Text

LLC, Response to SDAA Audit Question Number A-19.1-39
	ML24215A216
Person / Time
Site:	05200050
Issue date:	08/02/2024
From:	; NuScale
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML24215A000	List: ML24215A001; ML24215A002; ML24215A003; ML24215A004; ML24215A005; ML24215A006; ML24215A007; ML24215A009; ML24215A010; ML24215A012; ML24215A013; ML24215A014; ML24215A015; ML24215A016; ML24215A017; ML24215A020; ML24215A021; ML24215A022; ML24215A023; ML24215A025; ML24215A027; ML24215A028; ML24215A030; ML24215A034; ML24215A036; ML24215A037; ML24215A038; ML24215A040; ML24215A042; ML24215A044; ML24215A045; ML24215A047; ML24215A050; ML24215A052; ML24215A054; ML24215A055; ML24215A057; ML24215A060; ML24215A062; ML24215A064; ML24215A066; ML24215A067; ML24215A069; ML24215A070; ML24215A072; ML24215A073; ML24215A074; ML24215A075; ML24215A076; ML24215A078; ... further results
References
	LO-169995
	Download: ML24215A216 (1)
	v • d • e

Response to SDAA Audit Question Question Number: A-19.1-39 Receipt Date: 08/28/2023 Question:

According to Table 19.1-21, a human reliability analysis (HRA) assumption is that [f]or scenarios in which operators unisolate containment to initiate injection, but fail to prevent core damage, they are assumed to restore containment isolation. Since errors of omission or commission are possible for this operator action, explain the evaluation or analysis that supports this assumption (a human failure event for restoration of containment isolation equals to zero) and its impact on risk, including the determination that this would not be a significant operator action if it were included in the PRA model. Identify and describe any sensitivity study(ies) performed to evaluate the impact of this key assumption on the risk insights.

Response

NuScale has edited the referenced key assumption in FSAR Table 19.1-21 to clarify its meaning. The new wording is consistent with the American Society of Mechanical Engineers/American Nuclear Society standard definition of a human failure event, in which each human action represents all steps required to accomplish a particular function (e.g., add makeup inventory to provide fuel assembly heat removal). It is also consistent with common PRA practice that actions involving a single person, performing a simple task, at the same location, at about the same time, and with the same objective are grouped, and the logic model represents success or failure of the action.

The impact of this key assumption on risk insights is evaluated through sensitivities, including the sensitivity listed in FSAR Table 19.1-22, Sensitivity Studies, in which all human error probabilities are set to the 95th percentile. In addition, system failures (which include human actions) are evaluated for risk significance based on conditional core damage frequency and conditional large release frequency, per the criteria listed in FSAR Table 19.1-19, Criteria for NuScale Nonproprietary NuScale Nonproprietary

Risk Significance. As shown in FSAR Table 19.1-20, Summary of Candidate Risk-Significant Structures, Systems, and Components, no human actions, and neither makeup system (i.e., the chemical and volume control system and the containment flooding and drain system), meet the risk significance criteria.

Markups of the affected changes, as described in the response, are provided below:

NuScale Nonproprietary NuScale Nonproprietary

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-125 Draft Revision 2 Audit Issue A-19.1-19, Audit Issue A-19.1-25, Audit Issue A-19.1-39, Audit Issue A-19.1-40 Table 19.1-21: Key Assumptions for the Probabilistic Risk Assessment FULL POWER, INTERNAL EVENTS Accident Sequence If makeup inventory is needed, operators are assumed to initially align CVCS for coolant addition through the pressurizer spray line. If the RPV water level continues decreasing and operators observe increasing core temperatures, operators are assumed to realign CVCS coolant addition through the injection line.

Success Criteria Procedures are assumed to direct operators to preserve the key safety function to remove fuel assembly heat even in cases where they would need to breach the containment boundary (e.g., operators would open the CVCS CIVs to inject makeup following incomplete ECCS actuation).

In the absence of an effective heat removal mechanism during a nominally intact reactor coolant pressure boundary scenario (that is, DHRS fails and RSVs fail to open), the RPV is expected to develop a leak (e.g., pressurizer heater access port bolted flange), and core damage is assumed.

Systems Analysis Equipment is assumed to be operable without HVAC to support the PRA function. The small size of the equipment together with the slower progression of events provide sufficient time for any mitigating actions that might be needed.

Valve alignment for mitigating systems is assumed to include the capability to open following a loss of support systems (e.g., loss of instrument air) and accessibility for local access.

Shared systems (e.g., CFDS, DWS), are assumed to be available to support accident mitigation.

Failures are assumed to be as-is; failure constitutes the lack of signal generation, transmission, or interpretation through MPS equipment to the end-device.

Human Reliability Analysis Maintenance on multiple system trains is assumed to be performed on a staggered basis; a maintenance error in the first train is assumed to be discovered before an error in the second train could occur.

For scenarios that consider an operator action, operators are assumed to be either completely successful, or completely unsuccessful.in which operators unisolate containment to initiate injection, but fail to prevent core damage, they are assumed to restore containment isolation.

Post-initiator human actions that include use of the O-1 override are assumed to require operators open the reactor trip breakers or wait until the high pressurizer level signal is no longer present, if needed.

Operators are assumed to control CVCS flow to provide necessary inventory for cooling; makeup actions are intended to maintain pressurizer level in the normal operating band.

Data Analysis Passive safety system reliability of the DHRS and ECCS natural circulation heat transfer mechanisms are representative of the as-built, as-operated module Component failure rates, based on design-specific analyses, are representative of the as-built module. Examples include fails to operate for the ECCS hydraulic-operated valve and equipment interface module.

FULL POWER, EXTERNAL EVENTS Internal Flooding PRA Flooding frequencies are assumed based on generic data for turbine and auxiliary buildings, including human-induced mechanisms. This is likely conservative since the NuScale design has fewer systems (hence fewer potential sources of internal flooding).

An internal flood does not result in an RSV demand if RTS and DHRS are successful.

Internal Fire PRA Redundant divisions of safe shutdown equipment and cabling are assumed to be appropriately separated to assure at least one safe shutdown train is available following a fire.

Fire barriers are assumed between fire compartments and provide a fire resistance rating of 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br />.

Seismic Margin Assessment Generic spectral acceleration capacities for general component types (e.g., valves, heat exchangers, circuit breakers) are assumed applicable to components used in the NuScale design.

ML24215A216

Text

Response

Navigation menu

Search