Text

Guidelines for Risk Assessment and Severe Accident Information in a Light Water Reactor Construction Permit Application
	ML23326A185
Person / Time
Issue date:	11/29/2023
From:	James Shea; NRC/NRR/DNRL
To:	;
	Shea, J. NRR/DNRL, 301-415-1388
References
	Download: ML23326A185 (29)
	v • d • e

This staff white paper was prepared and is being released to support ongoing public discussions on the content of risk assessment and severe accident information for light-water reactor (LWR) construction permit (CP) applications. The content of this white paper is being considered for inclusion in staff guidance for review of LWR CP applications. The main purpose of this document is to engage stakeholders and receive feedback. This white paper has not been subject to NRC management and legal reviews and approvals, and its contents are subject to change and should not be interpreted as official agency positions.

Guidelines for Risk Assessment and Severe Accident Information in a Light-Water Reactor Construction Permit Application U.S. Nuclear Regulatory Commission

Table of Contents Introduction................................................................................................................................ 3 Applicable Regulations, Commission Policy Statements, and Guidance .................................. 5 Regulations ............................................................................................................................ 5 Commission Policy Statements and Staff Requirements Memorandums.............................. 5 Guidance Documents ............................................................................................................ 6 Staff Perspectives .................................................................................................................. 7 Uses of CP-stage PRA Information ........................................................................................... 8 Minimum Scope of PRA and non-PRA Evaluations for CP-Stage ............................................ 9 Submittal Information for the PRA and non-PRA Evaluations in an LWR CP Application ...... 11 Self-Assessment and Peer Review ..................................................................................... 12 Hazard-specific Information ................................................................................................. 12 PRA Development and Configuration Plan ............................................................................. 27 Severe Accidents .................................................................................................................... 27 Regulatory Treatment of Non-Safety Systems for Designs with Passive Safety Systems ...... 28 2

Introduction Title 10 of the Code of Federal Regulations (10 CFR) 50.34, Content of applications; technical information, identifies the minimum information to be included in a preliminary safety analysis report (PSAR). A PSAR must be submitted with a light-water reactor (LWR) construction permit (CP) application.

A systematic approach to assessing the plant risk, including, a probabilistic risk assessment (PRA), can support demonstration of compliance with regulations in a CP application1 and provide insights that can increase confidence in the safety of the design including:

1. Demonstrate meeting the Commissions quantitative health objectives,

2. Demonstrate meeting the Commissions expectations on containment performance,

3. Identify severe accident vulnerabilities and corresponding design improvements,

4. Identify licensing basis events,

5. Support classification of structures, systems, and components (SSCs), including identification of non-safety-related systems that need regulatory oversight, and

6. Support the adequacy of the plants defense-in-depth capability.

Under § 50.35, Issuance of construction permits, a CP application may be submitted even though it does not initially supply all the technical information required to support approval of all proposed design features. Under such circumstances, the Commission may issue a CP provided the findings in § 50.35(a) can be made and other CP-related regulatory requirements are met.

In order to use the results of PRAs and non-PRA evaluations2 to support making the findings under § 50.35(a) and other CP-related regulations, the staff must generally have confidence in the following items:

1. In combination with submitted design information, supplemental analyses, and commitments, PRAs and non-PRA evaluations possess the characteristics, attributes, and capabilities needed to provide insights and information to support licensing and design decisions made at the CP-stage. The CP-stage PRA results and insights will 1

PRA is currently not required for applications under 10 CFR part 50. However, in SRM-SECY-15-0002 the Commission directed the staff to apply its earlier directions for the new power reactor applications under part 52 be applied to new power-reactor applications under Part 50. In addition, the Commission approved initiation of a rulemaking to revise the regulations in part 50 to align more closely with part 52, incorporating the requirements identified by the NRC staff in SECY-15-0002. This includes the technically relevant TMI-related items under § 50.34(f) and the PRA requirements under section 50.71(h). The rulemaking package is currently with the Commission. In the interim, the NRC staff should ensure that an applicant addresses the technically relevant TMI-related items during the review process and propose license conditions requiring the appropriate items.

2 The use of the term non-PRA evaluations is intended to encompass a range of alternative evaluations that are not considered to be acceptable PRA approaches, as defined in RG 1.200. Examples of evaluations that may be considered a non-PRA evaluation include, but are not limited to, a PRA-based SMA, conservative analysis, and EPRI FIVE.

3

support the development of a PRA to support the application for an operating license (OL), including the confirmation of or changes to decisions made during construction.

2. PRAs and non-PRA evaluations used in support of the CP application are reasonably consistent with the maturity and completeness of the design information submitted.

Accordingly, PRAs and non-PRA evaluations appropriately represent each modeled hazard, the plants response to upset conditions caused by these hazards, and the plants capacity to withstand the hazards.

3. The results and insights from PRAs and non-PRA evaluations are reasonable. The CP application identifies how the PRAs and non-PRA evaluations are used to support or confirm design and licensing decisions.

4. The use of the PRAs and non-PRA evaluations addresses relevant Commission policies, including but not limited to searching for severe accident vulnerabilities and meeting the Commissions safety goals.

This confidence informs the staffs evaluation of the CP application for the purpose of determining whether the findings under § 50.35(a) can be made.

In this document, the staff has developed guidance on the content of general and technical information for a PSAR to support the staffs review of PRA and non-PRA evaluations used in support of a CP application. This guidance was developed for PRAs and non-PRA evaluations supporting a LWR CP application and the specific regulatory findings that are made under

§§ 50.34(a) and 50.35(a). The guidance contained herein is focused on CP applications for LWR designs that do not use the licensing modernization project (LMP) framework endorsed by the Nuclear Regulatory Commission (NRC) in RG 1.233. For a CP application for a new LWR design that follows the LMP, the applicant should generally follow NEI 21-07, Technology Inclusive Guidance for Non-Light Water Reactors; Safety Analysis Report Content for Applicants Using the NEI 18-04 Methodology, and corresponding staff positions, including exceptions, to determine the content of information for a PSAR. The NRC staff strongly recommends preapplication engagement for such cases.

In developing this guidance, the staff considered the role of PRA and non-PRA evaluations at the time the application is submitted, and the flexibility intended to be afforded by the two-step licensing process under 10 CFR Part 50. This serves the purpose of helping to determine the level of confidence the staff need in an applicants development and use of the PRA and non-PRA evaluations to support making findings under §§ 50.34(a) and 50.35(a). The information identified in this guidance for PRAs and non-PRA evaluations in a LWR CP application addresses relevant Commission policies and key industry and NRC guidance documents on the use of PRA in support of regulatory decision-making.

This guidance addresses information needed to support an application for an LWR CP application. Regulatory Guide (RG) 1.200, combined with DC/COL-ISG-028, (citations provided in next section of this guidance) provides staff positions on determining whether a design-specific or plant-specific PRA used to support an application for a LWR is sufficient to provide confidence in the results. RG 1.200 is applicable to the full-scope of risk contributors considered by PRA and for a plants entire lifecycle. RG 1.200 and ISG-028 offers direction on considerations for PRA information needed to support a CP application for an LWR such that the findings under §§ 50.34(a) and 50.35(a) are met.

4

The guidance contained herein does not change existing NRC guidance on how to develop acceptable PRAs or to perform non-PRA evaluations.

Applicable Regulations, Commission Policy Statements, and Guidance Regulations The key regulations relevant to the scope of this guidance development effort are §§ 50.34(a) and 50.35(a).

§ 50.34(a) provides requirements for the content of applications for a CP application and the substance of the PSAR that must be submitted as part of the application. § 50.35(a) specifies the findings necessary for the Commission to issue a CP. If there are design features that can reasonably be left for later consideration or for which final approval is not sought, the applicant will have to supply further technical, or design information needed to complete the safety analysis. This information must be included in the final safety analysis report that is required with the OL application. DNRL-ISG-2022-01, Safety Review of Light-Water Power-Reactor Construction Permit Applications, provides additional information on meeting § 50.35(a).

In the CP application, the applicant must describe safety features or components that require research and development. In such cases, the application should include a description of a research and development program that will be conducted to resolve any safety questions associated with such features or components.

Based on these items, the staff determines whether there is reasonable assurance that safety questions requiring research and development will be satisfactorily resolved before the completion of construction. The staff must find that the plant can be constructed and operated at the proposed location without undue risk to the health and safety of the public. In cases where an applicant has initially supplied all the technical information required to support the issuance of a CP that approves all design features, the findings will reflect that all design features were approved.

As described in § 50.35(b), an applicant may elect to request Commission approval of the safety of a design feature or specification in a CP application. When a safety approval request is included in the application, an applicant should provide additional information beyond that identified in this document and that is more consistent with information provided at the OL stage. For such cases, the PRA acceptability should be generally consistent with that for a combined license applicant as discussed in Standard Review Plan Chapter 19, RG 1.200, and DC/COL-ISG-028 and is not within the scope of this guidance. The NRC staff strongly recommends preapplication engagement for such cases. PRAs and non-PRA evaluations may be used in an LWR CP application to support meeting specific regulations such as § 50.34, paragraphs (f)(1)(xii), (2)(ix), and (3)(v); § 50.44 related to combustible gas control; and

§ 50.150 related to aircraft impact assessment. However, such uses of the PRA and non-PRA evaluations are expected to be evaluated on a case-by-case basis. The NRC staff strongly recommends preapplication engagement for such cases.

Commission Policy Statements and Staff Requirements Memorandums In developing this guidance, the staff considered Commission expectations as provided in Policy Statements and Staff Requirements Memorandums (SRMs) related to the use of PRA in 5

regulatory activities, the treatment of severe accidents, and advanced reactor issues. These include:

Policy Statement, Regulation of Advanced Reactors, Volume 73 of the Federal Register (FR), page 60612 (73 FR 60612), October 14, 2008.

Policy Statement, Severe Reactor Accidents Regarding Future Designs and Existing Plants, 50 FR 32138, August 8, 1985.

Policy Statement (Corrections and Republication), Safety Goals for the Operations of Nuclear Power Plants, 51 FR 30028, August 21, 1986.

Policy Statement, Use of Probabilistic Risk Assessment Methods in Nuclear Regulatory Activities, 60 FR 42622, August 16, 1995.

SRM-SECY-93-087, Policy, Technical, and Licensing Issues Pertaining to Evolutionary and Advanced Light-Water Reactor (ALWR) Designs, (Agencywide Documents Access and Management System (ADAMS) Accession No. ML003708056).

SRM-SECY-94-084, Policy and Technical Issues Associated with the Regulatory Treatment of Non-Safety Systems in Passive Plant Designs, (ML003708098).

SRM-SECY-95-132, Policy and Technical Issues Associated with the Regulatory Treatment of Non-Safety Systems (RTNSS) in Passive Plant Designs, (ML003708019).

SRM-SECY-15-0002, Staff Requirements - SECY-15-0002 - Proposed Updates of Licensing Policies, Rules, and Guidance for Future New Reactor Applications, (ML15266A023).

SRM-SECY-90-0016, Staff Requirements - SECY-90-0016 - Evolutionary Light Water Reactor (LWR) Certification Issues and Their Relationships to Current Regulatory Requirements, (ML003707885).

SRM-SECY-12-0081, Staff Requirements - SECY-12-0081 - Risk-Informed Regulatory Framework for New Reactors, (ML12296A158).

Guidance Documents In developing this guidance, the staff considered the following guidance documents:

DNRL-ISG-2022-01, Safety Review of Light-Water Reactor Construction Permit Applications, (ML22189A099).

Regulatory Guide 1.200, Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities, (ML20238B871).

DC/COL-ISG-028, Interim Staff Guidance on Assessing the Technical Adequacy of the Advanced Light-Water Reactor Probabilistic Risk Assessment for the Design Certification Application and Combined License Application, (ML14230A111).

6

ASME/ANS RA-Sa2009, Addenda to ASME/ANS RA-S-2008 Standard for Level 1 /

Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, (the PRA Standard for LWRs).

NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 19, Severe Accidents, (SRP Chapter 19), (ML15089A068).

Regulatory Guide 1.247 (Trial Use), Acceptability of Probabilistic Risk Assessment Results for Non-Light-Water Reactor Risk-Informed Activities, (ML21235A008).

ASME/ANS RA-S-1.4-2021, Probabilistic Risk Assessment for Advanced Non-Light Water Reactor Nuclear Power Plants, (the PRA Standard for non-LWRs).

NEI 18-04, Risk-Informed Performance-Based Technology Inclusive Guidance for Non-Light Water Reactor Licensing Basis Development, Revision 1 (ML19241A472).

Regulatory Guide 1.233, Guidance for a Technology-Inclusive, Risk-Informed, and Performance-Based Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors, (ML20091L698).

NEI 21-07, Technology Inclusive Guidance for Non-Light Water Reactors; Safety Analysis Report Content for Applicants Using the NEI 18-04 Methodology.

Proposed Regulatory Guide 1.253, Guidance for a Technology Inclusive Content of Application Methodology to Inform the Licensing Basis and Content of Applications for Licenses, Certifications, and Approvals for Non-Light-Water Reactors, (issued as DG-1404)

(ML23194A194).

Staff Perspectives DNRL-ISG-2022-01 describes the regulatory requirements, applicable review guidance in the SRP, and special topics for an LWR CP application. The ISG includes guidance on describing the preliminary design information and a description and safety assessment of the site on which the facility is to be located. The ISG does not provide specific information relevant to PRAs and non-PRA evaluations supporting an LWR CP application, but points generally to the SRP to provide the NRC staff with an acceptable approach for verifying that the applicable requirements in the regulations for LWR applications are met.

The NRC staff endorsed the PRA Standard for LWRs in RG 1.200, which provides the means of establishing the scope and technical adequacy of the PRA. The staff positions for the PRA elements in Section C of RG 1.200 relate to a full-scope PRA that models all hazards and all plant operating states. RG 1.200, along with DC/COL-ISG-028, provides an acceptable approach for determining whether a design- or plant-specific PRA used to support an application throughout the design lifecycle is sufficient to provide confidence that the PRA can be used in regulatory decision-making. The scope and technical acceptability of the CP application PRA is dependent on the intended use of the information and the level of design maturity.

7

As discussed in DNRL-ISG-2022-01, in accordance with 10 CFR 50.34(a)(1)(ii), the CP application must provide a description and safety assessment of the site and a safety assessment of the facility, and the Commission expects that reactors will reflect through their design, construction, and operation an extremely low probability for accidents that could result in the release of significant quantities of radioactive fission products. The regulation goes on to state that the Commission will take into consideration the power design characteristics and proposed operation described in 10 CFR 50.34(a)(1)(ii)(A), which includes the intended use of the reactor including the maximum power level and the nature and inventory of contained radioactive materials. This guidance document addresses the scope of the PRA related to sources of radioactivity within the reactor core. The NRC staff strongly recommends preapplication engagement related to addressing the inventory of radioactive materials outside of the core in the PSAR for a CP application.

Uses of CP-stage PRA Information Insights and information from PRAs and non-PRA evaluations are one aspect of the overall decision-making process for making findings against §§ 50.34(a) and 50.35(a); this information does not constitute the sole basis for the staff findings. The staff makes the overall regulatory findings in an integrated manner that considers the uses of the PRAs and non-PRA evaluations together with other traditional engineering analysis tools and methods. Specifically, the staff will use the PRA and non-PRA information identified in this guidance to confirm that the CP applicant:

identified the uses of PRA and non-PRA insights (e.g., selection of licensing basis events, determination of non-safety-related systems subject to regulatory treatment, demonstration of margins to the Commissions safety goals),

established a process for identifying and incorporating into the design or construction, key contributors to plant risk and risk insights from PRAs and non-PRA evaluations consistent with their identified uses,

established and implemented a process to systematically identify all applicable hazards and initiating events, radiological sources, and plant operating states that need to be considered in the PRA and non-PRA evaluations (i.e., whether they are screened out or explicitly modeled) and during the design and construction of the plant,

defined the metrics used to characterize plant risk,

established a systematic process for identifying and dispositioning uncertainties in the PRA and non-PRA evaluations (i.e., modeling, parametric, and completeness),

including treatment of key assumptions and sources of uncertainty,

identified, consistent with the most current design information, limitations of the PRA and non-PRA evaluations supporting the CP application in terms of scope, level of detail, conformance with PRA technical elements, and plant representation; identified the impact of these limitations on the results and insights; and developed a plan for addressing and/or resolving these limitations at the OL stage,

established a quality control plan that addresses configuration management of the PRA and non-PRA evaluations during construction, including any design modifications, and 8

identified all methods, approaches, and standards used in the development of the PRA and non-PRA evaluations or that will be used at the OL stage, including self-assessment and peer review processes.

The staffs confirmation of the completion of these actions provides confidence that:

1. The CP-stage PRA and non-PRA evaluations and their results reflect the CP-stage design and are reasonable; and

2. based on the relevant commitments in the CP application and the PRA configuration control program, the PRA and non-PRA evaluations will be updated to reflect the final design and possess the minimum characteristics, attributes, and capabilities needed to support an OL application.

For cases where the PRA and non-PRA evaluations supporting a CP application do not address all the relevant risk contributors and where the applicant has made commitments essential to addressing these contributors at the OL stage of the licensing process, the staffs review will involve judgment on qualitative and quantitative information presented in the PSAR as well as the applicants commitments.

Minimum Scope of PRA and non-PRA Evaluations for CP-Stage A full-power reactor internal events PRA should be developed for the CP-stage commensurate with the design maturity. In general, consistent with DC/COL-ISG-028, Capability Category I of an NRC-endorsed PRA Standard is acceptable for PRAs, including the internal events PRA, at the CP-stage.

An applicant should evaluate all hazards for their impact on the risk from the design. Non-PRA evaluations for hazards that cannot be screened out are acceptable for the CP application.

These non-PRA evaluations should incorporate site-specific information. Examples of non-PRA evaluations include PRA-based seismic margins assessments and conservative assessments of non-seismic external hazards.

Consistent with the Commissions PRA Policy Statement, the NRC staff encourages the maximum use of PRA to assess the risk from hazards that cannot be screened out at the CP-stage. Use of a PRA, as opposed to a non-PRA evaluation, provides mutual benefits to the applicant and staff by providing more detailed and complete risk insights demonstrating the safety features of the design. Use of a PRA also supports the transition between CP and OL reviews by focusing the staffs review of the OL application to changes in the design and therefore, changes in the PRA and non-PRA evaluations.

9

Table 1 provides a summary of the minimum scope of PRA and non-PRA evaluations for a CP application.

Table 1: Minimum scope of PRA and non-PRA evaluations recommended for a LWR CP application Minimally Acceptable PRA Minimally Acceptable Non- Additional PRA Elements for Full-Power PRA Evaluations Evaluations*

Internal Events PRA Plant operating state Initiating event analysis Internal flood PRA analysis Accident sequence analysis Internal flood assessment Internal fire PRA Success criteria Internal fire assessment Seismic PRA development Systems analysis PRA-based seismic margins High winds PRA Non-seismic external hazard Human reliability analysis assessment (includes External flooding PRA hazard screening)

Low power and shutdown Data analysis Other Hazards PRA assessment Low power and shutdown Level 2 analysis PRA Quantification Source term analysis Radiological consequence Uncertainty analysis analysis

Applicants can choose to and are encouraged to perform an additional PRA evaluation instead of a non-PRA evaluation.

PRA results should be quantified in terms of the risk metrics: core damage frequency (CDF),

large release frequency (LRF), and conditional containment failure probability (CCFP) to demonstrate compliance with the Commissions safety goals. SRM-SECY-90-016 discusses the applicability of the CDF and LRF to advanced light-water reactors licensed under Part 52.

SRM-SECY-12-0081 approves the staffs recommendation to transition from LRF to large early release frequency (LERF) at or before initial fuel load and discontinue regulatory use of LRF and CCFP thereafter. For Part 50 plants, the CP PRA should use LRF and the OL PRA should use LERF because an OL gives permission to load fuel. LERF should be used consistent with the guidance in RG 1.174. For an applicant that chooses to use LERF for licensing under Part 50 plant, LERF should be used consistently with the guidance in RG 1.174.

10

Submittal Information for the PRA and non-PRA Evaluations in an LWR CP Application The applicants PSAR for a CP application should be able to demonstrate that the fundamental design and operation of the plant have been accurately represented in the PRA and non-PRA evaluations, and that the development of the PRA and non-PRA evaluations has been successfully executed for the CP application. One way to demonstrate this for PRAs is to meet the staff positions in RG 1.200 and DC/COL-ISG-028 as it relates to the foundational PRA elements, which are essential for a base PRA. Such a demonstration should help establish the staffs confidence in the applicants aptitude and proficiency in developing the PRA and in the use of the resulting risk insights. Consequently, the applicant should be incentivized to provide as much information about the development of the CP-stage PRA and non-PRA evaluations and their uses as is available.

The CP application should include the following information on the uses of the PRA to support the staffs findings:

Discussion of all the uses of the CP-stage PRA and non-PRA evaluations and resulting risk insights (e.g., identification of severe accident vulnerabilities, identification of design options to reduce risk, selection of licensing basis events, determination of non-safety-related systems subject to regulatory treatment, demonstration of margins to the Commissions safety goals).

Identification of design options to reduce risk and address severe accident vulnerabilities, including:

o Description of the process for identifying and incorporating key contributors to plant risk and risk insights into the design or construction.

o Examples of design changes made based on risk information and insights.

If the PRA and non-PRA evaluations are used to select or support the selection of licensing basis events:

o Description of the process for using risk information and insights for selection of licensing basis events, including the justification of metrics (e.g., event sequence frequency) and thresholds (e.g., separation between design-basis accidents and beyond-design-basis events).

o Description of the treatment of uncertainty in the PRA and non-PRA evaluations in the process for selection of licensing basis events.

o Summary of results from the use of the PRA and non-PRA evaluations for selection of licensing basis events.

11

Self-Assessment and Peer Review A PRA self-assessment should be performed at the CP-stage for the PRAs supporting the application commensurate with design readiness. The CP application should include the following information for the self-assessment:

Description of the PRA self-assessment, including the PRA Standard(s) and guidance used to perform the self-assessment.

Summary of any limitations identified by the self-assessment arising from the level of maturity of design and operational details.

A formal peer review against PRA standards at the CP application stage is not required but may be performed instead of a PRA self-assessment. A formal peer review provides the staff with additional confidence in the results of the PRA.

Hazard-specific Information The minimum information that should be provided in a CP application on specific technical aspects of the PRA and non-PRA evaluations is provided below. Discussions and descriptions identified below should be commensurate with the identified uses of the risk insights from the PRA and non-PRA evaluations, and the level of design maturity in the CP application.

Plant Operating State (POS) Analysis The POS analysis supporting a CP application PRA should identify operating evolutions (e.g.,

full-power, low power, and shutdown types of conditions) important to risk. Each condition where plant parameters are stable and similar should be defined as a distinct plant operating state. The purpose of the POS analysis is to identify and evaluate the entire spectrum of plant responses to off-normal conditions with potential to lead to core damage and large release.

Each POS should be evaluated to identify applicable initiating events and accident sequences, establish system success criteria, and quantify accident sequence frequencies. The set of identified POSs should encompass the entire spectrum of operations. Where possible, the description and results of PRA and non-PRA assessments should be presented as a table or chart to facilitate understanding of the POS analysis supporting the CP application.

The CP application should include the following information from the POS analysis consistent with the maturity of the design:

The range of plant parameters and the selected representative parameter value chosen for each POS, e.g., for power level or decay heat level including typical POS entry times after plant trip; average reactor coolant system temperatures, configuration (intact, vented, or modified by dams, seals, and open penetrations), pressures, and water levels; and containment status (e.g., disinterred, intact, open).

Mitigation equipment available or expected to be available for each POS.

12

Activities that may lead to changes in the above parameters used to define the POS, (e.g., drain down, filling and venting, dilution, fuel movement, and cooldown). RCS pressure capability, presence of temporary hatches or penetrations, or nozzle dams/loop isolation.

Information regarding the screening and grouping of POSs to facilitate an efficient but realistic estimation of CDF and LRF.

If bounding assessments or qualitative evaluations are performed to address certain evolutions, identification of the spectrum of accident sequences with the potential to lead to core damage and large release.

Full-Power Internal Events PRA A full-power internal events PRA should be developed for the CP-stage commensurate with the design maturity. At the CP-stage, consistent with DC/COL-ISG-028, Capability Category I of an NRC-endorsed PRA standard is acceptable for PRAs, including the internal events PRA. The CP application should include the following information:

Initiating Event Analysis Initiating events include perturbations to the steady-state operation of the plant that challenge plant control and safety systems and failures of plant control and safety systems that may cause perturbation to the steady-state operation of the plant that could lead to core damage, radioactivity release, or both. The initiating event analysis identifies and characterizes the events that both challenge normal plant operation during power or shutdown conditions and require successful mitigation by plant equipment and personnel to prevent core damage from occurring. Events that have occurred at the plant and those that have a reasonable probability of occurring are identified and characterized. An understanding of the nature of the events is performed such that a grouping of the events, with the groups defined by similarity of system and plant responses (based on the success criteria), may be performed to manage the large number of potential events that can challenge the plant.

The CP application should include the following information on initiating event analysis for the full-power internal events PRA:

Description of the systematic approach used to develop a comprehensive list of potential initiating events.

Identification of guidance (e.g., RG 1.200), PRA standards (e.g., the endorsed Level 1/LERF PRA Standard for LWRs, the ALWR PRA Standard), data sources, and techniques used to develop the comprehensive list of initiating events (e.g., failure modes and effects analysis, master logic diagram).

Identification of initiating events that are screened from inclusion in the PRA and technical basis for the screening.

Description of how the initiating events that are not screened are categorized into initiating event categories or groups according to plant response and mitigation equipment.

13

Description of each initiating event.

Accident Sequence Analysis The objective of the accident sequence analysis is to model chronologically the possible accident progressions that can occur starting from the initiating event modeled in the CP application PRA to its end state (e.g., successful mitigation, core damage, large release). The accident sequences account for the systems that are designed (and available) to mitigate the initiator based on defined success criteria. The event sequences also account for any operator actions performed to mitigate the accident based on the defined success criteria, plant operating procedures (e.g., plant emergency and abnormal operating procedures), and training.

The CP application should include the following information on accident sequence analysis for the full-power internal events PRA:

Summary of event tree for each initiating event identified in the initiating event analysis, including a discussion of the sequences for each event tree.

Description of necessary and sufficient equipment (safety and non-safety-related) reasonably expected to be used to mitigate initiators.

Description of plant-specific functional, phenomenological, and operational dependencies that impact significant event sequences in the event sequence structure.

Description of individual function mission times for each safety function and time windows for each operator action included in the PRA.

Success Criteria Development For an initiating event, success criteria identify the minimum system requirements to prevent or mitigate an undesirable end state. Success criteria are based on acceptable engineering analyses that represent the design and operation of the plant under consideration. For a safety function to be successful, the criteria depend on the initiator and the conditions created by the initiator.

The CP application should include the following information on success criteria for the full-power internal events PRA:

Definition of success criteria and mission time.

Summary of engineering analyses representing the available design and operation information performed to identify the success criteria.

Description of the success criteria for each initiating event or initiating event group, including the list of performance requirement (e.g., number of trains required) and operator actions credited in the determination of success criteria.

Identification of any computer code(s) used for analysis of success criteria, addressing the applicability of the code for evaluation of phenomena of interest.

14

Systems Analysis The objective of the systems analysis is to identify combinations of failures that can prevent a system from performing one of its safety functions. The systems analysis model includes failures of system hardware and instrumentation and human failure events (HFEs). The modeling of these failures accounts for dependencies among the front-line and support systems and distinguishes the specific equipment or human events that have a major impact on the systems ability to perform its function.

The CP application should include the following information on systems analysis for the full-power internal events PRA:

Description of intra- and inter-system dependencies, methodology used for modeling common-cause failures, treatment of testing and maintenance in the model.

Identification of those passive safety systems that perform a safety function for any sequence.

Passive Safety System Reliability (for designs using passive systems for emergency core cooling or decay heat removal)

Passive safety systems rely on natural forces, such as gravity, to perform their safety functions.

Such driving forces are small compared to those of pumped systems, and the uncertainty in their values, as predicted by a best-estimate thermal hydraulics analysis, can be of comparable magnitude to the predicted values themselves. Therefore, some accident sequences with a frequency high enough to impact results, but not predicted to lead to core damage by a best-estimate thermal hydraulics analysis, may lead to core damage when PRA models consider thermal hydraulics uncertainties for passive systems. One approach to addressing this issue is to perform sensitivity studies using the thermal hydraulics code selected for success criteria analysis.

The CP application should include the following information on passive safety system reliability for the full-power internal events PRA:

Identification of all key thermal hydraulics parameters that could affect the reliability of a passive system and introduce uncertainty into the determination of success criteria.

A description of how the key thermal hydraulics phenomena are modeled as a failure mode.

If thermal hydraulics uncertainty analysis is performed:

o A summary of its results and key insights.

o A discussion of the applicability of the thermal hydraulics code used for the assessment.

If thermal hydraulics uncertainty analysis is not performed, a description of the plan to perform these analyses and reflect the insights into the design.

15

Human Reliability Analysis The objective of the human reliability analysis is to identify and define the HFEs that can negatively impact normal or emergency plant operation and quantify their probabilities. The HFEs associated with normal plant operation include the events that leave the system (as defined by the success criteria) in an unavailable state. The HFEs associated with emergency plant operation represent those human actions that, if not performed or performed incorrectly, do not allow the needed system to function. Only human errors of omission are considered in the scope of the systems analysis; errors of Commission and malevolent acts are not considered in the scope of the systems analysis.

The CP application should include the following information on human reliability analysis for the full-power internal events PRA:

Identification and description of HFEs that result in initiating events.

Identification and description of pre- and post-accident HFEs that impact the mitigation of initiating events.

Identification and treatment of dependent HFEs, including the basis for the lower bound of the joint human error probability used in the PRA.

Any recovery action credit taken, including the justification for such credit.

Data Analysis The objective of the data analysis is to define parameters for each basic event such that the PRA results provide realistic risk insights for the design. Data analysis includes the assignment of generic, design-specific, and plant-specific parameter estimates (as applicable). Data analysis should account for SSC boundaries, failure modes, failure rates, and CCFs.

The CP application should include the following information on data analysis for the full-power internal events PRA:

Discussion of sources of frequency and failure rates, with design-specific justification for use of generic estimates.

Design-specific justification for the failure rates used for first-of-a-kind components.

For safety features or components that require research and development (e.g., related to the failure rate used in the PRA), a description of the research and development program that will be conducted to resolve such issues at the OL stage.

16

Level 2 Analysis The CP application should include the following information on Level 2 analysis for the full-power internal events PRA:

Description of the Level 2 PRA development, commensurate with the design at the CP-stage, including:

o Grouping of Level 1 PRA core damage sequences.

o Event trees and key phenomena for Level 2 PRA.

o Basis for excluding any severe accident phenomena.

Demonstration that the design at CP-stage meets the Commissions expectations for containment performance for new reactors.

Quantification The CP application should include the following information on quantification for the full-power internal events PRA:

CDF and LRF.

List, with summary description, of dominant sequences for CDF and LRF.

List of dominant SSCs based on importance measures (e.g., Fussel Vesely, Risk Achievement Worth).

Demonstration that the design meets the Commissions safety goals for new reactors.

Uncertainty Analysis The CP application should include the following information on uncertainty analysis for the full-power internal events PRA:

Summary of parametric uncertainty analysis performed with results, including the mean, 5th, and 95th percentile values for CDF and LRF.

Description of the process for identifying and dispositioning PRA model uncertainties for all the topic areas listed above, including identification of relevant guidance (e.g.,

RG 1.200, NUREG-1855).

List of sensitivity analyses performed, including, for each sensitivity, the uncertainty being addressed, the change in base parameter, and the results.

List of key assumptions and sources of uncertainty, including design features and design assumptions, impacting the application and the stated uses of the PRA.

17

Internal Flood An internal flood PRA or a non-PRA evaluation of the risk from internal floods is acceptable for a CP application.

If a non-PRA evaluation is performed for internal floods for a CP application, the following information should be provided:

Discussion of the non-PRA evaluation approach, including the systematic identification of potential internal flood initiating events.

Description of any screening analysis performed for any flood sources (initiators),

including identification of design features (e.g., flood doors, berms, SSC elevations) relied upon for screening the identified initiating events from inclusion in the non-PRA evaluation.

Description of the risk insights, including, as applicable, failures of SSCs and their consequences due to the internal flood initiators that were not screened.

Identification of key assumptions used in the evaluation.

Summary of any limitations associated with assessment arising from the level of maturity of design and operational details.

The internal flood PRA initiating events typically rely on the corresponding internal events PRA initiating events with modifications to include the impact of the identified flood scenarios in terms of causing initiating events and failing equipment used to respond to initiating events.

If an internal flood PRA is performed for a CP application, the following information should be provided:

Summary of changes made to the internal events PRA to develop the internal flood PRA addressing each of the topics identified previously for internal events PRA.

Description of the process for flood area partitioning, flood source analysis, and flood scenario analysis.

Description of any screening analysis performed for any flood sources (initiators),

including identification of design features (e.g., flood doors, berms, SSC elevations) relied upon for screening the identified initiating events from inclusion in the internal flood PRA.

Summary of any limitations associated with internal flood PRA arising from the level of maturity of design and operational details.

18

Internal Fire An internal fire PRA or a non-PRA evaluation of the risk from internal fire is acceptable for a CP application.

If a non-PRA evaluation for internal fires is performed for a CP application, the following information should be provided:

Discussion of the non-PRA evaluation approach, including the systematic identification of potential internal fire initiating events.

Description of any screening analysis performed for any fire sources (initiators),

including identification of any design features (e.g., physical separation, fire barriers, dampers) relied upon for screening the identified initiating events from inclusion in the non-PRA evaluation.

Description of the risk insights, including, as applicable, failures of SSCs and their consequences due to the internal fire initiators that were not screened.

Discussion of any alternative shutdown locations and corresponding capabilities.

Identification of key assumptions used in the evaluation.

Summary of any limitations associated with assessment arising from the level of maturity of design and operational details (e.g., cable routing).

If an internal fire PRA is performed for a CP application, the following information should be provided:

Summary of changes made to the internal events PRA to develop the internal fire PRA addressing each of the topics identified previously for internal events PRA.

Description of the process for fire area partitioning, fire source analysis, and fire scenario analysis.

Description of any screening analysis performed for any fire sources (initiators),

including identification of any design features (e.g., physical separation, fire barriers, dampers) relied upon for screening the identified initiating events from inclusion in the internal fire PRA.

Summary of any limitations associated with the internal fire PRA arising from the level of maturity of design and operational details (e.g., cable routing).

Seismic A non-PRA evaluation (i.e., PRA-based seismic margins assessment (SMA)) or a seismic PRA may be used to support an LWR CP application. For a PRA-based SMA, design response spectra (DRS) representative of multiple sites may be used. Both the design and site-specific earthquake ground motion must satisfy Appendix S and 10 CFR Part 100. The spectra are characterized by horizontal and vertical response spectra. A DRS representative of multiple 19

sites should satisfy the seismic hazard curves and design parameters as outlined in SECY-93-087 and other relevant guidance documents.

If a PRA-based SMA is performed for a CP application, the following information should be provided:

1. Seismic hazard input

For an applicant using site-specific response spectra:

o Ground motion response spectra (GMRS) or site-specific safe shutdown earthquake (SSE).

o Review level earthquake (RLE)1.67 times the GMRS or site-specific SSE.

For an applicant using DRS representative of an envelope of multiple sites:

o Demonstration that the site-specific GMRS or SSE characterized by horizontal and vertical response spectra is bounded by the DRS.

o Review level earthquake (RLE)-1.67 times the DRS defined as the SSE.

Identification of any site-specific seismic-induced initiating events (e.g., slope stability, liquefaction, dam failure), including discussion of the approach.

2. Seismic fragility evaluation

Summary description of the systematic process used to develop the seismic equipment list (SEL).

Identification of seismically-induced failures of SSCs that are not explicitly modeled in the internal events PRA and structural failures that could cause widespread equipment failures.

Seismic correlation assumptions.

Summary of the key SSC fragility parameters (e.g., a table with high-confidence of low probability of failure (HCLPF) values, median capacities, and logarithmic standard deviation of the fragilities for the SSCs on the SEL), including:

o Description of the method(s) used for the derivation of SSC fragilities, including a summary of how the failure probability is related to the ground motion parameter.

o Identification of sources of information and justification for applicability of generic fragilities.

3. Systems and accident sequence analysis

Summary of the process for identification of site-specific seismic-induced initiating events, including the operating modes, event trees, fault trees, and accident sequences considered in the analysis with a basis for their selection.

20

Description of the development of the PRA-based SMA including:

o Changes made to the internal events PRA model.

o Modeling of passive components (e.g., tanks, heat exchangers, piping) and structural failures, including containment, and correlated failures.

o Modeling of random failures and human actions specific to the PRA-based SMA and changes to the modeling of human actions to account for seismic events.

Description of failures which are assumed to lead directly to core damage or large release.

4. Sequence-level and plant-level HCLPF assessment

The calculated sequence-level and plant-level HCLPF capacities for the operating modes considered, including-o a discussion of the method used to calculate sequence-level and plant-level HCLPF capacities (e.g., MIN-MAX).

o the identification of the SSCs that limit the plant-level HCLPF capacity.

Identification of key assumptions and sources of uncertainty that can impact insights and results, including those arising from level of design maturity at the CP-stage lack of as-built and as-operated details.

Description of process to track assumptions and sources of uncertainty.

Identification of any scenarios where combinations of seismic failures, random events, and failures of human actions that could result in an effective seismic capacity less than the RLE.

Key results and insights, such as:

o dominant seismically-induced initiating events, o dominant sequences, o dominant functions, SSCs, and operator actions, and o identification of any potential vulnerabilities in the design.

If a seismic PRA is performed to support an LWR CP application, the following information should be provided:

1. Seismic Hazard Input

Description of probabilistic seismic hazard analysis performed to develop the site-specific seismic hazard curves and any changes to the seismic hazard curves used in the seismic PRA.

The site-specific response spectra with the technical basis for their development.

21

Identification of site-specific seismic-induced initiating events (e.g., slope stability, liquefaction, dam failure), including discussion of the approach.

2. Seismic Fragility Evaluation

Summary description of the systematic process used to develop the SEL.

Identification of seismically-induced failures of SSCs that are not explicitly modeled in the internal events PRA and structural failures that could cause widespread equipment failures.

Seismic correlation assumptions.

Summary of the key SSC fragility parameters (e.g., a table with HCLPF values, median capacities, and logarithmic standard deviation of the fragilities for the SSCs on the SEL), including:

o Description of the method(s) used for the derivation of the design-specific SSC fragilities, including a summary of how the SSC failure probability is related to the ground motion parameter.

o Identification of sources of information and justification for applicability for the generic fragilities used.

3. Plant Systems Analysis

Summary of the operating modes, accident sequences, event/fault trees, and damage levels considered in the analysis with a basis for their selection.

Description of the development of the seismic PRA including:

o Changes made to the internal events PRA model.

o Modeling of passive components (e.g., tanks, heat exchangers, piping) and structural failures, including containment, and correlated failures.

o Modeling of random failures and human actions specific to the SPRA and changes to the modeling of human actions to account for seismic events.

Description of failures which are assumed to lead directly to core damage or large release.

Key results and insights, such as:

o the plant-level HCLPF, o identification of any scenarios where combinations of seismic failures, random events, and failures of human actions that could result in an effective seismic capacity less than the RLE, o dominant seismically-induced initiating events, o dominant sequences and cutsets, 22

o dominant functions, SSCs, and operator actions, and o identification of any potential vulnerabilities in the design.

A description of the assumptions and sources of uncertainty for hazard, fragility, and plant response that can impact insights and results, including those arising from:

o level of design maturity at CP-stage o lack of as-built and as-operated details

Identification of any sensitivity analyses performed to address assumptions and sources of uncertainty.

List of key assumptions and sources of uncertainty, including design features and design assumptions impacting the application and the stated uses of the seismic PRA.

Non-Seismic External Hazards A key feature of a PRA is that a wide spectrum of potential hazards in terms of magnitude and frequency of occurrence are systematically surveyed to ensure that significant contributors to plant risk are not inadvertently excluded. Table D-1 in Appendix D to RG 1.200 provides a list of additional hazards that should be systematically evaluated. Additional hazards not in Table D-1 in Appendix D to RG 1.200, if identified, should be addressed as a non-seismic external hazard.

These hazards may be treated at the CP-stage using hazards screening, performing a conservative estimate of risk, or performing a non-seismic external hazards PRA.

Hazards Screening The objective of the hazards screening analysis is to adequately justify exclusion of a hazard or hazard group.

If the applicant performs screening for any non-seismic hazard, including the hazards listed in Table D-1 of Appendix D to RG 1.200, the following information should be provided for each screened hazard:

A discussion of the basis for site-specific screening, identifying, if applicable, the corresponding criteria in the PRA Standard endorsed in RG 1.200.

A description of the hazard screening analysis, including the applicability of data used for occurrence frequency in the analysis for the CP site.

Identification of assumptions and sources of uncertainty for the screening of each screened hazard, including key assumptions that can impact the results of the screening.

Identification of SSCs and design features credited in and necessary for screening of each screened hazard.

23

Conservative Estimate of Risk from Non-Seismic Hazards Using Non-PRA Evaluations If an applicant cannot screen out a non-seismic hazard based on a qualitative evaluation or quantitative screening analysis, the applicant may perform a conservative assessment of risk and demonstrate that the construction permit site is within the bounds of the parameters used for the conservative assessment. If the applicant performs a conservative analysis for any non-seismic hazard, including the hazards listed in Table D-1 of Appendix D to RG 1.200, the following information should be provided for each hazard:

1. Hazard Input

A description of the estimate of and basis for the selected hazard frequency for the CP site or for the representative site which reflects recent information and uses historical data or a phenomenological model or a mixture of the two.

If a representative site approach is used, justification that the representative site bounds the hazard at the CP site.

2. Fragility Evaluation

Summary description of the systematic process used to develop the hazard safe shutdown equipment list (SSEL).

Identification of hazard-induced failures of SSCs that are not explicitly modeled in the internal events PRA and structural failures that could cause widespread equipment failures.

Summary of key SSC fragilities (e.g., a table with HCLPFs, median capacities, and logarithmic standard deviation of the fragilities for the SSCs on the SEL), including:

o Description of the methods used for derivation, if design-specific fragilities are used.

o Identification of sources of information and justification for applicability for generic fragilities used.

o Correlation assumptions.

If a simplified fragility evaluation is performed (e.g., seismic Category I structures will not fail), a description of the approach, including assumptions and simplifications, for incorporating the fragility of SSCs in the evaluation.

3. Estimate of Plant Response

Summary of the process for identification of site-specific hazard-induced initiating events, including the operating modes, event trees, fault trees, and accident sequences considered in the analysis.

Description of the development of the plant response analysis, including changes made to the internal events PRA model, modeling of passive components, structural failures, correlated failures, random failures, and human actions.

24

Key results and insights, including risk-significant SSCs, dominant cutsets, and dominant sequences.

List of analysis assumptions and sources of uncertainty for hazard, fragility, and plant response that can impact insights and results, including those arising from:

o Level of design maturity at CP-stage o Lack of as-built and as-operated details

Any sensitivity analyses performed to address assumptions and sources of uncertainty.

Non-Seismic Hazard PRA A PRA for non-seismic hazards, including those identified in Table D-1 of Appendix D to RG 1.200, should be performed if the hazard cannot be screened out by either a qualitative screening evaluation or a quantitative screening analysis, and an applicant chooses to perform a PRA at the CP-stage instead of a conservative analysis.

1. Hazard Input

Description of the hazard frequency of occurrence at different intensities of the hazard for the CP site using a site-specific probabilistic evaluation.

Description of the historical data or a phenomenological model, or a mixture of the two that is used for the hazard frequency development.

2. Fragility Evaluation

Description of the systematic process used to develop the hazard SSEL.

Identification of hazard-induced failures of SSCs that are not explicitly modeled in the internal events PRA and structural failures that could cause widespread equipment failures.

Correlation assumptions.

Description of the systematic process and assumptions used to determine the governing failure mode for the SSCs on the SSEL.

Summary of the key SSC fragilities including:

o Description of the methods used for derivation, if design-specific fragilities are used.

o Identification of sources of information and justification for applicability, if generic fragilities are used.

3. Plant Systems Analysis

Summary of the operating modes, accident sequences, and event/fault trees, and damage levels considered in the analysis with a basis for their selection.

25

Description of the development of the other hazards PRA, including changes made to the internal events PRA model, modeling of passive components, structural failures, correlated failures, random failures, and human actions.

Description of significant failures that can lead to CDF and LRF.

Key results and insights, including risk-significant SSCs, dominant cutsets and dominant sequences.

List of analysis assumptions and sources of uncertainty for hazard, fragility, and plant response that can impact insights and results, including those arising from:

o Level of design maturity at CP-stage o Lack of as-built and as-operated details

Any sensitivity analyses performed to address assumptions and sources of uncertainty.

Low Power and Shutdown (LPSD)

An LPSD PRA or a non-PRA evaluation of the risk from LPSD operations is acceptable for a CP application.

If a non-PRA evaluation of the risk from LPSD operations is performed for a CP application the following information should be provided:

Discussion of the non-PRA evaluation approach, including the systematic identification of potential LPSD initiating events based on the submitted POS analysis.

Description of any analysis performed to screen POSs from inclusion in the LPSD PRA, including identification of any design features relied upon for the screening.

Description of the LPSD risk insights (e.g., design features that minimize operator actions required to mitigate shutdown initiating events) derived from the assessment.

Identification of key assumptions used in the evaluation.

Summary of any limitations associated with assessment arising from the level of maturity of design and operational details.

If a LPSD PRA is performed for a CP application the following information should be provided:

Summary of the development of the LPSD PRA addressing relevant topics identified previously for internal events PRA (e.g., initiating event analysis) and demonstrating the consistency with identified plant operating states.

Description, with justification, of any analysis performed to screen any POS from inclusion in the LPSD PRA, including identification of any design features relied upon for the screening.

26

Summary of any limitations associated with LPSD PRA arising from the level of maturity of design and operational details.

PRA Development and Configuration Plan The PRA configuration control program should be based on available operational, maintenance, and procedural information. The applicants PRA configuration control program should address when the PRA is to be updated or upgraded. In particular, the PRA configuration control program should address design-, site-, and plant-specific characteristics and evaluations of changes made to them.

The CP application should contain the following information:

Identification of PRA elements from RG 1.200 that are not met, an explanation for the reason each identified element is not met (e.g., lack of design maturity), and description of the applicants plan for meeting each identified PRA element in the OL PRA.

The guidance and standards used to develop the PRA, including any commitments to the standards (and, if applicable, the capability categories) that will be met for the PRA supporting the OL application.

A description of the process to track assumptions and monitor inputs for PRA and non-PRA evaluations supporting the CP application.

A description of how new information will be collected and included in the PRA to maintain the PRA consistent with the as-built, as-to-be-operated plant design.

A description of how configuration control of computer models and codes used to support PRA inputs and quantification will be performed.

A description of how reviews of the PRA will be conducted (i.e., self-assessment, peer review, etc.), including the frequency of such reviews.

Severe Accidents In accordance with the Commissions Severe Accident Policy Statement, the applicant should consider a range of alternatives when addressing safety issues and reducing risk from severe accidents. The severe accident phenomena identified as examples in paragraphs 52.47(a)(23), 52.79(a)(38), 52.137(a)(23), and 52.157(f)(23) are design-dependent and specific to LWRs. They include core-concrete interaction, steam explosion, high-pressure core-melt ejection, hydrogen combustion, and containment bypass. The PRA and non-PRA evaluations should include consideration of severe accident vulnerabilities, and the CP application should address the prevention and mitigation of severe accidents. The CP application should include the following information on severe accidents:

A description and analysis of design features for the prevention and mitigation of severe accidents, including an evaluation of the severe accident phenomena to assess their design relative to the containment performance goals as approved by SRM-SECY-93-087.

27

Documentation of how the search for severe accident vulnerabilities is conducted, justification that the approach used to conduct the search is adequate, and the results of the search for severe accident vulnerabilities.

A description of how the overarching goal of the identification of severe accident vulnerabilities, which is to prevent the existence of an unacceptable likelihood or consequence of a severe accident, is achieved.

A description of improvements to plant design, operations, or maintenance that prevent or reduce the possibility, likelihood, or consequence of the identified severe accident.

A description of the analysis that has been performed for the CP application or will be performed as part of the OL application for each severe accident to understand the sequence and timing of events, phenomena, and how operators and other staff interact with and participate in the event sequence.

Regulatory Treatment of Non-Safety Systems for Designs with Passive Safety Systems The regulatory treatment of non-safety systems (RTNSS) process applies to designs with passive safety systems. More specifically, it applies to those non-safety-related SSCs that perform risk-significant functions and, therefore, are candidates for regulatory oversight. The scope, criteria, and specific steps of the RTNSS process are provided in SECY-94-084 and SECY-95-132. Corresponding review guidance is found in SRP 19.3. The RTNSS criteria that use PRA information are:

Non-safety-related design features or functional capabilities with mitigation capability necessary to reduce the CDF or LRF below the Commission goals when credited in the PRA should be identified as risk-significant and included in the RTNSS program (RTNSS C).

Non-safety-related SSCs whose failure results in PRA initiating events that result in passive safety system actuation and significantly affects CDF and LRF should be identified as risk-significant and included in RTNSS (RTNSS C).

The applicant should evaluate potential uncertainties associated with assumptions made in the PRA regarding passive systems and verifies that the applicant has included non-safety-related SSCs in the scope of the RTNSS program to compensate for the uncertainties in the PRA and in the modeling of severe accident phenomenology or provided a reasonable justification for not doing so (RTNSS C).

The applicant should include any non-safety-related SSCs credited in meeting the Commissions containment performance goals in the scope of the RTNSS program (RTNSS D).

28

The CP application should include the following information on RTNSS:

A description of the non-safety-related SSCs subjected to RTNSS and their specified functions, including the specific RTNSS criteria that are met by the SSCs.

A discussion of how candidate risk significance is determined from the PRA, including numeric thresholds and their bases.

If active systems are determined to be risk significant3, a description of the administrative controls on availability, or technical specifications and limiting conditions for operation.

A description of the augmented design standards that must be met by SSCs in the scope of the RTNSS program and standards for assuring that SSC functions will be achieved.

The regulatory treatment proposed for SSCs in the scope of the RTNSS program.

3 One endorsed definition of risk-significant is found in RG 1.200, which defines risk-significant in general terms with reference to the definitions for significant accident sequence and significant basic event/contributor with quantitative bands. Design-specific definitions of risk-significant and their justifications will be reviewed by the NRC staff on a case-by-case basis.

29

ML23326A185

Text

Navigation menu

Search