Latest revision as of 15:28, 7 March 2020

Text

Transmittal of Final Waterford Steam Electric Station, Unit 3, Accident Sequence Precursor Report (Licensee Event Report 382-2017-002)
	ML18075A076
Person / Time
Site:	Waterford
Issue date:	03/22/2018
From:	April Pulvirenti; Plant Licensing Branch IV
To:	; Entergy Operations
	Pulvirenti A, NRR/DORL/LPLIV, 415-1390
References
	LER 382-2017-002
	Download: ML18075A076 (5)
	v • d • e

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 20555-0001 March 22, 2018 Site Vice President Entergy Operations, Inc.

Waterford Steam Electric Station, Unit 3 17265 River Road Killona, LA 70057-3093

SUBJECT:

TRANSMITTAL OF FINAL WATERFORD STEAM ELECTRIC STATION, UNIT 3, ACCIDENT SEQUENCE PRECURSOR REPORT (LICENSEE EVENT REPORT 382-2017-002)

Dear Sir or Madam:

By letter dated September 18, 2017 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML17261B215), Entergy Operations, Inc. (the licensee) submitted Licensee Event Report (LER) 382-2017-002, "Automatic Reactor Scram due to the Failure of Fast Bus Transfer Relays to Automatically Transfer Station Loads to Offsite Power on a Main Generator Trip," to the U.S. Nuclear Regulatory Commission (NRC) staff for Waterford Steam Electric Station, Unit 3 (Waterford 3), pursuant to Title 10 of the Code of Federal Regulations Section 50. 73. As part of the Accident Sequence Precursor (ASP) Program, the NRC staff reviewed the event to identify potential precursors and to determine the probability of the event leading to a core damage state. The results of the analysis are provided in the enclosure to this letter.

The NRC does not request a formal analysis review, in accordance with Regulatory Issue Summary 2006-24, "Revised Review and Transmittal Process for Accident Sequence Precursor Analyses," dated December 6, 2006 (ADAMS Accession No. ML060900007), because the analysis resulted in a conditional core damage probability (CCDP) of less than 1x10-4 .

Final ASP Analysis Summary. A brief summary of the final ASP analysis, including the results, is provided below.

Automatic Reactor Scram due to the Failure of Fast Bus Transfer Relays to Automatically Transfer Station Loads to Offsite Power on a Main Generator Trip. This event is documented in LER 382-2017-002 and in Inspection Report 05000382/2017011 (ADAMS Accession No. ML17354A690).

Executive Summary. On July 17, 2017, with the Waterford 3 reactor operating at 100 percent power, control room operators received indications of an electrical grid spike during a severe thunderstorm. The isophase bus duct to main transformer 'B' was glowing orange and arcing, causing control room operators to manually trip the main turbine to de-energize main transformer 'B.' Unexpectedly, the transfer of the electrical buses from the unit auxiliary transformer to the startup transformer did not occur, resulting in a loss of offsite power (LOOP) to the safety and nonsafety electrical buses. Both emergency diesel generators (EDGs) started

and loaded their respective safety buses. Emergency feedwater (EFW) automatically actuated to feed the steam generators and was manually controlled by the operators.

This event was modeled as a plant-centered LOOP initiating event. Given the modeling assumptions used in this analysis, the CCDP was calculated to be 2x 1o-5

The risk of this event is dominated by station blackout scenarios as the result of postulated failures of the EDGs and EFW, with the subsequent failure of operators to recover offsite power. In addition, the risk of the event is significantly affected by the lack of feed-and-bleed cooling capability at Waterford 3.

Sensitivity cases were performed to quantify the risk impacts from modeling uncertainties associated with key assumptions made in this ASP analysis (e.g., recovery of auxiliary feedwater, credit for FLEX generators). In all cases, the resulting CCDP remained above the ASP precursor threshold.

The licensee performed a past operability analysis and determined that the Struthers Dunn relays would not have fulfilled their safety function of transferring safety-related loads to the offsite transmission network from June 2, 2017, until the automatic trip on July 17, 2017. A licensee performance deficiency was identified for an inadequate design change that rendered the fast bus transfer system inoperable. A detailed risk analysis for this condition was performed to support the Significance Determination Process, resulting in a delta core damage frequency (~CDF) of 4.5x 10-7 per year, which is a Green finding (i.e., very low safety significance).

Summary of Analysis Results. This operational event resulted in a best estimate CCDP of 2x1Q*5

The detailed ASP analysis can be found in the enclosure.

If you have any questions, please contact me at 301-415-1390 or via e-mail at April. Pulvirenti@nrc.gov.

Sincerely, April L. Pulvirenti, Project Manager Plant Licensing Branch IV Division of Operating Reactor Licensing Office of Nuclear Reactor Regulation Docket No. 50-382

Enclosure:

Final Accident Sequence Precursor Analysis cc: Listserv

ENCLOSURE FINAL ACCIDENT SEQUENCE PRECURSOR ANALYSIS WATERFORD STEAM ELECTRIC STATION, UNIT 3 AUTOMATIC REACTOR SCRAM DUE TO THE FAILURE OF FAST BUS TRANSFER RELAYS TO AUTOMATICALLY TRANSFER STATION LOADS TO OFFSITE POWER ON A MAIN GENERATOR TRIP (LER 382-2017-002) - PRECURSOR

Final ASP Pro sis - Precursor Waterford Steam Automatic Reactor Scram due to the Failure of Fast Bus Electric Station - Transfer Relays to Automatically Transfer Station Loads to Unit 3 Offsite Power on a Main Generator Trip LER: 382-2017-002 Event Date: 07/17/2017 CCDP= 2x10-5 IR: 05000382/2017011 Plant Type: Pressurized Water Reactor (PWR); Combustion Engineering Two-Loop with a Lar e, D Containment Plant Operating Mode (Reactor Power Level): Mode 1 (100% reactor power)

Approval Date:

Analyst: Reviewer: Contributors:

03/1/18 Ian Gifford Christopher Hunter N/A EXECUTIVE

SUMMARY

On July 17, 2017, with the Waterford 3 reactor operating at 100 percent power, control room operators received indications of an electrical grid spike during a severe thunderstorm. The isophase bus duct to main transformer 'B' was glowing orange and arcing, causing control room operators to manually trip the main turbine to de-energize main transformer 'B'. Unexpectedly, the transfer of the electrical buses from the unit auxiliary transformer (UAT) to the startup transformer (SUT) did not occur, resulting in a loss of offsite power (LOOP) to the safety and nonsafety electrical buses. Both emergency diesel generators (EDGs) started and loaded their respective safety buses. Emergency feedwater (EFW) automatically actuated to feed the steam generators and was manually controlled by the operators.

This event was modeled as a plant-centered LOOP initiating event. Given the modeling assumptions used in this analysis, the conditional core damage probability (CCDP) was calculated to be 2x10-5

The risk of this event is dominated by station blackout (SBO) scenarios as the result of postulated failures of the EDGs and EFW, with the subsequent failure of operators to recover offsite power. In addition, the risk of the event is significantly affected by the lack of feed-and-bleed cooling capability at Waterford. Sensitivity cases were performed to quantify the risk impacts from modeling uncertainties associated with key assumptions made in this ASP analysis (e.g., recovery of auxiliary feedwater, credit for FLEX generators). In all cases, the resulting CCDP remained above the ASP precursor threshold.

The licensee performed a past operability analysis and determined that the Struthers Dunn relays would not have fulfilled their safety function of transferring safety-related loads to the offsite transmission network from June 2nd until the automatic trip on July 171h. A licensee performance deficiency was identified for an inadequate design change that rendered the fast bus transfer system inoperable. A detailed risk analysis for this condition was performed to support the Significance Determination Process (SOP), resulting in a delta core damage frequency (.6.CDF) of 4.5x10-7 per year, which is a Green finding (i.e., very low safety significance).

EVENT DETAILS 1

LER 382-2017-002 Event Description. On July 17, 2017, at 3:55 p.m., with the Waterford 3 reactor operating at 100 percent power, control room operators received indications of an electrical grid spike during a severe thunderstorm. Operators were dispatched to investigate electrical components in the transformer yard where they reported that the isophase bus duct to main transformer 'B' was glowing orange and arcing. At 4:06 p.m., control room operators manually tripped the main turbine to de-energize main transformer 'B'. In response to the main turbine trip, the main generator automatically tripped and reactor power cutback was initiated. Unexpectedly, the transfer of the electrical buses from the UAT to the SUT did not occur, resulting in a LOOP to the safety and nonsafety electrical buses. All four reactor coolant pumps (RCPs) were de-energized and the reactor automatically tripped due to loss of forced circulation. Both EDGs started and loaded their respective safety buses. EFW automatically actuated to provide inventory makeup to the steam generators. Control room operators took manual control of EFW due to overcooling concerns. Offsite power was restored to the train 'A' and train 'B' safety buses at 6:44 p.m. and 8:01 p.m., respectively. On July 18th at 1:16 a.m., control room operators started the auxiliary feedwater (AFW) pump to feed the steam generators and secured EFW.

The licensee performed a past operability analysis and determined that the Struthers Dunn relays would not have fulfilled their safety function of transferring safety-related loads to the offsite transmission network from June 2nd until the automatic trip on July 17th.

Additional information regarding this event can be found in licensee event report (LER) 382-2017-002 (Ref. 1) and inspection report (IR) 05000382/2017011 (Ref. 2).

Cause. Overheating of the isophase bus duct was caused by the failure of a shunt assembly connection to the phase 'B' bus duct. The failure of the shunt assembly was likely due to a combination of the dynamic response to the grid spike and degraded connections between the shunt assemblies and the bus duct. Failure of the fast bus transfer was caused by an instantaneous time out of the Struthers Dunn 237 series direct current (DC) time delay dropout relays after being exposed to DC coil inductive kick. Additionally, post-modification testing to the Struthers Dunn relay did not exercise the fast bus transfer timing circuitry and, therefore, prevented early detection of the relay failure.

MODELING Basis for ASP Analysis/SOP Results. The ASP Program performs independent analyses for initiating events. ASP analyses of initiating events account for all failures/degraded conditions and unavailabilities (e.g., equipment out for test/maintenance) that occurred during the event, regardless of licensee performance. 1 A licensee performance deficiency was identified for an inadequate design change that rendered the fast bus transfer system inoperable. Modifications to the fast bus transfer circuitry in May 2017 did not properly account for the increased susceptibility to DC coil inductive kick of electronic devices, and resulted in the licensee's inability to maintain offsite power to the 6.9 kilo-volt (kV) and 4.16 kV electrical buses following a trip of the main generator. A detailed risk analysis was performed under the SOP that modeled the failure of the fast bus transfer for the 45-day exposure period. The analysis utilized a condition-specific 2-hour nonrecovery value for offsite power of 7.0x1Q-3 , given that offsite power was always available in the switchyard.

ASP analyses also account for any degraded condition(s) identified after the initiating event occurred, if the failure/degradation exposure period(s) overlaps the initiating event date.

2

LER 382-2017-002 The ~CDP over this exposure period was calculated to be 1.97x 1o-6 , with dominant core damage sequences involving a transient initiating event, failure of fast transfer, failure of the EDGs, and failure of the turbine-driven EFW pump upon battery depletion. The SOP analysis determined that credit should be given for the ability of the FLEX diesel generator to provide power to a vital battery that allows extended operation of the turbine-driven EFW pump. A failure probability of 0.1 was determined using the SPAR-H Human Reliability Analysis Method (Ref. 3 and 4) for the operator actions required to shed DC loads during a SBO; set up, start, and align the FLEX diesel generator; and establish vital battery charging form via the FLEX diesel generator. The final ~CDF was calculated to be 4.5x 10-7 per year, which is a Green finding (i.e., very low safety significance). Additional information regarding this SOP analysis can be found in IR 05000382/2017011.

Analysis Type. An initiating event analysis was performed using the Waterford 3 standardized plant analysis risk (SPAR) model, Revision 8.54, created on December 15, 2017.

SPAR Model Modifications. The following modifications were required for this initiating event analysis:

Typically, the AFW system is assumed to be unavailable during a LOOP because the nonsafety buses are de-energized. However, because offsite power remained available at the switchyard throughout the event, it was determined that operators had sufficient time to recover offsite power and align the AFW pump. 2 Therefore, the EFW (emergency feedwater system) fault tree was modified by inserting the AFW (auxiliary feedwater system) fault tree as a transfer under the existing top gate of the EFW (emergency feedwater system) fault tree. In addition, this top gate was changed to AND gate. A new OR gate EFW-1 (failure of EFW) was inserted under the EFW fault tree top gate with all EFW system logic being moved under gate EFW-1. The modified EFW fault tree is shown in Figure A-1.

To model power recovery to the AFW system, the ACP-NSTRNB (nonessential train B AC power) fault tree was modified to include a new AND gate ACP-NSTRNB-LOOP (loss of div. B offsite power with no recovery) inserted under the existing OR gate ACP-NSTRNB (nonessential train B AC power). House event HE-LOOP-B (loss of div.

B offsite power flag) and basic event OEP-XHE-XL-NR01 HPC (operator fails to recover offsite power in 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months (plant-centered)) were added under AND gate ACP-NSTRNB-LOOP. The modified ACP-NSTRNB fault tree is shown in Figure A-2.

In ASP analyses, recovery credit for EOG failures is limited to cases where event information supports credit for EOG recovery. Therefore, the DGR-02H (diesel generator recovery in 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months ) top event (including applicable event tree branching) was eliminated from the SBO event tree. The modified SBO event tree is shown in Figure B-1.

Key Modeling Assumptions. The following modeling assumptions were determined to be significant to the modeling of this event analysis:

2 The AFW pump is designed to deliver sufficient flow to the steam generators at maximum steam generator pressure, provided that power is available to the pump. Procedural guidance for restoring steam generator inventory with the AFW system is provided in OP-902-006, "Loss of Main Feedwater Recovery"; OP-902-008, "Functional Recovery Procedure"; and OP-902-009 Appendix 32, "Establishing Main Feedwater."

3

LER 382-2017-002

This analysis models the July 17, 2017, reactor trip at the Waterford Steam Electric Station as a plant-centered LOOP that resulted from failure of the fast transfer system, leaving the safety and nonsafety electrical buses without an offsite power source.

Therefore, the probability for IE-LOOPPC (loss of offsite power initiator (plant-centered))

was set to 1.0; all other initiating event probabilities were set to zero.

The time required to restore offsite power to plant equipment is a significant factor in modeling the risk of core damage given a LOOP. Given that offsite power remained available at the switchyard during this event, the analyst determined that condition-specific 1- and 2-hour nonrecovery probabilities for offsite power are warranted in this case. The SPAR-H Human Reliability Analysis Method was used to estimate nonrecovery probabilities, with key qualitative information for these recovery human failure events (HFEs) and the performance shaping factor (PSF) adjustments required for the quantification of these recovery events provided in Tables 1 and 2.

Table 1. Key Qualitative Information of HFEs f or Offsite power Recovery The definition for these recovery HFEs is the operators failing to restore Definition offsite power to the electrical safety buses within 1 and 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months (depending on the sequence) given a LOOP and postulated SBO.

Depending on postulated failures of the RCP seals (due to unavailability of Description and seal injection/cooling), operators would have between 1 to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months to restore Event Context power to the safety electrical buses.

Operator Action For successful recovery, operators would have to locally reset lockout relays Success Criteria prior to core uncovery.

Transformer alarms

Breaker alarms

EDGs automatically starting

RCP trouble alarms

Condenser vacuum alarms Nominal Cues

Low reactor coolant system flow indications

Loss of control room lighting

Extensive loss of various indications

Equipment "loss of power" alarms

Tripped breaker indications on the 6.9 kV and 4.16 kV buses

Extensive loss of component power available indications

OP-902-003, "Loss of Offsite Power/Loss of Forced Circulation Procedural Recovery Procedure" Guidance

OP-902-005, "Station Blackout Recovery Procedure"

OP-902-009 Appendix 12, "Electrical Restoration" Diagnosis/Action These recovery HFEs contain diagnosis and action components.

T a bl e 2 SPAR H Eva Iuaf 10n of PSFs f or Offs1e "t Power Recovery Multiplier PSF Notes Diagnosis/Action Time Available 1 or 0.01 / 1 The operators would need less than five minutes to perform the action component (i.e., reset the lockout relays). Therefore, the minimum time for diagnosis is approximately 55 minutes. It would take operators approximately 30 minutes to get through the procedures and verify offsite power is fully available. Given these assumptions, the available time for the diagnosis 4

LER 382-2017-002 Multiplier PSF Notes Diagnosis/Action component for 1-hour recovery is assigned as Nominal Time (i.e., x1 ).

Available time for the diagnosis component for 2-hour recovery is assigned as Expansive Time (i.e., xQ.01; time available is >2 times nominal and >30 minutes).

Since sufficient time was available for the action component of the recovery, the available time for the action component for all recovery times is evaluated as Nominal (i.e., x1 ). See Reference 4 for guidance on apportioning time between the diagnosis and action components of an HFE.

Stress 2I 1 The PSF for diagnosis stress is assigned a value of High Stress (i.e., x2) due to the postulated SBO.

The PSF for action stress was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1 ).

Complexity 2I 1 The PSF for diagnosis complexity is assigned a value of Moderately Complex (i.e., x2) because operators would have to deal with multiple equipment unavailabilities and the concurrent actions/multiple procedures during a postulated SBO.

The PSF for action complexity was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1 ).

Procedures, 1/ 1 No event information is available to warrant a change in Experience/Training, these PSFs (for diagnosis and action) from Nominal for Ergonomic/HS I, these HFEs.

Fitness-for-Duty, Work Process An HEP evaluated using SPAR-His calculated using the following formula:

Calculated HEP= (Product of Diagnosis PSFsx0.01) + (Product of Action PSFsx0.001)

Therefore, the failure probability for OEP-XHE-NR01 HPC (operator fails to recover offsite power in 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months (plant-centered)) was set to 4x 10-2 and the failure probability for OEP-XHE-NR02HPC (operator fails to recover offsite power in 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months {plant-centered))

was set to 1x 1o-3 .

ANALYSIS RESULTS CCDP. The point estimate CCDP for this event is 1.8x1Q-5 . The ASP Program acceptance threshold is a CCDP of 1x10-5 or the CCDP equivalent of an uncomplicated reactor trip with a non-recoverable loss of feedwater or the condenser heat sink, whichever is greater. This CCDP equivalent for Waterford is 2.4x 1o-6 . Therefore, this event is a precursor.

5

LER 382-2017-002 Dominant Sequence. The dominant accident sequence is LOOPPC sequence 15-20 (CCDP =

7.67x1Q-6), which contributes approximately 43 percent of the total internal events CCDP. This sequence is shown graphically in Figures B-1 and B-2 in Appendix B. The dominant sequences that contribute at least 1.0 percent to the total internal events CCDP are provided in the following table:

Sequence CCDP Percentage Description Plant-centered LOOP initiating event; successful reactor trip; failure of emergency power results in LOOPPC 15-20 7.67x1Q-6 42.8% SBO; failure of EFW; and operators fail to recover offsite power within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , which results in core damage Plant-centered LOOP initiating event; successful LOOPPC 14 5.80x10-6 32.3% reactor trip; success of emergency power; and failure of EFW, which results in core damage Plant-centered LOOP initiating event; successful reactor trip; failure of emergency power results in LOOPPC 15-14-10 4.08x10-6 22.8% SBO; success of EFW; RCP seal integrity is maintained; and operators fail to recover offsite power within 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months , which results in core damage Key Modeling Uncertainties. The following were identified as key modeling uncertainties associated with this analysis:

Credit for recovery of the AFW system given a LOOP has occurred and (postulated) failure of the EFW system;

Credit for continued turbine-driven EFW flow after aligning a FLEX diesel generator to maintain safety-related DC power during a (postulated) SBO; and

Credit for EOG repair and recovery during a (postulated) SBO.

Sensitivity analyses were performed to show the effects of these modeling assumptions. The following table provides a brief description of each sensitivity case, including the results and observations:

Description CCDP Notes/Observations The estimated time to core damage following a LOOP and failure of EFW is 1. 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months for Combustion Engineering plants. The best Similar dominant sequences and cut sets estimate analysis for this event assumed that to the best estimate analysis. The CCDP sufficient time was available to restore offsite of LOOPPC sequence 14 is increased by a power and align the AFW system to feed the 7.8x1Q-5 factor of 11. The total CCDP is increased steam generators. However, any delay in by a factor of four, but still remains below recovery actions could result in core damage the significant precursor threshold of during a LOOP and (postulated) failure of the 1 x1Q-3 .

EFW system. A sensitivity analysis was performed to show the effects of eliminating this credit.

6

LER 382-2017-002 Description CCDP Notes/Observations Credit for continued operation of the turbine-driven EFW pump after battery depletion was not credited in this analysis because of the significant potential for Similar dominant sequences and cut sets over- or under-filling. However, the lack of to the best estimate analysis. Extended credit for this strategy is likely conservative. operation of the EFW pump beyond the To show potential benefit of this action, a 2-hour battery depletion mitigates the risk sensitivity analysis was performed that 1.4x1Q-5 when offsite power is not recovered. The credited operation of the FLEX diesel CCDP of LOOPPC sequence 15-14-10 is generator to provide charging to the reduced by a factor of ten. The total safety-related batteries to allow for extended CCDP is reduced by approximately 20 operation of the turbine-driven EFW pump to percent, but still remains above the a safe/stable end state during a SBO. A precursor threshold.

screening failure probability of 0.1 was applied to operation of the FLEX diesel generator.

Repair of failed equipment is not typically credited in PRAs. It is questionable that LOOP sequence 14 remains unchanged, mean time to repair data for EDGs is as the results are still dominated by failure applicable to postulated SBO scenarios. To 1.6x1Q-5 of the EFW pumps. The total CCDP is show the effects of this credit, a sensitivity reduced by approximately 6 percent, but analysis was performed crediting EDG repair still remains above the precursor threshold.

for 1-hour (0.88) and 2-hour (0.82)

(postulated) SBO scenarios.

REFERENCES

1. Waterford Steam Electric Station, "LER 382/17-002 -Automatic Reactor Scram due to the Failure of Fast Bus Transfer Relays to Automatically Transfer Station Loads to Off-Site Power on a Main Generator Trip," dated September 18, 2017 (ADAMS Accession No. ML17261B215).

2. U.S. Nuclear Regulatory Commission, "Waterford Steam Electric Station, Unit 3 - NRC Special Inspection Report 05000382/2017011," dated December 20, 2017 (ADAMS Accession No. ML17354A690).

3. Idaho National Laboratory, NUREG/CR-6883, "The SPAR-H Human Reliability Analysis Method," August 2005 (ADAMS Accession No. ML051950061).

4. Idaho National Laboratory, "INUEXT-10-18533, SPAR-H Step-by-Step Guidance," May 2011 (ADAMS Accession No. ML112060305).

7

LER 382-2017-002 Appendix A: Fault Tree Modifications EMERGENCY FEEDWATER SYSTEM EFW y

I I FAILURE OF EFW AUXILIARY FEEDWA~ SYSTEM EFW-1 AFW !Ext

~~i FAILURE OF EFW SUCTION SOURCE CCF OF EFW PUMPS TO RUN EFW PUMP 'TRAIN FAIWRES EFW-SUCT EFW-PMP-CF-FR I 1.69E-05 EFW-NOFLOW-F H CCF OF EFW PUMPS TO START (PSA BASIC EVENT)

EFW-PMP-CF-FS l5.33E-07 NO EFW FLOW TO STEAM GE~TQR2 Ext NO EFW FLOW TO STEAM GENERA'TOR 1 EFW-Fl.()W-5(;1 Ext Figure A-1: Waterford Modified EFW System Fault Tree A-1

LER 382-2017-002 NON--ESSl:NT!ALTRAIN B AC POWER ACP-NSTRNB LOSS OF DIV B OFFSITE FAILURE OF SWITCHGEAR CCF OF STARTUP POWER WITH NO RECOVERY ROOM B/AB COOUNG TRANSFORMERS 3A/3B TO PROVIDE POWER ACP-NSTRNB-LOOP SWTCHGR-HYACBAB X

IExt !

P-TFM-CF-SUT3AB 1.86E-06 FAILURE OF FAST BUS TRANSFER FOR TRAIN B LOSS OF DIV B OFFSITE iif*~*. OPERATOR FAILS TO ACP-ABT-FC-TRB 1.13E-03 POWER FLAG tir(ECOVER OFFSITE POWER IN FAILURE OF STARTUP NSFORMER FROM SWITCHYARD 1 HOUR PLANT-CENTERED TO 4.16KV BUS 3B2 HE-LOOP-B False OEP-XHE-XL-NROlHPC 3.82E-01 ACP..TFM-FC-SUT3B j 6.07E-05 STARTUP TRANSFORMER FROM SWITCHYARD UNAVAIL DUETOT&M ACP-TFM-TM-SUT3B j 1.75E-03 Figure A-2: Waterford Modified Nonessential Train 'B' AC Power Fault Tree A-2

LER 382-2017-002 Appendix B: Key Event Trees EM1!RGENCY POWER ~~A'l'ER SAFETY R11UEF VALVl!S NOT CON!'RQJJ;E>~F WCTORcoow+T llCP SEAi. lN'liGRITY OFFS,ITE POWER RECOVER.)' # End State S¥$l0t CHAU.i!NGED ~lfi!;I SUIIC()OIJNG,NAlNTAINEO MA!NTAlNIID IN2HRS (Phase-CD)

EPS **--rn EFW SRI/ Cl!O RSW w,.-, 0Pll.-ll2H

~o---[ I I 1 OK

~RCP301 0---1*1 . 1 580-2

~~O---[ a*.** .1 580-l )

~1**1 CD I

~o---11 I o--- , I 5 OK

>I c--[ R ~

~o---1 1 o£:-I

.7 a j 580-2 580-1 CD

. I SRV-B

~o---1 I 9 OK I EFW-B

,__~= 03 o---1 1 10 580-2 >

~~o---1

~~0---,1 0---

OPR-01H 11 12 r.* ::=;======~-

580-1 CD I

I 13 OK c--[~o---1 RCP304 0---

o---1 14 15 16..

I 580-2 580-1 CD I

OPR-01H - .

>-----o-----Co---1 11 580-1

~ SRV-B o2;;-I .. "' I EFW-B O o-----Co---1 o---1 19 20 I 580-1 CD

>I OPR-01H - . .

Figure B-1. Waterford Modified SBO Event Tree B-1

LER 382-2017-002 LOSS OJ'Ofln POWEi! REAcroR PRQ1EC1lON EME1tGOCf POWa illlllli1NC'fl'fflJWA'IIIR- SAfffiRUl'Ylill'l!SJ<<w RU~~ lllil!IIR!SIIJRfMffl)li Ol'PSlliPOWEl!Rl!l:OViRY RCSCOOIOOWNUSING SIIJTOOll1ICOCllllil HlrillfRESSURI! C~alllilNa , EndState ltQc'lll!l(I\Alll'* ~ S'ISIIJII QWllfi(I ~ IN2lfl5 MNS ~' (Phase-CD)

~

11;-I.OOJ'IIC Rl'S EPS ISl!IH!f £fW SRV

""' 11>1 OPR.olll SSC soc 1ft lRR'llll"""' £SR 0 0 0 0 0 0 o---1'1 OK I

~o O O O O O o---1.Z'l LOOP-I )

LOSU O O o---1 I%; OK I o----[o--ro--ej :I : I Lo o---1 I 1 CD I o---1 ' I OK I SRV-L H'l-l 0 o--ro--Co---1 a j CD j L \----o---[ ' I CD I o---! I 10 OK I 0 0 ~o---1111 CSR-L CD I

~ 0 o---112 CD I H'l-l 0 0 fffi -L

..... --o---113 CD I 0EfW-l 0 0 C- - o O 01----- 0---1_ 14 CD I.

0 0 0 0 C- - o O O o---f 15 soo )

o--Co 0 0 0 0 C1-----0 0 0 o---1

ATWS )

0 C- - o o---117 CD I Figure B-2. Waterford Plant-Centered LOOP Event Tree B-2

Package ML18075A064; Letter ML18075A076; ASP Report ML18066A196 OFFICE NRR/DORL/LPL4/PM NRR/DORL/LPL4/LA NRR/DORL/LPL4/BC NRR/DORL/LPL4/PM NAME APulvirenti PBlechman RPascarelli APulvirenti DATE 3/20/18 3/19/18 3/22/18 3/22/18

ML18075A076: Difference between revisions

Latest revision as of 15:28, 7 March 2020

Contents

Text

SUBJECT:

Dear Sir or Madam:

Enclosure:

SUMMARY

Navigation menu

ML18075A076: Difference between revisions

Latest revision as of 15:28, 7 March 2020

Text

SUBJECT:

Dear Sir or Madam:

Enclosure:

SUMMARY

Navigation menu

Search