NRC Staff Comments on Draft Revision 3 TSTF-585, Revise LCO 3.0.3 to Require Managing Risk

ML24067A163
Person / Time
Site:	Technical Specifications Task Force
Issue date:	03/07/2024
From:	NRC/NRR/DSS/STSB
To:
References
Download: ML24067A163 (3)
v • d • e

Text

NRC Staff Comments on draft Revision 3 of TSTF-585, which has been renamed, Revise LCO 3.0.3 to Require Managing Risk (ML24016A270)

1) All of the TS that result in default (no action specified for a condition) or direct entry into LCO 3.0.3 should be evaluated to determine whether the proposed LCO 3.0.3 is acceptable or if other actions should be taken. All of these should be evaluated for allowing the use of the proposed LCO 3.0.3 versus the existing LCO 3.0.3 actions (or using something different than LCO 3.0.3) and a justification should be provided. These should be reviewed by the Technical Branches.

a. The NRC evaluated the Westinghouse Standard Technical Specifications (STS),

for direct and default entries into LCO 3.0.3, and found:

i. There is direct entry specified for 3.5.1, 3.5.2, 3.6.6, 3.7.10, 3.7.11, 3.8.4, and 3.8.9.

ii. There is default entry for MANY others.

iii. Some regarding reactivity monitoring and management may be unusual.

b. For Section 3.4.1 of the traveler, the TSTF should list all the default and directed LCO 3.0.3 entries that were evaluated and provide the basis for the dispositions that were determined. NRC review of plant adoptions could be expedited if the traveler includes a conclusion and basis, including a deterministic explanation of defense-in-depth (DID) and safety margins (SM).

c. The model application should include:

i. a statement that the licensee has evaluated the default and directed entries into LCO 3.0.3 and verified that the traveler conclusions are correct for the plant-specific design or provide a basis for the adoption by the plant if the traveler conclusions are not applicable to the plant.

ii. a variation that has the licensee list and justify any directed or default entries into LCO 3.0.3 that were not evaluated by the traveler.

2) There are several mischaracterizations and sentences that are difficult to understand in the traveler.

a. The last sentence in the first paragraph of Section 2.3 states the proposed change requires a licensee to assess the risk significance of the degradation that led to entry. The overall plant risk, including the degradation, is assessed.

b. The last sentence of Section 3.0 is unclear.

c. The STS Bases state that a risk assessment addressing inoperable systems and components must be completed. The assessment must address the risk of the entire plant considering the inoperable structures, systems, and components (SSCs).

d. Some Westinghouse STS Bases markups are in a bad format, they look different than the other pages.

e. The last variation in the model evaluation is difficult to understand.

3) The wording of the proposed LCO 3.0.3 is not specific. The term acceptable, as it relates to continued plant operation should be defined. The model application should clearly define the risk criteria (normal work control core damage frequency (CDF) and large early release frequency (LERF)) that will be used to determine whether the additional time to shut down may be used.

4) In Section 3.4.1, the traveler discusses the reason for allowing 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> if two trains of control room emergency filtration system (CREFS) are inoperable. The TS allows 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> if there is an inoperable boundary that results in two trains inoperable, but this

2 does not apply to other conditions. The traveler does not discuss why the existing TS differentiate between inoperability due to boundary and other causes. The analysis is incomplete. Control room heating, ventilation, and air conditioning (HVAC) TS should have its own shutdown path (up to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />) and not go to LCO 3.0.3.

5) The traveler proposes to generically risk-inform LCO 3.0.3 using the risk assessment and management methodology contained in NUMARC 93-01, Section 11, similar to the precedents described in Section 2.4 of the traveler. Section 3.1.2 of the traveler provides operating experience to purport that the proposal will generically improve plant safety.

The traveler did not describe how adequate DID or SM would be assured to justify the extended LCO 3.0.3 time frames in the submittal. The NRC staff uses the guidance in RG 1.177, An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications and RG 1.174 to evaluate risk-informed proposals regarding changes to TS completion times. DID and SM justifications are necessary elements of a risk-informed submittal. The NRC staff cannot make a finding of reasonable assurance of public health and safety based solely on the risk-based elements of a proposal. While the SM limit is not explicitly defined for LCO 3.0.3, the submittal involves two distinct instances that involve a reduction in the absolute SM associated with the current LCO 3.0.3, or an impact on plant safety resulting from extended operation in a condition of zero SM.

a. Section 3.2.1 purports that a 6-hour preparation time is justified because the risk assessment and implementation of risk management actions (RMAs) can be accomplished within that time frame, and an anecdotal statement regarding conservative operator training in Section 3.2.1. The current LCO 3.0.3 total shutdown completion time requirement is extended by an additional 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />. The additional 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> of preparation time is allowed regardless of whether or not a risk assessment is successful or even performed. Thus, the additional 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> for the overall LCO 3.0.3 completion time are not dependent on any risk considerations, but are completely associated with deterministic considerations.

However, these deterministic considerations, including preservation of adequate DID and reduction in SM (or impact on plant safety from extended operation in a condition of zero SM) are not described or evaluated in the submittal.

b. Section 3.2.4 purports that the extension of the preparation time to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is justified, given an acceptable risk assessment and implementation of RMAs, because the activities associated with preparing for a plant shutdown can be accomplished within the 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. The current LCO 3.0.3 total shutdown preparation time is extended by an additional 23 hours2.662037e-4 days <br />0.00639 hours <br />3.80291e-5 weeks <br />8.7515e-6 months <br /> if a risk assessment is successfully completed during the first six hours. The additional 23 hours2.662037e-4 days <br />0.00639 hours <br />3.80291e-5 weeks <br />8.7515e-6 months <br /> are purported to be supported by the risk-based consideration of utilizing the NUMARC 93-01, Section 11, maintenance risk assessment and management methodology. However, the deterministic considerations associated with a risk-informed justification, including preservation of adequate DID and reduction in SM (or impact on plant safety from extended operation in a condition of zero SM) are not described or evaluated in the submittal.

6) Conditions that result in a loss of function, yet allow the extended action time, require more detailed justification, including DID measures and SMs, or dose consequences, if the extended action time can be applied. For example, the NRC disagrees with the

3 TSTF conclusion that loss of function of emergency core cooling system (ECCS) does not require a direct shutdown path.

7) As proposed, the traveler could potentially be applied after the time limit for a RICT is exceeded. Explain the interaction between TSTF-585 and TSTF-505. Demonstrate that its within the normal work controls risk thresholds.

8) There are no specified prerequisites for ensuring the risk assessments performed for LCO 3.0.3 are adequate to capture the configuration risk. Describe why the NUMARC 93-01 risk-assessment process is adequate to support TSTF-585.

9) LCO 3.0.3 extended shutdown track should not apply when entered intentionally. As currently stated in the draft TSTF-585, it allows a 6-hour delay in commencing a shutdown for intentional entry, even though it says the 24-hour delay period doesnt apply. Intentional entry should require the shutdown to begin immediately since the entry was planned, and the licensee presumably had appropriate time to prepare for the shutdown, including assessing risk and implementing RMAs.

10) If the licensee does not have a reasonable expectation of being able to restore within the extended 24-hour period or of obtaining regulatory relief (e.g., an NOED), then they should begin the shutdown immediately. If the risk assessment is not performed, then shutdown should begin immediately.

11) The potential effect on reporting requirements should be addressed, i.e., the TS required shutdown commences upon entry into LCO 3.0.3, not at the end of the 24-hour CT.