ML20237D759
| ML20237D759 | |
| Person / Time | |
|---|---|
| Site: | Wolf Creek  |
| Issue date: | 12/16/1987 |
| From: | Office of Nuclear Reactor Regulation |
| To: | |
| Shared Package | |
| ML20237D757 | List: |
| References | |
| NUDOCS 8712240169 | |
| Download: ML20237D759 (11) | |
Text
- . _ _ _ _ _
I
./#% % UNITED STATES ENCLOSURE 1 ;
8' ..,.
NUCLE AR REGULATORY COMMISSION
- A j WASHINGTON, D. C. 20555 a, % '
,c 4
9 . . . . ,6,
_ SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION COMPLIANCE WITH ATWS RULE 10 CFR 50.46 KANSAS GAS & ELECTRIC COMPANY KANSAS CITY POWER AND LICHT COMPANY l KANSAS ELECTRIC POWER COOPERATIVE, INC.
,. WOLF CREEK GENERATING STATION
1.0 INTRODUCTION
i On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62, " Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power !
Plants" (known as the ATWS Rule). The requirements of Section 10 CFR 50.62 l
apply to all commercial light-water-cooled nuclear power plants.
An ATWS is an anticipated operational occurrence (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) that is accompanied by a failure of the Reactor Trip System (RTS) to shut down the reactor. The ATWS Rule requires specific improvements in the design and operation of commercial nuclear power facilities to reduce the probability of failure to shut down the reactor following anticipated transients and to mitigate the consequences of an I ATWS event.
Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATVS mitigation system requirements for Westinghouse plants. Equipment diverse from the RTS is required to initiate the auxiliary feedwater (AFW) system and a turbine trip for ATWS events. In response to paragraph (c)(1), the Westinghouse Owners' Group (WOG) developed a set of conceptual designs generic to Westinghouse plants. WOG issued Westinghouse Topical Report WCAP-10858, "AMSAC Generic Design Package," which provides information on the various Westinghouse designs.
l The staff reviewed WCAP-10858 and issued a safety evaluation of the subject topical report on July'7, 1986 (Ref. 1). In this safety evaluation, the staff is sme -
8712240169 e71216 2 >
DR ADDCK 0500 l
concluded that the generic designs presented in WCAP-10858 adequately meet the requirements of 10 CFR 50.62. The approved version of the WCAP is labeled WCAP-10858-P-A.
During the course of the staff's review of the proposed AMSAC design the WOG issued Addendum 1 to WCAP-10858-P-A by letter dated February 26, 1987 (Ref. 2).
This Addendum changed the setpoint of the C-20 AMSAC permissive signal from 70%
reactor power to 40% power. On August 3, 1987, the WOG issued Revision 1 to WCAP-10858-P-A (Ref. 3), which incorporated Addendum 1 changes and provided details on changes associated with a new variable timer and the C-20 time delay.
For those . plants' selecting either the feedwater flow or the feedwater_ pump /
valve status le]ic option, a variable delay timer is to be incorporated into the AMSAC actuation logics. The variable time delay will be inverse to reactor power and will approximate the time that the steam generator takes to boil down to the low-low level setpoint upon a loss of main feedwater (MFW) from any given reactor power level between 40% and 100% power. The time delay on the C-20 permissive signal for all logics will be lengthened to incorporate the maximum time that the steam generator takes to boil down to the low-low level setpoint upon a loss of MFW with the reactor operating at 40% power.. The staff considers the Revision 1 changes to be acceptable.
Paragraph (c)(6) of the ATWS Rule requires that detailed information to demonstrate compliance with the requirements be submitted to the Director, Office of Nuclear Reactor Regulation (NRR). In accordance with paragraph (c)(6) of the ATWS Rule, Wolf Creek Nuclear Operating Corporation (WCNOC)-
provided information by letter, dated March 20,1987 (Ref. 4). The letter forwarded the detailed design description of the ATWS Mitigation System Actuation Circuitry (AMSAC) proposed for installation at the Wolf Creek Generating Station.
1 The staff held a conference call with the licensee on March 31, 1987 to discuss their AMSAC design and the information contained in Addendum 1 to the WCAP. As a result, the licensee responded with additional information on April 16, 1987 (Ref. 5). The response raised additional questions, and the staff held a
- t. - - _ _ _ _ _ _
\
second conference call with the licensee on July 2, ~1987 to clarify information provided in the submittals.
After staff review of Revision 1 to the WCAP, an additional telephone call with the licensee became necessary. This call was held on October 2, 1987.
The staff discussed the impact of Revision 1 on the licensee's proposed AMSAC-design. In a letter dated October 5, 1987 (Ref. 6), the licensee committed to the new C-20 time delay described in Revision 1 of the WCAP.
~
2.0 REVIEW CRITERIA The systems and equipment required by 10 CFR 50.62 do not have to meet all of the stringent requirements normally applied to safety-related equipment..
However, the equipment required by the ATWS Rule should be of sufficiont quality and reliability to perform its intended function while mininiili;*g the potential for transients that challenge other safety systems, e.g. , inadvertent scrams.
The following review criteria were used to evaluate the licensee's submittals:
- 1. The ATWS Rule, 10 CFR 50.62.
- 2. " Considerations Regarding Systems and Equipment Criteria,"
published in the Federal Register, Volume 49, No.124, dated June 26, 1984. ]
- 3. Generic Letter 85-06, " Quality Assurance Guidance for ATWS Equipment That Is Not Safety Related."
l
- 4. Safety Evaluation of WCAP-10858. (Ref. 1) ;
- 5. WCAP-10858-P-A, Revision 1. (Ref. 3) i
{
e 3.0 DISCUSSION AND EVALUATION To determine that conditions indicative of an ATWS event are present, the licensee has elected to implement the generic WCAP-10858-P-A AMSAC design associated with monitoring the steam generator water level and activating the AMSAC.when the water level is below the low-low setpoint. Also, as addressed in the introduction section, the licensee will implement the new time delay associated with the C-20 permissive as required by Revision 1 to the WCAP.
Many details and interfaces associated with the implementation of the final AMSAC design are of a plant-specific nature. In its safety evaluation of M AP-10858, the staff identified 14 key elements that require resolution for each plant design. The following paragraphs provide a discussion on Wolf Creek's compliance with respect to each of the plant-specific elements.
- 1. Diversity The plant design should include adequate diversity between the AMSAC equipment and.the existing Reactor Protection System (RPS) equipment.
Reasonable equipment diversity, to the extent practicable, is required to minimize the potential for common-cause failures.
. The licensee will utilize the existing Class IE steam generator (SG) water level sensing instrumentation as input to AMSAC. The licensee has stated that this instrumentation is different than that used to drive the SG 1evel control system. The licensee has committed to implement AMSAC equipment that will be of a different design and diverse from equipment used in the RPS. The AMSAC output. signals will interface with existing auxiliary feedwater (AFW) pump and turbine trip circuitry which is diverse from the RPS actuation equipment. The staff finds the licensee's commitment acceptable subject to the satisfactory implementation of p diverse AMSAC logic equipment.
i w____--_---_------ - - _ _ -. - - _ - - - - - - -
- 5 '-
4
- 2. Logic Power Supplies-Logic power supplies need not be Class 1E, but must be capable of perform-ing safety functions upon a loss of offsite power. The logic power must come.from a power source that is independent from the RPS power supplies.
-The licensee.has provided information verifying that the logic power supplies used for AMSAC are independent from the RPS power supplies and will function during the loss of offsite power. The AMSAC power will be from a 125 Vdc non-Class 1E DC bus.
- 3. Safety-Related Interface The implementation of the ATWS Rule shall be such that the existing Reactor
. Protection System continues to meet all applicable safety criteria.
The licensee has stated that the proposed AMSAC design.for the Wolf Creek Station interfaces with the RPS, the Balance of Plant Emergency Safety Features Actuation System (80P-ESFAS), and the Solid State Protection System (SSPS). These interfaces are protected by Class 1E isolation devices, and the existing separation' criteria between safety related and nonsafety-related systems, will continue to be met as described in Wolf.
Creek's Final Safety Analysis Report (FSAR), Section 8.3. Refer to Item 9 for further discussion on this issue.
- 4. Quality Assurance This element requires the licensee to provide information regarding compliance with Generic Letter (GL)85-06, " Quality Assurance for ATWS Equipment That Is Not Safety Related."
t l-The licensee has developed a quality assurance program for the Wolf Creek Station that is applicable to the nonsafety related AMSAC equipment. The
(
l
quality assurance program is based on the guidelines presented in Generic Letter 85-06 and is under the management of the licensee's Quality Assurance Division.
- 5. Maintenance Bypasses Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indicaticas should be incorporated into the continuous indication of bypass status in the control room.
The licensee has stated that, during maintenance or surveillance of the AMSAC system or sensor inputs, the AMSAC output sigrals will be bypassed using a permanently installed bypass switch located at the AMSAC control panel. Indication of the AMSAC bypass will be continuously provided by the AMSAC Bypass /0ff normal status alarm window which will be located on the main control board.
- 6. 0 Operating Bypasses The operating bypasses should be indicated continuously in the control room. Diversity and independence of the C-20 permissive signal should be provided.
The licensee has provided information stating that the AMSAC will be f<
automatically bypassed below 40% reactor power as indicated by the turbine
[
first-stage impulse pressure. This is a " normal" condition, which will I not be indicated or alarmed. " Normal" conditions at the Wolf Creek l j
Station, in keeping with the " dark board" human factors concept for the t j
main control boards, will not result in an alarm indication. However, if the AMSAC is not enabled above 40% power, the AMSAC Bypass /0ff normal alarm will sound and illuminate on the main control board. It is the staff's understanding that the licensee will conduct a human factors 1
.c review of the bypass controls / annunciator consistent with the plant's detailed control room design process. The C-20 permissive signal is derived from existing protection system instrumentation and is processed by the AMSAC: logic circuitry which is diverse from the protection system.
The staff considers this issue to be acceptable subject to the satisfactory completion of the licensee's human factors review.
'7. Means for Bypasses The means for bypassing shall be accomplished by the use of a permanently installed, human-factored bypass switch or similar device. Disallowed
. methods for bypassing mentioned in the guidance should not be utilized.
The licensee' stated that bypassing AMSAC during testing and maintenance will be accomplished with a permanently installed bypass switch. The disallowed methods for bypassing, such'as lifting leads, pulling fuses, blocking relays, or tripping breakers, are not used. It is the staff's understanding that the licensee will conduct a human factors review of the bypass controls / indication consistent with the plant's detailed control room design process. This issue is considered resolved pending satisfactory completion of the licensees human f actors review.
- 8. Manual Initiation Manual initiation capability at the system level must be provided.
The licensee discussed how manual turbine trip and auxiliary feedwater actuation are accomplished by the operator. The licensee stated that existing manual controls for turbine trip and AFW actuation are located in the main control room and will be used by the operator to manually perform the AMSAC function if necessary. No additional manual initiation capability is required as a result of installing the AMSAC equipment. j 1
l
r
)
1
, . i 1
l
- 9. Electrical Independence From Existing Reactor Protection System ,
l 3
Electrical independence is required from the sensor output to the final actuation device, at which point nonsafety-related circuits must be j isolated from safety-related circuits by qualified Class 1E isolators. '
The licensee discusseJ how electrical independence is to be achieved. The j
proposed design requires isolation between AMSAC and the Class 1E circuits associated with the steam generators, the RPS, and the 80P-ESFAS. The required 1
isolation is achieved using Westinghouse 7300 series isolation devices and Struthers-Dunn 219 frame relays. Both devices are acceptable for use as isolation devices. Also, the entire AMSAC design will meet the electrical separation criteria established for the Wolf Creek Station as described in FSAR Section 8.3.
- 10. Physical Separation From Existing Reactor Protection System The implementation of the ATWS mitigating system must be such that the separation criteria applied to the existing Reactor Protection System are not violated.
The licensee has stated that the AMSAC equipment will be physically separated from the existing RPS, and the AMSAC cable routing will be in accordance with the separation criteria described in the Wolf Creek Station FSAR, Section 8.3.1.4.
- 11. Environmental Qualification The plant-specific submittal is required to address the environmental qualification of ATWS equipment for anticipated operational occurrences.
! The staff was informed that the AMSAC cabinet and input isolators will be located in the cotnrol room area which is considered a mild environment
! area. The AMSAC output isolation devices will be qualified for environ-mental conditions associated with anticipated operational occurrences.
l l.
F --
r
.3
' ]
)
i c
.12. Testability-at Power Measures to test the ATWS mitigating system before installation, as'well
.as periodically, are to be established. Testing of the system may be i performed with the system in the bypass mode. The end-to-en'd testing, l 1.e.,'from sensor through final actuation device, should be performed with the plant shut down.
L The licensee has stated that the AMSAC equipment will be tested prior to being placed in operation and'that the system will be tasted through the
~
final actuation device at every refueling outage. The AMSAC system will be testable at power in the bypass mode in accordance with procedures approved for the Wolf Creek Station. Bypassing AMSAC for testing and returning the system to service will be controlled by' administrative procedures.
It is the staff's understanding that the licensee will conduct a human factors review'of the controls and indications used for testing purposes that is consistent with the stations detailed control room design process.
This issue is considered resolved pending satisfactory completion of the licensee's human factors review.
- 13. Completion of Mitigative Action The licensee is required to verify that (1) the protective action, once initiated, goes to completion and (2) the subsequent return to operation requires deliberate operator action.
The licensee responded that once initiated, the mitigative action will go to completion. The AMSAC will provide a trip signal to the 125 VDC trip bus in the turbine electrohydraulic control (EHC) cabinet. The bus is then
" locked in the trip condition, consistent with the existing plant turbine trip circuitry. The AMSAC actuation signal will also start the AFW pumps
i
[
through the BOP-ESFAS. The BOP-ESFAS has been designed to complete the
, mitigative action in accorcince with IEEE Std 279-1971, paragraph 4.16.
Deliberate manual action on the part of the operator is required to reset the turbine trip circuitry and to restore the AFW pumps to standby status.
- 14. . Technical Specifications The equipment required by the ATWS Rule to reduce the risk associated with an ATWS event must be designed to perform its functions in a reliable manner. A method acceptable to the staff for demonstrating that the !
equipment satisfies the reliability requirements of the ATWS Rule is to provide AMSAC technical specifications. Such technical specifications would include operability and surveillance requirements.
The licensee responded that no technical specification action is proposed !
with respect to the AMSAC. The licensee stated that'the system does not meet NRC criteria for inclusion in the technical specifications. The surveillance interval and actions required to service the AMSAC will be administratively controlled using station procedures. 1 In its' interim Commission Policy Statement of Technical Specification Improvements for Nuclear Power Plants [52 Federal Register 3788, February 6, 1987], the Commission established a specific set of objective criteria for determining which regulatory requirements and-operating restrictions should be included in technical specifications. The staff is presently reviewing ATWS requirements to criteria in this Policy Statement to determine whether and to what extent technical specifications are appropriate. Accordingly, this aspect of the staff review remains open pending completion of,'and subject to the results of, the staff's further review. The staff will provide guidance regarding the technical specification requirementsforAMSkNata'laterdate.
}
E " ,
1
- 11'-
4.0 CONCLUSION
The staf f concludes, subject to final resolution of the technical speci-1 fication issue, that the AMSAC design proposed by Wolf Creek Nuclear Operating Corporation for the Wolf. Creek Generating Station is acceptable -
and is in compliance with the ATWS Rule, 10 CFR 50.62, paragraph (c)(1).
The staff's' conclusion is further subject to the successful completion of certain noted human factors engineering reviews to which the licensee has committed. Until' staff review is completed regarding the use of technical specifications for ATWS requirements, the licensee should continue with the scheduled installation and implementation (planned operation) of the ATWS design utilizing administrative 1y controlled procedures.
5.0 REFERENCE
- 1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG),
" Acceptance for Referencing of Licensing Topical Report,"
July 7, 1986.
- 2. Letter, R. A. Newton (WOG) to J. Lyons (NRC), " Westinghouse Owners' Group Addendum 1 to WCAP-10858-P-A and WCAP-11233-A:
AMSAC Generic Design Package," February 26, 1987.
- 3. Letter, R. A. Newcon (WOG) to J. Lyons (NRC), " Westinghouse Owner's Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1, AMSAC Generic Design Package," August 3, 1987.
- 4. Letter, B. D. Withers (WCNOC) to U.S. NRC, "ATWS Mitigating System Actuation Circuitry - 10 CFR 50.62," March 20,1987.
- 5. Letter, B. D. Withers (WCNOC) to U.S. NRC, " Response to NRC Questions Concerning AMSAC," April 16, 1987.
- 6. Letter, J. A. Bailey (WCNOC) to U.S. NRC, " Response for Additional Information Concerning AMSAC Generic Design ,
Package," October 5, 1987.
i l
I
_ _ _ _ _ _ _ _ _ _ . . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ . _ _ _ _ ________