ML18081A936: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
| author name = Gavrilas M | | author name = Gavrilas M | ||
| author affiliation = NRC/NRR/DSS | | author affiliation = NRC/NRR/DSS | ||
| addressee name = Boyce T | | addressee name = Boyce T | ||
| addressee affiliation = NRC/RES/DE | | addressee affiliation = NRC/RES/DE | ||
| docket = | | docket = | ||
| Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter:March 23, 2018 | {{#Wiki_filter:March 23, 2018 MEMORANDUM TO: Thomas H. Boyce, Chief Regulatory Guidance and Generic Issues Branch Division of Engineering Office of Nuclear Regulatory Research FROM: Mirela Gavrilas, Director /RA/ | ||
Division of Safety Systems Office of Nuclear Reactor Regulation | |||
MEMORANDUM TO: | |||
==SUBJECT:== | ==SUBJECT:== | ||
REQUEST FOR REVIEW OF PROPOSED GENERIC ISSUE PRE-GI-020, INADEQUATE PROCEDURES TO ADDRESS ANTICIPATED OPERATIONAL OCCURRENCES | REQUEST FOR REVIEW OF PROPOSED GENERIC ISSUE PRE-GI-020, INADEQUATE PROCEDURES TO ADDRESS ANTICIPATED OPERATIONAL OCCURRENCES Per Yellow Ticket Y020180039 and in accordance with Office of Nuclear Reactor Regulation Office Instruction LIC-504, Revision 4, Integrated Risk-Informed Decision-Making Process for Emergent Issues, effective June 2, 2014, the Division of Safety Systems (DSS) and the Division of Risk Assessment (DRA) have performed an assessment of the proposed Generic Issue (PRE-GI-020) to determine if there is an immediate safety concern. The DSS and DRA staff findings are summarized in the attached enclosure. | ||
Per Yellow Ticket Y020180039 and in accordance with Office of Nuclear Reactor Regulation Office Instruction LIC-504, Revision 4, | |||
==Enclosure:== | ==Enclosure:== | ||
As stated | As stated CONTACT: Robert Beaton, DSS/SRXB Michelle Kichline, DRA/APHB (301-415-2952) (301-415-3153) | ||
CONTACT: | |||
ML18081A936 *via e-mail NRR-106 OFFICE DSS/SRXB DSS/SRXB: Acting BC DRA/ABPH NAME RBeaton JWhitman MKichline DATE 03/23/2018 03/23/2018 03/23/2018 OFFICE DRA: Director DSS: Director NAME MFranovich* MGavrilas DATE 03/19/2018 03/23/2018 Issue Summary The Generic Issue (GI) program received a proposed GI related to licensees not having appropriate operator procedures to address anticipated operational occurrences (AOOs), such as inadvertent emergency core cooling system (ECCS) actuation. This proposed issue, designated as PRE-GI-020, has been entered into the Generic Issues Management Control System and can be viewed on the U.S. Nuclear Regulatory Commission (NRC) website on the GI Dashboard at http://gid.nrc.gov/Planning. The submittal was also entered into the Agencywide Documents Access Management System (ADAMS) with Accession No. ML18019A703. The GI program staff acknowledged receipt of the issue in a memorandum dated February 16, 2018 (ADAMS ML18044A398). Based upon the information provided in the submittal, the GI program staff determined that the proposed issue is not an allegation or a physical security issue. | |||
This issue has been previously identified through an NRC inspection report for River Bend Station. On October 17, 2016, the regional staff issued NRC Examination Report 05000458/2016301 (ADAMS Accession No. ML16291A546) giving River Bend Station a non-cited violation of Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Appendix B, Criterion V, Instructions, Procedures, and Drawings, for ten examples of failing to provide appropriate qualitative and quantitative criteria in alarm response procedures, and abnormal operating procedures. Based upon the failure to have the proper procedures containing the appropriate qualitative and quantitative criteria for operators to complete the appropriate action, the NRC regional staff labeled the finding a performance deficiency. | |||
In the River Bend Station Examination Report noted above, the NRC regional staff assessed this finding as more than minor, because the finding was associated with the procedure quality attribute of the mitigating systems cornerstone and adversely affected the cornerstone objective of ensuring availability, reliability, and capability of systems needed to respond to initiating events to prevent undesired consequences. Specifically, inadequate procedures could adversely affect the operating crews ability to take appropriate actions to ensure reactor safety is being maintained. One of the specific examples cited by the NRC regional inspector was the lack of an abnormal procedure for inadvertent reactivity additions, such as cold water addition from an inadvertent start of a high-pressure core spray pump or a reactor core isolation cooling pump. This type of event can challenge reactor power, reactor level, and reactor pressure. | |||
NRC regional staff stated that without timely action this type of event can lead to potential fuel thermal limit challenges; therefore, immediate action is required by operators to secure the pump promptly prior to any important parameters being challenged from safe values. The NRC regional staff believe that this type of event should normally require entry into an abnormal procedure, but instead this licensee handles with skill of the craft and alarm response procedures instead of an abnormal procedure. | |||
Through use of Inspection Manual Chapter 0609, Appendix A, The Significance Determination Process (SDP) for Findings At-Power, dated June 19, 2012, the team determined that the finding was of very low safety significance (Green) because the finding: (1) was not a deficiency affecting the design and qualification of a mitigating structure, system, or component, and did not result in a loss of operability or functionality; (2) did not represent a loss of system and/or function; (3) did not represent an actual loss of function of at least a single train for longer than its technical specification allowed outage time or two separate safety systems out-of-service for longer than their technical specification allowed outage time; and (4) did not represent an actual loss of function of one or more non-technical specification trains of equipment designated as ENCLOSURE | |||
safety | high safety-significance in accordance with the licensees maintenance rule program for greater than 24 hours. | ||
The proposed GI | Evaluation and Assessment The proposed GI specifically notes that many plants are missing required off-normal (abnormal) procedures for Inadvertent Start of ESFAS equipment. This type of event is considered an AOO and is described in Section 15.5.1 - 15.5.2, Inadvertent Operation of ECCS and Chemical and Volume Control System Malfunction That Increases Reactor Coolant Inventory, of the Standard Review Plan (NUREG-0800). Depending on the specific ECCS injection systems that are inadvertently started, the temperature of the injected water, and the response of the automatic control systems, a power level increase may result and, without adequate controls, could lead to fuel damage or overpressurization of the reactor coolant system (RCS). The reactor would be expected to trip on high water level, high flux, high pressure, low pressure, or from a safety injection signal. The ECCS, once started, is not stopped by receipt of an automatic signal. Manual action, taken according to Emergency Operating Procedures, is required to stop the ECCS injection. Note that some BWR systems such as high pressure core spray have an automatic high water level setpoint which will stop the injection without operator action. | ||
This class of events is considered mass addition events and are currently analyzed events at all licensed plants and summarized in their Safety Analysis Reports. In these analyses, the licensees have demonstrated that all acceptance criteria are met, including the following: 1) pressure in the reactor coolant and main steam systems should be maintained below 110% of the design values, 2) fuel cladding integrity should be maintained, and 3) should not generate a more serious plant condition without other faults occurring independently. In an actual abnormal event, plant operators would likely take action to terminate or mitigate the abnormal conditions prior to the time assumed operator actions occur in the safety analyses (if any). Licensees have demonstrated that the plants are designed to handle these mass addition events while meeting the above acceptance criteria. Existing procedures, even if not specific to an inadvertent ECCS actuation, would lead operators to stop any unnecessary injection. If the operators failed to take the required action(s) in a timely manner, then the condition could potentially escalate into a more serious event. Specifically, in the case of pressurized water reactors (PWRs), if ECCS is allowed to continue and fill the pressurizer, liquid may eventually pass through the safety relief valves (SRVs). If the SRVs are not qualified to pass liquid, the SRVs may fail open which would result in an equivalent small break loss-of-coolant accident (LOCA). While this escalation to a more serious event is not a desired outcome, the more serious event (LOCA) is an analyzed event and licensees have demonstrated that they can meet the LOCA acceptance criteria from 10 CFR 50.46 in regard to peak cladding temperature, maximum cladding oxidation, maximum hydrogen generation, coolable geometry and long-term cooling. | |||
DSS staff reviewed information related to inadvertent ECCS actuation for the Byron and Braidwood backfit. The NRC staff had previously determined that the Byron and Braidwood sites were not in compliance with 10 CFR 50.34(b) because certain condition II events (faults of moderate frequency or AOOs) could result in water relief through unqualified pressurizer safety relief valves that may allow the event to lead to a more serious event. The Executive Director for Operations Backfit Appeal Review Panel charter specifically requested information from the Office of Nuclear Regulatory Research (RES) on the contribution to overall plant risk of the current configuration at Braidwood and Byron. RES report An Assessment of Core Damage Frequency for Byron/Braidwood Nuclear Power Plants Supporting Backfit Appeal Review | |||
Panel, (ADAMS Accession No. ML16214A199) examined situations with the plant as currently operated, and the plant where pressurizer overfill and a subsequent challenge to the SRVs was prevented. This was modeled by assuming operator actions to unblock a blocked power-operated relief valve and terminate safety injection are always successful. The core damage frequency (CDF) difference between these two scenarios was calculated to be 1.5E-07/year. This is a measure of maximum benefit that may be attained with a perfect backfit that avoids the issue (e.g. consequential small LOCA due to SRV failure after pressurizer overfill). This value is below the very small CDF delta risk threshold of 1E-06/year per Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 2, May 2011. | |||
Therefore, based on the RES study, even if there were a procedure specific to inadvertent ECCS actuation as the proposed GI states and the operators were successful in preventing the event from escalating from a condition II to condition III, the change is CDF is minimal and is therefore of low safety significance. Given the low safety significance, the issue does not need a detailed assessment using the LIC-504 process. Given the above information, the Division of Safety Systems (DSS) staff finds that the lack of specific procedure for responding to an inadvertent ECCS actuation is not an immediate safety concern. | |||
Other events specifically called out by the proposed GI are inadvertent start of auxiliary/emergency feedwater (AFW/EFW) for PWRs, and inadvertent start of containment spray. | |||
While inadvertent start of AFW is not specifically an analyzed event, feedwater system malfunctions that result in an increase in feedwater flow are analyzed events. Addition of excessive feedwater will cause an increase in core power by decreasing reactor coolant temperature. Since the power level rises during the excessive feedwater flow event, the fuel temperatures would also be expected to rise until after a reactor trip occurs. Normal reactor control systems and engineered safety systems are not required to function and operator action is typically not credited for this event. As an example, excessive feedwater flow could result from a full opening of one or more feedwater control valves due to a feedwater control system malfunction or an operator error. The feedwater flow would be terminated by a steam generator high-high level trip signal which closes all feedwater control and isolation valves, trips the main feedwater pumps, and trips the turbine (which would result in a reactor trip as well if not already tripped). As with the inadvertent ECCS actuation discussion above, all licensees already evaluate this event and demonstrate that it meets all acceptance criteria. Therefore, DSS staff conclude that the lack of a specific operating procedure for responding to an inadvertent start of AFW/EFW is not an immediate safety concern. | |||
An inadvertent start of containment spray is not an analyzed event. This event would not be expected to have a direct impact on the RCS. For inadvertent start of containment spray, the main safety concern is the effects of the containment spray fluid on safety-related equipment. In reviewing Licensee Event Reports, there were a few events where some degraded electrical conditions were later discovered. However, these were not found to have affected the ability to safely shut down the reactor, although they did have the potential for one or more dropped control element assemblies. The DSS staff concludes that the lack of a specific operating procedure for responding to an inadvertent start of containment spray is not an immediate safety concern. | |||
The proposed GI states based on the studies done at the Office of Nuclear Reactor Regulation on the potential for fuel damage at BWR-6 designs when High Pressure Core Spray (HPCS) is inadvertently started at full power, because this system sprays directly inside the shroud on the | |||
fuel and for this particular site the analysis shows that fuel damage can occur within approximately 30 seconds if the pump is not stopped. DSS staff is not aware of, and did not find any studies which show fuel damage within 30 seconds of an inadvertently started HPCS at full power. Section 15.5 of the River Bend Station (the plant noted in the proposed GI) Updated Safety Analysis Report summarizes an analysis of this specific event and does not credit any operator actions taken to stop HPCS injection. The results show this to be a benign event as both pressure and thermal variations are relatively small, and no significant consequences are experienced. DSS staff does not find it credible to have fuel damage within approximately 30 seconds after an inadvertent ECCS unless there are other additional failures. Therefore, DSS staff finds that the lack of a specific operating procedure for responding to an inadvertent ECCS start is not an immediate safety concern. | |||
Recommendation DSS and DRA staff conclude that the proposed GI related to lack of specific procedures to address certain events, such as inadvertent ECCS actuations, is not an immediate safety concern and does not require immediate regulatory action. Staff finds that plants may continue to operate while the issue is being processed through the generic issues program with no time restrictions. This is based on the following: 1) inadvertent ECCS injection events are already analyzed events which currently meet acceptance criteria, 2) existing symptom based response procedures, would lead operators to stop unnecessary injection and 3) low safety significance consistent with the Green finding in NRC Examination Report 05000458/2016301.}} | Recommendation DSS and DRA staff conclude that the proposed GI related to lack of specific procedures to address certain events, such as inadvertent ECCS actuations, is not an immediate safety concern and does not require immediate regulatory action. Staff finds that plants may continue to operate while the issue is being processed through the generic issues program with no time restrictions. This is based on the following: 1) inadvertent ECCS injection events are already analyzed events which currently meet acceptance criteria, 2) existing symptom based response procedures, would lead operators to stop unnecessary injection and 3) low safety significance consistent with the Green finding in NRC Examination Report 05000458/2016301.}} | ||
Latest revision as of 09:59, 3 February 2020
| ML18081A936 | |
| Person / Time | |
|---|---|
| Issue date: | 03/23/2018 |
| From: | Mirela Gavrilas NRC/NRR/DSS |
| To: | Boyce T NRC/RES/DE |
| Beaton R, DSS/SRXB 301-415-2952 | |
| References | |
| Y020180039 | |
| Download: ML18081A936 (4) | |
Text
March 23, 2018 MEMORANDUM TO: Thomas H. Boyce, Chief Regulatory Guidance and Generic Issues Branch Division of Engineering Office of Nuclear Regulatory Research FROM: Mirela Gavrilas, Director /RA/
Division of Safety Systems Office of Nuclear Reactor Regulation
SUBJECT:
REQUEST FOR REVIEW OF PROPOSED GENERIC ISSUE PRE-GI-020, INADEQUATE PROCEDURES TO ADDRESS ANTICIPATED OPERATIONAL OCCURRENCES Per Yellow Ticket Y020180039 and in accordance with Office of Nuclear Reactor Regulation Office Instruction LIC-504, Revision 4, Integrated Risk-Informed Decision-Making Process for Emergent Issues, effective June 2, 2014, the Division of Safety Systems (DSS) and the Division of Risk Assessment (DRA) have performed an assessment of the proposed Generic Issue (PRE-GI-020) to determine if there is an immediate safety concern. The DSS and DRA staff findings are summarized in the attached enclosure.
Enclosure:
As stated CONTACT: Robert Beaton, DSS/SRXB Michelle Kichline, DRA/APHB (301-415-2952) (301-415-3153)
ML18081A936 *via e-mail NRR-106 OFFICE DSS/SRXB DSS/SRXB: Acting BC DRA/ABPH NAME RBeaton JWhitman MKichline DATE 03/23/2018 03/23/2018 03/23/2018 OFFICE DRA: Director DSS: Director NAME MFranovich* MGavrilas DATE 03/19/2018 03/23/2018 Issue Summary The Generic Issue (GI) program received a proposed GI related to licensees not having appropriate operator procedures to address anticipated operational occurrences (AOOs), such as inadvertent emergency core cooling system (ECCS) actuation. This proposed issue, designated as PRE-GI-020, has been entered into the Generic Issues Management Control System and can be viewed on the U.S. Nuclear Regulatory Commission (NRC) website on the GI Dashboard at http://gid.nrc.gov/Planning. The submittal was also entered into the Agencywide Documents Access Management System (ADAMS) with Accession No. ML18019A703. The GI program staff acknowledged receipt of the issue in a memorandum dated February 16, 2018 (ADAMS ML18044A398). Based upon the information provided in the submittal, the GI program staff determined that the proposed issue is not an allegation or a physical security issue.
This issue has been previously identified through an NRC inspection report for River Bend Station. On October 17, 2016, the regional staff issued NRC Examination Report 05000458/2016301 (ADAMS Accession No. ML16291A546) giving River Bend Station a non-cited violation of Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Appendix B, Criterion V, Instructions, Procedures, and Drawings, for ten examples of failing to provide appropriate qualitative and quantitative criteria in alarm response procedures, and abnormal operating procedures. Based upon the failure to have the proper procedures containing the appropriate qualitative and quantitative criteria for operators to complete the appropriate action, the NRC regional staff labeled the finding a performance deficiency.
In the River Bend Station Examination Report noted above, the NRC regional staff assessed this finding as more than minor, because the finding was associated with the procedure quality attribute of the mitigating systems cornerstone and adversely affected the cornerstone objective of ensuring availability, reliability, and capability of systems needed to respond to initiating events to prevent undesired consequences. Specifically, inadequate procedures could adversely affect the operating crews ability to take appropriate actions to ensure reactor safety is being maintained. One of the specific examples cited by the NRC regional inspector was the lack of an abnormal procedure for inadvertent reactivity additions, such as cold water addition from an inadvertent start of a high-pressure core spray pump or a reactor core isolation cooling pump. This type of event can challenge reactor power, reactor level, and reactor pressure.
NRC regional staff stated that without timely action this type of event can lead to potential fuel thermal limit challenges; therefore, immediate action is required by operators to secure the pump promptly prior to any important parameters being challenged from safe values. The NRC regional staff believe that this type of event should normally require entry into an abnormal procedure, but instead this licensee handles with skill of the craft and alarm response procedures instead of an abnormal procedure.
Through use of Inspection Manual Chapter 0609, Appendix A, The Significance Determination Process (SDP) for Findings At-Power, dated June 19, 2012, the team determined that the finding was of very low safety significance (Green) because the finding: (1) was not a deficiency affecting the design and qualification of a mitigating structure, system, or component, and did not result in a loss of operability or functionality; (2) did not represent a loss of system and/or function; (3) did not represent an actual loss of function of at least a single train for longer than its technical specification allowed outage time or two separate safety systems out-of-service for longer than their technical specification allowed outage time; and (4) did not represent an actual loss of function of one or more non-technical specification trains of equipment designated as ENCLOSURE
high safety-significance in accordance with the licensees maintenance rule program for greater than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.
Evaluation and Assessment The proposed GI specifically notes that many plants are missing required off-normal (abnormal) procedures for Inadvertent Start of ESFAS equipment. This type of event is considered an AOO and is described in Section 15.5.1 - 15.5.2, Inadvertent Operation of ECCS and Chemical and Volume Control System Malfunction That Increases Reactor Coolant Inventory, of the Standard Review Plan (NUREG-0800). Depending on the specific ECCS injection systems that are inadvertently started, the temperature of the injected water, and the response of the automatic control systems, a power level increase may result and, without adequate controls, could lead to fuel damage or overpressurization of the reactor coolant system (RCS). The reactor would be expected to trip on high water level, high flux, high pressure, low pressure, or from a safety injection signal. The ECCS, once started, is not stopped by receipt of an automatic signal. Manual action, taken according to Emergency Operating Procedures, is required to stop the ECCS injection. Note that some BWR systems such as high pressure core spray have an automatic high water level setpoint which will stop the injection without operator action.
This class of events is considered mass addition events and are currently analyzed events at all licensed plants and summarized in their Safety Analysis Reports. In these analyses, the licensees have demonstrated that all acceptance criteria are met, including the following: 1) pressure in the reactor coolant and main steam systems should be maintained below 110% of the design values, 2) fuel cladding integrity should be maintained, and 3) should not generate a more serious plant condition without other faults occurring independently. In an actual abnormal event, plant operators would likely take action to terminate or mitigate the abnormal conditions prior to the time assumed operator actions occur in the safety analyses (if any). Licensees have demonstrated that the plants are designed to handle these mass addition events while meeting the above acceptance criteria. Existing procedures, even if not specific to an inadvertent ECCS actuation, would lead operators to stop any unnecessary injection. If the operators failed to take the required action(s) in a timely manner, then the condition could potentially escalate into a more serious event. Specifically, in the case of pressurized water reactors (PWRs), if ECCS is allowed to continue and fill the pressurizer, liquid may eventually pass through the safety relief valves (SRVs). If the SRVs are not qualified to pass liquid, the SRVs may fail open which would result in an equivalent small break loss-of-coolant accident (LOCA). While this escalation to a more serious event is not a desired outcome, the more serious event (LOCA) is an analyzed event and licensees have demonstrated that they can meet the LOCA acceptance criteria from 10 CFR 50.46 in regard to peak cladding temperature, maximum cladding oxidation, maximum hydrogen generation, coolable geometry and long-term cooling.
DSS staff reviewed information related to inadvertent ECCS actuation for the Byron and Braidwood backfit. The NRC staff had previously determined that the Byron and Braidwood sites were not in compliance with 10 CFR 50.34(b) because certain condition II events (faults of moderate frequency or AOOs) could result in water relief through unqualified pressurizer safety relief valves that may allow the event to lead to a more serious event. The Executive Director for Operations Backfit Appeal Review Panel charter specifically requested information from the Office of Nuclear Regulatory Research (RES) on the contribution to overall plant risk of the current configuration at Braidwood and Byron. RES report An Assessment of Core Damage Frequency for Byron/Braidwood Nuclear Power Plants Supporting Backfit Appeal Review
Panel, (ADAMS Accession No. ML16214A199) examined situations with the plant as currently operated, and the plant where pressurizer overfill and a subsequent challenge to the SRVs was prevented. This was modeled by assuming operator actions to unblock a blocked power-operated relief valve and terminate safety injection are always successful. The core damage frequency (CDF) difference between these two scenarios was calculated to be 1.5E-07/year. This is a measure of maximum benefit that may be attained with a perfect backfit that avoids the issue (e.g. consequential small LOCA due to SRV failure after pressurizer overfill). This value is below the very small CDF delta risk threshold of 1E-06/year per Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 2, May 2011.
Therefore, based on the RES study, even if there were a procedure specific to inadvertent ECCS actuation as the proposed GI states and the operators were successful in preventing the event from escalating from a condition II to condition III, the change is CDF is minimal and is therefore of low safety significance. Given the low safety significance, the issue does not need a detailed assessment using the LIC-504 process. Given the above information, the Division of Safety Systems (DSS) staff finds that the lack of specific procedure for responding to an inadvertent ECCS actuation is not an immediate safety concern.
Other events specifically called out by the proposed GI are inadvertent start of auxiliary/emergency feedwater (AFW/EFW) for PWRs, and inadvertent start of containment spray.
While inadvertent start of AFW is not specifically an analyzed event, feedwater system malfunctions that result in an increase in feedwater flow are analyzed events. Addition of excessive feedwater will cause an increase in core power by decreasing reactor coolant temperature. Since the power level rises during the excessive feedwater flow event, the fuel temperatures would also be expected to rise until after a reactor trip occurs. Normal reactor control systems and engineered safety systems are not required to function and operator action is typically not credited for this event. As an example, excessive feedwater flow could result from a full opening of one or more feedwater control valves due to a feedwater control system malfunction or an operator error. The feedwater flow would be terminated by a steam generator high-high level trip signal which closes all feedwater control and isolation valves, trips the main feedwater pumps, and trips the turbine (which would result in a reactor trip as well if not already tripped). As with the inadvertent ECCS actuation discussion above, all licensees already evaluate this event and demonstrate that it meets all acceptance criteria. Therefore, DSS staff conclude that the lack of a specific operating procedure for responding to an inadvertent start of AFW/EFW is not an immediate safety concern.
An inadvertent start of containment spray is not an analyzed event. This event would not be expected to have a direct impact on the RCS. For inadvertent start of containment spray, the main safety concern is the effects of the containment spray fluid on safety-related equipment. In reviewing Licensee Event Reports, there were a few events where some degraded electrical conditions were later discovered. However, these were not found to have affected the ability to safely shut down the reactor, although they did have the potential for one or more dropped control element assemblies. The DSS staff concludes that the lack of a specific operating procedure for responding to an inadvertent start of containment spray is not an immediate safety concern.
The proposed GI states based on the studies done at the Office of Nuclear Reactor Regulation on the potential for fuel damage at BWR-6 designs when High Pressure Core Spray (HPCS) is inadvertently started at full power, because this system sprays directly inside the shroud on the
fuel and for this particular site the analysis shows that fuel damage can occur within approximately 30 seconds if the pump is not stopped. DSS staff is not aware of, and did not find any studies which show fuel damage within 30 seconds of an inadvertently started HPCS at full power. Section 15.5 of the River Bend Station (the plant noted in the proposed GI) Updated Safety Analysis Report summarizes an analysis of this specific event and does not credit any operator actions taken to stop HPCS injection. The results show this to be a benign event as both pressure and thermal variations are relatively small, and no significant consequences are experienced. DSS staff does not find it credible to have fuel damage within approximately 30 seconds after an inadvertent ECCS unless there are other additional failures. Therefore, DSS staff finds that the lack of a specific operating procedure for responding to an inadvertent ECCS start is not an immediate safety concern.
Recommendation DSS and DRA staff conclude that the proposed GI related to lack of specific procedures to address certain events, such as inadvertent ECCS actuations, is not an immediate safety concern and does not require immediate regulatory action. Staff finds that plants may continue to operate while the issue is being processed through the generic issues program with no time restrictions. This is based on the following: 1) inadvertent ECCS injection events are already analyzed events which currently meet acceptance criteria, 2) existing symptom based response procedures, would lead operators to stop unnecessary injection and 3) low safety significance consistent with the Green finding in NRC Examination Report 05000458/2016301.