Text

Attachment 2 - McGuire Technical Specification 3.8.1 Bases Marked Up Pages
	ML18191A545
Person / Time
Site:	Mcguire, McGuire
Issue date:	07/10/2018
From:	; Duke Energy Carolinas
To:	; Office of Nuclear Reactor Regulation
Shared Package
ML18192A002	List: ML18191A545; RA-18-001, Attachment 2 - McGuire Technical Specification 3.8.1 Bases Marked Up Pages; RA-18-001, McGuire Nuclear Station, Units 1 and 2 - Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating.; RA-18-0015, Supplement to License Amendment Request Proposing Changes to Catawba and McGuire Technical Specification 3.8.1, AC Sources - Operating.;
References
	RA-18-0015
	Download: ML18191A545 (38)
	v • d • e

Attachment 2 RA-18-0015 Attachment 2 McGuire Technical Specification 3.8.1 Bases Marked Up Pages (For Information Only)

AC Sources-Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources-Operating BASES BACKGROUND The unit Essential Auxiliary or Class 1 E AC Electrical Power Distribution System AC sources consist of the offsite power sources (preferred power sources, normal and alternate(s)), and the onsite standby power sources (Train A and Train B diesel generators (DGs)). As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1 ), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems. The onsite Class 1 E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed.

Each train has connections to two preferred offsite power sources and a single DG. At the 600V level of the onsite Class 1 E AC Distribution System, there are two motor control centers {MCC) per train {for a total of four MCCs) that supply all of the shared systems on both units. The MCCs 1 EMXG and 1 EMXH supply Train A shared systems. The MCCs 2EMXG and 2EMXH supply Train B shared systems. The term shared systems is defined as the shared components of Train A or Train B of Nuclear Service Water System {NSWS), Control Room Area Ventilation System {CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES).

The MCCs 1 EMXG and 1 EMXH are normally aligned to receive power from load centers 1 ELXA (1 EMXH) and 1 ELXC {1 EMXG) but if desired or required to maintain operability of the Train A shared systems. can be swapped to receive power from load centers 2ELXA {1 EMXH) and 2ELXC (1 EMXG). The MCCs 2EMXG and 2EMXH are normally aligned to receive power from load centers 2ELXB (2EMXH) and 2ELXD (2EMXG) but if desired or required to maintain operability of the Train B shared systems, can be swapped to receive power from load centers 1 ELXB (2EMXH) and 1 ELXD (2EMXG). There are also provisions to accommodate the connecting of the Emergency Supplemental Power Source (ESPS) to one train of either unit's Class 1 E AC Distribution System. The ESPS consists of two 50% capacity non-safety related commercial grade DGs. Manual actions are required to align the ESPS to the station and only one of the station's four onsite Class 1 E Distribution System trains can be supplied by the ESPS McGuire Units 1 and 2 B 3.8.1-1 Revision No. 44a BASES AC Sources-Operating B 3.8.1 BACKGROUND (continued) at any given time. ifhe ESPS is made available to support extended Completion Times in the event of an inoperable DG as well as a in-depth s0ur:ce of AC power to mitigate a station blackout event. l!he ESPS would remain disconnected from the Class 1 E AC Distribution System unless requil'ied for supplemental power to one of the four 4.16 kV ESF buses. Offsite power is supplied to the unit switchyard( s) from the transmission network by two transmission lines. From the switchyard(s), two electrically and physically separated circuits provide AC power, through step down station auxiliary transformers, to the 4.16 kV ESF buses. A detailed description of the offsite power network and the circuits to the Class 1 E ESF buses is found in the UFSAR, Chapter 8 (Ref. 2). A qualified offsite circuit consists of all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1 E ESF bus(es). The offsite transmission systems normally supply their respective unit's onsite power supply requirements.

However, in the event that one or both buslines of a unit become unavailable, or by operational desire, it is acceptable to supply that unit's offsite to onsite power requirements by aligning the affected 4160V bus of the opposite unit via the standby transformers, SAT A and SATB in accordance with Regulatory Guides 1.6 and 1.81 (Ref. 12 and 13). In this alignment, each unit's offsite transmission system could simultaneously supply its own 4160V buses and one (or both) of the buses of the other unit.

Although a single auxiliary transformer (1ATA, 1ATB, 2ATA, 2ATB} is sized to carry all of the auxiliary loads of its unit plus both trains of essential 4160V loads of the opposite unit, the LCO would not be met in this alignment due to separation criteria.

Each unit's Train A and B 4160V bus must be derived from separate offsite buslinesqualified offsite circuits. The first offsite power supplyqualified offsite circuit can be derived from any of the four buslines (1A, 1 B, 2A, or 28). The second offsite po 1.e1er supplyqualified offsite circuit must not derive its power from the same busline qualified offsite circuit as the first. Additionally, the Train A and Train B Class 1 E AC Distribution Systems providing power to the Train A and Train B shared systems must not derive their power from the same qualified offsite circuit. McGuire Units 1 and 2 B 3.8.1-2 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 BACKGROUND (continued)

Acceptable train and unit specific breaker alignment options are described below: Unit 1 A Train 1. BL 1A-1ATA-1TA-1ATC-1ETA

2. BL 1B-1ATB-1TA-1ATC-1ETA

3. BL 1A-1ATA-1TC-SATA-1ETA

4. BL 1B-1ATB-1TC-SATA-1ETA

5. BL2A-2AT A-2TC-SAT A-1 ET A 6. BL2B-2ATB-2TC-SATA-1ETA Unit 1 B Train 1. BL 1 B-1ATB-1TD-1ATD-1 ETB 2. BL 1A-1ATA-1TD-1ATD-1 ETB 3. BL 1B-1ATB-1TB-SATB-1ETB

4. BL 1A-1ATA-1TB-SATB-1ETB

5. BL2B-2ATB-2TB-SATB-1 ETB 6. BL2A-2AT A-2TB-SATB-1 ETB Unit 2 A Train 1. BL2A-2AT A-2T A-2ATC-2ET A 2. BL2B-2ATB-2TA~2ATC-2ETA

3. BL2A-2AT A-2TC-SAT A-2ET A 4. BL2B-2ATB-2TC-SAT A-2ET A 5. BL 1A-1ATA-1TC-SATA-2ETA

6. BL 1B-1ATB-1TC-SATA-2ETA Unit 2 B Train 1. BL2B-2ATB-2TD-2ATD-2ETB

2. BL2A-2AT A-2TD-2ATD-2ETB

3. BL2B-2ATB-2TB-SATB-2ETB

4. BL2A-2AT A-2TB-SATB-2ETB

5. BL 1B-1ATB-1TB-SATB-2ETB

6. BL 1 A-1 AT A-1 TB-SATB-2ETB Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the transformer supplying offsite power to the onsite Class 1 E Distribution System. Typically (via accelerated sequencing), within 1 minute after the initiating signal is received, all loads needed to recover the unit or maintain it in a safe condition are returned to service. McGuire Units 1 and 2 B 3.8.1-3 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 BACKGROUND (continued)

The onsite standby power source for each 4.16 kV ESF bus is a dedicated DG. DGs A and Bare dedicated to ESF buses ETA and ETB, respectively.

A DG starts automatically on a safety injection (SI) signal (i.e., low pressurizer pressure or high containment pressure signals) or on an ESF bus degraded voltage or undervoltage signal (refer to LCO 3.3.5, "Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation").

After the DG has started, it will automatically tie to its respective bus after offsite power is tripped as a consequence of ESF bus undervoltage or degraded voltage, independent of or coincident with an SI signal. The DGs will also start and operate in the standby mode without tying to the ESF bus on an SI signal alone. Following the trip of offsite power, a sequencer strips loads from the ESF bus. When the DG is tied to the ESF bus, loads are then sequentially connected to its respective ESF bus by the automatic load sequencer.

The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading the DG by automatic load application.

In the event of a loss of preferred power, the ESF electrical loads are automatically connected to the DGs in sufficient time to provide for safe reactor shutdown and to mitigate the consequences of a Design Basis Accident (DBA) such as a loss of coolant accident (LOCA). Certain required unit loads are returned to service in a predetermined sequence in order to prevent overloading the DG in the process. Typically (via accelerated sequencing), within 1 minute after the initiating signal is received, all loads needed to recover the unit or maintain it in a safe condition are returned to service. Ratings for Train A and Train B DGs satisfy the requirements of Regulatory Guide 1.9 (Ref. 3). The continuous service rating of each DG is 4000 kW with 10% overload permissible for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months in any 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. The ESF loads that are powered from the 4.16 kV ESF buses are listed in Reference

2. APPLICABLE The initial conditions of DBA and transient analyses in the UFSAR, SAFETY ANALYSES Chapter 6 (Ref. 4) and Chapter 15 (Ref. 5), assume ESF systems are OPERABLE.

The AC electrical power sources are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System (RCS), and containment design limits are not exceeded.

These limits are discussed in more detail in the Bases for Section 3.2, Power Distribution Limits; Section 3.4, Reactor Coolant System (RCS); and Section 3.6, Containment Systems. McGuire Units 1 and 2 B 3.8.1-4 Revision No. 44a BASES AC Sources-Operating B 3.8.1 APPLICABLE SAFETY ANALYSES (continued)

LCO The OPERABILITY of the AC electrical power sources is consistent with the initial assumptions of the Accident analyses and is based upon meeting the design basis of the unit. This results in maintaining at least one train of the onsite or offsite AC sources OPERABLE during Accident conditions in the event of: a. An assumed loss of all offsite power or all onsite AC power; and b. A worst case single failure. The AC sources satisfy Criterion 3 of 10 CFR 50.36 (Ref. 6). Two qualified circuits between the offsite transmission network and the onsite Class 1 E Electrical Power System and separate and independent OGs for each train ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an anticipated operational occurrence (AOO) or a postulated OBA. Additionally, the qualified circuit(s) between the offsite transmission network and the opposite unit onsite Essential Auxiliary Power System when necessary to power shared systems and the opposite unit OG(s) when necessary to power shared systems ensure availability of the required power to shut down the reactor and maintain it in a safe shutdown condition after an AOO or a postulated OBA. Qualified offsite circuits are those that are described in the UFSAR and are part of the licensing basis for the unit. In addition, one required automatic load sequencer per train must be OPERABLE. Each offsite circuit must be capable of maintaining rated frequency and voltage, and accepting required loads during an accident, while connected to the ESF buses. The 4.16 kV essential system is divided into two completely redundant and independent trains designated A and B, each consisting of one 4.16 kV switchgear assembly, two 4.16 kV/600 V load centers, and associated loads. Normally, each Class 1 E 4.16 kV switchgear is powered from its associated non-Class 1 E train of the 6.9 kV Normal Auxiliary Power System as discussed in "6.9 kV Normal Auxiliary Power System" in Chapter 8 of the UFSAR (Ref. 2). Additionally, an alternate source of McGuire Units 1 and 2 B 3.8.1-5 Revision No. 44a BASES LCO ( continued)

AC Sources-Operating B 3.8.1 power to each 4.16 kV essential switchgear is provided from the 6.9 kV system via a separate and independent 6.9/4.16 kV transformer.

Two transformers are shared between units and provide the capability to supply an alternate source of power to each unit's 4.16 kV essential switchgear from either unit's 6.9 kV system. A key interlock scheme is provided to preclude the possibility of connecting the two units together at either the 6.9 or 4.16 kV level. Each train of the 4.16 kV Essential Auxiliary Power System is also provided with a separate and independent emergency diesel generator to supply the Class 1 E loads required to safely shut down the unit following a design basis accident.

Each DG must be capable of starting, accelerating to rated speed and voltage, and connecting to its respective ESF bus on detection of bus undervoltage.

This will be accomplished within 11 seconds. Each DG must also be capable of accepting required loads within the assumed loading sequence intervals, and continue to operate until offsite power can be restored to the ESF buses. These capabilities are required to be met from a variety of initial conditions such as DG in standby with the engine hot and DG in standby with the engine at ambient conditions.

Additional DG capabilities must be demonstrated to meet required Surveillance, e.g., capability of the DG to revert to standby status on an ECCS signal while operating in parallel test mode. Proper sequencing of loads is a function of Sequencer OPERABILITY.

Proper load shedding is a function of DG OPERABILITY.

Proper tripping of non-essential loads is a function of AC Bus OPERABILITY (Condition A of Technical Specification 3.8.9). The AC sources in one train must be separate and independent (to the extent possible) of the AC sources in the other train. For the DGs, separation and independence are complete. LCO 3.8.1.c and LCO 3.8.1.d both use the word "necessary" to clarify when and how to apply these LCOs on a per unit basis. The word "necessary" clarifies that the qualified offsite circuit{s) in LCO 3.8.1.c and the DG{s) from the opposite unit in LCO 3.8.1.d are aligned to the opposite unit Onsite Essential Auxiliary Power System that is supplying power to a train of shared systems. LCO 3.8.1.c specifies that the qualified circuit{s) between the offsite transmission network and the opposite unit's Onsite Essential Auxiliary Power System be OPERABLE when necessary to supply power to the shared systems. LCO 3.8.1.d specifies that the DG{s) from the opposite unit be OPERABLE when necessary to supply power to the shared systems. The qualified offsite circuit necessary to supply power to one train of shared systems must be separate and independent (to the extent possible) of the qualified circuit which provides power to the other train of McGuire Units 1 and 2 B 3.8.1-6 Revision No. 44-a BASES LCO ( continued)

AC Sources-Operating B 3.8.1 snared systems. These requirements.

in conjunction with the requirements for the applicable unit AC electrical power sources irn LCO 3.8.1.a and LCO 3.8.1.b. ensure that power is availaole to two trains of the shared NSWS. CRA VS. CRACWS and ABFVES. For example, with both units in MODE 1, the normal power alignment per plant procedures with no inoperable equipment is to have the Train A shared systems powered from Unit 1 (1 EMXG and 1 EMXH) arnd the Train B shared systems powered from Unit 2 (2EMXG and 2EMX H). In this normal alignment.

Unit 1 LCO 3.8.1.c is met by an OPERABLE 28 offsite circuit and LCO 3.8.1.d is met by an OPERABLE 28 DG. Since the 2A offsite circuit and 2A DG are not necessary to supply power to a train of shared systems in the normal p0wer alignment, they are not Unit 1 LCO 3.8.1.c and LCO 3.8.1.d AC sourrces for this example. For Unit 2 1 LCO 3.8.1.c is met by an OPERABLE 1A offsite circl!lit and LCO 3.8.1.d is met by an OPERABLE 1 A DG. Since the 1 B offsite circuit and 1 B DG are not necessary to supply power to a train of shared systems in the normal power alignment, they are not Unit 2 LCO 3.8.1.c and LCO 3.8.1.d AC sources for this example. Another power alignment per plant procedures with no inoperable equipment is to have the r rain A shared systems powered from Unit 1 and the Train B shared systems also p owered from Unit 1. In this normal alignment, Unit 2 LCO 3.8.1.c is met by both an OPERABLE 1A offsite circuit and an OPERABLE 1 B offsite circuit. Unit 2 LCO 3.8.1.d is met by both an OPERABLE 1 A DG and an OPERABLE 1 B DG. Similarly.

the Train A and Train B shared systems can both be powered from Unit 2. In this off-normal alignment, Unit 1 LCO 3.8.1.c is met by both an OPERABLE 2A offsite circuit and an OPERABLE 28 offsite circuit. Unit 1 LCO 3.8.1.d is met by both an'OPERABLE 2A DG and an OPERABLE 28 DG. Both normal and emergency power must be OPERABLE for a shared component to be OPERABLE. If normal or emergency po 1.*1er supplying a shared component becomes inoperable , then the Required Actions of the affected shared component LCO must be entered independently

f.or each unit that is in the MODE of applicability of the shared component LCO. The shared component LCOs are: 3.7.7 Nuclear Service 'Nater System (NS'A'S), 3.7.Q Control Room Area Ventilation System (CRJWS), 3.7.10 Control Room Area Chilled 'Nater System (CRACWS), and 3.7.11 Awdliary Building Filtered \43ntilation Exhaust System (ABFVES).

McGuire Units 1 and 2 B 3.8.1-7 Revision No. 44a BASES APPLICABILITY ACTIONS AC Sources-Operating B 3.8.1 The AC sources and sequencers are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that: a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and b. Adequate core cooling is provided and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA. A Note has been added taking exception to the Applicability requirements for the required AC sources in LCO 3.8.1.c and L,;CO 3.'8.1.d provided the associated shared systems are inoperable. "fhis exception is intended to allow declaring the shared systems supported oy the opposite unit inoperable either in lieu of declaliim:1 the opposite unit AC sources inoperable, or at any time subsequent to enteliing ACTIONS for an inoperable opposite unit AC source. This exception is acceptable since, with the shared systems supported by the opposite unit inoperable and the associated ACTIONS eratered, the opposite unit AC sources provide no additiornal assurarnce of meeting the above criteria.

The AC power requirements for MODES 5 and 6 are covered in LCO 3.8.2, "AC Sources-Shutdown." A Note prohibits the application of LCO 3.0.4.b to an inoperable DG. There is an increased risk associated with entering a MODE or other specified condition in the Applicability with an inoperable DG and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.

To ensure a highly reliable power source remains with one LCO 3.8.1.a offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuit~ on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition GG , for two offsite circuits inoperable , is entered. McGuire Units 1 and 2 B 3.8.1-8 Revision No. ++a BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

Required Action A.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function of critical redundant required features. These features are powered from the redundant AC electrical power train. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three independent AFW pumps are required to ensure the availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis.

The Completion Time for Required Action A.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both: a. The train has no offsite power supplying its loads; and b. A required feature on the other train is inoperable.

If at any time during the existence of Condition A ( one LCO 3.8.1.a offsite circuit inoperable) a redundant required feature subsequently becomes inoperable, this Completion Time begins to be tracked.

Discovering no offsite power to one train of the onsite Class 1 E Electrical Power Distribution System coincident with one or more inoperable required support or supported features, or both, that are associated with the other train that has offsite power, results in starting the Completion Times for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

The remaining OPERABLE offsite circuit§. and DGs are adequate to supply electrical power to Train A and Train B of the onsite Class 1 E Distribution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the component OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. McGuire Units 1 and 2 B 3.8.1-9 Revision No. 44a BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition A for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one offsite circuit inoperable, the reliability of the offsite system is degraded , and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period. The second Completion Time for Required Action A.3 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. If Condition A is entered while, for instance, a LCO 3.8.1.b DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months 14 days. This could lead to a total of 14<<1 hours17 days , since initial failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months s14 days (for a total of 8-.fil_days) allowed prior to complete restoration of the LCOLCOs 3.8.1.a and 3.8.1.b. The e-1L day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently.

The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and e-1L day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met. As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCOLCO 3.8.1.a or LCO 3.8.1.b was initially not met, instead of at the time Condition A was entered. It is required to administratively verify the LCO 3.8.1.d DG(s) OPERABLE within one hour and to continue this action once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter McGuire Units 1 and 2 B 3.8.1-10 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 ACTIONS (continued) until restoration of the required LCO 3.8.1.lb DG(s) is accomplished.

This verification p,rovides assurance that the LCO 3.8.1.d DG is capable of supplying the onsite Class 1 E AC El~ctrical Power Distribution System. To ensure a highly reliable power source remains with an inoperable LCO 3.8.1.b DG, it is necessary to verify the availability of the required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable.

Upon offsite circuit inoperability , additional Conditions and Required Actions must then be entered. Required Action B.2--~is intended to provide assurance that a loss of offsite power, during the period that a LCO 3.8.1.b DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes motor driven auxiliary feedwater pumps. The turbine driven auxiliary feedwater pump is required to be considered a redundant required feature, and, therefore, required to be determined OPERABLE by this Required Action. Three independent AFW pumps are required to ensure the availability of decay heat removal capability for all events accompanied by a loss of offsite power and a single failure. System design is such that the remaining OPERABLE motor driven auxiliary feedwater pump is not by itself capable of providing 100% of the auxiliary feedwater flow assumed in the safety analysis.

Redundant required feature failures consist of inoperable features associated with a train, redundant to the train that has an inoperable LCO 3.8.1.b DG. The Completion Time for Required Action B.2--~is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both: a. An inoperable LCO 3.8.1.b DG exists; and b. A required feature on the other train (Train A or Train B) is inoperable.

McGuire Units 1 and 2 B 3.8.1-11 Revision No. 44-a-BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

If at any time during the existence of this Condition (one LCO 3.8.1.b DG inoperable) a required feature subsequently becomes inoperable, this Completion Time would begin to be tracked. Discovering one required LCO 3.8.1.b DG inoperable coincident with one or more inoperable required support or supported features, or both, that are associated with the OPERABLE DG, results in starting the Completion Time for the Required Action. Four hours from the discovery of these events existing concurrently is Acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DG§ and offsite circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. Thus, on a component basis, single failure protection for the required feature's function may have been lost; however, function has not been lost. The 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. B.34.1 and B.34.2 Required Action B.~.1 provides an allowance to avoid unnecessary

I testing of OPERABLE DG(s). If it can be determined that the cause of the inoperable DG does hot exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed.

If the cause of inoperability exists on other DG( s ), the other DG( s) would be declared inoperable upon discovery and Condition E and/or I of LCO 3.8.1 , as applicable, would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action B:~.1 is satisfied.

If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG( s ), performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG. In the event the inoperable DG is restored to OPERABLE status prior to completing either B.~.1 or B.~.2. the problem investigation process will continue to evaluate the common cause possibility.

This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition B. These Conditions are not required to be entered if the inoperability of the DG is due to an inoperable support system, an independently testable component, or preplanned testing or maintenance.

If required, these McGuire Units 1 and 2 B 3.8.1-12 Revision No. 445 BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

Required Actions are to be completed regardless of when the inoperable DG is restored to OPERABLE status. According to Generic Letter 84-15 (Ref. 8), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG. In order to extend the Completiorn fime for an inoperable DG from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days, it is necessary to ensufie tt:le availability of the ESPS prior to entering tlile extended Completion Time of Required Action B.6 (i.e., 14 days) and every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter.

The "extended Completion Time of ACTION B.6" is defirned as 14 days. ESPS availability requires that: 1) The load test has been performed within 30 days of entry into the extended Completion Time. rrne Required Action evaluation is met with an administrative venification of ~his prior to testing: and 2) ESPS fuel tank level is verified locally to be 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months supply: and 3) ESPS supporting system parameters for starting and operating are verified to be within required limits for functional availability (e.g., battery state of charge). On discovery of an unavailable ESPS, the Completion Time for Required Action 8.6 starts the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months or 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months clock. The ESPS is not used to extend the Completion Time for more than one inoperable DG at any one time. S:4B.6 Acoording to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition B for a period that should not e*oeod 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . In accordance with Branch Technical Position 8-8 {Ref. 14). operation may continue in Condition B for a period that should not exceed 14 days, provided a supplemental AC power source is available.

In Condition B, the remaining OPERABLE DG s, available ESPS and offsite circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. The 72 hour14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period. McGuire Units 1 and 2 B 3.8.1-13 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 ACTIONS (continued)

If the ES.PS is or becomes unavailable with an inoperable LOO 3.8.1.b DG, thefil action is required to restore the ESPS to available status or to restore the DG to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months frrom discovery of an unavailable ESPS. However, if the ESPS unavailability occurs sometime after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of continuous DG inoperability (i.e., after entering the extended Co mp letion Time for an inoperable DG), traen thle remaining time to restore the ESPS to available status or to restore the DG to OPERABLE status is limited to 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Times allow for an exception to the normal "time zero" for begirnning

~he allowed outage time "clock." T 1 he 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time only begins orn discovery that both an inoperable DG exists and the ESPS is unavailable.

irhe 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time only begins if the extended Completion Time for the inoperable DG has been entered and the ESPS is urnavailable.

Therefore, when one LCO 3.8.1.b DG is inoperable due to either preplanned maintenance (preventive or co,rnctive) or unplanned corrective maintenance wonk, the Completion Time can be extended from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days if it is ensured that ESPS is available for backup operation.

The seoond fourth Completion Time for Required Action 848.6 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet ihe LGOLCO 3.8.1.a or LCO 3.8.1.b. If Condition B is entered while, for instance, aR-a LCO 3.8.1.a offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 14 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months s17 days , since initial failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b , to restore the DG. At this time, aR-a LCO 3.8.1.a offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9-20 days) allowed prior to complete restoration of the LCOLCO 3.8: 1.a and LCO 3.8.1.b. The e-1L day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCOLCO 3.8.1.a or LCO 3.8.1.b. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently.

The "AND" connector between the 72 hour14 day and e-1L day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met. As in Required Action B.2-J , the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCOLCO 3.8.1.a or LCO 3.8.1.b was initially not met, instead of at the time Condition B was entered. McGuire Units 1 and 2 B 3.8.1-14 Revision No. 4-1-§ BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

C.1.1 and C.1.2 In Condition C with .a LCO 3.8.1.d D>G inoperable, the remaining OPERABLE unit-specific DG and required qualified circuits arre adequate to supply electrical power to the onsite Class 1 E D>istribution System. According to Regulatory Guide 1.93 {Ref. 7), operation may continue in Condition C for a period trnat should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources. a reasonable time for repairs and the low probability of a OBA occurring during this period~ Pursuant to LCO 3.0.6, the Distribution System ACilONS would not be eratered even if all AC sources to it were inoperable, resulting in energization.

Therefore.

the Required Actions of Cornditiora D are modified by a Note to indicate that when Conditiora ID is entered with no AC source to any train, the Conditions .and Required Actions for LCO 3.8.9 must be immediately entered. lirnis allows Corndition D to provide requirements for the loss of a LCO 3.8.1.c offsite circuit and LCO 3.8.1.d DG without regard to whether a train is de-energized.

Limiting Condition for Operation 3.8.9 provides the appropriate restrictions for a energized train. To ensure a highly reliable power source remains with one required LCO 3.8.1.c offsite circuit inoperable.

it is necessary to verify the OPERABILITY of the remaining required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. HoweveL if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition A and G, as applicable, for the two offsite circuits inoperable, is entered. Required Action D.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function for the NSWS, CRA VS, CRACWS or the ABFVES. The Completion Time for Required Action D.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both: a. The train has no offsite power supplying its loads: and McGuire Units 1 and 2 B 3.8.1-15 Revision No. 44-5 BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

b. NSWS. CRAVS. CRACWS or ABFVES on the other train that has offsite power is inoperable.

If at any time during the existence of Condition D ( one required LCO 3.8.1.c offsite circuit inoperable) a train of NSWS. CRA VS, CRACWS or ABFVES becomes inoperable.

this Completion Time begins to be tracked. Oiscover~fitg no offsite power to one train of ~he onsite Class 1 E Electrical Power Distnibution System coincident with one train of NSWS, CRA VS, CRACWS iar ABFVES that is associated with the other train that has offs'ite power, results in starting the Completion Time for the Required Action. Twenty-four hours is acceptable b ecause it minimizes nisk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

Tihe remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to Train A and -rrain B of the ons'ite Class 1 E Dist ri ibution System. The 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completiora Time takes into account the component OPERABILITY of the redundant cotmtenpant to ~he iraoperable NSWS, CRA VS, CRACWS or ABFVES. Additionally, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time takes into account the capacity and capability of the remairning AC sources. a reasonable time for repairs. arnd the low probability of a DBA occurring during this period. Consistent with the time provided in ACTION A, operation may continue in Condition D for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one required LCO 3.8.1.c offsite circuit inoperable.

the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System. If the LCO 3.8.1.c required offsite circuit cannot be restored to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , the NSWS, CRA VS, CRACWS and ABFVES components associated with the offsite circuit must be declared inoperable.

The ACTIONS associated with the NSWS, CRA VS, CRACWS and ABFVES will ensure the appropriate actions are taken. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period. McGuire Units 1 and 2 B 3.8.1-16 Revision No. 44§ BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

I Pursuant to LCO 3.0.6 1 the Distnibution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in energization.

Therefore, the Reql!lired Actions of Condition E are modified by a Note to indicate that when Condition E is entered with no AC source to any train. the Conditions and Required Actions for LCO 3.8.9 must be immediately entered. This allows Condition E to provide requirements for the loss of the LCO 3.8.1.c offsite circuit and LCO 3.8.1.d DG without regar;d to whether a train is de-energized.

Limiting Condition for Operation 3.8.9 provides the appropriate restrictions for a de-energized train. lihe 14 day Completion Time for Required Action E.5 is based on the OPERABILITY of both LCO 3.8.1.b safety-related DGs and the availability of the ESPS. The ESPS is available to power the inoperable DG bus loads in the event of a station blackout or loss of offsite power event. It is required to administrative

'ly verify the LCO 3.8.1.b safety-related DGs OPERA!BLE and the ESPS available within one hour and to continue this actiora once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter until restoration of the required DG is accomplished.

fhis verification provides assurance that the LCO 3.8.1.b safety-related DGs and the ESPS are capable of supplying the onsite Class 1 E AC Electrical Power Distribution System. . . To ensure a highly reliable power source remains with one required LCO 3.8.1.d DG inoperable.

it is necessary to verify the OPERABILITY of the required offsite circuits on a more frequent basis. Since the Required

Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a circuit fails to pass SR 3.8.1.1. it is inoperable.

Upon offsite circuit inoperability.

additional Conditions and Required Actions must then be entered. Required Action E.3 is intended to provide assurance that a loss of offsite power, during the period one required LCO 3.8.1.d DG is inoperable.

does not result in a complete loss of safety function for the NSWS, CRA VS, CRACWS or the ABFVES. The Completion Time is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both: a. An inoperable LCO 3.8.1.d DG exists: and McGuire Units 1 and 2 B 3.8.1-17 Revision No. 44a BASES AC Sources-Operating B 3.8.1 ACTIONS (continued)

b. NSWS, CRA VS, CRACWS or ABFVES on the other train that has emergency power is inoperable.

If at any time during the existence of this Condition (the LCO 3.8.1.d O>G inoperable) a train of NSWS. CRAVS, CRACWS or ABFVES becomes inoperable, this Completion Tinne begins to be tracked. Discovering the LCO 3.8.1.d DG inoperable coinciderat with one train of NSWS, CRA VS, CRACWS or ABFVES that is associated with the other train that has emergency power results in starting the Completion ifime for the Reguired Action. Four , hours from the discovery of these events existirag concurrently is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.

In this Condition, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. Thus, ora a component basis, single failure protection for the NSWS, CRAVS, CRACVVS or ABFVES may hm<e been lost: ho 1.*1ever 1 functiora has not been lost. The four hour Completion Time also takes into account ~he capacity and capability of the remaining NSWS. CRAVS, CRACWS .and ABFVES train, a reasonable time for repairs, and the low probability of a OBA occurring during this period. E.4.1 and E.4.2 Required Action E.4.1 provides an allowance to avoid unnecessary testing of OPERABLE DGs. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG(s), SR 3.8.1.2 does not have to be performed.

If the cause of inoperability exists on other DG(s). the other DG(s) would be declared inoperable upon discovery and Condition B and I of LCO 3.8.1. as applicable, would be entered. Once the failure is repaired, the common cause failure no longer exists and Required Action E.4.1 is satisfied.

If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG(s), performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of the DG(s). In the event the inoperable DG is restored to OPERABLE status prior to completing either E.4.1 or E.4.2, the problem investigation process will continue to evaluate the common cause possibility.

This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition E. According to Generic Letter 84-15 (Ref. 8), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG. McGuire Units 1 and 2 B 3.8.1-18 Revision No. 44a BASES AC Sources-Operating 8 3.8.1 ACTIONS (continued)

Consistent with the time provided in ACTION 8 1 operation may continue in Condition E for a period that should not exceed 14 days. In Condition E 1 the remaining OPERABLE DGs. available

!ESPS and offsite power circuits are adequate to supply electrical power to the Class 1 E Distribution System. If the LCO 3.8.1.d DG cannot be restored to OPERABLE status within 14 days, them the NSWS, CRAVS, CRACWS and ABFVES components associated with this DG must be declared inoperable.

The Actions associated with the NSWS, CRA VS, CRACWS and ABFVES will ensure the appropriate actions are taken. The 14 day Completion liime takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. F .1.1 and F .1.2 In Condition F, with an additional LCO 3.8.1.b safety-related DG inoperable or the ESPS unavailable, the remaining OPERABLE LCO 3.8.1.b DG and qualified circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition F for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. ' If the LCO 3.8.1.d DG cannot be restored to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , then the NSWS, CRA VS, CRACWS and ABFVES components associated with this DG must be declared inoperable.

The Required Actions associated with the NSWS, CRA VS, CRACWS and ABFVES will ensure that the appropriate actions are taken. The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. GG.1 and GG.2 Condition G is entered when both offsite circuits required by LCO 3.8.1.a are inoperable, or when the offsite circuit required by LCO 3.8.1.c and McGuire Units 1 and 2 B 3.8.1-19 Revision No. 44a BASES AC Sources-Operating 8 3.8.1 ACTIONS ( continued) one offsite circuit required by LCO 3.8.1.a are concurrently inoperable, if the LCO 3.8.1.a offsite circuit is credited with providing power to ~he NSWS, CRAVS, CRACWS and ABFVES. Condition G is also entered when two offsite circuits required by LCO 3.8.1.c are inoperable. Required Action GG.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions.

The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatory Guide 1.93 (Ref. 7) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE.

When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate.

These features are powered from redundant AC safety trains. This includes motor driven auxiliary feedwater pumps. Single train features, such as turbine driven auxiliary pumps, are not included in the list. The Completion Time for Required Action GG.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for an exception to the normal "time zero" for beginning the alloweq outage time "clock." In this Required Action the Completion Time only begins on discovery that both: a. All required offsite circuits are inoperable; and b. A required feature is inoperable. If at any time during the existence of Condition G-G (two LCO 3.8.1.a offsite circuits inoperable , or one LCO 3.8.1.a offsite circuit that provides power to the NSWS, CRAVS, CRACWS and ABFVES inoperable and the required LCO 3.8.1.c offsite circuit inoperable, or two offsite circuits required by LCO 3.8.1.c inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked. According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition G-G for a period that should not exceed 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds to a total loss of the immediately accessible offsite power sources. McGuire Units 1 and 2 B 3.8.1-20 Revision No. 44a BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

Because of the normally high availability of the offsite sources, this level of degradation may appear to be more severe than other combinations of two AC sources inoperable that involve one or more DGs inoperable.

However, two factors tend to decrease the severity of this level of degradation:

a. The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and b. The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source. With both of the required offsite circuits inoperable, sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a OBA or transient.

In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety analysis.

Thus, the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.

According to Reference 6, with the available offsite AC sources, two less than required by the LCO, operati9n may continue for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If two offsite sources are restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , unrestricted operation may continue.

If only one offsite source is restored within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , power operation continues in accordance with C'ondition A or D, as applicable. QH.1 and QH.2 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in energization.

Therefore, the Required Actions of Condition Q-.t!_are modified by a Note to indicate that when Condition D-.t:!_i s entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9, "Distribution Systems-Operating," must be immediately entered. This allows Condition D-tL to provide requirements for the loss of one offsite circuit and one DG, without regard to whether a train is energized.

LCO 3.8.9 provides the appropriate restrictions for a energized train. According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition G-.t:!_for a period that should not exceed 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . McGuire Units 1 and 2 B 3.8.1-21 Revision No. 44-§ BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

In Condition 9.ti, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition G-G (loss of betA-two required offsite circuits).

This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a OBA occurring during this period. With Train A and Train B DGstwo LCO 3.8.1.b DGs inoperable, there are no remaining standby AC sources to provide power to m ost of the ESF systems. With one LCO 3.8.1.d DG ~noperable arad the LCO 3.8.1.b DG that provides power to the NSWS. CRAVS, CRACWS and ABFVES inoperable, or with two DGs required by LCO 3.8.1.d inoperable, there are no remaining standby AC sources to the NSWS, CRAVS , CRACWS and ABFVES. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions.

Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk associated with continued operation for a very short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, whic~ could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the time allowed for continued operation is severely restricted.

The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with this level of degradation.

According to Reference 7, with both LCO 3.8.1.b DGs inoperable, or with the LCO 3.8.1.b DG that provides power to the NSWS. CRAVS, CRACWS and ABFVES and the LCO 3.8.1.d DG inoperable, or with two DGs required by LCO 3.8.1.d inoperable.

operation may continue for a period that should not exceed 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months . The sequencer(s) is an essential support system to both the offsite circuit and the DG associated with a given ESF bus. Furthermore, the sequencer is on the primary success path for most major AC electrically powered safety systems powered from the associated ESF bus. Therefore, loss of an ESF bus sequencer affects every major ESF system McGuire Units 1 and 2 B 3.8.1-22 Revision No. 4+a BASES AC Sources-Operating B 3.8.1 ACTIONS ( continued)

SURVEILLANCE REQUIREMENTS in the train. The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Completion Time provides a period of time to correct the problem commensurate with the importance of maintaining sequencer OPERABILITY.

This time period also ensures that the probability of an accident (requiring sequencer OPERABILITY) occurring during periods when the sequencer is inoperable is minimal. GK.1 and GK.2 If the inoperable AC electric po 1 Ner sources cannot be restored to OPERABLE status 1 1;ithin the required Completion Time.If any Required Action and associated Completion Time of Conditions A, C, F, G, hi, Lor J are not met, the unit must be brought to a MODE in which the LCO does not apply. Furthermore, if any Required Action and associated Completion Time of Required Actions B.2. B.3, B.4.1, B.4.2, B.6, E.2, E.3, E.4.1, E.4.2, or E.5 are mot met, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and to MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems. Condition W-1._corresponds to a level of degradation in which all redundancy in tAe--LCO 3.8.1.a and LCO 3.8.1.b AC electrical power supplies has been lost or in which all redundancy in LCO 3.8.1.c and LCO 3.8.1.d AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will ca'use a loss of function.

Therefore, no additional time is justified for continued operation.

The unit is required by LCO 3.0.3 to commence a controlled shutdown.

The AC sources are designed to permit inspection and testing of all important areas and features , especially those that have a standby function, in accordance with 10 CFR 50, Appendix A, GDC 18 (Ref. 9). Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions).

The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Regulatory Guide 1.137 (Ref. 11 ), as addressed in the UFSAR. Since the McGuire DG manufacturer, Nordberg, is no longer in business , McGuire engineering is the designer of record. Therefore, the term McGuire Units 1 and 2 B 3.8.1-23 Revision No. 44a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued) "manufacturer's or vendor's recommendations" is taken to mean the recommendations as determined by McGuire engineering, with specific Nordberg input as it is available, that were intended for the DGs, taking into account the maintenance, operating history, and industry experience, when available.

Where the SRs discussed herein specify voltage and frequency tolerances, the following is applicable.

The minimum steady state output voltage of 37 40 V is 90% of the nominal 4160 V output voltage. This value allows for voltage drop to the terminals of 4000 V motors whose minimum operating voltage is specified as 90% or 3600 V. It also allows for voltage drops to motors and other equipment down through the 120 V level where minimum operating voltage is also usually specified as 90% of name plate rating. The specified maximum steady state output voltage of 4580 V is equal to the maximum operating voltage specified for 4000 V motors. It ensures that for a lightly loaded distribution system, the voltage at the terminals of 4000 V motors is no more than the maximum rated operating voltages.

The specified minimum and maximum frequencies of the DG are 58.8 Hz and 61.2 Hz, respectively.

These values are equal to +/- 2% of the 60 Hz nominal frequency and are derived from the recommendations given in Regulatory Guide 1.9 (Ref. 3). The SRs are modified by a Note which states that SR 3.8.1.1 through SR 3.8.1.20 are applicable to LCO 3.8.1.a and LCO 3.8.1.b AC sources. The Note also states that SR 3.8.1.21 is applicable to LCO 3.8.1.c and LCO 3.8.1.d AC sources. This Note clarifies that not all of the SRs are applicable t.o all the components described in the LCO. SR 3.8.1.1 This SR ensures proper circuit continuity for the offsite AC electrical power supply to the onsite distribution network and availability of offsite AC electrical power. The breaker alignment verifies that each breaker is in its correct position to ensure that distribution buses and loads are connected to their preferred power source, and that appropriate independence of offsite circuits is maintained.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. McGuire Units 1 and 2 B 3.8.1-24 Revision No. 4-1-a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.2 and SR 3.8.1.7 These SRs help to ensure the availability of the standby electrical power supply to mitigate DBAs and transients and to maintain the unit in a safe shutdown condition.

To minimize the wear on moving parts that do not get lubricated when the engine is not running, these SRs are modified by a Note (Note 2 for SR 3.8.1.2) to indicate that all DG starts for these Surveillances may be preceded by an engine prelube period and followed by a warmup period prior to loading. For the purposes of SR 3.8.1.2 and SR 3.8.1. 7 testing, the DGs are started from standby conditions using a manual start, loss of offsite power signal, safety injection signal, or loss of offsite power coincident with a safety injection signal. Standby conditions for a DG mean that the diesel engine coolant and oil are being continuously circulated and temperature is being maintained consistent with manufacturer recommendations.

In order to reduce stress and wear, the manufacturer recommends a modified start in which the DGs are gradually accelerated to synchronous speed prior to loading. These start procedures are the intent of Note 3, which is only applicable when such modified start procedures are recommended by the manufacturer.

SR 3.8.1.7 requires that the DG starts from standby conditions and achieves required voltage and frequency within 11 seconds. The 11 second start requirement supports the assumptions of the design basis LOCA analysis' in the UFSAR, Chapter 15 (Ref. 5). The 11 second start requirement is not applicable to SR 3.8.1.2 (see Note 3) when a modified start procedure as described above is used. If a modified start is not used, the 11 second start requirement of SR 3.8.1. 7 applies. Since SR 3.8.1. 7 requires a 11 second start, it is more restrictive than SR 3.8.1.2, and it may be performed in lieu of SR 3.8.1.2. This is the intent of Note 1 of SR 3.8.1.2. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. SR 3.8.1.3 This Surveillance verifies that the DGs are capable of synchronizing with the offsite electrical system and accepting loads greater than or equal to McGuire Units 1 and 2 B 3.8.1-25 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued) the equivalent of the maximum expected accident loads. A minimum run time of 60 minutes is required to stabilize engine temperatures, while minimizing the time that the DG is connected to the offsite source. Although no power factor requirements are established by this SR, the DG is normally operated at a power factor between 0.8 lagging and 1.0. The 0.8 value is the design rating of the machine, while the 1.0 is an operational limitation to ensure circulating currents are minimized.

The load band is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by four Notes. Note 1 indicates that diesel engine runs for this Surveillance may include gradual loading, as recommended by the manufacturer, so that mechanical stress and wear on the diesel engine are minimized.

Note 2 states that momentary transients, because of changing bus loads, do not invalidate this test. Similarly, momentary power factor transients above the limit do not invalidate the test. Note 3 indicates that this Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

Note 4 stipulates a prerequisite requirement for performance of this SR. A successful DG start must precede this test to credit satisfactory performance.

SR 3.8.1.4 This SR provides verification that the level of fuel oil in the day tank is adequate for approximately 30 minutes of DG operation at full load, which allows for an orderly shutdown of the DG should fuel replenishment to the day tank become unavailable.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. SR 3.8.1.5 Microbiological fouling is a major cause of fuel oil degradation.

There are numerous bacteria that can grow in fuel oil and cause fouling, but all must have a water environment in order to survive. Removal of water from the fuel oil day tanks eliminates the necessary environment for bacterial survival.

This is the most effective means of controlling microbiological McGuire Units 1 and 2 B 3.8.1-26 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued) fouling. In addition, it eliminates the potential for water entrainment in the fuel oil during DG operation.

Water may come from any of several sources, including condensation, ground water, rain water, contaminated fuel oil, and breakdown of the fuel oil by bacteria.

Frequent checking for and removal of accumulated water minimizes fouling and provides data regarding the watertight integrity of the fuel oil system. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is for preventative maintenance.

The presence of water does not necessarily represent failure of this SR, provided the accumulated water is removed during the performance of this Surveillance.

SR 3.8.1.6 This Surveillance demonstrates that each required fuel oil transfer pump operates and transfers fuel oil from its associated storage tank to its associated day tank. This is required to support continuous operation of standby power sources. This Surveillance provides assurance that the fuel oil transfer pump is OPERABLE, the fuel oil piping system is intact, the fuel delivery piping is not obstructed, and the controls and control systems for automatic fuel transfer systems are OPERABLE.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. SR 3.8.1.7 See SR 3.8.1.2. SR 3.8.1.8 Transfer of each 4.16 kV ESF bus power supply from the normal offsite circuit to the alternate offsite circuit demonstrates the OPERABILITY of the alternate circuit distribution network to power the shutdown loads. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is that, during operation with the reactor critical, performance of this SR could cause perturbations to the electrical distribution systems that could challenge continued steady state operation and, as a result, unit safety systems. McGuire Units 1 and 2 B 3.8.1-27 Revision No. 44a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.9 Each DG is provided with an engine overspeed trip to prevent damage to the engine. Recovery from the transient caused by the loss of a large load could cause diesel engine overspeed, which, if excessive, might result in a trip of the engine. This Surveillance demonstrates the DG load response characteristics and capability to reject the largest single load without exceeding predetermined voltage and frequency and while maintaining a specified margin to the overspeed trip. For this unit, the single load for each DG and its kilowatt rating is as follows: Nuclear Service Water Pump which is a 576 kW motor. This Surveillance may be accomplished by: a. Tripping the DG output breaker with the DG carrying greater than or equal to its associated single largest post-accident load while paralleled to offsite power, or while solely supplying the bus; or b. Tripping its associated single largest post-accident load with the DG solely supplying the bus. As required by Regulatory Guide 1.9 (Ref. 3), the load rejection test is acceptable if the increase in diesel speed does not exceed 75% of the difference between synchronous speed and the overspeed trip setpoint, or 15% above synchronous speed, whichever is lower. The time, voltage, and frequency toleran~es specified in this SR are derived from Regulatory Guide 1.9 (Ref. 3) recommendations for response during load sequence intervals.

The 3 seconds specified is equal to 60% of a typical 5 second load sequenc'e interval associated with sequencing of the largest load. The voltage and frequency specified are consistent with the design range of the equipment powered by the DG. SR 3.8.1.9.a corresponds to the maximum frequency excursion, while SR 3.8.1.9.b and SR 3.8.1.9.c are steady state voltage and frequency values to which the system must recover following load rejection.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This Surveillance is performed with the DG connected to its bus in parallel with offsite power supply. The DG is tested under maximum kV AR loading, which is defined as being as close to design basis conditions as practical subject to offsite power conditions.

Design basis conditions have been calculated to be greater than 0.9 power factor. During DG testing, equipment ratings are not to be exceeded (i.e., without creating an overvoltage condition on the DG or 4 kV emergency buses, excitation in the generator, or overloading the DG emergency feeder while maintaining the power factor greater than or equal to 0.9). McGuire Units 1 and 2 B 3.8.1-28 Revision No. 446 BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3.8.1.10 This Surveillance demonstrates the DG capability to reject a full load without overspeed tripping or exceeding the predetermined voltage limits. The DG full load rejection may occur because of a system fault or inadvertent breaker tripping.

This Surveillance ensures proper engine generator load response under the simulated test conditions.

This test simulates the loss of the total connected load that the DG experiences following a full load rejection and verifies that the DG does not trip upon loss of the load. These acceptance criteria provide for DG damage protection.

While the DG is not expected to experience this transient during an event and continues to be available, this response ensures that the DG is not degraded for future application, including reconnection to the bus if the trip initiator can be corrected or isolated.

Although not representative of the design basis inductive loading that the DG would experience, a power factor of approximately unity (1.0) is used for testing. This power factor is chosen in accordance with manufacturer's recommendations to minimize DG overvoltage during testing. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3'.8.1.11 As required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.4, this Surveillance demonstrates the as designed operation of the standby power sources during loss of the offsite source. This test verifies the energization of the emergency buses, load shedding from the emergency buses and energization of the emergency buses and blackout loads from the DG. Tripping of non-essential loads is not verified in this test. It further demonstrates the capability of the DG to automatically achieve the required voltage and frequency within the specified time. McGuire Units 1 and 2 B 3.8.1-29 Revision No. 44a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

The DG autostart time of 11 seconds is derived from requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance should be continued for a minimum of 5 minutes in order to demonstrate that all starting transients have decayed and stability is achieved.

The requirement to verify the connection and power supply of the emergency bus and autoconnected loads is intended to satisfactorily show the relationship of these loads to the DG loading logic. In certain circumstances, many of these loads cannot actually be connected or loaded without undue hardship or potential for undesired operation.

For instance, Emergency Core Cooling Systems (ECCS) injection valves are not desired to be stroked open, or high pressure injection systems are not capable of being operated at full flow, or residual heat removal (RHR) systems performing a decay heat removal function are not desired to be realigned to the ECCS mode of operation.

In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG systems to perform these functions is acceptable.

This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

The reason for Note 2 is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety* systems. SR 3.8.1.12 This Surveillance demonstrates that the DG automatically starts and achieves the required voltage and frequency within the specified time ( 11 seconds) from the design basis actuation signal (LOCA signal) and operates for 5 minutes. The 5 minute period provides sufficient time to demonstrate stability.

SR 3.8.1.12.d ensures that the emergency bus remains energized from the offsite electrical power system on an ESF signal without loss of offsite power. This Surveillance also verified the tripping of non-essential loads. Tripping of non-essential loads is verified McGuire Units 1 and 2 B 3.8.1-30 Revision No. :i4a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued) only once, either in this SR or in SR 3.8.1.19, since the same circuitry is tested in each SR. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

SR 3.8.1.13 This Surveillance demonstrates that DG non-emergency protective functions (e.g., high jacket water temperature) are bypassed on a loss of voltage signal concurrent with an ESF actuation test signal. The non-emergency automatic trips are all automatic trips except: a. Engine overspeed;

b. Generator differential current; c. Low lube oil pressure; and d. Generator voltage -controlled overcurrent.

The non-emergency trips are bypassed during DBAs and provide an alarm on an abnormal engine condition.

This alarm provides the operator with sufficient time to react appropriately.

The DG availability to mitigate the OBA is more critical than protecting the engine against minor problems that are not immediately detrimental to emergency operation of the DG. Curre*nt1y, DG emergency automatic trips are tested periodically per the station periodic maintenance program. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is not normally performed in MODE 1 or 2, but it may be performed in conjunction with periodic preplanned preventative maintenance activity that causes the DG to be inoperable.

This is acceptable provided that performance of the SR does not increase the time the DG would be inoperable for the preplanned preventative maintenance activity.

McGuire Units 1 and 2 B 3.8.1-31 Revision No. 44a BASES AC Sources-Operating 8 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

SR 3.8.1.14 Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.9, requires demonstration that the DGs can start and run continuously at full load capability for an interval of not less than 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months of which is at a load equivalent from 105% to 110% of the continuous duty rating and the remainder of the time at a load equivalent to the continuous duty rating of the DG. The DG starts for this Surveillance can be performed either from standby or hot conditions.

The provisions for prelubricating and warmup, discussed in SR 3.8.1.2, and for gradual loading, discussed in SR 3.8.1.3, are applicable to this SR. This Surveillance is performed with the DG connected to its bus in parallel with offsite power supply. The DG is tested under maximum kVAR loading, which is defined as being as close to design basis conditions as practical subject to offsite power conditions.

Design basis conditions have been calculated to be greater than 0.9 power factor. During DG testing, equipment ratings are not to be exceeded (i.e., without creating an overvoltage condition on the DG or 4 kV emergency buses, excitation in the generator, or overloading the DG emergency feeder while maintaining the power factor greater than or equal to 0.9). The load band is provided to avoid routine overloading of the DG. Routine overloading may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABIL!TY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This Surveillance is modified by two Notes. Note 1 states that momentary transients due to changing bus loads do not invalidate this test. Note 2 allows gradual loading of the DG in accordance with recommendation from the manufacturer.

This Surveillance should be conducted on only one DG at a time in order to avoid common cause failures that might result from offsite circuit or grid perturbations.

SR 3.8.1.15 This Surveillance demonstrates that the diesel engine can restart from a hot condition, such as subsequent to shutdown from normal Surveillances, and achieve the required voltage and frequency McGuire Units 1 and 2 B 3.8.1-32 Revision No. +4-a BASES AC Sources-Operating 8 3.8.1 SURVEILLANCE REQUIREMENTS (continued) within 11 seconds. The 11 second time is derived from the requirements of the accident analysis to respond to a design basis large break LOCA. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by two Notes. Note 1 ensures that the test is performed with the diesel sufficiently hot. The load band is provided to avoid routine overloading of the DG. Routine overloads may result in more frequent teardown inspections in accordance with vendor recommendations in order to maintain DG OPERABILITY.

The requirement that the diesel has operated for at least 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months at full load conditions prior to performance of this Surveillance is based on manufacturer recommendations for achieving hot conditions.

Momentary transients due to changing bus loads do not invalidate this test. Note 2 allows all DG starts to be preceded by an engine prelube period to minimize wear and tear on the diesel during testing. SR 3.8.1.16 As required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.11, this Surveillance ensures that the manual synchronization and automatic load transfer from the DG to the offsite source can be made and the DG can be returned to standby operation when offsite power is restored.

It also ensures that the autostart logic is reset to allow the DG to reload if a subsequent loss of offsite power occurs. The DG is considered to be in standby operation when the DG is at rated speed and voltage, the output breaker is open and can receive an autoclose signal on bus undervoltage, and the load sequence timers are reset. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is that performing the* Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. SR 3.8.1.17 Demonstration of the test mode override ensures that the DG availability under accident conditions will not be compromised as the result of testing and the DG will automatically reset to standby operation if a LOCA actuation signal is received during operation in the test mode. Standby operation is defined as the DG running at rated speed and voltage with the DG output breaker open. These provisions for automatic switchover McGuire Units 1 and 2 B 3.8.1-33 Revision No. 44a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued) are required by Regulatory Guide 1.9 (Ref. 3), paragraph 2.2.13. The requirement to automatically energize the emergency loads with offsite power is essentially identical to that of SR 3.8.1.12.

The intent in the requirement associated with SR 3.8.1.17.b is to show that the emergency loading was not affected by the DG operation in test mode. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the emergency loads to perform these functions is acceptable.

This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by a Note. The reason for the Note is that performing the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. SR 3.8.1.18 Under accident and loss of offsite power conditions loads are sequentially connected to the bus by the automatic load sequencer.

The sequencing logic controls the permissive and starting signals to motor breakers to prevent overloading of the DGs due to high motor starting currents.

The load sequence time interval to_lerance in Table 8-16 of Reference 2 ensures that sufficient time exists for the DG to restore frequency and voltage prior to applying the next load and that safety analysis assumptions regarding ESF equipment time delays are not violated.

Table 8-1 of Reference 2 provides a summary of the automatic loading of ESF buses. The sequencing times of Table 8-16 are committed and required for OPERABILITY.

The typical 1 minute loading duration seen by the accelerated sequencing scheme is NOT required for OPERABILITY.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. SR 3.8.1.19 In the event of a DBA coincident with a loss of offsite power, the DGs are required to supply the necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.

McGuire Units 1 and 2 B 3.8.1-34 Revision No. 44-a BASES AC Sources-Operating B 3.8.1 SURVEILLANCE REQUIREMENTS (continued)

This Surveillance verifies the de-energization of the emergency buses, load shedding from the emergency buses, tripping of non-essential loads and energization of the emergency buses and ESF loads from the DG. Tripping of non-essential loads is verified only once, either in this SR or in SR 3.8.1.12, since the same circuitry is tested in each SR. In lieu of actual demonstration of connection and loading of loads, testing that adequately shows the capability of the DG system to perform these functions is acceptable.

This testing may include any series of sequential, overlapping, or total steps so that the entire connection and loading sequence is verified. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by two Notes. The reason for Note 1 is to minimize wear and tear on the DGs during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations for DGs. The reason for Note 2 is that the performance of the Surveillance would remove a required offsite circuit from service, perturb the electrical distribution system, and challenge safety systems. SR 3.8.1.20 This Surveillance demonstrates that the DG starting independence has not been compromised.

Also, this Surveillance demonstrates that each engine can achieve proper speed within the specified time when the DGs are started simultaneously.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note. The reason for the Note is to minimize wear on the DG during testing. For the purpose of this testing, the DGs must be started from standby conditions, that is, with the engine coolant and oil continuously circulated and temperature maintained consistent with manufacturer recommendations.

SR 3.8.1.21 This SR lists the SRs that are applicable to LCO 3.8.1.c and LCO 3.8.1.d (SRs 3.8.1.1, 3.8.1.2. 3.8.1.4, 3.8.1.5 and 3.8.1.6).

Meeting any single McGuire Units 1 and 2 B 3.8.1-35 Revision No.

BASES SURVEILLANCE REQUIREMENTS (continued)

AC Sources-Operating B 3.8.1 SR for LCO 3.8.1.c and LCO 3.8.1.d will satisfy both Unit 1 and Unit 2 requirements for that SR. McGuire Units 1 and 2 B 3.8.1-36 Revision No. 44-a BASES REFERENCES

1. 10 CFR 50 , Appendix A, GDC 17. 2. UFSAR , Chapter 8. 3. Regulatory Guide 1.9, Rev. 3, July 1993. 4. UFSAR, Chapter 6. 5. UFSAR , Chapter 15. AC Sources-Operating B 3.8.1 6. 10 CFR 50.36, Technical Specifications, (c)(2)(ii).

7. Regulatory Guide 1.93, Rev. 0, December 1974. 8. Generic Letter 84-15, "Proposed Staff Actions to Improve and Maintain Diesel Generator Reliability," July 2, 1984. 9. 10 CFR 50, Appendix A, GDC 18. 10. Regulatory Guide 1.137, Rev. 1, October 1979. 11. IEEE Standard 308-1971. 12. Regulatory Guide 1.6, Rev. 0, March 1971. 13. Regulatory Guide 1.8.1, Rev. 1, January 1975. 14. Branch Technical Position 8-8, February 2012. McGuire Units 1 and 2 B 3.8.1-37 Revision No.

RA-18-001, Attachment 2 - McGuire Technical Specification 3.8.1 Bases Marked Up Pages

Text

Navigation menu

Search