ML22045A474

From kanterella
Jump to navigation Jump to search

NRC Comments on Draft TSTF-585, Rev 1, Provide an Alternative to the LCO 3.0.3 One-Hour Preparation Time
ML22045A474
Person / Time
Site: Technical Specifications Task Force
Issue date: 02/03/2022
From:
NRC/NRR/DSS
To:
Honcharik M
References
Download: ML22045A474 (4)
v  d  e


Text

Comments on Draft TSTF-585, Revision 1, Provide an Alternative to the LCO [Limiting Condition for Operation] 3.0.3 One-Hour Preparation Time (ADAMS Accession No. ML21337A109).

Risk-Informed Regulation

1) The NRC regulatory framework is risk informed. LCO 3.0.3 is based on deterministic evaluations that have determined that specific conditions have either been evaluated to require an immediate plant shutdown (direct entry) or have not yet been evaluated (default entry) and are currently considered to require action to immediately take the plant out of the condition where the equipment is required to be operable. The conditions that require LCO 3.0.3 entry result in the loss of important safety functions or redundancy. Considering that these conditions have previously been determined to require an immediate shutdown due to their safety significance, the proposed change lacks adequate justification. The acceptability in the proposal is based solely on the increase in risk without consideration of deterministic criteria. The proposal is not consistent with risk-informed regulation.
2) Section 3.2.1 lists four instances in the technical specifications (TSs) where the requirement for risk assessment and management has been previously incorporated.

The requirements for these existing instances are the same as proposed for the change to LCO 3.0.3.b:

a. LCO 3.0.4: Entry into the Mode or specified condition allowed only after the risk assessment is performed and necessary risk management actions are established.
b. LCO 3.0.8: Risk is (present tense) assessed and managed. 72/12-hour completion times based on low probability of seismic event.
c. LCO 3.0.9: Risk is (present tense) assessed and managed. 03-day/24-hour completion times based on the low risk associated with required barriers not being capable of performing their related support function.
d. Surveillance Requirement (SR) 3.0.3: Ample time is provided in the 24-hour delay period limit to assess risk and manage the impact.

In each of the cases referenced above, risk is assessed and managed before the Mode or specified condition is entered (LCO 3.0.4) or sufficient time is available in the completion time (LCOs 3.0.4 and 3.0.8) or delay period (SR 3.0.3) to assess/manage risk. These cases are not analogous to LCO 3.0.3.b wherein the unit is in an unanalyzed condition. The 1-hour time allotted prior to initiating action to place the unit in a lower mode allows time to prepare for beginning the required mode reductions - not for resolving the unanalyzed condition. Therefore, the referenced TS instances applying risk assessment/management do not provide precedent for expanding the LCO 3.0.3.b completion time to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for the unit to remain in an unanalyzed condition while the licensee attempt to assess and manage risk.

3) If the risk assessment and mitigative measures are not completed within the first hour and LCO 3.0.3.a is entered, can the plant later enter LCO 3.0.3.b for that occurrence?
4) Please explain how this change would intersect with risk informed completion time (RICT) program requirements (e.g., a RICT of less than 30 days expires without equipment being restored to operable status, then LCO 3.0.3 applies).
5) The traveler quotes the probabilistic risk assessment (PRA) policy statement as justification for the change but has not demonstrated that the proposal meets the

qualifiers in the policy statement. Specifically, the traveler does not demonstrate that the use of PRA is practical within the bounds of the state of the art for the proposed conditions.

6) How is the quality of the plant PRA used for the risk assessment assured? The only reference to PRA guidance in the submittal is RG 1.160.
7) How are defense-in-depth and safety margins evaluated during the risk assessment period?

Compliance with Regulation and Design Bases

8) The traveler does not address default entries. TS require entry into LCO 3.0.3 because the plant is in a condition beyond that defined or considered in the TS. Each default entry should be evaluated to ensure that all aspects of the condition have been thoroughly understood and evaluated for each plant-specific design. A specific issue to consider are LCO 3.0.3 entries that result in unanalyzed conditions (loss of function could be one).
9) LCO 3.0.3 entries associated with of a loss of function should be further addressed including a deterministic analysis to assure that operation remains within the plant design bases. A loss of function for a TS required structure, system, or component (SSC) is a significant safety concern.
10) The traveler states that the initiating event frequency is considered in the risk assessment. It appears that the risk analysis proposed in the traveler could assume credit for the frequency of the initiating event. However, the TS are based on regulations, some of which require that the initiating event be assumed in the analyses.

The proposal does not address the requirements of the regulations.

11) LCO 3.0.3 entries that could result from the current TS requirements should be evaluated to assure that they do not exist to provide compliance with 10 CFR 50.36 and whether the proposed change would result in a non-compliance.

Guidance

12) The traveler states that it is important to know the likely cause of the failure (that causes entry into LCO 3.0.3) to assess and manage risk. Considering the potential conditions, timing, and risk to the plant, the NRC staff does not believe that a probable cause, risk estimate, and implementation of mitigative actions can be completed within one hour.

Does the proposed change require that necessary trouble shooting to identify the likely cause of the failure be completed in addition to assessing and managing risk within the 1-hour time period in LCO 3.0.3? Provide a human factors analysis that shows that these actions can be completed within one hour under all plant operating scenarios (personnel on site, plant status and condition, other actions required due to the condition).

13) The proposal is based on assessment and control of risk. The proposal does not contain adequate requirements for the assessment and mitigation of risk.

NUMARC 93-01 was not intended for the evaluation of emergent conditions with a short evaluation time (events or operational occurrences like entries into LCO 3.0.3). It was written for maintenance evolutions. The risk assessment is assumed to be completed before an evolution is started which is consistent with other applications of risk in the TS.

NUMARC 93-01 emphasizes that careful planning is important to control risk. Entry into

LCO 3.0.3 and performing the required actions within one hour is not consistent with NUMARC 93-01.

14) Considering the safety significance of LCO 3.0.3 entries, and the lack of appropriate guidance, a TS program should be developed to define the process. The program should include detailed requirements for the risk assessment and mitigative actions.
15) The traveler states that if the extent of condition is unknown, the risk assessment should consider the increased possibility of common cause failure. How is common cause failure considered?
16) How is operable but degraded equipment treated in the risk assessment?
17) It is important that licensees maintain focus on plant safety and preparations for a safe shutdown of the plant when LCO 3.0.3 is entered. How is it assured that appropriate resources will be applied to assuring safety when the licensee has significant incentive to emphasize actions that keep the plant online? This is an important consideration for the NRC.
18) In order to simplify the risk assessment and mitigative measures for specific scenarios, could a partial risk assessment be pre-done with only a few variables left to finalize at the time the condition occurs?
19) The traveler or guidance should address how multiple simultaneous LCO 3.0.3 entries will be evaluated.

Alternative Solutions

20) The traveler states that LCO 3.0.3 requires initiation of action to shut down the plant without regard to risk significance. LCO 3.0.3 is not entered without losing equipment (and potentially safety function) that is required for operation per 10 CFR 50.36 criteria.

Some TSs require direct entry into LCO 3.0.3. For these cases it has been determined that immediate shutdown is appropriate. In other cases, the entry to LCO 3.0.3 is default instead of direct. Default conditions were either considered to require immediate shutdown or were ignored and should be considered individually for any change in completion time.

a. For direct entry TS the action times should be developed on a case-by-case basis. The current TS should be maintained unless evaluation justifies a change.
b. For default entries appropriate action time should be developed if it is determined that those currently imposed by LCO 3.0.3 are not appropriate.
21) Instead of proposing a TS change use the resources to identify the TS that direct or default to LCO 3.0.3 entry and provide recommendations to licensees for operational practices that would decrease the probability of entering such a condition.

TSTF Traveler and Concerns with the Proposed TS

22) The traveler should better define the terms transient and shutdown. A shutdown transient is one type that may result in a different transient or mitigate a transient that may occur during steady state operation. Even though the traveler contains language that says that the operators are capable of rapidly shutting the plant down, considering the shutdown the same as other transients puts a negative light on such ability. There are many daily evolutions in a plant that could be considered transients or could lead to transients. There are many transients that occur in a plant including power changes, refueling outage shutdowns, swapping pumps or electrical supplies, testing, etc.
23) The traveler states that actions to address the condition may be performed in parallel.

Actions that support an orderly plant shutdown are compulsory. They shall be performed, not may be performed. The risk assessment may not justify the extended period of operation or conditions may change such that LCO 3.0.3.b is exited after more than an hour passes, thus requiring immediate shutdown. The plant must be prepared to begin shutdown at any time after one hour from entry to LCO 3.0.3. This should be clarified in the proposal.

24) For clarity the bases should read - LCO 3.0.3.b may ONLY be used if risk is assessed and managed.
25) For clarity the bases should read - The use of LCO 3.0.3.b is not SOLELY dependent on planned restoration of compliance with the LCO or ACTIONS within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> as other actions are available, such as regulatory relief or an orderly shutdown.
26) Bases changes associated with new travelers include the following language that indicates that plant systems will not be challenged. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems. The implication in the traveler is that this language is not true. Changes to the STS should be consistent with the current STS and recent changes.
27) The staff does not understand the reason for rewording the initial part of LCO 3.0.3.
28) From the Bases - The risk assessment be completed before using LCO 3.0.3.b. It is missing the word must before be. This appears to be a consistent omission in the bases for all plant designs.
29) The Bases should state definitively that the one hour in LCO 3.0.3.a is not in addition to the 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> in LCO 3.0.3.b.
30) The NRC staff position is that the information in the Bases regarding completing the risk assessment and the risk management actions, and actions to be taken if the risk becomes unacceptable, should be added as requirements in the LCO.
31) Provide definitions of planned and unplanned entry into LCO 3.0.3 in the Bases.
32) The submittal states that a 24-hour delay time is consistent with 10 CFR 50.36. The NRC accepted a delay time of 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. The NRC found the 1-hour delay time to be acceptable for the licensee to safely initiate a shutdown and continues to be referred to in travelers. A justification for a significant change from 1 to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> was not provided.
33) Provide estimated completion times for the 3 goals listed in Section 3.2.3 of the traveler.

These are preparing for an orderly shutdown, restoring equipment to exit LCO 3.0.3, and requesting relief from the NRC. Can any of these be done in fewer than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> so that the allowed time could be reduced?

Retrieved from "https://kanterella.com/w/index.php?title=ML22045A474&oldid=3435381"