ML20213E612
| ML20213E612 | |
| Person / Time | |
|---|---|
| Site: | Columbia  |
| Issue date: | 10/03/1983 |
| From: | Houston R Office of Nuclear Reactor Regulation |
| To: | Novak T Office of Nuclear Reactor Regulation |
| References | |
| CON-WNP-0657, CON-WNP-657 IEB-79-27, NUDOCS 8310130354 | |
| Download: ML20213E612 (7) | |
Text
-
s
~
[b-c// Y YE 0
c OCT 0 31983 lEtiORAt:00?1 FOR: Thomas M. f!ovak, Assistant Director for Licensing
~
bivision of Licensing s
FROM:
R. Wayne Houston, Assistant Director for Reactor Safety Division of Systems Integration f'
SUBJECT:
WilP-2 REQUEST FOR ADDITI0tlAL I!!FORitATION C0!!CERillf;G OPE!! ITEli 13 (C0tlTROL SYSTEfiS FAILURES)
Plant flame: W!iP-2 Docket ?!o.:
50-397 Licensing Status:
OL Responsible Branch:
LB 12 ProjectItanager:
R. Auluck Review Branch:
ICSB Reyied Status:
Incomplete The Instrumentation and Control Systems Branch _(ICSB) has reviewed the information provided by the applicant (Uashingtoq Public Power Supply System) regarding Outstanding Issue 013 " Control Systens Failures." This information (provided in letter,G02-83-574 dated June 24,1983) addresses control systems failures resulting from high energy line breaks and power source and sensor (including sensor icpulse lines) failures.
In addition, this letter addresses concerns expressed in IE Bulletin 79-27 regarding the capability to achieve cold snutdown following the loss of any Class 1E or non-Class 1E instrumntation and controls power bus.
Rased on our review of the applicant's submittal, ye have detemined that additional. in. formation is required in order to complete our review. The required infomation is identified in thes. enclosure to this memorandum.
!!e request that this he forwarded to the applicant.
The response should he subnitted for staff review.
t
-]
OriginalCigned By
~. -
b/
H. Wayne fla !stca 7k 0hohhh7 b
R. Wayne Houston, Assistant Director i
M for Reactor Safety s
Division of Systems Integration Enclosura:
DISTRIBUTIGit:
As Stated s Docket File ICSS R/F cc:
R. J. i'attson R. Kendall (PF)
A. Schwencer AD/RS Rda.
- 9. ?!. :'orri son F. Rosa '
O. Basdekas C. E. Rossi R. Auluck b!flP-2 S/F T A.- Smkiewi cz-
~L
.! R... Ca p ra..
LICSD/DSI.g I C 40S
, ICSB/.DSI.
.ADRS/
~ ' "
'Rif! r)/ on
- ~
- n. RKendall vp-..CERoss FRosa.
.bontac ll, ICSB ; / ;
/83 + y 4'p/83 '
-/83
-] n/ E /83---
pnda occ>
1 29461--
/
/
' 3 b c m,m ' m Nam w OFF!CI AL CECORD C#F#'I
OCT 0 3 E83 WNP-2 REQUEST FOR ADDITIONAL INFORMATION CONCERNING OPEN ITEM #13 (CONTROL SYSTEMS FAILURES) 1.
It appears that control room indicators were not included in the devices listed in Appendix B.
Verify that as part of your review, it was determined that sufficient control room indication exists to allow the operator (s) to determine the status of the plant while going to cold shutdown following the loss of each Class 1E and non-Class 1E bus.
2.
It is indicated in Sections 2.9 and 2.10 that if an alter-nate shutdown path is required, then existing procedures should be modified or new procedures developed to provide the operator with the appropriate actions to be taken iollowing a bus loss.
Verify that the modified and/or new procedures will be in place prior to fuel load.
3.
It is necessary when a bus loss affecting the normal shutdown path occurs, that the control room operator (s) be alerted to this fact.
Appendix A identifies some bus losses requiring l
shutdown via an alternate path for which the only indication of bus. failure'is the loss of position indication lamps for certain devices (power buses PP-18-A and PP-7A-C are two examples).
The staff does not consider the loss of position indication lamps to be a positive indication of a power bus
~
fallure affecting the capability to achieve a normal reactor - -
shutdown.
All buses relied on to achieve a normal shutdown l
l
I should be alarmed in the control room.
Provide a commitment to implement loss of power alarms for all buses whose failure adversely affects the capability to shutdown via normal procedures that are not presently alarmed.
4.
Verify that IE Circular No. 79-02 " Failure of 120 Volt Vital.
AC Powe r Supplies" dated J anuary 11, 1979 was re reviewed to include both Class 1E and non-Class 1E power supply inverters as required for operating reactors via IE Bulletin 79-27
" Loss of Non-Class 1E Instrumentation and Contrcl Power System Bus During Operation" dated November 30, 1979 5.
Regarding Appendix A " Cold Shutdown Power Bus Analysis":
(a)
Why is it necessary to use HPCS (i.e.,
the division II
& TII alternate cooldown path) upon loss of power bus MC-8B?
It appears that the normal shutdown path (i.e.,
main steam, condenser, feedwater, etc.) is still available.
(b)
Breaker trip annunciation and/or 0/L (overload) t rip annunciation is relied on to alert the operator (s) to a loss of power conditon for a number of buses.
It is not clear that this annunciation would always be
__.provided (i.e.,
loss of bus power for other reasons would not result in annunciation).
Justify the adequacy of these alarms.
(c)
Loss of power bus MC-7B requires use of an alternate Low pressure cooldown path following high pressure
~
cooldown using the normal shutdown path.
Note 4 states that since both paths are not required simultaneously, further analysis is not necessary.
Verify that for this and similar cases (i.e.,
all references to note 4) adequate alarms and procedures exist to instruct the operator (s) of the need to use the alternate shutdown path.
6.
Postulated damage to non safety related (control) systems from high energy line breaks (HELBs) was limited to jet impingement and/or pipe whip.
This is not acceptable.
The effects of HEles on control systems should also include environmental effects such as humidity, pressure, tempera-ture, etc.
Provide the results of the analyses of hELBS in the vicinity of non safety related systems which include environmental effects on these' systems.
Describe the meth-odology used to determine which non safety related (c on t ro l) systems are postulated to be affected by the environmental effects of a given HELB.
7.
Ve ri f y that for each HELB event and its consequential control l
systems failures, that redundant safety related systems are l
available (i.e.,
unaffected by the event) to mitigate the effects of the event.
The intent here is to assure that the i
l consequences of the event can be mitigated given a single i
failure within the systems used to mitigate the event.
a 8.
There is no technical basis for excluding events that are not capable of occurring at 100% 'ower from the analysis.
p All operating modes should be considered.
The analysis should be revised accordingly.
9.
Under Item 3 of Section 2.1.3, verify that for ruptured process tubing, the worst case failures of associated instrumentation are assumed (e.g.,
for level 8 trip signsls, assuming these instrument channels are not environmentally qualified, the level 8 signal is assumed to occur or to not occur whichever is worse for the scenario being considered).
- 10. Could a HELB resulting in loss of feedwater heating (see Section 3.1.1) also affect feedwater and turbine generator controls (i.e.,
are controls for these systems located in any of the " environmental zones" where this HEL8 could occur?).
- 11. Verify that no credit was taken in the analysis for non-safety related equipment ( e.g.,
feedwater pump trip on Level 8) to mitigate the effects of HELBs and consequential control systems failures.
- 12. It is assuWed in the analysis that the turbine bypass system functions'following a turbine trip.
Why was a turbine trip i
w i t h o.u t bypass not considered in Section 3.2?
- 13. For HEL8 events it is not necessary to remain above the minimum critical power ratio (MCPR) safety limit.
- However, ve ri fi c a t ion should be provided that the worst case event i
-S-combinations considered are bounded by a small fraction
(<10%) of 10 CFR Part 100 guidelines.
The worst case events may change as a result of the environmental consid-erations discussed in Item 6 above.
14 Provide a list of non safety related (control) systems considerd in your review (i.e.,
those systems described i n Se ct ion 1.2.1 as potentially affecting reactor pressure, water level, critical power ratio, feedwater temperature, and/or the performance of safety grade equipment).
- 15. It appears that this analysis only considers the effects of multiple control systems failures due to the failure of instrument lines (either broken or plugged) and the associated effects on all sensors connected to the line.
Are there any individual sensors (not sharing an instrument line with other sensors) that provide inputs to two or more control systems?
If so, the failure of these sensors should l
l be analyzed to determine if the effects are bounded by the t
+
analysis in Chapter 15 and if they result in an event that requires #ction or response beyond the capability of the operators or safety systems.
I
(
- 16. V eT i fy t h a t for all sensor failures (including multiple failures due to instrument line failures) resulting in l
l 6-l i
i control systems malfunctions requiring protective actions, redundant safety related systems are available (i.e.,
unaffected by the failures) to mitigate the effects of the event.
The intent here is to assure that the effects of the event can be mitigated given a single failure within the systems used to mitigate the event.
17 Clarify the sentence "There were no single effects that mitigate the total failure consequences." in Section 3.4 (Analyze Combined Effects) of the analysis.
O "E
OE*
g g