RIS 2002-14, Proposed Changes to the Safety System Unavailability Performance Indicators: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Adams
{{Adams
| number = ML022410004
| number = ML022740012
| issue date = 08/28/2002
| issue date = 09/30/2002
| title = Attachment 1 and Attachment 2, Regularory Issue Summary 2002-14, Proposed Changes to the Safety System Unavailability Performance Indicators
| title = Proposed Changes to the Safety System Unavailability Performance Indicators
| author name = Beckner W D
| author name = Beckner W
| author affiliation = NRC/NRR/DRIP/RORP
| author affiliation = NRC/NRR/DRIP/RORP
| addressee name =  
| addressee name =  
Line 9: Line 9:
| docket =  
| docket =  
| license number =  
| license number =  
| contact person = Sanders S
| contact person = Sanders S, NRR/DIPM, 415-2956
| case reference number = OMB 3150-0195
| document report number = RIS-02-014, Suppl 1
| document report number = RIS-02-014
| package number = ML022740008
| document type = NRC Regulatory Issue Summary
| document type = NRC Regulatory Issue Summary
| page count = 37
| page count = 5
}}
}}
See also: [[followed by::RIS 2002-14]]
{{#Wiki_filter:UNITED STATES
                            NUCLEAR REGULATORY COMMISSION
                        OFFICE OF NUCLEAR REACTOR REGULATION
                                WASHINGTON, D.C. 20555-0001 September 30, 2002 NRC REGULATORY ISSUE SUMMARY 2002-14, SUPPLEMENT 1 PROPOSED CHANGES TO THE SAFETY SYSTEM UNAVAILABILITY
                            PERFORMANCE INDICATORS


=Text=
==ADDRESSEES==
{{#Wiki_filter:Attachment 1RIS 2002-14Attachment 1, Section 2.2, "Mitigating Systems Cornerstone," of NEI 99-02, "RegulatoryAssessment Performance Indicator Guideline" (Draft)
All holders of operating licenses for nuclear power reactors, except those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.
1 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 1 MITIGATING SYSTEM PERFORMANCE INDEX 2 Purpose 3 The purpose of the mitigating system performance index is to monitor the performance of 4 selected systems based on their ability to perform risk-significant functions as defined herei It 5 is comprised of two elements - system unavailability and system unreliability. The index is used 6 to determine the significance of performance issues for single demand failures and accumulated 7 unavailabilit Due to the limitations of the index, the following conditions will rely upon the 8 inspection process for determining the significance of performance issues: 9 10 1. Multiple concurrent failures of components 11 2. Common cause failures 12 3. Conditions not capable of being discovered during normal surveillance tests 13 4. Failures of non-active components 14 15 Indicator Definition 16 Mitigating System Performance Index (MSPI) is the sum of changes in a simplified core damage 17 frequency evaluation resulting from changes in unavailability and unreliability relative to 18 baseline values. 19 20 Unavailability is the ratio of the hours the train/system was unavailable to perform its risk-21 significant functions due to planned and unplanned maintenance or test on active and non-active 22 components during the previous 12 quarters while critical to the number of critical hours during 23 the previous 12 quarters. (Fault exposure hours are not included; unavailable hours are counted 24 only for the time required to recover the train's risk-significant functions.) 25 26 Unreliability is the probability that the system would not perform its risk-significant functions 27 when called upon during the previous 12 quarter Baseline values are the values for unavailability and unreliability against which current changes 30 in unavailability and unreliability are measure See Appendix F for further detail The MSPI is calculated separately for each of the following five systems for each reactor type. 33 34 BWRs 35 emergency AC power system 36 high pressure injection systems (high pressure coolant injection, high pressure core spray, or 37 feedwater coolant injection) 38 heat removal systems (reactor core isolation cooling) 39 residual heat removal system (or their equivalent function as described in the Additional 40 Guidance for Specific Systems section.) 41 2 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 cooling water support system (includes risk significant direct cooling functions provided by 1 service water and component cooling water or their cooling water equivalents for the above 2 four monitored systems) 3 4 PWRs 5 emergency AC power system 6 high pressure safety injection system 7 auxiliary feedwater system 8 residual heat removal system (or their equivalent function as described in the Additional 9 Guidance for Specific Systems section.) 10 cooling water support system (includes risk significant direct cooling functions provided by 11 service water and component cooling water or their cooling water equivalents for the above 12 four monitored systems) 13 14 Data Reporting Elements 15 The following data elements are reported for each system 16 17 Unavailability Index (UAI) due to unavailability for each monitored system 18 Unreliability Index (URI) due to unreliability for each monitored system 19 20 During the pilot, the additional data elements necessary to calculate UAI and URI will be 21 reported monthly for each system on an Excel spreadsheet. See Appendix F. 22 23 24 Calculation 25 The MSPI for each system is the sum of the UAI due to unavailability for the system plus URI 26 due to unreliability for the system during the previous twelve quarters. 27 28 MSPI = UAI + URI. 29 30 See Appendix F for the calculational methodology for UAI due to system unavailability and URI 31 due to system unreliability. 32 33 Definition of Terms 34 A train consists of a group of components that together provide the risk significant functions of 35 the system as explained in the additional guidance for specific mitigating system Fulfilling the 36 risk-significant function of the system may require one or more trains of a system to operate 37 simultaneousl The number of trains in a system is generally determined as follows: 38 39 for systems that provide cooling of fluids, the number of trains is determined by the number 40 of parallel heat exchangers, or the number of parallel pumps, or the minimum number of 41 parallel flow paths, whichever is fewer. 42 43 3 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 for emergency AC power systems the number of trains is the number of class 1E emergency 1 (diesel, gas turbine, or hydroelectric) generators at the station that are installed to power 2 shutdown loads in the event of a loss of off-site power. (This does not include the diesel 3 generator dedicated to the BWR HPCS system, which is included in the scope of the HPCS 4 system.) 5 6 Risk Significant Functions: those at power functions, described in the "Additional Guidance for 7 Specific Systems," that were determined to be risk-significant in accordance with NUMARC 93-8 01, or NRC approved equivalents (e.g., the STP exemption request-.) The system functions 9 described in the "Additional Guidance for Specific Systems" must be modeled in the plant's 10 PRA/PS of risk-significant SSCs as modeled in the plant-specific PR Risk metrics for 11 identifying risk-significant functions are: 12 13 Risk Achievement Worth > 2.0, or 14 Risk Reduction Worth >0.005, or 15 PRA cutsets that account for 90% of core damage frequency90% of core damage 16 frequency accounted for. 17 18 Risk-Significant Mission Times: The mission time modeled in the PRA for satisfying the risk-19 significant function of reaching a stable plant condition where normal shutdown cooling is 20 sufficien Note that PRA models typically analyze an event for 24 hours, which may exceed the 21 time needed for the risk-significant function captured in the MSP However, other intervals as 22 justified by analyses and modeled in the PRA may be used. 23 24 Success criteria are the plant specific values of parameters the train/system is required to achieve 25 to perform its risk-significant functio Default values of those parameters are the plant's design 26 bases values unless other values are modeled in the PRA. 27 28 Clarifying Notes 29 Documentation 30 31 Each licensee will have the system boundaries, active components, risk-significant functions and 32 success criteria readily available for NRC inspection on sit Additionally, plant-specific 33 information used in Appendix F should also be readily available for inspectio Success Criteria 36 37 Individual component capability must be evaluated against train/system level success criteria 38 (e.g., a valve stroke time may exceed an ASME requirement, but if the valve still strokes in time 39 to meet the PRA success criteria for the train/system, the component has not failed for the 40 purposes of this indicator because the risk-significant train/system function is still satisfied). 41 Important plant specific performance factors that can be used to identify the required capability 42 of the train/system to meet the risk-significant functions include, but are not limited to: 43 Actuation 44 o Time 45 4 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 o Auto/manual 1 o Multiple or sequential 2 Success requirements 3 o Numbers of components or trains 4 o Flows 5 o Pressures 6 o Heat exchange rates 7 o Temperatures 8 o Tank water level 9 Other mission requirements 10 o Run time 11 o State/configuration changes during mission 12 Accident environment from internal events 13 o Pressure, temperature, humidity 14 Operational factors 15 o Procedures 16 o Human actions 17 o Training 18 o Available externalities (e.g., power supplies, special equipment, etc.) 19 20 21 22 System/Component Interface Boundaries 23 24 For active components that are supported by other components from both monitored and 25 unmonitored systems, the following general rules apply: 26 27 For control and motive power, only the last relay, breaker or contactor necessary to 28 power or control the component is included in the active component boundar For 29 example, if an ESFAS signal actuates a MOV, only the relay that receives the ESFAS 30 signal in the control circuitry for the MOV is in the MOV boundar No other portions 31 of the ESFAS are included. 32 33 For water connections from systems that provide cooling water to an active component, 34 only the final active connecting valve is included in the boundar For example, for 35 service water that provides cooling to support an AFW pump, only the final active valve 36 in the service water system that supplies the cooling water to the AFW system is 37 included in the AFW system scop This same valve is not included in the cooling water 38 support system scop Water Sources and Inventory 41 42 Water tanks are not considered to be active component As such, they do not contribute to UR However, periods of insufficient water inventory contribute to UAI if they result in loss of the 44 risk-significant train function for the required mission tim Water inventory can include 45 operator recovery actions for water make-up provided the actions can be taken in time to meet 46 5 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 the mission times and are modeled in the PR If additional water sources are required to satisfy 1 train mission times, only the connecting active valve from the additional water source is 2 considered as an active component for calculating UR If there are valves in the primary water 3 source that must change state to permit use of the additional water source, these valves are 4 considered active and should be included in URI for the system. 5 6 Monitored Systems 7 8 Systems have been generically selected for this indicator based on their importance in preventing 9 reactor core damag The systems include the principal systems needed for maintaining reactor 10 coolant inventory following a loss of coolant accident, for decay heat removal following a 11 reactor trip or loss of main feedwater, and for providing emergency AC power following a loss 12 of plant off-site power. One risk-significant support function (cooling water support system) is 13 also monitored. The cooling water support system monitors the risk significant cooling functions 14 provided by service water and component cooling water, or their direct cooling water 15 equivalents, for the four front-line monitored system No support systems are to be cascaded 16 onto the monitored systems, e.g., HVAC room coolers, DC power, instrument air, etc. 17 18 Diverse Systems 19 20 Except as specifically stated in the indicator definition and reporting guidance, no credit is given 21 for the achievement of a risk-significant function by an unmonitored system in determining 22 unavailability or unreliability of the monitored systems. 23 24 Common Components 25 26 Some components in a system may be common to more than one train or system, in which case 27 the unavailability/unreliability of a common component is included in all affected trains or 28 systems. (However, see "Additional Guidance for Specific Systems" for exceptions; for example, 29 the PWR High Pressure Safety Injection System.) 30 31 Short Duration Unavailability 32 33 Trains are generally considered to be available during periodic system or equipment 34 realignments to swap components or flow paths as part of normal operations. Evolutions or 35 surveillance tests that result in less than 15 minutes of unavailable hours per train at a time need 36 not be counted as unavailable hour Licensees should compile a list of surveillances/evolutions 37 that meet this criterion and have it available for inspector revie In addition, equipment 38 misalignment or mispositioning which is corrected in less than 15 minutes need not be counted 39 as unavailable hours. The intent is to minimize unnecessary burden of data collection, 40 documentation, and verification because these short durations have insignificant risk impact. 41 42 If a licensee is required to take a component out of service for evaluation and corrective actions 43 for greater than 15 minutes (for example, related to a Part 21 Notification), the unavailable hours 44 must be included. 45 46 6 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 Treatment of Demand /Run Failures and Degraded Conditions 1 2 1. Treatment of Demand and Run Failures 3 Failures of active components (see Appendix F) on demand or failures to run, either 4 actual or test, while critical, are included in unreliabilit Failures on demand or failures 5 to run at any other timewith the reactor shutdown must be evaluated to determine if the 6 failure would have resulted in the train not being able to perform its risk-significant at 7 power functions, and must therefore be included in unreliability. Unavailable hours are 8 included only for the time required to recover the train's risk-significant functions and 9 only when the reactor is critical. 10 11 2. Treatment of Degraded Conditions 12 13 a) Capable of Being Discovered By Normal Surveillance Tests 14 Normal surveillance tests are those tests that are performed at a frequency of a 15 refueling cycle or more frequently. 16 17 Degraded conditions, even ifwhere no actual demand existed, that render an 18 active component incapable of performing its risk-significant functions are 19 included in unreliability as a demand and a failur The appropriate failure mode 20 must be accounted fo For example, for valves, a demand and a demand failure 21 would be assumed and included in UR For pumps and diesels, if the degraded 22 condition would have prevented a successful start demand, a demand and a failure 23 is included in URI, but there would be no run time hours or run failure If it was 24 determined that the pump/diesel would start and load run, but would fail 25 sometime during the 24 hour run test or its surveillance test equivalent, the 26 evaluated failure time would be included in run hours and a run failure would be 27 assume A start demand and start failure would not be include If a running 28 component is secured from operation due to observed degraded performance, but 29 prior to failure, then a run failure shall be counted unless evaluation of the 30 condition shows that the component would have continued to operate for the risk-31 significant mission time starting from the time the component was secured. 32 Unavailable hours are included for the time required to recover the risk-33 significant function(s). 34 35 Degraded conditions, or actual unavailability due to mispositioning of non-active 36 components that render a train incapable of performing its risk-significant 37 functions are only included in unavailability for the time required to recover the 38 risk-significant function(s). 39 40 Loss of risk significant function(s) is assumed to have occurred if the established 41 success criteria has not been me If subsequent analysis identifies additional 42 margin for the success criterion, future impacts on URI or UAI for degraded 43 conditions may be determined based on the new criterio However, URI and 44 UAI must be based on the success criteria of record at the time the degraded 45 condition is discovere If the degraded condition is not addressed by any of the 46 7 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 pre-defined success criteria, an engineering evaluation to determine the impact of 1 the degraded condition on the risk-significant function(s) should be completed 2 and documente The use of component failure analysis, circuit analysis, or event 3 investigations is acceptabl Engineering judgment may be used in conjunction 4 with analytical techniques to determine the impact of the degraded condition on 5 the risk-significant functio The engineering evaluation should be completed as 6 soon as practicabl If it cannot be completed in time to support submission of the 7 PI report for the current quarter, the comment field shall note that an evaluation is 8 pendin The evaluation must be completed in time to accurately account for 9 unavailability/unreliability in the next quarterly repor Exceptions to this 10 guidance are expected to be rare and will be treated on a case-by-case basi Licensees should identify these situations to the resident inspector. 12 13 b) Not Capable of Being Discovered by Normal Surveillance Tests 14 These failures or conditions are usually of longer exposure time. Since these 15 failure modes have not been tested on a regular basis, it is inappropriate to include 16 them in the performance index statistic These failures or conditions are subject 17 to evaluation through the inspection process. Examples of this type are failures 18 due to pressure locking/thermal binding of isolation valves, blockages in lines not 19 regularly tested, or inadequate component sizing/settings under accident 20 conditions (not under normal test conditions). While not included in the 21 calculation of the index, they should be reported in the comment field of the PI 22 data submittal. 23 24 25 Credit for Operator Recovery Actions to Restore the Risk-Significant Function 26 27 1. During testing or operational alignment: 28 Unavailability of a risk-significant function during testing or operational alignment need not 29 be included if the test configuration is automatically overridden by a valid starting signal, or 30 the function can be promptly restored either by an operator in the control room or by a 31 designated operator1 stationed locally for that purpos Restoration actions must be 32 contained in a written procedure2, must be uncomplicated (a single action or a few simple 33 actions), must be capable of being restored in time to satisfy PRA success criteria and must 34 not require diagnosis or repai Credit for a designated local operator can be taken only if 35 (s)he is positioned at the proper location throughout the duration of the test for the purpose of 36 restoration of the train should a valid demand occu The intent of this paragraph is to allow 37 licensees to take credit for restoration actions that are virtually certain to be successful (i.e., 38 probability nearly equal to 1) during accident condition Operator in this circumstance refers to any plant personnel qualified and designated to perform the restoration function. 2 Including restoration steps in an approved test procedur DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 The individual performing the restoration function can be the person conducting the test and 1 must be in communication with the control roo Credit can also be taken for an operator in 2 the main control room provided (s)he is in close proximity to restore the equipment when 3 neede Normal staffing for the test may satisfy the requirement for a dedicated operator, 4 depending on work assignment In all cases, the staffing must be considered in advance and 5 an operator identified to perform the restoration actions independent of other control room 6 actions that may be require Under stressful, chaotic conditions, otherwise simple multiple actions may not be 9 accomplished with the virtual certainty called for by the guidance (e.g., lifting test leads and 10 landing wires; or clearing tags). In addition, some manual operations of systems designed to 11 operate automatically, such as manually controlling HPCI turbine to establish and control 12 injection flow, are not virtually certain to be successful. These situations should be resolved 13 on a case-by-case basis through the FAQ process. 14 15 2. During Maintenance 16 Unavailability of a risk-significant function during maintenance need not be included if the 17 risk-significant function can be promptly restored either by an operator in the control room or 18 by a designated operator3 stationed locally for that purpos Restoration actions must be 19 contained in a written procedure4, must be uncomplicated (a single action or a few simple 20 actions), must be capable of being restored in time to satisfy PRA success criteria and must 21 not require diagnosis or repai Credit for a designated local operator can be taken only if 22 (s)he is positioned at a proper location throughout the duration of the maintenance activity 23 for the purpose of restoration of the train should a valid demand occu The intent of this 24 paragraph is to allow licensees to take credit for restoration of risk-significant functions that 25 are virtually certain to be successful (i.e., probability nearly equal to 1). The individual 26 performing the restoration function can be the person performing the maintenance and must 27 be in communication with the control roo Credit can also be taken for an operator in the 28 main control room provided (s)he is in close proximity to restore the equipment when 29 neede Under stressful chaotic conditions otherwise simple multiple actions may not be 30 accomplished with the virtual certainty called for by the guidance (e.g., lifting test leads and 31 landing wires, or clearing tags). These situations should be resolved on a case-by-case basis 32 through the FAQ process. 33 34 3. Satisfying PRA success criteriaRisk Significant Mission Times 35 Risk significant operator actions to satisfy pre-determined train/system risk-significant 36 mission times can only be credited if they are modeled in the PRA. 37 38 Swing trains and components shared between units 39 40  3 Operator in this circumstance refers to any plant personnel qualified and designated to perform the restoration function. 4 Including restoration steps in an approved test procedur DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 Swing trains/components are trains/components that can be aligned to any uni To be credited 1 as such, their swing capability should be modeled in the PRA to provide an appropriate Fussell-2 Vesely valu Unit Cross Tie Capability 5 6 Components that cross tie monitored systems between units should be considered active 7 components if they are modeled in the PRA and meet the active component criteria in Appendix 8 F. Such active components are counted in each unit's performance indicators. 9 10 Maintenance Trains and Installed Spares 11 12 Some power plants have systems with extra trains to allow preventive maintenance to be carried 13 out with the unit at power without impacting the risk-significant function of the syste That is, 14 one of the remaining trains may fail, but the system can still perform its risk significant functio To be a maintenance train, a train must not be needed to perform the system's risk significant 16 function. 17 18 An "installed spare" is a component (or set of components) that is used as a replacement for other 19 equipment to allow for the removal of equipment from service for preventive or corrective 20 maintenance without impacting the risk-significant function of the system. To be an "installed 21 spare," a component must not be needed for the system to perform the risk significant function. 22 23 24 For unreliability, spare active components are included if they are modeled in the PR Unavailability of the spare component/train is only counted in the index if the spare is substituted 26 for a primary train/componen Unavailability is not monitored for a component/train when that 27 component/train has been replaced by an installed spare or maintenance train. 28 29 Use of Plant-Specific PRA and SPAR Models 30 31 The MSPI is an approximation using some information from a plant's actual PRA and is 32 intended as an indicator of system performance. Plant-specific PRAs and SPAR models cannot 33 be used to question the outcome of the PIs computed in accordance with this guidelin Maintenance Rule Performance Monitoring 36 37 It is the intent that NUMARC 93-01 be revised to require consistent unavailability and 38 unreliability data gathering as required by this guideline. 39 40 10 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 ADDITIONAL GUIDANCE FOR SPECIFIC SYSTEMS 1 This guidance provides typical system scope Individual plants should include those systems 2 employed at their plant that are necessary to satisfy the specific risk-significant functions 3 described below and reflected in their PRA Emergency AC Power Systems 5 Scope 6 The function monitored for the emergency AC power system is the ability of the emergency 7 generators to provide AC power to the class 1E buses upon a loss of off-site power while the 8 reactor is critical, including post-accident conditions. The emergency AC power system is 9 typically comprised of two or more independent emergency generators that provide AC power to 10 class 1E buses following a loss of off-site power. The emergency generator dedicated to 11 providing AC power to the high pressure core spray system in BWRs is not within the scope of 12 emergency AC power. 13 14 The electrical circuit breaker(s) that connect(s) an emergency generator to the class lE buses that 15 are normally served by that emergency generator are considered to be part of the emergency 16 generator train. 17 18 Emergency generators that are not safety grade, or that serve a backup role only (e.g., an 19 alternate AC power source), are not included in the performance reporting. 20 21 Train Determination 22 The number of emergency AC power system trains for a unit is equal to the number of class 1E 23 emergency generators that are available to power safe-shutdown loads in the event of a loss of 24 off-site power for that uni There are three typical configurations for EDGs at a multi-unit 25 station: 26 27 EDGs dedicated to only one unit. 28 One or more EDGs are available to "swing" to either unit 29 All EDGs can supply all units 30 31 For configuration 1, the number of trains for a unit is equal to the number of EDGs dedicated to 32 the uni For configuration 2, the number of trains for a unit is equal to the number of dedicated 33 EDGs for that unit plus the number of "swing" EDGs available to that unit (i.e., The "swing" 34 EDGs are included in the train count for each unit). For configuration 3, the number of trains is 35 equal to the number of EDGs. 36 37 Clarifying Notes 38 The emergency diesel generators are not considered to be available during the following portions 39 of periodic surveillance tests unless recovery from the test configuration during accident 40 conditions is virtually certain, as described in "Credit for operator recovery actions during 41 11 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 testing," can be satisfied; or the duration of the condition is less than fifteen minutes per train at 1 one time: 2 3 Load-run testing 4 Barring 5 6 An EDG is not considered to have failed due to any of the following events: 7 8 spurious operation of a trip that would be bypassed in a loss of offsite power event 9 malfunction of equipment that is not required to operate during a loss of offsite power event 10 (e.g., circuitry used to synchronize the EDG with off-site power sources) 11 failure to start because a redundant portion of the starting system was intentionally disabled 12 for test purposes, if followed by a successful start with the starting system in its normal 13 alignment 14 Air compressors are not part of the EDG boundar However, air receivers that provide starting 15 air for the diesel are included in the EDG boundary. 16 17 If an EDG has a dedicated battery independent of the station's normal DC distribution system, 18 the dedicated battery is included in the EDG system boundary. 19 20 If the EDG day tank is not sufficient to meet the EDG mission time, the fuel transfer function 21 should be modeled in the PR However, the fuel transfer pumps are not considered to be an 22 active component in the EDG system because they are considered to be a support syste BWR High Pressure Injection Systems 27 (High Pressure Coolant Injection, High Pressure Core Spray, and Feedwater Coolant 28 Injection) 29 30 Scope 31 These systems function at high pressure to maintain reactor coolant inventory and to remove 32 decay heat following a small-break Loss of Coolant Accident (LOCA) event or a loss of main 33 feedwater event. 34 35 The function monitored for the indicator is the ability of the monitored system to take suction 36 from the suppression pool (and from the condensate storage tank, if credited in the plant's 37 accident analysis) and inject into the reactor vessel. 38 39 Plants should monitor either the high-pressure coolant injection (HPCI), the high-pressure core 40 spray (HPCS), or the feedwater coolant injection (FWCI) system, whichever is installe The 41 turbine and governor (or motor-driven FWCI pumps), and associated piping and valves for 42 turbine steam supply and exhaust are within the scope of these systems. Valves in the feedwater 43 line are not considered within the scope of these system The emergency generator dedicated to 44 12 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 providing AC power to the high-pressure core spray system is included in the scope of the 1 HPC The HPCS system typically includes a "water leg" pump to prevent water hammer in the 2 HPCS piping to the reactor vessel. The "water leg" pump and valves in the "water leg" pump 3 flow path are ancillary components and are not included in the scope of the HPCS system. 4 Unavailability is not included while critical if the system is below steam pressure specified in 5 technical specifications at which the system can be operated. 6 7 Train Determination 8 The HPCI and HPCS systems are considered single-train systems. The booster pump and other 9 small pumps are ancillary components not used in determining the number of trains. The effect 10 of these pumps on system performance is included in the system indicator to the extent their 11 failure detracts from the ability of the system to perform its risk-significant functio For the 12 FWCI system, the number of trains is determined by the number of feedwater pump The 13 number of condensate and feedwater booster pumps are not used to determine the number of 14 trains. 15 16 BWR Heat Removal Systems 17 (Reactor Core Isolation Cooling or Isolation Condenser) 18 19 Scope 20 This system functions at high pressure to remove decay heat following a loss of main feedwater 21 event. The RCIC system also functions to maintain reactor coolant inventory following a very 22 small LOCA event. 23 24 The function monitored for the indicator is the ability of the RCIC system to cool the reactor 25 vessel core and provide makeup water by taking a suction from either the condensate storage 26 tank or the suppression pool and injecting at rated pressure and flow into the reactor vessel. 27 28 The Reactor Core Isolation Cooling (RCIC) system turbine, governor, and associated piping and 29 valves for steam supply and exhaust are within the scope of the RCIC syste Valves in the 30 feedwater line are not considered within the scope of the RCIC syste The Isolation Condenser 31 and inlet valves are within the scope of Isolation Condenser system. Unavailability is not 32 included while critical if the system is below steam pressure specified in technical specifications 33 at which the system can be operated. 34 35 36 Train Determination 37 The RCIC system is considered a single-train system. The condensate and vacuum pumps are 38 ancillary components not used in determining the number of trains. The effect of these pumps on 39 RCIC performance is included in the system indicator to the extent that a component failure 40 results in an inability of the system to perform its risk-significant function. 41 13 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 1 BWR Residual Heat Removal Systems 2 Scope 3 The functions monitored for the BWR residual heat removal (RHR) system are the ability of the 4 RHR system to remove heat from the suppression pool, provide low pressure coolant injection, 5 and provide post-accident decay heat removal. The pumps, heat exchangers, and associated 6 piping and valves for those functions are included in the scope of the RHR system. 7 8 Train Determination 9 The number of trains in the RHR system is determined by the number of parallel RHR heat 10 exchanger PWR High Pressure Safety Injection Systems 13 Scope 14 These systems are used primarily to maintain reactor coolant inventory at high pressures 15 following a loss of reactor coolant. HPSI system operation following a small-break LOCA 16 involves transferring an initial supply of water from the refueling water storage tank (RWST) to 17 cold leg piping of the reactor coolant system. Once the RWST inventory is depleted, 18 recirculation of water from the reactor building emergency sump is required. The function 19 monitored for HPSI is the ability of a HPSI train to take a suction from the primary water source 20 (typically, a borated water tank), or from the containment emergency sump, and inject into the 21 reactor coolant system at rated flow and pressure. 22 23 The scope includes the pumps and associated piping and valves from both the refueling water 24 storage tank and from the containment sump to the pumps, and from the pumps into the reactor 25 coolant system piping. For plants where the high-pressure injection pump takes suction from the 26 residual heat removal pumps, the residual heat removal pump discharge header isolation valve to 27 the HPSI pump suction is included in the scope of HPSI syste Some components may be 28 included in the scope of more than one trai For example, cold-leg injection lines may be fed 29 from a common header that is supplied by both HPSI trains. In these cases, the effects of testing 30 or component failures in an injection line should be reported in both train Train Determination 33 34 In general, the number of HPSI system trains is defined by the number of high head injection 35 paths that provide cold-leg and/or hot-leg injection capability, as applicable. 36 37 For Babcock and Wilcox (B&W) reactors, the design features centrifugal pumps used for high 38 pressure injection (about 2,500 psig) and no hot-leg injection pat Recirculation from the 39 containment sump requires operation of pumps in the residual heat removal system. They are 40 14 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 typically a two-train system, with an installed spare pump (depending on plant-specific design) 1 that can be aligned to either train. 2 3 For two-loop Westinghouse plants, the pumps operate at a lower pressure (about 1600 psig) and 4 there may be a hot-leg injection path in addition to a cold-leg injection path (both are included as 5 a part of the train). 6 7 For Combustion Engineering (CE) plants, the design features three centrifugal pumps that 8 operate at intermediate pressure (about 1300 psig) and provide flow to two cold-leg injection 9 paths or two hot-leg injection paths. In most designs, the HPSI pumps take suction directly from 10 the containment sump for recirculation. In these cases, the sump suction valves are included 11 within the scope of the HPSI system. This is a two-train system (two trains of combined cold-leg 12 and hot-leg injection capability). One of the three pumps is typically an installed spare that can 13 be aligned to either train or only to one of the trains (depending on plant-specific design). 14 15 For Westinghouse three-loop plants, the design features three centrifugal pumps that operate at 16 high pressure (about 2500 psig), a cold-leg injection path through the BIT (with two trains of 17 redundant valves), an alternate cold-leg injection path, and two hot-leg injection paths. One of 18 the pumps is considered an installed spare. Recirculation is provided by taking suction from the 19 RHR pump discharges. A train consists of a pump, the pump suction valves and boron injection 20 tank (BIT) injection line valves electrically associated with the pump, and the associated hot-leg 21 injection path. The alternate cold-leg injection path is required for recirculation, and should be 22 included in the train with which its isolation valve is electrically associated. This represents a 23 two-train HPSI system. 24 25 For Four-loop Westinghouse plants, the design features two centrifugal pumps that operate at 26 high pressure (about 2500 psig), two centrifugal pumps that operate at an intermediate pressure 27 (about 1600 psig), a BIT injection path (with two trains of injection valves), a cold-leg safety 28 injection path, and two hot-leg injection paths. Recirculation is provided by taking suction from 29 the RHR pump discharges. Each of two high pressure trains is comprised of a high pressure 30 centrifugal pump, the pump suction valves and BIT valves that are electrically associated with 31 the pump. Each of two intermediate pressure trains is comprised of the safety injection pump, the 32 suction valves and the hot-leg injection valves electrically associated with the pump. The cold-33 leg safety injection path can be fed with either safety injection pump, thus it should be associated 34 with both intermediate pressure trains. This HPSI system is considered a four-train system for 35 monitoring purposes. 36 37 38 39 PWR Auxiliary Feedwater Systems 40 Scope 41 The AFW system provides decay heat removal via the steam generators to cool down and 42 depressurize the reactor coolant system following a reactor trip. The AFW system is assumed to 43 be required for an extended period of operation during which the initial supply of water from the 44 condensate storage tank is depleted and water from an alternative water source (e.g., the service 45 water system) is required. Therefore components in the flow paths from both of these water 46 15 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 sources are included; however, the alternative water source (e.g., service water system) is not 1 included. 2 3 The function monitored for the indicator is the ability of the AFW system to take a suction from 4 the primary water source (typically, the condensate storage tank) or, if required, from an 5 emergency source (typically, a lake or river via the service water system) and inject into at least 6 one steam generator at rated flow and pressure. 7 8 The scope of the auxiliary feedwater (AFW) or emergency feedwater (EFW) systems includes 9 the pumps and the components in the flow paths from the condensate storage tank and, if 10 required, the valve(s) that connect the alternative water source to the auxiliary feedwater syste Startup feedwater pumps are not included in the scope of this indicator. 12 13 Train Determination 14 The number of trains is determined primarily by the number of parallel pump For example, a 15 system with three pumps is defined as a three-train system, whether it feeds two, three, or four 16 injection lines, and regardless of the flow capacity of the pumps. Some components may be 17 included in the scope of more than one train. For example, one set of flow regulating valves and 18 isolation valves in a three-pump, two-steam generator system are included in the motor-driven 19 pump train with which they are electrically associated, but they are also included (along with the 20 redundant set of valves) in the turbine-driven pump train. In these instances, the effects of testing 21 or failure of the valves should be reported in both affected train Similarly, when two trains 22 provide flow to a common header, the effect of isolation or flow regulating valve failures in 23 paths connected to the header should be considered in both trains. 24 25 PWR Residual Heat Removal System 26 Scope 27 The functions monitored for the PWR residual heat removal (RHR) system are those that are 28 required to be available when the reactor is critica These typically include the low-pressure 29 injection function (if risk-significant) and the post-accident recirculation mode used to cool and 30 recirculate water from the containment sump following depletion of RWST inventory to provide 31 post-accident decay heat removal. The pumps, heat exchangers, and associated piping and valves 32 for those functions are included in the scope of the RHR syste Containment spray function 33 should be included if it is identified in the PRA as a risk-significant post accident decay heat 34 removal function. Containment spray systems that only provide containment pressure control are 35 not included. 36 37 38 39 Train Determination 40 The number of trains in the RHR system is determined by the number of parallel RHR heat 41 exchanger Some components are used to provide more than one function of RH If a 42 component cannot perform as designed, rendering its associated train incapable of meeting one 43 16 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 of the risk-significant functions, then the train is considered to be faile Unavailable hours 1 would be reported as a result of the component failure. 2 Cooling Water Support System 3 Scope 4 The function of the cooling water support system is to provide for direct cooling of the 5 components in the other monitored system It does not include indirect cooling provided by 6 room coolers or other HVAC features. 7 8 Systems that provide this function typically include service water and component cooling water 9 or their cooling water equivalent Pumps, valves, heat exchangers and line segments that are 10 necessary to provide cooling to the other monitored systems are included in the system scope up 11 to, but not including, the last valve that connects the cooling water support system to the other 12 monitored system This last valve is included in the other monitored system boundary. 13 14 Valves in the cooling water support system that must close to ensure sufficient cooling to the 15 other monitored system components to meet risk significant functions are included in the system 16 boundary. 17 18 19 20 Train Determination 21 The number of trains in the Cooling Water Support System will vary considerably from plant to 22 plant. The way these functions are modeled in the plant-specific PRA will determine a logical 23 approach for train determinatio For example, if the PRA modeled separate pump and line 24 segments, then the number of pumps and line segments would be the number of train Clarifying Notes 27 Service water pump strainers and traveling screens are not considered to be active components 28 and are therefore not part of UR However, clogging of strainers and screens due to expected or 29 routinely predictable environmental conditions that render the train unavailable to perform its 30 risk significant cooling function (which includes the risk-significant mission times)are included 31 in UAI. 32 33 Unpredictable extreme environmental conditions that render the train unavailable to perform its 34 risk significant cooling function should be addressed through the FAQ process to determine if 35 resulting unavailability should be included in UA Attachment 2RIS 2002-14NEI 99-02, Appendix F, " Methodologies For Computing the Unavailability Index, theUnreliability Index and Determining Performance Index Validity" (Draft).


DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-1 APPENDIX F 1 2 METHODOLOGIES FOR COMPUTING THE UNAVAILABILITY 3 INDEX, THE UNRELIABILITY INDEX AND DETERMINING 4 PERFORMANCE INDEX VALIDITY 5 This appendix provides the details of three calculations, calculation of the System 6 Unavailability Index, the System Unreliability Index, and the criteria for determining 7 when the Mitigating System Performance Index is unsuitable for use as a performance 8 index. 9 System Unavailability Index (UAI) Due to Changes in Train Unavailability 10 Calculation of System UAI due to changes in train unavailability is as follows: 11 UAIUAItjj1n Eq. 1 12 where the summation is over the number of trains (n) and UAIt is the unavailability index 13 for a train. 14 Calculation of UAIt for each train due to changes in train unavailability is as follows: 15 )(maxBLttpUApptUAUAUAFVCDFUAI, Eq. 2 16 where: 17 CDFp is the plant-specific, internal events, at power Core Damage Frequency, 18 FVUAp is the train-specific Fussell-Vesely value for unavailability, 19 UAP is the plant-specific PRA value of unavailability for the train, 20 UAt is the actual unavailability of train t, defined as: 21 quarters 12 previous theduring hours Criticalcritical whilequarters 12 previous theduring hours eUnavailabltUA 22 and, 23 UABLt is the historical baseline unavailability value for the train determined 24 as described below. 25 UABLt is the sum of two elements: planned and unplanned unavailabilit Planned 26 unavailability is the actual, plant-specific three-year total planned unavailability 27 for the train for the years 1999 through 2001 (see clarifying notes for details). 28 This period is chosen as the most representative of how the plant intends to 29 perform routine maintenance and surveillances at powe Unplanned 30 unavailability is the historical industry average for unplanned unavailability for 31 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-2 the years 1999 through 200 See Table 1 for historical train values for 1 unplanned unavailability. 2 Calculation of the quantity inside the square bracket in equation 2 will be discussed at the 3 end of the next sectio See clarifying notes for calculation of UAI for cooling water 4 support system. 5 6 System Unreliability Index (URI) Due to Changes in Component Unreliability 7 Unreliability is monitored at the component level and calculated at the system level. 8 Calculation of system URI due to changes in component unreliability is as follows: 9 )(1maxBLcjBcjmjpcjURcjpURURURFVCDFURI Eq. 3 10 Where the summation is over the number of active components (m) in the system, and: 11 CDFp is the plant-specific internal events, at power, core damage frequency, 12 FVURc is the component-specific Fussell-Vesely value for unreliability, 13 URPc is the plant-specific PRA value of component unreliability, 14 URBc is the Bayesian corrected component unreliability for the previous 12 15 quarters, 16 and 17 URBLc is the historical industry baseline calculated from unreliability mean values 18 for each monitored component in the system. The calculation is performed in a 19 manner similar to equation 4 below using the industry average values in Table 2. 20 Calculation of the quantity inside the square bracket in equation 3 will be discussed at the 21 end of this section. 22 Component unreliability is calculated as follows. 23 URBcPDTm Eq 4 24 where: 25 PD is the component failure on demand probability calculated based on data 26 collected during the previous 12 quarters, 27 is the component failure rate (per hour) for failure to run calculated based on 28 data collected during the previous 12 quarters, 29 and 30 Tm is the risk-significant mission time for the component based on plant specific 31 PRA model assumption Add acceptable methodologies for determining mission 32 time. 33 34 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-3 NOTE: 1 For valves only the PD term applies 2 For pumps PD + Tm applies 3 For diesels PD start + PD load run + Tm applies 4 5 The first term on the right side of equation 4 is calculated as follows.1 6 PD(Nda)(abD) Eq. 5 7 where: 8 Nd is the total number of failures on demand during the previous 12 quarters, 9 D is the total number of demands during the previous 12 quarters (actual ESF 10 demands plus estimated test and estimated operational/alignment demands. An 11 update to the estimated demands is required if a change to the basis for the 12 estimated demands results in a >25% change in the estimate), 13 and 14 a and b are parameters of the industry prior, derived from industry experience (see 15 Table 2). 16 In the calculation of equation 5 the numbers of demands and failures is the sum of all 17 demands and failures for similar components within each system. Do not sum across 18 units for a multi-unit plant. For example, for a plant with two trains of Emergency Diesel 19 Generators, the demands and failures for both trains would be added together for one 20 evaluation of PD which would be used for both trains of EDGs. 21 In the second term on the right side of equation 4, is calculated as follows. 22 (Nra)(Trb) Eq. 6 23 where: 24 Nr is the total number of failures to run during the previous 12 quarters, 25 Tr is the total number of run hours during the previous 12 quarters (actual ESF run 26 hours plus estimated test and estimated operational/alignment run hours. An 27 update to the estimated run hours is required if a change to the basis for the 28 estimated hours results in a >25% change in the estimate). 29 and 30  1 Atwood, Corwin L., Constrained noninformative priors in risk assessment, Reliability Engineering and System Safety, 53 (1996; 37-46)
==INTENT==
DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-4 a and b are parameters of the industry prior, derived from industry experience (see 1 Table 2). 2 In the calculation of equation 6 the numbers of demands and run hours is the sum of all 3 run hours and failures for similar components within each system. Do not sum across 4 units for a multi-unit plant. For example, a plant with two trains of Emergency Diesel 5 Generators, the run hours and failures for both trains would be added together for one 6 evaluation of which would be used for both trains of EDGs. 7 Fussell-Vesely, Unavailability and Unreliability 8 Equations 2 and 3 include a term that is the ratio of a Fussell-Vesely importance value 9 divided by the related unreliability or unavailability. Calculation of these quantities is 10 generally complex, but in the specific application used here, can be greatly simplified. 11 The simplifying feature of this application is that only those components (or the 12 associated basic events) that can fail a train are included in the performance index. 13 Components within a train that can each fail the train are logically equivalent and the 14 ratio FV/UR is a constant value for any basic event in that trai It can also be shown that 15 for a given component or train represented by multiple basic events, the ratio of the two 16 values for the component or train is equal to the ratio of values for any basic event within 17 the train. Or: 18 FVbeURbeFVURcURPcFVtURtConstant 19 and 20 FVbeUAbeFVUApUApConstant 21 Note that the constant value may be different for the unreliability ratio and the 22 unavailability ratio because the two types of events are frequently not logically 23 equivalent. For example recovery actions may be modeled in the PRA for one but not the 24 other. 25 Thus, the process for determining the value of this ratio for any component or train is to 26 identify a basic event that fails the component or train, determine the failure probability 27 or unavailability for the event, determine the associated FV value for the event and then 28 calculate the ratio. Use the basic event in the component or train with the largest failure 29 probability (hence the maximum notation on the bracket) to minimize the effects of 30 truncation on the calculation. Exclude common cause events, which are not within the 31 scope of this performance index 32 Some systems have multiple modes of operation, such as PWR HPSI systems that operate 33 in injection as well as recirculation modes. In these systems all active components are not 34 logically equivalent, unavailability of the pump fails all operating modes while 35 unavailability of the sump suction valves only fails the recirculation mode. In cases such 36 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-5 as these, if unavailability events exist separately for the components within a train, the 1 appropriate ratio to use is the maximum. 2 Determination of systems for which the performance index is not valid 3 The performance index relies on the existing testing programs as the source of the data 4 that is input to the calculations. Thus, the number of demands in the monitoring period is 5 based on the frequency of testing required by the current test programs. In most cases this 6 will provide a sufficient number of demands to result in a valid statistical result. 7 However, in some cases, the number of demands will be insufficient to resolve the 8 change in the performance index (1.0x10-6) that corresponds to movement from a green 9 performance to a white performance level. In these cases, one failure is the difference 10 between baseline performance and performance in the white performance band. The 11 performance index is not suitable for monitoring such systems and monitoring is 12 performed through the inspection process. 13 This section will define the method to be used to identify systems for which the 14 performance index is not valid, and will not be used. 15 The criteria to be used to identify an invalid performance index is: 16 If, for any failure mode for any component in a system, the risk increase 17 (CDF) associated with the change in unreliability resulting from single 18 failure is larger than 1.0x10-6, then the performance index will be 19 considered invalid for that system. 20 The increase in risk associated with a component failure is the sum of the contribution 21 from the decrease in calculated reliability as a result of the failure and the decrease in 22 availability resulting from the time required to affect the repair of the failed component. 23 The change in CDF that results from a demand type failure is given by: 24 25 CRMeanpUAppcompsimilarNpcURcpTTUAFVCDFDbaURFVCDFMSPIRepair  1
The U. S. Nuclear Regulatory Commission (NRC) is issuing this supplement to Regulatory Issue Summary (RIS) 2002-14 to provide to the addressees revised versions of the three attachments to the RIS.


Eq. 7 26 27 Likewise, the change in CDF per run type failure is given by: 28 29 CRpUAppcompsimilarNrmpcURcpTTUAFVCDFTbTURFVCDFMSPIRepairMean 
==BACKGROUND==
Regulatory Issue Summary 2002-14 informed addressees that the NRC was starting a 6-month pilot program on September 1, 2002, to evaluate changes to the safety system unavailability (SSU) performance indicators (PIs), and that the pilot program would be assessed midway through the test period to determine if more than six months were needed to obtain meaningful results. The RIS and its three attachments provided guidance to participating addressees for submitting PI data to the NRC and on the program success criteria.


Eq. 8 30 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-6 In these expressions, the variables are as defined earlier and additionally 1 TMR is the mean time to repair for the component 2 and 3 TCR is the number of critical hours in the monitoring period. 4 The summation in the equations is taken over all similar components within a system. 5 With multiple components of a given type in one system, the impact of the failure on 6 CDF is included in the increased unavailability of all components of that type due to 7 pooling the demand and failure data. 8 The mean time to repair can be estimate as one-half the Technical Specification Allowed 9 Outage Time for the component and the number of critical hours should correspond to the 10 1999 - 2001 actual number of critical hours. 11 These equations are be used for all failure modes for each component in a system. If the 12 resulting value of CDF is greater than 1.0x10-6 for any failure mode of any component, 13 then the performance index for that system is not considered valid. 14 15 Definitions 16 17 Train Unavailability: Train unavailability is the ratio of the hours the train was 18 unavailable to perform its risk-significant functions due to planned or unplanned 19 maintenance or test during the previous 12 quarters while critical to the number of critical 20 hours during the previous 12 quarters. (Fault exposure hours are not included; 21 unavailable hours are counted only for the time required to recover the train's risk-22 significant functions.) 23 Train unavailable hours: The hours the train was not able to perform its risk significant 24 function due to maintenance, testing, equipment modification, electively removed from 25 service, corrective maintenance, or the elapsed time between the discovery and the 26 restoration to service of an equipment failure or human error that makes the train 27 unavailable (such as a misalignment) while the reactor is critica Fussell-Vesely (FV) Importance: 29 The Fussell-Vesely importance for a feature (component, sub-system, train, etc.) of a 30 system is representative of the fractional contribution that feature makes to the to the total 31 risk of the system. 32 The Fussell-Vesely importance of a basic event or group of basic events that represent a 33 feature of a system is represented by: 34 01RRFVi 35 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-7 Where: 1 R0 is the base (reference) case overall model risk, 2 Ri is the decreased risk level with feature i completely reliable. 3 In this expression, the second term on the right represents the fraction of the reference 4 risk remaining assuming the feature of interest is perfect. Thus 1 minus the second term is 5 the fraction of the reference risk attributed to the feature of interest. 6 The Fussell-Vesely importance is calculated according to the following equation: 7 mjjnjjiCCFV,1 0,1 1, 8 where the denominator represents the union of m minimal cutsets C0 generated with the 9 reference (baseline) model, and the numerator represents the union of n minimal cutsets 10 Ci generated assuming events related to the feature are perfectly reliable, or their failure 11 probability is False. 12 Critical hours: The number of hours the reactor was critical during a specified period of 13 time. 14 Component Unreliability: Component unreliability is the probability that the component 15 would not perform its risk-significant functions when called upon during the previous 12 16 quarter Active Component: A component whose failure to change state renders the train incapable 18 of performing its risk-significant functions. In addition, all pumps and diesels in the 19 monitored systems are included as active components. (See clarifying notes.) 20 Manual Valve: A valve that can only be operated by a perso An MOV or AOV that is 21 remotely operated by a person may be an active component. 22 Start demand: Any demand for the component to successfully start to perform its risk-23 significant functions, actual or tes (Exclude post maintenance tests, unless in case of a 24 failure the cause of failure was independent of the maintenance performed.) 25 Post maintenance tests: Tests performed following maintenance but prior to declaring the 26 train/component operable, consistent with Maintenance Rule implementation. 27 Run demand: Any demand for the component, given that it has successfully started, to 28 run/operate for its mission time to perform its risk-significant function (Exclude post 29 maintenance tests, unless in case of a failure the cause of failure was independent of the 30 maintenance performed.) 31 EDG failure to start: A failure to start includes those failures up to the point the EDG has 32 achieved rated speed and voltage. (Exclude post maintenance tests, unless the cause of 33 failure was independent of the maintenance performed.) 34 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-8 EDG failure to load/run: Given that it has successfully started, a failure of the EDG 1 output breaker to close, loads successfully sequence and to run/operate for one hour to 2 perform its risk-significant functions. This failure mode is treated as a demand failure for 3 calculation purposes. (Exclude post maintenance tests, unless the cause of failure was 4 independent of the maintenance performed.) 5 EDG failure to run: Given that it has successfully started and loaded and run for an hour, 6 a failure of an EDG to run/operate. for its mission time to perform its risk-significant 7 functions. (Exclude post maintenance tests, unless the cause of failure was independent of 8 the maintenance performed.) 9 Pump failure on demand: A failure to start and run for at least one hour is counted as 10 failure on demand. (Exclude post maintenance tests, unless the cause of failure was 11 independent of the maintenance performed.) 12 Pump failure to run: Given that it has successfully started and run for an hour, a failure of 13 a pump to run/operate. for its mission time to perform its risk-significant functions. 14 (Exclude post maintenance tests, unless the cause of failure was independent of the 15 maintenance performed.) 16 Valve failure on demand: A failure to open or close is counted as failure on demand. 17 (Exclude post maintenance tests, unless the cause of failure was independent of the 18 maintenance performed.) 19 Clarifying Notes 20 Train Boundaries and Unavailable Hours 21 Include all components that are required to satisfy the risk-significant function of the 22 trai For example, high-pressure injection may have both an injection mode with 23 suction from the refueling water storage tank and a recirculation mode with suction from 24 the containment sump. Some components may be included in the scope of more than one 25 train. For example, one set of flow regulating valves and isolation valves in a three-pump, 26 two-steam generator system are included in the motor-driven pump train with which they 27 are electrically associated, but they are also included (along with the redundant set of 28 valves) in the turbine-driven pump train. In these instances, the effects of unavailability 29 of the valves should be reported in both affected train Similarly, when two trains 30 provide flow to a common header, the effect of isolation or flow regulating valve failures 31 in paths connected to the header should be considered in both trains 32 Cooling Water Support System Trains 33 The number of trains in the Cooling Water Support System will vary considerably from 34 plant to plant. The way these functions are modeled in the plant-specific PRA will 35 determine a logical approach for train determinatio For example, if the PRA modeled 36 separate pump and line segments, then the number of pumps and line segments would be 37 the number of trains. A separate value for UAI and URI will be calculated for each of the 38 systems in this indicator and then they will be added together to calculate the MSPI. 39 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-9 1 Active Components 2 For unreliability, use the following criteria for determining those components that should 3 be monitored: 4 Components that are normally running or have to change state to achieve the risk 5 significant function will be included in the performance index. Active failures of 6 check valves and manual valves are excluded from the performance index and will be 7 evaluated in the NRC inspection program. 8 Redundant valves within a train are not included in the performance inde Only 9 those valves whose failure alone can fail a train will be include The PRA success 10 criteria are to be used to identify these valves. 11 Redundant valves within a multi-train system, whether in series or parallel, where the 12 failure of both valves would prevent all trains in the system from performing a risk-13 significant function are include (See Figure F-5) 14 All pumps and diesels are included in the performance index 15 Table 3 defines the boundaries of components, and Figures F-1, F-2, F-3 and F-4 provide 16 examples of typical component boundaries as described in Table 3. Each plant will 17 determine their system boundaries, active components, and support components, and 18 have them available for NRC inspection. 19 Failures of Non-Active Components 20 Failures of SSC's that are not included in the performance index will not be counted as a 21 failure or a deman Failures of SSC's that cause an SSC within the scope of the 22 performance index to fail will not be counted as a failure or demand. An example could 23 be a manual suction isolation valve left closed which causes a pump to fail. This would 24 not be counted as a failure of the pum Any mispositioning of the valve that caused the 25 train to be unavailable would be counted as unavailability from the time of discovery. 26 The significance of the mispositioned valve prior to discovery would be addressed 27 through the inspection process. 28 29 Baseline Values 30 The baseline values for unreliability are contained in Table 2 and remain fixed. 31 The baseline values for unavailability include both plant-specific planned unavailability 32 values and unplanned unavailability value The unplanned unavailability values are 33 contained in Table 1 and remain fixed. They are based on ROP PI industry data from 34 1999 through 2001. (Most baseline data used in PIs come from the 1995-1997 time 35 period. However, in this case, the 1999-2001 ROP data are preferable, because the ROP 36 data breaks out systems separately (some of the industry 1995-1997 INPO data combine 37 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-10 systems, such as HPCI and RCIC, and do not include PWR RHR). It is important to note 1 that the data for the two periods is very similar.) 2 Support cooling baseline data is based on plant specific maintenance rule unplanned and 3 planned unavailability for years 1999 to 2001. (Maintenance rule data does not 4 distinguish between planned and unplanned unavailabilit There is no ROP support 5 cooling data.) 6 The baseline planned unavailability is based on actual plant-specific values for the period 7 1999 through 200 These values are expected to remain fixed unless the plant 8 maintenance philosophy is substantially changed with respect to on-line maintenance or 9 preventive maintenanc In these cases, the planned unavailability baseline value can be 10 adjuste A comment should be placed in the comment field of the quarterly report to 11 identify a substantial change in planned unavailabilit To determine the planned 12 unavailability: 13 1. Record the total train unavailable hours reported under the Reactor Oversight Process 14 for 1999 through 2001. 15 2. Subtract any fault exposure hours still included in the 1999-2001 period. 16 3. Subtract unplanned unavailable hours 17 4. Add any on-line overhaul hours and any other planned unavailability excluded in 18 accordance with NEI 99-02. 2 19 5. Add any planned unavailable hours for functions monitored under MSPI which were 20 not monitored under SSU in NEI 99-02. 21 6. Subtract any unavailable hours reported when the reactor was not critical. 22 7. Subtract hours cascaded onto monitored systems by support systems. 23 8. Divide the hours derived from steps 1-6 above by the total critical hours during 1999-24 2001. This is the baseline planned unavailability 25 Baseline unavailability is the sum of planned unavailability from step 7 and unplanned 26 unavailability from Table 1. 27 28 29  2 Note: The plant-specific PRA should model significant on-line overhaul hour DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-11 Table Historical Unplanned Maintenance Unavailability Train Values 1 (Based on ROP Industrywide Data for 1999 through 2001) 2 3 4 SYSTEM UNPLANNED UNAVAILABILITY/TRAIN EAC 1.7 E-03 PWR HPSI 6.1 E-04 PWR AFW (TD) 9.1 E-04 PWR AFW (MD) 6.9 E-04 PWR AFW (DieselD) 7.6 E-04 PWR (except CE) RHR 4.2 E-04 CE RHR 1.1 E-03 BWR HPCI 3.3 E-03 BWR HPCS 5.4 E-04 BWR RCIC 2.9 E-03 BWR RHR 1.2 E-03 Support Cooling No Data Available Use plant specific Maintenance Rule data for 1999-2001 5 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-12 Table Industry Priors and Parameters for Unreliability 1 2 3 Component Failure Mode a a b a Industry Mean Value b Source(s) Motor-operated valve Fail to open (or close) 5.0E-1 2.4E+2 2.1E-3 NUREG/CR-5500, Vol. 4,7,8,9 Air-operated valve Fail to open (or close) 5.0E-1 2.5E+2 2.0E-3 NUREG/CR-4550, Vol. 1 Fail to start 5.0E-1 2.4E+2 2.1E-3 NUREG/CR-5500, Vol. 1,8,9 Motor-driven pump, standby Fail to run 5.0E-1 5.0E+3h 1.0E-4/h NUREG/CR-5500, Vol. 1,8,9 Fail to start 4.9E-1 1.6E+2 3.0E-3 NUREG/CR-4550, Vol. 1 Motor-driven pump, running or alternating Fail to run 5.0E-1 1.7E+4h 3.0E-5/h NUREG/CR-4550, Vol. 1 Fail to start 4.7E-1 2.4E+1 1.9E-2 NUREG/CR-5500, Vol. 1 Turbine-driven pump, AFWS Fail to run 5.0E-1 3.1E+2 1.6E-3/h NUREG/CR-5500, Vol. 1 Fail to start 4.6E-1 1.7E+1 2.7E-2 NUREG/CR-5500, Vol. 4,7 Turbine-driven pump, HPCI or RCIC Fail to run 5.0E-1 3.1E+2h 1.6E-3/h NUREG/CR-5500, Vol. 1,4,7 Fail to start 4.7E-1 2.4E+1 1.9E-2 NUREG/CR-5500, Vol. 1 Diesel-driven pump, AFWS Fail to run 5.0E-1 6.3E+2h 8.0E-4/h NUREG/CR-4550, Vol. 1 Fail to start 4.8E-1 4.3E+1 1.1E-2 NUREG/CR-5500, Vol. 5 Fail to load/run 5.0E-1 2.9E+2 1.7E-3 c NUREG/CR-5500, Vol. 5 Emergency diesel generator Fail to run 5.0E-1 2.2E+3h 2.3E-4/h NUREG/CR-5500, Vol. 5 4 5 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-13 A constrained, non-informative prior is assume For failure to run events, a = 0.5 and 1 b = (a)/(mean rate). For failure upon demand events, a is a function of the mean 2 probability: 3 4 Mean Probability a 5 0.0 to 0.0025 0.50 6 >0.0025 to 0.010 0.49 7 >0.010 to 0.016 0.48 8 >0.016 to 0.023 0.47 9 >0.023 to 0.027 0.46 10 11 Then b = (a)(1.0 - mean probability)/(mean probability). 12 13 Failure to run events occurring within the first hour of operation are included within 14 the fail to start failure mod Failure to run events occurring after the first hour of 15 operation are included within the fail to run failure mod Unless otherwise noted, the 16 mean failure probabilities and rates include the probability of non-recover Types of 17 allowable recovery are outlined in the clarifying notes, under "Credit for Recovery 18 Actions." 19 20 Fail to load and run for one hour was calculated from the failure to run data in the 21 report indicate The failure rate for 0.0 to 0.5 hour (3.3E-3/h) multiplied by 0.5 hour, 22 was added to the failure rate for 0.5 to 14 hours (2.3E-4/h) multiplied by 0.5 hour.23 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-14 Table Component Boundary Definition Component Component boundary Diesel Generators The diesel generator boundary includes the generator body, generator actuator, lubrication system (local), fuel system (local), cooling components (local), startup air system receiver, exhaust and combustion air system, dedicated diesel battery (which is not part of the normal DC distribution system), individual diesel generator control system, circuit breaker for supply to safeguard buses and their associated local control circuit (coil, auxiliary contacts, wiring and control circuit contacts, and breaker closure interlocks) . Motor-Driven Pumps The pump boundary includes the pump body, motor/actuator, lubrication system cooling components of the pump seals, the voltage supply breaker, and its associated local control circuit (coil, auxiliary contacts, wiring and control circuit contacts). Turbine-Driven Pumps The turbine-driven pump boundary includes the pump body, turbine/actuator, lubrication system (including pump), extractions, turbo-pump seal, cooling components, and local turbine control system (speed). Motor-Operated Valves The valve boundary inc1udes the valve body, motor/actuator, the voltage supply breaker (both motive and control power) and its associated local open/close circuit (open/close switches, auxiliary and switch contacts, and wiring and switch energization contacts). Air-Operated Valves The valve boundary includes the valve body, the air operator, associated solenoid-operated valve, the power supply breaker or fuse for the solenoid valve, and its associated control circuit (open/close switches and local auxiliary and switch contacts). 1 DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-15 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 Figure F-123 Diesel Engine Control and Protection System Starting Air System Receiver Combustion Air System and Supply Jacket Water Fuel Oil System Fuel Oil Day Tank Generator Exciter and Voltage Regulator Exhaust System Governor and Control System Lubrication System EDG Breaker ESFAS/Sequencer DC Power Cooling Water Class 1E Bus EDG Boundary Isol. Valve Fuel Storage and Transfer System DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-16 1 2 Figure F-2 3 4 5 Controls Breaker Motor Operator Motor Driven Pump Boundary Pump ESFAS DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-17 Figure F-3 1 2 Controls Breaker Motor Operator MOV Boundary ESFAS DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-18 1 2 Figure F-4 3 4 Controls Turbine Turbine Driven Pump Boundary Pump ESFAS DRAFT NEI 99-02 MSPI 8/28/20028/23/20028/9/2002 F-19 1 TANKFigure F-5 Active Components Active Components Non-active Components
Addressee participation in the pilot program is voluntary and participants were asked to conform to the guidance in the RIS for the voluntary submission of PI data.
 
==Addressees==
were also informed that updated guidance would be provided in the form of revisions to the attachments to the RIS, namely, Attachment 1, an excerpt from Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Section 2.2, Mitigating System Performance Index, and Attachment 2, Draft NEI 99-02, Rev. 0, Appendix F, Methodologies For Computing the Unavailability Index, the Unreliability Index and Determining Performance Index Validity.
 
==SUMMARY OF ISSUE==
Since the issuance of RIS 2002-14 on August 28, 2002, Attachments 1 and 2 have been updated and Attachment 3 has been revised. The revised attachments are attached to this RIS
supplement.
 
ML022740008
 
RIS 2002-14, Sup. 1
 
==BACKFIT DISCUSSION==
This RIS supplement requires no action or written response. Therefore, the staff did not perform a backfit analysis.
 
===FEDERAL REGISTER NOTIFICATION===
A notice of opportunity for public comment was not published in the Federal Register because this RIS supplement is informational.
 
===PAPERWORK REDUCTION ACT STATEMENT===
This RIS supplement does not request any information collections.
 
If there are any questions about this matter, please contact one of the persons listed below.
 
/Original signed by: TReis/
                                              William D. Beckner, Program Director Operating Reactor Improvements program Division of Regulatory Improvement Programs Office of Nuclear Reactor Regulation Technical contact: Serita Sanders, NRR
                      301-415-2956 E-mail: sxs5@nrc.gov Attachments:
1. Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Section 2.2, Mitigating System Performance Index
2. Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Appendix F, Methodologies For Computing the Unavailability Index, the Unreliability Index, and Determining Performance Index Validity
3. Mitigating System Performance Index Pilot Program Success Criteria
4. List of Recently Issued NRC Regulatory Issue Summaries
 
Package ML022740008, ML022740012, ML022740072
                                                                    *See previous concurrence OFFICE OE:RORP:DRIP IIPB:DIPM                    SC:IIPB:DIPM    BC:IIPM:DIPM
  NAME JWShapaker*              SSanders*          MSatorious*      CCarpenter*
  DATE      09/ /2002          09/19/2002        09/26/2002      09/29/2002 OFFICE OGC                    SC:RORP:DRIP PD:RORP:DRIP
  NAME HJMcGurren*              TReis*            WDBeckner*
  DATE      09/30/2002          09/30/2002        09/30/2002
 
Attachment 3 RIS 2002-14, Sup. 1 Mitigating System Performance Index Pilot Program Success Criteria The Mitigating System Performance Index (MSPI) success criteria listed below will be met if there is general agreement among internal and external stakeholders that the criteria have been met.
 
a. The occurrence of a single failure of an MSPI monitored component by itself, absent any other failures or unavailabilities, should rarely exceed the green/white MSPI threshold as measured from the baseline value. The term rare is defined as minimizing the inconsistencies across plants, within plants, and within systems such that there is no undue burden on resources, and the objective of having consistent publicly displayed results can be achieved.
 
b. False positive and false negative rates can be established for the chosen statistical method, and instances where the MSPI cannot meet the criteria are rare.
 
c. Instances where the results from the MSPI calculational methodology are not consistent with the SPAR-3 models are rare and the differences are explainable.
 
d. The MSPI pilot plant participants can identify and compile the risk significant functions for the monitored systems in a readily inspectable format and can compile a set of predetermined success criteria for those risk significant functions.
 
e. The active components in the monitored systems are appropriate for inclusion in the MSPI and are a manageable number of components under the MSPI.
 
f. By the end of the pilot, MSPI data can be accurately reported and quality checked.
 
g. By the end of the pilot program, inspection procedures and MSPI pilot guidelines are sufficiently detailed to minimize MSPI Questions and NRC feedback forms.
 
h. MSPI Questions and NRC feedback do not reveal any unresolvable issues.
 
i. Data collection inconsistencies between the maintenance rule and the MSPI can be reconciled in order to eliminate or significantly reduce separate reporting.
 
j. Differences between the linear approximation models generated by licensee probabilistic risk assessments and those generated by the NRC SPAR-3 models can be reconciled.
 
k. The MSPI produces no new unintended consequences that cannot be resolved.
 
Upon the successful meeting of the success criteria, with a determination that the MSPI pilot is a valid and appropriate means of measuring risk for the monitored systems, the MSPI will suffice as the measure of assessment and not the significance determination process for single failures of the active components within the scope of the MSPI. Any significant problems will be resolved before full MSPI implementation.
 
Attachment 4 RIS 2002-14, Sup. 1 LIST OF RECENTLY ISSUED
                                NRC REGULATORY ISSUE SUMMARIES
_____________________________________________________________________________________
Regulatory Issue                                            Date of Summary No.                 Subject                      Issuance      Issued to
_____________________________________________________________________________________
2002-17          Guidance on Performing Military            09/19/2002 All holders of operating licenses Service Verification                                  for nuclear power reactors.
 
2002-16          Current Incident Response Issues          09/13/2002 All holders of operating licenses for nuclear power plants.
 
2002-15          NRC Approval of Commercial Data            08/28/2002 All authorized recipients and Encryption Systems for the                            holders of sensitive unclassified Electronic Transmission of                           safeguards information (SGI).
                Safeguards Information
2002-14         Proposed Changes to the Safety            08/28/2002 All holders of operating licenses System Unavailability Performance                    for nuclear power reactors, except Indicators                                            those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.
 
2002-13          Confirmation of Employment                08/27/2002 All holders of operating licenses Eligibility                                          for nuclear power reactors.
 
2002-12          NRC Threat Advisory and                    Various    Various Protective Measures System
2002-11          Requalification Program Test              08/09/2002 All holders operating licenses for Results for Okonite Okolon Single-                   nuclear power reactors, except Conductor Bonded-Jacket Cable                        those who have permanently (Followup to Regulatory Issue                        ceased operations and have Summary 2000-25)                                     certified that fuel has been permanently removed from the reactor vessel.
 
2002-10          Revision of the Skin Dose Limit in        07/09/2002 All U.S. Nuclear Regulatory
                10 CFR Part 20                                       Commission material licensees.
 
Note:            NRC generic communications may be received in electronic format shortly after they are issued by subscribing to the NRC listserver as follows:
                  To subscribe send an e-mail to <listproc@nrc.gov >, no subject, and the following command in the message portion:
                                    subscribe gc-nrr firstname lastname
______________________________________________________________________________________
OL = Operating License CP = Construction Permit
}}
}}
{{RIS-Nav}}

Latest revision as of 05:09, 24 November 2019

Proposed Changes to the Safety System Unavailability Performance Indicators
ML022740012
Person / Time
Issue date: 09/30/2002
From: Beckner W
NRC/NRR/DRIP/RORP
To:
Sanders S, NRR/DIPM, 415-2956
Shared Package
ML022740008 List:
References
RIS-02-014, Suppl 1
Preceding documents:
Download: ML022740012 (5)
v  d  e


UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555-0001 September 30, 2002 NRC REGULATORY ISSUE SUMMARY 2002-14, SUPPLEMENT 1 PROPOSED CHANGES TO THE SAFETY SYSTEM UNAVAILABILITY

PERFORMANCE INDICATORS

ADDRESSEES

All holders of operating licenses for nuclear power reactors, except those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.

INTENT

The U. S. Nuclear Regulatory Commission (NRC) is issuing this supplement to Regulatory Issue Summary (RIS) 2002-14 to provide to the addressees revised versions of the three attachments to the RIS.

BACKGROUND

Regulatory Issue Summary 2002-14 informed addressees that the NRC was starting a 6-month pilot program on September 1, 2002, to evaluate changes to the safety system unavailability (SSU) performance indicators (PIs), and that the pilot program would be assessed midway through the test period to determine if more than six months were needed to obtain meaningful results. The RIS and its three attachments provided guidance to participating addressees for submitting PI data to the NRC and on the program success criteria.

Addressee participation in the pilot program is voluntary and participants were asked to conform to the guidance in the RIS for the voluntary submission of PI data.

Addressees

were also informed that updated guidance would be provided in the form of revisions to the attachments to the RIS, namely, Attachment 1, an excerpt from Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Section 2.2, Mitigating System Performance Index, and Attachment 2, Draft NEI 99-02, Rev. 0, Appendix F, Methodologies For Computing the Unavailability Index, the Unreliability Index and Determining Performance Index Validity.

SUMMARY OF ISSUE

Since the issuance of RIS 2002-14 on August 28, 2002, Attachments 1 and 2 have been updated and Attachment 3 has been revised. The revised attachments are attached to this RIS

supplement.

ML022740008

RIS 2002-14, Sup. 1

BACKFIT DISCUSSION

This RIS supplement requires no action or written response. Therefore, the staff did not perform a backfit analysis.

FEDERAL REGISTER NOTIFICATION

A notice of opportunity for public comment was not published in the Federal Register because this RIS supplement is informational.

PAPERWORK REDUCTION ACT STATEMENT

This RIS supplement does not request any information collections.

If there are any questions about this matter, please contact one of the persons listed below.

/Original signed by: TReis/

William D. Beckner, Program Director Operating Reactor Improvements program Division of Regulatory Improvement Programs Office of Nuclear Reactor Regulation Technical contact: Serita Sanders, NRR

301-415-2956 E-mail: sxs5@nrc.gov Attachments:

1. Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Section 2.2, Mitigating System Performance Index

2. Draft NEI 99-02, Rev. 0, Regulatory Assessment Performance Indicator Guideline, Appendix F, Methodologies For Computing the Unavailability Index, the Unreliability Index, and Determining Performance Index Validity

3. Mitigating System Performance Index Pilot Program Success Criteria

4. List of Recently Issued NRC Regulatory Issue Summaries

Package ML022740008, ML022740012, ML022740072

  • See previous concurrence OFFICE OE:RORP:DRIP IIPB:DIPM SC:IIPB:DIPM BC:IIPM:DIPM

NAME JWShapaker* SSanders* MSatorious* CCarpenter*

DATE 09/ /2002 09/19/2002 09/26/2002 09/29/2002 OFFICE OGC SC:RORP:DRIP PD:RORP:DRIP

NAME HJMcGurren* TReis* WDBeckner*

DATE 09/30/2002 09/30/2002 09/30/2002

Attachment 3 RIS 2002-14, Sup. 1 Mitigating System Performance Index Pilot Program Success Criteria The Mitigating System Performance Index (MSPI) success criteria listed below will be met if there is general agreement among internal and external stakeholders that the criteria have been met.

a. The occurrence of a single failure of an MSPI monitored component by itself, absent any other failures or unavailabilities, should rarely exceed the green/white MSPI threshold as measured from the baseline value. The term rare is defined as minimizing the inconsistencies across plants, within plants, and within systems such that there is no undue burden on resources, and the objective of having consistent publicly displayed results can be achieved.

b. False positive and false negative rates can be established for the chosen statistical method, and instances where the MSPI cannot meet the criteria are rare.

c. Instances where the results from the MSPI calculational methodology are not consistent with the SPAR-3 models are rare and the differences are explainable.

d. The MSPI pilot plant participants can identify and compile the risk significant functions for the monitored systems in a readily inspectable format and can compile a set of predetermined success criteria for those risk significant functions.

e. The active components in the monitored systems are appropriate for inclusion in the MSPI and are a manageable number of components under the MSPI.

f. By the end of the pilot, MSPI data can be accurately reported and quality checked.

g. By the end of the pilot program, inspection procedures and MSPI pilot guidelines are sufficiently detailed to minimize MSPI Questions and NRC feedback forms.

h. MSPI Questions and NRC feedback do not reveal any unresolvable issues.

i. Data collection inconsistencies between the maintenance rule and the MSPI can be reconciled in order to eliminate or significantly reduce separate reporting.

j. Differences between the linear approximation models generated by licensee probabilistic risk assessments and those generated by the NRC SPAR-3 models can be reconciled.

k. The MSPI produces no new unintended consequences that cannot be resolved.

Upon the successful meeting of the success criteria, with a determination that the MSPI pilot is a valid and appropriate means of measuring risk for the monitored systems, the MSPI will suffice as the measure of assessment and not the significance determination process for single failures of the active components within the scope of the MSPI. Any significant problems will be resolved before full MSPI implementation.

Attachment 4 RIS 2002-14, Sup. 1 LIST OF RECENTLY ISSUED

NRC REGULATORY ISSUE SUMMARIES

_____________________________________________________________________________________

Regulatory Issue Date of Summary No. Subject Issuance Issued to

_____________________________________________________________________________________

2002-17 Guidance on Performing Military 09/19/2002 All holders of operating licenses Service Verification for nuclear power reactors.

2002-16 Current Incident Response Issues 09/13/2002 All holders of operating licenses for nuclear power plants.

2002-15 NRC Approval of Commercial Data 08/28/2002 All authorized recipients and Encryption Systems for the holders of sensitive unclassified Electronic Transmission of safeguards information (SGI).

Safeguards Information

2002-14 Proposed Changes to the Safety 08/28/2002 All holders of operating licenses System Unavailability Performance for nuclear power reactors, except Indicators those who have permanently ceased operations and have certified that fuel has been permanently removed from the reactor vessel.

2002-13 Confirmation of Employment 08/27/2002 All holders of operating licenses Eligibility for nuclear power reactors.

2002-12 NRC Threat Advisory and Various Various Protective Measures System

2002-11 Requalification Program Test 08/09/2002 All holders operating licenses for Results for Okonite Okolon Single- nuclear power reactors, except Conductor Bonded-Jacket Cable those who have permanently (Followup to Regulatory Issue ceased operations and have Summary 2000-25) certified that fuel has been permanently removed from the reactor vessel.

2002-10 Revision of the Skin Dose Limit in 07/09/2002 All U.S. Nuclear Regulatory

10 CFR Part 20 Commission material licensees.

Note: NRC generic communications may be received in electronic format shortly after they are issued by subscribing to the NRC listserver as follows:

To subscribe send an e-mail to <listproc@nrc.gov >, no subject, and the following command in the message portion:

subscribe gc-nrr firstname lastname

______________________________________________________________________________________

OL = Operating License CP = Construction Permit


Retrieved from "https://kanterella.com/w/index.php?title=RIS_2002-14,_Proposed_Changes_to_the_Safety_System_Unavailability_Performance_Indicators&oldid=2201864"