Responses to NRC Requests for Additional Information to License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time

ML20236S786
Person / Time
Site:	Hatch
Issue date:	08/23/2020
From:	Gayheart C Southern Nuclear Operating Co
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
NL-20-1000
Download: ML20236S786 (87)
v • d • e

Text

Cheryl A. Gayheart Regulatory Affairs Director 3535 Colonnade Parkway Birmingham, AL 35243 205 992 5316 cagayhea@southernco.com August 23, 2020 Docket Nos.: 50-321 NL-20-1000 50-366 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555-0001 Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Ladies and Gentlemen:

By letter dated July 31, 2020 (Agencywide Documents Access and Management System Accession No. ML20213C715); Southern Nuclear Operating Company (SNC) submitted a license amendment request (LAR) for Hatch Nuclear Plant (HNP) Units 1 and 2.

The proposed changes would revise Technical Specification (TS) 3.8.1, AC [Alternating Current] Sources - Operating, for HNP Units 1 and 2 to provide a one-time extension of the completion time (CT) of Required Action B.4 for Hatch Unit 1 TS and Required Actions B.4 and C.4 for Hatch Unit 2 TS for each Hatch Unit 1 emergency diesel generator (EDG) and the swing EDG from 14 days to 19 days.

By email dated August 19, 2020, the NRC staff provided requests for additional information (RAIs) to support review of the LAR.

The enclosure to this letter provides the SNC responses to the NRC RAIs. Attachment 1 provides revised HNP Units 1 and 2 TS marked-up pages. Attachment 2 provides HNP Units 1 and 2 revised TS clean-typed pages. Attachment 3 provides revised HNP Units 1 and 2 TS Bases marked-up pages. Attachment 4 provides supplemental information to support the response to RAI-5.e. Attachment 5 is the list of compensatory and risk management controls associated with the response to RAI-2. In support of the response to RAI-6, Attachment 6 is a revised LAR Table 4-6, Maintenance Events Prohibited by Procedure.

The conclusions of the No Significant Hazards Consideration and Environmental Consideration contained in the original LAR have been reviewed and are unaffected by this response.

U. S. Nuclear Regulatory Commission NL-20-1000 Page 2 This letter contains no NRC commitments. If you have any questions, please contact Jamie Coleman at 205.992.6611.

I declare under penalty of perjury that the foregoing is true and correct. Executed on the 23rd day of August 2020.

Respectfully submitted, C. A. Gayheart Director, Regulatory Affairs Southern Nuclear Operating Company

Enclosure:

Responses to NRC RAIs Attachments: 1. Revised HNP Unit 1 and 2 Technical Specifications Marked-up Pages

2. Revised HNP Unit 1 and 2 Technical Specifications Clean-Typed Pages

3. Revised HNP Unit 1 and 2 Technical Specifications Bases Marked-up Pages

4. Supplemental Information to Support the Response to RAI-5.e

5. Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP)

Diesel Generator (DG) One-time 19-day Completion Time Allowance

6. Revised LAR Table 4-6, Maintenance Events Prohibited by Procedure cc:

Regional Administrator, Region ll NRR Project Manager - Hatch Senior Resident Inspector - Hatch Director, Environmental Protection Division - State of Georgia RTYPE: CHA02.004

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Enclosure Responses to NRC RAIs to NL-20-1000 Responses to NRC RAIs E-1 NRC RAI TS The NRC staff reviewed the licensees LAR for a One-Time, Risk-Informed CT extension from 14 to 19 days for planned maintenance on three EDGs. The NRC staff noted that the Hatch, Units 1 and 2, marked-up TS pages (Attachment 1 to the LAR) are inconsistent with the recommended style of Standard Technical Specifications, and the proposed changes appear to have potential for misinterpretation by licensee operators and NRC inspectors.

Please clarify the proposed Hatch, Units 1 and 2, TS 3.8.1 marked-up pages to have an appropriate amount of detail and include the following elements:

a. An expiration date for using the extended CT for each EDG;

b. One-time use of the CT extension to 19 days for each applicable EDG, regardless of whether maintenance is completed during the attempt;

c. Conditions when is the EDG 19-day CT is applicable, i.e., EDG cylinder liner replacement overhaul, one EDG at a time;

d. Specify applicable equipment by designation, i.e., EDG 1A, EDG 1B, and EDG 1C.

e. In the affected TS 3.8.1 Required Actions, reference the document that contains the list of all compensatory or risk management actions, explicitly making them requirements (e.g., any Compensatory and Risk Management Actions (CRMAs) in regulatory commitments or TS bases should be consolidated and renamed as CRMAs for easy reference);

f.

The CRMAs must include planned actions for conditions such as when an alternate AC (AAC) power source is inoperable, severe weather is anticipated prior to EDG removal from service or after the EDG maintenance is underway (i.e., proposed TS 3.8.1 required actions B.4.2.1 (Unit 1) and C.4.2.1 (Unit 2) should follow or address discrepancies with BTP 8-8 guidance). Please coordinate the response to this RAI with response to RAI Nos. 2 and 3 below.

g. Per RG 1.177, CRMAs are to be identified and established prior to removing a EDG from service for preplanned maintenance, consistent with the defense-in-depth philosophy. If during the maintenance evolution CRMAs are not followed, the required actions are to be considered not met.

SNC Response to RAI-1

a. An expiration date for using the extended CT for each EDG; The proposed TS have been revised to include a June 30, 2021 expiration date. This expiration date will allow for a reasonable amount of margin in case the last emergency diesel generator (DG) maintenance outage must be delayed due to unforeseen events (e.g. unexpected equipment out of service, unavailability of maintenance personnel, severe weather) while also ensuring SNC completes the maintenance in a timely manner.

to NL-20-1000 Responses to NRC RAIs E-2

b. One-time use of the CT extension to 19 days for each applicable EDG, regardless of whether maintenance is completed during the attempt; The proposed TS for Unit 1 TS 3.8.1 Condition B (One Unit 1 or the swing DG inoperable) includes a Note for Required Action (RA) B.4.2 that limits the use of the optional extended completion time (CT) of 19 days to once per DG. A similar Note is added to Unit 2 TS 3.8.1 Condition C. (See revised TS pages in Attachment 1 to this letter). This Note ensures the optional 19-day CT will not be used more than once for Unit 1 DGs 1A and 1C and for swing DG 1B to perform maintenance or repairs. Please note that Unit 2 Condition B will be entered for the swing DG 1B for each of the three maintenance outages, since the Unit 1 TS will require the swing DG to be inhibited from aligning to Unit 2 during the DG 1A and 1C maintenance outages.

This is no different than current 14-day outages; i.e., Unit 2 TS 3.8.1, Condition B is entered each time a Unit 1 DGs 1A or 1C is removed from service with both units online and the swing DG inhibited from aligning to Unit 2.

c. Conditions when is the EDG 19-day CT is applicable, i.e., EDG cylinder liner replacement overhaul, one EDG at a time; The proposed TS include a Note that limits the use of the optional extended CT to only apply during diesel engine cylinder liner replacement outages for the Unit 1 DGs 1A and 1C, and for swing DG 1B. Should multiple DGs be removed from service concurrently, additional TS 3.8.1 Conditions would be entered as appropriate (e.g., Unit 1 TS 3.8.1, RA F.1 requires restoring all but one Unit 1 and swing DG to operable status with a completion time of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />).

d. Specify applicable equipment by designation, i.e., EDG 1A, EDG 1B, and EDG 1C.

The proposed TS have been revised to specify the Unit 1 DGs correspond to 1A and 1C, and that the swing DG corresponds to 1B.

e. In the affected TS 3.8.1 Required Actions, reference the document that contains the list of all compensatory or risk management actions, explicitly making them requirements (e.g., any Compensatory and Risk Management Actions (CRMAs) in regulatory commitments or TS bases should be consolidated and renamed as CRMAs for easy reference);

The proposed TS have been revised to reference the compensatory and risk management controls that must be established prior to entering the extended DG CT as provided in to this letter. In addition, the TS Bases have been revised to delete the explicit list of compensatory and risk management controls and reference these controls in Attachment 5 of this letter.

to NL-20-1000 Responses to NRC RAIs E-3

f.

The CRMAs must include planned actions for conditions such as when an alternate AC (AAC) power source is inoperable, severe weather is anticipated prior to EDG removal from service or after the EDG maintenance is underway (i.e., proposed TS 3.8.1 required actions B.4.2.1 (Unit 1) and C.4.2.1 (Unit 2) should follow or address discrepancies with BTP 8-8 guidance). Please coordinate the response to this RAI with response to RAI Nos. 2 and 3 below.

Should an additional TS-required AC source become inoperable (e.g. an additional DG or required offsite circuit) the appropriate TS Conditions will be entered (as discussed in the response to RAI-1.c) and the corresponding RAs followed.

As committed to in Attachment 5 of the LAR, the planned DG preventative maintenance overhaul will be removed from the work schedule if a period of severe weather is forecast. This is consistent with the requirement of the SNC on-line configuration risk management program, which states that when periods of severe weather forecasts, grid degradation, or system alert conditions are imminent, maintenance on sensitive or critical equipment must be removed from the work schedule unless deemed necessary by Operations management.

BTP 8-8 provides a list of regulatory commitments the staff expects the licensee to make to extend the DG CT; this BTP does not require the regulatory commitments to be stated or referenced in the TS. Nonetheless, SNC is modifying the proposed TS pages to reference compensatory and risk management controls that must be established prior to entering the extended DG CT as provided in Attachment 5 to this letter. One additional control added in to this letter states Preplanned maintenance on any sensitive or critical equipment will be rescheduled during periods of severe weather forecasts.

g. Per RG 1.177, CRMAs are to be identified and established prior to removing a EDG from service for preplanned maintenance, consistent with the defense-in-depth philosophy. If during the maintenance evolution CRMAs are not followed, the required actions are to be considered not met.

In accordance with TS LCO 3.0.1 and LCO 3.0.2, TS actions do not apply until the required equipment is removed from service. Therefore, it would not be appropriate to include an RA with a Completion Time that applies prior to taking equipment out of service. Other regulatory requirements, such as 10 CFR 50.65, Requirements for monitoring the effectiveness of maintenance at nuclear power plants, govern actions to be taken prior to removing risk significant structures, systems, and components from service for preplanned maintenance.

SNC will continue to comply with the requirements of 10 CFR 50.65(a)(4) and ensure, before performing the DG maintenance activity, that appropriate defense-in-depth and risk management controls are established to manage the increase in risk that may result from extending the DG CT to 19 days. Per the requirements of TS LCO 3.0.2 and TS Section 1.3, if the CRMAs are not met during the extended Completion Time, Units 1 and 2 TS 3.8.1, RA B.4.2.1 and Unit 2 TS 3.8.1 RA C.4.2.1 will require these CRMAs to be reestablished within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. After 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, TS 3.8.1, Condition H would apply requiring the plant to be in Mode 3 within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. This is also described in the proposed TS bases associated with these RAs.

to NL-20-1000 Responses to NRC RAIs E-4 To implement the requirements of 10 CFR 50.65(a)(4), the SNC on-line configuration risk management program requires a risk-assessment to be performed in accordance with this program prior to any planned or unplanned maintenance. Appendix A of this program currently contains the RG 1.177 Tier 2 risk management actions that are required prior to utilizing the 14-day DG CT.

RG 1.177 does not require these Tier 2 CRMAs to be placed in TS and acknowledges that plant procedures can be identified and evaluated to provide reasonable assurance that risk-significant plant equipment outage configurations will not occur when specific plant equipment is out of service. Therefore, the existing requirements per the SNC on-line configuration risk management program meet the intent of this RG and ensure compliance with the requirements of 10 CFR 50.65(a)(4).

to NL-20-1000 Responses to NRC RAIs E-5 NRC RAI Electrical The regulation 10 CFR 50.34 (h), Conformance with the Standard Review Plan (SRP) requires, in part, that for light water cooled nuclear power plant operating licenses docketed after May 17, 1982, shall include an evaluation of the facility against the SRP in effect or six months prior to the docket date of the application. Also, applicants shall identify differences from the SRP acceptance criteria and evaluate how the proposed alternatives to the SRP criteria provide an acceptable method of complying with the Commission's regulations.

NUREG-0800, BTP 8-8, provides guidance, from a deterministic perspective, for reviewing a one-time CT extension request for onsite and offsite power sources. Please discuss the lack of a supplemental AC power source to station emergency buses to compensate for inoperable AC sources that are inoperable during extended AOTs to maintain defense-in-depth of electric power sources available to safely shutdown two operating units in case of abnormal operating event and potential design or beyond design basis events occur.

LAR sections 3.3 and 4.0 states that since two EDGs remain operable during the extended EDG outage, another EDG per unit is available as an additional alternate AC (AAC) power source. Therefore, SNC believes this meets the intent of the position presented in BTP 8-8 that to support the transition to cold shutdown conditions.

a. It is not apparent from the NRC staffs review of the LAR how the licensee addressed the key criteria specified in BTP 8-8, pages 8-8-4 and 8-8-5. Please identify differences from the BTP staff positions and justify the proposed approach and justify an acceptable method of complying with the Commissions regulations and review guidelines.

b. Please identify applicable procedures and key actions to be taken to align the Class 1E buses for both units to achieve cold shutdown using the available operable Hatch, Unit 1, EDGs (Assume Hatch, Unit 1, is in LOOP and Unit 2 in SBO).

c. Please explain whether 1 EDG has the capacity and capability to bring both units in cold shut down if SBO occurs in Hatch, Unit 2, and Hatch, Unit 1, EDG is assumed to have a single failure.

SNC Response to RAI-2

a. It is not apparent from the NRC staffs review of the LAR how the licensee addressed the key criteria specified in BTP 8-8, pages 8-8-4 and 8-8-5. Please identify differences from the BTP staff positions and justify the proposed approach and justify an acceptable method of complying with the Commissions regulations and review guidelines.

SNC considered the NRC staff position specified in BTP 8-8, Onsite (Emergency Diesel Generators) and Offsite Power Sources Allowed Outage Time Extensions, dated February 2012, and addressed the key criteria of the BTP that were applicable to HNP. Many of the criteria provided in BTP 8-8 do not apply to HNP because, as elucidated in the enclosure of the LAR, the objective of BTP 8-8 to avoid a potential extended SBO event during the period of an extended AOT is met with the existing HNP onsite standby emergency AC power sources.

To avoid a misconception, per the HNP SBO analysis, as summarized in Section 8.4.2 of the Unit 2 FSAR and the enclosure to the LAR, any one of the three DGs associated with the to NL-20-1000 Responses to NRC RAIs E-6 blackout unit can be credited as an AAC power source for that unit. The swing DG (i.e., DG 1B) is designated as the AAC for either unit because it represents the most limiting condition in the SBO analysis. However, either of the other two DGs associated with the blackout unit meet the criteria of an AAC source. This represents the current design and licensing basis for SBO coping and HNP compliance with 10 CFR 50.63.

As shown in Figure 2.1-1 of the enclosure to the LAR (pg. E-2) and as described in the HNP FSAR and TS 3.8.1 bases, HNP has five standby emergency DGs; two dedicated DGs per unit (i.e., Unit 1 DGs 1A and 1C and Unit 2 DGs 2A and 2C) and a swing DG (i.e., DG 1B). Except for the swing DG (i.e., DG 1B), the HNP standby emergency AC sources cannot supply power to any adjacent unit 4.16kV ESF bus.

Table RAI-2-1, provided below, indicates the key criteria of the NRC staff position outlined in BTP 8-8 and SNCs approach or justification to these criteria, where applicable.

to NL-20-1000 Responses to NRC RAIs E-7 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-3, 2nd paragraph A supplemental power source should be available as a backup to the inoperable EDG or offsite power source, to maintain the defense-in-depth design philosophy of the electrical system to meet its intended safety function. The supplemental source must have capacity to bring a unit to safe shutdown (cold shutdown) in case of a loss of offsite power (LOOP) concurrent with a single failure during plant operation (Mode 1).

As stated in Sections 3.3 (last paragraph on pg. E-8) and 4.1 (pg E-23, NUREG-0800 2nd paragraph) of the enclosure to the LAR, one DG per unit provides sufficient capacity to bring a unit to safe shutdown (cold shutdown) in case of a LOOP concurrent with a single failure during plant operation (Mode 1). Since two DGs remain operable for each unit during the extended DG outage, at least one DG per unit would be available to support this transition to cold shutdown in the highly unlikely event of a loss of the offsite electrical power system network concurrent with an additional failure of a DG. Therefore, a supplemental power source is not required as a backup to the inoperable EDG, or offsite power source, to maintain the defense-in-depth design philosophy of the electrical system to meet its intended safety function.

to NL-20-1000 Responses to NRC RAIs E-8 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-3, 2nd paragraph The staffs objective of requiring an extra (i.e.,

supplemental) power source for an inoperable EDG or offsite power source is to avoid a potential extended Station Blackout (SBO) event during the period of an extended AOT and to enable safe shutdown (cold shutdown) of the unit if normal power sources cannot be restored in a timely manner.

This criterion is not applicable (NA) for HNP. As shown in Figure 2.1-1 of the LAR and as described in the HNP FSAR and TS 3.8.1 bases, HNP has five standby emergency DGs; two dedicated DGs per unit (i.e., Unit 1 DGs 1A and 1C and Unit 2 DGs 2A and 2C) and a swing DG (i.e., DG 1B). If a LOOP occurs during the period of an extended DG allowed outage time (AOT), at least two DGs per unit would be available to support safe shutdown (cold shutdown) of each unit. Therefore, a LOOP during an extended DG AOT will not result in SBO on either unit even with an additional DG failure on each unit (i.e., one DG per unit remains available to place the associated unit in cold shutdown). Therefore, a potential extended SBO cannot occur. Thus, an extra (i.e.,

supplemental) power source for the inoperable EDG or offsite power source is not required.

8-8-4, 2nd paragraph In order to facilitate approval of an extended AOT for onsite or offsite power source, some licensees have provided a detailed PRA risk-informed evaluation This criterion is met. SNC has provided a risk-informed evaluation in Enclosure, Attachment 4 of the LAR with risk results shown in Section 3.5 (pg. E-17 to E-20) of the enclosure to the LAR.

to NL-20-1000 Responses to NRC RAIs E-9 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-4, 2nd paragraph In order to facilitate approval of an extended AOT for onsite or offsite power source, some licensees have installed commercial-grade diesel generators capable of supplying power to the required safe-shutdown loads on the train removed from service for the maintenance outage.

This criterion is NA for HNP and SNC is not proposing to install an additional commercial-grade diesel generator (DG) as a supplemental AC source. As stated in Sections 3.3 (last paragraph on pg. E-8) and 4.1 (pg E-23, NUREG-0800 2nd paragraph) of the enclosure to the LAR, one DG per unit can, without any load shedding, supply loads necessary for safe shutdown from 100% power to cold conditions within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> following a LOOP.

Since two DGs remain operable for each unit during the extended DG outage, at least one DG per unit would be available to support this transition to cold shutdown in the highly unlikely event of a loss of the offsite electrical power system network concurrent with an additional failure of a DG. Therefore, a supplemental power source is not required during an extended DG outage and the objective of BTP 8-8 to avoid a potential extended SBO event during the period of an extended AOT is met with existing HNP onsite standby emergency AC power sources.

to NL-20-1000 Responses to NRC RAIs E-10 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-4, 2nd paragraph For existing Class 1E EDGs to qualify as a supplemental AC source in the adjacent unit (provided with cross-connection within the same division of loads) for extending the AOT, the EDGs must have excess capacity to meet their units LOOP safe shutdown loads (without load shedding) while complying with the single failure criteria, and have spare capacity to support the other unit in maintenance to bring the plant to cold shutdown without any load shedding.

This criterion is NA for HNP. Except for the swing DG (i.e.,

DG 1B), the HNP standby emergency DG design provides independent emergency AC sources (i.e., DGs) and these standby emergency AC sources cannot supply power to any adjacent unit 4.16kV ESF bus. Therefore, SNC is not proposing to utilize the adjacent unit DGs as a supplemental AC source.

to NL-20-1000 Responses to NRC RAIs E-11 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-4, 3rd paragraph The permanent or temporary power source can be either a diesel generator, gas or combustion turbine, or power from nearby hydro units. This source can be credited as a supplemental source, that can be substituted for an inoperable EDG during the period of extended AOT in the event of a LOOP, provided the risk-informed and deterministic evaluation supports the proposed AOT and the power source has enough capacity to carry all LOOP loads to bring the unit to a cold shutdown.

This criterion is NA for HNP. SNC is not proposing to install a permanent or temporary power source as a supplemental AC source. As stated in Sections 3.3 (last paragraph on pg. E-8) and 4.1 (pg E-23, NUREG-0800 2nd paragraph) of the enclosure to the LAR, one DG per unit can, without any load shedding, supply loads necessary for safe shutdown from 100% power to cold conditions within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> following a LOOP. Since two DGs remain operable for each unit during the extended DG outage, at least one DG per unit would be available to support this transition to cold shutdown in the highly unlikely event of a loss of the offsite electrical power system network concurrent with an additional failure of a DG. Therefore, a supplemental power source is not required during an extended DG outage and the objective of BTP 8-8 to avoid a potential extended SBO event during the period of an extended AOT is met with existing HNP onsite standby emergency AC power sources.

8-8-4, 4th paragraph Multi-unit sites that have installed a single AAC power source for SBO cannot substitute it for the inoperable diesel when requesting AOT extensions unless the AAC source has enough capacity to carry all LOOP loads to bring the unit to a cold shutdown as a substitute for the EDG in an extended AOT and carry all SBO loads for the unit that has an SBO event without any load shedding.

This criterion is NA for HNP. The HNP electrical design does not include a single AAC power source installed for SBO coping. As stated in Unit 2 FSAR Subsection 8.4.2.2 and restated in Enclosure, Section 3.3 of the LAR (SBO section 2nd paragraph pg. E-10), for the blackout unit with a DG in an extended outage period on the adjacent unit, the two remaining DGs may be credited as an AAC source for SBO coping. To represent the most limiting condition, the swing DG is typically designated as the AAC power source for either unit. When the swing DG is not available, either of the two unit DGs may be used as the AAC.

to NL-20-1000 Responses to NRC RAIs E-12 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-4, 4th paragraph The staff believes that relying on a single AAC power source for an SBO in one unit and an inoperable EDG in the adjacent unit erodes the defense-in-depth aspects of the plant's design and operation and thereby reduces the safety margins due to a planned extended AOT.

This criterion is NA for HNP. As stated in Unit 2 FSAR Subsection 8.4.2.2 and restated in Enclosure, Section 3.3 of the LAR (SBO section 2nd paragraph pg. E-10), for the blackout unit with a DG in an extended outage period on the adjacent unit, the two remaining DGs may be credited as an AAC source for SBO coping. Therefore, HNP does not rely on a single AAC power source for an SBO in one unit and a plant shutdown and cooldown in the adjacent unit.

8-8-4, 5th paragraph For some boiling water reactors, the Division III diesel generator (High Pressure Core Spray Pump (HPCS) diesel generator) may be used as a supplemental AC source. The staff has determined that the HPCS diesel generator can be considered a supplemental AC source provided cross-connect capability exists so that the HPCS diesel generator can be cross-connected to either Division I or Division II AC buses to power safe-shutdown loads.

This criterion is NA for HNP. HNP electrical design does not include a HPCS DG.

to NL-20-1000 Responses to NRC RAIs E-13 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-4, 6th paragraph and 8-8-5, 1st paragraph For plants using AAC or supplemental power sources discussed above, the time to make the AAC or supplemental power source available, including accomplishing the cross-connection, should be approximately one hour to enable restoration of battery chargers and control reactor coolant system inventory.

The availability of AAC or supplemental power source should be verified within the last 30 days before entering extended AOT by operating or bringing the power source to its rated voltage and frequency for 5 minutes and ensuring all its auxiliary support systems are available or operational. To support the one-hour time for making this power source available, plants must assess their ability to cope with loss of all AC power for one hour independent of an AAC power source. The plant should have formal engineering calculations for equipment sizing and protection and have approved procedures for connecting the AAC or supplemental power sources to the safety buses.

This criterion is NA for HNP. As stated in Unit 2 FSAR Subsection 8.4.2 and restated in Enclosure, Section 3.3 of the LAR (SBO section 1st and 2nd paragraphs on pg. E-10), the HNP SBO analysis credits the swing DG (DG 1B) or one of the unit DGs (e.g.,

DG 2A or 2C for an SBO on Unit 2). Each of the HNP standby emergency DGs meet the minimum requirements as an AAC power source as specified in the referenced BTP 8-8 paragraphs. For the blackout unit, the swing DG is conservatively designated as the AAC power source and can be initiated within one hour to the blackout unit when the diesel loading margins are met. When the swing DG is not available, either of the two unit DGs (i.e., those associated with the blackout unit) are credited as an AAC. The SBO analysis shows that the plant can successfully cope with an SBO event for the required 4-hour duration with no impact on the availability of the required safety-related equipment. Also, as stated in Enclosure, Section 3.3 of the LAR (SBO section 2nd paragraph (pg. E-9)), SBO flow charts and associated procedures provide instructions for coping with an SBO or an extended loss of all AC power. This represents the current design and licensing basis for SBO coping and HNP compliance with 10 CFR 50.63. These coping methodologies are not changed by the proposed one-time extension of the completion time to restore a Unit 1 DG or swing DG.

to NL-20-1000 Responses to NRC RAIs E-14 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-5, 2nd paragraph The EDG or offsite power AOT should be limited to 14 days to perform maintenance activities.

This criterion is not met. SNC acknowledges that this LAR is beyond the scope of BTP 8-8 and, instead, the LAR follows the guidance of SRP Sections 16.1 and 19.2. Chapter 16.1 of the SRP states that licensees submitting risk information should address each of the principles of risk-informed regulation addressed in RG 1.177. Sections 3.3 and 3.4 of the LAR enclosure address the key principles outlined in RG 1.177.

Please note, the requested license amendment change is not a permanent change but rather an optional one-time completion time extension, for the purposes of providing schedule margin for reasons stated in the LAR. SNC will make every attempt to complete the required maintenance and repairs in the current technical specification completion time of 14 days.

8-8-5, 2nd paragraph The licensee must provide justification for the duration of the requested AOT (actual hours plus margin based on plant-specific past operating experience).

This criterion is met. Justification for the duration of the requested AOT (actual hours plus margin based on plant-specific past operating experience) was provided in Section 2.3, including Table 2.3-1, to the enclosure of the LAR.

8-8-5, 2nd paragraph An EDG or offsite power AOT license amendment of more than 14 days should not be considered by the staff for review.

This criterion is not met. SNC acknowledges that this LAR is beyond the scope of BTP 8-8. Please note, the requested license amendment change is not a permanent TS change but rather an optional one-time completion time extension, for the purposes of providing schedule margin for reasons stated in the LAR. SNC will make every attempt to complete the required maintenance and repairs in the current technical specification completion time of 14 days.

to NL-20-1000 Responses to NRC RAIs E-15 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-5, 3rd paragraph The TS must contain Required Actions and Completion Times to verify that the supplemental AC source is available before entering extended AOT. The availability of AAC or supplemental power source shall be checked every 8-12 hours (once per shift). If the AAC or supplemental power source becomes unavailable any time during extended AOT, the unit shall enter the LCO and start shutting down within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. This 24-hour period will be allowed only once within any given extended EDG AOT.

This criterion is NA for HNP. SNC demonstrated, as discussed in Sections 3.3 and concluded in Section 4.1 of the enclosure to the LAR that a supplemental power source is not required during an extended DG outage and the objective of BTP 8-8 to avoid a potential extended SBO event during the period of an extended AOT is met with existing HNP onsite standby emergency AC power sources.

8-8-5, Bulleted List Additionally, the staff expects that the licensee will provide the following Regulatory Commitments:

This criterion is met. Attachment 5 of the enclosure to the LAR provides regulatory commitments and include the items listed in the BTP except for specific items that are not applicable or are explicitly specified in the proposed TS actions.

8-8-5, Bulleted List (continued)

The extended AOT will be used no more than once in a 24-month period (or refueling interval) on a per diesel basis to perform EDG maintenance activities, or any major maintenance on offsite power transformer and bus.

Not applicable to this LAR. As stated, in the LAR cover letter and the enclosure to the LAR, the request is for a one-time extended AOT. Note 2 to the proposed B.4.2 actions specified in Unit 1 TS 3.8.1 states that the actions are applicable once per DG and the proposed TS bases explains that B.4.2 actions are only applicable one time for each DG because they are only approved for one-time use.

to NL-20-1000 Responses to NRC RAIs E-16 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-5, Bulleted List (continued)

The preplanned maintenance will not be scheduled if severe weather conditions are anticipated.

Commitment No. 4 in the LAR.

8-8-5, Bulleted List (continued)

The system load dispatcher will be contacted once per day to ensure no significant grid perturbations (high grid loading unable to withstand a single contingency of line or generation outage) are expected during the extended AOT.

Commitment No. 2.d in the LAR.

8-8-5, Bulleted List (continued)

Component testing or maintenance of safety systems and important non safety equipment in the offsite power systems that can increase the likelihood of a plant transient (unit trip) or LOOP will be avoided. In addition, no discretionary switchyard maintenance will be performed.

Commitment Nos. 2.a, 2.b, and 2.c in the LAR.

to NL-20-1000 Responses to NRC RAIs E-17 Table RAI-2-1, BTP 8-8 Key Criteria as Addressed in HNP LAR BTP 8-8

Page, Paragraph BTP 8-8 Key Criteria SNC Approach or Justification 8-8-5, Bulleted List (continued)

TS required systems, subsystems, trains, components, and devices that depend on the remaining power sources will be verified to be operable and positive measures will be provided to preclude subsequent testing or maintenance activities on these systems, subsystems, trains, components, and devices.

Commitment Nos. 2.h and 2.i in the LAR.

8-8-5, Bulleted List (continued)

Steam-driven emergency feed water pump(s) in case of PWR units, and Reactor Core Isolation Cooling and High Pressure Coolant Injection systems in case of BWR units, will be controlled as protected equipment.

Commitment No. 2.g in the LAR.

to NL-20-1000 Responses to NRC RAIs E-18

b. Please identify applicable procedures and key actions to be taken to align the Class 1E buses for both units to achieve cold shutdown using the available operable Hatch, Unit 1, EDGs (Assume Hatch, Unit 1, is in LOOP and Unit 2 in SBO).

As shown in Figure 2.1-1 of the enclosure to the LAR (pg. E-2) and as described in the HNP FSAR and TS 3.8.1 bases, HNP has five standby emergency DGs; two dedicated DGs per unit (i.e., Unit 1 DGs 1A and 1C and Unit 2 DGs 2A and 2C) and a swing DG (i.e., DG 1B). Except for the swing DG (i.e., DG 1B), the HNP standby emergency AC sources cannot supply power to any adjacent unit 4.16kV ESF bus. As a result, there are no applicable procedures and key actions to be taken to align the 4.16kV Class 1E buses for both units to achieve cold shutdown using the available operable Hatch, Unit 1, EDGs.

c. Please explain whether 1 EDG has the capacity and capability to bring both units in cold shut down if SBO occurs in Hatch, Unit 2, and Hatch, Unit 1, EDG is assumed to have a single failure.

HNP does not credit a Unit 1 DG to support a shutdown and cooldown of Unit 2 in an SBO on Unit 2. As stated in Unit 2 FSAR Subsection 8.4.2 and restated in Section 3.3 of the enclosure to the LAR (SBO section 1st and 2nd paragraphs on pg. E-10), the HNP SBO analysis credits the swing DG (DG 1B) or one of the unit DGs as an AAC for the blackout unit (e.g., DG 2A or 2C for an SBO on Unit 2). This represents the current design and licensing basis for SBO coping and HNP compliance with 10 CFR 50.63. Therefore, a single Unit 1 DG is not required to have the capacity and capability to bring both units in cold shut down if an SBO occurs in Hatch Unit 2, and Hatch Unit 1, EDG is assumed to have a single failure.

to NL-20-1000 Responses to NRC RAIs E-19 NRC RAI Electrical The licensee states, There are no specific risk management controls to be maintained for DG 1A or the swing DG during the extended Completion Time period. The following risk management control must be established for DG 1C and maintained during the extended Completion Time period:

No discretionary maintenance or testing, including fire protection surveillances, will be scheduled on any equipment in the cable spreading room during the extended completion time and access will be limited to fire watches, on-shift operations personnel; and security personnel for the purposes of required area surveillance and inspection.

Please explain why EDGs 1A and 1B do not require risk management controls. Also, please clarify whether TS required surveillance tests need to be deferred. If deferred, please clarify SNC actions.

SNC Response to RAI-3 As summarized on page A4-35 of the LAR, Division 2 electrical equipment, supported by DG 1C, is the primary fire safe shutdown path for fires in the cable spreading room. Tables 4-8 and 4-12 of the LAR show the 1A and 1B diesels do not have significant risk contributions from fires and as such would not benefit from the cable spreading room or other fire area restrictions.

Overall risk for the 1A and 1B diesels is below the RG 1.177 risk levels requiring additional compensatory measures.

Any surveillances requiring access to the cable spreading room that may come due during the DG 1C scheduled time frame will be done early to prevent conflicts. No deferrals of TS requirements are forecast for these evolutions.

to NL-20-1000 Responses to NRC RAIs E-20 NRC RAI Electrical The NRC staff noted that NRC Inspection Report dated August 5, 2020 (05000321/2020002 and 5000366/2020002; ADAMS Accession No. ML20218A205), identified a non-cited violation regarding water intrusion in the 1A fuel oil storage tank. Please provide a brief summary of the EDG operating experience and corrective actions taken for the last 10 years, including actions the licensee took to prevent water intrusion in the remaining EDGs for both units as a result of the above NRC inspection finding. Also, please confirm whether Hatch EDGs meet the minimum target reliability of 0.95. Please confirm actions to manage water intrusion (potential common-cause failure) prior to and during the EDG outages.

SNC Response to RAI-4 Regarding the 1A EDG water intrusion event, an extent of condition was carried out on the remaining EDGs by inspecting and confirming that the four other EDG (1B, 1C, 2A, 2B) fuel oil storage tank (FOST) manways contained no standing water or water intrusion of any type, and by sampling the remaining EDG day tanks for water intrusion. The sampling indicated no water intrusion into those day tanks. Other possible sources of water intrusion were investigated, and it was determined that the water intrusion into the 1A EDG FOST was isolated to its relationship to the cable pull box for the 1A EDG and not ground water from another source or leak. The source of the water into the pull box was a broken underground sanitary pipe.

Therefore, it has been concluded that this condition was limited to the 1A EDG.

Corrective actions associated with water intrusion into the 1A EDG fuel tank included emptying and cleaning its FOST and day tank and this was followed with satisfactory inspections of both tanks confirming tank integrity and assuring no degradation and no water intrusion.

Actions SNC has taken, or is taking, to prevent and address water intrusion in the EDGs include:

An extent of condition to inspect the FOST manway drain holes on the 1B, 1C, 2A and 2C EDGs; with the drain holes to be found in satisfactory condition.

Confirmation that all pull box conduit penetrations are sealed for each EDG.

Calibration of the day tank water detection devices for the EDGs.

Creation of a new 6-month repetitive task to inspect/check/calibrate the EDG day tank water detection devices.

Creation of a new 6-year repetitive task to inspect and clear/clean/vacuum all EDG FOST manway drain/weep holes.

Purchase of a water removal device for the EDG FOSTs.

Preventive maintenance to have the FOSTs checked monthly for water.

Preventive maintenance to check the day tanks monthly (one day after each EDG surveillance) for water.

Visual inspection of all EDG FOST manways for water intrusion has now been incorporated into Operations daily rounds.

to NL-20-1000 Responses to NRC RAIs E-21 Water detection devices are installed on each day tank.

Chemistry samples each day tank and FOST quarterly.

Chemistry samples tanker trucks for water content in the diesel fuel as it is delivered to the site.

The FOSTs and days tanks have 10-year preventive maintenance to drain the tanks, clean them, and internally inspect them.

Hatch EDG FOSTs and day tanks water sampling are trended by Hatch Chemistry and the EDG System Engineer (monthly) for early identification of adverse trends related to water intrusion into the EDG fuel system. If an adverse trend is identified, the information from trend data analysis can assist in determining if any FOST or day tank inspections or work should be performed during upcoming EDG system outages.

These actions will continue to be in place prior to and during (as applicable) the EDG liner replacement outages. Additionally, during the outage, the fuel filters will be visually inspected for indications of water intrusion, as well as for microbial growth and particulates.

In regard to the EDG minimum target reliability of 0.95, SNC has calculated the minimum reliability of each EDG (1A, 1B, 1C, 2A, 2B) using data from the INPO database for Reactor Oversight Process (ROP) reporting per NEI 99-02 using starts and load run demands as defined by NEI 99-02 for the 36-month period ending June 2020. SNC confirms all EDGs exceed the minimum target reliability of 0.95.

Brief Summary of Significant Operating Experience and Corrective Actions Over the Last Ten Years The Hatch EDG main fuel oil storage tanks (FOSTs) and day tanks are open vented systems which allows Hatchs EDG fuel system to be predisposed to ambient conditions where water enters fuel storage systems through tank vents, but unlike particle contamination, water is not necessarily driven by the level of fuel in the tank, but rather by fluctuations in environmental conditions like temperature and humidity. Although predisposed to ambient conditions, it must be noted that Hatchs FOST vents are enclosed within missile protection barriers and are not directly exposed to weather conditions, and the Hatch day tank vents are inside the EDG building with each end of the EDG building an open grid-type wall to the outside environment.

A contributing factor for water in diesel fuel is related to the operation of the diesel engines themselves. In diesel engines, the temperature change comes from hot diesel fuel returning to the tank after being used to cool the injectors. Injectors get hot due to their tremendous pressures. The engine uses diesel fuel circulated from the tank to dissipate some of this heat.

The now-hot fuel is then circulated back to the fuel tank. This temperature difference causes water condensation. Also, Hatch used a low percentage of biodiesel (as does the industry) and an ultra-low sulfur fuel (ULSF). The common practice of blending low levels of biodiesel in conventional diesel also accelerates water problems, as biodiesel is hygroscopic and migrates toward any water presence in the fuel.

Another reason for increased water in todays diesel fuel is the fact that, in ultra-low sulfur diesel, the loss of naturally occurring lubricants must be compensated with lubricity additives to protect the moving components of the engine that rely on fuel as a lubricant. These lubricity to NL-20-1000 Responses to NRC RAIs E-22 additives increase fuel surfactancy, which has an unintended effect of increasing the stability of water trapped in fuel. This basically means that adding of lubricity agents to diesel fuel makes it easier for water to become emulsified in that fuel.

Other than addressing and mitigating expected accruement of water due to condensation, in general Hatch has not had detrimental water issues with its EDGs with the exceptions of: (1) the 2018 microbial issue; and, (2) the water intrusion of the 1A EDG FOST this year (2020).

The 2018 event is where microbes clogged the 2A EDG duplex fuel filters causing high differential pressure and low fuel pressure to the engine. This resulted in the 2A EDG being shut down during its monthly surveillance and resulted in a run failure. The recent 1A EDG FOST water intrusion occurred due to an underground sanitary pipe leaking water into the cable pull box for the 1A EDG which allowed water to leak into the 1A EDG FOST manway. This event did not result in an EDG failure, but the 1A EDG was taken out of service for maintenance activities to drain and remove water from the FOST and day tank.

Corrective actions and lessons learned from these events are in place at Hatch. Hatch EDG FOSTs are visually inspected daily for water intrusion and the FOSTs and day tanks are sampled for water quarterly (this will soon be moving to monthly sampling). If water is found outside the acceptance criteria, a CR is written for documentation and site notification. The sample is sent off-site for microbial analysis, water is removed (as well as any microbes) from the tank and the tank is retreated with biocide. Hatch EDG FOST and day tank water sampling is trended by Hatch Chemistry and the EDG System Engineer for early identification of adverse trends related to water intrusion into the EDG fuel system.

The day tank water detection devices are being put on a six-month preventive maintenance schedule for inspection and calibration to assure reliability. Chemistry samples tanker trucks for water content in the diesel fuel as it is delivered to the site. FOST manway drain holes will be inspected every six months as well as be put on a six-year preventive maintenance schedule to inspect and clean.

Hatch has recently purchased a portable water removal device that will be used to remove water from the EDG FOSTs more efficiently. The FOSTs and day tanks have ten-year PMs to drain, inspect and clean; and during EDG system outages the EDG fuel filters are visually inspected for water intrusion and any actions that will possibly need to be taken during the outage regarding the fuel filter inspection results will be determined at that time (with contingency work orders already in place). In addition, EDG parameters such as fuel levels, lube oil samples, fuel samples, jacket water sampling, temperature trends, etc., are monitored regularly for the Hatch EDGs and these trends can be used to help identify possible water intrusion.

to NL-20-1000 Responses to NRC RAIs E-23 NRC RAI Risk - Recovery Credit The license amendment request (LAR) describes that an Application Specific Model (ASM) was created for this application from the model of record (MOR) and included a number of changes to the model. Table 4-3 in LAR Attachment 4 compares the results from the ASM compared to the MOR and shows a 24-percent decrease in core damage frequency (CDF) for internal events, 32.58-percent decrease in CDF for internal flooding, and a 7.68-percent decrease in CDF for fire probability risk assessment (PRA). Similar changes are summarized for the large early release frequency (LERF). The LAR attempts to describe the changes to the ASM, which include, among others, (1) changes for crediting recovery of offsite power, (2) adding credit for recovery of emergency diesel generator (EDG) failures, with a failure probability of 0.4 in the internal events and internal flooding PRA; and (3) added operator action in the fire PRA to secure an EDG of loss of Plant Service Water (PSW) resulting from a fire in compartment 1101J, that results in flow diversion of the PSW and loss of cooling to the EDG (OPHE-REC-PSW-F).

Section on Risk Insights in LAR Attachment 4 states that cut sets and importance measures were reviewed to identify risk contributors. The LAR identified that recovery of offsite power, and conditional loss-of-offsite power (LOOP) probability are significant risk contributors for both the internal events and the fire PRA. Additionally, the LAR identified that failure to recover an EDG start or output breaker failure was risk significant for the internal events PRA. It is not apparent whether recovery of offsite power is credited in the fire PRA, as the LAR Section Fire Model Logic Changes appears to imply that no credit is taken for offsite power recovery in the fire PRA.

Additionally, Section on Identification of Key Assumptions in LAR Attachment 4 indicates recovery of offsite power, consequential LOOP probability and EDG recovery as key sources of model uncertainty relevant to the application but does not disposition them explicitly. Sensitivity studies could be used to disposition the impact on the application due to the source of model uncertainty.

Address the following:

a. Explain and justify the credit for recovery of offsite power and how the credit is taken given that, as explained in the LAR Section on Identification of Key Assumptions, the LOOP initiating event is a combined event for all four categories (plant-centered, switchyard-centered, grid-related, and weather-related) of initiators and the recovery probabilities appear to also be combined. Provide the basis for the recovery probabilities. Clarify and explain the type of accident sequences that receive offsite power recovery credit.

b. Clarify whether any credit is taken in the fire PRA for recovery of offsite power, and if so, describe the details and assumptions made of applying such credit.

c. Explain and justify the credit taken for recovery of the EDG failure. Explain the type of scenarios that credit EDG recovery. Provide the basis for the recovery probability.

d. Explain and justify the consequential LOOP probabilities and discuss impact of this uncertainty on the risk results.

to NL-20-1000 Responses to NRC RAIs E-24

e. Supporting Requirement (SR) HR-F2 of the ASME/ANS PRA Standard RA-Sa-2009 states that the definition of the human factors events (HFEs) should specify accident sequence specific timing of cues, and time window for successful completion, accident sequence specific procedural guidance, the availability of cues and other indications for detection and evaluation errors, the specific high level tasks (e.g., train level) required to achieve the goal of the response, etc. Additionally, SR HR-H3 states that operator recovery actions should be credited only if (a) a procedure is available and operator training has included the action as part of crews training, or justification for the omission for one or both is provided, (b) cues (e.g., alarms) that alert the operator to the recovery action provided procedure, training, or skill of the craft exist, (c) attention is given to the relevant performance shaping factors provided in HR-G3, and (d) there is sufficient manpower to perform the action.

The LAR includes a discussion of the newly added operator action credited in the fire PRA to secure an EDG on loss of PSW (OPHE-REC-PSW-F) by stating it was credited in the seismic PRA. The LAR does not discuss whether this recovery action is plausible and credible, according the supporting requirements in the PRA standard.

Therefore, provide further discussion of the basis for crediting this operator action, its assigned value and its impact on the risk results for this application. Include discussion of plant procedures and operator training, availability of cues, discussion of performance shaping factors etc.

SNC Response to RAI-5

a. Explain and justify the credit for recovery of offsite power and how the credit is taken given that, as explained in the LAR Section on Identification of Key Assumptions, the LOOP initiating event is a combined event for all four categories (plant-centered, switchyard-centered, grid-related, and weather-related) of initiators and the recovery probabilities appear to also be combined. Provide the basis for the recovery probabilities. Clarify and explain the type of accident sequences that receive offsite power recovery credit.

As described on page A4-46 of the LAR, offsite power recovery factors are calculated by combining the four categories into one number. The methodology is the same as used in NUREG/CR-6890, Table 6-4. This method multiplies the recovery probability for each category by the percentage that the category contributes to the LOSP initiator and then sums the results.

The LOSP probabilities are obtained thru Bayesian updating of the LOSP initiators in NUREG/CR-6890 2015 update, INL/EXT-15-3443 with plant specific experience. The offsite power recoveries are directly from the same 2015 update. The OSP recovery factors are applied with the %IE-LOSP initiator in the LOSP and SBO event sequences.

to NL-20-1000 Responses to NRC RAIs E-25

b. Clarify whether any credit is taken in the fire PRA for recovery of offsite power, and if so, describe the details and assumptions made of applying such credit.

As described on page A4-26 of the LAR, the ASM model was corrected so that no recovery of offsite power is credited for the Fire Hazard in the PRA model.

c. Explain and justify the credit taken for recovery of the EDG failure. Explain the type of scenarios that credit EDG recovery. Provide the basis for the recovery probability.

As described for Model Change 5 starting on page A4-19 and shown in figures 4-9 thru 4-12 of the LAR, DG failure recovery was only applied to failure of a diesel to start or for failure of a diesel output breaker to close, in the internal events/internal flooding logic only. The value of this recovery event is based on plant specific historical data where diesels failed to start and were recovered. This looked through diesel information data collected between 2002 and through 2019. The analysis found that there were 25 applicable failures between 1984 and 2001. Of the 25, 15 were determined to be recoverable. Two events, one recoverable, were identified between 2002 and through 2019. This increased the total number of events from 25 to 27 and the number of recoverable events from 15 to 16. This gives the recovery and non-recovery probabilities as:

Recovery Probability:

16 / 27 = 0.59 Non-Recovery Probability:

1 - 0.59 = 0.41

d. Explain and justify the consequential LOOP probabilities and discuss impact of this uncertainty on the risk results.

The CONSEQUENTIALLOSP event is based on NUREG/CR-6890, Volume 1, Section 6.3 generic plant event data. This identified 9 events in 2797 total reactor trips. Appendix A, Table A-1 lists the 9 events classified as LOOP-IE-C. This table lists LOOP events from 1986-2004. INEL/EXT-16-39534 is the NRC update of Initiating Event rates using a data range of 1988-2015. This document identifies 3283 non-LOOP events and 83 LOOP events. This date range was selected as the date range because the number of total plant trips is stated here. EPRI TR-3002005291 is an analysis of LOOP events from 2004 to 2014 and was used as the basis for updating the CONSEQUENTIALLOSP event in the PRA models. The data in NUREG/CR-6890 contained 3 events prior to 1988 and these events were excluded from the count. Of the remaining 6 events, only two events would be consequential loss of power events at Hatch. The other four were associated with failure of the emergency busses to transfer from the Unit Aux Transformers to Startup transformers. Since the Hatch Emergency bus power supplies are fed from the startup transformers only, these events would be captured under fast bus transfer event NBA. The data in the EPRI document was reviewed and two additional events would be consequential LOOP events at Hatch. Because the two events in the EPRI document and the two events in the NUREG document were counted as LOOP events, they were added to the non-LOOP events for data update, since the actual initiating event was not a LOOP. This results in 4 events in 3287 total trips. The CONSEQUENTIALLOSP basic event point estimate was calculated as (4+0.5)/(3287+1)=1.3686e-03 per trip. A recovery value of to NL-20-1000 Responses to NRC RAIs E-26 0.1557 is applied to specific cutsets where a diesel is not available but RCIC is. The recovery value is a combined factor for plant, switchyard, and grid OSP recovery at 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />.

The uncertainty associated with the Consequential LOOP event is associated with the very limited use of offsite power recovery for the event. Consequential LOOP events are processed in the General Transient event tree and not the LOSP or SBO event trees, thus normal OSP recovery events are not applied. A limited recovery tree was developed for Consequential LOOP recoveries, based on failure of a diesel and success of RCIC.

Consequential LOOP contributes approximately 5% of the internal events risk. Of the 1308 cutsets containing the even, only 249 have recovery applied. The small portion of the internal event risk did not warrant further refinement.

Consequential LOOP events contribute approximately 70% of the internal flooding risk, but the small overall contribution of internal flooding to total risk did not warrant further refinements.

e. Supporting Requirement (SR) HR-F2 of the ASME/ANS PRA Standard RA-Sa-2009 states that the definition of the human factors events (HFEs) should specify accident sequence specific timing of cues, and time window for successful completion, accident sequence specific procedural guidance, the availability of cues and other indications for detection and evaluation errors, the specific high level tasks (e.g., train level) required to achieve the goal of the response, etc. Additionally, SR HR-H3 states that operator recovery actions should be credited only if (a) a procedure is available and operator training has included the action as part of crews training, or justification for the omission for one or both is provided, (b) cues (e.g., alarms) that alert the operator to the recovery action provided procedure, training, or skill of the craft exist, (c) attention is given to the relevant performance shaping factors provided in HR-G3, and (d) there is sufficient manpower to perform the action.

The LAR includes a discussion of the newly added operator action credited in the fire PRA to secure an EDG on loss of PSW (OPHE-REC-PSW-F) by stating it was credited in the seismic PRA. The LAR does not discuss whether this recovery action is plausible and credible, according the supporting requirements in the PRA standard.

Therefore, provide further discussion of the basis for crediting this operator action, its assigned value and its impact on the risk results for this application. Include discussion of plant procedures and operator training, availability of cues, discussion of performance shaping factors etc.

The OPHE-REC-PSW-F operator action was fully developed for the ASM by using the feasibility studies and operator interviews conducted for the seismic action. It represents a composite of two separate actions, tripping the diesel and isolating the appropriate valve. Timing to trip the diesel was changed from 20 minutes in the seismic analysis to 15 minutes to reflect different assumptions. The detailed analysis of both the composite action and the included action is included as Attachment 4 to this letter. Hatch uses the CBDTM method to determine the cognitive response and THERP to determine the execution response.

to NL-20-1000 Responses to NRC RAIs E-27 NRC RAI Risk - Prohibited Maintenance Events The licensee stated that procedure limitations prohibit scheduled maintenance during extended EDG outages, and so it took credit for those in the risk calculations presented in the LAR. The licensee provided a list of the prohibited maintenance events in LAR Tables 4-6 and 4-7, which included the other four EDGs, components associated with the many plants systems (such as high pressure coolant injection (HPCI), reactor core isolation cooling (RCIC), residual heat removal (RHR), RHR service water (RHRSW), low pressure coolant injection (LPCI),

suppression pool cooling, core spray, control rod drive (CRD), primary SW (PSW), reactor build closed cooling water (RBCCW), main control room (MCR) cooling) and many electrical components (such as startup transformers, motor control center (MCC) for the swing EDG, Station Service batteries, reactor protection system (RPS), motor generator (MG) sets, EDG batteries the opposite division for the reactor building motor control center (MCC) and LPCI MCC).

In addition, in the section titled Key Principle 5: Monitor the Impact of the Proposed Change, the licensee states:

If an extended [diesel generator] DG outage is determined necessary, the proposed TS actions require the establishment of defense-in-depth and risk management controls for various plant maintenance configurations to maintain and manage acceptable risk levels ensuring adequate electrical power sources and safety-related equipment are available in the event of a loss of the offsite electrical power system network during the extended DG outage period. The intent of these compensatory measures is to reduce the duration of risk-sensitive activities and avoid high-risk sensitive equipment outages or maintenance states that result in high-risk plant configurations.

It is not apparent from the submitted information if these additional proposed TS actions will be established at the start of each EDG outage or will these additional TS actions only be established after the initial 14 days of the outage.

a. Clearly state what the proposed TS actions are and when these TS actions take effect.

b. Confirm and explain how the restrictions in LAR Table 4-6 are taken into account in the Regulatory Commitments provided in LAR Attachment 5.

c. The maintenance restrictions listed in LAR Table 4-6 appear to include specific divisions of the various systems, e.g. RHR pumps A and C, separate from RHR pumps B and D. Explain whether these maintenance restrictions are specific to specific EDG out of service, or are generic for any EDG (for example is maintenance prevented for any of the RHR pumps during any of the EDG outages?)

d. LAR states The alignment of the RPS bus alternate supply to a source supplied by the 1A DG was modeled per existing restrictions associated with the DG 1C 14-day completion time. Explain the restrictions being referred to, and the impact on risk.

to NL-20-1000 Responses to NRC RAIs E-28 SNC Response to RAI-6

a. Clearly state what the proposed TS actions are and when these TS actions take effect.

For all three DG maintenance outages, HNP will enter Condition B of the Unit 1 TS (one Unit 1 or the swing DG inoperable). Per Unit 1 TS 3.8.1 Condition B, Required Action (RA) either B.4.1, or B.4.2.1 and B.4.2.2, must be performed within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of entering Condition B. In addition, as discussed in response to RAI-1b, HNP will enter Condition B of the Unit 2 TS (one Unit 2 or the swing DG inoperable) for swing DG 1B for all three maintenance outages because the DG 1B will be inhibited from aligning to Unit 2 during the 1A and 1C maintenance outages per Required Action B.4.2.2 of the Unit 1 TS. For the DG 1A and 1C maintenance outages, Unit 2 TS Condition C (one required Unit 1 DG inoperable) will also be entered in addition to the TS Conditions previously discussed.

To apply the 14 day completion time, Unit 1 TS 3.8.1 Condition B, RA B.4.1 requires the swing DG to be inhibited from automatically aligning to Unit 2 (for the 1A or 1C DG outages), and requires maintenance restrictions as outlined in Appendix A of the SNC Configuration Risk Management Program to be met.

Unit 1 TS 3.8.1 Condition B, RA B.4.2.1 requires the establishment of compensatory and risk management controls as described in Attachment 5 of this letter within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of entering Condition B. In addition, RA B.4.2.1 requires these compensatory and risk management controls to be reestablished within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> of the discovery that they are not being met.

Unit 1 TS 3.8.1 Condition B, RA B.4.2.2 requires the swing DG to be inhibited from automatically aligning to Unit 2 (for the 1A or 1C DG outages) within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of entering Condition B, consistent with RA B.4.1.

Unit 1 TS 3.8.1 Condition B, RAs B.4.1 and B.4.2 (which includes B.4.2.1, B.4.2.2, and B.4.2.3) are connected by an OR logical connector. Per TS Section 1.2 (Refer to Example 1.2-2), either of these RAs can be applied until the expiration of the RA B.4.1 CT, upon which time the applicable RA B.4.2 requirements must be met.

Unit 2 TS 3.8.1 Condition B and Condition C have similar controls and requirements for the swing DG 1B (Condition B) and the required Unit 1 DG (Condition C) as discussed above for the Unit 1 TS.

b. Confirm and explain how the restrictions in LAR Table 4-6 are taken into account in the Regulatory Commitments provided in LAR Attachment 5.

Regulatory Commitment 2.i of the LAR states:

Systems and components specified in Appendix A of the plant online configuration risk management program will be maintained available and no discretionary maintenance or testing will be scheduled on these systems or components.

This regulatory commitment is required to be established prior to and during the one-time optional extended CT period. In addition, as discussed in the response to RAI 6(a), the proposed TS actions, via Attachment 5 of this letter, require establishment of risk management to NL-20-1000 Responses to NRC RAIs E-29 controls specified in Appendix A of the plant online configuration risk management program within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of entering Unit 1 TS 3.8.1 Condition B.

The systems specified in Appendix A of the plant online configuration risk management program are consistent with those identified in LAR Table 4-6. It should be noted that Table 4-6 states that reactor building closed cooling water (RBCCW) pumps A, B, and C and the associated breakers would be restricted from maintenance. Appendix A of the SNC Configuration Risk Management Program does allow scheduling of concurrent EDG and RBCCW work if required due to unplanned conditions, and requires a minimum configuration of two RBCCW pumps and one heat exchanger to ensure the system remains functional. Attachment 6 to this letter contains a revised Table 4-6.

c. The maintenance restrictions listed in LAR Table 4-6 appear to include specific divisions of the various systems, e.g. RHR pumps A and C, separate from RHR pumps B and D. Explain whether these maintenance restrictions are specific to specific EDG out of service, or are generic for any EDG (for example is maintenance prevented for any of the RHR pumps during any of the EDG outages?)

Per the SNC on-line configuration risk management program, these maintenance restrictions would apply to both divisions and to both units.

d. LAR states The alignment of the RPS bus alternate supply to a source supplied by the 1A DG was modeled per existing restrictions associated with the DG 1C 14-day completion time. Explain the restrictions being referred to, and the impact on risk.

The RPS bus normal supply is through the respective RPS motor-generator (MG) set drive. A transfer switch is used to select either 120/208 Essential Cabinet A or B as the alternate power source. The normal position of this transfer switch, in accordance with 34SO-C71-001-1, is aligned to Essential Cabinet B. The SNC on-line configuration risk management program requires the transfer switch to be aligned to the Essential Cabinet backed by the in-service DG. Therefore, for the DG 1C outage, the transfer switch would be re-aligned to the Essential Cabinet A supplied by the 4160V bus associated with the DG 1A. There is no risk impact of this single alignment, but it is included since the procedure requires it to be realigned and the risk assessment is intended to match the plant configuration.

to NL-20-1000 Responses to NRC RAIs E-30 NRC RAI Risk - Tier 3 Evaluations Revision 1 of RG 1.177, An Approach for Plant-Specific, Risk-Informed Decision-making: Technical Specifications (ADAMS Accession No. ML100910008), describes an acceptable risk-informed approach specifically for assessing proposed TS changes. This regulatory guide identifies a three-tiered approach for a licensees evaluation of the risk associated with a proposed TS completion time change. Tier 3 addresses the licensees Configuration Risk Management Program (CRMP) to ensure that adequate programs and procedures are in place for identifying risk-significant plant configurations resulting from maintenance or other operational activities and appropriate compensatory measures are taken to avoid risk-significant configurations that may not have been considered when the Tier 2 evaluation was performed. Compared with Tier 2, Tier 3 provides additional coverage to ensure risk-significant plant equipment outage configurations are identified in a timely manner and that the risk impact of out-of-service equipment is appropriately evaluated prior to performing any maintenance activity over extended periods of plant operation. Tier 3 guidance can be satisfied by the Maintenance Rule, which requires a licensee to assess and manage the increase in risk that may result from activities such as surveillance testing and corrective and preventive maintenance, subject to the guidance provided in RG 1.177, Section 2.3.7.1 and the adequacy of the licensees program and PRA model for this application. The CRMP ensures that equipment removed from service prior to or during the proposed extended CT will be appropriately assessed from a risk perspective.

LAR Attachment 4 states that Hatch has a mature on-line configuration risk management process that combined quantitative and qualitative assessments, but does not provide any further information. The NRC staff notes that the risk estimate due to the EDG allowed outage time (AOT) extension provided in the LAR includes contributions from the internal events, internal flooding, internal fire and seismic PRA, but it is unclear whether Hatch CRMP captures the risk from fire and seismic hazards. In addition, the LAR describes how the PRA MOR was modified to produce an ASM to estimate the risk due to the extended EDG AOT. Therefore, address the following:

a. Describe whether the ASM changes will be captured in the CRMP.

b. When performing Tier 3 evaluations, explain and justify how the Hatch CRMP is capable of capturing the risk due to the planned EDG outage, including the risk from fire and seismic events.

c. If the CRMP model does not model relevant all hazards, please describe and justify how the CRMP evaluation is performed.

SNC Response to RAI-7

a. Describe whether the ASM changes will be captured in the CRMP.

The ASM changes will be incorporated into the CRMP prior to the first diesel outage.

to NL-20-1000 Responses to NRC RAIs E-31

b. When performing Tier 3 evaluations, explain and justify how the Hatch CRMP is capable of capturing the risk due to the planned EDG outage, including the risk from fire and seismic events.

The CRMP process includes internal events, internal fires, internal flooding, and seismic hazards. The CRMP can provide importance reports for basic events, operator actions and fire areas for use in developing configuration specific risk management actions. The instantaneous and cumulative risk profiles for both CDF and LERF are displayed.to the user.

c. If the CRMP model does not model relevant all hazards, please describe and justify how the CRMP evaluation is performed.

N/A, all hazards are included in the assessment.

to NL-20-1000 Responses to NRC RAIs E-32 NRC RAI Risk - Fire Model Logic Change In the section of the LAR titled Fire Model Logic Changes, the licensee states:

An unlocated conduit in fire compartment 0024A (Cable Spreading Room) was also leading to high risk results in the DG outage cases due to a cable whose failure was modeled as causing a spurious opening of breaker 1R22S007/CB10. Since the cable was in an unlocated raceway, it was conservatively being failed by all fire scenarios in the room. The conduit was determined to run across the ceiling of this fire compartment, which is outside of the zone of influence (ZOI) of the transient fire scenarios. This determination was made by identifying the end points of the conduit and associated cables, then identifying the length of the conduit, which is 30 feet long. Based on the distance between the panels, the conduit must run in approximately a straight line between the panels. This configuration is not susceptible to the aforementioned damage. Thus, this target was removed from all transient fires in 0024A for Unit 1, which are scenarios beginning with %HF_0024A_TS*, in FRANX prior to creating the ASM one top model.

The licensee is requested to justify why other ignition sources in fire compartment 0024A (Cable Spreading Room) were not analyzed as potential fires that could damage this cable.

SNC Response to RAI-8 Because conduits are field routed, they are assigned to all transient fires and equipment fires unless walked down or verified by drawings to be far from the source. Hot Gas Layer fires are assumed to impact any raceway in an area.

There are 628 fire scenarios in the cable spreading room: 62 are junction box fires, 388 are cable tray fires and 178 are transient fires. None of these scenarios lead to Hot Gas Layer fires.

There is no electrical equipment in the cable spreading room, and the cable tray and junction box fires only impact the specific tray (FAQ 13-0005) or junction box (FAQ 13-0006). Thus, the only fires that could impact the conduit were transient fires and then only if the conduit is within the impact area for the fire.

to NL-20-1000 Responses to NRC RAIs E-33 NRC RAI Risk Are there any incomplete implementation items in the NFPA 805 approval that would challenge the basis of the submittal and merit of NRC approval?

SNC Response to RAI-9 There are no incomplete implementation items (table S-3 in the NFPA-805 submittal) that would impact the results of this analysis.

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Revised HNP Unit 1 and 2 Technical Specifications Marked-up Pages

AC Sources - Operating 3.8.1 HATCH UNIT 1 3.8-3 Amendment No. 259 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND B.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR B.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

AND B.4 Restore DG to OPERABLE status.

4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition B concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for a Unit 1 DG with the swing DG not inhibited or maintenance restrictions not met AND 14 days for a Unit 1 DG with the swing DG inhibited from automatically aligning to Unit 2 and maintenance restrictions met AND 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for the swing diesel with maintenance restrictions not met (continued)

.1

AC Sources - Operating 3.8.1 HATCH UNIT 1 3.8-4 Amendment No. 279 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.4 (continued)

AND 14 days for the swing diesel with maintenance restrictions met C.

One required Unit 2 DG inoperable C.1 Perform SR 3.8.1.1 for OPERABLE required offsite circuit(s).

AND C.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND C.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR C.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition C concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours (continued)

.1

<U1 Insert 3.8.1-1>

U1 Insert 3.8.1-1 OR

---

NOTES---------------

1. Only applicable during diesel engine cylinder liner replacement outage.

2. Only applicable once per DG.

3. Only applicable until June 30, 2021.

B.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in Attachment 5 of SNC letter NL-20-1000, dated August 23, 2020.

AND B.4.2.2 -----------NOTE------------

Only applicable to Unit 1 DGs (i.e., DG 1A and 1C).

Inhibit swing DG from automatically aligning to Unit 2.

AND B.4.2.3 Restore DG to OPERABLE status.

72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 19 days

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-3 Amendment No. 203 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND B.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR B.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s)

AND B.4 Restore DG to OPERABLE status.

4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition B concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for a Unit 2 DG with the swing DG not inhibited or maintenance restrictions not met AND 14 days for a Unit 2 DG with the swing DG inhibited from automatically aligning to Unit 1 and maintenance restrictions met AND 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for the swing diesel with maintenance restrictions not met (continued)

.1

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-4 Amendment No. 223 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.4 (continued)

AND 14 days for the swing diesel with maintenance restrictions met C.

One required Unit 1 DG inoperable.

C.1 Perform SR 3.8.1.1 for OPERABLE required offsite circuit(s).

AND C.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND C.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR C.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition C concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours (continued)

.1

<U2 Insert 3.8.1-1>

U2 Insert 3.8.1-1 OR

---

NOTES---------------

1. Only applicable during diesel engine cylinder liner replacement outage of Unit 1 DGs (i.e., DGs 1A and 1C) or swing DG (i.e., DG 1B).

2. Only applicable to swing DG.

3. Only applicable until June 30, 2021.

B.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in Attachment 5 of SNC letter NL-20-1000, dated August 23, 2020.

AND B.4.2.2 Restore DG to OPERABLE status.

72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 19 days

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-5 Amendment No. 203 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME C.

(continued)

AND C.4 Restore required DG to OPERABLE status.

7 days with the swing DG not inhibited or maintenance restrictions not met AND 14 days with the swing DG inhibited from automatically aligning to Unit 2 and maintenance restrictions met D.

Two or more required offsite circuits inoperable.

D.1 Declare required feature(s) with no offsite power available inoperable when the redundant required feature(s) are inoperable.

AND D.2 Restore all but one required offsite circuit to OPERABLE status.

12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> from discovery of Condition D concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> E.

One required offsite circuit inoperable.

AND One required DG inoperable.

---

NOTE-----------------

Enter applicable Conditions and Required Actions of LCO 3.8.7, "Distribution Systems -

Operating," when Condition E is entered with no AC power source to one 4160 V ESF bus.

E.1 Restore required offsite circuit to OPERABLE status.

12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (continued)

.1

<U2 Insert 3.8.1-2>

U2 Insert 3.8.1-2 OR

---

NOTES----------------

1. Only applicable during diesel engine cylinder liner replacement outage.

2. Only applicable once per DG.

3. Only applicable until June 30, 2021.

C.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in Attachment 5 of SNC letter NL-20-1000, dated August 23, 2020.

AND C.4.2.2 Inhibit swing DG from automatically aligning to Unit 2.

AND C.4.2.3 Restore DG to OPERABLE status.

7 days AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 7 days 19 days

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Revised HNP Unit 1 and 2 Technical Specifications Clean-Typed Pages

AC Sources - Operating 3.8.1 HATCH UNIT 1 3.8-3 Amendment No.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND B.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR B.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

AND B.4.1 Restore DG to OPERABLE status.

4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition B concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for a Unit 1 DG with the swing DG not inhibited or maintenance restrictions not met AND 14 days for a Unit 1 DG with the swing DG inhibited from automatically aligning to Unit 2 and maintenance restrictions met AND 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for the swing diesel with maintenance restrictions not met (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 1 3.8-4a Amendment No.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.4.1 (continued)

OR

---

NOTES------------------

1. Only applicable during diesel engine cylinder liner replacement outage.

2. Only applicable once per DG.

3. Only applicable until June 30, 2021.

B.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in of SNC letter NL-20-1000, dated August 23, 2020.

AND B.4.2.2 -------------NOTE-------------

Only applicable to Unit 1 DGs (i.e., DG 1A and 1C).

Inhibit swing DG from automatically aligning to Unit 2.

AND B.4.2.3 Restore DG to OPERABLE status.

AND 14 days for the swing diesel with maintenance restrictions met 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 19 days (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 1 3.8-4b Amendment No.

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME C.

One required Unit 2 DG inoperable C.1 Perform SR 3.8.1.1 for OPERABLE required offsite circuit(s).

AND C.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND C.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR C.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition C concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-3 Amendment No.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND B.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR B.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s)

AND B.4.1 Restore DG to OPERABLE status.

4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition B concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for a Unit 2 DG with the swing DG not inhibited or maintenance restrictions not met AND 14 days for a Unit 2 DG with the swing DG inhibited from automatically aligning to Unit 1 and maintenance restrictions met AND 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> for the swing diesel with maintenance restrictions not met (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-4a Amendment No.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME B.

(continued)

B.4.1 (continued)

OR

---

NOTES----------------

1. Only applicable during diesel engine cylinder liner replacement outage of Unit 1 DGs (i.e., DGs 1A and 1C) or swing DG (i.e., DG 1B).

2. Only applicable to swing DG.

3. Only applicable until June 30, 2021.

B.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in Attachment 5 of SNC letter NL-20-1000, dated August 23, 2020.

AND B.4.2.2 Restore DG to OPERABLE status.

AND 14 days for the swing diesel with maintenance restrictions met 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 19 days (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-4b Amendment No.

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME C.

One required Unit 1 DG inoperable.

C.1 Perform SR 3.8.1.1 for OPERABLE required offsite circuit(s).

AND C.2 Declare required feature(s), supported by the inoperable DG, inoperable when the redundant required feature(s) are inoperable.

AND C.3.1 Determine OPERABLE DG(s) are not inoperable due to common cause failure.

OR C.3.2 Perform SR 3.8.1.2.a for OPERABLE DG(s).

1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition C concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-5a Amendment No.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME C.

(continued)

AND C.4.1 Restore required DG to OPERABLE status.

OR

---

NOTES----------------

1. Only applicable during diesel engine cylinder liner replacement outage.

2. Only applicable once per DG.

3. Only applicable until June 30, 2021.

C.4.2.1 Establish compensatory and risk management controls for extended DG outage as specified in Attachment 5 of SNC letter NL-20-1000, dated August 23, 2020.

AND C.4.2.2 Inhibit swing DG from automatically aligning to Unit 2.

AND C.4.2.3 Restore DG to OPERABLE status.

7 days with the swing DG not inhibited or maintenance restrictions not met AND 14 days with the swing DG inhibited from automatically aligning to Unit 2 and maintenance restrictions met 7 days AND 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> thereafter from discovery of compensatory or risk management control not met 7 days 19 days (continued)

AC Sources - Operating 3.8.1 HATCH UNIT 2 3.8-5b Amendment No.

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME D.

Two or more required offsite circuits inoperable.

D.1 Declare required feature(s) with no offsite power available inoperable when the redundant required feature(s) are inoperable.

AND D.2 Restore all but one required offsite circuit to OPERABLE status.

12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> from discovery of Condition D concurrent with inoperability of redundant required feature(s) 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> E.

One required offsite circuit inoperable.

AND One required DG inoperable.

---

NOTE-----------------

Enter applicable Conditions and Required Actions of LCO 3.8.7, "Distribution Systems -

Operating," when Condition E is entered with no AC power source to one 4160 V ESF bus.

E.1 Restore required offsite circuit to OPERABLE status.

12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (continued)

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Revised HNP Unit 1 and 2 Technical Specifications Bases Marked-up Pages



$&6RXUFHV2SHUDWLQJ



%





FRQWLQXHG



+$7&+81,7

%

5(9,6,21

%$6(6



$&7,216

%FRQWLQXHG



x

$VQHHGHGIRUWKHVZLQJ'*ZKHQLWLVLQKLELWHGIURP

DXWRPDWLFDOO\\DOLJQLQJWR8QLWLQRUGHUIRUWKHGD\\

&RPSOHWLRQ7LPHWREHXVHGIRUD8QLW'*







7KH$1'FRQQHFWRUEHWZHHQWKHKRXUDQGGD\\&RPSOHWLRQ

7LPHVPHDQVWKDWERWK&RPSOHWLRQ7LPHVDSSO\\VLPXOWDQHRXVO\\7KDW

LVWKHGD\\&RPSOHWLRQ7LPHIRUDQ$RU&'*ZLWKWKHVZLQJ'*

LQKLELWHGDSSOLHVIURPWKHWLPHRIHQWU\\LQWR&RQGLWLRQ%QRWIURPWKH

WLPHWKHVZLQJ'*LVLQKLELWHG







&









7RHQVXUHDKLJKO\\UHOLDEOHSRZHUVRXUFHUHPDLQVZLWKRQHUHTXLUHG

8QLW'*LQRSHUDEOHLWLVQHFHVVDU\\WRYHULI\\WKHDYDLODELOLW\\RIWKH

UHTXLUHGRIIVLWHFLUFXLWVRQDPRUHIUHTXHQWEDVLV6LQFHWKH5HTXLUHG

$FWLRQRQO\\VSHFLILHVSHUIRUPDIDLOXUHRI65DFFHSWDQFH

FULWHULDGRHVQRWUHVXOWLQD5HTXLUHG$FWLRQEHLQJQRWPHW+RZHYHU

LIDFLUFXLWIDLOVWRSDVV65LWLVLQRSHUDEOH8SRQRIIVLWHFLUFXLW

LQRSHUDELOLW\\DGGLWLRQDO&RQGLWLRQVPXVWWKHQEHHQWHUHG



&







5HTXLUHG$FWLRQ&LVLQWHQGHGWRSURYLGHDVVXUDQFHWKDWDORVVRI

RIIVLWHSRZHUGXULQJWKHSHULRGWKDWRQHUHTXLUHG8QLW'*LV

LQRSHUDEOHGRHVQRWUHVXOWLQDFRPSOHWHORVVRIVDIHW\\IXQFWLRQRI

FULWLFDOV\\VWHPV7KHVHIHDWXUHVDUHGHVLJQHGZLWKUHGXQGDQWVDIHW\\

UHODWHGGLYLVLRQVLHVLQJOHGLYLVLRQV\\VWHPVDUHQRWLQFOXGHG

5HGXQGDQWUHTXLUHGIHDWXUHVIDLOXUHVFRQVLVWRILQRSHUDEOHIHDWXUHV

DVVRFLDWHGZLWKDGLYLVLRQUHGXQGDQWWRWKHGLYLVLRQWKDWKDVDQ

LQRSHUDEOH'*





<U1 Insert B 3.8.1-1>

Unit 1 Insert B 3.8.1-1 B.4.2.1, B.4.2.2, and B.4.2.3 The Completion Time to restore the DG to OPERABLE status may be extended to 19 days provided action is taken within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to: 1) for an inoperable Unit 1 DG, inhibit the swing DG from automatically aligning to the Unit 2 4.16 kV ESF bus, and 2) establish compensatory and risk management controls.

The B.4.2 Required Actions are modified by three Notes. Note 1 ensures that the B.4.2 Required Actions are only applied during the DG outage period that includes replacement of the engine cylinder liners. Note 2 specifies that the B.4.2 ACTIONS are only applicable one time for each DG because they are only approved for one-time use. Note 3 limits the time period the B.4.2 ACTIONS may be used.

The extended Completion Time is subject to additional defense-in-depth measures and risk management actions to ensure adequate electrical power sources and safety related equipment are available in the event of a loss of the offsite electrical power system during the extended DG outage period.

The compensatory controls specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 16) consist of controls that must be established and maintained during the extended Completion Time period to preserve defense-in-depth. The requirement to establish and maintain features (i.e., systems, subsystems, and components) OPERABLE as a compensatory control may be performed as an administrative check, by examining logs or other information, to determine if the required features are out of service for maintenance or other reasons. It does not mean it is necessary to perform the Surveillances needed to demonstrate the OPERABILITY of the required features.

The risk evaluation performed, in accordance with RG 1.177 (Ref. 17), to extend the DG Completion Time to 19 days identified potentially high-risk configurations that could exist if equipment, in addition to the inoperable DG, were to be taken out of service simultaneously or other risk-significant operational factors, such as concurrent system or equipment testing. The risk management controls specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 16) must be established and maintained, as applicable, during the extended Completion Time period to ensure appropriate restrictions on dominant risk-significant configurations associated with the extended Completion Time period are in place.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time of Required Action B.4.2.1 corresponds to the time required by Required Action B.4.1 to restore a unit DG or the swing DG to OPERABLE status with no additional restrictions or controls. If after the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time while applying the B.4.2 ACTIONS, it is discovered that these controls are not met, a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from discovery of the required controls not met is allowed to reestablish the compensatory and risk management controls. The Completion Time is intended to allow the operator time to evaluate and re-establish any discovered control not met. This Completion Time also allows for an exception to the normal "time zero" for beginning the Completion Time "clock." Following the initial 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (while applying the B.4.2 ACTIONS) to establish the required controls, discovering one or more of the required controls not met results in starting the Completion Time for Required Action B.4.2.1. Twenty-four hours from the discovery of the required control(s) not met is acceptable because it minimizes risk while allowing time for re-establishing the control(s) before subjecting the unit to transients associated with shutdown while a DG is inoperable.

Unit 1 Insert B 3.8.1-1 (continued)

Required Action B.4.2.2 requires the swing DG to be inhibited from automatically aligning (on a LOCA or LOSP signal) to the other unit. This ensures two OPERABLE DGs are dedicated to each unit during a LOCA or LOSP event when a unit DG is inoperable. Required Action B 4.2.2 is modified by a Note that clarifies this action is only applicable when Condition B is entered due to DG 1A or 1C inoperable. When Condition B is entered due to the swing DG inoperable, this action is not applicable and is not needed since each unit has two dedicated OPERABLE DGs available in the event of a LOCA or LOSP event. The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time of Required Action B.4.2.2 corresponds to the time required by Required Action B.4.1 to restore a unit DG to OPERABLE status with no additional restrictions or controls.

Once Required Action B.4.2.1 and Required Action B.4.2.2 for the Unit 1 DGs, are performed, the DG can be restored to OPERABLE status within 19 days. The extended Completion Time of Required Action B.4.2.3 represents a balance between the risk associated with continued plant operation with less than the required system or component redundancy and the risk associated with initiating a plant transient while transitioning the unit based on the loss of redundancy. With compensatory and risk management controls established, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The extended Completion Time takes into account the capacity and capability of the remaining AC sources, reasonable time for maintenance, and low probability of a DBA or an LOSP occurring during this period.

The Completion Time of Required Action B.4.2.3 is based on a defense-in-depth philosophy and risk informed using the plant PRA. The risk impact of the extended Completion Time has been evaluated pursuant to the risk assessment and management provisions of the Maintenance Rule, 10 CFR 50.65(a)(4), and the associated implementation guidance, Regulatory Guide 1.160, "Monitoring the Effectiveness of Maintenance at Nuclear Power Plants." Regulatory Guide 1.160 endorses the guidance in Section 11 of NUMARC 93-01, "Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants."

This guidance provides for the consideration of dynamic plant configuration issues, emergent conditions, and other aspects pertinent to plant operation with the DG inoperable for an extended period of time. These considerations may result in additional risk management and other compensatory actions being required during the extended period that the DG is inoperable.

$&6RXUFHV2SHUDWLQJ

%

+$7&+81,7

%

5(9,6,21

%$6(6

5()(5(1&(6



&)5$SSHQGL[$*'&



)6$56HFWLRQVDQG



1RWXVHG



8QLW)6$56HFWLRQ



8QLW)6$5&KDSWHU



5HJXODWRU\\*XLGH'HFHPEHU



• HQHULF/HWWHU



&)5$SSHQGL[$*'&



5HJXODWRU\\*XLGH0DUFK



5HJXODWRU\\*XLGH$XJXVW



5HJXODWRU\\*XLGH2FWREHU



,(((6WDQGDUG



,(((6WDQGDUG



15&1R)LQDO3ROLF\\6WDWHPHQWRQ7HFKQLFDO 6SHFLILFDWLRQ,PSURYHPHQWV-XO\\



1('&$5HYLVLRQ7HFKQLFDO-XVWLILFDWLRQWR6XSSRUW 5LVN,QIRUPHG0RGLILFDWLRQWR6HOHFWHG5HTXLUHG(QG6WDWHV IRU%:53ODQWV'HFHPEHU

16. Attachment 5, "Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP)

Diesel Generator (DG) One-time 19-day Completion Time Allowance," Letter NL-20-1000 from C.A.

Gayheart (SNC) to the Document Control Desk (NRC),

dated August 23, 2020.

17. Regulatory Guide 1.177, May 2011.

$&6RXUFHV2SHUDWLQJ

%







FRQWLQXHG



+$7&+81,7

%

5(9,6,21

%$6(6



$&7,216

%FRQWLQXHG











7KHWLPHPD\\EHXVHGDVQHHGHGWRFRPSOHWHXQSODQQHG

PDLQWHQDQFH7KLVWLPHVKDOOEHPLQLPL]HG



x

$VQHHGHGIRUWKHVZLQJ'*ZKHQLWLVLQKLELWHGIURP

DXWRPDWLFDOO\\DOLJQLQJWR8QLWLQRUGHUIRUWKHGD\\

&RPSOHWLRQ7LPHWREHXVHGIRUD8QLW'*









7KH³$1FRQQHFWRUEHWZHHQWKHKRXUDQGGD\\&RPSOHWLRQ

7LPHVPHDQVWKDWERWK&RPSOHWLRQ7LPHVDSSO\\VLPXOWDQHRXVO\\7KDW

LVWKHGD\\&RPSOHWLRQ7LPHIRUDQ$RU&'*ZLWKWKHVZLQJ'*

LQKLELWHGDSSOLHVIURPWKHWLPHRIHQWU\\LQWR&RQGLWLRQ%QRWIURPWKH

WLPHWKHVZLQJ'*LVLQKLELWHG







&







7RHQVXUHDKLJKO\\UHOLDEOHSRZHUVRXUFHUHPDLQVZLWKRQHUHTXLUHG

8QLW'*LQRSHUDEOHLWLVQHFHVVDU\\WRYHULI\\WKHDYDLODELOLW\\RIWKH

UHTXLUHGRIIVLWHFLUFXLWVRQDPRUHIUHTXHQWEDVLV6LQFHWKH5HTXLUHG

$FWLRQRQO\\VSHFLILHVSHUIRUPDIDLOXUHRI65DFFHSWDQFH

FULWHULDGRHVQRWUHVXOWLQD5HTXLUHG$FWLRQEHLQJQRWPHW+RZHYHU

LIDFLUFXLWIDLOVWRSDVV65LWLVLQRSHUDEOH8SRQRIIVLWHFLUFXLW

LQRSHUDELOLW\\DGGLWLRQDO&RQGLWLRQVPXVWWKHQEHHQWHUHG



&



5HTXLUHG$FWLRQ&LVLQWHQGHGWRSURYLGHDVVXUDQFHWKDWDORVVRI

RIIVLWHSRZHUGXULQJWKHSHULRGWKDWRQHUHTXLUHG8QLW'*LV

LQRSHUDEOHGRHVQRWUHVXOWLQDFRPSOHWHORVVRIVDIHW\\IXQFWLRQRI

FULWLFDOV\\VWHPV7KHVHIHDWXUHVDUHGHVLJQHGZLWKUHGXQGDQWVDIHW\\

UHODWHGGLYLVLRQVLHVLQJOHGLYLVLRQV\\VWHPVDUHQRWLQFOXGHG

5HGXQGDQWUHTXLUHGIHDWXUHVIDLOXUHVFRQVLVWRILQRSHUDEOHIHDWXUHV

DVVRFLDWHGZLWKDGLYLVLRQUHGXQGDQWWRWKHGLYLVLRQWKDWKDVDQ

LQRSHUDEOH'*



7KH&RPSOHWLRQ7LPHLVLQWHQGHGWRDOORZWKHRSHUDWRUWLPHWR

HYDOXDWHDQGUHSDLUDQ\\GLVFRYHUHGLQRSHUDELOLWLHV7KLV&RPSOHWLRQ

7LPHDOVRDOORZVIRUDQH[FHSWLRQWRWKHQRUPDOWLPH]HURIRU

EHJLQQLQJWKHDOORZHGRXWDJHWLPHFORFN,QWKLV5HTXLUHG$FWLRQWKH

&RPSOHWLRQ7LPHRQO\\EHJLQVRQGLVFRYHU\\WKDWERWK







D

$QLQRSHUDEOHUHTXLUHG8QLW'*H[LVWVDQG







E

$UHGXQGDQWUHTXLUHGIHDWXUHRQWKHRWKHUGLYLVLRQ'LYLVLRQ

RURUGLYLVLRQVLQWKHFDVHRIWKH8QLWDQG6*76\\VWHP

LVLQRSHUDEOH



,IDWDQ\\WLPHGXULQJWKHH[LVWHQFHRIWKLV&RQGLWLRQUHTXLUHG

8QLW'*LQRSHUDEOHDUHGXQGDQWIHDWXUHVXEVHTXHQWO\\EHFRPHV

LQRSHUDEOHWKLV&RPSOHWLRQ7LPHEHJLQVWREHWUDFNHG

<U2 Insert B 3.8.1-1>

Unit 2 Insert B 3.8.1-1 B.4.2.1 and B.4.2.2 The Completion Time to restore the swing DG to OPERABLE status may be extended to 19 days provided action is taken within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to establish compensatory and risk management controls.

The B.4.2 Required Actions are modified by three Notes. Note 1 ensures that the B.4.2 Required Actions are only applied during the DG outage period that includes replacement of the engine cylinder liners of the Unit 1 DGs (i.e., DGs 1A and 1C) or the swing DG (i.e., DG 1B).

Note 2 specifies that the B.4.2 ACTIONS are only applicable to the swing DG and, therefore, are not applicable when Condition B is entered due to the inoperability of a Unit 2 DG. Note 3 limits the time period the B.4.2 ACTIONS may be used.

The extended Completion Time is subject to additional defense-in-depth measures and risk management actions to ensure adequate electrical power sources and safety related equipment are available in the event of a loss of the offsite electrical power system during the extended DG outage period.

The compensatory controls specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 15) consist of controls that must be established and maintained during the extended Completion Time period to preserve defense-in-depth. The requirement to establish and maintain features (i.e., systems, subsystems, and components) OPERABLE as a compensatory control may be performed as an administrative check, by examining logs or other information, to determine if the required features are out of service for maintenance or other reasons. It does not mean it is necessary to perform the Surveillances needed to demonstrate the OPERABILITY of the required features.

The risk evaluation performed, in accordance with RG 1.177 (Ref. 16), to extend the DG Completion Time to 19 days identified potentially high-risk configurations that could exist if equipment, in addition to the inoperable DG, were to be taken out of service simultaneously or other risk-significant operational factors, such as concurrent system or equipment testing. The risk management control applicable to the swing DG (i.e., DG 1B) specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 15) must be established and maintained during the extended Completion Time period to ensure appropriate restrictions on dominant risk-significant configurations associated with the extended Completion Time period are in place.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time of Required Action B.4.2.1 corresponds to the time required by Required Action B.4.1 to restore the swing DG to OPERABLE status with no additional restrictions or controls. If after the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time while applying the B.4.2 ACTIONS, it is discovered that these controls are not met, a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from discovery of the required controls not met is allowed to reestablish the compensatory and risk management controls. The Completion Time is intended to allow the operator time to evaluate and re-establish any discovered control not met. This Completion Time also allows for an exception to the normal "time zero" for beginning the Completion Time "clock." Following the initial 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (while applying the B.4.2 ACTIONS) to establish the required controls, discovering one or more of the required controls not met results in starting the Completion Time for Required Action B.4.2.1. Twenty-four hours from the discovery of the required control(s) not met is acceptable because it minimizes risk while allowing time for re-establishing the control(s) before subjecting the unit to transients associated with shutdown while a DG is inoperable.

Unit 2 Insert B 3.8.1-1 (continued)

Once Required Action B.4.2.1 is performed, the swing DG can be restored to OPERABLE status within 19 days. The extended Completion Time of Required Action B.4.2.2 represents a balance between the risk associated with continued plant operation with less than the required system or component redundancy and the risk associated with initiating a plant transient while transitioning the unit based on the loss of redundancy. With compensatory and risk management controls established, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The extended Completion Time takes into account the capacity and capability of the remaining AC sources, reasonable time for maintenance, and low probability of a DBA or an LOSP occurring during this period.

The Completion Time of Required Action B.4.2.2 is based on a defense-in-depth philosophy and risk informed using the plant PRA. The risk impact of the extended Completion Time has been evaluated pursuant to the risk assessment and management provisions of the Maintenance Rule, 10 CFR 50.65 (a)(4), and the associated implementation guidance, Regulatory Guide 1.160. Regulatory Guide 1.160 endorses the guidance in Section 11 of NUMARC 93-01.

This guidance provides for the consideration of dynamic plant configuration issues, emergent conditions, and other aspects pertinent to plant operation with the swing DG inoperable for an extended period of time. These considerations may result in additional risk management and other compensatory actions being required during the extended period that the DG is inoperable.

AC Sources - Operating B 3.8.1 (continued)

HATCH UNIT 2 B 3.8-13 REVISION 96 BASES ACTIONS C.4 (continued)

In Condition C, the remaining OPERABLE offsite circuit is adequate to supply electrical power to the required onsite Unit 1 Class 1E Distribution System. The 7 day Completion Time is based on the shortest restoration time allowed for the systems affected by the inoperable DG in the individual system LCOs. A risk-informed, deterministic evaluation performed for Plant Hatch justifies operation in Condition C for 14 days, provided action is taken to ensure two DGs are dedicated to each Hatch unit. This is accomplished for an inoperable A or C DG by inhibiting the automatic alignment (on a LOCA or LOSP signal) of the swing DG to the other unit. The Completion Times take into account the capacity and capability of the remaining AC sources, reasonable time for maintenance, and low probability of a DBA occurring during this period. Use of the 14 day Completion Time, subject to additional restrictions controlled by NMP-GM-031, is permitted as follows:

x Once per DG per operating cycle for performing a major overhaul of a DG.

x As needed to complete unplanned maintenance. This time shall be minimized.

D.1 and D.2 Required Action D.1 addresses actions to be taken in the event of inoperability of redundant required features concurrent with inoperability of two or more required offsite circuits. Required Action D.1 reduces the vulnerability to a loss of function. The Completion Time for taking these actions is reduced to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> from that allowed with one 4160 V ESF bus without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is that Regulatory Guide 1.93 (Ref. 6) allows a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for two required offsite circuits inoperable, based upon the assumption that two complete safety divisions are OPERABLE. (While this ACTION allows more than two circuits to be inoperable, Regulatory Guide 1.93 assumed two circuits were all that were required by the LCO, and a loss of those two circuits resulted in a loss of all offsite power to the Class 1E AC Electrical Power Distribution System.

Thus, with the Plant Hatch design, a loss of more than two required offsite circuits results in the same conditions assumed in Regulatory Guide 1.93.) When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is appropriate. These features are designed with redundant safety related divisions, (i.e., single division systems are not included in the list). Redundant required features failures consist of any of these features that are inoperable because any inoperability is on a division redundant to a division with inoperable offsite circuits.

<U2 Insert B 3.8.1-2>

Unit 2 Insert B 3.8.1-2 C.4.2.1, C.4.2.2, and C.4.2.3 The Completion Time to restore the required Unit 1 DG to OPERABLE status may be extended to 19 days provided action is taken within 7 days to: 1) inhibit the swing DG from automatically aligning to the Unit 2 4.16 kV ESF bus, and 2) establish compensatory and risk management controls.

The C.4.2 Required Actions are modified by three Notes. Note 1 ensures the C.4.2 Required Actions are only applied during the DG outage period that includes replacement of the engine cylinder liners. Note 2 specifies that the C.4.2 ACTIONS are only applicable one time for each DG because they are only approved for one-time use. Note 3 limits the time period the C.4.2 ACTIONS may be used.

The extended Completion Time is subject to additional defense-in-depth measures and risk management actions to ensure adequate electrical power sources and safety related equipment are available in the event of a loss of the offsite electrical power system during the extended DG outage period.

The compensatory controls specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 15) consist of controls that must be established and maintained during the extended Completion Time period to preserve defense-in-depth. The requirement to establish and maintain features (i.e., systems, subsystems, and components) OPERABLE as a compensatory control may be performed as an administrative check, by examining logs or other information, to determine if the required features are out of service for maintenance or other reasons. It does not mean it is necessary to perform the Surveillances needed to demonstrate the OPERABILITY of the required features.

The risk evaluation performed, in accordance with RG 1.177 (Ref. 16), to extend the DG Completion Time to 19 days identified potentially high-risk configurations that could exist if equipment, in addition to the inoperable DG, were to be taken out of service simultaneously or other risk-significant operational factors, such as concurrent system or equipment testing. The risk management controls specified in Attachment 5 of SNC letter NL-20-1000 (Ref. 15) must be established and maintained, as applicable, during the extended Completion Time period to ensure appropriate restrictions on dominant risk-significant configurations associated with the extended Completion Time period are in place.

The 7 day Completion Time of Required Action C.4.2.1 corresponds to the time required by Required Action C.4.1 to restore the required Unit 1 DG to OPERABLE status with no additional restrictions or controls. If after the 7 day Completion Time while applying the C.4.2 ACTIONS, it is discovered that these controls are not met, a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from discovery of the required controls not met is allowed to reestablish the compensatory and risk management controls. The Completion Time is intended to allow the operator time to evaluate and re-establish any discovered control not met. This Completion Time also allows for an exception to the normal "time zero" for beginning the Completion Time "clock." Following the initial 7 days (while applying the C.4.2 ACTIONS) to establish the required controls, discovering one or more of the required controls not met results in starting the Completion Time for Required Action C.4.2.1. Twenty-four hours from the discovery of the required control(s) not met is acceptable because it minimizes risk while allowing time for re-establishing the control(s) before subjecting the unit to transients associated with shutdown while a DG is inoperable.

Unit 2 Insert B 3.8.1-2 (continued)

Required Action C.4.2.2 requires the swing DG to be inhibited from automatically aligning (on a LOCA or LOSP signal) to the other unit. This ensures two OPERABLE DGs are dedicated to each unit during a LOCA or LOSP event when a required Unit 1 DG is inoperable. The 7 day Completion Time of Required Action C.4.2.2 corresponds to the time required by Required Action C.4.1 to restore a required Unit 1 DG to OPERABLE status with no additional restrictions or controls.

Once Required Actions C.4.2.1 and C.4.2.2 are performed, the DG can be restored to OPERABLE status within 19 days. The extended Completion Time of Required Action C.4.2.3 represents a balance between the risk associated with continued plant operation with less than the required system or component redundancy and the risk associated with initiating a plant transient while transitioning the unit based on the loss of redundancy. With compensatory and risk management controls established, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The extended Completion Time takes into account the capacity and capability of the remaining AC sources, reasonable time for maintenance, and low probability of a DBA or an LSOP occurring during this period.

The Completion Time of Required Action C.4.2.3 is based on a defense-in-depth philosophy and risk informed using the plant PRA. The risk impact of the extended Completion Time has been evaluated pursuant to the risk assessment and management provisions of the Maintenance Rule, 10 CFR 50.65 (a)(4), and the associated implementation guidance, Regulatory Guide 1.160. Regulatory Guide 1.160 endorses the guidance in Section 11 of NUMARC 93-01. This guidance provides for the consideration of dynamic plant configuration issues, emergent conditions, and other aspects pertinent to plant operation with the DG inoperable for an extended period of time. These considerations may result in additional risk management and other compensatory actions being required during the extended period that the DG is inoperable.

$&6RXUFHV2SHUDWLQJ

%

+$7&+81,7

%

5(9,6,21

%$6(6FRQWLQXHG

5()(5(1&(6



&)5$SSHQGL[$*'&



)6$56HFWLRQVDQG



5HJXODWRU\\*XLGH0DUFK



)6$56HFWLRQ



)6$5&KDSWHU



5HJXODWRU\\*XLGH'HFHPEHU



• HQHULF/HWWHU



&)5$SSHQGL[$*'&



5HJXODWRU\\*XLGH$XJXVW



5HJXODWRU\\*XLGH2FWREHU



,(((6WDQGDUG



,(((6WDQGDUG



15&1R)LQDO3ROLF\\6WDWHPHQWRQ7HFKQLFDO 6SHFLILFDWLRQ,PSURYHPHQWV-XO\\



1('&$5HYLVLRQ7HFKQLFDO-XVWLILFDWLRQWR6XSSRUW 5LVN,QIRUPHG0RGLILFDWLRQWR6HOHFWHG5HTXLUHG(QG6WDWHV IRU%:53ODQWV'HFHPEHU

15. Attachment 5, "Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP)

Diesel Generator (DG) One-time 19-day Completion Time Allowance," Letter NL-20-1000 from C.A.

Gayheart (SNC) to the Document Control Desk (NRC),

dated August 23, 2020.

16. Regulatory Guide 1.177, May 2011.

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Supplemental Information to Support the Response to RAI-5.e Supplemental Information to Support the Response to RAI-5.e A4-1 OPHE-REC-PSW-F, Operators fail to Trip 1A DG and Recover Div 1 PSW following Fire HEP Summary P1 P2 Pcog Pexe Total HEP Method CBDTM HCR/ORE Maximum THERP HEP 1.68E-03 1.31E-05 1.68E-03 5.02E-02 5.18E-02 Distribution Type Beta Variance 1.97E-03 Identification and Definition Note: This action is not explicitly modeled in the FT logic instead is it included as part of OPHE-REC-PSW-F which only appears as a recovery HEP in the recovery rule file.

1. Initial conditions: Steady state full power

2. Initiating event:

Fire in 1101J

3. Accident sequence - preceding functional failures and successes Fire induced LOSP Reactor trip occurs Valves Turbine Building PSW isolation valves 1P41F310A and 1P41F310D to fail to automatically close on LOSP signal.

EDG starts and continues to run Operators successful trip EDGs due to reduced PSW flow

4. Procedural progression:

Operators enter EOPs Operators enter loss of PSW procedure

5. Operator action high level success criteria:

This action is a combination of the following four pieces

1. Operators fail to trip the EDGs - See analysis OPHETRIPEDG-F

2. Operators fail to diagnose valves 1P41F310A and 1P41F310D fail to close on LOSP. (Modeled using CBDTM for this action)

3. Operators fail to locally open either 1P41F310A and 1P41F310D

4. Operators fail to restart EDGs by removing Jumpers from the MCR

6. Consequence of failure: Core damage after battery depletion Supplemental Information to Support the Response to RAI-5.e A4-2 Analyst Notes This action is a combination of the following four pieces

1. Operators fail to trip the EDGs - See analysis OPHETRIPEDG-F

2. Operators fail to diagnose valves 1P41F310A and 1P41F310D fail to close on LOSP. (Modeled using CBDTM for this action)

3. Operators fail to open either 1P41F310A and 1P41F310D

4. Operators fail to restart EDGS Cues and Indications Initial Cue 650-133, PSW MAIN HDR DIV I PRESS LOW 650-144, PSW MAIN HDR DIV II PRESS LOW 650-155, PSW CR A/C HDR DIV I PRESS LOW 650-166, PSW CR A/C HDR DIV II PRESS LOW 652-110. PSW PRESS LOW Recovery Cue Cue Comments None of the cues are cable routed through fire area 1101J Valve position on 1P41-F310A and 1P41-F310D are available in the MCR.

Degree of Clarity Clarity of Cues and Indications are modeled explicitly in CBDTM Procedures Cognitive Procedure 652-110. PSW PRESS LOW (PSW PRESS LOW) Revision:

Cognitive Step Number 5.3 Cognitive Instruction Perform concurrently the actions of the following Abnormal AND Annunciator Response Procedures:

-34AB-P41-001-1 (Loss Of Plant Service Water)

Execution Procedure 34AB-P41-001-1 (LOSS OF PLANT SERVICE WATER) Revision: 11.4 Execution Instruction Step 4.2 RNO Confirm CLOSED/CLOSE 1P41-F310A, 1P41-F310B, 1P41-F310C, 1P41-F310D, PSW to Turbine Bldg Isolation Valves.

Job Performance Measure JPM: Not Selected Notes Loss of PSW is trained on at least once every 2 years.

Supplemental Information to Support the Response to RAI-5.e A4-3 Training Classroom Training 0.5 per year Simulator Training 0.5 per year Timing Analysis Tsw 5.16 Hours Tdelay 10 Minutes Tcog 15 Minutes Texe 15 Minutes Time available for cognition and recovery 284.6 Minutes Time available for recovery 269.6 Minutes SPAR-H Available time (cognitive) 284.6 Minutes SPAR-H Available time (execution) ratio 18.97 Minutes EPRI Minimum level of dependence for recovery ZD Notes Tsw = 5.16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> T = 0 is reactor trip T = 10 minutes - reactor is tripped by operators due to loss of PSW T= 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> +10 minutes. Battery depletion.

Tdelay = Time at which operators trip the EDGs successfully Tcog = 15 minutes - Time to recognize valves 1P41F310A and 1P41F310D to fail to automatically close on LOSP signal. Operators know PSW flow is low but need to recognize cause of low flow. Valves cannot be opened from the MCR due to loss of control power.

Texe = 15 minutes - Time to locally close either 1P41F310A and 1P41F310D.

Supplemental Information to Support the Response to RAI-5.e A4-4 Cognitive Analysis Pc Failure Mechanism Branch HEP Pca: Availability of Information a

0.00E+00 Pcb: Failure of Attention m

1.50E-02 Pcc: Misread/miscommunicate data a

0.00E+00 Pcd: Information misleading a

0.00E+00 Pce: Skip a step in procedure e

1.98E-03 Pcf: Misinterpret Instructions a

0.00E+00 Pcg: Misinterpret decision logic g

1.02E-02 Pch: Deliberate violation a

0.00E+00 Initial Pc(without recovery credited) 2.72E-02 Notes This analysis assumes that all cues and indications about PSW are available in the MCR.

Step to trip the EDGS is graphically distinct and the AND/OR Logic is clearly split apart in a diagram.

Workload will be high following a fire induced LOSP.

Based on operator interviews there would be no reluctance to trip the EDGs and cause and SBO. Operators believe that the procedures will get them to safe and stable and that by tripping the EDGs they may still be able to recover PSW and get the EDGS back.

Cognitive Recovery Initial HEP Self Review Extra Crew STA Review Shift Change ERF Review Recovery Matrix Dependency Level Multiply HEP by Override Value Final Value Pca n/a 1.00E+00 0.0 Pcb 1.50E-02 X

LD 6.43E-02 9.64E-04 Pcc n/a 1.00E+00 0.0 Pcd n/a 1.00E+00 0.0 Pce 1.98E-03 X

LD 5.19E-02 1.03E-04 Pcf n/a 1.00E+00 0.0 Pcg 1.02E-02 X

LD 5.97E-02 6.09E-04 Pch n/a 1.00E+00 0.0 Final Pc (with recovery credited) 1.68E-03 Notes There is over 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> available for recovery Supplemental Information to Support the Response to RAI-5.e A4-5 Sigma Table Plant Type Response Type LB Sigma UB BWR CP1 0.4 0.7 1

CP2 0.2 0.58 0.96 CP3 0.59 0.75 0.91 PWR CP1 0.26 0.57 0.88 CP2 0.07 0.38 0.69 CP3 0.77 Sigma:

7.00E-01 HEP:

1.31E-05 Notes/Assumptions Execution Performance Shaping Factors Environment Lighting Emergency Heat/Humidity Hot/Humid Radiation Non Radiation Area Atmosphere Normal Special Requirements Tools Required Complexity of Response Execution Complex Equipment Accessibility (Cognitive)

Main Control Room Accessible Equipment Accessibility (Execution)

Main Control Room Accessible Stress High Plant Response As Expected:

Yes Workload:

N/A Performance Shaping Factors:

N/A Notes Stress will be high following a fire event. The plant is not responding as expected because PSW failed and the operators know that by tripping the EDGs they are going to create a SBO.

The manipulating the valves in the PIT will be hot and humid. The valve pit has emergency light packs in it Valves are key locked but operators have keys Supplemental Information to Support the Response to RAI-5.e A4-6 Execution Unrecovered Procedure Comment Stress Factor Override Step No.

Instruction / Comment Error Type THERP HEP Table Item OPHETRIPEDG-F EOM High 0.04948342 Location:

Main Control Room Total Step HEP 4.95E-02 Locally Close 1P41-F310A and 1P41-F310D EOM 20-7 1

1.3E-3 High EOC 20-13 2

3.80E-03 Location:

Main Control Room Total Step HEP 2.55E-02 Restart EDGs Restart EDGs by removing Jumpers in MCR EOM High EOC 99 1

1.00E-02 Location:

Main Control Room Total Step HEP 5.00E-02 Self Review The 1 E-2 probability included dependency so no additional dependency equation are needed.

There is over 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> available for recovery EOM 1.3E-3 High 1E-2 Location:

Main Control Room Total Step HEP 1.00E-02 Supplemental Information to Support the Response to RAI-5.e A4-7 Execution Recovered Critical Step No.

Recovery Step No.

Action HEP (Crit)

HEP (Rec)

Dep.

Cond. HEP (Rec)

Total for Step OPHETRIPEDG-F 4.95E-02 4.95E-02 Locally Close 1P41-F310A and 1P41-F310D 2.55E-02 2.55E-04 Self Review The 1 E-2 probability included dependency so no additional dependency equation are needed. There is over 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> available for recovery 1.00E-02 ZD 1.00E-02 Restart EDGs Restart EDGs by removing Jumpers in MCR 5.00E-02 5.00E-04 Self Review The 1 E-2 probability included dependency so no additional dependency equation are needed. There is over 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> available for recovery 1.00E-02 ZD 1.00E-02 Total Unrecovered:

1.25E-01 Total Recovered:

5.02E-02 Supplemental Information to Support the Response to RAI-5.e A4-8 OPHETRIPEDG-F, Operators fail to Trip EDG with loss of PSW following Fire HEP Summary P1 P2 Pcog Pexe Total HEP Method CBDTM HCR/ORE Maximum THERP HEP 2.73E-03 3.68E-02 3.68E-02 1.32E-02 4.95E-02 Distribution Type Beta Variance 1.81E-03 Identification and Definition

1. Initial conditions: Steady state full power

2. Initiating event:

Fire in 1101J

3. Accident sequence - preceding functional failures and successes Fire induced LOSP Reactor trip occurs Valves Turbine Building PSW isolation valves 1P41F310A and 1P41F310D to fail to automatically close on LOSP signal. PSW is running successfully.

EDG starts and continues to run.

4. Procedural progression:

Enter reactor trip procedure

5. Operator action high level success criteria:

Diagnose loss of PSW Trip EDGs from the MCR lack of PSW cooling water.

Tripping the EDGs would require the auto start signal to be jumped out from the MCR

6. Consequence of failure: Failure of EDGs which cannot be recovered.

7. Success of actions leads to plant induced SBO.

Supplemental Information to Support the Response to RAI-5.e A4-9 Cues and Indications Initial Cue EDG Running PSW is lost AND EITHER Lube Oil Temp  220F OR Jacket Coolant Temp  195F Recovery Cue Cue Comments The following cues are credited in the fire PRA and are not impacted by fires in 1101J 34AR-R43-102-1 (LUBE OIL TEMPERATURE HIGH) 34AR-R43-104-1 (JACKET COOLANT TEMPERATURE HIGH) 650-133, PSW MAIN HDR DIV I PRESS LOW 650-144, PSW MAIN HDR DIV II PRESS LOW 650-155, PSW CR A/C HDR DIV I PRESS LOW 650-166, PSW CR A/C HDR DIV II PRESS LOW Degree of Clarity Clarity of Cues and Indications are modeled explicitly in CBDTM Supplemental Information to Support the Response to RAI-5.e A4-10 Procedures Cognitive Procedure 34AB-P41-001-1 (LOSS OF PLANT SERVICE WATER) Revision: 11.4 Cognitive Step Number 4.6.6 Cognitive Instruction IF a D/G is running AND PSW IS LOST AND PSW CANNOT be restored Either Lube Oil Temp  220F OR Jacket Coolant Temp  195F OR It is evident that continued operation of the D/G will NOT assist recovery actions (4160V Bus damage, PSW still not available, etc)

THEN TRIP Diesel Generator Locally OR From C/R per the applicable subsection of 34SO-R43-001-1 Execution Procedure 34AB-P41-001-1 (LOSS OF PLANT SERVICE WATER) Revision: 11.4 Execution Instruction Trip EDGs from the MCR 34SO-R42-001-01 Attachment 11 will need to be followed to jumper out the EDGs due to LOSP auto start signal present.

Job Performance Measure JPM: Not Selected Notes Loss of PSW is trained on at least once every 2 years.

Training Classroom Training 0.5 per year Simulator Training 0.5 per year Supplemental Information to Support the Response to RAI-5.e A4-11 Analyst Notes This action must be successful in order for the operators to consider recovery of PSW valves 1P41F310A and 1P41F310D to fail to automatically close.

This action is not explicitly modeled in the FT logic instead is it included as part of OPHE-REC-PSW-F which only appears as a recovery HEP in the recovery rule file.

Operator Int+erview Insights

[Operator] was interviewed on 7/24/2019 via phone about tripping the EDGs following a seismic event. These insights would also be applicable to fire scenarios as well.

Action 1 - Trip the EDGs due to loss of PSW Diagnosis of loss of PSW will easy due to high temperature alarms on the EDGs. Once diagnosis of loss of PSW is made the crew will enter loss of PSW procedure.

PSW should auto start on LOSP so the operators wont spend too much time trying to get the system started. They might try and start the pumps from the MCR before determining that they need to trip the EDGs From the time of the reactor trip until the operators consider tripping the EDG was estimated to be a least 3 minutes but perhaps slightly longer.

The crew is not reluctant to trip the EDGS and cause an induced SBO because they trust that their procedure will get them to the safe and stable. Tripping the EDGs does not preclude the operators from re-starting the EDG if they can get PSW running again.

The action to trip the EDGs is complicated by the fact that the LOSP is cause the EDGs to auto start. In order to trip the EDGs the operators must jumper out the auto start logic from the MCR. There is 1 jumper required per EDG and this guidance to jumper out the EDGs is included in Attachment 11 of 34SO-R43-001-1. It will take up to 5 minute to jumper out the EDGs from the MCR once the decision is made to trip the EDGs. If the PSW is recovered and the EDGs are to re-start the crew will need to uninstall the jumpers so that the auto start logic and sequencer will run.

There is no timing requirement to trip the EDGs. Training has asked for a requirement, but no one will put an exact time on when the EDGs will fail. There is a note in 34SO-R43-001-1 which says Per the FSAR a DG can run fully loaded for > 3 minutes with no cooling water. Ken was unsure why there is a minimum timing requirement here and not the time the EDG must be shut down.

Training on loss of PSW occurs once every 2 years, Training on SBO occurs once every 2 years at well. SBO and new procedure guidance (FLEX) has more training recently due to all the procedure improvements. Currently SBO is being trained on about once a year.

A second interview was performed to confirm what was discussed on 7/24

[Operator 2] confirmed what was stated by [Operator 1] but added the following insights Due to the LOSP the EDG could be tripped either locally or they could be jumped out from the MCR. The time to jumper out each DG from the MCR vs locally would be about the same. Immediately following the reactor trip and noticing that the DG were running it is plant policy to send a local operator to start monitoring DG even if they successful start and run. Given the seismic event the local operators would already have been sent to the DG in order to ensure that the DGs are functioning correctly.

The execution to jumper out the DG signal would not be complicated and is covered in Attachment 11 of 34SO-R43-001-1.

[Operator 2] confirmed it would take It will take up to 5 minute to jumper out the EDGs from the MCR once the decision is made to trip the EDGs. In addition, there would be no hesitation among crew to trip the DG creating and SBO given the loss of PSW.

Supplemental Information to Support the Response to RAI-5.e A4-12 Timing Analysis Tsw 15 Minutes Tdelay 3 Minutes Tcog 2 Minutes Texe 5 Minutes Time available for cognition and recovery 7 Minutes Time available for recovery 5 Minutes SPAR-H Available time (cognitive) 7 Minutes SPAR-H Available time (execution) ratio 2.00 Minutes EPRI Minimum level of dependence for recovery HD Notes Tsw = 15 minutes, High temperature (195 F) alarm reached within 14.8 minutes with the EDG at 100% load.,

Tdelay = 3 minutes - Time to address reactor trip and immediate memorized actions following LOSP and Fire.

Tcog = 2 minutes - Time to try and recover PSW flow path from MCR and quickly diagnose the PSW cannot be recovered. This also includes time to recognize that EDGs must be jumped out.

Texe = 5 minutes - Based on operator interview estimated to jumper out both EDGs. the other unit will be performing the same action at the same time.

Supplemental Information to Support the Response to RAI-5.e A4-13 Cognitive Analysis Pc Failure Mechanism Branch HEP Pca: Availability of Information a

0.00E+00 Pcb: Failure of Attention l

7.50E-04 Pcc: Misread/miscommunicate data a

0.00E+00 Pcd: Information misleading a

0.00E+00 Pce: Skip a step in procedure e

1.98E-03 Pcf: Misinterpret Instructions a

0.00E+00 Pcg: Misinterpret decision logic k

0.00E+00 Pch: Deliberate violation a

0.00E+00 Initial Pc(without recovery credited) 2.73E-03 Notes This action is credited for fires in 1101J and for this fire, all cues and indications about PSW are available in the MCR.

Step to trip the EDGS is graphically distinct and the AND/OR Logic is clearly split apart in a diagram.

Workload will be high following a fire induced LOSP.

Based on operator interviews there would be no reluctance to trip the EDGs and cause and SBO. Operators believe that the procedures will get them to safe and stable and that by tripping the EDGs they may still be able to recovery PSW and get the EDGS back.

Cognitive Recovery Initial HEP Self Review Extra Crew STA Review Shift Change ERF Review Recovery Matrix Dependency Level Multiply HEP by Override Value Final Value Pca n/a 1.00E+00 0.0 Pcb 7.50E-04 1.00E+00 7.50E-04 Pcc n/a 1.00E+00 0.0 Pcd n/a 1.00E+00 0.0 Pce 1.98E-03 1.00E+00 1.98E-03 Pcf n/a 1.00E+00 0.0 Pcg n/a 1.00E+00 0.0 Pch n/a 1.00E+00 0.0 Final Pc (with recovery credited) 2.73E-03 Notes Due to the short time available no credit is given for recoveries.

Supplemental Information to Support the Response to RAI-5.e A4-14 Sigma Table Plant Type Response Type LB Sigma UB BWR CP1 0.4 0.7 1

CP2 0.2 0.58 0.96 CP3 0.59 0.75 0.91 PWR CP1 0.26 0.57 0.88 CP2 0.07 0.38 0.69 CP3 0.77 Sigma:

7.00E-01 HEP:

3.68E-02 Notes/Assumptions Execution Performance Shaping Factors Environment Lighting Normal Heat/Humidity Normal Radiation Non Radiation Area Atmosphere Normal Special Requirements Tools Required Complexity of Response Execution Simple Equipment Accessibility (Cognitive)

Main Control Room Accessible Equipment Accessibility (Execution)

Main Control Room Accessible Stress High Plant Response As Expected:

Yes Workload:

N/A Performance Shaping Factors:

N/A Notes Stress will be high following a seismic event. The plant is not responding as expected because PSW failed and the operators know that by tripping the EDGs they are going to create a SBO.

Revised LAR Table 4-6, Maintenance Events Prohibited by Procedure A4-15 Execution Unrecovered Procedure Comment Stress Factor Override Step No.

Instruction / Comment Error Type THERP HEP Tabl e

Ite m

1 Jumper out each EDG EOM 20-7b 1

4.3E-4 High EOC 20-12 13 1.30E-02 EOC 20-12 13 1.30E-02 Location:

Main Control Room Total Step HEP 1.32E-01 Self Review If the EDG successfully trip an SBO would be obvious to MCR. In addition in order to jumper out each EDG the crew will need to complete a check off list in Attachment 11 of 34SO-R43-001-1 with a SS signature required when complete. The 0.1 takes credit for the signature along with the obvious cue of SBO in the MCR.

EOM 20-7b 1

4.3E-4 High

0.1 Location

Main Control Room Total Step HEP 1.00E-01 Execution Recovered Critical Step No.

Recovery Step No.

Action HEP (Crit)

HEP (Rec)

Dep.

Cond. HEP (Rec)

Total for Step 1

Jumper out each EDG 1.32E-01 1.32E-02 Self Review If the EDG successfully trip an SBO would be obvious to MCR. In addition in order to jumper out each EDG the crew will need to complete a check off list in Attachment 11 of 34SO-R43-001-1 with a SS signature required when complete. The 0.1 takes credit for the signature along with the obvious cue of SBO in the MCR.

1.00E-01 ZD 1.00E-01 Total Unrecovered:

1.32E-01 Total Recovered:

1.32E-02

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP) Diesel Generator (DG) One-time 19-day Completion Time Allowance Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP) Diesel Generator (DG) One-time 19-day Completion Time Allowance A5-1 The compensatory and risk management controls necessary to comply with Unit 1 Technical Specification (TS) 3.8.1, AC Sources - Operating, Required Action B.4.2.1 and Unit 2 TS 3.8.1, Required Actions B.4.2.1 and C.4.2.1 are specified herein. Unless otherwise stated, systems and components listed herein are those associated with that specific unit. Any difference between controls for Unit 1 TS and Unit 2 TS are annotated herein.

The following defense-in-depth controls (i.e., compensatory controls) are required to be established and maintained during the extended Completion Time period:

Three qualified circuits between the offsite transmission network and the onsite Class 1E Electrical Distribution System (i.e., station auxiliary transformers (SATs) and associated circuit paths to the 4.16 kV engineered safety feature (ESF) buses) per unit must be OPERABLE and aligned to their respective 4.16 kV ESF bus and no SAT will supply more than one 4.16 kV ESF bus; Feeder lines from the 230 kV switchyard to the primary of each SAT will be protected and no discretionary maintenance or testing will be scheduled on these lines for the duration of the extended Completion Time period; No discretionary maintenance or testing will be scheduled in the 500 kV or 230 kV switchyards that could affect the stability of the feeder lines to the SATs; Electrical system load dispatcher will be contacted once per day to verify multiple line contingencies are available and to ensure no significant grid perturbations (i.e., high grid loading unable to withstand a single contingency of line or generation outage) are expected during the extended DG maintenance period; Each automatic transfer of unit power supply from the normal offsite circuit to the alternate offsite circuit must be OPERABLE for each Class 1E 4.16 kV ESF bus; (Unit 1 TS) At least two DGs must be OPERABLE to Unit 1 (i.e., any combination of Unit 1 DGs (1A and 1C) and the swing DG (1B));

(Unit 2 TS) Unit 2 DGs (2A and 2C) must be OPERABLE; High Pressure Coolant Injection and Reactor Core Isolation Cooling Systems must be OPERABLE; For each residual heat removal loop, either the shutdown cooling (SDC) mode must be OPERABLE or the low pressure coolant injection alternate SDC mode must be available; and Preplanned maintenance on any sensitive or critical equipment will be rescheduled during periods of severe weather forecasts.

Compensatory and Risk Management Controls for Hatch Nuclear Plant (HNP) Diesel Generator (DG) One-time 19-day Completion Time Allowance A5-2 The following RG 1.177 Tier 2 risk management controls must be established and maintained during the extended Completion Time period:

(Applicable to DGs 1A, 1B, and 1C) Systems and components specified in Appendix A of the plant online configuration risk management program will be maintained available and no discretionary maintenance or testing will be scheduled on these systems or components; and (Only applicable to DG 1C) No discretionary maintenance or testing, including fire protection surveillances, will be scheduled on any equipment in the cable spreading room during the extended completion time and access will be limited to fire watches, on shift operations personnel; and security personnel for the purposes of required area surveillance and inspection.

Edwin I. Hatch Nuclear Plant - Units 1 and 2 License Amendment Request to Revise the Required Actions of Technical Specifications 3.8.1, AC Sources - Operating, for One-Time Extension of Completion Time for Unit 1 and Swing Emergency Diesel Generators SNC Responses to NRC Requests for Additional Information Revised LAR Table 4-6, Maintenance Events Prohibited by Procedure Revised LAR Table 4-6, Maintenance Events Prohibited by Procedure A6-1 Table 4-6, Maintenance Events Prohibited by Procedure Configuration Risk Management Procedural Restrictions for No Maintenance HPCI RCIC Division 1 of RHRSW RHRSW pumps A and C and their associated breakers Division 2 of RHRSW RHRSW pumps B and D and their associated breakers Division 1 of LPCI and Shutdown Cooling RHR pumps A and C Division 2 of LPCI and Shutdown Cooling RHR pumps B and D Division 1 or division 2 of Suppression Pool Cooling PSW pumps A, B, C, and D and their associated breakers MCC 1R24S026 to DG 1B support systems Core Spray pumps A and B and their associated breakers Diesel batteries and the associated components which are necessary for the batteries to perform their function Station Service batteries and the associated components which are necessary for the batteries to perform their function RBCCW Pumps A, B and C and the associated breakers*

The CD transformer used to bring alternate power to either 600VAC C or 600VAC D Startup Transformers C, D and E RPS MG Sets A and B Main Control Room A/C systems A, B and C and associated motor control centers Closed Cooling Water pumps A and B for the Station Service Air Compressors LPCI loop A and B injection path components MCR A/C Exhaust fans A and B and associated breakers CRD Pump A and B and associated breakers

• NOTE: Scheduling of concurrent EDG and RBCCW work should be avoided, but IF required due to unplanned conditions this is allowed by the risk model with the minimum configuration of 2 (two) RBCCW Pumps and 1 (one) Heat Exchanger to ensure the system remains functional.