Text

LLC, Submittal of Presentation Materials Entitled Sdaa Presentation, Treatment of DC Power in Safety Analysis, PM-134582-NP, (Open Session)
	ML23026A358
Person / Time
Site:	99902078, 05200050
Issue date:	01/26/2023
From:	Shaver M; NuScale
To:	; Office of Nuclear Reactor Regulation, Document Control Desk
References
	LO-134587
	Download: ML23026A358 (1)
	v • d • e

LO-134587 January 26, 2023 Docket No.52-050 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738

SUBJECT:

NuScale Power, LLC Submittal of Presentation Materials Entitled SDAA Presentation, Treatment of DC Power in Safety Analysis, PM-134582-NP, (Open Session)

This submittal supplements the January 19, 2023, meeting with NuScale regarding the treatment of the EDAS in safety analyses. is the nonproprietary version of the presentation entitled Treatment of DC Power in Safety Analysis. contains a detailed description of multiple precedents further supporting NuScales position regarding the classification of its DC power system.

This letter makes no regulatory commitments and no revisions to any existing regulatory commitments.

If you have any questions, please contact Brian Meadors at 541-452-7846 or bmeadors@nuscalepower.com.

Sincerely, Mark W. Shaver Acting Director, Regulatory Affairs NuScale Power, LLC Distribution: Michael Dudek, NRC Getachew Tesfaye, NRC Bruce Bavol, NRC : SDAA Presentation, Treatment of DC Power in Safety Analysis, PM-134582-NP, (Open Session) : Detailed Description of Multiple Precedents Further Supporting Nuscales Position on EDAS Classification NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360.0500 Fax 541.207.3928 www.nuscalepower.com

LO-134587 :

SDAA Presentation, Treatment of DC Power in Safety Analysis, PM-134582-NP, (Open Session)

NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360.0500 Fax 541.207.3928 www.nuscalepower.com

2 Presenters Brian Meadors Chief Engineer, Licensing Kristopher Cummings Licensing Engineer Meghan McCloskey Thermal Hydraulic Engineer Sarah Bristol Supervisor, Probabilistic Risk Assessment PM-134582-NP Rev.0 NuScale Nonproprietary Copyright © 2023 NuScale Power, LLC

3 Acknowledgement and Disclaimer This material is based upon work supported by the Department of Energy under Award Number DE-NE0008928.

This presentation was prepared as an account of work sponsored by an agency of the United States (U.S.)

Government. Neither the U.S. Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the U.S. Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the U.S. Government or any agency thereof.

Agenda 4

1. Background

2. Acceptance review standard

3. NRC policy on risk-informing regulations

4. Risk analyses show that NuScales designs more than meet NRC safety goals

5. An NRC-approved process shows EDAS is a nonsafety system

6. Loss of EDAS should be analyzed at event initiation, not during event progression (smart failure)

7. Even if a smart failure occurs, the consequence does not impact public health and safety

8. Additional information showing that the IAB SRM applies

9. Addressing NRC concerns raised in recent communications

5

1. Background

ECCS design changes: IABs have been removed from the vent valves (RVVs).

ECCS valve safety function is to open.

Holding the valves closed when not actuated is important, but not a safety function.

Removing IABs from RVVs allow ECCS valves to open & depressurize RPV sooner.

With US460 design changes, CDF and LRF more than meet NRC safety goals and LRF is an overall improvement in plant safety.

Probabilistic risk assessment results for NuScale designs Design - Model CDF LRF US460 - Base model 5.4E-09 3.4E-13 US600 - Base model 2.7E-10 1.7E-11 NRC Safety Goal 1.0E-04 1.0E-06 PM-134582-NP Rev.0 NuScale Nonproprietary Copyright © 2023 NuScale Power, LLC

6

1. Background, cont.: Key reasons IABs removed from RVVs

{redacted}2(a),(c)

7

2. Acceptance review standard Sufficient information in the context of acceptance review is not interchangeable with adequate and acceptable information necessary for the staff to make a reasonable assurance finding.

RG-1.206 rev. 1 at C.IV.1 Therefore, the NRC staff assumes that completing its review will involve requests for additional information from the COL applicant.

id.

In sum, at this stage, the NRC does not have to find reasonable assurance, but only that the application reasonably appears to contain sufficient technical information. RG-1.206; LIC-109, Acceptance Review Procedures.

8

3. NRC policy on risk-informing regulations

[T]he Commissions goal is to have a holistic, risk-informed and performance-based regulatory structure.

[T]he staff should apply risk-informed principles when strict, prescriptive application of deterministic criteria is unnecessary to provide reasonable assurance of adequate protection of public health and safety.

Sources: (SRM) M060503B, Briefing on Status of Risk-Informed and Performance-Based Reactor Regulation (June 1, 2006); SRM-SECY-19-0036 (ML19183A408) (July 2, 2019); Principles of Good Regulation, ML14125A076; A Proposed Risk Management Regulatory Framework, ML12109A277, at 4.2-25 PM-134582-NP Rev.0 NuScale Nonproprietary Copyright © 2023 NuScale Power, LLC

9

3. NRC policy on risk-informing regulations, cont.

Regulatory activities should be consistent with the degree of risk reduction they achieve. Where several effective alternatives are available, the option which minimizes the use of resources should be adopted.

Excessive conservatism or the imposition of requirements that do not result in a proportional benefit to safety or only add minimally to safety beyond an already existing adequate level of safety can be contrary to an efficient and effective regulatory framework.

Sources: (SRM) M060503B, Briefing on Status of Risk-Informed and Performance-Based Reactor Regulation (June 1, 2006); SRM-SECY-19-0036 (ML19183A408) (July 2, 2019); Principles of Good Regulation, ML14125A076; A Proposed Risk Management Regulatory Framework, ML12109A277, at 4.2-25 PM-134582-NP Rev.0 NuScale Nonproprietary Copyright © 2023 NuScale Power, LLC

4. Risk analyses show that NuScales 10 designs more than meet NRC safety goals

The design changes from US600 to US460 have the effect of changing core damage frequency (CDF) from E-10 to E-9.

The large release frequency (LRF) from E-11 to E-13.

Both designs are multiple orders of magnitude safer than NRC CDF and LRF safety goals.

Sources: NuScales technical report, TR-102621; NuScales topical report, TR-0515-13952-NP-A; U.S. Nuclear Regulatory Commission, Safety Goals for the Operation of Nuclear Power Plants; Policy Statement, Correction and Republication, Federal Register Vol 51 FR 30028, August 21, 1986; U.S. Nuclear Regulatory Commission, Implementation of the Safety Goals, SRM on SECY-89-102, June 15, 1990; U.S. Nuclear Regulatory Commission, History of the Use and Consideration of the Large Release Frequency Metric by the U.S. Nuclear Regulatory Commission, SECY-13-0029, March 22, 2013 PM-134582-NP Rev.0 NuScale Nonproprietary Copyright © 2023 NuScale Power, LLC

11

5. An NRC-approved process shows EDAS is a nonsafety system

NuScales EDAS is classified as nonsafety-related under NuScales Design Reliability Assurance Program (DRAP).

NRC approved the predecessor DRAP in the certified US600 design.

The DRAP here is, in all meaningful respects, the same as the one previously approved.

6. Loss of EDAS should be analyzed at event initiation, 12 not during event progression (smart failure)

NuScales proposal to analyze the status of EDAS as an initial condition (rather than a smart failure) is consistent with nearly fifty years of standards and guidance.

Ch. 15 evaluated EDAS loss at time 0 to show that AOO acceptance criteria are met.

This is appropriate and sufficient to demonstrate that EDAS is not relied upon during DBEs and is not safety-related.

This timing assumption is consistent with deterministic evaluation of the SSC failures and with probabilistic evaluation of random failure frequency.

7. Even if a smart fail occurs, 13 the consequence does not impact public health and safety In the unlikely event of an EDAS smart failure during a reactivity insertion accident, analyses show that the CHFR remains above the MCHFR limit for the majority of state-point conditions.

{redacted}2(a),(c)

Source: NuScales technical report, TR-102621, Treatment of DC Power in Safety Analyses, at pages 2 and 51.

14

8. Additional information showing that the IAB SRM applies DCA US600 SDAA US460 IAB single failure EDAS failure timing Issue / Concern Meeting SAFDLs during AOOs Meeting SAFDLs during AOOs Inadvertent valve opening +

loss of EDSS at time 0 +

Postulated event single failure of IAB progression (1) Reactivity insertion event or cooldown 2 valves open, more challenging than event +

FSAR 15.6.6 analysis random loss of EDAS before reactor trip Reactivity insertion event +

ECCS valve opening at power, loss of EDAS at reactor trip +

pressure conditions above operating single failure of IAB Postulated event range, more challenging than FSAR ECCS valve opening at power, progression (2) 15.6.6 analysis pressure conditions above operating range, more challenging than FSAR 15.6.6 analysis Risk-informed principles should be applied when strict, prescriptive applications of deterministic criteria are unnecessary to provide reasonable assurance of adequate protection of public health and safety.

15

9. Addressing NRC concerns raised in recent communications Defining safety-related

None of the three criteria in 50.2 are challenged if EDAS is not safety-related.

This includes safe shutdown. Meeting SAFDLs is not the exclusive method of showing compliance with safe shutdown. Another option is a probabilistic reliability analysis, including events initiated from the safe shutdown conditions to ensure conformance with the safety goal guidelines. SECY-94-084 at 13.

IAB SRM comparison

Additional comparison information has been provided.

In both the IAB and EDAS issues, applying strict, deterministic criteria is unnecessary to provide reasonable assurance of safety.

16

9. Addressing NRC concerns, cont.

Guidance out of date or not used

The white paper, WP-130033-P, cites multiple examples of guidance from the past and present to show that industry, the NRC, and standards organizations have regularly embraced the principle that deterministic safety analyses need not assume highly unlikely coincident events.

Accounting for multiple reactors

Events of the type at issue here are analyzed per module. (Noted in first sentence of FSAR Ch. 19). This is consistent with the approach used in the certified design.

17

9. Addressing NRC concerns, cont.

Whether EDAS in US460 serves the function of IAB valves in US600

ECCS valves do not need power from EDAS to perform their safety function, i.e., open and provide cooling. Closed ECCS valves are important to operation, but are not a safety function.

Ch. 15 evaluated EDAS loss at time 0 to show that AOO acceptance criteria are met.

This is appropriate and sufficient to demonstrate that EDAS is not relied upon during DBEs and is not safety-related.

This timing assumption is consistent with deterministic evaluation of the SSC failures and with probabilistic evaluation of random failure frequency.

As previously noted by Chairman Svinicki, regulatory action should not derive from focusing singularly on the function of an individual component rather than assessing the function of the design as an integrated system. An assessment of the function of the integrated system is the appropriate regulatory frame of reference and allows for the protection of public health and safety.*

Comments of Chairman Svinicki, VR-SRM-SECY-19-0036 (emphasis added)

18

9. Addressing NRC concerns, cont.

Requests for certain calculations

Many calculations have been previously provided. To the extent the staff has detailed questions about those calculations or others, then NuScale, consistent with Reg. Guide 1.206 rev. 1 at C.IV.1, will provide appropriate information during audits and/or RAIs after acceptance review.

19

10. Conclusion

Classification of EDAS is an opportunity for the staff to implement the risk-informed, performance-based direction of the Commission

Sufficient information has been provided to reach a reasonable assurance conclusion on adequacy of application

Additional detailed review is more appropriate for the detailed technical review phase where audits and RAIs can be utilized.

LO-134587 :

Detailed Description of Multiple Precedents Further Supporting Nuscales Position on EDAS Classification NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvallis, Oregon 97330 Office 541.360.0500 Fax 541.207.3928 www.nuscalepower.com

NuScale Treatment of DC Power: Precedent Examples Recent NRC-approved industry precedent exists to support NuScales positions that:

Loss of power is assumed only at event initiation or based on a deterministic causal failure Random failures of power supplies during event progression can be excluded based on reliability and probability considerations GDC 17 is satisfied by performing safety analyses with power and without power Nonsafety-related power supplies and components can be assumed to function during safety analyses, based on their reliability, without requiring reclassification under the 10 CFR 50.2 definition of safety-related The following relevant examples of precedent are provided for NRC review and consideration.

1. Design Certification Application: US-APWR ML13262A481: Design Control Document (DCD) Section 15.0.0.7 discusses assumptions for the loss of offsite AC power. Analyses are described as considering both with and without offsite power available for cases where the event may be accompanied by a reactor/turbine generator trip. The DCD describes that a minimum delay of 3 seconds is assumed between reactor trip/turbine generator trip and a postulated loss of offsite power (LOOP). This 3-second delay allows credit for continued forced flow from reactor coolant pumps (RCPs) while control rods are dropping from the reactor trip. The time delay assures that the loss of flow transient caused by power loss to the RCPs does not occur until after minimum departure from nucleate boiling rate (DNBR) had already occurred. As a result, the LOOP cases are not limiting for DNBR.

The justification for the 3-second delay is provided in DCD Section 8.2.3.

ML13262A473: DCD Section 8.2.3 describes how the RCPs are powered following a reactor/turbine trip. Various timer delays associated with the generator are described but not credited. The design is described as ensuring the RCPs remain powered as long as offsite power is available. The stability of the offsite power system is credited as the reason that the RCPs will remain powered for at least 3 seconds. Confirmation of the grid stability is included as an interface requirement for a COL applicant. DCD Section 8.2.1.2 identifies that the offsite power system is a nonsafety-related system. DCD Section 8.2.3 identifies that the RCP motors are connected to the nonsafety-related buses. The RCP motors are also not identified as safety-related in DCD Table 3.2-2 (ML13262A464).

ML12167A444: The safety evaluation report (SER) with open items for Chapter 15 describes the review of the DCD Section 15.0.0.7 LOOP assumptions. The SER describes verification of minimum DNBR for cases with no LOOP compared to cases with LOOP delayed by 3 seconds after reactor/turbine generator trip. Cases assuming a LOOP either just before reactor/turbine generator trip such that the 3-second delay did not apply or in the first 3 seconds after reactor/turbine generator trip are not described nor required to be performed as an open item. The SER describes an RAI requesting additional justification of the 3-second delay. The SER describes the response as revising DCD Chapter 15 to point to Section 8.2.3 for the details of the electrical systems, which was tracked as a confirmatory item.

ML19155A293: The advanced SER (with no open items) for DCD Chapter 8 describes the interface with DCD Chapter 15 regarding the 3-second delay for RCPs. The SER NuScale Nonproprietary Page 1 of 5

indicates that RAIs on the subject were closed by the inclusion of the interface requirement for a COL applicant to confirm the grid stability.

Summary of precedent: The Chapter 15 analyses credit a nonsafety-related power supply (the offsite power system) to power the RCP motors on nonsafety-related buses to continue to provide forced coolant flow following reactor/turbine trip. This assumption ensures decreasing flow conditions are not present when evaluating other initiating events for DNBR. The justification is based on the reliability of the power supply.

Although the design certification was not completed, the NRC did issue SERs that accepted the approach. This precedent shows that nonsafety-related power supplies and components can be credited in safety analyses, when justified to be reliable, to ensure that specified acceptable fuel design limits (SAFDLs) are met for anticipated operational occurrences (AOOs). This precedent further shows that loss of power is only assumed at discrete times (either at event initiation or following reactor/turbine generator trip) and mid-event random power failures (i.e., smart failures) are not assumed.

2. Certified Design: AP1000 ML11171A367: DCD Section 15.0.14 discusses assumptions for the loss of offsite AC power. The loss of offsite power is described as a potential consequence of the event.

Random loss of power is not assumed as shown by the statement that [e]vent analyses that do not result in a possible consequential disruption of offsite ac power do not assume offsite power is lost. The DCD describes that a minimum delay of 3 seconds is assumed between turbine trip and a postulated LOOP. During this 3-second delay, credit is taken in the safety analyses for continued operation of RCPs, feedwater pumps, and the condenser. The justification for the 3-second delay is provided in DCD Section 8.2.

ML11171A478: DCD Section 8.2.2 describes how the RCPs can receive power from the main generator or the grid for a minimum of 3 seconds following a turbine trip. Neither of these power sources is safety-related. The design of the generator and the stability of the offsite power system are credited as the reasons that the RCPs will remain powered for at least 3 seconds. Confirmation of the grid stability is included as an interface requirement for a COL applicant as described in DCD Section 8.2.5. The RCP motors are identified as nonsafety-related in DCD Table 3.2-3 (ML11171A425).

NUREG-1793 Chapter 8: The final SER for Chapter 8 accepts the 3-second time delay for continued operation and the associated COL applicant confirmation of grid stability.

The SER identifies that cases where the initiating event involved an electrical system failure could not rely upon the 3-second delay because the electrical system was known to be failed. The SER notes that a failure modes and effects analysis (FMEA) could be used to address whether the electrical system failures would cause a loss of RCP function. The isophase bus failure is identified as an example, but it is identified that the isophase bus has to be operational at the start of the event for the turbine to be in operation. The SER documents that a failure of a passive component, such as the isophase bus, that is known to be initially operational within a 3-second window is a very low probability event.

NUREG-1793 Chapter 15: The final SER for DCD Chapter 15 describes the continued operation of RCPs for 3 seconds following turbine trip as acceptable based on the generator design features and the COL grid stability analysis. The SER states that Chapter 15 analyses are evaluated with and without LOOP. Based on review of DCD Chapter 15, the cases with LOOP refer to the delay as a reason for DNBR not being limiting compared to the base case without LOOP. The SER also describes situations where nonsafety-related systems are assumed to be operational, including when a NuScale Nonproprietary Page 2 of 5

detectable and nonconsequential random, independent failure must occur in order to disable the system. For example, the nonsafety-related main feedwater control system is assumed to operate during analysis of events not related to feedwater system malfunction, loss of AC power, or turbine trip. The SER states that [t]he staff concludes that the assumption of MFCS continued operation is acceptable because a failure in the MFCS is not a consequence of the initiating event, and the probability of a random, independent failure occurring in the MFCS within the timeframe of the initiating event is extremely low.

Summary of precedent: The Chapter 15 analyses credit a nonsafety-related power supply (either from the generator or the offsite power system) to power the nonsafety-related RCP motors to continue to provide forced coolant flow following turbine trip. This assumption ensures decreasing flow conditions are not present when evaluating other initiating events for DNBR. The justification is based on the design features of the generator and the reliability of the offsite power supply. This precedent shows that nonsafety-related power supplies and components can be credited in safety analyses, when justified to be reliable, to ensure that SAFDLs are met for AOOs. This precedent further shows that loss of power is only assumed when shown to be a consequence of the event progression (i.e., following turbine trip) and mid-event random power failures (i.e., smart failures) are not assumed. Finally, this precedent shows explicit NRC approval of the position that continued operation of nonsafety-related systems is acceptable if their failure is not a consequence of the event and the probability of a random independent failure during the timeframe of the initiating event is extremely low.

3. Design Certification Application: US-APWR ML13262A481: DCD Section 15.3.3 evaluates the RCP rotor seizure. The event assumes instantaneous RCP rotor seizure of one RCP rotor with a rapid reduction in flow, including reverse flow in that loop. Assumption of a LOOP results in the other three RCPs coasting down and exacerbating the decrease in RCS flow. However, the LOOP is assumed to only occur at the time of turbine trip. (A 3-second delay in RCP coastdown following turbine trip is also assumed, but that treatment is addressed separately in this precedent review as example #1.) A LOOP is not assumed either at event initiation or during the event just prior to reactor trip, as demonstrated by DCD Figure 15.3.3-1 which shows no decrease in flow from the other RCPs. The evaluation shows that fuel failure does occur and dose consequences are calculated. No justification is provided for why a LOOP is not assumed at any point prior to turbine trip. DCD Table 1.9.2-15 (ML13262A462) identifies that the Section 15.3.3 evaluation conforms to SRP 15.3.3-15.3.4 with no exceptions. Since the analysis is not performed with alternate LOOP assumptions, it is not known whether the results still meet 10 CFR 100 limits if alternate assumptions are applied.

ML12167A444: The SER with open items for Chapter 15 describes the review of the DCD Section 15.3.3 LOOP assumptions. The SER describes how GDC 17 is interpreted by Items 7 and 9 in SRP 15.3.3-15.3.4, which include consideration of a LOOP at time of turbine trip. There is no discussion of a LOOP at event initiation or during the event progression prior to turbine trip. The SER states that the evaluation was acceptable and conforms with the SRP regarding LOOP assumptions.

ML070550012: The SRP 15.3.3-15.3.4 Item 7 states that Only safety-grade equipment should be used to mitigate the consequences of the event. Safety functions should be accomplished assuming the worst single failure of a safety system active component.

For new applications, loss of offsite power should not be considered a single failure; NuScale Nonproprietary Page 3 of 5

reactor coolant pump rotor seizures and shaft breaks should be analyzed with a loss of off-site power (see item 9, below) in combination with a single active failure. (This position is based upon interpretation of GDC 17, as documented in the Final Safety Evaluation Report for the ABB-CE System 80+ design certification.) Item 9 states that This event should be analyzed assuming turbine trip and coincident loss of offsite power and coastdown of undamaged pumps. No discussion of the assumption of a LOOP at other times that generates a more limiting reduction in RCS flow (and therefore increased consequences) is provided.

ML13267A423: NUREG-0138 Item 5 addresses the flow coastdown of undamaged pumps during an RCP rotor seizure or shaft break. The potential for more limiting LOOP assumptions is considered, such as a LOOP coincident with event initiation. The coincident LOOP is identified as resulting in larger calculated radiological consequences, although still within 10 CFR 100 limits. The review of the issue concludes that it is likely that offsite power remains available and the occurrence of the initiating event with a coincident LOOP is not considered to be a design basis accident and is too improbable to require consideration. The review also assesses a possibility of a LOOP due to turbine trip and states that the impact is minimal as the RCP coastdown likely does not occur until after minimum DNBR because of delays.

Summary of precedent: The Chapter 15 analyses credit a nonsafety-related power supply (the offsite power system) to power the RCP motors on nonsafety-related buses to continue to provide forced coolant flow after event initiation and until reactor/turbine trip. The SRP identifies the need to assess LOOP to satisfy GDC 17, but does not require assuming LOOP at event initiation or during the event progression before reactor/turbine trip. NUREG-0138 identifies that the consequences of the event are more limiting with alternate LOOP assumptions but determines that alternate LOOP assumptions are not required due to the low probability of such sequences.

4. Operating Plants: Vogtle 1&2 FSAR: Section 15.3.3 identifies that the RCP shaft seizure event only considers a LOOP after reactor trip and not at event initiation or during the event progression. In addition, the analysis assumes that power to the RCPs is not lost until 2 seconds after trip due to grid stability. The RCPs not affected by the shaft seizure are assumed to continue to provide forced flow during the event despite the fact that the nonsafety-related motors (Table 3.2.2-1) are powered by the nonsafety-related offsite power grid.

Summary of precedent: The precedent demonstrated in examples #1 through #3 above for new plants is also found in currently operating plants.

5. Operating Plant: Fermi 2 ML17237A176: A license amendment request was submitted to the NRC by the licensee to revise the Technical Specifications and modify the Chapter 15 safety analysis method for the control rod drop accident. The Chapter 15 safety analysis was revised to take credit for an automatic trip of multiple nonsafety-related components to ensure calculated radiological consequences complied with the regulatory limits of 10 CFR 50.67 (equivalent to those limits in 10 CFR 50.34(a)(1) specified in the safety-related definition in 10 CFR 50.2). The automatic trips were added to the plant Technical Specifications, including Surveillance Requirements to periodically perform logic system functional tests. Although safety-related detection signals were used for the trips, the license amendment request stated that the trip function logic is neither safety-related nor single failure proof. This design, which included nonsafety related components NuScale Nonproprietary Page 4 of 5

performing a function credited in the Chapter 15 safety analysis, was described as based upon and consistent with other industry precedent.

ML18250A163: The NRC approved the request as License Amendment 212. The NRC did not require all components of the credited trip to be made safety-related. No exemption from the safety-related definition in 10 CFR 50.2 was described.

Summary of precedent: Chapter 15 safety analyses credit the performance of certain nonsafety-related components to meet regulatory dose limits. This precedent shows that a strict deterministic interpretation of the 10 CFR 50.2 safety-related definition is not always applied.

6. NUREG-0138 Issue 4 ML13267A423: NUREG-0138 identifies an issue where alternate LOOP sequences are postulated that result in more severe consequences. The alternate sequences involve a LOOP occurring after operators have taken action to manually reset the safety injection system following a LOCA. The LOOP after reset results in certain important electrical loads not being automatically loaded and requires further operator actions to mitigate this sequence. If the LOOP occurs shortly after the LOCA (before reset) or a long time after the LOCA, the original safety analysis is bounding. The review of the issue concludes that this specific failure sequence has sufficiently low probability as to preclude its being considered as a design basis event. The probability of this sequence is estimated to be approximately 2E-8 per year, based on the combination of a LOCA probability of one chance in 1000 per year and a LOOP within a one-hour period following a LOCA probability of one chance in 50,000 per year. The review also recommends that procedures be updated so that operator actions can respond to such an event sequence, despite its low probability.

Summary of Precedent: The NUREG identifies that there are certain event sequences that can be postulated to be worse than the event sequences assumed in the safety analyses. The NUREG recognizes that these alternate sequences do not need to be considered part of the design basis due to their low probability and establishes an example threshold on the order of 2E-8.

NuScale Nonproprietary Page 5 of 5

ML23026A358

Contents

Text

SUBJECT:

1. Background

1. Background

Navigation menu

ML23026A358

Text

SUBJECT:

1. Background

1. Background

Navigation menu

Search