ML20236M963
| ML20236M963 | |
| Person / Time | |
|---|---|
| Site: | Mcguire, Catawba, McGuire, 05000000 |
| Issue date: | 11/06/1987 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML20236M931 | List: |
| References | |
| GL-85-06, GL-85-6, TAC-59111, TAC-59112, NUDOCS 8711130352 | |
| Download: ML20236M963 (11) | |
Text
.__ - _- - --
, , m.
i
~
. ENCLOSURE. .I 1
i SAFETY EVALUATION REPORT REGARDING -l COMPLIANCE.WITH ATKS-RULE 10 CFR 50.62 ,
1 MCGUIRE.AND CATAWBA NUCLEAR STATIONS, UNITS l'AND 2 DOCKET NOS.'50-369/370 AND 50-413/414 j
1.0 INTRODUCTION
1 On July 26, 1984, the Code of' Federal Regulations (CFR) was-amended to include Section 10 CFR 50.62, " Requirements for Reduction' of Risk from Anticipated .;
Transients Without Scram (ATWS) Events for. Light-Water-Cooled Nuclear Power Plants (known as the ATWS Rule). The requirements of Section 10 CFR 50.62-apply to all- comercial light-water-cooled nuclear power plants.
An ATWS is an anticipated operational occurrence'(such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that-is accompanied by a !
failure of the Reactor Trip' System (RTS) to shut down:the reactor. . The ATWS 4 Rule requires specific improvements in the ' design' and operation of. commercial i nuclear power facilities to reduce the probability of failure. to shut down the l reactor following anticipated transients and to mitigate the. consequences of !
an ATWS event.
Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants. Equipment, diverse from the RTS, .is required to initiate the auxiliary feedwater. (AFW) system and a turbine trip. l for ATWS events. In response to paragraph (c)(1),' the Westinghouse Owners - '
Group (WOG) developed a set of conceptual ATWS mitigating system' actuation-circuitry (AMSAC) designs generic to Westinghouse. plants.. ' WOG utilizes: , _
Westinghouse Topical Report WCAP-10858, "AMSAC Generic Design' Package," j which provides information on the various designs, q The staff reviewed WCAP-10858 and issued a safety evaluation of.the suoject I topical report on July 7,1986 (Ref.1). In this safety evaluation, the i staff concluded that the generic designs presented in WCAP-10858 adequately.
meet the requirements 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.
During the course of the staff's review of the proposed AMSAC design, the WOG issued Addendum I to WCAP-10858-P-A by-letter dated February 26','1987J(Ref. 3). ]
This Addendum changed the setpoint of the'C-20 AMSAC permissive signal from,70% '
reactor power to 40% power. In addition, for those. plants selecting the feed- ;
water flow or the feedwater pump / valve status logic options, a variable ' delay-R timer is to be incorporated into the AMSAC actuation logics. L0n. August 3, 3 1987, the WOG issued Revision '1 to WCAP-10858-P-A (Ref. 9). which incorporated Addendum 1- changes and provided details.on the variable timer. The staff c considers the Revision 1 changes to be acceptable. '
J
, '8711130352 871106 PDR ADOCK 05000369 <
P- PDR '
j
.. f s
v .. ,
. ~ ,,
j
)
.c ')
)
' Paragraph (c)(6) of the ATWS Rule requires that detailed information to demon-strate compliance with the requirements be submitted to the NRC. In accordance ,
with videdparagraph infonnation~(c)(6) by letterofdated the ATWS Rule.
-January . Duke 233 1987 Power (Ref. 2 Company).(the-licensee)
The letter forwarded pj i the detailed design description of the ANSAC propc'ied Lfor installation at the
' j McGuire and Catawba Nuclear Stations. i The . staff held a con'ference call with the licensee on February ~ 10,1987, to ' I discuss the'AMSAC design. As a result of. the conference call, a request for ;
additional infonnation was sent to the licensee on February 27,1987. (Ref. '.4). : . 3 The licensee responded to the request on April 9,1987. (Ref. 5). The licensee's H response raised additional questions. Therefore, the staff. held a second con- i ference call with the licensee on June 8,1987. This conference call resulted <
in a second request being sent to the licensee on June 17, 1987 (Ref. 6). The.
licensee responded to the second request by-letter-dated June 18,1987-(Ref.7).
Following the release of Revision 1 to WCAP-10858-P-A, the staff discussed. ,
the impact it would have on the licensee's proposed AMSAC design. This discus-sion by conference call with the licensee on October 5, 1987, was followed b another.NRC request for additional information on October 13, 1987 (Ref. 10)y. .
The licensee responded by letter dated October 20, 1987 (Ref. 11).
2.0 REVIEW CRITERIA The systems and equipment required by-10 CFR 50.62 do not have to meet all of the requirements normally applied to safety-related equipment. . However, the.
equipment required by the ATWS Rule should be.of sufficient quality and reli :
ability to perform its intended function while minimizing the potential for transients that challenge other safety systems, e.g., inadvertent scrams.
i The following review criteria were used to evaluate the licensee's.submittals:
- 1. The ATWS Rule, 10 CFR 50.62.
- 2. " Considerations Regarding Systems and Equipment Criteria," ;
published in the Federal Register, Volume 49, No.124, dated 1 June 26, 1984 . j i
- 3. Generic Letter 85-06, " Quality Assurance Guidance for ATWS j Equipment That Is M t Safety Related," April 16, 1985.
4 .. Safety Evaluation of WCAP-10858 (Ref. 1).
- 5. WCAP-10858-P-A, Revision 1 (Ref. 9) 3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATWS event are present, the .
1 licensee has elected to implement the WCAP-10858-P-A AMSAC ' design associated I
1 i
).
l I
y i
l 1
. )
with monitoring the main feedwater (MFW) control and isolation valves position and the main feedwater pump operating status. However, many details and inter-faces associated with the implementation of the final AMSAC design are of a I plant-specific nature. The following paragraphs provide a discussion on com- '
pliance with respect to each of the fourteen plant specific elements in Reference 1 and the deviations frcm the generic WCAP design.
3.1 Plant-So_ecific Elements
- 1. Diversity i l
The plant design should include adequate diversity between the AMSAC ;
i equipment and the existing Reactor Protection System (RPS) equipment. I l Reasonable equipment diversity, to the extent practicable, is required to minimize the potential for common cause failures.
The AMSAC will not use any sensors or components comon to the RPS. The AMSAC logic circuits will be diverse from the RPS in both equipment and design. The switches used to detect pump and valve status will not inter-face with or provide signals to the RPS. Therefore, we find the design acceptable with respect'to diversity.
- 2. Logic Power Supolies Logic power supplies need not be Class 1E, but must be capable of per-
, forming safety functions upon a loss of offsite power. The logic power must come from a power source that is independent from the RPS power supplies.
l The licensee has provided information that verifies that the power i supplies selected for the McGuire and Catawba AMSAC logic circuits will i provide the maximum available independence from the RPS power supplies.
The AMSAC will be powered from non-safety power supplies capable of operating upon a loss of offsite power. From our review of this infor-mation, we find that the logic power supplies meet the above requirements and are acceptable.
- 3. Safety-Related Interface The implementation of ATWS Rule shall be such that the existing Reactor Protection System continues to meet all applicable safety criteria.
- The proposed McGuire and Catawba AMSAC design will have no interfaces with the RPS. Interfaces with safety-related systems such as the Auxiliary Feedwater, Steam Generator Blowdown and Sampling Systems will be designed such that the safety-related system will perform its function coincident with a postulated failure of the AMSAC. .We, therefore, find the design acceptable with respect to interfacing. Refer to item 9 below for more discussion.
- 4. Quality Assurance The licensee shall provide information regarding compliance with Generic Letter (GL) 85-06, "0uality Assurance for ATWS Equipment That Is Not Safety Related."
']
1 l
The 18 criteria of the NRC quality assurance. guidance (GL 85-06) were re- i viewed by the licensee. This resulted in some minor adjustments to the l existing McGuire and Catawba quality assurance programs. These adjustments j incorporated the ATWS equipment's specific requirements into the licensee's )
quality assurance practices and procedures for McGuire'and Catawba. We find j that the licensee has satisfactorily implemented the guidance of GL 85.-06.
- 5. Maintenance Bypasses l
Maintenance bypass indications should be. incorporated into the continuous i indication of bypass status in the control rooms. l The licensee provided information showing how maintenance is accomplished at power. Maintenance which can be performed at power will be accomplished utilizing various equipment such as isolation valves,~ test switches, and sliding link terminals. Continuous indications of maintenance bypasses will be provided in the main control room. The licensee committed to implement a human factors review to ensure the effectiveness of the bypass indications 1 and to ensure that they can be utilized in an efficient and readily under-stood manner. We find that these provisions meet the requirements regarding maintenance and that they are acceptable, subject to completion of the licensee's human factors review.
- 6. Operating Eypasses 4
The operating bypasses should be indicated continuously in the control room. The independence of the C-20 pennissive signal-should be addressed.
, The McGuire and Catawba AMSAC operating bypass will be used to enable-the operators to bring the unit up in power during startup. These operating bypasses will defeat the MFW control valves. status inputs to the AMSAC, as the control valves can modulate into and below the AMSAC'setpoints during l plant startup. A status light will be _provided in the control room' when l
any one of the four MFW control valves is less than 25% open.
Operating bypass controls, including continuous bypass status indication, will be provided in the main control room. The licensee will conduct a i human factors review of the bypass controls consistent with the plant's detailed control room design process.
The C-20 permissive signal will originate from two pressure switches that.
monitor first-stage turbine impulse chamber pressure. This signal will not interface with the RPS.
We find the operating bypass controls and indications and the C-20 per-missive signal to be acceptable, subject to the. satisfactory completion of the licensee's human' factors review.
- 7. Means for Bypassing The means for bypassing shall be accomplished by the use of a permanently installed, human-factored, bypass switch or similar device. Disallowed methods for bypassing mentioned in the guidance should not be utilized.
l -
l
. The licensee's response stated that a control / selector switch with an indicating light will be used at both the McGuire and Catawba Nuclear Stations for the operating bypass function. This switch will be used to manually instate the bypass when the reactor is below 40% power (the C-20 ;
permissive setpoint). The operating bypass will be automatically removed when reactor power increases above the C-20 setpoint. The disallowed methods for bypassing, such as lifting leads, pulling fuses, blocking l relays, tripping breakers, will not be used. Therefore, we. find the means for bypassing to be acceptable.
l
- 8. Manual Initiation ,
l In the plant-specific submittal, the licensee discussed how manual turbine trip and auxiliary feedwater actuation are accomplished by the operator, j The operator uses existing manual controls to perfonn a turbine trip and '
to start auxiliary feedwater flow. These controls were reviewed during l the detailed control room design review. We find the provisions for manual initiation to be acceptable.
- 9. Electrical Independence From Existing Reactor Protection System l l
Electrical independence is required from the sensor output to the final l actuation device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class 1E isolators.
The licensee discussed how electrical independence is to be achieved.
The proposed AMSAC design will have no control devices, power supplies, l or sensors in common with the Reactor Protection System. The existing !
safety systems with which the AMSAC interfaces will be the Auxiliary Feedwater, Steam Generator Blowdown and Sampling systems. These inter-faces will be made by using existing, previously accepted, isolation '
devices. We, therefore, find the design provisions for electrical independence to be acceptable.
- 10. Physical Separation From Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the separation criteria applied to the existing Reactor Protection System are not violated.
The proposed AMSAC design will have no interfaces with the existing Reactor Protection System. Therefore, existing separation between the Reactor Protection System and nonsafety-related circuits will not be violated by the installation of the AMSAC equipment, and the above requirement is met.
- 11. Environmental Qualification The plant-specific submittal should address the environmental qualification of ATWS equipment for anticipated operational occurrences.
The licensee stated that AMSAC equipment at McGuire and Catawba will be located in areas that are considered a mild environment. A mild environ-ment is an environment that would at no time be significantly more severe
4 than the environment that would occur during normal plant operation, including anticipated operational occurrences. Environmental qualifi-cations of electric equipment important to safety located in a mild environment are not included within the scope of 10 CFR 50.49.
- 12. Testability at Power Measures to test the ATWS mitigating system before installation, as well as periodically, are to be established. Testing of the system may be performed with the system in the bypass mode.
The licensee stated that the AMSAC equipment will be tested prior to installation. After installation, the portion of the AMSAC design which uses MFW pump status as an input will be fully testable at power. The MFW pump status signal is generated by the pressure switches monitoring oil pressure on the stop valve control oil line. A selector switch and indicating light will be used to test each pressure switch individually.
The portion of the AMSAC design that utilizes MFW control and isolation valve position as an input will not be fully testable at power. Testing the control and isolation valve limit switches during power would adversely affect the operating status of the plant. This part of the AMSAC design will be tested at each refueling outage. The complete end-to-end testing of the AMSAC system from sensor through final actuation device will be performed with the plant shut down.
The licensee will conduct a human-factors review of the controls and indications used for testing purposes consistent with the plant's detailed control room design process.
We find these testing measures, including the above noted exception, to be acceptable, subject to satisfactory completion of the licensee's human factors review,
- 13. Completion of Mitigative Action The goeslicensee shall and to completion verify)that (1) the protective (2 the subsequent action, return to oncerequires operation initiated, deliberate operator action.
The licensee responded that, once initiated through AMSAC, the completion of mitigating action will be consistent with the existing plant turbine trip and auxiliary feedwater pump trip control circuitry. This circuitry will automatically lock in upon initiation and must be manually reset. The C-20 permissive signal will be electrically latched in place automatically above the 40% power level and will require manual action for reset (unlatched) when the C-?0 signal falls below the 40% power level setpoint.
This latching feature will allow the AMSAC mitigative action to go to completion in the event of a turbine trip and the turbine first stage l
impulse pressure is lost. We find these design provisions for completion '
of mitigative action and return to operation to be acceptable.
i i
l .)
7-1 14 Technical Specifications The equipment required by the ATWS Rule to reduce the risk associated with l
an ATWS event must be desi,gned to perform its functions in a reliable manner.
A method acceptable to the staff for demonstrating that the equipment- 4 satisfies the reliability requirements. of the ATWS Rule would be to pro. 1 vide appropriate AMSAC technical- specifications. Such technical l specifications would include operability and surveillance requirements.-
In its-interim Commission Policy Statement of Technical Specification i
1 Improvements for Nuclear Power Plants [52 Federal Register 3788 February 6,1987), the Commission established a specific set of objective criteria for determining which regulatory requirements and operating.
restrictions should be included in technical specifications. The staff 3 1
is presently rt: viewing ATWS requirements to criteria in this. Policy l Statement to determine whether and to what extent technical specifications l on the ATWS Rule are appropriate.
The licensee's position, by letter dated September 15, 1986 (Ref. 8),
is that the AMSAC requirements do not meet the proposed selection criteria-for items to be. included in technical specifications and, therefore,-should ~
be maintained in administrative 1y controlled documents .other than technical specifications. The licensee would rely. on compliance to Generic- Letter 85-06, " Quality Assurance Guidance 'for ATWS Equipment That 'Is Not Safety-Related," and controlled documents subject to the Duke Power Company manual.c
" Nuclear Production Department Administrative Policy Manual;for' Nuclear '
Stations."
Accordingly, this aspect of the staff review remains open pending' completion of, and subject to the results of, the staff's further review. The staff will provide guidance regarding the technical specification' requirements for AMSAC at a later date.
3.2 Deviations from Generic Design The staff's review of the plant specific submittals revealed that the. licensee is implementing an AMSAC design which deviates' from the approved WCAP. ~ First, the AMSAC response generated by the MFW pump' trip signal . for initiation of the AFW pumps and tripping the main turbine will not be interlocked with any time delay or the C-20 permissive. Thus..upon loss'of the MFW pumps at any power level, the AFW pumps will be started andithe turbine will .be tripped. The' licensee has informed the staff that:the AMSAC design.is consistent with Jthe '
original design bases for the Catawba and McGuire Nuclear Stations which call for ctarting the auxiliary feedwater pumps and tripping ~ the: main ~ turbine.
immediately upon loss of main feedwater. _ This action is anticipatory to low-low steam generator level. Further, the' licensee has stated that the most prudent and conservative approach is to' trip the main turbine upon loss of both MFW pumps to avoid unnecessary depletion of: steam generator inventories and to reduce
~
the amount of relatively cold auxiliary feedwater required to stabilize steam-generator levels. We have reviewed this feature of the design and agree that the licensee's approach is conservative :and,itherefore, ' acceptable.
s[<*
. -Second, the licensee has chosen not to interlock the C-20 permissive with a time delay on de-energization. The C-20 circuitry to be installed at Catawba I and McGuire will electrically latch in above 40 percent reactor power (see Item 13 above). Once latched, it will require deliberate operator action to instate a bypass of the C-20 signal. Such raanual action will be allowed only when the reactor is below the 40 percent power level. Thus, should the first-stage turbine impulse pressure be lost for any ieason, the C-20 permissive will remain latched independent of reactor power, and the AMSAC logic will remain armed at all power levels until the operator manually instates the bypass as discussed above. The incorporation of a C-20 time delay would be redundant to the existing latching feature. Accordingly,.we find the licensee's position acceptable. Administrative procedures'used to direct the operators regarding use of the C-20 permissive when below 40 percent power will be developed by the licensee as part of the nuclear station ]
modification process.
4.0 CONCLUSION
S The staff concludes, pending and subject to ' final resolution of the technical specification issue, that the AMSAC design, as proposed by Duke Power Company for the Catawba and McGuire Nuclear Stations, is acceptable and is in compliance with the ATWS Rule, 10 CFR 50.62, parag'raph (c)(1). Staff conclusion is further subject to the successful completion of certain noted human factors engineering reviews to which the licensee has committed. Until staff review is completed regarding use of technical specifications'for ATWS requirements, the licensee should continue with the scheduled installation and implementation (planned operation) of the ATWS design utilizing administrative 1y controlled procedures.
5.0 REFERENCES
]
- 1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG), " Acceptance for Referencing of Licensing Topical Report," July 7,1986.
- 2. Letter, H. B. Tucker (Duke) to U.S. NRC, "ATWS/AMSAC Design Description," January 23, 1987.
- 3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), " Westinghouse Owners Group Addendum 1 to WCAP-10858-P-A and WCAP-11293-A: AMSAC General l Design Package," February 26, 1987.
4 Letter, D. Hood (NRC) to H. B. Tucker (Duke), " Request for Additional Information Concerning the ATWS/AMSAC Design at the McGuire and Catawba Nuclear Stations," February 27, 1987
- 5. Letter, H. B. Tucker (Duke) to U.S. NRC, "ATWS/AMSAC Design Description," April 9,1987.
l
- 6. Letter, D. Hood (NRC) to H. B. Tucker (Duke), " Request for Additional Information Concerning the ATWS/AMSAC Design at the McGuire and Catawba Nuclear Stations," June 17, 1987.
- 7. Letter, H. B. Tucker (Duke) to U.S. NRC,'"ATWS/AMSAC Design Description," June 18, 1987.
.i
- -g.
8 Letter, H. B. Tucker (Duke) to H. R. Denton (NRC), "McGuire Nuclear l Station Docket Nos. 50-369, 50-370," September 15, 1986. l l
- 9. Letter, R. A. Newton (E0G) to J. Lyons (NRC), " Westinghouse Owners Gro,up l Transmittal of Topical Report WCAP-10858-P-A, Revision 1: AMSAC Generic Design Package," August 3, 1987.
- 10. Letter, K. N. Jabbour (NRC) to H. B. Tucker (Duke), " Request for i Additional Information Concerning the ATWS/AMSAC. Design at the McGuire and Catawba Nuclear Stations," October 13, 1987.
- 11. Letter, H. B. Tucker (Duke) to USNRC, "ATWS/AMSAC Design Review,"
October 20, 1987.
l l
1 1
. , . .- )
l r
Mr.'H. B. Tucker-Duke Power Company McGuire Nuclear Station )
CC: I Mr. A.V. Carr, Esq. Dr. John M. Barry- -
Duke Power Company Department of Environmental Health- ,
P. O. Box 33189 Mecklenburg County i 422 South Church Street 1200 Blythe Boulevard Charlotte, North Carolina 28242 Charlotte, North Carolina 28203-County Manager of Mecklenburg County l 720 East Fourth Street '
Charlotte, North Carolina 28202 . .
Chairman, North Carolina Utilities Conraission i Mr. Robert Gill 'Dobbs Building Duke Power Company 430 North Salisbury Street Nuclear Production Department Raleigh, North Carolina .27602 P. O. Box 33189 4 Charlotte, North Carolina 28242 Mr. Dayne H. Brown, Chief I
Radiation Protection Branch J. Michael McGarry, III, Esq. Division'of Facility Services.
Bishop, Liberman, Cook, Purcell Department of Human Resources and Reynolds 701 Barbour Drive
'1200 Seventeenth Street, N.W. Raleigh, North Carolina 27603-2008 Washington, D. C. 20036 Senior Resident Inspector c/o U.S. Nuclear Regulatory Commission Route 4, Box 529 hunterville, North Carolina 28078 Regional Administrator, Region II U.S. Nuclear Regulatory Commission, 101 Marietta Street, N.W., Suite 2900 .,
'(
Atlanta, Georgia 30323 L. L. Williams Area Manager, Mid-South Area ESSD Projects l Westinghouse Electric Corporation MNC West Tower - Bay 239 P. O. Box 355 Pittsburgh, Pennsylvania 15230 l
l l
Mr. H. B. Tucker Duke Power Company Catawba Nuclear Station )
l cc:
A.V. Carr, Esq. North Carolina Electric Membership Duke Power Company Corp.
422 South Church Street 3400 Sumner Boulevard Charlotte, North Carolina 28242 P.O. Box 27306 Raleigh, North Carolina 27611 J. Michael McGarry, III, Esq.
Bishop, Liberman, Cook, Purcell Saluda River Electric Cooperative. .
and Reynolds Inc. ,
1200 Seventeenth Street, N.W. P.O. Box 929 l Washington, D. C. 20036 Laurens, South Carolina 29360 1 North Carolina MPA-1 Senior Resident Inspector 3 Suite 600 Route 2 Box 179N j 3100 Smoketree Ct. York, South Carolina 29745 .i P.O. Box 29513 I Raleigh, North Carolina 27626-0513 Regional Administrator, Region II !
U.S. Nuclear Regulatory Comission, ,
L.L. Williams 101 Marietta Street, NWe Suite 2900 Area Manager, Mid-South Area l Atlanta, Georgia '30323 "
ESSD Projects Westinghouse Electric Corp.
MNC West Tower - Bay 239 P.O. Box 355 Pittsburgh, Pennsylvania 15230 Mr. Heyward G. Shealy, Chief Bureau of Radiological Health South Carolina Department of Health and Environmental Control 2600 Bull Street Columbia, South Carolina 29201 County Manager of York County 3
)
York County Courthouse Karen E. Long ]
York South Carolina 29745 Assistant Attorney General i N.C. Department of Justice l Richard P. Wilson, Esq. P.O. Box 629 i Assistant Attorney General Raleigh, North Carolina 27602 S.C. Attorney General's Offjce P.O. Box 11549 Spence Perry, Esquire Columbia, South Carolina 29211 General Counsel Federal Emergency Management Agency j Piedmont Municipal Power Agency Room 840 1 100 Memorial Drive 500 C Street .
I Greer, South Carolina 29651 Washington, D. C. 20472 Mr. Michael Hirsch Federal Emergency Management Agency i Office of the General Counsel Room 840 l 500 C Street, S.W.
Washington, D. C. 20472 i
Brian P. Cassidy, Regional Counsel Federal Emergency Management Agency, Region I J. W. McCormach P0CH -l
_ l