Text

KPNRC2208014 ResponsetoNRCRequestforAdditionalInformation348 (NonProprietary)

Page1of4 NRCRequestforAdditionalInformation RAIPackage348,Question408

Section50.34ofTitle10oftheCodeofFederalRegulations(10CFR50.34),"Contentsofapplications; technicalinformation,"providesrequirementsforinformationtobeprovidedinaConstruction Permit(CP).10CFR50.34(a)(4)statesthataCPshallcontainapreliminaryanalysisandevaluationof structures,systems,andcomponents(SSCs)todeterminemarginsofsafetyduringnormaloperations andtransientconditionsandtheadequacyofSSCsprovidedforpreventionandmitigationofthe consequencesofaccidents.

AsgivenintheKairostopicalreportonprincipaldesigncriteriafortheKPFHR,criterion29,whichis referencedintheHermesPreliminarySafetyAnalysisReport(PSAR),states,"Theprotectionand reactivitycontrolsystemsshallbedesignedtoassureanextremelyhighprobabilityofaccomplishing theirsafetyfunctionsintheeventofanticipatedoperationaloccurrences."FortheHermestest reactor"anticipatedoperationaloccurrencesisreplacedbypostulatedevents"perPSARSection3.1.

NUREG1537,Part2,Section4.2.2,"ControlRods,"statesthatthestaffshoulddeterminethat reasonableassuranceexiststhatthescramfeaturesdesignedforthisreactorwillperformas necessarytoensurefuelintegrityandtoprotectthehealthandsafetyofthepublic.

PreliminarySafetyAnalysisReportSection13.1.10.1,"RecriticalityandUnprotectedEvents"states, "Unprotectedevents,oreventswherereactorshutdownisnotachievable,areexcludedfromthe designbasis."Inaddition,Section13.1.10.1states,"TheRCSS[reactivitycontrolandshutdown system]isdesignedwithsufficientindependence,diversity,andredundancyfromdetectionand actuationtoelementinsertiontoensurereactorshutdownwhennecessary."Toreachareasonable assurancefindingthattheRCSShassufficientreliabilitytoprecludeunprotectedevents,thestaffis requestingadditionalinformationregardingthefollowing:

1. Pleasedescribeanyinstrumentationandcontroldesignfeatureswhichprovidedefenseindepth orreducetheprobabilityofacommoncausefailuretoprecludeanunprotectedevent.

2. WhatmechanicaltestingoftheRCSSsystemwillbeperformedtoensureelementinsertion, includingtheinsertionoftheshutdownelementsintothepebblebedandcontrolelementsinto thegraphitereflector?

3. Ifcontrolandshutdownelements(beyondtheassumedhighestworthstuckelement)failto insert,partiallyinsert,orsufferneutronabsorberloss(e.g.,throughthelossofelementcladding integrity),areothermeansofreactivitycontrolavailabletomitigatepostulatedevents?Ifother meansarenotavailable,pleasedescribehowthereissufficientdiversityorreliabilitytojustify excludingunprotectedeventsfromthedesignbasis.

Page2of4 KairosPowerResponse NRCQuestion408,Item1

Pleasedescribeanyinstrumentationandcontroldesignfeatureswhichprovidedefenseindepthor reducetheprobabilityofacommoncausefailuretoprecludeanunprotectedevent.

KairosPowerhassubmittedchangestothePSARandanalyticalmethodstodescribehowthedesign conformedtoPDC26(ML22243A138,ML22242A168).Thechangecreditsrelianceontheshutdown elementsasdesignedwithsufficientworthtoshutdownthereactorinresponsetopostulated events.Additionally,PSARSection13.1.10.1clarifiedthemeaningofanunprotectedeventasa scenarioinwhichthesafetyrelatedreactorshutdownsystemwouldnotbeavailabletomitigatea postulatedevent.Inordertoprecludethisscenariofromoccurringinthedesignbasis,theshutdown portionoftheRCSS,thereactorshutdownsystem(RSS),isdesignedwithsafetyrelatedtreatment, asdescribedin4.2.2toensurethatthereactorwillshutdownduringapostulatedevent.

Thereactorprotectionsystem(RPS)isthespecificinstrumentationandcontrolsystemcreditedfor initiatingtheshutdownfunctionwhichisperformedbytheRSS.TheportionoftheRPSthatinitiates theRSSisthereactortripsystem(RTS).TheRSSautomaticallyinitiatestheinsertionoftheshutdown elements.

Duringnormaloperation,theRTScontinuouslysendsasignaltokeeptheshutdownelements withdrawnfromthereactorcore.Ifpowerislost,thecontinuoussignalsenttotheRCSSbytheRTS isinterrupted,andboththecontrolelementsandshutdownelementsareinsertedintothereactor (althoughonlytheshutdownelementinsertioniscreditedforsatisfyingPDC26forpostulated events).Shutdownelementpositionsarealsomonitoredusingtwoconcurrentindependentand diversemethodswhichallowforrealtimefunctionalitychecksasdescribedinPSARSection4.2.2.1.

AsdescribedinPSARSection7.3.1,theRPSincludesthefollowingsafetyrelatedtreatmentsto precludeanunprotectedevent:

Separatechannelsofsensorelectronicsandinputdevices Redundantandseparategroupsofsignalconditioning Redundantandseparategroupsoftripdetermination SafetyrelatedcomponentstoprovideelectricalisolationfromthenonsafetyrelatedDC powersystempowersupply Multiplereactortripdevices RPSisolationhardware Twodivisionsofreactortripsystem(RTS)votingandactuationequipment Thesafetyrelatedtreatmentsincludeindependenceandredundancytoensurethatthereisno portionoftheRPS(fromthedetectionofanoffnormaleventtotheautomaticinitiationofthe shutdownfunctionofRSS)thatissubjecttoasinglefailure.

TheRPSdesignalsoincludesdiversedesignfeaturestoprecludecommoncausefailures.TheField ProgrammableGateArray(FPGA)portionoftheRPScouldbepostulatedtoexperienceasoftware logicbasedcommoncausefailure.Inordertoprecludesuchanunlikelyfailure,theRPSrequiresat leasttwodifferentFGPAarchitectures(e.g.,onetimeprogrammableorflashbased,andstatic

Page3of4 randomaccessmemory).Additionally,alossofpowertotheRPScouldrepresentapostulated commoncausefailure.However,asdescribedabove,thedesignissuchthatalossofpowerwill resultinshutdownelementinsertion.

Additionally(althoughnotcreditedforshutdownofthereactorduringapostulatedevent),theRPS willinitiatetheinsertionofthecontrolelementsconcurrentwithinsertionofshutdownelements, providingadditionalshutdownworth.RCSScontrolandshutdownelementwithdrawalfromthecore isinhibitedbyinterlocksafteralossofpower(whichrequireamanualreset)topreventinadvertent positivereactivityinsertionwhenpowerreturnsasdescribedinPSARSection7.3.1.

NRCQuestion408,Item2

WhatmechanicalqualificationtestingoftheRCSSsystemwillbeperformedtoensureelement insertion,includingtheinsertionoftheshutdownelementsintothepebblebedandcontrolelements intothegraphitereflector?

TheresultsofthemechanicaltestingoftheRCSSthatprovideassuranceitisqualifiedtooperatein normalandpostulatedeventenvironmentalconditionswillbeavailablewiththeapplicationforan OperatingLicense.ThePSARincludescommitmentstotestsafetyrelatedstructures,systems,and componentstoensurethesuccessfulperformanceofsafetyfunctions.AsdescribedinPSARSection 4.2.2.3,thesafetyrelatedportionofRCSSwillmeetPDC4,whichrequiresthatthecontrolelements accommodatedynamiceffectsandbecompatiblewiththeenvironmentalconditionsduringnormal plantoperationaswellasduringpostulatedevents.AsdescribedinPSARChapter12,AppendixB, Section2.3.3,theadequacyofthedesignwillbeverifiedusingmethodsincludingtheperformance ofqualificationtests.QualificationtestingforthesafetyrelatedportionoftheRCSSwillbedefined inaformaltestplanthatincludesappropriateacceptancecriteriaanddemonstratesthesystem reliabilityandadequacyofperformanceunderconditionsthatsimulatethemostadversedesign basisconditions.

TheshutdownelementsanddrivemechanismswillalsomeetASMESectionIII,Division5loadsdue tooperationalstepping,reactortrip,stuckelement,fatigue,andshippingandhandling.Asstatedin apreviouslysubmittedchangetoPSARSection4.2.2.3(ML22062B679),theshutdownelementsare qualificationtestedoutofpilepriortooperationandaconservativewearlimitisestablishedto ensurethatwearduringelementmovementisacceptable.

Thereactorvesselheadpenetrations,inwhichthesafetyrelatedreactorshutdownelementsinsert throughtheuppergraphitereflectoranddirectlyintothepebblebed,meetReference1 requirements.Theshutdownelementsthemselvesarealsoqualifiedtoinsertunderseismic conditions.Thegraphitereflectorblocksaredesignedtomaintaintheirstructuralintegrity,as describedinPSARSection4.3,andarequalifiedinaccordancewithReference2.

Testingisperformedtoconfirmtheinsertiontimeofindividualshutdownelementsiswithinthe insertiontimeassumedwithinthepostulatedeventanalysis.Testingisalsoperformedtoconfirm thattheinsertiontimeofallshutdownelementsconcurrentlyinsertingiswithintheinsertiontime assumedinthepostulatedeventanalyses.AsstatedinSection4.2.2.3ofthePSAR,theinsertion capabilityoftheshutdownelementswillalsobedemonstratedaspartofstartuptestingby performinginsertiontimetesting.Aninsertiontestofeachshutdownelementwillbeforthe expecteddeflectionoftheinsertionpath.Aninsertiontestdeflectstheshutdownelementupper

Page4of4 reflectorguidestructuresconsistentwiththemaximummisalignment.Theshutdownelement insertiontimeismeasuredandcomparedtotheinsertiontimetestingperformedwithnodeflection oftheupperreflectorguidestructures.Thesetestsprovideassurancethattheupperreflectorblocks maintaintheshutdownelementinsertionpathways.

NRCQuestion408,Item3 Ifcontrolandshutdownelements(beyondtheassumedhighestworthstuckelement)failtoinsert, partiallyinsert,orsufferneutronabsorberloss(e.g.,throughthelossofelementcladdingintegrity),

areothermeansofreactivitycontrolavailabletomitigatepostulatedevents?Ifothermeansarenot available,pleasedescribehowthereissufficientdiversityorreliabilitytojustifyexcluding unprotectedeventsfromthedesignbasis.

AlthoughthereareothermeansofreactivitycontrolinadditiontotheRSS,thosemeansarenot creditedtoperformtheshutdownsafetyfunction.Thefailureoftheshutdownelementstoinsertin responsetoapostulatedeventisbeyondthedesignbasis.Manyexistingsystemsprovideassurance thattheRSShassufficientdiversityandreliabilitytoshutdownthereactorinresponsetoa postulatedevent:thesafetyrelateddesignfeaturesoftheRPSandRSSdescribedintheresponseto Item1above,thetestingdescribedinresponsetoItem2above,andtheperiodictestingand inspectionsdiscussedinPSARSection4.2.2.4.ConsistentwiththeNRCguidanceinNUREG1537,the performanceoftheRSSisevaluatedinapostulatedeventassumingthehighestworthshutdown elementdoesnotinsert.

ThecontrolportionoftheRCSSisnotcreditedforshutdownworthinthemitigationofpostulated events.However,asdescribedintheresponsetoItem1above,theRPSinitiatesaninsertionofthe controlelementsconcurrentwiththeshutdownelements.Thissystemprovidesanadditionalnon crediteddiverseandreliablemeansofreactivitycontrol.Thefourreactivitycontrolelementsinsert intotheupperandsidereflector,neartheperipheryofthecore.Section4.2.2.1ofthePSARalso statesthatthecontrolelementsareanassemblyofsegmentedannularcylinderswhichdiffersfrom thecruciformshapedshutdownelements.

References:

1. ASCE4319,SeismicDesignCriteriaforStructures,Systems,andComponentsinNuclear Facilities.

2. KairosPowerLLC,GraphiteMaterialQualificationfortheKairosPowerFluorideSaltCooled HighTemperatureReactor,KPTR014P,Revision3.

ImpactonLicensingDocument:

ThisresponsedoesnotimpacttheKairosPowerconstructionpermitapplication.However,a previouslysubmittedchangetotheKairosPowerPreliminarySafetyAnalysisReport(ML22243A138, ML22242A168)maderelevantchanges.