ML23312A335

From kanterella
Jump to navigation Jump to search
OpESS 2023/02 (Public Draft for Comment) Probabilistic Risk Assessment Configuration Control
ML23312A335
Person / Time
Issue date: 11/13/2023
From: Julie Winslow
NRC/NRR/DRO/IOEB
To:
References
DC 23-015
Download: ML23312A335 (1)
v  d  e


Text

NRC INSPECTION MANUAL IOEB OPERATING EXPERIENCE SMART SAMPLE (OpESS) 2023/02 PROBABILISTIC RISK ASSESSMENT CONFIGURATION CONTROL CORNERSTONE: INITIATING EVENTS MITIGATING SYSTEMS BARRIER INTEGRITY APPLICABILITY:

  • This voluntary OpESS applies to all licensed operating commercial nuclear reactors.

OpESS 2023/02-01 OBJECTIVES 01.01 Provide support to baseline inspection activities for samples in the area of Probabilistic Risk Assessment (PRA) Configuration Control (PCC) programs.

01.02 Provide examples where deficiencies may be present in PCC programs in order to inform potential future agency activities.

01.03 Provide opportunities to verify that licensees have process in place to reasonably ensure PCC activities.

OpESS 2023/02-02 BACKGROUND 02.01 Reactor Oversight Process PCC Framework.

The Office of Nuclear Reactor Regulation (NRR), Division of Risk Assessment (DRA),

PRA Oversight Branch (APOB), established a working group (WG) to address an identified gap in the reactor oversight process (ROP) regarding PCC within risk-informed programs (RIP). Specifically, upon NRC approval of a license amendment (LA) there is adequate assurance that the PRA model accurately reflects the as-built, as-operated plant. However, there is no subsequent follow-up inspection activity to provide continued assurance of PCC and plant changes to ensure that the PRA continues to accurately reflect the as-built, as-operated plant. Refer to Appendix A, PRA Configuration Control Background, for additional information related to the regulatory requirements for PCC.

As part of an effort to develop PCC inspection guidance the WG conducted eight voluntary tabletop visits to different facilities with approved RIP. These tabletops were not inspections, and were conducted in partnership with industry, to understand the licensees implementation of PCC programs and to assist in optimizing future inspection guidance in this area.

Issue Date: DRAFT 1 2023/02

02.02 Operating Experience.

The results of the tabletop visits provided valuable insights into the implementation of PCC programs and facilitated the WGs inspection guidance, which at present includes this OpESS. For additional specific details on the tabletops and NRC staff observations, refer to the memorandum Summary of the U.S. Nuclear Regulatory Commission Staff Observations from the Probabilistic Risk Assessment Configuration Control Tabletop Site Visits, (ADAMS Accession No. ML23136A565). High level observations from the memo are included, in Appendix B, Operating Experience Background.

OpESS 2023/02-03 INSPECTION GUIDANCE The following inspection guidance may be applied, as appropriate, to support baseline inspection activities. Inspector judgment should be used when determining the extent to which the OpESS should be used to inform inspection activities under the applicable baseline IPs.

03.01 General.

a. Prior to sample selection inspectors should, in coordination with regional Senior Reactor Analysts (SRA), consider the following:
1. Licensee implementation of advanced RIP, such as Risk-Informed Completion Time (RICT), National Fire Protection Association (NFPA) 805, 10 CFR 50.69, and Surveillance Frequency Control Program (SFCP). Inspectors should prioritize sample selection for licensees using multiple RIP.
2. Approval of RIP LAs and issuance of safety evaluations (SE). If the LA/SE and model of record (MOR) update has been made within the last 3 years, then the MOR is most likely to have not had significant updates since the initial approval. Inspectors should prioritize sample selection for significant updates to RIP.
3. Timing of last MOR update. Inspectors should prioritize sample selection for MOR updates that have not been previously reviewed.
b. In general, when performing this OpESS, inspectors should be aware of the processes the licensee has in place to maintain PCC, specifically the following:
1. Does the licensee have built in processes and measures to ensure that plant changes are communicated to the PRA group (i.e., are there signoffs and reviews during modification reviews or are the changes managed informally between engineering and the PRA group)?
2. What process does the licensee use to manage and track PRA changes (i.e., CAP, document control, etc.)?
c. Communicate any issues of concern that warrant screening, even for minor issues, to the regional SRA. All issues will be dispositioned, or monitored, in conjunction with the Cross Regional Review Panel that will be formed to address PCC issues. These issues will be used to formulate future screening questions and minor screening examples.

Issue Date: DRAFT 2 2023/02

03.02 Verify processes and procedures are in place to ensure the PRA program is being maintained to support risk-informed decisions.

The recommended inspection activities described below support the following inspection procedures:

IP 71111.06, Flood Protection Measures, IP 71111.13, Maintenance Risk Assessments and Emergent Work Control, IP 71111.18, Plant Modifications, IP 71111.24, Testing and Maintenance of Equipment Important to Risk, IP 71151, Performance Indicator Verification, and IP 71152, Problem Identification and Resolution (PI&R).

Inspectors should utilize regional SRAs or DRA/APOB Branch for support in determining if samples are appropriate for application with this OpESS. When performing sections of this OpESS, it is understood that selected items or changes for review likely have not had sufficient time to have been fully incorporated into the MOR by the PRA update process. However, they may have been incorporated into a working PRA model. The intent is to verify that the licensee has a robust process in place to reasonably ensure PCC activities.

a. As applicable, with respect to the selected sample and IP being performed, verify the following processes and procedures are in place to monitor and update the PRA.
1. Review PCC related administrative procedures to ensure that PCC processes are in place and are being followed.
2. Review a sampling of the most recent MOR, the MOR inputs, and most recent PRA Maintenance data/notebooks, or similar, to ensure the licensee is performing the expected maintenance as required.
3. Review the licensees PRA tracking and evaluation processes to ensure that any significant changes to the plant (i.e., modifications, procedure changes, etc.) are being communicated to the PRA group for evaluation for inclusion in the PRA and MOR.
4. Verify the licensee is evaluating cumulative changes to the PRA and to the plant.

This can be accomplished by reviewing the licensees change log or equivalent.

5. Verify the licensee maintains adequate tracking and accounting of PRA maintenance and PRA upgrades, and that MOR changes are being properly evaluated and tracked as either maintenance or upgrades. If any PRA upgrades have been performed, verify the licensee has completed a peer review for that specific PRA upgrade.
6. Verify that the licensee is working to address and update any PRA evaluation backlogs such that there are no long-standing PRA related issues that need to be evaluated and addressed, which may include outstanding peer review observations Issue Date: DRAFT 3 2023/02

and comments. If there are long-standing unaddressed issues determine why those have not been addressed and ensure there is no significant impact.

b. As applicable, with respect to the selected sample and IP being performed, verify processes and procedures are in place to monitor PRA inputs and to collect new information and data (e.g., updated industry failure rates).
1. Verify MOR updates are being performed in a timely manner. Updates should be made within a frequency of every two refueling outages.
2. Verify the licensee is performing data gathering and data updates in a timely manner.

Review PRA data notebooks, or similar, to ensure that data is relatively current, and if not, determine if there is appropriate justification for not performing the data update.

c. Review any plant -specific modifications to the plant that appear to be risk significant.

For reference, risk significant may include risk significant SSCs, or items such as success path changes, added event tree tops, fault-tree updates, and other means as necessary. Other options for consideration may include recent licensee changes to human error probabilities (HEP), changes to minimum equipment and or success criteria, changes to importance measures (i.e., Birnbaum, Fussell-Vesely, Risk Achievement Worth, etc.). Inspectors may utilize Regional SRAs or DRA/APOB Branch for support in determining appropriate significant samples, as necessary. Inspectors may also utilize the Plant Risk Information eBooks (PRIB) for reference.

1. Verify that modifications are being screened and evaluated in accordance with the licensees processes for possible future inclusion in the PRA and the next MOR update.
2. Review an independent sample of risk significant modifications and/or procedure changes to ensure that the modification is included or being tracked in the PRA change log, or equivalent tracking mechanism, to ensure the item is being reviewed for appropriate evaluation and future inclusion into the PRA and MOR.

03.03 Verify processes and procedures were completed appropriately to ensure the PRA program was being sufficiently maintained to support past and current risk-informed decisions.

The recommended inspection activities described below support the following IPs:

IP 71111.21M, Comprehensive Engineering Team Inspection, IP 71111.21N.05, Fire Protection Team Inspection (FTPI), and IP 37060, 10 CFR 50.69 Risk-Informed Categorization and Treatment of Structures, Systems, and Components Inspection.

Inspectors should utilize regional SRAs or DRA/APOB Branch for support in determining if samples are appropriate for application with this OpESS, as necessary. When performing sections of this OpESS, it is preferable to select items or changes for review that have had sufficient time to have been processed into the MOR by the PRA update process. The intent is to verify that the licensee has a robust process in place to reasonably ensure PCC activities.

a. As applicable, with respect to the selected sample and IP being performed, verify Issue Date: DRAFT 4 2023/02

processes and procedures were followed to monitor and update the PRA.

1. Review significant PRA updates or changes to PRA inputs, specifically risk significant systems such as those implementing RIP (i.e., RICT). Review one of the following: PRIB, Mitigating System Performance Index input changes recalculations, licensee PRA MOR change logs, PRA system notebooks, or equivalent tracking systems. Preferably any changes reviewed will already be processed and in the current MOR.
2. Review past MOR inputs and PRA Maintenance data/notebooks to ensure the licensee has been performing the expected maintenance to data inputs as required and that the changes have been evaluated and processed into the current MOR (e.g., updated industry failure rates). If the sample involves repetitive failures of equipment, consult the regional SRA to assist in the review and evaluation of licensee PRA procedures.
b. As applicable, with respect to the selected sample and IP being performed, verify processes and procedures were followed to ensure that the PRA was maintained with the as-built, as-operated plant.
1. Review any past significant modifications (i.e., success path changes, added event tree tops, or new fault-trees, etc.) to the plant to ensure that they were properly screened for inclusion in the PRA and have been included in the appropriate MOR update. This can be accomplished by reviewing a sampling of past significant modifications and comparing to the PRA change log to ensure the items were appropriately reviewed and evaluated.
2. Review the licensees processes to ensure that any significant changes to the plants procedures, specifically procedure changes that contain human reliability analysis (HRA) changes with time constraints, etc., were communicated to the PRA group for evaluation for inclusion in the PRA and MOR.
3. Verify that any significant changes to the operating procedures (i.e., EOPs, HRAs, etc.) have been processed through the PRA update process with the appropriate timeliness (i.e., every two refueling outages frequency). If not, determine if there is appropriate justification for not performing the data update.

OpESS 2023/02-04 REFERENCES These references may include pre-decisional information contained on NRC internal websites.

Once the agency has formally evaluated an OpE issue and has determined that it meets the criteria for agency action, the NRC communicates the issue to the public and the industry through one or more appropriate methods (e.g., generic communication, rulemaking public comment periods, etc.).

04.01 Inspection Manual Chapters and Procedures.

IP 37060, 10 CFR 50.69 Risk--Informed Categorization and Treatment of Structures, Systems, and Components Inspection IP 71111.06, Flood Protection Measures Issue Date: DRAFT 5 2023/02

IP 71111.13, Maintenance Risk Assessments and Emergent Work Control IP 71111.18, Plant Modifications IP 71111.21M, Comprehensive Engineering Team Inspection IP 71111.21N.05, Fire Protection Team Inspection (FTPI)

IP 71111.24, Testing and Maintenance of Equipment Important to Risk IP 71151, Performance Indicator Verification IP 71152, Problem Identification and Resolution (PI&R) 04.02 Correspondence.

Summary of the U.S. Nuclear Regulatory Commission Staff Observations from the Probabilistic Risk Assessment Configuration Control Tabletop Site Visits (ML23136A565)

OpESS 2023/02-05 REPORTING RESULTS/TIME CHARGES/ADDITIONAL ISSUES If information from this OpESS is used to inform a baseline inspection sample, reference the OpESS number in the scope section of the report.

In addition, if any findings or violations are identified in conjunction with this OpESS, include a statement similar to the following in the description section of the finding write-up:

This finding was identified in connection with a review of Operating Experience Smart Sample (OpESS) 2023/02.

In addition, please add APOB.OpESS.Resource@nrc.gov to the distribution list for any report containing a sample using OpESS 2023/02.

Inspection time for this OpESS is to be charged to the normal baseline procedure under which it is being used and the level of effort is expected to be within normal baseline inspection sample resource estimates.

OpESS 2023/02-06 CONTACTS For technical support regarding the performance of this OpESS and emergent issues, contact:

Lundy Pressley (NRR/DRA/APOB) at 404-997-4621 or lundy.pressley@nrc.gov, or Julie Winslow (NRR/DRO/IOEB) at 301-415-0593 or julie.winslow@nrc.gov.

Issue Date: DRAFT 6 2023/02

Appendix A: PRA Configuration Control Background A.1 PRA Regulatory Background In 1995, the Commission issued a PRA policy titled, Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Affairs; Final Policy Statement, (60 FR 42622). This policy statement encouraged the use of PRA in all regulatory matters and stated that, the use of PRA technology should be increased to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach.

PRA Quality was first described in SECY-00-0162, Addressing PRA Quality in Risk-Informed Activities, (ML003732744), by establishing the scope and technical attributes of a PRA, as two areas for an appropriate level of confidence in PRA results for regulatory decision making. This description was interpreted in different ways by stakeholders. SECY-04-0118, Plan for Implementation of the Commissions Phased Approach to Probabilistic Risk Assessment Quality, (ML041470505), defined PRA Quality as in Regulatory Guide (RG) 1.174 and RG 1.200 as having three aspects: the scope, level of detail and technical adequacy of the model. SECY-04-0118 stated, Inherent in this definition is that a PRA of sufficient quality to support an application need only have the scope and level of detail sufficient to support that application, but it must always be technically adequate. SECY-04-0118 presented RG 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 0, (ML040630078), as a trial use document to provide the level of confidence for PRAs technical adequacy by focusing the licensing reviews on key assumptions and areas identified by peer reviewers as being of concern and relevant to the application.

Regulatory Guide 1.200, Revision 0, Regulatory Position (RP) C.1, Functional Requirements of a Technically Acceptable PRA, described one acceptable approach for defining the technical adequacy for an acceptable PRA. RP C.1 provided guidance in three areas:

  • The definition of the scope of a PRA,
  • The elements of a PRA,
  • The technical attributes and characteristics for a full-scope PRA.

Regulatory Position C.2, Consensus PRA Standards and Industry PRA Programs, presented one acceptable approach to meet RP C.1 using an industry consensus PRA standard or with the use of an industry developed peer-review process as an alternative approach to the industry PRA standard. RP C.2 included Table 4, Principles and Objectives of a Standard. Within table 4, the maintenance and upgrades of PRAs to represent the as-built and as-operated plant were included as item 6. It also included table 5, Summary of Characteristics and Attributes of a Peer Review. Within table 5, reviews of PRA maintenance and update process were included. The RG endorsed, with exceptions (i.e., clarifications and qualifications), the American Society of Mechanical Engineers (ASME) RA-S-2002, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, and Addenda A, ASME-RA-Sa-2003 as a consensus PRA industry standard that meets the guidance in RP C.2 for Level I PRAs. Nuclear Energy Institute (NEI) 00-02, Probabilistic Risk Assessment Peer Review Process Guidance, Issue Date: DRAFT AppA-1 2023/02

Revision A3, was the endorsed industry standard for the peer-review process established in RP C.2.

NOTE: ASME Standards may be obtained through the NRR ROP Digital City SharePoint site (non-public), under the Guidance section link for Codes and Standards. ASME codes can be found within the Accuris (Formerly IHS) Codes and Standards link (non-public). A login is required for access.

Regulatory Guide 1.200, Revision 1, (ML070240001), RP C.1, A Technically Acceptable PRA, added development, maintenance, and upgrade of a PRA as the fourth area for a technically acceptable PRA. The RG endorsed, with exceptions to ASME RA-S-2002 and addendums A and B to the standard, ASME RA-Sa-2003 and ASME-Sb-2005.

NEI 00-02, Revision 1, was the endorsed industry standard for the peer-review process.

Regulatory Guide 1.200, Revision 2, (ML090410014), RP C.1 edited the four areas of a technically acceptable PRA covered to:

  • technical elements of a full-scope Level 1 and Level 2 PRA and their associated attributes and characteristics
  • level of detail of a PRA
  • development, maintenance, and upgrade of a PRA Regulatory Position C.2 guidance for demonstrating compliance with RP C.1 changed from using the peer-review process as an alternate to the consensus PRA standard to the current philosophy which requires an industry peer review to ensure the requirements from the consensus standard are met. NEI 00-02, Revision 1, NEI 05-04, Process for Performing Internal Events PRA Peer Reviews Using the ASME/ANS PRA Standard, Revision 2, and NEI 07-12, Fire Probabilistic Risk Assessment (FPRA) Peer Review Process Guidelines, Revision 0, were endorsed for peer reviews.

In 2007, the NRC issued Regulatory Issue Summary (RIS) 2007-06, Regulatory Guide 1.200 Implementation, (ML070650428). As a result of this RIS, from 2010 and forward, risk-informed licensing applications have been submitted in accordance with (IAW)

RG 1.200, Revision 2, and ASME/ANS RA-Sa-2009, as endorsed by the NRC, unless the licensee has incorporated a newer revision of RG 1.200 to maintain PRA Acceptability of risk-informed applications.

Regulatory Guide 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 3, (ML20238B871), introduced the term PRA Acceptability which had been synonymous with previously used terms such as PRA Quality and PRA Technical Adequacy. Regulatory Guide 1.200, Revision 3, defines PRA Acceptability with respect to scope, the level of detail, conformance with the PRA technical elements (i.e., technical adequacy) and plant representation of a PRA position C.1.2, and how closely the PRA represents a plants actual configuration and operations.

Both RP C.1 and C.2 were re-named as An Acceptable Base Probabilistic Risk Assessment, and National Consensus Standards and Industry Programs for Probabilistic Risk Assessment, respectively. RP C.1 four areas were re-named as:

  • Scope of a base PRA
  • Technical elements of a base PRA Issue Date: DRAFT AppA-2 2023/02
  • Level of detail of a base PRA
  • Plant representation and PRA configuration control Regulatory Position C.2.2 added guidance for peer review of upgrades or any newly developed methods (NDM). The RG, within Appendix B, endorsed ASME/ANS RA-Sa-2009, and ASME RA-S-Case 1, Case for ASME/ANS RA-Sb-2013 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment of Nuclear Power Plant Applications, with exceptions. RP C2.2.4 endorsed industry guidance NEI 17-07, Performance of PRA Peer Reviews Using the ASME/ANS PRA Standard, Revision 2, (ML19231A182), in its entirety as a means of satisfying the peer-review requirements for the ASME/ANS RA-Sa-2009 PRA standard.

A.2 Regulatory Requirements for PCC Risk-informed programs (RIP) require PRA Configuration Controls (PCCs) to maintain approved hazard group models as technically adequate, reflecting the as-built, as-operated plant. The path to PCC regulatory requirements depends on the RIP. Risk-informed programs include:

  • Title 10 of the Code of Federal Regulations (10 CFR) Section 50.69, Risk-Informed Categorization and Treatment of Structures, Systems and Components (SSC) for Nuclear Power Reactors
  • Technical Specifications Task Force (TSTF) - 505, Provide Risk-Informed Extended Completion Times, Revision 2, or the Risk-Informed Completion Time (RICT) program

Specific regulatory requirements for each RIP are detailed below:

a. 10 CFR 50.69, Risk-Informed Categorization and Treatment of SSC for Nuclear Power Reactors Approved risk-informed categorization and treatment programs IAW 10 CFR 50.69 (50.69) include the PCC requirements per 10 CFR 50.69(e), Feedback and process adjustment, subsection (1), RISC-1, RISC-2, RISC-3, RISC-4 SSCs, requires licensees to review changes to the plant, operational practices, applicable plant, and industry operational experience and to update the PRA as appropriate. These reviews shall be performed in a timely matter but no longer than once every two refueling outages. 10 CFR 50.69(e)(2), RISC-1 and RISC-2 SSCs, requires performance monitoring of RISC 1 and 2 components for potential adjustments to categorization or treatment processes as necessary. 10 CFR 50.69(3), RISC-3 SSCs, requires performance monitoring of RISC-3 components for potential adjustments to the categorization and treatment process.

Issue Date: DRAFT AppA-3 2023/02

b. 10 CFR 50.48, Fire Protection, NFPA 805 Approved risk-informed fire protection programs IAW NFPA 805 per 10 CFR 50.48(c),

modify their fire protection program license condition to include Risk-Informed Changes that May Be Made Without Prior NRC Approval, allowing licensees to change the program using risk assessments that are based on the as-built, as-operated, and maintained plant; and reflect the operating experience of the plant. In addition, NFPA 805, Section 2.2.9, Plant Change Evaluation, directed the performance of a risk-informed plant change evaluation per Section 2.4.4 for changes to previously approved fire protection program elements. Section 2.4.3, Fire Risk Evaluations, required PRA approach, methods, tools and data, used for performance-based evaluations of fire protection features and fire risk evaluations for change analysis described in Section 2.4.4 to be acceptable to the NRC and shall be appropriate for the nature and scope of the change being evaluated, and shall be based on the as-built and as-operated and maintained plant, and reflect the operating experience at the plant.

RG 1.200, regulatory position C.1 and C.2 are an acceptable way to demonstrate PRA Technical Adequacy per Revision 2 or PRA Acceptability per Revision 3.

c. TSTF-505, Risk-Informed Completion Time (RICT)

Approved RICT programs are included in the Administrative Controls section of the Technical Specifications (TS) which required the program to be implemented IAW NEI 06-09-A, Revision 0, Risk-Managed Technical Specifications (RMTS) Guidelines.

NEI 06-09-A, Revision 0, Section 2.3.4, PRA Technical Adequacy, item 2, required the PRA to be reviewed to the guidance of RG 1.200, Revision 0, for a PRA which meets Capability Category (CC) 2 for the supporting requirements of the ASME PRA Standard.

It also required deviations from CC 2 to be justified and documented. Section 2.3.4, PRA Technical Adequacy, item 7, required the PRA to be maintained and updated in accordance with approved procedures to ensure it accurately reflects the as-built, as-operated plant. The maintenance and update process should include:

1. A periodic basis not to exceed two refueling cycles,
2. A process for evaluation and disposition of proposed facility changes for items impacting the PRA model, and
3. If any PRA error is identified that significantly impacts RICT calculations, corrective actions shall be identified and implemented as soon as practicable in accordance with the station corrective action program.

Regulatory Guide 1.200, Revision 2, Section C.1.4, PRA Development, Maintenance, and Upgrade, states in part, The PRA results used to support an application are derived from a PRA model that represents the as-designed, as-built, as-operated plant.

Therefore, a process for developing, maintaining, and upgrading a PRA is established.

Section C.2, Consensus PRA Standards and Industry PRA Programs, states in part, One acceptable approach to demonstrate conformance with regulatory position 1 is to use the national consensus PRA standard, (i.e., ASME/ANS Ra-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications). ASME/ANS RA-Sa-2009, Section 1-5, PRA Configuration Control, Section 1-5.4 states, the PRA shall be maintained and upgraded such that its representation of the as-built, as-operated plant is sufficient to support the applications for which it is being used. In addition, Section 1-5.4 states changes to a PRA due to Issue Date: DRAFT AppA-4 2023/02

PRA maintenance and PRA upgrade shall meet the requirements of the Technical Requirements Section of each respective part, of the Standard.

d. TSTF 425, Relocate Surveillance Frequencies to Licensee Control, Revision 3, or the Surveillance Frequency Control Program (SFCP)

Approved SFCPs are included in the Administrative Controls section of the TS requiring changes to frequencies under SFCP to be made in accordance with NEI 04-10, Risk-Informed Technical Specifications Initiative 5b, Risk-Informed Method for Control of Surveillance Frequencies, Revision 1. NEI 04-10, Revision 1, Section 4.0, Step 5, requires the PRA technical adequacy to be addressed through RG 1.200 and the ASME PRA Standard. RG 1.200, Revision 2, Section C.1.4, PRA Development, Maintenance, and Upgrade, states in part, The PRA results used to support an application are derived from a PRA model that represents the as-designed, as-built, as-operated plant.

Therefore, a process for developing, maintaining, and upgrading a PRA is established.

Section C.2, Consensus PRA Standards and Industry PRA Programs, states in part, One acceptable approach to demonstrate conformance with regulatory position 1 is to use the national consensus PRA standard, (i.e., ASME/ANS Ra-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications). ASME/ANS RA-Sa-2009, Section 1-5, PRA Configuration Control, Section 1-5.4 states, the PRA shall be maintained and upgraded such that its representation of the as-built, as-operated plant is sufficient to support the applications for which it is being used. In addition, Section 1-5.4 states changes to a PRA due to PRA maintenance and PRA upgrade shall meet the requirements of the Technical Requirements Section of each respective part, of the Standard.

Issue Date: DRAFT AppA-5 2023/02

Appendix B: Operating Experience Background This appendix includes observations from the voluntary tabletop visits. For additional specific details on the tabletops and NRC staff observations, refer to the memorandum Summary of the U.S. Nuclear Regulatory Commission Staff Observations from the Probabilistic Risk Assessment Configuration Control Tabletop Site Visits, (ADAMS Accession No. ML23136A565).

B.1 Generic Tabletop Observations The following are generic high-level observations available in the memo identified above.

Generally, the NRC found that the licensees are implementing their PCC programs in a sufficient manner to support RIP. However, the NRC noted vulnerabilities in the areas of documentation and an over-reliance on knowledge-based programs. Specifically, the NRC observed that for most facilities, the engineering input monitoring process is well defined. However, the process for monitoring operations, maintenance, component performance monitoring, and industrywide operational experience appeared to be informal. This informal approach relies on the skill of the PRA engineers, staff relationships, and meetings with industry owners groups to raise awareness of issues for the licensee PRA staff to evaluate. This led to some examples where failure events were screened from parameter updates without sufficient justification, potential failure modes were not modeled, and some industrywide operating experience lacked licensee evaluation. The NRC also noted some instances of parameter data not being updated in a timely manner.

B.2 Specific Tabletop Observations For additional information related to these observations, review the tabletop memo above. Since the tabletops were voluntary, these examples are potential issues only, not documented findings or violations. Observations identified by the NRC were provided to the licensee for further evaluation and disposition.

a. NRC reviewed a maintenance log item, which documented the vulnerability to a major flood from the turbine building to the auxiliary feedwater (AFW) rooms. Specifically, a plant modification to the turbine driven AFW (TDAFW) pump room created a common drain between the TDAFW and the motor driven AFW (MDAFW) pump rooms. The licensee failed to consider the vulnerability of the float check valves in the MDAFW pump room; and the potential failure of these valves to close was not included in the flooding hazard group model because it was not considered significant. The licensee entered this issue into its corrective action program (CAP) for further evaluation. This is an example of components that protect from a major flood that were potentially not appropriately representing the as-built, as-operated plant following a plant modification.
b. NRC reviewed an engineering change (EC) for installation of two non-safety-related diesel generators (DGs) capable of supplying a safety-related 4 kV bus to either unit, for a dual unit site. The DGs were synchronized onto a 4 kV bus through a programmable logic controller (PLC) that required both engines to be operating and their individual output breaker closed before their tiebreaker was closed to the bus. The system notebook for the DGs established one DG supplying 4 kV power to one 4 kV safeguard bus as a success criterion. For one DG to operate, emergency operating procedures (EOPs) direct operators to override the PLC and take additional steps to restore power to a safety train in the station blackout (SBO) unit. NRC reviewed the DGs Issue Date: DRAFT AppB-1 2023/02

representation in the PRA model and found that the human failure event (HFE) was not included for the PLC override. The licensee entered this issue into the CAP for further evaluation. This is an example of data screened out for PRA parameter estimation without a documented justification.

c. NRC reviewed an EC that involved a TDAFW pump suction header check valve replacement. The AFW system notebook established a success criterion for station blackout (SBO) scenarios requiring 375 gpm of AFW flow to 2 of 4 Steam Generators for the first 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> of the event. The alternate water source from essential service water was connected to the suction of the TDAFW pump, upstream of the suction check valve.

NRC staff noted that the AFW system notebook failed to assume or model a flow diversion from the supply lines between the MDAFW and the TDAFW pumps, given a failure of one of either of the AFW pumps. NRC staff confirmed by reviewing the AFW fault tree that the failure to close the suction check valve was not modeled. The AFW system notebook did not include a documented basis to address screening out this vulnerability. The licensee entered this issue into the CAP for further evaluation. The licensee did not review this EC for impact on the internal events model because the replacement was like-for-like per the PCC process. This is an example of a general assumption without adequate documented justification to screen out a failure event for the internal events model.

d. NRC reviewed a PCC evaluation of the open phase condition (OPC) design vulnerability in the electric power systems as an input to industrywide operational history. OPC as communicated to industry in NRC Bulletin 2012-01, Design Vulnerability in Electric Power Systems, (ML12074A115), was ultimately resolved by industry with NEI 19-02, Guidance for Assessing OPC Implementation Using Risk Insights, (ML19172A086). NEI 19-02 provides guidance for the performance of a risk assessment to inform the decision of whether to implement the open phase isolation system (OPIS) automatic trip function or to implement the OPIS to provide alarm indication to the control room operator and rely on proper operator action to diagnose and respond to the presence of an OPC.

Following the guidance of NEI 19-02 does not relieve licensees of their PCC requirement to evaluate OPC as an industrywide operational history input for potential maintenance or update of the PRA. The licensee had not performed an OPC PCC evaluation and entered this issue into the CAP for further evaluation. This is an example of the model potentially not representing the as-built, as-operated plant.

e. NRC reviewed the latest data update performed by the licensee. NRC found that the latest update was performed in 2016, using performance data from January 2010 to January 2016, and generic data from the 2010 NUREG/CR-6928 update. The licensee justified the data update delay based on resources to implement Risk-Informed Completion Time (RICT) and 50.69 risk-informed programs with a qualitative evaluation, concluding that data updates typically do not have a large impact on the model. Title 10 of the Code of Federal Regulations (10 CFR) 50.69 (e)(1) requires PRA updates shall be performed no longer than two refueling outages. The PCC evaluation concluded that the change in core damage frequency to the model of record (MOR) was small. However, an evaluation of the potential impact to the RICT calculation was not conducted. The licensee entered this issue into the CAP for further evaluation. This is an example of the MOR not potentially representing the as-built, as-operated plant.

Issue Date: DRAFT AppB-2 2023/02

Attachment 1: Revision History for OpESS 2023/02 Commitment Accession Description of Change Description of Comment Resolution Tracking Number Training and Closed Feedback Number Issue Date Required and Form Accession Change Notice Completion Date Number (Pre-Decisional Non-Public Information)

ML23312A335 Made publicly available to discuss at the November 16, N/A N/A DRAFT 2023 public meeting.

CN Issue Date: DRAFT Att1-1 2023/02

Retrieved from "https://kanterella.com/w/index.php?title=ML23312A335&oldid=3641800"