NUREG-0411, Discusses Deficiencies in Design of Voltage Regulator Sys of Motor Generator Sets Which Supply Power to RPS Identified During Review of Hatch Unit 2

From kanterella
(Redirected from NUREG-0411)
Jump to navigation Jump to search
Discusses Deficiencies in Design of Voltage Regulator Sys of Motor Generator Sets Which Supply Power to RPS Identified During Review of Hatch Unit 2
ML20024G387
Person / Time
Site: Monticello, Hatch  Xcel Energy icon.png
Issue date: 08/07/1978
From: Ippolito T
Office of Nuclear Reactor Regulation
To: Mayer L
NORTHERN STATES POWER CO.
References
RTR-NUREG-0411, RTR-NUREG-411 NUDOCS 9102110409
Download: ML20024G387 (9)
v  d  e


Text

__

if

.o.

h

}

z Distribution focket ORB #3 Local PDR AUGUST 7 1978 TIppolito Docke t No. 50-203, "

1SSheppard.

4 RBevan

.~

q' /

Attorney, OELD'

'0I&E~(3)'

!!orthern States Power Co'pany

.DEisenhut.

.w

-ATTN: Mr. L. O. Mayer, Manager

'TBAbernathy" e.

2 Nuclear Surport Services "JRBuchanan W 414 Nicollet 1211 - 8th floor ACRS (16)

Hinneapolis,flinnesote 55401-D"W Gentlemen:

ilurinc the review of the E.1. Hatch Unit 2 nuclear power plant (Doctet i.e. bu-3Gl,), the IOC Statt icentified certain specific dehtiencies in the design of the voltage regulator system of. the motor generateE' sets which supply power to the reactor protection systenfesifelleemi (1) tnere were potential undetectable single cceponent failures which coulo adversely attect the operability of the reactor rrotectien syste ; enc (2) there is a postulated secuence of component maltunctions initiated ti) an earthquake which could adversely affect the operability et toe reactor protection system, both ni these oeficiencies are described in greater detail in attach-

nent (2) to this letter, which is an extract from the Hatch 2 Safety Evaluation Report (fiUREG-0411).1 We determined in the course et the Hatch 2 review that the safety problems associatea with the postulatec single failure could be remedied by additional.

surveillance; specitically, by assuring that the, output voltage of each reactor protection system motor-generator is checked to be 'within i 10W of the noriinal value, approximately every eight hours. Requirements for ~

such surveillance were imposeo as part of the Hatch,2 Technical Specift-W W

+

M cetions ( Attactraent 3).

Accordingly, provided the surveillance"s$ifo th in AttNhment l' 1's carr1Ed out, there is reasonable assurance that a, facility using _ a system _such as

-that used at Hatch 2 can be operated without endangering public4 heal.th and safety.

~

  • W g % :d ~ D, For Hatch 2, the licensee requested a d was ated an ~ exemption Itb seis:aic cesign renuirements for the period necessary to obtain and, i

^ S install quelifice cor:penent:,.

t t

Md[$h h w '

','y@.

OFFICE >

9102110409 780007 g-

  • u'***=*

PDR ADOCK 05000263 P

PDR

]

-l g

NRC FORM 318 (9 76) NRCM 0240 W u. a. novranuant ensurma oFrica, sere.- one.ea4 3

l b

i AUGUST 7 1978 korthern Statt s Power 2-Conpany Our records show that your reactor protection systera power supply system is of the same general design as that at Hatch 2.

However, it is not clear from such ti. formation whether the components actually installed et your f acility have the same qualification as those used at Hatch 2.

Moreover, it is not completely clear that system inter-action for your systeras will have the same adverse characteristics as that identified at Hatch 2.

For these reasons, you are hereby requested, pursuant to 10 CFR $

50.54(f), to evaluate your reactor protection systen power supply in light 01 the inter.+ tion set t orth in Attachwr,t 2 to dett mir.e:

vhether there is rotential for undetected single failures to acversely at tect the reactvr protec tion systera, anu whether there is a potential for the postulateo sequence of events initiated by an earthquake which could adversely af fect the reactor protection system. Your report should be filc<i within bu days of the date of this letter.

If you identity any nctessery or desircle facility r odifications er Technic 6l Specification chances, proposals to iraplenent such nottifications or c Morts shoulo acco7any your report.

In the interiN, prom;tly upon receipt of this letter, you snoula commence surveillance of the reactor protection systen power supply as set forth in Attccirent 1 t+reto.

Such surveillance should be continued until othereise cirected er aut horized by URC.

Sincerely, 1 Original signed by Thomas A. Ippolito, Chiet Operating Reactors Branch n Division of Operating Reactors

Enclosures:

1.

Surveillence Prograr 2.

Extract trom Safety Evalua tion F.cport 3.

Extract tron Hatch 2 Technical Specifications cc w/ enclosures:

See next page omc =

  • 13_.

ORp3.

f van:mj f a po i so ou....*

8/ \\ /78 l 8/ I /78 NRC FORM 318 (9 76) NRCM 0240 W u. a. aovsanuswr ramtme omes, i.7e - eae.saa

Northern States Power Company AUGUST 7 5m CC Gerald Charnof f, Esquire -

The Environmental Conservation Litrary Shaw, Pittman, Potts and Minneapolis Public Library Trowbridge 300 Nicollet Mall 1800 M Street, N. W.

Minneapolis, Minnesota 55401 Washington, D. C.

20036 1

Arthur Renquist, Esquire Vice President - Law Northern States Power Company 414 Nicollet Mall l

Minneapolis, Minnesota 55401 Mr. L. R. Eliason Plant Manager Monticello Nuclear Generating Plant Northern States Power Company Monticell o,11innesota 55362 Russell J. Hatling, Chairnan Minnesota Environmental Control Citizens Association (MEC:A)

Energy Task Force 144 Melbourne Avenue, S. E.

Minneapolis, Minnesota 55414 Mr. Kenneth D ugan Environmental Planning Consultant Office of City Planner 3

Grace Building 421 Wabasha Street St. Paul, flinnesota 55102 Sandra S. Gardebrin'g Executive Director Minnesota Pollution Control Agency 1935 U. County Road E2 Roseville, Minnesota 55113 Mr. Steve Gadler 2120 Carter Avenue St. Paul, tiinnesota 5510c Anthony Z. Roismen Natural Resources Defense Council 917 15th Strec-t, N.,

U3shirrt-. :

2 : c "'

e f

Attachment i Surveillance Program (1) The output voltage and current of each reactor protection system motor-generator set shall be logged once per shift; (2) A motor-generator set shall be removed from service if the output voltage is not within +10% of its non.inal valve and cannot be adjusted to fall within this band; (3) The protective over-voltage and under-voltage relays and the under-fre-quence relay shall be calibrated initially at least once every six months, and after an operating basis earthquake.

The tripping logic and the generator output breaker shall be functionally tested as a part of'the calibration of these relays. The voltage setpoints shall be within the range specified in Requirement (2) above and the frequency setpoint shall be greater than or equal to 57 Hertz; and i

1 (4) A protection system functional. test shall be conducted upon discovery of a condition beyond the limits of Requirement (2) above.

This test shall include all Class IE loads which are connected to the buses.

.h"

Extract From safety Evaluation Report

~

~

Related to Operation of E. I. Hatch N;1 clear Plant, Unit 2 Docket 50-266, June 1978 The design of the Hatch Unit 2 reactor protection system power supply is essentially the same as that of previously-licensed BWR reactors.

The protection system power supply corists vi two high-inertia alter-nating current motor-generator sets.

During our review of the Hatch Unit 2 operating license application, we questioned the adequacy of protection afforded Class IE reactor pro-tection system against possible sustained over-voltage or under-voltage conditions from the non-Class IE reactor protection system power supply.

Specifically, we questioned the capability of the reactor protection system power _ supply to accommodate (1) postulated single failures and (2) tae effects of earthquakes without jeopardizing the capability of the reactor protection system to perform its intended safety function.

Criterion 21 of the General Design Criteria requires in part that the redundancy and independence designed into the reactor protection system be sufficient to assure that no single failure results in loss of the i

protection function.

In applying the single failure criterion to a i

specific design, we assume that all potential undetectable failures are in their failed mode (Appendix 7A of the Standard Review Plan) before the occurrance of the postulated detectable single failure which (in a system meeting the single criteri

) will not disable the protection function.

Fo' the Hatch Unit 2 reactor protection system power supply, a single undetected failure of an output voltage sensor for either motor-generator set could be oostulated that would allow the generator output voltage to remain outside the voltage rating (range) of the connected Class IE loads.

Such an abnormal voltage, resulting from a possibie failure in the motor-generator set voltage regulating circuitry, if persisting for a sufficient time, could result in damage to the reactor protection system components with the attendant potential loss of capability to scram the olant.

IEEE Standard 379-1977, "IEEE Standard Application of the Single-Failure Criterion to Nuclear power Genercting Station IE Systems," provides that an otherwise undetectable failure may be deemed detectable by means of appropriate surveillance and/or testing.

To ensure that failure of the non-Class IE reactor protection system power supply will not cause adverse interaction to the Class IE reactor protection system, the follow-ing requirsments will be included in the Technical Specifications to ensure the timely detection of failures due to sustained over-voltage or under-voltage conditions:

I

~

(1) ~ Theroutput voltage and current of each reactor protection-system.

motor-generator set shall be logged once per shift; j

(2) A motor-generator set shall be removed from service if the output voltage exceeds 132 volts AC or is less than 108 volts and cannot be adjusted to fall within this band, (3) The protective over-voltage and under-voltage relays and the under-frequency relay shall be calibrated before initial plant startup, at least once every six months, and after an operating basis earth-quake.

The tripping logic and the generator output breaker shall be functionally tested as a part of the calibration of these relays.

The voltage setpoints shall be within the range specified in Require-ment.(2) above and the frequency setpoint shall be greater than cr equal to 57 Hertz; and (4) A protection system functional test shall be conducted upon dis-covery_ of a condition beyond the limits of Requirement (2) above.

This test shall include all Class IE loads which are connected to the buses, i

We conclude that these Technical Specification requirements-will ensure the timely detection of failures due to sustained over-voltage or under-voltage conditions.

We also conclude that with these Technical Specifi-l cation requirements, the reactor protection system power supply conforms to the provisions of IEEE Standard 379-1977 and, therefore, satisfies the applicable requirements of Criterion 21 of the General Design Criteria.

Criterion 2 of the General Design Criteria requires in part that systems important to safety, such as the reactor protection system, be designed to withstand the effects of earthquakes.

The Hatch Unit 2 reactor protection system is a Class IE system, hence it is seismic Category I.

The reactor protection system ~ power supply, however, is not seismically qualified.

We have determined that a sequence of events initiated by an earthquake can be postulated which could result in damage to the reactor protection system conponents with the attendant potential loss of capability to scram the plant. This sequence of events includes (a) the occurrence of an earthquake that would cause the undetected failure of a voltage sensor, (b) the failure of the motor-generator set resulting in abnormal output voltage, (c) persistence of the abnormal output voltage undetected by visual observation and surveillance testing for a time sufficient to damage reactor protection system components, and (d) failure of these components in such a manner that results in loss of scram capability (instead of in the fail-safe mode).

F

3-8 Therefore, we require that, prior to startup following the first scheduled refueling outage, the applicant install;a Class IE system approved by us capable of de-energizing the reactor protection system power supply when its output voltage exceeds or falls below limits within which the equipment being powered from the power supply has been designed and qual -

ified to operate continuously and without degradation, With such a system, the reactor protection system power supply design will be in conformance with the applicable requirements of Criterion 2 of Appendix A to 10 CFR Part 50.

The operating license will be conditioned accordingly.

i 6

e 4

t

m l-Ext :t from Hatch 2 Technical Spec' 9 cations ELECTRICAL POWER SYSTEMS l

3/4.8.2 ONSITE POWER DISTRIBUTION SYSTEMS 3

A.C. DISTRIBUTION - OPERATING l

j LIMITING CONDITION FOR OPERATION 3.8.2.1 The followin motor-generator (M3) g A.C. distribution system buses, inverters and sets shall be OPERABLE with breakers open between redundant buses:

a.

4160 volt Essential Buses 2E, 2F and 2G, b.

600 volt Essential Buses 2C and 20, c.

120/208 volt Essential Cabinets 2A and 2B, d.

120/208 volt Instrument Buses 2A and 2B, e.

A.C. inverters 2R44-S002 and 2R44-S003, and ji f.

If in service, Reactor Protection System instrumentation MG sets 2A and 28.

APPLICABILITY:

CONDITIONS 1, 2 and 3.

ACTION:

i:

a.

With one of the above required A.C. distribution system buses or inverters inoperable, restore the inoperable bus or inverter to OPEPABLE status within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> or be in at least HOT SHUTOC',.'N within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> and in COLD SHUTDOWN within the fol-4 lowing 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

b.

With two or more of the above required A.C. distribution system buses or inverters inoperable, restore at least all except one of the inoperable buses and inverters to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> or be in at least HOT SHUTDOWN within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> and in COLD SHUTDOWN within the following 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

c.

With RPS instrumentation MG set 2A and/or 2B voltage outside the range of 108 to 132 VAC, demonstrate the OPERABILITY of all equipment which could have been subjected to the abnormal voltage for all Class IE loads connected to the associated bus (es) by performance of a CHANNEL FUNCTIONAL TEST or CHANNEL CALIBRATION, as required, within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

d.

With RPS instrumentation MG set 2A and/or 2B inoperable, restore the inoperable MG set (s) to OPERABLE status within 30 minutes or remove the inoperable MG set (s) from service.

HATCH - UNIT 2 3/4 8-10 a

? ".

q

i.

d ELECTRICAL POWER SYSTEMS A.C. DISTRIBUTION-SHUTDOEi s.._. c

. CIMITING7 CONDITION.FOR OPERATION i

3.8.2.2 As a minimum, the following A.C. distribution system buses, l

inverters and motor-generator (MG) sets shall be OPERABLE:

Two 4160 volt Essential Buses, 2E, 2F and/or 2G, a.

b.

One 600 volt Essential Bus, 2C or 20, c.

One 120/208 volt Essential Cabinet, 2A or 2B, l

d.

One 120/208 volt Instrument Bus, 2A or 2B,

)

l A.C. inverters 2R44-5002 and 2R44-5003", and c.

f.

If in service, Reactor Protection System instrumentation J

MG sets 2A and 28.

ADPLICABILITY:

CONDITIONS 4 and 5.

ACTION:

With less than the above required A.C. distribution system

[

a.

buses and inverters OPERABLE, suspend all operations involving CORE ALTEPATIONS, irradiated fuel handling, positive reactivity changes or operations that have the potential of draining the t

reactor vessel.

The provisions of Specification 3.0.3 are not applicable.

I With RPS instrumentation MG set 2A and/or 2B voltage outside b.

the range of 108 to 132 VAC, demonstrate the OPERABILITY of all equipment which could have been subjected to the abnormal voltage f6r all Class IE loads connected to the associated bus (es) by performance of a CHANNEL FUNCTIONAL TEST or CHANNEL CALIBRATION, as required, within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

With RPS instrumentation MG set 2A and/or 2B inoperable, restore c.

the inoperable MG set (s) to OPERABLE status within 30 minutes or remove the inoperable MG set (s) from service.

SURVEILLANCE REOUIREMENTS 4.8.2.2 At least the above required A.C. distribution system buses, inverters and MG sets shall be determined OPERABLE per Specifications

4. S. 2.1.1 and 4. 8. 2.1. 2.

HATCH - UNIT 2 3/4 8-12 I

.,I

-..

Retrieved from "https://kanterella.com/w/index.php?title=NUREG-0411,_Discusses_Deficiencies_in_Design_of_Voltage_Regulator_Sys_of_Motor_Generator_Sets_Which_Supply_Power_to_RPS_Identified_During_Review_of_Hatch_Unit_2&oldid=4623620"