Information Notice 2012-12, HVAC Design Control Issues Challenge Safety System Function: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| Line 14: | Line 14: | ||
| page count = 5 | | page count = 5 | ||
}} | }} | ||
{{#Wiki_filter: | {{#Wiki_filter:UNITED STATES | ||
NUCLEAR REGULATORY COMMISSION | NUCLEAR REGULATORY COMMISSION | ||
| Line 22: | Line 22: | ||
OFFICE OF NEW REACTORS | OFFICE OF NEW REACTORS | ||
WASHINGTON, DC | WASHINGTON, DC 20555-0001 July 24, 2012 NRC INFORMATION NOTICE 2012-12: HVAC DESIGN CONTROL ISSUES CHALLENGE | ||
SAFETY SYSTEM FUNCTION | |||
==ADDRESSEES== | ==ADDRESSEES== | ||
All holders of an operating license or construction permit for a nuclear power reactor or a | All holders of an operating license or construction permit for a nuclear power reactor or a | ||
(10 | non-power (research or test) reactor issued under Title 10 of the Code of Federal Regulations | ||
(10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, except those | |||
who have permanently ceased operations and have certified that fuel has been permanently | |||
, standard design certification, standard design approval, or manufacturing license under 10 CFR Part 52, | removed from the reactor vessel. | ||
All holders of and applicants for a power reactor early site permit, combined license, standard | |||
design certification, standard design approval, or manufacturing license under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants. | |||
==PURPOSE== | ==PURPOSE== | ||
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform addressees about certain events involving heating, ventilation | The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform | ||
addressees about certain events involving heating, ventilation, and air conditioning (HVAC) | |||
system design control issues that challenged, or potentially challenged, safety system functions. | |||
The NRC expects recipients to review the information contained within for applicability to their | |||
, | facilities and consider actions, as appropriate, to avoid similar occurrences. Suggestions | ||
contained within this IN are not NRC requirements; therefore, no specific action or written | |||
response is required. | |||
==DESCRIPTION OF CIRCUMSTANCES== | ==DESCRIPTION OF CIRCUMSTANCES== | ||
Susquehanna Steam Electric Station (Susquehanna) HVAC Controller | Susquehanna Steam Electric Station (Susquehanna) HVAC Controller | ||
On January | On January 3, 2011, PPL, the licensee for Susquehanna, identified a single-point vulnerability in | ||
the reactor building HVAC system. The vulnerability was that a failure of a nonsafety-related | |||
temperature controller coincident with outside ambient air temperatures below 10 degrees | |||
Fahrenheit (oF) could result in a spurious steam leak detection (SLD) system isolation on high | |||
differential temperature ( T), causing simultaneous isolation of main steam isolation valves | |||
(MSlV), the high pressure coolant injection system, and the reactor core isolation cooling | |||
system. This vulnerability was common to both Susquehanna Units 1 and 2 and had been in | |||
existence since the plants began licensed operations. | |||
PPL initially reported the issue through an event notification (EN) (EN 46519) under | |||
10 CFR 50.72, Immediate Notification Requirements for Operating Nuclear Power Reactors, as an unanalyzed condition (10 CFR 50.72 (b)(3)(ii)(B)) and an accident mitigation concern | |||
(10 CFR 50.72 (b)(3)(v)(D)). However, on February 28, 2011, PPL submitted an updated EN | |||
CFR 50.72 (b)(3)( | |||
mitigation | that removed the accident mitigation consideration based on the low likelihood of a reactor | ||
ML12115A012 building temperature controller failure during a period when outside temperature was below | |||
10 oF (both conditions are required for the deficient SLD system isolation on high T to occur). | |||
PPL provided additional information pertaining to this issue in the form of a 10 CFR 50.73, License Event Report [LER] System, for an unanalyzed condition (LER 3872011001). The | |||
LER stated that the single-point vulnerability was discovered during the preparation of a | |||
10 | 10 CFR 50.59, Changes, Tests and Experiments, determination for an engineering change to | ||
remove the SLD high T isolation function to address obsolescence of the functions | |||
components. The licensee attributed the issue to a less than adequate single-failure analysis | |||
performed during the original plant design. | |||
-failure analysis performed during the | The original single-failure analysis was performed consistent with accepted practices during the | ||
period of the initial plant design. In 2007, Susquehanna engineers received training on failure | |||
modes and effects analysis (FMEA) techniques. This training updated the expectations for | |||
FMEAs performed on nonsafety systems. Consequently, Susquehanna engineers used the | |||
new techniques when evaluating the impact of removing the SLD isolation function and, in the | |||
process, identified the single-point vulnerability deficiency. | |||
The corrective actions for this issue included removing the isolation function of the SLD system | |||
T instrumentation and performing a FMEA on all nonsafety systems that could cause an | |||
or | isolation of the emergency core cooling system or MSIVs as an extent of condition assessment. | ||
The report, | The report, Susquehanna Steam Electric Station - NRC Integrated Inspection Report | ||
05000387/2011003 and 05000388/2011003 and Exercise of Enforcement Discretion, dated | |||
August 10, 2011 (Agencywide Documents Access and Management System (ADAMS) | |||
Accession No. ML112220409), provides the results of the NRC inspection related to this issue. | |||
Diablo Canyon Power Plant Auxiliary Building Ventilation System Actuation Logic | |||
Diablo Canyon Nuclear Power Plant (DCNPP) completed modifications to its auxiliary building | |||
ventilation systems (ABVS) in November 2010. These modifications included replacement of | |||
relay-based actuation logic with a programmable logic controller (PLC). The licensee | |||
implemented the modification to address problems with reliability and availability (i.e. | |||
obsolescence). The licensee reviewed the modification design to ensure applicable | |||
single-failure criteria were met. Notwithstanding the licensees review, on January 10, 2011, during containment spray pump quarterly testing, a deficiency in the actuation logic of the | |||
recently installed PLC resulted in a complete loss of the Unit 2 ABVS when a damper failed to | |||
open as required because of leakage past a piston seal. This led one of the two ABVS exhaust | |||
fans to trip and prevented the other exhaust fan from starting; thus ABVS became inoperable. | |||
The loss of the ABVS required the licensee to take action in accordance with Technical | |||
Specification Limiting Condition for Operation 3.0.3 (i.e., action statement to reduce mode of | |||
plant operation) for approximately 20 minutes until operators restored the ABVS system through | |||
manual actions. The failure of the piston seal was attributed to using the seal beyond its | |||
defined service life, contrary to the requirements of the licensees preventive maintenance | |||
program for the seal. | |||
DCNPP initially reported this event through a 10 CFR 50.72 EN (EN 46531) as an unanalyzed | |||
condition (10 CFR 50.72(b)(3)(ii)(B)) and an accident mitigation concern | |||
(10 CFR 50.72(b)(3)(v)(D)). The licensee provided additional information in the form of a | |||
10 CFR 50.73 LER for an unanalyzed condition and safety system functional failure | |||
(LER 2752011002). In the LER, the licensee incorrectly attributed the cause of the loss of the ABVS to a nonconforming single-failure vulnerability in the ABVS system design that existed as | |||
part of the original design for both DCNPP Units. It was later determined that the 2010 | |||
modifications to the ABVS control logic introduced a single-failure vulnerability, where ABVS | |||
exhaust fans tripped when a system damper was not fully opened. | |||
The corrective actions for this issue consisted of modifying the design of both DCNPP units to | |||
satisfy the single-failure design criteria, revising the design change process to include a design | |||
evaluation of new and old failure modes based on the current licensing and design bases, and | |||
revising the licensing basis. | |||
- | The report, Diablo Canyon Power Plant - NRC Integrated Inspection Report | ||
05000275/2011002 and 05000323/2011002, dated May 11, 2011 (ADAMS Accession | |||
No. ML111310608), provides the results of the NRC inspection related to this issue. | |||
Point Beach Nuclear Plant (Point Beach) Control Room Emergency Filtration Fan Thermal | |||
Overload | |||
On February 3, 2007, Point Beach lost operability of the control room emergency filtration | |||
system (CREFS) because of an inadequately designed modification (LER 2662007001). In | |||
October 2006, the licensee installed a modification (high efficiency CREFS fan motors) for the | |||
, | |||
purpose of increasing the low flow margin. During the design of this modification, an incorrect | |||
assumption was made that outside temperature had a negligible effect on motor current draw, so no compensation for low temperature was included in the motor thermal overload design. | |||
On February 3, 2007, with outside temperature at 6 oF, a CREFS fan tripped during a Technical | |||
Specification surveillance test because of a thermal overload relay trip. After evaluating the | |||
, | cause of the trip, the licensee declared both CREFS fans inoperable because the fan motors | ||
had inadequately sized thermal overload heater elements. | |||
The corrective actions for this issue included replacing the overload heater elements with | |||
elements having trip current setpoints adjusted to values that considered design requirements. | |||
The report, Point Beach Nuclear Power Plant, Units 1 and 2, NRC Integrated Inspection Report | |||
05000266/2007002 and 05000301/2007002, dated April 12, 2007 (ADAMS Accession No. | |||
to | ML071020081), provides the results of the NRC inspection related to this event. | ||
==BACKGROUND== | |||
Criterion III of Appendix B to 10 CFR Part 50 requires, in part, that licensees ensure that | |||
applicable regulatory requirements and design basis are correctly translated into specifications, drawings, procedures, and instructions. Furthermore, design changes, including field | |||
changes, shall be subject to design control measures commensurate with those applied to the | |||
. | original design... | ||
==DISCUSSION== | ==DISCUSSION== | ||
In each event described in this | In each event described in this IN, a safety systems function was challenged or potentially | ||
IN, a safety | |||
In the first case, a long | challenged because of design control issues. In the first case, a long-standing design control | ||
issue was finally identified after the licensee adopted updated methods of analyzing nonsafety | |||
system designs for single failures. In the second and third cases, actual safety system | |||
functional failures occurred as a result of licensees implementing deficient modifications. These | |||
events illustrate the importance of evaluating modifications rigorously to verify that design-basis | |||
requirements are satisfied. | |||
==CONTACT== | ==CONTACT== | ||
This IN requires no specific action or written response. | This IN requires no specific action or written response. Please direct any questions about this | ||
matter to the technical contacts listed below or to the appropriate Office of Nuclear Reactor | |||
Regulation or Office of New Reactors project manager. | |||
/RA by JLuehman for/ | /RA by JLuehman for/ /RA by SBahadur for/ | ||
Laura A. Dudes, Director Timothy J. McGinty, Director | |||
Division of Construction Inspection Division of Policy and Rulemaking | |||
and Operational Programs Office of Nuclear Reactor Regulation | |||
===Office of New Reactors=== | |||
Technical Contacts: Samir Darbali, NRR | |||
301-415-3730 | |||
E-mail: Samir.Darbali@nrc.gov | |||
David Garmon, NRR | |||
301-415- | 301-415-3512 E-mail: David.Garmon@nrc.gov | ||
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under NRC Library/Document Collections. | |||
ML12115A012 *via e-mail TAC ME7683 NRR/DIRS/IOE NRR/DE/EIC NRR/DPR/PRL | |||
OFFICE NRR/DIRS/IOEB* Tech Editor* NRR/DE/EICB* | |||
B/BC* B/BC* B/BC* | |||
HChernoff JThorp JQuichocho | |||
NAME DGarmon CHsu SDarbali | |||
(EThomas for) | |||
DATE 6/14/12 4/30/12 6/20/12 6/18/12 6/20/12 7/5/12 NRR/DPR/PG NRR/DPR/PG NRR/DPR/PGC NRR/DPR/P | |||
OFFICE NRR/DE/D NRO/DCIP/D NRR/DPR/D | |||
NRR/DE/ | |||
CB/LA* CB/PM B/BC GCB/LA | |||
PHiland LDudes TMcGinty | |||
NAME CHawes ARussell DPelton CHawes | |||
(MCheok for) (JLuehman for) (SBahadur for) | |||
DATE 6/28/12 7/10/12 7/12/12 7/18/12 7/18/12 7/24/12 7/24/12}} | |||
DATE 6/28/12 7/10/12 7/12/12 7/18/12 7/18/12 7/24/12 7/24/12}} | |||
{{Information notice-Nav}} | {{Information notice-Nav}} | ||
Latest revision as of 05:35, 12 November 2019
| ML12115A012 | |
| Person / Time | |
|---|---|
| Issue date: | 07/24/2012 |
| From: | Laura Dudes, Mcginty T Division of Construction Inspection and Operational Programs, Division of Policy and Rulemaking |
| To: | |
| Garmon-Candelaria D | |
| References | |
| IN-12-012 | |
| Download: ML12115A012 (5) | |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
OFFICE OF NEW REACTORS
WASHINGTON, DC 20555-0001 July 24, 2012 NRC INFORMATION NOTICE 2012-12: HVAC DESIGN CONTROL ISSUES CHALLENGE
SAFETY SYSTEM FUNCTION
ADDRESSEES
All holders of an operating license or construction permit for a nuclear power reactor or a
non-power (research or test) reactor issued under Title 10 of the Code of Federal Regulations
(10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, except those
who have permanently ceased operations and have certified that fuel has been permanently
removed from the reactor vessel.
All holders of and applicants for a power reactor early site permit, combined license, standard
design certification, standard design approval, or manufacturing license under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants.
PURPOSE
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform
addressees about certain events involving heating, ventilation, and air conditioning (HVAC)
system design control issues that challenged, or potentially challenged, safety system functions.
The NRC expects recipients to review the information contained within for applicability to their
facilities and consider actions, as appropriate, to avoid similar occurrences. Suggestions
contained within this IN are not NRC requirements; therefore, no specific action or written
response is required.
DESCRIPTION OF CIRCUMSTANCES
Susquehanna Steam Electric Station (Susquehanna) HVAC Controller
On January 3, 2011, PPL, the licensee for Susquehanna, identified a single-point vulnerability in
the reactor building HVAC system. The vulnerability was that a failure of a nonsafety-related
temperature controller coincident with outside ambient air temperatures below 10 degrees
Fahrenheit (oF) could result in a spurious steam leak detection (SLD) system isolation on high
differential temperature ( T), causing simultaneous isolation of main steam isolation valves
(MSlV), the high pressure coolant injection system, and the reactor core isolation cooling
system. This vulnerability was common to both Susquehanna Units 1 and 2 and had been in
existence since the plants began licensed operations.
PPL initially reported the issue through an event notification (EN) (EN 46519) under
10 CFR 50.72, Immediate Notification Requirements for Operating Nuclear Power Reactors, as an unanalyzed condition (10 CFR 50.72 (b)(3)(ii)(B)) and an accident mitigation concern
(10 CFR 50.72 (b)(3)(v)(D)). However, on February 28, 2011, PPL submitted an updated EN
that removed the accident mitigation consideration based on the low likelihood of a reactor
ML12115A012 building temperature controller failure during a period when outside temperature was below
10 oF (both conditions are required for the deficient SLD system isolation on high T to occur).
PPL provided additional information pertaining to this issue in the form of a 10 CFR 50.73, License Event Report [LER] System, for an unanalyzed condition (LER 3872011001). The
LER stated that the single-point vulnerability was discovered during the preparation of a
10 CFR 50.59, Changes, Tests and Experiments, determination for an engineering change to
remove the SLD high T isolation function to address obsolescence of the functions
components. The licensee attributed the issue to a less than adequate single-failure analysis
performed during the original plant design.
The original single-failure analysis was performed consistent with accepted practices during the
period of the initial plant design. In 2007, Susquehanna engineers received training on failure
modes and effects analysis (FMEA) techniques. This training updated the expectations for
FMEAs performed on nonsafety systems. Consequently, Susquehanna engineers used the
new techniques when evaluating the impact of removing the SLD isolation function and, in the
process, identified the single-point vulnerability deficiency.
The corrective actions for this issue included removing the isolation function of the SLD system
T instrumentation and performing a FMEA on all nonsafety systems that could cause an
isolation of the emergency core cooling system or MSIVs as an extent of condition assessment.
The report, Susquehanna Steam Electric Station - NRC Integrated Inspection Report 05000387/2011003 and 05000388/2011003 and Exercise of Enforcement Discretion, dated
August 10, 2011 (Agencywide Documents Access and Management System (ADAMS)
Accession No. ML112220409), provides the results of the NRC inspection related to this issue.
Diablo Canyon Power Plant Auxiliary Building Ventilation System Actuation Logic
Diablo Canyon Nuclear Power Plant (DCNPP) completed modifications to its auxiliary building
ventilation systems (ABVS) in November 2010. These modifications included replacement of
relay-based actuation logic with a programmable logic controller (PLC). The licensee
implemented the modification to address problems with reliability and availability (i.e.
obsolescence). The licensee reviewed the modification design to ensure applicable
single-failure criteria were met. Notwithstanding the licensees review, on January 10, 2011, during containment spray pump quarterly testing, a deficiency in the actuation logic of the
recently installed PLC resulted in a complete loss of the Unit 2 ABVS when a damper failed to
open as required because of leakage past a piston seal. This led one of the two ABVS exhaust
fans to trip and prevented the other exhaust fan from starting; thus ABVS became inoperable.
The loss of the ABVS required the licensee to take action in accordance with Technical
Specification Limiting Condition for Operation 3.0.3 (i.e., action statement to reduce mode of
plant operation) for approximately 20 minutes until operators restored the ABVS system through
manual actions. The failure of the piston seal was attributed to using the seal beyond its
defined service life, contrary to the requirements of the licensees preventive maintenance
program for the seal.
DCNPP initially reported this event through a 10 CFR 50.72 EN (EN 46531) as an unanalyzed
condition (10 CFR 50.72(b)(3)(ii)(B)) and an accident mitigation concern
(10 CFR 50.72(b)(3)(v)(D)). The licensee provided additional information in the form of a
10 CFR 50.73 LER for an unanalyzed condition and safety system functional failure
(LER 2752011002). In the LER, the licensee incorrectly attributed the cause of the loss of the ABVS to a nonconforming single-failure vulnerability in the ABVS system design that existed as
part of the original design for both DCNPP Units. It was later determined that the 2010
modifications to the ABVS control logic introduced a single-failure vulnerability, where ABVS
exhaust fans tripped when a system damper was not fully opened.
The corrective actions for this issue consisted of modifying the design of both DCNPP units to
satisfy the single-failure design criteria, revising the design change process to include a design
evaluation of new and old failure modes based on the current licensing and design bases, and
revising the licensing basis.
The report, Diablo Canyon Power Plant - NRC Integrated Inspection Report 05000275/2011002 and 05000323/2011002, dated May 11, 2011 (ADAMS Accession
No. ML111310608), provides the results of the NRC inspection related to this issue.
Point Beach Nuclear Plant (Point Beach) Control Room Emergency Filtration Fan Thermal
Overload
On February 3, 2007, Point Beach lost operability of the control room emergency filtration
system (CREFS) because of an inadequately designed modification (LER 2662007001). In
October 2006, the licensee installed a modification (high efficiency CREFS fan motors) for the
purpose of increasing the low flow margin. During the design of this modification, an incorrect
assumption was made that outside temperature had a negligible effect on motor current draw, so no compensation for low temperature was included in the motor thermal overload design.
On February 3, 2007, with outside temperature at 6 oF, a CREFS fan tripped during a Technical
Specification surveillance test because of a thermal overload relay trip. After evaluating the
cause of the trip, the licensee declared both CREFS fans inoperable because the fan motors
had inadequately sized thermal overload heater elements.
The corrective actions for this issue included replacing the overload heater elements with
elements having trip current setpoints adjusted to values that considered design requirements.
The report, Point Beach Nuclear Power Plant, Units 1 and 2, NRC Integrated Inspection Report 05000266/2007002 and 05000301/2007002, dated April 12, 2007 (ADAMS Accession No.
ML071020081), provides the results of the NRC inspection related to this event.
BACKGROUND
Criterion III of Appendix B to 10 CFR Part 50 requires, in part, that licensees ensure that
applicable regulatory requirements and design basis are correctly translated into specifications, drawings, procedures, and instructions. Furthermore, design changes, including field
changes, shall be subject to design control measures commensurate with those applied to the
original design...
DISCUSSION
In each event described in this IN, a safety systems function was challenged or potentially
challenged because of design control issues. In the first case, a long-standing design control
issue was finally identified after the licensee adopted updated methods of analyzing nonsafety
system designs for single failures. In the second and third cases, actual safety system
functional failures occurred as a result of licensees implementing deficient modifications. These
events illustrate the importance of evaluating modifications rigorously to verify that design-basis
requirements are satisfied.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contacts listed below or to the appropriate Office of Nuclear Reactor
Regulation or Office of New Reactors project manager.
/RA by JLuehman for/ /RA by SBahadur for/
Laura A. Dudes, Director Timothy J. McGinty, Director
Division of Construction Inspection Division of Policy and Rulemaking
and Operational Programs Office of Nuclear Reactor Regulation
Office of New Reactors
Technical Contacts: Samir Darbali, NRR
301-415-3730
E-mail: Samir.Darbali@nrc.gov
David Garmon, NRR
301-415-3512 E-mail: David.Garmon@nrc.gov
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under NRC Library/Document Collections.
ML12115A012 *via e-mail TAC ME7683 NRR/DIRS/IOE NRR/DE/EIC NRR/DPR/PRL
OFFICE NRR/DIRS/IOEB* Tech Editor* NRR/DE/EICB*
B/BC* B/BC* B/BC*
HChernoff JThorp JQuichocho
NAME DGarmon CHsu SDarbali
(EThomas for)
DATE 6/14/12 4/30/12 6/20/12 6/18/12 6/20/12 7/5/12 NRR/DPR/PG NRR/DPR/PG NRR/DPR/PGC NRR/DPR/P
OFFICE NRR/DE/D NRO/DCIP/D NRR/DPR/D
CB/LA* CB/PM B/BC GCB/LA
PHiland LDudes TMcGinty
NAME CHawes ARussell DPelton CHawes
(MCheok for) (JLuehman for) (SBahadur for)
DATE 6/28/12 7/10/12 7/12/12 7/18/12 7/18/12 7/24/12 7/24/12