should not exceed I

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one offsite circuit inoperable, the I reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE j offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.

l The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable

, time for repairs, and the low probability of a DBA occurring i during this period. l The second Completion Time for Required Action A.2 j establishes a limit on the maximum time allowed for any i l

combination of required AC power sources to be inoperable l during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable, and that DG is subsequently returned OPERABLE, the LC0 may already have been not met for up to 14 days. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 14 days (for a total of 31 days) allowed prior to complete l i restoration of the LCO. The 17 day Completion Time provides l a limit on the time allowed in a specified condition after j discovery of failure to meet the LC0. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "Alin" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 17 day Completion Time means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-6

AC Sources-Operating B 3.8.1 BASES ACTIONS M (continued)

As in Required Action A.2, the Completion Time allows for an exception to the normal " time zero" for beginning the allowed outage time " clock." This will result in establishing the " time zero" at the time that the LC0 was initially not met, instead of at the time Condition A was entered.

As required by Section 5.5.2.14, a Configuration Risk Management Program is implemented in the event of Condition A.

Ikl To ensure a highly reliable power source remains when one of the required DGs is inoperable, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies " perform,"

a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

ILZ Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. Single train systems, such as turbine driven auxiliary feedwater pumps, are not included. Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable DG.

The Completion Time for Required Action B.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal " time zero" for beginning the allowed outage time " clock." In this Required Action, the Completion Time only begins on discovery that both:

(continued)

SAN ONOFRE--UNIT 2 B 3.8-7

AC Sources-0perating B 3.8.1 BASES ACTIONS ]L2 (continued) j 1

a. An inoperable DG exists; and I

b. A required feature on the other train is inoperable.

If at any time during the existence of this Condition (one DG inoperable) a required feature subsequently becomes inoperable, this Completion Time begins to be tracked.

Discovering one required DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the Completion Time for the Required Action.

Four hours from the discovery of these events existing concurrently, is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not been lost. The 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the L OPERABILITY of the redundant counterpart to the inoperable

, required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

l B.3.1 and 8.3.2 l Required Action B.3.1 provides an allowance to avoid l unnecessary testing of OPERABLE DGs. If it can be i determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be ,

performed. If the cause of inoperability exists on other i DG, the other DG would be declared inoperable upon discovery ;

and Condition E of LC0 3.8.1 would be entered. Once the l failure is repaired, the common cause failure no longer J exists and Required Action B.3.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG, performance of SR 3.8.1.2 l suffices to provide assurance of continued OPERABILITY of l that DG. t (continued)

SAN ON0FRE--UNIT 2 B 3.8-8

l AC Sources-0perating B 3.8.1 BASES I

ACTIONS B.3.1 and B.3.2 (continued)

According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is ,

i reasonable to confirm that the OPERABLE DG is not affected l l by the same problem as the inoperable DG. i Ik4

, An augmented analysis using the methodology set forth in l l Reference 16 provides a series of deterministic and probabilistic justifications and supports continued ;

operations in Condition B for a period that should not l exceed 14 days.

l In Condition B, the remaining OPERABLE DG and offsite l circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet !

the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently returned OPERABLE, the LC0 may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 20 days) allowed prior to complete restoration of the LC0. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "MQ" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met. '

As in Required Action B.2, the Completion Time allows for an exception to the normal " time zero" for beginning the allowed time " clock." This will result in establishing the (continued) j SAN ON0FRE--UNIT 2 B 3.8-9

I AC Sources -Operating B 3.8.1 1

BASES ACTIONS Bd (continued)

" time zero" at the time that the LC0 was initially not met, instead of at the time Condition B was entered.

As required by Section 5.5.2.14, a Configuration Risk Management Program is implemented in the event of Condition B.

C.1 and C.2 Required Action C.1, which applies when two offsite circuits ,

are inoperable, is intended to provide assurance that an I event with a coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required J features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from the 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed by Regulatory Guide 1.93 (Ref. 6) for two inoperable required offsite circuits. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowance is based upon the assumption that two complete safety trains are OPERABLE. 1 When a concurrent redundant required feature failure exists, this assumption is not the case and a shorter Completion ;

Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. These features are powered '

from redundant AC safety trains. This includes motor driven auxiliary feedwater pumps. Single train turbine driven !

auxiliary pumps, are not included in the list.

l The Completion Time for Required Action C.1 is intended to I allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal " time zero" for beginning the allowed outage time " clock." In this Required Action, the Completion Time only begins on discovery that both:

a. All required offsite circuits are inoperable; and

b. A required feature is inoperable.

If at any time during the existence of Condition C (two offsite circuits inoperable) and a required feature becomes inoperable, this Completion Time begins to be tracked.

According to Regulatory Guide 1.93 (Ref. 6), operation may continue in Condition C for a period that should not exceed (continued)

SAN ON0FRE--UNIT 2 B 3.8-10

AC Sources-Operating B 3.8.1 BASES ACTIONS C.1 and C.2 (continued) 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation nieans that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds to a total loss of the immediately accessible offsite power sources.

Because of the normally high availability of the offsite sources, this level of degradation may appear to be more severe than other combinations of two AC sources inoperable that involve one or more DGs inoperable. However, two factors tend to decrease the severity of this level of degradation:

a. The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and

b. The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source.

With both of the required offsite circuits inoperable, sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a DBA or transient. In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety

, analysis. Thus, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design j criteria, i According to Reference 6, with the available offsite AC l sources two less than reauired by the LCO, operation may )

l continue for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If two offsite sources are restored j within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , unrestricted operation niay continue. If only one offsite source is restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , power operation continues in accordance with Condition A.

l l

l (continued) l I

I SAN ONOFRE--UNIT 2 B 3.8-11 L i

AC Sources-Operating B 3.8.1 BASES ACTIONS D.1 and D.2 (continued)

Pursuant to LC0 3.0.6, the Distribution System (LC0 3.8.9)

ACTIONS would not be entered even if all AC sources to it were inoperable resulting in de-energization. Therefore, the Required Actions of Condition D are modified by a Note to indicate that when Condition D is entered, the Conditions and Required Actions for LC0 3.8.9, " Distribution Systems-0perating," must be immediately entered. This i allows Condition D to provide requirements for the loss of l one offsite circuit and one DG without regard to whether a j train is de-energized. LC0 3.8.9 provides the appropriate <

restrictions for a de-energized train.

According to Regulatory Guide 1.93 (Ref. 6), operation may continue in Condition D for a period that should not exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

In Condition D, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition C (loss of both required offsite circuits). This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

L.1 With Train A and Train B DGs inoperable, there are no remaining standby AC sources. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions.

Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk associated with continued operation for a short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the (continued)

SAN ON0FRE--UNIT 2 B 3.8-12 j

i AC Sources-Operating B 3.8.1 BASES l

ACTIONS L1 (continued) time allowed for continued operation is severely restricted.

The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk l associated with this level of degradation. j According to Reference 6, with both DGs inoperable, operation may continue for a period that should not exceed 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months .

F.1 and F.2 If the inoperable AC electrical power sources cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LC0 does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the recuired unit conditions from full power conditions in an orc erly manner and without challenging unit systems.

Ll Condition G corresponds to a level of degradation in which all redundancy in the AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. 'Therefore, no additional time is justified for continued operation. The unit is required by LCO 3.0.3 to commence a controlled shutdown.

1 l

l SURVEILLANCE The AC sources are designed to permit inspection and l REQUIREMENTS testing of all important areas and features, especially those that have a standby function, in accordance with ,

10 CFR 50, Appendix A, GDC 18 (Ref. 8). Periodic component tests are supplemented by extensive functional tests dur;ng refueling outages (under simulated accident conditions).

The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3), Regulatory Guide 1.108 (Ref. 9), and Regulatory '

Guide 1.137 (Ref. 10).

(continued)

SAN ON0FRE--UNIT 2 B 3.8-13

(

AC Sources-Operating B 3.8.1 l

BASES SURVEILLANCE Where the SRs discussed herein specify voltage and frequency REQUIREMENT 3 tolerances, the following is applicable. The minimum steady (continued) state output voltage of 4297 V is above the maximum reset voltage of the 4.16 kV bus undervoltage relays (Ref. SR 3.3.7). Achieving a voltage at or above 4297 V ensures that ,

the LOVS/SDVS/DGVSS relay logic will reset allowing j sequencing of the ESF loads on to the ESF bus if one or more ESF actuation signals is present. This minimum voltage limit, which is consistent with ANSI C84.1-1982 (Ref. 11), 4 is above the allowed voltage drop to the terminals of 4160 V motors whose minimum steady state operating voltage is 3744 Y (90% of 4160 V). This minimum voltage "rquirement also ensures that adecuate voltage is providea to motors and other equipment c own through the 120 V level. The specified maximum steady state output voltage of 4576 V ensures that, l .

for a lightly loaded distribution system, the voltage at the '

terminals of 4160 V motors is no more than the maximum allowable steady state operating voltage (110% of 4160V). l The specified minimum and maximum frequencies of the DG are 59.7 Hz and 61.2 Hz, respectively. The upper frequency limit is equal to + 2% of the 60 Hz nominal frequency and is derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3). The lower frequency limit is equal to

- 0.5% of the 60 Hz nominal frequency and is based on maintaining acceptable high pressure safety injection system performance as assumed in the accident analyses.

During a DG surveillance test, steady state DG voltage of 4297 to 4576 volts and steady state frequency of 59.7 to 61.2 Hz shall be verified. For the lower voltage and frequency limits, the Total Loop Uncertainty (TLU) of the measurement device (Reference Calculation E4C-098) shall be considered.

SR 3.8.1.1 This SR assures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that availability of independent offsite circuits is maintained. l The 7 day Frequency is adequate since breaker position is not likely to change without the operator being aware of it and because its status is displayed in the control room.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-14

W AC Sources-Operating B 3.8.1 BASES SURVEILLANCE- SR 3.8.1.2 and SR 3.8.1.7 REQUIREMENTS (continued) -These SRs help to ensure the availability of the standby electrical power supply to mitigate DBAs and transients and to maintain the unit in a safe shutdown condition.

To minimize the wear on moving parts that do not get lubricated when the engine is not running, DG starts may be preceded by an engine prelube period. SR 3.8.1.2 is modified by Notes 2 and 3 to indicate that-all DG starts for SR 3.8.1.2 may be preceded by an engine prelube )eriod and followed by a warmup period prior to loading. T1e DG manufacturer recommends slow (d a-modified start (when of)the DG is limited, possible) in which the starting spee warmup is limited to this lower speed, and the DG is gradually accelerated to rated speed prior to loading. SR 3.8.1.7 is modified by Note 1 to indicate that all DG starts for SR 3.8.1.7 may be preceded by an engine prelube period.

For the purposes of SR 3.8.1.2 and SR 3.8.1.7 testing, the !

DGs are started from' standby conditions. Standby conditions for a DG mean the diesel engine coolant and oil are being {!

continuously circulated and temperature is being maintained consistent with manufacturer recommendations.

SR 3.8.1.7 ' rec uires that the DG starts from standby conditions anc achieves required voltage and frequency within 9.4 seconds without DG breaker closure. The

-9.4 second start requirement ensures that the DG meets the design basis LOCA analysis assumptions (Ref. 5), that the DG

-starts, accelerates to within the specified frequency and voltage limits,: connects: to the 4.16kV ESF bus, and resets i the ESF bus undervoltage relay logic within 10 seconds of a i SIAS. -)

The 9.4 second start requirement is not applicable to !

SR 3.8.1.2 when a modiffed (slow) start procedure described above'is used. Since SR 3.8.1.7 requires a 9.4 second start, it is more restrictive than SR 3.8.1.2 and it may be performed in lieu of SR 3.8.1.2. This is the intent of

. Note 1 of SR 3.8.1.2.

In addition to the SR requirements, the time for the DG to l_ reach steady state o i method is employed, is peration, unless periodically monitored the modified and is DG start l evaluated to identify degradation of governor and voltage regulator performance.

SR 3.8.1.7-is modified- by Note 2 which acknowledges that '

credit may-be taken for unplanned events that satisfy this SR.

(continued) t SAN ONOFRE--UNIT 2 B 3.8-15 e

i b ]

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.2 and SR 3.8.1.7 (continued)

REQUIREMENTS The normal 31 day Frequency for SR 3.8.1.2 (see Table 3.8.1-1, " Diesel Generator Test Schedule," in the accompanying LC0) and the 184 day Frequency for SR 3.8.1.7 l are consistent with Regulatory Guide 1.9 (Ref. 3). These frequencies provide adequate assurance of DG OPERABILITY, l while minimizing degradation resulting from testing.

SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to the equivalent of the maximum expected accident loads listed in Reference 2.

This capability is verified by performing a load test between 90 to 100% of rated load, for an interval of not less than 60 minutes, consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.

Although no power factor requirements are established by this SR, the surveillance is performed with DG kVAR output that offsite power System conditions without exceeding equipment ratingsi.e., (permit during without testing creating an overvoltage condition on the ESF buses, over excitation condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:

a. kVAR is 2 3000 and s 3200 or

b. the excitation current is 2 3.8 A and s 4.0 A or

c. the ESF bus voltage is 2 4530 V and s 4550 V or

d. DG feeder current is 2 730 A and s 750 A This method of establishing kVAR loading ensures that, in addition to verifying the load carrying capability (kW) of the diesel engine, the reactive power (kVAR) and voltage (continued)

SAN ON0FRE--UNIT 2 B 3.8-16

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1d (continued)

REQUIREMENTS regulation capability of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).

The normal 31 day Frequency for this Surveillance

'(Table 3.8.1-1) is consistent with Regulatory Guide 1.9 (Ref.3).

This SR is modified by four Notes. Note 1 indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized. Note 2 states that momentary DG load transients l do not invalidate this test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations. Note 4 stipulates that a successful DG start must precede this test to credit l satisfactory performance.

SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is at or above the level selected to ensure adequate fuel oil for a minimum of I hour of DG operation at full load plus 10%. The level is expressed as an equivalent volume in inches. The 30 inch level includes instrument uncertainties and corresponds to the minimum requirement of 355.1 gallons of fuel oil.

The 31 day Frequency is adequate to assure that a sufficient supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.

SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation. There are numerous microorganisms that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks once every 31 days eliminates the necessary environment for microbial survival in the day tanks. This is the most effective means of controlling

-(continued)

SAN ON0FRE--UNIT 2 B 3.8-17

I AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.5 (continued)

REQUIREMENTS microbiological fouling. In addition, it eliminates the potential for water entrainment in the fuel oil during DG operation. Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and from breakdown of the fuel oil by microorganisms. Frequent checking for and removal of accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system.

The Surveillance Frequencies are established by Regulatory Guide 1.137 (Ref. 10). This SR is for preventive maintenance. The presence of water does not necessarily represent failure of this SR provided the accumulated water is removed during the performance of this Surveillance.

SR 3.8.1.6 This Surveillance demonstrates that for each OPERABLE DG at least one fuel oil transfer pump operates and transfers fuel oil from its associated storage tank to its associated day tank. This is required to support continuous operation of the standby power source. This Surveillance provides assurance that at least one fuel oil transfer pump is OPERABLE, the fuel oil piping system is intact, the fuel delivery piping is not obstructed, and the controls and control systems for the fuel transfer system are OPERABLE. l The design of the fuel transfer system is such that one pump will operate automatically, while the other pump can be started manually. Either pump will maintain an adequate volume of fuel oil in the day tank. In such a case, a 31 day Frequency is appropriate.

SR 3.8.1.7 See SR 3.8.1.2.

SR 3.8.1.8 Verification of the capability to transfer each 4.16 kV ESF bus power supply from the normal preferred power source (offsite circuit) to each required alternate preferred power source (offsite circuit), via the train-aligned 4.16 kV (continued)

SAN ONOFRE--UNIT 2 8 3.8-18

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.8 (continued)

REQUIREMENTS crosstie between Unit 2 and Unit 3, demonstrates the 1 OPERABILITY of the alternate preferred power distribution network to power the post-accident and shutdown loads. For 2A04 the normal offsite power source is 2XR1, and the alternate offsite power source is 3XR1 or 3XVI. For 2A06 the normal offsite power source is 2XR2, and the alternate offsite power source is 3XR2 or 3XU1. A required alternate offsite power source is the source that is credited as the alternate source of offsite power in LC0 3.8.1. Therefore, the alignment of the ESF buses in Unit 3 determines which alternate offsite circuit is the required circuit at any point in time.

For each 4.16 kV ESF bus (2A04 or 2A06) this surveillance ,

requirement may be satisfied by performing both a manual l transfer and an auto-transfer from the normal offsite power .

source to at least one of the alternate offsite power !

sources. The tested source may then be credited as the required alternate offsite power source per LC0 3.8.1. This surveillance may be satisfied for the remaining power source by performing a circuit functional test in addition to the j transfer test above. This functional test shall be '

performed such that all components that are required to function for a successful manual or auto-transfer that were !

not included in the transfer tests above, are tested. This i testing niay include any series of sequential,. overlapping, or total steps so that the entire manual and auto-transfer !

capability of the source is verified. This is explained in a note to this SR.

The 24 month Frequency of the Surveillance is based on engineering judgment, taking into consideration the unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

Operating experience has shown that these components usually ,

pass the SR when performed at the 24 month Frequency.

Therefore, the Frecuency was concluded to be acceptable from a reliability stanc point.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-19

AC Sources-Operating 1

B 3.8.1

. BASES SURVEILLANCE SR 3.8.1.9 REQUIREMENTS (continued) Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel eagine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates tie DG load response characteristics and capability to reject the largest single post-accident load without exceeding l predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the largest single post-accident load for each DG is the Auxiliary Feedwater pump which has a nameplate rating of 800 HP. As required by IEEE-308 (Ref. 13), the load rejection test is acceptable if the DG frequency does not exceed 66.75 Hz, which is 75% of the difference between synchronous speed (60 Hz) and the overspeed trip setpoint (69Hz).

The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequencing and load rejection. The 4 seconds specified is equal to 80% of the 5 second load sequence interval associated with sequer.cing of the largest load. Since SONGS specific analyses demonstrate the acceptability of overlapping load groups (i.e., adjacent load groups that start at the same time due to load sequence timer tolerance), the use of 80% of load sequence interval for voltage recovery is consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The voltage and frequency specified are consistent with the design range of the equipment powered by the DG.

SR 3.8.1.9.a corresponds to the maximum frequency excursion, while SR 3.8.1.9.b and SR 3.8.1.9.c are steady state voltage and frequency values to which the system must recover following load rejection. The 24 month Frequency is consistent with the recommendation of Regulatory Guide 1.9 (Ref.3).

In order to ensure that the DG is tested under load conditions that are as close to design basis conditions as possible, testing is performed by rejecting an inductive load with kW and kVAR greater than or equal to the single largest post-accident load (683 kW, 369 kVAR). These test cer.ditions are consistent with the power factor requirements of Regulatory Guide 1.9 (Ref. 3) and the

! recommendations of Information Notice 91-13 (Ref. 16).

(continued) l SAN ON0FRE--UNIT 2 B 3.8-20

1 1

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.9 '(continued)

REQUIREMENTS This SR'is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR '3.8.1.10 This Surveillance demonstrates the DG capability to reject a

~

load equal to 90%'to 100% of its continuous rating without l overspeed tripping or exceeding the predetermined _ voltage limits. The lower load limit of 4450 kW is 94.7% of the DG continuousrating(4700kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit.

The DG full load rejection may occur because of a system fault, inadvertent breaker tripping or a SIAS received during surveillance testing. This Surveillance ensures proper engine and generator load response under the simulated test conditions. This test simulates the loss of the total connected. load that the DG ex)eriences following a full load rejection-and verifies that tie DG will not trip upon loss of the-load. The voltage transient limit of 5450 V is 125% of rated voltage (4360 V).- These acceptance criteria provide DG damage protection. While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG

.isnotdegradedforfutureapplication(e.g.,reconnection l to the bus if the trip initiator.can be corrected or isolated). These loads and limits are consistent with l Regulatory Guide 1.9 (Ref. 3). j The'DG is tested under' inductive load conditions that are as I close to design basis conditions as possible. Testing is i performed with DG kVAR output that offsite power system ,

. conditions permit during testing without exceeding equipment i ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during;this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:

a. kVAR is a 3000 and s 3200 or

b. the excitation current is 2 3.8 A and s 4.0 A or l

(continued)

SAN ONOFRE--UNIT 2 B 3.8-21

i AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.10 (continued)

REQUIREMENTS

c. the ESF bus voltage is 2 4530 V and s 4550 V or

d. DG feeder current is > 730 A and s 750 A This method of establishing kVAR loading ensures that, in addition to verifying the full load rejection capability (kW) of.the diesel engine, the reactive power rejection capability (kVAR) of the generator is verified to the extent practicable, consistent with the recommendations of RegulatoryGuide1.9(Ref.3)andInformationNotice91-13 (Ref. 16) {

The 24 month Frequency is consistent with the recommendation of Regulatory Guide 1.9 (Ref. 3) and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR ~3.8.1.11 As required by Regulatory Guide 1.9 (Ref. 3), this Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source.

This test verifies all actions encountered from the loss of offsite power, including shedding of selected loads and i energization of the permanently connected loads from the DG. 1 The permanently connected loads are the Class 1E 480 V Loadcenters and MCCs. It is recognized that certain consequential loads may also start following a loss of offsite power and therefore it is im)ortant to demonstrate that the DG operates properly with t1ese loads. The consequential loads are sequenced on the DG following a LOVS with the same time delays as for a LOVS with a SIAS.

.Therefore, the ability of the DG to operate with the consequential loads is appropriately demonstrated by the existing Surveillance Requirement simulating a loss of offsite power in combination with a SIAS (Surveillance Requirement 3.8.1.19). Since there are no auto-connected shutdown loads, the Regulatory Guide 1.9 (Ref. 3) requirements for sequencing of auto-connected shutdown loads do not apply (Ref. 17). This surveillance further demonstrates the capability of the DG to automatically achieve the required voltage and frequency, to close the DG catput breaker and connect to the ESF bus, and to reset the 4.16 kV bus undervoltage relay logic within the specified time.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-22

o

?.

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.11 (continued)

. REQUIREMENTS The DG auto-start and undervoltage relay logic reset time of l 10 seconds is derived from requirements of the accident analysis to respond to a design basis large break LOCA. The frequency should be restored to within the specified range following energization of the permanently connected loads.

The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability has been achieved.

The requirement to verify the connection and power supply of permanent loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, Emergency Core Cooling Systems (ECCS) injection valves are not desired to be stroked open, high pressure injection systems are not capable of being operated at full flow, or shutdown cooling (SDC) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation.

In lieu of actual demonstration of shedding, connection, and loading of loads, overlap testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of !

sequential,. overlapping, or total steps so that the entire !

sequence of load shedding and reenergization of permanently connected loads is verified.

.The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into consideration unit conditions required to perform the-Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by:two Notes. The reason for Note 1 is ;

to minimize wear and tear on the DGs during testing. For j the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer-recommendations. Note 2 acknowledges that credit may be taken for unplanned events ,

that satisfy this SR. ;

l (continued)

SAN ONOFRE--UNIT 2 B 3.8-23 j L~

t i

j AC Sources-Operating B 3.8.1 i

BASES I l

SURVEILLANCE SR 3.8.1.12 REQUIREMENTS I (continued) the DG l This Surveillance automatically startsdemonstrates and achieves that after a SIAS,ltage the required vo and frequency within the specified time and operates for 2 5 minutes. The 9.4 second start requirement ensures that the DG meets the design basis LOCA analysis assumption, that the DG starts accelerates to within the specified frequency andvoltagelImits,connectstothe4.16kVESFbus,and resets the ESF bus undervoltage relay logic within 10 seconds of a SIAS. The 5 minute period provides sufficient time to demonstrate stability.

In addition to the SR requirements, the time for the DG to !

reach steady state operation unless the modified DG start -

method is employed isperiodicallymonitoredandis i evaluated to identlfy degradation of governor and voltage regulator performance. ,

The Frequency of 24 months is consistent with Regulatory l Guide 1.9 (Ref. 3), takes into consideration unit conditions l

required to perform the Surveillance and is intended to be consistent with the expected fuel cyc,le lengths. Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency. Therefore the Frequency was concluded to be acceptable from a reliabiiity standpoint.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For I

i the purpose of this testing, the DGs must be started from standby conditions that is with the engine coolant and oil continuouslycirculatedand,temperaturemaintained consistent with manufacturer recommendations. Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.13 :

This Surveillance dem nstrates that DG noncritical protective functions e.g., high jacket water temperature) l are bypassed on a SIA in accordance with Regulatory Guide 1.9 (Ref. 3) The critical protective functions overspeed g nerator differential current, and low (engine

-low lube oil pressu,re which trip the DG to avert substantial damage to the DG un f are not bypassed. The noncritical trips are bypassed during, DBAs and provide an alarm on an abnormal engine condition. This alarm provides the operator with i sufficient time to react appropriately to prevent damage to the DG. The DG availability to mitigate the DBA is more critical thanprotecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-24 I

l

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.13 (continued)

REQUIREMENTS Testing to satisfy this surveillance requirement may include any series of sequential, overlapping, or total steps so that the entire noncritical trip bypass function is verified.

The 24 month Frequency is based on engineering judgment, taking into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths. Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency. Therefore, the Frequency was concluded to be acceptable from a reliability standpoint. The SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.14 Regulatory Guide 1.9 (Ref. 3), requires demonstration once per refueling outage that the DGs can start and run continuously at full load capability for an interval of not less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , a 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months of which is at load equivalent to 105% to 110% of the continuous duty rating and the remainder of the time at a load equivalent to 90% to 100% of the continuous duty rating of the DG. For the 22 hour2.546296e-4 days 0.00611 hours 3.637566e-5 weeks 8.371e-6 months duration, the lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the 100%, 105% or 110% load limits.

This test is performed with the DG connected to the offsite power supply. In this alignment DG frequency is controlled by the offsite power supply, and the operator h6s minimal control over DG output voltage. Therefore, specific DG voltage and frequency requirements as recommended by Regulatory Guide 1.9 (Ref. 3) do not apply. ;

The DG starts for this Surveillance can be performed either from standby or hot conditions. The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual . loading,- discussed in SR 3.8.1.3, are applicable to this SR.

(continued) l SAN ON0FRE--UNIT 2 B 3.8-25 a

AC Sources-Operating B 3.8.1 1

i BASES-l 1

i SURVEILLANCE SR 3.8.1.14 (continued)'

REQUIREMENTS

-The DG is tested under inductive load conditions that are as close to design conditions as possible. Testing is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:-

I

a. kVAR is 2 3000 and s 3200 or

b. the excitation current is 2 3.8 A and s 4.0 A or

c. the ESF bus voltage is 2 4530 V and s 4550 V or

d. DG feeder current is > 730 A and s 750 A This method of establishing kVAR loading ensures that, in addition to verifying the load carrying capability (kW) of the diesel engine, the reactive power (kVAR) and voltage regulation. capability of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory. Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref.16).

The kW load band in the SR is provided to avoid routine overloading of the DG. Routine overloading may result in more frecuent teardown inspections in accordance with vendor recommenc ations in-order to maintain DG OPERABILITY. ,

The 24 month Frequency is consistent with the j recommendations of Regulatory Guide 1.9, (Ref. 3), takes !

into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths. l 1

This Surveillance is modified by two Notes. Note 1 states that momentary DG load transients do not invalidate this l :

test. Note 2 acknowledges that credit may be taken for l unplanned events that satisfy this SR. 1 l-SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency within 9.4 seconds. The 9.4 second time is l )

(continued)

SAN ONOFRE--UNIT 2 B 3.8-26 l

AC Sources-Operating B 3.8.1 l BASES 1

l

~ SURVEILLANCE SR 3.8.1.15 (continued)

REQUIREMENTS derived from the requirements of the accident analysis to respond to a design basis large break LOCA. The LOCA i analysis assumes that the DG starts, accelerates to within the specified fre 4.16 kV ESF bus,and quency and resets thevoltage ESF buslimits, connects to undervoltage the relay logic within 10 seconds of a SIAS.

In addition to the SR requirements, the time for the DG to unless the modified DG start reach steady method state operation,ically is employed is period monitored and is evaluatedtoidentIfydegradationofgovernorandvoltage regulator performance. l I

The 24 month Frequenc is consistent with the and is recommendations intended to be consisof Reentulatory Guide 1.9 with expected fuel(Ref.

cyc 3)le lengths.

This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY. The requirement that the diesel has operated for at least 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months at full load conditions prior to performance of this Surveillance is based on manufacturer recommendations for achieving hot conditions. Momentary DG load transients do not invalidate l

this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing.

SR 3.8.1.16 As required by Regulatory this Survefilance ensures manualGuide 1.9 (Ref. 3),

synchronization and load l transfer from the DG to the offsite source can be made and that the DG can be returned to ready to load operation when offsite power is restored. Ready to load operation is defined as the DG running within the specif'ied frequency and j voltage limits, with the DG output breaker open. If this test is performed with a SIAS present the load transfer occurs when the offsite power breaker,is manually closed and the SIAS causes the DG output breaker to open. Ift$is test is performed without a SIAS present the load transfer occurs wnen the offsite power breaker is, manually closed, and the DG output breaker is manually opened. By design the LOVS/SDVS/DGVSS logic will have been previously resel thus allowing the DG to reload if a subsequent loss of offsite power or degraded voltage condition occurs. The LOVS/SDVS/DGVSS signal will strip the bus re sequencetimers,closetheDGoutputbreaker,settheload and permit (continued) l SAN ON0FRE--UNIT 2 B 3.8-27 l

n I

AC Sources-0perating l B 3.8.1 j BASES SURVEILLANCE SR 3.8.1.16 (continued) I REQUIREMENTS resequencing of the ESF loads if an ESF actuation signal is present.

l The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into l consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected <

fuel cycle lengths. ,

i This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.17 For this Surveillance, the DG is in test mode when it is running, connected to its bus, and in parallel with offsite i power. Demonstration of the test mode override ensures i that:

1) the DG availability under accident conditions will not be compromised as the result of testing with the DG connected to its bus in parallel with offsite power, and

2) the DG will automatically return to ready to load operation, if a SIAS is received durinc operation in the test mode.

Ready to load operation is iefined as the DG running within the specified frequency and voltage limits, with the DG out)ut breaker open. These )rovisions are required by IEEE-308 (Ref.13), paragrapi 6.2.6(2) and Regulatory Guide ;

1.9 (Ref. 3).

The intent in the requirement to automatically energize the emergency loads with offsite power associated with SR 3.8.1.17.b is to show that the emergency loading was not affected by DG operation in the test mode in parallel with offsite power. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the emergency loads to perform these functions is acceptable. This testing may include any series of sequential overlapping, or total steps so that the entire connection and loading sequence is verified.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-28

m AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.17 (continued)

REQUIREMENTS The 24 month Frequency is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.18 As required by Regulatory Guide 1.108 (Ref. 9),

paragraph 2.a.(2), each DG is required to demonstrate proper operation for the DBA loading sequence to ensure that i voltage and frequency are maintained within the required l limits. Under accident conditions, prior to connecting the DGs to their respective buses, all loads are shed except load center feeders and those motor control centers that power Class 1E loads (referred to as " permanently connected" loads). Upon reaching 90% of rated voltage and frequency, the DGs are then connected to their res)ective buses. Loads i are then sequentially connected to the aus by the programmed I time interval load sequence. The sequencing logic controls l the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents. The 10% load sequence start time tolerance ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF ecuipment time delays are not violated. Reference 2 provic es a summary of the automatic loading of ESF buses.

For the Containment En~.ergency Cooling Units only, the sequenced time is the actual start time of the Component Cooling Water pumps plus 5 20.5 seconds. The tolerance is based on a design interval of 5 seconds.

The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.108 (Ref. 9),

paragraph 2.a.(2); takes into consideration unit conditions required to perfcrm the Surveillance; and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

(continued)

SAN ON0FRE--UNIT 2 B 3.8-29

AC Sources-Operating

. B 3.8.1 l

BASES

-SURVEILLANCE SR 3.8.1.19 REQUIREMENTS (continued) In the event of a DBA coincident with a loss of offsite power, the DGs are required to supply the necessary power to l ESF systems so that the fuel, RCS, and containment design limits ~are'not exceeded.

This Surveillance demonstrates the DG operation,-as discussed in the Bases for SR 3.8.1.11, during an actual or simulated loss of offsite power signal (LOVS/DGVSS conjunctionwithactualor_simulatedESFactuation/SDVS)insignals (SIAS, CCAS, CSAS, EFAS-1, and EFAS-2). Multiple ESF actuation signals are initiated to simulate worst case DG load sequencing conditions.

In lieu of actual demonstration of shedding, connection, and l loading of loads, testing that adequately shows the capability of.the DG system to perform these functions is acceptable. This testing may include any. series of sequential, overlapping, or total steps so that the entire load shedding, connection, and loading sequence is verified. l The Frequency of 24 months takes into consideration unit conditions required to perform the Surveillance and is intended to be consistent with an expected fuel cycle length l of 24 months.

This SR is modified by two Notes. The~ reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from l

standby conditions,_that is, with the engine coolant and oil continuously circulated and temperature maintained ,

consistent with manufacturer recommendations for DGs. !

Note 2 acknowledges that credit may be taken for unplanned l events that satisfy this SR. l I

SR 3.8.1.20 This Surveillance demonstrates that the DG starting

, independence has not been compromised. This Surveillance l ,

l. demonstrates that each engine can achieve proper speed l within the specified time when the DGs are started simultaneously. !

The 10 year Frequency is consistent with the recommendations of Regulatory Guide 1.108 (Ref. 9), paragraph 2.b, Regulatory Guide 1.137 (Ref. 10), paragraph C.2.f, and RegulatoryGuide1.9(Ref.3).

l (continued)

SAN ON0FRE--UNIT 2 8 3.8-29a p

AC Sources-0perating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.20 (continued)

REQUIREMENTS .

This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated, and temperature maintained consistent with manufacturer recommendations.

Diesel Generator Test Schedule The DG test schedule (Table 3.8.1-1) implements the recommendations of Revision 3 to Regulatory Guide 1.9 (Ref.3). The purpose of this test schedule is to provide timely test data to establish a confidence level associated with the goal to maintain DG reliability above 0.95 per demand.

According to Regulatory Guide 1.9, Revision 3 (Ref. 3), each DG unit should be tested at least once every 31 days.

According to Draft Regulatory Guide DG-1021 (Ref. 14) and 10 CFR 50.63(a)(3)(11) (Ref.15), whenever a DG has experienced 4 or more valid failures in the last 25 valid tests, the maximum time between tests is reduced to 7 days.

Four failures in 25 valid tests is a failure rate of 0.16, or the threshold of acceptable DG performance, and hence may be an early indication of the degradation of DG reliability.

When considered in the light of a long history of tests, 4 failures in the last 25 valid tests may only be a l statistically probable distribution of random events.

Increasing the test Frequency will allow for a more timely accumulation of additional test data upon which to base judgment of the reliability of the DG. The increased test Frequency must be maintained until seven consecutive, failure free tests have been performed.

The Frequency for accelerated testing is 7 days, but no less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . Therefore, the interval between tests should be no less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , and no more than 7 days. A

-successful test at an interval of less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months should be considered an invalid test and not count towards the seven consecutive failure free starts. A test interval in excess of 7 days constitutes a failure to meet the Srs.

(continued)-

SAN ON0FRE--UNIT 2 B 3.8-29b

AC Sources-Operating B 3.8.1 BASES REFERENCES 1. 10 CFR 50, Appendix A, GDC 17.

2. UFSAR, Chapter 8.

3. Regulatory Guide 1.9, Rev. 3.

4. UFSAR, Chapter 6.

5 '. UFSAR, Chapter 15.

6. Regulatory Guide 1.93, Rev. O.

7. Generic Letter 84-15.

8. 10 CFR 50, Appendix A, GDC 18. l

9. Regulatory Guide 1.108, Rev. 1.

10. Regulatory Guide 1.137, Rev. 1.

11. ANSI C84.1-1982.

12. ASME, Boiler and Pressure Vessel Code,Section XI.

13. IEEE Standard 308-1978.

14. Draft Regulatory Guide DG-1021, April 1992.

15. 10 CFR 50.63 Register Vol.(a)(3)(ii) as page 57, No. 77 published in Federal 14517, April 21,1992.

16. Information Notice 91-13, " INADEQUATE TESTING OF EMERGENCY DIESEL GENERATORS (EGDs)," 09/16/91.

17. Letter from SCE to the NRC dated May 5,1995, subject Docket Nos. 50-361 and 50-362, Diesel Generator Loading San Onofre Nuclear Generating Station Units 2 and 3.

l SAN ON0FRE--UNIT 2 B 3.8-29c i l

)

I I

1 Attachment F I (Proposed Pages)

SONGS Unit 3 l

l

AC Sources-Operating 3.8.1 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME I

F. Required Action and F.1 Be in MODE 3. 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Associated Completion i Time of Condition A, AND B, C, D, or E not met.

F.2 Be in MODE 5. 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months G. Three or more required G.1 Enter LC0 3.0.3. Immediately AC sources inoperable.

SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.8.1.1 -------------------NOTES-------------------

1. Buses 2A04 and 2D1 are required when unit crosstie breaker 2A0417 is used l to provide a source of AC power.

2. Buses 2A06 and 202 are required when-unit crosstie breaker 2A0619 is used l to provide a source of AC power.

Verify correct breaker alignment and power 7 days availability for each required offsite i circuit.

(continued)

SAN ON0FRE--UNIT 3 3.8-4

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.2 -------------------NOTES-------------------

1. Performance of SR 3.8.1.7 satisfies this SR.

2. 1 DG starts may be preceded by an eng ne prelube period and followed by a warmup period prior to loading.

3. A modified DG start involving idling and gradual acceleration to rated l speed may be used for this SR as recommended by the manufacturer. When modified start procedures are not used, the time, voltage, and frequency tolerances of SR 3.8.1.7 must be met.

Verify each OG starts from standby As specified in conditions and achieves: Table 3.8.1-1 l

a. Steady state voltage 2 4297 V and s 4576 V; and

b. Steady state frequency 2 59.7 Hz and l s 61.2 Hz.

(continued)

SAN ON0FRE--UNIT 3 3.8-5

g - _

AC Sources-Operating 3.8.1 L

l SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.7 ------------------NOTES--------------------

1. All DG starts may be preceded by an engine prelube period.

2.- Credit may be taken for unplanned 184 days events that satisfy this SR.

. Verify each OG starts from standby l condition and:

i

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency 2 59.7 Hz;

b. Maintains steady state voltage 2 4297 V and s 4576 V; and

c. Maintains steady state frequency 2 59.7 Hz and s 61.2 Hz.

L SR 3.8.1.8 -------------------NOTE------------------

1. Credit may be taken for unplanned events that satisfy this SR.

l

2. Testing to. satisfy this SR shall 24 months include actual automatic and manual transfer to at least one alternate i offsite circuit. The other alternate l offsite circuit may be verified by l overlapping circuit tests.

l l Verify capability of automatic and manual

transfer of AC power sources from the

!- normal offsite circuit to each alternate

! required offsite circuit.

(continued)

SAN ONOFRE--UNIT 3 3.8-7 I l

1

]

1

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.9 -------------------NOTE------------------.

Credit may be taken for unplanned events that satisfy this SR.

Verify each DG rejects a load greater than 24 months or equal to its associated single largest post-accident load, and:

a. Following load rejection, the frequency is s 66.75 Hz;

b. Within 4 seconds following load rejection, the voltage is a 4297 V and s 4576 V; and

c. Within 4 seconds following load rejection, the frequency is 2 59.7 Hz and s 61.2 Hz.

SR '3.8.1.10 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify each DG, when connected to its bus 24 months in parallel with offsite power and operating with inductive-loading that offsite power conditions permit, during and following a load rejection of 2 4450 kW and s 4700 kW: l

a. Does not trip; and l

b. Voltage is maintained.s 5450 V. l (continued)

SAN ON0FRE--UNIT 3 3.8-8 ;

l l

u_

AC Sources-Operating 3.8.1 1 SURVEILLANCE REQUIREMENTS (continued) i SURVEILLANCE I FREQUENCY SR 3.8.1.11 -------------------NOTES-------------------

1. All DG starts may be preceded by an engine prelube period.

2. Credit may be taken for unplanned I events that satisfy this SR. )

Verify on an actual or simulated loss of 24 months offsite power signal:

a. De-energization of emergency buses;

b. Load shedding from emergency buses;

c. DG auto-starts from standby condition and:

1. energizes permanently connected loads and resets the 4.16kV bus undervoltage relay logic in s 10 seconds;

2. maintains steady state voltage 2 4297 V and s 4576 V; l

3. maintains steady state frequency ,

2 59.7 Hz and s 61.2 Hz; and l i

4. supplies permanently connected loads for 2 5 minutes.

(continued) l SAN ON0FRE--UNIT 3 3.8-9 u

AC Sources-0perating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.12 -------------------NOTES-------------------

1. All DG' starts may be preceded by an engine prelube period.

2. Credit may be taken for unplanned events that satisfy this SR.

Verify on an actual or simulated SIAS, each DG auto-starts from standby condition and: 24 months '

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency a 59.7 Hz;

b. Maintains steady state voltage 2 4297 V and s 4576 V; and

c. Maintains steady state frequency 2 59.7 Hz and s 61.2 Hz.

d. Operates for 2 5 minutes. l SR 3.8.1.13 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify each DG automatic trip is bypassed j on actual or simulated SIAS except: 24 months l :

a. Engine overspeed;

b. Generator differential current; and i

c. Low-low lube oil pressure.

f (continued) 1 L

l SAN ON0FRE--UNIT 3 3.8-10 t--

AC Sources-Operating 3.8.1 l

SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCYs I

.SR 3.8.1.14 -------------------NOTES-------------------

1. Momentary transients outside the load range does not invalidate this test. l

2. Credit may be taken for unplanned events that satisfy this SR.

when connected to its bus 24 months Verify in parallel each wit DG,h offsite power and l operating with inductive loading that offsite power conditions permit, operates for 2 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months s:

a. For 2 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months loaded 2 4935 kW and s 5170 kW; and

b. For the remaining hours of the test

. loaded 2 4450 kW and s 4700 kW.

SR 3.8.1.15 -------------------NOTES------------------- l

1. This Surveillance shall be performed I within 5 minutes of shuttin, down the ;

I DGaftertheDGhasoperated22 hours i loaded a 4450 kW and s 4700 kW.

Momentary transients outside the load l )

! range do not invalidate this test.

2. All DG-starts may be preceded by an engine prelube period.

Verify each DG starts and: 24 months l

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency 2 59.7 Hz; i

b. Maintains steady state voltage '

2 4297 V and s 4576 V;

c. Maintains steady state frequency 2 59.7 Hz and s 61.2 Hz; and i

d. Operates for 2 5 minutes. l l

l (continued)

SAN ON0FRE--UNIT 3 3.8-11

AC Sources-Operating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)-

L SURVEILLANCE FREQUENCY SR 3.8.1.16 --------- ---------NOTE--------------------

Credit ma be taken for unplanned events that sati fy this SR.

( Verify each DG: 24 months I

a. Is capable of being synchronized with l offsite power while loaded with emergency loads upon a simulated restoration of offsite power;

b. Transfers loads to offsite power source; and

c. Returns to ready-to-load operation, with:

1. steady state voltage 2 4297 Y and s 4576 V;

2. steady state-frequency 2 59.7 Hz and s 61.2 Hz; and '

3. the DG output breaker open. l l

SR 3.8.1.17 --------- ---------NOTE--------------------

Credit ma be taken for unplanned events that sati fy this SR.

Verify with a DG operating in test mode 24 months and con,nected to its bus in parallel with an actual or simulated SIAS offsite power, overrides the test mode by:

a. Returning the DG to ready-to-load operation, with:-

1. steady state voltage 2 4297 V and s 4576 V;

2. steady state frequency a 59.7 Hz and s 61.2 Hz; and

3. the DG output breaker open; and l

b. Automatically energizing the emergency I loads from offsite power. :

1 (continued) i ll I

i l SAN ONOFRE--UNIT 3 3.8-12 l I

AC Sources-0perating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.18 -------------------NOTE-------------------

Credit may be taken for unplanned events that satisfy this SR.

Verify interval between each sequenced load 24 months block is within

10% of design interval for each emergency and shutdown load programmed time interval load sequence.

(continued) l l

1 1

SAN ON0FRE--UNIT 3 3.8-13 m

1 AC Sources-0perating 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.8.1.19 -------------------NOTES-------------------

1. All DG starts may be preceded by an engine prelube period.

2. Credit may be taken for unplanned events that satisfy this SR.

Verify on an actual or simulated loss of 24 months offsite power signal in conjunction with actual or simulated ESF actuation signals:

a. De-energization of emergency buses;

b. Load shedding from emergency buses; I

c. DG auto-starts from standby condition and: j

1. energizes permanently connected loads and resets the.4.16 kV bus undervoltage re. lay logic in s 10 seconds;

2. energizes auto-connected emergency loads through the programmed time interval load sequence;

3. achieves steady state voltage 2 4297 V and s 4576 V; l

4. achieves steady' state frequency l 2 59.7 Hz and s 61.2 Hz; and l

5. supplies permanently connected and auto-connected emergency loads for 2 5 minutes.

(continued)

SAN ONOFRE--UNIT 3 3.8-14 L

AC Sources-Operating l 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR. 3.8.1.20 -------------------NOTE--------------------

All DG starts may be preceded by an engine prelube period.

Verify, when started simultaneously from' 10 years standby condition, each DG:

a. In s 9.4 seconds, achieves voltage 2 4297 V and frequency a 59.7 Hz;

b. Maintains steady state voltage 2 4297 V and s 4576 V; and

c. Maintains steady state frequency 2 59.7 Hz.and s 61.2 Hz.

SAN ONOFRE--UNIT 3 3.8-15 L- -

p W.W i .IL AC Sources-Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC. Sources -Operating BASES-BACKGROUND The Clau IE Electrical Power Distribution System AC sources consist of the offsite power sources (normal preferred and alternate preferred power sources), and the standby (onsite) power sources (Train A and Train B Diesel Generators (DGs)).

As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems.

The onsite Class 1E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to two ;

preferred (offsite) power sources and a single DG. l In Modes 1 through 4, the normal preferred power source l 0 (Offsite circuit #1) for each unit is Reserve Auxiliary Transformers XR1 and XR2 for the specific unit. XRI. feeds one 4.16 kV ESF bus (Train A) A04 and XR2 feeds the other 4.16 kV ESF bus (Train B) A06 of the onsite Class 1E AC distribution system for each unit. The alternate preferred power source (Offsite circuit #2)'is the other unit's Reserve Auxiliary Transformers XR1 and XR2, or the other unit's Unit Auxiliary Transformer XVI through the train oriented 4.16 kV ESF bus cross-ties between the two units.

The 4.16 kV ESF bus alignment in the other unit determines which transformer (s) serves as the alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Reserve Auxiliary Transformer (XR1 or XR2), then that transformer is the required alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned totheUnitAuxiliaryTransformer(XU1),thenthat transformer is the required alternate preferred power source.

In Modes 5 and 6, when the main generator is not operating, l each Class 1E Switchgear can be connected to a third preferred power source via the Unit Auriliary Transformers

' by manually removing the links in the :3clated phase bus between the Main Generator and the Ma n (continued)

B 3.8-1

- SAN ONOFRE--UNIT 3

l AC Sources-0perating B 3.8.1 BASES BACKGROUND transformer of the non-operating (Modes 5 and 6) unit and (continued) closing the 4.16 kV circuit breaker to the Unit Auxiliary transformer of the same unit. In this alignment, the Unit Auxiliary Transformer (XU1) serves as the required normal preferred power source of the unit and the alternate preferred power source for the ESF bus (es) in the other unit.

An offsite circuit includes all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1E ESF bus or buses.

During a Safety Injection Actuation Signal (SIAS), certain required ESF loads are connected to the ESF buses in a predetermined sequence. Within 77 seconds after the SIAS, all automatic and permanently connected loads needed to recover the unit or maintain it in a safe condition are placed in service. l The standby (onsite) power source for each 4.16 kV ESF bus l 1s a dedicated DG. DGs G002 and G003 are dedicated to ESF buses A04 and A06, respectively. A DG starts automatically on a SIAS (i.e., low pressurizer pressure or high l containment pressure signals) or on an ESF bus degraded voltage or undervoltage signal. After the DG has started, it will automatically connect to its respective bus after the offsite power supply breaker is tripped as a consequence of ESF bus undervoltage or degraded voltage, independent of or coincident with a SIAS signal. The DGs will also start and operate in the standby mode without tying to the ESF bus on a SIAS alone. Following the trip of offsite power, an undervoltage signal stri as selected loads from the ESF bus.

When the DG is tied to tie ESF bus, the permanently connected loads are energized. If one or more ESF actuation signals are present, ESF loads are then sequentially connected to their respective ESF bus by the programmed time interval load sequence. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of a loss of preferred power in conjunction with one or more ESF actuation signals, the ESF electrical loads are automatically connected to the DGs in sufficient time to provide for safe reactor shutdown and to mitigate the consequences of a Desi loss of coolant accident (gn Basis Accident (DBA) such as a LOCA).

l (continued)

SAN ON0FRE--UNIT 3 6 3.8-2 L.

AC Sources-Operating B 3.8.1 BASES BACKGROUND Ratings for Train A and Train B DGs satisfy the requirements (continued) of Regulatory Guide 1.9 (Ref. 3). The continuous service rating of each DG is 4700 kW with 10% overload permissible for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months in any 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. However, for standby class of service like the San Onofre DGs the manuf acturer allows specific overload values up to 116.1% of continuous duty rating based on the total hours the DG is operated per year. The ESF loads that are powered from the 4.16 kV ESF buses are listed in Reference 2.

APPLICABLE The initial conditions of DBA and transient analyses in the SAFETY ANALYSES UFSAR, Chapter 6 (Ref. 4) and Chapter 15 (Ref. 5), assume ESF systems are OPERABLE. The AC electrical power sources are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System (RCS), and containment design limits are not exceeded. These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS); and Section 3.6, Containment Systems.

The OPERABILITY of the AC electrical power sources is ,

consistent with the initial assumptions of the accident analyses and is based upon meeting ~the design basis of the unit. This results in maintaining at least one train of the onsite or offsite AC sources OPERABLE during accident conditions in the event of:

1

a. An assumed loss of all offsite power or all onsite AC I power; and i

b. A worst case single failure.

The AC sources satisfy Criterion 3 of NRC Policy Statement.

LC0 Two qualified circuits between the offsite transmission network and the onsite Class 1E Electrical Power Distribution System and separate and independent DGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an Anticipated Operational Occurrence (A00) l or a postulated DBA.

(continued)

SAN ONOFRE--UNIT 3 8 3.8-3 L-

AC Sources-Operating B 3.8.1 BASES LC0 Qualified offsite circuits are those that are described in (continued) the UFSAR and are part of the licensing basis for the unit.

Required offsite circuits are those circuits that are credited and required to be Operable per LC0 3.8.1.

Each required offsite circuit must be capable of maintaining frequency and voltage within specified limits, and acce) ting required loads during an accident, while connected to tie ESF buses.

In Modes 1 through 4, the normal preferred power source l (Offsite circuit #1) for each unit is Reserve Auxiliary Transformers XR1 and XR2 for the specific unit. XR1 feeds one 4.16 kV ESF bus (Train A) A04 and XR2 feeds the other 4.16 kV ESF bus (Train B) A06 of the onsite Class 1E AC distribution system for each unit. The alternate preferred power source (Offsite circuit #2) is the other unit's Reserve Auxiliary Transformers XR1 and XR2, or the other unit's Unit Auxiliary Transformer XU1 through the train oriented 4.16 kV ESF bus cross-ties between the two units.

The 4.16 kV ESF bus alignment in the other unit determines l which transformer (s) serves as the alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Reserve Auxiliary Transformer (XR1 or XR2), then that transformer is the required alternate preferred power source. If the 4.16 kV ESF bus in the other unit is aligned to the Unit Auxiliary Transformer (XU1), then that transformer is the required alternate preferred power source.

In Modes 5 and 6, when the main generator is not operating, l each Class 1E Switchgear can be connected to a third 3 referred power source via the Unit Auxiliary Transformers

)y manually removing the links in the isolated phase bus between the Main Generator and the Main transformer of the non-operating (Modes 5 and 6) unit and closing the 4.16 kV l circuit breaker to the Unit Auxiliary transformer of the same unit. In this alignment, the Unit Auxiliary Transformer (XU1) serves as the required normal preferred power source of the unit and the alternate preferred power source for the ESF bus (es) in the other unit.

Each DG must be capable of starting, accelerating to within specified frequency and voltage limits, connecting to its respective ESF bus on detection of bus undervoltage, and resetting the 4.16 kV bus undervoltage relay logic, in less than or equal to 10 seconds. Each DG must also be capable of accepting required loads within the assumed loading (continued)

SAN ON0FRE--UNIT 3 B 3.8-4 l

AC Sources-Operating B 3.8.1 BASES LC0 sequence intervals, and continue to operate until offsite (continued) power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as: DG in standby with the engine hot, DG in standby with the engine at ambient conditions, and DG operating in a parallel test mode. A DG is considered already operating if the DG voltage is 2 4297 and s 4576 volts and the frequency is 2 59.7 and s 61.2 Hz.

Proper sequencing of loads, including tripping of nonessential loads on a SIAS, is a required function for DG l OPERABILITY.

The AC sources in one train must be separate and independent (totheextentpossible)oftheACsourcesintheother train. For the DGs, separation and independence are complete.

For the offsite AC sources, separation and independence are to the extent practical. A circuit may be connected to more than one ESF bus, with transfer capability to the other circuit, and not violate separation criteria.

APPLICABILITY The AC sources and associated automatic load sequence timers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:

a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of A00s or abnormal transients; and

b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.

The AC power requirements for MODES 5 and 6 are covered in LC0 3.8.2, "AC Sources - Shutdown."

ACTIONS /L1 To ensure a highly reliable power source remains with the one offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit on (continued) 1 SAN ONOFRE--UNIT 3 8 3.8-5 L

l i AC Sources-Operating B 3.8.1 BASES i

ACTIONS M (continued) a more frequent basis. Since the Required Action only specifies " perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. l However, if a second required circuit fails SR 3.8.1.1, the ;

second offsite circuit is inoperable, and Condition C, for -

two offsite circuits inoperable, is entered. !

l M I According to Regulatory Guide 1.93 (Ref. 6), operation may l continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one offsite circuit inoperable, the l reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety l systems. In this Condition, however, the remaining OPERABLE l offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System. '

1 The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the ca)acity )

and capability of the remaining AC sources, a reasona)le time for repairs, and the low probability of a DBA occurring ,

during this period. l The second Completion Time for Required Action A.2 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable, and that DG is subsequently returned OPERABLE, the LC0 may already have been not met for up to 14 days. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 14 days (for a total of 31 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "MQ" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 17 day Completion Time means that both Completion Times apply simultaneously, and the more i restrictive Completion Time must be met.

(continued) l SAN ONOFRE--UNIT 3 B 3.8-6 l

l t

L AC Sources-Operating B 3.8.1 BASES ACTIONS L2 (continued)

. As in Required Action A.2, the Completion Time allows for an exception to the normal " time zero" for beginning the allowed outage time " clock." This will result in establishing the " time zero" at the time that the LC0 was initially not met, instead of at the time Condition A was entered.

l As required by Section 5.5.2.14, a Configuration Risk

~ Management Program is implemented in the event of Condition A.

B.d To ensure a highly reliable power source remains when one of l the required DGs is inoperable, it is necessary to verify the availability of'the offsite circuits on a more frequent-basis. Since the Required Action only specifies " perform,"

a failure of SR 3.8.1.1 acceptance criteria does not result l in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite l circuit inoperability, additional Conditions and Required Actions must then be entered.

L2 Required Action.B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety ;

function of critical systems. These features are designed !

! with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. Single train systems, such as turbine driven auxiliary feedwater pumps, are not included. Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable DG.

The Completion Time for Required Action B.2 is intended to allow the operator time to evaluate and repair any ;

discovered inoperabilities. This Completion Time also i allows for an exception to the normal " time zero" for i beginning the allowed outage time " clock." In this Required Action, the Completion Time only begins on discovery that both:

l (continued) l

. SAN ON0FRE--UNIT 3 B 3.8-7 I w _

AC Sources-Operating B 3.8.1 BASES ACTIONS JL2 (continued)

a. An inoperable DG exists; and

b. A required feature on the other train is inoperable.

If at any time during the existence of this Condition (one DG inoperable) a required feature subsequently becomes inoperable, this Completion Time begins to be tracked.

Discovering one required DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the completion Time for the Required Action.

Four hours from the discovery of these events existing concurrently, is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not been lost. The 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

B.3.1 and B.3.2 Required Action B.3.1 provides an allowance to avoid unnecessary testing of OPERABLE DGs. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have te be performed. If the cause of inoperability exists on other DG, the other DG would be declared inoperable upon discovery and Condition E of LC0 3.8.1 would be entered. Once the failure is repaired, the common cause failure no longer exists and Required Action B.3.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG, performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.

(continued)

SAN ON0FRE--UNIT 3 B 3.8-8

AC Sources-Operating B 3.8.1 BASES ACTIONS B.3.1 and B.3.2 (continued)

According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG is not affected by the same problem as the inoperable DG.

Bd An augmented analysis using the methodology set forth in Reference 16 provides a series of deterministic and probabilistic justifications and supports continued operations in Condition B for a period that should not exceed 14 days.

In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action B.4 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entcred while, for instance, an offsite circuit is inoperable and that circuit is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit coulo again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 20 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "MII" connector between the 14 day and 17 day Completion Times means that both Completien Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the Completion Time allows for an exception to the normal " time zero" for beginning the allowed time " clock." This will result in establishing the (conHnued)

SAN ONOFRE--UNIT 3 B 3.8-9

AC Sources-Operating B 3.8.1 BASES I

l ACTIONS Jk4(continued)

)

" time zero" at the time that the LC0 was initially not met,

! instead of at the time Condition B was entered.

As required by Section 5.5.2.14, a Configuration Risk Management Program is implemented in the event of Condition B.

C.1 and C.2 Required Action C.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from the 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed by Regulatory Guide 1.93 (Ref. 6) for two inoperable required offsite circuits. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowance is based upon the l assumption that two complete safety trains are OPERABLE.

When a concurrent redundant requireo feature failure exists, this assumption is not the case and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. These features are powered

" rom redundant AC safety trains. This includes motor driven auxiliary feedwater pumps. Single train turbine driven auxiliary pumps, are not included in the list.

l The Completion Time for Required Action C.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal " time zero" for beginning the allowed outage time " clock." In this Required 1

Action, the Completion Time only begins on discovery that both:

l

a. All required offsite circuits are inoperable; and

b. A required feature is inoperable.

If at any time during the existence of Condition C (two offsite circuits inoperable) and a required feature becomes inoperable, this Completion Time begins to be tracked.

According to Regulatory Guide 1.93 (Ref. 6), operation may continue in Condition C for a period that should not exceed (continued)

SAN ONOFRE--UNIT 3 B 3.8-10

f AC Sources-Operating B 3.8.1 BASES ACTIONS C.1 and C.2 (continued) 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds i to a total loss of the immediately accessible offsite power sources.

Because of the normally high availability of the offsite sources, this level of degradation may appear to be more !

severe than other combinations of two AC sources inoperable I that involve one or more DGs inoperable. However, two factors tend to decrease the severity of this level of degradation,

a. The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and

b. The time required to detect and restore an unavailable 1 offsite power source is generally much less than that ;

required to detect and restore an unavailable onsite AC source.

With both of the required offsite circuits inoperable, ,

sufficient onsite AC sources are available to maintain the '

unit in a safe shutdown condition in the event of a DBA or transient. In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety i analysis. Thus, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time provides a period of time to effect restoration of one of the offsite ,

circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.

According to Reference 6, with the available offsite AC sources two less than required by the LCO, operation may continue for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If two offsite sources are restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , unrestricted operation may continra. If only one offsite source is restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , power operation continues in accordance with Condition A.

(continued)

SAN ON0FRE--UNIT 3 B 3.8-11

AC Sources-Operating }

B 3.8.1 1 i

BASES ACTIONS D.1 and 0.2 (continued)

Pursuant to LC0 3.0.6, the Distribution System (LC0 3.8.9) )

ACTIONS would not be entered even if all AC sources to it ]

were inoperable resulting in de-energization. Therefore, j the Required Actions of Condition D are modified by a Note to indicate that when Condition D is entered, the Conditions and Required Actions for LC0 3.8.9, " Distribution Systems-0perating," must be immediately entered. This !

allows Condition D to provide requirements for the loss of j one offsite circuit and one DG without regard to whether a l train is de-energized. LC0 3.8.9 provides the appropriate {

restrictions for a de-energized train.

According to Regulatory Guide 1.93 (Ref. 6), operation may .

continue in Condition D for a period that should not exceed )

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

l In Condition D, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition C (loss of both required offsite ;

circuits). This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

ful With Train A and Train B DGs inoperable, there are no remaining standby AC sources. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions.

Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk I associated with continued operation for a short time could l be less than that associated with an immediate controlled i shutdown (the immediate shutdown could cause grid !

instability, which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the (continued)

SAN ON0FRE--UNIT 3 B 3.8-12 L.

AC Sources-Operating B 3.8.1 j BASES !

-ACTIONS Ed (continued) time allowed for continued operation is severely restricted.

The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with this level of degradation.

According to Reference 6, with both DGs inoperable, operation may continue for a period that should not exceed 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months .

F.1 and F.2 If the inoperable AC electrical power sources cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LC0 does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the recuired unit conditions from full power conditions in an orcerly manner and without challenging unit systems.

Gd Condition G corresponds to a level of degradation in which all redundancy in the AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. Therefore, no additional time is justified for continued operation. The unit is required by LC0 3.0.3 to i commence a controlled shutdown.

SURVEILLANCE The AC sources are designed to permit inspection and REQUIREMENTS testing of all important areas and features, especially those that have a standby function, in accordance with 10 CFR 50, Appendix A, GDC 18 (Ref. 8). Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions).

The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3), Regulatory Guide 1.108 (Ref. 9), and Regulatory Guide 1.137 (Ref. 10).

(continued)

SAN ON0FRE--UNIT 3 B 3.8-13 u

l l

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE Where the SRs discussed herein specify voltage and frequency l REQUIREMENTS tolerances, the following is applicable. The minimum steady (continued) state output voltage of 4297 V is above the maximum reset l voltage of the 4.16 kV bus undervoltage relays (Ref. SR '

3.3.7). Achieving a voltage at or above 4297 V ensures that the LOVS/SDVS/DGVSS relay logic will reset allowing i sequencing of the ESF loads on to the ESF bus if one or more '

ESF actuation signals is present. This minimum voltage limit, which is consistent with ANSI C84.1-1982 (Ref. 11),

is above the allowed voltage drop to the terminals of 4160 V l motors whose minimum steady state operating voltage is 3744 V (90% of 4160 V). This minimum voltage requirement also ensures that adequate voltage is provided to motors and other equipment down through the 120 V level. The specified ;

maximum steady state output voltage of 4576 V ensures that, l l for a lightly loaded distribution system, the voltage at the l terminals of 4160 V motors is no more than the maximum '

allowable steady state operating voltage (110% of 4160V).

The specified minimum and maximum frequencies of the DG are 59.7 Hz and 61.2 Hz, respectively. The upper frequency limit is equal to + 2% of the 60 Hz nominal frequency and is derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3). The lower frequency limit is equal to i

- 0.5% of the 60 Hz nominal frequency and is based on '

maintaining acceptable high pressure safety injection system performance as assumed in the accident analyses.

During a DG surveillance test, steady state DG voltage of 4297 to 4576 volts and steady state frequency of 59.7 to 61.2 Hz shall be verified. For the lower voltage and frequency limits, the Total Loop Uncertainty (TLU) of the measurement device (Reference Calculation E4C-098) shall be considered.

SR 3.8.1.1 This SR assures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that availability of independent offsite circuits is maintained. l The 7 day Frequency is adequate since breaker position is not likely to change without the operator being aware of it and because its status is displayed in the control room.

(continued)

SAN ONOFRE--UNIT 3 B 3.8-14 w_

AC Sources-Operating 8 3.8.1

( BASES SURVEILLANCE SR 3.8.1.2 and SR 3.8.1.7 l REQUIREMENTS (continued) These SRs help to ensure the availability of the standby '

electrical power supply to mitigate DBAs and transients and to maintain the unit in a safe shutdown condition.

To minimize the wear on moving parts that do not get lubricated when the engine is not running, DG starts may be preceded by an engine prelube period. SR 3.8.1.2 is modified by Notes 2 and 3 to indicate that all DG starts for SR 3.8.1.2 may be preceded by an engine prelube period and followed by a warmup period prior to loading. The DG manufacturerrecommendsamodified(slow) start (when possible) in which the starting speed of the DG is limited, warmup is limited to this lower speed, and the DG is gradually accelerated to rated speed prior to loading. SR 3.8.1.7 is modified by Note 1 to indicate that all DG starts for SR 3.8.1.7 may be preceded by an engine prelube period.

For the purposes of SR 3.8.1.2 and SR 3.8.1.7 testing, the DGs are started from standby conditions. Standby conditions for a DG mean the diesel engine coolant and oil are being continuously circulated and temperature is being maintained consistent with manufacturer recommendations.

1 SR 3.8.1.7 rec uires that the DG starts from standby I conditions anc achieves required voltage and frequency i within 9.4 seconds without DG breaker closure. The '

9.4 second start requirement ensures that the DG meets the design basis LOCA analysis assumptions (Ref. 5), that the DG 1 starts, accelerates to within the specified fre I voltage limits, connects to the 4.16kV ESF bus,quency and and resets the ESF bus undervoltage relay logic within 10 seconds of a SIAS.

The 9.4 second start requirement is not applicable to SR 3.8.1.2 when a modified (slow) start procedure described above is used. Since SR 3.8.1.7 requires a 9.4 second start, it is more restrictive than SR 3.8.1.2 and it may be performed in lieu of SR 3.8.1.2. This is the intent of Note 1 of SR 3.8.1.2.

In addition to the SR requirements, the time for the DG to reach steady state operation, unless the modified DG start method is employed, is periodically monitored and is evaluated to identify degradation of governor and voltage regulator performance.

l SR 3.8.1.7 is modified by Note 2 which acknowledge that I credit may be taken for unplanned events that satisfy this l SR.

(continued)

SAN ON0FRE--UNIT 3 B 3.8-15 m

E l

AC Sources-Operating i j

B 3.8.1 BASES SURVEILLANCE. SR 3.8.1.2 and SR 3.8.1.7 (continued)

REQUIREMENTS The normal 31 day Frequency for SR 3.8.1.2 (see ,

Table 3.8.1-1, " Diesel Generator Test Schedule," in the !

accompanying LC0) and the 184 day Frequency for SR 3.8.1.7 are consistent with Regulatory Guide 1.9 (Ref. 3). These frequencies provide adequate assurance of DG OPERABILITY, l while minimizing degradation resulting from testing.

SR 3.8.1.3 i i

This Surveillance verifies that the DGs are capable of )

synchronizing with the offsite electrical system and 1 accepting loads greater than or equal to the equivalent of the maximum expected accident loads listed in Reference 2.

This capability is verified by performing a load test between 90 to 100% of rated load, for an interval of not 4 less than 60 minutes, consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source.

Although no power factor requirenients are established by this SR, the surveillance is perfoni,cd with DG kVAR output that offsite power system conditions without exceeding equipment ratingsi.e., (pennit during without testing creating an overvoltage condition on the ESF buses, over excitation condition on the ESF. buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:

a. kVAR is 2 3000 and s 3200 or

b. the excitation current is a 3.8 A and s 4.0 A or

c. the ESF bus voltage is 2 4530 V and s 4550 V or

d. DG feeder current is 2 730 A and s 750 A This method of establishing kVAR loading ensures that, in additiontoverifyingtheloadcarryingcapability(kW)of i the diesel engine, the reactive power (kVAR) and voltage (continued)

SAN ONOFRE--UNIT 3 B 3.8-16 I

I

AC Sources-Operating ,

B 3.8.1 l

l BASES l

SURVEILLANCE SR 3.8.1.3 (continued)

REQUIREMENTS i regulation capability of the generator is verified to the j extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).

The normal 31 day Frequency for this Surveillance l (Table 3.8.1-1) is consistent with Regulatory Guide 1.9 l (Ref. 3). )

This SR is modified by four Notes. Note 1 indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized. Note 2 states that momentary DG load transients l do not invalidate this test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations. Note 4 stipulates that a successful DG start must precede this test to credit

] l satisfactory performance.

SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is at or above the level selected to ensure adeguate fuel oil for a minimum of I hour of DG operation at full load plus 10%. The level is expressed as an equivalent i volume in inches. The 30 inch level includes instrument !

uncertainties and corresponds to the minimum requirement of l 355.1 gallons of fuel oil, i The 31 day Frequency is adequate to assure that a sufficient j supply of fuel oil is available, since low level alarms are provided and unit operators would be aware of any large uses of fuel oil during this period.

SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation.. There are numerous microorganisms that can !

grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks once every 31 days eliminates the necessary environment for microbial survival in the day tanks. This is the most effective means of controlling (continued)

SAN ON0FRE--UNIT 3 8 3.8-17

AC Sources-Operating i B 3.8.1 BASES SURVEILLANCE SR -3.8.1.5 (continued)

REQUIREMENTS microbiological fouling. In addition, it eliminates the potential. for water entrainment in the fuel oil during DG operation. Water may come from any of several sources, including condensation, ground water, rain water, l

contaminated fuel oil, and from breakdown of the fuel oil by microorganisms. Frequent checking for and removal of i

accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system.

The Guide Surveillance 1.137 (Ref. Freq)uencies 10 . This SR isare forestablished preventive by Regulatory maintenance. The presence of' water does not necessarily represent failure of this SR provided the accumulated water

!- is removed during the performance of this Surveillance.

SR 3.8.1.6 This Surveillance demonstrates that for each OPERABLE DG at least one fuel oil transfer pump operates and transfers fuel l oil from its associated storage tank to its associated day tank. This is required to support continuous operation of the standby power source. This Surveillance provides assurance that at least one fuel oil transfer pum) is OPERABLE, the fuel oil piping system is intact, tle fuel delivery piping is not obstructed, and the controls and l control systems for the fuel transfer system are OPERABLE. l l The ~ design of the fuel transfer system is such that one pump will operate automatically, while the other pump can be started manually. Either pump will maintain an adequate volume of fuel oil in the day tank. In such a case, a 31 ' day Frequency is appropriate.

SR 3.8.1.7 See.SR 3.8.1.2.

SR 3.8.1.8 Verification of the capability to transfer each 4.16 kV ESF bus power supply from the normal preferred power source (offsite circuit) to each required alternate preferred power L

source (offsite circuit), via the train-aligned 4.16 kV L

(continued)

SAN ON0FRE--UNIT 3 B 3.8-18 t

i

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.8 (continued) l REQUIREMENTS crosstie between Unit 2 and Unit 3, demonstrates the OPERABILITY of the alternate preferred power distribution network to power the post-accident and shutdown loads. For 2A04 the normal offsite power source is 2XR1, and the alternate offsite power source is 3XR1 or 3XU1. For 2A06 the normal offsite power source is 2XR2, and the alternate offsite power source is 3XR2 or 3XU1. A required alternate offsite power source is the source that is credited as the alternate source of offsite power in LC0 3.8.1. Therefore, the alignment of the ESF buses in Unit 3 determines which alternate offsite circuit is the required circuit at any point in time.

For each 4.16 kV ESF bus (2A04 or 2A06) this surveillance requirement may be satisfied by performing both a manual transfer and an auto-transfer from the normal offsite power source to at least one of the alternate offsite power sources. The tested source may then be credited as the required alternate offsite power source per LC0 3.8.1. This surveillance may be satisfied for the remaining power source by performing a circuit functional test in addition to the transfer test above. This functional test shall be performed such that all components that are required to function for a successful manual or auto-transfer that were not included in the transfer tests above, are tested. This testing may include any series of sequential, overlapping, or total steps so that the entire manual and auto-transfer capability of the source is verified. This is explained in a note to this SR.

The 24 month Frequency of the Surveillance is based on engineering judgment, taking into consideration the unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency.

Therefore, the Frequency was concluded to be acceptable from a reliability standpoint.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

(continued) i SAN ON0FRE--UNIT 3 8 3.8-19

I 1

AC Sources-0perating B 3.8.1 ;

BASES SURVEILLANCE SR 3.8.1.9 REQUIREMENTS (continued) Each DG is provided with an engine overspeed trip to prevent i damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single poit-accident load without exceeding l predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the largest single post-accident load for each DG is the Auxiliary Feedwater pump which has a nameplate rating of 800 HP. As required by IEEE-308 (Ref.13), the load rejection test is acceptable if the DG frequency does not exceed 66.75 Hz, which is 75% of the difference between synchronous speed (60 Hz) and the overspeed trip setpoint (69Hz).

The time, voltage, and frequency tolerances specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequencing and load rejection. The 4 seconds specified is equal to 80% of the 5 second load sequence interval associated with sequencing of the largest load. Since SONGS specific analyses demonstrate the acceptability of overlapping load groups (i.e., adjacent load groups that start at the same time due to load sequence timer tolerance), the use of 80% of load sequence interval for voltage recovery is consistent with the requirements of Regulatory Guide 1.9 (Ref. 3). The voltage and frequency specified are consistent with the design range of the equipment powered by the DG, SR 3.8.1.9.a corresponds to the maximum frequency excursion, while SR 3.8.1.9.b and SR 3.8.1.9.c are steady state voltage and frequency values to which the system must recover following load rejection. The 24 month Frequency is {

consistent with the recommendation of Regulatory Guide 1.9 j (Ref. 3).

In order to ensure that the DG is tested under load conditions that are as close to design basis conditions as possible, testing is performed by rejecting an inductive load with kW and kVAR greater than or equal to the single largest post-accident load (683 kW, 369 kVAR). These test conditions are consistent with the power factor requirements of Regulatory Guide 1.9 (Ref. 3) and the i' recommendations of Information Notice 91-13 (Ref. 16).

(continued)

SAN ON0FRE--UNIT 3 B 3.8-20

)

i AC Sources-Operating B 3.8.1 i

BASES SURVEILLANCE SR 3.8.1.9 (continued)

REQUIREMENTS This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.10 This Surveillance demonstrates the DG capability to reject a load equal. to 90% to 100% of its continuous rating without l overspeed tripping or exceeding the predetermined voltage limits. The lower load limit of 4450 kW is 94.7% of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading and includes instrument uncertainty plus margin. Instrument uncertainty is not applied to the upper load limit.

The DG full load rejection may occur because of a system fault, inadvertent breaker tripping or a SIAS received during surveillance testing. This Surveillance ensures proper engine and generator load response under the simulated test conditions. This test simulates the loss of the total connected load that the DG experiences following a full load rejection and verifies that the DG will not trip upon loss of the load. The voltage transient limit of 5450 V is 125% of rated voltage (4360 V). These acceptance criteria provide DG damage protection. While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG is not degraded for future application (e.g., reconnection l to the bus if the trip initiator can be corrected or isolated). These loads and limits are consistent with l Regulatory Guide 1.9 (Ref. 3).

The DG is tested under inductive load conditions that are as close to design basis conditions as possible. Testing is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment ratings are not exceeded, when the DG kVAR output is increased such that:

a. kVAR is 2 3000 and s 3200 or i

b. the excitation current is a 3.8 A and s 4.0 A or (continued)

SAN ON0FRE--UNIT 3 8 3.8-21

p AC Sources-Operating B 3.8.1

-BASES SURVEILLANCE SR 3.8.1.10 (continued)

REQUIREMENTS

c. the ESF bus voltage is > 4530 V and s 4550 V or

d. DG feeder current is 2 730 A and s 750 A This method of establishing kVAR loading ensures that, in addition to verifying the full load rejection capability (kW) of the diesel engine, the reactive power rejection capability (kVAR) of the generator is verified to the extent practicable, consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref. 16).

The 24 month Frequency is consistent with the recommendation of Regulatory Guide 1.9 (Ref. 3) and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.11 As required by Regulatory Guide 1.9 (Ref. 3), this Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source.

Inis test verifies all actions encountered from the loss of offsite power, including shedding of selected loads and energization of the permanently connected loads from the DG.

The permanently connected loads are the Class 1E 480 V Loadcenters and MCCs. It is recognized that certain consequential loads may also start following a loss of offsite power and therefore it is im)ortant to demonstrate that the DG operates properly with t1ese loads. The consequential loads are sequenced on the DG following a LOVS with the same time delays as for a LOVS with a SIAS.

Therefore, the ability of the DG to operate with the consequential loads is appropriately demonstrated by the existing Surveillance Requirement simulating a loss of offsite power in combination with a. SIAS (Surveillance Requirement 3.8.1.19). Since there are no auto-connected shutdown loads, the Regulatory Guide 1.9 (Ref. 3) requirements for sequencing of auto-connected shutdown loads do not apply (Ref. 17). This surveillance further demonstrates the capability of the DG to automatically achieve the required voltage and frequency, to close the DG output breaker and connect to the ESF bus, and to reset the 4.16 kV bus undervoltage relay logic within the specified time.

(continued)

SAN ON0FRE--UNIT 3 B 3.8-22

=.

AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.11 (continued)

REQUIREMENTS )

The DG auto-start and undervoltage relay logic reset time of l 10 seconds is derived from requirements of the accident i analysis to respond to a design basis large break LOCA. The frequency should be restored to within the specified range following energization of the permanently connected loads.

The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability has been achieved.

The requirement to verify the connection and power supply of l permanent loads is intended to satisfactorily show the l relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation. For instance, Emergency Core Cooling Systems (ECCS) injection valves are not desired to be stroked open, high pressure injection systems are not capable of being operated at full flow, or shutdown cooling (SDC) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation.

In lieu of actual demonstration of shedding, connection, and loading of loads, overlap testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overla) ping, or total steps so that the entire sequence of load sledding and reenergization of permanently connected loads is verified.

The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into '

consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

L This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations. Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.

(continued)

SAN ON0FRE--UNIT 3 B 3.8-23 L.

I AC Sources-0perating !

B 3.8.1

-BASES SURVEILLANCE SR 3.8.1.12 REQUIREMENTS (continued) the DG This Surveillance automatically startsdemonstrates thatrequired and achieves the after a SIAS,ltage vo and l frequency within the specified time and operates for

r 5 minutes. The 9.4 second start requirement ensures that the DG meets the design basis LOCA analysis assumption, that the DG starts accelerates to within the specified frequency andvoltagelImits,connectstothe4.16kVESFbus,and resets the ESF bus undervoltage relay logic within 10 seconds of a SIAS. The 5 minute period provides sufficient time to demonstrate stability.

In addition to the SR requirements, the time for the DG to reach steady state operation unless the modified DG start method is employed isperiodicallymonitoredandis evaluatedtoidentIfydegradationofgovernorandvoltage regulator performance.

The Frequency of 24 months is consistent with Regulatory Guide 1.9 (Ref. 3), takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with the expected fuel cycle lengths. Operating experience has shown that these components usually pass the SR when performed at the 24 month Frequency. Therefore the Frequency was concluded to be acceptable from a reliabiiity standpoint.

This SR is modified by two Notes. The reason for Note 1 is ;

to minimize wear and tear on the DGs during testing. For I the purpose of this testing, the DGs must be started from i standby conditions that is with the engine coolant and oil i continuouslycirculatedand,temperaturemaintained I consistent with manufacturer recommendations. Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.13 This Surveillance demonstrates that DG noncritical protective functions (e.g., high Jacket water temperature) are bypassed on a SIAS in accordance with Regulatory Guide 1.9 (Ref. 3 . The critical protective functions overspeed, g)enerator differential current, and low (engine

-low lube oilpressure)t,arenotbypassed.,

to the DG uni which Thetripnoncritical the DG totrips avertare substantial dam bypassed during DBAs and provide an alarm on an abnormal engine condition. This alarm provides the operator with sufficient time to react appropriately to prevent damage to the DG. The DG availability to mitigate the DBA is more critical than protecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG.

(continued)

SAN ONOFRE--UNIT 3 B 3.8-24

AC Sources-Operating B 3.8.1 BASES l SURVEILLANCE SR 3.8.1.13 (continued)

REQUIREMENTS Testing to satisfy this surveillance requirement may include any series of sequential, overlap)ing, or total steps so that the entire noncritical trip )ypass function is verified.

The 24 month Frequency is based on engineering judgment, taking into consideration unit conditions required to perform the Surveillance, and is incended to be consistent with ex)ected fuel cycle lengths. Operating experience has shown t1at these components usually pass the SR when performed at the 24 month Frequency. Therefore, the Frequency was concluded '

to be acceptable from a reliability standpoint.

The SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR. .

l SR 3.8.1.14 Regulatory Guide 1.9 (Ref. 3), requires demonstration once per refueling outage that the DGs can start and run !

continuously at full load capability for an interval of not i less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , a 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months of which is at load-equivalent to 105% to 110% of the continuous duty rating and the remainder of the time at a load equivalent to 90% to 100% of the continuous duty rating of the DG. For the 22 hour2.546296e-4 days 0.00611 hours 3.637566e-5 weeks 8.371e-6 months duration, the lower load limit of 4450 kW is 94.7', of the DG continuous rating (4700 kW). The 94.7% limit is based on design basis loading 'and includes instrument uncertainty 21us margin. Instrument uncertainty is not applied to tie 100%,105% or 110% load limits.

This test is performed with the DG connected to the offsite !

)ower supply. In this alignment DG frequency is controlled !

)y the offsite power supply, and the operator has minimal control over DG output voltage. Therefore, specific DG requirements as recommended by voltage Regulatoryand frequency Guide 1.9 (Ref. 3) do not apply.

The DG starts for this Surveillance can be performed either from standby or hot conditions. The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual loading, discussed in SR 3.8.1.3, are applicable to this SR.

(continued)

SAN ONOFRE--UNIT 3 B 3.8-25

AC Sources-Operating B 3.8.1 BASES I

SURVEILLANCE SR 3.8.1.14 (continued)

REQUIREMENTS i The DG is tested under inductive load conditions that are as l

close to design conditions as possible. Testing is performed with DG kVAR output that offsite power system conditions permit during testing without exceeding equipment ratings (i.e., without creating an overvoltage condition on i the ESF buses, over excitation condition in the generator, or overloading the DG main feeder). The kVAR loading requirement during this test is met, and the equipment {

ratings are not exceeded, when the DG kVAR output is increased such that:

a. kVAR is 2 3000 and s 3200 or

b. the excitation current is 2 3.8 A and s 4.0 A or l c. the ESF bus voltage is > 4530 V and s 4550 V or

d. DG feeder current is 2 730 A and s 750 A l

This method addition of establishing to verifying the loadkVAR loading carrying ensures capability (kW that,)in of the diesel engine, the reactive power (kVAR) and voltage regulation capability of the generator is verified to the i extent practicable, consistent with the recommendations of l Regulatory Guide 1.9 (Ref. 3) and Information Notice 91-13 (Ref.16). ,

The kW load band in the SR is provided to avoid routine overloading of the DG. Routine overloading may result in more frecuent teardown inspections in accordance with vendor recommenc ations in order to maintain DG OPERABILITY.

l The 24 month Frequency is consistent with the I recommendations of Regulatory Guide 1.9, (Ref. 3), takes I into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This Surveillance is modified by two Notes. Note 1 states that momentary DG load transients do not invalidate this l test. Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage l and frequency within 9.4 seconds. The 9.4 second time is l l

(continued)

SAN ON0FRE--UNIT 3 B 3.8-26

r 1 AC Sources-Operating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.15 (continued)

REQUIREMENTS derived from the requirements of the accident analysis to ,

respond to a design basis large break LOCA. The LOCA '

analysis assumes that the DG starts, accelerates to within the specified fre 4.16 kV ESF bus,and quency and resets thevoltage ESF buslimits, connects relay undervoltage to the logic within 10 seconds of a SIAS.

In addition to the SR requirements, the time for the DG to unless the modified DG start reach steady method state operation,ically is employed 1s period monitored and is evaluated to identify degradation of governor and voltage regulator performance.

The 24 month Frequency is consistent with the and'is !

recommendations of Regulatory intended to be consistent Guide 1.9 with expected fuel(Ref.

cyc 3)le lengths.

This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY. The requirement that the diesel has operated for at least 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months at full load conditions prior to performance of this Surveillance is based on manufacturer recommendations for achieving hot conditions. Momentary DG load transients do not invalidate l this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing.

SR 3.8.1.16 As required by Regulatory Guide 1.9 (Ref. 3), this Surveillance ensures manual synchronization and load l transfer from the DG to the offsite source can be made and that the DG can be returned to ready to load operation when offsite power is restored. Ready to load operation is defined as the DG running within the specified frequency and voltage limits, with the DG output breaker open. If this test is performed with a SIAS present, the load transfer occurs when the offsite power breaker is manually closed and the SIAS causes the DG output breaker to open. IfthIs test is perfonned without a SIAS present, the load transfer occurs when the offsite power breaker is manually closed, and the DG output breaker is manually opened. By design, the LOVS/SDVS/DGVSS logic will have been previously reset thus allowing the DG to reload if a subsequent loss of offsite power or degraded voltage condition occurs. The re LOVS/SDVS/DGVSS signal will strip the bussequence and permittimers, close the (continued)

SAN ONOFRE--UNIT 3 8 3.8-27

AC Sources-0perating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.16 (continued)

REQUIREMENTS resequencing of the ESF loads if an ESF actuation signal is present.

The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.17 For this Surveillance, the DG is in test mode when it is running, connected to its bus, and in parallel with offsite power. Demonstration of the test mode override ensures that:

1) the DG availability under accident conditions will not be compromised as the result of testing with the DG connected to its bus in parallel with offsite power, and

2) the DG will automatically return to ready to load operation, if a SIAS is received during operation in the test mode.

Ready to load operation is defined as the DG running within the specified frequency and voltage limits, with the DG output breaker open. These 3rovisions are required by IEEE-308 (Ref. 13), paragrapi 6.2.6(2) and Regulatory Guide 1.9 (Ref. 3).

The intent in the requirement to automatically energize the emergency loads with offsite power associated with SR 3.8.1.17.b is to show that the emergency loading was not affected by DG operation in the test mode in parallel with offsite power. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the emergency loads to perform these functions is acceptable. This testing may include any series of sequential overlapping, or total steps so that the entire connection and loading sequence is verified.

(continued)

SAN ONOFRE--UNIT 3 B 3.8-28

AC Sources-Operating B 3.8.1

' BASES SURVEILLANCE SR 3.8.1.'17 (continued)

REQUIREMENTS The 24 month Frequency is consistent with the recommendations of Regulatory Guide 1.9 (Ref. 3), takes into

. consideration unit conditions required to perform the Surveillance, and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.18 As. required by(Regulatory Guide 1.108 (Ref. 9), paragraph 2.a. 2), eac operation for the DBA loading sequence to ensure that voltage and frequency are maintained within the required limits. Under accident conditions, prior to connecting the DGs to their respective buses, all loads are shed except load center feeders and those motor control centers that power Class 1E loads (referred to as " permanently connected" loads). Upon reaching 90%-of rated voltage and frequency, the DGs are then connected to their res)ective buses. Loads are then sequentially connected to the )us by the programmed time interval load sequence. The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents. The 10% load sequence start time tolerance ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF ecuipment time delays are not violated. Reference 2 provices a summary of the automatic loading of ESF buses.

For the Containment Emergency Cooling Units only, the sequenced time is the actual start time of the Component Cooling Water pumps plus 5 *0.5 seconds. The tolerance is based on a design interval of 5 seconds.

The Frequency of 24 months is consistent with the recommendations of Regulatory Guide 1.108 (Ref. 9),

paragraph 2.a.(2); ta'ces into consideration unit conditions required to perform the Surveillance; and is intended to be consistent with expected fuel cycle lengths.

This SR is modified by a Note which acknowledges that credit may be taken for unplanned events that satisfy this SR.

(continued)

-SAN ONOFRE--UNIT 3 8 3.8-29

AC Sources-0perating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.19 REQUIREMENTS (continued) In the event of a DBA coincident with a loss of offsite

)ower, the DGs are required to supply the necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.

This Surveillance demonstrates the DG operation, as discussed simulated loss in the of Bases offsite for SR signal power 3.8.1.11,(during an actual or LOVS/DGVSS/SDVS) in conjunction with actual or simulated ESF actuation signals (SIAS, CCAS, CSAS, EFAS-1, and EFAS-2). Multiple ESF actuation signals are initiated to simulate worst case DG load sequencing conditions.

~

In lieu of actual demonstration of shedding, connection, and l loading of loads, testing that adequately shows the capability of the DG system to perform these functions is acceptable. This testing may include any series of sequential, overlapping, or total steps so that the entire load shedding, connection, and loading sequence is verified. l The Frequency of 24 months takes into consideration unit conditions required to perform the Surveillance and is intended to be consistent with an expected fuel cycle length of 24 months.

This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations for DGs.

Note 2 acknowledges that credit may be taken for unplanned events that satisfy this SR.

SR 3.8.1.20 This Surveillance demonstrates that the DG starting independence has not been compromised. Surveillance l demonstrates that each engine can achieve proper speed within the specified time when the DGs are started simultaneously.

The 10 year Frequency is consistent with the recommendations ofRegulatoryGuide1.108(Ref.9), paragraph 2.b, Regulatory Guide 1.137 (Ref.10), paragraph C.2.f, and Regulatory Guide 1.9 (Ref. 3).

(continued)

SAN ON0FRE--UNIT 3 B 3.8-29a l

AC Sources-0perating B 3.8.1 BASES SURVEILLANCE SR 3.8.1.20 (continued)

REQUIREMENTS This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated, and temperature maintained consistent with manufacturer recommendations.

Diesel Generator Test Schedule The DG test schedule (Table 3.8.1-1) implements the recommendations of Revision 3 to Regulatory Guide 1.9 (Ref. 3). The purpose of this test schedule is to provide timely test data to establish a confidence level associated with the goal to maintain DG reliability above 0.95 per demand.

According to Regulatory Guide 1.9, Revision 3 (Ref. 3), each DG unit should be tested at least once every 31 days.

According to Draft Regulatory Guide DG-1021 (Ref.14) and 10 CFR 50.63(a)(3)(ii) (Ref. 15), whenever a DG has experienced 4 or more valid failures in the last 25 valid tests, the maximum time between tests is reduced to 7 days.

Four failures in 25 valid tests is a failure rate of 0.16, or the threshold of acceptable DG performance, and hence may be an early indication of the degradation of DG reliability.

When considered in the light of a long history of tests, 4 failures in the last 25 valid tests may only be a l statistically probable distribution of random events.

Increasing the test Frequency will allow for a more timely !

accumulation of additional test data upon which to base judgment of the reliability of the DG. The increased test Frequency must be maintained until seven consecutive, failure free tests have been performed.

The Frequency for accelerated testing is 7 days, but no less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . Therefore, the interval between tests should be no less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , and no more than 7 days. A successful test at an interval of less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months should be considered an invalid test and not count towards the seven consecutive failure free starts. A test interval in excess of 7 days constitutes a failure to meet the Srs.

(continued)

SAN ONOFRE--UNIT 3 8 3.8-29b

AC Sources-0perating B 3.8.1 BASES REFERENCES 1. 10 CFR 50, Appendix A, GDC 17.

2. UFSAR, Chapter 8.

3. Regulatory Guide 1.9, Rev. 3.

4. UFSAR, Chapter 6.

5. UFSAR, Chapter 15.

6. Regulatory Guide 1.93, Rev. O.

7. Generic Letter 84-15.

8. 10 CFR 50, Appendix A, GDC 18.

9. Regulatory Guide 1.108, Rev.1,

10. Regulatory Guide 1.137, Rev. 1.

11. ANSI C84.1-1982.

12. ASME, Boiler and Pressure Vessel Code,Section XI.

13. IEEE Standard 308-1978.

14. Draft Regulatory Guide DG-1021, April 1992.

15. 10 CFR 50.63(a)(3)(ii) as published in Federal Register Vol. 57, No. 77 page 14517, April 21,1992.

16. Information Notice 91-13. " INADEQUATE TESTING 0F EMERGENCY DIESEL GENERATORS (EGDs)".

17. Letter from SCE to the NRC dated May 5,1995, subject Docket Nos. 50-361 and 50-362, Diesel Generator Loading San Onofre Nuclear Generating Station Units 2 and 3.

SAN ON0FRE--UNIT 3 B 3.8-29c

ML20210P630

Text

Navigation menu

Search