NL-03-2037, Response to IR 05000321-03-006, 05000366-03-006, with Notes

From kanterella
Jump to navigation Jump to search
Response to IR 05000321-03-006, 05000366-03-006, with Notes
ML050540270
Person / Time
Site: Hatch  Southern Nuclear icon.png
Issue date: 10/01/2003
From: Sumner H
Southern Nuclear Operating Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
FOIA/PA-2004-0277, IR-03-006, NL-03-2037
Download: ML050540270 (8)
v  d  e


Text

H.L Sumner, Jr. Southern Nuclear (3)

Vice President Operating Company, Inc.

Hatch Project Post Office Box 1295 Birmingham. Alabama 35201 Tel 205.992.7279 October 1, 2003 SOUTHERNA COMPANY Energy to Serve YourWorldw Docket Nos.: 50-321 NL-03-2037 50-366 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555-0001 Edwin I. Hatch Nuclear Plant Response to Inspection Report 50-321/50-366 2003006 Ladies and Gentlemen:

As provided by 10 CFR 2.201, Southern Nuclear Operating Company (SNC) is submitting the enclosed response to the Non-cited Violations (NCVs) and Unresolved Items (URIs) in Inspection Report 05000321/2003006 and 0500036612003006 dated September 1, 2003. The enclosure provides additional information regarding issues described in the URIs and each NCV. Inparticular, the design modification that is the subject of the URIs was implemented in 1993 and provided an operating enhancement to the Safety Reliefalv ieaddition of circuits that are not required for the safety function of the valves. In addition, because the circuits associated with the design modification are not required for a post-fire safe shutdown, the manual operator actions discussed in UR Q60 motxeatedto-Appendi.StnIG. MoreoversmtFi room manual actions associated with those circuits can be performed in an adequate and timely manner.

SNC respectfully requests NRC to consider the enclosed additional information in the resolution of the issues contained in the NCVs and URIs. Please contact this office if a meeting to further discuss these matters would be useful.

This letter contains no commitments. If you have any questions, please advise.

Sincerely, H. L. Sumner, Jr.

HLS/RDB/sdl

Enclosure:

Responses to Inspection Findings

U. S. Nuclear Regulatory Commission NL-03-2037 Page 2 cc: Southern Nuclear Operating Company Mr. J. D. Woodard, Executive Vice President Mr. G. R. Frederick, General Manager - Plant Hatch Document Services RTYPE: CHA02.004 U. S. Nuclear Regulatory Commission Mr. L. A. Reyes, Regional Administrator Director, Office of Enforcement Mr. S. D. Bloom, NRR Project Manager - Hatch Mr. D. S. Simpkins, Senior Resident Inspector - Hatch

'V

Enclosure Responses to Inspection Findings NRC Unresolved Items:

URI 50-366/03-06 Concerns Associated with Potential Opening of SRVs The team identified a potential concern in that the licensee used manual actions to isolate two 4 to 20 ma instrumentation loop circuits associated with eleven SRVs in lieu of providing physical protection. This did not appear to be consistent with the plant's licensing basis nor 10 CFR 50, Appendix R.

URI 50-366/03-06 Untimely and Unapproved Manual Operator Action for Post-fire SSD The team found that a local manual operator action to prevent spurious opening of all eleven safety relief valves (SRVs) would not be performed in sufficient time to be effective. Licensee reliance on this manual action for hot shutdown during a fire, instead of physically protecting cables from fire damage, had not been approved by the NRC. 10 CFR 50, Appendix R, Section IH.G.2, requires that where cables or equipment, including associated non-safety circuits that could prevent operation or cause mal-operation due to hot shorts, open circuits, or shorts to ground, of redundant trains of systems necessary to achieve and maintain hot shutdown conditions are located within the same fire area outside the primary containment, a means of physical protection against fire damage must be provided.

URI 50-366/-3-06 Inspector Concerns Associated with Implementation of DCR 91-134 10 CFR 50, Appendix B, Criterion III requires that design control measures shall provide for verifying or checking the adequacy of design. An inadequate plant modification, DCR 91-134, failed to implement the design input requirements of "one-out-of-two taken twice" logic for the SRV's backup actuation using PT signals.

SNC Response:

The three URIs are associated with a design modification, DCR 91-134, which was implemented at Plant Hatch in 1993 for both Units 1 and 2. The design modification implemented a safety enhancement to the plant by providing an independent means, redundant to the mechanical actuators, of preventing overpressurization of the Nuclear Steam Supply System. The design mitigates the effects of corrosion-induced setpoint drift on the Target Rock two stage SRVs. The DCR implemented the design input requirements using a design process that included verifying and checking the design for accuracy. The design process fully met the requirements of 10 CFR 50, Appendix B, Criterion III.

E-1

Enclosure Responses to Inspection Findings URI 50-366/03-06-06 states that "the installed plant modification failed to implement the

'one-out-of-two taken twice' logic that was specified as a design input requirement in the design package." The inspection report describes, in detail, NRC's evaluation of the design with an assessment that the design, as implemented, represented a "two-out-of-two taken twice" logic in addition to a "one-out-of-two taken twice logic." SNC has historically described the logic implemented by DCR 91-134 as "one-outof twn tike, twice" because of generic precedent. In NEDO-10139 "Compliance of Protection Systems to Industry -nrteria: General Electric BWR Nuclear Steam Supply System,"

i dated June 1970, "one-out-of-two taken twice" is the terminology used for the configuration described and implemented in DCR 91-134. As a result of its use in the NEDO, this terminology has commonly been used in the BWR industry, including at Plant Hatch.

The URI states that "one-out-of-two taken twice" logic was a design input requirement for the DCR. However, the design input requirements for this DCR are specified in a Design InputI loc to actuate the SRVs on high pressure. No description of "required logic" was stated. 'tbcNarratie I 5 sgnm nmary and the Design Verification Summary for this DCR described the design that was produced using the DIR. In those descriptions, the phrase "one-out-of-two taken twice" was used to describe the logic incorporated into the design change package. In addition, the safety evaluation for the DCR, required at that time by 10 CFR 50.59, evaluated the design to assure its adequacy. The terminology used in the safety evaluation to describe the logic being installed by the DCR was based on the terminology conventions commonly used by Plant Hatch, and was based on the GE Topical Report described above.

The logic was designed to provide a high degree of assurance that the SRVs would open on high pressure, and the logic, as installed, meets all the requirements of the DIR, including_

single failure criteria. The general design criteria and industry practice for this type of design application has been that only one failure is assumed in the design criteria. It was 1,r not a design requirement for this DCR to installigic that would not be affected by multiple cable failures. Tuws PCR 91-134 imPlemente the iodi d nnca.ion Ullu__

consistent with its des~ ifiput requiremnents. In addition, the DCR was generated using a controlfedEii-gnpsro wta inc lugdedvEifyng and checking the design for accuracy.

The design process used fully met the requirements of 10 CFR 50, Appendix B, Criterion 111.

As noted above, an objective of the design logic implemented was to provide a high degree of reliability and single-failure resistance. eign as implemented utilizes two Division I and two Division 11 instrumentation loops. This approach assures that a single n-ous signal wif-tot caus~e a-n "inadvrtentR MctuatioM ann n osngefiue inl failure, ie total lo;ssfaAiuisilAp.i ent.actuation of the SR'(.The failure scenario postulated by the inspection team included simultnos separate failures of conductor insulation on two instrument cables, each containing a single twisted pair of conductors with shields and drain wires, to produce leakage currents in the range necessary to simulate high pressure signals and open the SRVs. Not only would these two spurious signals be required concurrently, the leakage or shorts must occur without the conductors shorting to the cable shield or drain conductor.

E-2

Enclosure Responses to Inspection Findings Thus, the design modification did not introduce a potential common cause failure, as considered in the context of the Plant Hatch design and licensing bases.

This question of whether the design modification should have considered a single cable failure at a time or multiple simultaneous cable failures underlies the issues stated in all three URIs. General Design Criterion (GDC) 21 for protection system reliability and testability requires the system to be designed with mbfficient redundancy and independence to assure that no sin.le failure results in the loss of the ctionction.

This criterion, along with other general design criteria, establishes single failure protection as one of the fundamental design bases for nuclear power. SNC examined the licensing basis documents for Plant Hatch to determine whether an explicit requirement existed to consider multiple failures. No explicit reequirement to consider more than one failure was found in the portions of the l relevant to the safety reIief valveis (SRV s. Rt fundamentally ~repres~ent the Plant Hathicsigadeinbssinhsrgr.

Of course, within'the context of fire protection, the requirements of 10 CFR 50.48 and Appendix R were also evaluated for a requirement to consider more than one failure.

This question has been, and continues to be, the subject of industry discussions with NRC. Our understanding of NRC's guidance on this subject is that more than one spuus actuation-must be co-nsired in a fire area for highlow pressure interface valve pairs only.

From the inspection report, it appears that NRC considers the subject circuits to be "required circuits." SNC considers the circuits to be "associated circuits." NRC Inspection Procedure 71111.05 states that "associated circuits are defined in the "Associated Circuits of Concern" section of the Generic Letter 81-12 Clarification Letter.

Mattson to Eisenhut of March 22, 1982 "Fire Protection Rule - Appendix R." This letter states, in part, "Associated Circuits of Concern are defined as those cables (safety related, non-safety related Class IE, and non-Class IE) that:

1. Have a physical separation less than that required by Section Ill.G.2 of Appendix R, and
2. Have one of the following:

a.

b. a connection to circuits of equipment whose spurious operation would adversely affect the shutdown capability (e.g., RHR/RCS isolation valves, ADS valves, PORVs, steam generator atmospheric dump valves, instrumentation, steam bypass, etc.),

or

c. 9, The URIs associated with the DCR involve two instrumentation circuits and associated relayogic that could spuriously actuate and open the SRVs. As stated previously, these two instrumentation circuits are not required for the safety function of the SRVs. Further clarification of the term 'Associated Circuit' was provided in a "Holahan to Hannon" E-3

Enclosure Responses to Inspection Findings NRC Memorandum dated November 29, 2000 on the rationale for temporarily halting )

certain associated circuit inspections. This memorandum states "Associated circuits are /

distinct from the circuits directly recquired for operation of post-fire safe shutdown trains of equipment. Associated circuits are not required for post-fire safe shutdown, but could 7 interfere with post-fire safe shutdown if damaged by fire." This letter goes on to refer to the same GL 81-12 clarification letter referenced in IP 71111.05 that provided the definition of "associated circuits." The circuits associated with DCR 91-134 clearly fit the definition of "associated circuits" provided by the Holahan memo.

SNC notes that IP 71111.05 also states, "the scope of this procedure has been temporarily reduced while criteria for review of fire-induced circuit failures of associated circuits is the subject of a voluntary industry initiative. Temporarily, the inspector is not required to address associated circuits issues as a direct line of inquiry nor develop associated circuit inspection findings."

Therefore, based on NRC guidance at this time, SNC believes the concerns expressed in theinspectionreportbyURIs 50-366/03-06-01, -02, and-06 relate to scenarios that are beyond the design and licensing basis of the plant. In addition, since the circuits in question are associated circuits, they fall within the guidance provided in the IP and the above references.

Finally, even if the beyond design and licensing basis scenario described in the inspection report is postulated (that is, the simultaneous conductor-to-conductor shorting of both instrument cables, resulting in the spurious actuation of the SRVs), the risk worth associated with this scenario has been evaluated to be low.

URI 50-366/03-06-02 related to a local manual operator action. This operator action was placed in a fire procedure as a conservative measure to prevent the actuation of the SRVs C 6oca Ci(" ,A in the extremely unlikely event a fire in the Unit 2 East Cableway were to result in simultaneous cable shorts or spurious current leakage that might simulate high pressure a 4a I;~

signals. Because the conditions under which the procedure steps might be performed are et /

beyond the design ind licensingbasis of the plant, the action is not included in the oduttrdJoxsaqirfeyL.equi 1OQ%J250 peri R h III.G.2.

19*

Rather, the steps represent a proactive effort to comprehensively provide the plant operators with additional actions that could be taken. In section IR05.04/.05.b.I of the_

report, it is stated that NRC fire models indicated that fires could potentiay ca __

damage to cables in as short a period as five to ten minutes. However, the Unit 2 East Cableway is marked to restrict transient combustibles from being brought in the area unless accompanied by a continuous fire watch, and the cable trays in which the instrument cables are contained have solid covers that provide a minimum of 30-minute protection from fire damage. The cables are in trays that contain only instrument cables that do not have the energy to initiate a fire within the tray. The cables are located a minimum of nine feet from the floor, and no credible initiation sources are located in the East cableway. In addition, no credit was afforded for the suppression system or the smoke detection system to provide early notification of potential fire conditions in the area. During the inspection, NRC personnel estimated that the subject procedure steps might not occur for 30 minutes, and that sufficient time would not be available before a spurious actuation to perform the manual actions. However, based on the multiple factors E-4

Encloue, ~-

-' - ' LResponses to Inspection Findings Z. , , ..... .. .

>;9 d r above >.- ',-there soule sufficienttiA. or'^.jte SN pantoperas eusstret to take themaulf. >g>  ; A .- ,~,i-^ u cn ied t'otp--prevent the s fpuriqous roe h

.4 Based c 'the infoimaiion v sontothe the URain s discussedinthssection,- , 4 SN.r-t eispectionterndu.l gose al t ion d

-r fo- A; NCV 50-366103063 -I i adequte Procedure_fordcaflMafinualOperator Action e X- .'-t'.*-- .'.heteahIiitifiedatn'slon'-ted violation of 10foCFR Appendix Ro Section IF G I and

,'>-i>:~ 'orhusal *;', h~e~n T d' 'nt old n > - -~.

  • -,,,f,,shutdown equip ws t o lclSA also hysiall nsfeThe licenseel hads,,:?

,e;ie on this raction instead onprovidingphsal rotion of cables from fir damage or preplanttoing dAshetownrpi .' rfo is t es-on,:

SCis committedt high v~

z,

~Personnel safety is -apriniaiyf.

  • -t- >7.-' ';----. ortost-woulre isD, a~ztionspje~rformed K c~-bnsiideration-ineal hequipmssent cocldeby planitpjersofnne th'v a -Puringth aeyb spcinSN nal pnd. 4i>>,;,^r.->, .

ntdthat the subject actiobn has beenperorid reIoul and is not requiredfor teo

-,.shutdown of the reactor:,M6 Th'auac~tioni'sii~n7ot ~r-pedio be~romduntil about foir lours'afer the event:. -Ted m tisasdothe kold~and experience

>. fteindividuls assingieoeao n~ua~in sarsl of dis .sIoswt spect.on tearmduring te inspectin ndwtNCmanagement subseqluent to th ir~ 6 St4C peirformed an addinionl asi siesisent of the safety andi -feasibility of the ihi

-'sbject local man~n operatoraction.- le assessmentm wap ormed by 1~x licensed per'so'fnnl 'with'suiffic nt plant kniowleg and experience to provide 'an ~U..,-

QqM~thriatveeaquaion i Bsased h in~SChsrefimdta h oa In

  • - A ...-. manal &rato acton i capble of beina Per-formed safely within the time constraint

--. .... 1

-!'-~~,:~-~-'-f,-~.;,-~,.thatt would exist.The assessment concluded the valve cansafely benmanually opened,7~3..

wthout addItoa laders, ~p atforms, orscfodn.Tebntofhe21F08'ae

-- ,.Q... i C; ,. Al., . ,

A pcivde reatvely secure footing and aljowian Obpertor to achieve adequate physical

~proxirmi to manipulate the 2EIlFOlSA valve handhe.Ah Q adweelha been Manipulated during Refueling Outages for valve flushing foiLLRT testing:~Anoher t

- .factor relevanftIo -theconclusiion that themn'i~alatoicin be safely perfoimied is-the,-:

- .recognitioinha soxme a mou nt of t ime"is "allo6we.dlto r~iilt e tiiis v aIv~e po St-fir fu

  • e~- hours), sothris a'iidditional tiimeto~ sta giehan~ed access or additidnal personniel to -" . .
,.openthe valveis des're ~ - Z' Z'v-I..

A'J..$

-, -;' . ~. A..: t~v  ;.s,<...tI. 'A*S C . V - .. A A A ~ j.

J '

' Enclosure Responses to Inspection Findings Based on information provided during the inspection, and based on the results of the additional assessment conducted subsequent to the inspection, SNC requests that this NCV be withdrawn.

NCV 50-366103-06 Unapproved Manual Operator Actions for Post-fire SSD

.iI C The team identified a non-cited violation of 10 CFR 50, Appendix R, Section III.G.2 in that the licensee relied on some manual operator actions to operate safe shutdown ip .

equipment, instead of providing the required physical protection of cables from fire Al.

damage without NRC approval. f3e1, sdw-SNC Response:

This issue was not initially characterized as a violation at the exit meeting conducted on July 25, 2003, but was subsequently identified as a NCV during the re-exit held on September 2, 2003.

Two sets of steps in a fire procedure were cited as examples in the inspection report. One step is associated with an operator manual action to reenergize certain battery chargers afte-ranasined loss of offsite power event in coniunction pith a fire event. This combination of events is only required by Appendix R for 'altemative' or 'dedicated'

,{ 'A-c-J shutdown. For Plant Hatch, this represents a Control Room, Computer Room, or Cable

Se ., -Spreading Room fire (Fire Area 0024). In an October 31, 1986 response to a Request for Additional Information regarding an Appendix R Exemption Request on control room

)_> emergency lighting, the manual action of reenergizing the battery chargers was described.

7 'M.TheJanuary 2, 1987,NRC SER granting the Appendix R lighting exemption also took note of the battery chargers. The manual action is in recognition of the desirability of restoring the battery chargers following any loss of offsite power. Even with no fire-tf - I.Kinduced f - cable damage, the procedure step would be used Thus, the step is not in the

,procedure for compliance with Appendix R, Section .G.2. Rather, the inclusion of a step in the tire procedure to manually reenergize the subject battery chargers provides the

". operators with additional actions that could be performed should such an unlikely event C '" occur.I wfi The other steps referenced in the inspection report relate to manual actions to prevent l'1.gr~a>PV overfill if HPCI fails to automatically trip on high level. These manual actions were not added to the fire procedure due to a lack of'separation of redundant trains of cables'.

Rather, the safe shutdown function of the RCIC system is 'redundant' to the safe shutdown function of the HPCI system. Circuits 'required' for the operation of RCIC and HPCI are separated as required by Appendix R Section III.G.2. RCIC is used for a path I shutdown and HPCI is used for a path 2 shutdown.

Thus, neither of the manual actions described in this NCV represent a manual action associated with Appendix R Section IllI.G.2. Based on this information, SNC requests that this NCV be withdrawn. C E-6

Retrieved from "https://kanterella.com/w/index.php?title=NL-03-2037,_Response_to_IR_05000321-03-006,_05000366-03-006,_with_Notes&oldid=2676390"