ML20214V340
| ML20214V340 | |
| Person / Time | |
|---|---|
| Site: | Crystal River  |
| Issue date: | 05/30/1986 |
| From: | SCIENCE APPLICATIONS INTERNATIONAL CORP. (FORMERLY |
| To: | |
| Shared Package | |
| ML20214V330 | List: |
| References | |
| SAIC-86-1098, NUDOCS 8612090642 | |
| Download: ML20214V340 (96) | |
Text
U . .. ,
E
[
[
E CRYSTAL RIVER UNIT 3 EMERGENCY FEEDWATER SYSTEM RELIABILITY ANALYSIS E
E E
[
E E
E E
[
[
[
[
pea oine! 8thajiga
[. - - - - -
!I SAIC-86/1098&CW CRYSTAL RIVER UNIT 3 EMERCENCY FEEDWATER SYSTEM RELIABILITY ANALYSIS I
i May 30, 1986 F
Y I
I Prepared for ,
l Florida Power Corporation !
I i
\
- I l
Prepared by Science Applications International Corporation l 400 Franklin Road, Suite 200 Marietta, Georgia 30067 I
I 1 TABLE OF CONTENTS Section id Title Page No.
LIST OF TABLES AND LIST OF FIGURES iii
,Q l.0 INTRODUCTION 1-1
1.1 Purpose and Scope
1-1 1.2 Background 1-2 1.3 Report Organization 1-4 2.0
SUMMARY
2-1 3.0 EMERGENCY FEEDWATER SYSTEM DESCRIPTION 3-1 3.1 System Function 3-1 3.2 System Design 3-1 3.3 System Operation 3-4 3.4 Interfaces with other Plant Systems 3-6 4.0 METHOD OF ANALYSIS 4-1 4.1 General Approach 4-1 4.2 System Success Criteria and Modeling Assumptions 4-2 4.3 System Fault Tree Model 4-4 4.4 Failure Data 4-4 T 5.0 EMERGENCY FEEDWATER SYSTEM RELIABILITY RESULTS 5-1 5.1 System Analysis Results 5-1 5.2 Comparisons to Earlier Brookhaven National Laboratory Study 5-5 5.3 Contribution of Emergency Feedwater to Overall Core Melt Risk 5-7 5.4 Conclusions 5-9 REFERENCES R-1 APPENDIX A--EMERGENCY FEEDWATER SYSTEM FAULT TREE A-1 f
Y ii
?
LIST OF TABLES Table N.. Title Page N..
2-1
SUMMARY
OF RESULTS 2-2
' 4-5 4-1 EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS 5-1 EMERGENCY FEEDWATER SYSTEM UNAVAIIABILITY GIVEN THE
- OCCURRENCE OF THE INITIATING EVENT 5-1 I
i i
i L1ST 0 , ,I _
i ,1 - .
N.. ,.. .... N..
3-1 EMERGENCY FEEDWATER SYSTEM CONFIGURATION 3-3 32 EMERGENCY FEEDWATER INITIATION AND CONTROL (EFIC)
= OVERALL ORGANIZATION 3-5 i
i i
li i iii I .
,y _ , , _
--_..____,,._-.y
. , , . _ - .g_ _ . , - . , _ _ , , _ _ _ _ . _ _ _ ..%. y,_,,, , __., , , ,,_,,,,.-_._, -_ , .,- - ,.- _.-,-_ -_
I I
1.0 INTRODUCTION
l
1.1 Purpose and Scope
This report documents results of a study of the Emergency Feedwater System (EW) of the Crystal River Unit 3 (CR-3) nuclear power plant. The objective of this study was to assess the reliability of the EW system in performing E.B its function to provide post-trip reactor decay heat removal, if the primary means for decay heat removal, the main feedwater system, should be unavailable.
The study consisted of examining the EW system from two perspectives. The W first was an evaluation of the EW system, by itself, given an initiating event c.reating a demand for EW. Three initiating events were' considered:
a loss of main feedwater with off-site and on-site ac power sources availa-ble, a loss of off-site ac power sources with on-site emergency ac power available (although perhaps degraded), and a loss of all off-site and on-site ac power sources. This perspective did not consider the performance of other plant equipment in mitigating the effects of the assumed initiating events, nor did it consider the relative frequencies of the initiating s events. The analysis was performed using a fault tree developed specifically for the CR-3 EW system.
The end result of this part of the study is the probability of EW system success or failure for each of the three assumed initiating events. This result may be used, in a limited sense, to identify potential measures to enhance the EW rystem reliability. The result cannot be used, however, to judge alternative, and perhaps more significant, measures to enhance the performance of other plant systems and equipment. The result also cannot be I used to evaluate the effect of EW system enhancements from a standpoint of overall plant safety, and therefore cannot be incorporated into a cost /
benefit evaluation.
The second perspective examined in this study addressed the EW system as an integral part of the overall plant. This evaluation used results of a 1,evel 1 Probabilistic Risk Assessment (PRA) of CR 3 currently being performed by Florida Power Corporation. This evaluation identified accident sequences
[ leading to core damage, and more specifically those sequences involving 1-1
I I failures of the EW system. This part of the study considered the roles of other plant systems and equipment in responding to potential accident sequences. It also included a much broader spectrum of plant internal initiating events and one external event, loss of off-site ac power.
I The results of this integral plant evaluation include the frequency of core damage events resulting, in part, from failure of post-trip decay heat removal. This result may be used to identify ways to enhance the overall plant response to initiating events and to quantify the effects of measures to reduce the frequency of the initiating events themselves, e.g., measures I to enhance main feedwater reliability resulting in fewer challenges to the EW system. This perspective thus yields a more realistic basis for judging costs and benefits of various proposed plant enhancements.
1.2 Background
Following the accident at the Three Mile Island Unit 2 nuclear power plant, the Nuclear Regulatory Commission (NRC) and the utilities operating nuclear power plants evaluated the reliability of pressurized water reactor emergency feedwater systems in performing their intended safety function:
I the removal of reactor decay heat following reactor trip. The NRC performed scoping evaluations of the reliability of EW systems of Westinghouse and Combustion Engineering plants. These studies were reported in NUREG-0611 (Reference 1) and NUREG-0635 (Reference 2), respectively. These analyses were performed using a simplified fault tree methodology and generic data, taken largely from the 1975 Reactor Safety Study, WASH-1400 (Reference 3).
The owners and operators of Babcock and Wilcox plants performed their own I plant-specific reliability evaluations. These were reviewed by brookhaven National Laboratory (BNL) under contract to the NRC. In performing their review, BNL used the NRC simplified analysis methodology contained in References 1 and 2 as a benchmark for comparison. Florida Power Corporation submitted its evaluation of the CR-3 EW system reliability (Reference 4) to I the NRC, and the BNL review comments are contained in NUREG/CR-3081 (Reference 5).
I In 1981, the NRC issued Revision 2 to Standard Review Plan (SRP) 10.4.9 (Reference 6) which included a Eoal for EFW unreliability in the range of I 10*4 to 10 5 per demand. The SRP requires that this be based on an analysis 1-2
.I L
[
using methods and data presented in NUREG-0611 and NUREG-0635. The SRP also states that compensating factors, such as other methods of accomplishing the EW safety function, may be considered to justify a larger unavailability of the EW. The SRP is intended to provide guidance to the NRC staff in their review of construction and operating license applications.
Since its original EW reliability study submittal, Florida Power Corporation has incorporated many modifications which enhance the reli-ability and performance of the CR-3 EW system. These include:
o installation of the Emergency Feedwater Initiation and Control (EFIC) system; I o addition of a redundant de powered steam admission valve to the turbine driven EW pump; I
o removal of valve internals from the manual valves in the EW pump suction and recirculation lines (the BNL review cited plugging of these valves as potential common mode failure mechanisms for the system);
I o replacement of EW control valves; o extensive modification of EW piping.
Additional enhancements are planned for the future, e . 5. , installation of a dedicated EW water supply tank, in addition to the existing EFW water sources (the condensate storage tank and the condenser hotwell).
Since its original submittal, Florida Power Corporation has responded to numerous NRC inquiries regarding EW system enhancements and has comL..cted to upgrading its EW system reliability study (Reference 7). This report is I intended to fulfill that commitment. Florida Power Corporation has recently completed a full plant PRA, in part to ascertain the importance of the EW system in mitigating core damage, and to determine the dominant contributors to the risk of core damage at CR-3.
I 13 I
l I l 1.3 Report Organization Results of this study are summarized in Section 2.0 of this report. Section 3.0 provides information on the design and operation of the CR-3 EW system.
Section 4.0 discusses the methods and assumptions which were used in the analysis. Results of the analysis are reported in Section 5.0. The results 3 include the system reliability, a listing of the most significant failures
! contributing to system unavailability, and the contribution of EW related failures to potential core damage sequences. This section also provides a comparison between the methods and assumptions used in this study versus those employed in the NRC studies (References 1, 2 and 5). Appendix A 3 contains the EW system fault trees.
l k
k l
l l-4
's I 2.0
SUMMARY
I This study includes (1) a system-level analysis of emergency feedwater system reliability and (ii) an integral plant analysis of core damage frequency due, in part, to failures associated with loss of emergency feed-water. The system-level analysis was performed using methods comparable to those cited in the NRC Standard Review Plan, Section 10.4.9, Auxiliary (Emergency) Feedwater System. Results of this analysis may be compared to the EW system reliability goal contained in the SRP.
The integral plant analysis used state-of-the-art probabilistic risk assessment techniques and Florida Power Corporation's PRA model for CR-3.
Results of this analysis offer a rational basis for assessing the reli-ability of the EW system in performing its safety function.
Results of the system-level analysis are provided in Table 2-1. This table shows that the present CR-3 EW system has a reliability approaching the reliability goal established by the NRC in its revised Standard Review Plan.
! Since the SRP further allows consideration of other compensating factors l regarding accomplishment of the EW function, the CR-3 EW system is con-i sidered to be acceptable. Compensating factors include: alternative means I for accomplishing the EW safety function (i.e., HPI cooling) and possible measures to reduce the frequency of challenges to EW.
The PRA model incorporates both of these factors and yields a core damage frequency due to EFU failures of 2.3x10~7 per reactor year, compared to a total core melt frequency of 3.8x10 5 per reactor year. This very low frequency offers a more rational basis for judging the overall reliability
~
of the CR-3 E W system. It also provides a more comprehensive framework for I a cost / benefit evaluation to assess alternatives to further enhance the EW system and the Crystal River Unit 3 plant as a whole.
The overall conclusion from this effort is that the CR-3 EFW system is I highly reliable and capable of performing its safety function.
Modifications made to the system during the uast several years have I
2-1 I
I
I I significantly enhanced its reliability. The system incorporates redundancy and diversity in meeting the design criteria cited by the NRC in its Standard Review Plan. The FRA study shows that in a comprehensive analysis of integral plant response, the contribution of EW system f ailurer to overall core damage frequency is small.
I I t TABLE 2-1
SUMMARY
OF RESULTS
\
INITIATING EVENT UNAVAIIABILITY GOAL
- I Loss of Main Feedwater with Off-site and 1.9 x 10 l.0 x 10
On-site AC Power Available 1.2 x 10-3 I Loss of Off-site Power with On-site Emergency AC Power Available Loss of All Off-site and On-site AC Power 1.4 x 10-2 a
I .
- NRC E W System Reliability Goal (Reference SRP 10.4.9)
I
- 2-2 1
I 3.0 EMERGENCY FEEDWATER SYSTEM DESCRIFTION 3.1 System Function The primary purpose of the emergency feedwater system is to backup the main feedwater system in removing post shutdown decay heat from the reactor coolant system via the steam generators. During normal shutdowns the main feedwater flow is throttled down to a level capable of removing decay heat and the EFW system is not used. If the plant shutdown is caused by an interruption of the main feedwater flow, however, the EW is automatically put into operation. Also, if main feedwater is lost subsequent to a reactor trip, the EW will be automatically initiated.
I Included in the analysis of the emergency feedwater system is the emergency EFIC serves several functions, feedwater initiation and control system.
I including:
o automatic initiation of the emergency feedwater system pumps and valves; o control of the emergency feedwater flow rate (secondary side level control);
E o regulation of the secondary side pressure during EW operation;
- o isolation of EFW to a steam generator on overfill of that generator; E o isolation of the affected steam generator (isolation of the main steam and feedwater lines) on low steam generator secondary side I pressure. ,
3.2 System Design The EW configuration analyzed in this study is the planned configuration I
following Refuel VI. This configuration includes the EFIC system (already
.I I 3-1 I
I installed) and a dedicated EFW supply tank (EFT-2) with a minimum water inventory of 150,000 gallons. This tank and its associated piping will be installed during Refuel VI.
The EW system consists of two trains each capable of supplying emergency feedwater to either or both steam generators. Figure 3-1 is a simplified flow diagram of the EW system.
I One train contains a motor-driven pump capable of supplying 740 gpm to the steam generators. The second train contains a turbine-driven pump, also with a capacity of 740 gpm. The turbine-driven pump is powered by high pressure steam provided from either or both steam generators. The turbine-driven pump is self-cooled and the motor-driven pump is cooled with water I from the nuclear services closed cycle cooling system.
There are three primary sources of emergency feedwater: a dedicated EFW storage tank EFT-2, the condensate storage tank also with a capacity of 150,000 gallons, and the condenser hotwell.
There are two EW injection lines, each line providing emergency feedwater to a spray header in one of the steam generators. Each inj ection line may receive EFW from either pump train. Flow is controlled through solenoid valves in each of the four pump discharge crosstie lines. Block valves are also located in these lines so that EW may be isolated from either pump to either steam generator.
The EFIC system consists of four redundant instrument and actuation channels. Each channel receives input signals from individual level and pressure instruments in each steam generator. These sign.als are processed by the EFIC initiation logic. Outputs of the four initiate logic channels 3 are provided to the EFIC trip , logic. The trip logic consists of two trip channels for each EFIC actuation function (e.g., two channels for initiating EW flow). Each trip channel may be actuated by one out-of-two lo81c taken twice, i.e., signals must be received from two of the four initiate channels y in order to actuate the trip. Output of the trip logics energize relays to E actuate EW equipment. The trip logic output also goes to the EFIC vector i
3-2
-M -M -M -M M && MM& M -M M ~M M M -M M FIGURE 3-1 EMERGENCY FEEDWATER SYSTEM CONFIGURATION EFV-24 EFV-35 O]- k
"~'
EFV-6 N+h EFV-7 EFV-14 N EFV-58 NEFV-15N r . OTSG EFV-2 FWV-44 EFV-17 w
w
]L '
EFV-ll EFV-56 A-EFV-23 X EFT-2 16
~
_ EFV-33 EFV-57
) OTSG EFV-5 EFV-18 FWV EFV-4 B f
g EFV-8 EFV-32 EFV-55
!!otwell y, EFP-2 3B EFV-1 1
EFV-36 i
I
l I
logic which processes signals from steam generator level and pressure sensors and the trip signals in order to position EW valves. The overall organization of EFIC is shown in Figure 3-2.
3.3 System operation I The EW system is a standby system. It is normally aligned to provide EW I from the dedicated EW tank, and all block valves and flow control valves are normally aligned open.
The EW pumps may be started manually or automatically with the EFIC system.
Automatic actuation is provided for the following conditions:
o low level in either steam generator; o loss of both main feedwater pumps; I o loss of four reactor coolant pumps; o low pressure in either steam generator (if main feedwater is isolated by this low pressure signal);
I o an engineered safeguards actuation system high pressure inj ection (HPI) actuation signal.
The EFIC system will also provide open signals to the EW control and block valves upon actuation. Subsequently, EFIC will modulate the solenoid valves to control level within specified limits.
The volume of water in the dedicated EW tank is sufficient to provide decay heat removal and cooldown for much longer than the assumed mission tima of eight hours. Low tank level is alarmed in the control room. Switching to I an alternative EW supply, or refilling of the EW tank requires operator action.
I I
I 3..
il L
l1 1l j!11 llllI! ! ll l m
l r
o r
s t e p ns r m
u oe u Cv s r P l s Wa Ge W FV Sr F E TP E k O r nc d e oo l n t
a il tB oa r
u i tw r
t c
sd on no ol A Pa CF r r &
r D
) l B m C rl ol r -
I F
oe t n C re tn
_ E cn B nn
( ea oa A Vh Ch m L O
C A C R
T T =- *=
N O
m C N
D O l N I e B A T pn r A in 2 N Z ra
- O I Th 3 I N C A T A m E A G r R I R -
U T O G I I N L F I L A
r R R E E T V t A O
- W e D j_
D tl E ae l
E i n C F tn B n Y C
N E
i a nh IC l
A G =
R '
m E M
E m t n D e
md C
m u r
t B s
n A p I mr a.
t0 I l
I 3.4 Interfaces with Other Plant Systems The EW system operates independently of the main feedwater system, which provides the primary method for removing reactor decay heat immediately following reactor shutdown. The EW piping and equipment are independent of the main feedwater system, except for cross connect piping which contains valves that are normally closed. The EW system does not share any instru-mentation or control equipment with the main feedwater system. The EFW system does require operation of other plant systems and equipment in performing its function. The following is a list of services provided by I other plant systems:
o ac power for EW pump EFP-1 is provided from ES Bus 3A; o cooling water for EFP-1 is provided by the nuclear services closed cycle cooling system; {
o electric power for the EFIC channels is provided from ac Panels VBDP-8, VBDP-9, VBDP-10 and VBDP-ll; I o de power for the solenoid (control) valves is provided from DPDP-SA and DPDP-5B; o de power for the block valves is provided from DPDP-8C and DPDP-8D; o de power for the pump suction valves to the condenser hotwell is provided from DPDP-3A and DPDP-3B; o dc* power for the turbine steam admission valves is provided from DPDP-8B.
I I'
I I 3-6 o
.I 4.0 METHOD OF ANALYSIS 4.1 General Approach A dual approach was used to assess the reliability of the EFW system in performing its design function; namely, a system-level evaluation and an integral plant evaluation.
The system-level evaluation used a fault tree to determine the reliability
'""*""'7='"**r'"='"5******"7***="" '""*** " " ' " ' " ' -
I Three types of demands were assumed in the analysis: loss of main feedwater 5
with off-site and on-site ac power sources available (LOW events), loss of off-site power with on-site emergency ac power sources at least partially available (LOOP events), loss of all ac power with de power sources avail-E
" " - (' ^ ""*"*')- '"""7"**=-""" * " " " ' ' ' " - " * "''' " "*"
i given for the frequency of each of these categories of EFW challenges.
Also, the EFW system performance for other types of initiatin5 events was not evaluated in this part of the study.
g The results of the system-level evaluation are probabilities for EW system i failure for each category of demand, and a list of the significant con-tributors to EW system unavailability upon demand. The methodology used in this study generally parallels the methodology cited in NUREG-0611 (Reference 1), NUREG-0635 (Reference 2) and the earlier BNL evaluation of the CR-3 EFW system (Reference 5). Some differences do exist between the l
T methodology of this study and the referenced NRC methodology. These differences are discussed further in Section 5.2 of this report. Results of this analysis provide a basis for comparison of system reliability to the NRC's EW system reliability goal contained in Standard Review Plan 10.4.9.
The integral plant evaluation ,of the E W system and the dec'ay heat removal function utilized the Crystal River Unit 3 probabilistic risk assessment recently completed by Florida Power Corporation. This is a Level 1 PRA which uses event trees and fault tree models for a number of plant systems s
(including EW) in considering a broad spectrum of plant internal initiators and loss of off-site power. The PRA model includes core melt sequences resulting from failure of decay heat removal. The main feedwater system, the EW system, and alternative means for decay heat removal (operation of 4-1
I the makeup system in the high pressure coolant inj ection mode with fluid discharge through the pilot operated relief valve) are all considered probabilistically. In addition, the frequency of demands for EW and the availability of required support systems (e.g. , electric power and service water) are also evaluated probabilistically.
Results of the integral plant assessment are the core melt frequency due to failure of decay heat removal and the significance of EFW components and supporting equipment in contributing to core melt sequences While these results cannot be directly compared to an arbitrary EFW system generic I. reliability goal, they provide a much more comprehensive basis for assessing the true safety significance of EW equipment. They also offer a means to identify measures to enhance the decay heat removal function (including potential improvements to the EFW system, the main feedwater system, and other support systems), and to reduce the frequency of challenges to the EW I system (e.g., fewer intetruptf ons of main feedwater flow). This approach also provides the rationale for weighing costs and benefits of various potential plant improvements.
4.2 System Success Criteria and Modeling Assumptions I Success of the EW system for this evaluation is the delivery of full flow from at least one EW pump to at least one steam generator. (Esch EW pump is a full capacity pump capable of removing reactor decay heat following shutdown and providing reactor coolant system depressurization to cold iI shutdown entry conditions.) Following interruption of main feedwater, decay l heat removal must be reestablished within 4 minutes in order to avoid l opening the PORV on high reactor pressure. Failure to reestablish decay heat removal within 30 minutes results in partial core uncovery and I potential fuel damage. These time limits are used in the PFA model. In the system-level analysis, however,, no credit is taken for operator action to initiate EFW or to correct EW system faults which disable EFW on I
I initiation. The effective success criteria for system initiation in this analysis is therefore automatic system actuation on demand.
A criterion for successful operation of the turbine-driven pump is that steam be provided to the turbine at a pressure greater than 200 psia. If I two turbine bypass valves on a steam generator open and fail to reclose, it 4-2
is assumed that the pressure in that generator will fall below this threshold. The same is true if two steam generator safety valves open and fail to reclose.
Successful operation of the motor-driven EW pump requires that ac power be available from ES bus 3A. The availability of this bus is evaluated based on diesel generator reliability and diesel generator maintenance unavaila-bility for loss of off-site power events. For loss of all ac power events, the motor-driven EW pump is by definition assumed te, be unavailable.
Additional assumptions made in performing the system-level fault tree analysis include the following:
o EFW is required for eight hours; alternative EFW water sources (other than EFT-2) are therefore not required, nor are they credited.
o Failure of the EFIC level control function results in an overfill h event which is likely to require operator action to restrict flow E
in the affected flow path (s). The operator may do this by closing the upstream block valve (s), shutting off the EW pump supplying water to the affected flow path (s), or disabling EFIC and taking manual control of EW. Failure to take any action results in EFIC E automatically isolating the affected steam generator. In this case, EFIC automatically reopens the EW block and flow control valves when the steam generator leve) decreases to a lower set-point value. Without operator intervention, the level would then cycle between these two setpoints. While this would be successful m system operation, it was felt that the operators would take action in an attempt to better control the EW flow. Equal probability is assigned to each of the possible successful operator actions.
l However, it is assumed that the operator will not shut off an EW pump if the second pump has already failed. If the second pump u fails af ter the first pump is stopped, credit is taken for the operator restarting the idle pump. (At least 30 minutes is available for this action to be taken.)
4-3 h
o If EFIC fails to isolate the affected steam generator on overfill and if the operator takes no action, water will enter the main steam line and trip the turbine-driven EW pump on overspeed.
I credit is taken for the operator restartin5 the turbine-driven pump if it is tripped on overspeed.
No o Suppert systems, other than. ac power to the motor driven EW pump as discussed above, are not evaluated in the system-level EFW system reliability analysis. This means that the contributions of de power supply faults and faults in the nuclear services closed cycle cooling water system are not included as contributors to EW unavailability. This assumption is consistent with the NRC methodology and is made to provide an analysis comparable in scope to the NRC analyses. In the integral plant evaluation, the failures of all EFW support systers are considered probabilistically.
4.3 System Fault Tree Model The fault tree model used in the EFW system-level reliability study is presented in Appendix A. The fault trees contain modular fault tree events.
These are combinations of statistically independent basic events which have been grouped together into modular events in order to reduce the complexity of the fault tree without sacrificing fault tree detail. The definitions of all modular events are contained in Table 4-1.
4.4 Failure Data Failure data for all fault tree basic events and for all basic events contained in fault tree modular events are shown in Table 4-1. Also shown is the aggregate probabilities for the modular events.
The EFW failure data are the same as those used in the complete plant PRA model. These data were derived from a detailed review of five years of CR-3 operation. Where plant-specific data were insufficient, generic data were used. The generic data represent an aggregate of numerous NRC, industry and other nonnuclear data sources.
I 4-4
I TABLE 4-1 EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS F AULT IREE bA$lt EVEhT5 AAD FAILURE DATA I FAULT TREE FAULT TREE EVENT DESCRIPTION /
FAILURI RATE (HR.1)
L157 0F 8A51C EVENT 5 COMPR151NG MODUL AR [VINT.........
FAULT DURATION (HR)
BA51C EVENT FAILURE PROBAEILITV FAULT TREE EVEh FAILURE P RO B A*e !L I T V IVINT kAMI I ..........
CCMCALBL CCVFW43N COMM0k M00E ERROR . SETPOINT ON EFIC FULL RANGE LEVEL CONTROLLER CAL 18 AATED LOW FWV.43 FAIL 5 TO CPEN Ou CEMAND 1.00I.0!
1.01E 08 1.01E 04 FW).44 FAILS TO CPEN ON DENAhD 2.00E.0:
OCvFW44h OMAkUALY OPERATOR FAIL 5 TO CONTROL EFW IL THE MANUAL MODE 3.33E.01 CHUMANUL OPERATOR SILECTS MANUAL CONTROL FOLLOWING EFIC CONTROL FAILURE 3.00E.03 1.00E 0 CHUCONTY CPIR ATOR F AIL 5 70 MAlhTAIN LEVEL 1.00E 0 I 0$VIF55X IONTkCL VALVE MI5 ALIGNED CLOSED 1.00E.0 05VIF56X CONTROL V ALVI H!5 ALIGNED CLOSED 1.00E.0 05VIF573 CONTROL VALVE **, ALIGNED CLOSE0 C0hTROL VAtVE M)5ALIGhfC CLOSED 1.00E.0 0$VIF581 8 LOCK V*LVI MI5ALIGuto CLD5EL 1.00I.0 QMVIF11X 1.00E.C BLOCK VALyt MISALIGNED CLO5ED OMVIF13X BLOCK YALVE Ml!ALIGNFC CLOSED 1.00I.0 CMVIF323 9.00E.0 OnVEF33X BLCCK YALVE MI5ALIGhED CLO5ED BLCCK VALVE FAILS TO OPEN ON DIMAND 9.00!.U CMVEF110 9.00E 0 OMVIF130 BLOCK VALVE FAIL 5 TO OPEN Ok OEMAND 8 LOCK VALVE FAILS 70 CPEN Ch DEMAND S.001.C OMVEF320 1.33E.C DNVIF330 BLOCK VALVE FAIL 5 70 OPEN ON DEMAND QMMSGAPI VALVIS IN INJtCTION LINE FROM [FP.1 70 OTSG A CLD5E0 1.00E.04 OCVIF15W CHECK YALVI FAIL 5 70 OPEN ON DEMAND 1.70I.06 360 6.12E.04 QMVEF14K BLLCK VALVE TRANSFERS CLOSIC
- 6.40[.0) 1020 6.91I.04 05VEF58K CONTROL VALVE TRANSFERS CLOSED 1.001 06 360 3.60I.04 QTLVAACF FAILURE OF VALVE OPEN SIGNAL FROM TRIP LOGIC VICTOR CHANNEL A . OTSG A 1.20E 06 6570 7.88I.03 CCNAA00H H]GH OUPUT (CLOSE SICNAL) FROM EFIC CONTROL CHANNEL 1.00E.06 360 3.60[.04 QTLVDAOF FAILURE OF VALVE OPEN SIGNAL FROM TRIP LOGIC VECTOR CHANNEL 0 . OT5G A 360 8.28E.05 I CLT0017H LEVEL TRAN5MITTER FAILS HIGH OBALT17H 5!GNAL CONDITIONER FAILS HIGH CB!$T17F SIST ABLE FAILS CLBLIAAF OVERFILL ISCLATION LOGIC FAILS . CHAN.
2.30f.07 3.50I.06 5.70I.07 360 360 360 A 3.00E.07 360 2.30E.07 1.26t.03 2.05t.04 1.08E.04 8.28t.05 1.26E.03 I
OL1002WH LEVEL TRAW5MITTER FAILS HIGH 3.50E-06 360 CBALT20H 51ENAL CONDITIONER FAILS HIGH 5.70E.07 360 2.05t.04 QB15720F 815 TABLE FAIL 5 360 1.081 04 1.33E.8 OLSLIDAF DYERFILL !$0LAT10N LOGIC FAILS . CHAN. 0 3.00E.07 QMMSGAP2 VALVE 5 IN INJECTION LINE FR0n EFP.2 TO 075G A CLD5ED 1.00E.04 i CCVEF17N CHECK YALVE FAIL 5 TO OPtk ON DEMAND 1.70E.06 360 6.121 04 QMVEF11K SLOCK VALVE TRANSFERS CLOSE0 6.40!.07 1080 6.91E-04 05VEF56K CONTROL VALVE TRANSFEk5 CLOSEC 1.00E.06 360 3.60E 04 QTLVCA0F FAILURE OF YALVI OPEN $1GNAL FROM TRIP iCG1C VECTOR CHANNEL C - OT5G A 1.20E 06 6570 7.88E.03 ,
QCM8A00H HIGH DUPUT (CLOSE SIGNAL) FROM EFIC I CONTROL CHANNEL CTLVBADF FAILURE OF VALVE OPEN $1GNAL FROM TRIP LOGIC VICTOR CHANNEL B - OT5G A CLT0018H LEVEL TRAN5 HITTER FAlks HIGH CBALTISH $1GNAL CONDITIONER FAILS HIGH
'1.00I.06 2.30E-07 3.501 06 360 360 360 360 3.60E 04 8.28E.05 1.26E.03 2.05t.04 5.70E.07 OB15T18F BISTABLE FAILS 360 1.08E.04 CLBLIBAF DVERFILL ISOLATION LOGIC FAILS . CHAN.
2.30E.078 3.00I.07360 8.28E.05 QLT0019H LEVEL TRAU5 HITTER FAILS HIGH I
I 4-5
- Il TABLE 4-1 (Continued)
EMERGENCY FEEDk'ATER SYSTEM--BASIC EVESTS I FAULT TREE BA5!C EVEhT5 AND FAILURE DATA I FAILURE FAULT BA51C EVENT FAULT TREE EVEh1 FAULT TREE EVENT DESCRIPTION / RATE QURAtlah FAILUEI FAILURE FAULT TREE PROBASILITY PROBABILITY EVENT hAME L157 0F BA51C EVENTS COMPRI5!NG P000LAR EVENT (HR 1) (MR) 3.50E.06 360 1.26E.03 CBALT19H SIGNAL CONDITIONER FA]L5 HIGH 2.05E.04 08IST19F B1STA8LE FAILS 5.70E.07 360 360 1.08E.04 QLBLICAF 0VERrILL 150LATIch LOGIC FAILS . CHAk. C 3.00E.07 1.33E 02 OMMSGBPI YALVES 1h INJECTION LINE FROM EFP.1 TC 0T50 8 CLOSED 1.00E.94 QCVEF16N CHECK VALVE FAILS TO OPEA Ch DEMANC 6.12I.04 QMVEF33K BLOCK VALVI TRANSFERS CLOSED 1.70E.06 360 6.40E.07 1080 6.911 04 05V!F57K CONTROL VALVE TRANSFERS CLOSED 360 3.60E.04 ITLVCBOF FAILURE OF VALVE OPEh SIGNAL FROM TRIP 1.00E 06 LOGIC VICTOR CHANhEL 0 . OT5G B 7.BBE-03 1.20E 06 6570 CCMAB00H HIGH OUPUT (CLOSE $1GNAL) FROM EFIC CONTROL CHANNEL 1.00E 06 360 3.60E-04 OTLVABOF FAILURE OF VALVE OPEh SIGNAL FROM Tk1P LOGIC VECTOR CHANNEL A . 075G B 8.28. 05 OLT0021H LEVEL TRAN5MITTER FAIL 5 HIGH 2.30E.07 360 3.50E.06 360 1.26E 03 GBALT21H SIGNAL CON 0!TIONER FAILS HIGH 5.70E 07 360 2.05E.04 QB15721F BI5 TABLE FAILS 1.0BE.04 CLBLIABF CVERFILL 150LAT]CN LOGIC FAILS - CHAN. .A 3.00E.07 360 2.30E.07 360 8.2BE.05 OLT0024H LEVIL TRAN5MITTER FAILS HIGH 1.26E 03 CBALT24H $1GNAL C0h0!T10NER FAILS HIGH 3.50E.06 360 5.70E-07 360 2.05E.04 OBI 5724F B157A8LE FAIL 5 360 1.08E.04 CLBL10BF CVERFILL 150LATION LOGIC FAILS - CHAN. 0 3.00E-07 1.33E.02 QMMSGBP2 VALVE 5 IN INJECTION L]NE FROM EFP.2 TO OT5G B CLQ5EO 1.00E.04 CCVIFIEN CHECK VALVE FAIL 5 TO OPEN ON DEMAND 6.12E.04 CMYEF32K BLOCK VALVE TRANSFERS CLOSE0 1.70E.06 360 6.40E.07 1080 6.91E.04 05VIF55K CONTROL VALVE TRANSFERS CLOSED 3.60E.04 QTLYCBOF FAILURE OF VALVI CPEN $1GNAL FROM TRIP 1.00E-06 360 LOGIC VECTOR CHANNEL C - 075G B 7.88E.03 QCMbB00H HIGH OUPUT (CLOSE SIGNALI FRon EF]C 1.20E 06 6570 COETROL CHAhWEL 1.00E.06 360 3.60E.04 QTLYBB0F FAILURE OF VALVE OPEN $1GNAL FROM TRIP LOGIC VICTOR CHANNEL B . OT5G B 8.2BE.05 OLT0022H LEVEL TRAN5MITTER FAILS HIGH 2.30E.07 360 QBALT22H $1GNAL CONDITIONER FAILS HIGH 3.50E.06 360 1.26E.03 5.70E.07 360 2.05E.04 CB25722F BISTABLE FAILS 360 1.0BE.04 CLBLIBBF OVERFILL 150LAT10N LOGIC FAILS . CHAN. B 2.30E.07 3.00E.07 360 8.28E.05 QLT0023H LEVEL TRANSMITTER FAILS HIGH 1.26E-03 CBALT23H SIGNAL CONDITIQ6ER FAILS HIGH 3.50E.06 360 5.70E.07 360 .2.05E.04 QB15T23F BISTABLE FAILS 360 1.08E.04 OL8LICBF OVERFILL !$0LAT10N LOGIC FAIL $ . CHAN. C 3.00E.07 3.33E.03 OMMEFWIT OPERATOR STOPS EFP.1 FOLLOWING CONTROL PROBLEH5 WITH EFV.57 OR IFV.58 AND 00E5 NOT RISTART 3.33E.01 OPMIFW1V* CPERATOR STOPS EFP.1 1.00E-02 QPMEFW12 CPERATOR FAILS TO RESTART EFP.1 FOLLOWING FAILURE OF SECONO TRAIN .3.33E.03 CMMEFW2V OPERATOR STOPS EFF.2 FOLLOWING CONTROL PROBLEMS WITH EFV 55 DR EFV.56 AND 00E5 NOT RESTART 3.33E 01 OPTEFW2Y' OPERATOR STOP5 EFP.2 1.00E.02 OPTEFW22 OPERATOR FAILS TO RESTART EFP.2 FOLLOWING F AILURE OF SECONO TRAIN . 360 1.0BE.04 OLBVA00F FAILURE OF VECTOR CHANNEL A ENABLE 3.00E.07 3.00E.07 360 3.08E.04 FAILURE OF VECTOR CHANNEL 8 ENABLE i
OLBVB00F 360 1.0BE.04 CLBVC00F FAILURE OF VECTOR CHANNEL C ENABLE 3.00E-07 3.00E.07 360 1.0BE.04 QL8V000F FAILURE OF YECTCP CHANNEL 0 ENABLE ll ll 4-6
.mv
I TABLE 4-1 (Continued)
EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS I FAULT TREE BASIC EVENTS ANC FAILURE LATA FAULT bA51C EVINT FAULT TREE EVEkT FAILURE I FAULT TREE EVENT NAME FAULT TRIE EVENT DESCRIPTION /
LIST OF BA51C EVENTS COMPRISING MODULAR EVENT RATE (MR.11 DURATION (HR)
FAILURE PR05 ABILITY FAILURE PROBAblLITY 9.36E.03 I QMMIF58 CONTROL OF EFV-56 FAILS 1.60E.04 0$vEF580 CONTROL VALVE FAILS CW DEMAND 1.19E-06 6570 7.82E.03 QCMAA00F LOS5 OF SIGNAL FROM EFIC CONTROL CHANNEL 4 OT5G A 1.12E.04 CLT0017L FULL RAhGE LEVEL TRAN5MITTER FAILS LOW 3.10E-07
- 360 360 1.27E-03 QBALT17L $1GNAL CONDIT10hER FOR LEVEL TRANSMITTER 3.54E.06 I QMMEr55 FAILS LOW CONTROL OF EFV-55 FAILS 05VIF550 CONTROL VALVE FAILS ON 0[ MAND QCMBB00F LOS5 OF SIGNAL FROM EFIC CONTROL 1.19E-06 6570 1.60E.04 7.82E.03 9.36E.03 CHAhWEL B . OTSG B I 3.10E.07 360 1.12E.04 OLT0022L FULL RANGE LEVEL TRAN5MITTER FAIL 5 LOW 360 1.27E-03 06 ALT 22L SIGNAL C0h0lT10NER FOR LEVEL TRANSMITTER 3.54E-06 FAILS LOW 9.36E.03 GMMEF56 CONTROL OF EFY.56 FAIL 5 1.60E-04 05VEF560 CUNTROL VALVE FAILS ON DEMAND 6570 7.82E-03 I
1.19E.U6 QCMBA00F LOS$ OF SIGNAL FkOM EFlc CONTROL CHANNEL 6 - 015G A 3.101 07 360 1.12E.04 CLT0018L FULL RANGE LEVEL TR AN5MITTER F AILS LOW 360 1.27E.03 QBALT18L $1GhAL CONDITIONER FOR LEVEL TRANSMITTER 3.54E.06 FAIL 5 LOW 9.36E.03 I CMMIF57 CONTROL OF EFv.57 FAILS 05VEF570 CONTROL VALVE FAILS Os DEMAND QCHAB00F LOS$ OF $1GNAL FROM EFIC CONTROL CHANNEL A . OT5G B 1.19E.06 3.10E-07 6570 360 1.60E.04 7.82E.03 1.12E 04 OLT0021L FULL RANGE LEVEL TRANSMITTER FA]L5 LOW 36C 1.27E-03 I OMy[r01M QMVD C2M QBALT21L SIGNAL CONDITIONER FOR LEVEL TRAK 5MITTER 3.54E-06 FAILS LOW EFY-1 UNAVAILABLE DUE TC MAINTENANCE EFV.2 UNAVAILABLE DUI TO MAINTENANCE PUMP TRAIN EFP.1 Ik MAINTENANCE 1.37E.04 1.37E-04 8.84E 04 QMNIFPIM 6.10E-04 I QMMEFP2M EPMEFPIM EFP-1 IN MA]NTENANCE CMVEF14M EVF.14 ]k MAINTENANCE QMVEF33M EFV-33 Ik MAINTENANCE PUMP TRAIN EFP-2 IN MAINTENANCE EPTEFP2M EFP-2 ;d MAINTENANCE 1.37E.04 1.37E 04 2.00E.03 2.27E-03 1.37E.04 I QMMIFPI OMVEF11M EYF-11 IN MAINTENANCE QMYEF32M EFY-32 IN MAINTENANCE EFP.1 PUMP TRAIN FAILS QCVEFJ6N CHICL VALVE FAILS TO OPEN ON DEMAND DCVEF07N CMICK VALVE FAILS TO OPEN ON DEMAND 1.37E-04 1.00E.04 1.00E-04 3.00I.05 6.59E.03 I OCVEF07X STOP VALVE MI5 ALIGNED CLOSED OPMEFP1A PUMP FAIL 5 TO START QPMIFPIF PUMP FAIL 5 10 CONTINUE TO RUN OPMEFP1Z OPERATOR FAILS TO RESTORE PUMP TRAIN AFTER MAINTENANCE 4.50E-05 8 4.10E-03 3.60E-04 3.00I.04 2.40E.04 I
ORYO7AIF TRIP RELAY FAILS TO ENEEG12E
- 2.40E.04 CRYO 7A2F TRIP RELAY FAIL 5 TO ENERG]ZE 8.20E.07 360 2.95E.04 OTLO7AIF TRIP CHANNEL FAILS TO TRIP 8.20E 07 360 2.95E-04 OTLD7A2F TRIP CHANNEL FAILS TO TRIP 360 9.00I.05 05WTL7A5 MANUAL SELECT SWITCH SHORTED 2.50E.07 3.00E.05 I
SXVEFP1X PUMP CDOLING LINES M15 ALIGNED CLOSED 360 1.15E.05 SXY3579K COOLING LINI VALVE TRANSFERS CLOSED 3.20E-06 I
I 4-7 I
ll
.p, TABLE 4-1 (Continued)
EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS I FAULT TREE BASIC [ VENT 5 AND FAILURE DATA I
FAILURE FAULT BASIC EVENT FAULT TREE EVENT FAULT TREE FAULT TREE FvENT DESCRIPTION / RATE DURATION FAILURE FAILURE EVINT NAME LIST OF BA5]C 'T.NT5 COMPRISING MODULAR EVENT (hR.1) (HR) PROBABILITY PR08A81LITV
$XYt607K COOLING LINE VALVE TRANSFERS CLC5ED 3.20E.08 360 1.15E.05
$XV5507K COOLING LINE VALVE TRANSFERS CLOSED 3.20E-08 360 1.15I.05
$XV5508K COOLING LINE VALVE TRANSFERS CLOSED 3.20t-08 360 1.15E.05 5XV5509K C00 LING LINE VALVE TRANSFERS CLOSED 3.20E-08 360 1.15E-05 SIV5510K COOLING LINE VALVE TRANSFERS CLOSED 3.20E.06 , 360 1.15I.05 0CVEF35N CHECK VALVE FAIL 5 TO OPEN ON DEMAND 1.00E.04 OXYEF24K MANUAL VALYE inANSFERS CLOSED 3.20t.08 360 1.15E.05 OLbVAABF PRESSURE LOGIC FAILS - VECTok CHANNEL A 3.00E-07 360 1.08I-04 QL8VDA8F PRES 5URE LOGIC FAILS - VECTOR CHANNEL 0 3.001 07 360 1.08I.04 CMVEFG3K PUMP SUCTION VALVE TRANSFERS CLOSED 3.20E.08 360 1.15E.05 IFP.2 PUMP TRAIN FAIL 5 9.94E-03 I
QMMIFP2 OCVEF05N CHICK VALVE FAILS TO OPEN ON DEMANC 1.00E.04 OCVEF08N CHECK VALVI FAILS TO CPEN ON DINANC 1.00E.04 OCVEF08X STOP VALYE MI5ALIGNEC CLOSED 3.00E-05 OPTEFP2A PUMP FAILS TO START 6.70I.03 1.20E-04 8 9.60E.04 I
OPTIFP2F PUMP FAILS TO CONTINUE TO RUN OPTEFP22 OPERATOR FAIL 5 TO RESTORE PUMP TRAIN 3.00E.04 AFTER MAINTENANCE ORYO781F TRIP RELAY FAIL 5 TO ENERG12E 2.40E-04 QRYO782F TRIP RELAY FAIL 5 TO ENERGIZE 2.40E-04 OTLO781F TRIP CHANNEL FAILS TO TRIP 8.20E.07 360 2.95E.04 I QTLO782F TRIP CHANNEL FAIL 5 TO TRIP 05WTL785 MANUAL SELECT SWITCH 5HORTED CXVEFP2X PUMP COOLING LINES MISALIGNED CLOSED OXYEF49K COOLING LINI VALVE TRANSFERS CLD5ED 8.20I.07 2.50E-07 3.20t.08 360 360 360 2.95E.04 9.00E-05 3.00I.C5 1.15I.05 1.15I.05 QXVEF50K COOLING LINE VALVE TRANSFERS CLOSED 3.20E.08 360 I CXVEF51K COOLING LINE VALVI TRANSFERS CLOSE0 CXVEF52K COOLING LINE VALVE TRANSFERS CLOSED CXYEF53% C00LIhG LINE VALYL TRANSFERS CLOSED QXVEF54K COOLING LINI VALVE TRANSFERS CLOSED 3.20E-08 5.20E.08 3.2VE-08 3.20E-08 360 360 360 360 1.15t-05 1.15I.05 1.15E-05 1.15E.05 1.00E.04 OCVIF34N CHECK VALYE FAIL 5 TO OPEN ON DEMAND I CXVEF23K MANUAL VALVE TRANSFER $ CLOSED QLOV8ABF PRE 55URI LOGIC FAIL 5 - VECTOR CHANNEL 8 QL8VCABF PRI55URE LOGIC FAILS - YECTOR CHANNEL C QMVEF04K PUMP SUCTION VALVE TRANSFERS CLOSED 3.20E-08 3.00I-07 3.00E-07 3.20E-08 360 360 360 360 1.15E.05 1.08E-04 1.08E.04 1.15I.05 3.00E-04 QXYA550X TUR81NE ADHI5510N VALVE MISALIGNED CLO5ED I OXVA550K A5v.50 TRANSFERS CLOSED (0MVA204D+ A5V.204 FAIL 5 TO OPEN ON DEMAND CMVA204M+ A5V 204 IN MAINTENANCE QMVA204K)*ASV.204 TRANSFER 5 CLOSED 3.20E.08 1.70E.06 360 8
1.15E-05 9.00E.03 8.19[-04 1.36E-05 9.00E.03 10MVA005D+ ASV 5 FAIL 5 TO OPEN ON DEMAND I QMMIFT2 QMVA005M+ ASV.5 IN MAINTENANCE OnVA005K) A5v.5 TRANSFERS CLOSED OCMPCALL EFIC PRESSURE CONTROL $ETPCINT CALIBRATED LOW (BELOW 200 P516)
DEDICATED EFW TANK EFT.2 UNAVAILABLE 1.70I.06 8 8.19I.04 1.36E.05 1.00I.05 3.56I.07 I OXVA1A2X bOTH SUPPLY YALVES MI5 ALIGNED CLOSED 0.00E+00 OXVA100K' EFV.Al TRAN5Ftk$ CLOSED (INTERNALS REM.) 0.00t+00 360 0.00E+00 CXVA200K [FV.A2 TRANSFERS CLOSED 0.00E+00 360 0.00E+00 QTEEFT2G* PRE. EXISTING LOW LEVEL ]W EFT-2 (LEAK) 9.90t 07 360 3.561-04 OTKEFT22 OPERATOR 5 DO NOT RESPOND TO ALARM 5 1.00E.13 2.32E.04 I VMMSGAST FA]LURI 0F EFP.2 STEAM $UPPLY - 075G A QCYM186N CHECK VALVE FAIL 5 TO OPEN ON DEMAND 1.01E-04 I
I ll 4-8 lll
i- l TABLE 4-1 (Continued) I
- l EMERGENCY FEEDk'ATER SYSTEM--EASIC EVENTS I
3 l
FAULT TREE BASIC EVENTS Ah0 FAILukE CATA I
FAILURE FAULT BASIC EVENT FAULT TREE EVENT FAULT TREE FAULT TRIE EVENT DESCRIPTION / RATE DURATION FAILURE FAILURE EVENT NAME LIST OF BASIC EVENTS COMPR]$1NG MODULAR EVENT (HR.1) (HR) PROBAb!LITY PROBA81LITY OCVM055N CHECK VALVE FAILS TO OPIk ON DEMAND 1.0!E.04 QCVM055X STOP VALVE MI5 ALIGNED CLO5ED 3.00E.05 OMMSGBST FAILURE OF EFF.2 STIAM IUPPLY . 075G B 2.32E.04 CCVM387N CHECK VALYE FAIL 5 70 OPEN ON DEMAND 1.01E 04 OCVMC56N CHECK VALVE FAIL 5 TO OPEN ON DEMAND 1.01E.04 i OCVM056X STOP VALVI M15 ALIGNED CLO5ED 3.00E.05 CAVM4110 MAIN STEAM ISCLATION VALVI FAIL 5 TO CLOSE ON DEMAND 9.85E.03 QAVM4120 MAlk STEAM 150LAT10N VALVE FAILS TO CLOSI ON DEllAND 9.85E.03 0AYM4130 MAIN STEAM ISCLATION VALVE FAILS 70 CLOSE ON DEMAND 9.85E.03 CAYM414D MAIN STEAM 150LATIOk VALVE FAILS TO Ct05E ON DEMAND 9.65E.03 M55TF HIGH PRESSURE TURBINE ADHI$510N VALVES FAIL TO CLOSE 5.50E.04 MSRVC TWO RELIEF VALVE 5 DN OT5G A FAIL TO RECLOSE 3.00E-03 QMMCMPA OTSG A PRES $URE C0hTROL FAILS LOW 1.77E.02 OAYMS250 ADV FAILS TO CLOSE ON DEMAND 9.85E.03 OCMPA00H EFIC PRES 5URE CONTROL CHANNEL FAILS HIGH 1.19E.06 6570 7.82E.03 I
(OPENS ADV)
QPTIA00H PRESSURE TAAN5MITTER FAILS HIGH 2.50E.07 20 5.00E.06 08APTIAH SIGNAL CONDIT!0hER FOR PRES $URE 3.54E.06 20 7.08E.05 TRAN5MITTES FAILS HIGH QMMCMPB OTSG B PRESSURE CONTROL FAILS LOW 1.77E.02 CAYMS250 ADV FAILS 10 CLOSE ON DEMAND 9.85E.03 CCMP800H EF]C PRES 5URE CONTROL CHANNEL FAILS HIGH 1.19E.06 6570 7.82E-03 (OP[NS ADV)
OPT 1800h PRES $URE TRANSMITTER FAILS HIGH 2.50E.07 20 5.00E.06 QBAPTIBM SIGNAL CONDITIONER FOR PRES $URE 3.54E-06 20 7.08E.05 TRANSMITTER FAILS HIGH QLBCHNAM EFIC ]N]TIATE CHANNEL A ]N NAINTENANCE BYPAs$ 3.39E.06 OLBCHN8M EFIC INITIATE CHANNEL B IN MAINTENANCE BYPASS 3.39E.06 OLBCHkCM IFIC INITIATE CHANNEL C Ik MAINTENANCE BYPASS 3.39E 06 OLBCHNDM EFIC INITIATE CHANNEL D IN MAlkTEhANCE BYPASS 3.39E.06 FAILURE OF EFIC TRIP CHANNEL 8A 1.37I.03 I
QMMTL8A QRYOBAIF TRIP RELAY FAIL 5 TO ENERG12E 2.40E-04 ORY08A2F Tk]P RELAY FAILS 70 ENERGIZE 2.40E.04 QTLO8AIF TR]P CHANNEL FAILS 70 TRIP 8.20E.07 360 2.95E.04 QTLO8A2F TRIP CHANNEL FA]L5 TO TR]P 8.20E.07 360 2.95E.04 0$WTL8A5 MANUAL SELCCT SWITCH SHORTED 2.50E.07 360 9.00E.05 CBIPTIAF BISTABLE FAILS TO TR]P 5.7CE 07 360 2.05E.04 OMMTL98 FAILURE OF EFIC TR]P CHANNEL 98 1.37I.03 ORYO981F TRIP RELAY FAILS TO ENERGIZE 2.40E-04 QRYO982F TRIP RELAY FAILS TO ENERGIZE 2.40E-04 QTLO981F TRIP CHANWEL FAILS TO TRIP 8.20E 07 360 2.95E.04 I OL8PlAAF OTLO982F TRIP CHANNEL FAIL 5 TO TRIP 0$WTL98$ MANUAL SELECT SWITCH SHORTED CBIPTIBF BISTABLE FAILS TO TR]P FAILURE OF EFIC PRESSURE ISOLATION CHANNEL A TO 075G A 8.20E.07 2.50E.07 5.70E.07 3.00E.07 360 360 360 360 2.95E.04 9.00E.05 2.05E.04 1.08E.04 i OLBPIBAF OLBPICAF OL8PIDAF FAILURE OF EFIC PRES $URE 150LAT10N CHANNEL b TU OT3G A FAILURE OF EFIC PRES $URE ISOLATION' CHANNEL C TO OTSG A FAILURE OF EFIC PRES $URE ISCLATION 3.00E.07 3.00E-07 3.00E.07 360 360 360 1.0BE-04 1.08E 04 1.08E.04 CHANNEL 0 To OTSG A QL8PIABF FAILURE OF EFIC P8ES$URE ISOLATION 3.00E.07 360 1.U8E 04 1
1 i 4-9
TABLE 4-1 (Continued)
EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS II FAULT TREE 6 ASIC EVEhT5 AhC FAILURE DATA {
I4 FAULT TRE[
EVENT NAMI FAULT TREE EVEhi DESCRIPTION /
LIST OF BA$1C [VlNTS COMPRISIhG MCOULAR EVENT FAILURE RATE (Hk.1)
FAULT DURATION (HR]
BASIC EVENT FAILURE PROBABILITY FAULT TREE EVEN* l FAILURE PROBABILITY l
l
.......... . . - . . . . . . . - . . . . . . . . . . . . . . . . . - . . . - - . . . - . . - - . . - - . . . . ....-.... --..-.... ............. -.-...........-. c lj QLBPIB6F CHAhNEL A TO OT50 B FAILURE OF EFIC PRI55URE ISOLATION CHANhEL B TO OT5G b 3.00E 07 360 1.0ft-04 1
l QLSPICBF FAILURE OF EFIC PRES 5URE ISCLATION 3.00E 07 360 1.0 tlE -04 CHANNEL C TO OTSG b QLBPIO8F FAILURE OF EFIC PRESSURE ISOLATION 3.00I.07 360 1.08I.04 CHANNEL 0 70 075G 8 EFIC INITIATE CHAhMIL A FAILS 6.20E.07 360 2.95E-04 QLBINIAF OLBINIBF EFIC INITIATE CHANNEL B FAILS 8.20E-07 360 2.95I.04 CL81NICF EFIC INITIATE CHANNEL C FAILS 8.20E.07 360 2.95E-04 QLBlh]DF EFIC INITIATE CHANNEL 0 FAILS 8.20E-07 360 2.95E.04 FAILURE OF LEVEL TRAN5MITTER LT-25 1.56E.03 QMMLT25 360 8.28E-05 CLT0025H LEVEL TRANSMITTER FA]L5 HIGH 2.30E.07 QBALT25H $1GNAL C0hCITIONER FAILS HIGH 3.54E.06 360 1.27E-03 QBILT25F BI5 TABLE FAIL 5 5.70E.07 360 2.0$E.04 FAILURE OF LEVEL TRANSMITTER LT.26 1.56E.03 QMMLT26 QLT0026H LEVEL TRAK $MITTER FAILS HIGH 2.30E-07 360 8.28E-05 QBALT26H SIGNAL CONDITIONER F AIL 5 HIGH 3.54E.06 360 1.27E-03 QBILT26F B15 TABLE FA]L5 5.70E.07 360 2.0$E.04 QMMLT27 FAILUkE OF LEVEL TRANSMITTER LT.27 1.56E.03 CLT0027H LEVEL TRAkSMITTER FAILS HIGH 2.30E.D7 360 8.28E 05 QBALT27H $1GNAL CONOITIONEP FAILS HIGH 3.54E.06 360 1.27E.03 OBILT27F BISTABLE FAILS 5.70E.07 360 2.05E-04 QMMLT28 FAILURE OF LEVEL TRAN5MITTER LT-28 1.56E-03 QLT0026H LEVEL TRAN5MITTER FAILS HIGH 2.30E-07 360 8.28E.05 QBALT28H 5]GNAL CONo!TIONER FAILS HIGH 3.54E-06 360 1.27E.03 061LT2BF 81 STABLE FAlis 5.70E.07 360 2.05E-04 QMMLT29 FAILURE OF LEYLL TRAN5MITTER LT.29 1.56E.03 OLT0029H LEVEL TRANSMITTER FAILS HIGH 2.30E-07 360 8.28E.05 08 ALT 29H SIGhAL CONDITIONER FAILS HIGH 3.54E.06 360 1.27E-03 081LT29F BISTABLE FAILS 5.70t 07 360 2.05E.04 QMMLT30 FAILURE OF LEVEL TRAN5MITTER LT.30 1.56E-03 OLT0030H LEVEL TRANSMITTER FAILS HIGH 2.30E.07 360 8.28E-05 08 ALT 30H SIGNAL CONDITIONER FAILS HIGH 3.54E.06 360 1.27E.03 081LT30F BISTABLE FAILS 5.70E-07 360 2.0$E.04 QMMLT31 FAILURE OF LEVEL TRANSMITTER Lt.31 1.56E.03 OLT0031H LEVEL TRAN5 HITTER FAILS HIGH 2.30E.07 360 8.28E 05 QBALT31H SIGNAL CONCITIONER FAILS HIGH 3.54E-06 360 1.27E.03 QBILT31F B15 TABLE FAILS 5.70E.07 360 2.0$E.04 QMMLT32 FAILURE OF LEVEL TRANSMITTER LT.32 1.56E.03 QLT0032H LEVEL TkAN5MITTER FAILS H]GH 2.30I.07 360 8.2BE 05 OBALT32H $1GNAL CONDITIONER FAILS HIGH 3.54E 06 360 1.27E.03 OBILT32F B15 TABLE FAILS 5.70E.07 360 2.05E.04 QMMCAlbt COMMON MODE CAL 18 RAT 10N ERRORS FOR LOW RANGE 2.00E.04 LEVEL TRAN5MITTERS ,
OLTLOWRH LOW RANGE LEVEL TRAN5MITTERS CALIBRATE 0 HIGH 1.00E 04 OBILOWRL LOW LEVEL INITIATION SETP0lNT SET LOW 1.00E.04 CHUOVRFT OPERATOR BYPASSES EFIC OVERFILL ISOLATION 1.00E.02 CSGTRSMY OPERATOR FAIL 5 TO STEAM 8kOKEN 075G 1.00E.04 QMMMFPTF MFP TRIP SIGNAL FAILS 1.97E-03 OP5MFPAF NFP A PRES $URE SWITCH FAILS 2.30E-06 360 8.28E-04 QP5MFPBF MFP B PRESSURE SWITCH FAILS 2.30E.06 360 8.28E 04 QRtMFPTF TRIP RELAY FAILS 70 DE. ENERGIZE 7.00E.08 360 2.52E-05 1
4 4-10 l.
I TABLE 4-1 (Continued)
EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS
. FAULT TREE BA!:C EVENTS ALD FAILURE DATA I
FAULT TREE EVENT NAME FAULT TREE EVENT DESCRIPTION /
Ll5T OF 8A51C EVENTS COMPRI51hG M00DLAk EVENT FAILURE RATE (HR.1)
FAULT DURATION (HR)
BASIC EVENT FAILURE PROBABILITY FAULT TREE EVEhT FAILURE PROLABILITY QCNMFPTF TRIP CONTACT 5 FAIL TO CLOSE B.10E 07 360 2.92E.04 QMMVAAI FAILURE OF EFIC OVERFILL !$0LATION . CHANNEL A, OTSG A 1.76E.03 OLT0017L LEVEL TRANSMITTER FAILS LOW 3.10E.07 360 1.12E.04 08A0017L SIGNAL CON 0!TIONER FAILS LOW 3.50E.06 360 1.26E.03 3.90E.07 I
06100170 815 TABLE FAILS TO TRIP DN DEMAND QSWODAAS BYPAS5 $ WITCH 5HORTED 2.50E.07 360 9.00E.05 QTLOOAAF TRIP CHANNEL FAIL 5 TO TRIP 8.20E-07 360 2.95E.04 FAILURE OF EFIC OVERFILL ISOLATION . CHANNEL B, OTSG A 1.76E.03 QMMVBAI OLT0018L LEVEL TRANSMITTER FAILS LOW 3.10E.07 360 1.12E-04 QBA0018L $1GNAL CCNDITIONER FAILS LOW 3.50E.06 360 1.26E.03 08100180 81 STABLE FAILS TO TRIP DN DEMAN0 3.90E.07 05WODBAS BYPASS SWITCH SHORTED 2.50E.07 360 9.00E-05 OTLOObAF TRIP CHANNEL FAILS TO TRIP B.20E.07 360 2.95E 04 FAILURE OF EFIC OVERFILL ISOLATION - CHANNEL C, OT5G A 1.76f.03 QMMVCA1 1.12E.04 OLT0019L LEVEL TRANSMITTER FAILS LOW 3.10E.07 360 QS?0019L $1GNAL CONDIi]CNER FAILS LOW 3.50E.06 36U 1.26E.03 08100190 BI5 TABLE FAIL 5 TO TRIP DN DEMAND 3.90E.07 05WOOCAS BYPA55 SWITCH SHORTED 2.50E.07 360 9.00E 05 GTLOCCAF TRIP CHAhNEL FAILS TO TRIP 8.20E-07 360 2.95E.04 FAILURE OF EFIC OVERFILL ISOLATION - CHANNEL D, OT5G A 1.76E 03 QMMVDAI OLT0020L LEVEL TRAN5MITTER FAILS LOW 3.10E.07 360 1.12E.04 06A0020L SIGNAL CONDITIONER FAILS LOW 3.50E.06 360 1.26E.03 0810020D SISTABLE FAILS TO TRIP DN DEMAND 3.90E.07 05W000A5 BYPASS SWITCH SHORTED 2.50E.07 360 9.00E.05 QTL000AF TRIP CHANNEL FAILS TO TRIP 8.20E.07 360 2.95E-04 QMMYABI FAILURE OF EFIC OVERFILL !$0LATION . CHANNEL A, CTSG B 1.76E.03 OLT0021L . LEVEL TRANSMITTER FAILS LOW 3.10E-07 360 1.12E.04 QBA0021L SIGNAL CUNDITIONER FAILS LOW 3.50E.06 360 1.26E.03 08100210 BISTABLE FAILS TO TRIP DN DEMAND 3.90E-07 0$WOOABS SYPA55 SWI*CH SHORTED 2.50E.07 360 . 9.00E.05 8.20E.07 360 2.95E.04 I
QTLOOABF TRIP CHANNEL FAILS TC TRIP 1.76E.03 QMMYBB! FAILURE OF EFIC OVERFILL ISOLATION . CHANNEL B, 0T56 B QLT0022L LEVEL TRAN5MITTER FAILS LOW 3.10E.07 360 1.12E.04 CBA0022L 5]GNAL CONDITIONER FAILS LOW 3.50E.06 360 1.26E.03 08100220 81ST ABLE FAILS TO TRIP DN DEMAND 3.9CE-07 05W00BBS SYPA55 SWITCH SHORTED 2.50E.07 360 9.00E.05 OTLC088F TRIP CHANNEL FAIL 5 TO TRIP 8.20E.07 360 2.95E.04 FAILURE OF [FIC OVERFILL ISOLATION - CHANNEL C. OT5G B 1.76E.03 QMMVCBI OLT0023L LEVEL TRANSMITTER FAILS LOW 3.10E.07 360 1.12E.04 QBA0023L SIGNAL CONDITIONER FAILS LOW 3.50E.06 360 1.26E.03 0B10023D 81 STABLE FAIL 5 TO TRIP DN DEMAND 3.90f.07 0$WOOCUS BYPASS SWITCH SHORTED 2.50E.07 360 9.00E.05 QTLOOCBF TRIP CHANNEL FAILS TO TRIP 8.20E.07 360 2.95E.04 FAILURE OF EFIC OVERFILL ISOLATION - CHANNEL D. OT5G B 1.76E-05 QMMVD61 0LT0024L LEVEL TRANSMITTER FAILS LOW 3.10E 07 360 1.12E.04 0BA0024L 51GNAL CONDITIONER FAILS LOW 3.50E.06 360 1.26E.03 0B100240 815TA6LE FAILS TG TRIP DN DEMAND 3.90E-07 05w000B5 BYPASS SWITCH SHORTED 2.50E-07 360 9.00E.05 QTLOODBF TR]P CNANNEL FAILS TO TRIP 8.20E.07 360 2.95E.04 4................................... ............. .............
INTERFACE SYSTEMS 5000 FAILURE OF NUCLEAR SERV]CES CLOSED CYCLE COOLING (NOT PAR
- OF SYSTEM-LEVEL STUDY) 0.00E+00 I
I 4-11
TABLE 4-1 (Continued)
EMERGENCY FEEDWATER SYSTEM--BASIC EVENTS FAULT TREE BASIC EVENTS AND FAILURE DATA FAILURE FAULT BASIC EVf.NT FAULT TREE EVEN1 FAULT TREE EVENT DESCRIPTION / RATE DURATION FAILURE FAILURE FAULT TREE L157 0F BASIC EVENTS COMPRI5!NG MODULAR EVENT (MR.1) (MR) PROBASILITY PROEABILITY EVENT NAME ......... ......... ............. ................
I D131 LOS$ OF POWER AT DC PANEL DPDP.5A (NOT PART OF SYSTEM. LEVEL STUDY) 0.00E+00 LOSS OF POWER AT DC PANEL DPCF.58 (NOT PART OF SYSTEM-LEVEL STUDY) 0.00E+00 D231 LD55 0F POWER AT DC PANEL DPDP.8C (NOT PART OF SYSTEM-LEVEL STUDY) 0.00E+00 D171 LD55 0F POWER AT DC PANEL DPDP-80 (kOT PART OF SYSTEM. LEVEL STUDY) 0.00E+00 8271 0.COE+00 D261 LOS5 OF POWER AT DC PANIL DPDP.88 (NOT PART OF SYSTEM. LEVEL E'UDY)
LC55 0F DIESEL GEkERATOR 3A DC CONTROL POWER (NOT PART OF SYSTEM. LEVEL STJDY) 0.00E+00 C301 A741 1055 0F POWER AT 120V YBDP.8 (NOT PART OF SYSTEM. LEVEL STIDY) 0.00E+00 LC55 0F POWER AT 120V V8DP.9 (NOT PART 0F SYSTEM-LEVEL STLDY) 0.00E+00 I
A753 A761 LOSS OF POWER AT 120V V80P.30 (NOT PART OF SYSTEM-LEVEL STLOY) 0.00E+00 LOS$ OF POWER AT 120V V8DP-11 (NOT PART OF SYSTEM. LEVEL STJDY) 0.0UE+0U A771 6.76E.02 AMMOG3AF DIESEL GEkERAT0k 3A FAILS (FOR LC55 0F 0FFSITE POWER INITIATING EVENT)
ADGE53AA DIESEL GENERATOR FAIL 5 TO START 2.20E.02 ADGES3AF DIESEL GENERATOR FAILS TO RUN 5.70E.03 8 4.56E 02 DIESEL GENERATOR 3A FAILS 1.00E+00 AMMOG3AF (FOR BLACKOUT INITIATIhG EVENT) 5.60E.03 ADGE53AM DIESEL GENERATOR 3A IN MAINTENANCE 4
4 4
4 e
lq 4
I 4-12
I i5 Where failure rates are provided, a fault duration time is used to determine the failure probability. For faults occurring during standby, this time is the mean time between demands. The EFW pumps are each demanded monthly during surveillance tests. Some valve demands are made at the same
.g frequency. 0-her valves are demanded during quarterly valve tests. The EFW m, control function (level control and pressure control) is tested durin5 refueling outages, with an assumed nine-month mean test interval.
Maintenance unavailabilities are based on plant-specific data. For the EFW pumps, which are the focu. of this study, the maintenance unavailabilities
. I, are based on a detailed review of all EFW pump work requests for work performed while the plant was in Mode 1. This is considered appropriate, since it is plant practice to perform preventive and nonessential EFW pump maintenance only during cold shutdown.
I I
I I
I I
I .
5 Y
I 4-13
1 1
5.0 EMERGENCY FEEDWATER SYSTEM RELIABILITY RESULTS 5.1 System Analysis Results Results of the system-level EW reliability analysis consist of the system
= unavailability on demand for each of three types of demands. Here, system unavailability is defined as inability of the system to initiate auto-matica11y in response to steam generator low level or main feedwater pump ,
trip actuation signals and to provide flow from at least one EW pump to at least one steam generator for a period of eight hours.
Results are presented in Table 5-1.
TABLE 5-1 EMERGENCY FEEDWATER SYSTEM UNAVAILABILITY g GIVEN THE OCCURRENCE OF THE INITIATING EVENT SYSTEM-LEVEL ANALYSIS RESULTS INITIATING EVENT UNAVAILABILITY d Loss of Main Feedwater with Off-site and 1.9 x 10-4 On-site AC Power Available W (Event LOFW)
Loss of Off-site Poaer with On-site 1.2 x 10-3 Emergency AC Power Available (Event LOOP)
Loss of All Off-site and On-site AC. Power 1.4 x 10-2 (Event LOAC) 5-1 i . . - . .
I .
The principal cut sets (failure modes) contributing to the EFW system's W unavailability and the probability of each cut set are listed below. See Table 4-1 for a definition of each element of the cut set (basic event name) l and for the failure probability associated with each basic event.
5 Event LOW:
o Both EW pumps fail to start arid run, or one pump fails while the other is in maintenance.
i 6.55E-05 QMMEFP1 QMMEFP2 I. 1.50E-05 QMMEFP1 QMMEFP2M h 8.79E-06 QMMEFP2 QMMEFPlM o EFIC steam generator level control f ails low due to com=on mode level instrument calibration error.
8 1.00E-05 QCMCALBL o Following EFIC flow control failure to one control valve, the operators put EFW in manual mode; subsequent failure to control EW flow manually.
9.36E-06 QMMEF55 QMAhTALY 9.36E-06 QMMEF56 QMAhTALY -
9.36E-06 QMMEF57 QMAhTALY 9.36E-06 QMMEF58 QMANUALY o EFIC pressure control fails isolating one steam generator. An EW l pump fails and/or valve failures disable the flow path (s) from the EW pumps to the second steam generator.
3.13E-06 QMMCMP3 QMMSGAPl QMMSGAP2 3.13E-06 QMMCMPA QMMSGBP1 QMMSGBP2 2.34E-06 QMMCMPB QMMEFP2 QMMSGAPl 2.34E-06 QMMCMPA -QMMEFP2 QMMSGBP1 52 9
Y
I I 2.20E-06 QMMCMPA QMMEF55 QMMSGBP1 2.20E-06 QMMCMPA QMMEF57 QMMSGBP2 I 2.20E-06 QMMCMPB QMMEF56 QMMSGAPI 2.20E-06 QMMCMPB QMMEF58 QMMSGAP2 I Event I.DOP:
I o Both E W pumps fail to start and run, or one pump fails while the other is in maintenance. Failures of the motor-driven EFW pump include failure c,f diesel generator 3A to start and run and maintenance unavailability of diesel generator 3A.
I 6.72E-04 1.53E-04 AMMDG3AF QMMEFP2 AMMDG3AF QMMEFP2M 6.55E-05 QMMEFP1 QMMEFP2 5.57E-05 ADGES3AM QMMEFP2 I 1.50E-05 9.26E-06 QMMEFP1 QMMEFP2M AMMDG3AF QMVEF0lM 8.79E-06 QMMEFP2 QMMEFPlM o EFIC steam generator level control fails low due to common mode level instrument calibration error.
1.00E-05 QCMCALBL o Diesel generator 3A fails. Both lines being supplied by the turbine-driven EF'i pump fail due to EFIC control failures.
.g- 1.20E-05 AMMDG3AF QMMSGAP2 QMMSGBP2 3 8.42E-06 AMMDG3AF QMMEF55 QMMSGAP2 8.42E-06
(
AMMDG3AF QMMEF56 QMMSGBF2 5.92E-06 AMMDG3AF QMMEF' QMMEF56 lI II 5-3 I
I I o Following EFIC flow control failure to one control valve, the operators put EFW in manual mode; subsequent failure to control I. EFW flou manually.
9.36E-06 QMMEF55 QMANUALY 9.36E-06 QMMEF56 QMANUALY I 9.36E-06 9.36E-06 QMMEF57 QMANUALY QMMEF58 QMANUALY o EFIC pressure control fails isolating one steam generator. An l EFIC flow control failure disables one flow path to the second I steam generator. Failure of an EFW pump fails flow via the remaining path to the second steam generator.
1.59E-05 QMMCMPA QMMSGBF2 AMMDG3AF 1.59E-05 QMMCMPB QMMSGAP2 AMMDG3AF I 1.12E-05 1.12E-05 QM!ICMPA QMMEF55 QMMCMPB QMMEF56 AMMDG3AF AMMDG3AF 2.34E-06 I
QMMCMPA QMMSGBP1 QMMEFP2 2.34E-06 QMMCMPB QMMSGAPl QMMEFP2 1.65E-06 QMMCMPA QMMEF57 QMMEFP2 1.65E 06 QMMCMPB QMMEF58 QMMZFP2 1.55E-06 QMMCMPA QMMSGBP2 QMMEFP1 1.55E-06 I 1.09E-06 1.09E-06 QMMCMPB QMMSGAP2 QMMEFP1 QMMCMPA QMMEF55 QMMCMPB QMMEF56 QMMEFP1 QMMEFP1 Event LOAC:
I In this event the motor-driven EFW pump is, by definition, unavailable. The majo cut sets are therefore associated with failures of the turbine-driven pump train.
I '
I
, 5..
't
I I o The turbine-driven pump fails or is unavailable.
9.94E-03 QMMEFP2 2.27E-03 QMMEFP2P q 1.37E-04 QMVEF01M o Both lines supplied by the turbine-driven EFW pump fail due to C
-I EFIC pressure or flow control failures.
2.35E-04 QMMCMPA QMMSGBP2 2.35E-04 QMMCMPB QMMSGAP2 1.77E-04 QMMSGAP2 QMMSGBF2 s 1.66E-04 QMMCMPA QMMEF55 1.66E-04 QMMCMPB QMMEF56 1.24E-04 QMMSGAP2 QMMEF55 1.24E-04 QMMSGBP2 QMMEF56 8.76E-05 QMMEF55 QMMEF56
- 5.2 Comparisons to Earlier Brookhaven National Laboratory Study l A direct quantitative comparison of the results reported here and the results contained in NUREG/CR-3081, entitled " Review of the Crystal River Nuclear Generating Station Unit No. 3 Emergency Feedwater System Reliability Analysis" (Reference 5), is not valid since the design of the EW system has I evolved significantly since the earlier study was completed.
qualitative comparisons can be made, however.
Some I o In both studies, a significant contributor to EW unavailability I
for any challenge is the failure or unavailability of both EFW Pumps. ,
o The BNL study cites significant single failures which fail both trains of EW. These are associated with plugging of the suction I valve from the condensate, storage tank water supply or plugging of a manual valve in a section of the recirculation line shared by I
5-5 I
' l
I
.I both pumps. These failure modes are absent in the present study, since the internals of these valves are now removed.
o A very significant failure mode in the BNL study is the failure to initiate EW. The methodology of References 1 and 2 cites a value of 7x10'3 per demand as the failure probability to initiate either pump train. Failure to initiate both trains is therefore 4.9x10- 5 This is the value assumed in the BNL study. (Note that this approach neglects common mode failures which may affect both trains. The BNL study made no attempt to quantify such common j mode failures.)
3 In the present study, the initiation function of EFIC was modeled explicitly with a fault tree and quantified. The contribution of the EFIC initiation function to the failure of either pump train is calculated to be approximately 1.1x10-3 In defense of the relatively large number used in its study, BNL cites that a lower value would be partially offset by the inclusion of failures of automatic control, which were not addressed in the BNL work. The I failure of automatic control has been addressed in this study and, as can be seen in the above discussion of cut sets, is a significant contributor to system unavailability. Its contribu-tion is, however, based on an explicit fault tree model and analysis and not on an assumed quantitative value. Also, the present study includes common mode failures where specific failure modes were identified, e .g. , common mode f ailure due to miscalibration of steam generator level setpoints.
In general, the intent in the system-level EW reliability analysis was to 4- perform the analysis using a m,ethodology which paralleled that cited in NUREG-0611 and NUREG-0635. The major assumptions, e. gl, those regarding the initiating events and the treatment of other plant systems and equipment, were the same as those made by NRC. The two major areas of difference were in the treatment of initiation and control (discussed above) and in the failure data base.
5-6
I The failure data cited in NUREG-0611 and NUREG-0635 is largely based on WASH-1400. Since that study there has been a great deal of effort by the NRC and the nuclear industry to improve the quality of nuclear power plant reliability data bases. The result has been the collection and publication i
g of numerous equipment performance data histories. A large number of these E have been collected and reviewed for applicability to CR-3 as part of the CR-3 PRA. The result is a generic data base for use within the PRA.
Moreover, the PRA effort included a comprehensive review of CR-3 equipment performance data over a five-year period of its operating lifetime. These have been analyzed and integrated with the generic data sources to form a I plant-specific data base. This is the data base for the CR-3 PRA and is the data base used in the present analysis.
In addition, the EW study included a detailed review of plant maintenance records to determine precisely the maintenance unavailability of the EW w pumps during the operating life of the plant. The results of this effort were used in determining the pump maintenance unavailabilities for use in the fault tree analysis. In contrast, the NRC methodology uses a generic approach to maintenance unavailability based on 0.22 maintenance actions per month (one maintenance action per EW pump every 3270 hours0.0378 days <br />0.908 hours <br />0.00541 weeks <br />0.00124 months <br /> of plant opera-
= tion). From the detailed review of actual CR-3 experience, only 6 instances of EW pump maintenance occurred during 33631 of plant operation. The reason for the relatively low frequency of actual maintenance outages of the EW pumps is the CR-3 plant policy of performing routine and nonessential maintenance on the EW pumps only during plant shutdown.
All data used in this analysis are listed in Table 4-1.
5.3 Contribution of Emergenev Feedwater to Overall Core Melt Risk To further examine the CR-3 EIV system, an integral plant evaluation was performed. This effort involved integral plant analysis using the CR-3 PRA 3 model and identifying core damage sequences involving failures of EW and i the decay heat removal function. ,Unlike the system-level analysis, this I
i 5-7 I
I .
I part of the study included major differences in scope and assumptions from those contained in NUREG-0611 and NUREG-0635. These include:
o The PRA model success criteria is avoidance of core damage versus the avoidance of steam generator dryout.
o The FRA model uses a combination of event trees and fault trees, integrated together, to identify and quantify core damage sequences.
o The PRA contains explicit models for EW (and other safety system) suppcrt systems, such as ac power, de power, actuation systems, service water, etc. The effects of failures in these systems are considered in assessing failure modes of the EW system.
o The PRA model considers use of the makeup system in the high pressure injection mode with pressure relief through the PORV as a means for achieving the decay heat removal function if both the main and emergency feedwater systems fail. (Note that this is consistent with the NRC position stated in its SRP.)
o The PRA considers a full spectrum of initiating events, including, 7 but not limited to, the three events prescribed in NUREG-0611 and NUREG-0635.
o The PRA considers human recovery based on individual accident sequences and detailed human reliability analyses.
, The result of the EFW evaluation, based on use of the PRA model, is the identification of accident sequences involving failure of EW and the decay heat removal function.
The overall frequency of core damage calculated in the PRA is 3.7x10-5 per g reactor year. There is only one cut set with a frequency greater than 9 1.0x10
- 7 which involves failure of EFW equipment. This cut set is the
- simultaneous failure of both EW pumps and failure of HPI cooling (loss of
I .
high pressure recirculation). This cut set contributes only 2.3x10-7 per reactor year to the total core damage :!requency.
I There are other accident sequences involving failure of all on-site and off-site ac power sources. If ac power is not restored in these sequences, the EFW system ultimately fails due to loss of control capability for the turbine-driven pump. (The motor-driven EW pump is unavailable due to the I loss of all ec power.) These sequences contribute 8.3x10-6 per reactor year to the total core damage frequency. It should be noted, however, that these sequences do not involve failures of any EW equipment.
5.4 I Conclusions The major conclusion from this study is that the CR-3 E W system is highly rel'iable and capable of performing its safety function. Modifications made to the system during the past several years have significantly enhanced its reliability. Using a methodology comparable to that described in NUREG-0611
'I and NUREG-0635, this study has shown that the EW system, without considera-tion of alternative decay heat removal methods, approaches the NRC's reliability goal of 1x10-4 per demand. The PRA study shows that in a comprehensive analysis of integral plant response, the contribution of E W system failures to overall core damage frequency is small.
l The study does point out the importance of EFW equipment availability in achieving high EW availability. Based on actual plant performance records, l it is clear that plant personnel take appropriate action to ensure the availability of both EFU trains while the plant is at power.
It is essential that this practice continue.
lI l
lI 5-9 I
I
I REFERENCES I 1. " Generic Evaluation of Feedwater Transients and Small Break Loss of Coolant Accidents in Westinghouse Designed Operating Plants,"
NUREG-0611, January, 1980.
- 2. " Generic Evaluation of Feedwater Transients and Small Break Loss of Coolant Accidents in Combustion Engineering Desi5ned Operating Plants,"
NUREG-0635, January, 1980.
3.
I
" Reactor Safety Study: An Assessment of Accident Risks in U.S.
Commercial Nuclear Power Plants," WASH-1400, October, 1975.
- 4. " Emergency Feedwater System Upgrade Reliability Analysis for the g Crystal River Nuclear Generating Station Unit No. 3," Babcock and Wilcox report, June, 1981.
- 5. " Review of the Crystal River Nuclear Generating Station Unit No. 3 Emergency Feedwater System Reliability Analysis," Brookhaven National J Laboratory, NUREG/CR-3081, October, 1983.
- 6. U.S. Nuclear Regulatory Commission Standard Review Plan, 10.4.9 Auxiliary Feedwater System (PWR), NUREG-0800, Revision 2, July,1981.
- 7. Letter from G. R. Westafer (Florida Power Corporation) to Mr. John F.
Stolz (NRC), dated November 18, 1983.
L- .
.I -
l l
l 1
R-1 l
)
lIn
il
.mNm .
3 I EMERGENCY FEEDWATER SYSTEM FAULT TREE
'I I '
E I
I I
I I
3: .
I I '
I l -
I
M M M M .M M M M M M M M W W W W M M M l
! Insufficient Flow l from 1 of 2 EFW Pumps to 1 of 2 Steam Generators l
Q001 1
m I
EFIC Level Control Failure of Flow to EFW Fails Calibrated Low OTSG-A and 0TSG-B Following Overfill h
[ QCMCALBL I
Q002 I
O Failure of Flow to Failure of Flow to OTSG-A OTSG-B i
Q003 Q004 1
l
W M M M M M M M M M M M M M M M Failure of Flow to OTSG-A Q003 th I I Failure of Flow to FWV-44 Low Pressure OTSG-A Fails to Open on Isolates OTSG A Demand
[ QCVFW44N Q005 Q200 I I Failure of Flow Failure of Flow from EFV-58 from EFV-56 0010 0030
W M M M M M M M M M M M M W W M M M Failure of Flow to OTSG-B l
Q004 rh I I Failure of Flow to FWV-43 Low Pressure OTSG-B Falls to Open on Isolates OTSG-B Demand
{
QCVFW43N
! * ' Q250 i 1 Failure of Flow Failure of Flow from EFV-57 from EFV-55 Q050 Q080 l
l l
l l
M&R&R- M&MMMM- '
M- M M EFW Fails Following Overfill Q007
! I Overfill Operator Fails to Event Due to Control EFW EFIC Failure Manually QMANUALY L 0008 rh i ,
OTSG-A Overfill OTSG-B Overfill Due to EFIC Failure Due to EFIC Failure Q016 Q056 fh f%
' ' i i Failure to Control Failure to Control Failure to Control EFV-56 EFV-58 Failure to Control EFV-55 EFV-57
\'
Q032 ~Q Ul2 Q082 Q052
\
mM M M MmMM M M M .M .~ .
-M M . - .
Failure of Flow from EFV-58
\
b th Q010
- I i , ,
Failure of EFV-58 Valves to OTSG- A Insufficient Flow Failure to Control in Aligned Closed from EFP-1 from ETP-1 Failure of EFV-14 EFV-58 in Aligned Closed Position , Fail Closed Position QMMSGAPI Q011 Q100 rS Q013 i
I I I y-EFV- 58 Failure of Vector AC Panel VBDP-8 EFV-58 DC Panel DPDP-5A Aligned Closed Channel A Fails Control Fails Fails Enable QSVEF58X QLBVA00F QMMEF58 A741 D131 l
Failure of EFV-14 in Aligned Closed Posi tion 0013 l l EFV-14 EFV-14 Aligned Closed Fails to Open p QMVEF14X Q014 A
l i i
EFV-14 DC Panel DPDP-80 Failure of Vector i Fails to Open Fails Channel D on Demand Enable
- QMVEF140 QLBVD00F D271 a
M M M M M M M M M M M M M M- M M Failure of Flow A from EFV- 56
/ Y QO30 rh
. i l i I Failure of EFV46 Valves to OTSG- A Insufficient Flow Failure to Control Failure of EFV-11 in Aligned Closed from EFP- 2 from EFP-2 EFV- 56 in Aligned Closed Position , Fall Closed Position 3 QMMSGAP2 O QO31 0032
, Q150 'N 0033 I I I I EFV- 56 Failure of Vector AC Panel VBDP-10 EFV-56 DC Panel DPDP-5B Aligned Cicsed Channel B Fails Control Fails Fails Enable QSVEF56X QLBVB00F QMMEF56 A761 D231
-M -M -M -M M M M M M M M M .M M .
- o Failure of EFV- 11 in Aligned Closed
\ Position Q033
~
EFV- 11 -EFV- 11 Aligned Closed fails to Open P
co QMVEF11X \
~' )
- QO34 m
. i '
! EFV- 11 DC Panel DPDP-8C Failure of Vector Falls to Open Fails Channel C -
on Demand Enable i
'QMVEF11D QLBVC00F _.
D171 -
i i .
I
M M M - M M M M M M - M M M Failure of Flow from EFV-57 i Q050 n
- 1 I i ,
Failure of EFV-57 Valves to OTSG-B Insufficient Flow Failure to Control Failure of' EFV-33 in Aligned Closed from EFP-1 from EFP-1 EFV- 57 in Aligned Closed Position Fall Closed Posi tion
$ Q051 0052 Q100 O Q053 M i i ,
EFV- 57 Failure of Vector AC Panel VBDP-8 EFV-57 DC Panel DPDP-5A Aligned Closed Channel A Fails Control Fails Fails Enable QSVEF57X QLBVA00F QMMEF57 A741 0131 m . _________ _ ____________
1 Failure of EFV-33 in Aligned Closed Posi tion Q053
. I I I EFV- 33 EFV- 33 Aligned Closed fails to Open
> QMVEF33X-o Q054 A
I I
EFV- 33 DC Panel DPDP-8D Failure of Vector Fails to Open Falls Channel D cn Demand Enable QMVEF330 QLBVD00F D271
m m- m- .-
- m m m m m m. -
. m
^
Failure of Flow from EFV- 55 0080 rh
- 1 I g Failure of EFV- 55 Valves to OTSG- B Insufficient Flow Failure to Control in Aligned Closed from EFP- 2 failure of EFV-32 from EFP-2 EFV- 55 in Aligned Closed Position Fall Closed Position QMMSGBP2
, Q081 Q082 Q150 rN 0083 i b I i i i
EFV- 55 Failure of Vector AC Panel VBDP-10 EFV-55 DC Panel DPDP-58 Aligned Closed Channel B Fails Control Fails Fails Enable QSVEF55X QLBVB00F QMMEF55 A761 D231
M- - M MM M- M M M M M M -
- M M M M Failure of EFV-32 in Aligned closed
\ Position Q083 i j EFV-32 EFV-32 Aligned Closed Fails to Open QMVEF32X w
- 4. Q084 to A
i i
EFV-32 DC Panel DPDP-8C Fails to Open Failure of Vector Fails Channel C on Demand Enable QMVEF320 QLBVC00F D171
-M A & M M -M M M M B .M M .M- M .M M - M Insufficient Flow from EFP-1
\
Q100
[N I i 1 ,
Operator Stops 4.16 KV ES Bus Failure of NSCCC Failure of EFP-1 EFP-1 Following 3A Fails Start logic EFIC Failure Q105 A001 Q102 EFP-1 Pump Train Maintenance EFT-2 Failures Faults Unavailable QMMEFP1 QMMEFT2 f%
I I EFP-1 in EFV-2 in Maintenance Maintenance QMMEFPIM QMVEF02M
l ll1 lll l 1l I lli 1 lll ll1 ,
1(l C
I F
E m
o r
f 0 A
l D 7 t 5 ul Q pe nn I n l
a a oh n NC 4
g 0 i c 1 Si Q g
E l f o oL l
eC rI uF l E E i aoA Ft7 2
C I
F E
E m o
r f 0 A
I C 6 t 5 E' 1 P
2 0
1 ul pe nn Q
F Q I n E a c oh fi NC M og o
el r
ut C l r I M ia at FS F
E m
o r
M f A
0
\ 1 t
B 5 5
ul Q pe nn I n !
M l a 3 NC oh a
n g 0 1
ic Q Si M l f o oL g
I eC rI uF M lE i
a oA l
Ft7 C I
F S E m
3 I
f o
r A
\ 0 4
t ul pe nn I n
/ 5 Q
g oh NC a
g -
g >%
l l!ll
E. E EE EE EEEEEE - - W- M- M M. W Operator Stops EFP-1 Following EFIC Failure Q105 i i EFIC Fails to Operator Stops
' Control EFV-57 EFP-1 or EIV-58 '
QMMEFW1Y O
.L Failure to Control
- Failure to Control i EFV-57 EFV-58 0052 Q012 i
j '
m M M M M M M M M M M M M M M M M Insufficient Flow from EFP-2
\
b rN Q150 I I i ,
Operator Stops DC Panel DPDP-8B Failure of Steam EFP-2 Fdllowing Fails Failure of EFP-2 Supply to EFP-2 Start Logic EFIC Failure Q158 D261 Q180 Q152 c'o EFT-2 '
Maintenance EFP-2 Pump Train Unavailable Faults Failures Q151 rN Q155 I
I EFP-2 in EFV-1 in Maintenance Maintenance QMMEFP2M QMVEF01M
W M M M M M M M M M M M M M "
M M Failure of EFP-2 -
Start logic Q152 O
! i ,
Failure of Signal Failure of Signal to EFIC Logic to EFIC Logic 781 7B2 1
Q153 Q154 i
I i I I l 0 No Input from EFIC No Input from EFIC No Input from EFIC No Input from EFIC Channel A Channel C Channel B Channel D l
A A A A
~
Q540 Q560 Q550 1
Q570 9
M M M M M, M M MM MM M M M M M M EFP-2 Pump Train t
Failures
\
Q155 th i -
I Water Enters Steam EFP-2 Pump Train Line in SGTR Event Water Enters Steam Failures Line in Overfill Event QMMEFP2 y Q156 g .,
Q157 I I Steam Generator Operator Fails to Tube Rupture Event Steam Broken OTSG 1
R QSGTRSMY l
l
lll i1 l 1, M
M M
M M
B M G S
T 0
f M I l
o 0 5
3 l
i Q
m f a r M el tl 7
5 e
v Si 1 O
f Q sr re ev M tO n
E n i
r t A een M t ne aiv WLE T G
S O
f o
M \ '
l l
0 0
3 i
f Q
r M O e
v M
e M
M .
M M
M p$
M l l 1
1
) I ll ill ll l llll l l l l1 i! 1 M
M M
~
~
M M
M
- a i
v 8 0 M i l 5 l -
1 3
iV Q fF rE A e W G S
T O
0 0
3 Q
O v -
W f l
l i
o f
W O r
e v
a W
i v
\ i l 5 6
1 0
3 l - Q iV fF W O rE e
v W -
W M ,
W W
W .
I"u W
l llI
g g g g 3 mmW W W M M M M W W W W i
f i
l Overfill via EFV-56 j
I Q301 I
I i j . Failure to Isolate Failure to
- Line from EFP-2 Control EFV-56
- to UTSG A 1
l
, Q302 Q032 i
i .
\
1 1
l )
M M
M E
W .
s m l iA a
FG S
c T i O M gC e
A
- o 5 L t 2 a 3 rl l Q oeo t ns M t e
2 3 cnI ea Vh o a 0 C 0 Ct l2 3 3 o- Q d Q sP cn E I F o
E i a g
t mA oB i L
erg o s rl oe M rfS u
l eO T t nl cnl s i n aio eaa l A VhF i FLt C aG _
FS M \ c T
O r i L
gBe o t a
0 2
3 M r o
reo ons ll Q t nI si ca et eh o sa m '
sl ao ps yI
, VCt B Y c F m ri ot t a am ro l R
V O
U l
et pu Q
OA M
M M
M
?n m
WWWWW - W W W L L M- M-- M--- M MM M M-4 I
t Overfill via i
EFV- 58 i
i Q310 l'
I I I failure to Isolate Failure to Line from EfP-1 Control EFV-58 to OTSG A l
- /
/
! Q311 0012 l
.I i' e l 3 .
i l
1 1
i I
1 i e l
,4 1
}
t 1
M M M M M M M M M M M M M M W W M M M Failure to Isolate Line from EFP-1 to OTSG A Q311 th i
Operator Bypasses Vector Logic Automatic Isolatior l
Channels A and D Fail Q!!UOVRFY 2- Q312
. i i Vector Logic Vector Logic Channel A Fails Channel D Fails to Isolate OTSG A to Isolate OTSG A Q330 Q335
WWWW W W 6 m M M M- M - -
M ~ M- M M.
j Vector Logic l
Channel B Fails Lo Isolate OTSG A Q320 A
i
! Fails AC Panel VBDP- 10 Isolation Channel Fails l B Fails i
l
, QMMVBAI 0231 A751 P
! N '
l l
l l
l
MBBB BMMMBRR- - . M .,M MS - M Vector Logic Channel C Fails g to Isolate OTSG A 9325 rN
' I j
) Falls AC Panel VBDP- 9 Isolation Channel Fails C Fails l
i \
J QMMVCAI D171 A751 P
M .
l l
i I
- l i
g g g g g g m mM M M M M E E E Vector Logic Channel A Fails to Isolate OTSG A 1
Q330 O
I I
DC Panel DPDP-5A OTSG A Fails AC Panel VBDP-8 Isolation Channel Fails s A Fails QMMVAAI
, D131 A741 i ?
i % .
i l
i 1
1 l
I
l 1
{) )l' l 1l lll 1 ll llllllll' 1
1 M P D
B .
V s 1 I
l l 7 ei 7 na A ar P
C A -
M M
s M l i
a A 5 3
3 l
e n
FG Q n c S a i T h g O C M L o.
Det nl oi s I A
D r a V ol l A ia tF M t eo a M cns Gl Q M enI Va S o T s h o Ct GI D M
M M
D 8
M P D
P 1 D 7 I
s 2 l l D
M .
ei na aF P
C D
M M
M ,
?"M M
l\Il ll
jll ll l1 1 l l 1l1.lllll1 1 W
W m
i a
v 7 1 I l 5 5 l - 3 iV Q fF rE D B G
S 0
5 O
e v
T 3 O Q E f o
l l
i r
E f r
e v
O a
E \
i v
l 5 5
0 6
3 l - Q V
m i
fF rE e
v O
D E
D p
e IW e
l l l ,
t i
Overfill via
! EFV- 57 1
i i
Q351 i
i
! I I l
l . Failure to Isolate Failure to I Line from EfP-1 Control EFV-57 l to OTSG B l
l
. Q352 Q052 I"
, a .
i i
W W W W W W K K K K L M. M . M M- M M Failure to Isolate Line from EFP-1
\ to OTSG B Q352 rh 1
Operator Bypasses Vector Logic Automatic Isolatiot .
Channels A and D Fail
. QlIUOVRFY Q353
? i Vector Logic Vector Logic Channel A Fails Channel D Fails to Isolate OTSG B to Isolate OTSG B Q370 Q375
l W W W W W W W W W W W W M- M M-M M M-1
! Overfill via l
EFV-55 1
1 Q360 l
1 I i i j ,
Failure to Isolate Failure to
! Line from EFP-2 Control EFV-55 1
to OTSG B l
l 1
Q361 Q082 I
I I
l l
i i
1
W W W W W W W W W W W W M - M-- M - -M- M-
.l 1
Failure to Isolate Line from EFP-2 to OTSG B i
1 j
Q361
! .O i
a Operator Bypasses Vector logic Automatic Isolatior Channels B and C Fall
{ _
QHUOVRFY i
Q362 p _.,__
U ' I
' Vector Logic Vector Logic Channel B Fails Channel C Fails to Isolate OTSG B to Isolate OTSG B j .
j Q380 Q385
g g g g 3 3 3 3 g M M M M M E E E l
1 Vector Logic Channel A Fails to Isolate OTSG B 1
i i
Q370 l TN l I i
i DC Panel DPDP- SA OTSG B AC Panel VBDP-8 Fails Isolation Channel Fails A Fails QMMVABI D131 A741 P
w
= .
i j
i
,1 i
i i ,
1 1
ABRR M ' R R D D 8 9 9 .8 .M 8 ..M .M M M d
Vector Logli.
Clearinel D Fails a to Isolate OTSG B Q375 n
I i i . .
! DC Panel DPDP- 8D OTSG B AC Panel VBDP- 11 Falls Isolation Channel Fails D Fails l
QMMVDBI l D271 A771 1
. ?
m U1
- I .,
i f
i l
I .
I l
-=~~
s W"
i l
W M M M M M M M M M M M M M M M M M E t
Vector Logic Channel B Falls to Isolate OTSG B Q380 A
I i
! DC Panel DPDP- SB OTSG B - AC Panel VBDP- 10 l Fails isolation Channel Fails j B Fails 1
QMMVBBI D231 A761
?
?
- p.
w 1
4 l
___ _ _ _ _ _ _ _ _ _ _ _m
M M M M M M M M M M M M M. MM M. W W W Vector Logic Channel C Falls to Isolate OTSG B Q385 rh l i j -
} Fails AC Panel VBDP- 9
' Isolation Channel Fails C Fails QMMVCBI 0171 A751
?
O .
6 1
1 MMMKKMKKKQKKM.MMMM M M Operator Stops EFP-2 Following EFIC Failure
\
Q158 i ,
EFIC Fails to Operator Stops Control EFV-55 EFP-2 or EFV-56 QMMEFW2Y Q159 rh h Failure to Control failure to Contro!
EFV-55 EFV-56 I
i Q082 QO32 i.
l I
lj d
h e t s ao E Pl C
y T l B S i
p - B pG G E uS ST O
M M
S m Q am eo t r E Sf E 8 G
3 B S 8 -
T 1 G Oy Q eS l rT E i f p op u0 s
0 5
u ss 2 eS ee Q r rt um l a Pa E ie at wo os l
FS LI m 0 a2 8 e- 1 tP Q E SF f
E oot E
e ry ul l p ip O '
au FS A 2 M G S
- 8 1
Q A
G
\ T Oy eS rT p/ f p l
uO M i op u
s ss ee 0
0 2
eS rt Q r Pa um l l a wo M ie at FS os lI 3 d h e t s g Pl ao C
y l
p-A r
pG T
S
~
g uS ST O
A G
S m M am eo M
Q t r g Sf g
g l
1l1'l'1ll\ll ll ll 1 lllll ll lllI E e t
a l
o1 s -
E IA oe 2
, t n 0 i 2 eL Q r
E l a um ie at FS E
so et E ll v
ai Va F
f C eA V E i -
l Ge R
S eSs M RTo Ol o c wne E tor M A 0
0 e
- 2 r G Q us eS sl rT si M uO s
ss P ea rF A
P M
ee l C rt Ao M P a - r M l Gt Q M wo os Sn To LI OC M \
e n
M /Lt e
i n
nre i
i ev 5 LtE T a
M mwk ada eee t er SFB M
e t
a M l o2 s - n '
IA oe 1 M I tn eL i
0 2
Q r
l a um ie M FS at M
>Eo M
ll ,Ill. 1'
A A A A A M A A B BcM M.M.M MM M M M Failure to Isolate Steam Line A-2
\
O Q201 i
l Main Stop Valves MSV-412 Fail to Close Falls to Close i
i -
MSTTF
! P Q203 l 2 ,
rh l
Failure of Trip MSV-412 Channel 8A Fails to Close on Demand QAVM412D 0210 9
i
l E S E E E E E M M MM ME E E E E E W l
l l
Failure to Isolate Steam Line A-1 l
\
Q202 i
i MSV-411 Main Steam Line A-1 .,
Fails to Close Open Q204 Q205 fh th
? n g .
i MSV-411 Failure of Trip OTSG- A Main Stop Valves Fails to Close on Channel 8A Turbine Bypass Fail to Close Demand Fails Open QAVM411D MSTTF Q210 P090
6 6 6 6 6 S 6 M M M M M M M M M M M M Failure of Trip Channel 8A A
Q210 j n
' i i l ,
AC Panel VBDP- 8 No Input from EFIC Trip Channel 8A Fails No Input from EFIC Channels A and B Fails Channels C and D QMMTL8A p A741 Q211 Q212 O
i l
1 O
M M E M M S W S E M S E E W E M W E W No Input from EFIC Channels A and B
\
b Q211 I
I
. l y
No Input from EFIC No Input from EFIC Channel A Channel B Q213 Q214
, rS rS Failure of Isolatior Channel A Failure of Isolatior Channel B Channel A in Maintenance Channel B in Maintenance QLBPIAAF QLBCHNAM QLBPIBAF QLBCHNBM l
6 6 S S M M M M M M M M M M M M M M E No Input from EFIC Channels C and D Q212 I
. i No Input from EFIC No Input from EFIC '
1 Channel C Channel D 4
Q215 Q216 E '
' I Failure of Isolatf or Channel C Channel C in Maintenance Failure of Isolatior i Channel D Channel D in Maintenance QLBPICAF QLBCHNCM QLBPIDAF QLBCitNDM e
g g g 3 3 g M W M M M E E E E E Low Pressure Isolates OTSG-B AFM Q250 l i l
' Failure to Isolate OTSG-B Pressure i
Steam Line B-1 Failure to Isolate Control Fails Steam Line B-2 QPNCMPB Q251
, Q252
E EE%MEEEERE W m W. m W.
l Failure to Isolate Steam Line B-2 Q251 i l Main Stop Valves MSV-414 Fall to Close Fails to Close l
i
, Q253 i.
~ .
O l l i
Failure of Trip MSV-414 Channel 98 Fails to Close on Demand QAVM4140 Q260
Failure to Isolate Steam Line B-1 Q252 l l l
MSV-413 Main Steam Line B-1 .,
- Fails to Close Open i
~
Q254 Q255
, rN rw I b . '
HSV-413 Failure of Trip OTSG-B Main Stop Valves i
Falls to Close'on Channel 98 Turbine Bypass Fail to Close
] Demand Fails Open QAVM413D MSTTF
! Q260 P700
.l
l l llll . lll llll1l .
l]l C
I FD
_ E mn d
oa r
fB 2
_ n t s ul pe 6
2 Q ,
nn in a
_ NC oh B
9
_ l es nl B
9 L
l ni T aa M hF M
_ p 0
6 i C
p Q
2 r _
i Q T r
_ T' f8 o9 el C re I
un FC l n E ia d ah FC mn oa r
_ l fA t s ul 1
6 2
Q pe nn I n
_ NC oh a
_ 0 1
_ P D
B V 1 l
s 6 ll 7
_ P ei na aF A.
C -
A
_ P ,o.
I ll ll
M M M M M M M M M M M M M M W m W m W No Input from EFIC Channels A and C
\
O Q261-l l I
. I No Input from'EFIC No Input from EFIC
., Channel A Channel C Q263 Q264
, TN rN l '
Failure of Isolatior Channel A Failure of Isolatior Channel A Channel C in Maintenance Channel C i in Maintenance QLBPIABF QLBCHNAM QLBPICBF QLBCHNCM i
i
MM M M M M M M M M M M M M M W W W No Input from EFIC Channels B and D
\
O Q262 i
I l No Input from EFIC No Input from EFIC '-
Channel B Channel D Q265 Q266 fh th
[
Failure of Isolatiot Channel B Failure of Isolatior !
Channel D Channel B in Maintenance Channel D in Maintenance r
i QLBPIBBF QLBCHNBM QLBPIDBF QLBCilNBM
^
l
&&MM & M M M M & & -H-M -M-M O-M 8 No Input Signal from EFIC Channel A
Q540 f%
' i Failure of Initiate Failure of Channel A Logic Channel A Initiation Signals in Maintenance QLBINIAF QLBCHNAM Q541 i l ,
? OTSG-A low Level Main Feedwater OTSG-B' Low Level E Signal LT-25 Pump Trip Signal Signal LT-29 Fails Fails Fails QMMMFPTF Q542 Q543 f% f%
l- 1 y Failures of LT-25 Low Range Level Low Range Level Failures of LT-29 Calibrated liigh Calibrated High QMMLT25 QMMCriBL QMMCALBL QMMLT29
W M M W W W 4 W M M M W W W W m W m W No Input Signal from EFIC Channel A
th Q550 i
i Failure of Initiate Failure of Channel B Logic Channel B Initiation signals in Maintenance QLBINIBF QLBCilNBM Q551 i ! >
P OTSG-A low level Main Feedwater
!", OTSG-B Low Level Signal LT-26 Pump Trip Signal Signal LT-30 Fails Fails Fails QMMMFPTF Q552 rh Q553 th I' i , ,
Failures of LT- 26 Low Range Level low Range Level Calibrated liigh Failures of LT-30 Calibrated liigh QMMLT26 QMMCALBL QMMCALDL QMMLT30
6 4 M 6 6 h 6 M M M M M ..M ..M ._m M . .M .6 No Input Signal from EFIC Channel C
Q560 th I
Failure of Initiate Failure of Channel C Logic Channel C Initiation Signals in Maintenance.
QLBINICF QLBCilNCM Q561 i l i Y OTSG-A Low Level E Main Feedwater OTSG-B Low level Signal LT-27 Pump Trip Signal Signal LT-31 Fails Falls Fails QMMMFPTF Q562 rh Q563 th
't i ,
Failures of LT-27 Low Range Level Low Range Level Calibrated liigh Failures of LT-31 Calibrated liigh QMMLT27 QMMCALBL QMMCALBL QMMLT31
No Input Signal from EFIC Channel A
th Q570 I
Failure of Initiate Failure of Channel D Logic Channel D Initiation Signals in Maintenance QLBINIDF QLBCHNDM Q571
' I
, i 5, OTSG-A low level Main Feedwater m
Signal LT-28 OTSG-B Low Level Pump Trip Signal Signal LT-32 Fails Fails Fails Q572 f% Q573 rh Ii i , ,
Failures of LT-28 Low Range level low Range Level failures of LT-32 Calibrated liigh Calibrated liigh QMMLT28 QMMCALBL QMMCALBL QMMLT32
I l
M M
C l D M e sAe r
e3w i o 1 I
DrP 0 o 3 M ftl oao rr D
set snn oeo lGC M
M l e
s 2
r o
0 t e 0 a i
A r DA e e 3 n c M i f
or G e n a
o nn et li e ra e t A 1 ur san l e M 3 s
0 0
i n ae i
e3i D M a
A FG u
B Ss M El i
Va KF 6 r o
M 1 4
en g t a
ti it r
sa e fi ns ft I
el Gi M l Oi fI n
3 T lF a
o e rt sA sen e3 i
swe M oov LPE D
M M
M M
M M
>>E*
M
(:l >l