Text

____ _ _ _.. _. - _ _

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ ~ ~

~~

~

pg 2 tt i

b

,efl g

UNITED STATES 4

3 NUCLEAR REGULATORY COMMISSION N

W ASHINGTON, D.C. 2066H001 k.....p October 2, 1997 Mr. Nicholas J. Liparulo, Manager Nuclear Safety and Regulatory Analysis Nuclear and Advanced Technology Division Westinghouse Electric Corporation P.O. Box 355 Pittsburgh, PA 15230

SUBJECT:

AP600 AVAILABILITY CONTROLS FOR IMPORTANT NONSAFETY-RELATED SY

Dear Mr. Liparulo:

Westinghouse has evaluated the AP600 nonsafety-related systems as part of a process agreed to between the nuclear industry and the Nuclear Regulatory Commission (NRC) as detailed in SECY-94-084 and commonly referred to as the Regulatory Treatment of Nonsafety-Related Systems (RTNSS).

The goal of the RTNSS process is to provide the staff with insights on the importance of nnnsafety-related systems to the overall safety of the AP600 design and assist the staff in determining what, if any, additional regulatory controls should be applied to RTNSS identified systems. The results of the Westinghouse RTHSS evaluation are primarily described in WCAP-13856, "AP600 Implementation of che Regulatory Treatment of Nonsafety-Related Systems Process," and Chapter 52 of the AP600 probabilistic risk assessment (PRA) on the focused PRA sensitivity study.

As a result of the RTNSS screening process, the only systems which Westinghouse has explicitly iden+1fied as possibly subject to additional regulatory controls were the reactor trip portion of the Diverse Actuation System (DAS) and various systems, structures, and components (SSCs) needed to support mid-loop operation.

The RTNSS process involves using both probabilistic and deterministic criteria to_ (1) determine whether regulatory oversight for certain nonsafety-related

/

systems is needed, (2) identify the risk significant SSCs for regulatory o

oversight (once it is determined that regulatory oversight is decide on an appropriate level of regulatory oversight for the various identified SSCs commensurate with their risk importance. The probabilistic criteria used to achieve these objectives require that the AP6l0 design meet j

the Commission safety goal guidelines for core damage frequency (CDF) and large release frequency (LRF),1.0E-4/ year and 1.0E-6/ year respectively, with no credit for the performance of any nonsafety-related " defense-in-depth" systems for which there will be no regulatory oversight.

In applying these probabilistic criteria, the RTNSS process stresses the importance of account-ing for uncertainties (e.g., in the assumed reliability values for passive system components).

Westinghouse used its AP600 focused PRA model which does not take credit for nonsafety-related systems (exce)t for the norma,l residual heat removal system during mid-loop operation and tie reactor trip portions of the diverse actuation system), and concluded that the calculated CDF and LRF values meet the Commission safety goal guidelines.

However, the staff review found that the issue of uncertainties (e.g., those associated with the assumed reliability values for passive system components) had not been addressed.

9710070374 971002 PDR ADOCK 05200003 A

PDR Ot;.ijM llll!!li,i

I Mr. Nicholas J. Liparulo October 2, 1997 Staff sensitivity studies have shown that the focused PRA results (i.e., the I

CDF and LRF) are sensitive to the reliability values of certain passive system components (e.g., the IRWST check valves) which have uncertainties associated with them. The staff sensitivity studies also show that when more bounding

-reliability values are used to account for uncertainties, the assessed CDF and LRF values do not meet the Comission's safety goal guidelines unless credit is taken for certain nonsafety-related systems. This implies the need for regulatory oversight of certain nonsafety-related systems.

In addition, there are uncertainties-in the thermal-hydraulic ty) assessment of what represents an AP600 success sequence (no(T/H uncertain-core damage) in the focused PRA used to support the Westinghouse RTNSS evaluation. The objective of the T/H uncertainty evaluation is to look at the AP600 PRA success criteria and to determine if, in consideration of the uncertainties involved with the operation of the passive safety systems, sufficient margin exists between the PRA T/H analysis code predictions of core temperatures and the 2200*F PCT core damage criterion used for design basis analyses. This assessment is necessary to provide confidence in the predictions of " success" in the focused PRA.

If the staff concludes that certain focused PRA sequences might actually be failures under conservative T/H analysis, the potential l

exists for either the focused PRA CDF or LRF to exceed the NRC quantitative safety goals due to insufficient margin.

Based on numerous discussions and meetings with the staff, Westinghouse has elected to recommend administrative procedures which would impose some limited reliability / availability controls on risk-significant nonsafety-related SSCs and thereby expedite the staff's review of issues related to the focused PRA and thermal-bydraulic mcertainties.

Westinghouse letter NSD-NRC-97-5236 dated July 16, 1997, proposed "short_ term" availability controls for a select group of AP600 nonsafety-related SSCs which were subsequently incorporated into Revision 15 of the AP600 standard safety analysis report (SSAR). These administrative availability controls will also be included in the AP600 design control document.

In addition, a commitment is included in the SSA R for the COL applicant to develop and implement procedures consistent with the availability controls.

The staff also intends

- to include a provision in the AP600 design certification rule which would make these availability controls binding on an applicant or licensee that refer-enced the AP600 design certification.

The staff has reviewed the proposed administrative controls submitted by Westinghouse letter NSD-NRC-97-5236 and, in general, finds the approach acceptable. However, the staff has some comments and questions which will need to be resolved before the staff can complete its evaluation of the RTNSS controls.

Mr. Nicholas J. Liparulo October 2, 1997 (1)

In a letter to Westinghouse dated June 9, 1997, the NRC stated that the RTNSS administrative controls should include a commitment to satisfy the Maintenance Rule and to establish the availability and reliability performance goals which would be applicable for those SSCs under the COL applicant's implementation of the Maintenance Rule.

The proposed proce-dures do not provide any link to the Maintenance Rule. The discussion in the introductory sections of the short term availability controls, as well as the bases section of each system control procedure, should clarify the relationship between the Maintenance Rule and availability /

reliability for the subject SSCs.

(2)

The BASES sections for most of the administrative availability control procedures cite a minimum availability of 75 percent of the function.

It is not clear what is meant by miDjam availability and if this value relates to maintenance rule performance goals.

It is also not clear if the cited availability applies at a system, train, channel (where applicable), or component level. Although a 75% availability value represents a significant increase in margin for the focused PRA results (since no availability was previously assumed), it does not completely address the staff's uncertainties in the data used in the focused PRA (e.g., software and check valve reliability). The staff's review finds that an averaae f::e1 cycle availability of 90 percent or better is a more realistic performance goal for maintenance rule implementation on these systems. This should be easily achievable.

Based on staff audits and inspections at operating plants, it is rare for any industrial grade SSC to be unavailable more than 15 percent of the time (85 percent availability), and most risk significant SSCs have availabilities greater than 90 percent [over the course of a fuel cycle]. The staff would expect the AP600 defense-in-depth SSCs to perform even better.

Westinghouse should explain how the availability values were determined nd why availability / reliability goals more in-line with operating plant experience and the projected baseline PRA values are not proposed.

(3)

The proposec administrative controls cite availability values but do not provide any reliability values.

Both reliability and availability should be specified for establishing maintenance rule performance goals.

The availability values should be specified in conjunction with a period of time e.g., (90 percent per each fuel cycle), to ensure that there-is no ambiguity in allowable unavailability times. Similarly, reliability values should include number of failures and demands over a period of time.

Some of the SSCs in Table 16.3.2 (e.g., the Passive Containment System Water Storage Tank Makeup, Main Control Room, Instrumentation and Control Room Cooling, AC Power Supplies, and the DC Power Supplies) do not contain any information on reliability and availability assumptions.

Appropriate availability and reliability goals should be provided for these systems.

't

(

t Mr. Nicholas J. Liparulo-October 2, 1997 (4)

For SSCs which cannot be restored to operable status within the speci-fled completion time, Westinghouse states that the COL shall " Document the justification for the actions taken and input provided to 0-RAP in plant records." The meaning and intent of this action statement is unclear.

It appears that Westinghouse might be recommending that'a report be prepared and placed in the plant records that documents the remedial measures implemented to improve long term reliability and availability utilizing established operational reliability assuraace processes such as the maintenance rule or the quality assurance program.

Westinghouse needs to clarify this action.

(5)

The bases for Availability Control 2.8, " Hydrogen Ignitors," states that the hydrogen ignitor system should be available during severe accidents because it provides margin in the PRA sensitivity performed assuming no credit for nonsafety-related SSf,s to mitigate at-power and shutdown events. This is not an adequate basis for the ignitors. A more appropriate basis would be to meet 10 CFR 50.34(f)(2)(ix). The bases should reflect that this system is being provided to safely accomodate hydrogen generated by the equivalent of a 100 percent fuel-clad metal l

water reaction to address the lersons-learned from the accident at Three P.ile Island. The bases should also cover the more important aspcts of the design such as the ability to promote hydrogen burning soon after j

the lower flamability limit is reached by providing at least one ignito-from each group for every zone.

(6)

It is not clear how the minimum availability value relates to the ignitor system operability.

For instance, is the ignitor system considered unavailable if one or more ignitors are inoperable or can multiple ignitors be inoperable as long as 75% of them are available?

To avoid confusion in this area, Westinghouse should provide availabili-t ty goals for the power supplies, each group of ignitors, and each coverage zone. The staff expects availability goals for the ignitor system to be consistent with ignitor systems in operating plants.

Although ignitors in operating plants were installed to meet different regulations, both ignitor systems, AP600's and operating-plants, are designed to promote hydrogen burning soon after the lower flamability limit is reached.

The staff estimates the availability of ignitor systems at operating plants to be greater than 90%.

(7)

Westinghouse states that the ignitor function should be available during MODE I and MODE 2 when core decay heat is high. There are no avail-ability controls in MODES 3 and 4 when decay heat levels can be compara-ble to MODE 2.

Westinghouse should provide a basis for not providing availability controls for the hydrogen ignitors in Modes-3 and 4.

(8)

- The DAS' surveillance requirements on pages 16.3-7 and 16.3-10 recomend that a CHANNEL CHECK be performed at a frequency of once every 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

The staff finds this frequency excessively long since the channel check can be performed by a computer on a per shift basis and does not represent a burdensome task to the control roca operator. The staff considers a channel check of once per 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> to be a more reasonable-frequency.

j

e Mr.' Nicholas J.-Liparulo-

- 5.-

October 2,-1997

'(9)

The definition of CHANNEL CALIBRATION on page 16.3-1 should be revised to delete the 3rd and 4th sentences on RTD calibration.

RTD calibration should. follow-the guidance provided in Chapter 7 of the Standard Review

-Plan and Branch Technical Position HICB-13.

(10) Based on precedent set in the rulemaking process for the evolutionary reactor design certifications, the staff requests that the Design Reli-ability Assurance Program (D-RAP be moved from Chapter 16 of the AP600 SSAR to Chapter 17. This is con)istent with where the D-RAP information s

is located in the evolutionary design SSARs.

(11) Editorial Comments:

. The information:under the Combined License Information section on-page 16.3-4 should be revised to read "... referencing the AP600 L

will develop procedures to control the operability..."

t -

On pages 16.3-7 and 16.3-10, the setpoint for the PRHR HX Actuation signal on SG Wide Range Level-should be in terms of f of span rather than pounds mass.

If you have any-questions regarding this matter, please contact the responsi-ble project manager, Mr. William Huffman, at (301) 415-1141.

Sincerely, original signed by:

Jack W. Roe, Acting Director Division of Reactor Program Management.

Office of Nuclear Reactor Regulation Docket No. 52-003:

cc:. See next page DISTRIBUTION:

See next page DOCUMENT NAME: :A:RTNS-ADM. POL-s Ta seeelve a copy of tede deemment,inesses in tie, ben: *C* a Copy without attaanent/encioeure

't" = Copy with attachnunt/ enclosure

• N* = No copy 0FFICE PM:PDST:DRPM l

D:DSSA M )l (A)D:DE I

0:DRCH l

NAME WCHuffman:M GHoTilian bl Glainas LSpessar m

m.w am, mw.:

ms.d:

OFFICE-0:PDST:DRPM-6 OGC W J!,4 (A)[)198PM NAME

'IRQuay @

t W e i <,uo JWR5 DATE 09/G/97 UD/ri/97 W/'t,/97 0FFICIAL RECORD COPY

• See previous concurrence m

=

Mr. Nicholas J. Liparulo Docket No.52-003 Westinghouse Electric Corporation AP600 cc: Mr. B. A. McIntyre Mr. Russ Bell Advanced Plant Safety & Licensing Senior Project Manager, Programs Westinghouse Electric Corporation Nuclear Energy Institute Energy Systems Business Unit 1776 I Street, NW P.O. Box 355 Suite 300 Pittsburgh, PA 15230 Washington, DC 20006-3706 Mr. Cindy L. Haag Ms. Lynn Connor i

Advanced Plant Safety & Licensing Doc-Search Associates l

Westinghouse Electric Corporation Post Office Box 34 Energy Systems Business Unit Cabin John, MD 20818 Box 355 Pittsburgh, PA 15230 Dr. Craig D. Sawyer, Manager Advanced Reactor Programs Mr. S. M. Modro GE Nuclear Energy Nuclear Systems Analysis Technologies 175 Curtner Avenue, MC-754 Lockheed Idaho Technologies Company San Jose, CA 95125 Post Office Box 1625 Idaho Falls, ID 83415 Mr. Robert H. Buchholz GE Nuclear Energy Mr. Sterling Franks 175 Curtner Avenue, MC-781 U.S. Department of Energy San Jose, CA 95125 NE-50 19901 Germantown Road Barton Z. Cowan, Esq.

Germantown, MD 20874 Eckert Seamans Cherin & Mellott 600 Grant Street 42nd Floor Mr. Frank A. Ross Pittsburgh, PA 15219 U.S. Department of Energy, NE-42 Office of LWR Safety and Technology Mr. Ed Rodwell, Manager 19901 Germantown Road PWR Design Certification Germantown, MD 20874 Electric Power Research Institute 3412 Hillview Avenue Mr. Charles Thompson, Nuclear Engineer Palo Alto, CA 94303 AP600 Certification NE-50 19901 Germantown Road Germantown, MD 20874

TRIBUTION:

ket File PDST R/F Stollins/FMiraglia, 0-12 G18 PUBLIC-BSheron, 0-12-G21 JRoe DMatthews.

TQuay TKenyon BHuffman JSebroksy JNWilson DScaletti JMoore, 0-15 B18 WDean, 0-5 E23 ACRS (11)

-GHolahan, 0-8 E2 SNewberry, 0-8 E2 Glainas, 0-7 D26 LSpessard, 0-9 E4 GMizuno, 0-15 B18

'WBeckner, 0-13 HIS Alevin, 0-8 E23 TCollins, 0-8 E23 JFlack, 0-10 E4 NSaltos, 0-10 E4 HLi, 0-8 H3 MSnodderly, 0-8 H7 EThrom, 0-8 H7 NTrehan, 0-7 E4 DThatcher, 0-7 E4 SBlack, 0-9 Al RCorreia, 0-9 Al FTalbot, 0-9 Al TMarsh, 0-8 Dl-HWalker, 0-8 D1 1

Cli, 0-8 DI CBerlinger, 0-8 H7 I

l

.