ML16363A429: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
| number = ML16363A429 | | number = ML16363A429 | ||
| issue date = 12/28/2016 | | issue date = 12/28/2016 | ||
| title = | | title = Final Significance Determination of a White Finding, Notice of Violation, and Follow-up Assessment Letter; NRC Inspection Report 05000275/2016010 and 05000323/2016010 | ||
| author name = Kennedy K | | author name = Kennedy K | ||
| author affiliation = NRC/RGN-IV/ORA | | author affiliation = NRC/RGN-IV/ORA | ||
| addressee name = Halpin E | | addressee name = Halpin E | ||
| addressee affiliation = Pacific Gas & Electric Co | | addressee affiliation = Pacific Gas & Electric Co | ||
| docket = 05000275, 05000323 | | docket = 05000275, 05000323 | ||
| Line 15: | Line 15: | ||
| page count = 15 | | page count = 15 | ||
}} | }} | ||
See also: [[ | See also: [[see also::IR 05000275/2016010]] | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:UNITED STATES | ||
NUCLEAR REGULATORY COMMISSION | |||
REGION IV | |||
1600 E. LAMAR BLVD. | |||
ARLINGTON, TX 76011-4511 | |||
December 28, 2016 | |||
EA-16-168 | |||
Mr. Edward D. Halpin | |||
Senior Vice President | |||
and Chief Nuclear Officer | |||
Pacific Gas and Electric Company | |||
Diablo Canyon Power Plant | |||
P.O. Box 56, Mail Code 104/6 | |||
Avila Beach, CA 93424 | |||
SUBJECT: DIABLO CANYON POWER PLANT - FINAL SIGNIFICANCE | |||
DETERMINATION OF A WHITE FINDING, NOTICE OF VIOLATION, | |||
AND FOLLOW-UP ASSESSMENT LETTER; NRC INSPECTION | |||
REPORT 05000275/2016010 AND 05000323/2016010 | |||
Dear Mr. Halpin: | |||
This letter provides you the final significance determination of the preliminary White finding | |||
identified in the Diablo Canyon Power Plant - NRC Inspection Report 05000275/2016010 | |||
and 05000323/2016010; Preliminary White Finding (Agencywide Documents Access and | |||
Management System (ADAMS) Accession No. ML16277A340), dated October 3, 2016. The | |||
finding is associated with the May 16, 2016, failure of the Unit 2 residual heat removal pump 2-2 | |||
suction valve (SI-2-8982B) from the containment recirculation sump to open from the main | |||
control room. The NRC has determined the finding is of low-to-moderate safety significance | |||
(White). | |||
At your request, the NRC held a regulatory conference on November 15, 2016, to further | |||
discuss your views on this finding. The meeting summary of this regulatory conference is | |||
available at ADAMS Accession No. ML16336A765 and a copy of your presentation is available | |||
at ADAMS Accession No. ML16335A439. In your presentation, you described several changes | |||
to the probabilistic risk modeling of the failure of valve SI-2-8982B, including changes to the | |||
common cause alpha factors and several assumptions related to medium break loss-of-coolant | |||
accidents. Your staff also provided their perspectives on a variety of recovery methods | |||
available to open valve SI-2-8982B, thereby, restoring the flow path from the containment sump | |||
to the reactor core through residual heat removal pump 2-2. | |||
Based on your staffs evaluation of these factors and the probability of success of these | |||
recovery actions, your staff concluded that the change in core damage frequency was less than | |||
the Green/White threshold of 1E-6 per year. As a result, you concluded that the inspection | |||
finding should be characterized as very low safety significance (Green). | |||
E. Halpin -2- | |||
We have concluded that our preliminary significance determination change in core damage | |||
frequency result of 7.6E-6 per year represents the upper range of the increase in core damage | |||
frequency associated with the performance deficiency. Based on the information provided by | |||
your staff at the regulatory conference, the NRC adjusted a number of assumptions used in the | |||
preliminary significance determination. Specifically, the NRC lowered the common cause alpha | |||
factors and adjusted several assumptions related to medium break loss-of-coolant | |||
accidents. The NRC also performed a variety of human error probability calculations to | |||
determine the likelihood of recovering the functionality of valve SI-2-8982B. The results of these | |||
calculations, which removed much of the conservativism from the assumptions used in the | |||
preliminary risk assessment, predicted a high likelihood of success (96.4 percent success) for | |||
recovering valve SI-2-8982B. | |||
Using these assumptions, the NRC concluded the lower range of increase in core damage | |||
frequency associated with the performance deficiency to be 1.3E-6 per year. Because the | |||
NRCs calculated lower and upper estimations of the increase in core damage frequency of the | |||
performance deficiency were both greater than 1.0E-6 per year but less than 1.0E-5 per year, | |||
the NRC determined the finding was of low-to-moderate safety significance (White). Our | |||
evaluation of the risk significance of the finding is provided in the attachment to this letter. | |||
You have 30 calendar days from the date of this letter to appeal the staffs determination of | |||
significance for the identified White finding. Such appeals will be considered to have merit only | |||
if they meet the criteria given in NRC Inspection Manual Chapter 0609, Attachment 2. An | |||
appeal must be sent in writing to the Regional Administrator, Region IV, 1600 E. Lamar Blvd., | |||
Arlington, TX 76011. | |||
The NRC has also determined that the failure to develop adequate instructions for the | |||
installation of external limit switches on motor-operated valves is a violation of Technical | |||
Specification 5.4.1.a, Procedures, as cited in the enclosed Notice of Violation (NOV). In | |||
accordance with the NRC's Enforcement Policy, the NOV is considered an escalated | |||
enforcement action because it is associated with a White finding for Unit 2. | |||
You are required to respond to this letter and should follow the instructions specified in the | |||
enclosed NOV when preparing your response. If you have additional information that you | |||
believe the NRC should consider, you may provide it in your response to the NOV. The NRC's | |||
review of your response to the NOV will also determine whether further enforcement actions are | |||
necessary to ensure compliance with regulatory requirements. | |||
As a result of our review of Diablo Canyon Power Plants performance, including this White | |||
finding, we have assessed the performance of Diablo Canyon Power Plant, Unit 2, to be in the | |||
Regulatory Response column of the NRCs Action Matrix, effective the third quarter of 2016. | |||
Therefore, we plan to conduct a supplemental inspection using Inspection Procedure 95001, | |||
Supplemental Inspection Response to Action Matrix Column 2 Inputs, when your staff has | |||
notified us of your readiness for this inspection. This inspection procedure is conducted to | |||
provide assurance that the root cause and contributing causes of risk significant performance | |||
issues are understood, the extent of condition and the extent of cause are identified, and the | |||
corrective actions are sufficient to prevent recurrence. | |||
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter and its | |||
enclosure will be made available electronically for public inspection in the NRC Public | |||
Document Room and in ADAMS, accessible from the NRC Web site at | |||
http://www.nrc.gov/reading-rm/adams.html. | |||
E. Halpin -3- | |||
To the extent possible, your response should not include any personal privacy, proprietary, or | |||
safeguards information so that it can be made available to the Public without redaction. | |||
Sincerely, | |||
/RA/ | |||
Kriss M. Kennedy | |||
Regional Administrator | |||
Docket Nos. 50-275 and 50-323 | |||
License Nos. DPR-80 and DPR-82 | |||
Enclosure: | |||
Notice of Violation w/Attachment: | |||
Final Significance Determination | |||
cc: Electronic Distribution via Listserv | |||
for Diablo Canyon Power Plant, Units 1 and 2 | |||
ML16363A429 | |||
SUNSI Review ADAMS Non-Sensitive Publicly Available Keyword: | |||
By: JRG Yes No Sensitive Non-Publicly Available | |||
OFFICE RI:DRP/A SRI:DRP/A BC:DRP/A DRS:SRA TL:ACES RC:ORA OE | |||
NAME JReynoso CNewport JGroom RDeese MHay KFuller GFigueroa | |||
SIGNATURE /RA/Email /RA/Email /RA/ /RA/ /RA/ /RA/ /RA/ E | |||
DATE 12/13/16 12/13/16 12/13/16 12/15/16 12/15/16 12/13/16 12/19/16 | |||
OFFICE D:DRS D:DRP RA | |||
NAME AVegel TPruett KKennedy | |||
SIGNATURE /RA/ /RA/ /RA/ | |||
DATE 12/13/16 12/13/16 12/28/16 | |||
NOTICE OF VIOLATION | |||
Pacific Gas and Electric Company Docket No. 50-323 | |||
Diablo Canyon Power Plant License No. DPR-82 | |||
EA-16-168 | |||
During an NRC inspection conducted between May 16 and September 12, 2016, a violation of | |||
NRC requirements was identified. In accordance with the NRCs Enforcement Policy, the | |||
violation is listed below: | |||
Technical Specification 5.4.1.a, Procedures, requires, in part, that written procedures | |||
shall be established, implemented, and maintained covering the applicable procedures | |||
recommended in Appendix A of Regulatory Guide 1.33, Revision 2. Section 9.a of | |||
Appendix A of Regulatory Guide 1.33, Revision 2, requires in part, that maintenance that | |||
can affect the performance of safety-related equipment should be properly preplanned | |||
and performed in accordance with written procedures, documented instructions, or | |||
drawings appropriate to the circumstances. | |||
Contrary to the above, on December 5, 2011, the licensee failed to establish written | |||
procedures for performing maintenance on safety-related equipment, which were | |||
appropriate to the circumstances. Specifically, Procedure MP E-53.10R, Augmented | |||
Stem Lubrication for Limitorque Operated Valves, Revision 4, used to perform | |||
maintenance on safety-related equipment, failed to provide instructions to establish and | |||
check the travel of external switches installed on motor-operated valves are within | |||
vendor established criteria. Consequently, the limit switch for valve RHR-2-8700B was | |||
installed, such that, it was operated repeatedly beyond overtravel tolerances resulting in | |||
its failure on May 16, 2016. As a consequence of this inadequate maintenance | |||
procedure issue, the licensee also violated Unit 2 Technical Specification 3.5.2, ECCS - | |||
Operating, because train B of the emergency core cooling system was determined to be | |||
inoperable for greater than the technical specification allowed outage time of 14 days. | |||
This violation is associated with a White significance determination process finding. | |||
Pursuant to the provisions of 10 CFR 2.201, Pacific Gas and Electric Company is hereby | |||
required to submit a written statement or explanation to the U.S. Nuclear Regulatory | |||
Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with a copy to the | |||
Regional Administrator, Region IV; and a copy to the NRC resident inspector at the facility that | |||
is the subject of this Notice, within 30 days of the date of the letter transmitting this Notice of | |||
Violation (Notice). This reply should be clearly marked as a "Reply to a Notice of Violation; | |||
EA-16-168" and should include for each violation: (1) the reason for the violation, or, if | |||
contested, the basis for disputing the violation or severity level; (2) the corrective steps that | |||
have been taken and the results achieved; (3) the corrective steps that will be taken; and (4) the | |||
date when full compliance will be achieved. | |||
Your response may reference or include previous docketed correspondence, if the | |||
correspondence adequately addresses the required response. If an adequate reply is not | |||
received within the time specified in this Notice, an order or a Demand for Information may be | |||
issued as to why the license should not be modified, suspended, or revoked, or why such other | |||
action as may be proper should not be taken. Where good cause is shown, consideration will | |||
be given to extending the response time. | |||
Enclosure | |||
If you contest this enforcement action, you should also provide a copy of your response, with | |||
the basis for your denial, to the Director, Office of Enforcement, United States Nuclear | |||
Regulatory Commission, Washington, DC 20555-0001. | |||
Because your response will be made available electronically for public inspection in the NRCs | |||
Public Document Room or from the NRCs document system (ADAMS), accessible from the | |||
NRC website at http://www.nrc.gov/reading-rm/adams.html, to the extent possible, it should not | |||
include any personal privacy, proprietary, or safeguards information so that it can be made | |||
available to the public without redaction. | |||
If personal privacy or proprietary information is necessary to provide an acceptable response, | |||
then please provide a bracketed copy of your response that identifies the information that | |||
should be protected and a redacted copy of your response that deletes such information. If you | |||
request withholding of such material, you must specifically identify the portions of your response | |||
that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g., | |||
explain why the disclosure of information will create an unwarranted invasion of personal | |||
privacy or provide the information required by 10 CFR 2.390(b) to support a request for | |||
withholding confidential commercial or financial information). If safeguards information is | |||
necessary to provide an acceptable response, please provide the level of protection described | |||
in 10 CFR 73.21. | |||
Dated this 28th day of December 2016 | |||
-2- | |||
Diablo Canyon Power Plant, Unit 2, Failure of Valve SI-2-8982B to Open | |||
Final Significance Determination | |||
During the regulatory conference held on November 15, 2016, your staff described their | |||
assessment of the significance of the finding. Specifically, your staff discussed differences | |||
between the NRC's preliminary significance determination and the Diablo Canyon Power | |||
Plant risk assessment. Based on the information provided at the regulatory conference, the | |||
NRC determined that the preliminary significance determination represented the upper | |||
range of the increase in core damage probability associated with the performance | |||
deficiency. | |||
The NRC utilized the information provided by the licensee at the regulatory conference to | |||
estimate the lower range of the increase in core damage frequency associated with the | |||
performance deficiency. The following elements of the risk evaluation were evaluated and | |||
are discussed below. | |||
1. Your staff provided updated motor-operated valve common cause alpha factors. | |||
Based on this updated information, the NRC, when evaluating the lower range in the | |||
increase in risk, reduced the value of the alpha-2 common cause factor in the SPAR | |||
model from 1.92E-2 to 1.77E-2. The alpha-1 factor was also adjusted accordingly. | |||
2. Your staff presented an updated containment analysis that demonstrated medium break | |||
loss-of-coolant accidents (MLOCAs), with pipe breaks less than 4.5 inches in diameter, | |||
would not result in sufficient containment pressure to start the containment spray pumps. | |||
The NRC reviewed the updated containment analysis and agreed that for MLOCAs less | |||
than 4.5 inches in diameter, the containment spray pumps likely would not start. | |||
Consequently, the analyst adjusted the non-recoverable MLOCAs from 3.5 to 4.5 inches | |||
when evaluating the lower range of the increase in core damage frequency for the final | |||
significance determination. The analyst performed a sensitivity analysis for smaller and | |||
larger non-recoverable MLOCAs ranging from 4.0 to 5.0 inches and concluded these | |||
changes had a minor effect on the outcome of the detailed risk evaluation. | |||
This application of less frequent, non-recoverable, loss-of-coolant accidents (LOCAs) led | |||
the NRC to ensure all non-recoverable LOCAs were accounted for in their detailed risk | |||
evaluation. Large break LOCAs (LOCAs with greater than 6-inch pipe breaks) were | |||
truncated in the preliminary evaluation because they comprised less than 2 percent of | |||
the estimate of total increase in core damage frequency. With the information provided | |||
by the licensee, large break LOCAs came to comprise a larger and significant portion of | |||
the estimate of total increase in core damage frequency and their contribution was | |||
accounted for in the final detailed risk evaluation. The estimate of the increase in core | |||
damage frequency from large break LOCAs was 1.4E-7 per year. The NRC discussed | |||
the increased contribution from large break LOCAs at the regulatory conference. | |||
3. Your staff presented a different methodology for determining the frequency of MLOCA | |||
for differing break sizes by using NUREG-1829, Estimating Loss-of-Coolant Accident | |||
(LOCA) Frequencies through the Elicitation Process, April 2008. | |||
When evaluating the lower range of the increase in core damage frequency for the final | |||
significance determination, the NRC updated the method of deconstructing MLOCAs | |||
using a logarithmic-linear function method. | |||
Attachment | |||
Through the process of reviewing NUREG-1829, the NRC identified that initiating event | |||
frequencies for LOCAs in the NRC SPAR model were derived from the 25-year fleet | |||
average operations life when NUREG-1829 was published in 2008. The NRC averaged | |||
the 25-year and 40-year LOCA frequencies to obtain frequencies with a more accurate | |||
reflection of fleet average operations. The NRC discussed the fact that the LOCA | |||
initiating event frequencies in the SPAR model were dated at the regulatory conference. | |||
The application of these methods resulted in a reduction in the break frequency for | |||
MLOCAs between 4.5 to 6 inches to 5.21E-6 per year. | |||
4. Your staff presented information related to strategies for reactor coolant system | |||
cooldown, throttling of the emergency core cooling system (ECCS) flow to the reactor | |||
core and refilling of the refueling water storage tank (RWST). These strategies would be | |||
employed to increase the time available for the various recovery methods. | |||
When evaluating the lower range in the increase in risk, the NRC evaluated these | |||
strategies to determine the impact on the time available to recover valve SI-2-8982B. | |||
These strategies do not directly provide for successful recovery of valve SI-2-8982B, but | |||
instead slow the drain rate of the RWST, allowing additional time to implement the | |||
electrical and mechanical recovery options. | |||
Throttling of ECCS flow is directed by Emergency Operating Procedure (EOP) | |||
Emergency Contingency Action (ECA) 1.1, Loss of Emergency Coolant Recirculation, | |||
Revision 21, Step 18. This procedure directs operators to stop all but one ECCS | |||
centrifugal charging pump, provided the reactor coolant system is at least 70°F | |||
subcooled. This action could occur at various times during the reactor coolant system | |||
cooldown and results in a reduction in ECCS flow to approximately 400-500 gallons per | |||
minute (gpm). | |||
Refilling of the RWST is directed in Step 7.a of Procedure ECA 1.1. This procedure step | |||
directs operators to ECA 1.1, Appendix M, RWST Makeup, and provides two methods | |||
for adding inventory to the RWST. Makeup from the spent fuel pool is the preferred | |||
method. Your staff provided analysis that demonstrated the ability to add approximately | |||
41,700 gallons of spent fuel pool water inventory to the RWST at a rate of 250 gpm. The | |||
liquid hold-up tanks could also be used for makeup but only after recirculation, sampling, | |||
and evaluation by the technical support center (TSC) staff. | |||
The NRC reviewed these strategies and determined they would have a high likelihood of | |||
success (97.8 percent) because they are procedurally driven, high stress, and have | |||
mostly nominal performance shaping factors (PSFs). | |||
While the actions to reduce the drain rate on the RWST through adding inventory and/or | |||
reducing ECCS flow are not procedurally directed until directed by Procedure ECA 1.1, | |||
the NRC considered that for smaller LOCAs, full staffing of the TSC would likely have | |||
occurred prior to the swap over from the RWST to the containment recirculation sump. | |||
With this additional technical expertise available, the NRC assumed that the reduced | |||
drain rate on the RWST would provide additional time for recovery actions and factored | |||
this time into the individual analysis of each method. A sensitivity analysis was | |||
performed that showed changes in the failure rate to refill the RWST or throttle ECCS | |||
had a negligible effect on the outcome of the detailed risk evaluation. | |||
A-2 | |||
5. Your staff presented a timeline that, following cessation of ECCS injection flow, | |||
demonstrated a peak core temperature of 1800°F (i.e., onset of core damage) occurring | |||
at 2.8 hours. | |||
Experts from the NRCs Office of Nuclear Reactor Research reviewed your Modular | |||
Accident Analysis Program (MAAP) thermal-hydraulic analysis and found the timing for | |||
core damage to be acceptable for the conditions of the analysis. The original analyses | |||
assumed the time to core damage after termination of injection was approximately | |||
1.4 hours, consistent with data from NUREG-2187, Confirmatory Thermal-Hydraulic | |||
Analysis to Support Specific Success Criteria in the Standardized Plant Analysis Risk | |||
Models - Byron Unit 1. The NRC considered the additional time to core damage when | |||
evaluating the lower range of the increase in core damage frequency for the final | |||
significance determination. | |||
6. Your staff presented an additional recovery method not originally recognized during | |||
development of the preliminary risk assessment. This new recovery method involved | |||
the use of a maintenance procedure to install electrical jumpers to bypass the interlock | |||
that prevented opening of valve SI-2-8982B. | |||
The NRC reviewed the additional recovery method involving the use of electrical | |||
jumpers to bypass the interlock that prevented opening of valve SI-2-8982B. The | |||
analyst used SPAR-H to determine the feasibility of the proposed recovery action. The | |||
analyst identified several impediments to implementing this recovery method. | |||
Specifically, the method would have to be diagnosed with low experience and | |||
training, was moderately complex, and would be performed under high stress. | |||
The NRC reviewed the licensees human reliability analysis for the electrical jumper | |||
recovery method, which estimated the failure probability of the human action | |||
of 8.7E-2. The NRC concluded that procedures were poor in both diagnosis and | |||
action. The task was also subject to high dependency to the electrical recovery | |||
because the same crew would be used, the tasks would be close in time, and no | |||
additional cues would be present. Procedures for use of the jumper method were | |||
not referenced in the EOPs and were subject to TSC staff action to develop and | |||
prepare for use by referencing a maintenance procedure during the event. The | |||
NRC estimated the failure probability of the jumper method to be 5.7E-1. The NRC | |||
included credit for the electrical jumper method with TSC directed recoveries, | |||
discussed in Item 9, when determining the lower range of the increase in core damage | |||
frequency for the final significance determination. | |||
7. Your staff presented information related to the Time Available, Experience and | |||
Training, Procedures, and Ergonomics PSFs for recovery by local, manual operation | |||
of the valve (also referred to as the mechanical recovery option). In particular, your staff | |||
presented information that the Time Available PSF for action should be characterized | |||
as Extra Time Available, and the Experience and Training and Ergonomics PSFs | |||
should be characterized as Nominal. The NRC reviewed the licensees suggested | |||
enhancements to the PSFs and the assumptions used in the preliminary detailed risk | |||
evaluation. | |||
For the Time Available PSF, the analyst determined the initial attempt to mechanically | |||
open valve SI-2-8982B would occur prior to any TSC action to refill the RWST or throttle | |||
ECCS flow. This is because these actions are directed by EOP emergency contingency | |||
A-3 | |||
action procedures, which are implemented after the failure to open valve SI-2-8982B and | |||
valve SI-2-8982A during implementation of Procedure EOP E-1.3. | |||
The timeline presented at the regulatory conference was derived from licensee | |||
calculation MAAP16-03, Diablo Canyon Power Plant Calculation - Loss of Recirculation | |||
Function, Revision 0, and assumed ECCS injection was reduced to only one train of | |||
charging injection 12 minutes after the RWST reached 33 percent level. The NRC | |||
concluded that the licensees emergency operating procedures would not call for this | |||
action until numerous steps had been completed after reaching the 33 percent level in | |||
the RWST. The NRC identified that a sensitivity in calculation MAAP16-03, which | |||
reduced ECCS injection to one charging train at 45 minutes after RWST level reached | |||
33 percent, was more reflective of how the plant would be operated, recognizing it could | |||
take longer than 45 minutes. This sensitivity included RWST make-up and shortened | |||
the timeline by approximately 1.5 hours. This aided the NRC in concluding that the time | |||
available was shorter than the timeline presented at the regulatory conference and | |||
would be less than five times that required for the human performance basic events. | |||
Additionally, the NRC considered the guidance in Section 3.1, Available Time, of | |||
document INL/EXT-10-18533, SPAR-H Step-by-Step Guidance, Revision 2, to assign | |||
the available time PSF for action as nominal and the remainder of the time was assigned | |||
to the diagnosis part of the event. As such, the analyst determined that the Time | |||
Available PSF should be characterized as Nominal for mechanically opening | |||
valve SI-2-8982B. | |||
For the Experience and Training PSF, the licensee noted that operators are trained on | |||
operations of similar motor-operated valves elsewhere in the plant. The NRC | |||
considered local, manual valve operation in the recirculation chamber, while dressed in | |||
protection clothing, as unique when compared to other motor-operated valves. This | |||
uniqueness, combined with the few past operations of the valve in this manner, and | |||
industry operating experience, resulted in the analyst concluding the Experience and | |||
Training PSF to be low. | |||
Your staff discussed the procedures used for opening the recirculation valve chamber | |||
guard. The NRC noted that in calculation SDP16-05, SPAR Evaluation for | |||
8982B/8700B Interlock Failure, Revision 0, the licensee assumed the Procedures PSF | |||
to be available, but poor. For the Procedures PSF, the analyst determined that | |||
information needed to complete the mechanical recovery method was not contained in | |||
standard operating procedures. | |||
In particular, your staff stated that there is not an existing emergency procedure to open | |||
the valve SI-2-8982B chamber guard and that during the postulated event, existing | |||
outage related work instructions would be used to develop the emergency instructions to | |||
open the chamber guard to allow for the mechanical recovery method. The analyst | |||
determined that this lack of guidance more closely aligned with the definition of an | |||
incomplete procedure rather than a procedure that is available but poor. | |||
For the Ergonomics PSF, the NRC concluded that the information supplied by your | |||
staff and the design of the plant supports correct performance, but does not enhance | |||
performance or make tasks easier to carry out than typically expected. As such, the | |||
analyst determined that the Ergonomics PSF is more appropriately characterized as | |||
Nominal. | |||
A-4 | |||
The NRC reassessed the overall human error probability based on the changes to the | |||
PSFs discussed above. When evaluating the lower range of the increase in core | |||
damage frequency for the final significance determination, the NRC lowered the | |||
mechanical recovery failure probability from 5.8E-1 (42.0 percent success) to 1.1E-1 | |||
(89.0 percent success). | |||
8. Your staff presented information related to the Time Available and Procedures PSFs | |||
related to electrical recovery option using the motor contactors. In particular, your staff | |||
presented information that the Time Available PSF should be characterized as | |||
Expansive Time Available and the Procedures PSF should be characterized as | |||
Available but Poor. The NRC reviewed the licensees suggested enhancements to the | |||
PSFs and the assumptions used in the preliminary detailed risk evaluation. | |||
For the Time Available PSF, the analyst determined that initiation of the electrical | |||
recovery method occurs after initiation of the mechanical recovery method. The cause | |||
of this delay is due to the structure of the EOPs. In particular, Procedure EOP-1.3, | |||
Transfer to Cold Leg Recirculation, Revision 15, response not obtained for Step 6.b.2, | |||
first directs operators to manually or locally open valve SI-2-8982B with assistance from | |||
mechanical maintenance at the 64-foot residual heat removal penetration. The NRC | |||
determined that because of standard procedural use and adherence rules, the manual, | |||
mechanical opening of Valve SI-2-8982B would occur first. | |||
Following the inability to open valve SI-2-8982B with assistance from mechanical | |||
maintenance at the 64-foot residual heat removal penetration, the licensee would | |||
progress through Procedure EOP-1.3, Step 8. In scenarios involving the inability to | |||
establish cold leg recirculation using the train A ECCS components, the licensee would | |||
then be directed to EOP ECA 1.1, Loss of Emergency Coolant Recirculation, | |||
Revision 21. Step 2 of ECA 1.1 instructs operators to try to restore emergency coolant | |||
recirculation equipment by several means. The NRC determined that this procedural | |||
step is the first guidance that directs plant operators to attempt the electrical recovery | |||
method. Specifically, Step 2.d has operators check power available to valves required | |||
for recirculation swap over and refers to an appendix with valve power supplies. | |||
The NRC assumed that this would delay the initiation of the electrical recovery to the | |||
point where the time available would be less than five times the time required. This | |||
timing led to the NRC assigning the PSF with nominal time. | |||
Further, the NRC considered the guidance in Section 3.1, Available Time, of | |||
document INL/EXT-10-18533, SPAR-H Step-by-Step Guidance, Revision 2, to assign | |||
the available time PSF for action as nominal and the remainder of the time was assigned | |||
to the diagnosis part of the event. This determination of nominal time for action was | |||
different than originally characterized in the inspection report for this issue, where it was | |||
characterized as extra time. Through re-analysis of the suggested changes to the PSFs, | |||
the NRC determined that the PSF is better characterized as nominal time. | |||
For the Procedures PSF, the analyst determined that information needed to complete | |||
the electrical contactor recovery method is not contained in standard operations | |||
department procedures. In particular, Procedure O-22 required plant personnel to refer | |||
to other documents, including complex electrical drawings and schematics, to select the | |||
correct contactors. The NRC determined that the PSF for Procedures was the less risk | |||
significant available but poor even though the guidance in Procedure O-22 closely | |||
aligned with the definition of an incomplete procedure. | |||
A-5 | |||
For the Complexity PSF, the licensee proposed moderate complexity because there | |||
was little ambiguity in operating the valve contactor. The NRC assigned the PSF for | |||
Complexity with the less risk significant moderate despite having some aspects which | |||
align with highly complex. | |||
The NRC reassessed the overall human error probability based on the changes to the | |||
PSFs discussed above. When evaluating the lower range of the increase in core | |||
damage frequency for the final significance determination, the NRC concluded that the | |||
electrical recovery yielded a failure probability of 3.8E-1 (62.0 percent success), the | |||
same value used in the preliminary risk evaluation. | |||
The licensee presented information at the regulatory conference that operation of the | |||
wrong contactor was less likely to damage the motor than originally thought. The NRC | |||
originally assumed that operation of the closed contactor would damage the motor for | |||
the motor-operated valve based on data from the Electrical Power Research Institute | |||
study. | |||
The licensee provided information that a blue indicating light at the cabinet where the | |||
valve was being operated would illuminate between 7 - 11 seconds to alert operators | |||
that an electrical overload condition existed. The licensee stated that operators would | |||
then cease operating the contactor. The licensee presented motor performance curve | |||
data that showed that no motor damage would occur due to the motor operating at | |||
locked rotor amperage for up to 10 seconds. | |||
The NRC concluded that due to the proximity of the overload light illumination to the time | |||
that the motor could sustain damage, that 75 percent of the time the motor would sustain | |||
damage or burnup such that the motor for the motor operator would be rendered | |||
unavailable. The 75 percent value was derived from judgement of the nominal | |||
illumination time, time for recognition by the operator, uncertainty of the operators | |||
knowledge of the meaning of the light, reaction time by the operator, and the EPRI study | |||
of valve motors being damaged after just 12 seconds of locked rotor amp operations. | |||
This motor unavailability would eliminate further electrical recovery attempts. | |||
9. Your staff presented information that all recovery options, including the mechanical | |||
opening of the valve and electrical opening of the valve by use of the motor start | |||
contactors, would be pursued in parallel. | |||
The NRC, when developing the final significance determination, reviewed the licensees | |||
EOP and ECA procedures to determine the exact sequence of actions expected | |||
following the failure of valve SI-2-8982B. Following any LOCA, operators transfer the | |||
ECCS to cold leg recirculation following depletion of the RWST, as directed in | |||
Procedure EOP-1.3, Transfer to Cold Leg Recirculation, Revision 15. For the core | |||
damage sequence of concerns related to the performance deficiency that affected the | |||
ability to open valve SI-2-8982B, the NRC noted the following important sequence of | |||
actions expected: | |||
EOP-1.3, Step 6.b.2, open valve SI-2-8982B to place residual heat removal | |||
train B in cold-leg recirculation. | |||
EOP-1.3, response not obtained for Step 6.b.2, locally open valve SI-2-8982B. | |||
The NRC assumed this is the mechanical recovery option, discussed in Item 7 | |||
above. | |||
A-6 | |||
EOP-1.3, Step 8, place residual heat removal train A in cold-leg recirculation. | |||
EOP-1.3, response not obtained for Step 8.b, Go to ECA-1.1, Loss of | |||
Emergency Coolant Recirculation. | |||
ECA-1.1, Step 2.d, try to restore emergency coolant recirculation equipment by | |||
locally operating valves as required. The NRC assumed this is the electrical | |||
contactor recovery option, discussed in Item 8 above. | |||
ECA-1.1, Step 7, add makeup to the RWST as necessary. | |||
ECA-1.1, Step 10, initiate reactor coolant system cooldown to cold shutdown. | |||
ECA-1.1, Steps 15-18, throttle ECCS flow to minimum required to remove decay | |||
heat. | |||
Following successful refilling of the RWST and throttling of ECCS, the licensee would | |||
have a number of recovery options available through TSC directed recoveries. These | |||
recoveries could include additional mechanical recovery attempts and if the motor | |||
operator was not damaged, electrical recovery attempts through use of the motor | |||
contactors or the electrical jumper method described at the regulatory conference. Extra | |||
time could also be used to prolong the time available to restore ECCS recirculation | |||
through strategies, such as, makeup to the RWST from the boric acid blender, initiation | |||
of normal charging from the volume control tank or refilling of the RWST from the liquid | |||
holdup tanks. | |||
There is uncertainty associated with the likelihood of these recoveries because they | |||
involve diagnostic troubleshooting and assessment by the TSC staff and actions that are | |||
not, in some cases, procedurally driven. The NRC determined that TSC directed | |||
recoveries are subject to high dependency because the same crew would be used, the | |||
tasks would be close in time, and no additional cues would be present. As such, the | |||
NRC evaluated the composite likelihood of failure of these actions and determined they | |||
have an effective failure probability of 5.0E-1, using the SPAR-H guidance for high | |||
dependency. | |||
Based on the above, the NRC found that the proposed recovery actions are more | |||
reflective of sequentially directed actions rather than parallel actions. The NRC | |||
considered the continuous action nature of ECA-1.1, Step 2, which allows the TSC to | |||
pursue multiple methods to recover ECCS recirculation following the initial failure of | |||
valve SI-2-8982B and the inability to recover the valve by local manual operation. | |||
Using insights from the above sequence, the NRC evaluated the availability of three | |||
potential recovery methods combined with the failure probabilities of throttling ECCS | |||
flow, refilling the RWST, and potentially damaging the motor during the electrical | |||
recovery method. When evaluating the lower range of the increase in core damage | |||
frequency for the final significance determination, the NRC approximated the overall | |||
recovery probability by multiplying the failure probabilities of the mechanical and | |||
electrical options and reduced the effective recovery failure probability from 2.4E-1 | |||
(76.0 percent success) to 3.6E-2 (96.4 percent success). | |||
A-7 | |||
10. Your staff identified that additional risk benefit could be gained through recovery of | |||
valve SI-2-8982A, the opposite train valve that is subjected to the same maintenance as | |||
valve SI-2-8982B and, therefore, could be susceptible to failure due to the same | |||
incorrectly set external limit switch. Your staff did not specifically quantify recovery of | |||
valve SI-2-8982A, but instead included a qualitative sensitivity that additional risk credit | |||
could be gained through recovery of this valve. | |||
The analyst followed the NRCs guidance for crediting recovery in cutsets involving a | |||
common cause failure basic event contained in Section 5.0, Common Cause Failure | |||
Modeling, of Volume 1, Internal Events, of the Risk Assessment of Operational | |||
Events. This guidance prescribes that for cutsets that involve the common cause failure | |||
basic event that was impacted by the observed single failure, the potential for recovery | |||
should consider only the failure mechanism of the observed failure. As a result, the | |||
NRC did not consider any recovery credit in cutsets containing a common cause failure | |||
of valve SI-2-8982A. | |||
11. Your staff presented application of updated recovery actions to the increase in core | |||
damage frequency from external events included in the preliminary risk assessment. | |||
Your analysis represented an increase in core damage frequency of 4.56E-8 per year. | |||
Similarly, the NRC applied the recoveries, discussed in Items 4-9 above, to external | |||
events when evaluating the lower range of the increase in core damage frequency for | |||
the final significance determination. When including these recoveries, the NRC | |||
estimated the increase in core damage frequency, from external events, as 5.0E-8 per | |||
year. | |||
In summary, we concluded that our preliminary risk assessment of 7.6E-6 per year represented | |||
the upper range of the increase in core damage frequency associated with the performance | |||
deficiency. Based on the information provided by your staff at the regulatory conference, the | |||
NRC adjusted a number of assumptions used in the preliminary risk assessment to determine | |||
the lower range of the increase in risk associated with the performance deficiency. Specifically, | |||
the NRC adjusted the common cause alpha factors, the initiating events frequency for various | |||
MLOCAs scenarios, and the assumption relative to the actuation of containment spray for a | |||
MLOCA. The NRC also performed a variety of human error probability calculations to | |||
determine the likelihood of recovering valve SI-2-8982B. Notably, the NRC adjusted the PSFs | |||
for the mechanical and electrical recovery methods. | |||
For the mechanical recovery method, the NRC applied the less risk significant Ergonomics - | |||
Nominal PSF. The NRC continued to apply the Procedures - Incomplete PSF because, as | |||
stated by your staff at the regulatory conference, instructions would need to be developed to | |||
open the recirculation guard chamber and access valve SI-2-8982 during a LOCA event. The | |||
NRC also continued to apply the Available Time - Nominal PSF for this recovery method. | |||
Specifically, while your staff provided detailed information related to strategies to refill the RWST | |||
and throttle ECCS flow, the NRC concluded the initial attempt to mechanically open | |||
valve SI-2-8982B would occur prior to any procedurally driven action to refill the RWST or | |||
throttle ECCS. | |||
The NRC also considered information presented at the regulatory conference and concluded | |||
that your staffs timeline represented recovery under ideal conditions. Using assumptions based | |||
of the sequence of steps outlined in the EOPs and recognizing the uncertainty that | |||
A-8 | |||
accompanies complex reactor events, the NRC concluded the available time to be less than five | |||
times the time required for the human performance basic events. | |||
For the electrical recovery methods, the NRC applied the less risk significant Procedures and | |||
Complexity PSF. The NRC also applied the more risk significant Available Time - Nominal | |||
PSF for this recovery method. Specifically, the NRC staff reviewed the Diablo Canyon Power | |||
Plant EOPs and identified that application of the electrical recovery method would not occur | |||
first, as assumed in the preliminary risk assessment. Instead, the NRC staff concluded that the | |||
EOP procedure structure would direct this action after the mechanical recovery method failed | |||
but before action is taken to refill the RWST and throttle ECCS flow. Recognizing the | |||
uncertainty that accompanies complex reactor events, the NRC concluded the available time to | |||
be less than five times the time required for the human performance basic events. | |||
The results of these calculations, which removed much of the conservativism from the | |||
assumptions used in the preliminary risk assessment, predicted a high likelihood of success | |||
(96.4 percent success) for recovering valve SI-2-8982B. Using these assumptions, the NRC | |||
concluded the lower range of increase in core damage frequency associated with the | |||
performance deficiency to be 1.3E-6 per year. Because the NRCs calculated lower and upper | |||
estimations of increase in core damage frequency of the performance deficiency were both | |||
greater than 1.0E-6 but less than 1.0E-5, the NRC determined the finding was of low to | |||
moderate safety significance (White). | |||
A-9 | |||
}} | }} | ||
Latest revision as of 09:50, 30 October 2019
| ML16363A429 | |
| Person / Time | |
|---|---|
| Site: | Diablo Canyon  |
| Issue date: | 12/28/2016 |
| From: | Kennedy K Region 4 Administrator |
| To: | Halpin E Pacific Gas & Electric Co |
| Jeremy Groom | |
| References | |
| EA-16-168 IR 2016010 | |
| Download: ML16363A429 (15) | |
See also: IR 05000275/2016010
Text
UNITED STATES
NUCLEAR REGULATORY COMMISSION
REGION IV
1600 E. LAMAR BLVD.
ARLINGTON, TX 76011-4511
December 28, 2016
Mr. Edward D. Halpin
Senior Vice President
and Chief Nuclear Officer
Pacific Gas and Electric Company
Diablo Canyon Power Plant
P.O. Box 56, Mail Code 104/6
Avila Beach, CA 93424
SUBJECT: DIABLO CANYON POWER PLANT - FINAL SIGNIFICANCE
DETERMINATION OF A WHITE FINDING, NOTICE OF VIOLATION,
AND FOLLOW-UP ASSESSMENT LETTER; NRC INSPECTION
REPORT 05000275/2016010 AND 05000323/2016010
Dear Mr. Halpin:
This letter provides you the final significance determination of the preliminary White finding
identified in the Diablo Canyon Power Plant - NRC Inspection Report 05000275/2016010
and 05000323/2016010; Preliminary White Finding (Agencywide Documents Access and
Management System (ADAMS) Accession No. ML16277A340), dated October 3, 2016. The
finding is associated with the May 16, 2016, failure of the Unit 2 residual heat removal pump 2-2
suction valve (SI-2-8982B) from the containment recirculation sump to open from the main
control room. The NRC has determined the finding is of low-to-moderate safety significance
(White).
At your request, the NRC held a regulatory conference on November 15, 2016, to further
discuss your views on this finding. The meeting summary of this regulatory conference is
available at ADAMS Accession No. ML16336A765 and a copy of your presentation is available
at ADAMS Accession No. ML16335A439. In your presentation, you described several changes
to the probabilistic risk modeling of the failure of valve SI-2-8982B, including changes to the
common cause alpha factors and several assumptions related to medium break loss-of-coolant
accidents. Your staff also provided their perspectives on a variety of recovery methods
available to open valve SI-2-8982B, thereby, restoring the flow path from the containment sump
to the reactor core through residual heat removal pump 2-2.
Based on your staffs evaluation of these factors and the probability of success of these
recovery actions, your staff concluded that the change in core damage frequency was less than
the Green/White threshold of 1E-6 per year. As a result, you concluded that the inspection
finding should be characterized as very low safety significance (Green).
E. Halpin -2-
We have concluded that our preliminary significance determination change in core damage
frequency result of 7.6E-6 per year represents the upper range of the increase in core damage
frequency associated with the performance deficiency. Based on the information provided by
your staff at the regulatory conference, the NRC adjusted a number of assumptions used in the
preliminary significance determination. Specifically, the NRC lowered the common cause alpha
factors and adjusted several assumptions related to medium break loss-of-coolant
accidents. The NRC also performed a variety of human error probability calculations to
determine the likelihood of recovering the functionality of valve SI-2-8982B. The results of these
calculations, which removed much of the conservativism from the assumptions used in the
preliminary risk assessment, predicted a high likelihood of success (96.4 percent success) for
recovering valve SI-2-8982B.
Using these assumptions, the NRC concluded the lower range of increase in core damage
frequency associated with the performance deficiency to be 1.3E-6 per year. Because the
NRCs calculated lower and upper estimations of the increase in core damage frequency of the
performance deficiency were both greater than 1.0E-6 per year but less than 1.0E-5 per year,
the NRC determined the finding was of low-to-moderate safety significance (White). Our
evaluation of the risk significance of the finding is provided in the attachment to this letter.
You have 30 calendar days from the date of this letter to appeal the staffs determination of
significance for the identified White finding. Such appeals will be considered to have merit only
if they meet the criteria given in NRC Inspection Manual Chapter 0609, Attachment 2. An
appeal must be sent in writing to the Regional Administrator, Region IV, 1600 E. Lamar Blvd.,
Arlington, TX 76011.
The NRC has also determined that the failure to develop adequate instructions for the
installation of external limit switches on motor-operated valves is a violation of Technical Specification 5.4.1.a, Procedures, as cited in the enclosed Notice of Violation (NOV). In
accordance with the NRC's Enforcement Policy, the NOV is considered an escalated
enforcement action because it is associated with a White finding for Unit 2.
You are required to respond to this letter and should follow the instructions specified in the
enclosed NOV when preparing your response. If you have additional information that you
believe the NRC should consider, you may provide it in your response to the NOV. The NRC's
review of your response to the NOV will also determine whether further enforcement actions are
necessary to ensure compliance with regulatory requirements.
As a result of our review of Diablo Canyon Power Plants performance, including this White
finding, we have assessed the performance of Diablo Canyon Power Plant, Unit 2, to be in the
Regulatory Response column of the NRCs Action Matrix, effective the third quarter of 2016.
Therefore, we plan to conduct a supplemental inspection using Inspection Procedure 95001,
Supplemental Inspection Response to Action Matrix Column 2 Inputs, when your staff has
notified us of your readiness for this inspection. This inspection procedure is conducted to
provide assurance that the root cause and contributing causes of risk significant performance
issues are understood, the extent of condition and the extent of cause are identified, and the
corrective actions are sufficient to prevent recurrence.
In accordance with 10 CFR 2.390 of the NRC's "Rules of Practice," a copy of this letter and its
enclosure will be made available electronically for public inspection in the NRC Public
Document Room and in ADAMS, accessible from the NRC Web site at
http://www.nrc.gov/reading-rm/adams.html.
E. Halpin -3-
To the extent possible, your response should not include any personal privacy, proprietary, or
safeguards information so that it can be made available to the Public without redaction.
Sincerely,
/RA/
Kriss M. Kennedy
Regional Administrator
Docket Nos. 50-275 and 50-323
License Nos. DPR-80 and DPR-82
Enclosure:
Notice of Violation w/Attachment:
Final Significance Determination
cc: Electronic Distribution via Listserv
for Diablo Canyon Power Plant, Units 1 and 2
SUNSI Review ADAMS Non-Sensitive Publicly Available Keyword:
By: JRG Yes No Sensitive Non-Publicly Available
OFFICE RI:DRP/A SRI:DRP/A BC:DRP/A DRS:SRA TL:ACES RC:ORA OE
NAME JReynoso CNewport JGroom RDeese MHay KFuller GFigueroa
SIGNATURE /RA/Email /RA/Email /RA/ /RA/ /RA/ /RA/ /RA/ E
DATE 12/13/16 12/13/16 12/13/16 12/15/16 12/15/16 12/13/16 12/19/16
OFFICE D:DRS D:DRP RA
NAME AVegel TPruett KKennedy
SIGNATURE /RA/ /RA/ /RA/
DATE 12/13/16 12/13/16 12/28/16
NOTICE OF VIOLATION
Pacific Gas and Electric Company Docket No. 50-323
Diablo Canyon Power Plant License No. DPR-82
During an NRC inspection conducted between May 16 and September 12, 2016, a violation of
NRC requirements was identified. In accordance with the NRCs Enforcement Policy, the
violation is listed below:
Technical Specification 5.4.1.a, Procedures, requires, in part, that written procedures
shall be established, implemented, and maintained covering the applicable procedures
recommended in Appendix A of Regulatory Guide 1.33, Revision 2. Section 9.a of
Appendix A of Regulatory Guide 1.33, Revision 2, requires in part, that maintenance that
can affect the performance of safety-related equipment should be properly preplanned
and performed in accordance with written procedures, documented instructions, or
drawings appropriate to the circumstances.
Contrary to the above, on December 5, 2011, the licensee failed to establish written
procedures for performing maintenance on safety-related equipment, which were
appropriate to the circumstances. Specifically, Procedure MP E-53.10R, Augmented
Stem Lubrication for Limitorque Operated Valves, Revision 4, used to perform
maintenance on safety-related equipment, failed to provide instructions to establish and
check the travel of external switches installed on motor-operated valves are within
vendor established criteria. Consequently, the limit switch for valve RHR-2-8700B was
installed, such that, it was operated repeatedly beyond overtravel tolerances resulting in
its failure on May 16, 2016. As a consequence of this inadequate maintenance
procedure issue, the licensee also violated Unit 2 Technical Specification 3.5.2, ECCS -
Operating, because train B of the emergency core cooling system was determined to be
inoperable for greater than the technical specification allowed outage time of 14 days.
This violation is associated with a White significance determination process finding.
Pursuant to the provisions of 10 CFR 2.201, Pacific Gas and Electric Company is hereby
required to submit a written statement or explanation to the U.S. Nuclear Regulatory
Commission, ATTN: Document Control Desk, Washington, DC 20555-0001; with a copy to the
Regional Administrator, Region IV; and a copy to the NRC resident inspector at the facility that
is the subject of this Notice, within 30 days of the date of the letter transmitting this Notice of
Violation (Notice). This reply should be clearly marked as a "Reply to a Notice of Violation;
EA-16-168" and should include for each violation: (1) the reason for the violation, or, if
contested, the basis for disputing the violation or severity level; (2) the corrective steps that
have been taken and the results achieved; (3) the corrective steps that will be taken; and (4) the
date when full compliance will be achieved.
Your response may reference or include previous docketed correspondence, if the
correspondence adequately addresses the required response. If an adequate reply is not
received within the time specified in this Notice, an order or a Demand for Information may be
issued as to why the license should not be modified, suspended, or revoked, or why such other
action as may be proper should not be taken. Where good cause is shown, consideration will
be given to extending the response time.
Enclosure
If you contest this enforcement action, you should also provide a copy of your response, with
the basis for your denial, to the Director, Office of Enforcement, United States Nuclear
Regulatory Commission, Washington, DC 20555-0001.
Because your response will be made available electronically for public inspection in the NRCs
Public Document Room or from the NRCs document system (ADAMS), accessible from the
NRC website at http://www.nrc.gov/reading-rm/adams.html, to the extent possible, it should not
include any personal privacy, proprietary, or safeguards information so that it can be made
available to the public without redaction.
If personal privacy or proprietary information is necessary to provide an acceptable response,
then please provide a bracketed copy of your response that identifies the information that
should be protected and a redacted copy of your response that deletes such information. If you
request withholding of such material, you must specifically identify the portions of your response
that you seek to have withheld and provide in detail the bases for your claim of withholding (e.g.,
explain why the disclosure of information will create an unwarranted invasion of personal
privacy or provide the information required by 10 CFR 2.390(b) to support a request for
withholding confidential commercial or financial information). If safeguards information is
necessary to provide an acceptable response, please provide the level of protection described
in 10 CFR 73.21.
Dated this 28th day of December 2016
-2-
Diablo Canyon Power Plant, Unit 2, Failure of Valve SI-2-8982B to Open
Final Significance Determination
During the regulatory conference held on November 15, 2016, your staff described their
assessment of the significance of the finding. Specifically, your staff discussed differences
between the NRC's preliminary significance determination and the Diablo Canyon Power
Plant risk assessment. Based on the information provided at the regulatory conference, the
NRC determined that the preliminary significance determination represented the upper
range of the increase in core damage probability associated with the performance
deficiency.
The NRC utilized the information provided by the licensee at the regulatory conference to
estimate the lower range of the increase in core damage frequency associated with the
performance deficiency. The following elements of the risk evaluation were evaluated and
are discussed below.
1. Your staff provided updated motor-operated valve common cause alpha factors.
Based on this updated information, the NRC, when evaluating the lower range in the
increase in risk, reduced the value of the alpha-2 common cause factor in the SPAR
model from 1.92E-2 to 1.77E-2. The alpha-1 factor was also adjusted accordingly.
2. Your staff presented an updated containment analysis that demonstrated medium break
loss-of-coolant accidents (MLOCAs), with pipe breaks less than 4.5 inches in diameter,
would not result in sufficient containment pressure to start the containment spray pumps.
The NRC reviewed the updated containment analysis and agreed that for MLOCAs less
than 4.5 inches in diameter, the containment spray pumps likely would not start.
Consequently, the analyst adjusted the non-recoverable MLOCAs from 3.5 to 4.5 inches
when evaluating the lower range of the increase in core damage frequency for the final
significance determination. The analyst performed a sensitivity analysis for smaller and
larger non-recoverable MLOCAs ranging from 4.0 to 5.0 inches and concluded these
changes had a minor effect on the outcome of the detailed risk evaluation.
This application of less frequent, non-recoverable, loss-of-coolant accidents (LOCAs) led
the NRC to ensure all non-recoverable LOCAs were accounted for in their detailed risk
evaluation. Large break LOCAs (LOCAs with greater than 6-inch pipe breaks) were
truncated in the preliminary evaluation because they comprised less than 2 percent of
the estimate of total increase in core damage frequency. With the information provided
by the licensee, large break LOCAs came to comprise a larger and significant portion of
the estimate of total increase in core damage frequency and their contribution was
accounted for in the final detailed risk evaluation. The estimate of the increase in core
damage frequency from large break LOCAs was 1.4E-7 per year. The NRC discussed
the increased contribution from large break LOCAs at the regulatory conference.
3. Your staff presented a different methodology for determining the frequency of MLOCA
for differing break sizes by using NUREG-1829, Estimating Loss-of-Coolant Accident
(LOCA) Frequencies through the Elicitation Process, April 2008.
When evaluating the lower range of the increase in core damage frequency for the final
significance determination, the NRC updated the method of deconstructing MLOCAs
using a logarithmic-linear function method.
Attachment
Through the process of reviewing NUREG-1829, the NRC identified that initiating event
frequencies for LOCAs in the NRC SPAR model were derived from the 25-year fleet
average operations life when NUREG-1829 was published in 2008. The NRC averaged
the 25-year and 40-year LOCA frequencies to obtain frequencies with a more accurate
reflection of fleet average operations. The NRC discussed the fact that the LOCA
initiating event frequencies in the SPAR model were dated at the regulatory conference.
The application of these methods resulted in a reduction in the break frequency for
MLOCAs between 4.5 to 6 inches to 5.21E-6 per year.
4. Your staff presented information related to strategies for reactor coolant system
cooldown, throttling of the emergency core cooling system (ECCS) flow to the reactor
core and refilling of the refueling water storage tank (RWST). These strategies would be
employed to increase the time available for the various recovery methods.
When evaluating the lower range in the increase in risk, the NRC evaluated these
strategies to determine the impact on the time available to recover valve SI-2-8982B.
These strategies do not directly provide for successful recovery of valve SI-2-8982B, but
instead slow the drain rate of the RWST, allowing additional time to implement the
electrical and mechanical recovery options.
Throttling of ECCS flow is directed by Emergency Operating Procedure (EOP)
Emergency Contingency Action (ECA) 1.1, Loss of Emergency Coolant Recirculation,
Revision 21, Step 18. This procedure directs operators to stop all but one ECCS
centrifugal charging pump, provided the reactor coolant system is at least 70°F
subcooled. This action could occur at various times during the reactor coolant system
cooldown and results in a reduction in ECCS flow to approximately 400-500 gallons per
minute (gpm).
Refilling of the RWST is directed in Step 7.a of Procedure ECA 1.1. This procedure step
directs operators to ECA 1.1, Appendix M, RWST Makeup, and provides two methods
for adding inventory to the RWST. Makeup from the spent fuel pool is the preferred
method. Your staff provided analysis that demonstrated the ability to add approximately
41,700 gallons of spent fuel pool water inventory to the RWST at a rate of 250 gpm. The
liquid hold-up tanks could also be used for makeup but only after recirculation, sampling,
and evaluation by the technical support center (TSC) staff.
The NRC reviewed these strategies and determined they would have a high likelihood of
success (97.8 percent) because they are procedurally driven, high stress, and have
mostly nominal performance shaping factors (PSFs).
While the actions to reduce the drain rate on the RWST through adding inventory and/or
reducing ECCS flow are not procedurally directed until directed by Procedure ECA 1.1,
the NRC considered that for smaller LOCAs, full staffing of the TSC would likely have
occurred prior to the swap over from the RWST to the containment recirculation sump.
With this additional technical expertise available, the NRC assumed that the reduced
drain rate on the RWST would provide additional time for recovery actions and factored
this time into the individual analysis of each method. A sensitivity analysis was
performed that showed changes in the failure rate to refill the RWST or throttle ECCS
had a negligible effect on the outcome of the detailed risk evaluation.
A-2
5. Your staff presented a timeline that, following cessation of ECCS injection flow,
demonstrated a peak core temperature of 1800°F (i.e., onset of core damage) occurring
at 2.8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.
Experts from the NRCs Office of Nuclear Reactor Research reviewed your Modular
Accident Analysis Program (MAAP) thermal-hydraulic analysis and found the timing for
core damage to be acceptable for the conditions of the analysis. The original analyses
assumed the time to core damage after termination of injection was approximately
1.4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, consistent with data from NUREG-2187, Confirmatory Thermal-Hydraulic
Analysis to Support Specific Success Criteria in the Standardized Plant Analysis Risk
Models - Byron Unit 1. The NRC considered the additional time to core damage when
evaluating the lower range of the increase in core damage frequency for the final
significance determination.
6. Your staff presented an additional recovery method not originally recognized during
development of the preliminary risk assessment. This new recovery method involved
the use of a maintenance procedure to install electrical jumpers to bypass the interlock
that prevented opening of valve SI-2-8982B.
The NRC reviewed the additional recovery method involving the use of electrical
jumpers to bypass the interlock that prevented opening of valve SI-2-8982B. The
analyst used SPAR-H to determine the feasibility of the proposed recovery action. The
analyst identified several impediments to implementing this recovery method.
Specifically, the method would have to be diagnosed with low experience and
training, was moderately complex, and would be performed under high stress.
The NRC reviewed the licensees human reliability analysis for the electrical jumper
recovery method, which estimated the failure probability of the human action
of 8.7E-2. The NRC concluded that procedures were poor in both diagnosis and
action. The task was also subject to high dependency to the electrical recovery
because the same crew would be used, the tasks would be close in time, and no
additional cues would be present. Procedures for use of the jumper method were
not referenced in the EOPs and were subject to TSC staff action to develop and
prepare for use by referencing a maintenance procedure during the event. The
NRC estimated the failure probability of the jumper method to be 5.7E-1. The NRC
included credit for the electrical jumper method with TSC directed recoveries,
discussed in Item 9, when determining the lower range of the increase in core damage
frequency for the final significance determination.
7. Your staff presented information related to the Time Available, Experience and
Training, Procedures, and Ergonomics PSFs for recovery by local, manual operation
of the valve (also referred to as the mechanical recovery option). In particular, your staff
presented information that the Time Available PSF for action should be characterized
as Extra Time Available, and the Experience and Training and Ergonomics PSFs
should be characterized as Nominal. The NRC reviewed the licensees suggested
enhancements to the PSFs and the assumptions used in the preliminary detailed risk
evaluation.
For the Time Available PSF, the analyst determined the initial attempt to mechanically
open valve SI-2-8982B would occur prior to any TSC action to refill the RWST or throttle
ECCS flow. This is because these actions are directed by EOP emergency contingency
A-3
action procedures, which are implemented after the failure to open valve SI-2-8982B and
valve SI-2-8982A during implementation of Procedure EOP E-1.3.
The timeline presented at the regulatory conference was derived from licensee
calculation MAAP16-03, Diablo Canyon Power Plant Calculation - Loss of Recirculation
Function, Revision 0, and assumed ECCS injection was reduced to only one train of
charging injection 12 minutes after the RWST reached 33 percent level. The NRC
concluded that the licensees emergency operating procedures would not call for this
action until numerous steps had been completed after reaching the 33 percent level in
the RWST. The NRC identified that a sensitivity in calculation MAAP16-03, which
reduced ECCS injection to one charging train at 45 minutes after RWST level reached
33 percent, was more reflective of how the plant would be operated, recognizing it could
take longer than 45 minutes. This sensitivity included RWST make-up and shortened
the timeline by approximately 1.5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />. This aided the NRC in concluding that the time
available was shorter than the timeline presented at the regulatory conference and
would be less than five times that required for the human performance basic events.
Additionally, the NRC considered the guidance in Section 3.1, Available Time, of
document INL/EXT-10-18533, SPAR-H Step-by-Step Guidance, Revision 2, to assign
the available time PSF for action as nominal and the remainder of the time was assigned
to the diagnosis part of the event. As such, the analyst determined that the Time
Available PSF should be characterized as Nominal for mechanically opening
valve SI-2-8982B.
For the Experience and Training PSF, the licensee noted that operators are trained on
operations of similar motor-operated valves elsewhere in the plant. The NRC
considered local, manual valve operation in the recirculation chamber, while dressed in
protection clothing, as unique when compared to other motor-operated valves. This
uniqueness, combined with the few past operations of the valve in this manner, and
industry operating experience, resulted in the analyst concluding the Experience and
Training PSF to be low.
Your staff discussed the procedures used for opening the recirculation valve chamber
guard. The NRC noted that in calculation SDP16-05, SPAR Evaluation for
8982B/8700B Interlock Failure, Revision 0, the licensee assumed the Procedures PSF
to be available, but poor. For the Procedures PSF, the analyst determined that
information needed to complete the mechanical recovery method was not contained in
standard operating procedures.
In particular, your staff stated that there is not an existing emergency procedure to open
the valve SI-2-8982B chamber guard and that during the postulated event, existing
outage related work instructions would be used to develop the emergency instructions to
open the chamber guard to allow for the mechanical recovery method. The analyst
determined that this lack of guidance more closely aligned with the definition of an
incomplete procedure rather than a procedure that is available but poor.
For the Ergonomics PSF, the NRC concluded that the information supplied by your
staff and the design of the plant supports correct performance, but does not enhance
performance or make tasks easier to carry out than typically expected. As such, the
analyst determined that the Ergonomics PSF is more appropriately characterized as
Nominal.
A-4
The NRC reassessed the overall human error probability based on the changes to the
PSFs discussed above. When evaluating the lower range of the increase in core
damage frequency for the final significance determination, the NRC lowered the
mechanical recovery failure probability from 5.8E-1 (42.0 percent success) to 1.1E-1
(89.0 percent success).
8. Your staff presented information related to the Time Available and Procedures PSFs
related to electrical recovery option using the motor contactors. In particular, your staff
presented information that the Time Available PSF should be characterized as
Expansive Time Available and the Procedures PSF should be characterized as
Available but Poor. The NRC reviewed the licensees suggested enhancements to the
PSFs and the assumptions used in the preliminary detailed risk evaluation.
For the Time Available PSF, the analyst determined that initiation of the electrical
recovery method occurs after initiation of the mechanical recovery method. The cause
of this delay is due to the structure of the EOPs. In particular, Procedure EOP-1.3,
Transfer to Cold Leg Recirculation, Revision 15, response not obtained for Step 6.b.2,
first directs operators to manually or locally open valve SI-2-8982B with assistance from
mechanical maintenance at the 64-foot residual heat removal penetration. The NRC
determined that because of standard procedural use and adherence rules, the manual,
mechanical opening of Valve SI-2-8982B would occur first.
Following the inability to open valve SI-2-8982B with assistance from mechanical
maintenance at the 64-foot residual heat removal penetration, the licensee would
progress through Procedure EOP-1.3, Step 8. In scenarios involving the inability to
establish cold leg recirculation using the train A ECCS components, the licensee would
then be directed to EOP ECA 1.1, Loss of Emergency Coolant Recirculation,
Revision 21. Step 2 of ECA 1.1 instructs operators to try to restore emergency coolant
recirculation equipment by several means. The NRC determined that this procedural
step is the first guidance that directs plant operators to attempt the electrical recovery
method. Specifically, Step 2.d has operators check power available to valves required
for recirculation swap over and refers to an appendix with valve power supplies.
The NRC assumed that this would delay the initiation of the electrical recovery to the
point where the time available would be less than five times the time required. This
timing led to the NRC assigning the PSF with nominal time.
Further, the NRC considered the guidance in Section 3.1, Available Time, of
document INL/EXT-10-18533, SPAR-H Step-by-Step Guidance, Revision 2, to assign
the available time PSF for action as nominal and the remainder of the time was assigned
to the diagnosis part of the event. This determination of nominal time for action was
different than originally characterized in the inspection report for this issue, where it was
characterized as extra time. Through re-analysis of the suggested changes to the PSFs,
the NRC determined that the PSF is better characterized as nominal time.
For the Procedures PSF, the analyst determined that information needed to complete
the electrical contactor recovery method is not contained in standard operations
department procedures. In particular, Procedure O-22 required plant personnel to refer
to other documents, including complex electrical drawings and schematics, to select the
correct contactors. The NRC determined that the PSF for Procedures was the less risk
significant available but poor even though the guidance in Procedure O-22 closely
aligned with the definition of an incomplete procedure.
A-5
For the Complexity PSF, the licensee proposed moderate complexity because there
was little ambiguity in operating the valve contactor. The NRC assigned the PSF for
Complexity with the less risk significant moderate despite having some aspects which
align with highly complex.
The NRC reassessed the overall human error probability based on the changes to the
PSFs discussed above. When evaluating the lower range of the increase in core
damage frequency for the final significance determination, the NRC concluded that the
electrical recovery yielded a failure probability of 3.8E-1 (62.0 percent success), the
same value used in the preliminary risk evaluation.
The licensee presented information at the regulatory conference that operation of the
wrong contactor was less likely to damage the motor than originally thought. The NRC
originally assumed that operation of the closed contactor would damage the motor for
the motor-operated valve based on data from the Electrical Power Research Institute
study.
The licensee provided information that a blue indicating light at the cabinet where the
valve was being operated would illuminate between 7 - 11 seconds to alert operators
that an electrical overload condition existed. The licensee stated that operators would
then cease operating the contactor. The licensee presented motor performance curve
data that showed that no motor damage would occur due to the motor operating at
locked rotor amperage for up to 10 seconds.
The NRC concluded that due to the proximity of the overload light illumination to the time
that the motor could sustain damage, that 75 percent of the time the motor would sustain
damage or burnup such that the motor for the motor operator would be rendered
unavailable. The 75 percent value was derived from judgement of the nominal
illumination time, time for recognition by the operator, uncertainty of the operators
knowledge of the meaning of the light, reaction time by the operator, and the EPRI study
of valve motors being damaged after just 12 seconds of locked rotor amp operations.
This motor unavailability would eliminate further electrical recovery attempts.
9. Your staff presented information that all recovery options, including the mechanical
opening of the valve and electrical opening of the valve by use of the motor start
contactors, would be pursued in parallel.
The NRC, when developing the final significance determination, reviewed the licensees
EOP and ECA procedures to determine the exact sequence of actions expected
following the failure of valve SI-2-8982B. Following any LOCA, operators transfer the
ECCS to cold leg recirculation following depletion of the RWST, as directed in
Procedure EOP-1.3, Transfer to Cold Leg Recirculation, Revision 15. For the core
damage sequence of concerns related to the performance deficiency that affected the
ability to open valve SI-2-8982B, the NRC noted the following important sequence of
actions expected:
EOP-1.3, Step 6.b.2, open valve SI-2-8982B to place residual heat removal
train B in cold-leg recirculation.
EOP-1.3, response not obtained for Step 6.b.2, locally open valve SI-2-8982B.
The NRC assumed this is the mechanical recovery option, discussed in Item 7
above.
A-6
EOP-1.3, Step 8, place residual heat removal train A in cold-leg recirculation.
EOP-1.3, response not obtained for Step 8.b, Go to ECA-1.1, Loss of
Emergency Coolant Recirculation.
ECA-1.1, Step 2.d, try to restore emergency coolant recirculation equipment by
locally operating valves as required. The NRC assumed this is the electrical
contactor recovery option, discussed in Item 8 above.
ECA-1.1, Step 7, add makeup to the RWST as necessary.
ECA-1.1, Step 10, initiate reactor coolant system cooldown to cold shutdown.
ECA-1.1, Steps 15-18, throttle ECCS flow to minimum required to remove decay
heat.
Following successful refilling of the RWST and throttling of ECCS, the licensee would
have a number of recovery options available through TSC directed recoveries. These
recoveries could include additional mechanical recovery attempts and if the motor
operator was not damaged, electrical recovery attempts through use of the motor
contactors or the electrical jumper method described at the regulatory conference. Extra
time could also be used to prolong the time available to restore ECCS recirculation
through strategies, such as, makeup to the RWST from the boric acid blender, initiation
of normal charging from the volume control tank or refilling of the RWST from the liquid
holdup tanks.
There is uncertainty associated with the likelihood of these recoveries because they
involve diagnostic troubleshooting and assessment by the TSC staff and actions that are
not, in some cases, procedurally driven. The NRC determined that TSC directed
recoveries are subject to high dependency because the same crew would be used, the
tasks would be close in time, and no additional cues would be present. As such, the
NRC evaluated the composite likelihood of failure of these actions and determined they
have an effective failure probability of 5.0E-1, using the SPAR-H guidance for high
dependency.
Based on the above, the NRC found that the proposed recovery actions are more
reflective of sequentially directed actions rather than parallel actions. The NRC
considered the continuous action nature of ECA-1.1, Step 2, which allows the TSC to
pursue multiple methods to recover ECCS recirculation following the initial failure of
valve SI-2-8982B and the inability to recover the valve by local manual operation.
Using insights from the above sequence, the NRC evaluated the availability of three
potential recovery methods combined with the failure probabilities of throttling ECCS
flow, refilling the RWST, and potentially damaging the motor during the electrical
recovery method. When evaluating the lower range of the increase in core damage
frequency for the final significance determination, the NRC approximated the overall
recovery probability by multiplying the failure probabilities of the mechanical and
electrical options and reduced the effective recovery failure probability from 2.4E-1
(76.0 percent success) to 3.6E-2 (96.4 percent success).
A-7
10. Your staff identified that additional risk benefit could be gained through recovery of
valve SI-2-8982A, the opposite train valve that is subjected to the same maintenance as
valve SI-2-8982B and, therefore, could be susceptible to failure due to the same
incorrectly set external limit switch. Your staff did not specifically quantify recovery of
valve SI-2-8982A, but instead included a qualitative sensitivity that additional risk credit
could be gained through recovery of this valve.
The analyst followed the NRCs guidance for crediting recovery in cutsets involving a
common cause failure basic event contained in Section 5.0, Common Cause Failure
Modeling, of Volume 1, Internal Events, of the Risk Assessment of Operational
Events. This guidance prescribes that for cutsets that involve the common cause failure
basic event that was impacted by the observed single failure, the potential for recovery
should consider only the failure mechanism of the observed failure. As a result, the
NRC did not consider any recovery credit in cutsets containing a common cause failure
of valve SI-2-8982A.
11. Your staff presented application of updated recovery actions to the increase in core
damage frequency from external events included in the preliminary risk assessment.
Your analysis represented an increase in core damage frequency of 4.56E-8 per year.
Similarly, the NRC applied the recoveries, discussed in Items 4-9 above, to external
events when evaluating the lower range of the increase in core damage frequency for
the final significance determination. When including these recoveries, the NRC
estimated the increase in core damage frequency, from external events, as 5.0E-8 per
year.
In summary, we concluded that our preliminary risk assessment of 7.6E-6 per year represented
the upper range of the increase in core damage frequency associated with the performance
deficiency. Based on the information provided by your staff at the regulatory conference, the
NRC adjusted a number of assumptions used in the preliminary risk assessment to determine
the lower range of the increase in risk associated with the performance deficiency. Specifically,
the NRC adjusted the common cause alpha factors, the initiating events frequency for various
MLOCAs scenarios, and the assumption relative to the actuation of containment spray for a
MLOCA. The NRC also performed a variety of human error probability calculations to
determine the likelihood of recovering valve SI-2-8982B. Notably, the NRC adjusted the PSFs
for the mechanical and electrical recovery methods.
For the mechanical recovery method, the NRC applied the less risk significant Ergonomics -
Nominal PSF. The NRC continued to apply the Procedures - Incomplete PSF because, as
stated by your staff at the regulatory conference, instructions would need to be developed to
open the recirculation guard chamber and access valve SI-2-8982 during a LOCA event. The
NRC also continued to apply the Available Time - Nominal PSF for this recovery method.
Specifically, while your staff provided detailed information related to strategies to refill the RWST
and throttle ECCS flow, the NRC concluded the initial attempt to mechanically open
valve SI-2-8982B would occur prior to any procedurally driven action to refill the RWST or
throttle ECCS.
The NRC also considered information presented at the regulatory conference and concluded
that your staffs timeline represented recovery under ideal conditions. Using assumptions based
of the sequence of steps outlined in the EOPs and recognizing the uncertainty that
A-8
accompanies complex reactor events, the NRC concluded the available time to be less than five
times the time required for the human performance basic events.
For the electrical recovery methods, the NRC applied the less risk significant Procedures and
Complexity PSF. The NRC also applied the more risk significant Available Time - Nominal
PSF for this recovery method. Specifically, the NRC staff reviewed the Diablo Canyon Power
Plant EOPs and identified that application of the electrical recovery method would not occur
first, as assumed in the preliminary risk assessment. Instead, the NRC staff concluded that the
EOP procedure structure would direct this action after the mechanical recovery method failed
but before action is taken to refill the RWST and throttle ECCS flow. Recognizing the
uncertainty that accompanies complex reactor events, the NRC concluded the available time to
be less than five times the time required for the human performance basic events.
The results of these calculations, which removed much of the conservativism from the
assumptions used in the preliminary risk assessment, predicted a high likelihood of success
(96.4 percent success) for recovering valve SI-2-8982B. Using these assumptions, the NRC
concluded the lower range of increase in core damage frequency associated with the
performance deficiency to be 1.3E-6 per year. Because the NRCs calculated lower and upper
estimations of increase in core damage frequency of the performance deficiency were both
greater than 1.0E-6 but less than 1.0E-5, the NRC determined the finding was of low to
moderate safety significance (White).
A-9