Text

LLC Revision 1 to Standard Design Approval Application, Part 2, Chapter 8, Electrical Power
	ML23304A354
Person / Time
Site:	05200050
Issue date:	10/31/2023
From:	; NuScale
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML23306A033	List: ML23304A316; ML23304A317; ML23304A318; ML23304A320; ML23304A321; ML23304A323; ML23304A325; ML23304A327; ML23304A329; ML23304A331; ML23304A333; ML23304A335; ML23304A336; ML23304A338; ML23304A339; ML23304A341; ML23304A343; ML23304A345; ML23304A346; ML23304A348; ML23304A349; ML23304A354; ML23304A355; ML23304A357; ML23304A358; ML23304A359; ML23304A361; ML23304A363; ML23304A364; ML23304A365; ML23304A366; ML23304A368; ML23304A370; ML23304A371; ... further results
References
	LO-151262
	Download: ML23304A354 (1)
	v • d • e

document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy of the information in this document, other than by the U.S. Nuclear Regulatory Commission C), is authorized without the express, written permission of NuScale Power, LLC.

NRC is permitted to make the number of copies of the information contained in these reports ded for its internal use in connection with generic and plant-specific reviews and approvals, well as the issuance, denial, amendment, transfer, renewal, modification, suspension, ocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 R 2.390 regarding restrictions on public disclosure to the extent such information has been tified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.

arding nonproprietary versions of these reports, the NRC is permitted to make the number of itional copies necessary to provide copies for public viewing in appropriate docket files in lic document rooms in Washington, DC, and elsewhere as may be required by NRC ulations. Copies made by the NRC must include this copyright notice in all instances and the prietary notice if the original was identified as proprietary.

APTER 8 ELECTRIC POWER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1-1 8.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1-1 8.1.1 Utility Power Grid and Offsite Power System Description . . . . . . . . . . . . 8.1-1 8.1.2 Onsite Power Systems Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1-1 8.1.3 Design Bases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1-2 8.2 Offsite Power System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2-1 8.2.1 Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2-1 8.2.2 Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2-1 8.3 Onsite Power Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-1 8.3.1 Alternating Current Power Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-1 8.3.2 Direct Current Power Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-4 8.3.3 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-11 8.4 Station Blackout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.4-1 8.4.1 Station Blackout Analysis and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.4-1 8.4.2 Station Blackout Coping Equipment Assessment . . . . . . . . . . . . . . . . . . 8.4-1 8.4.3 Station Blackout Procedures and Training . . . . . . . . . . . . . . . . . . . . . . . . 8.4-1 cale US460 SDAA i Revision 1

le 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems. . . . . . . . . 8.1-5 le 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-13 le 8.3-2: Classification of Structures, Systems, and Components . . . . . . . . . . . . . . 8.3-36 cale US460 SDAA ii Revision 1

ure 8.3-1: High Voltage Alternating Current Electrical Distribution System . . . . . . . . 8.3-39 ure 8.3-2a: Medium Voltage Alternating Current Electrical Distribution System (Common Portion) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-40 ure 8.3-2b: Medium Voltage Alternating Current Electrical Distribution System (Module-Specific Portion). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-41 ure 8.3-3: Augmented Direct Current Power System (Common) . . . . . . . . . . . . . . . . 8.3-42 ure 8.3-4a: Augmented Direct Current Power System (Module Specific) . . . . . . . . . . 8.3-43 ure 8.3-4b: Augmented Direct Current Power System (Module Specific) . . . . . . . . . . 8.3-44 ure 8.3-5: Normal Direct Current Power System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.3-45 cale US460 SDAA iii Revision 1

Introduction 1 Utility Power Grid and Offsite Power System Description For the NuScale Power Plant US460 standard design, the offsite power system includes one or more connections to a transmission grid, micro-grid, or dedicated service load. The interface between the onsite alternating current (AC) power system and the offsite power system is at the point of common coupling where the plant switchyard and utility grid conductors are connected.

The NuScale Power Plant design does not depend on onsite or offsite AC electrical power, including that from the transmission grid, for safe operation. Therefore, the availability of AC electrical power from an offsite power source does not impact the ability to achieve and maintain safety-related functions. A loss of voltage, degraded voltage condition, or other electrical transient on the nonsafety-related AC power systems does not have an adverse effect on the ability to achieve and maintain safe-shutdown conditions.

The design supports an exemption from General Design Criteria (GDC) 17 and 18.

As described in Section 8.3, the normal source of electrical power to the plant electrical loads is provided by the operating power module main generators rather than from an offsite transmission grid connection.

2 Onsite Power Systems Description Onsite electrical power systems include the:

high voltage AC electrical distribution system (EHVS)

medium voltage AC electrical distribution system (EMVS)

low voltage AC electrical distribution system (ELVS)

augmented direct current (DC) power system (EDAS)

normal DC power system (EDNS)

backup power supply system (BPSS)

Onsite electrical power systems are nonsafety-related and non-Class 1E.

Section 8.3 provides more detail on the onsite power systems.

Although BPSS capability is included, non-reliance on AC power eliminates the need for an alternate AC power source to meet the station blackout (SBO) coping requirements. An evaluation of SBO is provided in Section 8.4.

cale US460 SDAA 8.1-1 Revision 1

Safety-related loads do not rely on AC or DC power systems to perform their associated safety functions. Operator action is not relied upon to achieve and maintain safe shutdown. Safety-related systems do not require onsite or offsite power systems to actuate, and their continued operation relies on natural mechanisms based on fundamental physical and thermodynamic principles (e.g., gravity; natural circulation; convective, radiative, and conductive heat transfer; condensation; and evaporation).

A loss of voltage or degraded voltage condition on the electrical power systems does not adversely affect the performance of plant safety-related functions.

The design does not include Class 1E AC or DC power systems as defined in Institute of Electrical and Electronics Engineers (IEEE) Std. 308-2001.

The design uses the EDAS to support post-accident monitoring and to preclude inadvertent emergency core cooling system actuation. Section 8.3.2 contains additional information on the EDAS design. Refer to Chapter 15 for additional information on the consideration of EDAS unavailability in the plant safety analyses.

3.1 Offsite Power System The design bases for the offsite power system, if provided, are site-specific and are described in Section 8.2.

3.2 Onsite Power Systems The EDAS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The EDAS is designed to support important plant loads, as described in Section 8.3.2.

The EDNS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The EDNS batteries are designed to provide DC power and AC power (via inverters) after a loss of power to the battery chargers, after which the on-site standby power sources restore AC power to the EDNS battery chargers.

The EHVS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. It is designed with the capability for operation in island mode (Section 8.3.1). The EHVS equipment is physically separated from safety related circuits and is not located near safety-related components.

The EMVS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The circuits are physically separated from safety circuits throughout the plant, and EMVS equipment is not located near safety-related components.

cale US460 SDAA 8.1-2 Revision 1

The BPSS is designed to provide electrical power to the plant when AC power is not available. The BPSS is a non-Class 1E system. Its functions are non-safety related and not risk-significant. The backup diesel generators are designed to automatically start on a loss of plant switchyard power and to be manually connected to provide backup AC power to the affected loads.

3.3 Regulatory Requirements and Guidance Table 8.1-1 summarizes the extent to which the design of the electric power systems conforms to relevant Nuclear Regulatory Commission requirements and guidance. Conformance with regulatory criteria and general design criteria is summarized in Section 1.9 and Section 3.1, respectively. Electrical systems are designed in accordance with the requirements and guidance with exceptions or clarifications noted below.

Electrical systems conform to GDC 2, GDC 4, and GDC 5 to the extent described in Section 8.3.1 and Section 8.3.2. As described in Section 3.1, the design supports an exemption from GDC 17, GDC 18, and GDC 33.

Compliance with principal design criteria in lieu of GDC 34, 35, 38, 41, and 44 is described in Section 3.1.4. The principal design criteria do not include requirements for electric power systems.

The electrical penetration assembly design conforms to GDC 50.

Section 8.3.1 addresses the electrical penetration assembly electrical design requirements. Section 3.8.2 and Section 6.2.1 address the mechanical integrity requirements of GDC 50.

The design does not rely on pressurizer heaters to establish and maintain natural circulation in shutdown conditions. Accordingly, the design supports an exemption from the 10 CFR 50.34(f)(2)(xiii) (TMI Item II.E.3.1) requirement to provide pressurizer heater power supply and associated motive and control power interfaces to establish and maintain natural circulation in shutdown conditions.

The design does not include pressurizer relief valves or pressurizer relief block valves. Therefore, 10 CFR 50.34(f)(2)(xx) (TMI Item II.G.1) requirements to provide emergency power sources and qualified motive and control power connections for such valves are not technically relevant. The design supports an exemption from the portions of the rule that require vital power buses for pressurizer level indicators.

NuScale electrical systems are not protection systems and do not perform safety-related functions; therefore, these systems are not required to conform to 10 CFR 50.55a(h).

The design conforms to the requirements of 10 CFR 50.63 for a light water reactor to have the capability to withstand an SBO for a specified duration and recover from an SBO as defined in 10 CFR 50.2. Additional details regarding conformance with 10 CFR 50.63 are described in Section 8.4.

cale US460 SDAA 8.1-3 Revision 1

10 CFR 50.34(f)(2)(xx)). As described above, the NuScale design supports exemptions from portions of these regulations and other portions are not technically relevant. Therefore, the associated guidance of NUREG-0737 is not applicable to the NuScale design.

Portions of NUREG/CR-0660 relevant to the NuScale electrical systems are considered as reference only, consistent with NuScale DSRS Section 8.1.

Conformance with TMI items, including those addressed in this NUREG, is described in Section 1.9.

SECY-90-016 pertains to evolutionary advanced light water reactor (ALWR) designs and is not directly applicable to passive plant designs. As a passive ALWR design, the NuScale electrical system design conforms to the passive plant guidance of SECY-94-084, Section F.

SECY-91-078 pertains to evolutionary ALWR designs and is not directly applicable to passive plant designs. As a passive ALWR design, the NuScale electrical system design conforms to the passive plant guidance of SECY-94-084, Section G.

The evaluation of NuScale electrical systems under the regulatory treatment of nonsafety systems (RTNSS) process is described in Section 19.3.

cale US460 SDAA 8.1-4 Revision 1

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System 0 CFR 50, Appendix A, General Design Criteria for Nuclear Plants DC 2 Design bases for protection against A A natural phenomena DC 4 Environmental and dynamic effects A A design bases DC 5 Sharing of structures, systems, and A A components DC 17 Electric power systems The NuScale design supports an exemption from GDC 17.

DC 18 Inspection and testing of electric The NuScale design supports an power systems exemption from GDC 18.

DC 33 Reactor coolant makeup The NuScale design supports an exemption from GDC 33.

DCs 34, 35, 38, 41, 44 Residual heat removal, emergency The plant design complies with a core cooling, containment heat set of principal design in lieu of removal, containment atmosphere these GDC, as described in cleanup, cooling water Section 3.1.4.

DC 50 Containment design basis A A The electrical design requirements for electrical penetration assemblies are included in Section 8.3.

egulations (10 CFR 50 and 10 CFR 52) 0 CFR 50.34 Contents of applications; technical information 10 CFR 50.34(f)(2)(v) Additional Three Mile Island This requirement is not applicable (TMI)-related requirements (Item to the NuScale electric power I.D.3) systems, which are not safety-related.

10 CFR 50.34(f)(2)(xiii) Additional TMI-related requirements The NuScale design supports an (Item II.E.3.1) exemption from Introduction 10 CFR 50.34(f)(2)(xiii).

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System

. 10 CFR 50.34(f)(2)(xx) Additional TMI-related requirements The NuScale design does not (Item II.G.1) include pressurizer relief valves or block valves, and the the design supports an exemption from the pressurizer level indicator portion of 10 CFR 50.34(f)(2)(xx).

0 CFR 50.55a(h) Codes and standards NuScale electrical systems are not protection systems and do not perform safety-related functions.

0 CFR 50.63 Loss of all alternating current power G A 0 CFR 50.65(a)(4) Requirements for monitoring the See Section 17.6.

effectiveness of maintenance at nuclear power plants 0 CFR 52.47(b)(1) Contents of applications; technical information 0 CFR 52.80(a) Contents of applications; additional N/A, this rule pertains to technical information applications referencing an early site permit or a standard design certification.

egulatory Guides (RGs) egulatory Guide 1.6 - March 1971 Safety Guide 6 - Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems egulatory Guide 1.32 - Revision 3, Criteria for Power Systems for arch 2004 Nuclear Power Plants egulatory Guide 1.41 - March 1973 Preoperational Testing of Redundant Onsite Electric Power Systems to Verify Proper Load Group Assignments Introduction

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System egulatory Guide 1.47 - Revision 1, Bypassed and Inoperable Status This guidance does not apply to ebruary 2010 Indication for Nuclear Power Plant the NuScale electric power Safety Systems systems that are not safety-related.

egulatory Guide 1.53 - Revision 2, Application of the Single-Failure ovember 2003 Criterion to Safety Systems egulatory Guide 1.63 - Revision 3, Electric Penetration Assemblies in G G The electrical design ebruary 1987 Containment Structures for Nuclear requirements for electrical Power Plants penetration assemblies with respect to RG 1.63 are included in Section 8.3.

egulatory Guide 1.68 - Revision 4, Initial Test Programs for G G G Section 14.2 une 2013 Water-Cooled Nuclear Power Plants egulatory Guide 1.75 - Revision 3, Criteria for Independence of As it relates to the EDAS; ebruary 2005 Electrical Safety Systems Section 8.3.2 egulatory Guide 1.81 - Revision 1, Shared Emergency and Shutdown anuary 1975 Electric Systems for Multi-Unit Nuclear Power Plants egulatory Guide 1.106 - Revision 2, Thermal Overload Protection for Not applicable; the design does ebruary 2012 Electric Motors on Motor-Operated not include safety-related MOVs Valves egulatory Guide 1.118 - Revision 3, Periodic Testing of Electric Power pril 1995 and Protection Systems egulatory Guide 1.128 Revision 2, Installation Design and Installation Vented lead-acid batteries are not ebruary 2007 of Vented Lead-Acid Storage included in the design.

Batteries for Nuclear Power Plants egulatory Guide 1.129 - Revision 3, Maintenance, Testing, and Vented lead-acid batteries are not eptember 2013 Replacement of Vented Lead-Acid included in the design.

Storage Batteries for Nuclear Power Plants Introduction egulatory Guide 1.153 - Revision 1, Criteria for Safety Systems une 1996

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System egulatory Guide 1.155 - August Station Blackout G Compliance with 10 CFR 50.63 is 988 shown without use of the RG egulatory Guide 1.160 - Revision 3, Monitoring the Effectiveness of ay 2012 Maintenance at Nuclear Power Plants egulatory Guide 1.204 - November Guidelines for Lightning Protection GDC 2 discussions in 005 of Nuclear Power Plants Section 8.3.1 and Section 8.3.2.

egulatory Guide 1.206 - June 2007 Combined License Applications for Nuclear Power Plants (LWR Edition) egulatory Guide 1.212 - Revision 1, Sizing of Large Lead-Acid Storage Regulatory Guide 1.212 is written pril 2015 Batteries in the context of a safety-related standby battery system, and endorses IEEE Std. 485-2010.

This RG and standard are not applicable to the nonsafety-related EDNS and EDAS. The EDNS and EDAS batteries are sized in accordance with IEEE Std. 485-2020.

egulatory Guide 1.218 - April 2012 Condition-Monitoring Techniques Limited to cables determined to for Electric Cables Used in Nuclear be within the scope of Power Plants 10 CFR 50.65 ranch Technical Positions (BTPs)

RP BTP 8-1 Requirements on Motor-Operated Not applicable; the design does Valves in the ECCS Accumulator not include safety-related MOVs Lines or ECCS accumulator lines.

RP BTP 8-2 Use of Onsite AC Power Sources The design does not rely on AC for Peaking power sources for the performance of safety-related functions, therefore the guidance Introduction of BTP 8-2 need not be applied.

RP BTP 8-3 Stability of Offsite Power Systems G Section 8.2

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System RP BTP 8-4 Application of the Single Failure Criterion to Manually-Controlled Electrically-Operated Valves RP BTP 8-5 Supplemental Guidance for Bypass This BTP does not apply to and Inoperable Status Indication for NuScale electric power systems Engineered Safety Features as these systems are not Systems engineered safety features and are not relied on to support engineered safety features.

RP BTP 8-6 Adequacy of Station Electric Distribution System Voltages RP BTP 8-7 Criteria for Alarms and Indications Not applicable; no Class 1E Associated with Diesel-Generator emergency diesel generators Unit Bypassed and Inoperable Status RP BTP 8-8 Onsite (emergency diesel Not applicable; with non-reliance generators) and offsite power on AC power, no technical sources allowed outage time specification operating extensions restrictions for inoperable AC power sources RP BTP 8-9 Open Phase Conditions in Electric Not applicable; see Table 1.9-3 Power System UREG Reports UREG-0737 Clarification of TMI Action Plan Section 8.1.3.3 Requirements UREG/CR-0660 Enhancement of Onsite Diesel G Reference only Generator Reliability ommission Papers (SECYs)

ECY-90-016 Evolutionary Light Water Reactor Certification Issues and their Relationships to Introduction Current Regulatory Requirements, 1990

Scale Final Safety Analysis Report Criteria Title Applicable Section (Note 1) Remarks 8.2 8.3.1 8.3.2 8.4 Offsite Onsite Onsite DC Station Power AC Power Power Blackout System System System ECY-91-078 Electric Power Research Institute Requirements Document and Additional Evolutionary Light Water Reactor (LWR) Certification Issues, 1991 ECY-94-084 Policy and Technical Issues G G G G Used as guidance as described in Associated with the RTNSS in Section 8.1.3.3 Passive Plant Designs, 1994 ECY-95-132 Policy and Technical Issues G G G G Used as guidance as described in Associated with the RTNSS in Section 8.1.3.3 Passive Plant Designs, 1995 RC Bulletins RC Bulletin 2012-01 (July 2012) Design Vulnerability in Electric G Section 8.2.

Power System

" denotes acceptance criteria and "G" denotes guidance that is either partially or fully applied in the design of NuScale electrical systems. No letter denotes ot Applicable."

Introduction

1 Description The offsite power system includes connections to a transmission grid, micro-grid, or dedicated service load. The boundary between the onsite alternating current (AC) power system and the offsite power system is at the point of common coupling where the plant switchyard and utility grid conductors are connected. The switchyard is part of the high voltage AC electrical distribution system (Section 8.3.1).

The passive design of the plant does not rely on AC power and does not require an offsite power system to perform safety-related or risk-significant functions.

Accordingly, the NuScale design supports an exemption from GDC 17 and GDC 18.

Therefore, this section provides the relevant regulatory framework, but the acceptance criteria within the Design Specific Review Standard are not applicable to the NuScale design as there are no Class 1E power distribution systems.

During normal operations with at least one NuScale Power Module operating, the associated turbine generator is the source of power to the onsite AC power system as described in Section 8.3.1. A single turbine generator has sufficient capacity to meet the maximum expected total auxiliary AC load requirements for up to six NuScale Power Modules such that excess power is supplied to the offsite power system if one or more turbine generators are operating.

If provided, offsite power is the primary source for plant startup. The plant has the capability to start up and operate independently from the offsite power system in island mode as discussed in Section 8.3.1.

2 Analysis 2.1 Analysis of Offsite Power System Conformance with Regulatory Framework This section describes the extent to which the design of the offsite power system conforms to NRC requirements and guidance.

General Design Criteria 17 The NuScale design supports an exemption from the GDC 17 requirements for an offsite power system as described in Section 3.1.2. The passive design of the plant does not rely on an offsite power system to ensure that specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded as a result of anticipated operational occurrences or to maintain core cooling or containment integrity in the event of postulated accidents, as discussed in Section 15.0.0. In addition, the offsite power system is not relied upon to provide power for risk-significant functions.

cale US460 SDAA 8.2-1 Revision 1

As described above, the NuScale design supports an exemption from GDC 17.

Accordingly, the design supports an exemption from the GDC 18 inspection and testing requirements (Section 3.1.2).

General Design Criteria 33 The NuScale design supports an exemption from GDC 33, as described in Section 3.1.4.

General Design Criteria 34, 35, 38, 41, and 44 The plant design complies with a set of principal design criteria in lieu of these GDC, as described in Section 3.1.4. The principal design criteria do not include requirements for electric power systems.

10 CFR 50.63 The NuScale Power Plant conformance with 10 CFR 50.63 is described in Section 8.4.

Regulatory Guide 1.218 Regulatory Guide 1.218 provides guidance for monitoring the condition of cables that have been determined to fall within the scope of the maintenance rule (10 CFR 50.65). As discussed in Section 17.6, this is not applicable.

Branch Technical Position 8-3 The performance of grid stability studies is site-specific, but is not required because the plant does not rely on offsite power as described in Section 8.2.1.

Branch Technical Position 8-6 Branch Technical Position (BTP) 8-6 addresses the adequacy of offsite system voltages to Class 1E (safety-related) loads. The offsite power system does not supply power to Class 1E loads and does not support safety-related functions.

Accordingly, BTP 8-6 is not applicable to the offsite power system.

Branch Technical Position 8-9 The BTP 8-9 addresses the effects of transmission grid open-phase conditions as identified in NRC Information Notice 2012-03 and NRC Bulletin 2012-01. This guidance involves protection from a common cause AC power failure due to open phase conditions in the offsite power sources that are credited for GDC 17 and the effect on onsite safety-related buses and safety-related loads. The offsite power system does not support safety-related functions. In addition, failures of the offsite power system, including open phase conditions or a station blackout, do not prevent the operation of safety-related functions.

cale US460 SDAA 8.2-2 Revision 1

safety-related functions, which is described in Section 7.1.2, ensures that the open phase conditions described in BTP 8-9 would not prevent the performance of safety-related functions.

Regulatory Guide 1.32 Regulatory Guide 1.32 addresses design criteria for safety-related power systems. The plant does not rely on an offsite power system to support or perform safety functions. Accordingly, Regulatory Guide 1.32 is not applicable to the offsite power system.

Regulatory Guide 1.68 Conformance with Regulatory Guide 1.68 is described in Section 14.2.

SECY 94-084 and SECY 95-132 Section 3.2 describes the SSC classification process, which did not identify safety-related loads for the offsite power system. Section 17.4 describes the methodology to establish risk-significance of SSC, which did not identify risk-significant loads for the offsite power system. The process for evaluating SSC against the RTNSS criteria is described in FSAR Section 19.3.

The lack of safety-related and risk-significant AC loads and the 72-hour SBO coping capability of the passive NuScale design as described in Section 8.4 obviate the need for an alternate AC power source or a safety-related emergency diesel generator, consistent with SECY 94-084 Parts F and G, which are confirmed in SECY 95-132.

cale US460 SDAA 8.2-3 Revision 1

Onsite power systems provide power to the plant loads during all modes of plant operation. The onsite power systems include alternating current (AC) power systems and direct current (DC) power systems. The plant safety-related functions are achieved and maintained without reliance on electrical power; therefore, neither the AC power systems nor the DC power systems are safety-related (Class 1E). The onsite power systems do not perform any risk-significant functions.

The nonsafety-related onsite AC power systems are described in Section 8.3.1. The nonsafety-related DC power systems are described in Section 8.3.2. Structures, systems, and components (SSC) classification methodology is provided in Section 3.2.

1 Alternating Current Power Systems 1.1 System Description The onsite AC power systems distribute AC power to the onsite DC power systems (through battery chargers) and to the plant AC electrical loads during startup and shutdown, normal operation, and off-normal conditions. The NuScale Power Plant does not use nor include an emergency onsite AC power system.

The onsite AC power systems are shared among the NuScale Power Modules (NPMs), and include the following:

normal power distribution system high voltage AC electrical distribution system (EHVS) with nominal bus voltage of 13.8 kV and 345 kV switchyard (Figure 8.3-1) medium voltage AC electrical distribution system (EMVS) with nominal bus voltage of 4.16 kV (Figure 8.3-2a and Figure 8.3-2b) low voltage AC electrical distribution system (ELVS) with nominal bus voltage of 480 V

backup power supply system (BPSS) (Section 8.3.1.1.1)

The normal source of onsite AC electrical power is from the operating NPM turbine generators through the EHVS, the EMVS, and the ELVS. The EHVS contains the switchyard, which is connected to the offsite transmission grid, a micro-grid, or both, as described in Section 8.2.

If the NPMs are not operating, power to the plant loads is supplied from either the offsite power system or the BPSS, which consists of two backup diesel generators (BDGs) connected to the EMVS.

Island mode is a capability that allows operation of the NPMs without an offsite AC power supply. In island mode, the plant turbine generators independently provide power to onsite AC loads. Island mode is a nonsafety-related and non-risk-significant design feature that is not credited to meet regulatory criteria.

cale US460 SDAA 8.3-1 Revision 1

generators providing power to the onsite and offsite AC loads. For a NuScale plant that is normally connected to an offsite power supply via a transmission grid, island mode represents a temporary operating condition until the grid operability is restored.

1.1.1 Backup Power Supply System The principal function of the nonsafety-related BPSS is to provide electrical power to the plant when the normal sources of AC power are not available.

The BDGs provide backup electrical power to the augmented DC power system (EDAS) and selected loads from various plant systems via connection to the EMVS. The BPSS is also capable of providing backup electrical power to loads supporting beyond design basis accident mitigation and performing a black start to recover from a total shutdown of all turbine generators without reliance on an external transmission grid. The BPSS delivers backup power to heating, ventilation, and air conditioning systems serving the battery and associated charger rooms to avoid prolonged periods of high ambient temperature. Other systems and equipment loads include select nonsafety-related, non-risk-significant loads that provide asset protection and operational flexibility.

The BDGs and associated equipment are designed to Seismic Category III requirements. The BDGs are independent and separated from each other to provide assurance that a fire or explosion in one BDG does not prevent operation of the other BDG.

1.2 Design Evaluation 1.2.1 Containment Electrical Penetration Assemblies The design of electrical penetration assemblies (EPAs) conforms to General Design Criterion (GDC) 50. This section describes the electrical design requirements for EPAs as they relate to compliance with GDC 50. The containment system, including EPAs, can accommodate the calculated pressure and temperature conditions resulting from a loss-of-coolant accident in accordance with GDC 50 as described in Section 6.2.1. The mechanical design requirements for EPAs are described in Section 3.8.2. The environmental qualification requirements for EPAs are described in Section 3.11.2.

The electrical penetration assemblies are designed in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 317-1983 (Reference 8.3-9) as endorsed by Regulatory Guide (RG) 1.63. The EPAs are provided with external circuit protection per Section 5.4 of IEEE Standard 741-1997 (Reference 8.3-10), which is consistent with the 1986 version endorsed by RG 1.63 with the following clarifications.

cale US460 SDAA 8.3-2 Revision 1

maximum fault current in these circuits would not damage the penetration if that current is available indefinitely. For these circuits, consideration of special protection devices is not required. For circuits that are not self-limiting, primary and backup protective devices are provided. Electrical penetration assemblies are designed to withstand the maximum available fault and overload currents for the time sufficient for operation of backup devices in case of failure of the primary protection devices.

Circuits contained in some of the EPAs support safety-related functions and are classified as Class 1E. Protection devices for non-Class 1E circuits using EPAs are not required to be treated as Class 1E.

As described in Section 7.1.2, divisional separation for Class 1E circuits is in accordance with Reference 8.3-6, which is endorsed by RG 1.75, Physical Independence of Electric Systems.

1.2.2 Onsite Alternating Current Power System Conformance with Regulatory Framework This section describes the extent to which the design of the main onsite AC power system, including the EHVS, the EMVS, the ELVS, and the BPSS, conforms to Nuclear Regulatory Commission (NRC) requirements and guidance. As such, the information in this section provides clarification for the associated entries in Table 8.1-1. Table 8.3-2 identifies SSC classifications for EHVS, EMVS, ELVS, and BPSS.

General Design Criterion 2 The onsite AC power system does not contain SSC that are required to function in the event of natural phenomena. Nonsafety-related SSC with the potential for adverse seismic interaction with Seismic Category I SSC are designed to Seismic Category II requirements so that their failure does not affect the ability of safety-related SSC to perform their intended functions.

General Design Criterion 4 The onsite AC power system does not contain SSC required to function under adverse environmental conditions associated with postulated accidents, including a loss-of-coolant accident. The nonsafety-related AC power system SSC are designed to operate within the environmental conditions associated with normal operation, maintenance, and testing. Failure of the onsite AC power system components does not introduce adverse environmental conditions that would affect the ability of safety-related SSC to perform their intended functions.

cale US460 SDAA 8.3-3 Revision 1

The onsite AC power systems are shared among NPMs. Failures affecting the onsite AC power systems do not affect the ability to achieve and maintain NPM safety functions, including the assumption that a design basis event occurs in one NPM.

General Design Criterion 50 The electrical design requirements for electrical penetration assemblies comply with GDC 50 as described in Section 8.3.1.2.1.

10 CFR 50.63 The NuScale design conformance with 10 CFR 50.63 is described in Section 8.4.

2 Direct Current Power Systems 2.1 System Description The onsite DC power systems include the EDAS and the normal DC power system (EDNS). These systems are described in the following sections.

2.1.1 Augmented Direct Current Power System The EDAS comprises two DC subsystems that provide a continuous, failure-tolerant source of 125 Vdc power to assigned plant loads during normal plant operation and for a specified minimum duty cycle following a loss of AC power. The EDAS-common (EDAS-C) plant subsystem serves plant common loads that have functions that are not specific to a single NPM. These functions include main control room (MCR) emergency lighting and post-accident monitoring (PAM) information displayed in the MCR. The EDAS-module-specific (EDAS-MS) plant subsystem consists of separate and independent DC electrical power supply systems, one for each NPM.

The EDAS-MS consists of four power channels and EDAS-C consists of two power divisions. The EDAS-MS and EDAS-C are capable of providing uninterrupted power to their loads. The EDAS-MS channels A and D have a specified minimum battery duty cycle of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , and EDAS-MS channels B and C have a specified minimum battery duty cycle of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The EDAS-C power divisions have a specified minimum battery duty cycle of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 24-hour battery duty cycle of EDAS-MS channels A and D is specified to preclude unnecessary ECCS valve actuation for a minimum of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months following a postulated loss of AC power, unless a valid ECCS actuation signal is received (Section 6.3.2 contains additional information on ECCS operation).

The 72-hour battery duty cycle for EDAS-MS channels B and C and EDAS-C provides a minimum of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of DC electrical power for MCR normal and emergency lighting and certain equipment supporting PAM. These EDAS-MS cale US460 SDAA 8.3-4 Revision 1

Figure 8.3-3, Figure 8.3-4a, and Figure 8.3-4b provide simplified one-line diagrams of the EDAS-C and EDAS-MS subsystems, respectively, and show the demarcation between the EDAS and the Class 1E instrumentation and controls equipment served by the EDAS-MS.

The source of electrical supply to the EDAS-C and EDAS-MS battery chargers is the ELVS.

Each common plant subsystem division contains one battery, two independent and redundant battery chargers, and one DC distribution panel assembly. Each distribution panel assembly consists of a fused disconnect switch, breakers, relays, metering, associated interconnections, and supporting structure.

Each EDAS-C battery charger is designed to supply electrical power to its connected loads while simultaneously recharging its associated battery from the design minimum charge state to 95 percent of full charge within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

Upon a loss of power to battery chargers, both Division I and Division II EDAS-C batteries are capable of supplying connected plant loads for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The batteries are described further below.

The EDAS-MS for an NPM provides electrical power for the MPS and other loads associated with that NPM. The EDAS-MS contains four power channels for each module. Power channels A and C are a part of EDAS Division I.

Power channels B and D are a part of EDAS Division II. Each power channel contains one battery, one battery charger, and one DC distribution panel assembly. Each distribution panel assembly consists of a bus, fused disconnect switch, tie breaker, breakers, relays, metering, associated interconnections, and supporting structures.

The EDAS-MS battery chargers normally supply power to plant loads in addition to maintaining the batteries fully charged. Upon a loss of power to all battery chargers, the bus and connected loads remain energized directly from the parallel connection with the batteries. Each EDAS-MS power channel charger is sized to carry 100 percent of the divisional DC bus loading during normal plant operation. In the event of a loss of a charger for maintenance or equipment failure, the divisional power channels can be connected together with the functional battery charger providing power to the divisional loads while maintaining connected batteries on float charge. Each EDAS-MS battery is sized with sufficient capacity to provide power to ECCS Hold Mode loads for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . The EDAS-MS channel B and channel C are designed with additional capacity to provide battery power to PAM-only mode loads for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months ; PAM-only mode is described in Section 7.0.4.

The BDGs provide additional capability to preserve battery capacity during the time when normal AC power to the battery chargers is not available by cale US460 SDAA 8.3-5 Revision 1

The EDAS is a non-Class 1E power system and is non-risk-significant.

Augmented design, qualification, and quality assurance (QA) provisions are applied to the EDAS as described throughout Section 8.3.2. Table 8.3-2 identifies SSC classifications for EDAS.

An evaluation of EDAS component failures is provided in Table 8.3-1. The evaluation does not assume that each component single failure occurs concurrently with the unavailability of the redundant EDAS channel (EDAS-MS) or EDAS division (EDAS-C). The results demonstrate the reliability of the system to perform its functions and that failures in the EDAS do not prevent safety-related functions from being achieved and maintained.

An evaluation of the EDAS reliability was performed. Using the generic failure probabilities from Section 19.1.4, the EDAS supports the mission requirements.

The EDAS and equipment is designed to allow testing online or offline during normal operation. The batteries and battery chargers can be isolated from the rest of the subsystem for testing. Local and remote indications in the control room ensure the ability for continuously monitoring the batteries, battery chargers, and DC buses during test conditions.

The battery monitor system (BMS) provides continuous monitoring of EDAS battery parameters indicative of battery performance.

The EDAS provides DC power only to DC loads. Therefore, inverters are not required or included in the EDAS design.

The EDAS operates ungrounded. Therefore, there are no connections to ground from either the positive or negative legs of the EDAS batteries or chargers. An ungrounded DC system ensures system reliability and availability in the event one of the system legs becomes grounded. The EDAS includes ground fault detection devices and relays consistent with the recommendations of IEEE Standard 946-2020 (Reference 8.3-5).

Physical separation is achieved by installing equipment in different rooms that are separated by 3-hour fire barriers. The EDAS-MS Division I cables (channels A and C) and raceways are routed separately from EDAS-MS Division II cables (channels B and D) and raceways. Similarly EDAS-C Division I cables and raceways are routed separately from EDAS-C Division II cables and raceways. Although EDAS electrical power is not required to achieve a safe shutdown, this separation ensures that equipment in one fire area rendered inoperable by fire, smoke, hot gases, or fire suppressant does not affect the availability of the redundant equipment located in another fire area. The fire protection features and analyses are described in Section 9.5.1.

The EDAS-MS equipment is shown on Figure 8.3-4a and Figure 8.3-4b.

cale US460 SDAA 8.3-6 Revision 1

Augmented Direct Current Power System Batteries Each EDAS battery comprises valve-regulated lead-acid (VRLA) type cells connected in series to generate 125 Vdc. The EDAS includes augmented design provisions for batteries. The batteries are designed and installed per IEEE Std. 1187-2013. Maintenance and testing is performed in accordance with IEEE Std. 1188-2005(R2010) with 2014 amendment. The batteries are sized per IEEE Std. 485-2020. Instrumentation, indication, and alarms conform with IEEE Std. 946-2020, IEEE Std. 1491-2012, IEEE Std. 1187-2013, and IEEE 1188-2005.

2.1.2 Normal Direct Current Power System The EDNS is a non-Class 1E DC power system classified as nonsafety-related and non-risk-significant. Table 8.3-2 identifies SSC classifications for EDNS. The EDNS does not serve safety-related loads, and it does not have safety-related functional requirements during plant startup, normal operation, shutdown, or abnormal operation.

The EDNS is shared among the NPMs and provides both DC power and AC power (through inverters) to nonsafety-related loads that support functions related to investment protection and power generation (i.e., the loads that are part of plant permanent nonsafety systems). A simplified layout of the EDNS is shown in Figure 8.3-5.

2.2 Design Evaluation 2.2.1 Onsite Direct Current Power System Conformance with Regulatory Framework This section describes the extent to which the design of the onsite DC power systems, including the EDAS and the EDNS electrical equipment, conforms to NRC requirements and guidance. As such, the information in this section provides clarification for the associated entries in Table 8.1-1.

General Design Criterion 2 The EDNS is not required to function in the event of natural phenomena events. The EDNS structures, systems, and components with the potential for adverse seismic interaction with Seismic Category I SSC are designed to Seismic Category II requirements so that their failure does not affect the ability of safety-related SSC to perform their intended functions. The EDAS is augmented to comply with GDC 2 requirements for increased reliability and availability. The EDAS structures, systems, and components are located in Seismic Category I areas of the plant, specifically in the Reactor Building and in areas of the Control Building (CRB) that are designed to withstand the cale US460 SDAA 8.3-7 Revision 1

The EDAS structures, systems, and components are further augmented by applying design, qualification, and QA provisions typically applied to Class 1E DC power systems using a graded approach. The graded approach is reflected in the EDAS design, qualification, and QA provisions detailed in this Chapter and the Quality Assurance Program Description. Augmented DC power system SSC that provide backup DC electrical power meet Seismic Category I standards per Reference 8.3-14.

General Design Criterion 4 The EDAS complies with GDC 4 requirements. The EDAS design accommodates the effects of environmental conditions by applying augmented provisions for the design, qualification, and QA typically applied to Class 1E DC power systems using a graded approach. The graded approach is reflected in the EDAS design, qualification, and QA provisions detailed in this Chapter and the Quality Assurance Program Description. The EDAS is located in a mild environment as defined in 10 CFR 50.49(c), such that it is not subject to the requirements of 10 CFR 50.49. The physical locations of the EDAS-MSs and EDAS-C within the Reactor Building and the CRB, respectively, provide the EDAS with protection from dynamic effects, including the effects of missiles, pipe whipping, and discharging fluids.

The Reactor and Control Building HVAC systems provide EDAS structures, systems, and components with ventilation including cooling, heating, humidity control, and hydrogen dilution in accordance with Reference 8.3-7, Reference 8.3-8, and Reference 8.3-12. The BPSS delivers backup power to heating, ventilation, and air conditioning systems serving the battery and associated charger rooms to avoid prolonged periods of high ambient temperature.

The EDAS batteries are environmentally qualified per Reference 8.3-13.

General Design Criterion 5 As shown on Figure 8.3-4a and Figure 8.3-4b, the EDAS-MS is not shared among NPMs. Specifically, portions of the EDAS that supply electrical power to the MPS are not shared. Each NPM is provided with a dedicated EDAS-MS.

Sharing of the EDAS-C is shown on Figure 8.3-3. A postulated loss of power or power fluctuation on the EDAS-C would not result in adverse interactions among NPMs, and would not impair the performance of safety-related functions necessary to achieve and maintain safe shutdown of the NPMs.

A failure in the EDNS system does not impair the ability to achieve and maintain NPM safety-related functions.

cale US460 SDAA 8.3-8 Revision 1

The electrical design requirements for electrical penetration assemblies comply with GDC 50 as described in Section 8.3.1.2.1.

10 CFR 50.63 The design conformance with 10 CFR 50.63 is described in Section 8.4.

Regulatory Guide 1.68 The EDAS preoperational testing is performed as part of the Initial test program described in Section 14.2.12.

Regulatory Guide 1.75 The onsite electric DC power systems do not perform safety-related functions and do not contain Class 1E circuits. Therefore, the DC electric power systems are outside the scope of RG 1.75 and IEEE Std 384-1992, which specify criteria for establishing and maintaining electrical independence of safety-related equipment and circuits. Notwithstanding, the physical separation, electrical independence, and identification criteria of RG 1.75 and IEEE Std. 384-1992 are applied to the EDAS as an augmented quality provision.

2.2.2 Electrical Power System Calculations and Distribution System Studies for Direct Current Systems The following information describes the calculations and studies that are developed for the DC power systems. The calculations are performed using the Electrical Transient Analyzer Program computer software (Reference 8.3-3).

The EDAS and EDNS load-flow analyses are performed in accordance with IEEE 485-2020 and IEEE 946-2020.

Short-circuit analyses are performed for the EDAS-MS and EDAS-C subsystems. These analyses are performed in accordance with IEEE Standard 946-2020 (Reference 8.3-5) and IEEE Standard 242-2001 (Reference 8.3-2) methodologies.

The DC equipment is sized using the methodologies in Reference 8.3-2, Reference 8.3-4, Reference 8.3-5, and Reference 8.3-11.

Equipment protection and coordination studies are performed in accordance with Reference 8.3-2, Reference 8.3-5, and Reference 8.3-11.

The EDAS battery chargers supplied by the ELVS provide electrical isolation between the AC power system and the EDAS.

cale US460 SDAA 8.3-9 Revision 1

safety-related loads from the DC power systems ensures that variations in voltage, frequency, and waveform (harmonic distortion) in the DC power systems do not degrade the performance of safety-related systems.

2.2.3 Grounding The EDAS power supply system is operated ungrounded. Neither the positive nor the negative leg is grounded during normal operation. Therefore, a connection to ground on either the positive or negative leg does not change the DC system voltage; it is only referenced to ground at that point. However, structures and components of the EDAS are connected to the station ground grid to provide personnel and equipment protection.

The EDAS design incorporates ground detection features to identify when a connection to ground occurs on either the positive or negative leg of the DC system.

2.3 Inspection and Testing Augmented Direct Current Power System Periodic inspection and testing is performed on the EDAS for operational, commercial, and plant investment protection purposes.

The EDAS is designed to permit appropriate periodic inspection and testing to assess the operability and functionality of the systems and the condition of their components. Specifically, the EDAS design allows for removing portions of the system from operation without affecting continued operation of the plant.

Protection devices are capable of being tested, calibrated, and inspected.

Preoperational tests are conducted to confirm battery capacity and verify proper operation of the EDAS. These tests are within the scope of the initial test program described in Section 14.2.

2.4 Instrumentation and Controls The MCR and remote monitoring and control of certain onsite DC power system components is provided by the plant control system and the module control system.

The EDAS includes provisions for indication of system status in the main control room. Indication readouts and alarms are provided in accordance with Reference 8.3-1, Reference 8.3-5, Reference 8.3-7, and Reference 8.3-8.

Each EDAS-C and EDAS-MS battery has a battery monitor connected that provides continuous monitoring of EDAS battery performance characteristics, including temperature deviations, discharges, and voltage excursions that exceed predefined tolerances.

cale US460 SDAA 8.3-10 Revision 1

8.3-1 Institute of Electrical and Electronics Engineers, IEEE Guide for Selection and Use of Battery Monitoring Equipment in Stationary Applications, IEEE Standard 1491-2012, Piscataway, NJ.

8.3-2 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Protection and Coordination of Industrial and Commercial Power Systems (IEEE Buff Book)," IEEE Standard 242-2001, Piscataway, NJ.

8.3-3 Electrical Transient Analyzer Program [Computer Program]. (2016). Irvine, CA: Operation Technology, Inc.

8.3-4 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Sizing Lead-Acid Batteries for Stationary Applications," IEEE Standard 485-2020, Piscataway, NJ.

8.3-5 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for the Design of DC Auxiliary Power Systems for Generating Stations," IEEE Standard 946-2020, Piscataway, NJ.

8.3-6 Institute of Electrical and Electronics Engineers, "IEEE Standard Criteria for Independence of Class 1E Equipment and Circuits," IEEE Standard 384-1992, New York, NY.

8.3-7 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Installation Design and Installation of Valve-Regulated Lead-Acid Batteries for Stationary Applications," IEEE Standard 1187-2013, New York, NY.

8.3-8 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Maintenance, Testing, and Replacement of Valve-Regulated Lead-Acid (VRLA) Batteries for Stationary Applications," IEEE Standard 1188-2005, New York, NY.

8.3-9 Institute of Electrical and Electronics Engineers, "IEEE Standard for Electrical Penetration Assemblies in Containment Structures for Nuclear Power Generating Stations," IEEE Standard 317-1983, New York, NY.

8.3-10 Institute of Electrical and Electronics Engineers, "IEEE Standard Criteria for the Protection of Class 1E Power Systems and Equipment Nuclear Power Generating Stations," IEEE Standard 741-1997, New York, NY.

8.3-11 Institute of Electrical and Electronics Engineers, IEEE Guide for the Protection of Stationary Battery Systems, IEEE Standard 1375-1998, Piscataway, NJ.

cale US460 SDAA 8.3-11 Revision 1

Applications, IEEE Standard 1635-2012, New York, NY.

8.3-13 Institute of Electrical and Electronics Engineers, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations, IEEE Standard 323-2003, New York, NY.

8.3-14 Institute of Electrical and Electronics Engineers, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, IEEE Standard 344-2013, New York, NY.

cale US460 SDAA 8.3-12 Revision 1

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provide No output

AC input (A) Loss of charger (A) None Condition monitoring Acceptable adequate DC voltage breaker (open) function Battery monitor current and

DC output (B) None

Low float current Battery assumes loads voltage to the breaker (open) (B) None

Low voltage and begins to discharge.

respective DC

Rectifier bridge

Battery discharge loads failure Battery charger EDAS-MS tie breaker or

Maintains the

Control

Low voltage EDAS-C standby battery battery on float circuitry failure

Charger trouble charger can be used to charge

Feedback

AC/DC failure restore power to the

Provide ability circuit failure Local indications affected channel.

to charge

Blocking diode

Charger panel battery while (open) indications Component misoperation servicing

Human error

DC distribution panel normal DC indications loads Loss of AC

ELVS to EDAS (A) Loss of charger (A) None Condition monitoring Acceptable input motor control function

MCS/MPS MCC status center (MCC) (B) None Battery Monitor Loss of AC input is the feed (open) (B) None

Low float current entry condition for

Human error

Battery discharge condition B, operation with

Software DC distribution panel a loss of AC.

failure

Low voltage

Loss of all AC Local indications Component misoperation power

Charger panel indications

DC distribution panel indications Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provide Low output

Open SCR (A) Loss of charger (A) None Condition monitoring Acceptable tinued) adequate DC voltage

Open diode function Battery monitor current and

Control (B) None

Low float current Battery assumes loads voltage to the circuitry (B) None

Low individual cell and begins to discharge.

respective DC degradation voltage (ICV) loads

Feedback

Low voltage EDAS-MS tie breaker can

Maintains the circuitry

Battery discharge be closed to restore power battery on float degradation Battery charger to the affected channel.

charge

Human error

Low voltage

Provide ability

Software DC distribution panel Incorrect charger to charge failure

Low voltage adjustment battery while Local indications servicing

Charger panel normal DC indications loads

DC distribution panel (continued) indications Erratic output

Control (A) Battery charger (A) None Condition monitoring Acceptable voltage (high circuitry voltage cycles Battery monitor ripple) degradation above and below (B) None

AC ripple current Charger could be

Feedback the battery open

Erratic float current removed from service and circuity circuit voltage Battery charger EDAS-MS tie breaker can degradation subject the battery

Low/high voltage be closed to restore power

Ripple filter to alternating

Charger trouble to the affected channel.

degradation charge/discharge DC distribution panel cycles. Battery

Low/high voltage Long term reliability issue heating concern resulting in accelerated Loss of charger battery wear function (B) None Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provide High output

SCR short (A) DC bus voltage (A) Affected Condition monitoring Acceptable tinued) adequate DC voltage

Diode short increases until separation Battery monitor current and

Control operator action is channel/division

High float current Operator or automatic DC voltage to the circuitry taken or the high DC-DC converters

High battery string high voltage shutdown respective DC degradation DC voltage isolate on high voltage actions are not required to loads

Feedback shutdown set point voltage or loss of Battery charger protect the safety loads.

Maintains the circuitry is reached. Battery voltage

High voltage battery on float degradation is overcharged Non-consequential

High voltage shutdown Incorrect charger charge

Human error while voltage failure(2) DC distribution panel adjustment

Provide ability

Software exceeds the

High voltage to charge failure nominal float (B) None Local indications battery while voltage band. Loss

Charger panel servicing of charger function indications normal DC

DC distribution panel loads (B) None indications (continued)

Loss of

Current limit (A) Loss of charger (A) None Condition monitoring Acceptable current limit circuit failure function Battery monitor

Human error (B) None

High battery charge AC input or DC output (B) None current breaker opens. Battery

Temperature monitoring begins to discharge.

Battery charger

Charger trouble alarm This failure only affects

Low voltage alarm EDAS in the event of a DC fault or upon AC power restoration where discharged batteries are being recharged.

Incorrect adjustment Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provide DC ground Loss of (A) None (A) None Condition monitoring Acceptable tinued) adequate DC fault Insulation Battery charger current and (B) None (B) None

Ground detection Single loss of insulation voltage to the DC distribution panel on one leg of the DC respective DC

Ground fault alarm system (positive or loads negative).

Maintains the Single ground fault has no battery on float effect on an ungrounded charge DC system. A ground fault

Provide ability monitoring system is to charge provided by the battery battery while charger and DC servicing distribution panel.

normal DC Applies to a ground fault loads at any location on EDAS.

(continued) AC ground Loss of (A) Loss of charger (A) None Condition monitoring Acceptable fault Insulation function AC ground fault detector (B) None

ELVS is high resistance ELVS MCC is removed (B) None grounded detection of from service battery neutral current through assumes load and begins HRG resistor to discharge.

Battery charger

AC power failure EDAS-MS tie breaker can be closed to restore power to the affected channel.

Charger AC AC source (A) None (A) None Condition monitoring Acceptable blocking becomes load on Battery charger function fault battery (B) None (B) None

Charger trouble alarm Battery charger can only

Low voltage alarm transfer power from AC to DC.

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provide Series output Blocking diode (A) None (A) None Condition monitoring Acceptable tinued) adequate DC diode short short Battery monitor current and (B) Battery (B) Affected

Battery discharge Fault only occurs if the voltage to the discharges through separation channel current amount of loss through respective DC ripple filter and DC-DC converters

Low ICV the filter exceeds the loads battery eliminator. isolate on low Periodic testing battery margin.

Maintains the Ability to meet voltage before

Component testing battery on float power channel meeting duty cycle charge duty cycle may be requirements.

Provide ability impacted. Non-consequential to charge Non-consequential failure(2) battery while failure(2) servicing normal DC loads (continued)

A battery

Backup supply Reduced Plate short (A) None (A) None Condition monitoring Acceptable g power to 125 battery string Battery monitor DC distribution capacity (B) Single power (B) Affected

Low ICV panel channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing meeting duty cycle

Capacity testing requirements.

Non-consequential failure(2)

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Positive plate (A) None (A) None Condition monitoring Acceptable g power to 125 battery string corrosion Battery monitor tinued) DC distribution capacity (B) Single power (B) Affected

Low ICV panel (continued) channel may not separation channel

Low string voltage (continued) meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing meeting duty cycle

Visual inspection (case requirements. bulge)

Non-consequential

Capacity testing failure(2)

Active material (A) None (A) None Condition monitoring Acceptable failure Battery monitor (B) Single power (B) Affected

Low ICV channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing meeting duty cycle

Capacity testing requirements.

Non-consequential failure(2)

Post seal (A) None (A) None Condition monitoring Acceptable leakage Battery monitor (B) Single power (B) Affected

Low ICV channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing Onsite Power Systems meeting duty cycle

Visual inspection requirements. (corrosion/electrolyte)

Non-consequential

Capacity testing failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Dryout (A) None (A) None Condition monitoring Acceptable g power to 125 battery string Battery monitor tinued) DC distribution capacity (B) Single power (B) Affected

Low ICV panel (continued) channel may not separation channel

Low string voltage (continued) meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

High float current meeting duty cycle

High negative post requirements. temperatures Non-consequential Periodic testing failure(2)

Capacity testing Thermal (A) None (A) None Condition monitoring Acceptable runaway Battery monitor (B) Single power (B) Affected

Low ICV Battery chargers are channel may not separation channel

Low string voltage temperature compensated meet duty cycle. DC-DC converters

Intercell resistance which removes the source Non-consequential isolate on low change of external power required failure(2) voltage before

Temperature monitoring to drive VRLA batteries meeting duty cycle

High float current into thermal runaway.

requirements.

Non-consequential failure(2)

Negative plate (A) None (A) None Condition monitoring Acceptable self discharge Battery monitor (B) Single power (B) Affected

Low ICV Battery monitor detects channel may not separation channel

Low string voltage ICV voltage less than meet duty cycle. DC-DC converters

Intercell resistance battery critical voltage in Non-consequential isolate on low change real time.

failure(2) voltage before Periodic testing Onsite Power Systems meeting duty cycle

Capacity testing requirements.

Non-consequential failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4)Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Temperature (A) None (A) None Condition monitoring Acceptable g power to 125 battery string effects Battery monitor tinued) DC distribution capacity (B) Single power (B) Affected

Low ICV panel (continued) channel may not separation channel

Low string voltage (continued) meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing meeting duty cycle

Visual Inspection (jar requirements. degradation)

Non-consequential

Capacity testing failure(2)

Seal or valve (A) None (A) None Condition monitoring Acceptable failures Battery monitor (B) Single power (B) Affected

Low ICV channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

High float current meeting duty cycle Periodic testing requirements.

Visual inspection Non-consequential

Capacity testing failure(2)

Loss of (A) None (A) None Condition monitoring Acceptable absorbent glass Battery monitor mat compression (B) Single power (B) Affected

Low ICV Non-electrolyte starved channel may not separation channel

Low string voltage VRLA battery designs (gel meet duty cycle. DC-DC converters

Intercell resistance cells) are not affected by Non-consequential isolate on low change this failure.

failure(2) voltage before

High float current Onsite Power Systems meeting duty cycle Periodic testing requirements.

Capacity testing Non-consequential failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Intercell/intertier (A) None (A) None Condition monitoring Acceptable g power to 125 battery string corrosion Battery monitor tinued) DC distribution capacity (B) Single power (B) Affected

Low ICV panel (continued) channel may not separation channel

Low string voltage (continued) meet duty cycle. DC-DC converters

Intercell/Intertier Non-consequential isolate on low resistance change failure(2) voltage before Periodic testing meeting duty cycle

Visual Inspection requirements. (connector corrosion)

Non-consequential

Capacity testing failure(2)

Ripple current (A) None (A) None Condition monitoring Acceptable Battery monitor (B) Single power (B) Affected

Low ICV channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

Temperature monitoring meeting duty cycle

AC ripple current requirements. Periodic testing Non-consequential

Capacity testing failure(2)

Battery charger testing Container cracks (A) None (A) None Condition monitoring Acceptable Battery monitor (B) Single power (B) Affected

Low ICV channel may not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

High float current Onsite Power Systems meeting duty cycle Periodic testing requirements.

Visual inspection (case Non-consequential cracks) failure(2)

Capacity testing

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Sulfation (A) None (A) None Condition monitoring Acceptable g power to 125 battery string Battery monitor tinued) DC distribution capacity (B) Single power (B) Affected

Low ICV panel (continued) channel may not separation channel

Low string voltage (continued) meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change-Low float failure(2) voltage before current meeting duty cycle Periodic testing requirements.

Capacity testing Non-consequential failure(2)

Overcharging (A) None (A) None Condition monitoring Acceptable Battery monitor (B) Single power (B) Affected

High ICV Long term aging channel may not separation channel

High string voltage mechanism meet duty cycle. DC-DC converters

High float current Non-consequential isolate on low

Intercell resistance failure(2) voltage before change meeting duty cycle Periodic testing requirements.

Capacity testing Non-consequential failure(2)

Undercharging (A) None (A) None Condition monitoring Acceptable Battery monitor (B) Single power (B) Affected

Low ICV Long term aging channel may not separation channel

Low string voltage mechanism meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

Low float current Onsite Power Systems meeting duty cycle Periodic testing requirements.

Capacity testing Non-consequential failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Reduced Grid, paste, strap (A) None (A) None Condition monitoring Acceptable g power to 125 battery string weld defect Battery monitor tinued) DC distribution capacity (B) Single power (B Affected

Low ICV Typically found during panel (continued) channel may not separation channel

Low string voltage acceptance testing (continued) meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before Periodic testing meeting duty cycle

Capacity testing requirements.

Non-consequential failure(2)

Low battery Plate short (A) None (A) None. Condition monitoring Acceptable string voltage Battery monitor (B) Single power (B) Affected

Low ICV channel does not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell resistance Non-consequential isolate on low change failure(2) voltage before

Float current change meeting duty cycle Periodic testing requirements.

Capacity testing Non-consequential failure(2)

Intercell/intertier (A) None (A) None. Condition monitoring Acceptable corrosion Battery monitor (B) Single power (B) Affected

Low ICV channel does not separation channel

Low string voltage meet duty cycle. DC-DC converters

Intercell/intertier Non-consequential isolate on low resistance change failure(2) voltage before DC distribution panel Onsite Power Systems meeting duty cycle

Low voltage alarm requirements. Periodic testing Non-consequential

Capacity testing failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply EDAS-MS Fire

Thermal (A) None (A) None. Condition monitoring Acceptable g power to 125 runaway Fire detection system tinued) DC distribution

High resistance (B) Fire is (B) Results in a

Fire alarm (A)Batteries and chargers panel connection assumed to consequential Battery monitor are separated by fire (continued) destroy both failure(5)

Float current barriers and divisionally batteries resulting

Temperature monitoring separated.

in an EDAS-MS

Intercell/intertier A division of EDAS power subsystem resistance change is maintained no safety failure(5) Battery charger functions are impacted.

Temperature compensation The battery monitor detects a differential temperature between the negative post and ambient temperature.

Battery chargers are temperature compensated which removes the source of external power required to drive VRLA batteries into thermal runaway.

Battery open Positive plate (A) None (A) None. Condition monitoring Acceptable circuit corrosion Battery monitor (B) Single power (B) Affected

Low ICV channel does not separation channel

Low string voltage provide adequate DC-DC converters

Intercell resistance current and isolate on low change voltage. voltage.

Float current monitoring Non-consequential Non-consequential Periodic testing Onsite Power Systems failure(2) failure(2)

Capacity testing

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Battery open Thermal (A) None (A) None. Condition monitoring Acceptable g power to 125 circuit runaway Battery monitor tinued) DC distribution (continued) (B) Single power (B) Affected

Low ICV The battery monitor panel channel does not separation channel

Low string voltage detects a differential (continued) provide adequate DC-DC converters

Intercell resistance temperature between the current and isolate on low change negative post and ambient voltage. voltage.

Float current monitoring temperature.

Non-consequential Non-consequential

Temperature monitoring failure(2) failure(2) Periodic testing Battery chargers are

Capacity testing temperature compensated which removes the source of external power required to drive VRLA batteries into thermal runaway.

Intercell/intertier (A) None. (A) None. Condition monitoring Acceptable corrosion Battery monitor (B) Single power (B) Affected

Low ICV channel does not separation channel

Low string voltage provide adequate DC-DC converters

Intercell resistance current and isolate on low change voltage. voltage.

Float current monitoring Non-consequential Non-consequential Periodic testing failure(2) failure(2)

Capacity testing Grid, paste, strap (A) None (A) None. Condition monitoring Acceptable weld defect Battery monitor (B) Single power (B) Affected

Low ICV channel does not separation channel

Low string voltage provide adequate DC-DC converters

Intercell resistance current and isolate on low change Onsite Power Systems voltage. voltage.

Float current monitoring Non-consequential Non-consequential Periodic testing failure(2) failure(2)

Capacity testing

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1)

A battery

Backup supply Battery open Dryout (A) None (A) None. Condition monitoring Acceptable g power to 125 circuit Battery monitor tinued) DC distribution (continued) (B) Single power (B) Affected

Low ICV Severe dryout where the panel channel does not separation channel

Low string voltage glass mat separates from (continued) provide adequate DC-DC converters

Intercell resistance the active material can current and isolate on low change appear as an open circuit.

voltage. voltage.

Float current monitoring Non-consequential Non-consequential Periodic testing failure(2) failure(2)

Capacity testing distribution

Provides Short

Insulation (A) Loss of power (A) Affected Condition monitoring Acceptable el continuity breakdown channel. Upstream separation channel

Equipment loss between the

Foreign protective devices DC-DC converters indications EDAS sources material actuate. isolate on low Fire detection system and loads

Fire Non-consequential voltage.

Fire alarm

Provides for failure (2) Non-consequential Battery monitor indication of failure (2)

Low string voltage EDAS (B) Loss of power

Float current monitoring parameters channel. Upstream (B) Affected

Battery current protective devices separation channel DC distribution panel actuate. DC-DC converters

Low DC voltage Non-consequential isolate on low Battery charger (2) voltage.

Battery charger current failure Non-consequential

Charger trouble alarm failure(2)

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) distribution

Provides Open

Material defect (A) Loss of power (A) Affected Condition monitoring Acceptable el continuity

Fire channel separation channel Fire detection system tinued) between the Non-consequential DC-DC converters

Fire alarm EDAS sources failure(2) isolate on low Battery monitor and loads voltage.

Low string voltage

Provides for (B) Loss of power Non-consequential

Float current monitoring indication of channel failure(2) DC distribution panel EDAS Non-consequential

Low DC voltage parameters (B) Affected

Equipment loss failure(2)

(continued) separation channel indications DC-DC converters Battery charger isolate on low

Battery charger current voltage.

Charger trouble alarm Non-consequential failure(2)

EDAS-MS fire DC switchgear (A) Loss of division (A) DC-DC Condition monitoring Acceptable room fire power converter isolation Fire detection system Consequential devices disconnect

Fire alarm Fire assumed to destroy failure(5) the respective Battery monitor all divisional equipment in divisional loads.

Low string voltage the respective EDAS (B) Loss of division Consequential

Float current monitoring switchgear rooms.

power failure(5) DC distribution panel A division of EDAS power Consequential

Low DC voltage is maintained. No safety (B) DC-DC

Equipment loss functions are impacted.

failure(5) converter isolation indications devices disconnect the respective divisional loads.

Consequential Onsite Power Systems failure(5)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ed

Protective Open

Fuse failure (A) None (A) None Condition monitoring Acceptable onnect device that

Human error Battery monitor ch protects the (B) None (B) None

Low ICV Test disconnect only used ery to test battery and test

Lowe string voltage during maintenance load

Float current monitoring activates

Provides ability to connect the Interrupts capacity testing battery to a test load Closure of test disconnected is alarmed in the MCR.

Component misoperation Short circuit Material defect (A) None (A) None Condition monitoring Acceptable

/fuse fails to Battery monitor interrupt (B) None (B) None

Low string voltage Test disconnect only used

Float current during maintenance

Battery current activates Battery charger

Battery test disconnect Closure of test closed disconnected is alarmed in the MCR.

Component misoperation Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ery charger

Provides short Open

Device failure (A) Loss of charger (A) None Condition monitoring Acceptable DC circuit

Human error function

Equipment alarms ibution protection and (B) None Battery monitor Component misoperation el continuity from (B) None

Low float current ective the battery

Low string voltage Loads supplied by battery ces charger to the

Battery discharge DC switchgear Battery charger

Battery charger current

Battery charger output open DC distribution panel Local indications

Charger panel indications

DC distribution panel indications Fail to Device failure (A) Loss of charger (A) None Condition monitoring Acceptable interrupt function

Equipment alarms (B) None Battery monitor Upstream/downstream (B) None

Low float current device clears fault

Low string voltage Loads supplied by the

Battery discharge battery Battery charger Local indications

Charger panel indications

DC distribution panel indications Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ective

Provides short Open

Device failure (A) None (A) None Condition monitoring Acceptable ce circuit

Human error Battery monitor ery to DC protection and (B) Loss of power (B) Affected

Low ICV Component misoperation chgear continuity from channel separation channel

Low string voltage the battery to Non-consequential DC-DC converters

Float current monitoring Loads supplied by the the DC failure(2) isolate on low Battery charger battery charger distribution voltage.

Battery protective panel Non-consequential device open

Allows the failure(2) battery to be disconnected from the DC switchgear Fail to Material defect (A) Loss of power (A) Affected Condition monitoring Acceptable interrupt channel separation channel

Equipment alarms Non-consequential DC-DC converters Battery monitor failure(2) isolate on low

Low ICV voltage.

Low string voltage (B) Loss of power Non-consequential

Float current monitoring channel failure(2)

Non-consequential failure(2) (B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ective

Provides short Open

Material defect (A) Loss of a single (A) Loss of power Condition monitoring Acceptable ce circuit

Human error load to a single safety

Equipment alarms distribution protection and Non-consequential load Component misoperation el to continuity from failure(2) Non-consequential idual load the DC failure(2) Loss of power to a single switchgear to (B) Loss of a single safety load remaining the individual load (B) Loss of power channel/division loads are loads Non-consequential to a single safety still supplied

Allows the DC load failure(2) switchgear to Non-consequential be failure(2) disconnected from the Individual loads Fail to Material defect (A) Loss of power (A) Affected Condition monitoring Acceptable interrupt channel separation channel

Equipment alarms Non-consequential DC-DC converters failure(2) isolate on low voltage.

(B) Loss of power Non-consequential channel failure(2)

Non-consequential failure(2) (B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ductor

Conducts Short Cable or bus (A) Loss of power (A) Affected Condition monitoring Acceptable electrical failure channel separation channel

Equipment alarms power to Non-consequential DC-DC converters Bounded by DC respective failure(2) isolate on low switchgear failure EDAS loads voltage.

(B) Loss of power Non-consequential channel failure(2)

Non-consequential failure(2) (B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Open Cable or bus (A) Loss of power (A) Affected Condition monitoring Acceptable failure channel separation channel

Equipment alarms Non-consequential DC-DC converters Bounded by DC failure(2) isolate on low switchgear failure voltage.

(B) Loss of power Non-consequential channel failure(2)

Non-consequential failure(2) (B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential Onsite Power Systems failure(2)

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) er channel

Cross connects Inadvertent Human error (A) None (A) None Condition monitoring Acceptable reaker the A&C/B&D closure Battery monitor divisional (B) None (B) None

Erratic float current System misoperation power

Erratic ICV during maintenance channels in the Battery charger would require the manual event of a

Cross tie closed alarm closing of the cross tie charger failure Local indication breaker in two separate

Breaker position EDAS DC distribution panels

Administratively prohibited condition reduces reliability and may lead to non-equal load sharing. Long term reliability issue Fails to close Material defect (A) None (A) None Local indication Acceptable

Breaker manually operated Tie breaker is only closed (B) None (B) None

Local current and in condition A when a voltage indications power channel battery charger is out of service.

Battery assumes loads and begins to discharge.

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) er channel

Cross connects Fail to Material defect (A) Loss of power A) Affected Condition monitoring Acceptable reaker the A&C/B&D interrupt channel separation channel

Equipment alarms tinued) divisional Non-consequential DC-DC converters Worse case fault is the power failure(2) isolate on low cable between the DC channels in the voltage. distribution panels.

event of a (B) Loss of power Non-consequential charger failure channel failure (Sec. Acceptable (continued) Non-consequential 2.5.3.2)

Redundant device isolates failure(2)

(B) Affected the fault.

separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Onsite Power Systems

Scale Final Safety Analysis Report mponent Function Failure Mode Failure Effect on Effect on Method of Failure Remarks ntification Mechanism EDAS(1)(3)(4) Interfacing Safety Detection Systems(1) ation

Indicates Fails short Material defect (A) None (A) None Local indication Acceptable status of the

Loss of indication various (B) None (B) None Indication device components. protective fusing opens Examples preventing control power include status fuses from opening.

lights and meters A) indicates condition A where normal EDAS or BPSS AC power supply available. (B) indicates condition B loss of all AC.

on-consequential failures are defined as either: (1) a loss of a single EDAS-MS power channel, which does not result in a production loss (reactor trip),

advertent ECCS actuation, or loss of PAM monitoring capability or (2) a loss of an EDAS-C division, which does not result in a production or asset loss.

ny condition in which the EDAS cannot provide adequate current and voltage to the load side terminals of the branch circuit interrupting device is considered a hannel/divisional failure. This specifically implies current and voltage conditions that causes the DC-DC converter Class 1E isolation to disconnect their safety ads from the EDAS.

ny condition in which adequate current and voltage cannot be provided for the design duty cycle is considered a channel/divisional failure. This is a result of a ondition that directly or indirectly reduces the capacity of the associated power channel/division battery string.

onsequential failures are defined as either an EDAS-MS or EDAS-C subsystem functional failure. The following occurrences and consequences describe onsequential failures:

Any failure of any two power channels of a module's EDAS-MS

- Reactor trip and ECCS actuation Any divisional failure of a module's EDAS-MS

- Reactor trip and ECCS actuation A failure of a module's EDAS-MS B and C power channels

- Reactor trip, ECCS actuation, and a loss of MPS PAM monitoring capability A failure of both EDAS-C divisions

- Loss of PPS, MCR lighting, and SDIS Onsite Power Systems

Scale Final Safety Analysis Report SSC (Note 1) Location SSC Augmented Design Quality Group/Safety Seismic Classification Classification Requirements Classification (Ref. (Ref. RG 1.29 or RG (A1, A2, B1, B2) (Note 2) RG 1.26 or RG 1.143) 1.143) (Note 4)

(Note 3)

BPSS, Backup Power Supply System omponents All buildings B2 None N/A III EDAS, Augmented DC Power omponents (except as listed below): RXB/CRB B2 None N/A II S-C, Division I & II: CRB B2

GDC 2 N/A I ttery

Environmentally qualified

GDC 4

Module specific SSC not shared between modules per GDC 5

RG 1.189

RG 1.75 (Note 6)

S-C, Division I & II: RXB B2

GDC 2 N/A I distribution panel (including associated

GDC 4 eakers)

Module specific SSC not shared between modules per GDC 5

RG 1.189

RG 1.75 (Note 6)

Onsite Power Systems

Scale Final Safety Analysis Report SSC (Note 1) Location SSC Augmented Design Quality Group/Safety Seismic Classification Classification Requirements Classification (Ref. (Ref. RG 1.29 or RG (A1, A2, B1, B2) (Note 2) RG 1.26 or RG 1.143) 1.143) (Note 4)

(Note 3)

S-MS All channels Division I & II: RXB B2

Environmental N/A I ttery Qualification

GDC 2

GDC 4

Module specific SSC not shared between modules per GDC 5

RG 1.189

RG 1.75 (Note 6)

Electrical SSC supporting prevention of unintended ECCS valve actuation shall be separated into two redundant load groups (Note 6)

RG 1.53 (Note 6)

S-MS All channels Division I & II: RXB B2

GDC 2 N/A I distribution panel (including associated

GDC 4 eakers)

Module specific SSC not shared between modules per GDC 5

RG 1.189

RG 1.75 (Note 6)

Electrical SSC supporting prevention of unintended ECCS valve actuation shall be separated into two Onsite Power Systems redundant load groups (Note 6)

RG 1.53 (Note 6)

EHVS, High Voltage AC Electrical Distribution System omponents Yard B2 None N/A III EMVS, Medium Voltage AC Electrical Distribution System omponents Yard B2 None N/A III

Scale Final Safety Analysis Report SSC (Note 1) Location SSC Augmented Design Quality Group/Safety Seismic Classification Classification Requirements Classification (Ref. (Ref. RG 1.29 or RG (A1, A2, B1, B2) (Note 2) RG 1.26 or RG 1.143) 1.143) (Note 4)

(Note 3)

ELVS, Low Voltage AC Electrical Distribution System omponents (except as listed below): All buildings B2 None N/A III motor control center 111 & 211 CRB B2 None N/A II motor control center 11 & 21 RXB B2 None N/A II EDNS, Normal DC Power System omponents Yard/TGB B2 None N/A III 1: Acronyms used in this table are listed in Table 1.1-1 2: Additional augmented design requirements, such as the application of a Quality Group, Radwaste safety, or seismic classification, to nonsafety-related SSC are reflected in the columns Quality Group / Safety Classification and Seismic Classification, where applicable. Environmental Qualifications of SSC are identified in Table 3.11-1.

3: Section 3.2.2.1 through Section 3.2.2.4 provides the applicable codes and standards for each RG 1.26 Quality Group designation (A, B, C, and D). A Quality Group classification per RG 1.26 is not applicable to supports or instrumentation. Section 3.2.1.4 provides a description of RG 1.143 classification for RW-IIa, RW-IIb, and RW-IIc.

4: Where SSC (or portions thereof) as determined in the as-built plant that are identified as Seismic Category III in this table could, as the result of a seismic event, adversely affect Seismic Category I SSC or result in incapacitating injury to occupants of the control room, they are categorized as Seismic Category II consistent with Section 3.2.1.2 and analyzed as described in Section 3.7.3.8.

5: IEEE Std 4.97-2016 as endorsed by RG 1.97 and implemented as described in Table 1.9-2 6: Augmented design requirements for Physical Independence of Electrical Systems implemented in accordance with RG 1.75, Application of the Single-Failure Criterion to safety systems implemented in accordance with RG 1.53 and electrical SSC that support the prevention of unintended ECCS valve actuation shall be separated into two redundant load groups are applied at a system level.

Onsite Power Systems

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-1: High Voltage Alternating Current Electrical Distribution System NuScale US460 SDAA 8.3-39 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-2a: Medium Voltage Alternating Current Electrical Distribution System (Common Portion)

Note: Figure depicts a 6-module plant NuScale US460 SDAA 8.3-40 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-2b: Medium Voltage Alternating Current Electrical Distribution System (Module-Specific Portion)

Note: Figure depicts a 2-module plant NuScale US460 SDAA 8.3-41 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-3: Augmented Direct Current Power System (Common)

NOTES:

ED$S-C EQUIPMENT IS LOCATED IN THE CRB.

REFER TO FIGURE 1.7-1 FOR SYMBOL LEGEND AND GENERAL NOTES.

DIVISION I BATTERY MCC DIVISION I STANDBY MCC DIVISION II BATTERY MCC DIVISION II STANDBY MCC DIVISION I BATTERY CHARGER BATTERY CHARGER DIVISION II BATTERY CHARGER BATTERY CHARGER TI TI DIVISION I BATTERY MONITOR A V TI V DIVISION II BATTERY MONITOR A V TI V AC INPUT BREAKER N.O. AC INPUT BREAKER AC INPUT BREAKER N.O. AC INPUT BREAKER BMS TI BMS TI V V A A A A V V V V DC OUTPUT BREAKER N.O. DC OUTPUT BREAKER DC OUTPUT BREAKER N.O. DC OUTPUT BREAKER DIVISION I BATTERY TEST DISCONNECT DIVISION II BATTERY TEST DISCONNECT BATTERY TEST BATTERY TEST TERMINAL TERMINAL N.O. N.O.

DIVISION II DC DISTRIBUTION PANEL DIVISION I DC DISTRIBUTION PANEL DIVISION II MULTIFUNCTION RELAY DIVISION I MULTIFUNCTION RELAY DIVISION I DIVISION I BATTERY V 64 27 DIVISION II DIVISION II BATTERY V 64 27 BATTERY BREAKER CHARGER BREAKER BATTERY BREAKER CHARGER BREAKER DIVISION I STANDBY DIVISION II STANDBY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY N.O. BATTERY CHARGER N.O. BATTERY CHARGER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER TO DIVISION I TO DIVISION I TO DIVISION I TO DIVISION I TO DIVISION I TO DIVISION II TO DIVISION II TO DIVISION II TO DIVISION II TO DIVISION II PPS CABINET PPS LOADS POWER SDI CHASSIS POWER SDI DISPLAY PANELS MCR LIGHTING PPS CABINET PPS LOADS POWER SDI CHASSIS POWER SDI DISPLAY PANELS MCR LIGHTING NuScale US460 SDAA 8.3-42 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-4a: Augmented Direct Current Power System (Module Specific)

NOTES EDA-MS DIVISION I POWER CHANNELS A AND C THIS DRAWING IS TYPICAL FOR ALL MODULES.

REFER TO FIGURE 1.7-1 FOR SYMBOL LEGEND AND GENERAL NOTES.

BATTERY MCC BATTERY MCC BATTERY CHARGER BATTERY CHARGER TI TI EDA POWER CHANNEL A EDA POWER CHANNEL C BATTERY MONITOR A V TI 125 VDC BATTERY MONITOR A V TI 125 VDC AC INPUT BREAKER AC INPUT BREAKER BMS 60 CELLS BMS 60 CELLS 3 3 V 480 VAC INPUT V 480 VAC INPUT 125 VDC OUTPUT 125 VDC OUTPUT A A V V DC OUTPUT BREAKER DC OUTPUT BREAKER BATTERY TEST DISCONNECT BATTERY TEST DISCONNECT BATTERY TEST BATTERY TEST TERMINAL TERMINAL N.O. N.O.

BATTERY BATTERY TEST DS TEST DS DC DISTRIBUTION PANEL DC DISTRIBUTION PANEL MULTIFUNCTION RELAY MULTIFUNCTION RELAY BATTERY BREAKER BATTERY CHARGER V 64 27 V 64 27 BATTERY BREAKER BATTERY CHARGER BREAKER BREAKER N.O. N.O.

CROSS TIE POWER CHANNEL SUPPLY SUPPLY SUPPLY SUPPLY BREAKER A TIE CONNECTION CROSS TIE SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY BREAKER BREAKER BREAKER BREAKER BREAKER C BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER NS CLASSBREAK S

TO SEPARATION TO DIVISION I TO DIVISION I MPS TO SEPARATION TO SEPARATION TO DIVISION I TO DIVISION I TO SEPARATION TO SEPARATION TO DIVISION I GROUP A MPS LOGIC LOADS POWER GROUP A NMS GROUP C MPS LOGIC LOADS POWER GROUP C NMS GROUP C NMS BIOSHIELD RADIATION MPS LOGIC CABINET CLASS 1E DISTRIBUTION CLASS 1E MPS LOGIC CABINET CLASS 1E DISTRIBUTION CLASS 1E FLOOD CLASS 1E MONITOR C CABINET CLASS 1E ISOLATION DEVICE CLASS 1E ISOLATION DEVICE CABINET CLASS 1E ISOLATION DEVICE CLASS 1E ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE NuScale US460 SDAA 8.3-43 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-4b: Augmented Direct Current Power System (Module Specific)

EDA-MS DIVISION II POWER CHANNELS B AND D BATTERY MCC BATTERY MCC BATTERY CHARGER BATTERY CHARGER TI TI EDA POWER CHANNEL D EDA POWER CHANNEL B BATTERY MONITOR A V TI 125 VDC A V TI 125 VDC AC INPUT BREAKER BATTERY MONITOR AC INPUT BREAKER BMS 60 CELLS BMS 60 CELLS 3 3 V 480 VAC INPUT V 480 VAC INPUT 125 VDC OUTPUT 125 VDC OUTPUT A A V V DC OUTPUT BREAKER DC OUTPUT BREAKER BATTERY TEST DISCONNECT BATTERY TEST DISCONNECT BATTERY TEST BATTERY TEST TERMINAL TERMINAL N.O. N.O.

BATTERY BATTERY TEST DS TEST DS DC DISTRIBUTION PANEL DC DISTRIBUTION PANEL MULTIFUNCTION RELAY MULTIFUNCTION RELAY BATTERY BREAKER BATTERY CHARGER A 64 27 A 64 27 BATTERY CHARGER BATTERY BREAKER BREAKER BREAKER N.O. N.O.

CROSS TIE POWER CHANNEL SUPPLY CROSS TIE SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY SUPPLY BREAKER D TIE CONNECTION BREAKER BREAKER B BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER BREAKER NS CLASSBREAK S

TO SEPARATION TO DIVISION II TO DIVISION II MPS TO SEPARATION TO SEPARATION TO DIVISION II TO DIVISION II MPS TO SEPARATION TO SEPARATION TO DIVISION II GROUP D MPS LOGIC LOADS POWER GROUP D NMS GROUP B MPS LOGIC LOADS POWER GROUP B NMS GROUP B NMS BIOSHIELD RADIATION MPS LOGIC CABINET CLASS 1E DISTRIBUTION CLASS 1E MPS LOGIC CABINET CLASS 1E DISTRIBUTION CLASS 1E FLOOD CLASS 1E MONITOR B CABINET CLASS 1E ISOLATION DEVICE CLASS 1E ISOLATION DEVICE CABINET CLASS 1E ISOLATION DEVICE CLASS 1E ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE ISOLATION DEVICE THIS DRAWING IS TYPICAL FOR ALL MODULES.

NuScale US460 SDAA 8.3-44 Revision 1

NuScale Final Safety Analysis Report Onsite Power Systems Figure 8.3-5: Normal Direct Current Power System NuScale US460 SDAA 8.3-45 Revision 1

A station blackout (SBO) is a complete loss of offsite and onsite alternating current (AC) power concurrent with a turbine trip and the unavailability of onsite emergency AC power.

As described in Section 8.3, the NuScale Power Module (NPM) design does not rely on onsite or offsite AC power for the performance of safety-related functions during a design basis event. As a result, emergency onsite AC power is not included in the design.

The SBO duration for passive plant designs is 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months pursuant to Nuclear Regulatory Commission policy provided by SECY-94-084 and SECY-95-132 and the associated staff requirements memoranda. Passive plants are required to demonstrate safety-related functions can be performed without reliance on AC power for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months after the initiating event.

1 Station Blackout Analysis and Results The SBO does not pose a significant challenge to the plant, which does not rely on AC power for performing safety functions. A safe and stable shutdown is automatically achieved and maintained for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months without operator actions. The anticipated operational occurrence and long-term cooling acceptance criteria applied in the analyses presented in Chapter 15 demonstrate the acceptance criteria of 10 CFR 50.63 are met. The short-term NPM response to the SBO event is bounded by the transient results presented in Section 15.2.6. The transition to emergency core cooling system and long-term cooling in the SBO event is bounded by the long-term cooling analyses described in Section 15.0. As discussed in Section 9.2.5, the ultimate heat sink is capable of passive cooling for all modules for 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months under accident conditions, which is bounding for the SBO event. For the SBO event, the emergency core cooling system actuates as designed, with no single failure. The water level in the reactor pressure vessel remains stable above the top of the active fuel.

2 Station Blackout Coping Equipment Assessment The equipment described in Sections 9.2.5, 15.0, and 15.2.6, which is relied upon to meet 10 CFR 50.63, is passive, safety-related, and environmentally qualified. Design bases accident conditions bound the SBO environment.

The control room remains habitable for the duration of the SBO event using the control room habitability system. The control room instrumentation to monitor the event mitigation and confirm the status of reactor cooling, reactor integrity, and containment integrity remains available. The control room habitability system is described in Section 6.4.

3 Station Blackout Procedures and Training Training and procedures to mitigate an SBO event are implemented in accordance with Section 13.2 and Section 13.5. The SBO mitigation procedures address SBO response (e.g., restoration of onsite standby power sources), AC power restoration (e.g., coordination with transmission system load dispatcher), and severe weather guidance (e.g., identification of site-specific actions to prepare for the onset of severe cale US460 SDAA 8.4-1 Revision 1

system (if provided) or the backup power supply system, which are described in Section 8.2 and Section 8.3.

cale US460 SDAA 8.4-2 Revision 1

ML23304A354

Text

Navigation menu

Search