ML23304A354

From kanterella
Jump to navigation Jump to search
LLC Revision 1 to Standard Design Approval Application, Part 2, Chapter 8, Electrical Power
ML23304A354
Person / Time
Site: 05200050
Issue date: 10/31/2023
From:
NuScale
To:
Office of Nuclear Reactor Regulation
Shared Package
ML23306A033 List: ... further results
References
LO-151262
Download: ML23304A354 (1)
v  d  e


Text

NuScale US460 Plant Standard Design Approval Application Chapter Eight Electric Power Final Safety Analysis Report Revision 1

©2023, NuScale Power LLC. All Rights Reserved

COPYRIGHT NOTICE This document bears a NuScale Power, LLC, copyright notice. No right to disclose, use, or copy any of the information in this document, other than by the U.S. Nuclear Regulatory Commission (NRC), is authorized without the express, written permission of NuScale Power, LLC.

The NRC is permitted to make the number of copies of the information contained in these reports needed for its internal use in connection with generic and plant-specific reviews and approvals, as well as the issuance, denial, amendment, transfer, renewal, modification, suspension, revocation, or violation of a license, permit, order, or regulation subject to the requirements of 10 CFR 2.390 regarding restrictions on public disclosure to the extent such information has been identified as proprietary by NuScale Power, LLC, copyright protection notwithstanding.

Regarding nonproprietary versions of these reports, the NRC is permitted to make the number of additional copies necessary to provide copies for public viewing in appropriate docket files in public document rooms in Washington, DC, and elsewhere as may be required by NRC regulations. Copies made by the NRC must include this copyright notice in all instances and the proprietary notice if the original was identified as proprietary.

TABLE OF CONTENTS NuScale Final Safety Analysis Report Table of Contents NuScale US460 SDAA i

Revision 1 CHAPTER 8 ELECTRIC POWER....................................... 8.1-1 8.1 Introduction.................................................... 8.1-1 8.1.1 Utility Power Grid and Offsite Power System Description............ 8.1-1 8.1.2 Onsite Power Systems Description............................. 8.1-1 8.1.3 Design Bases.............................................. 8.1-2 8.2 Offsite Power System............................................ 8.2-1 8.2.1 Description................................................ 8.2-1 8.2.2 Analysis.................................................. 8.2-1 8.3 Onsite Power Systems........................................... 8.3-1 8.3.1 Alternating Current Power Systems............................. 8.3-1 8.3.2 Direct Current Power Systems................................. 8.3-4 8.3.3 References............................................... 8.3-11 8.4 Station Blackout................................................. 8.4-1 8.4.1 Station Blackout Analysis and Results........................... 8.4-1 8.4.2 Station Blackout Coping Equipment Assessment.................. 8.4-1 8.4.3 Station Blackout Procedures and Training........................ 8.4-1

LIST OF TABLES NuScale Final Safety Analysis Report List of Tables NuScale US460 SDAA ii Revision 1 Table 8.1-1:

Acceptance Criteria and Guidelines for Electric Power Systems......... 8.1-5 Table 8.3-1:

Augmented Direct Current Power System Failure Modes and Effects Analysis............................................. 8.3-13 Table 8.3-2:

Classification of Structures, Systems, and Components.............. 8.3-36

LIST OF FIGURES NuScale Final Safety Analysis Report List of Figures NuScale US460 SDAA iii Revision 1 Figure 8.3-1:

High Voltage Alternating Current Electrical Distribution System........ 8.3-39 Figure 8.3-2a: Medium Voltage Alternating Current Electrical Distribution System (Common Portion)........................................... 8.3-40 Figure 8.3-2b: Medium Voltage Alternating Current Electrical Distribution System (Module-Specific Portion)...................................... 8.3-41 Figure 8.3-3:

Augmented Direct Current Power System (Common)................ 8.3-42 Figure 8.3-4a: Augmented Direct Current Power System (Module Specific).......... 8.3-43 Figure 8.3-4b: Augmented Direct Current Power System (Module Specific).......... 8.3-44 Figure 8.3-5:

Normal Direct Current Power System............................ 8.3-45

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-1 Revision 1 CHAPTER 8 ELECTRIC POWER 8.1 Introduction 8.1.1 Utility Power Grid and Offsite Power System Description For the NuScale Power Plant US460 standard design, the offsite power system includes one or more connections to a transmission grid, micro-grid, or dedicated service load. The interface between the onsite alternating current (AC) power system and the offsite power system is at the point of common coupling where the plant switchyard and utility grid conductors are connected.

The NuScale Power Plant design does not depend on onsite or offsite AC electrical power, including that from the transmission grid, for safe operation. Therefore, the availability of AC electrical power from an offsite power source does not impact the ability to achieve and maintain safety-related functions. A loss of voltage, degraded voltage condition, or other electrical transient on the nonsafety-related AC power systems does not have an adverse effect on the ability to achieve and maintain safe-shutdown conditions.

The design supports an exemption from General Design Criteria (GDC) 17 and 18.

As described in Section 8.3, the normal source of electrical power to the plant electrical loads is provided by the operating power module main generators rather than from an offsite transmission grid connection.

8.1.2 Onsite Power Systems Description Onsite electrical power systems include the:

high voltage AC electrical distribution system (EHVS) medium voltage AC electrical distribution system (EMVS) low voltage AC electrical distribution system (ELVS) augmented direct current (DC) power system (EDAS) normal DC power system (EDNS) backup power supply system (BPSS)

Onsite electrical power systems are nonsafety-related and non-Class 1E.

Section 8.3 provides more detail on the onsite power systems.

Although BPSS capability is included, non-reliance on AC power eliminates the need for an alternate AC power source to meet the station blackout (SBO) coping requirements. An evaluation of SBO is provided in Section 8.4.

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-2 Revision 1 8.1.3 Design Bases Safety-related loads do not rely on AC or DC power systems to perform their associated safety functions. Operator action is not relied upon to achieve and maintain safe shutdown. Safety-related systems do not require onsite or offsite power systems to actuate, and their continued operation relies on natural mechanisms based on fundamental physical and thermodynamic principles (e.g., gravity; natural circulation; convective, radiative, and conductive heat transfer; condensation; and evaporation).

A loss of voltage or degraded voltage condition on the electrical power systems does not adversely affect the performance of plant safety-related functions.

The design does not include Class 1E AC or DC power systems as defined in Institute of Electrical and Electronics Engineers (IEEE) Std. 308-2001.

The design uses the EDAS to support post-accident monitoring and to preclude inadvertent emergency core cooling system actuation. Section 8.3.2 contains additional information on the EDAS design. Refer to Chapter 15 for additional information on the consideration of EDAS unavailability in the plant safety analyses.

8.1.3.1 Offsite Power System The design bases for the offsite power system, if provided, are site-specific and are described in Section 8.2.

8.1.3.2 Onsite Power Systems The EDAS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The EDAS is designed to support important plant loads, as described in Section 8.3.2.

The EDNS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The EDNS batteries are designed to provide DC power and AC power (via inverters) after a loss of power to the battery chargers, after which the on-site standby power sources restore AC power to the EDNS battery chargers.

The EHVS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. It is designed with the capability for operation in island mode (Section 8.3.1). The EHVS equipment is physically separated from safety related circuits and is not located near safety-related components.

The EMVS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant. The circuits are physically separated from safety circuits throughout the plant, and EMVS equipment is not located near safety-related components.

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-3 Revision 1 The ELVS is designed as a non-Class 1E system. Its functions are nonsafety-related and not risk-significant.

The BPSS is designed to provide electrical power to the plant when AC power is not available. The BPSS is a non-Class 1E system. Its functions are non-safety related and not risk-significant. The backup diesel generators are designed to automatically start on a loss of plant switchyard power and to be manually connected to provide backup AC power to the affected loads.

8.1.3.3 Regulatory Requirements and Guidance Table 8.1-1 summarizes the extent to which the design of the electric power systems conforms to relevant Nuclear Regulatory Commission requirements and guidance. Conformance with regulatory criteria and general design criteria is summarized in Section 1.9 and Section 3.1, respectively. Electrical systems are designed in accordance with the requirements and guidance with exceptions or clarifications noted below.

Electrical systems conform to GDC 2, GDC 4, and GDC 5 to the extent described in Section 8.3.1 and Section 8.3.2. As described in Section 3.1, the design supports an exemption from GDC 17, GDC 18, and GDC 33.

Compliance with principal design criteria in lieu of GDC 34, 35, 38, 41, and 44 is described in Section 3.1.4. The principal design criteria do not include requirements for electric power systems.

The electrical penetration assembly design conforms to GDC 50.

Section 8.3.1 addresses the electrical penetration assembly electrical design requirements. Section 3.8.2 and Section 6.2.1 address the mechanical integrity requirements of GDC 50.

The design does not rely on pressurizer heaters to establish and maintain natural circulation in shutdown conditions. Accordingly, the design supports an exemption from the 10 CFR 50.34(f)(2)(xiii) (TMI Item II.E.3.1) requirement to provide pressurizer heater power supply and associated motive and control power interfaces to establish and maintain natural circulation in shutdown conditions.

The design does not include pressurizer relief valves or pressurizer relief block valves. Therefore, 10 CFR 50.34(f)(2)(xx) (TMI Item II.G.1) requirements to provide emergency power sources and qualified motive and control power connections for such valves are not technically relevant. The design supports an exemption from the portions of the rule that require vital power buses for pressurizer level indicators.

NuScale electrical systems are not protection systems and do not perform safety-related functions; therefore, these systems are not required to conform to 10 CFR 50.55a(h).

The design conforms to the requirements of 10 CFR 50.63 for a light water reactor to have the capability to withstand an SBO for a specified duration and recover from an SBO as defined in 10 CFR 50.2. Additional details regarding conformance with 10 CFR 50.63 are described in Section 8.4.

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-4 Revision 1 NUREG-0737 includes guidance related to TMI Item II.E.3.1 (codified in 10 CFR 50.34(f)(2)(xiii)), and TMI Item II.G.1 (codified in 10 CFR 50.34(f)(2)(xx)). As described above, the NuScale design supports exemptions from portions of these regulations and other portions are not technically relevant. Therefore, the associated guidance of NUREG-0737 is not applicable to the NuScale design.

Portions of NUREG/CR-0660 relevant to the NuScale electrical systems are considered as reference only, consistent with NuScale DSRS Section 8.1.

Conformance with TMI items, including those addressed in this NUREG, is described in Section 1.9.

SECY-90-016 pertains to evolutionary advanced light water reactor (ALWR) designs and is not directly applicable to passive plant designs. As a passive ALWR design, the NuScale electrical system design conforms to the passive plant guidance of SECY-94-084, Section F.

SECY-91-078 pertains to evolutionary ALWR designs and is not directly applicable to passive plant designs. As a passive ALWR design, the NuScale electrical system design conforms to the passive plant guidance of SECY-94-084, Section G.

The evaluation of NuScale electrical systems under the regulatory treatment of nonsafety systems (RTNSS) process is described in Section 19.3.

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-5 Revision 1 Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

1. 10 CFR 50, Appendix A, General Design Criteria for Nuclear Plants
a. GDC 2 Design bases for protection against natural phenomena A

A

b. GDC 4 Environmental and dynamic effects design bases A

A

c. GDC 5 Sharing of structures, systems, and components A

A

d. GDC 17 Electric power systems The NuScale design supports an exemption from GDC 17.
e. GDC 18 Inspection and testing of electric power systems The NuScale design supports an exemption from GDC 18.
f. GDC 33 Reactor coolant makeup The NuScale design supports an exemption from GDC 33.
g. GDCs 34, 35, 38, 41, 44 Residual heat removal, emergency core cooling, containment heat removal, containment atmosphere cleanup, cooling water The plant design complies with a set of principal design in lieu of these GDC, as described in Section 3.1.4.
h. GDC 50 Containment design basis A

A The electrical design requirements for electrical penetration assemblies are included in Section 8.3.

2. Regulations (10 CFR 50 and 10 CFR 52)
a. 10 CFR 50.34 Contents of applications; technical information
i. 10 CFR 50.34(f)(2)(v)

Additional Three Mile Island (TMI)-related requirements (Item I.D.3)

This requirement is not applicable to the NuScale electric power systems, which are not safety-related.

ii. 10 CFR 50.34(f)(2)(xiii)

Additional TMI-related requirements (Item II.E.3.1)

The NuScale design supports an exemption from 10 CFR 50.34(f)(2)(xiii).

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-6 Revision 1 iii. 10 CFR 50.34(f)(2)(xx)

Additional TMI-related requirements (Item II.G.1)

The NuScale design does not include pressurizer relief valves or block valves, and the the design supports an exemption from the pressurizer level indicator portion of 10 CFR 50.34(f)(2)(xx).

b. 10 CFR 50.55a(h)

Codes and standards NuScale electrical systems are not protection systems and do not perform safety-related functions.

c. 10 CFR 50.63 Loss of all alternating current power G

A

d. 10 CFR 50.65(a)(4)

Requirements for monitoring the effectiveness of maintenance at nuclear power plants See Section 17.6.

e. 10 CFR 52.47(b)(1)

Contents of applications; technical information

f. 10 CFR 52.80(a)

Contents of applications; additional technical information N/A, this rule pertains to applications referencing an early site permit or a standard design certification.

3. Regulatory Guides (RGs)
a. Regulatory Guide 1.6 - March 1971 Safety Guide 6 - Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems
b. Regulatory Guide 1.32 - Revision 3, March 2004 Criteria for Power Systems for Nuclear Power Plants
c. Regulatory Guide 1.41 - March 1973 Preoperational Testing of Redundant Onsite Electric Power Systems to Verify Proper Load Group Assignments Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems (Continued)

Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-7 Revision 1

d. Regulatory Guide 1.47 - Revision 1, February 2010 Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems This guidance does not apply to the NuScale electric power systems that are not safety-related.
e. Regulatory Guide 1.53 - Revision 2, November 2003 Application of the Single-Failure Criterion to Safety Systems
f. Regulatory Guide 1.63 - Revision 3, February 1987 Electric Penetration Assemblies in Containment Structures for Nuclear Power Plants G

G The electrical design requirements for electrical penetration assemblies with respect to RG 1.63 are included in Section 8.3.

g. Regulatory Guide 1.68 - Revision 4, June 2013 Initial Test Programs for Water-Cooled Nuclear Power Plants G

G G

Section 14.2

h. Regulatory Guide 1.75 - Revision 3, February 2005 Criteria for Independence of Electrical Safety Systems As it relates to the EDAS; Section 8.3.2
i. Regulatory Guide 1.81 - Revision 1, January 1975 Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants
j. Regulatory Guide 1.106 - Revision 2, February 2012 Thermal Overload Protection for Electric Motors on Motor-Operated Valves Not applicable; the design does not include safety-related MOVs
k. Regulatory Guide 1.118 - Revision 3, April 1995 Periodic Testing of Electric Power and Protection Systems
l. Regulatory Guide 1.128 Revision 2, February 2007 Installation Design and Installation of Vented Lead-Acid Storage Batteries for Nuclear Power Plants Vented lead-acid batteries are not included in the design.

m.Regulatory Guide 1.129 - Revision 3, September 2013 Maintenance, Testing, and Replacement of Vented Lead-Acid Storage Batteries for Nuclear Power Plants Vented lead-acid batteries are not included in the design.

n. Regulatory Guide 1.153 - Revision 1, June 1996 Criteria for Safety Systems Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems (Continued)

Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-8 Revision 1

o. Regulatory Guide 1.155 - August 1988 Station Blackout G

Compliance with 10 CFR 50.63 is shown without use of the RG

p. Regulatory Guide 1.160 - Revision 3, May 2012 Monitoring the Effectiveness of Maintenance at Nuclear Power Plants
q. Regulatory Guide 1.204 - November 2005 Guidelines for Lightning Protection of Nuclear Power Plants GDC 2 discussions in Section 8.3.1 and Section 8.3.2.
r. Regulatory Guide 1.206 - June 2007 Combined License Applications for Nuclear Power Plants (LWR Edition)
s. Regulatory Guide 1.212 - Revision 1, April 2015 Sizing of Large Lead-Acid Storage Batteries Regulatory Guide 1.212 is written in the context of a safety-related standby battery system, and endorses IEEE Std. 485-2010.

This RG and standard are not applicable to the nonsafety-related EDNS and EDAS. The EDNS and EDAS batteries are sized in accordance with IEEE Std. 485-2020.

t. Regulatory Guide 1.218 - April 2012 Condition-Monitoring Techniques for Electric Cables Used in Nuclear Power Plants Limited to cables determined to be within the scope of 10 CFR 50.65
4. Branch Technical Positions (BTPs)
a. SRP BTP 8-1 Requirements on Motor-Operated Valves in the ECCS Accumulator Lines Not applicable; the design does not include safety-related MOVs or ECCS accumulator lines.
b. SRP BTP 8-2 Use of Onsite AC Power Sources for Peaking The design does not rely on AC power sources for the performance of safety-related functions, therefore the guidance of BTP 8-2 need not be applied.
c. SRP BTP 8-3 Stability of Offsite Power Systems G

Section 8.2 Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems (Continued)

Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-9 Revision 1

d. SRP BTP 8-4 Application of the Single Failure Criterion to Manually-Controlled Electrically-Operated Valves
e. SRP BTP 8-5 Supplemental Guidance for Bypass and Inoperable Status Indication for Engineered Safety Features Systems This BTP does not apply to NuScale electric power systems as these systems are not engineered safety features and are not relied on to support engineered safety features.
f. SRP BTP 8-6 Adequacy of Station Electric Distribution System Voltages
g. SRP BTP 8-7 Criteria for Alarms and Indications Associated with Diesel-Generator Unit Bypassed and Inoperable Status Not applicable; no Class 1E emergency diesel generators
h. SRP BTP 8-8 Onsite (emergency diesel generators) and offsite power sources allowed outage time extensions Not applicable; with non-reliance on AC power, no technical specification operating restrictions for inoperable AC power sources
i. SRP BTP 8-9 Open Phase Conditions in Electric Power System Not applicable; see Table 1.9-3
5. NUREG Reports
a. NUREG-0737 Clarification of TMI Action Plan Requirements Section 8.1.3.3
b. NUREG/CR-0660 Enhancement of Onsite Diesel Generator Reliability G

Reference only

6. Commission Papers (SECYs)
a. SECY-90-016 Evolutionary Light Water Reactor Certification Issues and their Relationships to Current Regulatory Requirements, 1990 Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems (Continued)

Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

NuScale Final Safety Analysis Report Introduction NuScale US460 SDAA 8.1-10 Revision 1

b. SECY-91-078 Electric Power Research Institute Requirements Document and Additional Evolutionary Light Water Reactor (LWR) Certification Issues, 1991
c. SECY-94-084 Policy and Technical Issues Associated with the RTNSS in Passive Plant Designs, 1994 G

G G

G Used as guidance as described in Section 8.1.3.3

d. SECY-95-132 Policy and Technical Issues Associated with the RTNSS in Passive Plant Designs, 1995 G

G G

G Used as guidance as described in Section 8.1.3.3

7. NRC Bulletins
a. NRC Bulletin 2012-01 (July 2012)

Design Vulnerability in Electric Power System G

Section 8.2.

1."A" denotes acceptance criteria and "G" denotes guidance that is either partially or fully applied in the design of NuScale electrical systems. No letter denotes "Not Applicable."

Table 8.1-1: Acceptance Criteria and Guidelines for Electric Power Systems (Continued)

Criteria Title Applicable Section (Note 1)

Remarks 8.2 Offsite Power System 8.3.1 Onsite AC Power System 8.3.2 Onsite DC Power System 8.4 Station Blackout

NuScale Final Safety Analysis Report Offsite Power System NuScale US460 SDAA 8.2-1 Revision 1 8.2 Offsite Power System 8.2.1 Description The offsite power system includes connections to a transmission grid, micro-grid, or dedicated service load. The boundary between the onsite alternating current (AC) power system and the offsite power system is at the point of common coupling where the plant switchyard and utility grid conductors are connected. The switchyard is part of the high voltage AC electrical distribution system (Section 8.3.1).

The passive design of the plant does not rely on AC power and does not require an offsite power system to perform safety-related or risk-significant functions.

Accordingly, the NuScale design supports an exemption from GDC 17 and GDC 18.

Therefore, this section provides the relevant regulatory framework, but the acceptance criteria within the Design Specific Review Standard are not applicable to the NuScale design as there are no Class 1E power distribution systems.

During normal operations with at least one NuScale Power Module operating, the associated turbine generator is the source of power to the onsite AC power system as described in Section 8.3.1. A single turbine generator has sufficient capacity to meet the maximum expected total auxiliary AC load requirements for up to six NuScale Power Modules such that excess power is supplied to the offsite power system if one or more turbine generators are operating.

If provided, offsite power is the primary source for plant startup. The plant has the capability to start up and operate independently from the offsite power system in island mode as discussed in Section 8.3.1.

8.2.2 Analysis 8.2.2.1 Analysis of Offsite Power System Conformance with Regulatory Framework This section describes the extent to which the design of the offsite power system conforms to NRC requirements and guidance.

General Design Criteria 17 The NuScale design supports an exemption from the GDC 17 requirements for an offsite power system as described in Section 3.1.2. The passive design of the plant does not rely on an offsite power system to ensure that specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded as a result of anticipated operational occurrences or to maintain core cooling or containment integrity in the event of postulated accidents, as discussed in Section 15.0.0. In addition, the offsite power system is not relied upon to provide power for risk-significant functions.

NuScale Final Safety Analysis Report Offsite Power System NuScale US460 SDAA 8.2-2 Revision 1 General Design Criteria 18 As described above, the NuScale design supports an exemption from GDC 17.

Accordingly, the design supports an exemption from the GDC 18 inspection and testing requirements (Section 3.1.2).

General Design Criteria 33 The NuScale design supports an exemption from GDC 33, as described in Section 3.1.4.

General Design Criteria 34, 35, 38, 41, and 44 The plant design complies with a set of principal design criteria in lieu of these GDC, as described in Section 3.1.4. The principal design criteria do not include requirements for electric power systems.

10 CFR 50.63 The NuScale Power Plant conformance with 10 CFR 50.63 is described in Section 8.4.

Regulatory Guide 1.218 Regulatory Guide 1.218 provides guidance for monitoring the condition of cables that have been determined to fall within the scope of the maintenance rule (10 CFR 50.65). As discussed in Section 17.6, this is not applicable.

Branch Technical Position 8-3 The performance of grid stability studies is site-specific, but is not required because the plant does not rely on offsite power as described in Section 8.2.1.

Branch Technical Position 8-6 Branch Technical Position (BTP) 8-6 addresses the adequacy of offsite system voltages to Class 1E (safety-related) loads. The offsite power system does not supply power to Class 1E loads and does not support safety-related functions.

Accordingly, BTP 8-6 is not applicable to the offsite power system.

Branch Technical Position 8-9 The BTP 8-9 addresses the effects of transmission grid open-phase conditions as identified in NRC Information Notice 2012-03 and NRC Bulletin 2012-01. This guidance involves protection from a common cause AC power failure due to open phase conditions in the offsite power sources that are credited for GDC 17 and the effect on onsite safety-related buses and safety-related loads. The offsite power system does not support safety-related functions. In addition, failures of the offsite power system, including open phase conditions or a station blackout, do not prevent the operation of safety-related functions.

NuScale Final Safety Analysis Report Offsite Power System NuScale US460 SDAA 8.2-3 Revision 1 If the offsite power system is supplying power to the onsite AC power system, the electrical isolation between the augmented DC power system and equipment with safety-related functions, which is described in Section 7.1.2, ensures that the open phase conditions described in BTP 8-9 would not prevent the performance of safety-related functions.

Regulatory Guide 1.32 Regulatory Guide 1.32 addresses design criteria for safety-related power systems. The plant does not rely on an offsite power system to support or perform safety functions. Accordingly, Regulatory Guide 1.32 is not applicable to the offsite power system.

Regulatory Guide 1.68 Conformance with Regulatory Guide 1.68 is described in Section 14.2.

SECY 94-084 and SECY 95-132 Section 3.2 describes the SSC classification process, which did not identify safety-related loads for the offsite power system. Section 17.4 describes the methodology to establish risk-significance of SSC, which did not identify risk-significant loads for the offsite power system. The process for evaluating SSC against the RTNSS criteria is described in FSAR Section 19.3.

The lack of safety-related and risk-significant AC loads and the 72-hour SBO coping capability of the passive NuScale design as described in Section 8.4 obviate the need for an alternate AC power source or a safety-related emergency diesel generator, consistent with SECY 94-084 Parts F and G, which are confirmed in SECY 95-132.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-1 Revision 1 8.3 Onsite Power Systems Onsite power systems provide power to the plant loads during all modes of plant operation. The onsite power systems include alternating current (AC) power systems and direct current (DC) power systems. The plant safety-related functions are achieved and maintained without reliance on electrical power; therefore, neither the AC power systems nor the DC power systems are safety-related (Class 1E). The onsite power systems do not perform any risk-significant functions.

The nonsafety-related onsite AC power systems are described in Section 8.3.1. The nonsafety-related DC power systems are described in Section 8.3.2. Structures, systems, and components (SSC) classification methodology is provided in Section 3.2.

8.3.1 Alternating Current Power Systems 8.3.1.1

System Description

The onsite AC power systems distribute AC power to the onsite DC power systems (through battery chargers) and to the plant AC electrical loads during startup and shutdown, normal operation, and off-normal conditions. The NuScale Power Plant does not use nor include an emergency onsite AC power system.

The onsite AC power systems are shared among the NuScale Power Modules (NPMs), and include the following:

normal power distribution system

high voltage AC electrical distribution system (EHVS) with nominal bus voltage of 13.8 kV and 345 kV switchyard (Figure 8.3-1)

medium voltage AC electrical distribution system (EMVS) with nominal bus voltage of 4.16 kV (Figure 8.3-2a and Figure 8.3-2b)

low voltage AC electrical distribution system (ELVS) with nominal bus voltage of 480 V backup power supply system (BPSS) (Section 8.3.1.1.1)

The normal source of onsite AC electrical power is from the operating NPM turbine generators through the EHVS, the EMVS, and the ELVS. The EHVS contains the switchyard, which is connected to the offsite transmission grid, a micro-grid, or both, as described in Section 8.2.

If the NPMs are not operating, power to the plant loads is supplied from either the offsite power system or the BPSS, which consists of two backup diesel generators (BDGs) connected to the EMVS.

Island mode is a capability that allows operation of the NPMs without an offsite AC power supply. In island mode, the plant turbine generators independently provide power to onsite AC loads. Island mode is a nonsafety-related and non-risk-significant design feature that is not credited to meet regulatory criteria.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-2 Revision 1 For a plant that is connected only to a micro-grid or a dedicated service load, island mode represents a normal operating condition with one or more turbine generators providing power to the onsite and offsite AC loads. For a NuScale plant that is normally connected to an offsite power supply via a transmission grid, island mode represents a temporary operating condition until the grid operability is restored.

8.3.1.1.1 Backup Power Supply System The principal function of the nonsafety-related BPSS is to provide electrical power to the plant when the normal sources of AC power are not available.

The BDGs provide backup electrical power to the augmented DC power system (EDAS) and selected loads from various plant systems via connection to the EMVS. The BPSS is also capable of providing backup electrical power to loads supporting beyond design basis accident mitigation and performing a black start to recover from a total shutdown of all turbine generators without reliance on an external transmission grid. The BPSS delivers backup power to heating, ventilation, and air conditioning systems serving the battery and associated charger rooms to avoid prolonged periods of high ambient temperature. Other systems and equipment loads include select nonsafety-related, non-risk-significant loads that provide asset protection and operational flexibility.

The BDGs and associated equipment are designed to Seismic Category III requirements. The BDGs are independent and separated from each other to provide assurance that a fire or explosion in one BDG does not prevent operation of the other BDG.

8.3.1.2 Design Evaluation 8.3.1.2.1 Containment Electrical Penetration Assemblies The design of electrical penetration assemblies (EPAs) conforms to General Design Criterion (GDC) 50. This section describes the electrical design requirements for EPAs as they relate to compliance with GDC 50. The containment system, including EPAs, can accommodate the calculated pressure and temperature conditions resulting from a loss-of-coolant accident in accordance with GDC 50 as described in Section 6.2.1. The mechanical design requirements for EPAs are described in Section 3.8.2. The environmental qualification requirements for EPAs are described in Section 3.11.2.

The electrical penetration assemblies are designed in accordance with Institute of Electrical and Electronics Engineers (IEEE) Standard 317-1983 (Reference 8.3-9) as endorsed by Regulatory Guide (RG) 1.63. The EPAs are provided with external circuit protection per Section 5.4 of IEEE Standard 741-1997 (Reference 8.3-10), which is consistent with the 1986 version endorsed by RG 1.63 with the following clarifications.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-3 Revision 1 Self-limiting circuits are those circuits that use EPAs, are not equipped with protection devices, and are supported by analysis that determines that the maximum fault current in these circuits would not damage the penetration if that current is available indefinitely. For these circuits, consideration of special protection devices is not required. For circuits that are not self-limiting, primary and backup protective devices are provided. Electrical penetration assemblies are designed to withstand the maximum available fault and overload currents for the time sufficient for operation of backup devices in case of failure of the primary protection devices.

Circuits contained in some of the EPAs support safety-related functions and are classified as Class 1E. Protection devices for non-Class 1E circuits using EPAs are not required to be treated as Class 1E.

As described in Section 7.1.2, divisional separation for Class 1E circuits is in accordance with Reference 8.3-6, which is endorsed by RG 1.75, Physical Independence of Electric Systems.

8.3.1.2.2 Onsite Alternating Current Power System Conformance with Regulatory Framework This section describes the extent to which the design of the main onsite AC power system, including the EHVS, the EMVS, the ELVS, and the BPSS, conforms to Nuclear Regulatory Commission (NRC) requirements and guidance. As such, the information in this section provides clarification for the associated entries in Table 8.1-1. Table 8.3-2 identifies SSC classifications for EHVS, EMVS, ELVS, and BPSS.

General Design Criterion 2 The onsite AC power system does not contain SSC that are required to function in the event of natural phenomena. Nonsafety-related SSC with the potential for adverse seismic interaction with Seismic Category I SSC are designed to Seismic Category II requirements so that their failure does not affect the ability of safety-related SSC to perform their intended functions.

General Design Criterion 4 The onsite AC power system does not contain SSC required to function under adverse environmental conditions associated with postulated accidents, including a loss-of-coolant accident. The nonsafety-related AC power system SSC are designed to operate within the environmental conditions associated with normal operation, maintenance, and testing. Failure of the onsite AC power system components does not introduce adverse environmental conditions that would affect the ability of safety-related SSC to perform their intended functions.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-4 Revision 1 General Design Criterion 5 The onsite AC power systems are shared among NPMs. Failures affecting the onsite AC power systems do not affect the ability to achieve and maintain NPM safety functions, including the assumption that a design basis event occurs in one NPM.

General Design Criterion 50 The electrical design requirements for electrical penetration assemblies comply with GDC 50 as described in Section 8.3.1.2.1.

10 CFR 50.63 The NuScale design conformance with 10 CFR 50.63 is described in Section 8.4.

8.3.2 Direct Current Power Systems 8.3.2.1

System Description

The onsite DC power systems include the EDAS and the normal DC power system (EDNS). These systems are described in the following sections.

8.3.2.1.1 Augmented Direct Current Power System The EDAS comprises two DC subsystems that provide a continuous, failure-tolerant source of 125 Vdc power to assigned plant loads during normal plant operation and for a specified minimum duty cycle following a loss of AC power. The EDAS-common (EDAS-C) plant subsystem serves plant common loads that have functions that are not specific to a single NPM. These functions include main control room (MCR) emergency lighting and post-accident monitoring (PAM) information displayed in the MCR. The EDAS-module-specific (EDAS-MS) plant subsystem consists of separate and independent DC electrical power supply systems, one for each NPM.

The EDAS-MS consists of four power channels and EDAS-C consists of two power divisions. The EDAS-MS and EDAS-C are capable of providing uninterrupted power to their loads. The EDAS-MS channels A and D have a specified minimum battery duty cycle of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, and EDAS-MS channels B and C have a specified minimum battery duty cycle of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The EDAS-C power divisions have a specified minimum battery duty cycle of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The 24-hour battery duty cycle of EDAS-MS channels A and D is specified to preclude unnecessary ECCS valve actuation for a minimum of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> following a postulated loss of AC power, unless a valid ECCS actuation signal is received (Section 6.3.2 contains additional information on ECCS operation).

The 72-hour battery duty cycle for EDAS-MS channels B and C and EDAS-C provides a minimum of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of DC electrical power for MCR normal and emergency lighting and certain equipment supporting PAM. These EDAS-MS

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-5 Revision 1 and EDAS-C functions are not credited to meet the acceptance criteria for design basis event analyses in Chapter 15.

Figure 8.3-3, Figure 8.3-4a, and Figure 8.3-4b provide simplified one-line diagrams of the EDAS-C and EDAS-MS subsystems, respectively, and show the demarcation between the EDAS and the Class 1E instrumentation and controls equipment served by the EDAS-MS.

The source of electrical supply to the EDAS-C and EDAS-MS battery chargers is the ELVS.

Each common plant subsystem division contains one battery, two independent and redundant battery chargers, and one DC distribution panel assembly. Each distribution panel assembly consists of a fused disconnect switch, breakers, relays, metering, associated interconnections, and supporting structure.

Each EDAS-C battery charger is designed to supply electrical power to its connected loads while simultaneously recharging its associated battery from the design minimum charge state to 95 percent of full charge within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

Upon a loss of power to battery chargers, both Division I and Division II EDAS-C batteries are capable of supplying connected plant loads for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The batteries are described further below.

The EDAS-MS for an NPM provides electrical power for the MPS and other loads associated with that NPM. The EDAS-MS contains four power channels for each module. Power channels A and C are a part of EDAS Division I.

Power channels B and D are a part of EDAS Division II. Each power channel contains one battery, one battery charger, and one DC distribution panel assembly. Each distribution panel assembly consists of a bus, fused disconnect switch, tie breaker, breakers, relays, metering, associated interconnections, and supporting structures.

The EDAS-MS battery chargers normally supply power to plant loads in addition to maintaining the batteries fully charged. Upon a loss of power to all battery chargers, the bus and connected loads remain energized directly from the parallel connection with the batteries. Each EDAS-MS power channel charger is sized to carry 100 percent of the divisional DC bus loading during normal plant operation. In the event of a loss of a charger for maintenance or equipment failure, the divisional power channels can be connected together with the functional battery charger providing power to the divisional loads while maintaining connected batteries on float charge. Each EDAS-MS battery is sized with sufficient capacity to provide power to ECCS Hold Mode loads for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. The EDAS-MS channel B and channel C are designed with additional capacity to provide battery power to PAM-only mode loads for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />; PAM-only mode is described in Section 7.0.4.

The BDGs provide additional capability to preserve battery capacity during the time when normal AC power to the battery chargers is not available by

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-6 Revision 1 supplying 480 Vac input power to the battery chargers via connection to the EMVS to supply the connected loads and recharge the batteries.

The EDAS is a non-Class 1E power system and is non-risk-significant.

Augmented design, qualification, and quality assurance (QA) provisions are applied to the EDAS as described throughout Section 8.3.2. Table 8.3-2 identifies SSC classifications for EDAS.

An evaluation of EDAS component failures is provided in Table 8.3-1. The evaluation does not assume that each component single failure occurs concurrently with the unavailability of the redundant EDAS channel (EDAS-MS) or EDAS division (EDAS-C). The results demonstrate the reliability of the system to perform its functions and that failures in the EDAS do not prevent safety-related functions from being achieved and maintained.

An evaluation of the EDAS reliability was performed. Using the generic failure probabilities from Section 19.1.4, the EDAS supports the mission requirements.

The EDAS and equipment is designed to allow testing online or offline during normal operation. The batteries and battery chargers can be isolated from the rest of the subsystem for testing. Local and remote indications in the control room ensure the ability for continuously monitoring the batteries, battery chargers, and DC buses during test conditions.

The battery monitor system (BMS) provides continuous monitoring of EDAS battery parameters indicative of battery performance.

The EDAS provides DC power only to DC loads. Therefore, inverters are not required or included in the EDAS design.

The EDAS operates ungrounded. Therefore, there are no connections to ground from either the positive or negative legs of the EDAS batteries or chargers. An ungrounded DC system ensures system reliability and availability in the event one of the system legs becomes grounded. The EDAS includes ground fault detection devices and relays consistent with the recommendations of IEEE Standard 946-2020 (Reference 8.3-5).

Physical separation is achieved by installing equipment in different rooms that are separated by 3-hour fire barriers. The EDAS-MS Division I cables (channels A and C) and raceways are routed separately from EDAS-MS Division II cables (channels B and D) and raceways. Similarly EDAS-C Division I cables and raceways are routed separately from EDAS-C Division II cables and raceways. Although EDAS electrical power is not required to achieve a safe shutdown, this separation ensures that equipment in one fire area rendered inoperable by fire, smoke, hot gases, or fire suppressant does not affect the availability of the redundant equipment located in another fire area. The fire protection features and analyses are described in Section 9.5.1.

The EDAS-MS equipment is shown on Figure 8.3-4a and Figure 8.3-4b.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-7 Revision 1 EDAS equipment that provides backup power is designed to Seismic Category I standards as discussed in Section 3.7 and Section 3.10.

Augmented Direct Current Power System Batteries Each EDAS battery comprises valve-regulated lead-acid (VRLA) type cells connected in series to generate 125 Vdc. The EDAS includes augmented design provisions for batteries. The batteries are designed and installed per IEEE Std. 1187-2013. Maintenance and testing is performed in accordance with IEEE Std. 1188-2005(R2010) with 2014 amendment. The batteries are sized per IEEE Std. 485-2020. Instrumentation, indication, and alarms conform with IEEE Std. 946-2020, IEEE Std. 1491-2012, IEEE Std. 1187-2013, and IEEE 1188-2005.

8.3.2.1.2 Normal Direct Current Power System The EDNS is a non-Class 1E DC power system classified as nonsafety-related and non-risk-significant. Table 8.3-2 identifies SSC classifications for EDNS. The EDNS does not serve safety-related loads, and it does not have safety-related functional requirements during plant startup, normal operation, shutdown, or abnormal operation.

The EDNS is shared among the NPMs and provides both DC power and AC power (through inverters) to nonsafety-related loads that support functions related to investment protection and power generation (i.e., the loads that are part of plant permanent nonsafety systems). A simplified layout of the EDNS is shown in Figure 8.3-5.

8.3.2.2 Design Evaluation 8.3.2.2.1 Onsite Direct Current Power System Conformance with Regulatory Framework This section describes the extent to which the design of the onsite DC power systems, including the EDAS and the EDNS electrical equipment, conforms to NRC requirements and guidance. As such, the information in this section provides clarification for the associated entries in Table 8.1-1.

General Design Criterion 2 The EDNS is not required to function in the event of natural phenomena events. The EDNS structures, systems, and components with the potential for adverse seismic interaction with Seismic Category I SSC are designed to Seismic Category II requirements so that their failure does not affect the ability of safety-related SSC to perform their intended functions. The EDAS is augmented to comply with GDC 2 requirements for increased reliability and availability. The EDAS structures, systems, and components are located in Seismic Category I areas of the plant, specifically in the Reactor Building and in areas of the Control Building (CRB) that are designed to withstand the

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-8 Revision 1 effects of and function following natural phenomena such as earthquakes, tornadoes, hurricanes, floods, and externally-generated missiles.

The EDAS structures, systems, and components are further augmented by applying design, qualification, and QA provisions typically applied to Class 1E DC power systems using a graded approach. The graded approach is reflected in the EDAS design, qualification, and QA provisions detailed in this Chapter and the Quality Assurance Program Description. Augmented DC power system SSC that provide backup DC electrical power meet Seismic Category I standards per Reference 8.3-14.

General Design Criterion 4 The EDAS complies with GDC 4 requirements. The EDAS design accommodates the effects of environmental conditions by applying augmented provisions for the design, qualification, and QA typically applied to Class 1E DC power systems using a graded approach. The graded approach is reflected in the EDAS design, qualification, and QA provisions detailed in this Chapter and the Quality Assurance Program Description. The EDAS is located in a mild environment as defined in 10 CFR 50.49(c), such that it is not subject to the requirements of 10 CFR 50.49. The physical locations of the EDAS-MSs and EDAS-C within the Reactor Building and the CRB, respectively, provide the EDAS with protection from dynamic effects, including the effects of missiles, pipe whipping, and discharging fluids.

The Reactor and Control Building HVAC systems provide EDAS structures, systems, and components with ventilation including cooling, heating, humidity control, and hydrogen dilution in accordance with Reference 8.3-7, Reference 8.3-8, and Reference 8.3-12. The BPSS delivers backup power to heating, ventilation, and air conditioning systems serving the battery and associated charger rooms to avoid prolonged periods of high ambient temperature.

The EDAS batteries are environmentally qualified per Reference 8.3-13.

General Design Criterion 5 As shown on Figure 8.3-4a and Figure 8.3-4b, the EDAS-MS is not shared among NPMs. Specifically, portions of the EDAS that supply electrical power to the MPS are not shared. Each NPM is provided with a dedicated EDAS-MS.

Sharing of the EDAS-C is shown on Figure 8.3-3. A postulated loss of power or power fluctuation on the EDAS-C would not result in adverse interactions among NPMs, and would not impair the performance of safety-related functions necessary to achieve and maintain safe shutdown of the NPMs.

A failure in the EDNS system does not impair the ability to achieve and maintain NPM safety-related functions.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-9 Revision 1 General Design Criterion 50 The electrical design requirements for electrical penetration assemblies comply with GDC 50 as described in Section 8.3.1.2.1.

10 CFR 50.63 The design conformance with 10 CFR 50.63 is described in Section 8.4.

Regulatory Guide 1.68 The EDAS preoperational testing is performed as part of the Initial test program described in Section 14.2.12.

Regulatory Guide 1.75 The onsite electric DC power systems do not perform safety-related functions and do not contain Class 1E circuits. Therefore, the DC electric power systems are outside the scope of RG 1.75 and IEEE Std 384-1992, which specify criteria for establishing and maintaining electrical independence of safety-related equipment and circuits. Notwithstanding, the physical separation, electrical independence, and identification criteria of RG 1.75 and IEEE Std. 384-1992 are applied to the EDAS as an augmented quality provision.

8.3.2.2.2 Electrical Power System Calculations and Distribution System Studies for Direct Current Systems The following information describes the calculations and studies that are developed for the DC power systems. The calculations are performed using the Electrical Transient Analyzer Program computer software (Reference 8.3-3).

The EDAS and EDNS load-flow analyses are performed in accordance with IEEE 485-2020 and IEEE 946-2020.

Short-circuit analyses are performed for the EDAS-MS and EDAS-C subsystems. These analyses are performed in accordance with IEEE Standard 946-2020 (Reference 8.3-5) and IEEE Standard 242-2001 (Reference 8.3-2) methodologies.

The DC equipment is sized using the methodologies in Reference 8.3-2, Reference 8.3-4, Reference 8.3-5, and Reference 8.3-11.

Equipment protection and coordination studies are performed in accordance with Reference 8.3-2, Reference 8.3-5, and Reference 8.3-11.

The EDAS battery chargers supplied by the ELVS provide electrical isolation between the AC power system and the EDAS.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-10 Revision 1 The EDAS is isolated from the NMS and MPS by Class 1E isolation devices that are described in Section 7.0.4 and Section 7.1.2. Electrical isolation of safety-related loads from the DC power systems ensures that variations in voltage, frequency, and waveform (harmonic distortion) in the DC power systems do not degrade the performance of safety-related systems.

8.3.2.2.3 Grounding The EDAS power supply system is operated ungrounded. Neither the positive nor the negative leg is grounded during normal operation. Therefore, a connection to ground on either the positive or negative leg does not change the DC system voltage; it is only referenced to ground at that point. However, structures and components of the EDAS are connected to the station ground grid to provide personnel and equipment protection.

The EDAS design incorporates ground detection features to identify when a connection to ground occurs on either the positive or negative leg of the DC system.

8.3.2.3 Inspection and Testing Augmented Direct Current Power System Periodic inspection and testing is performed on the EDAS for operational, commercial, and plant investment protection purposes.

The EDAS is designed to permit appropriate periodic inspection and testing to assess the operability and functionality of the systems and the condition of their components. Specifically, the EDAS design allows for removing portions of the system from operation without affecting continued operation of the plant.

Protection devices are capable of being tested, calibrated, and inspected.

Preoperational tests are conducted to confirm battery capacity and verify proper operation of the EDAS. These tests are within the scope of the initial test program described in Section 14.2.

8.3.2.4 Instrumentation and Controls The MCR and remote monitoring and control of certain onsite DC power system components is provided by the plant control system and the module control system.

The EDAS includes provisions for indication of system status in the main control room. Indication readouts and alarms are provided in accordance with Reference 8.3-1, Reference 8.3-5, Reference 8.3-7, and Reference 8.3-8.

Each EDAS-C and EDAS-MS battery has a battery monitor connected that provides continuous monitoring of EDAS battery performance characteristics, including temperature deviations, discharges, and voltage excursions that exceed predefined tolerances.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-11 Revision 1 8.3.3 References 8.3-1 Institute of Electrical and Electronics Engineers, IEEE Guide for Selection and Use of Battery Monitoring Equipment in Stationary Applications, IEEE Standard 1491-2012, Piscataway, NJ.

8.3-2 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Protection and Coordination of Industrial and Commercial Power Systems (IEEE Buff Book)," IEEE Standard 242-2001, Piscataway, NJ.

8.3-3 Electrical Transient Analyzer Program [Computer Program]. (2016). Irvine, CA: Operation Technology, Inc.

8.3-4 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Sizing Lead-Acid Batteries for Stationary Applications," IEEE Standard 485-2020, Piscataway, NJ.

8.3-5 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for the Design of DC Auxiliary Power Systems for Generating Stations," IEEE Standard 946-2020, Piscataway, NJ.

8.3-6 Institute of Electrical and Electronics Engineers, "IEEE Standard Criteria for Independence of Class 1E Equipment and Circuits," IEEE Standard 384-1992, New York, NY.

8.3-7 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Installation Design and Installation of Valve-Regulated Lead-Acid Batteries for Stationary Applications," IEEE Standard 1187-2013, New York, NY.

8.3-8 Institute of Electrical and Electronics Engineers, "IEEE Recommended Practice for Maintenance, Testing, and Replacement of Valve-Regulated Lead-Acid (VRLA) Batteries for Stationary Applications," IEEE Standard 1188-2005, New York, NY.

8.3-9 Institute of Electrical and Electronics Engineers, "IEEE Standard for Electrical Penetration Assemblies in Containment Structures for Nuclear Power Generating Stations," IEEE Standard 317-1983, New York, NY.

8.3-10 Institute of Electrical and Electronics Engineers, "IEEE Standard Criteria for the Protection of Class 1E Power Systems and Equipment Nuclear Power Generating Stations," IEEE Standard 741-1997, New York, NY.

8.3-11 Institute of Electrical and Electronics Engineers, IEEE Guide for the Protection of Stationary Battery Systems, IEEE Standard 1375-1998, Piscataway, NJ.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-12 Revision 1 8.3-12 Institute of Electrical and Electronics Engineers, IEEE/ASHRAE Guide for the Ventilation and Thermal Management of Batteries for Stationary Applications, IEEE Standard 1635-2012, New York, NY.

8.3-13 Institute of Electrical and Electronics Engineers, IEEE Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations, IEEE Standard 323-2003, New York, NY.

8.3-14 Institute of Electrical and Electronics Engineers, IEEE Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations, IEEE Standard 344-2013, New York, NY.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-13 Revision 1 Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks Battery charger

  • Provide adequate DC current and voltage to the respective DC loads
  • Provide ability to charge battery while servicing normal DC loads No output voltage
  • AC input breaker (open)
  • DC output breaker (open)
  • Control circuitry failure
  • Feedback circuit failure
  • Blocking diode (open)
  • Human error (A) Loss of charger function (B) None (A) None (B) None Condition monitoring Battery monitor
  • Low float current
  • Low voltage
  • Battery discharge Battery charger
  • Low voltage
  • Charger trouble
  • AC/DC failure Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Battery assumes loads and begins to discharge.

EDAS-MS tie breaker or EDAS-C standby battery charger can be used to restore power to the affected channel.

Component misoperation Loss of AC input

  • ELVS to EDAS motor control center (MCC) feed (open)
  • Human error
  • Software failure
  • Loss of all AC power (A) Loss of charger function (B) None (A) None (B) None Condition monitoring
  • MCS/MPS MCC status Battery Monitor
  • Low float current
  • Battery discharge DC distribution panel
  • Low voltage Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Loss of AC input is the entry condition for condition B, operation with a loss of AC.

Component misoperation

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-14 Revision 1 Battery charger (continued)

  • Provide adequate DC current and voltage to the respective DC loads
  • Provide ability to charge battery while servicing normal DC loads (continued)

Low output voltage

  • Open diode
  • Control circuitry degradation
  • Feedback circuitry degradation
  • Human error
  • Software failure (A) Loss of charger function (B) None (A) None (B) None Condition monitoring Battery monitor
  • Low float current
  • Low individual cell voltage (ICV)
  • Low voltage
  • Battery discharge Battery charger
  • Low voltage DC distribution panel
  • Low voltage Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Battery assumes loads and begins to discharge.

EDAS-MS tie breaker can be closed to restore power to the affected channel.

Incorrect charger adjustment Erratic output voltage (high ripple)

  • Control circuitry degradation
  • Feedback circuity degradation
  • Ripple filter degradation (A) Battery charger voltage cycles above and below the battery open circuit voltage subject the battery to alternating charge/discharge cycles. Battery heating concern Loss of charger function (B) None (A) None (B) None Condition monitoring Battery monitor
  • AC ripple current
  • Erratic float current Battery charger
  • Low/high voltage
  • Charger trouble DC distribution panel
  • Low/high voltage Acceptable Charger could be removed from service and EDAS-MS tie breaker can be closed to restore power to the affected channel.

Long term reliability issue resulting in accelerated battery wear Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-15 Revision 1 Battery charger (continued)

  • Provide adequate DC current and voltage to the respective DC loads
  • Provide ability to charge battery while servicing normal DC loads (continued)

High output voltage

  • Diode short
  • Control circuitry degradation
  • Feedback circuitry degradation
  • Human error
  • Software failure (A) DC bus voltage increases until operator action is taken or the high DC voltage shutdown set point is reached. Battery is overcharged while voltage exceeds the nominal float voltage band. Loss of charger function (B) None (A) Affected separation channel/division DC-DC converters isolate on high voltage or loss of voltage Non-consequential failure(2)

(B) None Condition monitoring Battery monitor

  • High float current
  • High battery string voltage Battery charger
  • High voltage
  • High voltage shutdown DC distribution panel
  • High voltage Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Operator or automatic DC high voltage shutdown actions are not required to protect the safety loads.

Incorrect charger adjustment Loss of current limit

  • Current limit circuit failure
  • Human error (A) Loss of charger function (B) None (A) None (B) None Condition monitoring Battery monitor
  • High battery charge current
  • Temperature monitoring Battery charger
  • Charger trouble alarm
  • Low voltage alarm Acceptable AC input or DC output breaker opens. Battery begins to discharge.

This failure only affects EDAS in the event of a DC fault or upon AC power restoration where discharged batteries are being recharged.

Incorrect adjustment Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-16 Revision 1 Battery charger (continued)

  • Provide adequate DC current and voltage to the respective DC loads
  • Provide ability to charge battery while servicing normal DC loads (continued)

DC ground fault Loss of Insulation (A) None (B) None (A) None (B) None Condition monitoring Battery charger

  • Ground detection DC distribution panel
  • Ground fault alarm Acceptable Single loss of insulation on one leg of the DC system (positive or negative).

Single ground fault has no effect on an ungrounded DC system. A ground fault monitoring system is provided by the battery charger and DC distribution panel.

Applies to a ground fault at any location on EDAS.

AC ground fault Loss of Insulation (A) Loss of charger function (B) None (A) None (B) None Condition monitoring AC ground fault detector

  • ELVS is high resistance grounded detection of neutral current through HRG resistor Battery charger
  • AC power failure Acceptable ELVS MCC is removed from service battery assumes load and begins to discharge.

EDAS-MS tie breaker can be closed to restore power to the affected channel.

Charger AC blocking function fault AC source becomes load on battery (A) None (B) None (A) None (B) None Condition monitoring Battery charger

  • Charger trouble alarm
  • Low voltage alarm Acceptable Battery charger can only transfer power from AC to DC.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-17 Revision 1 Battery charger (continued)

  • Provide adequate DC current and voltage to the respective DC loads
  • Provide ability to charge battery while servicing normal DC loads (continued)

Series output diode short Blocking diode short (A) None (B) Battery discharges through ripple filter and battery eliminator.

Ability to meet power channel duty cycle may be impacted.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Battery discharge current
  • Low ICV Periodic testing
  • Component testing Acceptable Fault only occurs if the amount of loss through the filter exceeds the battery margin.

VRLA battery string

  • Backup supply power to 125 DC distribution panel Reduced battery string capacity Plate short (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-18 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Positive plate corrosion (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Visual inspection (case bulge)
  • Capacity testing Acceptable Active material failure (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Capacity testing Acceptable Post seal leakage (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Visual inspection (corrosion/electrolyte)
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-19 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Dryout (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • High float current
  • High negative post temperatures Periodic testing
  • Capacity testing Acceptable Thermal runaway (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Temperature monitoring
  • High float current Acceptable Battery chargers are temperature compensated which removes the source of external power required to drive VRLA batteries into thermal runaway.

Negative plate self discharge (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Capacity testing Acceptable Battery monitor detects ICV voltage less than battery critical voltage in real time.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-20 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Temperature effects (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Visual Inspection (jar degradation)
  • Capacity testing Acceptable Seal or valve failures (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • High float current Periodic testing
  • Visual inspection
  • Capacity testing Acceptable Loss of absorbent glass mat compression (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • High float current Periodic testing
  • Capacity testing Acceptable Non-electrolyte starved VRLA battery designs (gel cells) are not affected by this failure.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-21 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Intercell/intertier corrosion (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell/Intertier resistance change Periodic testing
  • Visual Inspection (connector corrosion)
  • Capacity testing Acceptable Ripple current (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Temperature monitoring
  • AC ripple current Periodic testing
  • Capacity testing
  • Battery charger testing Acceptable Container cracks (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • High float current Periodic testing
  • Visual inspection (case cracks)
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-22 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Sulfation (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change-Low float current Periodic testing
  • Capacity testing Acceptable Overcharging (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • High string voltage
  • High float current
  • Intercell resistance change Periodic testing
  • Capacity testing Acceptable Long term aging mechanism Undercharging (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Low float current Periodic testing
  • Capacity testing Acceptable Long term aging mechanism Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-23 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Reduced battery string capacity (continued)

Grid, paste, strap weld defect (A) None (B) Single power channel may not meet duty cycle.

Non-consequential failure(2)

(A) None (B Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change Periodic testing
  • Capacity testing Acceptable Typically found during acceptance testing Low battery string voltage Plate short (A) None (B) Single power channel does not meet duty cycle.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current change Periodic testing
  • Capacity testing Acceptable Intercell/intertier corrosion (A) None (B) Single power channel does not meet duty cycle.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage before meeting duty cycle requirements.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell/intertier resistance change DC distribution panel
  • Low voltage alarm Periodic testing
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-24 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

EDAS-MS Fire

  • Thermal runaway
  • High resistance connection (A) None (B) Fire is assumed to destroy both batteries resulting in an EDAS-MS subsystem failure(5)

(A) None.

(B) Results in a consequential failure(5)

Condition monitoring Fire detection system

  • Fire alarm Battery monitor
  • Float current
  • Temperature monitoring
  • Intercell/intertier resistance change Battery charger
  • Temperature compensation Acceptable (A)Batteries and chargers are separated by fire barriers and divisionally separated.

A division of EDAS power is maintained no safety functions are impacted.

The battery monitor detects a differential temperature between the negative post and ambient temperature.

Battery chargers are temperature compensated which removes the source of external power required to drive VRLA batteries into thermal runaway.

Battery open circuit Positive plate corrosion (A) None (B) Single power channel does not provide adequate current and voltage.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current monitoring Periodic testing
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-25 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Battery open circuit (continued)

Thermal runaway (A) None (B) Single power channel does not provide adequate current and voltage.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current monitoring
  • Temperature monitoring Periodic testing
  • Capacity testing Acceptable The battery monitor detects a differential temperature between the negative post and ambient temperature.

Battery chargers are temperature compensated which removes the source of external power required to drive VRLA batteries into thermal runaway.

Intercell/intertier corrosion (A) None.

(B) Single power channel does not provide adequate current and voltage.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current monitoring Periodic testing
  • Capacity testing Acceptable Grid, paste, strap weld defect (A) None (B) Single power channel does not provide adequate current and voltage.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current monitoring Periodic testing
  • Capacity testing Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-26 Revision 1 VRLA battery string (continued)

  • Backup supply power to 125 DC distribution panel (continued)

Battery open circuit (continued)

Dryout (A) None (B) Single power channel does not provide adequate current and voltage.

Non-consequential failure(2)

(A) None.

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Intercell resistance change
  • Float current monitoring Periodic testing
  • Capacity testing Acceptable Severe dryout where the glass mat separates from the active material can appear as an open circuit.

DC distribution panel

  • Provides continuity between the EDAS sources and loads
  • Provides for indication of EDAS parameters Short
  • Insulation breakdown
  • Foreign material
  • Fire (A) Loss of power channel. Upstream protective devices actuate.

Non-consequential failure(2)

(B) Loss of power channel. Upstream protective devices actuate.

Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment loss indications Fire detection system
  • Fire alarm Battery monitor
  • Low string voltage
  • Float current monitoring
  • Battery current DC distribution panel
  • Low DC voltage Battery charger
  • Battery charger current
  • Charger trouble alarm Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-27 Revision 1 DC distribution panel (continued)

  • Provides continuity between the EDAS sources and loads
  • Provides for indication of EDAS parameters (continued)

Open

  • Material defect
  • Fire (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Fire detection system

  • Fire alarm Battery monitor
  • Low string voltage
  • Float current monitoring DC distribution panel
  • Low DC voltage
  • Equipment loss indications Battery charger
  • Battery charger current
  • Charger trouble alarm Acceptable EDAS-MS fire DC switchgear room fire (A) Loss of division power Consequential failure(5)

(B) Loss of division power Consequential failure(5)

(A) DC-DC converter isolation devices disconnect the respective divisional loads.

Consequential failure(5)

(B) DC-DC converter isolation devices disconnect the respective divisional loads.

Consequential failure(5)

Condition monitoring Fire detection system

  • Fire alarm Battery monitor
  • Low string voltage
  • Float current monitoring DC distribution panel
  • Low DC voltage
  • Equipment loss indications Acceptable Fire assumed to destroy all divisional equipment in the respective EDAS switchgear rooms.

A division of EDAS power is maintained. No safety functions are impacted.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-28 Revision 1 Fused disconnect switch Battery to test load

  • Protective device that protects the battery and test load
  • Provides ability to connect the battery to a test load Open
  • Fuse failure
  • Human error (A) None (B) None (A) None (B) None Condition monitoring Battery monitor
  • Lowe string voltage
  • Float current monitoring Acceptable Test disconnect only used during maintenance activates Interrupts capacity testing Closure of test disconnected is alarmed in the MCR.

Component misoperation Short circuit

/fuse fails to interrupt Material defect (A) None (B) None (A) None (B) None Condition monitoring Battery monitor

  • Low string voltage
  • Float current
  • Battery current Battery charger
  • Battery test disconnect closed Acceptable Test disconnect only used during maintenance activates Closure of test disconnected is alarmed in the MCR.

Component misoperation Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-29 Revision 1 Battery charger and DC distribution Panel protective devices

  • Provides short circuit protection and continuity from the battery charger to the DC switchgear Open
  • Device failure
  • Human error (A) Loss of charger function (B) None (A) None (B) None Condition monitoring
  • Equipment alarms Battery monitor
  • Low float current
  • Low string voltage
  • Battery discharge Battery charger
  • Battery charger current
  • Battery charger output open DC distribution panel Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Component misoperation Loads supplied by battery Fail to interrupt Device failure (A) Loss of charger function (B) None (A) None (B) None Condition monitoring
  • Equipment alarms Battery monitor
  • Low float current
  • Low string voltage
  • Battery discharge Battery charger Local indications
  • Charger panel indications
  • DC distribution panel indications Acceptable Upstream/downstream device clears fault Loads supplied by the battery Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-30 Revision 1 Protective device battery to DC switchgear

  • Provides short circuit protection and continuity from the battery to the DC distribution panel
  • Allows the battery to be disconnected from the DC switchgear Open
  • Device failure
  • Human error (A) None (B) Loss of power channel Non-consequential failure(2)

(A) None (B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring Battery monitor

  • Low string voltage
  • Float current monitoring Battery charger
  • Battery protective device open Acceptable Component misoperation Loads supplied by the battery charger Fail to interrupt Material defect (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Battery monitor
  • Low string voltage
  • Float current monitoring Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-31 Revision 1 Protective device DC distribution panel to individual load

  • Provides short circuit protection and continuity from the DC switchgear to the individual loads
  • Allows the DC switchgear to be disconnected from the Individual loads Open
  • Material defect
  • Human error (A) Loss of a single load Non-consequential failure(2)

(B) Loss of a single load Non-consequential failure(2)

(A) Loss of power to a single safety load Non-consequential failure(2)

(B) Loss of power to a single safety load Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Acceptable Component misoperation Loss of power to a single safety load remaining channel/division loads are still supplied Fail to interrupt Material defect (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Acceptable Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-32 Revision 1 Conductor

  • Conducts electrical power to respective EDAS loads Short Cable or bus failure (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Acceptable Bounded by DC switchgear failure Open Cable or bus failure (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

(A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Acceptable Bounded by DC switchgear failure Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-33 Revision 1 Power channel tie breaker

  • Cross connects the A&C/B&D divisional power channels in the event of a charger failure Inadvertent closure Human error (A) None (B) None (A) None (B) None Condition monitoring Battery monitor
  • Erratic float current
  • Erratic ICV Battery charger
  • Cross tie closed alarm Local indication
  • Breaker position Acceptable System misoperation during maintenance would require the manual closing of the cross tie breaker in two separate EDAS DC distribution panels
  • Administratively prohibited condition reduces reliability and may lead to non-equal load sharing. Long term reliability issue Fails to close Material defect (A) None (B) None (A) None (B) None Local indication
  • Breaker manually operated
  • Local current and voltage indications Acceptable Tie breaker is only closed in condition A when a power channel battery charger is out of service.

Battery assumes loads and begins to discharge.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-34 Revision 1 Power channel tie breaker (continued)

  • Cross connects the A&C/B&D divisional power channels in the event of a charger failure (continued)

Fail to interrupt Material defect (A) Loss of power channel Non-consequential failure(2)

(B) Loss of power channel Non-consequential failure(2)

A) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure (Sec.

2.5.3.2)

(B) Affected separation channel DC-DC converters isolate on low voltage.

Non-consequential failure(2)

Condition monitoring

  • Equipment alarms Acceptable Worse case fault is the cable between the DC distribution panels.

Acceptable Redundant device isolates the fault.

Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-35 Revision 1 Indication

  • Indicates status of the various components.

Examples include status lights and meters Fails short Material defect (A) None (B) None (A) None (B) None Local indication

  • Loss of indication Acceptable Indication device protective fusing opens preventing control power fuses from opening.

Note:

(1) (A) indicates condition A where normal EDAS or BPSS AC power supply available. (B) indicates condition B loss of all AC.

(2) Non-consequential failures are defined as either: (1) a loss of a single EDAS-MS power channel, which does not result in a production loss (reactor trip),

inadvertent ECCS actuation, or loss of PAM monitoring capability or (2) a loss of an EDAS-C division, which does not result in a production or asset loss.

(3) Any condition in which the EDAS cannot provide adequate current and voltage to the load side terminals of the branch circuit interrupting device is considered a channel/divisional failure. This specifically implies current and voltage conditions that causes the DC-DC converter Class 1E isolation to disconnect their safety loads from the EDAS.

(4) Any condition in which adequate current and voltage cannot be provided for the design duty cycle is considered a channel/divisional failure. This is a result of a condition that directly or indirectly reduces the capacity of the associated power channel/division battery string.

(5) Consequential failures are defined as either an EDAS-MS or EDAS-C subsystem functional failure. The following occurrences and consequences describe consequential failures:

Any failure of any two power channels of a module's EDAS-MS Reactor trip and ECCS actuation Any divisional failure of a module's EDAS-MS Reactor trip and ECCS actuation A failure of a module's EDAS-MS B and C power channels Reactor trip, ECCS actuation, and a loss of MPS PAM monitoring capability A failure of both EDAS-C divisions Loss of PPS, MCR lighting, and SDIS Table 8.3-1: Augmented Direct Current Power System Failure Modes and Effects Analysis (Continued)

Component Identification Function Failure Mode Failure Mechanism Effect on EDAS(1)(3)(4)

Effect on Interfacing Safety Systems(1)

Method of Failure Detection Remarks

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-36 Revision 1 Table 8.3-2: Classification of Structures, Systems, and Components SSC (Note 1)

Location SSC Classification (A1, A2, B1, B2)

Augmented Design Requirements (Note 2)

Quality Group/Safety Classification (Ref.

RG 1.26 or RG 1.143)

(Note 3)

Seismic Classification (Ref. RG 1.29 or RG 1.143) (Note 4)

BPSS, Backup Power Supply System All components All buildings B2 None N/A III EDAS, Augmented DC Power All components (except as listed below):

RXB/CRB B2 None N/A II EDAS-C, Division I & II:

  • Environmentally qualified
  • Module specific SSC not shared between modules per GDC 5

N/A I

EDAS-C, Division I & II:

  • DC distribution panel (including associated breakers)

RXB B2

  • Module specific SSC not shared between modules per GDC 5

N/A I

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-37 Revision 1 EDAS-MS All channels Division I & II:

  • Battery RXB B2
  • Environmental Qualification
  • Module specific SSC not shared between modules per GDC 5
  • Electrical SSC supporting prevention of unintended ECCS valve actuation shall be separated into two redundant load groups (Note 6)

N/A I

EDAS-MS All channels Division I & II:

  • DC distribution panel (including associated breakers)

RXB B2

  • Module specific SSC not shared between modules per GDC 5
  • Electrical SSC supporting prevention of unintended ECCS valve actuation shall be separated into two redundant load groups (Note 6)

N/A I

EHVS, High Voltage AC Electrical Distribution System All components Yard B2 None N/A III EMVS, Medium Voltage AC Electrical Distribution System All components Yard B2 None N/A III Table 8.3-2: Classification of Structures, Systems, and Components (Continued)

SSC (Note 1)

Location SSC Classification (A1, A2, B1, B2)

Augmented Design Requirements (Note 2)

Quality Group/Safety Classification (Ref.

RG 1.26 or RG 1.143)

(Note 3)

Seismic Classification (Ref. RG 1.29 or RG 1.143) (Note 4)

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-38 Revision 1 ELVS, Low Voltage AC Electrical Distribution System All components (except as listed below):

All buildings B2 None N/A III CRB motor control center 111 & 211 CRB B2 None N/A II RXB motor control center 11 & 21 RXB B2 None N/A II EDNS, Normal DC Power System All components Yard/TGB B2 None N/A III Note 1: Acronyms used in this table are listed in Table 1.1-1 Note 2: Additional augmented design requirements, such as the application of a Quality Group, Radwaste safety, or seismic classification, to nonsafety-related SSC are reflected in the columns Quality Group / Safety Classification and Seismic Classification, where applicable. Environmental Qualifications of SSC are identified in Table 3.11-1.

Note 3: Section 3.2.2.1 through Section 3.2.2.4 provides the applicable codes and standards for each RG 1.26 Quality Group designation (A, B, C, and D). A Quality Group classification per RG 1.26 is not applicable to supports or instrumentation. Section 3.2.1.4 provides a description of RG 1.143 classification for RW-IIa, RW-IIb, and RW-IIc.

Note 4: Where SSC (or portions thereof) as determined in the as-built plant that are identified as Seismic Category III in this table could, as the result of a seismic event, adversely affect Seismic Category I SSC or result in incapacitating injury to occupants of the control room, they are categorized as Seismic Category II consistent with Section 3.2.1.2 and analyzed as described in Section 3.7.3.8.

Note 5: IEEE Std 4.97-2016 as endorsed by RG 1.97 and implemented as described in Table 1.9-2 Note 6: Augmented design requirements for Physical Independence of Electrical Systems implemented in accordance with RG 1.75, Application of the Single-Failure Criterion to safety systems implemented in accordance with RG 1.53 and electrical SSC that support the prevention of unintended ECCS valve actuation shall be separated into two redundant load groups are applied at a system level.

Table 8.3-2: Classification of Structures, Systems, and Components (Continued)

SSC (Note 1)

Location SSC Classification (A1, A2, B1, B2)

Augmented Design Requirements (Note 2)

Quality Group/Safety Classification (Ref.

RG 1.26 or RG 1.143)

(Note 3)

Seismic Classification (Ref. RG 1.29 or RG 1.143) (Note 4)

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-39 Revision 1 Figure 8.3-1: High Voltage Alternating Current Electrical Distribution System

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-40 Revision 1 Note: Figure depicts a 6-module plant Figure 8.3-2a: Medium Voltage Alternating Current Electrical Distribution System (Common Portion)

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-41 Revision 1 Note: Figure depicts a 2-module plant Figure 8.3-2b: Medium Voltage Alternating Current Electrical Distribution System (Module-Specific Portion)

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-42 Revision 1 Figure 8.3-3: Augmented Direct Current Power System (Common)

DIVISION I BATTERY CHARGER DIVISION I DC DISTRIBUTION PANEL TO DIVISION I PPS CABINET MCC A

V DC OUTPUT BREAKER AC INPUT BREAKER BMS DIVISION I BATTERY MONITOR DIVISION I BATTERY TI BATTERY TEST TERMINAL TO DIVISION I PPS LOADS POWER TO DIVISION I SDI CHASSIS POWER TO DIVISION I SDI DISPLAY PANELS N.O.

N.O.

TO DIVISION I MCR LIGHTING DIVISION I STANDBY BATTERY CHARGER MCC A

V N.O.

DC OUTPUT BREAKER N.O.

AC INPUT BREAKER TI SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER DIVISION I STANDBY BATTERY CHARGER BREAKER DIVISION I BATTERY TEST DISCONNECT V

64 27 A

V TI V

V DIVISION I BATTERY BREAKER DIVISION I BATTERY CHARGER BREAKER DIVISION I MULTIFUNCTION RELAY DIVISION II BATTERY CHARGER DIVISION II DC DISTRIBUTION PANEL TO DIVISION II PPS CABINET MCC A

V DC OUTPUT BREAKER AC INPUT BREAKER BMS DIVISION II BATTERY MONITOR DIVISION II BATTERY TI BATTERY TEST TERMINAL TO DIVISION II PPS LOADS POWER TO DIVISION II SDI CHASSIS POWER TO DIVISION II SDI DISPLAY PANELS N.O.

N.O.

TO DIVISION II MCR LIGHTING DIVISION II STANDBY BATTERY CHARGER MCC A

V N.O.

DC OUTPUT BREAKER N.O.

AC INPUT BREAKER TI SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER DIVISION II STANDBY BATTERY CHARGER BREAKER DIVISION II BATTERY TEST DISCONNECT A

V TI V

V V

64 27 DIVISION II BATTERY BREAKER DIVISION II BATTERY CHARGER BREAKER DIVISION II MULTIFUNCTION RELAY NOTES:

 ED$S-C EQUIPMENT IS LOCATED IN THE CRB.

 REFER TO FIGURE 1.7-1 FOR SYMBOL LEGEND AND GENERAL NOTES.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-43 Revision 1 Figure 8.3-4a: Augmented Direct Current Power System (Module Specific)

BATTERY CHARGER DC DISTRIBUTION PANEL 60 CELLS 125 VDC 3

480 VAC INPUT 125 VDC OUTPUT TO SEPARATION GROUP A MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE S

NS CLASSBREAK MCC A

V AC INPUT BREAKER N.O.

BATTERY CHARGER DC DISTRIBUTION PANEL MCC DC OUTPUT BREAKER 3

480 VAC INPUT 125 VDC OUTPUT A

V AC INPUT BREAKER DC OUTPUT BREAKER BMS BATTERY MONITOR BMS BATTERY MONITOR BATTERY TI TI EDA POWER CHANNEL A EDA POWER CHANNEL C BATTERY TEST TERMINAL N.O.

BATTERY TEST TERMINAL N.O.

SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER CROSS TIE BREAKER A N.O.

SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER CROSS TIE BREAKER C TO DIVISION I MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION I MPS LOADS POWER DISTRIBUTION CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP A NMS CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP C MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION I MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION I LOADS POWER DISTRIBUTION CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP C NMS CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP C NMS FLOOD CLASS 1E ISOLATION DEVICE TO DIVISION I BIOSHIELD RADIATION MONITOR C EDA-MS DIVISION I POWER CHANNELS A AND C N.O.

N.O.

BATTERY TEST DS POWER CHANNEL TIE CONNECTION 60 CELLS 125 VDC BATTERY TEST DS A

V TI V

A V

TI V

V 64 27 V

64 27 BATTERY TEST DISCONNECT BATTERY TEST DISCONNECT BATTERY BATTERY BREAKER BATTERY BREAKER BATTERY CHARGER BREAKER BATTERY CHARGER BREAKER MULTIFUNCTION RELAY MULTIFUNCTION RELAY NOTES

 THIS DRAWING IS TYPICAL FOR ALL MODULES.

 REFER TO FIGURE 1.7-1 FOR SYMBOL LEGEND AND GENERAL NOTES.

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-44 Revision 1 THIS DRAWING IS TYPICAL FOR ALL MODULES.

Figure 8.3-4b: Augmented Direct Current Power System (Module Specific)

BATTERY CHARGER DC DISTRIBUTION PANEL 60 CELLS 125 VDC 3

480 VAC INPUT 125 VDC OUTPUT TO SEPARATION GROUP D MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE S

NS CLASSBREAK MCC A

V AC INPUT BREAKER N.O.

BATTERY CHARGER DC DISTRIBUTION PANEL MCC DC OUTPUT BREAKER 3

480 VAC INPUT 125 VDC OUTPUT A

V AC INPUT BREAKER DC OUTPUT BREAKER BMS BMS BATTERY MONITOR BATTERY BATTERY TI TI EDA POWER CHANNEL D EDA POWER CHANNEL B BATTERY TEST TERMINAL N.O.

BATTERY TEST TERMINAL N.O.

SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER CROSS TIE BREAKER D N.O.

SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER SUPPLY BREAKER CROSS TIE BREAKER B TO DIVISION II MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION II MPS LOADS POWER DISTRIBUTION CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP D NMS CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP B MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION II MPS LOGIC CABINET CLASS 1E ISOLATION DEVICE TO DIVISION II MPS LOADS POWER DISTRIBUTION CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP B NMS CLASS 1E ISOLATION DEVICE TO SEPARATION GROUP B NMS FLOOD CLASS 1E ISOLATION DEVICE TO DIVISION II BIOSHIELD RADIATION MONITOR B EDA-MS DIVISION II POWER CHANNELS B AND D N.O.

N.O.

BATTERY TEST DS POWER CHANNEL TIE CONNECTION 60 CELLS 125 VDC BATTERY TEST DS A

V TI V

A V

TI V

A 64 27 A

64 27 BATTERY MONITOR BATTERY TEST DISCONNECT BATTERY TEST DISCONNECT BATTERY BREAKER BATTERY BREAKER BATTERY CHARGER BREAKER BATTERY CHARGER BREAKER MULTIFUNCTION RELAY MULTIFUNCTION RELAY

NuScale Final Safety Analysis Report Onsite Power Systems NuScale US460 SDAA 8.3-45 Revision 1 Figure 8.3-5: Normal Direct Current Power System

NuScale Final Safety Analysis Report Station Blackout NuScale US460 SDAA 8.4-1 Revision 1 8.4 Station Blackout A station blackout (SBO) is a complete loss of offsite and onsite alternating current (AC) power concurrent with a turbine trip and the unavailability of onsite emergency AC power.

As described in Section 8.3, the NuScale Power Module (NPM) design does not rely on onsite or offsite AC power for the performance of safety-related functions during a design basis event. As a result, emergency onsite AC power is not included in the design.

The SBO duration for passive plant designs is 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> pursuant to Nuclear Regulatory Commission policy provided by SECY-94-084 and SECY-95-132 and the associated staff requirements memoranda. Passive plants are required to demonstrate safety-related functions can be performed without reliance on AC power for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> after the initiating event.

8.4.1 Station Blackout Analysis and Results The SBO does not pose a significant challenge to the plant, which does not rely on AC power for performing safety functions. A safe and stable shutdown is automatically achieved and maintained for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> without operator actions. The anticipated operational occurrence and long-term cooling acceptance criteria applied in the analyses presented in Chapter 15 demonstrate the acceptance criteria of 10 CFR 50.63 are met. The short-term NPM response to the SBO event is bounded by the transient results presented in Section 15.2.6. The transition to emergency core cooling system and long-term cooling in the SBO event is bounded by the long-term cooling analyses described in Section 15.0. As discussed in Section 9.2.5, the ultimate heat sink is capable of passive cooling for all modules for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> under accident conditions, which is bounding for the SBO event. For the SBO event, the emergency core cooling system actuates as designed, with no single failure. The water level in the reactor pressure vessel remains stable above the top of the active fuel.

8.4.2 Station Blackout Coping Equipment Assessment The equipment described in Sections 9.2.5, 15.0, and 15.2.6, which is relied upon to meet 10 CFR 50.63, is passive, safety-related, and environmentally qualified. Design bases accident conditions bound the SBO environment.

The control room remains habitable for the duration of the SBO event using the control room habitability system. The control room instrumentation to monitor the event mitigation and confirm the status of reactor cooling, reactor integrity, and containment integrity remains available. The control room habitability system is described in Section 6.4.

8.4.3 Station Blackout Procedures and Training Training and procedures to mitigate an SBO event are implemented in accordance with Section 13.2 and Section 13.5. The SBO mitigation procedures address SBO response (e.g., restoration of onsite standby power sources), AC power restoration (e.g., coordination with transmission system load dispatcher), and severe weather guidance (e.g., identification of site-specific actions to prepare for the onset of severe

NuScale Final Safety Analysis Report Station Blackout NuScale US460 SDAA 8.4-2 Revision 1 weather such as an impending tornado), as applicable. Restoration from an SBO event is contingent upon AC power being made available from the offsite power system (if provided) or the backup power supply system, which are described in Section 8.2 and Section 8.3.

Retrieved from "https://kanterella.com/w/index.php?title=ML23304A354&oldid=3766664"