Text

License Amendment Request 24-05 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times – RITSTF Initiative 4b for TS 3.3.1 and 3.3.2
	ML24359A002
Person / Time
Site:	Diablo Canyon
Issue date:	12/24/2024
From:	Brass M; Pacific Gas & Electric Co
To:	; Office of Nuclear Reactor Regulation, Document Control Desk
References
	DCL-24-111
	Download: ML24359A002 (1)
	v • d • e

Michael J. Brass Director, Nuclear Maintenance Services Diablo Canyon Power Plant Mail code 104/5/508 P.O. Box 56 Avila Beach, CA 93424 805.545.6184 Michael.Brass@pge.com A member of the STARS Alliance Callaway

Diablo Canyon

Palo Verde

Wolf Creek PG&E Letter DCL-24-111 10 CFR 50.90 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 Diablo Canyon Units 1 and 2 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 License Amendment Request 24-05 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b for TS 3.3.1 and 3.3.2

Dear Commissioners and Staff:

Pursuant to 10 CFR 50.90, Pacific Gas and Electric Company (PG&E) hereby requests approval of the enclosed proposed amendment to the Technical Specifications (TS) 3.3.1, Reactor Trip System Instrumentation, and TS 3.3.2, Engineered Safey Features Actuation System, for Diablo Canyon Power Plant (DCPP) Units 1 and 2 to implement risk-informed Completion Times.

This license amendment request (LAR) is consistent with the NRC-approved Technical Specifications Task Force (TSTF) traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b changes to TS 3.3.1 and 3.3.2.

The changes requested in this LAR will prevent unnecessary unit shutdowns for low-risk scenarios, and is consistent with safely maintaining DCPP generation and thereby supporting electrical grid reliability in California.

Approval of the proposed amendment is requested by December 31, 2025. Once approved, the amendment will be implemented within 180 days.

PG&E makes no regulatory commitments (as defined by NEI 99-04) in this letter.

This letter includes no revisions to any existing regulatory commitments.

The enclosure to this letter contains the evaluation of the proposed change.

Pacific Gas and Electric Company*

Document Control Desk Page 2 PG&E Letter DCL-24-111 In accordance with site administrative procedures and the DCPP Quality Assurance Program, the proposed amendment has been reviewed by the Plant Staff Review Committee.

Pursuant to 10 CFR 50.91 (b)(1 ), PG&E is notifying the State of California of this LAR by transmitting a copy of this letter and enclosure to the California Department of Public Health.

If you have any questions or require additional information, please contact James Morris, Manager, Nuclear Regulatory Services, at 805-545-4609.

I state under penalty of perjury that the foregoing is true and correct.

Sincerely, Michael J. Brass, Director, Nuclear Maintenance Services, delegate for Justin E. Rogers, Station Director Executed on:

kjse/51263068 Enclosure Date cc:

Diablo Distribution cc/enc: Anthony Chu, Branch Chief, California Dept of Public Health Mahdi 0. Hayes, NRC Senior Resident Inspector Samson S. Lee, _NRR Project Manager John D. Monninger, NRC Region IV Deputy Administrator A

member of the STARS Alliance Callaway

Diablo Canyon

Palo Verde

Wolf Creek

PG&E Letter DCL-24-111 Enclosure 1

Evaluation of the Proposed Change

Subject:

License Amendment Request 24-05, Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b for TS 3.3.1 and 3.3.2

1.

SUMMARY

DESCRIPTION

2.

ASSESSMENT 2.1 Applicability of Published Safety Evaluation 2.2 Variations and Regulatory Commitments 2.3 Optional Changes and Variations 2.4 Additional Changes

3.

REGULATORY EVALUATION 3.1 No Significant Hazards Consideration Analysis 3.2 Conclusions

4.

ENVIRONMENTAL CONSIDERATION

5.

REFERENCES ATTACHMENTS:

1.

Proposed Technical Specification Changes (Mark-Up)

2.

Revised Technical Specification Pages

3.

Proposed Technical Specification Bases Changes (Mark-Up) - For Information Only

4.

Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 ENCLOSURES:

1.

List of Revised Required Actions to Corresponding Probabilistic Risk Assessment (PRA) Functions

2.

Information Supporting Consistency with Regulatory Guide 1.200, Revision 2

3.

Information Supporting Technical Adequacy of Probabilistic Risk Assessment (PRA) Models Without Standards Endorsed by Regulatory Guide 1.200, Revision 2

PG&E Letter DCL-24-111 Enclosure 2

4.

Information Supporting Justification of Excluding Sources of Risk Not Addressed by the Diablo Canyon Probabilistic Risk Assessment (PRA)

Models

5.

Baseline Core Damage Frequency (CDF) and Large Early Release Frequency (LERF)

6.

Justification of Application of At-Power Probabilistic Risk Assessment (PRA)

Models to Shutdown Modes

7.

Probabilistic Risk Assessment (PRA) Model Update Process

8.

Attributes of the Configuration Risk Management Program (CRMP) Model

9.

Key Assumptions and Sources of Uncertainty

10.

Program Implementation

11.

Monitoring Program

12.

Risk Management Action (RMA) Examples

PG&E Letter DCL-24-111 Enclosure 3

EVALUATION

1.

SUMMARY

DESCRIPTION The proposed amendment would modify the Technical Specification (TS) requirements related to the Completion Times (CTs) for Required Actions (RAs) to provide the option to calculate a longer, risk-informed completion time (RICT) for TS 3.3.1 (Reactor Trip System Instrumentation) and TS 3.3.2 (Engineered Safey Features Actuation System).

The methodology for using the RICT Program is described in NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Revision 0 (Reference 1), which was approved by the NRC on May 17, 2007. Adherence to NEI 06-09-A is required by the RICT Program, and Pacific Gas and Electric Company (PG&E) is not proposing any deviations from the NEI guidance.

The proposed amendment is consistent with Technical Specifications Task Force (TSTF) traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b (Reference 2). However, only those RAs described in to this Enclosure applicable to TS 3.3.1 and 3.3.2 are proposed to be changed. Attachment 4 does not include all of the RAs that were modified in TSTF-505, Revision 2 for TS 3.3.1 and 3.3.2 and includes some plant-specific RAs that are not included in TSTF-505, Revision 2. The plant-specific RAs are due to the site-specific system design configuration and are Conditions that are not a loss of a safety function; therefore, there is no adverse safety impact from including these plant-specific RAs in the scope of the proposed changes.

PG&E previously submitted a License Amendment Request (LAR) for TSTF-505, Revision 2, excluding the scope of TS 3.3.1 and 3.3.2 changes in Reference 3 as supplemented in Reference 3. The NRC approved the Amendments 245 and 247 in Reference 5 that have been implemented into the Diablo Canyon Power Plant TS, including the new TS 1.3-8 example, the approved risk-informed completion times, and the new TS Section 5.5.20 Risk Informed Completion Time Program.

This LAR contains the contents of the Reference 3 LAR that has been updated to include the information in the Reference 3 supplement that is applicable to the TS 3.3.1 and 3.3.2 changes and the additional information to support the TS changes. For the updates to include the applicable Reference 3 supplement information, the applicable audit question number is identified at the beginning of the update.

PG&E Letter DCL-24-111 Enclosure 4

2.

ASSESSMENT 2.1 Applicability of Published Safety Evaluation PG&E has reviewed TSTF-505, Revision 2 and the model safety evaluation dated November 21, 2018 (ADAMS Accession No. ML18253A085). This review included the supporting information provided to support TSTF-505, Revision 2 and the safety evaluation for NEI 06-09-A. As described in the subsequent paragraphs, PG&E has concluded that the technical basis is applicable to Diablo Canyon Units 1 and 2, and supports incorporation of this amendment in the Diablo Canyon 3.3.1 and 3.3.2 TS.

2.2 Variations and Regulatory Commitments In accordance with Section 4.0, Limitations and Conditions, of the safety evaluation for NEI 06-09-A, the following is provided:

1. Enclosure 1 identifies each of the 3.3.1 and 3.3.2 TS RAs to which the RICT Program will apply, with a comparison of the TS functions to the functions modeled in the probabilistic risk assessment (PRA) of the structures, systems and components (SSCs) subject to those actions.

2. Enclosure 2 provides a discussion of the results of peer reviews and self-assessments conducted for the plant-specific PRA models which support the RICT Program, as required by Regulatory Guide (RG) 1.200, Revision 2, Section 4.2.

3. Enclosure 3 is not applicable since each PRA model used for the RICT Program is addressed using a standard endorsed by the Nuclear Regulatory Commission.

4. Enclosure 4 provides appropriate justification for excluding sources of risk not addressed by the PRA models.

5. Enclosure 5 provides the plant-specific baseline core damage frequency (CDF) and large early release frequency (LERF) to confirm that the potential risk increases allowed under the RICT Program are acceptable.

6. Enclosure 6 is not applicable since the RICT Program is not being applied to shutdown modes.

7. Enclosure 7 provides a discussion of the DCPP programs and procedures that assure the PRA models that support the RICT Program are maintained consistent with the as-built, as-operated plant.

PG&E Letter DCL-24-111 Enclosure 5

8. Enclosure 8 provides a description of how the baseline PRA model, which calculates the average annual risk, is evaluated and modified to assess real-time configuration risk, and describes the scope of, and quality controls applied to, the real-time model.

9. Enclosure 9 provides a discussion of how the key assumptions and sources of uncertainty in the PRA models were identified, and how their impact on the RICT Program was assessed and dispositioned.

10. Enclosure 10 provides a description of the implementing programs and procedures regarding the plant staff responsibilities for the RICT Program implementation, including risk management action (RMA) implementation.

11. Enclosure 11 provides a description of the implementation and monitoring program as described in NEI 06-09-A, Section 2.3.2, Step 7.

12. Enclosure 12 provides a description of the process to identify and provide RMAs.

2.3 Optional Changes and Variations PG&E is proposing variations from the TS changes described in TSTF-505, Revision 2 or the applicable parts of the NRC staffs model safety evaluation dated November 21, 2018. These options were identified as acceptable variations in TSTF-505, Revision 2 and the NRC model safety evaluation due to plant specific design and associated TS, or are otherwise justified in Attachment 4.

provides a cross-reference of the TSTF 505, Revision 2, Standard Technical Specification (STS) changes to the Diablo Canyon Units 1 and 2 TS 3.3.1 and 3.3.2 changes proposed in this LAR. Attachment 4 provides individual dispositions of each STS change and Diablo Canyon Units 1 and 2 change. Where the changes are consistent, a disposition of No variation is provided. Where a variation is taken, the disposition provides a justification.

2.4 Additional Changes PG&E is not proposing additional changes beyond the editorial changes described in.

PG&E Letter DCL-24-111 Enclosure 6

3.

REGULATORY SAFETY ANALYSIS 3.1 No Significant Hazards Consideration Analysis PG&E has evaluated the proposed change to the Technical Specifications (TS) using the criteria in 10 CFR 50.92 and has determined that the proposed change does not involve a significant hazards consideration.

DCPP Units 1 and 2 request the adoption of an approved change to the Standard Technical Specifications (STS) and plant-specific TS, to modify the TS 3.3.1 and 3.3.2 requirements related to the Completion Times for Required Actions to provide the option to calculate a longer, risk-informed Completion Time. The allowance is described in a new program in Chapter 5, Administrative Controls, entitled Risk Informed Completion Time (RICT) Program.

As required by 10 CFR 50.91(a), an analysis of the issue of no significant hazards consideration is presented below:

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed change permits the extension of Completion Times provided the associated risk is assessed and managed in accordance with the NRC approved Risk-Informed Completion Time Program. The proposed change does not involve a significant increase in the probability of an accident previously evaluated because the change involves no change to the plant or its modes of operation.

The proposed change does not increase the consequences of an accident because the design-basis mitigation function of the affected systems is not changed and the consequences of an accident during the extended Completion Time are no different from those during the existing Completion Time.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change does not change the design, configuration, or method of operation of the plant. The proposed change does not involve a physical alteration of the plant (no new or different kind of equipment will be installed).

PG&E Letter DCL-24-111 Enclosure 7

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

The proposed change permits the extension of Completion Times provided risk is assessed and managed in accordance with the NRC approved Risk-Informed Completion Time Program. The proposed change implements a risk-informed configuration management program to ensure that adequate margins of safety are maintained. Application of these new specifications and the configuration management program considers cumulative effects of multiple systems or components being out of service and does so more effectively than the current TS.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, PG&E concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c),

and, accordingly, a finding of no significant hazards consideration is justified.

3.2 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

4.

ENVIRONMENTAL CONSIDERATION PG&E has reviewed the environmental evaluation included in the model safety evaluation published on November 21, 2018 (ADAMS Accession No. ML18267A259) as part of the Notice of Availability. PG&E has concluded that the NRC staff findings presented in that evaluation are applicable to DCPP Units 1 and 2.

The proposed change would change a requirement with respect to installation or use of a facility component located within the restricted area, as defined in 10 CFR 20, or would change an inspection or surveillance requirement. However, the proposed change does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released

PG&E Letter DCL-24-111 Enclosure 8

offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed change meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed change.

5.

REFERENCES

1. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

2. TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b. (ADAMS Accession No. ML18183A493, approved at ADAMS Accession No. ML18253A085).

3. PG&E Letter DCL-23-054, License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b, dated July 13, 2023 (ADAMS Accession No. ML23194A228).

4. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, dated January 15, 2024 (ADAMS Accession No. ML24016A299).

5. NRC Letter Diablo Canyon Nuclear Power Plant, Units 1 and 2 - Issuance of Amendment Nos. 245 and 247 RE: Revision to Technical Specifications to Adopt TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b (EPID L-2023-LLA-0100), dated May 29, 2024.

PG&E Letter DCL-24-111 Proposed Technical Specification Changes (Mark-Up)

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 3.3 INSTRUMENTATION 3.3.1 Reactor Trip System (RTS) Instrumentation LCO 3.3.1 The RTS instrumentation for each Function in Table 3.3.1-1 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.1-1.

ACTIONS

NOTE------------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions with one or more required channels or trains inoperable.

A.1 Enter the Condition referenced in Table 3.3.1-1 for the channel(s) or trains.

Immediately B. One Manual Reactor Trip channel inoperable.

B.1 Restore channel to OPERABLE status.

OR B.2 Be in MODE 3.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months 54 hours

NOTE-----------------

While this LCO is not met for function 19, 20 or 21, in MODE 5, making the Rod Control System capable of rod withdrawal is not permitted.

C. One channel or train inoperable.

C.1 Restore channel or train to OPERABLE status.

OR C.2.1 Initiate action to fully insert all rods.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months 48 hours (continued) 3.3-1 Unit 1 - Amendment No. 135 142 Unit 2 - Amendment No. 135 142 OR In accordance with the RICT Program

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME C. (continued)

AND C.2.2 Place the Rod Control System in a condition incapable of rod withdrawal.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months D. One Power Range Neutron Flux-High channel inoperable.

NOTE------------------

The inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing and setpoint adjustment of other channels.

D.1.1 -----------NOTE---------------

Only required when the Power Range Neutron Flux input to QPTR is inoperable.

Perform SR 3.2.4.2.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from discovery of THERMAL POWER

> 75% RTP AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND D.1.2 Place channel in trip 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR D.2 Be in MODE 3.

78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months (continued) 3.3-2 Unit 1 - Amendment No. 135, 179 Unit 2 - Amendment No. 135, 181 OR In accordance with the RICT Program

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME E. One channel inoperable.

NOTE------------------

For functions 6, 7, and 8.b, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 2.b and 3, only the inoperable channel may be bypassed for surveillance testing of other channels. For function 14.a, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis E.1 Place channel in trip.

OR E.2 Be in MODE 3.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours F. One Intermediate Range Neutron Flux channel inoperable.

F.1 Reduce THERMAL POWER to < P-6.

OR F.2 Increase THERMAL POWER to > P-10.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 24 hours (continued) 3.3-3 Unit 1 - Amendment No. 135, 142, 158, 173, 179, 205 Unit 2 - Amendment No. 135, 142, 159, 175, 181, 206 OR In accordance with the RICT Program

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME M.

One channel inoperable.

NOTE-----------------

For function 8.a, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 9 and 10, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

For functions 12 and 13, only the inoperable channel may be bypassed for surveillance testing of other channels. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

M.1 Place channel in trip.

OR M.2 Reduce THERMAL POWER to < P-7.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours N.

One channel inoperable N.1 Place channel in trip OR N.2 Reduce THERMAL POWER to < P-7 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours (continued) 3.3-4a Unit 1 - Amendment No. 135, 158, 173, 179 Unit 2 - Amendment No. 135, 159, 175, 181 OR In accordance with the RICT Program

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME O.

One Low Auto-Stop Oil Pressure Turbine Trip channel inoperable

NOTE------------------

An inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels.

O.1 Place channel in trip.

OR O.2 Reduce THERMAL POWER TO < P-9 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 76 hours P.

One or more Turbine Stop Valve Closure, Turbine Trip channel(s) inoperable.

P.1 Place channel(s) in trip.

OR P.2 Reduce THERMAL POWER to < P-9.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 76 hours Q.

One train inoperable.

NOTE------------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

Q.1 Restore train to OPERABLE status.

OR Q.2 Be in MODE 3.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 30 hours R.

One RTB train inoperable.

NOTE----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

R.1 Restore train to OPERABLE status.

OR R.2 Be in MODE 3.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 30 hours (continued) 3.3-5 Unit 1 - Amendment No. 135, 179 Unit 2 - Amendment No. 135, 181 OR In accordance with the RICT Program

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME S.

One or more channels or trains inoperable.

S.1 Verify interlock is in required state for existing unit conditions.

OR S.2 Be in MODE 3.

1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months 7 hours T.

One or more channels or trains inoperable.

T.1 Verify interlock is in required state for existing unit conditions.

OR T.2 Be in MODE 2.

1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months 7 hours U.

One trip mechanism inoperable for one RTB.

U.1 Restore inoperable trip mechanism to OPERABLE status.

OR U.2 Be in MODE 3.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months 54 hours V.

Not used W. One channel inoperable

NOTE------------------

The inoperable channel may be bypassed for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months for surveillance or maintenance.

W.1 Place channel in trip OR W.2 Be in MODE 3 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours (continued) 3.3-6 Unit 1 - Amendment No. 135, 179 Unit 2 - Amendment No. 135, 181 OR In accordance with the RICT Program

OR In accordance with the RICT Program ACTIONS (continued}

CONDITION X.

One or more SG Water Level Low - Low Trip Time Delay channel(s) inoperable.

DIABLO CANYON - UNITS 1 & 2 REQUIRED ACTION

NOTE------------------

For function 14.b, the inoperable TTD channel (processor) and/or one additional TTD channel (processor) may be surveillance tested with the affected steam generator low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

X.1 Set the Trip Time Delay to zero seconds.

OR X.2 Place the affected SG Water Level Low - Low channel(s) in trip.

00 X,-3 Qe iA MGQE 3.

RTS Instrumentation 3.3.1 COMPLETION TIME 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 72 hours

/.....

78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months 3.3-7 Unit 1 - Amendment No. 4-aa, 4-?a., +79-Unit 2 - Amendment No. 4-aa, 4-?e, 48+

+

TS 3.3.1 ACTIONS Inserts CONDITION REQUIRED ACTION COMPLETION TIME Y. Required Action and associated Completion Time of Conditions B, D, E, Q, R, U, and X not met.

Y.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Z. Required Action and associated Completion Time of Condition M not met.

Z.1 Reduce THERMAL POWER to < P-7.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months AA. Required Action and associated Completion Time of Conditions O or P not met.

AA.1 Reduce THERMAL POWER to < P-9.

4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 3.3 INSTRUMENTATION 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation LCO 3.3.2 The ESFAS instrumentation for each Function in Table 3.3.2-1 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.2-1.

ACTIONS

NOTE-------------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A.

One or more Functions with one or more required channels or trains inoperable.

A.1 Enter the Condition referenced in Table 3.3.2-1 for the channel(s) or train(s).

Immediately B.

One channel or train inoperable.

B.1 Restore channel or train to OPERABLE status.

OR B.2.1 Be in MODE 3.

AND B.2.2

NOTE-----------

LCO 3.0.4.a is not applicable when entering MODE 4.

Be in MODE 4.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months 54 hours 60 hours6.944444e-4 days 0.0167 hours 9.920635e-5 weeks 2.283e-5 months (continued) 3.3-19 Unit 1 - Amendment No. 135, 179, 219 Unit 2 - Amendment No. 135, 181, 221 OR In accordance with the RICT Program

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME C.

One train inoperable.

NOTE-----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

C.1 Restore train to OPERABLE status.

OR 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months C.2.1 Be in MODE 3.

AND 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months C.2.2

NOTE-----------

LCO 3.0.4.a is not applicable when entering MODE 4.

Be in MODE 4.

36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months (continued) 3.3-19a Unit 1 - Amendment No. 135, 179, 219 Unit 2 - Amendment No. 135, 181, 221 OR In accordance with the RICT Program

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME D.

One channel inoperable.

NOTE-----------------

For function 1.d, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 1.e(1), 4.d(1), 4.d(2), and 6.d(1),

the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

D.1 Place channel in trip.

OR 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months D.2.1 Be in MODE 3.

AND 78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months D.2.2 Be in MODE 4.

84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months (continued) 3.3-20 Unit 1 - Amendment No. 135, 173, 179 Unit 2 - Amendment No. 135, 175, 181 OR In accordance with the RICT Program

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME F.

One channel or train inoperable.

F.1 Restore channel or train to OPERABLE status.

OR 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months F.2.1 Be in MODE 3.

AND 54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months F.2.2 Be in MODE 4.

60 hours6.944444e-4 days 0.0167 hours 9.920635e-5 weeks 2.283e-5 months G.

One train inoperable.

NOTE-----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

G.1 Restore train to OPERABLE status.

OR 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months G.2.1 Be in MODE 3.

AND 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months G.2.2 Be in MODE 4.

36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months H.

One train inoperable.

NOTE---------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

H.1 Restore train to OPERABLE status.

OR 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months H.2 Be in MODE 3.

30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months (continued) 3.3-21 Unit 1 - Amendment No. 135, 179 Unit 2 - Amendment No. 135, 181 OR In accordance with the RICT Program

OR In accordance with the RICT Program ACTIONS (continued)

CONDITION I.

One channel inoperable.

J.

One channel inoperable K.

One channel inoperable DIABLO CANYON - UNITS 1 & 2 REQUIRED ACTION

NOTE-----------------

The inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels.

1.1 Place channel in trip.

00

~ Be in MODE 2.

NOTE-----------------

The inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

J.1 Place channel in trip.

00

~ Be in MODE 3.

ESFAS Instrumentation 3.3.2 COMPLETION TIME 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours K.1.1 Place the channel in cut-6 hours out.

AND K.1.2 Return the inoperable 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months channel to an OPERABLE status 00

~

Be in MODE 3.

54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months

~

Bein MODE5 84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months 3.3-22 (continued)

Unit 1 - Amendment No. 4-ae. 4-?a-, 4 Unit 2 - Amendment No. 4-ae. 4-?e, 48+

t-

+

-t-

+

OR In accordance with the RICT Program ACTIONS {continued)

CONDITION L.

One or more channels or trains inoperable.

M. One or more SG Water Level - Low Low Trip Time Delay channel(s) inoperable.

DIABLO CANYON - UNITS 1 & 2 REQUIRED ACTION L.1 Verify interlock is in required state for existing unit condition.

OR L.2.1 Be in MODE 3.

AND L.2.2 Be in MODE 4.

NOTE-----------------

The inoperable TTD channel (processor) and/or one additional TTD channel (processor) may be surveillance tested with the affected steam generator low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

M.1 Set the Trip Time Delay to zero seconds.

OR M.2 Place the affected SG Water Level - Low Low channel(s) in trip.

00 M-3-.4 Be in MODE 3.

ANQ.

~

Be in MODE 4.

ESFAS Instrumentation 3.3.2 COMPLETION TIME 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months 7 hours 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months 72 hours 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours 84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months (continued) 3.3-23 Unit 1 - Amendment No. 4-ae, +?a, 4 Unit 2 - Amendment No. 4-ae, 4-?e, 48+

-+-

+

+-

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME N.

One channel inoperable.

N.1 Restore channel to OPERABLE status.

OR 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months N.2 Declare the associated AFW pump or MSIV inoperable.

Immediately O.

One channel inoperable

NOTE-----------------

The inoperable channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or with the inoperable channel in trip, one additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

O.1 Place channel in trip.

OR O.2.1 Be in MODE 3 AND O.2.2 Be in MODE 5.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours 108 hours0.00125 days 0.03 hours 1.785714e-4 weeks 4.1094e-5 months (continued) 3.3-24 Unit 1 - Amendment No. 135, 142, 173, 179 Unit 2 - Amendment No. 135, 142, 175, 181 OR In accordance with the RICT Program

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME P. One channel inoperable.

NOTE-----------------

The inoperable channel and one additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months only if any function 1.c channel associated with the inoperable channel is in trip. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

P.1 Place channel in bypass.

OR P.2.1 Be in MODE 3 AND P.2.2 Be in MODE 5.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 78 hours 108 hours0.00125 days 0.03 hours 1.785714e-4 weeks 4.1094e-5 months 3.3-24a Unit 1 - Amendment No. 135, 142, 173, 179 Unit 2 - Amendment No. 135, 142, 175, 181 OR In accordance with the RICT Program

TS 3.3.2 ACTIONS Inserts CONDITION REQUIRED ACTION COMPLETION TIME Q. Required Action and associated Completion Time of Conditions B or C not met.

Q.1 Be in MODE 3.

AND Q.2 ----------NOTE---------------

LCO 3.0.4.a is not applicable when entering MODE 4.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Be in MODE 4.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months R. Required Action and associated Completion Time of Conditions D, F, G, or M not met.

R.1 Be in MODE 3.

AND R.2 Be in MODE 4.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours S. Required Action and associated Completion Time of Conditions H or J not met.

S.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months T. Required Action and associated Completion Time of Condition I not met.

T.1 Be in MODE 2.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months U. Required Action and associated Completion Time of Conditions K, O, or P not met.

U.1 Be in MODE 3.

AND 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months U.2 Be in MODE 5.

30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months

PG&E Letter DCL-24-111 Revised Technical Specification Pages Remove Page Insert Page 3.3-1 3.3-1 3.3-2 3.3-2 3.3-3 3.3-3 3.3-4a 3.3-4a 3.3-5 3.3-5 3.3-6 3.3-6 3.3-7 3.3-7 3.3-7a 3.3-19 3.3-19 3.3-19a 3.3-19 3.3-20 3.3-20 3.3-21 3.3-21 3.3-22 3.3-22 3.3-23 3.3-23 3.3-24 3.3-24 3.3-24a 3.3-24a

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 1 of 60 Tab_3!3u3r19.DOC 1106.1629 3.3 INSTRUMENTATION 3.3.1 Reactor Trip System (RTS) Instrumentation LCO 3.3.1 The RTS instrumentation for each Function in Table 3.3.1-1 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.1-1.

ACTIONS

NOTE------------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions with one or more required channels or trains inoperable.

A.1 Enter the Condition referenced in Table 3.3.1-1 for the channel(s) or trains.

Immediately B. One Manual Reactor Trip channel inoperable.

B.1 Restore channel to OPERABLE status.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months OR In accordance with the RICT Program

NOTE-----------------

While this LCO is not met for function 19, 20 or 21, in MODE 5, making the Rod Control System capable of rod withdrawal is not permitted.

C. One channel or train inoperable.

C.1 Restore channel or train to OPERABLE status.

OR C.2.1 Initiate action to fully insert all rods.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months 48 hours (continued) 3.3-1 Unit 1 - Amendment No. 135, 142, Unit 2 - Amendment No. 135, 142,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 2 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME C. (continued)

AND C.2.2 Place the Rod Control System in a condition incapable of rod withdrawal.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months D. One Power Range Neutron Flux-High channel inoperable.

NOTE------------------

The inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing and setpoint adjustment of other channels.

D.1.1 -----------NOTE---------------

Only required when the Power Range Neutron Flux input to QPTR is inoperable.

Perform SR 3.2.4.2.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from discovery of THERMAL POWER

> 75% RTP AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter AND D.1.2 Place channel in trip 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program (continued) 3.3-2 Unit 1 - Amendment No. 135, 179, Unit 2 - Amendment No. 135, 181,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 3 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME E. One channel inoperable.

NOTE------------------

For functions 6, 7, and 8.b, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 2.b and 3, only the inoperable channel may be bypassed for surveillance testing of other channels. For function 14.a, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis E.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program F.

One Intermediate Range Neutron Flux channel inoperable.

F.1 Reduce THERMAL POWER to < P-6.

OR F.2 Increase THERMAL POWER to > P-10.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months 24 hours (continued) 3.3-3 Unit 1 - Amendment No. 135, 142, 158, 173, 179, 205, Unit 2 - Amendment No. 135, 142, 159, 175, 181, 206,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 6 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME M. One channel inoperable.

NOTE-----------------

For function 8.a, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 9 and 10, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

For functions 12 and 13, only the inoperable channel may be bypassed for surveillance testing of other channels. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

M.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program N. One channel inoperable N.1 Place channel in trip OR N.2 Reduce THERMAL POWER to < P-7 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours (continued) 3.3-4a Unit 1 - Amendment No. 135, 158, 173, 179, Unit 2 - Amendment No. 135, 159, 175, 181,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 7 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME O. One Low Auto-Stop Oil Pressure Turbine Trip channel inoperable

NOTE------------------

An inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels.

O.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program P. One or more Turbine Stop Valve Closure, Turbine Trip channel(s) inoperable.

P.1 Place channel(s) in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program Q. One train inoperable.

NOTE------------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

Q.1 Restore train to OPERABLE status.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OR In accordance with the RICT Program R. One RTB train inoperable.

NOTE----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

R.1 Restore train to OPERABLE status.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OR In accordance with the RICT Program (continued) 3.3-5 Unit 1 - Amendment No. 135, 179, Unit 2 - Amendment No. 135, 181,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 8 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME S. One or more channels or trains inoperable.

S.1 Verify interlock is in required state for existing unit conditions.

OR S.2 Be in MODE 3.

1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months 7 hours T.

One or more channels or trains inoperable.

T.1 Verify interlock is in required state for existing unit conditions.

OR T.2 Be in MODE 2.

1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months 7 hours U. One trip mechanism inoperable for one RTB.

U.1 Restore inoperable trip mechanism to OPERABLE status.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months OR In accordance with the RICT Program V. Not used W. One channel inoperable

NOTE------------------

The inoperable channel may be bypassed for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months for surveillance or maintenance.

W.1 Place channel in trip OR W.2 Be in MODE 3 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours (continued) 3.3-6 Unit 1 - Amendment No. 135, 179, Unit 2 - Amendment No. 135, 181,

RTS Instrumentation 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 9 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME X. One or more SG Water Level Low - Low Trip Time Delay channel(s) inoperable.

NOTE------------------

For function 14.b, the inoperable TTD channel (processor) and/or one additional TTD channel (processor) may be surveillance tested with the affected steam generator low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

X.1 Set the Trip Time Delay to zero seconds.

OR 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months X.2 Place the affected SG Water Level Low - Low channel(s) in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program Y. Required Action and associated Completion Time of Conditions B, D, E, Q, R, U, and X not met.

Y.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Z.

Required Action and associated Completion Time of Condition M not met.

Z.1 Reduce THERMAL POWER to < P-7.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months AA. Required Action and associated Completion Time of Conditions O or P not met.

AA.1 Reduce THERMAL POWER to < P-9.

4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months 3.3-7 Unit 1 - Amendment No. 135, 173, 179, Unit 2 - Amendment No. 135, 175, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 22 of 60 Tab_3!3u3r19.DOC 1106.1629 3.3 INSTRUMENTATION 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation LCO 3.3.2 The ESFAS instrumentation for each Function in Table 3.3.2-1 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.2-1.

ACTIONS

NOTE-------------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions with one or more required channels or trains inoperable.

A.1 Enter the Condition referenced in Table 3.3.2-1 for the channel(s) or train(s).

Immediately B. One channel or train inoperable.

B.1 Restore channel or train to OPERABLE status.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months OR In accordance with the RICT Program C. One train inoperable.

NOTE-----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

C.1 Restore train to OPERABLE status.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OR In accordance with the RICT Program (continued) 3.3-19 Unit 1 - Amendment No. 135, 179, 219, Unit 2 - Amendment No. 135, 181, 221,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 23 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME D. One channel inoperable.

NOTE-----------------

For function 1.d, the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or both the inoperable and the additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . For functions 1.e(1), 4.d(1), 4.d(2), and 6.d(1),

the inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

D.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program (continued) 3.3-20 Unit 1 - Amendment No. 135, 173, 179, Unit 2 - Amendment No. 135, 175, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 25 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME F.

One channel or train inoperable.

F.1 Restore channel or train to OPERABLE status.

48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months OR In accordance with the RICT Program G. One train inoperable.

NOTE-----------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

G.1 Restore train to OPERABLE status.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OR In accordance with the RICT Program H. One train inoperable.

NOTE---------------

One train may be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE.

H.1 Restore train to OPERABLE status.

24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OR In accordance with the RICT Program (continued) 3.3-21 Unit 1 - Amendment No. 135, 179, Unit 2 - Amendment No. 135, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 26 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME I.

One channel inoperable.

NOTE-----------------

The inoperable channel may be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels.

I.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program J.

One channel inoperable

NOTE-----------------

The inoperable channel and/or one additional channel may be surveillance tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

J.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program K. One channel inoperable K.1.1 Place the channel in cut-out.

AND K.1.2 Return the inoperable channel to an OPERABLE status 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 48 hours OR In accordance with the RICT Program (continued) 3.3-22 Unit 1 - Amendment No. 135. 173, 179, Unit 2 - Amendment No. 135. 175, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 27 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME L.

One or more channels or trains inoperable.

L.1 Verify interlock is in required state for existing unit condition.

OR 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months L.2.1 Be in MODE 3.

AND 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months L.2.2 Be in MODE 4.

13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months M. One or more SG Water Level - Low Low Trip Time Delay channel(s) inoperable.

NOTE-----------------

The inoperable TTD channel (processor) and/or one additional TTD channel (processor) may be surveillance tested with the affected steam generator low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

M.1 Set the Trip Time Delay to zero seconds.

OR M.2 Place the affected SG Water Level - Low Low channel(s) in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 72 hours OR In accordance with the RICT Program (continued) 3.3-23 Unit 1 - Amendment No. 135, 173, 179, Unit 2 - Amendment No. 135, 175, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 28 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME N. One channel inoperable.

N.1 Restore channel to OPERABLE status.

OR 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months N.2 Declare the associated AFW pump or MSIV inoperable.

Immediately O. One channel inoperable

NOTE-----------------

The inoperable channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months , or with the inoperable channel in trip, one additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

O.1 Place channel in trip.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program (continued) 3.3-24 Unit 1 - Amendment No. 135, 142, 173, 179, Unit 2 - Amendment No. 135, 142, 175, 181,

ESFAS Instrumentation 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 19 Page 29 of 60 Tab_3!3u3r19.DOC 1106.1629 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME P. One channel inoperable.

NOTE-----------------

The inoperable channel and one additional channel may be surveillance tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months only if any function 1.c channel associated with the inoperable channel is in trip. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

P.1 Place channel in bypass.

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OR In accordance with the RICT Program Q. Required Action and associated Completion Time of Conditions B or C not met.

Q.1 Be in MODE 3.

AND Q.2

NOTE-----------

LCO 3.0.4.a is not applicable when entering MODE 4.

Be in MODE 4.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours R. Required Action and associated Completion Time of Conditions D, F, G, or M not met.

R.1 Be in MODE 3.

AND R.2 Be in MODE 4.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 12 hours S. Required Action and associated Completion Time of Conditions H or J not met.

S.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months T.

Required Action and associated Completion Time of Condition I not met.

T.1 Be in MODE 2.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months U. Required Action and associated Completion Time of Conditions K, O, or P not met.

U.1 Be in MODE 3.

AND U.2 Be in MODE 5.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 30 hours 3.3-24a Unit 1 - Amendment No. 135, 142, 173, 179, Unit 2 - Amendment No. 135, 142, 175, 181,

PG&E Letter DCL-24-111 Proposed Technical Specification Bases Changes (Mark-Up)

For Information Only

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 36 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

B.1, and B.2 Condition B applies to the Manual Reactor Trip in MODE 1 or 2. This action addresses the train orientation of the SSPS for this Function.

With one channel inoperable, the inoperable channel must be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . In this Condition, the remaining OPERABLE channel is adequate to perform the safety function.

The Completion Time of 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is reasonable considering that there are two automatic actuation trains and another manual initiation channel OPERABLE, and the low probability of an event occurring during this interval.

If the Manual Reactor Trip Function cannot be restored to OPERABLE status within the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit must be brought to a MODE in which the requirement does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 additional hours (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time). The 6 additional hours to reach MODE 3 is reasonable, based on operating experience, to exit the applicability from full power operation in an orderly manner and without challenging unit systems. With the unit in MODE 3, Condition C is entered if the Manual Reactor Trip Function has not been restored and the Rod Control System is capable of rod withdrawal or one more rods are not fully inserted.

C.1, C.2.1, and C.2.2 Condition C applies to the following reactor trip Functions in MODE 3, 4, or 5 with the Rod Control System capable of rod withdrawal or one or more rods not fully inserted:

Manual Reactor Trip; RTBs; RTB Undervoltage and Shunt Trip Mechanisms; and Automatic Trip Logic.

This action addresses the train orientation of the SSPS for these Functions. With one channel or train inoperable, the inoperable channel or train must be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months .

If the affected Function(s) cannot be restored to OPERABLE status within the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit must be placed in a MODE in which the requirement does not apply. To achieve this status action must be initiated within the same 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months to fully insert all rods, and the Rod Control System must be rendered (continued)

[or in accordance with the RICT Program]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 37 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS C.1, C.2.1, and C.2.2 (continued) incapable of rod withdrawal within the next hour (e.g., by de-energizing all CRDMs, by opening the RTBs, or by de-energizing the motor generator (MG) sets). The additional hour for the latter provides sufficient time to accomplish the action in an orderly manner. With the rods fully inserted and the Rod Control System rendered incapable of rod withdrawal, these Functions are no longer required.

The Completion Time is reasonable considering that in this Condition, the remaining OPERABLE train is adequate to perform the safety function, and given the low probability of an event occurring during this interval.

Condition C is modified by a Note stating that while this LCO is not met for Functions 19, 20, or 21 in MODE 5 making the Rod Control System capable of rod withdrawal is not permitted. This note is in addition to the requirements of LCO 3.0.4 which preclude the transition from either MODE 3 or MODE 4 to MODE 3 or MODE 4 with the Rod control System capable of rod withdrawal or all rods not fully inserted for Functions 19, 20, or 21 with one channel or train inoperable.

D.1.1, D.1.2, and D.2 Condition D applies to the Power Range Neutron FluxHigh Function.

With one of the NIS power range detectors inoperable, 1/4 of the radial power distribution monitoring capability is lost. Therefore, SR 3.2.4.2 must be performed (Required Action D.1.1) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months after THERMAL POWER exceeds 75% RTP and every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter.

If reactor power decreases to < 75% RTP, the measurement of both intervals stops, and SR 3.2.4.2 is no longer required. New intervals start upon reactor power exceeding 75% RTP. Calculating QPTR every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months compensates for the lost monitoring capability due to the inoperable NIS power range channel and allows continued unit operation at power levels > 75% RTP. When THERMAL POWER is <

75%, core radial power distributions are prevented from exceeding design limits where DNB conditions may exist. The 12-hour Completion Time is consistent with the Surveillance Requirement Frequency in LCO 3.2.4, "QUADRANT POWER TILT RATIO (QPTR)."

The NIS power range detectors provide input to the Rod Control System and, therefore, have a two-out-of-four trip logic. A known inoperable channel must be placed in the tripped condition. This results in a partial trip condition requiring only one-out-of-three logic for actuation. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition is justified in Reference 28.

(continued) and

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 38 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS D.1.1, D.1.2, and D.2 (continued)

As an alternative to the above Actions, the plant must be placed in a MODE where this Function is no longer required OPERABLE.

Seventy-eight hours are allowed to place the plant in MODE 3. The 78-hour completion time includes 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months for channel corrective maintenance, and an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months for the MODE reduction as required by Action D.2. This is a reasonable time, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging plant systems. If Required Actions cannot be completed within their allowed Completion Times, LCO 3.0.3 must be entered.

The Required Actions have been modified by a Note that allows placing the inoperable channel in the bypass condition for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months while performing routine surveillance testing of other channels. The Note also allows placing the inoperable channel in the bypass condition to allow setpoint adjustments of other channels when required to reduce the setpoint in accordance with other Technical Specifications. In accordance with WCAP 10271-P-A (Reference 7), very specific circumstances are related to the use of this bypass condition. Since the NIS channels are not designed with Bypass-capable logic that meets the requirements of IEEE 279, the provisions for bypass only apply to a specific type of channel failure. To apply, the channel must fail in such a way that it does not trip the bistables. With this type of failure, the channel may be returned to service and considered "bypassed" under this Note. Specifically, the bypass condition is the state when a failed channel is taken out of the forced "tripped" state and placed in operation. Due to the failed nature of the channel, the channel cannot be assumed to be OPERABLE, and is therefore considered to be in a state of bypass when the channel failure is such that its bistables are not tripped. The provisions of WCAP 10271 specifically prohibit the use of jumpers or lifted leads to bypass these channels. In this configuration, a second channel can be tested or setpoints adjusted with the channel in the tripped mode without completing reactor trip logic. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months time limit is justified in Reference 28.

Required Action D.1.1 has been modified by a Note which only requires SR 3.2.4.2 to be performed if the Power Range Neutron Flux input to QPTR becomes inoperable. The performance of SR 3.2.4.2 per ACTION D.1.1 is subject to the SR 3.2.4.2 note. Failure of a component in the Power Range Neutron Flux Channel which renders the High Flux Trip Function inoperable may not affect the capability to monitor QPTR. As such, determining QPTR using core power distribution measurement information once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months may not be necessary.

(continued) and

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 39 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

E.1 and E.2 Condition E applies to the following reactor trip Functions:

Power Range Neutron FluxLow; Overtemperature T; Overpower T; Power Range Neutron FluxHigh Positive Rate; Pressurizer PressureHigh; and SG Water LevelLow Low.

A known inoperable channel must be placed in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . Placing the channel in the tripped condition results in a partial trip condition requiring only one-out-of-two logic for actuation of the two-out-of-three trips and one-out-of-three logic for actuation of the two-out-of-four trips. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition is justified in Reference 28.

If the operable channel cannot be placed in the trip condition within the specified Completion Time, the unit must be placed in a MODE where these Functions are not required OPERABLE. An additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to place the unit in MODE 3. Six hours is a reasonable time, based on operating experience, to place the unit in MODE 3 from full power in an orderly manner and without challenging unit systems.

The Required Actions have been modified by a Note for Functions 6, 7 and 8.b, that allows an inoperable channel and/or one additional channel to be tested with one channel in bypass and the other channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for performing surveillance testing.

Additionally, for Function 6, 7 and 8b, both the inoperable and the additional channel maybe placed in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. The Note allows only the inoperable channel for Functions 2.b and 3, to be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels. This note is not intended to allow simultaneous testing of coincident channels on a routine basis. In accordance with WCAP 10271, very specific circumstances are related to the use of this bypass condition for RTS Functions 2.b and 3. Since these channels are not designed with Bypass-capable logic that meets the requirements of IEEE 279, the provisions for bypass only apply to a specific type of channel failure. To apply, the channel must fail in such a way that it does not trip the bistables. With this type of failure, the channel may be returned to service and considered "bypassed" under this Note. Specifically, the bypass condition is the state when a failed channel is taken out of the forced "tripped" state and placed in operation.

(continued)

[or in accordance with the RICT Program]

has

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 40 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS E.1 and E.2 (continued)

Due to the failed nature of the channel, the channel cannot be assumed to be OPERABLE, and is therefore considered to be in a state of bypass when the channel failure is such that its bistables are not tripped. The provisions of WCAP 10271 specifically prohibit the use of jumpers or lifted leads to bypass these channels. In this configuration, a second channel can be tested with the channel in the tripped mode without completing reactor trip logic. The Note for Function 14.a, allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and the other in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. Functions 6,7, and 8.b are two-out-of-four trip logic, and 14.a is two-out-of-three trip logic and the allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent trip of the reactor or keep a valid signal from tripping the reactor as it was designed. This note is not intended to allow simultaneous testing of coincident channels on a routine basis. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months time limit is justified in Reference 28.

F.1 and F.2 Condition F applies to the Intermediate Range Neutron Flux trip when THERMAL POWER is above the P-6 setpoint and below the P-10 setpoint and one channel is inoperable. Above the P-6 setpoint and below the P-10 setpoint, the NIS intermediate range detector performs the monitoring Functions. If THERMAL POWER is greater than the P-6 setpoint but less than the P-10 setpoint, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is allowed to reduce THERMAL POWER below the P-6 setpoint or increase to THERMAL POWER above the P-10 setpoint. The NIS Intermediate Range Neutron Flux channels must be OPERABLE when the power level is above the capability of the source range, P-6, and below the capability of the power range, P-10. If THERMAL POWER is greater than the P-10 setpoint, the NIS power range detectors perform the monitoring and protection functions and the intermediate range is not required.

The Completion Times allow for a slow and controlled power adjustment above P-10 or below P-6 and take into account the redundant capability afforded by the redundant OPERABLE channel, the overlap of the power range detectors, and the low probability of its failure during this period. This action does not require the inoperable channel to be tripped because the Function uses one-out-of-two logic.

Tripping one channel would trip the reactor. Thus, the Required Actions specified in this Condition are only applicable when channel failure does not result in reactor trip.

(continued)

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 44 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

M.1 and M.2 Condition M applies to the following reactor trip Functions:

Pressurizer Pressure Low; Pressurizer Water Level High; Reactor Coolant Flow Low; RCP Breaker Position ;

Undervoltage RCPs; and Underfrequency RCPs.

With one channel inoperable, the inoperable channel must be placed in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . For the Pressurizer Pressure -

Low, Pressurizer Water Level - High, Undervoltage RCPs, and Underfrequency RCPs trip Functions, placing the channel in the tripped condition when above the P-7 setpoint results in a partial trip condition requiring only one additional channel to initiate a reactor trip. For the Reactor Coolant Flow - Low trip Function, placing the channel in the tripped condition results in a partial trip condition requiring only one additional channel to initiate a reactor trip above the P-7 and P-8 setpoints. These Functions do not have to be OPERABLE below the P-7 setpoint because there are no loss of flow trips below the P-7 setpoint. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the channel in the tripped condition is justified in Reference 28. An additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to reduce THERMAL POWER to below P-7 if the inoperable channel cannot be restored to OPERABLE status or placed in trip within the specified Completion Time. The Reactor Coolant Flow - Low reactor trip function goes from 1 of 4 logic to 2 of 4 logic below the P-8 setpoint; however, the Required Action must take the plant below the P-7 setpoint, if an inoperable channel is not tripped within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , due to the shared components between this function and the Reactor Coolant Flow - Low trip function.

Allowance of this time interval takes into consideration the redundant capability provided by the remaining redundant OPERABLE channel, and the low probability of occurrence of an event during this period that may require the protection afforded by the Functions associated with Condition M.

(continued)

[or in accordance with the RICT Program]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 45 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS M.1 and M.2 (continued)

The Required Actions have been modified by a Note for Function 8.a, that allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and the other in trip, or with both the inoperable channel and the additional channel in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months while performing surveillance testing of those channels. The Note for Function 9 and 10 allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and the other channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. The Note allows only the inoperable channel for Functions 12 and 13 to be bypassed for surveillance testing of other channels. This note is not intended to allow simultaneous testing of coincident channels on a routine basis. In accordance with WCAP 10271, very specific circumstances are related to the use of this bypass condition for RTS Functions 12 and 13. Since these channels are not designed with Bypass-capable logic that meets the requirements of IEEE 279, the provisions for bypass only apply to a specific type of channel failure.

To apply, the channel must fail in such a way that it does not trip the bistables. With this type of failure, the channel may be returned to service and considered "bypassed" under this Note. Specifically, the bypass condition is the state when a failed channel is taken out of the forced "tripped" state and placed in operation. Due to the failed nature of the channel, the channel cannot be assumed to be OPERABLE, and is therefore considered to be in a state of bypass when the channel failure is such that its bistables are not tripped. The provisions of WCAP 10271 specifically prohibit the use of jumpers or lifted leads to bypass these channels. In this configuration, a second channel can be tested with the channel in the tripped mode without completing reactor trip logic. Function 11 may not be bypassed since its logic is not 2 of 4 or 2 of 3, therefore, single failure would not be maintained. Function 8.a is a two-out-of-four trip logic and Functions 9 and 10 are two-out-of-three logic trip logics. The allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent trip of the reactor or keep a valid signal from tripping the reactor as it was designed. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months time limit is justified in Reference 28.

(continued) has

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 47 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

O.1 and O.2 Condition O applies to Turbine Trip on Low Auto-Stop Oil Pressure.

With one channel inoperable, the inoperable channel must be placed in the trip condition within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . If placed in the tripped condition, this results in a partial trip condition requiring only one additional channel to initiate a reactor trip. If the channel cannot be restored to OPERABLE status or placed in the trip condition, then power must be reduced below the P-9 setpoint within the next 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition and the 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months allowed for reducing power are justified in Reference 28.

The Required Actions have been modified by a Note that allows placing an inoperable channel in the bypassed condition for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months while performing routine surveillance testing of the other channels. In accordance with WCAP 10271, very specific circumstances are related to the use of this bypass condition for RTS Function 16. Since this channel is not designed with Bypass-capable logic that meets the requirements of IEEE 279, the provisions for bypass only apply to a specific type of channel failure. To apply, the channel must fail in such a way that it does not trip the bistables. With this type of failure, the channel may be returned to service and considered "bypassed" under this Note. Specifically, the bypass condition is the state when a failed channel is taken out of the forced "tripped" state and placed in operation. Due to the failed nature of the channel, the channel cannot be assumed to be OPERABLE, and is therefore considered to be in a state of bypass when the channel failure is such that its bistables are not tripped. The provisions of WCAP 10271 specifically prohibit the use of jumpers or lifted leads to bypass this channel. In this configuration, a second channel can be tested with the channel in the tripped mode without completing reactor trip logic. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months time limit is justified in Reference 28.

P.1 and P.2 Condition P applies to Turbine Trip on Turbine Stop Valve Closure.

With one or more channels inoperable, the inoperable channel must be placed in the trip condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . For the Turbine Trip on Turbine Stop Valve Closure function, where four-of-four channels are required to initiate a reactor trip; hence more than one channel may be placed in trip. If the channel(s) cannot be restored to OPERABLE status or placed in the trip condition, then power must be reduced below the P-9 setpoint within the next 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel(s) in the tripped condition and the 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months allowed for reducing power are justified in Reference 28.

(continued) is

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

[or in accordance with the RICT Program]

is has

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 48 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

Q.1 and Q.2 Condition Q applies to the SI Input from ESFAS reactor trip and the RTS Automatic Trip Logic in MODES 1 and 2. These actions address the train orientation of the RTS for these Functions. With one train inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status (Required Action Q.1) or the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed to restore the inoperable train to OPERABLE status is justified in Reference 29. An additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to place the unit in MODE 3. Six hours (Required Action Q.2) is reasonable, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging unit systems.

Consistent with the requirement in Reference 28 to include Tier 2 insights into the decision-making process before taking equipment out of service, restrictions on concurrent removal of certain equipment when a logic train is inoperable for maintenance are included. These restrictions do not apply when a logic train is being tested under the 4-hour bypass Note of Condition Q. When a logic train is inoperable for maintenance, the following should not be scheduled:

Activities that degrade the availability of the auxiliary feedwater system, RCS pressure relief system (pressurizer PORVs and safety valves), AMSAC, or turbine trip (to preserve ATWS mitigation capability).

Activities that cause master relays or slave relays in the available train to be unavailable and activities that cause analog channels to be unavailable (to preserve reactor trip and safeguards actuation capability).

Activities that prevent maintaining one complete emergency core cooling system train that can be actuated automatically (to preserve LOCA mitigation capability).

Activities on electrical systems (e.g., AC and DC power) and cooling systems (ASW and CCW) that support the systems or functions listed above.

Since Condition Q is typically entered due to equipment failure, it follows that some of the above restrictions may not be met at the time of Condition Q entry. If this situation were to occur during the 24-hour Completion Time of Required Action Q.1, the configuration risk management program will assess the emergent condition and direct activities to restore the inoperable logic train and exit Condition Q or fully implement the restrictions.

The Required Actions have been modified by a Note that allows bypassing one train up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing, provided the other train is OPERABLE.

(continued) has

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 49 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

R.1 and R.2 Condition R applies to the RTBs in MODES 1 and 2. These actions address the train orientation of the RTS for the RTBs. With one train inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is allowed for train corrective maintenance to restore the train to OPERABLE status or the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The 24-hour Completion Time is justified in Reference 29. The Completion Time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging unit systems.

Placing the unit in MODE 3 results in Condition C entry if one RTB train is inoperable.

Consistent with the requirement in Reference 29 to include Tier 2 insights into the decision-making process before taking equipment out of service, restrictions on concurrent removal of certain equipment when a RTB train is inoperable for maintenance are included. These restrictions do not apply when a RTB train is being tested under the 4-hour bypass Note of Condition R. When a RTB train is inoperable for maintenance, the following should not be scheduled:

Activities that degrade the availability of the auxiliary feedwater system, RCS pressure relief system (pressurizer PORVs and safety valves), AMSAC, or turbine trip (to preserve ATWS mitigation capability).

Activities that cause master relays or slave relays in the available train to be unavailable and activities that cause analog channels to be unavailable (to preserve reactor trip and safeguards actuation capability).

Activities on electrical systems (e.g., AC and DC power) and cooling systems (ASW) that support the systems or functions listed above.

Since Condition R is typically entered due to equipment failure, it follows that some of the above restrictions may not be met at the time of Condition R entry. If this situation were to occur during the 24-hour Completion Time of Required Action R.1, the configuration risk management program will assess the emergent condition and direct activities to restore the inoperable logic train and exit Condition R or fully implement the above restrictions.

The Required Actions have been modified by a Note. The Note allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing, provided the other train is OPERABLE. The 4-hour time limit is justified in Reference 29.

(continued) has

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 51 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

U.1 and U.2 Condition U applies to the RTB Undervoltage and Shunt Trip Mechanisms, or diverse trip features, in MODES 1 and 2. With one of the diverse trip features inoperable, it must be restored to an OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or the unit must be placed in a MODE where the requirement does not apply. This is accomplished by placing the unit in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time).

The Completion Time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is a reasonable time, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging unit systems.

With the unit in MODE 3, Condition C is entered if the inoperable trip mechanism has not been restored and the Rod Control System is capable of rod withdrawal or one or more rods are not fully inserted.

The affected RTB shall not be bypassed while one of the diverse features is inoperable except for the time required to perform maintenance to restore the inoperable trip mechanism to OPERABLE status, consistent with Ref. 13.

The Completion Time of 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months for Required Action U.1 is reasonable considering that in this Condition there is one remaining diverse feature for the affected RTB, and one OPERABLE RTB capable of performing the safety function and given the low probability of an event occurring during this interval.

V.1 - Not used W.1 and W.2 Condition W applies to the Seismic Trip, in MODES 1 and 2. With one of the channels inoperable, START UP and/or POWER OPERATION may proceed provided the inoperable channel is placed in trip within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If a direction is inoperable, then the channel must be considered inoperable. Placing the channel in the tripped condition creates a partial trip condition requiring only one out of two logic from the remaining locations for reactor trip actuation.

The Required Actions have been modified by a Note that allows placing the inoperable channel in the bypassed condition for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months while performing surveillance testing or maintenance. The allowed 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months bypass time is reasonable based on the low probability of an event occurring while the channel is bypassed and on the time required to perform the required surveillance testing.

(continued)

[or in accordance with the RICT Program]

RTS Instrumentation B 3.3.1 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 52 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

X.1, X.2 and X.3 Condition X applies to the Trip Time Delay (TTD) channels (processors) for the SG Water Level-Low Low trip function in MODES 1 and 2. With one or more TTD channels (processors) inoperable or the RCS delta-T equivalent power input inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to adjust the threshold power level for no time delay to 0% RTP. This sets the TTD processor timer to zero seconds and effectively removes its time delay input from the affected SG water level circuits. If the TTD processor timer cannot be set to zero seconds then the affected SG water level low-low output channels must be placed in trip. Only one SG water level low-low output channel per generator can be placed in the trip position without tripping the plant. The Completion Time of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months is justified in Reference 28.

If the TTD threshold power for no time delay cannot be adjusted to 0%

RTP (zero seconds time delay) or the single SG water level output channel cannot be placed in the trip condition within the specified Completion Time, the unit must be placed in a MODE where these Functions are not required OPERABLE. An additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to place the unit in MODE 3. Six hours is a reasonable time, based on operating experience, to place the unit in MODE 3 from full power in an orderly manner and without challenging unit systems.

The Required Actions have been modified by a note that allows the inoperable TTD channel (processor) and/or one additional TTD channel (processor) to be surveillance tested with the affected SG low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

If Required Action X.1 is completed for an inoperable TTD processor, the affected SG low-low water level channels would still be operable in that a valid SG low-low water level trip function would not be delayed.

With the inoperable TTD processor meeting this required action, the above note will still apply for the inoperable TTD processor and/or one additional TTD processor.

(continued) and

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

INSERTS Y, Z, and AA

B 3.3.1 ACTIONS Inserts Y.1 If the Required Action and associated Completion Time of Conditions B, D, E, Q, R, U, and X are not met, Be in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . This places the unit in a MODE where the LCO is no longer applicable.

Z.1 If the Required Action and associated Completion Time of Condition M is not met, 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to reduce THERMAL POWER to below P-7.

AA.1 If the Required Action and associated Completion Time of Condition O or P are not met, 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is allowed to reduce THERMAL POWER to below P-9.

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 100 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

B.1, B.2.1 and B.2.2 Condition B applies to manual initiation of:

SI; Containment Spray; Phase A Isolation; and Phase B Isolation.

This action addresses the train orientation of the SSPS for the functions listed above. If a channel or train is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return it to an OPERABLE status. Note that for containment spray and Phase B isolation, failure of one or both channels in one train renders the train inoperable. Condition B, therefore, encompasses both situations. The specified Completion Time is reasonable considering that there are two automatic actuation trains and another manual initiation train OPERABLE for each Function, and the low probability of an event occurring during this interval. If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which overall plant risk is reduced. This is done by placing the unit in at least MODE 3 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time) and in MODE 4 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (60 hours6.944444e-4 days 0.0167 hours 9.920635e-5 weeks 2.283e-5 months total time). The allowable Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

Remaining within the Applicability of the LCO is acceptable to accomplish short duration repairs to restore inoperable equipment because the plant risk in MODE 4 is similar to or lower than MODE 5 (Ref. 20). In MODE 4 the Steam Generators and Residual Heat Removal System are available to remove decay heat, which provides diversity and defense in depth. As stated in Reference 20, the steam turbine driven Auxiliary Feedwater Pump must be available to remain in MODE 4. Should Steam Generator cooling be lost while relying on this Required Action, there are preplanned actions to ensure long-term decay heat removal. Voluntary entry into MODE 5 may be made as it is also acceptable from a risk perspective.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 101 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

Required Action B.2.2 is modified by a Note that states that LCO 3.0.4.a is not applicable when entering MODE 4. This Note prohibits the use of LCO 3.0.4.a to enter MODE 4 during startup with the LCO not met. However, there is no restriction on the use of LCO 3.0.4.b, if applicable, because LCO 3.0.4.b requires performance of a risk assessment addressing inoperable systems and components, consideration of the results, determination of the acceptability of entering MODE 4, and establishment of risk management actions, if appropriate. LCO 3.0.4 is not applicable to, and the Note does not preclude, changes in MODES or other specified conditions in the Applicability that are required to comply with ACTIONS or that are part of a shutdown of the unit.

C.1, C.2.1 and C.2.2 Condition C applies to the automatic actuation logic and actuation relays for the following functions:

SI; Containment Spray; Phase A Isolation; and Phase B Isolation This action addresses the train orientation of the SSPS and the master and slave relays. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status. The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 17. The specified Completion Time is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which overall plant risk is reduced. This is done by placing the unit in at least MODE 3 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months total time) and in MODE 4 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months total time).

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

[NOTE: If entering this Condition from MODE 4, Required Action Q ]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 102 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

C.1, C.2.1 and C.2.2 (continued)

Remaining within the Applicability of the LCO is acceptable to accomplish short duration repairs to restore inoperable equipment because the plant risk in MODE 4 is similar to or lower than MODE 5 (Ref. 20). In MODE 4 the Steam Generators and Residual Heat Removal System are available to remove decay heat, which provides diversity and defense in depth. As stated in Reference 20, the steam turbine driven Auxiliary Feedwater Pump must be available to remain in MODE 4. Should Steam Generator cooling be lost while relying on this Required Action, there are preplanned actions to ensure long-term decay heat removal. Voluntary entry into MODE 5 may be made as it is also acceptable from a risk perspective.

Required Action C.2.2 is modified by a Note that states that LCO 3.0.4.a is not applicable when entering MODE 4. This Note prohibits the use of LCO 3.0.4.a to enter MODE 4 during startup with the LCO not met. However, there is no restriction on the use of LCO 3.0.4.b, if applicable, because LCO 3.0.4.b requires performance of a risk assessment addressing inoperable systems and components, consideration of the results, determination of the acceptability of entering MODE 4, and establishment of risk management actions, if appropriate. LCO 3.0.4 is not applicable to, and the Note does not preclude, changes in MODES or other specified conditions in the Applicability that are required to comply with ACTIONS or that are part of a shutdown of the unit.

The Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

Consistent with the requirement in Reference 17 to include Tier 2 insights into the decision-making process before taking equipment out of service, restrictions on concurrent removal of certain equipment when a logic train is inoperable for maintenance are included. These restrictions do not apply when a logic train is being tested under the 4-hour bypass Note of Condition C. When a logic train is inoperable for maintenance, the following should not be scheduled:

(continued)

[NOTE: If entering this Condition from MODE 4, Required Action Q ]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 103 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

Activities that degrade the availability of the auxiliary feedwater system, RCS pressure relief system (pressurizer PORVs and safety valves), AMSAC, or turbine trip (to preserve ATWS mitigation capability).

Activities that cause master relays or slave relays in the available train to be unavailable and activities that cause analog channels to be unavailable (to preserve reactor trip and safeguards actuation capability).

Activities that prevent maintaining one complete emergency core cooling system train that can be actuated automatically (to preserve LOCA mitigation capability).

Activities on electrical systems (e.g., AC and DC power) and cooling systems (ASW and CCW) that support the systems or functions listed above.

Since Condition C is typically entered due to equipment failure, it follows that some of the above restrictions may not be met at the time of Condition C entry. If this situation were to occur during the 24-hour Completion Time of Required Action C.1, the configuration risk management program will assess the emergent condition and direct activities to restore the inoperable logic train and exit Condition C or fully implement the restrictions.

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing, provided the other train is OPERABLE. This allowance is based on the reliability analysis assumption of WCAP-10271-P-A (Ref. 8) that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform train surveillance.

(continued) is

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 104 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

D.1, D.2.1, and D.2.2 Condition D applies to:

SI - Pressurizer Pressure Low; SI - Steam Line Pressure Low; Steam Line Isolation - Steam Line Pressure Negative Rate High; Steam Line Isolation - Steam Line Pressure Low; and Auxiliary Feedwater - SG Water level Low Low; If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore the channel to OPERABLE status or to place it in the tripped condition.

Generally this Condition applies to functions that operate on two-out-of-three logic (excluding pressurizer pressure - low which is two-out-of-four due to its control input function). Therefore, failure of one channel places the Function in a two-out-of-two configuration. The inoperable channel must be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements.

Since pressurizer pressure is used for control and SSPS input, its coincidence is two-out-of-four to provide to required reliability and redundancy. Failure of one channel places the function in a two-out-of-three configuration. The inoperable channel must be placed in the tripped condition to place the Function in a one-out-of-three configuration that satisfies the reliability and redundancy requirements.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 105 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS D.1, D.2.1, and D.2.2 (continued)

Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

In MODE 4, these Functions are no longer required OPERABLE.

The Required Actions are modified by a Note for Function 1.d that allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and one channel in trip, or with both the inoperable and the additional channel in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. For Functions 1.e, 4.d(1), 4.d(2) and 6.d(1), the Note allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. Function 1.d is a two-out-of-four trip logic and Functions 1.e, 4.d(1), 4.d(2) and 6.d(1) are two-out-of-three logic actuation logics. The allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent actuation of the function or keep a valid signal from actuating the function as it was designed. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to restore the channel to OPERABLE status or to place the inoperable channel in the tripped condition, and the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for testing, are justified in Reference 17. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

E.1, E.2.1, and E.2.2 Condition E applies to:

Steam Line Isolation - Containment Pressure - High-high This signal does not input to a control function. Thus, two-out-of-three logic is necessary to meet acceptable protective requirements.

However, a two-out-of-three design would require tripping a failed channel. This is undesirable because a single failure of the Containment Pressure input would then cause spurious containment spray initiation. Spurious spray actuation is undesirable because of the cleanup problems presented. Therefore, these channels are designed with two-out-of-four logic so that a failed channel may be bypassed rather than tripped. Note that one channel may be bypassed and still satisfy the single failure criterion. Furthermore, with one channel bypassed, a single instrumentation channel failure will not spuriously initiate containment spray.

(continued) is

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 107 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS E.1, E.2.1, and E.2.2 (continued)

As a result, for the three common control channels that include a Function 1.c channel the testing of a second common control channel in bypass requires verification that the Function 1.c channel on the inoperable common control channel is in trip. Otherwise no second common control channel can be tested in bypass. However, if the fourth common control channel is the inoperable channel, then with that common control channel in bypass, any one of the other three common control channels may be tested in bypass without placing the associated Function 1.c, channel in trip. Placing a second channel in the bypass condition for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for testing purposes is acceptable based on Reference 17. The allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent actuation of the function or keep a valid signal from actuating the function or an associated function as designed. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

F.1, F.2.1, and F.2.2 Condition F applies to the P-4 Interlock.

For the P-4 Interlock Function, this action addresses the train orientation of the SSPS. If a train is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return it to OPERABLE status. The specified Completion Time is reasonable considering the nature of this Function, the available redundancy, and the low probability of an event occurring during this interval. If the Function cannot be returned to OPERABLE status, the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power in an orderly manner and without challenging unit systems. In MODE 4, the unit does not have any analyzed transients or conditions that require the explicit use of the protection function noted above.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 108 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

G.1, G.2.1 and G.2.2 Condition G applies to the automatic actuation logic and actuation relays for the Steam Line Isolation and AFW actuation Functions.

The action addresses the train orientation of the SSPS and the master and slave relays for these functions. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status. The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 17. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be returned to OPERABLE status, the unit must be brought to MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. Placing the unit in MODE 4 removes all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the explicit use of the protection functions noted above.

Consistent with the requirement in Reference 17 to include Tier 2 insights into the decision-making process before taking equipment out of service, restrictions on concurrent removal of certain equipment when a logic train is inoperable for maintenance are included. These restrictions do not apply when a logic train is being tested under the 4-hour bypass Note of Condition G. When a logic train is inoperable for maintenance, the following should not be scheduled:

Activities that degrade the availability of the auxiliary feedwater system, RCS pressure relief system (pressurizer PORVs and safety valves), AMSAC, or turbine trip (to preserve ATWS mitigation capability).

Activities that cause master relays or slave relays in the available train to be unavailable and activities that cause analog channels to be unavailable (to preserve reactor trip and safeguards actuation capability).

Activities that prevent maintaining one complete emergency core cooling system train that can be actuated automatically (to preserve LOCA mitigation capability).

Activities on electrical systems (e.g., AC and DC power) and cooling systems (ASW and CCW) that support the systems or functions listed above.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 109 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS G.1, G.2.1 and G.2.2 (continued)

Since Condition G is typically entered due to equipment failure, it follows that some of the above restrictions may not be met at the time of Condition G entry. If this situation were to occur during the 24-hour Completion Time of Required Action G.1, the configuration risk management program will assess the emergent condition and direct activities to restore the inoperable logic train and exit Condition G or fully implement the restrictions.

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 8) assumption that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform channel surveillance.

H.1 and H.2 Condition H applies to the Automatic Actuation Logic and Actuation Relays for the Feedwater Isolation Function.

This action addresses the train orientation of the SSPS and the master and slave relays for this Function. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status or the unit must be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 17. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. The allowed Completion Time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. These Functions are no longer required in MODE 3. Placing the unit in MODE 3 removes all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the explicit use of the protection functions noted above.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

is

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 110 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS H.1 and H.2 (continued)

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 8) assumption that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform train surveillance.

I.1 and I.2 Condition I applies to Auxiliary Feedwater - Undervoltage Reactor Coolant Pump If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore one channel to OPERABLE status or to place it in the tripped condition. If placed in the tripped condition, the function is then in a partial trip condition where one additional tripped channel will result in actuation.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time is justified in Ref. 17. Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , requires the Unit to be placed in MODE 2 with in the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . Six hours is reasonable, based on operating experience, to reach MODE 2 from full power conditions in an orderly manner without challenging unit systems. In MODE 2, this Function is no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel to be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels. In accordance with WCAP 10271, very specific circumstances are related to the use of this bypass condition for ESFAS Functions 6.g. Since this channel is not designed with Bypass-capable logic that meets the requirements of IEEE 279, the provisions for bypass only apply to a specific type of channel failure.

To apply, the channel must fail in such a way that it does not trip the bistables. With this type of failure, the channel may be returned to service and considered "bypassed" under this Note. Specifically, the bypass condition is the state when a failed channel is taken out of the forced "tripped" state and placed in operation. Due to the failed nature of the channel, the channel cannot be assumed to be OPERABLE, and is therefore considered to be in a state of bypass when the channel failure is such that its bistables are not tripped. The provisions of WCAP 10271 specifically prohibit the use of jumpers or lifted leads to bypass this channel. In this configuration, a second channel can be tested with the channel in the tripped mode without completing ESFAS logic. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition, and the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for a second channel to be in the bypassed condition for testing, are justified in Reference 17.

(continued) is

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

is

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 111 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

J.1 and J.2 Condition J applies to the Feedwater Isolation Actuation signal resulting from Steam Generator Level - High-High (P-14).

If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore one channel to OPERABLE status or to place it in the tripped condition. If placed in the tripped condition, the Function is then in a partial trip condition where one-out-of-two logic will result in actuation. The 72-hour Completion Time is justified in Reference 17. Failure to restore the inoperable channel to OPERABLE status or place in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit to be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . Six hours is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, this Function is no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel and/or one additional channel to be tested with one channel in bypass and one channel in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. This Function is a two-out-of-three actuation logic and the allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent actuation of the function or keep a valid signal from actuating the function as it was designed. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition, and the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for a second channel to be in the bypassed condition for testing, are justified in Reference 17. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

K.1.1, K.1.2, K.2.1 and K.2.2 Condition K applies to the Residual Heat Removal Pump Trip on RWST Level - Low. Restoring the channel to OPERABLE status or placing the inoperable channel in the bypass (cut-out) condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is sufficient to ensure that the Function remains OPERABLE and minimizes the time that the Function may be in a partial trip condition (assuming the inoperable channel has failed low). Placing the out-of-service channel in cut-out removes that channel from the trip logic, similar to a bypass function. This provides a two-out-of-two trip logic from the remaining channels. The 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion Time is justified in Reference 8. If the channel cannot be placed in the cut-out condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , and returned to an OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , the unit must be brought to MODE 3 within 54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months and MODE 5 within 84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months . The allowed Completion Times for shutdown are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 5, the unit does not have any analyzed transients or conditions that require the explicit use of the pump trip function noted above.

(continued)

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

is and

[or in accordance with the RICT Program].

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 112 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS (continued)

L.1, L.2.1 and L.2.2 Condition L applies to the P-11 interlock.

With one or more channels inoperable, the operator must verify that the interlock is in the required state for the existing unit condition. This action manually accomplishes the function of the interlock.

Determination must be made within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . The verification determination can be made by observation of the associated annunciator window(s). The 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months Completion Time is equal to the time allowed by LCO 3.0.3 to initiate shutdown actions in the event of a complete loss of ESFAS function. If the interlock is not in the required state (or placed in the required state) for the existing unit condition, the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. Placing the unit in MODE 4 removes all requirements for OPERABILITY of these interlocks.

M.1, M.2, M.3.1 and M.3.2 Condition M applies to the Trip Time Delay (TTD) channels (processors) for the SG Water Level-Low Low actuation of the turbine-driven AFW pump and is required to be OPERABLE in MODES 1, 2 and 3. With one or more TTD channels (processors) inoperable or the RSC T equivalent power input inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to adjust the threshold power level for no time delay to 0% RTP. This sets the TTD processor timer to zero seconds and effectively removes its input for the SG water level circuit. If the TTD timer processor cannot be set to zero seconds for a single SG water level control, then the affected SG water level low-low channel must be placed in trip. Only one SG water level low-low channel per generator can be placed in trip position without tripping the plant. The Completion Time of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months is justified in Reference 17.

If the TTD threshold power for no time delay cannot be adjusted to 0%

RTP (zero seconds time delay) or the single SG water level output channel cannot be placed in the trip condition within the specified Completion Time, the unit must be placed in MODE 4 where these Functions are not required OPERABLE. A completion time of 78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months is allowed to place the unit in MODE 3 and 84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months for MODE 4.

These completion times are reasonable, based on operating experience, to place the unit in MODE 4 from full power in an orderly manner and without challenging unit systems. In MODE 4 there are no analyzed transients requiring the use of the turbine-driven AFW pump.

(continued) and

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 113 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS M.1, M.2, M.3.1 and M.3.2 (continued)

The Required Actions have been modified by a note that allows the inoperable TTD channel (processor) and/or one additional TTD channel (processor) to be surveillance tested with the affected SG low-low water level channels for one TTD channel (processor) in bypass and the affected SG low-low water level channels for the other TTD channel (processor) in trip for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months time limit is justified in reference 17. This note is not intended to allow simultaneous testing of multiple TTD channels (processors) on a routine basis.

If Required Action M.1 is completed for an inoperable TTD processor, the affected SG low-low water level channels would still be operable in that a valid SG low-low water level trip function would not be delayed.

With the inoperable TTD processor meeting this required action, the above note will still apply for the inoperable TTD processor and/or one additional TTD processor.

N.1 or N.2 Condition N applies to:

Manual Initiation of Steam Line Isolation; and Manual Initiation of Auxiliary Feedwater.

If a channel is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return the channel to an OPERABLE status. The specified Completion Time is reasonable considering the nature of these functions, the available redundancy, and the low probability of an event occurring during this interval. If the Function cannot be returned to OPERABLE status, the associated pump or valve shall be declared inoperable immediately and the REQUIRED ACTION of 3.7.5 or 3.7.2 as applicable complied with immediately.

O.1 or O.2.1 and O.2.2 Condition O applies to Safety Injection resulting from Containment Pressure - High.

If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore the channel to OPERABLE status or to place it in the tripped condition.

Failure of one channel places the function in a two-out-of-two configuration since the trip coincidence is two-out-of-three. The inoperable channel must be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements.

(continued) and

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 114 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS O.1 or O.2.1 and O.2.2 (continued)

Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit be placed in MODE 3 within 78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months and MODE 5 in 108 hours0.00125 days 0.03 hours 1.785714e-4 weeks 4.1094e-5 months .

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

In MODE 5, these functions are no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel to be tested in bypass or with the inoperable channel in trip, one additional channel maybe tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months while performing surveillance testing. This function is a two-out-of-three trip logic and the allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent actuation of the function or keep a valid signal from actuating the function as it was designed. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to restore the channel to operable status or to place the inoperable channel in the tripped condition, and the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for testing, are justified in Reference 17. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

P.1 or P.2.1 and P.2.2 Condition P applies to:

Containment Spray - Containment Pressure - High-High.

Containment Isolation - Phase B Isolation - Containment Pressure -

High-High Neither of these signals has input to a control function. Thus, two-out-of-three logic is necessary to meet acceptable protective requirements. However, a two-out-of-three design would require tripping a failed channel. This is undesirable because a single failure would then cause spurious containment spray initiation. Spurious spray actuation is undesirable because of the cleanup problems presented.

Therefore, these channels are designed with two-out-of-four logic so that a failed channel may be bypassed rather than tripped. Note that one channel may be bypassed and still satisfy the single failure criterion. Furthermore, with one channel bypassed, a single instrumentation channel failure will not spuriously initiate containment spray. The containment spray signal is also interlocked with SI and will not initiate without simultaneous SI and containment spray signals.

(continued) is

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 115 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES ACTIONS P.1 or P.2.1 and P.2.2 (continued)

To avoid the inadvertent actuation of containment spray and Phase B containment isolation, the inoperable channel is bypassed. Restoring the channel to OPERABLE status, or placing the inoperable channel in the bypass condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , is sufficient to assure that the Function remains OPERABLE and minimizes the time that the Function may be in a partial trip condition (assuming the inoperable channel has failed high). The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to restore the channel to OPERABLE status or to place it in the bypassed condition is justified in Reference 17.

Failure to restore the inoperable channel to OPERABLE status or place it in the bypassed condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit be placed in MODE 3 within 78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months , and MODE 5 in 108 hours0.00125 days 0.03 hours 1.785714e-4 weeks 4.1094e-5 months .

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

In MODE 5, these Functions are no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel to be tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing. In addition, the Note allows the inoperable channel and one additional channel to be tested in bypass for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing only if the Function 1.c channel associated with the inoperable channel is in trip during the testing.

This function is a two-out-of-four actuation logic and three of its channels are contained on common control channels with three other functions and the fourth channel is on a common control channel with two other functions. As a result, if a common control channel is inoperable then one channel from each of its contained functions is inoperable. Three of the common control channels each contain a channel from the Safety Injection Containment Pressure - High (Function. 1.c). Function 1.c, is a two-out-of-three logic, which requires an inoperable channel to be placed in trip to continue operability and only one channel at a time is allowed to be bypassed for testing. As a result, for the three common control channels that include a Function 1.c channel the testing of a second common control channel in bypass requires verification that the Function 1.c channel on the inoperable common control channel is in trip. Otherwise no second common control channel can be tested in bypass. However, if the fourth common control channel is the inoperable channel, then with that common control channel in bypass, any one of the other three common control channels may be tested in bypass without placing the associated Function 1.c, channel in trip.

(continued) are is

[Alternatively, a Completion Time can be determined in accordance with the RICT Program.]

ESFAS Instrumentation B 3.3.2 DIABLO CANYON - UNITS 1 & 2 Rev 13A Page 116 of 173 Tab_B3!3u3r13.DOC 0329.1250 BASES (continued)

ACTIONS P.1 or P.2.1 and P.2.2 (continued)

Placing a second channel in the bypass condition for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for testing purposes is justified in Reference 17. The allowed testing configurations provide flexibility for testing, while assuring that during testing no configuration will cause an inadvertent actuation of the function or keep a valid signal from actuating the function or an associated function as designed. This note is not intended to allow simultaneous testing of coincident channels on a routine basis.

SURVEILLANCE REQUIREMENTS The SRs for each ESFAS Function are identified by the SRs column of Table 3.3.2-1.

A Note has been added to the SR Table to clarify that Table 3.3.2-1 determines which SRs apply to which ESFAS Functions.

Note that each channel of process protection supplies both trains of the ESFAS. When testing channel I, train A and train B must be examined.

Similarly, train A and train B must be examined when testing channel II, channel III, and channel IV (if applicable).

The CHANNEL CALIBRATION and COTs are performed in a manner that is consistent with the assumptions used in analytically calculating the required channel accuracies.

SR 3.3.2.1 Performance of the CHANNEL CHECK ensures that a gross failure of instrumentation has not occurred. A CHANNEL CHECK is normally a comparison of the parameter indicated on one channel to a similar parameter on other channels. It is based on the assumption that instrument channels monitoring the same parameter should read approximately the same value. Significant deviations between the two instrument channels could be an indication of excessive instrument drift in one of the channels or of something even more serious. A CHANNEL CHECK will detect gross channel failure; thus, it is key to verifying the instrumentation continues to operate properly between each CHANNEL CALIBRATION.

Agreement criteria are established in STP I-1A, based on a combination of the channel instrument uncertainties, including indication and reliability. If a channel is outside the criteria, it may be an indication that the sensor or the signal processing equipment has drifted outside its limit.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

(continued)

INSERTS Q, R, S, T, and U

B 3.3.2 ACTIONS Inserts Q.1 and Q.2 If the Required Action and associated Completion Time of Conditions B or C are not met, be in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and be in MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which overall plant risk is reduced. This is done by placing the unit in at least MODE 3 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 4 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowable Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

Remaining within the Applicability of the LCO is acceptable to accomplish short duration repairs to restore inoperable equipment because the plant risk in MODE 4 is similar to or lower than MODE 5 (Ref. 20). In MODE 4 the Steam Generators and Residual Heat Removal System are available to remove decay heat, which provides diversity and defense in depth. As stated in Reference 20, the steam turbine driven Auxiliary Feedwater Pump must be available to remain in MODE 4. Should Steam Generator cooling be lost while relying on this Required Action, there are preplanned actions to ensure long-term decay heat removal. Voluntary entry into MODE 5 may be made as it is also acceptable from a risk perspective.

Required Action Q.2 is modified by a Note that states that LCO 3.0.4.a is not applicable when entering MODE 4. This Note prohibits the use of LCO 3.0.4.a to enter MODE 4 during startup with the LCO not met. However, there is no restriction on the use of LCO 3.0.4.b, if applicable, because LCO 3.0.4.b requires performance of a risk assessment addressing inoperable systems and components, consideration of the results, determination of the acceptability of entering MODE 4, and establishment of risk management actions, if appropriate. LCO 3.0.4 is not applicable to, and the Note does not preclude, changes in MODES or other specified conditions in the Applicability that are required to comply with ACTIONS or that are part of a shutdown of the unit.

R.1 and R.2 If the Required Action and associated Completion Time of Conditions D, F, G, or M is not met, be in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and be in and MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

S.1 If the Required Action and associated Completion Time of Conditions H or J are not met, Be in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . This places the unit in a MODE where the LCO is no longer applicable.

T.1 If the Required Action and associated Completion Time of Condition I is not met, be in MODE 2 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

U.1 and U.2 If the Required Action and associated Completion Time of Condition K, O, or P is not met, be in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and be in MODE 5 within 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months .

PG&E Letter DCL-24-111 Page 1 of 5 Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 DCPP Condition TSTF-505 DCPP DCPP Disposition Variation 3.3.1 Reactor Trip System (RTS) Instrumentation 3.3.1 3.3.1 N/A N/A B. One Manual Reactor Trip channel inoperable.

B.1 B.2 B.1 B.2 Added RICT to B.1 Deleted B.2 No variation No variation D. One Power Range Neutron Flux-High channel inoperable.

D.1.1 D.1.2 D.2.1 D.1.1 D.1.2 D.2 Did not add RICT Added RICT to D.1.2 Deleted D.2 Administrative Variation -

Required Action (RA)

Administrative Variation - number Administrative Variation - RA (Additional Justification provided in Enclosure 1)

E. One channel inoperable E.1 E.2 E.1 E.2 Added RICT to E.1 Deleted E.2 No variation No variation M. One channel inoperable K to L.1 K.2.1 to M.1 M.1 M.2 Added RICT to M.1 Deleted M.2 Administrative Variation - number Administrative Variation - RA O. One Low Auto-Stop Oil Pressure Turbine Trip channel inoperable N.1 to R.1 N.2 Deleted O.1 O.2 Added RICT to O.1 Deleted O.2 Administrative Variation - number Administrative Variation - number P. One or more Turbine Stop Valve Closure, Turbine Trip channel(s) inoperable.

N.1 to R.1 N.2 Deleted P.1 P.2 Added RICT to P.1 Deleted P.2 Administrative Variation - number Administrative Variation - number Q. One train inoperable.

O.1 to T.1 O.2 Deleted Q.1 Q.2 Added RICT to Q.1 Deleted Q.2 Administrative Variation - number Administrative Variation - number R. One RTB train inoperable P.1 to U.1 P.2 Deleted R.1 R.2 Added RICT to R.1 Deleted R.2 Administrative Variation - number Administrative Variation - number

PG&E Letter DCL-24-111 Page 2 of 5 Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 DCPP Condition TSTF-505 DCPP DCPP Disposition Variation (Additional Justification provided in Enclosure 1)

U. One trip mechanism inoperable for one RTB.

S.1 to Y.1 S.2 Deleted U.1 U.2 Added RICT to U.1 Deleted U.2 Administrative Variation - number Administrative Variation - number X. One or more SG Water Level Low - Low Trip Time Delay channel(s) inoperable.

Not in STS X.1 X.2 X.3 No change Added RICT to X.2 Deleted X.3 Technical Variation Y. Required Action and associated Completion Time of Conditions B, D, E, Q, R, U, and X not met.

Z.1 Y.1 (New)

Be in MODE 3 Administrative Variation - number Z. Required Action and associated Completion Time of Condition M not met.

M.1 Z.1 (New)

Reduce THERMAL POWER to < P-7.

Administrative Variation - number AA. Required Action and associated Completion Time of Condition O or P not met.

S.1 AA.1 (New)

Reduce THERMAL POWER to < P-9 Administrative Variation - number 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation 3.3.2 3.3.2 N/A N/A B. One channel or train inoperable.

B.1 B.2.1 B.2.2 B.1 B.2.1 B.2.2 Added RICT to B.1 Deleted B.2.1 Deleted B.2.2 No variation No variation No variation C. One train inoperable.

C.1 C.2.1 C.2.2 C.1 C.2.1 C.2.2 Added RICT to C.1 Deleted C.2.1 Deleted C.2.2 No variation No variation No variation D. One channel inoperable.

D.1 D.2.1 D.2.2 D.1 D.2.1 D.2.2 Added RICT to D.1 Deleted D.2.1 Deleted D.2.2 No variation No variation No variation

PG&E Letter DCL-24-111 Page 3 of 5 Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 DCPP Condition TSTF-505 DCPP DCPP Disposition Variation F. One channel or train inoperable.

F.1 F.2.1 F.2.2 F.1 F.2.1 F.2.2 Added RICT to F.1 Deleted F.2.1 Deleted F.2.2 No variation No variation No variation G. One train inoperable.

G.1 G.2.1 G.2.2 G.1 G.2.1 G.2.2 Added RICT to G.1 Deleted G.2.1 Deleted G.2.2 No variation No variation No variation H. One train inoperable.

H.1 H.2 H.1 H.2 Added RICT to H.1 Deleted H.2 No variation No variation I. One channel inoperable.

I.1 I.2 I.1 I.2 Added RICT to I.1 Deleted I.2 No variation No variation J. One channel inoperable J.1 J.2 J.1 J.2 Added RICT to J.1 Deleted J.2 No variation No variation K. One channel inoperable Not in STS K.1.1 K.1.2 K.2.1 K.2.2 No change Added RICT to K.1.2 Deleted K.2.1 Deleted K.2.2 Technical Variation M. One or more SG Water Level - Low Low Trip Time Delay channel(s) inoperable.

Not in STS M.1 M.2 M.3.1 M.3.2 No change Added RICT to M.2 Deleted M.3.1 Deleted M.3.2 Technical Variation O. One channel inoperable D.1 D.2.1 D.2.2 O.1 O.2.1 O.2.2 Added RICT to O.1 Deleted O.2.1 Deleted O.2.2 Administrative Variation - number Administrative Variation - number Administrative Variation - number P. One channel inoperable.

E.1 E.2.1 E.2.2 P.1 P.2.1 P.2.2 Added RICT to P.1 Deleted P.2.1 Deleted P.2.2 Administrative Variation - number Administrative Variation - number Administrative Variation - number Q. Required Action and M.1 Q.1 (New)

Be in MODE 3.

Administrative Variation - number

PG&E Letter DCL-24-111 Page 4 of 5 Diablo Canyon Unit 1 and 2 TS 3.3.1 and 3.3.2 Scope for Adopting TSTF-505, Revision 2 DCPP Condition TSTF-505 DCPP DCPP Disposition Variation associated Completion Time of Conditions B or C not met.

M.2 (Mode 5)

Q.2 (New)

Be in MODE 4.

Administrative Variation - RA R. Required Action and associated Completion Time of Conditions D, F, G, or M not met.

N.1 (D, F, G)

N.2 (D, F, G)

R.1 (New)

R.2 (New)

Be in MODE 3.

Be in MODE 4.

Administrative Variation - number Administrative Variation - number S. Required Action and associated Completion Time of Conditions H or J not met.

O.1 (H & J)

S.1 (New)

Be in MODE 3.

Administrative Variation - number T. Required Action and associated Completion Time of Condition I not met.

Not in STS T.1 (New)

Be in MODE 2.

Administrative Variation - RA U. Required Action and associated Completion Time of Condition K, O, or P not met.

M.1 (K only)

M.2 (K only)

U.1 (New)

U.2 (New)

Be in MODE 3.

Be in MODE 5.

Administrative Variation - number Administrative Variation - number

PG&E Letter DCL-24-111 Page 5 of 5 Administrative Variation - RA DCPP Required Action (RA) is different from STS.

Administrative Variation - number DCPP Condition letter or associated Function number is different from STS.

Technical Variation - TS 3.3.1 Condition X, Function 14.b and TS 3.3.2 Condition M, Function 6.d.2, One or more SG Water Level - Low Low Trip Time Delay channel(s) inoperable are not included in the STS and TSTF-505-A changes. This change was approved for Sequoyah Nuclear Plant Units 1 and 2 in Reference 1.

These are separate plant-specific conditions not found in the STS or TSTF-505. RA X.2 and M.2 place the affected channel in trip, which is the same action as Functions 14.a and 6.d.1, which address channel inoperability for other causes. Since the TSTF-505 equivalent of Functions 14.a and 6.d.1 are in scope, PG&E is proposing to apply the RICT Program to TS 3.3.1 Function 14.b and TS 3.3.2 Function 6.d.2.

Technical Variation - TS 3.3.2, Condition K, Function 7, Residual Heat Removal Pump Trip on Refueling Water Storage Tank Level-low. This is a plant-specific function and condition not found in the STS or TSTF-505. RA K.1.2 is to restore the channel to operable status. Since similar required actions for other functions are in the TSTF-505 scope, PG&E is proposing to apply the RICT Program to TS 3.3.2 Function 7, and to also include a condition to address two or more inoperable channels, consistent with other similar functions in TSTF-505.

References

1. Sequoyah Nuclear Plant Units 1 and 2 - Issuance of Amendment Nos. 358 and 352 Regarding Technical Specifications Task Force Traveler TSTF-505 Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4B (EPID L-2021-LLA-0145), August 24, 2022. (ADAMS Accession No. ML22259A204 ).

PG&E Letter DCL-24-111 Page 1 of 20 List of Revised Required Actions to the Corresponding Probabilistic Risk Assessment (PRA) Functions

PG&E Letter DCL-24-111 Page 2 of 20 Introduction Section 4.0, Item 2 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), identifies the following license amendment request (LAR) content needed on the applicable Technical Specifications (TS), comparison of the TS functions to the probabilistic risk assessment (PRA) functions, and comparison of design basis assumptions to the scope of the PRA:

The LAR will provide identification of the TS 3.3.1 and 3.3.2 Limiting Conditions for Operation (LCO) and action requirements to which the RMTS will apply.

The LAR will provide a comparison of the TS 3.3.1 and 3.3.2 functions to the PRA modeled functions of the structures, systems, and components (SSCs) subject to those LCO actions.

The comparison should justify that the scope of the PRA model, including applicable success criteria such as number of SSCs required, flowrate, etc., are consistent with licensing basis assumptions (i.e., 10 CFR 50.46 emergency core cooling system

[ECCS] flowrates) for each of the TS requirements, or an appropriate disposition or programmatic restriction will be provided.

This enclosure provides confirmation that the Diablo Canyon PRA models include the necessary scope of SSCs and their functions to address each proposed application of the Risk-Informed Completion Time (RICT) Program to the proposed scope of TS LCOs and Conditions, and provides the information requested for Item 2 of the NRC safety evaluation. The scope of the comparison includes each of the TS LCO and Conditions and associated Required Actions (RAs) within the scope of the RICT Program, as identified in Attachment 4 of the LAR.

Table E1-1 below lists each TS LCO and Condition to which the RICT Program is proposed to be applied, and documents the following information regarding the TS with the associated safety analyses, the analogous PRA functions, and the results of the comparison:

Column TS LCO/Condition: Lists all of the LCOs and Conditions within the scope of the TSTF-505, Revision 2, implementation.

Column SSCs Covered by TS LCO/Condition: The SSCs addressed by each LCO/Condition.

Column SSCs Modeled in PRA: Indicates whether the SSCs addressed by the TS LCO/Condition are included in the PRA.

PG&E Letter DCL-24-111 Page 3 of 20

Column Function Covered by TS LCO/Condition: A summary of the required functions in the design basis safety analyses.

Column Design Success Criteria: A summary of the success criteria in the design basis safety analyses.

Column PRA Success Criteria: The function success criteria modeled in the PRA.

NOTE: If the SSCs Modeled in PRA column is listed as No, this column is left blank and the disposition column describes how the LCO Condition can be evaluated using appropriate surrogate events, or how it can be directly evaluated using the CRMP, or how it can be can be evaluated by a bounding assessment.

Column Disposition: Justification or resolution to address any inconsistencies between the TS and PRA functions, regarding the scope of SSCs and the success criteria. Where the PRA scope of SSCs is not consistent with the TS, additional information is provided to describe how the LCO Condition can be evaluated using appropriate surrogate events, or how it can be directly evaluated using the CRMP, or how it can be can be evaluated by a bounding assessment. Differences in the success criteria for the TS functions are addressed to demonstrate the PRA criteria provide a realistic estimate of the risk of the TS Condition as required by NEI 06 A.

The corresponding SSCs for each TS LCO and the associated TS functions are identified and compared to the PRA. This description also includes the design success criteria and the applicable PRA success criteria. Any differences between the scope or success criteria are described in the table. Scope differences are justified by identifying appropriate surrogate events which permit a risk evaluation to be completed using the Configuration Risk Management Program (CRMP) tool for the RICT program.

Differences in success criteria typically arise due to the requirement in the American Society of Mechanical Engineers (ASME)/American Nuclear Society (ANS) PRA Standard to make PRAs realistic rather than bounding, whereas design basis criteria are conservative and bounding. The use of realistic success criteria is necessary to conform to Capability Category II of the ASME/ANS PRA Standard as required by NEI 06-09-A.

The calculated RICT is provided in Table E1-2 for each individual TS Condition to which the RICT Program will be applied (assuming no other SSCs modeled in the PRA are unavailable). Unless stated otherwise, the RICTs presented are based on a Unit 1 model calculation and are applicable to Unit 2 for the purpose of providing an estimate due to the close similarity between the Unit 1 and Unit 2 models. (Actual RICT values will be calculated based on the actual plant configuration using a current revision of the PRA model that represents the as-built/as-operated condition of the plant, as required by NEI 06-09-A and the NRC safety evaluation, and may differ from the RICTs presented.)

PG&E Letter DCL-24-111 Page 4 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.1.B One Manual Reactor Trip channel inoperable RTS Function 1, Manual Reactor Trip (2 channels)

No Reactor trip initiation One of two Reactor Trip Breakers (RTB)

SSCs Modeled in PRA column is No, see Disposition column for method of PRA model disposition.

The operator action for failure to actuate a manual reactor trip will be used as a surrogate to conservatively bound the risk increase associated with this function.

3.3.1.D One Power Range Neutron Flux-High channel inoperable RTS Function 2a, Power Range Neutron Flux - High (4 channels)

No Reactor trip initiation Two of four Channels Power Range Neutron Flux-High can be represented in the PRA model through failure of the modeled inputs as a surrogate.

PG&E Letter DCL-24-111 Page 5 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.1.E One channel inoperable RTS Function 2.b, Power Range Neutron Flux - Low (4 channels)

RTS Function 3, Power Range Neutron Flux Rate - High Positive Rate (4 channels)

RTS Function 6, Overtemperature T (4 channels)

RTS Function 7, Overpower T (4 channels)

RTS Function 8.b, Pressurizer Pressure - High (4 channels)

RTS Function 14.a, Steam Generator (SG) Water LevelLow Low (3 channels per steam generator)

No No No No No No Reactor trip initiation Two of four Channels (Power Range Neutron Flux - Low)

Two of four Channels (Power Range Neutron Flux Rate - High Positive Rate)

Two of four Channels (Overtemperature T)

Two of four Channels (Overpower T)

Two of four Channels (Pressurizer Pressure -

High)

Two of three signals in any SG (SG Water LevelLow Low)

2.b - Power Range Neutron Flux-Low can be represented in the PRA model through failure of the modeled inputs as a surrogate.

3 - Power Range Neutron Flux-High Positive Rate can be represented in the PRA model through failure of the modeled inputs as a surrogate.

6 - Overtemperature T can be represented in the PRA model through failure of the modeled inputs as a surrogate.

7 - Overpower T can be represented in the PRA model through failure of the modeled inputs as a surrogate.

8.b - Pressurizer Pressure -

High can be represented in the PRA model through failure of the modeled inputs as a surrogate.

14.a - Steam Generator (SG) Water LevelLow Low can be represented in the PRA model through failure of the modeled inputs as a surrogate.

PG&E Letter DCL-24-111 Page 6 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.1.M One channel inoperable RTS Function 8.a, Pressurizer Pressure - Low (4 channels)

RTS Function 9, Pressurizer Water LevelHigh (3 channels)

RTS Function 10, Reactor Coolant FlowLow (3 channels per loop)

RTS Function 12, Undervoltage RCPs (2 channels per bus)

RTS Function 13, Underfrequency RCPs (3 channels per bus)

No No No No No Reactor trip initiation Two out of four Channels (Pressurizer Pressure - Low)

Two out of three Channels (Pressurizer Water Level-High)

Two out of three Channels (reactor coolant system (RCS) Flow -

Low)

Two out of four Channels (RCP undervoltage, underfrequency)

Two out of three Channels (Underfrequency RCPs)

8.a - Pressurizer Pressure -

Low can be represented in the PRA model through failure of the modeled inputs as a surrogate.

9 - Pressurizer Water Level

- High can be represented in the PRA model through failure of the modeled inputs as a surrogate.

10 - Reactor Coolant Flow -

Low can be represented in the PRA model through failure of the modeled inputs as a surrogate.

12 - RCP Undervoltage can be represented in the PRA model through failure of the modeled inputs as a surrogate.

13 - RCP Underfrequency can be represented in the PRA model through failure of the modeled inputs as a surrogate.

3.3.1.O One Low Auto-Stop Oil Pressure Turbine Trip channel inoperable RTS Function 16.a, Turbine Trip - Low Auto-Stop Oil Pressure (3 channels)

No Reactor trip initiation Two of three Low Fluid Oil Pressure switches < setpoint Turbine Trip - Low Auto-Stop Oil Pressure can be represented in the PRA model through failure of the modeled inputs as a surrogate.

PG&E Letter DCL-24-111 Page 7 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.1.P One or more Turbine Stop Valve Closure, Turbine Trip channel(s) inoperable RTS Function 16.b, Turbine Trip -

Turbine Stop Valve Closure (4 channels)

No Reactor trip initiation Four of four Turbine Stop Valve Closure trip

< setpoint Turbine Trip - Turbine Stop Valve Closure can be represented in the PRA model through failure of the modeled inputs as a surrogate.

3.3.1.Q One train inoperable RTS Function 17, Safety Injection (SI) Input from Engineered Safety Feature Actuation System (ESFAS)

(2 trains)

RTS Function 21, Automatic Trip Logic (2 trains)

Yes Yes Reactor trip initiation One of two trains SAME

17 - SSCs for the Safety Injection (SI) Input from Engineered Safety Feature Actuation System (ESFAS) are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

21 - SSCs for the automatic RTS logic are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

3.3.1.R One RTB train inoperable RTS Function 19, Reactor Trip Breakers (RTBs)

(2 trains)

Yes Reactor trip initiation One of two trains SAME SSCs for the RTBs are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

3.3.1.U One trip mechanism inoperable for one RTB RTS Function 20, Reactor Trip Breaker Undervoltage and Shunt Trip Mechanisms (1 channel each per RTB)

Yes Reactor trip initiation One of two mechanisms per RTB SAME SSCs for the Undervoltage and Shunt Trip mechanisms are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 8 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.1.X One or more SG Water Level Low

- Low Trip Time Delay channel(s) inoperable RTS Function 14.b, SG Water Level - Low Low Trip Time Delay (TTD)

(4 channels)

No Reactor trip initiation Two of 4 Channels SG Water Level - Low Low Trip Time Delay (TTD) can be represented in the PRA model through failure of the modeled inputs as a surrogate.

PG&E Letter DCL-24-111 Page 9 of 20 Table E1-1 3.3.2.B One channel or train inoperable ESFAS Function 1.a, Safety Injection - Manual Initiation (2 channels)

ESFAS Function 2.a, Containment Spray - Manual Initiation (2 channels per train)

ESFAS Function 3.a.1, Containment Isolation - Phase A Isolation - Manual Initiation (2 channels)

ESFAS Function 3.b.1, Containment Isolation - Phase B Isolation - Manual Initiation (2 channels per train)

No No No No 1.a Safety Injection (SI) provides two primary functions: 1.

Primary side water addition, and 2.

Boration to ensure recovery and maintenance of Shutdown Margin.

2.a Containment Spray provides three primary functions: 1.

Lowers containment pressure and temperature after an HELB in containment;

2. Reduces the amount of radioactive iodine in the containment atmosphere; and

3. Adjusts the pH of the water in the containment recirculation sump after a large break loss of coolant accident (LOCA).

3.a,1, 3.b.1 Containment Isolation provides isolation of the containment atmosphere, and all process systems that penetrate containment, from the environment.

One Channel per train (Safety Injection - Manual Initiation)

Two of two switches at one of two panels (Containment Spray -

Manual Initiation)

One Channel per train (Containment Isolation - Phase A Isolation - Manual Initiation)

Two of two switches at one of two panels (Containment Isolation - Phase B Isolation - Manual Initiation)

1.a - The operator action for failure to actuate a manual SI will be used as a surrogate to conservatively bound the risk increase associated with this function.

2.a - SSCs for manual CS actuation can be evaluated by a bounding assessment assuming unavailability of the CS system. The fire PRA does not credit containment sprays or CFCUs.

3.a.1 - The operator action for failure to actuate a manual Phase A will be used as a surrogate to conservatively bound the risk increase associated with this function.

3.b.1 - SSCs for phase B actuation can be evaluated by a bounding assessment assuming unavailability of the appropriate modeled relays..

PG&E Letter DCL-24-111 Page 10 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.C One train inoperable ESFAS Function 1.b, Safety Injection

- Automatic Actuation Logic and Actuation Relays (2 trains)

ESFAS Function 2.b, Containment Spray - Automatic Actuation Logic and Actuation Relays (2 trains)

ESFAS Function 3.a.2, Containment Isolation - Phase A Isolation -

Automatic Actuation Logic and Actuation Relays (2 trains)

Yes Yes Yes

1. Safety Injection (see above)

2. Containment Spray (see above) 3.a Containment Isolation (see above)

One of two trains (Safety Injection - Automatic Actuation Logic and Actuation Relays)

One of two trains (Containment Spray -

Automatic Actuation Logic and Actuation Relays)

One of two trains (Containment Isolation - Phase A Isolation - Automatic Actuation Logic and Actuation Relays)

SAME SAME SAME

1.b - SSCs for automatic SI actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

2.b - SSCs for automatic CS actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

The fire PRA does not credit containment sprays or CFCUs.

3.a.2 - SSCs for automatic containment isolation Phase A actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 11 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.C One train inoperable (continued)

ESFAS Function 3.b.2, Containment Isolation - Phase B Isolation -

Automatic Actuation Logic and Actuation Relays (2 trains)

Yes 3.b Containment Isolation (see above)

One of two trains SAME

3.b.2 - SSCs for automatic containment isolation Phase B actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 12 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.D One channel inoperable ESFAS Function 1.d, Safety Injection

- Pressurizer Pressure-Low (4 channels)

ESFAS Function 1.e, Safety Injection

- Steam Line Pressure - Low (3 channels per steam line)

ESFAS Function 4.d.1, Steam Line Isolation - Steam Line Pressure -

Low (3 channels per steam line)

ESFAS Function 6.d.1, Auxiliary Feedwater - SG Water Level-Low Low (3 channels per steam generator)

Yes Yes Yes Yes

1. Safety Injection (see above)

4. Steam Line Isolation provides isolation of the main steam lines for protection in the event of an SLB inside or outside containment.

6. Auxiliary Feedwater provides a secondary side heat sink for the reactor in the event that the Main Feedwater System is not available.

Two of four channels (Safety Injection -

Pressurizer Pressure-Low)

Two of three channels on 1 of 4 steam lines (Safety Injection - Steam Line Pressure - Low)

Two of three channels on 1 of 4 steam lines (Steam Line Isolation - Steam Line Pressure - Low)

Two of three channels on 1 of 4 SGs (Auxiliary Feedwater - SG Water Level-Low Low)

SAME SAME SAME SAME

1.d - SSCs for SI actuation on pressurizer pressure - low are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

1.e - SSCs for SI actuation on steam line pressure - low are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

4.d.1 - SSCs for steam line isolation on steam line pressure - low are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

6.d.1 - SSCs for AFW actuation on SG water level -

low-low are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 13 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.F One channel or train inoperable ESFAS Function 8.a, ESFAS Interlocks - Reactor Trip, P-4 (1 channel per train, 2 Trains)

No 8.a ESFAS Interlocks-Reactor Trip, P-4 allows operators to manually block reactuation of SI systems after the initial phase of injection is complete.

One reactor trip breaker (RTB) and its associated bypass breaker is open SSCs for ESFAS reactor interlocks on reactor trip can be evaluated by a bounding assessment assuming unavailability of the associated reactor trip breakers actuation (TS 3.3.1.R Function 19).

3.3.2.G One train inoperable ESFAS Function 4.b, Steam Line Isolation -

Automatic Actuation Logic and Actuation Relays (2 trains)

ESFAS Function 6.b, Auxiliary Feedwater -

Automatic Actuation Logic and Actuation Relays (Solid State Protection System)

(2 trains)

Yes Yes

4. Steam Line Isolation (see above)

6. Auxiliary Feedwater (see above)

One of two trains (Steam Line Isolation - Automatic Actuation Logic and Actuation Relays)

One of two trains (Auxiliary Feedwater - Automatic Actuation Logic and Actuation Relays)

SAME SAME

4.b - SSCs for automatic steam line isolation actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

6.b - SSCs for automatic AFW actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

3.3.2.H One train inoperable ESFAS Function 5.a, Feedwater Isolation -

Automatic Actuation Logic and Actuation Relays (2 trains)

Yes

5. Feedwater Isolation stops the excessive flow of feedwater into the SGs.

One of two trains SAME 5.a - SSCs for automatic feedwater isolation actuation are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 14 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.I One channel inoperable ESFAS Function 6.g, Auxiliary Feedwater -

Undervoltage Reactor Coolant Pump (RCP) (2 channels per bus)

No

6. Auxiliary Feedwater (see above)

Loss of power on two RCPs SSCs for AFW actuation on RCP undervoltage can be evaluated by a bounding assessment assuming an increased unavailability of the turbine-driven AFW pump that includes the failure rate of the related channel.

3.3.2.J One channel inoperable ESFAS Function 5.b, Feedwater Isolation - SG Water Level-High High (P-14)

(3 channels per steam generator)

No

5. Feedwater Isolation (see above)

Two of three Channels on any SG SSCs for feedwater isolation actuation on SG water level -

high-high can be evaluated by a bounding assessment assuming unavailability of the associated SG low level actuation of AFW (TS 3.3.2 Function 6.d.1).

PG&E Letter DCL-24-111 Page 15 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.K One channel inoperable ESFAS Function 7, Residual Heat Removal (RHR)

Pump Trip on Refueling Water Storage Tank (RWST)

Level-low (3 channels)

No 7, RHR Pump Trip on RWST Level - Low Switchover from the RWST to the containment sump must occur before the RWST empties to prevent damage to the RHR pumps and a loss of core cooling capability.

Two-out-of-three Channels Any inoperability of this function will be evaluated for the RICT Program by a bounding assessment assuming the affected RHR pump cannot be aligned for recirculation. This function to protect the RHR pumps if they have not been manually aligned for recirculation when the RWST is empty is not credited in the PRA. This function only provides a plant risk reduction if the operator fails to align recirculation such that by automatically tripping the RHR pumps the operator can then recover the error.

Very limited credit for such a recovery action can be justified, such that this function would have an insignificant impact if it were credited.

3.3.2.M One or more SG Water Level -

Low Low Trip Time Delay channel(s) inoperable ESFAS Function 6.d.2, Auxiliary Feedwater - SG Water Level - Low Low Trip Time Delay (TTD)

(4 channels)

No

6. Auxiliary Feedwater (see above)

Two trip signals from any one steam generator SSCs for auxiliary feedwater actuation on SG water level -

low-low trip time can be evaluated by a bounding assessment assuming unavailability of the associated SG low level actuation of AFW (TS 3.3.2 Function 6d1).

PG&E Letter DCL-24-111 Page 16 of 20 Table E1-1: In Scope TS/LCO Conditions to the Corresponding PRA Functions TS LCO/Condition SSCs Covered by TS LCO/ Condition SSCs Modeled in the PRA Function Covered by the TS LCO/

Condition Design Success Criteria PRA Success Criteria Disposition 3.3.2.O One channel inoperable ESFAS Function 1.c, Safety Injection -

Containment Pressure-High (3 channels)

Yes

1. Safety Injection (see above)

Two of three Channels SAME SSCs for SI actuation on containment pressure - high are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

3.3.2.P One channel inoperable ESFAS Function 2.c, Containment Spray -

Containment Pressure High-High (4 channels)

ESFAS Function 3.b.3, Containment Isolation - Phase B Isolation -

Containment Pressure High-High (4 channels)

Yes Yes

2. Containment Spray (see above)

3. Containment Isolation (see above)

Two of four Channels Two of four Channels SAME SAME

2.c - SSCs for CS actuation on containment pressure -

high-high are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

The fire PRA does not credit containment sprays or CFCUs.

3.b.3 - SSCs for containment isolation Phase B on containment pressure -

high-high are modeled consistent with the TS scope and so can be directly evaluated using the CRMP.

PG&E Letter DCL-24-111 Page 17 of 20 Table E1-2 below lists the calculated RICTs for each TS condition using the method outlined in NEI 06-09-A. The same equation was used to calculate the LERF RICT by using the RICT incremental conditional LERP (ICLERP) Limit and LERF instead.

The RICT ICCDP limit is 1.00E-05, while the RICT ICLERP limit is 1.00E-06. The RICTs are limited to a maximum of thirty (30) days, and to a minimum of the original TS completion time.

Table E1-2 provides example RICT calculations for the purposes of this Enclosure. The RICT will be calculated using the actual plant configuration and may deviate from the example values. No Seismic PRA simplifications have been made for RICT calculations.

Table E1-2: Unit 1/Unit 2 In-Scope TS/LCO Conditions RICT Estimate TS LCO/Condition RICT Estimate 3.3.1.B One manual reactor trip channel inoperable 30 day 3.3.1.D One Power Range Neutron Flux-High channel inoperable 30 day 3.3.1.E One channel inoperable 30 day 3.3.1.M One channel inoperable 30 day 3.3.1.O One Low Auto-Stop Oil Pressure Turbine Trip channel inoperable 30 day 3.3.1.P One or more Turbine Stop Valve Closure, Turbine Trip channel(s) inoperable 30 day 3.3.1.Q One train inoperable 30 day 3.3.1.R One RTB train inoperable 30 day 3.3.1.U One trip mechanism inoperable for one RTB 30 day 3.3.1.X One or more SG Water Level Low - Low Trip Time Delay channel(s) inoperable 30 day 3.3.2.B One channel or train inoperable 30 day 3.3.2.C One train inoperable 30 day 3.3.2.D One channel inoperable 30 day 3.3.2.F One channel or train inoperable 30 day 3.3.2.G One train inoperable 30 day 3.3.2.H One train inoperable 30 day 3.3.2.I One channel inoperable 30 day 3.3.2.J One channel inoperable 30 day 3.3.2.K One channel inoperable 30 day 3.3.2.M One or more SG Water Level - Low Low Trip Time Delay channel(s) inoperable 30 day 3.3.2.O One channel inoperable 30 day 3.3.2.P One channel inoperable 30 day

PG&E Letter DCL-24-111 Page 18 of 20 Additional Justification for Specific Actions This section contains the additional technical justification for the list of Required Actions from Table 1, Conditions Requiring Additional Technical Justification, of TSTF-505, Revision 2. Additional justification for each of the identified DCPP TS is provided below:

TS 3.3.1 - RTS Instrumentation LCO: The RTS instrumentation for each Function in Table 3.3.1-1 shall be Operable.

Condition D: One Power Range Neutron Flux - High channel inoperable.

As indicated in Table E1-1, the Power Range Neutron Flux channels are not explicitly modeled in the DCPP PRA, but they can be represented in the PRA model through failure of the modeled inputs as a surrogate.

As described in Section 7.2.2.1, Reactor Trips, of the Diablo Canyon Units 1 and 2 Updated Final Safety Analysis Report (UFSAR):

The power range high nuclear power trip circuit trips the reactor when two of the four power range channels exceed the trip setpoint. There are two independent bistables each with its own trip setting (a high and a low setting). The high trip setting provides protection during normal power operation and is always active. The low trip setting, which provides protection during startup, can be manually blocked when two of the four power range channels read above approximately 10 percent power (P-10). This trip function is automatically reinstated when three of the four power range channels decrease below 10 percent power.

With one of the NIS power range detectors inoperable, 1/4 of the radial power distribution monitoring capability is lost. Therefore, SR 3.2.4.2 must be performed (Required Action D.1.1) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months after THERMAL POWER exceeds 75% RTP and every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter. Calculating QPTR every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months compensates for the lost monitoring capability due to the inoperable NIS power range channel and allows continued unit operation at power levels > 75% RTP. When THERMAL POWER is <

75%, core radial power distributions are prevented from exceeding design limits where DNB conditions may exist. Required Action D.1.1 has been modified by a Note which only requires SR 3.2.4.2 to be performed if the Power Range Neutron Flux input to QPTR becomes inoperable. The performance of SR 3.2.4.2 per ACTION D.1.1 is subject to the SR 3.2.4.2 note. These Actions require periodic monitoring of spacial power distribution dependent upon power level. Therefore, this Condition does not represent the inability to perform the safety function assumed in the FSAR given the loss of special distribution of the remaining Power Range detectors.

Therefore, TS 3.3.1 Condition D meets the requirements for inclusion in the RICT Program.

PG&E Letter DCL-24-111 Page 19 of 20 TS 3.3.1 - RTS Instrumentation LCO: The RTS instrumentation for each Function in Table 3.3.1-1 shall be Operable.

Condition R: One reactor trip breaker train inoperable.

As indicated in Table E1-1, the reactor trip breaker (RTB) trains are explicitly modeled in the DCPP PRA. The PRA Success Criteria is the same as the Design Success Criteria which is one of two RTB trains. Each of the two logic trains, A and B, is capable of opening a separate and independent reactor trip breaker (52/RTA and 52/RTB). Logic train A opens reactor trip breaker 52/RTA and bypass breaker 52/BYB. Logic train B opens reactor trip breaker 52/RTB and bypass breaker 52/BYA. The two trip breakers in series connect three-phase ac power from the rod drive motor generator sets to the rod drive power bus. For reactor trip, a loss of dc voltage to the undervoltage coil releases the trip plunger and trips open the breaker. Additionally, an undervoltage trip auxiliary relay provides a trip signal to the shunt trip coil that trips open the breaker in the unlikely event of an undervoltage coil malfunction. When either of the trip breakers opens, power is interrupted to the rod drive power supply, and the control rods fall by gravity into the core. The rods cannot be withdrawn until an operator resets the trip breakers.

The trip breakers cannot be reset until the bistable, which initiated the trip, reenergizes.

TSTF-411, Surveillance Test Interval Extensions for Components of the Reactor Protection System (WCAP-15376-P) (Reference 3), has been adopted at Diablo Canyon Units 1 and 2. Consistent with the requirement in Reference 3 to include Tier 2 insights into the decision-making process before taking equipment out of service, restrictions on concurrent removal of certain equipment when a RTB train is inoperable for maintenance are included. These restrictions do not apply when a RTB train is being tested under the 4-hour bypass Note of Condition R. When a RTB train is inoperable for maintenance, the following should not be scheduled:

Activities that degrade the availability of the auxiliary feedwater system, RCS pressure relief system (pressurizer PORVs and safety valves), Anticipated Transients Without Scrams (ATWS) Mitigating System Actuation Circuitry, (AMSAC), or turbine trip (to preserve ATWS mitigation capability).

Activities that cause master relays or slave relays in the available train to be unavailable and activities that cause analog channels to be unavailable (to preserve reactor trip and safeguards actuation capability).

Activities on electrical systems (e.g., AC and DC power) and cooling systems (Auxiliary Saltwater) that support the systems or functions listed above.

In addition, as described in Section 7.6.2.3, ATWS Mitigation System Actuation Circuitry (AMSAC) of the Diablo Canyon Units 1 and 2 UFSAR, the AMSAC system further mitigates the effects of a failure of reactor protection to trip the reactor in the event of an anticipated transient. The AMSAC system trips the turbine, starts auxiliary

PG&E Letter DCL-24-111 Page 20 of 20 feedwater, and isolates steam generator blowdown on coincidence of an AMSAC low steam generator water level signal from three out of four steam generators.

Therefore, actions taken when a RTB train is inoperable and defense in depth provided by the AMSAC system are sufficient that this Condition does not represent the inability to perform the safety function assumed in the FSAR and TS 3.3.1 revised Condition R meets the requirements for inclusion in the RICT Program.

TS 3.3.2 ESFAS Instrumentation LCO: The ESFAS instrumentation for each Function in Table 3.3.1-2 shall be Operable.

Condition F One channel or train inoperable includes ESFAS Function 8.a, ESFAS Interlocks - Reactor Trip, P-4.

The P-4 interlock is included in TSTF-505 Revision 2 and this change was approved for Comanche Peak Nuclear Power Plant Units 1 and 2 and McGuire Nuclear Station Units 1 and 2 in References 4 and 5 respectively.

References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. WCAP-15376-P-A, Revision 1, Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times, March 2003.

4. Comanche Peak Nuclear Power Plant, Unit Nos. 1 and 2 - Issuance of Amendment Nos.183 and 183 Regarding the Adoption of Technical Specifications Task Force Traveler TSTF-505 Revision 2, (EPID L-2021-LLA-0085), August 22, 2022. (ADAMS Accession No. ML22192A0007).

5. McGuire Nuclear Station, Units 1 and 2, Issuance of Amendment Nos. 330 and 309, Regarding Revision of Technical Specifications to Adopt Technical Specifications Task Force Traveler (TSTF) Traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b, (EPID L-2023-LLA-0021),

March 26, 202. (ADAMS Accession No. ML24031A540 ).

PG&E Letter DCL-24-111 Page 1 of 8 Information Supporting Consistency with Regulatory Guide 1.200, Revision 2

PG&E Letter DCL-24-111 Page 2 of 8 Introduction Section 4.0, Item 3 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request (LAR) provide a discussion of the results of peer reviews and self-assessments conducted for the plant-specific probabilistic risk assessment (PRA) models that support the RMTS, including the resolution or disposition of any identified deficiencies (i.e., facts and observations

[F&Os] from peer reviews). This is to include a comparison of the requirements of Regulatory Guide (RG) 1.200, Revision 2, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities (Reference 3), using the elements of PRA standard American Society of Mechanical Engineers (ASME) RA-Sb-2005, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum B to ASME-RA-S-2002 (Reference 4),

for capability category II for internal events PRA models, and for other models for which RG 1.200, Revision 2 endorsed standards exist.

It is noted that the current accepted revision of RG 1.200 for use with RMTS implementation is Revision 2, which was approved subsequent to the issuance of the NRC safety evaluation for NEI 06-09-A, and which endorsed PRA standard ASME/American Nuclear Society (ANS) RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, (Reference 5).

This enclosure provides information on the technical acceptability of the Diablo Canyon PRA internal event, internal flood, fire, and seismic models that support the Risk-Informed Completion Time (RICT) Program, in support of the LAR to revise the Technical Specifications to adopt Technical Specifications Task Force (TSTF) traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b (Reference 6). This information is consistent with the requirements of Section 4.0, Item 3 of the NRC safety evaluation of NEI 06-09-A, and addresses each PRA model for which a PRA standard endorsed by RG 1.200, Revision 2 exists.

Meeting these requirements satisfies RG 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3 (Reference 7), requirements for risk-informed plant-specific changes to a plant's licensing basis. This enclosure addresses the clarifications and qualifications found in RG 1.200, Revision 2 as the peer reviews and self-assessment performed included consideration of the clarifications and qualifications.

Note that other external hazards are not addressed by PRA models, and are further discussed in Enclosure 4. Shutdown modes of operation are not in the scope of the RICT Program, and therefore low power and shutdown PRA models are not addressed.

Pacific Gas and Electric Company (PG&E) employs a multi-faceted approach to establishing and maintaining the technical adequacy and fidelity of the PRA models for

PG&E Letter DCL-24-111 Page 3 of 8 Diablo Canyon. This approach includes both a PRA maintenance and update process, and the use of self-assessments and independent peer reviews.

The Diablo Canyon PRA models are at-power models consisting of four hazard models:

internal events, internal flooding, internal fire, and seismic events. Each hazard model applies the internal events model as the base model. The models can evaluate both the core damage frequency and large early release frequency.

Peer Review and Peer Review Findings Closure Process All of the PRA models discussed in this Enclosure have been peer reviewed and assessed using PRA Standard ASME/ANS RA-Sa-2009 and RG 1.200, Revision 2.

Each peer review identified finding and observations (F&Os) for supporting requirements of the relevant parts of the PRA standard applicable to the scope of the peer review. These included: findings for elements that did not meet at least capability category II of a supporting requirement of the standard, suggestions from the peer review team for elements that met the supporting requirement but could be improved, and best practices.

The review and closure of finding-level F&Os was performed by an independent assessment team using the process documented in Appendix X to NEI 05-04/07-12/12-16, Close-out of Facts and Observations (Reference 8). All of the reviews met the requirements of NEI 17-07, Performance of PRA Peer Reviews Using the ASME/ANS PRA Standard, Revision 2 (Reference 9).

Each assessment team (internal events including internal flooding, fire, and seismic) evaluated whether each F&O was closed through the application of a PRA maintenance or upgrade activity, as defined by the PRA standard. If closure of an F&O was identified as an upgrade, a focused scope peer review was conducted. Further, the assessment team re-evaluated any supporting requirements identified by the peer review to be either not met, or met at capability category I, to determine whether closure of the associated F&O(s) resulted in a change in status to either met, or met at least at capability category II.

The PRA scope and technical adequacy is met for this application as the applicable PRA Standard supporting requirements for all models are met at capability category II or higher. There are no remaining open finding-level F&Os for any of the models discussed in this application, and all finding-level F&Os have been independently assessed and closed using the processes discussed above. The resolved findings and the basis for resolution are documented in the Diablo Canyon PRA documentation and the F&O Closure Review reports. The results of the peer reviews and independent assessments have been documented and are available for NRC audit.

Internal Event and Internal Flood PRA An internal event and internal flood PRA peer review was conducted in December 2012, and is documented in LTR-RAM-II-13-002, RG 1.200 PRA Peer Review Against the

PG&E Letter DCL-24-111 Page 4 of 8 ASME/ANS PRA Standard Requirements for the Diablo Canyon Nuclear Plant Probabilistic Risk Assessment (Reference 10). The full-scope peer review of these models was performed consistent with RG 1.200, Revision 2, using the current endorsed PRA Standard ASME/ANS RA-Sa-2009.

All F&Os categorized by the peer review team as findings have been resolved by either a PRA model revision or a documentation update.

An independent assessment of the finding-level F&Os was conducted in June 2023 and is documented in PWROG-23015-P, Diablo Canyon F&O Closure and Focused Scope Peer Review Report (Reference 11). The review was conducted in accordance with Appendix X to NEI 05-04/07-12/12-16. The scope of the assessment included all finding-level F&Os resulting from the peer review.

Five suggestion-level F&Os in high-level requirement Large Early Release were identified as upgrades because the supporting requirements were met at capability category I only. Seven internal flooding F&Os were identified by PG&E as upgrades. A focused scope peer review was therefore conducted in conjunction with the closure review for these 12 F&Os. No other F&Os were determined to constitute an upgrade, and the use of any new methods was not identified by the assessment team.

At the conclusion of the independent assessment and focused-scope peer reviews, all applicable supporting requirements of the PRA standard are met, and supporting requirements that distinguish different capability categories satisfy at least capability category II. There are no remaining open peer review finding-level F&Os.

Therefore, the Diablo Canyon internal events and internal flooding PRA model is acceptable for use in the RICT Program.

Fire PRA The fire PRA was reviewed in January 2008 as part of the pilot application of the fire PRA peer review process of NEI 07-12 and is documented in LTR-RAM-II-08-019, Pilot Application of the Fire PRA Peer Review Process for the Diablo Canyon Power Plant Fire Probabilistic Risk Assessment (Reference 12). The 2008 peer review was conducted against the requirements of the ANS Standard ANSI/ANS-58.23-2007, FPRA Methodology (Reference 13). At the time of this first peer review, certain technical elements of the fire PRA had not been completed.

The second phase of the peer review was completed in December 2010 and is documented in LTR-RAM-II-11-004, Fire PRA Peer Review Against the Fire PRA Standard SRs From Section 4 of the ASME/ANS Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessments for Nuclear Power Plant Applications for the Diablo Canyon Plant Fire Probabilistic Risk Assessment (Reference 14). The 2010 peer review was conducted against the requirements of ASME/ANS RA-Sa-2009. The scope of the 2010 review included re-review of elements

PG&E Letter DCL-24-111 Page 5 of 8 from the 2008 review that did not meet at least capability category II of the PRA standard.

After the final peer review in 2010, there were 17 identified finding-level F&Os. All F&Os categorized as findings have been resolved by either a PRA model revision or a documentation update.

An independent assessment of the F&Os was conducted in August-September 2018, and is documented in report P3118-004-001, F&O Closeout by Independent Assessment Report for the Diablo Canyon Nuclear Power Plant (DCPP) Fire PRA Model Against the 2009 ASME PRA Standard Requirements and NEI 05-04 Appendix X (Reference 15). The review was conducted in accordance with Appendix X to NEI 05-04/07-12/12-16. The scope of the assessment included all 17 F&Os resulting from the two peer reviews. Two F&Os were identified by PG&E as upgrades, and a focused-scope peer review was therefore conducted in conjunction with the closure review. No other F&Os were determined to constitute an upgrade, and the use of any new methods was not identified by the assessment team.

At the conclusion of the independent assessment and focused-scope peer review, all applicable supporting requirements of the PRA standard are met, and supporting requirements that distinguish different capability categories satisfy at least capability category II. There are no remaining open peer review finding-level F&Os.

Therefore, the Diablo Canyon fire PRA model is acceptable for use in the RICT Program.

It is noted that the Diablo Canyon fire PRA model was reviewed by the NRC as part of the Diablo Canyon NFPA-805 LAR dated June 26, 2013. The NRC review was concluded on April 14, 2016. Based on the staffs review, the NRC staff concluded that the Diablo Canyon fire PRA is of sufficient technical adequacy and that its quantitative results, considered together with the sensitivity studies, can be used to demonstrate that the change in risk due to the transition to NFPA 805 meets the acceptance guidelines in RG 1.174, Revision 2. (It is noted that the current RG 1.174, Revision 3 did not modify the acceptance guidelines found in RG 1.174, Revision 2.)

Seismic PRA A seismic PRA peer review was conducted in June 2017 and is documented in the Pressurized Water Reactor Owners Group (PWROG) report PWROG-17022-P, Peer Review of the Diablo Canyon Units 1 & 2 Seismic Probabilistic Risk Assessment, September 2017 (Reference 16). The full-scope peer review, which also included a review of the seismic hazard and fragility analyses, was performed consistent with RG 1.200, Revision 2, using PRA Standard ASME/ANS RA-Sb-2013 (Reference 17). All F&Os categorized as findings have been resolved by either a PRA model revision or a documentation update.

PG&E Letter DCL-24-111 Page 6 of 8 An independent assessment of the finding-level F&Os was conducted in October-December 2017 and is documented in PWROG-17078-P, Independent Assessment of Facts & Observations Closure and Focused Scope Peer Review of the Diablo Canyon Units 1 & 2 Seismic Probabilistic Risk Assessment, Revision 0 (Reference 18). The scope of the assessment included all finding-level F&Os resulting from the 2013 peer review. Three F&Os were identified by PG&E as upgrades, and two additional F&Os were identified by the assessment team as upgrades; therefore, a focused-scope peer review was conducted in conjunction with the closure review. The use of any new methods was not identified by the assessment team.

At the conclusion of the independent assessment and focused-scope peer review, all applicable supporting requirements of the PRA standard are met, and supporting requirements that distinguish different capability categories satisfy at least capability category II. There are no remaining open peer review finding-level F&Os.

Therefore, the Diablo Canyon seismic PRA model is acceptable for use in the RICT Program.

It is noted that the Diablo Canyon seismic PRA model was submitted to the NRC for review in response to a 10CFR50.54(f) letter regarding lessons learned from the accident at the Fukushima Daiichi Nuclear Power Plant. The NRC review was concluded on January 22, 2019.It concluded that the seismic PRA is of sufficient technical adequacy to support phase 2 regulatory decision-making in accordance with the intent of the 50.54(f) letter.

Additional Information on the Use of FLEX Equipment The Diablo Canyon PRA models do not credit any FLEX equipment.

Operator actions that model FLEX strategies to shed vital DC loads and to manually control the turbine driven auxiliary feedwater pump are included in the seismic PRA model for a seismically induced Station Black Out (SBO) or SBO with loss of all DC power. These actions include credit for FLEX strategies to monitor steam generator level at the hot shutdown panel without instrument AC power available.

PG&E Letter DCL-24-111 Page 7 of 8 From Reference 19, PG&E response to Audit Question APLC-02 Diablo Canyon performed a gap assessment between Addendum A and B consistent with that from Southern Nuclear Operating Company, Inc., letter to NRC, NL-17-1201, Vogtle Electric Generating Plant Units 1 and 2 Response to Supplemental Information Needed for Acceptance of Systematic Risk-Informed Assessment of Debris Technical Report, dated July 11, 2017 (ML17192A245). NRC acceptance of the assessment was documented in a letter to Southern Nuclear Operating Company, Inc., Vogtle Electric Generating Plant, Units 1 and 2 - Issuance of Amendments Regarding Application of Seismic Probabilistic Risk Assessment Into the Previously Approved 10 CFR 50.69 Categorization Process (EPID L-2017-LLA-0248), dated August 10, 2018 (ML18180A062). In the Vogtle Assessment, all but six of the Addendum B SRs have been shown to either be equal to the corresponding Addendum A SRs or have been shown to envelop the corresponding Addendum A SRs. The remaining six SRs (SHAB3, SHA-C3, SFR-C3, SFR-C6, SFR-G3, and SPR-B1) were evaluated and the results of the evaluation were included in table A2-2, Comparison of Supporting Requirements of Addendum A and Addendum B contained in PG&E Letter DCL 004 (Reference 19).

References

1.

Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2.

NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3.

Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2, March 2009. (ADAMS Accession No. ML090410014).

4.

ASME RA-Sb-2005, Standard for Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum B to ASME RA-S-2002, ASME, New York, NY, December 30, 2005.

5.

ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.

6.

TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b. (ADAMS Accession No. ML18183A493).

7.

Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis,"

Revision 3, January 2018. (ADAMS Accession No. ML17317A256).

PG&E Letter DCL-24-111 Page 8 of 8

8.

NEI Letter to NRC, Final Revision of Appendix X to NEI 05-04/07-12/12-16, Close-out of Facts and Observations (F&Os), February 21, 2017. [Note, title contained typographical error, NEI 12-16 should be NEI 12-13] (ADAMS Accession No. ML17086A431).

9.

NEI 17-07, Revision 2, Performance of PRA Peer Reviews Using the ASME/ANS PRA Standard, August 2019. (ADAMS Accession No. ML19241A615).

10. Westinghouse Letter LTR-RAM-II-13-002, RG 1.200 PRA Peer Review Against the ASME/ANS PRA Standard Requirements for the Diablo Canyon Nuclear Plant Probabilistic Risk Assessment, March 20, 2013.

11. PWROG Report PWROG-23015-P, Diablo Canyon F&O Closure and Focused Scope Peer Review Report, Revision 0, July, 2023.

12. Westinghouse Letter LTR-RAM-II-08-019, Pilot Application of the Fire PRA Peer Review Process for the Diablo Canyon Power Plant Fire Probabilistic Risk Assessment, October 17, 2008.

13. American Nuclear Society (ANS) Standard ANSI/ANS-58.23-2007, FPRA Methodology.

14. Westinghouse Letter LTR-RAM-II-11-004, Fire PRA Peer Review Against the Fire PRA Standard SRs From Section 4 of the ASME/ANS Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessments for Nuclear Power Plant Applications for the Diablo Canyon Plant Fire Probabilistic Risk Assessment, May 24, 2011.

15. Engineering Planning and Management, Inc., P3118-004-001, F&O Closeout by Independent Assessment Report for the Diablo Canyon Nuclear Power Plant (DCPP) Fire PRA Model Against the 2009 ASME PRA Standard Requirements and NEI 05-04 Appendix X, Revision 0, September 2018.

16. PWROG Report PWROG-17022-P, Peer Review of the Diablo Canyon Units 1 &

2 Seismic Probabilistic Risk Assessment, Revision 0, September 2017.

17. ASME/ANS RA-Sb-2013, Addendum B to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, dated September 30, 2013.

18. PWROG Report PWROG-17078-P, Independent Assessment of Facts &

Observations Closure and Focused Scope Peer Review of the Diablo Canyon Units 1 & 2 Seismic Probabilistic Risk Assessment, Revision 0, March 2018.

19. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

PG&E Letter DCL-24-111 Page 1 of 1 Information Supporting Technical Adequacy of Probabilistic Risk Assessment (PRA) Models without Standards Endorsed by Regulatory Guide 1.200, Revision 2 This enclosure is not applicable to the Diablo Canyon submittal. Pacific Gas & Electric Company is not proposing to use any probabilistic risk assessment models in its Risk-Informed Completion Time Program for which a standard, endorsed by the NRC in Regulatory Guide 1.200, Revision 2, does not exist.

PG&E Letter DCL-24-111 Page 1 of 17 Information Supporting the Justification of Excluding Sources of Risk Not Addressed by the Diablo Canyon Probabilistic Risk Assessment (PRA)

Models

PG&E Letter DCL-24-111 Page 2 of 17 Introduction Section 4.0, Item 5 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide a justification for excluding any risk sources determined to be insignificant to the calculation of configuration-specific risk, and provide a discussion of any conservative or bounding analyses to be applied to the calculation of risk-informed completion times (RICTs) for sources of risk not addressed by the probabilistic risk assessment (PRA) models.

This enclosure addresses this requirement by discussing the generic methodology used to identify and disposition such risk sources and provides the Diablo Canyon specific results of the application of the generic methodology for impacts on the RICT Program.

NEI 06-09-A does not provide a specific list of hazards to be considered in the RICT Program. In order to identify a comprehensive listing of other external hazards for consideration, the PRA Standard American Society of Mechanical Engineers (ASME) and American Nuclear Society (ANS), Addendum A to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME/ANS RA-Sa-2009 (Reference 3) supporting requirement EXT-A1 was used which includes a review of the following sources:

NUREG/CR-2300, PRA Procedures Guide (Reference 4)

NUREG-1407, Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities (Reference 5)

NUREG/CR-5042, Evaluation of External Hazards to Nuclear Power Plants in the United States (Reference 6)

NUREG-1150 Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants (Reference 7)

Appendix 6-A of the ASME/ANS PRA Standard In addition to the above generic sources, the Diablo Canyon Final Safety Analysis Report Update (Reference 8) was reviewed to identify any site-specific hazards consistent with the ASME/ANS PRA Standard supporting requirement EXT-A2. Based on this review, no additional external hazards were identified that are not already listed in the generic references.

Technical Approach The guidance contained in NEI 06-09-A states that all hazards that contribute significantly to the incremental risk of a configuration must be quantitatively addressed in the implementation of the RMTS. The following approach focuses on the risk implications of specific external hazards as they impact the determination of RICTs.

PG&E Letter DCL-24-111 Page 3 of 17 The other external hazards are evaluated using a preliminary screening and a quantitative screening using the criteria of the ASME/ANS PRA Standard.

The ASME/ANS PRA Standard identifies external hazard screening criteria (supporting requirements EXT-B1, EXT-B2, and EXT-C2), identified below:

Supporting Requirement EXT-B1 (1) The hazard would result in equal or lesser damage than the events for which the plant has been designed. This requires an evaluation of plant design bases to estimate the resistance of plant structures and systems to a particular external hazard.

(2) The hazard has a significantly lower mean frequency of occurrence than another event (taking into account the uncertainties in the estimates of both frequencies),

and the hazard could not result in worse consequences than the other event.

(3) The hazard cannot occur close enough to the plant to affect it. Application of this criterion needs to take into account the range of magnitudes of the hazard for the recurrence frequencies of interest.

(4) The hazard is included in the definition of another event.

(5) The hazard is slow in developing, and it can be demonstrated that sufficient time exists to eliminate the source of the threat or to provide an adequate response.

Supporting Requirement EXT-B2 SRP For screening out an external hazard other than seismic events, the design basis for the hazard meets the criteria in the NRC Standard Review Plan (SRP) with justification of the screening if based solely on conformance to SRP.

The ASME/ANS PRA Standard also requires the above qualitative screening to be supported by a review of information on the plants design hazard and licensing basis relevant to the event screened (supporting requirement EXT-B3) as well as a review of any significant changes since the issuance of the original plant operating license for selected events (supporting requirement EXT-B4).

PG&E Letter DCL-24-111 Page 4 of 17 For hazards other than internal events, internal flooding, internal fire, and seismic events, the following criteria provide an acceptable basis for a bounding analysis for a demonstrably conservative analysis per the ASME/ANS PRA Standard:

Supporting Requirement EXT-C1 A The current design-basis hazard event has mean frequency less than 10-5/year, and the mean value of the conditional core damage probability (CCDP) is assessed to be less than 10-1.

B The core damage frequency, calculated using a bounding or demonstrably conservative analysis, has a mean frequency of less than 10-6/year.

As allowed in the ASME/ANS PRA Standard supporting requirements EXT-C2 through EXT-C6, the quantitative screening analyses use the mean frequency and other parameters of design-basis hazards. For the remaining other hazards, either realistic or conservative models (i.e., an Internal Event model that meets the system-analysis requirements in Part 2 of the ASME/ANS PRA Standard) identifying those structures, systems, and components (SSCs) vulnerable to the hazard and data (i.e., the hazard analysis and any fragility analysis) were used.

Table E4-1 provides the external hazards evaluated, identifies the applicable screening criteria, summarizes the evaluation, and provides a disposition for the RICT Program.

From Reference 9, PG&E response to Audit Question APLC-01 A short summary of the evaluations for aircraft impact, extreme wind or tornado, hurricane and tsunami (assumptions, data sources, methodology and results) are included below.

Aircraft crashes were assessed in accordance with the guidance of U.S. NRC Standard Review Plan (SRP) NUREG-0800, Section 3.5.1.6, Aircraft Hazards. A detailed evaluation of aircraft hazards was performed; e.g., quantitative analysis using the formula provided in Section 3.5.1.6 of NUREG-800. Nearby airport information was collected from the FlightAware website, FltPlan.com and SkyVectorAeronautical Charts which includes types of aviation transient landing and departure operations and airways near DCPP. Flight data was generated by the Air Traffic Organization, System Operations Services, Data Management office using the FAA Traffic Flow Management System (TFMS) repository. The core damage frequency is calculated by risk impact of building failures using the conditional core damage probability of the buildings (which is taken from the PRA model) and the aircraft impact frequency. The total CDF induced by aircraft crash at Diablo Canyon Unit 1 is less than 1E-06 per year. Unit 2 is expected to have a similar risk from aircrafts due to the shared building structures and near identical non-shared building structures. Since the total CDF resulting from aircraft crash is below Screening Criterion B of Supporting Requirement [EXT-C1] of ASME/ANS RASb-2013, the aircraft crash hazard from airways can be screened out.

Tornado wind hazard is assessed using frequencies from ARA-002233002233 Tornado Missile

PG&E Letter DCL-24-111 Page 5 of 17 TORMIS 2014 Analysis of DCPP, and using the conditional core damage probability for a loss of offsite power due to severe weather (with no recovery) from the PRA model. It is noted that the TORMIS methodology has only been used to support PRA model screening of the tornado external hazard and it is not included in the DCPP design and licensing basis. The result for lower wind speed tornados is a core damage frequency less than 1E-06, which screens out. It is assumed that DCPP can withstand at least a 200 mph wind without major damage (such as collapse of a wall or overturning of a structure) and a maximum of 300 mph tornado wind speeds without causing a LOCA or structural damage impairing containment integrity. (Section 3.3 of Units 1 and 2, Diablo Canyon Power Plant Final Safety Analysis Report Update (UFSAR), Pacific Gas and Electric Company). For these high wind speed tornados, the frequency of occurrence is much less than 1E-09 per year. With such low initiator frequencies, it is judged that tornado wind-initiated scenarios are insignificant contributors to the overall core damage frequency and, therefore screened out.

Tornados missiles are assessed using the frequency of a tornado striking the site estimated from the DCPP Tornado Hazard Curves from ARA-002233002233 Tornado Missile TORMIS 2014 Analysis of DCPP. The tornado data used in this study was downloaded from the NOAA SPC website for the years 1950 - 2013. This data has the same source of information as the NCDC Storm events database and is the source of almost all publications and research into tornado hazards in the U.S. The impact of this external event is a loss of offsite power and the conditional core damage probability for loss of offsite power is taken from the PRA model. The core damage frequency from tornado winds is less than 1E-06 and therefore not significant. Tornado missiles are evaluated using the TORMIS process. The damage frequencies are calculated from TORMIS and the risk impact of the target failures are taken from the PRA model. Scenarios involving tornado missiles have been evaluated with a core damage frequency of less than 1E-06 per year for Unit 1. Unit 2 has a similar impact. This CDF frequency is low enough to be screened out per Screening Criterion B.

Hurricanes are evaluated based on a frequency of exceedance corresponding to a failure of the outdoor storage tanks, conservatively resulting in core damage. An extreme value distribution was created from a dataset of hurricanes in the region of DCPP. The parameters of the distribution were estimated using the method of moments technique. Conservatively assuming a hurricane with a wind speed greater than 150 mph that leads to core damage yields a CDF less than 1E-06 per year. This CDF frequency is low enough to be screened out per screening Criterion B.

Tsunamis are evaluated by calculating the frequency of exceedances of a wave that would impact the intake structure ASW pumps via the ASW pump room ventilation snorkels. Tsunami frequencies were taken from "Methodology for Probabilistic Hazard Analysis: Trial Application for the Diablo Canyon Power Plant Site. The tsunami risk takes into account the failure of the ASW pump room water-tight door failure, tsunami warning alert, and operator error to close the water-tight doors. The conditional core damage probability of a loss of the Auxiliary Saltwater (ASW) system is used to calculate the overall core damage frequency (CDF) from a large wave. The calculated CDF is less than 1E-06 per year and is low enough to be screened out per screening

PG&E Letter DCL-24-111 Page 6 of 17 Criterion B.

The TORMIS methodology is not included in the DCPP design and licensing basis. PG&E had planned to submit an LAR for TORMIS to address tornado missile protection for some plant components, however due to complications for other licensees in obtaining NRC approval of use of TORMIS methodology, PG&E instead utilized the NEI 17-02 Revision 1B, Tornado Missile Risk Evaluator (TMRE) Industry Guidance Document, Nuclear Energy Institute, September 2018, method through 10 CFR 50.59.

As described in UFSAR Section 3.3.2.5.1 "Major Findings of the Tornado Analysis," the following components have been concluded to not require additional physical protection from tornado missiles based on the low safety significance associated with their exposures as determined by the TMRE method (described in UFSAR Section 3.3.2.6.3):

Diesel generator engine exhaust lines

Diesel generator ventilation system exhaust plenums

Large Diameter 4.16 kV raceways routed through the 12 kV switchgear rooms

Class 1E raceways containing Diesel Generator 2-3 circuits routed along the 140 elevation of the Unit 2 Turbine Building and through the 12 kV switchgear room Since PG&E has not previously used the TORMIS methodology as a basis for the DCPP plant design and licensing basis, a comparison of TORMIS methodology for consistency with the items of consideration in the safety evaluation report that approved its use (as described in RIS 2008-14, and RIS 2015-06) was not required and was not previously performed.

PG&E has used site specific data developed using the TORMIS methodology as part of the data used for the PRA model screening of the tornado external hazard. Data from NUREG/CR-4461, Revision 2, "Tornado Climatology of the Contiguous United States",

February 2007 was also used.

In the PRA Calculation File X.1 for PRA Other External Event screening, the TORMIS method was not used for a licensing basis to preclude installation of tornado missile protection for SSCs as described in TORMIS Safety Evaluation and RIS 2008-14 and RIS 2015-06. Data from the TORMIS calculation performed in ARA-002233002233 Tornado Missile TORMIS 2014 Analysis of DCPP, is used to estimate probabilistic risk associated with tornado missiles.

The TORMIS methodology is not included in the DCPP design and licensing basis as addressed in the SER for missile protection.

PG&E Letter DCL-24-111 Page 7 of 17 Table E4-1 Evaluation of Risks from External Hazards External Hazard Screening Criteria Evaluation Disposition for RICT Program Aircraft Impact SRP, B The total core damage frequency (CDF) induced by an aircraft crash at Diablo Canyon Unit 1 is 7.43-07 per year. Unit 2 is expected to have a similar risk from aircrafts due to the shared building structures and near identical non-shared building structures.

Projected air traffic from the small airport and airways does not pose a significant safety impact to Diablo Canyon based on the design of the facility and the low frequency of core damage due to such events. Impacts that were evaluated to cause structural failures result in direct core damage, and therefore have no impact on the RICT Program calculations. The consequences of a lesser impact are bounded by a loss-of-offsite power (LOOP) event, which is already included in the PRA model. It is therefore concluded that no additional PRA model for aircraft impacts is required in order to assess configuration risk for the RICT Program.

Avalanche 3

Location of the site does not support heavy snowfall and accumulation that may cause an avalanche.

Since the event is not credible, no PRA model for an avalanche is required to assess configuration risk for the RICT Program.

Biological Event 4, 5 Excessive fouling by slime is not expected in a 24-hour period. Slime buildup occurs over a period of several weeks and is controlled by chlorination over the long term. Rapidly occurring biological plugging can occur at Diablo Canyon, such as an intermittent concentration of salp, a gelatinous marine invertebrate at the cooling water intake cove that can cause the plant to ramp down in power, with the Biological events are bounded by the existing internal events PRA modeling, therefore, no additional PRA model for biological events is required to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 8 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program possibility of a reactor trip or a loss of condenser vacuum. Both of these consequences are currently modeled in the PRA as reactor trip and loss of condenser vacuum initiators. Since the impact of the above biological events is accounted for via the associated internal initiating events, these biological events are screened from further analysis.

Coastal Erosion 4, SRP This is a very slow process; there is a long lead time to respond by placing the units into cold shutdown.

The bedrock beneath the power plant site occupies the southerly flank of a major syncline that trends west to northwest. No evidence of a major fault has been recognized within or near the coastal area, and the bedrock relationships in the exploratory trenches positively indicate that no such fault is present within the area of the plant site.

Due to the long lead time available to respond to coastal erosion, the plant would be in cold shutdown and therefore no additional PRA model for the impact of coastal erosion is required to assess configuration risk for the RICT Program.

Drought 3

The ultimate heat sink is the Pacific Ocean; the plant is not adversely impacted by drought conditions.

Since the event has no adverse impact, no PRA model for drought conditions is required to assess configuration risk for the RICT Program.

External Flooding SRP, A, B It is unlikely that the reservoirs can fail in such a way to pose a threat to the plant; however, a worst case scenario is still evaluated to conservatively estimate the hazard. Reservoirs 1-A and 1-B are holding reservoirs (Reservoir 1-B is behind 1-A, and is located nearly 500 feet from the edge of the hillside).

Assuming that both reservoirs lose all their water and that the entire volume of water flows toward the plant, the area covered by the flood is taken to be the triangle formed by the closest point of Reservoir 1-A to the plant (800 feet), and the north and south sides External flooding scenarios do not pose a significant safety impact to Diablo Canyon based on the design of the facility and conformance to the SRP. It is therefore concluded that no PRA model for external flooding scenarios is required in order to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 9 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program of the plant (800 feet). This area is approximately 320,000 square feet. If the entire reservoir inventory is applied to this area, the depth of flooding will be approximately 2 feet at the back of the plant. The flood will only be temporary and not sustained.

Results of the hydrologic and hydraulic analysis indicate that no safety-related SSCs are inundated by a probable maximum flood (PMF). The 230kV switchyard (non-safety related) would be inundated during the PMF event; however, this type of event is already included in the definition of a severe weather-related LOOP. All other Diablo Canyon facilities and site features remain above the calculated PMF water surface levels, including the intake structure and the entire power block, which consists of the fuel handling building, the auxiliary building, the turbine building, and the two containment buildings.

Extreme Wind or Tornado B

The conservative strike frequency of a tornado is 7.0 x 10-5 per year. The CCDP for LOOP due to severe weather with no recovery is estimated to be 5.16 x 10-4. The conservatively estimated CDF for a tornado event is then 3.92 x 10-8 per year.

Tornado missile scenarios have been conservatively evaluated with a CDF of 2.05 x 10-7 per year (Unit 2 has a similar impact).

A conservative evaluation of an extreme wind or tornado event demonstrated an insignificant contribution to CDF. It is therefore concluded that no PRA model for extreme winds and tornadoes is required in order to assess configuration risk for the RICT Program.

Fog 4

There is no direct impact to CDF and LERF due to fog; however the indirect impact of fog, such as impact on aircraft crash frequency, accident data includes the effect of fog.

Since the event has no direct adverse impact not already addressed by another events, no PRA model for fog conditions is required to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 10 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program Forest or Range Fire 1, 4 The area immediately around the plant site boundary is not heavily wooded, and is adjacent to the Pacific Ocean. The hazard from external fires to the plant is remote and the impact of external fires on the offsite grid have been accounted for in the LOOP initiating events.

External fire impacts are bounded by the existing internal events PRA modeling, therefore, no additional PRA model for external fires is required to assess configuration risk for the RICT Program.

Frost 4

Frost may impact the switchyard and grid. The frequency of a LOOP initiator includes the impact of frost, and the contribution of frost is judged to be negligible.

Frost impacts are bounded by the existing internal events PRA modeling; therefore, no additional PRA model for frost events is required to assess configuration risk for the RICT Program.

Hail 4

The impact of hail on offsite power is included in the frequency of LOOP analysis. The contribution to the overall risk is judged to be negligible.

Hail impacts are bounded by the existing internal events PRA modeling; therefore, no additional PRA model for hail events is required to assess configuration risk for the RICT Program.

Heavy Load Drop SRP Maintenance activities are the cause of heavy load drops, and as such, are controlled and evaluated under the 10 CFR 50.65 (a)(4) risk assessment process on a case-by-case basis. The DCPP design basis for heavy load drops, single-failure-proof heavy load handling systems and the control of heavy load program at the plant satisfy the SRP Screening Criteria.

A heavy load drop is not judged to have any significant impact on the calculation of RICTs.

High Summer Temperature 4

The impact of a high-temperature environment on equipment performance is included in equipment failure data.

Since there is no unique impact on plant operation not already considered in the PRA models, no additional PRA model for high summer temperature events is required to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 11 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program High Tide, Lake Level, or River Stage 4

The impact is already considered for External Flooding.

Since the event has no adverse impact not already addressed by another event, no PRA model for high water conditions is required to assess configuration risk for the RICT Program.

Hurricane B

Conservatively assuming a hurricane with a wind speed of 150 mph leads to core damage, this yields a CDF of 5.0 x 10-7 per year, which is below the screening criterion B. Therefore, it is judged that hurricane-initiated scenarios are insignificant contributors to the overall CDF.

The frequency of a hurricane leading to core damage is well below 1 x 10-6 per year, It is therefore concluded that no PRA model for hurricanes is required in order to assess configuration risk for the RICT Program.

Ice Cover 4

May impact the switchyard and grid. The frequency of a LOOP initiator includes the impact of ice cover.

Ice impacts are bounded by the existing internal events PRA modeling, so no additional PRA model for ice events is required to assess configuration risk for the RICT Program.

Industrial or Military Facility Accident 3

Nearby industrial and military facilities with the potential to store or use hazardous materials are all located at distances greater than five miles from the site. Chemicals stored, used, or situated at distances greater than five miles from the plant do not need to be considered because, if a release occurs at such a distance, atmospheric dispersion will dilute and disperse the incoming plume to such a degree that either the toxic limits would never be reached or there would be sufficient time for the control room operators to take appropriate action. In addition, the probability of a plume remaining within a given sector for a long period of time is small. Due to very limited industry within San Luis Obispo County and the distances involved, any hazardous products or materials Nearby facility accidents do not pose a significant safety impact to Diablo Canyon.

It is therefore concluded that no PRA model for nearby facility accidents is required in order to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 12 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program manufactured, stored, or processed in the areas beyond five miles from the site are not considered to be a significant hazard to the plant and, as such, the explosion, fire, and toxic gas hazards can be screened out.

Intense Precipitation 4, A The water depth above the door thresholds and areas to the west of the turbine and buttress buildings due to a local intense precipitation event varied between 0.05 ft. and 0.68 ft., with six of the doors/areas showing no inundation. The total force due to hydrostatic and hydrodynamic loading from the event was generally small for all the doors and safety-related structures, varying from 1 to 35 lb/ft for doors and areas experiencing inundation. Forces due to the associated local intense precipitation flood event effects will not adversely impact the doors or power block and surrounding structures. The safety-related fuel oil transfer equipment is elevated six inches above grade, and therefore would not experience any flooding.

Since there are no adverse impacts from intense precipitation events, no PRA model is required in order to assess configuration risk for the RICT Program.

Landslide 3

Earthquake loading as a result of an earthquake on the Hosgri fault zone following periods of prolonged precipitation will not produce any significant slope failure that can impact the Class I structures and equipment. In addition, potential slope failures under such conditions will not adversely impact other important facilities, including the raw water reservoirs, the 230 kV and 500 kV switchyards, and the intake and discharge structures. Potential landslides may temporarily block the normal paved south access road at several locations. However, there is considerable Since there are no adverse impacts from landslide events, no PRA model is required in order to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 13 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program room adjacent to and north of the paved road to reroute emergency traffic. There is also an unpaved north access road that may be used. Therefore, landslides can be screened out.

Lightning 1, 4 The plant contains lightning protection in the plant design. The impact on offsite power is included in the LOOP frequency evaluation. The contribution to the overall risk is judged to be negligible.

Since the event has no adverse impact not already addressed by another event, no PRA model for lightning events is required to assess configuration risk for the RICT Program.

Low Lake Level or River Stage 3

Not applicable to Diablo Canyon.

Since the event is not applicable, no PRA model is required to assess configuration risk for the RICT Program.

Low Winter Temperature 1, 4 Evaluation performed to assess potential for cold weather to impact Diablo Canyon reliability has concluded the probability for cold weather impact is low. The impact on equipment has been included in the component (independent and common-cause) failure rates. Thermal stresses and embrittlement are usually insignificant and covered by design codes and standards for the plant design.

Since there is no unique impact on plant operation not already considered in the PRA models, no additional PRA model for low winter temperature events is required to assess configuration risk for the RICT Program.

Meteorite or Satellite Impact 2

The probability of the event is less than 1 x 10-9 per year per Reference 6.

A meteorite or satellite impact is not judged to have any significant impact on the calculation of RICTs.

Pipeline Accident 3, 4 No natural gas or other pipelines pass within five miles of the plant site. The onsite hazardous buried piping at the Diablo Canyon plant site are those owned by PG&E; which may carry diesel fuel oil, hydrogen, etc. However, fire and rapid combustion resulting from fuel oil and hydrogen are evaluated separately in the Diablo Canyon Fire PRA. As such, There are no pipelines in sufficient proximity to the plant site to cause a significant hazard. Since there is no unique impact on plant operation not already considered in the PRA models, no additional PRA model for pipeline accidents

PG&E Letter DCL-24-111 Page 14 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program rupture of the hydrogen line and the potential rapid combustion that may result are not re-evaluated. The other buried pipes containing hydrocarbons are mainly the diesel fuel oil and waste oil pipes; which are not in the form of toxic gas and have an extremely low likelihood of rapid combustion.

is required to assess configuration risk for the RICT Program.

Release of Chemicals in Onsite Storage 1

Hazards due to explosion, toxicity, or asphyxiation were evaluated and it was concluded that they pose no hazard to the control room personnel and PRA equipment. Any toxic gas that may be generated from the accidental release of onsite chemicals would not impact the control room habitability. Therefore, release of chemicals in onsite storage can be screened out.

There are no chemicals onsite that can cause a significant safety hazard. It is therefore concluded that no PRA model for chemical releases is required in order to assess configuration risk for the RICT Program.

River Diversion 3

Not applicable to the Diablo Canyon site.

Since the event is not applicable, no PRA model is required to assess configuration risk for the RICT Program.

Sandstorm 3, 4 Sandstorms are included in the evaluation for extreme winds and tornados. They are judged to be insignificant in occurrence, frequency, and risk.

A sandstorm impact is judged to not have any significant impact on the calculation of RICTs.

Seiche 1, SRP Seiche effects on intake cove wave heights are less than 3.2 ft of the maximum crest wave level inside the breakwaters of 12.8 ft, and are therefore, not a concern. The maximum expected water volume loss from each of the raw water storage reservoirs is 14,684 gallons. The raw water storage reservoirs are able to perform their design function with only one million gallons per reservoir. As such, loss of 14,684 gallons is not significant.

A seiche has no adverse impact and therefore no PRA model is required to assess configuration risk for the RICT Program.

PG&E Letter DCL-24-111 Page 15 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program Sink Holes 1, 5 The site suitability evaluation and site development for the plant are designed to preclude the effects of this hazard.

Sink hole impacts are not a credible event therefore, no PRA model is required to assess configuration risk for the RICT Program.

Snow 3

The location of the site is such that it does not experience heavy snowfall that could impact the switchyard and grid.

Snow impacts are not a credible event therefore, no PRA model is required to assess configuration risk for the RICT Program.

Soil Shrink-Swell Consolidation 1, 5 This event is a slow process. Contribution to the overall risk is judged to be negligible. The site suitability evaluation and site development for the plant are designed to preclude the effects of this hazard.

A slowly developing soil shrink-swell consolidation event is not judged to have any significant impact on the calculation of RICTs.

Storm Surge 4

The maximum estimated wave height outside the breakwaters was found to be 44.6 ft. The maximum crest wave level inside the breakwaters was 12.8 ft.

While seiche effects were noted in the intake cove, the wave heights were found to be less than 3.2 ft of the maximum estimated wave height, and are, therefore, not a concern.

A storm surge has no adverse impact and therefore no PRA model is required to assess configuration risk for the RICT Program.

Toxic Gas 4

See the table entries for Release of Chemical in Onsite Storage and Industrial Accidents.

Transportation Accident 3, B Various scenarios involving shipping hazards to the plant were analyzed. Scenarios involving ship breakthrough over the breakwater in its normal state (not degraded by heavy wave action) were shown to be not possible due to the speed required to generate the kinetic energy needed to physically force a passage through the breakwater. Scenarios involving Transportation accidents involving ships cannot cause damage to the plant under normal conditions, and are shown to have a bounding CDF of significantly less than 1 x 10-6 per year for degraded conditions. It is therefore concluded that no PRA model for transportation accidents is required in

PG&E Letter DCL-24-111 Page 16 of 17 External Hazard Screening Criteria Evaluation Disposition for RICT Program oil spills and other floating debris were also shown to not have a significant consequence. Analysis scenarios involving a degraded breakwater, and therefore greatly increasing the possibility of a ship arriving in the intake cove, result in an estimated CDF of 2.90 x 10-8 per year. Scenarios involving a ship blocking the flow of water into the intake cove result in a conservatively estimated CDF of 2.91 x 10-8 per year. Both of these CDF frequencies are low enough to be screened out.

order to assess configuration risk for the RICT Program.

Tsunami 4, B Flooding of the intake structure due to a tsunami has an estimated CDF of 2.2 x 10-8 per year, which is low enough to be screened out.

A tsunami is shown to have a bounding CDF of significantly less than 1 x 10-6 per year. It is therefore concluded that no PRA model for tsunamis is required in order to assess configuration risk for the RICT Program.

Turbine-Generated Missiles SRP Factory test procedures, redundancy in the control system, and routine testing of the main steam valves and the mechanical emergency over-speed protection system while the unit is carrying load make the generation of missiles by a turbine runaway that might penetrate the turbine casing highly improbable.

Therefore, turbine missiles can be screened out based upon conformance with the SRP.

Based on screening due to low probability, it is concluded that no additional PRA model for turbine missile accidents is required in order to assess configuration risk for the RICT Program.

Volcanic Activity 3

Not applicable, no active volcanic mountains are near the plant.

Volcanic activity is not applicable to Diablo Canyon; therefore, no PRA model is required in order to assess configuration risk for the RICT Program.

Waves 4

See the table entry for External Flooding.

PG&E Letter DCL-24-111 Page 17 of 17 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.

4. NUREG/CR-2300, PRA Procedures Guide, A Guide to the Performance of Probabilistic Risk Assessments for Nuclear Power Plants, Volume 2, January 1983.

(ADAMS Accession Nos. ML063560440).

5. NUREG-1407, Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities, April 1991. (ADAMS Accession No. ML063550238)

6. NUREG/CR-5042, Evaluation of External Hazards to Nuclear Power Plants in the United States, December 1987. (ADAMS Accession Nos. ML111950285, ML14196A083).

7. NUREG-1150, Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, December 1990. (ADAMS Accession Nos. ML040140729, 120960691, 16281A233, 16284A005).

8. Pacific Gas and Electric Company, Units 1 and 2, Diablo Canyon Power Plant Final Safety Analysis Report Update, (UFSAR), Section 2.

9. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

PG&E Letter DCL-24-111 Page 1 of 3 Baseline Core Damage Frequency and Large Early Release Frequency

PG&E Letter DCL-24-111 Page 2 of 3 Section 4.0, Item 6 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide the plant-specific total core damage frequency (CDF) and large early release frequency (LERF) to confirm applicability of the limits of Regulatory Guide (RG) 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1 (Reference 3). (Note that RG 1.174, Revision 3

[Reference 4], issued by the NRC in January 2018, did not revise these limits.)

This enclosure demonstrates that the Diablo Canyon total CDF and total LERF are below the guidelines established in RG 1.174. RG 1.174 does not establish firm limits for total CDF and LERF, but recommends that risk-informed applications be implemented only when the total plant risk is no more than 10-4/year CDF and 10-5/year LERF. Demonstrating that these limits are met confirms that the risk metrics of NEI 06-09-A may be applied to the Diablo Canyon Risk-Informed Completion Time (RICT)

Program.

Table E5-1 provides the CDF and LERF values that resulted from a quantification of the baseline average annual models (designated DC05A) which include contributions from internal events (including internal flooding), fire, and seismic hazards. Other external hazards are below the accepted screening criteria and therefore do not contribute significantly to the totals (see Enclosure 4).

Table E5-1: Total Baseline Average Annual CDF/ LERF Unit 1 Unit 2 Hazard CDF (per rx-yr)

LERF (per rx-yr)

CDF (per rx-yr)

LERF (per rx-yr)

Internal Events 4.76E-06 8.66E-08 4.76E-06 8.66E-08 Internal Flooding 7.61E-06 7.28E-08 6.48E-06 6.96E-08 Seismic 2.96E-05 5.22E-06 2.96E-05 5.22E-06 Fire 4.60E-05 1.43E-06 3.99E-05 1.32E-06 Total 8.80E-05 6.81E-06 8.08E-05 6.70E-06 NOTE: The ASME/ANS PRA Standard, states the units "per reactor year" (per rx yr in this table) and "per calendar year" are equivalent.

As demonstrated in the table, the total CDF and total LERF for each unit are within the guidelines of RG 1.174 to permit small changes in risk that may occur during RICT Program implementation of extended Completion Times. Therefore, the Diablo Canyon RICT Program is consistent with the NEI 06-09-A guidance.

PG&E Letter DCL-24-111 Page 3 of 3 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1, November 2002. (ADAMS Accession No. ML023240437).

4. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3, January 2018. (ADAMS Accession No. ML17317A256).

PG&E Letter DCL-24-111 Page 1 of 1 Justification of Application of At-Power Probabilistic Risk Assessment Models to Shutdown Modes This enclosure is not applicable to the Diablo Canyon submittal. Pacific Gas &

Electric Company is not proposing to apply the Risk-Informed Completion Time Program during shutdown modes.

PG&E Letter DCL-24-111 Page 1 of 5 Probabilistic Risk Assessment Model Update Process

PG&E Letter DCL-24-111 Page 2 of 5 Summary Section 4.0, Item 8 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request (LAR) provide a discussion of the licensees programs and procedures which assure the probabilistic risk assessment (PRA) models that support the Risk-Informed Completion Time (RICT)

Program are maintained consistent with the as-built/as-operated plant.

This enclosure describes the administrative controls and procedural processes applicable to the configuration control and update of the PRA models used to support the RICT Program, to ensure that these models reflect the as-built/as-operated plant.

Plant changes, including modifications and procedure changes, will be identified, reviewed, and evaluated prior to implementation to determine whether they could impact the PRA models. The Configuration Control Program will ensure these plant changes are incorporated into the PRA models as appropriate. The process will include discovered conditions and errors associated with the PRA models, which will be addressed by the Diablo Canyon Corrective Action Program.

Should a plant change or a discovered condition be identified that has a potential significant impact to the RICT Program calculations as defined by the Configuration Control Program, an interim update of the PRA model will be implemented. Otherwise, the PRA model change is incorporated into a subsequent periodic model update. Such pending changes are considered when evaluating other changes until they are fully implemented into the PRA models.

PRA Model Update Process Internal Event, Internal Flood, Fire, and Seismic Event PRA Models Maintenance and Update The Diablo Canyon risk management process ensures that the applicable PRA model used for the RICT Program reflects the as-built/as-operated plant for each of the two Diablo Canyon units. The PRA configuration control process delineates the responsibilities and guidelines for updating the full power internal event, internal flood, fire, and seismic PRA models, and includes both periodic and interim PRA model updates. Any PRA model change that meets the criteria for an upgrade will be subject to a peer review.

Diablo Canyon Procedures TS3.NR1, Diablo Canyon Power Plant, Departmental Administrative Procedure, Probabilistic Risk Assessment (Reference 3), and AWP E-028, Diablo Canyon Power Plant, Administrative Work Procedure, PRA Model Maintenance and Upgrades (Reference 4), control the update and maintenance of the PRA models. These procedures are in full compliance with ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications (Reference 5), for PRA model maintenance and update. Procedure AWP E-028 requires an update to be periodically initiated to reflect

PG&E Letter DCL-24-111 Page 3 of 5 industry operating experience, plant design, and procedure changes. An update of the PRA model data, including initiating event, component reliability, and common cause data, is also required. The process includes guidance on identifying, evaluating, and documenting potential impacts to the Diablo Canyon PRA models (e.g., due to plant changes, plant/industry operational experience, or errors or limitations identified in the model). Guidance is also provided for assessing the individual and cumulative risk impacts of pending changes, and controlling the versions of the PRA and Configuration Risk Management Program (CRMP) models.

Review of Plant Changes for Incorporation into the PRA Model (1) Plant changes or discovered conditions are reviewed for potential impact on the PRA models, including the CRMP model and the subsequent risk calculations that support the RICT Program (NEI 06-09-A: Section 2.3.4, Items 7.2 and 7.3, and 2.3.5, Items 9.2 and 9.3).

(2) Plant changes that meet the criteria defined in the PRA Configuration Control Program (including consideration of the cumulative impact of other pending changes) will be incorporated into the applicable PRA model(s) as an interim update, consistent with the NEI 06-09-A guidance. Otherwise, the change is assigned a priority and is incorporated at a subsequent periodic update consistent with procedural requirements. (NEI 06-09-A: Section 2.3.5, Item 9.2)

(3) PRA updates for plant changes are initiated at least once every two refueling cycles (not to exceed 48 months, which is acceptable because (1) a common PRA model is used for both Diablo Canyon units, (2) the Maintenance Rule Program implemented at Diablo Canyon provides assurance that component failures are addressed prior to the development of increasing trends in failure rates, and (3) the Mitigating System Performance Index Program implemented at Diablo Canyon provides assurance that plant changes that have a significant impact on plant risk, including configuration risk, require an interim PRA model/RICT model update). (NEI 06-09-A: Section 2.3.4, Item 7.1, and 2.3.5, Item 9.1).

(4) If a PRA model change is required for the CRMP model, but cannot be immediately implemented for a significant plant change or discovered condition, either:

A. Alternative analyses to conservatively bound the expected risk impact of the change will be performed. In such a case, these alternative analyses become part of the RICT Program calculation process until the plant changes are incorporated into the PRA model during the next update. The use of such bounding analyses is consistent with the guidance of NEI 06-09-A.

B. Appropriate administrative restrictions on the use of the RICT Program will be put in place until the model changes are completed, consistent with the guidance of NEI 06-09-A. (NEI 06-09-A: Section 2.3.5, Item 9.3).

PG&E Letter DCL-24-111 Page 4 of 5 Additional Information Regarding Modeling of Reactor Coolant Pump (RCP) Shutdown Seals TSTF-505, Revision 2 (Reference 6) included a recommended additional LAR content for Enclosure 7 to specifically address the reactor coolant pump (RCP) shutdown seals configuration, PRA modeling of these seals, and peer review of the model.

Each RCP in both units have the Westinghouse Low Leakage Shutdown RCP seals (GEN III SDS seals) installed. All hazard models (internal events including internal flooding, fire, and seismic) credit these seals. The PRA model used for the shutdown seals performance is PWROG-14001-P-A, PRA Model for the Generation III Westinghouse Shutdown Seal, Revision 1 (Reference 7). All the limitations and conditions in the NRC safety evaluation for this report were verified to be satisfied; no exceptions were taken.

The shutdown seal modeling was reviewed and determined to be a maintenance activity and not an upgrade during the fire PRA Appendix X closure review in 2018; therefore, no focused-scope peer review is required for the shutdown seal model implementation.

From Reference 8, PG&E Response to Audit Question APLA04 (Procedures)

The criteria used to assess impact on the RICT Program requires a periodic cumulative assessment of pending changes to the PRA model. If the increase (total from all hazards) is greater than 1E-05/yr for CDF or 1E-06/yr for LERF, the program requires an evaluation of the potential impact on future RICT calculations. If necessary, an interim model update will be required.

The tracking of cumulative risk is automatically performed in real time by the CRMP software. The formal assessment of cumulative risk impacts, as described in Enclosure 11, involves determining the impact on the average annual risk model, and includes consideration of various factors as described in Enclosure 11. This formal assessment, performed each refueling cycle, assesses the planned and emergent use of the RICT Program and the risk impact of its use, and if appropriate, may result in administrative limitations on the RICT program application to ensure the program implementation over long periods of time is conforming to the guidance of RG 1.174.

PG&E Letter DCL-24-111 Page 5 of 5 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. TS3.NR1, Diablo Canyon Power Plant Departmental Administrative Procedure, Probabilistic Risk Assessment.

4. AWP E-028, Diablo Canyon Power Plant, Administrative Work Procedure, PRA Model Maintenance and Upgrades.

5. ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.

6. TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b. (ADAMS Accession No. ML18183A493).

7. PWROG-14001-P-A, PRA Model for the Generation III Westinghouse Shutdown Seal, Revision 1, October 2017. (ADAMS Accession No. ML18019A215 for non-proprietary version of the report).

8. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

PG&E Letter DCL-24-111 Page 1 of 9 Attributes of the Configuration Risk Management Program Model

PG&E Letter DCL-24-111 Page 2 of 9 Introduction Section 4.0, Item 9 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request (LAR) provide a description of probabilistic risk assessment (PRA) models and tools used to support the Risk Informed Completion Time (RICT) Program. This includes identification of how the baseline PRA model is modified for use in the Configuration Risk Management Program (CRMP), consistency of calculated results from the baseline PRA model to the CRMP model, quality requirements applied to the PRA and CRMP, and training and qualification programs applicable to personnel responsible for development and use of the CRMP. This item is also to confirm that the CRMP can be readily applied for each Technical Specification Limiting Condition for Operation within the scope of the plant-specific submittal.

This enclosure describes the necessary changes to the peer-reviewed baseline PRA models for use in the CRMP to support the RICT Program. The process used to adapt the baseline models is demonstrated:

1) To preserve the core damage frequency and large early release frequency quantitative results;

2) To maintain the quality of the peer-reviewed PRA models; and

3) To correctly accommodate changes in risk due to configuration-specific considerations.

Quality controls and training programs applicable for the CRMP are also discussed in this enclosure.

Translation of the Baseline PRA Model for Use in the CRMP The baseline PRA models for internal events, including internal floods, internal fires, and seismic events, are the peer-reviewed models, updated when necessary to incorporate plant changes to reflect the as-built/as-operated plant as discussed in. These models are modified to include changes that are needed to facilitate configuration-specific risk calculations to support the RICT Program implementation.

The baseline models, and the changes made to create the CRMP model used in the RICT Program, are controlled using plant calculations, which include all necessary quality controls and reviews.

The changes to the models needed to properly account for configuration-specific issues, which are either not evaluated in the baseline average annual model or are evaluated based on average conditions encountered during a typical operating cycle, are described in Table E8-1.

PG&E Letter DCL-24-111 Page 3 of 9 TABLE E8-1 CRMP MODEL CHANGES FOR CONFIGURATION-SPECIFIC RISK DESCRIPTION BASIS FOR CHANGE Plant Availability The baseline PRA models account for the time the reactor operates at power by using a plant availability factor. This is appropriate for determining the average annual (time-based) risk; however, the factor is not applicable to the configuration-specific risk calculated for the RICT Program. In order to account for the assumption that the plant is always operating in the RICT Program, the frequency of initiating events that include an availability factor are adjusted. This change is necessary to adjust the modeled initiating event frequencies from a per (calendar) year to per reactor (critical) year basis for use in the CRMP.

From Reference 12, PG&E response to Audit Question APLA06.a:

Some initiating event frequencies in the internal events Diablo Canyon PRA are calculated based on a per calendar year basis by applying an availability factor based on historical plant data.

For the CRMP and the RICT Program calculations of configuration-specific risk while in Modes 1 and 2, these initiating event frequencies will be manually adjusted in the model translation from the PRA to the CRMP model to remove the plant availability factor, and thus increase the frequencies numerically from a per calendar year to a per reactor-critical-year basis.

Maintenance Alignment Probabilities Maintenance alignment probabilities in the baseline PRA models include probabilities that are based on the fraction of the year the equipment is unavailable. For the CRMP model, the actual configuration of equipment is evaluated; therefore, the maintenance alignment probabilities are set to zero. This is also done for the system initiating events that include maintenance contributions.

Excluded Maintenance Combinations The PRA models do not remove excluded maintenance combinations (i.e., both trains of single safety system being simultaneoulsy unavailable); therefore no change to the CRMP model is required.

PG&E Letter DCL-24-111 Page 4 of 9 TABLE E8-1 CRMP MODEL CHANGES FOR CONFIGURATION-SPECIFIC RISK DESCRIPTION BASIS FOR CHANGE Room Cooling Success Criteria The baseline PRA models include conservative success criteria for room cooling and do not use average annual criteria; therefore no changes to the CRMP model for room cooling success criteria are required.

From Reference 12, PG&E response to Audit Question APLA06.b:

The use of design basis data, calculations and testing data are used to establish equipment temperature damage thresholds. Area or room heatup calculations were performed using conservative criteria to establish room temperatures under accident conditions.

The room heatup analysis used to determine room heatup success criteria for DCPP makes a number of conservative assumptions including the following:

1) Conservative external temperatures are assumed in the heatup calculations.

2) The movement of air by natural convection through ventilation ductwork is not modeled when forced ventilation is lost. This is conservative as the heated air is held within each room when forced ventilation is lost and no operator actions are taken.

Because the room heatup calculations used as input to the PRA success criteria include these conservative assumptions no seasonal impacts are included for room heat up in the CRMP model.

Unfavorable Exposure Time (UET) for Anticipated Transient Without Trip (ATWT) Events The current Diablo Canyon core design reflected in the baseline PRA model for ATWT events includes a UET for variable success criteria based on time of core life (i.e., the moderator temperature coefficient early in cycle life). The event is set to the fraction of the year for which the UET applies, and will be changed to a probability of 1 or 0 based on operator input using the CRMP tool, depending on the actual time in the operating cycle.

Diesel Generator (DG) Mission Time The baseline PRA model uses a six-hour mission time for the DGs and Diesel Fuel Oil Transfer System components. A 24-hour mission time is applied in the CRMP model when there is no OPERABLE offsite AC power source.

PG&E Letter DCL-24-111 Page 5 of 9 TABLE E8-1 CRMP MODEL CHANGES FOR CONFIGURATION-SPECIFIC RISK DESCRIPTION BASIS FOR CHANGE Portable Fuel Oil Pump The baseline PRA model includes credit for a backup portable fuel oil pump. This is not credited for the CRMP model when a diesel fuel oil transfer system pump is out of service.

From Reference 12, PG&E response to Audit Question APLA06.c:

The basic event that represents the portable DFO pump will be set to TRUE whenever a DFO transfer pump is out of service. This will be accomplished by mapping the DFO transfer pump component in the CRMP tool to the DFO transfer pump basic event as well as the portable DFO basic event. The operator will only need to select the DFO pump code in the CRMP software tool since the portable DFO pump impact will be preestablished / pre-programmed into the DFO CRMP code.

Charging Pump Recovery Factor The baseline PRA model includes a recovery factor for a failed charging pump. This is not credited for the CRMP model when a charging pump is out of service.

Charging and Safety Injection pumps are credited for inventory make-up in case of a medium LOCA. DCPP PRA success criteria requires that any 2 out of the 4 Safety Injection or Charging pumps function (Charging or Safety Injection) to mitigate a medium LOCA; this was conservatively modeled as 1 of 2 Charging pumps and 1 of 2 Safety Injection pumps. This conservative modeling approach is required due to how these systems are modeled in the DCPP Riskman medium LOCA event tree which includes separate top events for Safety Injection and Charging. With Charging and Safety Injection pumps modeled in separate top events, the model cant distinguish between a success state where two pumps are available versus a success state where only one pump is available.

The medium LOCA recovery model was used to recover specific medium LOCA scenarios. It was assumed that 2 of 4 high-head pumps were required for success; this was conservatively modeled as 1 of 2 Charging pumps and 1 of 2 Safety Injection pumps. If the Charging system is found to be successful (at least 1 of 2 Charging pumps) but both Safety Injection pumps failed, failure of high head injection was assumed. To address this conservatism, when the Charging top event is successful and the Safety Injection top event is failed, a recovery factor equal to 2 times the charging pump train failure probability is used to approximate the reliability of two Charging pumps.

PG&E Letter DCL-24-111 Page 6 of 9 Quality Requirements and Consistency of the PRA Model and CRMP The approach for establishing and maintaining the quality of the PRA models, including the CRMP model, includes both a PRA maintenance and update process (described in ), and the use of self-assessments and independent peer reviews (described in Enclosure 2).

The information provided in Enclosure 2 describes the technical adequacy of the Diablo Canyon internal event, internal flood, fire, and seismic PRA models to conform to the associated industry standards endorsed by Regulatory Guide (RG) 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2 (Reference 4). This information provides a robust basis for concluding that the PRA models are of sufficient quality for use in the RICT Program.

For maintenance of an existing CRMP model, changes made to the baseline PRA model in translation to the CRMP model will be controlled and documented. Procedures address the process for identification and corrective actions to evaluate and disposition model errors and changes to ensure that the models are accurate, as described in. An acceptance test is performed after every CRMP model update to verify that the software works as intended and that quantification results are reasonable.

These above quality requirements satisfy NEI 06-09-A, Section 2.3.5, Item 9.

Training and Qualification The Diablo Canyon PRA staff is responsible for the development and maintenance of the CRMP model. The PRA staff is trained in accordance with the site Engineering Personnel Training Program. Operations and Work Control staffs will use the CRMP for the RICT Program, and these staff are trained in accordance with a program using National Academy for Nuclear Training documents, which is also accredited by the Institute of Nuclear Power Operations.

Application of the CRMP to the RICT Program Scope Diablo Canyon will use the Electric Power Research Institute (EPRI) software Phoenix Risk Monitor, or equivalent. This program is specifically designed by EPRI to support implementation of the RMTS, and is compatible with the PRA model software used at Diablo Canyon. Phoenix will permit the user to evaluate all configurations within the scope of the RICT Program at Diablo Canyon using appropriate mapping of equipment to PRA model elements.

PG&E Letter DCL-24-111 Page 7 of 9 Additional Information Regarding CRMP Modeling Technical Specifications Task Force (TSTF) traveler TSTF-505, Revision 2 (Reference

11) included a recommended additional LAR content for Enclosure 8 to specifically address the development and application of the CRMP model.

There are no seasonal variations in any success criteria for the Diablo Canyon baseline PRA models, and therefore there is no need to adjust the CRMP model.

The CRMP model will account for the impacts of out-of-service structures, systems, and components (SSCs) for both initiating events and event mitigation.

The Diablo Canyon model does not solve for cutsets, therefore there is no issue with maintaining the accuracy of pre-solved cutsets.

The process of creating the CRMP model from the baseline PRA models is controlled by procedures and includes a comparison of the results to ensure the fidelity of the CRMP model. The CRMP model is updated on the same schedule as the baseline PRA models.

Additional Information Regarding Common Cause Failure (CCF) Treatment TSTF-505, Revision 2 (Reference 11) included a recommended additional LAR content for Enclosure 8 to specifically discuss the treatment of CCF for planned maintenance and for emergent conditions.

The CCF modeling methodology follows the guidelines in NUREG/CR-4780, Procedures for Treating Common Cause Failures in Safety and Reliability Studies (Reference 6), and NUREG/CR-5485, Guidelines on Modeling Common-Cause Failures in Probabilistic Risk Assessment (Reference 7), for the identification and modeling of CCF events in the systems models. The CCF groups are generally identified from NUREG/CR-6268, Common-Cause Failure Database and Analysis System: Overview (Reference 8), and NUREG/CR-5497, Common-Cause Failure Parameter Estimations (Reference 9).

The alpha factor method is used to calculate CCF rates, then the results are represented in the system fault tree models as individual basic events for each k-out-of-n CCF failure where k represents the number of components failed out of n total components in the CCF group. For example, a two component CCF group would have two basic events, one-out-of-two failures and two-out-of-two failures.

The Diablo Canyon Riskman model is set up so that if train A is out of service, only the independent failure for train B is modeled; this is consistent with Regulatory Position 2.3.3 and Section A-1.3.2 of Appendix A of RG 1.177, Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications (Reference 10), for equipment removed from service for planned maintenance.

PG&E Letter DCL-24-111 Page 8 of 9 For emergent equipment issues, if the extent of condition evaluation is not complete or does not demonstrate that redundant components are not impacted, then risk management actions associated with the success of redundant SSCs and with reducing the likelihood of initiating events that rely on the affected function will be considered to address the potential increased likelihood of a common cause event. These requirements of the RICT Program are consistent with the guidance of Reference 2.

From Reference 12, PG&E response to Audit Question APLA03 (Key assumptions and sources of uncertainty)

Delta CDF and LERF used to assess the RICT requires a baseline CDF and LERF number to be subtracted from the application CRMP tool CDF and LERF. Baseline CDF and LERF are calculated separately in the Riskman PRA software by crediting and guaranteeing success for those systems guaranteed failed in the CRMP application model. This baseline CDF and LERF is then input in the CRMP software as a single CDF and single LERF value that is the same for all RICT calculations. These success impacts used to calculate baseline CDF and LERF are not included in the CRMP tool model.

Initiating events (including those from the seismic and fire PRA model) that do not credit systems have these systems guaranteed successful in the single baseline CDF and LERF used to calculate all RICTs. The baseline CDF and LERF is subtracted from the CRMP tool CDF and LERF to calculate the RICT. A baseline CDF and LERF with these systems successful is conservative and results in a larger delta CDF/LERF for all configurations and thus a shorter RICT, because the baseline CDF and LERF has no contribution from the system failing.

PG&E Letter DCL-24-111 Page 9 of 9 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238)

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322)

3. TS3.NR1, Diablo Canyon Power Plant Departmental Administrative Procedure, Probabilistic Risk Assessment.

4. Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2, March 2009. (ADAMS Accession No. ML090410014)

5. ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.

6. NUREG/CR-4780, Procedures for Treating Common Cause Failures in Safety and Reliability Studies, Volume 1, January 1988, and Volume 2, January 1989.

7. NUREG/CR-5485, Guidelines on Modeling Common-Cause Failures in Probabilistic Risk Assessment, June 1998.

8. NUREG/CR-6268, Common-Cause Failure Database and Analysis System: Event Data Collection, Classification, and Coding, Revision 1. (ADAMS Accession No. ML072970404)

9. NUREG/CR-5497, Common-Cause Failure Parameter Estimations, October 1998.

10. Regulatory Guide 1.177, Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications, Revision 2. (ADAMS Accession No. ML20164A034)

11. TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b. (ADAMS Accession No. ML18183A493)

12. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

PG&E Letter DCL-24-111 Page 1 of 12 Key Assumptions and Sources of Uncertainty

PG&E Letter DCL-24-111 Page 2 of 12 Introduction Section 4.0, Item 10 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide a discussion of how the key assumptions and sources of uncertainty were identified, and how their impact was assessed and dispositioned.

This enclosure provides a discussion of how the key assumptions and sources of uncertainty for each of the probabilistic risk assessment (PRA) models used for the Risk-Informed Completion Time (RICT) Program were identified, assessed, and dispositioned for the RICT Program.

Process for Identification of Key Assumptions and Sources of Uncertainty Sources of model uncertainty and related assumptions, are defined consistent with Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2 (Reference 3) and ASME/ANS RA-Sa-2009, American Society of Mechanical Engineers (ASME)/American Nuclear Society (ANS) Probabilistic Risk Assessment (PRA) Standard (Reference 4), and have been identified for the Diablo Canyon baseline PRA models using the guidance of NUREG-1855, Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making (Reference 5), and EPRI TR-1016737, Treatment of Parameter and Model Uncertainty for Probabilistic Risk Assessment (Reference 6). These were reviewed by the respective hazard PRA peer review teams and closure review teams (see Enclosure 2).

The detailed process of identifying, characterizing, and qualitative screening of model uncertainties is in Section 5.3 of Reference 5 and Section 3.1.1 of EPRI TR-1016737.

The process in these references was mostly developed to evaluate the uncertainties associated with the internal events PRA model; however, the approach can be applied to other types of hazard groups. The approach taken is to review the assumptions and sources of uncertainty for each PRA model to identify the items which may be directly relevant to the RICT program calculations.

Disposition of Key Assumptions and Sources of Uncertainty The list of assumptions and sources of uncertainty were reviewed to identify those that would be significant for the evaluation of configuration-specific changes in risk in the RICT Program. If a Diablo Canyon model uses a nonconservative treatment identified as having a non-negligible impact, or uses methods that are not commonly accepted, the underlying assumption or source of uncertainty was reviewed to determine the impact on the RICT Program calculations. This evaluation meets the intent of steps C-1 and E-1 of NUREG-1855. To assess the impact of these sources of uncertainties on the RICT Program application, a review of the base-case sources of uncertainty for the PRA

PG&E Letter DCL-24-111 Page 3 of 12 models was performed. Each identified uncertainty was evaluated with respect to its potential to significantly impact the calculated RICTs. This evaluation meets the intent of the screening portion for steps C-2 and E-2 of NUREG-1855.

Key assumptions and sources of uncertainty for the RICT Program application not screened as discussed above are identified and dispositioned in Table E9-1.

From Reference 7, Response to Audit Question APLA02 (Process for reviewing key assumptions and sources of uncertainty)

As part of the implementation of TSTF-505 at Diablo Canyon, PG&E updated its PRA documentation to include the justification for each baseline PRA model assumption and source of uncertainty relevant to the TSTF-505 application to ensure that future updates consider possible impacts that could affect the RICT Program.

The calculation of configuration risk differs from the calculation of baseline risk in the following areas:

Equipment unavailabilities (i.e., maintenance, surveillance testing, etc.) are set to zero or one, based on actual configurations.

Actual plant alignments for equipment in operation are set, rather than assuming an alignment or a split fraction based on plant operation over time.

The numeric results are per reactor-critical-year, without reducing the resulting CDF and LERF by the plant availability factor.

Equipment recovery probabilities used in the baseline PRA models are not applied for unavailable equipment in the CRMP model.

The screening process considered these differences between configuration risk assessments and baseline risk assessments to identify those assumptions and sources of uncertainty that would be key for the TSTF-505 application.

In addition, recent approved TSTF-505 LARs for similar Westinghouse 4-loop NSSS design plants were reviewed, including RAI responses and the NRC safety evaluations, to identify any generic assumptions or sources of uncertainty found to be key for TSTF-505, that might therefore also be applicable to Diablo Canyon. No additional items were identified. Therefore, the Diablo Canyon identification of key assumptions and sources of uncertainty are judged to be complete and adequate to support the RICT Program.

From Reference 7, Response to Audit Question APLA03 (Key assumptions and sources of uncertainty)

a. Dual unit trips are not considered in the single-unit model (except for seismic events). The LAR further identifies that this approach is nonconservative because the plant equipment credited may be required by the second unit and be

PG&E Letter DCL-24-111 Page 4 of 12 unavailable for crosstie. The LAR disposition to this uncertainty item states that shared systems and equipment between the units will be identified in procedures for RICT Program implementation so that consideration of additional risk management actions will be made.

a.i Explain how the RICT program procedures will capture the unavailability of shared SSCs.

PG&E Response:

(Diesel Generators, 4KV buses, direct current (DC) power), and Diesel Fuel Oil.

The RICT program will capture the actual unavailability of shared components by including their impacts in the CRMP tool. For example, if ASW pump 2-2 is out of service, this will be modeled in the CRMP tool and any risk impacts to Unit 1 will be assessed.

a.ii Describe the process that will be used (for shared systems) for identifying and selecting additional risk management actions.

PG&E Response:

The process used to identify risk management actions for shared system components would not be any different for shared components than the process described in 2 of the LAR.

Risk insights from the CRMP tool will be used to identify SSCs that are most important for a CDF and/or a LERF perspective.

Aside from actions that protect important OPERABLE components, the RMA process will also consider actions that:

o Increase awareness and control of activities, o Reduce duration of maintenance activities, and o Reschedule other maintenance activities.

b. Charging and safety injection (SI) pumps are credited for inventory makeup for a medium loss of coolant accident, and it is assumed that two of the four highpressure injection pumps are required for success. The LAR states that this was conservatively modeled as 1 out of 2 charging pumps and 2 out of 2 SI pumps.

The LAR further states that this is modeled conservatively, and the model is further adjusted by an assumed recovery factor to offset this conservatism when all support for the function is available.

However, the LAR states that this assumption is not conservative whenever a charging pump is unavailable and the safety injection system fails.... Accordingly, the emergency core cooling system charging pump recovery factor will not be credited in the RICT Program whenever an emergency core cooling system charging pump is made unavailable.

PG&E Letter DCL-24-111 Page 5 of 12 Explain how the proposed model adjustment will be handled in the configuration risk management program (CRMP) tool when pumps become inoperable and justify this treatment for the RICT estimates.

PG&E Response:

Whenever an ECCS charging pump is made inoperable, the CRMP tool will also include a model impact that eliminates recovery credit for additional pumps. This model adjustment removes the small non-conservatism present in the model.

c. A 6-hour mission time was assumed for the emergency diesel generators (EDGs) and the fuel oil transfer pumps. The LAR states that this assumption does not have a significant impact on the baseline PRA model. It further states, Whenever the 230 kV offsite power system is unavailable and cannot reasonably be recovered within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the 6-hour mission time is nonconservative.

The LAR therefore proposed the 24-hour mission time will be applied to the EDGs and fuel oil transfer pumps in the RICT Program whenever the offsite power 230 kV system is made unavailable.

Explain how the proposed adjustment will be addressed in the RICT program.

PG&E Response:

If 230-kV offsite power is unavailable during a RICT, the assumption will be that offsite power recovery is not possible and the convolution power recovery model that is normally used will be removed. This change will is automatically made by modifying the diesel generator fail to run basic events to use a 24-hour mission time when the operator selects the 230-kV offsite power system to be taken out of service in the CRMP software tool.

d. Vacuum breakers cannot fail in a manner to impact the Auxiliary Salt Water (ASW) function within the 24-hour mission time. The LAR explains that There are two vacuum relief valves per ASW header. The LAR further states that the RICT Program will assume inoperability of the ASW train if one or more vacuum breakers are nonfunctional.

Explain how this proposed adjustment will be handled in the CRMP tool.

PG&E Response:

One train of ASW will be declared inoperable when one of its two vacuum breakers is unavailable. The CRMP software tool will map the activity code for an ASW vacuum breaker to the applicable ASW train.

e. RICT guidance will require ASW to be declared inoperable when vacuum breaker is unavailable. The LAR states that certain systems and components are always assumed failed in the fire PRA and the seismic PRA models (and that they are

PG&E Letter DCL-24-111 Page 6 of 12 assumed always successful in the baseline PRA model). The LAR concludes that the resulting RICT is conservatively bounded.

Describe how this is modeled and identify the systems treated in this way.

i. Describe the systems affected.

PG&E Response:

Systems and components assumed failed in the Seismic and Fire PRA models include:

500-kV offsite power system

Non-vital power systems

Unit bus crosstie breaker

Opposite unit startup power crosstie

Balance of plant systems including main feedwater, condensate, instrument air, circulating water, service cooling water

ATWS Mitigating System Actuation Circuitry (AMSAC) System

Containment Spray System

Containment Fan Cooler Units

Makeup from the Spent Fuel Pool System ii. Describe what is meant by stating that these systems are assumed always successful in the baseline PRA model. Clarify how this treatment applies to the fire and seismic PRAs.

PG&E Response:

Delta CDF and LERF used to assess the RICT requires a baseline CDF and LERF number to be subtracted from the application CRMP tool CDF and LERF. Baseline CDF and LERF are calculated separately in the Riskman PRA software by crediting and guaranteeing success for those systems guaranteed failed in the CRMP application model. This baseline CDF and LERF is then input in the CRMP software as a single CDF and single LERF value that is the same for all RICT calculations. These success impacts used to calculate baseline CDF and LERF are not included in the CRMP tool model.

iii. Provide further justification to demonstrate that the RICT estimates are conservative.

PG&E Response:

Initiating events (including those from the seismic and fire PRA model) that do not credit systems have these systems guaranteed successful in the single baseline CDF and LERF used to calculate all RICTs. The baseline CDF and LERF is subtracted from the CRMP tool CDF and LERF to calculate the RICT. A baseline CDF and LERF with these systems successful is conservative and results in a larger delta CDF/LERF for all configurations and thus a shorter RICT, because the baseline CDF and LERF has no contribution from the system failing.

f. The LAR describes a model simplification for the auxiliary feedwater (AFW) system

PG&E Letter DCL-24-111 Page 7 of 12 that applies to sequences involving depressurization of multiple steam generators.

The LAR states that Pump runout protection is only modeled for Auxiliary Feedwater Pump 1-2 and is always successful for pump 1-3.

Further justify (1) the effect of this simplification on other sequences (e.g., those involving AFW pumps or main steam isolation valves), (2) the expression of risk (expressed here as a fraction of core damage frequency (CDF), and (3) impact on the RICT estimate.

PG&E Response:

For more than one steam generator to depressurize, multiple main steam isolation valves (MSIVs) must fail concurrently or initiating events that could cause the depressurization of more than one steam generator (i.e., main steam line break down stream of the MSIVs) need to occur. The runout protection failure probability is approximately 1.60E-03, which is dominated by the miscalibration of the pressure transmitter. The main steam line break initiating event frequency is 7.76E-04/yr while the failure probability of two main steam lines failing to close is 2.41E-06. The contribution of runout failing a motor driven AFW pump to run is approximately 1.60E-03

(7.76E-04+2.41E-06) = 1.25E-06. The fail to run probability of an AFW pump in the PRA model is 4.24E-04, which more than 2 orders of magnitude higher than the AFW fail to run probability due to runout protection failure.

For the case where one MSIV is unavailable then only one other MSIV needs to fail to isolate for the motor driven AFW pump runout protection system to be required. Failure probability of one main steam line failing to close is 2.31E-04. The contribution of runout failing a motor driven AFW pump to run with one MSIV unavailable is approximately 1.60E-03 * (7.76E-04+3*2.31E-04) = 2.35E-06. The fail to run probability of an AFW pump in the PRA model is 4.24E-04, which is still 2 orders of magnitude higher than the AFW fail to run due to runout failure for the case where one MSIV is unavailable.

Accordingly, the impact on other sequences, expression of risk and the RICT is not significant. The associated AFW pump will be made unavailable in the RICT model if runout protection is unavailable.

PG&E Letter DCL-24-111 Page 8 of 12 Table E9-1 Disposition of Key Assumptions/Sources of Uncertainty Impacting Configuration Risk Calculations Assumption/Uncertainty Discussion Disposition for the RICT Program Dual unit trips (except for seismic events) are not considered in the single unit model, and crosstie to the other unit's resources may be unavailable.

The effects of dual unit trips and events may not be considered in accident sequences. This approach is nonconservative because the plant equipment credited may be required by the second unit and be unavailable for crosstie.

Shared systems and equipment between the units will be identified in procedures for RICT Program implementation so that consideration of additional risk management actions will be made.

Charging and Safety Injection (SI) pumps are credited for inventory make-up for a medium loss of coolant accident. It is assumed that 2 out of 4 high pressure injection pumps (charging or SI) are required for success; this was conservatively modeled as 1 out of 2 charging pumps and 1 out of 2 SI pumps. To eliminate this modeling conservatism when all support is available and when 2 out of 2 charging pumps are required, a conservative estimate of the charging system failure fraction is to multiply the split fraction value for 1 of 1 pump train unavailability (CH2) by a factor of 2. Thus, the recovery factor (or conservatism reduction factor) for these conditions is 2*CH2.

The impact should be minimal for the baseline PRA model as the conservatism in the scenario of 1 out of 1 pump available is compensated with a factor of 2 when 2 out of 2 pumps are required.

This is a conservative approach and should not have a significant impact on the baseline PRA model. However, whenever a charging pump is unavailable, and the SI system fails this recovery factor becomes nonconservative since the required 2 out of 2 high head injection pump criterion is not met. Accordingly, the emergency core cooling system charging pump recovery factor will not be credited in the RICT Program whenever an emergency core cooling system charging pump is made unavailable.

PG&E Letter DCL-24-111 Page 9 of 12 Table E9-1 Disposition of Key Assumptions/Sources of Uncertainty Impacting Configuration Risk Calculations Assumption/Uncertainty Discussion Disposition for the RICT Program A 6-hour mission time for the emergency diesel generators (EDGs) and fuel oil transfer pumps is assumed sufficient for non-seismic initiators rather than the standard 24-hour mission time.

An EDG mission time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is used for initiating events since the probability of non-recovery of offsite power after 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is sufficiently small. The probabilities of non-recovery values are much larger than the fail to run values of the EDGs and fuel oil transfer pumps for the remaining 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months of the mission time.

The 6-hour mission time of the EDGs does not have a significant impact on the baseline PRA model. However, whenever the 230 kV offsite power system is unavailable and cannot reasonably be recovered within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the 6-hour mission time for the EDGs is nonconservative. Accordingly, the 24-hour mission time will be applied to the EDGs and fuel oil transfer pumps in the RICT Program whenever the offsite power 230 kV system is made unavailable.

Containment penetrations that would require the failure of three or more valves are screened from the containment isolation analysis.

Lines that require the failure of three or more valves to cause the failure of containment isolation have a negligible contribution to the containment isolation failure frequency.

Screening these penetrations from the baseline model is conservative for RICT calculations.

The Configuration Risk Management Program model used for the RICT Program will include the capability to evaluate these screened penetrations using a bounding surrogate model that assumes the containment boundary is failed, even when redundant isolation valves are available.

Vacuum breakers cannot fail in a manner to impact the Auxiliary Salt Water (ASW) function within the 24-hour mission time.

The magnitude of the uncertainty attributable to this nonconservative assumption is not known. Although the magnitude of the non-conservatism is expected to be small, it has not been quantitatively demonstrated.

There are two vacuum relief valves per ASW header. They are mechanical components with a relatively high reliability, thus the random failure of an ASW header due to failing both vacuum relief valves should not be significant.

The RICT Program will assume inoperability of the ASW train if one or more vacuum breakers are nonfunctional.

PG&E Letter DCL-24-111 Page 10 of 12 Table E9-1 Disposition of Key Assumptions/Sources of Uncertainty Impacting Configuration Risk Calculations Assumption/Uncertainty Discussion Disposition for the RICT Program SI minimum flow valves are not modeled.

Failure of the minimum flow valves could result in flow diversion and impact the success criteria non-conservatively.

SI Recirculation Valves 8974A and 8974B are in series, thus both valves must be impacted, which has a low probability. The operator action to close these valves is also evaluated in the human reliability analysis for switchover to cold leg recirculation. Accordingly, no significant impact is expected to the RICT Program.

Designation of systems/components as always failed in the fire PRA model and seismic PRA model.

Assuming certain systems and components are always failed for all fires or seismic events is conservative.

This conservative assumption is acceptable for the RICT Program. Those systems that are within the RICT Program and assumed failed are assumed always successful in the baseline PRA model used to calculate the RICT, so the resulting RICT is conservatively bounded.

Pump runout protection is only modeled for Auxiliary Feedwater Pump 1-2 and is always successful for pump 1-3 This is a model simplification and applies to sequences involving multiple steam generator depressurization.

In order for more than one steam generator to depressurize in a steam line break event, multiple main steam isolation valves (MSIV) must fail concurrently. Given the low failure probability of the MSIV function and low risk contribution of a steam line break event (approximately 5E-09 CDF), the resulting risk contribution is expected to be less than 1E-10 CDF. Accordingly, no significant impact is expected to the RICT Program.

PG&E Letter DCL-24-111 Page 11 of 12 Table E9-1 Disposition of Key Assumptions/Sources of Uncertainty Impacting Configuration Risk Calculations Assumption/Uncertainty Discussion Disposition for the RICT Program The recirculation valves to the refueling water storage tank (RWST) are not modeled.

The recirculation valves are interlocked to prevent pump discharge to the RWST during the recirculation phase. If these valves failed, long-term cooling during recirculation could be lost.

Two valves must both fail to close; the combined failure probability would be approximately 5-7 which is insignificant.

Accordingly, no significant impact is expected to the RICT Program.

PG&E Letter DCL-24-111 Page 12 of 12 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995) May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2, March 2009. (ADAMS Accession No. ML090410014).

4. ASME/ANS RA-Sa-2009, Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, Addendum A to RA-S-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.

5. NUREG-1855, Volume 1, Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making. (ADAMS Accession No. ML090970525).

6. EPRI TR-1016737, Treatment of Parameter and Model Uncertainty for Probabilistic Risk Assessments, December 2008.

7.

PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

PG&E Letter DCL-24-111 0 Page 1 of 4 0

Program Implementation

PG&E Letter DCL-24-111 0 Page 2 of 4 Introduction Section 4.0, Item 11 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide a description of the implementing programs and procedures regarding the plant staff responsibilities for the RMTS implementation, and specifically discuss the decision process for risk management action (RMA) implementation during a Risk-Informed Completion Time (RICT).

This enclosure provides a description of the implementing programs and procedures regarding the plant staff responsibilities for the RICT Program, including training of the personnel required for implementation of the RICT Program.

Several procedures and processes are detailed in other enclosures that are not repeated in this enclosure: addressing probabilistic risk assessment (PRA) model update (Enclosure 8), Cumulative Risk Assessment and Monitoring Program (Enclosure 11), and RMAs (Enclosure 12). This enclosure provides a description of the implementing programs and procedures regarding the plant staff responsibilities for the RICT Program, including training of plant personnel.

RICT Program Procedures Pacific Gas and Electric Company (PG&E) has developed a program description and implementing procedures for the RICT Program. The program description established the management responsibilities and general requirements for risk management, training, implementation, and monitoring of the RICT Program. More detailed procedures provide specific responsibilities, limitations, and instructions for implementing the RICT Program. The program description and implementing procedures incorporate the programmatic requirements for the RMTS included in NEI 06-09-A.

Operations, specifically the control room staff, are responsible for compliance with Technical Specification (TS) requirements, and are responsible for implementation of a RICT and any RMAs determined to be appropriate for the plant configuration. Any use of a RICT and associated RMAs requires management approval prior to entering an extended completion time (CT) for pre-planned activities, and as soon as practicable for an emergent extended CT.

Procedures for the RICT Program address the following:

important definitions related to the RICT Program departmental and position roles and responsibilities for activities in the RICT Program plant management approval for use of a RICT

PG&E Letter DCL-24-111 0 Page 3 of 4 plant conditions for which the use of the RICT Program for both planned and emergent conditions is authorized limitations on implementing a RICT for both planned and emergent conditions implementation of the RICT Program 30-day back stop limit guidance on plant configuration changes; i.e., recalculating the RICT and risk management action time (RMAT) within the RICT Program time limits requirements to identify and implement RMAs when the RMAT is exceeded or is anticipated to be exceeded guidance on the use of RMAs, including the conditions under which they may be credited in RICT calculations conditions for exiting a RICT documentation requirements RICT Program Training The scope of the training for the RICT Program includes rules for the new TS program, Configuration Risk Management Program (CRMP) software, TS Actions included in the program, and procedures. This training was conducted for the following Diablo Canyon staff positions:

Operations Manager Operations Planning Managers Operations Personnel (Licensed and Non-Licensed)

Work Control Manager Work Control Personnel Work Week Managers Operations Training Nuclear Licensing Personnel Selected Maintenance Personnel Site Engineering PRA Engineers Other Selected Management Training was carried out in accordance with established Diablo Canyon training procedures and processes. These procedures were written based on the Institute of Nuclear Power Operations accreditation requirements, as developed and maintained by the National Academy for Nuclear Training. PG&E has provided three levels of training for implementation of the RICT Program. They are described below.

PG&E Letter DCL-24-111 0 Page 4 of 4 Level 1 Training This is the most detailed training. It is intended for the individuals who will be directly involved in the implementation of the RICT Program. This level of training includes the following attributes:

specific training on the revised TS structure and use record-keeping requirements case studies hands-on time with the CRMP tool for calculating a RMAT and RICT identifying appropriate RMAs common cause failure RMA considerations in emergent RICTs other detailed aspects of the RICT Program Level 2 Training This training is applicable for supervisors, managers, and other personnel who need a broad understanding of the RICT Program. It is significantly more detailed than Level 3 Training (described below), but it is different from Level 1 Training in that hands-on time with the CRMP tool and case studies are not included. The concepts of the RICT Program will be taught; however, this group of personnel will not be qualified to perform the tasks for actual implementation of the RICT Program.

Level 3 Training This training is intended for the remaining personnel who require an awareness of the RICT Program. These employees need basic knowledge of RICT Program requirements and procedures. This training will cover the RICT Program concepts that are important to disseminate throughout the organization.

References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

PG&E Letter DCL-24-111 1 Page 1 of 4 1

Monitoring Program

PG&E Letter DCL-24-111 1 Page 2 of 4 Section 4.0, Item 12 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide a description of the implementation and monitoring program as described in Regulatory Guide (RG) 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1, (Reference 3) and NEI 06-09-A. (Note that RG 1.174, Revision 3 [Reference 4], issued by the NRC in January 2018, did not substantively change the requirements for the implementation and monitoring program.)

This enclosure provides a description of the process applied to monitor the calculation of the cumulative risk impact of implementation of the Risk-Informed Completion Time (RICT) Program, specifically the calculation of cumulative risk of extended Completion Times (CTs). Calculation of the cumulative risk for the RICT Program is discussed in Step 14 of Section 2.3.1 and Step 7.1 of Section 2.3.2 of NEI 06-09-A. General requirements for a Performance Monitoring Program for risk-informed applications are discussed in RG 1.174, Element 3.

The calculation of cumulative risk impact is required by the RICT Program at least every refueling cycle, not to exceed 24 months, consistent with the guidance in NEI 06-09-A.

For the assessment period evaluated, plant data is collected to establish the risk increase associated with each application of an extended CT for both core damage frequency (CDF) and large early release frequency (LERF), and the total risk calculated by summing all risk associated with each RICT application. This is the change in CDF or LERF above the zero maintenance baseline levels during the time of operation in the extended CT (i.e., beyond the front-stop CT). The change in risk is converted to average annual values.

The total average annual change in risk for extended CTs is compared to the acceptance guidelines of RG 1.174, Figures 4 and 5, for CDF and LERF changes, respectively. If the actual annual risk increase is acceptable (i.e., not in Region I of the figures), then the RICT Program implementation is acceptable for the assessment period. Otherwise, further assessment of the cause of exceeding the RG 1.174 guidance and implementation of any necessary corrective actions to ensure future plant operation is within the guidance is conducted under the site Corrective Action Program.

The evaluation will identify areas for consideration, including as examples:

RICT applications which dominated the risk increase

risk contributions from planned versus emergent RICT applications

risk management actions (RMAs) implemented but not credited in the risk calculations

risk impact from applying a RICT to avoid multiple shorter outages

PG&E Letter DCL-24-111 1 Page 3 of 4 Based on the evaluation, any necessary corrective actions are developed and approved by the Operations Manager. These may include:

administrative restrictions on the use of RICTs for specific high-risk configurations

additional RMAs for specific high-risk configurations

rescheduling planned maintenance activities

deferring planned maintenance to shutdown conditions

use of temporary equipment to replace out-of-service systems, structures or components (SSCs)

plant modifications to reduce the risk impact of expected future maintenance configurations In addition to the cumulative impact of the RICT Program implementation, the unavailability of SSCs is also potentially impacted. The existing Maintenance Rule (MR)

Monitoring Programs under 10 CFR 50.65(a)(1) and (a)(2) provide for the evaluation and disposition of the unavailability impacts that may be incurred by implementation of the RICT Program. The SSCs in the scope of the RICT Program are also in the scope of the MR, which allows the use of the MR Program.

The monitoring program for the MR, along with the specific assessment of cumulative risk impact described above, serves as the Implementation and Monitoring Program, defined as Element 3 of RG 1.174 and NEI 06-09-A for the RICT Program.

PG&E Letter DCL-24-111 1 Page 4 of 4 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995), May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1, November 2002. (ADAMS Accession No. ML023240437).

4. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3, January 2018. (ADAMS Accession No. ML17317A256).

PG&E Letter DCL-24-111 2 Page 1 of 5 2

Risk Management Action (RMA) Examples

PG&E Letter DCL-24-111 2 Page 2 of 5 Introduction Section 4.0, Item 13 of the Nuclear Regulatory Commissions (NRCs) Final Safety Evaluation (Reference 1) for NEI 06-09-A, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines (Reference 2), requires that the license amendment request provide a description of the process to identify and provide compensatory measures and risk management actions (RMAs) during extended Completion Times (CTs), including specific examples.

This enclosure describes the process for identification of RMAs applicable during extended CTs and provides examples of RMAs. RMAs will be governed by plant procedures for planning and scheduling maintenance activities. This procedure will provide guidance for the determination and implementation of RMAs when entering the Risk-Informed Completion Time (RICT) Program and is consistent with the guidance provided in NEI 06-09-A.

Responsibilities Work Control is responsible for developing the RMAs with assistance from Operations.

Operations is responsible for the approval and implementation of approved RMAs. For emergent entry into extended CTs, Operations is also responsible for developing RMAs.

Procedural Guidance For planned maintenance activities, implementation of RMAs will be required if it is anticipated that the risk management action time (RMAT) will be exceeded. The RMAs are implemented prior to exceeding the RMAT.

For emergent activities, RMAs must be implemented if the RMAT is reached. If the extent of condition evaluation is not complete or does not demonstrate redundant components are not impacted, then RMAs related to the success of redundant structures, systems, and components (SSCs), and to reducing the likelihood of initiating events relying on the affected function will be considered to address the possible increased likelihood of a common cause event. If an emergent event occurs requiring recalculation of a RMAT that is already in effect, the procedure requires a re-evaluation of the existing RMAs for the new plant configuration to determine whether new RMAs are appropriate. These requirements of the RICT Program are consistent with the guidance of NEI 06-09-A.

RMAs are put in place no later than the point at which an incremental core damage probability of 1x10-6 is reached, or no later than the point at which an incremental large early release probability of 1x10-7 is reached. If as the result of an emergent event the instantaneous core damage frequency (CDF) or the instantaneous large early release frequency (LERF) exceeds 1x10-3 or 1x10-4 per year, respectively, then RMAs are also required to be implemented. These requirements are consistent with the guidelines of NEI 06-09-A.

PG&E Letter DCL-24-111 2 Page 3 of 5 By determining which SSCs are most important from a CDF and/or LERF perspective for a specific plant configuration, RMAs may be developed to protect these SSCs.

Similarly, knowledge of the initiating event or sequence contribution to the configuration-specific CDF and/or LERF allows development of RMAs that enhance the capability to mitigate such events.

It is possible to credit RMAs in the RICT calculations. However, such quantification of RMAs is not required by NEI 06-09-A, Revision 0. Crediting RMAs in the RICT calculations is only done consistent with the guidance of NEI 06-09-A.

NEI 06-09-A classifies RMAs into three categories, as described below:

1) Actions to increase awareness and control.

Shift brief

Pre-job brief

Training (formal or informal)

Presence of a system engineer or other expertise related to maintenance activity

Special purpose procedure to identify risk sources and contingency plans

2) Actions to reduce the duration of maintenance activities.

Pre-staging materials

Conducting training on mock-ups

Performing the activity around the clock

Performing walk-downs on the actual system(s) to be worked on prior to beginning the work

3) Actions to minimize the magnitude of the risk increase.

Suspend/minimize activities on redundant systems

Suspend/minimize activities on other systems that adversely affect the CDF and/or LERF

Suspend/minimize activities on systems that may cause a trip or transient to minimize the likelihood of an initiating event that the out-of-service component is credited to mitigate

Use temporary equipment for backup power

Use temporary equipment for backup ventilation

Reschedule other maintenance activities

PG&E Letter DCL-24-111 2 Page 4 of 5 Specific Examples Example RMAs that may be considered during a RICT Program entry for a diesel generator (DG) or a battery to reduce the risk impact and ensure adequate defense-in-depth include:

A. Diesel Generator:

(1) The condition of the offsite power supply, switchyard, and the grid is evaluated prior to entering a RICT, and RMAs as identified below are implemented, particularly during times of high grid stress conditions, such as during high demand conditions.

(2) Deferral of switchyard maintenance, such as deferral of discretionary maintenance on the main, auxiliary, or startup transformers associated with the unit.

(3) Deferral of maintenance that affects the reliability of the supported equipment associated with the OPERABLE DGs.

(4) Deferral of planned maintenance activities on station blackout mitigating systems, and treating those systems as protected equipment.

(5) Contacting the dispatcher on a periodic basis to provide information on the DG status and the power needs of the facility.

B. Battery:

(1) Limit the immediate discharge of the affected battery, if possible.

(2) Recharge the affected battery to float voltage conditions using a spare battery charger, if possible.

(3) Evaluate the remaining battery capacity and protect its ability to perform its safety function.

(4) Periodically verify that the battery float voltage is equal to or greater than the minimum required float voltage for the remaining OPERABLE batteries.

From Reference 3, PG&E response to Audit Question APLA05 (Risk management actions)

The RMATs will be calculated using the risk thresholds identified in NEI 06-09-A Table 3-1 for both an ICDP 1E-6 and ILERP 1E-7. As noted on Table 3-1, configurations with CDF 1E-3/year or LERF 1E-4/year would not be voluntarily entered, and if incurred on an emergent basis, would require risk management actions to be implemented.

PG&E Letter DCL-24-111 2 Page 5 of 5 References

1. Letter from Jennifer M. Golder (USNRC - NRR) to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4B, Risk-Managed Technical Specifications (RMTS) Guidelines, (TAC No. MD4995) May 17, 2007. (ADAMS Accession No. ML071200238).

2. NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, Industry Guidance Document, Revision 0, November 2006. (ADAMS Accession No. ML12286A322).

3. PG&E Letter DCL-24-004, Supplement to License Amendment Request 23-01 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times -

RITSTF Initiative 4b, January 15, 2024. (ADAMS Accession No. ML24016A299).

v t e Letter Sequence Request
EPID:L-2024-LLA-0177, TSTF-505 (Open)
Initiation Request Acceptance Supplement Administration Questions Answers Results Approval... Other: ML25097A342
MONTHYEAR2025-11-26 [Table View]

DCL-24-111, License Amendment Request 24-05 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times – RITSTF Initiative 4b for TS 3.3.1 and 3.3.2

Text

Dear Commissioners and Staff:

Subject:

SUMMARY

SUMMARY

Navigation menu

DCL-24-111, License Amendment Request 24-05 Revision to Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times – RITSTF Initiative 4b for TS 3.3.1 and 3.3.2

Text

Dear Commissioners and Staff:

Subject:

SUMMARY

SUMMARY

Navigation menu

Search