text

GL80030

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555

April 10, 1980

ALL POWER REACTOR LICENSEES

Gentlemen:

It has recently come to our attention that there may be some misunderstanding regarding the use of the term OPERABLE as it applies to the single failure criterion for safety systems in power reactors. The purpose of this letter is to clarify the meaning of this term and to request licensees to take specific actions to assure that it is appropriately applied at their-facilities. IE Information Notice No. 79-35, "Control of Maintenance and Essential Equipment" also contained information on this subject.

The NRC's Standard Technical Specifications (STS) were formulated to preserve the single failure criterion for systems that are relied upon in the safety analysis report. By and large, the single failure criterion is preserved by specifying Limiting Conditions for Operation (LCOs) that require all redundant components of safety related systems to be OPERABLE. When the required redundancy is not maintained, either due to equipment failure or maintenance outage, action is required, within a specified time, to change the operating mode of the plant to place it in a safe condition. The specified time to take action, usually called the equipment out-of-service time, is a temporary relaxation of the single failure criterion, which, consistent with overall system reliability considerations, provides a limited time to fix equipment or otherwise make it OPERABLE. If equipment can be returned to OPERABLE status within the specified time, plant shutdown is not required.

LCOs are specified for each safety related system in the plant, and with few exceptions, the ACTION statements address single outages of components, trains or subsystems. For any particular system, the LCO does not address multiple outages of redundant components, nor does it address the effects of outages of any support systems - such as electrical power or cooling water -

that are relied upon to maintain the OPERABILITY of the particular system. This is because of the large number of combinations of these types of outages that are possible. Instead, the STS employ general specifications and an explicit definition of the tem OPERABLE to encompass all such cases. These provisions have been formulated to assure that no set of equipment outages would be allowed to persist that would result in the facility being in an unprotected condition. These specifications are contained in the enclosed Model Technical Specifications. Illustrative examples of how these specifications apply are contained, in the associated Bases.

.Because of the importance of assuring safety system availability, the staff has concluded that all facility technical specifications should contain these requirements, and that appropriate procedures should be implemented to assure that the necessary records, such as plant logs or similar documents, are reviewed to determine compliance with these specifications

(1) promptly upon discovering a component, train, or subsystem to be inoperable, and

(2) prior to removing a component from service.

Therefore, we request that you

(1) submit proposed changes to your technical specifications, within 30 days, that incorporate the requirements of the enclosed Model Technical Specifications, and

(2) implement the above described procedures to assure compliance with your proposed changes within 30 days thereafter.

With regard to technical specification changes, we recognize that the terminology used in the enclosed Model Technical Specifications may not directly apply to plants without STS, therefore the OPERATIONAL MODE or CONDITION definitions are also included in the enclosure. If you do not have STS you should modify the terminology to make it consistent with your particular facility technical specifications.

If you have any questions, please contact us.

Sincerely,

Darrell G. Eisenhut, Acting Director Division of Operating Reactors Office of Nuclear Reactor Regulation

Enclosure:

Model Technical Specifications

.

Enclosure 1

MODEL TECHNICAL SPECIFICATIONS PRESSURIZED WATER REACTORS

1.0 DEFINITIONS OPERABLE - OPERABILITY

1.6 A system, subsystem, train, component or device shall be OPERABLE or have OPERABILITY when it is capable of performing its specified function(s).

Implicit in this definition shall be the assumption that all necessary attendant instrumentation, controls, normal and emergency electrical power sources, cooling or seal water, lubrication or other auxiliary equipment that are required for the system, subsystem, train, component or device to perform its function(s) are also capable of performing their related support function(s).

3/4 LIMITING CONDITIONS FOR OPERATION (GENERAL)

3/4.0 APPLICABILITY

LIMITING CONDITION FOR OPERATION

3.0.3 In the event a Limiting Condition for Operation and/or associated ACTION requirements cannot be satisfied because of circumstances in excess of those addressed in the specification, the unit shall be placed in at least HOT STANDBY within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , in at least HOT SHUTDOWN within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , and in at least COLD SHUTDOWN within the following 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months unless corrective measures are completed that permit operation under the permissible ACTION statements for the specified time interval as measured from initial discovery or until the reactor is placed in a MODE in which the specification is not applicable. Exceptions to these requirements shall be stated in the individual specifications.

3.0.5 When a system, subsystem, train, component or device is determined to be inoperable solely because its emergency power source is inoperable, or solely because its normal power source is inoperable, it may be considered OPERABLE for the purpose of satisfying the requirements of its applicable Limiting Condition for Operation, provided: 1) its corresponding normal or emergency power source is OPERABLE; and

(2) all of its redundant system(s),

subsystem(s), train(s), component(s) and device(s) are OPERABLE, or likewise satisfy the requirements of this specification. Unless both conditions

(1) and

(2) are satisfied, the unit shall be placed in at least HOT STANDBY within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , in at least HOT SHUTDOWN within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , and in at least COLD SHUTDOWN within the following 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . This specification is not applicable in MODES 5 or 6.

.3/4.0 APPLICABILITY

BASES

3.0.3 This specification delineates the ACTION to be taken for circumstances not directly provided for in the ACTION statements and whose occurrence would violation the intent of the specification. For example, Specification 3.5.1 requires each Reactor Coolant System accumulator to be OPERABLE and provides explicit ACTION requirements if one accumulator is inoperable. Under the terms of Specification 3.0.3, if more than one accumulator is inoperable, the unit is required to be in at least HOT STANDBY within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and in at least HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . As a further example, Specification 3.6.2.1 requires two Containment Spray Systems to be OPERABLE and provides explicit ACTION requirements if one spray system is inoperable: Under the terms of Specification 3.0.3, If both of the required Containment Spray Systems are inoperable, the unIt is required to be in at least HOT STANDBY within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , In at least HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in at least COLD SHUTDOWN In the next 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . It Is assumed that the unit is brought to the required MODE within the required times by promptly Initiating and carrying out the appropriate ACTION statement.

3.0.5 This specification delineates what additional conditions must be satisfied to permit operation to continue, consistent with the ACTION statements for power sources, when a normal or emergency power source is not OPERABLE. It specifically prohibits operation when one division is inoperable because its normal or emergency power source is inoperable and a system, subsystem, train, component or device in another division is inoperable for another reason.

The provisions of this specification permit the ACTION statements associated with individual systems, subsystems, trains, components, or devices to be consistent with the ACTION statements of the associated electrical power source. It allows operation to be governed by the time limits of the ACTION statement associated with the Limiting Condition for Operation for the normal or emergency power source, not the individual ACTION statements for each system, subsystem, train, component or device that is determined to be inoperable solely because of the inoperability of its normal or emergency power source.

For example, Specification 3.8.1.1 requires in part that two emergency diesel generators be OPERABLE. The ACTION statement provides for a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months out-of-service time when one emergency diesel generator is not OPERABLE. If the definition of OPERABLE were applied without consideration of Specification 3.0.5, all systems, subsystems, trains, components and devices supplied by the inoperable emergency power source would also be inoperable. This would dictate invoking the applicable ACTION statements for each of the applicable Limiting Conditions for Operation. However, the provisions of Specification 3.0.5 permit the time limits for continued operation to be consistent with the ACTION statement for the inoperable

.emergency diesel generator instead, provided the other specified conditions are satisfied. In this case, this would mean that the corresponding normal power source must be OPERABLE, and all redundant systems, subsystems, trains, components, and devices must be OPERABLE, or otherwise satisfy Specification 3.0.5 (i.e., be capable of performing their design function and have at least one normal or one emergency power source OPERABLE). If they are not satisfied, shutdown is required in accordance with this specification.

As a further example Specification 3.8.1.1 requires in part that two physically independent circuits between the offsite transmission network and the onsite Class IE distribution system be OPERABLE. The ACTION statement provides a 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months out-of-service time when both required offsite circuits are not OPERABLE. If the definition of OPERABLE were applied without consideration of Specification 3.0.5, all systems, subsystems, trains, components and devices supplied by the inoperable normal power sources, both of the offsite circuits, would also be inoperable. This would dictate invoking the applicable ACTION statements for each of the applicable LCOs. However, the provisions of Specification 3.0.5 permit the time limits for continued operation to be consistent with the ACTION statement for the inoperable normal power sources instead, provided the other specified conditions are satisfied. In this case, this would mean that for one division the emergency power source must be OPERABLE (as must be the components supplied by the emergency power source) and all redundant systems, subsystems, trains, components and devices in the other division must be OPERABLE, or likewise satisfy Specification 3.0.5 (i.e., be capable of performing their design functions and have an emergency power source OPERABLE). In other words, both emergency power sources must be OPERABLE and all redundant systems, subsystems, trains, components and devices in both divisions must also be OPERABLE. If these conditions are not satisfied, shutdown is required in accordance with this specification.

In MODES 5 or 6 Specification 3.0.5 is not applicable, and thus the individual ACTION statements for each applicable Limiting Condition for Operation in these MODES must be adhered to.

.

DEFINITION OF WESTINGHOUSE PWR OPERATIONAL MODES

REACTIVITY % RATED AVERAGE COOLANT MODE CONDITION, Keff THERMAL POWER* TEMPERATURE

1. POWER OPERATION => 0.99 => 5% => 350<deg>F

2. STARTUP => 0.99 < 5% => 350<deg>F

3. HOT STANDBY < 0.99 0 => 350<deg>F

4. HOT SHUTDOWN < 0.99 0 350<deg>F

> Tavg >

200<deg>F

5. COLD SHUTDOWN < 0.99 0 =< 200<deg>F

6. REFUELING** =< 0.95 0 =< 140<deg>F

Excluding decay heat.

- Reactor vessel head unbolted or removed and fuel in the vessel.

.

DEFINITION OF COMBUSTION ENGINEERING PWR OPERATIONAL MODES

REACTIVITY % OF RATED AVERAGE COOLANT OPERATIONAL MODE CONDITION, Keff THERMAL POWER* TEMPERATURE

1. POWER OPERATION => 0.99 > 5% => 300<deg>F

2. STARTUP => 0.99 =< 5% => 300<deg>F

3. HOT STANDBY < 0.99 0 => 300<deg>F

4. HOT SHUTDOWN < 0.99 0 300<deg>F

> Tavg 200<deg>F

5. COLD SHUTDOWN < 0.99 0 < 200<deg>F

6. REFUELING** =< 0.95 0 =< 140<deg>F

Excluding decay heat.

- Reactor vessel head unbolted or removed and fuel in the vessel.

.

DEFINITION OF BABCOCK & WILCOX PWR OPERATIONAL MODES

REACTIVITY % OF RATED AVERAGE COOLANT OPERATIONAL MODE CONDITION, Keff THERMAL POWER* TEMPERATURE

1. POWER OPERATION => 0.99 > 5% => 305<deg>F

2. STARTUP => 0.99 =< 5% => 305<deg>F

3. HOT STANDBY < 0.99 0 => 305<deg>F

4. HOT SHUTDOWN < 0.99 0 305<deg>F

> Tavg 200<deg>F

5. COLD SHUTDOWN < 0.99 0 < 200<deg>F

6. REFUELING** =< 0.95 0 =< 140<deg>F

Excluding decay heat.

- Reactor vessel head unbolted or removed and fuel in the vessel.

.

Enclosure 2

MODEL TECHNICAL SPECIFICATIONS BOILING WATER REACTORS

1.0 DEFINITION

OPERABLE - OPERABILITY

1.20 A system, subsystem, train, component or device shall be OPERABLE or have OPERABILITY when it is capable of performing its specified function(s).

Implicit in this definition shall be the assumption that all necessary attendant instrumentation, controls, normal and emergency electrical power sources, cooling or seal water, lubrication or other auxiliary equipment that are required for the system, subsystem, train, component or device to perform its function(s) are also capable of performing their related support function(s).

3/4 LIMITING CONDITIONS FOR OPERATION (GENERAL)

3/4.0 APPLICABILITY

LIMITING CONDITION FOR OPERATION

3.0.3 In the event a Limiting Condition for Operation and/or associated ACTION requirements cannot be satisfied because of circumstances in excess of those addressed in the specification, the unit shall be placed in at least HOT SHUTDOWN within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in COLD SHUTDOWN within the following 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months unless corrective measures are completed that permit operation under the permissible discovery or until the reactor is placed in an OPERATIONAL CONDITION in which the specification is not applicable. Exceptions to these requirements shall be stated in the individual specifications.

3.0.5 When a system, subsystem, train, component or device is determined to be inoperable soley because its emergency power source is inoperable, or solely because its normal power source is inoperable, It may be considered OPERABLE for the purpose of satisfying the requirements of its applicable Limiting Condition for Operation, provided:

(1) its corresponding normal or emergency power source is OPERABLE, and

(2) all of its redundant system(s),

subsystem(s), train(s), component(s) and device(s) are OPERABLE, or likewise satisfy the requirements of this specification. Unless both conditions

(1) and

(2) are satisfied, the unit shall be placed in at least HOT SHUTDOWN within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , and in at least COLD SHUTDOWN within the following 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . This specification is not applicable in Conditions 4 or 5.

.3/4.0 APPLICABILITY

BASES

3.0.3 This specification delineates the ACTION to be taken for circumstances not directly provided for in the ACTION statements and whose occurrence would violate the intent of the specification. For example, Specification 3.7.2 calls for two control room emergency filtration subsystems to be OPERABLE and provides explicit ACTION requirements if one subsystem is inoperable. Under the terms of Specification 3.0.3, if both of the required subsystems are inoperable, the unit is to be in at least HOT SHUTDOWN within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in COLD SHUTDOWN within the next 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . As a further example, Specification 3.6.6.1 requires two primary containment hydrogen recombiner systems to be OPERABLE and provides explicit ACTION requirements if one recombiner system is inoperable. Under the terms of Specification 3.0.3, if both of the required systems are inoperable, the unit is to be in at least HOT SHUTDOWN within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . It is assumed that the unit is brought to the required OPERATIONAL CONDITION within the required times by promptly initiating and carrying out the appropriate ACTION statement.

3.0.5 This specification delineates what additional conditions must be satisfied to permit operation to continue, consistent with the ACTION statements for power sources, when a normal or emergency power source is not OPERABLE. It specifically prohibits operation when one division is inoperable because its normal or emergency power source is inoperable and a system, subsystem, train, component or device in another division is inoperable for another reason.

The provisions of this specification permit the ACTION statements associated with individual systems, subsystems, trains components or devices to be consistent with the ACTION statements of the associated electrical power source. It allows operation to be governed by the time limits of the ACTION statement associated with the Limiting Condition for Operation for the normal or emergency power source, not the individual ACTION statements for each system, subsystem, train, component or device that is determined to be inoperable solely because of the inoperability of its normal or emergency power source.

For example, Specification 3.8.1.1 requires in part that all three emergency diesel generators be OPERABLE. The ACTION statement provides for a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months out-of-service time when emergency diesel generator (1A) or (1B) is not OPERABLE. If the definition of OPERABLE were applied without consideration of Specification 3.0.5. all systems, subsystems, trains, components and devices supplied by the inoperable emergency power source, diesel generator (1A) or (1B), would also be inoperable. This would dictate invoking the applicable ACTION statements for each of the applicable Limiting Conditions for Operation. However, the provisions of Specification 3.0.5 permit the time limits for continued operation to be consistent with the ACTION statement for the inoperable emergency diesel generator instead, provided the other specified conditions are satisfied. If they are not satisfied, shutdown is required in accordance with this specification.

.As a further example, Specification 3.8.1.1 requires in part that two physically independent circuits between the offsite transmission network and the onsite Class IE distribution system be OPERABLE. The ACTION statement provides a 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months out-of-service time when both required offsite circuits are not OPERABLE. If the definition of OPERABLE were applied without consideration of Specification 3.0.5, all systems, subsystems, trains, components and devices supplied by the inoperable normal power sources, both of the offsite circuits, would also be inoperable. This would dictate invoking the applicable ACTION statements for each of the applicable LCOs. However, the provisions of Specification 3.0.5 permit the time limits for continued operation to be consistent with the ACTION, statement for the inoperable normal power sources instead, provided the other specified conditions are satisfied. In this case, this would mean that for one division the emergency power source must be OPERABLE (as must be the components) supplied by the emergency power source) and all redundant systems, subsystems, trains, components and devices in the other division must be OPERABLE, or likewise satisfy Specification 3.0.5 (i.e., be capable of performing their design functions and have an emergency power source OPERABLE). In other words, both emergency power sources (1A) and (1B) must be OPERABLE and all redundant systems, subsystems, trains, components and devices In both divisions must also be OPERABLE. If these conditions are not satisfied, shutdown is required in accordance with this specification.

In Condition 4 or 5 Specification 3.0.5 is not applicable, and thus the individual ACTION statements for each applicable Limiting Condition for Operation in these Conditions must be adhered to.

.

DEFINITION OF BWR OPERATIONAL CONDITIONS

MODE SWITCH AVERAGE REACTOR CONDITION POSITION COOLANT TEMPERATURE

1. POWER OPERATION Run Any temperature

2. STARTUP Startup/Hot Standby Any temperature

3. HOT SHUTDOWN Shutdown > 212<deg>F

4. COLD SHUTDOWN Shutdown <= 212<deg>F

5. REFUELING* Shutdown or Refuel** <= 212<deg>F

Reactor vessel head unbolted or removed and fuel in the vessel.

- See Special Test Exception 3.10.3

v t e Clarification of the Term "Operable" As It Applies to Single Failure Criterion For Safety Systems Required by TS
04/10/1980
Other Generic Letters:	Category:Generic Letter
[Table view] Region 1 Beaver Valley (4 March 2023 - 4 March 2023) Calvert Cliffs (22 January 2019 - 22 January 2019) ~~FitzPatrick~~ ~~Ginna~~ ~~Hope Creek~~ Limerick (24 January 2011 - 24 January 2011) ~~Millstone~~ ~~Nine Mile Point~~ Peach Bottom (29 October 2019 - 29 October 2019) ~~Salem~~ Seabrook (24 April 2015 - 24 April 2015) Susquehanna (17 November 1997 - 17 November 1997) ~~Haddam Neck~~ ~~Indian Point~~ ~~Maine Yankee~~ ~~Oyster Creek~~ ~~Pilgrim~~ ~~Saxton~~ ~~Shippingport~~ ~~Shoreham~~ ~~Three Mile Island~~ Vermont Yankee (4 February 2003 - 4 February 2003) ~~Yankee Rowe~~ ~~Zion~~ Region 2 Browns Ferry (5 May 2011 - 15 September 2016) Brunswick (26 November 2017 - 26 November 2017) Catawba (9 August 2013 - 2 April 2020) ~~Clinch River~~ Farley (15 May 2017 - 23 August 2019) Harris (4 October 2007 - 18 February 2019) Hatch (16 March 2016 - 16 March 2016) ~~Lee~~ McGuire (9 November 2011 - 16 January 2019) ~~North Anna~~ ~~Oconee~~ ~~Robinson~~ ~~Saint Lucie~~ ~~Sequoyah~~ Summer (14 November 2002 - 25 February 2003) ~~Surry~~ Turkey Point (14 July 1995 - 3 December 2018) Vogtle (8 August 2017 - 8 August 2017) Watts Bar (20 March 2008 - 8 November 2023) ~~Crystal River~~ ~~Parr~~ Region 3 Braidwood (31 January 2012 - 26 October 2016) Byron (1 March 2010 - 10 September 2014) ~~Clinton~~ ~~Cook~~ ~~Davis Besse~~ ~~Dresden~~ ~~Fermi~~ ~~LaSalle~~ Monticello (25 July 2005 - 25 July 2005) ~~Palisades~~ Perry (5 April 2002 - 27 October 2023) Point Beach (15 May 2008 - 15 May 2008) Prairie Island (11 November 2005 - 22 June 2023) ~~Big Rock Point~~ ~~Duane Arnold~~ ~~Elk River~~ ~~Kewaunee~~ ~~La Crosse~~ Region 4 Arkansas Nuclear (14 February 2011 - 14 February 2011) Callaway (16 June 2006 - 18 April 2019) Columbia (6 March 2015 - 6 March 2015) Comanche Peak (25 January 2008 - 14 September 2023) ~~Cooper~~ ~~Diablo Canyon~~ ~~Grand Gulf~~ Palo Verde (17 November 2006 - 26 September 2017) Quad Cities (17 December 2023 - 17 December 2023) River Bend (4 August 2015 - 1 May 2017) ~~South Texas~~ ~~Sundesert~~ ~~Victoria~~ ~~Waterford~~ Wolf Creek (7 November 2006 - 28 June 2017) Fort Calhoun (20 February 2014 - 20 February 2014) ~~Fort Saint Vrain~~ ~~Hallam~~ ~~Humboldt Bay~~ ~~Rancho Seco~~ ~~San Onofre~~ ~~Trojan~~
https://www.nrc.gov/reading-rm/doc-collections/gen-comm/gen-letters/1980/gl80030.html

NRC Generic Letter 80-30, Clarification of the Term "Operable" As It Applies to Single Failure Criterion For Safety Systems Required by TS

Region 1

Region 2

Region 3

Region 4

text

Navigation menu

NRC Generic Letter 80-30, Clarification of the Term "Operable" As It Applies to Single Failure Criterion For Safety Systems Required by TS

text

Navigation menu

Search