ML24215A226

From kanterella
Jump to navigation Jump to search
LLC, Response to SDAA Audit Question Number A-19.1-60
ML24215A226
Person / Time
Site: 05200050
Issue date: 08/02/2024
From:
NuScale
To:
Office of Nuclear Reactor Regulation
Shared Package
ML24215A000 List: ... further results
References
LO-169995
Download: ML24215A226 (1)
v  d  e


Text

Response to SDAA Audit Question Question Number: A-19.1-60 Receipt Date: 04/22/2024 Question:

SDAA FSAR Section 19.1.4.2.1.2, "Containment Event Tree," describes the evaluation of potential severe accident phenomena that could challenge containment, and it considers phenomena listed in Section 19.0 of the Standard Review Plan, the ASME/ANS PRA Standard (Reference 19.1-1), NUREG/CR-2300 (1983) and NUREG/CR-6595 (2004). Reference 19.1-1 is the 2008 PRA standard ASME/ANS RA-S-2008.

DCA FSER Section 19.1.4.5.2, Severe Accident Process and Phenomena, states that NuScale evaluated severe accident phenomena referenced in ASME/ANS RA-Sa-2009, Section 19.0 of the Standard Review Plan, NUREG/CR-2300, and NUREG/CR-6595.

NuScale is requested to clarify which PRA standardASME/ANS RA-S-2008 or ASME/ANS RA-Sa-2009was used in the SDAA evaluation of potential severe accident phenomena that could challenge containment and provide FSAR markups of Section 19.1.4.2.1.2, as necessary.

Response

NuScale uses American Society of Mechanical Engineers/American Nuclear Society RA-Sa-2009 for its Probabilistic Risk Assessment Standard. NuScale has edited Chapter 19 of the Standard Design Approval Application to indicate its use of this standard.

Markups of the affected changes, as described in the response, are provided below:

NuScale Nonproprietary NuScale Nonproprietary

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-1 Draft Revision 2 CHAPTER 19 PROBABILISTIC RISK ASSESSMENT AND SEVERE ACCIDENT EVALUATION 19.1 Probabilistic Risk Assessment Audit Question A-19.1-60, Audit Issue A-19.2.6-1 The PRA is performed consistent with the requirements of 10 CFR 52.137(a)(25). It assesses the risk for a single NuScale Power Module (NPM) and includes Level 1 and Level 2 evaluations. The PRA follows the guidance in interim staff guidance (ISG)

DC/COL-ISG-028 (Reference 19.1-3). This ISG applies to a standard design as an acceptable approach to conforming with American Society of Mechanical Engineers/American Nuclear Society (ASME/ANS) RA-S-2008 (Reference 19.1-1) and addenda ASME/ANS RA-Sa-2009 (Reference 19.1-2), as endorsed by Regulatory Guide (RG) 1.200, Revision 3. The PRA supporting the standard design does not include a Level 3 evaluation (although NuScale performed a limited offsite consequence assessment to support the evaluation of potential design improvements in Section 19.2.6).

When addressing general concepts, the term PRA refers collectively to the Level 1 and Level 2 risk metric evaluation as well as the phenomenological evaluation of severe accident response. Because of a small radionuclide inventory in a single module compared to typical, currently operating plants, risk metrics associated with small modular reactors have different implications for public health and safety. To reflect this perspective, and to clarify that the calculated risk metric values are based on a PRA for a single module, this chapter uses the terms core damage frequency (CDF) and large release frequency (LRF) to present results for CDF and large release frequency calculations for a single module. When referring to multi-module (MM) risk metrics, the chapter uses terms multi-module core damage frequency (MM-CDF) and multi-module large release frequency (MM-LRF). The conditional containment failure probability (CCFP) refers to the risk metric associated with failure of a containment vessel (CNV),

which houses a reactor pressure vessel (RPV). Together, the CNV and RPV comprise the NPM.

The PRA evaluates the risk associated with operation of a single module at full power as well as low power and shutdown (LPSD) modes of operation for both the internal and the external initiating events (IEs) that can be addressed at the standard design stage.

NuScale assesses the risk associated with multi-module operation using a systematic approach that includes both a qualitative evaluation of the potential impact of shared systems and a quantitative assessment based on the single-module, full-power, internal-events PRA to identify potential multi-module risk contributors.

This section summarizes key aspects of the PRA and associated insights. Supporting documentation including fault trees, initiating and basic event frequency calculations, human error calculation worksheets, and success criteria modeling is available to support U.S. Nuclear Regulatory Commission (NRC) reviews and audits.

19.1.1 Uses and Applications of the Probabilistic Risk Assessment This section summarizes the uses of the PRA to support standard design, combined license (COL) (or other applications), construction, and operational activities.

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-4 Draft Revision 2 the full and accurate capability of equipment and equipment operating characteristics are not known.

plant-specific and operating data and procedures are unavailable.

plant-specific experience to support human reliability analysis (HRA) is not available.

plant walkdowns cannot be performed to gain as-built insights.

plant-specific maintenance and testing schedules or data are unavailable.

there are no similarly designed plants for comparison.

a site has not been selected to support identification and evaluation of external hazards.

NuScale applied conservative, but realistic, assumptions to account for these uncertainties to ensure that an appropriate safety margin is present with respect to risk-informed information generated by the PRA and that key insights are not masked. The specific assumptions also account for design-specific uncertainty associated with unique component design features and thermal-hydraulic conditions of the design.

19.1.2.3 Probabilistic Risk Assessment Technical Adequacy The PRA is consistent with the guidance in DC/COL-ISG-028, which supplements RG 1.200 as an acceptable approach to demonstrate that the PRA used in the standard design has a sufficient level of technical adequacy. Conformance with this regulatory guidance ensures that the PRA is technically adequate to provide confidence in the results and risk insights.

Audit Question A-19.1-60 The PRA meets the DC/COL-ISG-028 guidance for Capability Category I supporting requirements. In the majority of cases, the level of detail provided in the PRA suffices in meeting Capability Category II supporting requirements of the ASME/ANS probabilistic risk assessment standard (Reference 19.1-1Reference 19.1-2).

The NuScale Power Plant US460 standard design can incorporate up to six modules. Evaluation of the risk of multiple-module operation is based on the single-module, full-power, internal-events PRA. The PRA uses a systematic process to identify accident sequences, including significant human errors, that are associated with multiple-module risk.

19.1.2.4 Probabilistic Risk Assessment Maintenance and Upgrade The PRA is maintained and documented in a manner that facilitates PRA application, upgrade, and peer review. Key elements of PRA maintenance at the design stage PRA are consistency with the design submitted for standard design.

configuration control of applicable software and the PRA models of record.

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-10 Draft Revision 2 break. Five initiating event categories are established, as shown in the first column of Table 19.1-7:

pipe breaks and LOCAs steam generator tube failure (SGTF) secondary side line break loss of electric power transients Each category is then subdivided, if necessary, to define specific initiating events for which event trees should be developed. The subdivision is based on similarity of potential NPM response. For example, the secondary side line break category is a grouping of pipe breaks or leaks in the main steam, feedwater, and decay heat removal lines, because the module response to each of these breaks or leaks can be assessed by a common event tree. As another example, the Pipe Breaks and Loss of Coolant Accidents category includes IEs that result in the release of reactor coolant due to pipe breaks or inadvertent valve opening, either inside or outside of the CNV; however, only pipe breaks inside containment meet the regulatory definition of LOCA. The resultant IEs and associated event tree labels are in the Initiator and Label columns, respectively, of Table 19.1-7. The Description column provides a detailed description of the initiator. The eleven initiators with associated event trees represent the spectrum of module responses to potential internal event challenges.

19.1.4.1.1.3 Success Criteria Audit Question A-19.1-60 Per the ASME/ANS PRA Standard (Reference 19.1-1Reference 19.1-2),

the success criteria reflect the minimum number or combinations of systems or components required to operate, or minimum levels of performance per component during a specific period of time, to ensure that the safety functions are satisfied. In the PRA, partial functioning for example, reduced flow rate, is not modeled. The method for defining success criteria for the event tree sequences is performed by defining success in three progressive stages: overall success criterion, functional success criteria, and system success criteria.

The overall success criterion is prevention of core damage. Accident sequences that are considered success or OK do not result in core damage for the duration of the mission time defined for the PRA, and end in a stable or improving NPM configuration using the following definitions:

Mission time is the period of time that a system or component is required to operate successfully to perform its function. Mission times are specified for components that are required to operate following an initiating event. Mission times take into account the time needed to

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-35 Draft Revision 2 a seismic event. Key systems are protected from external events through the design of the systems themselves as well as protection provided by the RXB.

19.1.4.2 Level 2 Internal Events Probabilistic Risk Assessment for Operations at Power The following sections describe the Level 2 PRA, which evaluates the potential for radionuclide release external to the plant from a severe accident in a module.

19.1.4.2.1 Description of the Level 2 Probabilistic Risk Assessment for Operations at Power The following sections address the methodology, data and analytical tool used to perform the full-power, internal events Level 2 PRA.

19.1.4.2.1.1 Methodology A Level 2 PRA is performed to evaluate the potential for a severe accident progressing to the point of radionuclide release from the CNV. The design and operating characteristics of an NPM are such that multiple plant damage states need not be defined to support the PRA evaluation of a large release. As a result, a Level-2 event tree is a direct transfer from a Level 1 event tree sequence that has been evaluated to result in core damage. The Level 2 event tree models the progression of a severe accident from core damage to the point of a potential radionuclide release from containment. The Level 2 event tree is also referred to as the containment event tree (CET).

19.1.4.2.1.2 Containment Event Tree Each core damage accident sequence that is not a success is directly linked to a CET by the transfer event LEVEL2-ET and propagated through the CET to an endpoint that depicts the containment release state as illustrated in Figure 19.1-13. The top event CD-T01 provides a branch to quantify all Level 1 sequences with core damage end states. The CET terminates with one of three end states for each sequence. The end state CD allows quantification of the CDF as it summarizes the sequences transferred from the Level 1 event trees. The end state NR represents a core damage sequence with intact containment; for this end state, the potential radionuclide release is due to allowable leakage as defined by the Technical Specifications. The LR end state represents a large release that is associated with containment failure. Because of the small core used in the design, additional release categories to reflect a range of release possibilities is judged to be unnecessary.

Audit Question A-19.1-60 Potential severe accident phenomena that could challenge containment are evaluated to determine their applicability to the NuScale design and need for consideration in a CET. The evaluation considers phenomena

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-36 Draft Revision 2 listed in Section 19.0 of the Standard Review Plan, the ASME/ANS PRA Standard (Reference 19.1-1Reference 19.1-2), NUREG/CR-2300 (1983) and NUREG/CR-6595 (2004). The characteristics of the NuScale design provide an inherent degree of safety. As a result, severe accident phenomena that may challenge containment in typical current generation plants are shown by analyses summarized in Section 19.2 to not challenge containment integrity in a postulated NuScale severe accident.

Thus, containment failure due to bypass or containment isolation valve failure is the only mode of containment failure depicted in the CET, as indicated by top event CNTS-T01. As a result, all Level 1 sequences that are classified as core damage (i.e., whose end state is not OK) transfer to a single CET initiating event, Level2-ET, as illustrated in Figure 19.1-13.

End states of the CET define the conditions that characterize the effect of the sequence on the environment (i.e., the potential radionuclide release).

As such, end states reflect release characteristics such as timing and magnitude. Because of the simplicity of the design, only two CET end states are used to model radionuclide release. The end state NR is associated with a release that may be attributed to leakage from the boundary of an isolated containment; the end state LR is associated with a release from an unisolated containment. Each of these end states is assigned to a release category (RC) to represent the radionuclide source term.

19.1.4.2.1.3 Success Criteria The Level 2 PRA is bounding in that it does not credit mitigating systems or physical characteristics that are relevant to mitigating a radionuclide release (e.g., deposition on RXB surfaces) or recovery of the containment boundary if it is failed. Thus, the only mitigating function that is modeled in the CET is containment isolation, as illustrated by top event CNTS-T01 in Figure 19.1-13. Top event CNTS-T01 depicts containment isolation failure, and resulting bypass, associated with fault tree modeling for containment evacuation system (CES) Containment Isolation Fails and Results in Bypass.

CVCS Containment Isolation Fails and Results in Bypass.

SGTF and Containment Bypass.

Section 6.2 describes CNV penetrations in detail. The CNTS pressure boundary is formed by the CNV and passive and active barriers. Passive containment isolation barriers include the flange connections, ECCS pilot valve bodies, and piping outside of the CNV. Passive containment isolation barriers provided from supporting systems are the closed steam generator system (SGS) loops inside containment and the closed DHRS loops outside of containment. The active isolation boundaries are the CIVs, which close to provide a leak-tight barrier between the CNV and the environment. The CIVs are located on the respective system lines that

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-51 Draft Revision 2 19.1.5.1.1.3 Effects of Seismically Failed Structures, Systems, and Components on Surviving Structures, Systems, and Components Audit Question A-19.1-60 Potential failures of seismically qualified components due to physical interaction with a nonseismically qualified SSC are evaluated consistent with the definition of seismic spatial interaction, as defined by the ASME/ANS PRA standard (Reference 19.1-1Reference 19.1-2):

1. Proximity effects Safe shutdown of an NPM is ensured by opening of the RSVs, combined with successful passive ECCS valve operation, when there is not a loss of coolant outside the containment boundary. These components are fail safe on loss of power, have very high seismic capacities, and are physically shielded from nonseismically qualified SSC by the seismically qualified CNV.
2. Structural failure and falling Falling and interaction hazards between structures or partitions and SSC housed in utility and gallery areas are negligible contributors to seismic risk. Due to the passive and fail-safe design of the NPM, SSC located in these areas are not relied on for safe shutdown, particularly at ground motion levels capable of damaging surrounding structures and SSC anchorages. Off-site and on-site sources of AC power are fragile in comparison, thus, SSC failed due to interaction hazards are unavailable at ground motion levels capable of compromising substructures and partitions.

The potential for failure and falling interactions between surviving seismically qualified SSC and seismically failed SSC is limited by the nature of the NuScale design. The NPM is physically protected by the pool water, pool walls, bay walls, and, during power operation, the bioshield. Seismically-induced damage to the bay walls and bioshield is modeled in the SMA; the SMA demonstrates that these structures have higher HCLPF values than potential components that could fail because of a seismic event. Thus, these structures would provide a physical barrier between potentially failed components and the NPM.

When the bioshield is removed from an operating bay before NPM transport for refueling, piping penetrations atop the CNV, as well as the DHRS piping and heat exchangers on the side of the NPM, could be impacted by a falling or swinging object. However, the module is shut down and flooded before its bioshield being removed. In this configuration, safe shutdown is maintained by conduction from the RPV through to the CNV and reactor pool.

3. Flexibility of attached lines and cables

NuScale Final Safety Analysis Report Probabilistic Risk Assessment NuScale US460 SDAA 19.1-94 Draft Revision 2 The DHRS valves open.

The ECCS actuation valves open on loss of DC power at 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

In this accident sequence, decay heat is transferred from the core to the reactor pool by convection and conduction induced by passive circulation of RCS fluid.

The module reaches this configuration with passive valve operation, initially by the DHRS and long term by the ECCS. Inventory makeup is not required. Assuming all modules are shutdown, and there is no refill of the reactor pool from an external source and no credit for the condensation of evaporated water being returned to the reactor pool, the reactor pool water is sufficient for substantially longer than 30 days to remove decay heat.

19.1.10 References Audit Question A-19.1-60 19.1-1 American Society of Mechanical Engineers/American Nuclear Society, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME/ANS RA-S-2008 (Revision 1 RA-S-2002), New York, NY.Not used.

19.1-2 American Society of Mechanical Engineers/American Nuclear Society, Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME/ANS RA-Sa-2009, New York, NY.

19.1-3 U.S. Nuclear Regulatory Commission, Assessing the Technical Adequacy of the Advanced Light-Water Reactor Probabilistic Risk Assessment for the Design Certification Application and Combined License Application, DC/COL-ISG-028, November 2016.

19.1-4 Nuclear Energy Institute Risk-Informed Technical Specifications Initiative 5b, Risk-Informed Method for Control of Surveillance Frequencies, NEI 04-10, Revision 1, April 2007.

19.1-5 Nuclear Energy Institute, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, NEI 06-09, Revision 0, November 2006.

19.1-6 Electric Power Research Institute, Treatment of Parameter and Model Uncertainty for Probabilistic Risk Assessments, EPRI #1016737, EPRI, Palo Alto, CA, 2008.

19.1-7 NuScale Power, LLC, Risk Significance Determination, TR-0515-13952-NP-A, Revision 0.

19.1-8 Electric Power Research Institute, Program on Technology Innovation:

Comprehensive Risk Assessment Requirements for Passive Safety Systems, EPRI #1016747, EPRI, Palo Alto, CA, 2008.

NuScale Final Safety Analysis Report Severe Accident Evaluation NuScale US460 SDAA 19.2-32 Draft Revision 2 COL Item 19.2-2: An applicant that references the NuScale Power Plant US460 standard design will use the site-specific probabilistic risk assessment to evaluate and identify improvements in the reliability of core and containment heat removal systems as specified by 10 CFR 50.34(f)(1)(i).

Audit Issue A-19.2.6-1 COL Item 19.2-3: Not used.

19.2.7 References Audit Question A-19.1-60 19.2-1 American Society of Mechanical Engineers/American Nuclear Society, Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME/ANS RA-Sa-2009RA-S-2008 (Revision 1 RA-S-2002), New York, NY.

19.2-2 ANSYS (Release 19.2) [Computer Program]. (2019). Canonsburg, PA, ANSYS Incorporated.

19.2-3 Theofanous, T.G., et al., In-vessel Coolability and Retention of a Core Melt, DOE/ID-10460, Vol. I, October 1996.

19.2-4 Rempe, J.L., Potential for AP600 In-Vessel Retention through Ex-Vessel Flooding, INEEL/EXT-97-00779, December 1997.

19.2-5 Z. Guo and M.S. El-Genk, An experimental study of saturated pool boiling from downward facing and inclined surfaces, International Journal of Heat Mass Transfer, (1992): 35: 9, 1992.

19.2-6 Theofanous, T.G. and S. Syri, The coolability limit of a reactor pressure vessel lower head, Nuclear Engineering and Design, (1997):

169: 1-3:59-76.

19.2-7 Theofanous, T.G., et al., Critical heat flux through curved, downward facing, thick walls, Nuclear Engineering and Design, (1994):

151: 1:247-258.

19.2-8 Kutateladze, S. On the transition to film boiling under natural convection, Kotloturbostronie, no. 3, p. 10, 1948.

19.2-9 Kutateladze, S. Heat Transfer in Condensation and Boiling, Tech. Rep.,

State Scientific and Technical Publishers of Literature on Machinery, 1952.

19.2-10 Seongchul Jun et. al. Effect of Subcooling on Pool Boiling of Water from Sintered Copper Microporous Coating at Different Orientations, Science and Technology of Nuclear Installations, 2018

Retrieved from "https://kanterella.com/w/index.php?title=ML24215A226&oldid=5464649"