Provides Addl Info Re Proposed Special Test Exception 3.10.8

ML20096B544
Person / Time
Site:	South Texas
Issue date:	01/04/1996
From:	Leazar D HOUSTON LIGHTING & POWER CO.
To:	NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
ST-HL-AE-5261, TAC-M92169, TAC-M92170, NUDOCS 9601160322
Download: ML20096B544 (18)
v • d • e

Text

.

s.

The Light  !

company South Texas Project Electric Generating Station P.O. Box 289 Wadsworth. Texas 77483 Houston Lighting as Power January 4, 1996 ST-HL-AE-5261 File No.: G20.02.01 10CFR50.90,50.92 U. S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555-0001 South Texas Project Units 1 and 2 Docket Nos. STN 50-498, STN 50-499 Additional Information Regarding Proposed Special Test Exception 3.10.8 (TAC No. M92169/M92170)

Reference:

1. Letter from T. H. Cloninger to the Nuclear Regult. tory Commission Document Control Desk dated May 1,1995 (ST-HL-AE-5076)

2. Letter from T. H. Cloninger to the Nuclear Regulatory Commission Document I Control Desk dated August 28,1995 (ST-HL-AE-5141) l

3. Letter from D. A. Leazar to the Nuclear Regulatory Commission Document Control Desk dated November 22,1995 (ST-ML-AE-5208)

In Reference 1, the South Texas Project proposed a change to the South Texas Project Units 1 and ,

2 Technical Specifications that would incorporate a Special Test Exception for an allowed outage of up to 21 days per cycle for each Standby Diesel. In Referimee 2, the South Texas Project responded to Nuclear l

Regulatory Commission questions regarding the justification and implementation of the proposed Special ,

Test Exception. The Nuclear Regulatory Commission staff subsequently asked the South Texas Project to elaborate on some of the responses provided in Reference 2, and Reference 3 was submitted in response to that request. On December 12,1995 the NRC staff and South Texas Project personnel met to discuss several questions still needing clarification on the information contained in Reference 1. This letter is the written response to those questions.

The South Texas Project responses are attached. If you have any questions, please contact me at 512-972-7795, or Mr. A. W. Harrison at 512-972-7298. ,

)

%D.A.LeG. r 160041 Director, Nuclear Fuel and Analysis TCK/lf

Attachment:

Response to Nuclear Regulatory Commission Questions TSC-96\5261.m h0 '

9601160372 960104 \

PDR ADCCK 05000498 P PDR

Houston Ligisting & Power Company ST-HL-AE-5261 South Texas Project Ehetric Generating Station File No.: G20.02.01 Page 2 c:

Leonard J. Callan Rufus S. Scott Regional Administrator, Region IV Associate General Counsel U. S. Nuclear Regulatory Commission Houston Lighting & Power Company 611 Ryan Plaza Drive, Suite 400 P. O. Box 61067 Arlington, TX 76011-8064 Houston, TX 77208 Thomas W. Alexion Institute of Nuclear Power Project Manager Operations - Records Center U. S. Nuclear Regulatory Commission 700 Galleria Parkway Washington, DC 20555-0001 13H15 Atlanta, GA 30339-5957 David P. Loveless Dr. Joseph M. Hendrie Sr. Resident Inspector 50 Bellport Lane c/o U. S. Nuclear Regulatory Comm. Bellport, NY l1713 P. O. Box 910 Bay City, TX 77404-0910 Richard A. Ratliff Bureau of Radiation Control J. R. Newman, Esquire Texas Department of Health Morgan, Lewis & Bockius 1100 West 49th Street 1800 M Street, N.W. Austin, TX 78756-3189 Washington, DC 20036-5869 U. S. Nuclear Regulatory Comm.

K. J. Fiedler/M. T. Hardt Attn: Document Control Desk City Public Service Washington, D. C. 20555-0001 P. O. Box 1771 San Antonio, TX 78296 J. C. Lanier/M. B. Lee J. R. Egan, Esquire City of Austin Egan & Associates, P.C.

Electric Utility Department 2300 N Street, N.W.

721 Barton Springs Road Washington, D.C. 20037 Austin, TX 78704 Central Power and Light Company J. W. Beck A'ITN: G. E. Vaughn/C. A. Johnson Little Harbor Consultants, Inc.

P. O. Box 289, Mail Code: N5012 44 Nichols Road Wadsworth, TX 77483 Cohassett, MA 02025-1166

_ - -- - - - - . . . . - - - - -~ . _ - . _=_

' ' Attachment to I ST-HL-AE-5261 Page1of16 SOUTH TEXAS PROJECT (STP) SPECIAL TEST EXCEPTION (STE)

FOR THE STANDBY DIESEL GENERATOR (SDG)/ ESSENTIAL COOLING WATER (ECW) SYSTEMS BACKGROUND: STP Licensing Basis for SDG/ Electric Power Ooeration ,

1 According to the STP Safety Evaluation Report (SER) Section 8.3.1 two out of three Engineered Safety Features (ESP) electrical power divisions are necessary to mitigate the consequences of a design basis accident. This is further supported by the following examples from the Updated Final Safety Analysis Report (UFSAR):

l Examples: Section 15.1.5.2 - 2 high head safety injection (HHSI) trains needed for main steam line l break (MSLB).

Section 9.2.2.2.1 - 2 component cooling water (CCW) trains are capable of performing the l heat removal function during a design basis accident (DBA). I Section 9.2.1.2.2.3 - A minimum of 2 essential cooling water (ECW) trains is required to operate following a DBA.

The response to NRC Question 6 (August 28,1995 supplement) indicates that in certain cases an update of the analysis of record was not performed to demonstrate that one safety train can mitigate accidents. l 1

One of the critical issues which must be resolved is whether the licensee's evaluation outlined in the May 1,1995, application assumes that only one ESF electrical power division is needed to mitigate certain accidents. If this assumption is made, the staff needs to understand the basis for this assumption.

STP Position on Single Train Design Basis The overall design basis for the South Texas Project is three ESF trains with consideration of a single failure. STP does not intend to change the design basis for the station with the Special Test Exception.(STE) The primary basis for the STE is the STP specific Probabilistic Safety Assessment, which demonstrates the risk associated with a DBA during the STE is acceptably small.

As discussed with the NRC staff and presented in the response to Question 1 below, the success criteria for the PSA are different from classical deterministic design basis analysis. In addition, STP has performed deterministic analysis to show that there is, in general, not a loss of ESF function for DBAs while the plant is in the STE. As discussed with the NRC staff and mentioned in our correspondence, in the analysis of the Containment Spray and Control Room Envelope HVAC we used more realistic assumptions for filter efficiency than those used for the licensing basis described in the UFSAR.

The result of the STP analysis is that the STE is an acceptable configuration. It is STP's position that the basis for this is the acceptably small change in the Core Damage Frequency and Large Early Release Frequency. The key acceptance criterion for 10CFR50.59 cvaluations that may affect the single train TsC-96\$261.m

,\ Attachment to

\ ST-HL-AE-5261 s Page 2 of 16 performance assessed in the analysis supporting this application should be that those changes do not {

unacceptably affect the PSA basis for the STE.

~

The STE and the ability to substitute an alternate onsite power source in Technical Specification 3.8.1.2 are unique among Technical Specification LCOs. These are the only LCOs in Technical Specifications that have a time limit associated with their usage. This time limit places the same constraints on these LCOs as exist for Action Statements associated with other Technical Specification LCOs, therefore, it is appropriate to treat them in the same manner. Since single failure need not be considered while in an Action Statement, it is appropriate that single failure not be considered while in this STE. However, in an effort to be conservative, STP performed single train studies to determine capabilities.

The Event Probability column is the PSA probability for a DBA, a loss of off-site power, and SDG failure. STP regards the calculated probability to be conservative because the PSA takes no credit for i

leak-before break and certain operator actions. It can readily be seen that the most severe postulated events (LBLOCA) are not credible.

l Ouestions/ Comments:

i With regard to the three examples above:

, Section 15.1.5.2 - Two high head safety injection (IIIISI) trains needed for main steam line break (MSLB).

4

, As discussed in the STP letter of August 28,1995 (page 10 of 17), although the UFSAR indicates that 4

two trains of SI are required, STP does not believe that Departure from Nucleate Boiling (DNB) will occur with only one train available. This example is included in the table below.

Section 9.2.2.2.1 - Two component cooling water (CCW) trains are capable of performing the heat removal function during a design basis accident (DBA).

Two of the three trains of CCW are assumed to be available based on the DBA assumption that one train

, of electric power is lost, including the emergency diesel. Since one train of operating SI is assumed to

! be ineffectively injecting into the broken loop, the support train of CCW is also not fully effective,

although it would still be removing heat from the Reactor Containment Fan Coolers. The STP analysis shows, that with only one train of CCW, adequate heat removal capability is still available for accident mitigation.

4 4

a 2

1 TSC-%'d261.m

( .

,' Attachment to ST-HL-AE-5261 Page 3 of 16 i

l 3 Section 9.2.1.2.2.3 - A minimum of two essential cooling water (ECW) trains is required te. operate following a DBA.

l In the STP UFSAR, two trains of ECW are necessary to support two operating SDGs and provide the 4

heat sink for two operating CCW trains, assuming the single failure of one of the SDGs. If only a single ESF train (SI, CCW, and SDG) is operable, then only one train of ECW is required and the STP analysis has shown that the one train is sufficient for accident mitigation or safe shutdown.

At the meeting on December 12,1995, between the NRC staff and STP personnel, the NRC requested

) clarification as to the capabilities of the ECCS system during a design basis large and small break LOCA event. A review of the analysis of record shows that one train of Si is assumed to fail (single failure),

flow from one train of SI is assumed to go out the break, and flow from the third train of SI is assumed to inject into the RCS. This analysis shows that the STP ECCS system satisfies all requirements of 10CFR50.46. The Standby Diesel Generator that will be removed from service during the 21 day test exception being proposed is assumed to be the single failure assumed in the analysis. Therefore, the 21 day test exception being proposed will not impact the ability of the SI system and the SI system will continue to satisfy the requirements of 10CFR50.46 for all RCS break sizes .

Since the most limiting set of conditions for the STE would allow operation for a short time with only two  !

operable Standby Diesel Generators, an analysis was performed to determine impact on plant safety if l only a single train of ESF equipment was available for an accident concurrent with a loss of off-site power '

A summary of the single train capabilities is provided in the table below. The basis for the table is a

design basis accident with loss of off-site power and another inoperable standby diesel generator occurring while the plant is in the STE. The additional inoperable standby diesel generator ensures only one of the three trains is available to mitigate the accident. From the table, it can be seen that the single train can effectively mitigate all but the most severe events (with operator action in some cases), and the events that it cannot mitigate are essentially not credible based on the STP PSA.

N TsC-96\5261.m

Attachment to ST-HL-AE-5261 Page 4 of16 ,

Systems with Reduced Design Basis Capability in Single Train Operation .

SYSTEM FUNCTION ALTERNATIVE EVENT COMMENTS AFFECTED ACTION ,

PROBABILITYt .

Safety Cannot mitigate None ( minimal 1.91E-10 One train in i Injection (LHSI LBLOCA if the cooling from the STE and HHSI) SI train is using hot leg Note: Accounts One train injecting into recirculation) for a 25% inoperable the broken RCS chance of One train -

loop injecting in injects into broken loop the broken loop Leak before break not credited Safety Steam line None required 2.25E-8 DNB not Injection break expected to (HHSI) mitigation Note: Accounts occur capability for a rupture reduced either inside-or outside containment.

Safety Cannot mitigate Operator action 1.75E-9 One train in Injection (LHSI SBLOCA without per EOPs to the STE and HHSI) operator action depressurize Note: No credit One train if the SI train taken for inoperable is injecting operator action One train of into the broken to depressurize HHSI not enough RCS loop to match break flow Operator action is expected to be effective TSC-960261.m

Attachment to ST-HL-AE-5261 .

Page 5 of16 .

SYSTEM FUNCTION ALTERNATIVE EVENT COMMENTS AFFECTED ACTION PROBABILITYt *

._[ . k,,"

Residual Heat Cannot provide Continue to See Comments RHR is required l Removal long term inject using approximately '

cooling if only LHSI until RHR 14 hours1.62037e-4 days <br />0.00389 hours <br />2.314815e-5 weeks <br />5.327e-6 months <br /> after a single ESF is restored. event.

bus is Recovery of energized or if power to ESF RHR is bus is expected injecting into within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> broken loop Containment Iodine removal Monitor TSC 1.97E-8 Spray during a LBLOCA doses and or SBLOCA relocate to Note: Assuming lower dose area most probable event of SBLOCA Control Room Cannot maintain Positive 7.64E-10 Envelope HVAC 1/8" positive pressure is pressure expected to be Note: This is maintained, so the probability system is of a LBLOCA, expected to be failure of DG functional and LOOP while in the STE TSC-96\5261.m

Attachment to ,

ST-HL-AE-5261 Page 6 of 16 ,

SYSTEM FUNCTION ALTERNATIVE EVENT COMMENTS AFFECTED ACTION PROBABILITYt

'7[33 gn5 4 . f (;Q:3'

~. ~> MM ~

Fuel Handling Cannot provide Provide 6.37E-11 Building HVAC filter path for alternate power -

1 recirculation supply from Note: Due to phase leakage operable diesel design if C train is dependencies only operable probabilities train are calculated based on trains  !

A or B being operable Component CCW flow to Manually 5.75E-5 If train C is Cooling Water RCFC's and RHR isolate non- the operable Heat Exchanger safety header Note: Accounts train, CCW flow less than to restore for the approximates design design flow. probability of design flow.

train C Effect of isolating non- reduced CCW safety flows flow is slight even without manual action.

Hydrogen Cannot use Manual sample See comments Not required

• Analyzers Hydrogen is possible until at least Analyzers if B through PASS 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> after is only system accident.

operable train Recovery of an l ESF bus is expected with 8 '

hours.

l TSC-%\5261.m j i

Attachment to ST-HL-AE-5261 Page 7 of16 ,

SYSTEM FUNCTION ALTERNATIVE EVENT COMMENTS AFFECTED ACTION PROBABILITYt .

Hydrogen Cannot use See comments Not required Recombiners Hydrogen until -

Recombiners if approximately A is only 11 days after operable train accident Recovery of power to ESF bus is expected within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> t The event probability is the likelihood of an initiating event (i.e., Large Break LOCA) with a loss of offsite power and failure of a standby diesel generator given a diesel generator is unavailable for the whole 21 days of the STE. It

_ conservatively does not include recovery factors or support system failures.

l l

i t

TSC-96\5261.m

1 Attachment to ST-HL-AE-5261 1 Page 8 of 16 1

1. What is the minimum ESF electrical power division assumption (s) used in the evaluation i as outlined in the May 1,1995 application? In the cases where the number of ESF power divisions cited in the May 1,1995, application is not consistent with the licensing basis, please identify and justify the methods and assumptions used to discount the l consequences of certain postulated accidents. Also,when an SDG is taken out-of-service, did the licensee assume that the whole ESF clectrical power division will be i inoperable given a Loss of Offsite Power Event for the purpose of calculating the decrease in plant safety? If not, why not? The NRC staff expects to selectively examine, during the site visit, how the electrical power system was modeled in the STP evaluation  !

outlined in the May 1,1995 application.

The initial conditions used for the evaluation outlined in the May 1,1995 application were:

. Two (2) ESF electrical power divisions OPERABLE,  !

One Essential Cooling Water train inoperable for the first seven (7) days,

. The third ESF clectrical division having all ESF equipment OPERABLE after the ECW train is returned to service, e The Standby Diesel Generator inoperable all 21 days of the STE.

With regard to removal from service of an ESF DG, a loss of offsite power during the DG out of service time would result in a loss of 4.16 KV ESF electric power for the affected train.

The remaining ESF DGs and other DGs within the scope of the PSA (e.g., TSC DG, BOP DG) would be assumed to function commensurate with their estimated unavailability and failure rates.

The following discussion is intended to highlight some of the fundamental differences between probabilistic and deterministic analyses and how those differences translate into inconsistencies relative to assumptions and methods between design basis analysis and PSA analysis. The specific PSA success criteria for important safety functions are described in STP's Individual Plant Examination which has been reviewed and accepted by the NRC.

The PSA, being a best estimate phenomenological and probabilistic model, evaluates the impact ofinitiating events and subsequent failures which may lead to a core damaging event.

Since PSA is a best estimate of the likelihood of a severe accident, the accident progression and human interface are evaluated using actual capacities and capabilities of plant personnel and equipment. The phenomenology associated with accident progression is also a "best estimate" evaluation. In that regard, no assumptions or conservatisms are made with respect to plant equipment or operator actions that tend to maximize certain selected plant parameters in order to achieve theoretical maximum limits or to define constraints on recovery actions.

For example, in detenninistic analyses, certain boundary conditions are prescribed (e.g., loss of offsite power and a single active failure); however, in probabilistic analysis, many possible outcomes and their associated likelihoods of occurrence are evaluated. In many cases, the boundaries prescribed by deterministic analyses are bounded, such as in the case of a loss of offsite power and a single active failure, which in probabilistic analysis, is just one possible TSC-96\5261.m

,- Attachment to ST-HL-AE-5261 Page 9 of16 outcome out of many extending beyond design basis events. For cases where deterministic analyses are used to shape or maximize selected parameters, probabilistic analyses may conclude that the likelihood of such a scenario is highly unlikely and that other scenarios with identical outcomes are more likely. This leads to determinations of risk significance based on probabilistic quantifications which reflect the success criteria for important safety functions based on their actual capabilities.

2. What are the threshold trigger levels which will be used in the STP Planned Maintenance Program in order to decide whether or not to implement the proposed SDG/ECW STE? Ilow will any potential decrease in safety due to the extended allowed outage times (AOTs) be controlled during future plant operation?

STP plans to utilize the 21 day LCO outages to accomplish work which has in the past been performed during refueling outages, including the 18 month,5 year, and 10 year inspection surveillances. As such, there are no " threshold trigger levels" which will be used. Rather, the extended LCO outages will be scheduled to support surveillance requirements, and will be planned to minimize impact on plant operation and maintenance, thus minimizing the impact on plant safety. The extended LCO outages will typically be scheduled during the normal associated train outage weeks, and will continue as necessary to complete the planned tasks.

The Technical Specification STE LCO prohibits planned maintenance work on redundant safety train equipment during these times.

Backward looking actual risk profiles will be used to monitor actual (i.e., as occurred) plant configurations and configuration durations. The actual risk profiles will be used to monitor the actual accrued cumulative risk levels to the target risk levels as defined by the station's IPE Adjustments can be implemented by station management to maintain cumulative risk levels below the target in accordance with the station's On-Line Maintenance Program. The actual risk profiles are also used to show compliance with the Maintenance Rule, 10CFR50.65(a)(3).

3. The NRC staff expects to selectively examine, duri ag the site visit, how the " rolling" maintenance risk assessment process acts to prevezit entry into potentially higher risk configurations involving the electrical system and its supporting systems.

Plant configuration control is maintained using the Technical Specifications, the On Line Risk Profiles and management approved work schedules. Once the On-Line Risk Profiles have been established for the work week, no other planned work activities are allowed on PSA related equipment. This strict plant configuration control ensures only unplanned events will render necessary equipment inoperable. In this way, only approved work activities which have been evaluated for their risk impacts are allowed to be performed during the work week and the overlapping of maintenance states is prevented. Emergent work items are re-evaluated relative to their impact on risk, and an action plan is developed based on the overall risk profile.

TsC 96\5261 m

.- .' Attachment to ST-HL-AE-5261 Page 10 of 16

4. What value is the licensee assuming for the component failure rate for the ESF load sequencer? Is it different from the value listed in the South Texas SER (p. 8-8)? What is the source of the change (i.e., technical report or analysis)? Also, the NRC staff expects to selectively examine during the site visit, the technical documentation and/or analysis that supports the basis for the equipment component failure rates in Table 2.5-1 (Attachment 4 of the May 1,1995 submittal).

The STP PSA uses a mean value of 1.01E-4 failures per demand for the ESF load sequencer.

This database variable was obtained through updating generic data with plant specific data by using Bayesian methodology. The generic data was devdloped from the cumulative experience of a large population of nuclear plants documented in the PLO proprietary database (Reference PLG-0500). The value listed in the STP SER (pg. 8-8) is 4.8E-4 failures per demand. This value referene a a proprietary report from GA Technology, Reliability Analysis for ESF Seauencer (ST. ' .-AE-1471) that concludes the iE safety related load sequencer has a failure rate of 4.8u failures per hour. The STP PSA models the ESF load sequencer as failing on demand. Therefore, the value presented in the SER is not applicable to the STP PSA.

5. The staffis of the opinion that the situation where the licensee would most likely need the majority of the 21-day AOT is for the 10-year SDG surveillance / inspection (as opposed to the 18-month or 5-year inspection). Would a more appropriate proposal for South Texas be a 21-day AOT for the 10-year SDG inspection, and a 14-day AOT once per train per cycle for other inspections? If not, why not?

The 21-day AOT per train per cycle STE is considered appropriate without specifically qualifying the types of planned maintenance work activities, based on the discussion in the following paragraphs.

Our goal is to remove ESF diesel work activities from plant refueling outages, while still achieving world class engine reliability performance and minimizing engine unavailability.

Based on our original evaluation we expected that the maximum amount of scheduled work for a DG LCO would be around 13 days. Since we do not as a practice schedule work to exceed approximately 60 percent of an Allowed Outage Time and we needed to include the potential for work scope growth as a result ofinspection activities, we evaluated a 21 day AOT with our PSA. The 21 day AOT is supported by the PSA and the plant design as not being risk significant; therefore, we requested a 21 day AOT. Our expectation is that the majority of our DG outages will be less than 14 days and the Maintenance Rule and our Risk Management Program both require us to do everything reasonable to minimize the total DG outage times.

Additionally a 14 day AOT will place STP in the position of scheduling up to 80 or 90 percent of an AOT. In this case any small problems or scope changes during the DO outage TsC-96iS261.m

_ _ - - _ . . - ~ - - - - - . _ -. - - - . . .. ..

,' Attachment to ST-HL-AE-5261 Page 11 of 16 could easily place us in a position where a plant shutdown or request for discretionary enforcement would be required. We do not believe it is appropriate to request a Technical Specification change that creates this potential when there is not a significant safety benefit to be gained. We believe typical special test exception work windows will be seven to ten days in duration. As a result of scheduling the majority of preventative maintenance activities within these STE windows, the need to schedule a 72-hour limiting condition for operation  ;

(LCO) work windows every 12 weeks, our normal functional equipment group cycle, will be l reduced. While it is recognized that the ESF diesel unavailability during the operating cycle I will increase, average unavailability on the ESF diesels will be maintained within the i Maintenance Rule. The ESF diesel train availability during refueling outages will be i

significantly improved. Periods of unavailability during refueling outages will be much '

shorter. ESF diesel refueling outage unavailability could be limited to the duration of ,

electrical bus outages, normally 36 to 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> in length, and ESF load start sequencer I surveillance testing, about 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> in length. l The following is a discussion of the work activities that were considered for inclusion in the i STE windows: In general, the expected durations of the 18-month,5-year, and 10 year l

inspections are 4 days,6 days, and 9 days in work window length, plus an additional one to I two days of associated break-in runs, maintenance tests (PMTs) and operability tests. These window length durations were also benchmarked against the demonstrated performance of other members of the Cooper Bessemer Owner's Group (CBOG) and determined to be typical i

of the expected performance without unexpected scope expansion. These estimates also l assume that the 24-hour load test surveillance is performed with the engine operable, and therefore, is not included in the test window. These durations reflect around-the-clock work l

scheduling. During the last two refueling outages, STP completed the work windows on or l ahead of schedule for five of the six diesels, as reflected in the estimates provided above. The work window for the sixth engine, SDG-12 during 1RE05, was extended about an additional 4 days while troubleshooting a slow voltage start response caused by stray electronic interference between the manual and automatic voltage regulator circuits. In the last year, other utilities with Cooper Bessemer KSV engines have discovered the emergent need to replace turbochargers or cam shafts during these same types of maintenance surveillance inspections; both of these activities required about three days of additional work duration I scope. Our request for 21 days includes a " float window" of about 7 days; we would not I routinely schedule activity durations that exceed 14 days from removal to return to service (operability).

In addition to reviewing surveillance inspections, we also reviewed typical planned corrective i maintenance activities and plant modifications that would be scoped during refueling outages l to see how these activities would influence maintenance duration. The most extensive i maintenance activity completed during recent outages is the piston lubrication improvement, I consisting of removal of the wrist pin caps and lower oil rings on all twenty pistons on a diesel. During the last two refueling outages, we accomplished this improvement on two diesels in each unit, in about a 10 day work window duration for each engine that was performed in parallel with surveillance inspections. We feel our planning and work  ;

accomplishment reflect world class maintenance performance, based on our discussions with l TSC-96\5261.m

,. ,' Attachment to ST-HL-AE-5261 Page 12 of 16 i

other CBOG members. This same type of preparation and accomplishment effort will be focused on our STE window preparations. l l

In 1995, we began a business plan initiative to review the need for modernizing the I capabilities of the ESF diesel electronic govemors, voltage regulators, and the safety and non-safety electronic engine control circuits. The modification evaluation package has been approved and initial work is currently scheduled to begin in late 1997. Several members of the CBOG are either considering or have actually implerhented some portion of the modification scope we are reviewing. These modifications, if and when accomplished, will probably be the controlling activity for future ESF diesel work window durations and will probably require greater than 14 days to complete.

Therefore, it is detennined that the 21 day AOT is appropriate due to the expected and potential DG workscopes which could challenge our ability to comply with a 14 day AOT on I any given entry into the STE. Furthermore, the station's PSA, in conjunction with the On- l Line Maintenance Program supports the 21 day AOT and provides the necessary mechanisms I for monitoring and maintaining plant safety throughout the duration of the STE.

6. A 24-hour AOT with no onsite power (no operable SDGs)is a significant departure from what is allowed in any U. S. plant. This issue appears to be independent of whether or not one is considering a 2-train or a 3-train plant. Please identify the special circumstances of the South Texas design that justifies this exception.

It was never the intent of STP to operate for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> with no operable SDGs. The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> AOT was requested to allow the station to respond to a minor equipment problem, a failed HVAC damper or a failed Chiller, within a reasonable arpount of time. After discussions with the staff, STP has submitted a proposed revision to the previous submittal to provide the necessary action statement in proposed TS 3.10.8 to only allow 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> with no operable SDGs, the same time currently allowed by TS 3.8.1.1. l The Configuration Risk Management Program will prevent STP from operating for an extended amount of time with any extremely risk significant piece of equipment inoperable.

As the table presented in the opening discussions of this letter show, for all credible accidents STP does not lose function with only a single ESF train operable. Consequently, the 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to restore the LCO conditions is considered to be appropriate for the STP design.

7. The proposed technical specifications (TSs) allows for Mode change during the STE.

Please discuss why this flexibility is needed and the potential benefit. Given that Mode 1 represents one of the most stable plant operating modes other than Mode 6, what is the justification for extended preventative maintenance activities of the SDG and ECW systems while changing modes?

The proposed technical specification does allow for mode changes during the STE. The capability to change modes was included to allow the unit the ability to respond to changing plant and grid conditiens. The conditions that would req.uire a Mode change during the STE TsC-96\$261.m

1

, , Attachment to ST-HL-AE-5261 Page 13 of 16 are expected to be extremely infrequent and driven by plant or grid conditions, not station convenience. An example of such an event would be the return to power operation in the event a plant trip occurs during the STE. This capability is not unreasonable, since a Mode change with two (2) OPERABLE Standby Diesel Generators does not involve any greater risk than the operation of the plant in Mode I with two (2) OPERABLE Standby Diesel Generators. It is not the intent of STP to use the proposed technical specification STE as an extension of a planned refueling outage.

Since the requirements for the STE must be satisfied throughout the duration of the STE regardless of the plant's status, the level of defense-in-depth provided by the required equipment and compensatory actions during a Mode change is the same as that required for any other time during the STE.

The compensatory measures which are in place during the STE provide augmented station focus and management attention to ensure that important safety functions are available and operable to support a possible mode change.

1

8. The staff notes that the wording for TS 3.10.8.g," Maintenance in the switchyard is l controlled," is not specific enough in that it does not provide a narrow scope and I direction, given the intent in Section 3.2.2 of the licensee's evaluation (Attachment 4 of the May 1,1995 submittal), that " maintenance activities or other events that could cause a loss of offsite power initiating event are minimized" during the STE period. Please discuss what is meant by controlled.

Due to the amount of work required to be performed in the switchyard to ensure equipment reliability, it is not possible to eliminate all work in the switchyard during the performance of the STE. However, all work performed in the switchyard is controlled by the Unit 1 Shift Supervisor and the following additional control of activities in the switchyard during a 21 day standby diesel generator outage will be initiated.

1. Procedure OPGP03-ZA-0104, Switchyard Access and Control of Vehicles Near Electrical Power Components, will be revised to indicate the Outage Coordinator, HL&P System Dispatching and T&D Substation personnel are responsible for coordinating all activities to be performed in the switchyard during the STE prior to entry into the STE.

2. The Administrative procedure that controls entry into the STE will require the STP outage coordinator to notify HL&P System Dispatching and T&D Substation Operations prior to planned entry into the STE. It will also require the HL&P System Dispatching and T&D Substation Operations to submit all work planned to be performed during the STE to the STP Outage Coordinator prior to entry into the STE.

This will allow a PSA evaluation to be performed on the possible effects of this work on the electrical stability of the switchyard during the STE prior to entry into the STE.

TSC-96\5261.m

,. ,' Attachment to ST-HL-AE-5261 Page 14 of 16 To provide additional assurance that any work being performed in the switchyard will not directly cause a loss of offsite power, the wording for LCO item g. will be revised to better identify the requirements of and conditions for any work to performed in the switchyard

9. The NRC staff expects to examine the physical switchyard arrangement and any administrative control procedures for the switchyard during the site visit.

STP conducted the requested tour and provided requested information.

10. During the staff review of the licensee's previous TS amendment request (

Reference:

Amendment Nos. 59 and 47), Brookhaven National Laboratories (BNL) observed that the improvement in the safety assessment was due to changes in planned maintenance practices at the plant. BNL stated that STP changed maintenance for the standby diesel generators, auxiliary feedwater and essential chilled water systems from a quarterly to a semiannual schedule. Discuss how this impacts the balance between reliability and unavailability, and the effect on plant safety. Also, on page 4 of 4 of Attachment 2 to the May 1,1995 application, a statement is made regarding the credit due to the compensatory actions. Please quantify the contribution to safety based on actual changes in plant procedures, equipment and other compensatory actions as discussed in the May 1,1995 application.

Monitoring of reliability and unavailabi.lity will be conducted under STP's implementation of l the Maintenance Rule,10CFR50.65. The Maintenance Rule implementation requires l optimizing availability and reliability for risk significant systems. Adjustments shall be made, '

where necessary, to maintenance activities to ensure that the objective of preventing failures is appropriately balanced against the objective of assuring acceptable system availability. l In order to support Maintenance Rule implementation, performance criteria / goals are being established for risk significant systems by the Maintenance Rule Expert Panel using ,

information from the PSA. The resulting availability and reliability goals for Maintenance l Rule systems are based on the unavailability and reliability calculations contained in the PSA  !

and on the Expert Panel reviews of equipment performance history. Maintenance activities performed on risk significant plant systems and equipment are to be tracked to ensure that the performance of maintenance activities does not exceed the targeted unavailability allowance.

Thus, the frequency change for preventive maintenance from quarterly to semi-annual or from semi-annual to quarterly in and ofitself would not impact plant safety since the total unavailability would be monitored and adjusted so as not to exceed the total allowed unavailability target as calculated by the PSA and as monitored by the Maintenance Rule.

These measures are some of the mechanisms used at STP to optimize availability and reliability by properly managing the occurrence of systems being out of service for maintenance. This could be achieved by any of the following, as outlined in the draft Maintenance Rule Basis Document:

TsC-96\5261.m

. . - - . .. -~ - . - - - - . . _ - . - . - . . . . - - - . - . . - . - - - - _ -

," Attachment to ST-HL-AE-5261 Page 15 of 16 Ensuring that appropriate preventative maintenance is performed to meet availability objectives as stated in the plant specific PSA, FSAR, or other reliability approaches to maintenance (if required);

e Focusing preventive maintenance activities on those tasks which monitor and predict equipment performance and reliability (e.g., pump vibration analysis instead of teardown);

e Reviewing work history to determine the acceptability of availability and reliability goals; e Focusing maintenance resources on preventing those failure modes that affect the ability to successfully perform a safety function; e Scheduling, as necessary, the amount, type, or frequency of preventive maintenance to appropriately limit the time out of service in accordance with the station's on-line maintenance programs; l

And, risk plots of availability and reliability that will be performed during the Maintenance Rule monitoring process.

In the May 1,1995 submittal, a qualitative / quantitative evaluation for compensatory measures 1 was presented in section 3.0 (Reference ST-HL-AE-5076). All compensatory measures that l were quantified were presented. For example, entry into the STE allows no planned maintenance on the other two safety trains. The quantification for this was accomplished by configuring the STP PSA model to remove the system unavailability contributions due to planned maintenance (unplanned maintenance unavailability contributions were retained). l The resulting quantification reflects a positive change in the risk associated with the STE.

l Not all compensatory measures could be quantified. Those compensatory measures that are l

intended to reduce the likelihood of an initiating event challenging safety equipment during i

the proposed STE were not quantified. This is due to the uncertainty in the magnitude for changing certain initiating event frequencies based upon the compensatory measures.

i J

4 J

TSC-96\5261.m

I

, , Attachment to ST-HL-AE-5261 Page 16 of 16

11. In the licensee's evaluation (Attachment 4 of the May 1,1995 submittal) one of the compensatory actions described on Page 3.1-8 is the following set of conditions:

Prior to commencement of maintenance under the proposed STE, containment integrity will be verified to ensure containment isolation penetrations are in their proper alignments. The reactor containment building supplemental purge valves will be verified to be OPERABLE and in their proper alignment. Additionally, containment purges that may be required during the STE will be strictly controlled.

Why was the above not included in proposed TS 3.10.8?

The requirement to perform this compensatory action is included in the administrative procedure that will be performed prior to each entry into the STE. In addition compliance with these actions is already required by TS 3.6.1.7 and TS 3.6.3 These actions were l

included as a compensatory action to provide heightened awareness among the operating staff l during the STE and to prevent entry into the STE while in an action statement associated with containment integrity or containment purge valves.

1 P

TSC-96\$261.m