ML003739470: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(StriderTol Bot change)
 
(2 intermediate revisions by the same user not shown)
Line 16: Line 16:


=Text=
=Text=
{{#Wiki_filter:"UNITED STATES NUCLEAR REGULATORY COMMISSION Z WASHINGTON, D.C. 205D5-0001 April 1996 April 26, 1996 Division 1 Task DG-1046 TO: DISTRIBUTION LIST FOR DIVISION I REGULATORY GUIDES  
{{#Wiki_filter:"UNITEDSTATES 0*            NUCLEAR REGULATORY COMMISSION Z                     WASHINGTON, D.C. 205D5-0001 April 1996 Division 1 April 26, 1996                             Task DG-1046 TO:     DISTRIBUTION LIST FOR DIVISION I REGULATORY GUIDES


==SUBJECT:==
==SUBJECT:==
DRAFT REGULATORY GUIDE DG-1046, "GUIDELINES FOR REPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT IN NUCLEAR POWER PLANTS" On February 12, 1996, the Nuclear Regulatory Commission published a notice of proposed rulemaking (61 FR 5318) that would require that licensees for commercial nuclear power plants report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. This proposed Section 50.76, which is intended for 10 CFR Part 50, "Domestic Licensing of Production and Utilization Facilities," would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provides the basis for the summary data reported to the NRC be maintained onsite and available for NRC inspection.
DRAFT REGULATORY GUIDE DG-1046, "GUIDELINES FOR REPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT IN NUCLEAR POWER PLANTS" notice of On February 12, 1996, the Nuclear Regulatory Commission published a for proposed rulemaking (61 FR 5318) that would require           that licensees commercial nuclear power plants report plant-specific summaries of                   to the reliability and availability data for selected systems and equipment 50, NRC. This proposed Section 50.76, which is intended         for 10   CFR Part also "Domestic Licensing of Production and Utilization Facilities," would require that records and documentation of each occurrence             of a demand, data failure, or unavailable period that provides the basis for the summary reported to the NRC be maintained onsite and available             for NRC   inspection.
The NRC has prepared Draft Regulatory Guide DG-1046 to provide guidance to licensees on methods that would be acceptable to the NRC staff for implementing the proposed rule. This draft regulatory guide is being published for public comment in conjunction with public comment on the proposed rule, Section 50.76. Comments should be submitted to the Chief, Rules Review and Directives Branch, Division of Freedom of Information and Publication Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
to The NRC has prepared Draft Regulatory Guide DG-1046 to provide guidance licensees on methods that would be acceptable to the           NRC staff   for implementing the proposed rule. This draft regulatory guide is being published for public comment in conjunction with public comment on the proposed rule, Section 50.76.
The public comment period for the draft regulatory guide ends on July 5, 1996. Comments received after that date will be considered if it is practical to do so, but assurance of consideration cannot be given for late comments.
Comments should be submitted to the Chief, Rules Review and DirectivesU.S.
The NRC staff is planning to conduct a workshop on June 4, 1996, to discuss the draft regulatory guide and the proposed rule. A public announcement providing information on the workshop is being published in the Federal Register along with the announcement that this draft regulatory guide is available for public comment.
Branch, Division of Freedom of Information and Publication Services, Nuclear Regulatory Commission, Washington, DC 20555-0001. The public Comments comment period for the draft regulatory guide ends on July 5, 1996.                 so, but received after that date will be considered if it           is practical   to do assurance of consideration cannot be given for late comments.
I~Bill M. Morris, Dir~~or Division of Regulator$
The NRC staff is planning to conduct a workshop on June 4, 1996, to discuss the draft regulatory guide and the proposed rule. A public announcement providing information on the workshop is being published in the Federalis Register along with the announcement that this draft regulatory guide available for public comment.
App1licati ons Office of Nuclear Regtilatory Research U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REGULATORY RESEARCH DRAFT REGULATORY GUIDE April 1996 Division 1 Draft DG-1046 Contact: D.P. Allison (301)415-6835 IContact:_DP._Allison_301)415_683 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR RELIABILITY AND AVAILABIL  FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position.
I~Bill M. Morris, Dir~~or Division of Regulator$ App1licati ons Office of Nuclear Regtilatory Research
Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement.
Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996. Requests for single copies of draft guides (which may be reproduced) or for placement on an automatic distribution list for single copies of future guides in specific divisions should be made in writing to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention:
Office of Administration, Distribution end Mail Services Section.


TABLE OF CONTENTS A. INTRODUCTION
U.S. NUCLEAR REGULATORY COMMISSION                                              April 1996 OFFICE OF NUCLEAR REGULATORY RESEARCH                                                Division 1 Draft DG-1046 DRAFT REGULATORY GUIDE IContact:_DP._Allison_301)415_683
................... B. DISCUSSION
 
.................... C. REGULATORY POSITION ..... .................
==Contact:==
: 1. Reportable Systems .............
D.P. Allison (301)415-6835 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR REPORT**G RELIABILITY AND AVAILABIL                                          M._*,
1.1 Basic Systems ............. 1.2 Other Reportable Systems ....... 1.3 Boundaries of Systems, Trains, and Equipm 2. Reportable Plant Operational States .... 3. Reportable Demands .............
FOR RISK-SIGNIFICANT                                                EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position.
: 4. Reportable Run Times ............
Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement. Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y    July 5,          1996.
: 5. Reportable Failures ............
Requests for single copies of draft guides (which may be reproduced) or for placement on an automatic distribution list for single copies of future guides in specific divisions should be made in writing to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Office of Administration, Distribution end Mail Services Section.
5.1 Failure on Demand ...........
 
5.2 Failure To Run ............ 5.3 Recoverable Failures .........
TABLE OF CONTENTS A. INTRODUCTION    . . . . . . . . . . . . . . . . . . .
: 6. Unavailable Hours 7. Hours in Plant Operational States ..... 8. Concurrent Unavailable Hours ........
B. DISCUSSION    . . . . . . . . . . . . . . . . . . . .
: 9. Annual Reports ............... 9.1 Summary Reliability and Availability Data 9.2 Failure Records ... ......... 9.3 Identification of Systems, Trains, and Eq 9.4 Electronic Submittal
* 1*2 C. REGULATORY POSITION .....       .................
.........
* 14
: 10. Onsite Data Storage ..... .............
* 11I
DRAFT REGULATORY ANALYSIS ..... ................
: 1. Reportable Systems      .............
ent Groups . uipment Groups* 11I
* 15 1.1  Basic Systems . . . . . . . . . . . . .
* 1* 2
* 1 4
* 1 5
* 1 7 *
* 9
* 17
* 17
                                                                                  *
* 9 1.2  Other Reportable Systems                  .......
1.3  Boundaries of Systems, Trains, and Equipment Groups        .
: 2. Reportable  Plant Operational States                        ....
* 12
* 12
: 3. Reportable  Demands .............
* 14
* 14
* 15
: 4. Reportable  Run Times ............                                *
* 16
* 17 15
* 17
: 5. Reportable  Failures    ............
* 17
* 16 5.1  Failure on Demand ...........
* 17 5.2  Failure To Run      . . . . . . . . . . . .
* 17 5.3  Recoverable Failures            .........
* 18
* 18
: 6. Unavailable Hours
* 18
* 18
: 7. Hours in Plant Operational States                      .....
* 19
* 19
: 8. Concurrent Unavailable Hours ........
* 20
* 20
* 20
: 9. Annual Reports . . . . . . . . . . . . . . .
* 20
* 20 9.1  Summary Reliability and Availability Data
* 20 21
* 20 9.2  Failure Records . ..            . . . . . . . . .
* 20 9.3  Identification of Systems, Trains, and Equipment Groups            21 9.4  Electronic Submittal            .........
* 21
* 21
* 22 R/A-1 APPENDICES APPENDIX A, Proposed Section 50.76, Including Statement of Considerations  
: 10. Onsite Data Storage .....              .............
...... ...........................
* 22 DRAFT REGULATORY ANALYSIS .....          ................                      R/A-1
A-i APPENDIX B, Glossary ..............  
 
............................
APPENDICES APPENDIX A, Proposed Section 50.76, Including Statement of Considerations ...... ...........................                                 A-i APPENDIX B, Glossary ..............         ............................                       B-i APPENDIX C, Examples of Reportable Systems .....                 ................           ... C-i APPENDIX D, Risk Importance Measures .......             ...................                 .. D-i APPENDIX E, Defining Systems, Trains, and Equipment Group Configurations and Data Reporting Forms ....                         ........... .. E-1 APPENDIX F, Component Failure Records ......             ...................               ... F-i APPENDIX G, Event Log ...........     ...........................                               G-1
B-i APPENDIX C, Examples of Reportable Systems ..... ................  
 
...C-i APPENDIX D, Risk Importance Measures ....... ...................  
A. INTRODUCTION On February 12, 1996, the Commission published for public comment a proposed rule, Section 50.76, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (61 FR 5318). The proposed rule is intended for Part 50, "Domestic Licensing of Production and Utilization Facilities," of the NRC's regulations in Title 10 of the Code of Federal Regulations. A copy of the proposed rule is provided in Appendix A.
.. D-i APPENDIX E, Defining Systems, Trains, and Equipment Group Configurations and Data Reporting Forms .... ...........  
The proposed rule would require that licensees for commercial nuclear power reactors report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. It would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the summary data reported to the NRC be maintained onsite and made available for NRC inspection for 5 years.
..E-1 APPENDIX F, Component Failure Records ...... ...................  
A public workshop will be held soon after publication of this draft regulatory guide to receive comments on the proposed Section 50.76 and the supplemental guidance in this guide for implementing the proposed rule. The comment period for this proposed rule will not expire until at least 30 days after publication of this draft guide. The NRC intends to publish the final rule in December 1996.
...F-i APPENDIX G, Event Log ...........  
As stated in the proposed Section 50.76, licensees would begin reporting the summary data, compiled on the basis of calendar quarters (or on a more frequent basis at the option of each licensee), for the calendar year 1997.
...........................
The first report, covering January 1 through December 31, 1997, would be submitted by January 31, 1998. Thereafter, each annual report would be submitted by January 31 of the following year.
G-1 A. INTRODUCTION On February 12, 1996, the Commission published for public comment a proposed rule, Section 50.76, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (61 FR 5318). The proposed rule is intended for Part 50, "Domestic Licensing of Production and Utilization Facilities," of the NRC's regulations in Title 10 of the Code of Federal Regulations.
Many terms are defined in the Glossary in Appendix B as they are used in this guide. Appendix C lists examples of systems to be reported, and Appendix D discusses risk-importance measures. Appendix E helps define systems, trains, and equipment group configurations for reporting and presents some examples of systems; it also provides some data reporting forms. Appendix F discusses records of component failures, and Appendix G is an example of an event log.
A copy of the proposed rule is provided in Appendix A. The proposed rule would require that licensees for commercial nuclear power reactors report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. It would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the summary data reported to the NRC be maintained onsite and made available for NRC inspection for 5 years. A public workshop will be held soon after publication of this draft regulatory guide to receive comments on the proposed Section 50.76 and the supplemental guidance in this guide for implementing the proposed rule. The comment period for this proposed rule will not expire until at least 30 days after publication of this draft guide. The NRC intends to publish the final rule in December 1996. As stated in the proposed Section 50.76, licensees would begin reporting the summary data, compiled on the basis of calendar quarters (or on a more frequent basis at the option of each licensee), for the calendar year 1997. The first report, covering January 1 through December 31, 1997, would be submitted by January 31, 1998. Thereafter, each annual report would be submitted by January 31 of the following year. Many terms are defined in the Glossary in Appendix B as they are used in this guide. Appendix C lists examples of systems to be reported, and Appendix D discusses risk-importance measures.
This draft regulatory guide is being developed to provide guidance to licensees on the summary data to be reported to the NRC and on the basic data I
Appendix E helps define systems, trains, and equipment group configurations for reporting and presents some examples of systems; it also provides some data reporting forms. Appendix F discusses records of component failures, and Appendix G is an example of an event log. This draft regulatory guide is being developed to provide guidance to licensees on the summary data to be reported to the NRC and on the basic data I to be maintained onsite and available for NRC inspection.
 
It is being published for public comment in conjunction with the public comment on the proposed Section 50.76. Regulatory guides are issued to describe and make available to the public such information as methods acceptable to the NRC staff for implementing specific parts of the Commission's regulations, techniques used by the staff in evaluating specific problems or postulated accidents, and guidance to applicants.
to be maintained onsite and available for NRC inspection. It is being published for public comment in conjunction with the public comment on the proposed Section 50.76.
Regulatory guides are not substitutes for regulations, and compliance with regulatory guides is not required.
Regulatory guides are issued to describe and make available to the public such information as methods acceptable to the NRC staff for implementing specific parts of the Commission's regulations, techniques used by the staff in evaluating specific problems or postulated accidents, and guidance to applicants. Regulatory guides are not substitutes for regulations, and compliance with regulatory guides is not required. Regulatory guides are issued in draft form for public comment to involve the public in the early stages of developing the regulatory positions. Draft regulatory guides have not received complete staff review and do not represent official NRC staff positions.
Regulatory guides are issued in draft form for public comment to involve the public in the early stages of developing the regulatory positions.
Draft regulatory guides have not received complete staff review and do not represent official NRC staff positions.
This draft regulatory guides proposes information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This regulatory guide will be submitted to the Office of Management and Budget with the final rule for review and approval of the information collections.
This draft regulatory guides proposes information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This regulatory guide will be submitted to the Office of Management and Budget with the final rule for review and approval of the information collections.
The public reporting burden for this collection of information is estimated to average 1,375 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.
The public reporting burden for this collection of information is estimated to average 1,375 hours per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments on any aspect of this collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet electronic mail to BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0011), Office of Management and Budget, Washington, DC 20503.
Send comments on any aspect of this collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet electronic mail to BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0011), Office of Management and Budget, Washington, DC 20503. The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.2 B. DISCUSSION OVERVIEW The data collected under the proposed Section 50.76 are intended to provide reliability and availability data on selected systems and equipment in U.S. commercial nuclear power plants for use by both the NRC and its licensees.
The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.
The regulatory guide is intended to provide a flexible framework to obtain consistent data yet allow licensees to use existing data collection programs to the extent they are applicable.
2
The reporting is intended to include the most risk-significant systems that are a subset of the risk-important systems already identified for implementation of the maintenance rule. It is estimated that a typical plant will have 7 to 10 reportable systems. Licensees will also be able to use existing surveillance and inservice test information along with information on unplanned ESF actuations to satisfy most, if not all, of the equipment demand reporting requirements.
 
The data would be compiled by NRC in a centralized database.
B. DISCUSSION OVERVIEW The data collected under the proposed Section 50.76 are intended to provide reliability and availability data on selected systems and equipment in U.S. commercial nuclear power plants for use by both the NRC and its licensees.
The definitions and information requested are intended to be sufficient to qualify the database for regulatory applications of probabilistic risk assessment (PRA) that fall within the limitations of the data. This regulatory guide has the following major features:
The regulatory guide is intended to provide a flexible framework to obtain consistent data yet allow licensees to use existing data collection programs to the extent they are applicable. The reporting is intended to include the most risk-significant systems that are a subset of the risk-important systems already identified for implementation of the maintenance rule. It is estimated that a typical plant will have 7 to 10 reportable systems. Licensees will also be able to use existing surveillance and inservice test information along with information on unplanned ESF actuations to satisfy most, if not all, of the equipment demand reporting requirements. The data would be compiled by NRC in a centralized database. The definitions and information requested are intended to be sufficient to qualify the database for regulatory applications of probabilistic risk assessment (PRA) that fall within the limitations of the data. This regulatory guide has the following major features:
Only the most risk-significant systems are subject to reporting.
Only the most risk-significant systems are subject to reporting.
Regulatory Position 1.1 lists five basic systems that the NRC has determined should be reported for all plants. Regulatory Position 1.2 provides acceptable methods for licensees to determine other systems that are reportable on a plant-specific basis. As discussed in Regulatory Position 1.3, flexibility is provided for the identification of boundaries of systems, trains, and equipment groups. It is recommended that boundaries be defined so that systems, trains, and equipment groups are defined by a similarity of demands for equipment.
Regulatory Position 1.1 lists five basic systems that the NRC has determined should be reported for all plants. Regulatory Position 1.2 provides acceptable methods for licensees to determine other systems that are reportable on a plant-specific basis.
As discussed in Regulatory Position 1.3, flexibility is provided for the identification of boundaries of systems, trains, and equipment groups.
It is recommended that boundaries be defined so that systems, trains, and equipment groups are defined by a similarity of demands for equipment.
Licensees have considerable flexibility in defining boundaries to allow the use of existing testing and onsite data collection systems.
Licensees have considerable flexibility in defining boundaries to allow the use of existing testing and onsite data collection systems.
Demand and failure counts and hours that trains and equipment groups are unavailable should be identified by the train or equipment group in which 3 they occurred and the plant operational state at the time of occurrence. (See Regulatory Position 2.) Demands and any failures on demand should also be identified by the type of demand: (1) actual demands to perform a risk-significant safety function,'
Demand and failure counts and hours that trains and equipment groups are unavailable should be identified by the train or equipment group in which 3
(2) spurious actuations of a train or equipment group that closely simulate actual demands, and (3) test demands. (See Regulatory Position 3.) Degradations in equipment performance that deviate from the design basis but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under 10 CFR 50.76. (See Regulatory Position 5.) The hours that reportable trains and equipment groups were unavailable are reportable, whether planned or unplanned, and whether due directly to equipment in the reportable train or equipment group or due to a support system being unavailable. (See Regulatory Position 6.) Initially, licensees should: (1) determine their reportable systems; (2) identify their risk-significant safety functions; (3) define the trains and equipment groups for these systems; and (4) identify the plant operational states for which the specified trains and equipment group data are reportable.
 
They should then track or log the required data and annually report the summary data as discussed in Regulatory Position 9. Licensees should keep onsite the 1The term "safety function" as used here does not necessarily correspond to (1) safety-related systems, structures, and components, as currently defined in 10 CFR 50.49, (2) a facility's design basis, (3) a facility's licensing basis, or (4) operability requirements in a facility's technical specifications.
they occurred and the plant operational state at the time of occurrence.
The "risk-significant safety function" is a function that has or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.
(See Regulatory Position 2.)
It should also be noted that the staff's current guidance on operability requirements is provided in Generic Letter 91-18, November 7, 1991,  
Demands and any failures on demand should also be identified by the type of demand: (1) actual demands to perform a risk-significant safety function,' (2) spurious actuations of a train or equipment group that closely simulate actual demands, and (3) test demands. (See Regulatory Position 3.)
Degradations in equipment performance that deviate from the design basis but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under 10 CFR 50.76.
(See Regulatory Position 5.)
The hours that reportable trains and equipment groups were unavailable are reportable, whether planned or unplanned, and whether due directly to equipment in the reportable train or equipment group or due to a support system being unavailable. (See Regulatory Position 6.)
Initially, licensees should: (1) determine their reportable systems; (2) identify their risk-significant safety functions; (3) define the trains and equipment groups for these systems; and (4) identify the plant operational states for which the specified trains and equipment group data are reportable.
They should then track or log the required data and annually report the summary data as discussed in Regulatory Position 9. Licensees should keep onsite the 1The term "safety function" as used here does not necessarily correspond to (1) safety-related systems, structures, and components, as currently defined in 10 CFR 50.49, (2) a facility's design basis, (3) a facility's licensing basis, or (4) operability requirements in a facility's technical specifications. The "risk-significant safety function" is a function that has or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity. It should also be noted that the staff's current guidance on operability requirements is provided in Generic Letter 91-18, November 7, 1991,  


==Subject:==
==Subject:==
Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Nonconforming Conditions and on Operability.
Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Nonconforming Conditions and on Operability. Copies are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.
Copies are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.
4
4 records and documentation that provide the basis for the summary data reported to the NRC. (See Regulatory Position 10.) Figure I is a flowchart of the guidelines for implementing the proposed rule. C. REGULATORY POSITION The methods provided in this Regulatory Position describe means that would be acceptable to the NRC staff for meeting the requirements of the proposed Section 50.76 to 10 CFR Part 50. The demand counts, failure counts, unavailable hours, and run time information reported to the NRC should be sufficiently accurate to allow the NRC and licensees to estimate equipment reliability and to perform risk analyses.
 
Occasional minor errors in the reported number of actual or spurious demands, failures, or unavailable hours would be considered to be within an acceptable level of accuracy if they do not (1) have a systematic bias in one direction, (2) appear consistently in many systems, or (3) result in significant impacts on the estimated reliability and risk parameters.
records and documentation that provide the basis for the summary data reported to the NRC. (See Regulatory Position 10.)
When estimates of demands are used, they should be very close to the average of actual counts of demands in a reporting period, consistent with the standards provided above. 1. REPORTABLE SYSTEMS Reportable systems are the most risk-significant systems that are a subset of the systems identified for implementation of the maintenance rule. They include (1) a generic set of systems that the NRC has determined should be reported by all licensees, called "basic systems," and (2) other risk significant systems that individual licensees determine to be subject to the proposed rule on a plant-specific basis.5 FIGURE 1. Implementation of Guidelines for Reporting Reliability Data (Italics indicate sections of this regulatory guide that provide guidance.)
Figure I is a flowchart of the guidelines for implementing the proposed rule.
6 I I 1.1 Basic Systems TABLE 1. Basic Systems for PWRs PWR Basic System Risk-Significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads for loss of off-site power. Reactor protection system Reactor trip for accident or transient (RPS) conditions.
C. REGULATORY POSITION The methods provided in this Regulatory Position describe means that would be acceptable to the NRC staff for meeting the requirements of the proposed Section 50.76 to 10 CFR Part 50.
Auxiliary feedwater (AFW) Decay heat removal in accident or transient system conditions, including loss of off-site power and station blackout.
The demand counts, failure counts, unavailable hours, and run time information reported to the NRC should be sufficiently accurate to allow the NRC and licensees to estimate equipment reliability and to perform risk analyses. Occasional minor errors in the reported number of actual or spurious demands, failures, or unavailable hours would be considered to be within an acceptable level of accuracy if they do not (1) have a systematic bias in one direction, (2) appear consistently in many systems, or (3) result in significant impacts on the estimated reliability and risk parameters. When estimates of demands are used, they should be very close to the average of actual counts of demands in a reporting period, consistent with the standards provided above.
High-pressure safety Safety injection, small loss-of-coolant injection (HPSI) system accident (LOCA), medium LOCA and feed and bleed. Decay heat removal for large LOCA, post-LOCA recirculation phase. Reactor vessel makeup during shutdown.
: 1. REPORTABLE SYSTEMS Reportable systems are the most risk-significant systems that are a subset of the systems identified for implementation of the maintenance rule.
Low-pressure safety Safety injection, medium LOCA and large LOCA. injection (LPSI) system/RHR Boost for high-pressure safety injection pumps at some plants for small LOCA (post LOCA recirculation phase) or for feed and bleed. Decay heat removal for large LOCA, post-LOCA recirculation phase and shutdown operations.
They include (1) a generic set of systems that the NRC has determined should be reported by all licensees, called "basic systems," and (2) other risk significant systems that individual licensees determine to be subject to the proposed rule on a plant-specific basis.
Reactor vessel makeup during shutdown.7 TABLE 2. Basic Systems for BWRs BWR Basic System Risk-significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads on loss of off-site power. Reactor protection system Reactor trip for accident or transient (RPS) conditions.
5
Reactor core isolation Reactor vessel injection for loss of off-site cooling system (RCIC) or power, loss of feedwater, very small LOCA, or station blackout.
 
Isolation condenser Core cooling via natural circulation for loss of off-site power, loss of feedwater, main condenser isolation, or station blackout.
I I FIGURE 1. Implementation of Guidelines for Reporting Reliability Data (Italics indicate sections of this regulatory guide that provide guidance.)
High-pressure coolant Reactor vessel injection from condensate injection system (HPCI) storage tank or suppression pool for loss of off-site power, loss of feedwater, small LOCA, medium LOCA, or station blackout.
6
High-pressure core spray Reactor vessel injection from condensate system (HPCS) or storage tank or suppression pool for loss of off-site power, loss of feedwater, LOCA, or station blackout.
 
Feedwater coolant injection system (FWCI) Reactor vessel injection from condensate storage tank or suppression pool for loss of off-site power, loss of feedwater or LOCA. Low-pressure coolant Reactor vessel injection from the condensate injection function of storage tank (CST) or suppression pool under residual heat removal low pressure conditions. (RHR), low-pressure coolant injection (LPCI) and/or low pressure core spray (LPCS) system(s) and Heat removal function of Decay heat removal from the suppression pool RHR. or the reactor under low pressure conditions.
1.1     Basic Systems TABLE 1. Basic Systems for PWRs PWR Basic System               Risk-Significant Safety Function Emergency ac power system     Provide bus power and load sequencing for essential loads for loss of off-site power.
8 1_
Reactor protection system     Reactor trip for accident or transient (RPS)                         conditions.
Some plants may have different names for the systems and equipment that provide the above risk-significant safety functions.
Auxiliary feedwater (AFW)     Decay heat removal in accident or transient system                         conditions, including loss of off-site power and station blackout.
The plant-specific names should be used as appropriate to identify the systems and equipment that accomplish the risk-significant safety functions discussed above. (Examples are provided in Appendix C). 1.2 Other Reportable Systems Each licensee should determine whether there are other plant systems, besides the basic systems, that are of sufficient risk-significance to be reportable.
High-pressure safety           Safety injection, small loss-of-coolant injection (HPSI) system         accident (LOCA), medium LOCA and feed and bleed.
Systems and equipment groups are reportable if they have or could have a significant effect on risk in terms of avoiding core-damage accidents or preserving containment integrity.
Decay heat removal for large LOCA, post-LOCA recirculation phase.
Generally, these systems should contribute as much or more to core-damage frequency as the basic systems. Systems meeting one or more of the following conditions should be considered reportable:
Reactor vessel makeup during shutdown.
Systems with relatively high risk-importance measures as determined from the plant's full PRA. Systems necessary for assurance of the more risk-significant aspects of containment integrity (e.g., prevent gross containment failure).
Low-pressure safety             Safety injection, medium LOCA and large LOCA.
injection (LPSI) system/RHR Boost for high-pressure safety injection pumps at some plants for small LOCA (post LOCA recirculation phase) or for feed and bleed.
Decay heat removal for large LOCA, post-LOCA recirculation phase and shutdown operations.
Reactor vessel makeup during shutdown.
7
 
1_
TABLE 2. Basic Systems for BWRs BWR Basic System                 Risk-significant Safety Function Emergency ac power system         Provide bus power and load sequencing for essential loads on loss of off-site power.
Reactor protection system       Reactor trip for accident or transient (RPS)                           conditions.
Reactor core isolation           Reactor vessel injection for loss of off-site cooling system (RCIC) or         power, loss of feedwater, very small LOCA, or station blackout.
Isolation condenser             Core cooling via natural circulation for loss of off-site power, loss of feedwater, main condenser isolation, or station blackout.
High-pressure coolant           Reactor vessel injection from condensate injection system (HPCI)         storage tank or suppression pool for loss of off-site power, loss of feedwater, small LOCA, medium LOCA, or station blackout.
High-pressure core spray         Reactor vessel injection from condensate system (HPCS) or                 storage tank or suppression pool for loss of off-site power, loss of feedwater, LOCA, or station blackout.
Feedwater coolant injection system (FWCI)                   Reactor vessel injection from condensate storage tank or suppression pool for loss of off-site power, loss of feedwater or LOCA.
Low-pressure coolant             Reactor vessel injection from the condensate injection function of           storage tank (CST) or suppression pool under residual heat removal           low pressure conditions.
(RHR), low-pressure coolant injection (LPCI) and/or low pressure core spray (LPCS) system(s) and Heat removal function of         Decay heat removal from the suppression pool RHR.                             or the reactor under low pressure conditions.
8
 
Some plants may have different names for the systems and equipment that provide the above risk-significant safety functions. The plant-specific names should be used as appropriate to identify the systems and equipment that accomplish the risk-significant safety functions discussed above.   (Examples are provided in Appendix C).
1.2   Other Reportable Systems Each licensee should determine whether there are other plant systems, besides the basic systems, that are of sufficient risk-significance to be reportable. Systems and equipment groups are reportable if they have or could have a significant effect on risk in terms of avoiding core-damage accidents or preserving containment integrity. Generally, these systems should contribute as much or more to core-damage frequency as the basic systems. Systems meeting one or more of the following conditions should be considered reportable:
Systems with relatively high risk-importance measures as determined from the plant's full PRA.
Systems necessary for assurance of the more risk-significant aspects of containment integrity (e.g., prevent gross containment failure).
Systems necessary for shutdown from a risk perspective (decay heat removal and makeup functional capability).
Systems necessary for shutdown from a risk perspective (decay heat removal and makeup functional capability).
To begin the process of identifying these systems, licensees should use one of two lists of systems and equipment:
To begin the process of identifying these systems, licensees should use one of two lists of systems and equipment:
(1) Licensees may use the list of SSCs determined to be risk-significant for the maintenance rule as an initial list. (2) Licensees may wish to make a more specific determination of the systems and equipment that meet the risk-significance level intended by the proposed rule. If so, the licensee should calculate two measures, the Fussell-Vesely (FV) measure and the ratio form of the Risk Achievement Worth (RAW) measure. Systems and equipment with FV 0.1 or RAW  100 9 should be included in the initial list. The formulas for these measures are given in Appendix D. A multidisciplinary expert panel, similar to the expert panel used for implementation of the maintenance rule, should use (1) or (2) above as an initial list of safety systems. The panel should then use PRA insights and evaluate other relevant application-specific information to add or delete systems to derive a list of other reportable systems. The panel should consider the following:
(1)   Licensees may use the list of SSCs determined to be risk-significant for the maintenance rule as an initial list.
Systems that are important because their failure or malfunction could result in accident-initiating events need not be considered reportable unless they also have a risk-significant mitigative function.
(2)   Licensees may wish to make a more specific determination of the systems and equipment that meet the risk-significance level intended by the proposed rule. If so, the licensee should calculate two measures, the Fussell-Vesely (FV) measure and the ratio form of the Risk Achievement Worth (RAW) measure. Systems and equipment with FV Ž 0.1 or RAW Ž 100 9
An example of a system that would not generally be reportable is the offsite (preferred) power system. Support systems that serve several reportable systems would generally be reportable separately.
 
However, only the trains or equipment groups that provide the principal functional capability of the system would be reported separately as a reportable support system. Trains or equipment groups in support systems that provide a dedicated support function to a single train or equipment group in a reportable system need not be reported separately or as part of a reportable support system. The reliability and availability of this support system equipment will be evidenced by its impact on reportable front-line system reliability and availability. (See Appendix E for additional guidance.)
should be included in the initial list. The formulas for these measures are given in Appendix D.
Risk-significant structures such as containment structures and ice condensers, for which risk is more a function of capability than reliability, need not be considered reportable.
A multidisciplinary expert panel, similar to the expert panel used for implementation of the maintenance rule, should use (1) or (2) above as an initial list of safety systems. The panel should then use PRA insights and evaluate other relevant application-specific information to add or delete systems to derive a list of other reportable systems. The panel should consider the following:
However, other systems and equipment that are important for containment integrity should be considered for reportability.
Systems that are important because their failure or malfunction could result in accident-initiating events need not be considered reportable unless they also have a risk-significant mitigative function. An example of a system that would not generally be reportable is the offsite (preferred) power system.
The expert panel should consider containment spray, containment fan coolers, suppression pool cooling, containment vacuum breakers, and portions of containment isolation with regard to their risk-significant effect on containment integrity.
Support systems that serve several reportable systems would generally be reportable separately. However, only the trains or equipment groups that provide the principal functional capability of the system would be reported separately as a reportable support system. Trains or equipment groups in support systems that provide a dedicated support function to a single train or equipment group in a reportable system need not be reported separately or as part of a reportable support system. The reliability and availability of this support system equipment will be evidenced by its impact on reportable front-line system reliability and availability. (See Appendix E for additional guidance.)
Containment isolation would be a candidate to the extent that there may 10 be relatively large penetrations that are open frequently (i.e., greater than 1% of the time the reactor is operating) and could contribute to gross containment function failure.
Risk-significant structures such as containment structures and ice condensers, for which risk is more a function of capability than reliability, need not be considered reportable. However, other systems and equipment that are important for containment integrity should be considered for reportability. The expert panel should consider containment spray, containment fan coolers, suppression pool cooling, containment vacuum breakers, and portions of containment isolation with regard to their risk-significant effect on containment integrity.
Systems and equipment that are risk-significant only because of operator error for actuation, operation, or termination of a risk-significant safety function need not be considered reportable.
Containment isolation would be a candidate to the extent that there may 10
The scope of the proposed rule is limited to data on equipment reliability and availability.
 
For example, power operated relief valves would not be reportable if they were risk-significant only because of the likelihood of operator failure to open them for feed and bleed. However, this exclusion would not apply to operator or other personnel errors that could unintentionally make equipment inoperable (unavailable) with respect to its risk-significant safety function.
be relatively large penetrations that are open frequently (i.e., greater than 1% of the time the reactor is operating) and could contribute to gross containment function failure.
Systems and equipment that make a large contribution to risk during shutdown and are significant contributors to total risk should be considered reportable.
Systems and equipment that are risk-significant only because of operator error for actuation, operation, or termination of a risk-significant safety function need not be considered reportable. The scope of the proposed rule is limited to data on equipment reliability and availability. For example, power operated relief valves would not be reportable if they were risk-significant only because of the likelihood of operator failure to open them for feed and bleed. However, this exclusion would not apply to operator or other personnel errors that could unintentionally make equipment inoperable (unavailable) with respect to its risk-significant safety function.
The panel should consider the mitigation systems necessary for safety functions during shutdown, e.g., decay heat removal, primary inventory control, and pressure relief. The primary interest in these systems is in their availability to respond to shutdown accident scenarios.
Systems and equipment that make a large contribution to risk during shutdown and are significant contributors to total risk should be considered reportable. The panel should consider the mitigation systems necessary for safety functions during shutdown, e.g., decay heat removal, primary inventory control, and pressure relief. The primary interest in these systems is in their availability to respond to shutdown accident scenarios.
1.3 Boundaries of Systems, Trains, and Equipment Groups The boundaries of systems, trains, and equipment groups should be defined by the nature of the demands so that the information to be reported on demands and unavailability is consistent with testing and other actuations of the equipment.
1.3   Boundaries of Systems, Trains, and Equipment Groups The boundaries of systems, trains, and equipment groups should be defined by the nature of the demands so that the information to be reported on demands and unavailability is consistent with testing and other actuations of the equipment. Thus, trains or parts of trains that are actuated to perform a safety function or part of a safety function should be included in an equipment group. This will allow the use of tests and other actuations for all equipment within the group to be counted as one unit to simplify counting demands and unavailability. However, licensees have great flexibility in defining the boundaries of systems, trains, and equipment groups to facilitate tracking of demands associated with routine testing and other actuations (planned or unplanned),   as well as considering existing data systems and technical 11
Thus, trains or parts of trains that are actuated to perform a safety function or part of a safety function should be included in an equipment group. This will allow the use of tests and other actuations for all equipment within the group to be counted as one unit to simplify counting demands and unavailability.
 
However, licensees have great flexibility in defining the boundaries of systems, trains, and equipment groups to facilitate tracking of demands associated with routine testing and other actuations (planned or unplanned), as well as considering existing data systems and technical 11 specifications.
specifications. Licensees who choose an alternative method of defining trains and equipment groups should select groups of components with essentially the same test frequency and report counts of their demands.
Licensees who choose an alternative method of defining trains and equipment groups should select groups of components with essentially the same test frequency and report counts of their demands.
Licensees should submit diagrams for all reportable systems, trains, and equipment groups that indicate the principal active and passive components.
Licensees should submit diagrams for all reportable systems, trains, and equipment groups that indicate the principal active and passive components.
Some suggested principles and a number of detailed examples for identifying and delineating systems, trains, and equipment groups are provided in Appendix E. 2. REPORTABLE PLANT OPERATIONAL STATES Data for reportable systems should be reported for those plant operational states for which the systems could be demanded to perform their risk-significant safety function.
Some suggested principles and a number of detailed examples for identifying and delineating systems, trains, and equipment groups are provided in Appendix E.
Data on unavailability need not be reported for operational states in which the refueling cavity is more than half full or the reactor is defueled.
: 2. REPORTABLE PLANT OPERATIONAL STATES Data for reportable systems should be reported for those plant operational states for which the systems could be demanded to perform their risk-significant safety function. Data on unavailability need not be reported for operational states in which the refueling cavity is more than half full or the reactor is defueled. Reportable surveillance test demands and associated failures should be reported any time there is a valid test actuation of the reportable systems, trains, or equipment groups that meets reportability guidance (see Regulatory Position 3).
Reportable surveillance test demands and associated failures should be reported any time there is a valid test actuation of the reportable systems, trains, or equipment groups that meets reportability guidance (see Regulatory Position 3). For reporting under the proposed rule, "plant operational states" should be defined by the following:
For reporting under the proposed rule, "plant operational states" should be defined by the following:
Plant operational states for PWRs: PI Power operations and shutdown conditions without RHR initiation P2 Shutdown conditions with RHR cooling and RCS unvented P3 Shutdown conditions with RHR cooling and RCS vented but not in reduced inventory P4 Reduced inventory Plant operational states for BWRs: BI Power operations and shutdown conditions without RHR initiation B2 Shutdown conditions with RHR cooling and RCS unvented B3 Shutdown conditions with RHR cooling and RCS vented Tables 3 and 4 show the plant operational states for which the data should be reported for the "basic systems." 12 TABLE 3. Plant Operational States for PWRs 13 P1 P2 P3 P4 PWR Power Shutdown Shutdown Reduced Basic Operation Conditions Conditions Inventory Systems and Shutdown with RHR with RHR Modes Cooling Cooling and without RHR and RCS RCS Vented Initiations Unvented but not in Reduced Inventory Emergency ac power yes yes yes yes system Reactor protection yes no no no system Auxiliary feedwater yes yes no no system High-pressure safety yes yes yes yes injection system Low-pressure safety yes yes yes yes injection system/RHR
Plant operational states for PWRs:
_ I III TABLE 4. Plant Operational States for BWRs BI B2 B3 BWR Power Shutdown Shutdown Basic Operation and Conditions Conditions Systems Shutdown with RHR with RHR Conditions Cooling and Cooling and without RHR RCS RCS Vented Initiation Unvented Emergency ac power system yes yes yes Reactor protection system yes no no Reactor core isolation cooling yes yes no system or Isolation condenser yes yes no High-pressure coolant injection yes yes no system High-pressure core spray system yes yes no or Feedwater coolant injection yes yes yes system Low-pressure coolant injection yes yes yes function of residual heat removal, low-pressure coolant injection or low-pressure core spray systems and Heat removal function of RHR yes yes yes and containment spray systems I II_ I For systems that are determined to be reportable based on their plant specific risk significance, reliability data should be reported for those plant operational states during which they could be used to perform their risk significant safety function.
PI Power operations and shutdown conditions without RHR initiation P2 Shutdown conditions with RHR cooling and RCS unvented P3 Shutdown conditions with RHR cooling and RCS vented but not in reduced inventory P4 Reduced inventory Plant operational states for BWRs:
: 3. REPORTABLE DEMANDS A reportable demand is an instance when a basic system or other risk significant system, train, or equipment group is actuated to perform its risk significant safety function.
BI Power operations and shutdown conditions without RHR initiation B2 Shutdown conditions with RHR cooling and RCS unvented B3 Shutdown conditions with RHR cooling and RCS vented Tables 3 and 4 show the plant operational states for which the data should be reported for the "basic systems."
A demand may be manual or automatic.
12
Reportable 14 I demands should include (1) actual demands, (2) spurious demands that closely simulate actual demands, (3) test demands that involve, or, if actually demanded, would involve, simultaneous or integrated actuation of all components in the system or train, and (4) certain partial train tests that provide data necessary to estimate train reliability.
 
These partial test demands, although conducted at different time intervals, can be combined to estimate the demand reliability of the train. These partial train tests may include mini-flow pump tests, diesel generator monthly tests, valve stroke tests, RPS actuation channel tests, and special integrated system tests conducted during refueling outages. Individual component tests (e.g., valve stroke tests) that are conducted at roughly the same frequency could be reported as demands for that group. Additional guidance and examples are provided in Appendix E. When it is impractical to count individual demands and a reasonable basis for estimating demands has been established, the reported demands may reflect the general history of the equipment rather than an exact count of every demand. The basis for count estimates of demands should be modified when changes in plant operations and testing make the estimated values inaccurate for reliability estimates. (See the discussion of accuracy at beginning of the Regulatory Position.)
TABLE 3. Plant Operational States for PWRs P1             P2           P3         P4 PWR                   Power         Shutdown     Shutdown   Reduced Basic                 Operation     Conditions   Conditions Inventory Systems               and Shutdown   with RHR     with RHR Modes         Cooling     Cooling and without RHR   and RCS     RCS Vented Initiations   Unvented     but not in Reduced Inventory Emergency ac power     yes           yes         yes         yes system Reactor protection     yes           no           no         no system Auxiliary feedwater   yes           yes         no         no system High-pressure safety   yes           yes         yes         yes injection system Low-pressure safety   yes           yes         yes         yes injection system/RHR   _             I           III 13
The use of estimated demands would not apply to actual or spurious demands to perform a risk-significant safety function or to surveillance required by technical specifications.
 
TABLE 4. Plant Operational States for BWRs BI             B2           B3 BWR                               Power           Shutdown     Shutdown Basic                             Operation and   Conditions   Conditions Systems                           Shutdown       with RHR     with RHR Conditions     Cooling and Cooling and without RHR     RCS         RCS Vented Initiation     Unvented Emergency ac power system         yes             yes         yes Reactor protection system         yes             no           no Reactor core isolation cooling     yes             yes         no system or Isolation condenser               yes             yes         no High-pressure coolant injection   yes             yes         no system High-pressure core spray system   yes             yes         no or Feedwater coolant injection       yes             yes         yes system Low-pressure coolant injection   yes             yes         yes function of residual heat removal, low-pressure coolant injection or low-pressure core spray systems and Heat removal function of RHR       yes             yes         yes and containment spray systems     I               II_                       I For systems that are determined to be reportable based on their plant specific risk significance, reliability data should be reported for those plant operational states during which they could be used to perform their risk significant safety function.
: 3. REPORTABLE DEMANDS A reportable demand is an instance when a basic system or other risk significant system, train, or equipment group is actuated to perform its risk significant safety function. A demand may be manual or automatic. Reportable   I 14
 
demands should include (1) actual demands, (2) spurious demands that closely simulate actual demands, (3) test demands that involve, or, if actually demanded, would involve, simultaneous or integrated actuation of all components in the system or train, and (4) certain partial train tests that provide data necessary to estimate train reliability. These partial test demands, although conducted at different time intervals, can be combined to estimate the demand reliability of the train. These partial train tests may include mini-flow pump tests, diesel generator monthly tests, valve stroke tests, RPS actuation channel tests, and special integrated system tests conducted during refueling outages. Individual component tests (e.g., valve stroke tests) that are conducted at roughly the same frequency could be reported as demands for that group. Additional guidance and examples are provided in Appendix E.
When it is impractical to count individual demands and a reasonable basis for estimating demands has been established, the reported demands may reflect the general history of the equipment rather than an exact count of every demand. The basis for count estimates of demands should be modified when changes in plant operations and testing make the estimated values inaccurate for reliability estimates.   (See the discussion of accuracy at beginning of the Regulatory Position.) The use of estimated demands would not apply to actual or spurious demands to perform a risk-significant safety function or to surveillance required by technical specifications.
Test demands following maintenance or repair of equipment, if they are used to demonstrate that the equipment is ready to return to service, should not be counted as reportable demands.
Test demands following maintenance or repair of equipment, if they are used to demonstrate that the equipment is ready to return to service, should not be counted as reportable demands.
Examples of reportable demands are provided in Appendix E. 4. REPORTABLE RUN TIMES Certain systems are required to start and operate for a relatively long test or mission time. These systems include the emergency ac power system, the fluid systems listed in Regulatory Position 1.1 and similar reportable systems selected by the methods in Regulatory Position 1.2 with risk-significant mission run times of about eight hours or more. For all run times or hours of operation greater than one hour for these systems, licensees should report (1) the number of demands (either test or in response to an actual demand) to run 15 for an hour or more, (2) the number of these runs that ended in failure, and (3) the total hours of operation of these runs (the sum of all run times greater than an hour from the time of the demand to the end of the operation).
Examples of reportable demands are provided in Appendix E.
Data on run time must be reported by the train or equipment group, by the type of demand, and by the plant operational state at the time of the demand to run. Appendix E describes a way to report these data that is acceptable to the NRC staff. 5. REPORTABLE FAILURES A failure is reportable when a reportable system, train, or equipment group fails to perform its risk-significant safety function in response to a reportable demand. This information is used in conjunction with the count of reportable demands to estimate unreliability.
: 4. REPORTABLE RUN TIMES Certain systems are required to start and operate for a relatively long test or mission time. These systems include the emergency ac power system, the fluid systems listed in Regulatory Position 1.1 and similar reportable systems selected by the methods in Regulatory Position 1.2 with risk-significant mission run times of about eight hours or more. For all run times or hours of operation greater than one hour for these systems, licensees should report (1) the number of demands (either test or in response to an actual demand) to run 15
This information should be tabulated on the data sheets provided in Appendix E. In addition, a component failure record, as described in Appendix F, should be provided.
 
The component failure record is used to identify the actual component that failed, its cause, the effect of the failure, and other pertinent information.
for an hour or more, (2) the number of these runs that ended in failure, and (3) the total hours of operation of these runs (the sum of all run times greater than an hour from the time of the demand to the end of the operation).
Some risk-significant systems have multiple success paths because of their complexity of design and multiple safety function requirements.
Data on run time must be reported by the train or equipment group, by the type of demand, and by the plant operational state at the time of the demand to run.
These systems are not easily divided into simple trains or equipment groups with simple train-level success criteria.
Appendix E describes a way to report these data that is acceptable to the NRC staff.
While it may be appropriate to combine multiple success paths into a single train or equipment group for the purpose of counting demands, it would be inappropriate to report failures at that level. For example, the valves between the pumps and steam generators in a headered auxiliary feedwater system may be required to direct flow from only one pump to only one steam generator for success in some sequences, but may be required to direct flow from two pumps to two or more steam generators for success in other sequences.
: 5. REPORTABLE FAILURES A failure is reportable when a reportable system, train, or equipment group fails to perform its risk-significant safety function in response to a reportable demand. This information is used in conjunction with the count of reportable demands to estimate unreliability. This information should be tabulated on the data sheets provided in Appendix E. In addition, a component failure record, as described in Appendix F, should be provided. The component failure record is used to identify the actual component that failed, its cause, the effect of the failure, and other pertinent information.
Thus, the failure of any of these injection valves is of potential risk-significance.
Some risk-significant systems have multiple success paths because of their complexity of design and multiple safety function requirements. These systems are not easily divided into simple trains or equipment groups with simple train-level success criteria. While it may be appropriate to combine multiple success paths into a single train or equipment group for the purpose of counting demands, it would be inappropriate to report failures at that level. For example, the valves between the pumps and steam generators in a headered auxiliary feedwater system may be required to direct flow from only one pump to only one steam generator for success in some sequences, but may be required to direct flow from two pumps to two or more steam generators for success in other sequences. Thus, the failure of any of these injection valves is of potential risk-significance. A failure record is required for each principal component failure of a reportable system, train, or equipment group.
A failure record is required for each principal component failure of a reportable system, train, or equipment group. A principal component failure is also reportable when discovered by means other than a reportable demand (e.g., it is found to be unable to perform its risk-significant safety function because of actual or incipient failure by inspection or other nonreportable demands.16 A failure in a front-line reportable system, train, or equipment group may be due to the failure of a component from a support system. If the failed support system component provides a dedicated support function to a single train or equipment group in the reportable system (as discussed in Regulatory Position 1.2), the failure of the support system component should be reported against the reportable front-line system. If the dedicated component is not indicated on the systems diagram for the reportable system, the component failure record should describe the component and its function.
A principal component failure is also reportable when discovered by means other than a reportable demand (e.g., it is found to be unable to perform its risk-significant safety function because of actual or incipient failure by inspection or other nonreportable demands.
For example, if the heat exchanger from the service water system that is dedicated to a specific diesel generator became plugged resulting in the failure of the diesel generator, the failure should be reported as a failure of a train in the emergency ac power system due to failure of the service water heat exchanger.
16
On the other hand, if a failed support system component fails or causes the unavailability of more than one reportable front-line system, and the support system is also designated as a reportable system, the failure should be reported as a failure of the support system. The accompanying component failure record should describe the effects on the front-line systems. If this same situation occurs in a support system that is not itself a reportable system, the failures of each affected front-line system should be reported, with a single component failure record that indicates the connection of all the affected systems to the single support system component failure. For example, if failure of a service water pump results in failure of an emergency diesel generator (EDG) and loss of an RHR train, it should be reported as a service water system failure that caused failure or unavailable hours for an EDG train and an RHR train. Degradations in equipment performance that do not satisfy operability requirements for design basis accidents but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under this rule (e.g., an emergency diesel generator start in 11 to 12 seconds, when the requirement to start is within 10 seconds, would not be reportable).
 
If there is reasonable doubt about the reportability of an equipment degradation as a failure, or if precise analysis of operational capability is required to determine whether the equipment degradation represents a risk-significant safety function failure, the degradation should be reported as a failure with an appropriate explanation.
A failure in a front-line reportable system, train, or equipment group may be due to the failure of a component from a support system. If the failed support system component provides a dedicated support function to a single train or equipment group in the reportable system (as discussed in Regulatory Position 1.2), the failure of the support system component should be reported against the reportable front-line system. If the dedicated component is not indicated on the systems diagram for the reportable system, the component failure record should describe the component and its function. For example, if the heat exchanger from the service water system that is dedicated to a specific diesel generator became plugged resulting in the failure of the diesel generator, the failure should be reported as a failure of a train in the emergency ac power system due to failure of the service water heat exchanger.
17 Failure records should be submitted to NRC with the annual reports.
On the other hand, if a failed support system component fails or causes the unavailability of more than one reportable front-line system, and the support system is also designated as a reportable system, the failure should be reported as a failure of the support system. The accompanying component failure record should describe the effects on the front-line systems. If this same situation occurs in a support system that is not itself a reportable system, the failures of each affected front-line system should be reported, with a single component failure record that indicates the connection of all the affected systems to the single support system component failure. For example, if failure of a service water pump results in failure of an emergency diesel generator (EDG) and loss of an RHR train, it should be reported as a service water system failure that caused failure or unavailable hours for an EDG train and an RHR train.
Guidance on the content and format of failure records is provided in Appendix F. 5.1 Failure on Demand Failures on demand should include failures to start and achieve a steady state condition (e.g., rated speed, flow, position) and failures to operate for up to one hour. Failures to change state on demand should include failures of valves and electrical equipment that must change state (open, close, make or break contact) to fulfill their risk-significant safety functions.
Degradations in equipment performance that do not satisfy operability requirements for design basis accidents but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under this rule (e.g., an emergency diesel generator start in 11 to 12 seconds, when the requirement to start is within 10 seconds, would not be reportable). If there is reasonable doubt about the reportability of an equipment degradation as a failure, or if precise analysis of operational capability is required to determine whether the equipment degradation represents a risk-significant safety function failure, the degradation should be reported as a failure with an appropriate explanation.
Failures on demand must be reported by the train or equipment group in which the failure occurred, the type of demand, and the plant operational state at the time of failure. See Appendix E for the format for reporting failure counts. 5.2 Failure To Run Failures that occur after a successful start (i.e., start and run for one hour) should be reported as a failure to run for the train or equipment group containing the failure. See Appendix E for the format for reporting data on failure to run. 5.3 Recoverable Failures Initial actuation or run failures that are promptly recovered in a time frame consistent with the risk-significant safety function are not reportable.
17
The following guidance should be used: Actuation and run failures that are promptly recovered from the control room in a short period and don't require diagnosis or repair are not reportable.
 
The length of time for successful recovery depends on the function that must be performed, but is generally limited to less than 5 minutes. For example, failure of an emergency diesel generator to start automatically would not be reported as a failure if an operator manually started the diesel generator from the control room within a few minutes.18 For conducting functional tests, a component may be aligned to a test position that is different from its normal standby position, leaving the train or equipment group in a configuration that would not be capable of automatically satisfying its safety function.
Failure records should be submitted to NRC with the annual reports.
If an operator is stationed by the realigned component with the specific responsibility of realigning it to its safety function position in case a real demand occurs during the period of the test and a reportable demand occurs, the operator's successful realignment of the component would be a successful demand, not a reportable failure. Operator error or inability to successfully operate the equipment would be reported as a failure on demand. Any other actions by the operator to recover failures of other components should be reported as failures.
Guidance on the content and format of failure records is provided in Appendix F.
: 6. UNAVAILABLE HOURS Unavailable hours are the period of time that a reportable system, train, or equipment group is not capable of performing its risk-significant safety function for reportable plant operational states. This may occur following a failure on demand or by removal of equipment from service (e.g., for maintenance or testing).
5.1   Failure on Demand Failures on demand should include failures to start and achieve a steady state condition (e.g., rated speed, flow, position) and failures to operate for up to one hour. Failures to change state on demand should include failures of valves and electrical equipment that must change state (open, close, make or break contact) to fulfill their risk-significant safety functions.
Unavailable hours must be reported as either planned (preventive maintenance, test, or other planned activities) or unplanned (e.g., repair of a component resulting in a system or train being unavailable).
Failures on demand must be reported by the train or equipment group in which the failure occurred, the type of demand, and the plant operational state at the time of failure. See Appendix E for the format for reporting failure counts.
It also includes time unavailable because a support system failed or was unavailable, rendering the train or equipment group incapable of performing its risk-significant safety function.
5.2     Failure To Run Failures that occur after a successful start (i.e., start and run for one hour) should be reported as a failure to run for the train or equipment group containing the failure. See Appendix E for the format for reporting data on failure to run.
5.3   Recoverable Failures Initial actuation or run failures that are promptly recovered in a time frame consistent with the risk-significant safety function are not reportable.
The following guidance should be used:
Actuation and run failures that are promptly recovered from the control room in a short period and don't require diagnosis or repair are not reportable. The length of time for successful recovery depends on the function that must be performed, but is generally limited to less than 5 minutes. For example, failure of an emergency diesel generator to start automatically would not be reported as a failure if an operator manually started the diesel generator from the control room within a few minutes.
18
 
For conducting functional tests, a component may be aligned to a test position that is different from its normal standby position, leaving the train or equipment group in a configuration that would not be capable of automatically satisfying its safety function. If an operator is stationed by the realigned component with the specific responsibility of realigning it to its safety function position in case a real demand occurs during the period of the test and a reportable demand occurs, the operator's successful realignment of the component would be a successful demand, not a reportable failure. Operator error or inability to successfully operate the equipment would be reported as a failure on demand.
Any other actions by the operator to recover failures of other components should be reported as failures.
: 6. UNAVAILABLE HOURS Unavailable hours are the period of time that a reportable system, train, or equipment group is not capable of performing its risk-significant safety function for reportable plant operational states. This may occur following a failure on demand or by removal of equipment from service (e.g., for maintenance or testing). Unavailable hours must be reported as either planned (preventive maintenance, test, or other planned activities) or unplanned (e.g.,
repair of a component resulting in a system or train being unavailable). It also includes time unavailable because a support system failed or was unavailable, rendering the train or equipment group incapable of performing its risk-significant safety function.
Unavailable hours do not include conditions that are promptly recoverable from the control room, such that the risk-significant safety function could be performed as needed. Nor do they include the loss of individual components that do not result in a reportable system, train, or equipment group being unavailable.
Unavailable hours do not include conditions that are promptly recoverable from the control room, such that the risk-significant safety function could be performed as needed. Nor do they include the loss of individual components that do not result in a reportable system, train, or equipment group being unavailable.
Unavailable hours should begin when a system, train, or equipment group is either removed from service for scheduled (planned) or corrective 19 (unplanned) maintenance, or is discovered to be incapable of performing the safety function by some means other than a reportable demand (e.g., by observation of mispositioned or damaged components).
Unavailable hours should begin when a system, train, or equipment group is either removed from service for scheduled (planned) or corrective 19
When reportable equipment is determined to be unavailable by means other than a reportable demand and it is not feasible to determine the time the equipment actually became unavailable, the time the equipment became unavailable should be estimated as the mid-point between the last time the failed component was known to be functional and the time it was discovered to be failed. For example, if a component is discovered to be inoperable because of corrosion that occurred since the last successful operation, it would be difficult to determine exactly when the corrosion reached the point that the component would have failed on demand. In this case, the unavailable time should be estimated as one half the time since the last successful test plus the corrective action time needed to restore the component back to an operable state. 7. HOURS IN PLANT OPERATIONAL STATES Licensees should report the number of hours during each quarter that the plant was in each of the plant operational states defined in Regulatory Position 2. Examples for reporting these hours are shown in Appendix E. 8. CONCURRENT UNAVAILABLE HOURS Concurrent unavailable hours are to be reported when two or more trains or equipment groups in the same or different reportable systems are unavailable at the same time. The intent is to report on a loss of redundancy within and between systems as well as a concurrent loss of two or more safety functions at the train or equipment group level. For each such instance, the concurrent unavailable hours (either known hours or hours estimated by the method suggested in Regulatory Position 6) and the identity of the trains or equipment groups should be reported.20
 
(unplanned) maintenance, or is discovered to be incapable of performing the safety function by some means other than a reportable demand (e.g., by observation of mispositioned or damaged components). When reportable equipment is determined to be unavailable by means other than a reportable demand and it is not feasible to determine the time the equipment actually became unavailable, the time the equipment became unavailable should be estimated as the mid-point between the last time the failed component was known to be functional and the time it was discovered to be failed. For example, if a component is discovered to be inoperable because of corrosion that occurred since the last successful operation, it would be difficult to determine exactly when the corrosion reached the point that the component would have failed on demand. In this case, the unavailable time should be estimated as one half the time since the last successful test plus the corrective action time needed to restore the component back to an operable state.
: 7. HOURS IN PLANT OPERATIONAL STATES Licensees should report the number of hours during each quarter that the plant was in each of the plant operational states defined in Regulatory Position 2. Examples for reporting these hours are shown in Appendix E.
: 8. CONCURRENT UNAVAILABLE HOURS Concurrent unavailable hours are to be reported when two or more trains or equipment groups in the same or different reportable systems are unavailable at the same time. The intent is to report on a loss of redundancy within and between systems as well as a concurrent loss of two or more safety functions at the train or equipment group level. For each such instance, the concurrent unavailable hours (either known hours or hours estimated by the method suggested in Regulatory Position 6) and the identity of the trains or equipment groups should be reported.
20
: 9. ANNUAL REPORTS Licensees are required to submit annual reports of the reportable summary reliability and availability data, compiled on a quarterly basis. Licensees may report data more frequently or compile information more frequently than quarterly.
: 9. ANNUAL REPORTS Licensees are required to submit annual reports of the reportable summary reliability and availability data, compiled on a quarterly basis. Licensees may report data more frequently or compile information more frequently than quarterly.
9.1 Summary Reliability and Availability Data Appendix E provides formats (or data sheets) that are acceptable to the NRC staff for submitting summary reliability and availability data, along with information on compiling specific data elements.
9.1   Summary Reliability and Availability Data Appendix E provides formats (or data sheets) that are acceptable to the NRC staff for submitting summary reliability and availability data, along with information on compiling specific data elements.
9.2 Failure Records As discussed in Regulatory Position 5, a failure record is required for each reportable failure. Appendix F lists the information that should be supplied in each failure record. A Nuclear Plant Reliability Data System (NPRDS) failure record may be submitted in lieu of the failure record of Appendix F if it contains the information identified in Appendix F. 9.3 Identification of Systems, Trains, and Equipment Groups The initial annual report should include brief descriptions identifying the systems, trains, and equipment groups to which the summary data apply. Subsequent annual reports should identify changes made to the systems, trains, and equipment groups. The information provided on systems, trains, and equipment groups, should include the following items. A list of the risk-significant systems and equipment that the licensee has determined on a plant-specific basis to be reportable under the rule, as discussed in Regulatory Position 1.2. A brief description of the risk-significant safety functions for these systems, as for the basic systems in Regulatory Position 1.1, that could 21 be used to identify risk-significant successes, failures, and unavailable time. The plant operational states for which reliability and availability data are reportable for each risk-significant system, train, and equipment group, as for the basic systems in Regulatory Position 2. Simplified system diagrams for each reportable system, annotated to show each risk-significant train and equipment group associated with the various types of reportable demands and unavailable hours. Examples are provided in Appendix E. These diagrams should include principal component identifiers for all reportable components that would permit the linking of failure records to specific components in the system diagrams.
9.2   Failure Records As discussed in Regulatory Position 5, a failure record is required for each reportable failure. Appendix F lists the information that should be supplied in each failure record. A Nuclear Plant Reliability Data System (NPRDS) failure record may be submitted in lieu of the failure record of Appendix F if it contains the information identified in Appendix F.
9.4 Electronic Submittal Documentation of reportable reliability and availability data, failure records, and descriptive material on the systems may be submitted by letter or electronically.
9.3   Identification of Systems, Trains, and Equipment Groups The initial annual report should include brief descriptions identifying the systems, trains, and equipment groups to which the summary data apply.
There are several acceptable methods and formats for submitting data electronically.
Subsequent annual reports should identify changes made to the systems, trains, and equipment groups. The information provided on systems, trains, and equipment groups, should include the following items.
Files may be sent by e-mail over the Internet or by mailing a diskette containing the data. 10. ONSITE DATA STORAGE Licensees should maintain records and documentation to verify and validate the summary data reported to NRC. These records should be available for NRC review. Licensees may maintain a log of each demand, failure, or unavailable period that forms the basis for the summary data reported to the NRC. Alternatively, licensees may wish to state their methods or references for linking each reportable data element (demand, failure, or unavailable period) to existing plant records. Plant records could include such items as maintenance work orders and requests, maintenance rule documentation, plant monthly operating reports, control room logs, diesel generator room logs, operations and maintenance staff planning documents, and LERs. The staff 22 suggests a format similar to Appendix G to both ensure clarity and to provide a method of easily recording information on a frequent (daily or weekly) basis. These records should cover a period of at least the 5 most recent calendar years.23 APPENDIX A PROPOSED RULE SECTION 50.76, "uREPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT," INCLUDING THE STATEMENT OF CONSIDERATIONS Published in the Federal Register on February 12, 1996 (Volume 61, No. 29, pages 5318-5326)
A list of the risk-significant systems and equipment that the licensee has determined on a plant-specific basis to be reportable under the rule, as discussed in Regulatory Position 1.2.
A-i Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules not required by 5 USC 553 or any other provision of law to pubiish a notice of proposed rulemaking with respect to the subject matter of this rule. Federal Assistance Program The title and number of the Federal Assistance Program, as found in the Catalog of Federal Domestic Assistance, to which this rule applies are: Commodity Loans and Purchases 10.051 Environmental Evaluation It has been determined by an environmental evaluation that this action will have no significant impact on the quality of the human environment.
A brief description of the risk-significant safety functions for these systems, as for the basic systems in Regulatory Position 1.1, that could 21
Therefore, neither an environmental assessment nor environment statement is needed. Executive Order 12372 This program/activity is not subject to the provisions of Executive Order 12372, which requires intergovernmental consultation with State and local officials.
 
See the notice related to 7 CFR Part 3015, subpart V published at 48 FR 2915 (une 24, 1983). Executive Order 12778 This proposed rule has been reviewed in accordance with Executive Order 12778. The provisions of this proposed rule are not retroactive and preempt State laws to the extent that such laws are inconsistent with the provisions of this proposed rule. Before any legal action is brought regarding determinations made under provision of 7 CFR Part 1464, the administrative appeal provisions set forth at 7 CFR Part 780 must be exhausted.
be used to identify risk-significant successes, failures, and unavailable time.
Paperwork Reduction Act This proposed rule does not change the information collection requirements that have been approved by OMB and assigned control number 0560-0058.
The plant operational states for which reliability and availability data are reportable for each risk-significant system, train, and equipment group, as for the basic systems in Regulatory Position 2.
Background Nested tobacco is tobacco in a lot containing a "nest" of inferior tobacco or foreign material, presumably, to increase the payment of loan weight of the lot. A formal definition of nesting is found in regulations codified at 7 CFR Part 29 and that definition is incorporated in the rules for the tobacco price support program found at 7 CFR Part 1464. In some cases, the nesting may not be discovered until later in processing, well after a price support loan for the tobacco has been disbursed.
Simplified system diagrams for each reportable system, annotated to show each risk-significant train and equipment group associated with the various types of reportable demands and unavailable hours. Examples are provided in Appendix E. These diagrams should include principal component identifiers for all reportable components that would permit the linking of failure records to specific components in the system diagrams.
Under current tobacco program rules n 7 CFR Part 1464.7 through 9, a producer found to have "knowingly" presented nested tobacco (i) must refund the price support loan amount for the individual lot and (ii) will be declared to be ineligible for any other tobacco price support for that year. Because of the severity of the consequences, there is sometimes a reluctance to make a finding that the violation was knowing and producers will sometimes contend that the nesting was the act of irresponsible employees or other handlers of tobacco. However, there is no apparent reason why a refund should not be demanded for a loan made on any adulterated (nested) lot whether it was, as to producer, "knowingly" nested or not. It must be the responsibility of the producer to present eligible tobacco. Nesting produces false weights, and processing problems, and by producing undue loan disbursements can cause losses that ultimately are born by the tobacco producer because of the "no net-cost" nature of the tobacco program.
9.4   Electronic Submittal Documentation of reportable reliability and availability data, failure records, and descriptive material on the systems may be submitted by letter or electronically. There are several acceptable methods and formats for submitting data electronically. Files may be sent by e-mail over the Internet or by mailing a diskette containing the data.
The proposed rule would make explicit that a refund wi8ll be due from the loan recipient on the individual nested lot in all cases of nesting ("knowing" or not). However, the rules would allow the Farm Service Agency (FSA) county conmmittee, with the concurrence of the FSA State committee, to reduce the amount of the refund demanded, in accordance with guidelines of the FSA Deputy Administrator for Farm Programs.
: 10. ONSITE DATA STORAGE Licensees should maintain records and documentation to verify and validate the summary data reported to NRC. These records should be available for NRC review. Licensees may maintain a log of each demand, failure, or unavailable period that forms the basis for the summary data reported to the NRC. Alternatively, licensees may wish to state their methods or references for linking each reportable data element (demand, failure, or unavailable period) to existing plant records. Plant records could include such items as maintenance work orders and requests, maintenance rule documentation, plant monthly operating reports, control room logs, diesel generator room logs, operations and maintenance staff planning documents, and LERs. The staff 22
This allowance will permit adjustments to avoid undue hardships to producers.
 
This rule would not adjust the terms under which a producer can lose eligibility for the entire crop year. for all lots, as a result of a nesting violation.
suggests a format similar to Appendix G to both ensure clarity and to provide a method of easily recording information on a frequent (daily or weekly) basis.
For that, a "knowing" violation will still be required.
These records should cover a period of at least the 5 most recent calendar years.
The proposed rule is, instead, addressed to the accounting for the individual lot that is actually nested. This result would be accomplished by modifying Part 1464.8 to make more explicit that nested tobacco is per se ineligible for price support. Also, Part 1464.9 would be amended to remove the reference to "knowing" violations with regard to demands for refunds on individual lots. Comments on this proposed rule are welcomed and should be submitted by the date indicated in this notice. List of Subjects in 7 CFR Part 1464 Agriculture, Assessments, Loan program, Price support program, Tobacco, Warehouses.
23
Accordingly, it is proposed that 7 CFR Part 1464 be amended as follows: PART 1464-TOBACCO
 
: 1. The authority citation for part 1464 continues to read as follows: Authority:
APPENDIX A PROPOSED RULE SECTION 50.76, "uREPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT,"
7 U.S.C. 1421, 1423, 1441, 1445, 1445-1 and 1445-2; 15 U.S.C. 714b, 714c. 2. Section 1464.8 is amended by revising the introductory text to read as follows: t1464.8 Eligible tobacco.
INCLUDING THE STATEMENT OF CONSIDERATIONS Published in the Federal Register on February 12, 1996 (Volume 61, No. 29, pages 5318-5326)
Eligible tobacco for the purpose of pledging such tobacco as collateral for a price support loan is any tobacco of a kind for which price support is available, as provided in § 1464.2. that is in sound and merchantable condition, is not nested as defined in 7 CFR Part 29, and: * *t * *
A-i
* 3. Section 1"464.9 is amended by revising paragraph (a) to read as follows: §1464.9 Refund of price support advance. 
 
* * *r
5318            Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules not required by 5 USC 553 or any other       tobacco (i) must refund the price                Authority: 7 U.S.C. 1421, 1423, 1441, 1445, provision of law to pubiish a notice of     support loan amount for the individual        1445-1 and 1445-2; 15 U.S.C. 714b, 714c.
* at (a) Received a price support advance on tobacco that was nested, as defined in part 29 of this title or otherwise not eligible for price support. The county committee, with concurrence of a State committee representative, may reduce the refund with respect to tobacco otherwise required in this part, in accordance with guidelines issued by the Deputy Administrator for Farm Programs.
proposed rulemaking with respect to the     lot and (ii) will be declared to be              2. Section 1464.8 is amended by subject matter of this rule.                 ineligible for any other tobacco price        revising the introductory text to read as support for that year.                        follows:
ft * * *
Federal Assistance Program                     Because of the severity of the The title and number of the Federal      consequences, there is sometimes a                t1464.8 Eligible tobacco.
* Signed at Washington, D.C., on February 5, 1996. Bruce R. Weber, Acting Executive Vice President, Commodity Credit Corporation.
Assistance Program, as found in the        reluctance to make a finding that the              Eligible tobacco for the purpose of Catalog of Federal Domestic Assistance,    violation was knowing and producers            pledging such tobacco as collateral for a to which this rule applies are:             will sometimes contend that the nesting        price support loan is any tobacco of a Commodity Loans and Purchases               was the act of irresponsible employees          kind for which price support is 10.051                                     or other handlers of tobacco. However,       available, as provided in § 1464.2. that there is no apparent reason why a            is in sound and merchantable condition, Environmental Evaluation                    refund should not be demanded for a          is not nested as defined in 7 CFR Part It has been determined by an            loan made on any adulterated (nested)        29, and:
[FR Doc. 96-2927 Filed 2-9-96; 8:45 am) BILUNG COoE 3410-05-M NUCLEAR REGULATORY COMMISSION 10 CFR Part 50 RIN 3150-AF33 Reporting Reliability and Availability Information for Risk-significant Systems and Equipment AGENCY: Nuclear Regulatory Commission.
environmental evaluation that this           lot whether it was, as to producer,          *          *t    *      *
ACTION: Proposed rule.
* action will have no significant impact      "knowingly" nested or not. It must be            3. Section 1"464.9 is amended by on the quality of the human                the responsibility of the producer to          revising paragraph (a) to read as follows:
environment. Therefore, neither an          present eligible tobacco. Nesting environmental assessment nor                produces false weights, and processing        §1464.9 Refund of price support advance.
environment statement is needed.            problems, and by producing undue loan         *        *      *r
* at disbursements can cause losses that               (a) Received a price support advance Executive Order 12372 ultimately are born by the tobacco             on tobacco that was nested, as defined This program/activity is not subject to  producer because of the "no net-cost"        in part 29 of this title or otherwise not the provisions of Executive Order          nature of the tobacco program.               eligible for price support. The county 12372, which requires                          The proposed rule would make              committee, with concurrence of a State intergovernmental consultation with        explicit that a refund wi8ll be due from      committee representative, may reduce State and local officials. See the notice  the loan recipient on the individual          the refund with respect to tobacco related to 7 CFR Part 3015, subpart V      nested lot in all cases of nesting            otherwise required in this part, in published at 48 FR 2915 (une 24, 1983).      ("knowing" or not). However, the rules      accordance with guidelines issued by would allow the Farm Service Agency          the Deputy Administrator for Farm Executive Order 12778                      (FSA) county conmmittee, with the This proposed rule has been reviewed                                                  Programs.
concurrence of the FSA State                  ft      *      *      *
* in accordance with Executive Order          committee, to reduce the amount of the 12778. The provisions of this proposed      refund demanded, in accordance with                Signed at Washington, D.C., on February 5, 1996.                                                I rule are not retroactive and preempt        guidelines of the FSA Deputy State laws to the extent that such laws    Administrator for Farm Programs. This         Bruce R. Weber, are inconsistent with the provisions of    allowance will permit adjustments to         Acting Executive Vice President,Commodity this proposed rule. Before any legal        avoid undue hardships to producers.          Credit Corporation.
action is brought regarding                    This rule would not adjust the terms     [FR Doc. 96-2927 Filed 2-9-96; 8:45 am) determinations made under provision of      under which a producer can lose               BILUNG COoE 3410-05-M 7 CFR Part 1464, the administrative        eligibility for the entire crop year. for all appeal provisions set forth at 7 CFR Part  lots, as a result of a nesting violation.
780 must be exhausted.                      For that, a "knowing" violation will still   NUCLEAR REGULATORY be required. The proposed rule is,           COMMISSION Paperwork Reduction Act                    instead, addressed to the accounting for This proposed rule does not change      the individual lot that is actually nested. 10 CFR Part 50 the information collection requirements    This result would be accomplished by         RIN 3150-AF33 that have been approved by OMB and          modifying Part 1464.8 to make more assigned control number 0560-0058.          explicit that nested tobacco is per se       Reporting Reliability and Availability ineligible for price support. Also, Part     Information for Risk-significant Background                                  1464.9 would be amended to remove the         Systems and Equipment Nested tobacco is tobacco in a lot      reference to "knowing" violations with containing a "nest" of inferior tobacco    regard to demands for refunds on             AGENCY: Nuclear Regulatory or foreign material, presumably, to        individual lots.                             Commission.
increase the payment of loan weight of          Comments on this proposed rule are       ACTION: Proposed rule.
the lot. A formal definition of nesting is  welcomed and should be submitted by found in regulations codified at 7 CFR      the date indicated in this notice.          


==SUMMARY==
==SUMMARY==
: The Nuclear Regulatory Commission (NRC) is proposing to amend its regulations to require that licensees for commercial nuclear power reactors report plant-specific summary reliability and availability data for risk significant systems and equipment  
: The Nuclear Regulatory Part 29 and that definition is                                                            Commission (NRC) is proposing to List of Subjects in 7 CFR Part 1464          amend its regulations to require that incorporated in the rules for the tobacco price support program found at 7 CFR            Agriculture, Assessments, Loan            licensees for commercial nuclear power Part 1464.                                  program, Price support program,              reactors report plant-specific summary In some cases, the nesting may not be  Tobacco, Warehouses.                          reliability and availability data for risk discovered until later in processing,          Accordingly, it is proposed that 7 CFR significant systems and equipment ' to well after a price support loan for the      Part 1464 be amended as follows:
' to I In relation to this proposed rule, the term equipment is intended to apply to an ensemble of components treated as a single entity for certain probabilistic risk assessments (PRAs) where a system or train treatment would not be appropriate.
tobacco has been disbursed. Under                                                              IIn relation to this proposed rule, the term PART 1464-TOBACCO                              equipment is intended to apply to an ensemble of current tobacco program rules n 7 CFR                                                      components treated as a single entity for certain Part 1464.7 through 9, a producer found          1. The authority citation for part 1464    probabilistic risk assessments (PRAs) where a to have "knowingly" presented nested        continues to read as follows:                  system or train treatment would not be appropriate.
A-2 5318 I l.Ajliial I VnV fR1. No. 29 / Mondav. February 12. 1996 / Proposed Rules 51 the NRC. The proposed rule would also require licensees to maintain on site, and to make available for NRC inspection, records and documentation that provide the basis for the summary data reported to the NRC. The systems and equipment for which data would be provided are a subset of the systems and equipment within the scope of the maintenance rule. The Commission has determined that reporting of reliability and availability information is necessary to substantially improve the NRC's ability to make risk effective regulatory decisions consistent with the Commission's policy statement on the use of probabilistic risk assessments (PRAs) (August 16, 1995; 60 FR 42622). This would assist the NRC in improving its oversight capabilities with respect to public health and safety and becoming more efficient by focusing its regulatory program on those issues of greatest risk significance and reducing unnecessary regulatory burdens on licensees.
A-2
The Commission would use the data that would be required by the proposed rule in generic issue resolution, developing quantitative indicators that can assist in assessing plant safety performance, performing risk-based inspections, and pursuing modifications to specific plants and basic regulations and guidelines.
 
Furthermore, this information would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensees' capabilities to implement the evaluation and goal setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment within the scope of the maintenance rule. DATES: Comments regarding any aspect of the proposed rule are due to the Commission by June 11, 1996. Comments received after that date will be considered if it is practical to do so, but the Commission can give no assurance of consideration for late comments.
l.Ajliial aoeuu'*,    I VnV fR1. No. 29 / Mondav. February 12. 1996 / Proposed Rules                                   5319 51 11-A-i-I              / Vol 61 No 29 / Monday, February 12, 1996 / Proposed Rules requirements in 10 CFR 50.65, the NRC. The proposed rule would also heading PaperworkReduction Act                                "Requirements for Monitoring the require licensees to maintain on site,         Statement.
The Commission intends that this expiration date will be at least 30 days after publication of an associated draft regulatory guide for public comment.
ADDRESSES: Mail written comments to:
In addition, comments regarding the collection of information, including the burden estimate and suggestions for reducing the burden, should be submitted to the Office of Management and Budget (OMB), and to the NRC, by March 13, 1996. For further information see the discussion below under the heading Paperwork Reduction Act Statement.
Effectiveness of Maintenance at Nuclear and to make available for NRC                                                                       Power Plants", also do not contain inspection, records and documentation           U.S. Nuclear Regulatory Commission,                reporting  requirements.
ADDRESSES:
that provide the basis for the summary         Washington, DC 20555-0001, ATTN.:                    krecent  years, plants have performed data reported to the NRC. The systems           Docketing and Service Branch. Deliver              Individual Plant Evaluations (IPEs), as and equipment for which data would be written comments to the NRC                      at One      requested in Generic Letter 88-20 and provided are a subset of the systems and White Flint North, 11555 Rockville                        its supplements, and submitted the equipment within the scope of the               Pike, Rockville, MD, between 7:30 am              results to the NRC. These submittals maintenance rule.                               and 4:15 pm on Federal workdays.                    provide measures of risk such as core The Commission has determined that             Send comments regarding the                      damage frequency, dominant accident reporting of reliability and availability       collection of information, including the sequences, and containment release information is necessary to substantially burden estimate and suggestions for                      category information. While system and reducing the burden, to: (1) Desk                  component reliability data have been improve the NRC's ability to make risk                             of Information and effective regulatory decisions consistent Officer, Office    Affairs, NEOB-I0202 (3150 collected as part of some utility IPEs, with the Commission's policy statement Regulatory 0011),  Office  of Management and this information is typically not on the use of probabilistic risk                                                                     included in the IPE submittals to the 16, 1995;       Budget,  Washington,      DC  20503,  and (2)  NRC.
Mail written comments to: U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN.: Docketing and Service Branch. Deliver written comments to the NRC at One White Flint North, 11555 Rockville Pike, Rockville, MD, between 7:30 am and 4:15 pm on Federal workdays.
assessments (PRAs)      (August Information and Records Management 60 FR 42622). This would assist the                                                                 PriorEfforts NRC in improving its oversight                   Branch (T-6F33), U.S. Nuclear Regulatory    Commission,      Washington,          In late 1991 and through 1992, the capabilities with respect to public            DC 20555-0001. For further information NRC staff participated on an INPO health and safety and becoming more             se the discussion below under the efficient by focusing its regulatory                                                               established NRC/industry review group heading    Paperwork      Reduction    Act        to make recommendations for changes program on those issues of greatest risk significance   and reducing unnecessary       Statement.                                          to the Nuclear Plant Reliability Data Copies  of  the  draft regulatory    analysis, System    (NPRDS). The group's final regulatory burdens on licensees. The                 supporting    statement    submitted    to                        to INPO to collect the                                                recommendations Commission would use the data that             the  OMB,    and  comments      received  may    PRA-related    reliability and availability would be required by the proposed rule be examined, and/or copied for a fee, at: data would have provided most of in generic issue resolution, developing               NRC Public Document Room, 2120              NRC's data needs. However, INPO took quantitative indicators that can assist in The  L  Street  NW.  (Lower    Level),                no  action on these recommendations.
Send comments regarding the collection of information, including the burden estimate and suggestions for reducing the burden, to: (1) Desk Officer, Office of Information and Regulatory Affairs, NEOB-I0202 (3150 0011), Office of Management and Budget, Washington, DC 20503, and (2) Information and Records Management Branch (T-6F33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.
assessing plant safety performance,             Washington, DC.                                        During 1992 and 1993, the NRC staff performing risk-based inspections, and                                                              continued through correspondence and pursuing modifications to specific             FOR FURTHER INFORMATION CONTACT:
For further information se the discussion below under the heading Paperwork Reduction Act Statement.
Dennis    Allison,  Office  for  Analysis  and  meetings to outline the particular data plants and basic regulations and                                                                   needed and to seek INPO's assistance in guidelines. Furthermore, this                   Evaluation of Operational Data, U.S.
Copies of the draft regulatory analysis, the supporting statement submitted to the OMB, and comments received may be examined, and/or copied for a fee, at: The NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. FOR FURTHER INFORMATION CONTACT: Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (301) 415-6835.
Nuclear    Regulatory    Commission,              obtaining the data. In a December 1993 information would improve the NRC's                                                                 meeting with NUMARC (now the oversight of licensees' implementation         Washington, DC 20555-0001, also   Telephone      (301)  415-6835.                    Nuclear Energy Institute (NEI)), INPO of the maintenance rule. It would                                                                  representatives suggested their Safety enhance licensees' capabilities to             SUPPLEMENTARY INFORMATION:                          System Performance Indicator (SSPI) as implement the evaluation and goal                                                                   a surrogate for reliability data. They setting activities required by the             Background proposed expanding the indicator to maintenance rule by providing licensees CurrentRequirements                                        additional systems and indicated that with access to current industry-wide                                           requirements    to  data elements could be modified to reliability and availability information           There  are no  existing systematically      report  reliability  and      compute actual reliability and for some of the systems and equipment                                                               availability data. Although general within the scope of the maintenance             availability    information;    nor  is there an industry-wide      database  to  provide  such  agreements were reached with INPO on rule.                                                                                              which systems and components and information.
SUPPLEMENTARY INFORMATION:
DATES: Comments regarding any aspect               Current reporting requirements in 10            what types of data elements are of the proposed rule are due to the             CFR 50.72, "Immediate          notification"        appropriate for risk-related applications Commission by June 11, 1996.                   and 10 CFR 50.73, "Licensee event                  and maintenance effectiveness Comments received after that date will         report system," require the submittal of monitoring, no voluntary system of be considered if it is practical to do so,     extensive descriptive information on                providing data resulted from these but the Commission can give no                 selected plant and system level events.            discussions. In the fall of 1994, the NRC assurance of consideration for late             The Nuclear      Plant  Reliability  Data        staff began work on this rulemaking comments. The Commission intends               System, a data base that industry                  action. In June 1995, NEI proposed to that this expiration date will be at least     supports and      the Institute  for  Nuclear    discuss a voluntary approach of 30 days after publication of an                 Power Operations (INPO) maintains,                  providing reliability and availability associated draft regulatory guide for           provides data on component                          data to the NRC based on SSPI data. The public comment.                                engineering characteristics and failures. NRC staff will continue to work with In addition, comments regarding the         Neither of these sources includes all the industry on voluntary submittal of collection of information,   including   the   data elements (i.e., number of demands              reliability data, under a program that burden estimate and suggestions for              on a system, number of hours of                    will meet the needs of all parties, while reducing   the burden,   should be             operation,    and  information    on              at the same time proceeding to obtain submitted to the Office of Management           maintenance unavailability) that are                public comment on this proposed rule.
Background Current Requirements There are no existing requirements to systematically report reliability and availability information; nor is there an industry-wide database to provide such information.
and Budget (OMB), and to the NRC, by           needed to determine the reliability and                Industry representatives have March 13, 1996. For further     information     availability of systems and equipment.              expressed  concern that reliability data, see the discussion below under the             Maintenance effectiveness monitoring                if publicly available, would be subject to A-3
Current reporting requirements in 10 CFR 50.72, "Immediate notification" and 10 CFR 50.73, "Licensee event report system," require the submittal of extensive descriptive information on selected plant and system level events. The Nuclear Plant Reliability Data System, a data base that industry supports and the Institute for Nuclear Power Operations (INPO) maintains, provides data on component engineering characteristics and failures.
 
Neither of these sources includes all the data elements (i.e., number of demands on a system, number of hours of operation, and information on maintenance unavailability) that are needed to determine the reliability and availability of systems and equipment.
5320            Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules misuse. In certain circumstances it is      a technical problem, with its attendant      is necessary to identify similar permissible for the NRC to withhold        risk, that may warrant generic action.       equipment in various plants so that the information from public disclosure. For    Similarly, a plant-specific indication of    data can be properly grouped and example, pursuant to 10 CFR                low reliability or availability for several  analyzed to estimate overall industry 2.790(b)(1), a licensee may propose that  systems might indicate a programmatic        performance and plant-specific a document be withheld from public          problem, with its attendant risk, and         performance and to identify outliers 2
Maintenance effectiveness monitoring requirements in 10 CFR 50.65, "Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants", also do not contain reporting requirements.
disclosure on the grounds that it          may warrant plant-specific action.            (good or bad).
krecent years, plants have performed Individual Plant Evaluations (IPEs), as requested in Generic Letter 88-20 and its supplements, and submitted the results to the NRC. These submittals provide measures of risk such as core damage frequency, dominant accident sequences, and containment release category information.
contains trade secrets or privileged or        It has been noted that prior to some        Some examples of how reliability and confidential commercial or financial        significant events (such as the scram        availability information would be used information. However, the data that        failure at Salem and the accident at          to improve current NRC regulatory would be reported under this proposed      Three Mile Island) there was previously      applications that consider risk in the rule would not appear to qualify for       existing information (such as challenge      decision process are discussed below.
While system and component reliability data have been collected as part of some utility IPEs, this information is typically not included in the IPE submittals to the NRC. Prior Efforts In late 1991 and through 1992, the NRC staff participated on an INPO established NRC/industry review group to make recommendations for changes to the Nuclear Plant Reliability Data System (NPRDS). The group's final recommendations to INPO to collect PRA-related reliability and availability data would have provided most of NRC's data needs. However, INPO took no action on these recommendations.
withholding. Reliability data used as      data and reliability data for scram          One of the examples involves the need input to risk-based regulatory decisions    breakers and power operated relief          for information to support generic should be scrutable and accessible to      valves) which, if collected, recognized,     regulatory actions--i.e., generic issue the public. The Commission's PRA            and acted upon might have led to             resolution and its associated rulemaking policy statement indicates that              preventive actions. Accordingly, it is       or regulatory guide revision. Another appropriate supporting data for PRA        expected that reliability and availability    example involves the need for analyses that support regulatory            information for selected risk-significant    information to determine whether decisions should be publicly available. systems would improve the NRC's              further NRC action is needed at specific Similarly, the Commission's draft report   oversight capability with respect to          plants--i.e., indicators of plant on public responsiveness (March 31,        public health and safety-i.e., the ability    performance. Some involve a mixture of 1995; 60 FR 16685) indicates that the       to maintain or enhance safety by              plant specific and generic elements. For policy of the NRC is to make                identifying and reviewing indications of      example, analyzing an event at a given information available to the public        increased risk and, if appropriate, taking    plant could lead to a plant-specific relating to its health and safety mission,  generic or plant-specific action.             action such as a special inspection and/
During 1992 and 1993, the NRC staff continued through correspondence and meetings to outline the particular data needed and to seek INPO's assistance in obtaining the data. In a December 1993 meeting with NUMARC (now the Nuclear Energy Institute (NEI)), INPO representatives suggested their Safety System Performance Indicator (SSPI) as a surrogate for reliability data. They proposed expanding the indicator to additional systems and indicated that data elements could be modified to compute actual reliability and availability data. Although general agreements were reached with INPO on which systems and components and what types of data elements are appropriate for risk-related applications and maintenance effectiveness monitoring, no voluntary system of providing data resulted from these discussions.
consistent with its legal obligations to        Such problems could be subtle in         or to a generic action such as a bulletin protect information and its deliberative    nature. For instance, licensee(s) might      or generic letter.
In the fall of 1994, the NRC staff began work on this rulemaking action. In June 1995, NEI proposed to discuss a voluntary approach of providing reliability and availability data to the NRC based on SSPI data. The NRC staff will continue to work with industry on voluntary submittal of reliability data, under a program that will meet the needs of all parties, while at the same time proceeding to obtain public comment on this proposed rule. Industry representatives have expressed concern that reliability data, if publicly available, would be subject to A-3 11-A-i-I / Vol 61 No 29 / Monday, February 12, 1996 / Proposed Rules 5319 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules misuse. In certain circumstances it is permissible for the NRC to withhold information from public disclosure.
and investigative processes.                schedule train outages for maintenance        Generic Issue Resolution Commenters who believe that there is        at certain times, such that risks are substantially increased over what would          The NRC currently uses risk estimates information subject to a proper 10 CFR 2.790(b)(1) withholding determination      be expected based on random outages.          in: (1) prioritizing safety issues, (2)
For example, pursuant to 10 CFR 2.790(b)(1), a licensee may propose that a document be withheld from public disclosure on the grounds that it contains trade secrets or privileged or confidential commercial or financial information.
This situation would not be indicated        deciding whether new requirements or requested by the proposed rule should                                                    staff positions to address these issues provide a specific justification for such   by current reporting requirements, or even by simply reporting train                are warranted, and (3) deciding whether belief.
However, the data that would be reported under this proposed rule would not appear to qualify for withholding.
Move to Risk-Based Regulation unavailability, but it could be indicated by the concurrent unavailability of two proposed new requirements or staff positions should be implemented.                      I For several years the Commission has or more trains, as would be reported            Knowing the current, updated reliability been working towards increased use of      under the proposed rule. Additional          and availability of key systems would, PRAs in power reactor regulation. In its    examples discussed below describe            in some cases, lead to a better policy statement on the use of PRAs, the further specific uses of the data that          understanding of the risk in these areas Commission has indicated that the use      would help to enhance safety.                 and, thus, to more risk-effective of PRA technology should be increased          In order to move towards risk-based      decisions. This should both enhance in all regulatory matters to the extent    regulation and the increased use of PRA      public protection and reduce supported by the state-of-the-art in        information, the NRC needs scrutable,        unnecessary regulatory burdens.
Reliability data used as input to risk-based regulatory decisions should be scrutable and accessible to the public. The Commission's PRA policy statement indicates that appropriate supporting data for PRA analyses that support regulatory decisions should be publicly available.
terms of methods and data, and this        plant-specific and generic reliability and   Generic data would usually suffice for implies that the collection of equipment availability information. The framework          this purpose; however, in some cases and human reliability data should be        for an overall move towards risk-based        the data would need to be divided to enhanced. Implementation of these          regulation involves the development of        account for specific classes or groups of policies would improve the regulatory      a regulatory process. This process            plants.
Similarly, the Commission's draft report on public responsiveness (March 31, 1995; 60 FR 16685) indicates that the policy of the NRC is to make information available to the public relating to its health and safety mission, consistent with its legal obligations to protect information and its deliberative and investigative processes.
process through (1) improved risk          includes operational procedures and          Indicators of Plant Performance effective safety decision making, (2)      decision criteria that require credible PRA methods, models, and data. This              PRA models with plant-specific more efficient use of agency resources, framework would provide for                  reliability and availability data would and (3) reduction in unnecessary predictable, consistent, and objective        be used to develop indicators of plant burdens on licensees. These risk-based regulatory decision making.       performance and trends in plant improvements would enhance both The data that would be reported under        performance which are more closely efficiency and safety.
Commenters who believe that there is information subject to a proper 10 CFR 2.790(b)(1) withholding determination requested by the proposed rule should provide a specific justification for such belief. Move to Risk-Based Regulation For several years the Commission has been working towards increased use of PRAs in power reactor regulation.
The data reported under this           this rule represent one of the needed        related to risk than those currently in use. These new indicators would proposed rule would improve the NRC's elements. In addition, these data are              replace some of those currently in use oversight capability with respect to       needed to improve the efficiency and public health and safety by focusing the effectiveness of NRC regulatory                    2 For many of the systems involved, plant specific NRC's regulatory programs in a risk        applications that employ a risk-based        demand and failure data will be sparse, at least effective manner. Generally, the NRC's     perspective in advance of defining the       initially. Until data have been collected for some ability to identify plants and systems at  entire framework.                            time, it will be necessary to use data from similar increased risk for significant events and,      Generally, plant-specific information    equipment. applications, and environments at is needed because there can be wide          several plants in order to obtain practical estimates thus, to take appropriate action would                                                    of reliability and uncertainty. Even when sufficient be substantially improved. For example, plant-to-plant variations in the design,          plant-specific data exist to estimate plant a generic indication of low reliability or importance, reliability and availability      performance, comparison to industry or group availability for a system might indicate    of particular systems and equipment. It      averages is often desirable.
In its policy statement on the use of PRAs, the Commission has indicated that the use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in terms of methods and data, and this implies that the collection of equipment and human reliability data should be enhanced.
A-4
Implementation of these policies would improve the regulatory process through (1) improved risk effective safety decision making, (2) more efficient use of agency resources, and (3) reduction in unnecessary burdens on licensees.
 
These improvements would enhance both efficiency and safety. The data reported under this proposed rule would improve the NRC's oversight capability with respect to public health and safety by focusing the NRC's regulatory programs in a risk effective manner. Generally, the NRC's ability to identify plants and systems at increased risk for significant events and, thus, to take appropriate action would be substantially improved.
Federal Re~ister / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules                                    5321 Federal~~
For example, a generic indication of low reliability or availability for a system might indicate a technical problem, with its attendant risk, that may warrant generic action. Similarly, a plant-specific indication of low reliability or availability for several systems might indicate a programmatic problem, with its attendant risk, and may warrant plant-specific action. It has been noted that prior to some significant events (such as the scram failure at Salem and the accident at Three Mile Island) there was previously existing information (such as challenge data and reliability data for scram breakers and power operated relief valves) which, if collected, recognized, and acted upon might have led to preventive actions. Accordingly, it is expected that reliability and availability information for selected risk-significant systems would improve the NRC's oversight capability with respect to public health and safety-i.e., the ability to maintain or enhance safety by identifying and reviewing indications of increased risk and, if appropriate, taking generic or plant-specific action. Such problems could be subtle in nature. For instance, licensee(s) might schedule train outages for maintenance at certain times, such that risks are substantially increased over what would be expected based on random outages.
                                        / o.6,N.2    ~        ~    ody ~        ~
This situation would not be indicated by current reporting requirements, or even by simply reporting train unavailability, but it could be indicated by the concurrent unavailability of two or more trains, as would be reported under the proposed rule. Additional examples discussed below describe further specific uses of the data that would help to enhance safety. In order to move towards risk-based regulation and the increased use of PRA information, the NRC needs scrutable, plant-specific and generic reliability and availability information.
eray1,19  ~    ha failureratoes estmaedsrmtetn and thereby enhance NRC's ability to           degraded by aging and define the extent        that failure rates estimated from testing and the risk-significance of aging              are approximately the same.
The framework for an overall move towards risk-based regulation involves the development of a regulatory process. This process includes operational procedures and decision criteria that require credible PRA methods, models, and data. This framework would provide for predictable, consistent, and objective risk-based regulatory decision making. The data that would be reported under this rule represent one of the needed elements.
make risk-effective decisions with regard to identifying plants for                problems.                                       Inservice Testing increased or decreased regulatory                Another class of examples involves the need for information to evaluate              Inservice testing requirements, which attention. For example, it is important to                                                     are based on the provisions of the detect situations where an individual          anticipated cost beneficial licensing actions, where the rationale is that risk        American Society of Mechanical plant may be having reliability or                                                             Engineers Boiler and Pressure Vessel availability problems with multiple            permits reductions in previous margins of safety or less prescriptive                  Code (ASME Code), measure the systems.                                                                                        functional characteristics of equipment requirements without adverse impact on Accident Sequence Precursor (ASP) and         overall safety. The NRC is actively              performance, such as pump flow, in Event Analysis                                pursuing a variety of modifications to          order to detect degradation. The ASME the basic regulations and guidelines that      and licensee owners' groups are Plant-specific, train-level reliability govern the operation of commercial              working toward establishing risk-based and unavailability data would be used to improve the plant-specific ASP              nuclear power reactor s. These                  frequencies for inservice testing, based modifications are characterized by              on plant-specific risk ranking models which the NRC uses to compute allowing individual licensees to utilize        methodologies. Changes in testing conditional core damage probability for insights from plant-specific risk              frequency can affect reliability in many determining the risk-significance of                                                          ways. For example, less frequent valve operational events. In addition, dates        evaluations to reduce or remove current requirements that are found to have low        testing might lead to an increase in the and causes of equipment failures would risk-significance. Current regulatory          demand failure rate because the valve be used to identify common cause requirements under consideration for            actuating mechanism tends to bind or failures and to compute common cause failure rates for input to these models.        risk-based modification include those          freeze after extended periods of Improving these methods would                  prescribing quality assurance, in-service        idleness. However, using plant-specific enhance the staff's ability to make risk       inspection, in-service testing, and             demand failure and unavailability data, effective decisions about which events        surveillance testing. It is anticipated        proposed changes can be more warrant further inspections or                that a significant number of additional        effectively evaluated based on the risk requests will be received that rely upon        significance and performance of plant investigations and/or generic actions such as bulletins and generic letters.         risk-based arguments. These changes            systems and based on confidence that could adversely affect the level of safety      there will be appropriate feedback to Plant-specific data are needed to better achieved by the plants if the risk              assure that the level of safety is not understand an event and calculate the associated conditional core damage            evaluations are flawed or the changes          being degraded.
In addition, these data are needed to improve the efficiency and effectiveness of NRC regulatory applications that employ a risk-based perspective in advance of defining the entire framework.
probability. It is also useful to identify    are improperly executed or the changes          NRC Maintenance Rule systems that have the most influence on        involve synergistic effects that are not covered by the risk models or captured            The maintenance rule, 10 CFR 50.65, the results. Then the risk associated                                                          was issued on July 10, 1991 (56 FR with the potential for similar events at      by historical data. Current, plant specific reliability and availability data      31306). The reliability and availability other plants, which may be known to                                                            information that would be required by have low reliability for the key systems,      would help the NRC monitor the licensees' programs to maintain safety          the proposed reporting rule would can be considered in determining                                                              improve the NRC's oversight of whether further actions are warranted.         while reducing regulatory burdens.
Generally, plant-specific information is needed because there can be wide plant-to-plant variations in the design, importance, reliability and availability of particular systems and equipment.
Relaxation of undue regulatory burdens          licensees' implementation of the Risk-Based Inspections                        then can proceed with confidence that          maintenance rule. It would also enhance there will be appropriate feedback to           licensee's capabilities to implement the Current and updated system assure that the level of safety is not          evaluation and goal-setting activities reliability, availability and failure data being degraded. Some examples are              required by the maintenance rule by in a generic and plant-specific risk                                                           providing licensees with access to based context would be used to enhance        discussed below.
It is necessary to identify similar equipment in various plants so that the data can be properly grouped and analyzed to estimate overall industry performance and plant-specific performance and to identify outliers (good or bad).2 Some examples of how reliability and availability information would be used to improve current NRC regulatory applications that consider risk in the decision process are discussed below. One of the examples involves the need for information to support generic regulatory actions--i.e., generic issue resolution and its associated rulemaking or regulatory guide revision.
the staffs ability to plan inspections                                                        current industry-wide reliability and Risk-Based Technical Specification              availability information for some of the focused on the most risk-significant plant systems, components, and                    Technical Specification requirements        systems and equipment Within the specify surveillance intervals and              scope of the maintenance rule.
Another example involves the need for information to determine whether further NRC action is needed at specific plants--i.e., indicators of plant performance.
operations. While generic data would be used in developing risk-based                  allowed outage times for safety                NRC Monitoring equipment for the various modes of inspection guides and a framework for                               is anticipated  that        As discussed above, current plant plant operation. It inspections, plant-specific data would                                                         specific data can provide feedback on be used to focus and optimize                  licensees will request a number of inspection activities at specific plants.      relaxations in surveillance intervals and the effectiveness of licensee programs, allowed outage times. Current, plant             including maintenance programs.
Some involve a mixture of plant specific and generic elements.
For example, an individual plant may                                                            Accordingly, these data would improve specific reliability and availability data have an atypical reliability problem                                                            the NRC's monitoring ability by would help the NRC monitor with a specific risk-significant system                                                        providing risk-based measures of the performance for the systems and and thereby warrant additional                                                                  effectiveness of individual licensee equipment subject to the proposed rule.
For example, analyzing an event at a given plant could lead to a plant-specific action such as a special inspection and/ or to a generic action such as a bulletin or generic letter. Generic Issue Resolution The NRC currently uses risk estimates in: (1) prioritizing safety issues, (2) deciding whether new requirements or staff positions to address these issues are warranted, and (3) deciding whether proposed new requirements or staff positions should be implemented.
attention. In addition, special studies        Thus, proposed relaxations of                  maintenance programs and the overall can be conducted to determine the root        surveillance intervals and allowed              effectiveness of the maintenance rule.
Knowing the current, updated reliability and availability of key systems would, in some cases, lead to a better understanding of the risk in these areas and, thus, to more risk-effective decisions.
cause of reliability problems by                                                                  In addition, the NRC has expressed outage times for such systems could be comparing the characteristics of plants        evaluated more effectively based on past concern about the extent to which some that have these problems with those that      performance and on confidence that              reactor licensees are taking systems and do not.                                                                                        equipment out of service for there would be appropriate feedback to Aging                                          ensure that performance      is not  being      maintenance during plant operation.
This should both enhance public protection and reduce unnecessary regulatory burdens.
help  degraded. In addition,   failure rates  from  Although this practice may offer Equipment reliability data would actual  demands    will  be used to verify    economic benefits by reducing plant identify equipment that is being A-5
Generic data would usually suffice for this purpose; however, in some cases the data would need to be divided to account for specific classes or groups of plants. Indicators of Plant Performance PRA models with plant-specific reliability and availability data would be used to develop indicators of plant performance and trends in plant performance which are more closely related to risk than those currently in use. These new indicators would replace some of those currently in use 2 For many of the systems involved, plant specific demand and failure data will be sparse, at least initially.
 
Until data have been collected for some time, it will be necessary to use data from similar equipment.
L 5322              Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules downtime, it must be properly managed              goals, taking into account industry-wide Description of ProposedRule to assure that safety is not                        operating experience where practical. It compromised. It should be noted that                                                                          The proposed rule would require also requires periodic program licensees are required by 10 CFR                    evaluations, including consideration of                holders  of operating licenses for nuclear 50.65(a)(3) to periodically conduct                unavailability due to monitoring or                    power reactors to report reliability and assessments and make adjustments to                preventive maintenance, taking                          availability data for certain risk ensure that the objective of preventing            industry-wide operating experience into significant systems and equipment. The failures through maintenance is                    account, where practical. Licensees will proposed reporting requirements would appropriately balanced against the                need to monitor reliability and                         apply to the event-mitigating systems objective of minimizing unavailability            availability of risk-significant systems,              and equipment which have or could due to monitoring and preventive                    particularly for the periodic program                  have a significant effect on risk in terms maintenance. The NRC would use the                 evaluations.4                                          of avoiding core damage accidents or hours when any two or more trains from                For many of the systems involved,                   preserving  containment integrity.
applications, and environments at several plants in order to obtain practical estimates of reliability and uncertainty.
the same or differenL systems are                   plant-specific demand and failure data                 Summary information reported to the concurrently unavailable to monitor                will be sparse, at least initially.                     NRC would be:
Even when sufficient plant-specific data exist to estimate plant performance, comparison to industry or group averages is often desirable.
how well licensees are managing the                However statistical analysis techniques                    1. The number of demands, the risk associated with such maintenance.              exist that allow a licensee to analyze                  number of failures to start associated As discussed below, under "Licensee                  and evaluate data from similar                        with such demands, and the dates of Implementation," the data would also                equipment, applications and                           any such failures, characterized enhance licensees' capabilities to make            environments from other plants, besides according to the identification of the prudent on-line maintenance decisions.             the data from their plant. These analyses train affected, the type of demand (test, The maintenance rule is also                  yield meaningful reliability estimates                  inadvertent/spurious, or actual need),
A-4 5320 I 5321 Federal Re~ister / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and thereby enhance NRC's ability to make risk-effective decisions with regard to identifying plants for increased or decreased regulatory attention.
important to license renewal (10 CFR                for the subject plant that can be                      and the plant mode at the time of the Part 54). Hence, improving the NRC's                compared with performance goals.                        demand (operating or shutdown);
For example, it is important to detect situations where an individual plant may be having reliability or availability problems with multiple systems.
oversight of the maintenance rule could            Industry-wide data would also provide                      2. The number of hours of operation strengthen one of the bases for the scope          a practical source for comparing plant                following each successful start, of the license renewal rule.                      specific performance with industry                      characterized according to the operating experience. Although plant                   identification of the train affected and Licensee Implementation                                                                                    whether or not the operation was specific information is generally In connection with the NRC's PRA              available on site, and utilities review                terminated because of equipment policy, the NRC staff has defined the              licensee event reports and other generic                failure, with the dates of any such data elements that would improve the               event informatior, NRC site visits,                    failures; evaluation of maintenance and has                                                                              3. The number of hours equipment is associated with early efforts to prepare established that they are the same as              for maintenance rule implementation in unavailable, characterized according to those needed to support a transition                                                                        the identification of the train affected, 1996, indicate that utilities do not use toward a risk- and performance-based                industry operating experience in a                      the plant mode at the time equipment is regulatory process. The NRC believes                                                                        unavailable (operating or shutdown),
Accident Sequence Precursor (ASP) and Event Analysis Plant-specific, train-level reliability and unavailability data would be used to improve the plant-specific ASP models which the NRC uses to compute conditional core damage probability for determining the risk-significance of operational events. In addition, dates and causes of equipment failures would be used to identify common cause failures and to compute common cause failure rates for input to these models. Improving these methods would enhance the staff's ability to make risk effective decisions about which events warrant further inspections or investigations and/or generic actions such as bulletins and generic letters.
systematic and consistent way for goal that the reliability and availability data                                                                 characterization of the unavailable setting purposes under the maintenance that would be required by this rule                                                                        period (planned, unplanned, or support rule. Based on these considerations, the would enhance licensee's capabilities to                                                                    system unavailable), and, if due to a implement the evaluation and goal                  availability of current, industry-wide reliability and availability data would                  support system being unavailable, setting activities required by the                                                                          dentification of the support system; enhance licensee's capabilities to maintenance rule by providing licensees                                                                        4. For each period equipment is with access to current industry-wide                implement the evaluation and goal setting activities required by the                      unavailable due to component failure(s),
Plant-specific data are needed to better understand an event and calculate the associated conditional core damage probability.
reliability and availability information                                                                      failure record identifying the maintenance rule.
It is also useful to identify systems that have the most influence on the results. Then the risk associated with the potential for similar events at other plants, which may be known to have low reliability for the key systems, can be considered in determining whether further actions are warranted.
for some of the systems and equipment                  As discussed previously, the NRC has                component(s) and providing the failure within the scope of the maintenance                recently found cause for concern about                  late, duration, mode, cause, and effect; 3
Risk-Based Inspections Current and updated system reliability, availability and failure data in a generic and plant-specific risk based context would be used to enhance the staffs ability to plan inspections focused on the most risk-significant plant systems, components, and operations.
rule.                                               how some reactor licensees handle on                    and In some circumstances, the                                                                                5. The number of hours when two or maintenance rule requires licensees to              line maintenance. Prudent on-line maintenance decisions depend on a full                  nore trains from the same or different establish performance or condition                                                                        ssystems were concurrently unavailable, appreciation of the risk-significance of taking equipment out of service                          characterized according to the 3 The systems and equipment covered by this (individually or collectively) and use of                dentification of the trains that were proposed rule are a subset of the systems and equipment within the scope of the maintenance      plant-specific and generic reliability and                navailable.
While generic data would be used in developing risk-based inspection guides and a framework for inspections, plant-specific data would be used to focus and optimize inspection activities at specific plants. For example, an individual plant may have an atypical reliability problem with a specific risk-significant system and thereby warrant additional attention.
rnle. The data elements are more extensive than    availability data would play a                            The first annual report would identify what would be required for compliance with the maintenance rule: however, for the systems significant role in improving such                    t he systems, trains, and ensembles of decision making.                                        :omponents covered by the reporting covered, these data elements would serve to improve implementation of the maintenance rnle.                                                              requirements of the rule; subsequent To cite one example, under 10 CFR 50.65(a)(2), risk    "4NUMARC 93-01, which the NRC has endorsed            mnual reports would either state that significant systems may be considered to be subject as describing one acceptable way of meeting the          no changes were made subsequent to to an effective preventive maintenance program      requiremrnts of the NRC's maintenance rule,              he previous annual report or describe and, thus, not subject to condition or performance  indicates in Section 12.2.4 that the adjustment for    t he changes made.
In addition, special studies can be conducted to determine the root cause of reliability problems by comparing the characteristics of plants that have these problems with those that do not. Aging Equipment reliability data would help identify equipment that is being degraded by aging and define the extent and the risk-significance of aging problems.
monitoring unless "maintenance preventable"        balancing of objectives needs to he done for risk failures occur. However, gathering the reliability  significant structures, systems, and components            The summary information would be and availability information specified in this      (SSCs). However, for other SSCa it is acceptable to      reported annually and compiled on the proposed rnle, including data elements such as      measure operating SSC performance against overall 1basis of calendar quarters, or on a more concurrent outages and the causes of failures,      plant performance criteria and standby system would provide a bettu picture of a system's                                                                  frequent basis at the option of each performance against specific perfonnance criteria.
Another class of examples involves the need for information to evaluate anticipated cost beneficial licensing actions, where the rationale is that risk permits reductions in previous margins of safety or less prescriptive requirements without adverse impact on overall safety. The NRC is actively pursuing a variety of modifications to the basic regulations and guidelines that govern the operation of commercial nuclear power reactor s. These modifications are characterized by allowing individual licensees to utilize insights from plant-specific risk evaluations to reduce or remove current requirements that are found to have low risk-significance.
performance and the effectiveness of the preventive maintenance program than simply awaiting the occurrence of "maintenance preventable" failures.
Current regulatory requirements under consideration for risk-based modification include those prescribing quality assurance, in-service inspection, in-service testing, and surveillance testing. It is anticipated that a significant number of additional requests will be received that rely upon risk-based arguments.
These changes could adversely affect the level of safety achieved by the plants if the risk evaluations are flawed or the changes are improperly executed or the changes involve synergistic effects that are not covered by the risk models or captured by historical data. Current, plant specific reliability and availability data would help the NRC monitor the licensees' programs to maintain safety while reducing regulatory burdens.
Relaxation of undue regulatory burdens then can proceed with confidence that there will be appropriate feedback to assure that the level of safety is not being degraded.
Some examples are discussed below. Risk-Based Technical Specification Technical Specification requirements specify surveillance intervals and allowed outage times for safety equipment for the various modes of plant operation.
It is anticipated that licensees will request a number of relaxations in surveillance intervals and allowed outage times. Current, plant specific reliability and availability data would help the NRC monitor performance for the systems and equipment subject to the proposed rule. Thus, proposed relaxations of surveillance intervals and allowed outage times for such systems could be evaluated more effectively based on past performance and on confidence that there would be appropriate feedback to ensure that performance is not being degraded.
In addition, failure rates from actual demands will be used to verify Federal ~ ~ ~ ~ ~ ~ ~ ha failure / o.6,N.2 ody eray1,19 ratoes estmaedsrmtetn that failure rates estimated from testing are approximately the same. Inservice Testing Inservice testing requirements, which are based on the provisions of the American Society of Mechanical Engineers Boiler and Pressure Vessel Code (ASME Code), measure the functional characteristics of equipment performance, such as pump flow, in order to detect degradation.
The ASME and licensee owners' groups are working toward establishing risk-based frequencies for inservice testing, based on plant-specific risk ranking methodologies.
Changes in testing frequency can affect reliability in many ways. For example, less frequent valve testing might lead to an increase in the demand failure rate because the valve actuating mechanism tends to bind or freeze after extended periods of idleness.
However, using plant-specific demand failure and unavailability data, proposed changes can be more effectively evaluated based on the risk significance and performance of plant systems and based on confidence that there will be appropriate feedback to assure that the level of safety is not being degraded.
NRC Maintenance Rule The maintenance rule, 10 CFR 50.65, was issued on July 10, 1991 (56 FR 31306). The reliability and availability information that would be required by the proposed reporting rule would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensee's capabilities to implement the evaluation and goal-setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment Within the scope of the maintenance rule. NRC Monitoring As discussed above, current plant specific data can provide feedback on the effectiveness of licensee programs, including maintenance programs.
Accordingly, these data would improve the NRC's monitoring ability by providing risk-based measures of the effectiveness of individual licensee maintenance programs and the overall effectiveness of the maintenance rule. In addition, the NRC has expressed concern about the extent to which some reactor licensees are taking systems and equipment out of service for maintenance during plant operation.
Although this practice may offer economic benefits by reducing plant A-5 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules downtime, it must be properly managed to assure that safety is not compromised.
It should be noted that licensees are required by 10 CFR 50.65(a)(3) to periodically conduct assessments and make adjustments to ensure that the objective of preventing failures through maintenance is appropriately balanced against the objective of minimizing unavailability due to monitoring and preventive maintenance.
The NRC would use the hours when any two or more trains from the same or differenL systems are concurrently unavailable to monitor how well licensees are managing the risk associated with such maintenance.
As discussed below, under "Licensee Implementation," the data would also enhance licensees' capabilities to make prudent on-line maintenance decisions.
The maintenance rule is also important to license renewal (10 CFR Part 54). Hence, improving the NRC's oversight of the maintenance rule could strengthen one of the bases for the scope of the license renewal rule. Licensee Implementation In connection with the NRC's PRA policy, the NRC staff has defined the data elements that would improve the evaluation of maintenance and has established that they are the same as those needed to support a transition toward a risk- and performance-based regulatory process. The NRC believes that the reliability and availability data that would be required by this rule would enhance licensee's capabilities to implement the evaluation and goal setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment within the scope of the maintenance rule.3 In some circumstances, the maintenance rule requires licensees to establish performance or condition 3 The systems and equipment covered by this proposed rule are a subset of the systems and equipment within the scope of the maintenance rnle. The data elements are more extensive than what would be required for compliance with the maintenance rule: however, for the systems covered, these data elements would serve to improve implementation of the maintenance rnle. To cite one example, under 10 CFR 50.65(a)(2), risk significant systems may be considered to be subject to an effective preventive maintenance program and, thus, not subject to condition or performance monitoring unless "maintenance preventable" failures occur. However, gathering the reliability and availability information specified in this proposed rnle, including data elements such as concurrent outages and the causes of failures, would provide a bettu picture of a system's performance and the effectiveness of the preventive maintenance program than simply awaiting the occurrence of "maintenance preventable" failures.goals, taking into account industry-wide operating experience where practical.
It also requires periodic program evaluations, including consideration of unavailability due to monitoring or preventive maintenance, taking industry-wide operating experience into account, where practical.
Licensees will need to monitor reliability and availability of risk-significant systems, particularly for the periodic program evaluations.4 For many of the systems involved, plant-specific demand and failure data will be sparse, at least initially.
However statistical analysis techniques exist that allow a licensee to analyze and evaluate data from similar equipment, applications and environments from other plants, besides the data from their plant. These analyses yield meaningful reliability estimates for the subject plant that can be compared with performance goals. Industry-wide data would also provide a practical source for comparing plant specific performance with industry operating experience.
Although plant specific information is generally available on site, and utilities review licensee event reports and other generic event informatior, NRC site visits, associated with early efforts to prepare for maintenance rule implementation in 1996, indicate that utilities do not use industry operating experience in a systematic and consistent way for goal setting purposes under the maintenance rule. Based on these considerations, the availability of current, industry-wide reliability and availability data would enhance licensee's capabilities to implement the evaluation and goal setting activities required by the maintenance rule. As discussed previously, the NRC has recently found cause for concern about how some reactor licensees handle on line maintenance.
Prudent on-line maintenance decisions depend on a full appreciation of the risk-significance of s taking equipment out of service (individually or collectively) and use of plant-specific and generic reliability and availability data would play a significant role in improving such t decision making.  " 4 NUMARC 93-01, which the NRC has endorsed as describing one acceptable way of meeting the requiremrnts of the NRC's maintenance rule, indicates in Section 12.2.4 that the adjustment for t balancing of objectives needs to he done for risk significant structures, systems, and components (SSCs). However, for other SSCa it is acceptable to measure operating SSC performance against overall 1 plant performance criteria and standby system performance against specific perfonnance criteria.
This is reasonable in that, for systems that are less risk-significant, the expense of a rigorous balancing' is not warranted.
This is reasonable in that, for systems that are less risk-significant, the expense of a rigorous balancing' is not warranted.
Description of Proposed Rule The proposed rule would require holders of operating licenses for nuclear power reactors to report reliability and availability data for certain risk significant systems and equipment.
individual licensee. Records and documentation of each occurrence of a demand, failure, or unavailable period I
The proposed reporting requirements would apply to the event-mitigating systems and equipment which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.
A-6
Summary information reported to the NRC would be: 1. The number of demands, the number of failures to start associated with such demands, and the dates of any such failures, characterized according to the identification of the train affected, the type of demand (test, inadvertent/spurious, or actual need), and the plant mode at the time of the demand (operating or shutdown);
 
: 2. The number of hours of operation following each successful start, characterized according to the identification of the train affected and whether or not the operation was terminated because of equipment failure, with the dates of any such failures;
Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules                                5323 that provide the basis for the summary      effectively utilize these estimates. For    For example, it is expected to be data reported to the NRC would be           example, a high unplanned                    necessary to review the actual required to be maintained on site and       unavailability may indicate a need for      unavailable hours in order to estimate made available for NRC inspection.          more preventive maintenance; a high          the mean repair times for key In developing these data elements the planned unavailability may indicate the           components for the purpose of updating NRC has, over the past three years,        opposite.
: 3. The number of hours equipment is unavailable, characterized according to the identification of the train affected, the plant mode at the time equipment is unavailable (operating or shutdown), characterization of the unavailable period (planned, unplanned, or support system unavailable), and, if due to a support system being unavailable, dentification of the support system; 4. For each period equipment is unavailable due to component failure(s), failure record identifying the component(s) and providing the failure late, duration, mode, cause, and effect; and 5. The number of hours when two or nore trains from the same or different systems were concurrently unavailable, characterized according to the dentification of the trains that were navailable.
The unavailable hours due to support      the staff's PRA models.
The first annual report would identify he systems, trains, and ensembles of :omponents covered by the reporting requirements of the rule; subsequent mnual reports would either state that no changes were made subsequent to he previous annual report or describe he changes made. The summary information would be reported annually and compiled on the basis of calendar quarters, or on a more frequent basis at the option of each individual licensee.
reached a consensus on the minimum                                                        Regulatory Guide data'needed to support risk-based          systems failure or unavailability are applications and enhance                    needed to properly capture concurrent          A new regulatory guide will be implementation of the maintenance          outages and to eliminate double                prepared and issued to provide rule. During this period NRC staff has      counting. For example, an Emergency          supplementary guidance. The guide will also interacted extensively with INPO        Service Water (ESW) train being              present an acceptable way to define the and NEI in an effort to define the          unavailable may result in other trains        systems and equipment subject to the minimum reliability and availability        being unavailable as well; however, for      rule and it will provide risk-based data needed to satisfy the needs of both    purposes of estimating risk in a PRA          definitions of failure as well as train and NRC risk-based regulatory applications      study, that unavailability should not be      system boundaries consistent with PRA and industry (licensee) uses of PRA.       counted more than once.                      applications. The format in which data The number of demands and the               The date of each failure is needed to    would be provided to the NRC and a number of successful starts are needed      allow screening for potential common        suggested format for maintaining on-site to estimate demand reliability, i.e., the   cause failures. Failures that occur          documentation and record keeping fraction of demands that result in          closely together in time warrant review      would be included. In order to reduce successful starts. (The complement of      to see whether a common cause failure        costs, use of electronic data submittal this fraction provides an estimate of the may be involved. Common cause                  will be considered a priority objective in probability of failure on demand). The      failures may indicate a need for revised      developing and implementing the guide.
Records and documentation of each occurrence of a demand, failure, or unavailable period A-6 5322 L I Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules that provide the basis for the summary data reported to the NRC would be required to be maintained on site and made available for NRC inspection.
actual number of demands and                maintenance procedures or staggered          A draft guide will be published for successes, as opposed to the ratio, is      testing. Common cause failure rates are      comment before it is finalized. A public needed for purposes such as: (1)            also needed for PRA models because of        workshop is planned after publication providing a measure of confidence in        their importance in system reliability      of the draft guide. The comment period the results and (2) permitting proper        and availability estimates.                  for this proposed rule will not expire combination of data from different              Failure cause and failure mode            until at least 30 days after publication plants.                                     information are needed to support            of the draft regulatory guide.
In developing these data elements the NRC has, over the past three years, reached a consensus on the minimum data'needed to support risk-based applications and enhance implementation of the maintenance rule. During this period NRC staff has also interacted extensively with INPO and NEI in an effort to define the minimum reliability and availability data needed to satisfy the needs of both NRC risk-based regulatory applications and industry (licensee) uses of PRA. The number of demands and the number of successful starts are needed to estimate demand reliability, i.e., the fraction of demands that result in successful starts. (The complement of this fraction provides an estimate of the probability of failure on demand). The actual number of demands and successes, as opposed to the ratio, is needed for purposes such as: (1) providing a measure of confidence in the results and (2) permitting proper combination of data from different plants. The type of demand is needed to determine whether or not the demand reliability estimated by testing is approximately the same as the demand reliability for actual demands.
The type of demand is needed to        common cause failure analysis as discussed above and to associate the          Definitions determine whether or not the demand reliability estimated by testing is        failure with the correct failure mode for        The basic definitions used in approximately the same as the demand        input into PRA models.                        reporting under § 50.76 are discussed reliability for actual demands.                Quarterly data are needed to conduct    below; further details will be addressed Sometimes it is not, indicating a need     first order trending studies to identify      in the regulatory guide. For example, for additional data analysis in making     areas of emerging concern with regard to    the basic definition of failure is reliability estimates.                     overall plant and system performance.        provided here; further details, such as The plant mode at the time of a         More frequent compilation is acceptable      how to handle a case where the demand is needed to estimate the           at the discretion of each licensee.          operators prematurely terminate system demand frequency, demand reliability,           An identification of the systems,        operation following a real demand, will and unavailability according to plant       trains, and ensembles of components          be discussed in the regulatory guide. In mode. These factors, as well as the risk    subject to the rule is needed because        particular, the regulatory guide will associated with unreliability and          identification of the components within      define risk-significant safety function(s) unavailability, can be quite different      the systems, trains, and ensembles is         and failures for systems and equipment depending on whether the plant is in        necessary for proper use and evaluation      covered by this proposed rule.
Sometimes it is not, indicating a need for additional data analysis in making reliability estimates.
operation or shut down.                    of the data by the staff and for industry        Demand is an occurrence where a The hours of operation following        wide generic applications to account for      system or train is called upon to successful starts are needed to estimate    physical differences between plants. For     perform its risk-significant safety the probability the equipment will          example, simplified system diagrams          function. A demand may be manual or function for a specified period of time. could be marked to show the systems,          automatic. It may occur in response to This information is needed for systems      trains, and ensembles against which the      a real need, a test, an error, an that must operate for an extended          data would be reported.                      equipment malfunction or other period following an accident to fulfill a      Retention of records and                  spurious causes. For the purposes of risk-significant safety function.          documentation that provide the bases          reporting under this rule, the demands The number of hours that equipment      for the summary data report to the NRC        of interest are those which are actual is not available (unavailable hours) is    for a period of several years is consistent  demands or closely simulate actual needed to estimate the fraction of time    with maintenance rule applications. For      demands for the train or specific that a train is not available to perform    example, monitoring reliability for a few    equipment involved.
The plant mode at the time of a demand is needed to estimate the demand frequency, demand reliability, and unavailability according to plant mode. These factors, as well as the risk associated with unreliability and unavailability, can be quite different depending on whether the plant is in operation or shut down. The hours of operation following successful starts are needed to estimate the probability the equipment will function for a specified period of time. This information is needed for systems that must operate for an extended period following an accident to fulfill a risk-significant safety function.
its risk-significant safety function. For  years may be used to determine trends            Failure,for the purpose of reporting some systems this can be an important      in order to achieve the balance              under this rule, is an occurrence where or dominant contributor to the overall      described in 10 CFR 50.65(a)(3)-i.e.,        a system or train fails to perform its risk probability of failure to perform the       the balance between preventing failures      significant safety function. A failure system's safety function. It can be        through maintenance and minimizing            may occur as a result of a hardware significantly affected by elective          unavailability due to monitoring and         malfunction, a software malfunction, or maintenance.                                preventive maintenance. In addition,         a human error. Failures to start in The type of unavailable hours          on-site data are needed to provide a          response to a demand are reported (planned or unplanned) is needed to        scrutable basis for regulatory decisions. under paragraph 50.76(b)(1)(i). Failures A-7
The number of hours that equipment is not available (unavailable hours) is needed to estimate the fraction of time that a train is not available to perform its risk-significant safety function.
 
For some systems this can be an important or dominant contributor to the overall probability of failure to perform the system's safety function.
5324              Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules to run after a successful start are              equipment that have been substantially        "sunset provision" in the rule, whereby reported under paragraph 50.76(b)(1](ii). involved in significant events in U. S.              the rule would automatically expire Unavailabilityis the probability that a reactors. These systems were found to             after a specified period of time unless:
It can be significantly affected by elective maintenance.
required system or train is not in a            fall into the following categories:          (i) a condition specified in the rule is condition to perform or is not capable              1. Basic systems. As indicated above,      fulfilled, or (ii) the Commission engages of performing its risk-significant safety        the NRC expects that these systems            in a rulemaking which extends the function. This may result from failure to would be included in the scope of the                effectiveness of the rule. The start, from failure to run, or from              rule for all plants. The basic systems on    Commission requests public comments intentional or unintentional removal of         the proposed list have been confirmed          on whether the proposed rule should equipment from service (e.g., for                to have been substantially involved in         contain such a sunset provision, and if maintenance or testing).                         signi ficant events.                         so, the period of time after which the Risk-significant safety function is a            2. Plant-specific systems. Systems        rule should automatically expire.
The type of unavailable hours (planned or unplanned) is needed to effectively utilize these estimates.
safety function that has or could have a        such as service water and component              GrandfatherProvision.There may be significant effect on risk (in terms of          cooling water are risk-significant, but      some plants for which, at the time that avoiding core damage accidents or                the significance varies widely,              the proposed rule may be adopted by preserving containment integrity for the depending upon plant-specific designs.               the Commission as a final rule, licensees purposes of reporting under this                It is expected that these systems will be      have already announced plans to proposed rule).                                 included, as appropriate, based on            discontinue operation in the near future.
For example, a high unplanned unavailability may indicate a need for more preventive maintenance; a high planned unavailability may indicate the opposite.
Reportable systems and equipment             plant-specific PRA studies. Other            Furthermore, licensees may determine are the event-mitigating systems and            systems, such as containment purge,           in the future to discontinue operation at equipment which have or could have a            appear infrequently in connection with        some plants. In either case, there may be significant effect on risk in terms of           significant events and are not expected      less reason to require collection and avoiding core damage accidents or               to be risk-significant for any plants.       repeting of the information preserving containment integrity. The                3. Initiating systems. Systems such as    contemplated by the proposed rule at reportable systems and equipment will          main feedwater and offsite power are          such plants and it may be advisable to be determined by each licensee. The            primarily considered to be initiators of      exempt such plants from the regulatory guide will describe                  significant events, rather than mitigation    information collection and reporting acceptable methods for making that              systems. Existing reporting                  requirements of the proposed rule (i.e.,
The unavailable hours due to support systems failure or unavailability are needed to properly capture concurrent outages and to eliminate double counting.
requirements in 10 CFR 50.72 and 10          "grandfathering"). The Commission determination.
For example, an Emergency Service Water (ESW) train being unavailable may result in other trains being unavailable as well; however, for purposes of estimating risk in a PRA study, that unavailability should not be counted more than once. The date of each failure is needed to allow screening for potential common cause failures.
It is expected that the rule will            CFR 50.73 provide enough information          requests public comments on whether produce a set of basic systems for which to characterize the important initiating              the proposed rule should exempt plants reliability data will be reported for all        systems for the purpose of PRA studies.      that have announced (or will announce)
Failures that occur closely together in time warrant review to see whether a common cause failure may be involved.
: 4. Non-measurable items. Items such      plans to discontinue operation within a plants that have them. However, these basic systems are not sufficient by            as  reactor coolant system corrosion are      short time (e.g., two years).
Common cause failures may indicate a need for revised maintenance procedures or staggered testing. Common cause failure rates are also needed for PRA models because of their importance in system reliability and availability estimates.
themselves. Additional systems and             not amenable to meaningful measurement by the methods of this            Conclusion equipment to be addressed will depend proposed rule.                                    As discussed under the subject "Move on plant-specific features. Listed below            Based on this review, the systems and   to Risk-Based Regulation," the is the set of basic systems that the            equipment to be included in the scope        information to be collected under the Commission is currently considering for of the rule are considered reasonably      proposed rule is necessary for the identification in the draft regulatory consistent with operating experience in      development and implementation of guide.                                         terms of involvement in significant          risk-based regulatory processes. Risk Basic PWR systems       Basic BWR systems    events. Accordingly, it is expected that     based regulatory approaches provide a reliability and availability information      means for the Commission to maintain, Auxiliary feedwater .... Reactor core isolation for those systems and equipment will be      and in some cases improve, safety while cooling or isolation well suited for identifying plants and        reducing impacts on licensees as well as condenser.           systems at increased risk for significant    NRC resource expenditures, by focusing High pressure safety     Feedwater coolant in events.                                        regulatory requirements and activities injection               jection, high pres       Minimizing Costs. The NRC intends        on the most risk-significant areas. In sure coolant injec   that the data required to be collected        addition, this information would tion or high pres   and reported under this proposed rule        improve the NRC's oversight of sure core spray, as                                               licensees' implementation of the appropriate.         be  essentially the same as would be Reactor protection ..... Reactor protection. required for monitoring reliability and/      maintenance rule. It would also enhance Low pressure safety       Low pressure coolant or availability for other purposes, such        licensee's capabilities to implement the injection,              injection and low   as monitoring system reliability where        evaluation and goal-setting activities pressure core       that is the option chosen for compliance      required by the maintenance rule by spray.               with the maintenance rule. Thus, it          providing licensees with access to Emergency ac power Emergency ac power. should be practical to gather and report              current industry-wide reliability and the data without significant additional      availability information for some of the As discussed above, the systems and         cost. This will be a priority goal in        risk-significant systems and equipment equipment to be included in the scope           developing the guidance to be included        within the scope of the maintenance of the rule would be those event                 in the new regulatory guide.                  rule. The Commission has also prepared mitigating systems and equipment that               Sunset Provision.As experience is        a regulatory analysis (see "Regulatory have or could have a significant effect         gained with implementing the proposed        Analysis") which identified alternatives on risk in terms of avoiding core damage rule and utilizing the information                    for collecting the information for use by accidents or preserving containment             required to be collected and reported, a      both licensees and the NRC, and integrity. To ensure that this approach         reassessment may be necessary or              evaluated the costs of each viable is consistent with operating experience,        desirable. One way of assuring such a        alternative. Based upon these factors, the NRC has considered the systems and reassessment would be to include a                      the Commission believes that the costs A-8
Failure cause and failure mode information are needed to support common cause failure analysis as discussed above and to associate the failure with the correct failure mode for input into PRA models. Quarterly data are needed to conduct first order trending studies to identify areas of emerging concern with regard to overall plant and system performance.
 
More frequent compilation is acceptable at the discretion of each licensee.
5325 Federal RegUter / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules
An identification of the systems, trains, and ensembles of components subject to the rule is needed because identification of the components within the systems, trains, and ensembles is necessary for proper use and evaluation of the data by the staff and for industry wide generic applications to account for physical differences between plants. For example, simplified system diagrams could be marked to show the systems, trains, and ensembles against which the data would be reported.
: 4. How can the burden of the             the backfit rule, 10 CFR 50.109, does not of the proposed rule's information                                                    apply to this proposed rule, and collection and reporting requirements      collection of information be minimized including by using automated collection    therefore, a backfit analysis is not are justified in view of the potential                                                required for this proposed rule because safety significance and projected          techniques?
Retention of records and documentation that provide the bases for the summary data report to the NRC for a period of several years is consistent with maintenance rule applications.
Send comments on any aspect of this      these amendments do not involve any benefits of the information in NRC                                                      provisions which would impose backfits regulatory activities.                      proposed collection of information, including suggestions for reducing the      as defined in 10 CFR 50.109(a)(1).
For example, monitoring reliability for a few years may be used to determine trends in order to achieve the balance described in 10 CFR 50.65(a)(3)-i.e., the balance between preventing failures through maintenance and minimizing unavailability due to monitoring and preventive maintenance.
Submission of Comments in Electronic        burden, to the Information and Records        However, as discussed above in Format                                      Management Branch (T-6-F33), U.S.           "Regulatory Analysis," the Commission Nuclear Regulatory Commission,              has prepared a regulatory analysis Commenters are encouraged to                                                         which summarizes the purpose and submit, in addition to the original paper Washington, DC 20555-0001, and to the         intended use of the information copy, a copy of their comments in an        Desk Officer, Office of Information and Regulatory  Affairs, NEOB-10202,            proposed to be collected, identifies electronic format  on IBM  PC DOS                                                    alternatives for collection and reporting compatible 3.5- or 5.25-inch, double      (3150-0011), Office of Management and Budget, Washington, DC 20503.               of the proposed information, and sided, diskettes. Data files should be                                                 identifies the impacts and benefits of provided in WordPerfect 5.0 or 5.1.          Comments to OMB on the collections of information or on the above issues      the alternatives.
In addition, on-site data are needed to provide a scrutable basis for regulatory decisions.
ASCII code is also acceptable, or if                                                      This regulatory analysis constitutes a formatted text is required, data files    should be submitted by March 13, 1996.
For example, it is expected to be necessary to review the actual unavailable hours in order to estimate the mean repair times for key components for the purpose of updating the staff's PRA models. Regulatory Guide A new regulatory guide will be prepared and issued to provide supplementary guidance.
Comments received after this date will     disciplined process for evaluating the should be submitted in IBM Revisable                                                    potential benefits and projected impacts Format Text Document Content                be considered if it is practical to do so, but assurance of consideration cannot      (burdens) of information collection and Architecture    (RFT/DCA)  format.                                                     reporting requirements such as the be given to comments received after this Environmental Impact- Categorical          date.                                        proposed rule. The Commission Exclusion                                                                              therefore concludes that the objective Public Protection Notification              underlying the Commission's adoption The proposed rule sets forth                The NRC may not conduct or sponsor,     of the Backfit Rule-that regulatory requirements for the collection,           and a person is not required to respond    impacts are assessed under established maintenance, and reporting of reliability to, a collection of information unless it    criteria in a disciplined process--is and availability data for certain risk    displays a currently valid OMB control      being met for this proposed rule.
The guide will present an acceptable way to define the systems and equipment subject to the rule and it will provide risk-based definitions of failure as well as train and system boundaries consistent with PRA applications.
significant systems and equipment. The    number.
The format in which data would be provided to the NRC and a suggested format for maintaining on-site documentation and record keeping would be included.
NRC has determined that this proposed                                                  List of Subjects in 10 CFR Part 50 rule is the type of action described  in  Regulatory Analysis                            Antitrust, Classified information, categorical exclusion, 10 CFR                  The Commission has prepared a draft      Criminal penalties, Fire protection, 51.22(c)(3)(ii). Therefore, neither an    regulatory analysis on this proposed        Intergovernmental relations, Nuclear environmental impact statement nor an      regulation. The analysis examines the       power plants and reactors, Radiation environmental assessment has been          costs and benefits of the alternatives      protection, Reactor siting criteria, prepared for this proposed regulation.      considered by the Commission. The          Reporting and record keeping Paperwork Reduction Act Statement          draft analysis is available for inspection  requirements.
In order to reduce costs, use of electronic data submittal will be considered a priority objective in developing and implementing the guide. A draft guide will be published for comment before it is finalized.
in the NRC Public Document Room,               For the reasons set out in the This proposed rule amends              2120 L Street NW. (Lower Level),           preamble and under the authority of the information collection requirements that Washington, DC. Single copies of the           Atomic Energy Act of 1954, as amended, are subject to the Paperwork Reduction      draft analysis may be obtained from:        the Energy Reorganization Act of 1974, Act of 1995 (44 U.S.C. 3501 et seq.).      Dennis Allison, Office for Analysis and    as amended, and 5 U.S.C. 553, the NRC This rule has been submitted to OMB        Evaluation of Operational Data, U.S.        is proposing to adopt the following for review and approval of the             Nuclear Regulatory Commission,              amendments to 10 CFR Part 50.
A public workshop is planned after publication of the draft guide. The comment period for this proposed rule will not expire until at least 30 days after publication of the draft regulatory guide. Definitions The basic definitions used in reporting under § 50.76 are discussed below; further details will be addressed in the regulatory guide. For example, the basic definition of failure is provided here; further details, such as how to handle a case where the operators prematurely terminate system operation following a real demand, will be discussed in the regulatory guide. In particular, the regulatory guide will define risk-significant safety function(s) and failures for systems and equipment covered by this proposed rule. Demand is an occurrence where a system or train is called upon to perform its risk-significant safety function.
Paperwork Reduction Act requirements. Washington, DC 20555-0001, The public reporting burden for this    Telephone (301) 415-6835.                  PART 50--OOMESTIC UCENSING OF collection of information is estimated to                                              PRODUCTION AND UTIUZATION average 1375 hours per response (i.e.,     Regulatory Flexibility Certification        FACILITIES per commercial nuclear power reactor          In accordance with the Regulatory          1. The authority citation for Part 50 per year), including the time for          Flexibility Act of 1980 (5 U.S.C. 605      continues to read as follows:
A demand may be manual or automatic.
reviewing instructions, searching          (B)), the Commission certifies that this existing data sources, gathering and        rule will not, if promulgated, have a          Authority: Sections 102,103,104, 105, maintaining the data needed, and            significant economic impact on a            161, 182, 183, 186, 189,68 Stat. 936, 937, completing and reviewing the collection substantial number of small entities.          938. 948,953, 954,955,956. as amended, sec. 234, 83 Stat 1244, as amended (42 of information. The Commission is          The proposed rule affects only the         U.S.C. 2132, 2133. 2134, 2135, 2201, 2232, seeking public comment on the              licensing and operation of nuclear          2233, 2236, 2239, 2282); secs. 201, as potential impact of the collection of       power plants. The companies that own        amended, 202, 206, 88 Stat. 1242, as information contained in the proposed       these plants do not fall within the scope  amended, 1244, 1246 (42 U.S. C. 5841, 5842, rule and on the following issues:          of the definition of "small entities" set  5846).
It may occur in response to a real need, a test, an error, an equipment malfunction or other spurious causes. For the purposes of reporting under this rule, the demands of interest are those which are actual demands or closely simulate actual demands for the train or specific equipment involved.
: 1. Is the proposed collection of       forth in the Regulatory Flexibility Act or    Section 50.7 also issued under Pub. L. 95 601, sec. 10, 92 Stat 2951 as amended by information necessary for the proper        the size standards adopted by the NRC       Pub. L. 102-486, sec. 2902, 106 Stat 3123, (42 performance of the functions of the       on April 11, 1995 (60 FR 18344-10          U.S.C. 5851). Section 50.10 also issued under NRC, and does the information have        CFR 2.810.                                  secs. 101, 185, 68 Stat. 936, 955, as amended practical utility?                                                                      (42 U.S.C. 2131, 2235]; sec. 102, Pub. L. 91 Backfit Analysis                            190, 83 Stat. 853 (42 U.S.C. 4332). Sections
Failure, for the purpose of reporting under this rule, is an occurrence where a system or train fails to perform its risk significant safety function.
: 2. Is the estimate of burden accurate?
A failure may occur as a result of a hardware malfunction, a software malfunction, or a human error. Failures to start in response to a demand are reported under paragraph 50.76(b)(1)(i).
: 3. Is there a way to enhance the           The proposed rule sets forth            50.13, and 50.54(dd), and 50.103 also issued requirements    for reporting and record    under sec. 108, 68 Stat. 939, as amended (42 quality, utility, and clarity of the                                                    U.S.C. 2138). Sections 50.23, 50.35, 50.55, information to be collected?              keeping. The NRC has determined that A-9
Failures A-7 5323 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules to run after a successful start are reported under paragraph 50.76(b)(1](ii).
 
Unavailability is the probability that a required system or train is not in a condition to perform or is not capable of performing its risk-significant safety function.
5326                Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and 50.56 also issued under sec. 185, 68 Stal        (iii) The number of hours equipment          DEPARTMENT OF TRANSPORTATION 955 (42 U.S.C. 2235). Sections 50.33a, 50.551    is unavailable, characterized according and Appendix Q also issued under sec. 102,       to the identification of the train affected Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332]                                                    Federal Aviation Administration Sections 50.34 and 50.54 also issued under        the plant mode at the time equipment is sec. 204, 88 Stat. 1245 ,42 U.S.C. 5844).         unavailable (operating or shutdown),           14 CFR Part 39 Sections 50.58, 50.91, and 50.92 also issued      characterization of the unavailable            [Docket No. 93-NM-133-AD]
This may result from failure to start, from failure to run, or from intentional or unintentional removal of equipment from service (e.g., for maintenance or testing).
under Pub. L 97-415, 96 Stat. 2073 (42            period (planned, unplanned, or support U.S.C. 2239). Section 50.78 also issued tude,r    system unavailable), and, if due to a            Airworthiness Directives; Airbus sec. 122, 68 Stat. 939 (42 U.S.C. 2152).          support system being unavailable,                Industrie Model A300, A310, and A300 Sections 50.80-50.81 also issued under sec.       identification of the support system;            600 Series Airplanes 184,68 Stat. 954, as amended (42 U.S.C.              (iv) For each period equipment is 2234). Appendix F also issued under sec.          unavailable due to component failure(s),         AGENCY: Federal Aviation 187,68 Stat. 955 (42 U.S.C. 2237).                a failure record identifying the                Administration, DOT.
Risk-significant safety function is a safety function that has or could have a significant effect on risk (in terms of avoiding core damage accidents or preserving containment integrity for the purposes of reporting under this proposed rule). Reportable systems and equipment are the event-mitigating systems and equipment which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.
: 2. Section 50.8(b) is revised to read as     component(s) and providing the failure          ACTION: Supplemental notice of follows:                                         date, duration, mode, cause, and effect;        proposed rulemaking; reopening of and                                            comment period.
The reportable systems and equipment will be determined by each licensee.
    §50.8 Infornmallon collection                        (v) The number of hours when two or re-qCirUmB"      oM a ol.                         more trains from the same or different         
The regulatory guide will describe acceptable methods for making that determination.
It is expected that the rule will produce a set of basic systems for which reliability data will be reported for all plants that have them. However, these basic systems are not sufficient by themselves.
Additional systems and equipment to be addressed will depend on plant-specific features.
Listed below is the set of basic systems that the Commission is currently considering for identification in the draft regulatory guide. Basic PWR systems Basic BWR systems Auxiliary feedwater  
.... Reactor core isolation cooling or isolation condenser.
High pressure safety Feedwater coolant in injection jection, high pres sure coolant injec tion or high pres sure core spray, as appropriate.
Reactor protection  
..... Reactor protection.
Low pressure safety Low pressure coolant injection, injection and low pressure core spray. Emergency ac power Emergency ac power. As discussed above, the systems and equipment to be included in the scope of the rule would be those event mitigating systems and equipment that have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.
To ensure that this approach is consistent with operating experience, the NRC has considered the systems and equipment that have been substantially involved in significant events in U. S. reactors.
These systems were found to fall into the following categories:
: 1. Basic systems. As indicated above, the NRC expects that these systems would be included in the scope of the rule for all plants. The basic systems on the proposed list have been confirmed to have been substantially involved in signi ficant events. 2. Plant-specific systems. Systems such as service water and component cooling water are risk-significant, but the significance varies widely, depending upon plant-specific designs.
It is expected that these systems will be included, as appropriate, based on plant-specific PRA studies. Other systems, such as containment purge, appear infrequently in connection with significant events and are not expected to be risk-significant for any plants. 3. Initiating systems. Systems such as main feedwater and offsite power are primarily considered to be initiators of significant events, rather than mitigation systems. Existing reporting requirements in 10 CFR 50.72 and 10 CFR 50.73 provide enough information to characterize the important initiating systems for the purpose of PRA studies.
: 4. Non-measurable items. Items such as reactor coolant system corrosion are not amenable to meaningful measurement by the methods of this proposed rule. Based on this review, the systems and equipment to be included in the scope of the rule are considered reasonably consistent with operating experience in terms of involvement in significant events. Accordingly, it is expected that reliability and availability information for those systems and equipment will be well suited for identifying plants and systems at increased risk for significant events. Minimizing Costs. The NRC intends that the data required to be collected and reported under this proposed rule be essentially the same as would be required for monitoring reliability and/ or availability for other purposes, such as monitoring system reliability where that is the option chosen for compliance with the maintenance rule. Thus, it should be practical to gather and report the data without significant additional cost. This will be a priority goal in developing the guidance to be included in the new regulatory guide. Sunset Provision.
As experience is gained with implementing the proposed rule and utilizing the information required to be collected and reported, a reassessment may be necessary or desirable.
One way of assuring such a reassessment would be to include a"sunset provision" in the rule, whereby the rule would automatically expire after a specified period of time unless: (i) a condition specified in the rule is fulfilled, or (ii) the Commission engages in a rulemaking which extends the effectiveness of the rule. The Commission requests public comments on whether the proposed rule should contain such a sunset provision, and if so, the period of time after which the rule should automatically expire. Grandfather Provision.
There may be some plants for which, at the time that the proposed rule may be adopted by the Commission as a final rule, licensees have already announced plans to discontinue operation in the near future. Furthermore, licensees may determine in the future to discontinue operation at some plants. In either case, there may be less reason to require collection and repeting of the information contemplated by the proposed rule at such plants and it may be advisable to exempt such plants from the information collection and reporting requirements of the proposed rule (i.e., "grandfathering").
The Commission requests public comments on whether the proposed rule should exempt plants that have announced (or will announce) plans to discontinue operation within a short time (e.g., two years). Conclusion As discussed under the subject "Move to Risk-Based Regulation," the information to be collected under the proposed rule is necessary for the development and implementation of risk-based regulatory processes.
Risk based regulatory approaches provide a means for the Commission to maintain, and in some cases improve, safety while reducing impacts on licensees as well as NRC resource expenditures, by focusing regulatory requirements and activities on the most risk-significant areas. In addition, this information would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensee's capabilities to implement the evaluation and goal-setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the risk-significant systems and equipment within the scope of the maintenance rule. The Commission has also prepared a regulatory analysis (see "Regulatory Analysis")
which identified alternatives for collecting the information for use by both licensees and the NRC, and evaluated the costs of each viable alternative.
Based upon these factors, the Commission believes that the costs A-8 5324 5325 Federal RegUter / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules of the proposed rule's information collection and reporting requirements are justified in view of the potential safety significance and projected benefits of the information in NRC regulatory activities.
Submission of Comments in Electronic Format Commenters are encouraged to submit, in addition to the original paper copy, a copy of their comments in an electronic format on IBM PC DOS compatible 3.5- or 5.25-inch, double sided, diskettes.
Data files should be provided in WordPerfect 5.0 or 5.1. ASCII code is also acceptable, or if formatted text is required, data files should be submitted in IBM Revisable Format Text Document Content Architecture (RFT/DCA) format. Environmental Impact- Categorical Exclusion The proposed rule sets forth requirements for the collection, maintenance, and reporting of reliability and availability data for certain risk significant systems and equipment.
The NRC has determined that this proposed rule is the type of action described in categorical exclusion, 10 CFR 51.22(c)(3)(ii).
Therefore, neither an environmental impact statement nor an environmental assessment has been prepared for this proposed regulation.
Paperwork Reduction Act Statement This proposed rule amends information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This rule has been submitted to OMB for review and approval of the Paperwork Reduction Act requirements.
The public reporting burden for this collection of information is estimated to average 1375 hours per response (i.e., per commercial nuclear power reactor per year), including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.
The Commission is seeking public comment on the potential impact of the collection of information contained in the proposed rule and on the following issues: 1. Is the proposed collection of information necessary for the proper performance of the functions of the NRC, and does the information have practical utility? 2. Is the estimate of burden accurate?
: 3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?
: 4. How can the burden of the collection of information be minimized including by using automated collection techniques?
Send comments on any aspect of this proposed collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6-F33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0011), Office of Management and Budget, Washington, DC 20503. Comments to OMB on the collections of information or on the above issues should be submitted by March 13, 1996. Comments received after this date will be considered if it is practical to do so, but assurance of consideration cannot be given to comments received after this date. Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Regulatory Analysis The Commission has prepared a draft regulatory analysis on this proposed regulation.
The analysis examines the costs and benefits of the alternatives considered by the Commission.
The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from: Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (301) 415-6835.
Regulatory Flexibility Certification In accordance with the Regulatory Flexibility Act of 1980 (5 U.S.C. 605 (B)), the Commission certifies that this rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.
The proposed rule affects only the licensing and operation of nuclear power plants. The companies that own these plants do not fall within the scope of the definition of "small entities" set forth in the Regulatory Flexibility Act or the size standards adopted by the NRC on April 11, 1995 (60 FR 18344-10 CFR 2.810. Backfit Analysis The proposed rule sets forth requirements for reporting and record keeping. The NRC has determined that the backfit rule, 10 CFR 50.109, does not apply to this proposed rule, and therefore, a backfit analysis is not required for this proposed rule because these amendments do not involve any provisions which would impose backfits as defined in 10 CFR 50.109(a)(1).
However, as discussed above in "Regulatory Analysis," the Commission has prepared a regulatory analysis which summarizes the purpose and intended use of the information proposed to be collected, identifies alternatives for collection and reporting of the proposed information, and identifies the impacts and benefits of the alternatives.
This regulatory analysis constitutes a disciplined process for evaluating the potential benefits and projected impacts (burdens) of information collection and reporting requirements such as the proposed rule. The Commission therefore concludes that the objective underlying the Commission's adoption of the Backfit Rule-that regulatory impacts are assessed under established criteria in a disciplined process--is being met for this proposed rule. List of Subjects in 10 CFR Part 50 Antitrust, Classified information, Criminal penalties, Fire protection, Intergovernmental relations, Nuclear power plants and reactors, Radiation protection, Reactor siting criteria, Reporting and record keeping requirements.
For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended, the Energy Reorganization Act of 1974, as amended, and 5 U.S.C. 553, the NRC is proposing to adopt the following amendments to 10 CFR Part 50. PART 50--OOMESTIC UCENSING OF PRODUCTION AND UTIUZATION FACILITIES
: 1. The authority citation for Part 50 continues to read as follows: Authority:
Sections 102,103,104, 105, 161, 182, 183, 186, 189,68 Stat. 936, 937, 938. 948,953, 954,955,956.
as amended, sec. 234, 83 Stat 1244, as amended (42 U.S.C. 2132, 2133. 2134, 2135, 2201, 2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S. C. 5841, 5842, 5846). Section 50.7 also issued under Pub. L. 95 601, sec. 10, 92 Stat 2951 as amended by Pub. L. 102-486, sec. 2902, 106 Stat 3123, (42 U.S.C. 5851). Section 50.10 also issued under secs. 101, 185, 68 Stat. 936, 955, as amended (42 U.S.C. 2131, 2235]; sec. 102, Pub. L. 91 190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, and 50.54(dd), and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). Sections 50.23, 50.35, 50.55, A-9 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and 50.56 also issued under sec. 185, 68 Stal 955 (42 U.S.C. 2235). Sections 50.33a, 50.551 and Appendix Q also issued under sec. 102, Pub. L. 91-190, 83 Stat. 853 (42 U.S.C. 4332] Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 ,42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued tude, sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80-50.81 also issued under sec. 184,68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187,68 Stat. 955 (42 U.S.C. 2237). 2. Section 50.8(b) is revised to read as follows: §50.8 Infornmallon collection re-qCirUmB" oM a ol.  (b) The approved information collection requirements contained in this part appear in §§ 50.30, 50.33, 50.33a, 50.34, 50.34a, 50.35, 50.36, 50.36a, 50.48, 50.49, 50.54, 50.55, 50.55a, 50.59, 50.60, 50.61, 50.63, 50.64, 50.65, 50.71, 50.72, 50.75, 50.76, 50.80, 50.82, 50.90, 50.91, 50.120, and Appendices A, B, E, G, H, I, J, K, M, N, 0, Q, and R.  * * *
* 3. Section 50.76 is added to read as follows: § 50.76 Reporting reliability and avallability Infom'ation for risk-significant systems and equipment.  (a) Applicability.
This section applies to all holders of operating licenses for commercial nuclear power plants under 10 CFR 50.21b or 50.22 and all holders of combined operating licenses for commercial nuclear power plants under 10 CFR 52.97.  (b) Requirements.
(1) Each licensee shall submit an annual report to the NRC that contains the following information, compiled on the basis of calendar quarters, or on a more frequent basis at the option of each licensee, for systems, trains, and ensembles of components in paragraph (b)(3) of this section: (i) The number of demands, the number of failures to start associated with such demands, and the dates of such failures, characterized according to the identification of the train affected, the type of demand (test, inadvertent/ -spurious, or actual need), and the plant mode at the time of the demand (operating or shutdown); (ii) The number of hours of operation following each successful start, characterized according to the identification of the train affected and whether or not the operation was terminated because of equipment failure, with the dates of any such failures;(iii) The number of hours equipment is unavailable, characterized according to the identification of the train affected the plant mode at the time equipment is unavailable (operating or shutdown), characterization of the unavailable period (planned, unplanned, or support r system unavailable), and, if due to a support system being unavailable, identification of the support system; (iv) For each period equipment is unavailable due to component failure(s), a failure record identifying the component(s) and providing the failure date, duration, mode, cause, and effect; and (v) The number of hours when two or more trains from the same or different systems were concurrently unavailable, characterized according to the identification of the trains that were unavailable.
(2) The initial annual report described in (b)(1) above shall identify the systems, trains, and ensembles of components covered by paragraph (b)(3) below; subsequent annual reports shall either state that no changes were made subsequent to the previous annual report or describe any changes made. f3) The requirements of paragraphs (b)(1) and (b)(2) of this section apply to those event-mitigation systems, and ensembles of components treated as single entities in certain probabilistic risk assessments where a system or train treatment would not be appropriate, which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.
(4) Each licensee shall maintain records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the data reported in paragraph (b)(1) of this section on site and available for NRC inspection for a period of 5 years after the date of the report specified in paragraph (b)(1) of this section.  (c) Implementation.
Licensees shall begin collecting the information required by paragraph (b) of this section on January 1, 1997, and shall submit the first report required by paragraph (b)(1) of this section by January 31, 1998. Thereafter, each annual report required by paragraph (b)(1) of this section shall be submitted by January 31 of the following year. Dated at Rockville, MD, this 2nd day of February, 1996. For the Nuclear Regulatory Commission.
John C. Heyle, Secretory of the Commission.
[FR Doc. 96-2698 Filed 2-9-96; 8:45 am] CO.DEOcc 75-"1-P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. 93-NM-133-AD]
Airworthiness Directives; Airbus Industrie Model A300, A310, and A300 600 Series Airplanes AGENCY: Federal Aviation Administration, DOT. ACTION: Supplemental notice of proposed rulemaking; reopening of comment period.


==SUMMARY==
==SUMMARY==
: This document revises an earlier proposed airworthiness directive (AD), applicable to certain Airbus Model A300, A310, and A300-600 series airplanes, that would have required inspections to detect missing fasteners, cracked fitting angles, and elongated fastener holes in certain frames, and correction of discrepancies.
: This document revises an systems were concurrently unavailable,          earlier proposed airworthiness directive (b) The approved information                  characterized according to the                  (AD), applicable to certain Airbus collection requirements contained in              identification of the trains that were          Model A300, A310, and A300-600 this part appear in §§ 50.30, 50.33,              unavailable.                                    series airplanes, that would have 50.33a, 50.34, 50.34a, 50.35, 50.36,                (2) The initial annual report described      required inspections to detect missing 50.36a, 50.48, 50.49, 50.54, 50.55,                in (b)(1) above shall identify the              fasteners, cracked fitting angles, and 50.55a, 50.59, 50.60, 50.61, 50.63, 50.64, systems, trains, and ensembles of                      elongated fastener holes in certain 50.65, 50.71, 50.72, 50.75, 50.76, 50.80,          components covered by paragraph (b)(3)          frames, and correction of discrepancies.
That proposal was prompted by discrepancies found at the fitting angles on the frame at which a certain electronic rack is'attached.
50.82, 50.90, 50.91, 50.120, and                  below; subsequent annual reports shall          That proposal was prompted by Appendices A, B, E, G, H, I, J, K, M, N,          either state that no changes were made          discrepancies found at the fitting angles 0, Q, and R.                                      subsequent to the previous annual                on the frame at which a certain report or describe any changes made.            electronic rack is'attached. This action
This action revises the proposed rule by revising the inspection thresholds and repetitive intervals; providing an optional terminating action; and deleting certain airplanes from the applicability.
: 3. Section 50.76 is added to read as            f3) The requirements of paragraphs          revises the proposed rule by revising the follows:                                          (b)(1) and (b)(2) of this section apply to      inspection thresholds and repetitive those event-mitigation systems, and            intervals; providing an optional
The actions specified by this proposed AD are intended to prevent damage propagation that could lead to failure of the rack-to-structure attachment points, and subsequently could result in loss of airplane systems, structural damage, and possible electrical arcing. DATES: Comments must be received by March 4, 1996. ADDRESSES:
  § 50.76 Reporting reliability and                  ensembles of components treated as avallability Infom'ation for risk-significant                                                      terminating action; and deleting certain single entities in certain probabilistic        airplanes from the applicability. The systems and equipment.
Submit comments in triplicate to the Federal Aviation Administration (FAA), Transport Airplane Directorate, ANM-103, Attention:
(a) Applicability.This section applies risk assessments where a system or train treatment would not be appropriate, actions specified by this proposed AD are intended to prevent damage t
Rules Docket No. 93-NM 133-AD, 1601 Lind Avenue SW., Renton, Washington 98055-4056.
to all holders of operating licenses for            which have or could have a significant commercial nuclear power plants under                                                              propagation that could lead to failure of effect on risk in terms of avoiding core        the rack-to-structure attachment points, 10 CFR 50.21b or 50.22 and all holders damage accidents or preserving                  and subsequently could result in loss of of combined operating licenses for containment integrity.                          airplane systems, structural damage, commercial nuclear power plants under                  (4) Each licensee shall maintain            and possible electrical arcing.
Comments may be inspected at this location between 9:00 a.m. and 3:00 p.m., Monday through Friday, except Federal holidays.
10 CFR 52.97.                                      records and documentation of each (b) Requirements. (1) Each licensee                                                          DATES: Comments must be received by occurrence of a demand, failure, or            March 4, 1996.
The service information referenced in the proposed rule may be obtained from Airbus Industrie, 1 Rond Point Maurice Bellonte, 31707 Blagnac Cedex, France. This information may be examined at the FAA, Transport Airplane Directorate, 1601 Lind Avenue, SW., Renton, Washington.
shall submit an annual report to the unavailable period that provide the NRC that contains the following                                                                    ADDRESSES: Submit comments in basis for the data reported in paragraph information, compiled on the basis of                                                              triplicate to the Federal Aviation (b)(1) of this section on site and calendar quarters, or on a more frequent                                                          Administration (FAA), Transport available for NRC inspection for a basis at the option of each licensee, for                                                          Airplane Directorate, ANM-103, period of 5 years after the date of the systems, trains, and ensembles of                                                                  Attention: Rules Docket No. 93-NM report specified in paragraph (b)(1) of components in paragraph (b)(3) of this                                                            133-AD, 1601 Lind Avenue SW.,
FOR FURTHER FORMATION CONTACT: Tim Backman, Aerospace Engineer, Standardization Branch, ANM-113, FAA, Transport Airplane Directorate, 1601 Lind Avenue SW., Renton, A-I0 5326 t APPENDIX B GLOSSARY Actual Demand is a command to a reportable system, train, or equipment group to initiate action to perform its risk-significant function in response to a need for the function arising from an accident or transient.
this section.
section:                                              (c) Implementation. Licensees shall          Renton, Washington 98055-4056.
(i) The number of demands, the                                                                Comments may be inspected at this begin collecting the information number of failures to start associated            required by paragraph (b) of this section      location between 9:00 a.m. and 3:00 with such demands, and the dates of                on January 1, 1997, and shall submit the        p.m., Monday through Friday, except such failures, characterized according to          first report required by paragraph (b)(1)      Federal holidays.
the identification of the train affected,          of this section by January 31, 1998.                The service information referenced in the type of demand (test, inadvertent/            Thereafter, each annual report required        the proposed rule may be obtained from
-spurious, or actual need), and the plant          by paragraph (b)(1) of this section shall      Airbus Industrie, 1 Rond Point Maurice mode at the time of the demand                                                                    Bellonte, 31707 Blagnac Cedex, France.
be submitted by January 31 of the (operating or shutdown);                          following year.                                This information may be examined at (ii) The number of hours of operation                                                        the FAA, Transport Airplane following each successful start,                      Dated at Rockville, MD, this 2nd day of      Directorate, 1601 Lind Avenue, SW.,
characterized according to the                    February, 1996.                                Renton, Washington.
identification of the train affected and              For the Nuclear Regulatory Commission.
FOR FURTHER FORMATION CONTACT: Tim whether or not the operation was                    John C. Heyle,                                  Backman, Aerospace Engineer, terminated because of equipment                    Secretoryof the Commission.                    Standardization Branch, ANM-113, failure, with the dates of any such                [FR Doc. 96-2698 Filed 2-9-96; 8:45 am]        FAA, Transport Airplane Directorate, failures;                                                          75-"1-P CO.DEOcc                              1601 Lind Avenue SW., Renton, A-I0
 
APPENDIX B GLOSSARY Actual Demand is a command to a reportable system, train, or equipment group to initiate action to perform its risk-significant function in response to a need for the function arising from an accident or transient.
Availability as used in this regulatory guide is the probability that a reportable system, train, or equipment group is capable of performing on demand its risk-significant safety function during a reportable plant operational state. It is estimated by dividing the number of hours that a system, train, or equipment group is available to perform its risk-significant safety function by the total number of hours that the plant is in a specific reportable plant operational state during a quarter.
Availability as used in this regulatory guide is the probability that a reportable system, train, or equipment group is capable of performing on demand its risk-significant safety function during a reportable plant operational state. It is estimated by dividing the number of hours that a system, train, or equipment group is available to perform its risk-significant safety function by the total number of hours that the plant is in a specific reportable plant operational state during a quarter.
Concurrent unavailable hours are the hours when two or more trains or equipment groups in reportable systems were unavailable at the same time to perform their risk-significant safety function during a plant operational state for which they were both reportable.
Concurrent unavailable hours are the hours when two or more trains or equipment groups in reportable systems were unavailable at the same time to perform their risk-significant safety function during a plant operational state for which they were both reportable.
Core damage freauency is a measure of risk estimated by assessing the average yearly frequency of core damage that is expected for an individual nuclear power plant from the plant's probabilistic risk assessment (PRA). Equipment group is a portion of a reportable system that is defined to indicate a group of components that are all commanded to perform their risk-significant safety function by a particular type of reportable demand. Front-line system is a collection of components and structures designated and installed to perform one or more safety functions such as core inventory make up or containment cooling.
Core damage freauency is a measure of risk estimated by assessing the average yearly frequency of core damage that is expected for an individual nuclear power plant from the plant's probabilistic risk assessment (PRA).
Equipment group is a portion of a reportable system that is defined to indicate a group of components that are all commanded to perform their risk-significant safety function by a particular type of reportable demand.
Front-line system is a collection of components and structures designated and installed to perform one or more safety functions such as core inventory make up or containment cooling.
Principal component is an element of a train or equipment group necessary for the train or equipment group to perform its risk-significant safety function and is the lowest level of detail normally included in the plant equipment representation in its PRA models. For example, principal components would include:
Principal component is an element of a train or equipment group necessary for the train or equipment group to perform its risk-significant safety function and is the lowest level of detail normally included in the plant equipment representation in its PRA models. For example, principal components would include:
* Motor operated valves (manual or automatic), including motors and power supplies up to the first power breaker
* Motor operated valves (manual or automatic), including motors and power supplies up to the first power breaker
* Air operated valves, including air to local supply valves
* Air operated valves, including air to local supply valves
* Check valve assemblies
* Check valve assemblies
* Emergency diesel generators, including specific supporting items such as an air start subsystem, a fuel oil day tank, or a lubricating oil cooler a Emergency diesel generator output breakers 0 Load shedding and load sequencing equipment 0 Station batteries
* Emergency diesel generators, including specific supporting items such as an air start subsystem, a fuel oil day tank, or a lubricating oil cooler a     Emergency diesel generator output breakers 0     Load shedding and load sequencing equipment 0     Station batteries
* Station battery output breakers and relays
* Station battery output breakers and relays
* Heat exchangers
* Heat exchangers
Line 393: Line 388:
* RPS instrument logical output relays, such as the four k-relays in the example PWR scram system
* RPS instrument logical output relays, such as the four k-relays in the example PWR scram system
* Hydraulic control units in BWR RPS Reliability as used in this regulatory guide is reliability on demand and the probability that a system, train, or equipment group will successfully complete its risk-significant safety function when called upon to do so during a period when it is considered to be available.
* Hydraulic control units in BWR RPS Reliability as used in this regulatory guide is reliability on demand and the probability that a system, train, or equipment group will successfully complete its risk-significant safety function when called upon to do so during a period when it is considered to be available.
Risk-importance measure is any quantitative calculation that measures the relative or absolute contribution to risk of an attribute that has an impact on risk. Risk-siqnificant is the term given to any aspect of nuclear power operations that could have an effect on risk (either core damage frequency or health effects to the public).
Risk-importance measure is any quantitative calculation that measures the relative or absolute contribution to risk of an attribute that has an impact on risk.
Risk-significant safety function is a safety function, for the purposes of reporting under the proposed rule, that has or could have a significant effect on risk in terms of preventing core damage accidents or preserving containment integrity.
Risk-siqnificant is the term given to any aspect of nuclear power operations that could have an effect on risk (either core damage frequency or health effects to the public).
The accomplishment of a risk-significant safety function does not necessarily correspond to operability requirements for design basis accidents.
Risk-significant safety function is a safety function, for the purposes of reporting under the proposed rule, that has or could have a significant effect on risk in terms of preventing core damage accidents or preserving containment integrity. The accomplishment of a risk-significant safety function does not necessarily correspond to operability requirements for design basis accidents.
It corresponds to the successful completion of the mission as modeled in PRAs. Spurious demand is a command given to equipment that arises from a false signal that mimics an actual demand. Support system is a system that provides a needed function to front-line or other systems but does not provide a direct safety function itself. Examples are electric power, service water, component cooling water, and automatic actuation systems.
It corresponds to the successful completion of the mission as modeled in PRAs.
Spurious demand is a command given to equipment that arises from a false signal that mimics an actual demand.
Support system is a system that provides a needed function to front-line or other systems but does not provide a direct safety function itself. Examples are electric power, service water, component cooling water, and automatic actuation systems.
Surveillance or test demand is a command given to equipment to prove that the equipment is available to perform its risk-significant safety function.
Surveillance or test demand is a command given to equipment to prove that the equipment is available to perform its risk-significant safety function.
Unavailability and Unreliability are the complementary functions of availability and reliability.
Unavailability and Unreliability are the complementary functions of availability and reliability.
B-2 APPENDIX C EXAMPLES OF REPORTABLE SYSTEMS This appendix provides several examples (Tables C-i thru C-5) of the types and numbers of systems that could be selected for final expert panel review and selection using the system level calculation alternate (with FV>O.I or RAW >100). These examples, which apply to five sample plants, were prepared by the NRC staff to illustrate the principles involved.
B-2
Similar outcomes in selecting risk-significant systems for reporting reliability and availability data are expected when using the maintenance rule risk-significant structures, systems, and components (SSCs) and supplemental expert panel screening.
 
However, more emphasis is placed on qualititative screening when using the maintenance rule SSCs as a starting point. In each case, the screening considerations discussed in Regulatory Position 1.2, Other Reportable Systems, would be applied. For reference they are summarized below. 0 Event initiating systems (as opposed to mitigating systems) may be excluded.
APPENDIX C EXAMPLES OF REPORTABLE SYSTEMS This appendix provides several examples (Tables C-i thru C-5) of the types and numbers of systems that could be selected for final expert panel review and selection using the system level calculation alternate (with FV>O.I or RAW >100). These examples, which apply to five sample plants, were prepared by the NRC staff to illustrate the principles involved. Similar outcomes in selecting risk-significant systems for reporting reliability and availability data are expected when using the maintenance rule risk-significant structures, systems, and components (SSCs) and supplemental expert panel screening.
a Support systems that support several reportable systems should be considered.
However, more emphasis is placed on qualititative screening when using the maintenance rule SSCs as a starting point. In each case, the screening considerations discussed in Regulatory Position 1.2, Other Reportable Systems, would be applied. For reference they are summarized below.
0       Event initiating systems (as opposed to mitigating systems) may be excluded.
a       Support systems that support several reportable systems should be considered.
* Systems and structures, such as containment structures and ice condensers, for which risk is more a function of capability than reliability, may be excluded.
* Systems and structures, such as containment structures and ice condensers, for which risk is more a function of capability than reliability, may be excluded.
* Systems and equipment that are risk-significant only because the likelihood of operator error may be excluded.
* Systems and equipment that are risk-significant only because the likelihood of operator error may be excluded.
0 Systems and equipment that make large contributions to shutdown risk and are significant contributors to overall risk should be included.
0     Systems and equipment that make large contributions to shutdown risk and are significant contributors to overall risk should be included.
0 Systems and equipment that have a contribution to risk that is small compared to that of the basic systems may be excluded.
0     Systems and equipment that have a contribution to risk that is small compared to that of the basic systems may be excluded.
* Systems important for the more risk-significant aspects of containment integrity.
* Systems important for the more risk-significant aspects of containment integrity.
Any of these considerations that were a significant factor in adding or deleting a system from Tables C-i through C-5 have been indicated in parentheses.
Any of these considerations that were a significant factor in adding or deleting a system from Tables C-i through C-5 have been indicated in parentheses.
C-I TABLE C-1: PLANT 1 -BWR, MARK 3 CONTAINMENT, GE TYPE 6 Fussell-Vesely Ratio Standby Service Water System Emergency ac Power System Auto. Depressurization System Residual Heat Removal System' Power Conversion System Instrument Air System SEng. Safety Feature Actuation High Pressure Core Spray Reactor Protection System Standby Liquid Control System Reactor Core Isolation Cooling 3 0.44 0.36 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 36200 Less than 100 Less than 100 Less than 100 Less than 100 26802 Less than 100 Less than 100 Less than 100 Less than 100 Basic System No Yes No Yes No No No Yes Yes No Yes Candidate for Reportable System Yes Yes No Yes No Yes No Yes Yes No Yes Reason to Include or Exclude High FV and RAW High RAW For Plant 1, we would expect seven systems to be candidate reportable systems.
C-I
 
TABLE C-1: PLANT 1 - BWR, MARK 3 CONTAINMENT, GE TYPE 6 Risk Achievement              Basic Candidate for System Name                                          Fussell-Vesely Ratio Reason to Worth Ratio                  System Reportable System Include or Exclude Standby Service Water System                                 0.44                          36200                        No      Yes            High FV and RAW Emergency ac Power System                                   0.36                        Less than 100                Yes      Yes Auto. Depressurization System                       Less than 0.1                        Less than 100                  No      No Residual Heat Removal System'                       Less than 0.1                       Less than 100                  Yes    Yes Power Conversion System                              Less than 0.1                       Less than 100                  No      No Instrument Air System                                Less than 0.1                           26802                        No    Yes            High RAW Safety Feature Actuation                      Less than 0.1                       SEng.
Less than 100                  No      No High Pressure Core Spray                            Less than 0.1                       Less than 100                 Yes    Yes Reactor Protection System                            Less than 0.1                        Less than 100                 Yes    Yes Standby Liquid Control System                        Less than 0.1                        Less than 100                 No       No Reactor Core Isolation Cooling 3 Yes     Yes For Plant 1, we would expect seven systems to be candidate reportable systems.
I 1 Also decay heat removed function, low pressure core spray, containment spray and shutdown cooling function.
I 1 Also decay heat removed function, low pressure core spray, containment spray and shutdown cooling function.
2 Largely HVAC support (accumulators are the backup).
2 Largely HVAC support (accumulators are the backup).
Importance values not available.
Importance values not available.
C System Name TABLE C-2: PLANT 2 -PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT, CE System Name Main Feedwater Auxilliary Feedwater Emergency AC Power High Pressure Safety Injection Reactor Protection System HVAC/Chilled Water' Component Cooling Water 3 Main Steam 4 C Containment Spray SSaltwater Cooling Safety Injection Tanks Low Pressure Safety Injection Instrument Air & Nitrogen System Chemical & Volume Control System Fussell-Vesely Ratio 0.991 0.41 0.39 0.32 0.12 0.19 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio Less than 100 3130 6620 268 127000 7390 161 313 Less than 100 164 Less than 100 Less than 100 Less than 100 Less than 100 Basic System No Yes Yes Yes Yes No No No No No No Yes No No Candidate for Reportable System No Yes Yes Yes Yes Yes No Yes Yes Yes No Yes No No Reason to Include or Exclude Always running, (c).See footnote 2. See footnote 3. High RAW. Containment integrity, (g). High RAW For Plant 2, we would expect nine systems to be candidate reportable systems.
C
Includes motor-driven condensate pumps which back-up the steam driven auxiliary feed pumps. 2 High RAW and support for ECCS and emergency ac, (b). Shutdown risk consideration (a).4 Includes isolating steam generator and providing steam to turbine driven pumps.
 
TABLE C-3: PLANT 3 -PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT CE Fussell-Vesely Ratio Emergency ac power system Auxiliary Feedwater System High Pressure Injection System Low Pressure Injection System Feedwater System Containment Isolation System Raw Water System Primary Pressure Control Circulating Water System Chemical & Volume Control Instrument Air System Turbine Plant Cooling Water Component Cooling Water HVAC 1 Containment Cooling System Containment Spray System Hydogen Purge System ESFAS Logic System Reactor Protection System'0.68 0.27 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 4130 135 140 598 737 Less than 100 118 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 7505 Less than 100 Less than 100 Less than 100 Less than 100 Basic System Yes Yes Yes Yes No No No No No No No No No No No No No No Yes Candidate for Reportable System Yes Yes Yes Yes No No Yes No No No No No Yes Yes Yes Yes No No Yes Reason to Include or Exclude Initiating event (a). High RAW Shutdown risk, (e). Containment integrity, (g). Containment integrity, (g). See footnote 2.For Plant 3, we would expect 10 systems to be candidate reportable systems.
TABLE C-2: PLANT 2 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT, CE Risk Achievement        Basic  Candidate for    Reason to System Name                                       Fussell-Vesely Ratio                  Worth Ratio              System Reportable System Include or Exclude Main Feedwater                                             0.991                        Less than    100          No        No            Always running, (c).
1 High RAW and supports both ECCS and emergency ac (b). 2 importance measures not available.
Auxilliary Feedwater                                       0.41                            3130                  Yes      Yes Emergency AC Power                                         0.39                            6620                  Yes      Yes High Pressure Safety Injection                             0.32                            268                  Yes      Yes Reactor Protection System                                 0.12                          127000                  Yes      Yes HVAC/Chilled Water'                                       0.19                            7390                    No      Yes            See footnote 2.
L System Name I TABLE C-4: PLANT 4 -BWR, MARK 1 CONTAINMENT, GE TYPE 4 System Name Eng. Safety Feature Actuation Essential Service Water Primary Containment Venting Condensate System High Pressure Coolant Injection Residual Heat Removal' Reactor Protection System Standby Liquid Control System Emergency ac Power System Reactor Building Cooling Water Reactor Core Isolation Cooling Normal Service Water DC Power System Emergency Heat, Vent, & Air Cond. High Pressure Service Water' Instrument Air System Turbine Building Cooling Water I~~Fussell-Vesely Ratio 0.63 0.25 0.15 Less than 0.1 Less than 0.1 0.11 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 8420 8150 Less than 100 Less than 100 Less than 100 499 1010 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 4320 Less than 100 Less than 100 Basic System No No No No Yes Yes Yes No Yes No Yes No No No No No No Candidate for Reportable System Yes Yes Yes No Yes Yes Yes No Yes No Yes No No No Yes No No Reason to Include or Exclude High FV and RAW High FV and RAW High FV See footnote 2.For Plant 4, we would expect nine systems to be candidate reportable systems.
Component 4Cooling Water3                        Less than 0.1                             161                    No        No            See footnote 3.
Also low pressure coolant injection, containment spray and post-accident heat removal.
Main Steam                                        Less than 0.1                             313                    No      Yes            High RAW.
2 High RAW and support for service water and high head safety injection function (b).
C Containment Spray                                Less than 0.1                         Less than   100            No      Yes            Containment integrity, (g).
TABLE C-5: PLANT 5 -PWR, LARGE DRY SUBATMOSPHERIC PRESSURE CONTAINMENT, WESTINGHOUSE THREE-LOOP System Name Emergency ac Electric Power Reactor Coolant Pumps Auxiliary Feedwater System Primary Pressure Relief High Pressure Injection 1 Low Pressure Recirculation Reactor Protection System Main Service Water Accumulators C Low Pressure Injection Main Feedwater Instrument Air System High Pressure Recirculation DC Power (1A and 1B) Component Cooling Water Residual Heat Removal Containment Spray System Inside Spray Recirculation Outside Spray Recirculation Consequence Limiting Control Fussell-Vesely Ratio 0.62 0.19 0.19 0.1 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 1370 Less than 100 4740 Less than 100 565 Less than 100 697 565 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 1952 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Basic System Yes No Yes No Yes No Yes No No Yes No No No No No No No No No No Candidate for Reportable System Yes No Yes No Yes No Yes Yes No Yes No No No Yes Yes Yes Yes No No No Reason to Include or Exclude Initiating event, (a). Operator action, (d). High RAW. High RAW. Shutdown risk, (e). Shutdown risk, (e). Containment integrity, (g).For Plant 5, we would expect 10 systems to be candidate reportable systems.
SSaltwater Cooling                          Less than 0.1                             164                    No      Yes            High RAW Safety Injection Tanks                            Less than 0.1                         Less than   100            No      No Low Pressure Safety Injection                    Less than 0.1                         Less than   100           Yes      Yes Instrument Air & Nitrogen System                  Less than 0.1                        Less than   100           No      No Chemical & Volume Control System                  Less than 0.1                        Less than   100           No       No For Plant 2, we would expect nine systems to be candidate reportable systems.
Includes motor-driven condensate pumps which back-up the steam driven auxiliary feed pumps.
2 High RAW and support for ECCS and emergency ac, (b).
Shutdown risk consideration (a).
4 Includes isolating steam generator and providing steam to turbine driven pumps.
 
TABLE C-3: PLANT 3 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT CE Risk Achievement Basic      Candidate for      Reason to System Name                                Fussell-Vesely Ratio       Worth Ratio      System    Reportable System  Include or Exclude Emergency ac power system                         0.68                  4130          Yes          Yes Auxiliary Feedwater System                         0.27                    135          Yes          Yes High Pressure Injection System           Less than 0.1                    140          Yes          Yes Low Pressure Injection System             Less than 0.1                   598          Yes          Yes Feedwater System                          Less than 0.1                   737          No            No            Initiating event (a).
Containment Isolation System              Less than 0.1               Less than  100    No            No Raw Water System                          Less than 0.1                   118          No          Yes            High RAW Primary Pressure Control                  Less than 0.1               Less than  100    No            No Circulating Water System                  Less than 0.1               Less than  100    No            No Chemical & Volume Control                  Less than 0.1               Less than 100    No            No Instrument Air System                      Less than 0.1               Less than 100    No            No Turbine Plant Cooling Water                Less than 0.1               Less than 100    No            No Component Cooling Water                    Less than 0.1               Less than 100    No          Yes            Shutdown risk, (e).
HVAC 1                                     Less than 0.1                 7505            No          Yes Containment Cooling System                Less than 0.1               Less than 100     No          Yes            Containment integrity, (g).
Containment Spray System                  Less than 0.1              Less than 100     No          Yes            Containment integrity, (g).
Hydogen Purge System                      Less than 0.1                Less than 100     No            No ESFAS Logic System                        Less than 0.1                Less than 100     No           No Reactor Protection System'                                                              Yes           Yes           See footnote 2.
For Plant 3, we would expect 10 systems to be candidate reportable systems.
1 High RAW and supports both ECCS and emergency ac (b).
2 importance measures not available.
I                                                        L
 
TABLE C-4: PLANT 4 - BWR, MARK 1 CONTAINMENT, GE TYPE 4 Basic  Candidate Reportable for System Reason Include to or Exclude Risk Worth Achievement Ratio System Fussell-Vesely Ratio                                                                     High FV and RAW System Name                                                                                                        Yes 8420                                            High FV and RAW 0.63                                               No      Yes 8150 Eng. Safety Feature Actuation                          0.25                                               No      Yes              High FV Less than 100 Essential Service Water                                0.15                                               No      No Less than 100 Primary Containment Venting                Less than 0.1                                                   No      Yes Less than 100 Condensate System                          Less than 0.1                                                   Yes      Yes 499 High Pressure Coolant Injection                        0.11                                               Yes Yes      Yes 1010 Residual Heat Removal'                      Less than 0.1                                                   No      No Less than 100 Reactor Protection System                  Less than 0.1                                                   Yes      Yes Less than 100 Standby Liquid Control System              Less than 0.1                         Less than 100            No      No Emergency ac Power System I~~
Less than 0.1                                                 Yes      Yes Less than 100 Reactor Building Cooling Water              Less than 0.1                         Less than 100            No      No Reactor Core Isolation Cooling              Less than 0.1                         Less than 100           No      No Normal Service Water                        Less than 0.1                          Less than 100           No      No DC Power System                                                                                                      Yes              See footnote 2.
Less than 0.1                            4320                  No Emergency Heat, Vent, & Air Cond.            Less than 0.1                          Less than 100           No      No High Pressure Service Water'                Less than 0.1                          Less than 100           No       No Instrument Air System                       Less than 0.1 Turbine Building Cooling Water to be candidate reportable systems.
For Plant 4, we would expect nine systems heat removal.
containment spray and post-accident Also low pressure coolant injection, function (b).
water and high head safety injection 2 High RAW and support for service
 
TABLE C-5: PLANT 5 - PWR, LARGE DRY SUBATMOSPHERIC PRESSURE CONTAINMENT, WESTINGHOUSE THREE-LOOP Risk Achievement    Basic      Candidate for System Name                                   Fussell-Vesely Ratio                                    System                        Reason to Worth Ratio                    Reportable System  Include or Exclude Emergency ac Electric Power 0.62                          1370              Yes          Yes Reactor Coolant Pumps 0.19                      Less than 100          No          No Auxiliary Feedwater System                                                                                                           Initiating event, (a).
0.19                        4740              Yes          Yes Primary Pressure Relief 0.1                      Less than 100        No          No High Pressure Injection 1                                                                                                           Operator action, (d).
0.1                         565              Yes          Yes Low Pressure Recirculation                  Less than 0.1                       Less than 100          No          No Reactor Protection System Less than 0.1                           697              Yes          Yes Main Service Water                            Less than 0.1                           565                No          Yes            High RAW.
Accumulators                                  Less than 0.1 C  Low Pressure Injection                                                            Less than 100          No          No Less than 0.1                       Less than 100        Yes          Yes Main Feedwater                                Less than 0.1 Instrument Air System                                                            Less than 100          No          No Less than 0.1                       Less than 100          No          No High Pressure Recirculation                  Less than 0.1 DC Power (1A and 1B)                                                              Less than 100        No            No Less than 0.1                           1952              No          Yes Component Cooling Water                                                                                                              High RAW.
Less than 0.1                       Less than 100         No          Yes Residual Heat Removal                                                                                                                Shutdown risk, (e).
Less than 0.1                        Less than 100         No          Yes Containment Spray System                                                                                                              Shutdown risk, (e).
Less than 0.1                        Less than 100         No          Yes Inside Spray Recirculation                                                                                                            Containment integrity, (g).
Less than 0.1                      Less than 100         No          No Outside Spray Recirculation                  Less than 0.1                      Less than 100         No          No Consequence Limiting Control                  Less than 0.1                      Less than 100         No           No For Plant 5, we would expect 10 systems to be candidate reportable systems.
Also dedicated charging pump cooling system and safety injection actuation.
Also dedicated charging pump cooling system and safety injection actuation.
2 Largely response to loss of offsite power.
2 Largely response to loss of offsite power.
APPENDIX D RISK-IMPORTANCE MEASURES The Fussell-Vesely importance measure is a relative measure. It provides an indication of the fractional contribution of a given system to core damage frequency (CDF) at the current, or expected level of reliability.
 
The mathematical expression for this importance measure is:' FV = [F(x) -F(O)] I F(x) with: F(x) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x at their mean value, and F(O) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to zero. An alternative notation is FV = qj/CDF with: q, = the sum of all cut sets that contain failure modes in the system of interest, and CDF = the sum of all cut sets, i.e., the core damage frequency.
APPENDIX D RISK-IMPORTANCE MEASURES The Fussell-Vesely importance measure is a relative measure.               It provides an core damage indication of the fractional contribution of a given system to frequency (CDF) at the current, or expected level of reliability.
The risk achievement worth ratio (ratio form of risk increase) is a relative measure. It provides an indication of the increase in CDF if a system is assumed to always fail. Its mathematical expression is: RAW = F(1) / F(x) Terminology and definitions are derived from NUREG/CR-1489, "A Review of NRC Staff Uses of Probabilistic Risk Assessment" (March 1994), page C-165, where FV is discussed in terms of the fractional contribution of a component (or basic event). Copies of NUREG/CR-1489 are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.
The mathematical expression for this importance measure is:'
Copies may be purchased at current rates from the U.S. Government Printing Office, P.O. Box 37082, Washington, DC 20402-9328 (telephone (202)512-1800);
FV = [F(x) - F(O)] I F(x) with:                                                                         evaluated with F(x) = minimal cut set upper bound (or sequence frequency)                     x at the basic event probabilities of all components         in   system their mean value, and F(O) = minimal cut set upper bound (or sequence frequency) system      evaluated with the basic event probabilities of all components         in           x set to zero.
or from the National Technical Information Service by writing NTIS at 5285 Port Royal Road, Springfield, VA 22161. D-1 with F(1) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to one The importance measures routinely calculated by PRA computer codes typically are applicable to individual components only. Importance measures for individual components in a system are not necessarily additive to compute the total importance of the system. In order to compute system importances for determining reportable systems under 10 CFR 50.76, it is suggested that F(O) be estimated by setting the probabilities of all basic events in the system to zero, including common cause and human error events. F(1) similarly can be estimated by setting all of the basic events unique to the system to one. In the calculation of F(1), it may be necessary to resolve the Boolean equations for the cut set in order to obtain an appropriate value for the RAW ratio.D-2 I APPENDIX E DEFINING SYSTEMS, TRAINS, AND EQUIPMENT GROUP CONFIGURATIONS AND DATA REPORTING FORMS Suggested Principles For identifying reportable systems, trains, and equipment groups within systems, it is suggested that licensees mark up simplified drawings.
An alternative notation is FV =
Only the configurations representing risk-significant safety functions need be included.
* qj/CDF with:
Separate diagrams may be needed to clearly define all reportable trains and equipment groups. In determining system boundaries, it is suggested that licensees include the active equipment that would be challenged by an actual demand to perform a risk-significant safety function.
* q, = the sum of all cut sets that contain failure modes in the system of interest, and CDF = the sum of all cut sets, i.e., the core damage frequency.
Passive components and check valves would also be included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures or unavailable hours. It is suggested that the system then be divided into trains (e.g., pump flow paths in fluid flow systems, individual diesel generators and their associated support subsystems).
The risk achievement worth ratio (ratio form of risk increase) is a relative measure. It provides an indication of the increase in CDF if a system is assumed to always fail. Its mathematical expression is:
It is suggested that equipment groups be defined as needed to indicate what compounds are involved in demands that challenge only part of a system. This will help to ensure that the data can be properly counted.
RAW = F(1) / F(x) of NRC Terminology and definitions are derived from NUREG/CR-1489, "A Review                 where (March   1994),   page   C-165, Staff Uses of Probabilistic Risk Assessment"                                          (or FV is discussed in terms of the fractional       contribution     of a   component Copies of NUREG/CR-1489   are available   for inspection     or   copying basic event).
In deciding whether a particular component should be considered as part of a front-line system or part of a support system, one should consider the following:
for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, 20555; DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC                     at telephone (202)634-3273; fax (202)634-3343.         Copies may   be   purchased Office,  P.O. Box  37082, current rates from the U.S. Government Printing                               National Washington, DC 20402-9328 (telephone (202)512-1800); or from the Road, Technical Information Service by writing NTIS       at 5285 Port   Royal Springfield, VA 22161.
If a support-system component is dedicated to support an individual train or component in a front-line system, the component should be treated the same as a component of the front-line train. (It need not be shown in the front-line system schematic diagram.)
D-1
If the component supports more than one train or system operation, it should be treated as part of the support system, even if the support system is not a reportable risk-significant system. Support systems include but are not limited to service water, component cooling, reactor building cooling, HVAC, alternating current power and direct current power systems. For the cooling water system, the components that provide the principal functional capability would include pumps, valves, and 'Simplified drawings for each plant are available in the NRC's Plant Information Book. These books are maintained in the NRC Operations Center for use in incident response.
 
Printed copies have been provided to each licensee.
I with F(1) =   minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to one The importance measures routinely calculated by PRA computer codes typically are applicable to individual components only. Importance measures individual components in a system are not necessarily additive       for total importance of the system. In order to compute system       to compute  the determining reportable systems under 10 CFR 50.76, it is     importances  for suggested that F(O) be estimated by setting the probabilities of all basic events zero, including common cause and human error events. F(1) in the system to estimated by setting all of the basic events unique to the similarly can be the calculation of F(1), it may be necessary to resolve the system to one. In for the cut set in order to obtain an appropriate value for Boolean equations the RAW ratio.
In addition, they are available electronically at the NRC's home page on the Internet (http://www.nrc.gov).
D-2
E-1 heat exchangers that provide a source of cooling water for individual component cooling water loops. The individual cooling water loops that are dedicated to one front-line train or equipment group would be treated as part of the front line system. These cooling water loops typically contain one or more valves and heat exchangers.
 
For electrical power systems, the components that provide the principal functional capability would include power sources (EGDs, batteries), output or feeder breakers, and busbars that connect the power supplies to load and distribution circuits.
APPENDIX E DEFINING SYSTEMS, TRAINS, AND EQUIPMENT GROUP CONFIGURATIONS AND DATA REPORTING FORMS Suggested Principles For identifying reportable systems, trains, and equipment groups within                       the systems, it is suggested that licensees mark up simplified drawings. Only              included.
Transformers may also be included if they are located between the main power supply busbars and the balance of the load distribution circuitry.
configurations representing risk-significant       safety     functions     need   be and Separate diagrams may be needed to clearly define all reportable trains equipment groups.
Load center circuit breakers and their relays that supply power to individual components in reportable systems would be reportable as if they were part of the component to which they supply power.E-2 I Example 1: Auxiliary Feedwater System Figure E-1 shows the PWR auxiliary feedwater system used in this example.
the In determining system boundaries, it is suggested that licensees include a active equipment that would be challenged by       an actual     demand   to perform would risk-significant safety function. Passive components and check valves               system    and also be included as needed to provide a reasonable         schematic     of the could    contribute    to  failures to allow identification of passive components that or unavailable hours.
pump flow It is suggested that the system then be divided into trains (e.g.,                 associated paths in fluid flow systems, individual diesel         generators     and their support subsystems).
It is suggested that equipment groups be defined as needed to indicate what               This compounds are involved in demands that challenge only part of a system.
will help to ensure that the data can be properly         counted.
a In deciding whether a particular component should be considered as part of front-line system or part of a support     system,   one   should   consider     the following:
If a support-system component is dedicated to support an individual train             the or component in a front-line system, the component should be treated same as a component of the front-line     train.     (It   need not   be   shown   in the front-line system schematic diagram.)
If the component supports more than one train or system operation, it should be treated as part of the support system, even if the support system is not a reportable risk-significant system.
Support   systems include but are not limited to service water, component cooling,   reactor building cooling, HVAC, alternating current power and direct current   power systems. For the cooling water system, the components that provide   the principal functional capability would include pumps, valves, and
    'Simplified drawings for each plant are available in the NRC's Plant Information Book. These books are maintained in the NRC Operations Center for use in incident response. Printed copies have been provided to each licensee. In addition, they are available electronically at the NRC's home page on the Internet (http://www.nrc.gov).
E-1
 
heat exchangers that provide a source of cooling water for individual component I cooling water loops. The individual cooling water loops that are dedicated one front-line train or equipment group would be treated as part of the frontto line system. These cooling water loops typically contain one or more valves and heat exchangers. For electrical power systems, the components that provide the principal functional capability would include power sources (EGDs, batteries), output or feeder breakers, and busbars that connect the power supplies to load and distribution circuits. Transformers may also be included if they are located between the main power supply busbars and the balance of the load distribution circuitry. Load center circuit breakers and their relays that supply power to individual components in reportable systems would be reportable as if they were part of the component to which they supply power.
E-2
 
Example 1:   Auxiliary Feedwater System Figure E-1 shows the PWR auxiliary feedwater system used in this example.
This figure includes those active components that must function in response to actual demands to perform risk-significant safety functions.
This figure includes those active components that must function in response to actual demands to perform risk-significant safety functions.
Passive components and check valves are included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures and/or unavailable hours. The components shown are the principal components of the system. Figure E-1.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and for cyclic tests that involve integrated actuation of the entire train. Note that the discharge valves that are shared by Trains A and B are included in both trains (i.e., Trains A and B overlap).
Passive components and check valves are included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures and/or unavailable hours.
Such overlap creates a potential for overcounting demands on the shared equipment.
The components shown are the principal components of the system.
This train overlap should be clearly indicated to allow for proper data accounting.
Figure E-1.1 shows Train A.
Train A is defined in terms of the components that are challenged by actual demands. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and for cyclic tests that involve integrated actuation of the entire train.
Note that the discharge valves that are shared by Trains A and B are included in both trains (i.e., Trains A and B overlap).     Such overlap creates a potential for overcounting demands on the shared equipment.
This train overlap should be clearly indicated to allow for proper data accounting.
While overlapping trains is an acceptable method of handling shared components, licensees have great flexibility in choosing another approach, such as arbitrarily assigning the shared valves only to Train A. In that case, the potential for undercounting demands on the shared valves would have to be addressed when the data are stored and disseminated.
While overlapping trains is an acceptable method of handling shared components, licensees have great flexibility in choosing another approach, such as arbitrarily assigning the shared valves only to Train A. In that case, the potential for undercounting demands on the shared valves would have to be addressed when the data are stored and disseminated.
Figure E-1.2 shows Train B. Principles similar to those for Train A were used for Train B. Figure E-1.3 shows Train C. Principles similar to those for Train A were used, except that the Train C suction and discharge valves are not shared with other trains. Figure E-1.4 shows components that are challenged by monthly mini-flow pump tests for each of the three trains. Figure E-1.5 shows the components that are challenged by quarterly valve stroke tests. Figure E-1.6 shows a report form that is acceptable to the NRC staff for reporting data on the auxiliary feedwater system.E-3 FIGURE E-1 PWR AUXILIARY FEEDWATER SYSTEM L1.TE~t 4,1tf L-o -c sr 4--m csr--4-To CST L S-3 ril Ll *1:z m FIGURE E-1.2 TRAIN B roc rS h9Roo csr-4-r6 csT r ,racsT MOP ^7-)"ROA? /4AMIAI (4-I,,
Figure E-1.2 shows Train B.
FIGURE E-1.3 TRAIN C ro cs r Steam to Turbine ji~a to _*STi 1Ro 0)w >
Principles similar to those for Train A were used for Train B.
FIGURE E-1.4 MINI-FLOW TESTS 7-0cr -C-5 r MAL4A/ Z!PAAI? WA flfA m L FIGURE E-1.5 QUARTERLY VALVE STROKE TESTS ro csr m Steam to TurbiTneS 7-o_-, c. s r A014 MAI -, C-rsE W,,1f.
Figure E-1.3 shows Train C.
FIGURE E-1.6 DATA REPORTING FORM FLUID SYSTEMS Plant/Unit:
Principles similar to those for Train A were used, except that the Train C suction and discharge valves are not shared with other trains.
System: _ Train/Equipment Group: Plant Operational State: _ Calendar Year: Date Submitted:
Figure E-1.4 shows components that are challenged by monthly mini-flow pump tests for each of the three trains.
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES' 2 Actual/Spurious Demands: Actual/Spurious Failures:
Figure E-1.5 shows the components that are challenged by quarterly valve stroke tests.
Miniflow Tests: Miniflow Test Failures:
Figure E-1.6 shows a report form that is acceptable to the NRC staff for reporting data on the auxiliary feedwater system.
VAlve Stroke Tests: Valve Stroke Failures:
E-3
Cycle Tests: Cycle Test Failures: OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: Operating Hours: Failures: TRAIN UNAVAILABILITY 2 Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: Report the number of each type of demand during the quarter and the number of failures of principal components that occurred during each type of demand during the quarter.
 
FIGURE E-1 PWR AUXILIARY FEEDWATER SYSTEM
      -o -csr      4--
              - m   csr To CST L1.TE~t    4,1tf L                                                         L
 
S-3 ril Ll
*1
:z m
 
FIGURE E-1.2 TRAIN B roc   rS h9Roo           csr r6 csT r I,,
            ,racsT MOP ^7-
                )"ROA? /4AMIAI 4-                                       (
 
FIGURE E-1.3 TRAIN C ro cs r Steam to ji~a   to Turbine
_STi 1Ro 0)w >
 
FIGURE E-1.4 MINI-FLOW TESTS 7-0cr m
    -C-5 r MAL4A/
Z!PAAI? WA flfA L
 
FIGURE E-1.5 QUARTERLY VALVE STROKE TESTS ro csr m
Steam to TurbiTneS 7-o_-,c. s r
* A014   MAI   -,
C-rsE W,,1f.
 
FIGURE E-1.6 DATA REPORTING FORM FLUID SYSTEMS Plant/Unit:                             System:   _                   Train/Equipment Group:
Plant Operational State:                       Calendar Year:
Date Submitted:
Quarter 1           Quarter 2       Quarter 3           Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES'                 2 Actual/Spurious Demands:
Actual/Spurious Failures:
Miniflow Tests:
Miniflow Test Failures:
VAlve Stroke Tests:
Valve Stroke Failures:
Cycle Tests:
Cycle Test Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs:                                                                                                 I Operating Hours:
Failures:
TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:
Unplanned Unavailable Hours:
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System:
Planned   Hours:
Unplanned Hours:
Support System:
Planned   Hours:
Unplanned Hours:
Report the number of each type of demand during the quarter and the number of failures of principal components that occurred during each type of demand during the quarter.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
E-1O I Example 2: High-Pressure Safety Injection System Figure E-2 shows the high-pressure safety injection system used in this example.
E-1O
Principles similar to those discussed in the first example were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function.
 
The components shown are the principal components of the system. Figure E-2.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands for safety injection.
Example 2:   High-Pressure Safety Injection System Figure E-2 shows the high-pressure safety injection system used in this example.
In addition, the same components would be actuated for spurious demands that closely simulate actual demands.
Principles similar to those discussed in the first example were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.
Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function.
Figure E-2.1 shows Train A.
Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train. Figure E-2.2 shows Train B and Equipment Group I-B. Principles similar to those for Train A were used for Train B. Figure E-2.3 shows Train C and Equipment Group 1-C. Principles similar to those for Train A were used. Figure E-2.4 shows the components challenged by monthly mini-flow tests for each of the three trains. Figure E-2.5 shows the components challenged by valve stroke tests. As noted on the drawing, some valves are stroke tested quarterly and other valves are stroke tested each refueling cycle. The quarterly and refueling cycle valve stroke tests would be reported separately, not added together.
Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands.
Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the high-pressure safety injection system.E-11 FIGURE E-2 PWR HIGH PRESSURE SAFETY INJECTION SYSTEM vi SAFETY INJECTION ANO REFUELINO WATER STORAGE TANW FROM SHUTDOWN -**7-' HAT EXCHANGER  
Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.
.'" V2 m TO LOOP i8 TO LOOP 1A "TO LOOP 28 TO LOOP 2A I Xi>-n -I r\)
Figure E-2.2 shows Train B and Equipment Group I-B.
FIGURE E-2.2 TRAIN B PUMP B SAFETY INIBMW mANDREFUELNC WATER sTORtAGE TANK L 3 dMd LO LU 3-,fAl= MLVM DNrmflmaNv NOUDWMAIMM 0 NIVdl C*ý-3 3dngij FIGURE E-2.4 MINI-FLOW TESTS MINI-FLOW PUMP TEST, PUMP B PUMP B SAFETY INJECTION AND REFUELING WATER STORAGE TANK MINI-FLOW PUMP TEST, PUMP A SAFETY INJECTION AND REFUELING WATER STORAGE TANK PUMP A MINI-FLOW PUMP TEST, PUMP C SAFETY INJECTION AND REFUELING WATER STORAGE TANK PUMP C E-16 L FIGURE E-2.5 VALVE STROKE TESTS FROM SUMP FROM SHUTDOWN HEAT EXCHANC TRAIN B PUMP A TRAIN A-I NOTE: (1) VALVES ENCIRCLED BY DASHED LINES BELONG TO EQUIPMENT GROUP 3-, REFUELING CYCLE STROKE TESTING.
Principles similar to those for Train A were used for Train B.
(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY STROKE TESTING.FROM SHUTDOWN A m B Example 3: PWR Residual Heat Removal System Figure E-3 shows the PWR Residual Heat Removal System example.
Figure E-2.3 shows Train C and Equipment Group 1-C.
Principles similar to those discussed in Example 1 were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function.
Principles similar to those for Train A were used.
The components shown are the principal components of the system. Figure E-3.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands for safety injection.
Figure E-2.4 shows the components challenged by monthly mini-flow tests for each of the three trains.
In addition, the same components would be actuated for spurious demands that closely simulate actual demands and cyclic tests that involve integrated actuation of the entire train. Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function.
Figure E-2.5 shows the components challenged by valve stroke tests.
Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train. Figure E-3.2 shows Train B and Equipment Group 1-B. Principles similar to those discussed in Example I were used. Figure E-3.3 shows the components challenged by monthly mini-flow tests for each of the two trains. Figure E-3.4 shows the components challenged by valve stroke tests. As noted on the drawing, some valves are stroke tested quarterly and other values are stroke tested on a refueling cycle basis. The quarterly and refueling cycle tests would be reported separately, not added together.
As noted on the drawing, some valves are stroke tested quarterly and other valves are stroke tested each refueling cycle. The quarterly and refueling cycle valve stroke tests would be reported separately, not added together.
Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the residual heat removal system.E-18 FIGURE E-3 PWR RESIDUAL HEAT REMOVAL SYSTEM MINIFLOW RH-Pump A EFG-5 RI-IR-IAX A Component Cooling Water To SI Pumps To Charging Pumps To Aux CS Nozzles To Loop I Cold leg To Loop 2 Cold leg To Loop 2 H,,t leg To Loop 3 Hot leg To Loop 3 Cold leg To Loop 4 Cold leg To SI Pumps Co"ta inment To Charging Pumps To Spent Fuel Pool Makeup V6 m I.To CS Pump I A From Hot Leg Loop 3 RCS-XXX V1 V2 FIGURE E-3.1 TRAIN A Rzdueing Water StMWgeTank R) RH R-HX A RH-Pump A onC x t-i C (4Itlng To' LAnop ColId leg~To Loop 3 C old leg FIGURE E-3.2 TRAIN B Skwaw.Tmnk RHR-HX B To L~oop I Cold k-&-To Loosp 3 Cold lwg To LAop 4 Cold lvg Water FIGURE E-3.3 MINI-FLOW TESTS TRAIN A MINIF.OW RH-Pump A EFG-5 TRAIN B RH-Pump B E-22 FIGURE E-3.4 VALVE STROKE TESTS To SI Pumps To Charging Pumps To Aux CS Nozzles.. ._4 _1 TO To CS Pump IA , To Loop 1 Sl Pumps MINIFLOW RHRX A I Cold leg Cold leg I*1I : E ,IRH-Pump A E k I ;
Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the high-pressure safety injection system.
mn EI Water To Loop 2 I~o [ I ...........  
E-11
,,i Aote Hot leg RCS-XX V3Vjo opý - 01 V2I FHot leg From Hot RCS.XXX Leg Loop3 HR-3X B ......___.... To Loop3 Cold leg RH-Pump B Component Cooling To Aux To Loop4 E-Water CS Nozzles Cold leg .... To'Iw,,c~o.
 
S........  
FIGURE E-2 PWR HIGH PRESSURE SAFETY INJECTION SYSTEM vi TO LOOP i8 m
.To CS Pump I B 3 To S1 Pumps \ .'S mII NOTE: (1) VALVES ENCLOSED IN DASHED LINES BELONG TO EQUIPMENT GROUP 3-1, REFUELING CYCLE STROKE TESTS. (2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY VALVE STROKE TESTS.To Chaering Pumps To Spent Fuel pool Makeup V6/
TO LOOP 1A SAFETY INJECTION ANO REFUELINO WATER STORAGE TANW "TO LOOP 28 TO LOOP 2A FROM SHUTDOWN -**7-'
Example 4: Emergency ac Power System Figure E-4 shows the emergency ac power system example.
HAT EXCHANGER .'"   V2 I
Only one train is shown; the other trains are essentially identical.
 
The principal components of this system are the diesel and its generator with their associated support subsystems, the output breaker, the 4160v bus, the load sequencer, and the load shed logic relay groups. There are four types of demands for this system. 1. Actual/Spurious Demands with Automatic Loading These actuations involve an ESF or undervoltage initiation signal that results (or should result) in an emergency diesel generator automatic start, load shedding, and sequencing of one or more ESF loads. The principal components are all of the principal components of the train. 2. Actual/Spurious Demands Without Automatic Loading These actuations involve ESF or other actuations that result (or should result) in an emergency diesel generator start (automatic or manual) but do not involve load shedding or sequencing.
Xi>
The load may be shed manually or added to the bus. The principal component is the emergency diesel generator including its support subsystems.
    -I
: 3. Refueling Surveillance Tests These tests are normally run during each refueling cycle. They normally involve the simulation of a loss of offsite power with an ESF actuation signal and include an automatic start of the emergency diesel generator, closure of the output breaker, and load sequencing.
      -n r\)
The test may be run for an extended period (8-24 hours) or a separate run test may be conducted.
 
Each test that involves start and loading of the diesel generator should be counted as a demand. All the principal components of the train are included.
FIGURE E-2.2 TRAIN B PUMP B SAFETY INIBMW mANDREFUELNC WATER sTORtAGE TANK L
 
3 dMd LO 3-,fAl= MLVM DNrmflmaNv   LU NOUDWMAIMM 0 NIVdl C*ý-3 3dngij
 
FIGURE E-2.4 MINI-FLOW TESTS MINI-FLOW PUMP TEST, PUMP B PUMP B SAFETY INJECTION AND REFUELING WATER STORAGE TANK MINI-FLOW PUMP TEST, PUMP A SAFETY INJECTION AND REFUELING WATER STORAGE TANK L
PUMP A MINI-FLOW PUMP TEST, PUMP C SAFETY INJECTION AND REFUELING WATER STORAGE                                   PUMP C TANK E-16
 
FIGURE E-2.5 VALVE STROKE TESTS FROM                                    TRAIN B SHUTDOWN A
m FROM SUMP FROM                                 PUMP A SHUTDOWN HEAT EXCHANC                                     TRAIN A B
                                                                                                  -I NOTE:   (1) VALVES ENCIRCLED BY DASHED LINES BELONG TO EQUIPMENT GROUP 3-,
REFUELING CYCLE STROKE TESTING.
(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY STROKE TESTING.
 
Example 3:   PWR Residual Heat Removal System Figure E-3 shows the PWR Residual Heat Removal System example.
Principles similar to those discussed in Example 1 were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.
Figure E-3.1 shows Train A.
Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and cyclic tests that involve integrated actuation of the entire train.
Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.
Figure E-3.2 shows Train B and Equipment Group 1-B.
Principles similar to those discussed in Example I were used.
Figure E-3.3 shows the components challenged by monthly mini-flow tests for each of the two trains.
Figure E-3.4 shows the components challenged by valve stroke tests.
As noted on the drawing, some valves are stroke tested quarterly and other values are stroke tested on a refueling cycle basis. The quarterly and refueling cycle tests would be reported separately, not added together.
Figure E-1.6 shows a report form that could be modified to show the types valve stroke tests for reporting data on the residual heat removal system. of E-18
 
FIGURE E-3 PWR RESIDUAL HEAT REMOVAL SYSTEM V6 To Charging Pumps                                                                                 To SI Pumps To Spent Fuel                                                                    To Pumps Charging Pool Makeup To CS Aux Nozzles To CS Pump I A To    leg I Loop Cold MINIFLOW RI-IR-IAX A To Loop 2 Cold leg RH-Pump A EFG-5 m
I.                                                                                                                      To Loop 2 V1                                                        H,,t leg To Loop 3 Hot leg From Hot  RCS-XXX V2 Leg Loop 3                                                                                                          To Loop 3 Cold leg To Loop 4 Component WaterCooling                                  Cold leg To SI Pumps Co"ta inment
 
FIGURE E-3.1 TRAIN A Rzdueing Water StMWgeTank To' LAnop ColId leg~
R)                                     RH R-HX A RH-Pump A onC x t-i C(4Itlng To Loop 3 Cold leg 6
 
FIGURE E-3.2 TRAIN B Skwaw.Tmnk To L~oop I Cold k-&-
RHR-HX B To Loosp 3 Cold lwg To LAop 4 Water      Cold lvg
 
FIGURE E-3.3 MINI-FLOW TESTS TRAIN A MINIF.OW RH-Pump A EFG-5 TRAIN B RH-Pump B E-22
 
                                                                                  /
FIGURE E-3.4 VALVE STROKE TESTS V6 To Chaering                                                                                                  To SI Pumps Pumps To Spent Fuel                                                                                            To Charging pool Makeup                                                                                                  Pumps To Aux CS Nozzles
                            .. ._4     _1 Sl TOPumps                      To CS Pump IA       MINIFLOW     RHRX A                                 I
* Cold
                                                                                                                                                          , To    leg1 Loop Cold leg I*1I                 :kE*, I          ; *ComponentCooling
                                                                ,IRH-Pump A E mn I~o               [             I EI
                                            ...........       ,,i                               Aote Water                                  *-      To Loop 2 Hot leg RCS-XX                                                                                                   V3Vjo                                     opý
                                                    --    0-       01                       V2I FHot       HR-3X B                                                leg From Hot       RCS.XXX                                                                                                                   ___.... To Loop3 Leg Loop3                                              ......
Cold leg MINIFLOW*
RH-Pump B                   Component Cooling     To Aux                           To Loop4
                                                  .... .           To'Iw,,c~o.
E-Water To CS Pump I B CS Nozzles                        Cold leg S........
3            To S1 Pumps
                                                                      .'S
                                                                      \ mII         NOTE: (1) VALVES ENCLOSED IN DASHED LINES BELONG TO EQUIPMENT GROUP 3-1,     REFUELING CYCLE STROKE TESTS.
(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2,     QUARTERLY VALVE STROKE TESTS.
 
Example 4:   Emergency ac Power System Figure E-4 shows the emergency ac power system example.
Only one train is shown; the other trains are essentially identical. The principal components of this system are the diesel and its generator with their associated support subsystems, the output breaker, the 4160v bus, the load sequencer, and the load shed logic relay groups. There are four types of demands for this system.
: 1. Actual/Spurious Demands with Automatic Loading These actuations involve an ESF or undervoltage initiation signal that results (or should result) in an emergency diesel generator automatic start, load shedding, and sequencing of one or more ESF loads. The principal components are all of the principal components of the train.
: 2. Actual/Spurious Demands Without Automatic Loading These actuations involve ESF or other actuations that result (or should result) in an emergency diesel generator start (automatic or manual) but do not involve load shedding or sequencing. The load may be shed manually or added to the bus. The principal component is the emergency diesel generator including its support subsystems.
: 3.     Refueling Surveillance Tests These tests are normally run during each refueling cycle. They normally involve the simulation of a loss of offsite power with an ESF actuation signal and include an automatic start of the emergency diesel generator, closure of the output breaker, and load sequencing. The test may be run for an extended period (8-24 hours) or a separate run test may be conducted. Each test that involves start and loading of the diesel generator should be counted as a demand. All the principal components of the train are included.
: 4. Periodic Surveillance Tests These tests are normally run monthly. They involve an automatic start of the emergency diesel generator with manual or automatic syncronization to a power bus. The principal component for this test is the emergency diesel generator and its support subsystems.
: 4. Periodic Surveillance Tests These tests are normally run monthly. They involve an automatic start of the emergency diesel generator with manual or automatic syncronization to a power bus. The principal component for this test is the emergency diesel generator and its support subsystems.
Loaded runs in excess of one hour for any of the demand types are also reported under the heading uOperating Reliability Data." Figure E-4.1 shows a report form for reporting data on the emergency ac power system.E-24 FIGURE E-4 EXAMPLE EMERGENCY ac POWER SYSTEM TRAIN A (TRAIN B IDENTICAL)
Loaded runs in excess of one hour for any of the demand types are also reported under the heading uOperating Reliability Data."
Fuel Oil JacketEngine Driven (51 Radiator Lube Oil Circulation Starting Air Branches to lower & upper starting motors Note: Jacket Water Pumps are an integral part of Diesel Engine Air Receivers FIGURE E-4.1 DATA REPORTING FORM EMERGENCY ELECTRIC POWER Plant/Unit:
Figure E-4.1 shows a report form for reporting data on the emergency ac power system.
System: Train: Plant Operational State: Calendar Year: Date Submitted:
E-24
Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED FAILURES*
 
FIGURE E-4 EXAMPLE EMERGENCY ac POWER SYSTEM TRAIN A (TRAIN B IDENTICAL)
Fuel Oil Driven JacketEngine (51 Radiator Lube Oil Circulation Starting Air Branches lower      to
                                                                  & upper starting motors Note: Jacket Water Pumps are an integral part of Diesel Engine Air Receivers
 
FIGURE E-4.1 DATA REPORTING FORM EMERGENCY ELECTRIC POWER Plant/Unit:               System:                 Train:
Plant Operational State:           Calendar Year:             Date Submitted:
Quarter I       Quarter 2     Quarter 3         Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED FAILURES*
Actual/Spurious Demands wlAutoload:
Actual/Spurious Demands wlAutoload:
Actual/Spurious w/Autoload Failures:
Actual/Spurious w/Autoload Failures:
Actual/Spurious Demands w/o Autoload:
Actual/Spurious Demands w/o Autoload:
Actual/Spurious w/o Autoload Failures:
Actual/Spurious w/o Autoload Failures:
Refueling Surveillance Tests: Refueling Surveillance Failures:
Refueling Surveillance Tests:
Periodic Surveillance Tests: Periodic Surveillance Failures:
Refueling Surveillance Failures:
Periodic Surveillance Tests:
Periodic Surveillance Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)
Number of Applicable Runs: Operating Hours: Failures:
Number of Applicable Runs:
Operating Hours:
Failures:
TRAIN UNAVAILABILITY*
TRAIN UNAVAILABILITY*
Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY*
Planned Unavailable Hours:
Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: Attach is a component failure report for each failure associated with demands, operating reliability or unavailability.
Unplanned Unavailable Hours:
E-26 Example 5: PWR Reactor Protection System Figure E-5 shows the PWR Reactor Protection System; this example has two subsystems.
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY*
The first consists of equipment in the reactortrip system (RTS). The second consists of equipment specific to the diverse scram system (DSS). The reportable equipment groups for the RTS are: The four K-relays (i.e., K-i, K-2, K-3, and K-4) that provide output actuation from the reactor trip logic matrices.
Support System:
Control rods and their trip coils. The eight reactor trip circuit breakers, including their shunt-trip and undervoltage trip devices.
Planned Hours:
Unplanned Hours:
Support System:
Planned Hours:
Unplanned Hours:
Attach is a component failure report for each failure associated with demands, operating reliability or unavailability.
E-26
 
Example 5:     PWR Reactor Protection System Figure E-5 shows the PWR Reactor Protection System; this example has two subsystems.
The first consists of equipment in the reactortrip system (RTS).
The second consists of equipment specific to the diverse scram system (DSS).
The reportable equipment groups for the RTS are:
The four K-relays (i.e., K-i, K-2, K-3, and K-4) that provide output actuation from the reactor trip logic matrices.
Control rods and their trip coils.
The eight reactor trip circuit breakers, including their shunt-trip and undervoltage trip devices.
The principal components are the individual k-relays, control rods and their trip coils, reactor trip circuit breakers, shunt-trip devices, and undervoltage trip devices.
The principal components are the individual k-relays, control rods and their trip coils, reactor trip circuit breakers, shunt-trip devices, and undervoltage trip devices.
The reportable equipment group of the DSS includes the two 480v MG set load contactors used for a diverse scram. These are also the principal components.
The reportable equipment group of the DSS includes the two 480v MG set load contactors used for a diverse scram. These are also the principal components.
Figure 5-1 shows the suggested form for reporting data on the PWR reactor protection systems. It is assumed that since the diverse scram system only responds to high pressurizer pressure, actual or spurious demands for the diverse scram system are rare. Thus, such demands have not been included on the example data sheet for this system. However, if a licensee decides to report this type of demand, it can be done by adding two lines to the data sheet. All actual and spurious demands of the RTS that result in or should result in reactor trip with rod motion are reportable as a system demand. Quarterly functional tests include individual tests of the instrument channels that should result in k-relay actuation and reactor trip circuit breaker tests. Each such series of tests that results in or should result in actuation of the k-relays and the eight trip circuit breakers should be reported as a single demand. Refueling cycle functional tests include tests of the four k-relays and the eight reactor trip circuit breakers.
Figure 5-1 shows the suggested form for reporting data on the PWR reactor protection systems. It is assumed that since the diverse scram system only responds to high pressurizer pressure, actual or spurious demands for the diverse scram system are rare. Thus, such demands have not been included on the example data sheet for this system. However, if a licensee decides to report this type of demand, it can be done by adding two lines to the data sheet. All actual and spurious demands of the RTS that result in or should result in reactor trip with rod motion are reportable as a system demand.
In addition, they include individual tests of the undervoltage trip devices and the shunt trip devices for each circuit breaker. They also include control rod insertion tests. Each series of refueling cycle tests that results in individual actuation of the principal components should be reported as a single demand. A failure record should be provided for failure of any principal component.
Quarterly functional tests include individual tests of the instrument channels that should result in k-relay actuation and reactor trip circuit breaker tests.
Individual sensor and logic relay failures are not reportable unless they result in failure of a k-relay to change state. Unavailable time is not reported for the RTS. The diverse scram system is periodically tested while the reactor is at power. Each series of periodic tests that should result in actuation of a principal E-27 component (i.e., a load contactor) should be reported as a single demand for the diverse scram system. A failure record should be provided for any associated failure of a principal component.
Each such series of tests that results in or should result in actuation of the k-relays and the eight trip circuit breakers should be reported as a single demand. Refueling cycle functional tests include tests of the four k-relays and the eight reactor trip circuit breakers. In addition, they include individual tests of the undervoltage trip devices and the shunt trip devices for each circuit breaker. They also include control rod insertion tests. Each series of refueling cycle tests that results in individual actuation of the principal components should be reported as a single demand. A failure record should be provided for failure of any principal component.     Individual sensor and logic relay failures are not reportable unless they result in failure of a k-relay to change state. Unavailable time is not reported for the RTS.
Unavailable hours are reported separately from demand and failure counts.E-28 ko FIGURE E-5.1 DATA REPORTING FORM PWR REACTOR PROTECTION SYSTEM Plant/Unit:
The diverse scram system is periodically tested while the reactor is at power.
System: Plant Operational State: Calendar Year: Date Submitted:
Each series of periodic tests that should result in actuation of a principal E-27
Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: RTS REPORTABLE DEMANDS AND ASSOCIATED FAILURES*Actual/Spurious Demands: Actual/Spurious Demands Failures:
 
Quarterly Channel Functional Tests: Quarterly Functional Test Failures:
component (i.e., a load contactor) should be reported as a single demand for the diverse scram system. A failure record should be provided for any associated failure of a principal component. Unavailable hours are reported separately from demand and failure counts.
Refueling Cycle Functional Tests: Refueling Cycle Test Failures: DIVERSE SCRAM SYSTEM REPORTABLE DEMANDS AND ASSOCIATED FAILURES Diverse Scram System Tests: Diverse Scram Test Failures:
E-28
DIVERSE SCRAM SYSTEM UNAVAILABILITY DATA* Planned Unavailable Hours: Unplanned Unavailable Hours: Support System: Planned Hours: Unplanned Hours:.Attach a component failure report for each principal component failure associated with demands or unavailability.
 
E-30-1 ---
ko FIGURE E-5.1 DATA REPORTING FORM PWR REACTOR PROTECTION SYSTEM Plant/Unit:                 System:
Example 6: BWR Reactor Trip System and Alternative Rod Injection Figure E-6 shows the BWR Reactor Trip System and Alternative Rod Injection system. For the purpose of this discussion, there are two groups:
Plant Operational State:           Calendar Year:       Date Submitted:
Quarter I     Quarter 2         Quarter 3     Quarter 4 Reactor Hours in State:
RTS REPORTABLE DEMANDS AND ASSOCIATED FAILURES*
Actual/Spurious Demands:
Actual/Spurious Demands Failures:
Quarterly Channel Functional Tests:
Quarterly Functional Test Failures:
Refueling Cycle Functional Tests:
Refueling Cycle Test Failures:
DIVERSE SCRAM SYSTEM REPORTABLE DEMANDS AND ASSOCIATED FAILURES Diverse Scram System Tests:
Diverse Scram Test Failures:
DIVERSE SCRAM SYSTEM UNAVAILABILITY DATA*
Planned Unavailable Hours:
Unplanned Unavailable Hours:
Support System:
Planned Hours:
Unplanned Hours:
  . Attach a component failure report for each principal component failure associated with demands or unavailability.
E-30
 
Example 6:     BWR Reactor Trip System and Alternative Rod Injection Figure E-6 shows the BWR Reactor Trip System and Alternative Rod Injection system. For the purpose of this discussion, there are two groups:
* The first equipment group consists of equipment in the reactor trip system (RTS).
* The first equipment group consists of equipment in the reactor trip system (RTS).
* The second equipment group consists of equipment specific to the Alternate Rod Insertion (ARI) system. The reportable equipment groups for the RTS are:
* The second equipment group consists of equipment specific to the Alternate Rod Insertion (ARI) system.
* The A, B, C, and D actuation channels, through each channel's actuation (output) relay. The backup scram solenoid valves. The Hydraulic Control Units (HCUs) and their control rods. The principal components are the trip channel actuation relays, backup scram solenoid valves, and the HCUs and their control rods. The reportable equipment groups for the ARI are:
The reportable equipment groups for the RTS are:
* Individual ARI actuation channels, including each channel's actuation relay. The ARI scram solenoid valves. The principal components are the trip actuation relays and the scram solenoid valves. Actual and spurious demands for the RTS and ARI equipment groups should be summed and reported on the Data Reporting Form (Figure E-6.1). A failure record should be provided for failure of any principal component.
* The A, B, C, and D actuation channels, through each channel's actuation (output) relay.
Individual sensor and logic relay failures are not reportable unless they result in failure of the actuation channel relay to change state. Also reportable are the number of test demands required by technical specifications.
The backup scram solenoid valves.
Tests that individually challenge all actuation channels, one at a time, should be reported as a single test demand for the actuation channel equipment group. Tests that individually challenge both of the backup scram solenoid valves should be reported as a single test demand for that equipment group. The refueling tests of the HCUs, which typically challenge only one quarter of the HCUs during one refueling outage, should be reported as a single partial (1/4) test demand. Reporting of unavailable time is not required for RTS equipment groups but should be reported for ARI.E-31 FIGURE E-6 BWR REACTOR PROTECTION SYSTEM RPS 'A' Normal Supply 480 VAC RPS "8 Spply 480VAC MCC 1 133 48DVAC M M From BPS Bus"B° 120 VA RIOS But 'A'"P m'8 2 A RPS Channel A A . Trip Logic C C DTi oi To HCU Solenoid Valves RPS Chan Trip Logc Conac A (K 14's) Aux. A ux Rea V SRelay ' (Tyaical a) 125 VDC M Relay1A K221B SInstrument Air ha 4 S Tupplypfty (2) DScaan b0 ValvesOK ,,'1K Instrumen(Sr leVolv Instrumnt Airo" Vae NetinScr-.
The Hydraulic Control Units (HCUs)   and their control rods.
V" oumulior FIGURE E-6.1 DATA REPORTING FORM BWR REACTOR PROTECTION SYSTEM (RTS) Plant/Unit:
The principal components are the trip channel actuation relays, backup scram solenoid valves, and the HCUs and their control rods.
System: Plant Operational State: Calendar Year: Date Submitted:
The reportable equipment groups for the ARI are:
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: RTS DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demand: Actual/Spurious Failures:
* Individual ARI actuation channels,   including each channel's actuation relay.
Act. Channel Test Demands: Act. Channel Test Failures:
The ARI scram solenoid valves.
Partial (114) HCU Test Demands: Partial (1/4) HCU Test Failures:
The principal components are the trip actuation relays and the scram solenoid valves.
Backup Scram Sol. Valve Tests: Backup Scram Sol. Valve Failures: ARI DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demands: Actual/Spurious Failures:
Actual and spurious demands for the RTS and ARI equipment groups should be summed and reported on the Data Reporting Form (Figure E-6.1). A failure record should be provided for failure of any principal component.       Individual sensor and logic relay failures are not reportable unless     they result in failure of the actuation channel relay to change     state. Also reportable are the number of test demands required by technical     specifications. Tests that individually challenge all actuation channels, one at a time, should be reported as a single test demand for the actuation channel equipment group.
Channel Test Demands: Channel Test Failures:
Tests that individually challenge both of the backup scram solenoid valves should be reported as a single test demand for that equipment group. The refueling tests of the HCUs, which typically challenge only one quarter of the HCUs during one refueling outage, should be reported as a single partial (1/4) test demand.
ARI Scram Pilot Air Header Valve Tests: ARI Scram Pilot Air Header Failures: ARI EQUIPMENT GROUP UNAVAILABILITY DATA Planned Unavailable Hours: Unplanned Unavailable Hours: ARI EQUIPMENT GROUP UNAVAILABILITY DUE TO SUPPORT SYSTEM UNAVAILABILITY Support System: Planned Unavailable Hours: Unplanned Unavailable Hours: Support System: Planned Hours: Unplanned Hours: E-33 DATA REPORTING FORM FOR OTHER REPORTABLE SYSTEMS Figure E-7 provides a suggested general reporting form for reporting data for other systems that may be determined to be reportable under the guidance in Regulatory Position 1.2. The form is the same as the forms for the fluid, emergency power, and reactor protection systems except for the section on "Train Demands and Associated Failures." This section should be modified as appropriate for the reportable system and the plant's own testing regime. The first column in this section would list each type of demand (actual, spurious, and each type of test such as quarterly tests, mini-flow tests, refueling cycle tests, or other, as appropriate) for the reportable system. As discussed in Regulatory Position 1.3, each of these demands should define the boundaries of trains and equipment groups within the systems so that the boundaries include the equipment actuated by that type of demand to perform a safety function.
Reporting of unavailable time is not required for RTS equipment groups but should be reported for ARI.
Simplified system diagrams should be provided to indicate the equipment involved in each type of actuation.
E-31
For each type of demand, include two lines or rows -- one to report the number of demands and the other to report the number of failures associated with that type of demand during each of the four quarters.E-34 FIGURE E-7 DATA REPORTING FORM OTHER REPORTABLE SYSTEMS Plant/Unit:
 
System: Train/Equipment Group: Plant Operational State: Calendar Year: Date Submitted:
FIGURE E-6 BWR REACTOR PROTECTION SYSTEM RPS 'A' Normal Supply                                 480 VAC               RPS "8 Noi*"Spply 480VAC                                         MCC 1133                      48DVAC M                                                   M From BPS Bus"B°                                                           120 VA           RIOSBut 'A'"P                                               m'8                 2 A RPS Channel   A                     A.
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES" 2 Types of Demands Actual/Spuri ous Demands: Actual/Spuri ous Fail ures: Demands: Failures:
Trip Logic C               C                               DTi               oi To HCU Solenoid Valves RPS Chan       Trip Logc Conac       A (K 14's)                         Aux.                 A uxRea      V SRelay               '               (Tyaical     a) 125 VDC M                         Au*.ay Relay1A                                                                             K221B SInstrument Air ha 4                               S                                                                       Tupplypfty (2)
Demands: Failures: OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: Operating Hours: Failures:
                                                ,,'1K                                                         b0 ValvesOK Instrumen(Sr         leVolv DScaan Instrumnt                                                                     Airo"                                                       Vae NetinScr-.
TRAIN UNAVAILABILITY 2 Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: SReport the number for each type of demand during the quarter and the number of failures of principal components associated with those types of demands during the quarter.
V"     oumulior
 
FIGURE E-6.1 DATA REPORTING FORM BWR REACTOR PROTECTION SYSTEM (RTS)
Plant/Unit:             System:
Plant Operational State:       Calendar Year:     Date Submitted:
Quarter 1     Quarter 2     Quarter 3 Quarter 4 Reactor Hours in State:
RTS DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demand:
Actual/Spurious Failures:
Act. Channel Test Demands:
Act. Channel Test Failures:
Partial (114) HCU Test Demands:
Partial (1/4) HCU Test Failures:
Backup Scram Sol. Valve Tests:
Backup Scram Sol. Valve Failures:
ARI DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demands:
Actual/Spurious Failures:
Channel Test Demands:
Channel Test Failures:
ARI Scram Pilot Air Header Valve Tests:
ARI Scram Pilot Air Header Failures:
ARI EQUIPMENT GROUP UNAVAILABILITY DATA Planned Unavailable Hours:
Unplanned Unavailable Hours:
ARI EQUIPMENT GROUP UNAVAILABILITY DUE TO SUPPORT SYSTEM UNAVAILABILITY Support System:
Planned Unavailable Hours:
Unplanned Unavailable Hours:
Support System:
Planned Hours:
Unplanned Hours:
E-33
 
DATA REPORTING FORM FOR OTHER REPORTABLE SYSTEMS Figure E-7 provides a suggested general reporting form for reporting data for other systems that may be determined to be reportable under the guidance in Regulatory Position 1.2.
The form is the same as the forms for the fluid, emergency power, and reactor protection systems except for the section on "Train Demands and Associated Failures." This section should be modified as appropriate for the reportable system and the plant's own testing regime. The first column in this section would list each type of demand (actual, spurious, and each type of test such as quarterly tests, mini-flow tests, refueling cycle tests, or other, as appropriate) for the reportable system. As discussed in Regulatory Position 1.3, each of these demands should define the boundaries of trains and equipment groups within the systems so that the boundaries include the equipment actuated by that type of demand to perform a safety function. Simplified system diagrams should be provided to indicate the equipment involved in each type of actuation. For each type of demand, include two lines or rows -- one to report the number of demands and the other to report the number of failures associated with that type of demand during each of the four quarters.
E-34
 
FIGURE E-7 DATA REPORTING FORM OTHER REPORTABLE SYSTEMS Plant/Unit:                               System:                       Train/Equipment Group:
Plant Operational State:                         Calendar Year:                       Date Submitted:
Quarter 1         Quarter 2       Quarter 3           Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES"                 2 Types of Demands Actual/Spuri ous Demands:
Actual/Spuri ous Fail ures:
Demands:
Failures:
Demands:
Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)                 2 Number of Applicable Runs:
Operating Hours:
Failures:
TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:
Unplanned Unavailable Hours:
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY2 Support System:
Planned Hours:
Unplanned Hours:
Support System:
Planned Hours:
Unplanned Hours:
the number for each type of demand during the quarter and the number ofSReport failures of principal components associated with those types of demands during the quarter.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
E-35 CONCURRENT UNAVAILABLE HOURS _ As stated in Regulatory Position 8, concurrent unavailable hours are reportable when two or more reportable systems, trains, or equipment group are unavailable at the same time during a reportable plant operational mode. Figure E-8 provides a suggested form for reporting concurrent unavailable hours. System, train, and equipment group designations should match the nomenclature used to identify them in system diagrams and data sheets (see Figures E-1 through E-6). The concurrent unavailable hours should be designated by plant mode as defined in Regulatory Position 2. The example in Figure E-8 is for a PWR with systems diagrams shown in Figures E-1 to E-4.2. E-36 FIGURE E-8 DATA REPORTING FORM CONCURRENT UNAVAILABILITY Plant/Unit:
E-35
Calendar Year: Date Submitted:
 
Quarter 1 Quarter 2 Quarter 3 Quarter 4 HOURS OF CONCURRENT UNAVAILABILITY/OPERATING STATE (System, train, equipment group)Exampl e AFW-A EDG-B AFW-A EDG-B HPSI-A EDG-A HPSI-B 6.5 hrs State 1 1.5 hrs State 1 2.0 hrs State 1 E-37 APPENDIX F COMPONENT FAILURE RECORDS A component failure report should be submitted for each reportable failure.
CONCURRENT UNAVAILABLE HOURS                         _
The table below lists the information that should be supplied in each component failure report.REPORT FIELD Plant name INFORMATION TO BE PROVIDED Name of unit and number System Component Drawing Failure discovery date Date last operable Failure end date Failure mode Failure detection method Failure Description Narrative Cause of Failure Narrative Corrective Action Narrative System in which the failed component is located.
As stated in Regulatory Position 8, concurrent unavailable hours are reportable when two or more reportable systems, trains, or equipment group are unavailable at the same time during a reportable plant operational mode. Figure E-8 provides a suggested form for reporting concurrent unavailable hours. System, train, and equipment group designations should match the nomenclature used to identify them in system diagrams and data sheets (see Figures E-1 through E-6). The concurrent unavailable hours should be designated by plant mode as defined in Regulatory Position 2. The example in Figure E-8 is for a PWR with systems diagrams shown in Figures E-1 to E-4.2.
Component type and ID number used in the system drawing.
E-36
Identification of the plant piping and instrumen tation diagram showing the location of the failed component.
 
Date the component was discovered in a failed state. Date component was last verified as operable.
FIGURE E-8 DATA REPORTING FORM CONCURRENT UNAVAILABILITY Plant/Unit:                     Calendar Year:             Date Submitted:
Date when component was repaired.
Quarter 1     Quarter 2     Quarter 3   Quarter 4 HOURS OF CONCURRENT UNAVAILABILITY/OPERATING STATE (System, train, equipment group)
How the component failed to perform. (Open, close, start, run, etc.) Method by which the failure was detected, e.g., pump test, actual demand, maintenance inspection.
Exampl e AFW-A                     6.5 hrs EDG-B                     State 1 AFW-A                     1.5 hrs EDG-B                     State 1 HPSI-A EDG-A       2.0 hrs HPSI-B      State 1 E-37
A brief narrative description of the failure, including the plant operational mode and system mode at time of discovery, the impact of the failure on system, train, or equipment group, and, if the failure was due to failure of a dedicated support system, identification of the support system and the failed component.
 
A brief description of the cause of failure, including piece parts failed. A brief description of the corrective action to restore the failed component (e.g., repaired or replaced failed piece part).F-1 APPENDIX G EVENT LOG Figure G-1 is a suggested format for an onsite log to track the basic event data (failures, demands, run times, and unavailable hours) that form the basis for the summary data reported to the NRC. It is an example of a link between existing plant records and data systems and the summary information required by the rule. Column I The date of the demand or the start date of the period of unavailable hours or run time. Columns 2 and 3 The system and train or equipment groups in which the demand or period of unavailability occurred.Columns 4, 5, 6, and 7 Columns 8, 9, and 10 Column 11 If the event was a demand, the next four columns would indicate whether it was successful or, if not, the type of failure (start or run) and the run time (if applicable.)
APPENDIX F COMPONENT FAILURE RECORDS A component failure report should be submitted for each reportable failure.
If the event was a period of unavailable hours, the next three columns would record the unavailable hours according to whether they were planned, unplanned, or due to a support system being unavailable.
The table below lists the information that should be supplied in each component failure report.
The next to last column would use the plant's numbering or identification system for referencing plant records such as job requests, maintenance work orders, or operator logs. These plant records should provide documentation of the start of the event (demand or period of unavailable hours), the corrective action taken, and the end of the period of unavailable hours (return to service).G-1 Col umn 12 The last column would provide any additional information needed to compile the summary data, such as the support system resulting in the front-line system being unavailable, the plant state at the time of the event, the diagram showing the principal component causing the event, or the name of the principal component.
REPORT FIELD                 INFORMATION TO BE PROVIDED Plant name                  Name of unit and number System                       System in which the failed component is located.
Licensees may use whatever approach and format is most suitable to link plant records to the summary data.G-2 FIGURE G-1 EVENT LOG Date System Train Demands Hours Plant Comments or Unavailable Records Equip- Reference ment Successful Start Run Run Planned Unplanned Due to Group Demand Failure Failure Hours Support System 1/30/96 EDG EDG A 35 JO 704645. Replace JO 783768 relief valve 3/16/96 EDG EDG B / 20 RAC 1-88048.
Component                    Component type and ID number used in the system drawing.
JO 00756384 4/19/96 AFW Train A / 88.5 Unavailable (turbine) when plant went into mode 3 4/20/96 EDG EDG B 10 ESW JO 84932 4/22/96 EDO EDG A / LG 84932 Surveillance test DRAFT REGULATORY ANALYSIS The NRC has prepared a draft regulatory analysis, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (December 19, 1995), on the proposed rule, 10 CFR 50.76. The analysis examines the costs and benefits of the alternatives considered by the NRC. The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (202) 415-6835.R/A-1 Federal Recycling Program UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, DC 20555-0001 FIRST CLASS MAIL POSTAGE AND FEES PAID USNRC PERMIT NO. G-67 OFFICIAL BUSINESS PENALTY FOR PRIVATE USE, $300\}}
Drawing                      Identification of the plant piping and instrumen tation diagram showing the location of the failed component.
Failure discovery date      Date the component was discovered in a failed state.
Date last operable          Date component was last verified as operable.
Failure end date            Date when component was repaired.
Failure mode                How the component failed to perform. (Open,   close, start, run, etc.)
Failure detection method    Method by which the failure was detected, e.g.,
pump test, actual demand, maintenance inspection.
Failure Description        A brief narrative description of the failure, Narrative                  including the plant operational mode and system mode at time of discovery, the impact of the failure on system, train, or equipment group, and, if the failure was due to failure of a dedicated support system, identification of the support system and the failed component.
Cause of Failure            A brief description of the cause of failure, Narrative                  including piece parts failed.
Corrective Action          A brief description of the corrective action to Narrative                  restore the failed component (e.g., repaired or replaced failed piece part).
F-1
 
APPENDIX G EVENT LOG Figure G-1 is a suggested format for an onsite log to track the basic event data (failures, demands, run times, and unavailable hours) that form the basis for the summary data reported to the NRC. It is an example of a link between existing plant records and data systems and the summary information required by the rule.
Column I                                 The date of the demand or the start date of the period of unavailable hours or run time.
Columns 2 and 3                         The system and train or equipment groups in which the demand or period of unavailability occurred.
Columns 4, 5, 6, and 7                   If the event was a demand, the next four columns would indicate whether it was successful or, if not, the type of failure (start or run) and the run time (if applicable.)
Columns 8, 9, and 10                    If the event was a period of unavailable hours, the next three columns would record the unavailable hours according to whether they were planned, unplanned, or due to a support system being unavailable.
Column 11                                The next to last column would use the plant's numbering or identification system for referencing plant records such as job requests, maintenance work orders, or operator logs. These plant records should provide documentation of the start of the event (demand or period of unavailable hours), the corrective action taken, and the end of the period of unavailable hours (return to service).
G-1
 
Col umn 12                             The last column would provide any additional information needed to compile the summary data, such as the support system resulting in the front-line system being unavailable, the plant state at the time of the event, the diagram showing the principal component causing the event, or the name of the principal component.
Licensees may use whatever approach and format is most suitable to link plant records to the summary data.
G-2
 
FIGURE G-1 EVENT LOG Date   System Train                 Demands                           Hours             Plant       Comments or                                                     Unavailable         Records Equip-                                                                     Reference ment     Successful Start     Run       Run   Planned   Unplanned Due to Hours                    Support Group     Demand     Failure   Failure System 1/30/96 EDG   EDG A                                         35                         JO 704645. Replace JO 783768   relief valve 3/16/96 EDG   EDG B                         /                         20               RAC 1-88048.
JO 00756384 4/19/96 AFW   Train A             /                                   88.5                           Unavailable (turbine)                                                                               when plant went into mode 3 4/20/96 EDG   EDG B                                         10                 ESW     JO 84932 4/22/96 EDO   EDG A     /                                                               LG84932      Surveillance test
 
DRAFT REGULATORY ANALYSIS The NRC has prepared a draft regulatory analysis, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (December 19, 1995), on the proposed rule, 10 CFR 50.76. The analysis examines the costs and benefits of the alternatives considered by the NRC. The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (202) 415-6835.
R/A-1
 
Federal Recycling Program
                                  \
UNITED STATES                 FIRST CLASS MAIL NUCLEAR REGULATORY COMMISSION       POSTAGE AND FEES PAID USNRC WASHINGTON, DC 20555-0001           PERMIT NO. G-67 OFFICIAL BUSINESS PENALTY FOR PRIVATE USE, $300}}

Latest revision as of 11:36, 28 March 2020

Draft Regulatory Guide DG-1046, Guidelines for Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment in Nuclear Power Plants
ML003739470
Person / Time
Issue date: 04/30/1996
From:
Office of Nuclear Regulatory Research
To:
References
DG-1046
Download: ML003739470 (92)


Text

"UNITEDSTATES 0* NUCLEAR REGULATORY COMMISSION Z WASHINGTON, D.C. 205D5-0001 April 1996 Division 1 April 26, 1996 Task DG-1046 TO: DISTRIBUTION LIST FOR DIVISION I REGULATORY GUIDES

SUBJECT:

DRAFT REGULATORY GUIDE DG-1046, "GUIDELINES FOR REPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT IN NUCLEAR POWER PLANTS" notice of On February 12, 1996, the Nuclear Regulatory Commission published a for proposed rulemaking (61 FR 5318) that would require that licensees commercial nuclear power plants report plant-specific summaries of to the reliability and availability data for selected systems and equipment 50, NRC. This proposed Section 50.76, which is intended for 10 CFR Part also "Domestic Licensing of Production and Utilization Facilities," would require that records and documentation of each occurrence of a demand, data failure, or unavailable period that provides the basis for the summary reported to the NRC be maintained onsite and available for NRC inspection.

to The NRC has prepared Draft Regulatory Guide DG-1046 to provide guidance licensees on methods that would be acceptable to the NRC staff for implementing the proposed rule. This draft regulatory guide is being published for public comment in conjunction with public comment on the proposed rule, Section 50.76.

Comments should be submitted to the Chief, Rules Review and DirectivesU.S.

Branch, Division of Freedom of Information and Publication Services, Nuclear Regulatory Commission, Washington, DC 20555-0001. The public Comments comment period for the draft regulatory guide ends on July 5, 1996. so, but received after that date will be considered if it is practical to do assurance of consideration cannot be given for late comments.

The NRC staff is planning to conduct a workshop on June 4, 1996, to discuss the draft regulatory guide and the proposed rule. A public announcement providing information on the workshop is being published in the Federalis Register along with the announcement that this draft regulatory guide available for public comment.

I~Bill M. Morris, Dir~~or Division of Regulator$ App1licati ons Office of Nuclear Regtilatory Research

U.S. NUCLEAR REGULATORY COMMISSION April 1996 OFFICE OF NUCLEAR REGULATORY RESEARCH Division 1 Draft DG-1046 DRAFT REGULATORY GUIDE IContact:_DP._Allison_301)415_683

Contact:

D.P. Allison (301)415-6835 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR REPORT**G RELIABILITY AND AVAILABIL M._*,

FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position.

Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement. Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996.

Requests for single copies of draft guides (which may be reproduced) or for placement on an automatic distribution list for single copies of future guides in specific divisions should be made in writing to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Office of Administration, Distribution end Mail Services Section.

TABLE OF CONTENTS A. INTRODUCTION . . . . . . . . . . . . . . . . . . .

B. DISCUSSION . . . . . . . . . . . . . . . . . . . .

  • 1*2 C. REGULATORY POSITION ..... .................
  • 14
  • 11I
1. Reportable Systems .............
  • 15 1.1 Basic Systems . . . . . . . . . . . . .
  • 17
  • 9 1.2 Other Reportable Systems .......

1.3 Boundaries of Systems, Trains, and Equipment Groups .

2. Reportable Plant Operational States ....
  • 12
3. Reportable Demands .............
  • 14
4. Reportable Run Times ............ *
  • 17 15
5. Reportable Failures ............
  • 16 5.1 Failure on Demand ...........
  • 17 5.2 Failure To Run . . . . . . . . . . . .
  • 17 5.3 Recoverable Failures .........
  • 18
6. Unavailable Hours
  • 18
7. Hours in Plant Operational States .....
  • 19
8. Concurrent Unavailable Hours ........
  • 20
9. Annual Reports . . . . . . . . . . . . . . .
  • 20 9.1 Summary Reliability and Availability Data
  • 20 9.2 Failure Records . .. . . . . . . . . .
  • 20 9.3 Identification of Systems, Trains, and Equipment Groups 21 9.4 Electronic Submittal .........
  • 21
10. Onsite Data Storage ..... .............
  • 22 DRAFT REGULATORY ANALYSIS ..... ................ R/A-1

APPENDICES APPENDIX A, Proposed Section 50.76, Including Statement of Considerations ...... ........................... A-i APPENDIX B, Glossary .............. ............................ B-i APPENDIX C, Examples of Reportable Systems ..... ................ ... C-i APPENDIX D, Risk Importance Measures ....... ................... .. D-i APPENDIX E, Defining Systems, Trains, and Equipment Group Configurations and Data Reporting Forms .... ........... .. E-1 APPENDIX F, Component Failure Records ...... ................... ... F-i APPENDIX G, Event Log ........... ........................... G-1

A. INTRODUCTION On February 12, 1996, the Commission published for public comment a proposed rule, Section 50.76, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (61 FR 5318). The proposed rule is intended for Part 50, "Domestic Licensing of Production and Utilization Facilities," of the NRC's regulations in Title 10 of the Code of Federal Regulations. A copy of the proposed rule is provided in Appendix A.

The proposed rule would require that licensees for commercial nuclear power reactors report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. It would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the summary data reported to the NRC be maintained onsite and made available for NRC inspection for 5 years.

A public workshop will be held soon after publication of this draft regulatory guide to receive comments on the proposed Section 50.76 and the supplemental guidance in this guide for implementing the proposed rule. The comment period for this proposed rule will not expire until at least 30 days after publication of this draft guide. The NRC intends to publish the final rule in December 1996.

As stated in the proposed Section 50.76, licensees would begin reporting the summary data, compiled on the basis of calendar quarters (or on a more frequent basis at the option of each licensee), for the calendar year 1997.

The first report, covering January 1 through December 31, 1997, would be submitted by January 31, 1998. Thereafter, each annual report would be submitted by January 31 of the following year.

Many terms are defined in the Glossary in Appendix B as they are used in this guide. Appendix C lists examples of systems to be reported, and Appendix D discusses risk-importance measures. Appendix E helps define systems, trains, and equipment group configurations for reporting and presents some examples of systems; it also provides some data reporting forms. Appendix F discusses records of component failures, and Appendix G is an example of an event log.

This draft regulatory guide is being developed to provide guidance to licensees on the summary data to be reported to the NRC and on the basic data I

to be maintained onsite and available for NRC inspection. It is being published for public comment in conjunction with the public comment on the proposed Section 50.76.

Regulatory guides are issued to describe and make available to the public such information as methods acceptable to the NRC staff for implementing specific parts of the Commission's regulations, techniques used by the staff in evaluating specific problems or postulated accidents, and guidance to applicants. Regulatory guides are not substitutes for regulations, and compliance with regulatory guides is not required. Regulatory guides are issued in draft form for public comment to involve the public in the early stages of developing the regulatory positions. Draft regulatory guides have not received complete staff review and do not represent official NRC staff positions.

This draft regulatory guides proposes information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This regulatory guide will be submitted to the Office of Management and Budget with the final rule for review and approval of the information collections.

The public reporting burden for this collection of information is estimated to average 1,375 hours0.00434 days <br />0.104 hours <br />6.200397e-4 weeks <br />1.426875e-4 months <br /> per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments on any aspect of this collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet electronic mail to BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0011), Office of Management and Budget, Washington, DC 20503.

The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.

2

B. DISCUSSION OVERVIEW The data collected under the proposed Section 50.76 are intended to provide reliability and availability data on selected systems and equipment in U.S. commercial nuclear power plants for use by both the NRC and its licensees.

The regulatory guide is intended to provide a flexible framework to obtain consistent data yet allow licensees to use existing data collection programs to the extent they are applicable. The reporting is intended to include the most risk-significant systems that are a subset of the risk-important systems already identified for implementation of the maintenance rule. It is estimated that a typical plant will have 7 to 10 reportable systems. Licensees will also be able to use existing surveillance and inservice test information along with information on unplanned ESF actuations to satisfy most, if not all, of the equipment demand reporting requirements. The data would be compiled by NRC in a centralized database. The definitions and information requested are intended to be sufficient to qualify the database for regulatory applications of probabilistic risk assessment (PRA) that fall within the limitations of the data. This regulatory guide has the following major features:

Only the most risk-significant systems are subject to reporting.

Regulatory Position 1.1 lists five basic systems that the NRC has determined should be reported for all plants. Regulatory Position 1.2 provides acceptable methods for licensees to determine other systems that are reportable on a plant-specific basis.

As discussed in Regulatory Position 1.3, flexibility is provided for the identification of boundaries of systems, trains, and equipment groups.

It is recommended that boundaries be defined so that systems, trains, and equipment groups are defined by a similarity of demands for equipment.

Licensees have considerable flexibility in defining boundaries to allow the use of existing testing and onsite data collection systems.

Demand and failure counts and hours that trains and equipment groups are unavailable should be identified by the train or equipment group in which 3

they occurred and the plant operational state at the time of occurrence.

(See Regulatory Position 2.)

Demands and any failures on demand should also be identified by the type of demand: (1) actual demands to perform a risk-significant safety function,' (2) spurious actuations of a train or equipment group that closely simulate actual demands, and (3) test demands. (See Regulatory Position 3.)

Degradations in equipment performance that deviate from the design basis but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under 10 CFR 50.76.

(See Regulatory Position 5.)

The hours that reportable trains and equipment groups were unavailable are reportable, whether planned or unplanned, and whether due directly to equipment in the reportable train or equipment group or due to a support system being unavailable. (See Regulatory Position 6.)

Initially, licensees should: (1) determine their reportable systems; (2) identify their risk-significant safety functions; (3) define the trains and equipment groups for these systems; and (4) identify the plant operational states for which the specified trains and equipment group data are reportable.

They should then track or log the required data and annually report the summary data as discussed in Regulatory Position 9. Licensees should keep onsite the 1The term "safety function" as used here does not necessarily correspond to (1) safety-related systems, structures, and components, as currently defined in 10 CFR 50.49, (2) a facility's design basis, (3) a facility's licensing basis, or (4) operability requirements in a facility's technical specifications. The "risk-significant safety function" is a function that has or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity. It should also be noted that the staff's current guidance on operability requirements is provided in Generic Letter 91-18, November 7, 1991,

Subject:

Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Nonconforming Conditions and on Operability. Copies are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.

4

records and documentation that provide the basis for the summary data reported to the NRC. (See Regulatory Position 10.)

Figure I is a flowchart of the guidelines for implementing the proposed rule.

C. REGULATORY POSITION The methods provided in this Regulatory Position describe means that would be acceptable to the NRC staff for meeting the requirements of the proposed Section 50.76 to 10 CFR Part 50.

The demand counts, failure counts, unavailable hours, and run time information reported to the NRC should be sufficiently accurate to allow the NRC and licensees to estimate equipment reliability and to perform risk analyses. Occasional minor errors in the reported number of actual or spurious demands, failures, or unavailable hours would be considered to be within an acceptable level of accuracy if they do not (1) have a systematic bias in one direction, (2) appear consistently in many systems, or (3) result in significant impacts on the estimated reliability and risk parameters. When estimates of demands are used, they should be very close to the average of actual counts of demands in a reporting period, consistent with the standards provided above.

1. REPORTABLE SYSTEMS Reportable systems are the most risk-significant systems that are a subset of the systems identified for implementation of the maintenance rule.

They include (1) a generic set of systems that the NRC has determined should be reported by all licensees, called "basic systems," and (2) other risk significant systems that individual licensees determine to be subject to the proposed rule on a plant-specific basis.

5

I I FIGURE 1. Implementation of Guidelines for Reporting Reliability Data (Italics indicate sections of this regulatory guide that provide guidance.)

6

1.1 Basic Systems TABLE 1. Basic Systems for PWRs PWR Basic System Risk-Significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads for loss of off-site power.

Reactor protection system Reactor trip for accident or transient (RPS) conditions.

Auxiliary feedwater (AFW) Decay heat removal in accident or transient system conditions, including loss of off-site power and station blackout.

High-pressure safety Safety injection, small loss-of-coolant injection (HPSI) system accident (LOCA), medium LOCA and feed and bleed.

Decay heat removal for large LOCA, post-LOCA recirculation phase.

Reactor vessel makeup during shutdown.

Low-pressure safety Safety injection, medium LOCA and large LOCA.

injection (LPSI) system/RHR Boost for high-pressure safety injection pumps at some plants for small LOCA (post LOCA recirculation phase) or for feed and bleed.

Decay heat removal for large LOCA, post-LOCA recirculation phase and shutdown operations.

Reactor vessel makeup during shutdown.

7

1_

TABLE 2. Basic Systems for BWRs BWR Basic System Risk-significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads on loss of off-site power.

Reactor protection system Reactor trip for accident or transient (RPS) conditions.

Reactor core isolation Reactor vessel injection for loss of off-site cooling system (RCIC) or power, loss of feedwater, very small LOCA, or station blackout.

Isolation condenser Core cooling via natural circulation for loss of off-site power, loss of feedwater, main condenser isolation, or station blackout.

High-pressure coolant Reactor vessel injection from condensate injection system (HPCI) storage tank or suppression pool for loss of off-site power, loss of feedwater, small LOCA, medium LOCA, or station blackout.

High-pressure core spray Reactor vessel injection from condensate system (HPCS) or storage tank or suppression pool for loss of off-site power, loss of feedwater, LOCA, or station blackout.

Feedwater coolant injection system (FWCI) Reactor vessel injection from condensate storage tank or suppression pool for loss of off-site power, loss of feedwater or LOCA.

Low-pressure coolant Reactor vessel injection from the condensate injection function of storage tank (CST) or suppression pool under residual heat removal low pressure conditions.

(RHR), low-pressure coolant injection (LPCI) and/or low pressure core spray (LPCS) system(s) and Heat removal function of Decay heat removal from the suppression pool RHR. or the reactor under low pressure conditions.

8

Some plants may have different names for the systems and equipment that provide the above risk-significant safety functions. The plant-specific names should be used as appropriate to identify the systems and equipment that accomplish the risk-significant safety functions discussed above. (Examples are provided in Appendix C).

1.2 Other Reportable Systems Each licensee should determine whether there are other plant systems, besides the basic systems, that are of sufficient risk-significance to be reportable. Systems and equipment groups are reportable if they have or could have a significant effect on risk in terms of avoiding core-damage accidents or preserving containment integrity. Generally, these systems should contribute as much or more to core-damage frequency as the basic systems. Systems meeting one or more of the following conditions should be considered reportable:

Systems with relatively high risk-importance measures as determined from the plant's full PRA.

Systems necessary for assurance of the more risk-significant aspects of containment integrity (e.g., prevent gross containment failure).

Systems necessary for shutdown from a risk perspective (decay heat removal and makeup functional capability).

To begin the process of identifying these systems, licensees should use one of two lists of systems and equipment:

(1) Licensees may use the list of SSCs determined to be risk-significant for the maintenance rule as an initial list.

(2) Licensees may wish to make a more specific determination of the systems and equipment that meet the risk-significance level intended by the proposed rule. If so, the licensee should calculate two measures, the Fussell-Vesely (FV) measure and the ratio form of the Risk Achievement Worth (RAW) measure. Systems and equipment with FV Ž 0.1 or RAW Ž 100 9

should be included in the initial list. The formulas for these measures are given in Appendix D.

A multidisciplinary expert panel, similar to the expert panel used for implementation of the maintenance rule, should use (1) or (2) above as an initial list of safety systems. The panel should then use PRA insights and evaluate other relevant application-specific information to add or delete systems to derive a list of other reportable systems. The panel should consider the following:

Systems that are important because their failure or malfunction could result in accident-initiating events need not be considered reportable unless they also have a risk-significant mitigative function. An example of a system that would not generally be reportable is the offsite (preferred) power system.

Support systems that serve several reportable systems would generally be reportable separately. However, only the trains or equipment groups that provide the principal functional capability of the system would be reported separately as a reportable support system. Trains or equipment groups in support systems that provide a dedicated support function to a single train or equipment group in a reportable system need not be reported separately or as part of a reportable support system. The reliability and availability of this support system equipment will be evidenced by its impact on reportable front-line system reliability and availability. (See Appendix E for additional guidance.)

Risk-significant structures such as containment structures and ice condensers, for which risk is more a function of capability than reliability, need not be considered reportable. However, other systems and equipment that are important for containment integrity should be considered for reportability. The expert panel should consider containment spray, containment fan coolers, suppression pool cooling, containment vacuum breakers, and portions of containment isolation with regard to their risk-significant effect on containment integrity.

Containment isolation would be a candidate to the extent that there may 10

be relatively large penetrations that are open frequently (i.e., greater than 1% of the time the reactor is operating) and could contribute to gross containment function failure.

Systems and equipment that are risk-significant only because of operator error for actuation, operation, or termination of a risk-significant safety function need not be considered reportable. The scope of the proposed rule is limited to data on equipment reliability and availability. For example, power operated relief valves would not be reportable if they were risk-significant only because of the likelihood of operator failure to open them for feed and bleed. However, this exclusion would not apply to operator or other personnel errors that could unintentionally make equipment inoperable (unavailable) with respect to its risk-significant safety function.

Systems and equipment that make a large contribution to risk during shutdown and are significant contributors to total risk should be considered reportable. The panel should consider the mitigation systems necessary for safety functions during shutdown, e.g., decay heat removal, primary inventory control, and pressure relief. The primary interest in these systems is in their availability to respond to shutdown accident scenarios.

1.3 Boundaries of Systems, Trains, and Equipment Groups The boundaries of systems, trains, and equipment groups should be defined by the nature of the demands so that the information to be reported on demands and unavailability is consistent with testing and other actuations of the equipment. Thus, trains or parts of trains that are actuated to perform a safety function or part of a safety function should be included in an equipment group. This will allow the use of tests and other actuations for all equipment within the group to be counted as one unit to simplify counting demands and unavailability. However, licensees have great flexibility in defining the boundaries of systems, trains, and equipment groups to facilitate tracking of demands associated with routine testing and other actuations (planned or unplanned), as well as considering existing data systems and technical 11

specifications. Licensees who choose an alternative method of defining trains and equipment groups should select groups of components with essentially the same test frequency and report counts of their demands.

Licensees should submit diagrams for all reportable systems, trains, and equipment groups that indicate the principal active and passive components.

Some suggested principles and a number of detailed examples for identifying and delineating systems, trains, and equipment groups are provided in Appendix E.

2. REPORTABLE PLANT OPERATIONAL STATES Data for reportable systems should be reported for those plant operational states for which the systems could be demanded to perform their risk-significant safety function. Data on unavailability need not be reported for operational states in which the refueling cavity is more than half full or the reactor is defueled. Reportable surveillance test demands and associated failures should be reported any time there is a valid test actuation of the reportable systems, trains, or equipment groups that meets reportability guidance (see Regulatory Position 3).

For reporting under the proposed rule, "plant operational states" should be defined by the following:

Plant operational states for PWRs:

PI Power operations and shutdown conditions without RHR initiation P2 Shutdown conditions with RHR cooling and RCS unvented P3 Shutdown conditions with RHR cooling and RCS vented but not in reduced inventory P4 Reduced inventory Plant operational states for BWRs:

BI Power operations and shutdown conditions without RHR initiation B2 Shutdown conditions with RHR cooling and RCS unvented B3 Shutdown conditions with RHR cooling and RCS vented Tables 3 and 4 show the plant operational states for which the data should be reported for the "basic systems."

12

TABLE 3. Plant Operational States for PWRs P1 P2 P3 P4 PWR Power Shutdown Shutdown Reduced Basic Operation Conditions Conditions Inventory Systems and Shutdown with RHR with RHR Modes Cooling Cooling and without RHR and RCS RCS Vented Initiations Unvented but not in Reduced Inventory Emergency ac power yes yes yes yes system Reactor protection yes no no no system Auxiliary feedwater yes yes no no system High-pressure safety yes yes yes yes injection system Low-pressure safety yes yes yes yes injection system/RHR _ I III 13

TABLE 4. Plant Operational States for BWRs BI B2 B3 BWR Power Shutdown Shutdown Basic Operation and Conditions Conditions Systems Shutdown with RHR with RHR Conditions Cooling and Cooling and without RHR RCS RCS Vented Initiation Unvented Emergency ac power system yes yes yes Reactor protection system yes no no Reactor core isolation cooling yes yes no system or Isolation condenser yes yes no High-pressure coolant injection yes yes no system High-pressure core spray system yes yes no or Feedwater coolant injection yes yes yes system Low-pressure coolant injection yes yes yes function of residual heat removal, low-pressure coolant injection or low-pressure core spray systems and Heat removal function of RHR yes yes yes and containment spray systems I II_ I For systems that are determined to be reportable based on their plant specific risk significance, reliability data should be reported for those plant operational states during which they could be used to perform their risk significant safety function.

3. REPORTABLE DEMANDS A reportable demand is an instance when a basic system or other risk significant system, train, or equipment group is actuated to perform its risk significant safety function. A demand may be manual or automatic. Reportable I 14

demands should include (1) actual demands, (2) spurious demands that closely simulate actual demands, (3) test demands that involve, or, if actually demanded, would involve, simultaneous or integrated actuation of all components in the system or train, and (4) certain partial train tests that provide data necessary to estimate train reliability. These partial test demands, although conducted at different time intervals, can be combined to estimate the demand reliability of the train. These partial train tests may include mini-flow pump tests, diesel generator monthly tests, valve stroke tests, RPS actuation channel tests, and special integrated system tests conducted during refueling outages. Individual component tests (e.g., valve stroke tests) that are conducted at roughly the same frequency could be reported as demands for that group. Additional guidance and examples are provided in Appendix E.

When it is impractical to count individual demands and a reasonable basis for estimating demands has been established, the reported demands may reflect the general history of the equipment rather than an exact count of every demand. The basis for count estimates of demands should be modified when changes in plant operations and testing make the estimated values inaccurate for reliability estimates. (See the discussion of accuracy at beginning of the Regulatory Position.) The use of estimated demands would not apply to actual or spurious demands to perform a risk-significant safety function or to surveillance required by technical specifications.

Test demands following maintenance or repair of equipment, if they are used to demonstrate that the equipment is ready to return to service, should not be counted as reportable demands.

Examples of reportable demands are provided in Appendix E.

4. REPORTABLE RUN TIMES Certain systems are required to start and operate for a relatively long test or mission time. These systems include the emergency ac power system, the fluid systems listed in Regulatory Position 1.1 and similar reportable systems selected by the methods in Regulatory Position 1.2 with risk-significant mission run times of about eight hours or more. For all run times or hours of operation greater than one hour for these systems, licensees should report (1) the number of demands (either test or in response to an actual demand) to run 15

for an hour or more, (2) the number of these runs that ended in failure, and (3) the total hours of operation of these runs (the sum of all run times greater than an hour from the time of the demand to the end of the operation).

Data on run time must be reported by the train or equipment group, by the type of demand, and by the plant operational state at the time of the demand to run.

Appendix E describes a way to report these data that is acceptable to the NRC staff.

5. REPORTABLE FAILURES A failure is reportable when a reportable system, train, or equipment group fails to perform its risk-significant safety function in response to a reportable demand. This information is used in conjunction with the count of reportable demands to estimate unreliability. This information should be tabulated on the data sheets provided in Appendix E. In addition, a component failure record, as described in Appendix F, should be provided. The component failure record is used to identify the actual component that failed, its cause, the effect of the failure, and other pertinent information.

Some risk-significant systems have multiple success paths because of their complexity of design and multiple safety function requirements. These systems are not easily divided into simple trains or equipment groups with simple train-level success criteria. While it may be appropriate to combine multiple success paths into a single train or equipment group for the purpose of counting demands, it would be inappropriate to report failures at that level. For example, the valves between the pumps and steam generators in a headered auxiliary feedwater system may be required to direct flow from only one pump to only one steam generator for success in some sequences, but may be required to direct flow from two pumps to two or more steam generators for success in other sequences. Thus, the failure of any of these injection valves is of potential risk-significance. A failure record is required for each principal component failure of a reportable system, train, or equipment group.

A principal component failure is also reportable when discovered by means other than a reportable demand (e.g., it is found to be unable to perform its risk-significant safety function because of actual or incipient failure by inspection or other nonreportable demands.

16

A failure in a front-line reportable system, train, or equipment group may be due to the failure of a component from a support system. If the failed support system component provides a dedicated support function to a single train or equipment group in the reportable system (as discussed in Regulatory Position 1.2), the failure of the support system component should be reported against the reportable front-line system. If the dedicated component is not indicated on the systems diagram for the reportable system, the component failure record should describe the component and its function. For example, if the heat exchanger from the service water system that is dedicated to a specific diesel generator became plugged resulting in the failure of the diesel generator, the failure should be reported as a failure of a train in the emergency ac power system due to failure of the service water heat exchanger.

On the other hand, if a failed support system component fails or causes the unavailability of more than one reportable front-line system, and the support system is also designated as a reportable system, the failure should be reported as a failure of the support system. The accompanying component failure record should describe the effects on the front-line systems. If this same situation occurs in a support system that is not itself a reportable system, the failures of each affected front-line system should be reported, with a single component failure record that indicates the connection of all the affected systems to the single support system component failure. For example, if failure of a service water pump results in failure of an emergency diesel generator (EDG) and loss of an RHR train, it should be reported as a service water system failure that caused failure or unavailable hours for an EDG train and an RHR train.

Degradations in equipment performance that do not satisfy operability requirements for design basis accidents but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under this rule (e.g., an emergency diesel generator start in 11 to 12 seconds, when the requirement to start is within 10 seconds, would not be reportable). If there is reasonable doubt about the reportability of an equipment degradation as a failure, or if precise analysis of operational capability is required to determine whether the equipment degradation represents a risk-significant safety function failure, the degradation should be reported as a failure with an appropriate explanation.

17

Failure records should be submitted to NRC with the annual reports.

Guidance on the content and format of failure records is provided in Appendix F.

5.1 Failure on Demand Failures on demand should include failures to start and achieve a steady state condition (e.g., rated speed, flow, position) and failures to operate for up to one hour. Failures to change state on demand should include failures of valves and electrical equipment that must change state (open, close, make or break contact) to fulfill their risk-significant safety functions.

Failures on demand must be reported by the train or equipment group in which the failure occurred, the type of demand, and the plant operational state at the time of failure. See Appendix E for the format for reporting failure counts.

5.2 Failure To Run Failures that occur after a successful start (i.e., start and run for one hour) should be reported as a failure to run for the train or equipment group containing the failure. See Appendix E for the format for reporting data on failure to run.

5.3 Recoverable Failures Initial actuation or run failures that are promptly recovered in a time frame consistent with the risk-significant safety function are not reportable.

The following guidance should be used:

Actuation and run failures that are promptly recovered from the control room in a short period and don't require diagnosis or repair are not reportable. The length of time for successful recovery depends on the function that must be performed, but is generally limited to less than 5 minutes. For example, failure of an emergency diesel generator to start automatically would not be reported as a failure if an operator manually started the diesel generator from the control room within a few minutes.

18

For conducting functional tests, a component may be aligned to a test position that is different from its normal standby position, leaving the train or equipment group in a configuration that would not be capable of automatically satisfying its safety function. If an operator is stationed by the realigned component with the specific responsibility of realigning it to its safety function position in case a real demand occurs during the period of the test and a reportable demand occurs, the operator's successful realignment of the component would be a successful demand, not a reportable failure. Operator error or inability to successfully operate the equipment would be reported as a failure on demand.

Any other actions by the operator to recover failures of other components should be reported as failures.

6. UNAVAILABLE HOURS Unavailable hours are the period of time that a reportable system, train, or equipment group is not capable of performing its risk-significant safety function for reportable plant operational states. This may occur following a failure on demand or by removal of equipment from service (e.g., for maintenance or testing). Unavailable hours must be reported as either planned (preventive maintenance, test, or other planned activities) or unplanned (e.g.,

repair of a component resulting in a system or train being unavailable). It also includes time unavailable because a support system failed or was unavailable, rendering the train or equipment group incapable of performing its risk-significant safety function.

Unavailable hours do not include conditions that are promptly recoverable from the control room, such that the risk-significant safety function could be performed as needed. Nor do they include the loss of individual components that do not result in a reportable system, train, or equipment group being unavailable.

Unavailable hours should begin when a system, train, or equipment group is either removed from service for scheduled (planned) or corrective 19

(unplanned) maintenance, or is discovered to be incapable of performing the safety function by some means other than a reportable demand (e.g., by observation of mispositioned or damaged components). When reportable equipment is determined to be unavailable by means other than a reportable demand and it is not feasible to determine the time the equipment actually became unavailable, the time the equipment became unavailable should be estimated as the mid-point between the last time the failed component was known to be functional and the time it was discovered to be failed. For example, if a component is discovered to be inoperable because of corrosion that occurred since the last successful operation, it would be difficult to determine exactly when the corrosion reached the point that the component would have failed on demand. In this case, the unavailable time should be estimated as one half the time since the last successful test plus the corrective action time needed to restore the component back to an operable state.

7. HOURS IN PLANT OPERATIONAL STATES Licensees should report the number of hours during each quarter that the plant was in each of the plant operational states defined in Regulatory Position 2. Examples for reporting these hours are shown in Appendix E.
8. CONCURRENT UNAVAILABLE HOURS Concurrent unavailable hours are to be reported when two or more trains or equipment groups in the same or different reportable systems are unavailable at the same time. The intent is to report on a loss of redundancy within and between systems as well as a concurrent loss of two or more safety functions at the train or equipment group level. For each such instance, the concurrent unavailable hours (either known hours or hours estimated by the method suggested in Regulatory Position 6) and the identity of the trains or equipment groups should be reported.

20

9. ANNUAL REPORTS Licensees are required to submit annual reports of the reportable summary reliability and availability data, compiled on a quarterly basis. Licensees may report data more frequently or compile information more frequently than quarterly.

9.1 Summary Reliability and Availability Data Appendix E provides formats (or data sheets) that are acceptable to the NRC staff for submitting summary reliability and availability data, along with information on compiling specific data elements.

9.2 Failure Records As discussed in Regulatory Position 5, a failure record is required for each reportable failure. Appendix F lists the information that should be supplied in each failure record. A Nuclear Plant Reliability Data System (NPRDS) failure record may be submitted in lieu of the failure record of Appendix F if it contains the information identified in Appendix F.

9.3 Identification of Systems, Trains, and Equipment Groups The initial annual report should include brief descriptions identifying the systems, trains, and equipment groups to which the summary data apply.

Subsequent annual reports should identify changes made to the systems, trains, and equipment groups. The information provided on systems, trains, and equipment groups, should include the following items.

A list of the risk-significant systems and equipment that the licensee has determined on a plant-specific basis to be reportable under the rule, as discussed in Regulatory Position 1.2.

A brief description of the risk-significant safety functions for these systems, as for the basic systems in Regulatory Position 1.1, that could 21

be used to identify risk-significant successes, failures, and unavailable time.

The plant operational states for which reliability and availability data are reportable for each risk-significant system, train, and equipment group, as for the basic systems in Regulatory Position 2.

Simplified system diagrams for each reportable system, annotated to show each risk-significant train and equipment group associated with the various types of reportable demands and unavailable hours. Examples are provided in Appendix E. These diagrams should include principal component identifiers for all reportable components that would permit the linking of failure records to specific components in the system diagrams.

9.4 Electronic Submittal Documentation of reportable reliability and availability data, failure records, and descriptive material on the systems may be submitted by letter or electronically. There are several acceptable methods and formats for submitting data electronically. Files may be sent by e-mail over the Internet or by mailing a diskette containing the data.

10. ONSITE DATA STORAGE Licensees should maintain records and documentation to verify and validate the summary data reported to NRC. These records should be available for NRC review. Licensees may maintain a log of each demand, failure, or unavailable period that forms the basis for the summary data reported to the NRC. Alternatively, licensees may wish to state their methods or references for linking each reportable data element (demand, failure, or unavailable period) to existing plant records. Plant records could include such items as maintenance work orders and requests, maintenance rule documentation, plant monthly operating reports, control room logs, diesel generator room logs, operations and maintenance staff planning documents, and LERs. The staff 22

suggests a format similar to Appendix G to both ensure clarity and to provide a method of easily recording information on a frequent (daily or weekly) basis.

These records should cover a period of at least the 5 most recent calendar years.

23

APPENDIX A PROPOSED RULE SECTION 50.76, "uREPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT,"

INCLUDING THE STATEMENT OF CONSIDERATIONS Published in the Federal Register on February 12, 1996 (Volume 61, No. 29, pages 5318-5326)

A-i

5318 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules not required by 5 USC 553 or any other tobacco (i) must refund the price Authority: 7 U.S.C. 1421, 1423, 1441, 1445, provision of law to pubiish a notice of support loan amount for the individual 1445-1 and 1445-2; 15 U.S.C. 714b, 714c.

proposed rulemaking with respect to the lot and (ii) will be declared to be 2. Section 1464.8 is amended by subject matter of this rule. ineligible for any other tobacco price revising the introductory text to read as support for that year. follows:

Federal Assistance Program Because of the severity of the The title and number of the Federal consequences, there is sometimes a t1464.8 Eligible tobacco.

Assistance Program, as found in the reluctance to make a finding that the Eligible tobacco for the purpose of Catalog of Federal Domestic Assistance, violation was knowing and producers pledging such tobacco as collateral for a to which this rule applies are: will sometimes contend that the nesting price support loan is any tobacco of a Commodity Loans and Purchases was the act of irresponsible employees kind for which price support is 10.051 or other handlers of tobacco. However, available, as provided in § 1464.2. that there is no apparent reason why a is in sound and merchantable condition, Environmental Evaluation refund should not be demanded for a is not nested as defined in 7 CFR Part It has been determined by an loan made on any adulterated (nested) 29, and:

environmental evaluation that this lot whether it was, as to producer, * *t * *

  • action will have no significant impact "knowingly" nested or not. It must be 3. Section 1"464.9 is amended by on the quality of the human the responsibility of the producer to revising paragraph (a) to read as follows:

environment. Therefore, neither an present eligible tobacco. Nesting environmental assessment nor produces false weights, and processing §1464.9 Refund of price support advance.

environment statement is needed. problems, and by producing undue loan * * *r

  • at disbursements can cause losses that (a) Received a price support advance Executive Order 12372 ultimately are born by the tobacco on tobacco that was nested, as defined This program/activity is not subject to producer because of the "no net-cost" in part 29 of this title or otherwise not the provisions of Executive Order nature of the tobacco program. eligible for price support. The county 12372, which requires The proposed rule would make committee, with concurrence of a State intergovernmental consultation with explicit that a refund wi8ll be due from committee representative, may reduce State and local officials. See the notice the loan recipient on the individual the refund with respect to tobacco related to 7 CFR Part 3015, subpart V nested lot in all cases of nesting otherwise required in this part, in published at 48 FR 2915 (une 24, 1983). ("knowing" or not). However, the rules accordance with guidelines issued by would allow the Farm Service Agency the Deputy Administrator for Farm Executive Order 12778 (FSA) county conmmittee, with the This proposed rule has been reviewed Programs.

concurrence of the FSA State ft * * *

  • in accordance with Executive Order committee, to reduce the amount of the 12778. The provisions of this proposed refund demanded, in accordance with Signed at Washington, D.C., on February 5, 1996. I rule are not retroactive and preempt guidelines of the FSA Deputy State laws to the extent that such laws Administrator for Farm Programs. This Bruce R. Weber, are inconsistent with the provisions of allowance will permit adjustments to Acting Executive Vice President,Commodity this proposed rule. Before any legal avoid undue hardships to producers. Credit Corporation.

action is brought regarding This rule would not adjust the terms [FR Doc. 96-2927 Filed 2-9-96; 8:45 am) determinations made under provision of under which a producer can lose BILUNG COoE 3410-05-M 7 CFR Part 1464, the administrative eligibility for the entire crop year. for all appeal provisions set forth at 7 CFR Part lots, as a result of a nesting violation.

780 must be exhausted. For that, a "knowing" violation will still NUCLEAR REGULATORY be required. The proposed rule is, COMMISSION Paperwork Reduction Act instead, addressed to the accounting for This proposed rule does not change the individual lot that is actually nested. 10 CFR Part 50 the information collection requirements This result would be accomplished by RIN 3150-AF33 that have been approved by OMB and modifying Part 1464.8 to make more assigned control number 0560-0058. explicit that nested tobacco is per se Reporting Reliability and Availability ineligible for price support. Also, Part Information for Risk-significant Background 1464.9 would be amended to remove the Systems and Equipment Nested tobacco is tobacco in a lot reference to "knowing" violations with containing a "nest" of inferior tobacco regard to demands for refunds on AGENCY: Nuclear Regulatory or foreign material, presumably, to individual lots. Commission.

increase the payment of loan weight of Comments on this proposed rule are ACTION: Proposed rule.

the lot. A formal definition of nesting is welcomed and should be submitted by found in regulations codified at 7 CFR the date indicated in this notice.

SUMMARY

The Nuclear Regulatory Part 29 and that definition is Commission (NRC) is proposing to List of Subjects in 7 CFR Part 1464 amend its regulations to require that incorporated in the rules for the tobacco price support program found at 7 CFR Agriculture, Assessments, Loan licensees for commercial nuclear power Part 1464. program, Price support program, reactors report plant-specific summary In some cases, the nesting may not be Tobacco, Warehouses. reliability and availability data for risk discovered until later in processing, Accordingly, it is proposed that 7 CFR significant systems and equipment ' to well after a price support loan for the Part 1464 be amended as follows:

tobacco has been disbursed. Under IIn relation to this proposed rule, the term PART 1464-TOBACCO equipment is intended to apply to an ensemble of current tobacco program rules n 7 CFR components treated as a single entity for certain Part 1464.7 through 9, a producer found 1. The authority citation for part 1464 probabilistic risk assessments (PRAs) where a to have "knowingly" presented nested continues to read as follows: system or train treatment would not be appropriate.

A-2

l.Ajliial aoeuu'*, I VnV fR1. No. 29 / Mondav. February 12. 1996 / Proposed Rules 5319 51 11-A-i-I / Vol 61 No 29 / Monday, February 12, 1996 / Proposed Rules requirements in 10 CFR 50.65, the NRC. The proposed rule would also heading PaperworkReduction Act "Requirements for Monitoring the require licensees to maintain on site, Statement.

ADDRESSES: Mail written comments to:

Effectiveness of Maintenance at Nuclear and to make available for NRC Power Plants", also do not contain inspection, records and documentation U.S. Nuclear Regulatory Commission, reporting requirements.

that provide the basis for the summary Washington, DC 20555-0001, ATTN.: krecent years, plants have performed data reported to the NRC. The systems Docketing and Service Branch. Deliver Individual Plant Evaluations (IPEs), as and equipment for which data would be written comments to the NRC at One requested in Generic Letter 88-20 and provided are a subset of the systems and White Flint North, 11555 Rockville its supplements, and submitted the equipment within the scope of the Pike, Rockville, MD, between 7:30 am results to the NRC. These submittals maintenance rule. and 4:15 pm on Federal workdays. provide measures of risk such as core The Commission has determined that Send comments regarding the damage frequency, dominant accident reporting of reliability and availability collection of information, including the sequences, and containment release information is necessary to substantially burden estimate and suggestions for category information. While system and reducing the burden, to: (1) Desk component reliability data have been improve the NRC's ability to make risk of Information and effective regulatory decisions consistent Officer, Office Affairs, NEOB-I0202 (3150 collected as part of some utility IPEs, with the Commission's policy statement Regulatory 0011), Office of Management and this information is typically not on the use of probabilistic risk included in the IPE submittals to the 16, 1995; Budget, Washington, DC 20503, and (2) NRC.

assessments (PRAs) (August Information and Records Management 60 FR 42622). This would assist the PriorEfforts NRC in improving its oversight Branch (T-6F33), U.S. Nuclear Regulatory Commission, Washington, In late 1991 and through 1992, the capabilities with respect to public DC 20555-0001. For further information NRC staff participated on an INPO health and safety and becoming more se the discussion below under the efficient by focusing its regulatory established NRC/industry review group heading Paperwork Reduction Act to make recommendations for changes program on those issues of greatest risk significance and reducing unnecessary Statement. to the Nuclear Plant Reliability Data Copies of the draft regulatory analysis, System (NPRDS). The group's final regulatory burdens on licensees. The supporting statement submitted to to INPO to collect the recommendations Commission would use the data that the OMB, and comments received may PRA-related reliability and availability would be required by the proposed rule be examined, and/or copied for a fee, at: data would have provided most of in generic issue resolution, developing NRC Public Document Room, 2120 NRC's data needs. However, INPO took quantitative indicators that can assist in The L Street NW. (Lower Level), no action on these recommendations.

assessing plant safety performance, Washington, DC. During 1992 and 1993, the NRC staff performing risk-based inspections, and continued through correspondence and pursuing modifications to specific FOR FURTHER INFORMATION CONTACT:

Dennis Allison, Office for Analysis and meetings to outline the particular data plants and basic regulations and needed and to seek INPO's assistance in guidelines. Furthermore, this Evaluation of Operational Data, U.S.

Nuclear Regulatory Commission, obtaining the data. In a December 1993 information would improve the NRC's meeting with NUMARC (now the oversight of licensees' implementation Washington, DC 20555-0001, also Telephone (301) 415-6835. Nuclear Energy Institute (NEI)), INPO of the maintenance rule. It would representatives suggested their Safety enhance licensees' capabilities to SUPPLEMENTARY INFORMATION: System Performance Indicator (SSPI) as implement the evaluation and goal a surrogate for reliability data. They setting activities required by the Background proposed expanding the indicator to maintenance rule by providing licensees CurrentRequirements additional systems and indicated that with access to current industry-wide requirements to data elements could be modified to reliability and availability information There are no existing systematically report reliability and compute actual reliability and for some of the systems and equipment availability data. Although general within the scope of the maintenance availability information; nor is there an industry-wide database to provide such agreements were reached with INPO on rule. which systems and components and information.

DATES: Comments regarding any aspect Current reporting requirements in 10 what types of data elements are of the proposed rule are due to the CFR 50.72, "Immediate notification" appropriate for risk-related applications Commission by June 11, 1996. and 10 CFR 50.73, "Licensee event and maintenance effectiveness Comments received after that date will report system," require the submittal of monitoring, no voluntary system of be considered if it is practical to do so, extensive descriptive information on providing data resulted from these but the Commission can give no selected plant and system level events. discussions. In the fall of 1994, the NRC assurance of consideration for late The Nuclear Plant Reliability Data staff began work on this rulemaking comments. The Commission intends System, a data base that industry action. In June 1995, NEI proposed to that this expiration date will be at least supports and the Institute for Nuclear discuss a voluntary approach of 30 days after publication of an Power Operations (INPO) maintains, providing reliability and availability associated draft regulatory guide for provides data on component data to the NRC based on SSPI data. The public comment. engineering characteristics and failures. NRC staff will continue to work with In addition, comments regarding the Neither of these sources includes all the industry on voluntary submittal of collection of information, including the data elements (i.e., number of demands reliability data, under a program that burden estimate and suggestions for on a system, number of hours of will meet the needs of all parties, while reducing the burden, should be operation, and information on at the same time proceeding to obtain submitted to the Office of Management maintenance unavailability) that are public comment on this proposed rule.

and Budget (OMB), and to the NRC, by needed to determine the reliability and Industry representatives have March 13, 1996. For further information availability of systems and equipment. expressed concern that reliability data, see the discussion below under the Maintenance effectiveness monitoring if publicly available, would be subject to A-3

5320 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules misuse. In certain circumstances it is a technical problem, with its attendant is necessary to identify similar permissible for the NRC to withhold risk, that may warrant generic action. equipment in various plants so that the information from public disclosure. For Similarly, a plant-specific indication of data can be properly grouped and example, pursuant to 10 CFR low reliability or availability for several analyzed to estimate overall industry 2.790(b)(1), a licensee may propose that systems might indicate a programmatic performance and plant-specific a document be withheld from public problem, with its attendant risk, and performance and to identify outliers 2

disclosure on the grounds that it may warrant plant-specific action. (good or bad).

contains trade secrets or privileged or It has been noted that prior to some Some examples of how reliability and confidential commercial or financial significant events (such as the scram availability information would be used information. However, the data that failure at Salem and the accident at to improve current NRC regulatory would be reported under this proposed Three Mile Island) there was previously applications that consider risk in the rule would not appear to qualify for existing information (such as challenge decision process are discussed below.

withholding. Reliability data used as data and reliability data for scram One of the examples involves the need input to risk-based regulatory decisions breakers and power operated relief for information to support generic should be scrutable and accessible to valves) which, if collected, recognized, regulatory actions--i.e., generic issue the public. The Commission's PRA and acted upon might have led to resolution and its associated rulemaking policy statement indicates that preventive actions. Accordingly, it is or regulatory guide revision. Another appropriate supporting data for PRA expected that reliability and availability example involves the need for analyses that support regulatory information for selected risk-significant information to determine whether decisions should be publicly available. systems would improve the NRC's further NRC action is needed at specific Similarly, the Commission's draft report oversight capability with respect to plants--i.e., indicators of plant on public responsiveness (March 31, public health and safety-i.e., the ability performance. Some involve a mixture of 1995; 60 FR 16685) indicates that the to maintain or enhance safety by plant specific and generic elements. For policy of the NRC is to make identifying and reviewing indications of example, analyzing an event at a given information available to the public increased risk and, if appropriate, taking plant could lead to a plant-specific relating to its health and safety mission, generic or plant-specific action. action such as a special inspection and/

consistent with its legal obligations to Such problems could be subtle in or to a generic action such as a bulletin protect information and its deliberative nature. For instance, licensee(s) might or generic letter.

and investigative processes. schedule train outages for maintenance Generic Issue Resolution Commenters who believe that there is at certain times, such that risks are substantially increased over what would The NRC currently uses risk estimates information subject to a proper 10 CFR 2.790(b)(1) withholding determination be expected based on random outages. in: (1) prioritizing safety issues, (2)

This situation would not be indicated deciding whether new requirements or requested by the proposed rule should staff positions to address these issues provide a specific justification for such by current reporting requirements, or even by simply reporting train are warranted, and (3) deciding whether belief.

Move to Risk-Based Regulation unavailability, but it could be indicated by the concurrent unavailability of two proposed new requirements or staff positions should be implemented. I For several years the Commission has or more trains, as would be reported Knowing the current, updated reliability been working towards increased use of under the proposed rule. Additional and availability of key systems would, PRAs in power reactor regulation. In its examples discussed below describe in some cases, lead to a better policy statement on the use of PRAs, the further specific uses of the data that understanding of the risk in these areas Commission has indicated that the use would help to enhance safety. and, thus, to more risk-effective of PRA technology should be increased In order to move towards risk-based decisions. This should both enhance in all regulatory matters to the extent regulation and the increased use of PRA public protection and reduce supported by the state-of-the-art in information, the NRC needs scrutable, unnecessary regulatory burdens.

terms of methods and data, and this plant-specific and generic reliability and Generic data would usually suffice for implies that the collection of equipment availability information. The framework this purpose; however, in some cases and human reliability data should be for an overall move towards risk-based the data would need to be divided to enhanced. Implementation of these regulation involves the development of account for specific classes or groups of policies would improve the regulatory a regulatory process. This process plants.

process through (1) improved risk includes operational procedures and Indicators of Plant Performance effective safety decision making, (2) decision criteria that require credible PRA methods, models, and data. This PRA models with plant-specific more efficient use of agency resources, framework would provide for reliability and availability data would and (3) reduction in unnecessary predictable, consistent, and objective be used to develop indicators of plant burdens on licensees. These risk-based regulatory decision making. performance and trends in plant improvements would enhance both The data that would be reported under performance which are more closely efficiency and safety.

The data reported under this this rule represent one of the needed related to risk than those currently in use. These new indicators would proposed rule would improve the NRC's elements. In addition, these data are replace some of those currently in use oversight capability with respect to needed to improve the efficiency and public health and safety by focusing the effectiveness of NRC regulatory 2 For many of the systems involved, plant specific NRC's regulatory programs in a risk applications that employ a risk-based demand and failure data will be sparse, at least effective manner. Generally, the NRC's perspective in advance of defining the initially. Until data have been collected for some ability to identify plants and systems at entire framework. time, it will be necessary to use data from similar increased risk for significant events and, Generally, plant-specific information equipment. applications, and environments at is needed because there can be wide several plants in order to obtain practical estimates thus, to take appropriate action would of reliability and uncertainty. Even when sufficient be substantially improved. For example, plant-to-plant variations in the design, plant-specific data exist to estimate plant a generic indication of low reliability or importance, reliability and availability performance, comparison to industry or group availability for a system might indicate of particular systems and equipment. It averages is often desirable.

A-4

Federal Re~ister / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules 5321 Federal~~

/ o.6,N.2 ~ ~ ody ~ ~

eray1,19 ~ ha failureratoes estmaedsrmtetn and thereby enhance NRC's ability to degraded by aging and define the extent that failure rates estimated from testing and the risk-significance of aging are approximately the same.

make risk-effective decisions with regard to identifying plants for problems. Inservice Testing increased or decreased regulatory Another class of examples involves the need for information to evaluate Inservice testing requirements, which attention. For example, it is important to are based on the provisions of the detect situations where an individual anticipated cost beneficial licensing actions, where the rationale is that risk American Society of Mechanical plant may be having reliability or Engineers Boiler and Pressure Vessel availability problems with multiple permits reductions in previous margins of safety or less prescriptive Code (ASME Code), measure the systems. functional characteristics of equipment requirements without adverse impact on Accident Sequence Precursor (ASP) and overall safety. The NRC is actively performance, such as pump flow, in Event Analysis pursuing a variety of modifications to order to detect degradation. The ASME the basic regulations and guidelines that and licensee owners' groups are Plant-specific, train-level reliability govern the operation of commercial working toward establishing risk-based and unavailability data would be used to improve the plant-specific ASP nuclear power reactor s. These frequencies for inservice testing, based modifications are characterized by on plant-specific risk ranking models which the NRC uses to compute allowing individual licensees to utilize methodologies. Changes in testing conditional core damage probability for insights from plant-specific risk frequency can affect reliability in many determining the risk-significance of ways. For example, less frequent valve operational events. In addition, dates evaluations to reduce or remove current requirements that are found to have low testing might lead to an increase in the and causes of equipment failures would risk-significance. Current regulatory demand failure rate because the valve be used to identify common cause requirements under consideration for actuating mechanism tends to bind or failures and to compute common cause failure rates for input to these models. risk-based modification include those freeze after extended periods of Improving these methods would prescribing quality assurance, in-service idleness. However, using plant-specific enhance the staff's ability to make risk inspection, in-service testing, and demand failure and unavailability data, effective decisions about which events surveillance testing. It is anticipated proposed changes can be more warrant further inspections or that a significant number of additional effectively evaluated based on the risk requests will be received that rely upon significance and performance of plant investigations and/or generic actions such as bulletins and generic letters. risk-based arguments. These changes systems and based on confidence that could adversely affect the level of safety there will be appropriate feedback to Plant-specific data are needed to better achieved by the plants if the risk assure that the level of safety is not understand an event and calculate the associated conditional core damage evaluations are flawed or the changes being degraded.

probability. It is also useful to identify are improperly executed or the changes NRC Maintenance Rule systems that have the most influence on involve synergistic effects that are not covered by the risk models or captured The maintenance rule, 10 CFR 50.65, the results. Then the risk associated was issued on July 10, 1991 (56 FR with the potential for similar events at by historical data. Current, plant specific reliability and availability data 31306). The reliability and availability other plants, which may be known to information that would be required by have low reliability for the key systems, would help the NRC monitor the licensees' programs to maintain safety the proposed reporting rule would can be considered in determining improve the NRC's oversight of whether further actions are warranted. while reducing regulatory burdens.

Relaxation of undue regulatory burdens licensees' implementation of the Risk-Based Inspections then can proceed with confidence that maintenance rule. It would also enhance there will be appropriate feedback to licensee's capabilities to implement the Current and updated system assure that the level of safety is not evaluation and goal-setting activities reliability, availability and failure data being degraded. Some examples are required by the maintenance rule by in a generic and plant-specific risk providing licensees with access to based context would be used to enhance discussed below.

the staffs ability to plan inspections current industry-wide reliability and Risk-Based Technical Specification availability information for some of the focused on the most risk-significant plant systems, components, and Technical Specification requirements systems and equipment Within the specify surveillance intervals and scope of the maintenance rule.

operations. While generic data would be used in developing risk-based allowed outage times for safety NRC Monitoring equipment for the various modes of inspection guides and a framework for is anticipated that As discussed above, current plant plant operation. It inspections, plant-specific data would specific data can provide feedback on be used to focus and optimize licensees will request a number of inspection activities at specific plants. relaxations in surveillance intervals and the effectiveness of licensee programs, allowed outage times. Current, plant including maintenance programs.

For example, an individual plant may Accordingly, these data would improve specific reliability and availability data have an atypical reliability problem the NRC's monitoring ability by would help the NRC monitor with a specific risk-significant system providing risk-based measures of the performance for the systems and and thereby warrant additional effectiveness of individual licensee equipment subject to the proposed rule.

attention. In addition, special studies Thus, proposed relaxations of maintenance programs and the overall can be conducted to determine the root surveillance intervals and allowed effectiveness of the maintenance rule.

cause of reliability problems by In addition, the NRC has expressed outage times for such systems could be comparing the characteristics of plants evaluated more effectively based on past concern about the extent to which some that have these problems with those that performance and on confidence that reactor licensees are taking systems and do not. equipment out of service for there would be appropriate feedback to Aging ensure that performance is not being maintenance during plant operation.

help degraded. In addition, failure rates from Although this practice may offer Equipment reliability data would actual demands will be used to verify economic benefits by reducing plant identify equipment that is being A-5

L 5322 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules downtime, it must be properly managed goals, taking into account industry-wide Description of ProposedRule to assure that safety is not operating experience where practical. It compromised. It should be noted that The proposed rule would require also requires periodic program licensees are required by 10 CFR evaluations, including consideration of holders of operating licenses for nuclear 50.65(a)(3) to periodically conduct unavailability due to monitoring or power reactors to report reliability and assessments and make adjustments to preventive maintenance, taking availability data for certain risk ensure that the objective of preventing industry-wide operating experience into significant systems and equipment. The failures through maintenance is account, where practical. Licensees will proposed reporting requirements would appropriately balanced against the need to monitor reliability and apply to the event-mitigating systems objective of minimizing unavailability availability of risk-significant systems, and equipment which have or could due to monitoring and preventive particularly for the periodic program have a significant effect on risk in terms maintenance. The NRC would use the evaluations.4 of avoiding core damage accidents or hours when any two or more trains from For many of the systems involved, preserving containment integrity.

the same or differenL systems are plant-specific demand and failure data Summary information reported to the concurrently unavailable to monitor will be sparse, at least initially. NRC would be:

how well licensees are managing the However statistical analysis techniques 1. The number of demands, the risk associated with such maintenance. exist that allow a licensee to analyze number of failures to start associated As discussed below, under "Licensee and evaluate data from similar with such demands, and the dates of Implementation," the data would also equipment, applications and any such failures, characterized enhance licensees' capabilities to make environments from other plants, besides according to the identification of the prudent on-line maintenance decisions. the data from their plant. These analyses train affected, the type of demand (test, The maintenance rule is also yield meaningful reliability estimates inadvertent/spurious, or actual need),

important to license renewal (10 CFR for the subject plant that can be and the plant mode at the time of the Part 54). Hence, improving the NRC's compared with performance goals. demand (operating or shutdown);

oversight of the maintenance rule could Industry-wide data would also provide 2. The number of hours of operation strengthen one of the bases for the scope a practical source for comparing plant following each successful start, of the license renewal rule. specific performance with industry characterized according to the operating experience. Although plant identification of the train affected and Licensee Implementation whether or not the operation was specific information is generally In connection with the NRC's PRA available on site, and utilities review terminated because of equipment policy, the NRC staff has defined the licensee event reports and other generic failure, with the dates of any such data elements that would improve the event informatior, NRC site visits, failures; evaluation of maintenance and has 3. The number of hours equipment is associated with early efforts to prepare established that they are the same as for maintenance rule implementation in unavailable, characterized according to those needed to support a transition the identification of the train affected, 1996, indicate that utilities do not use toward a risk- and performance-based industry operating experience in a the plant mode at the time equipment is regulatory process. The NRC believes unavailable (operating or shutdown),

systematic and consistent way for goal that the reliability and availability data characterization of the unavailable setting purposes under the maintenance that would be required by this rule period (planned, unplanned, or support rule. Based on these considerations, the would enhance licensee's capabilities to system unavailable), and, if due to a implement the evaluation and goal availability of current, industry-wide reliability and availability data would support system being unavailable, setting activities required by the dentification of the support system; enhance licensee's capabilities to maintenance rule by providing licensees 4. For each period equipment is with access to current industry-wide implement the evaluation and goal setting activities required by the unavailable due to component failure(s),

reliability and availability information failure record identifying the maintenance rule.

for some of the systems and equipment As discussed previously, the NRC has component(s) and providing the failure within the scope of the maintenance recently found cause for concern about late, duration, mode, cause, and effect; 3

rule. how some reactor licensees handle on and In some circumstances, the 5. The number of hours when two or maintenance rule requires licensees to line maintenance. Prudent on-line maintenance decisions depend on a full nore trains from the same or different establish performance or condition ssystems were concurrently unavailable, appreciation of the risk-significance of taking equipment out of service characterized according to the 3 The systems and equipment covered by this (individually or collectively) and use of dentification of the trains that were proposed rule are a subset of the systems and equipment within the scope of the maintenance plant-specific and generic reliability and navailable.

rnle. The data elements are more extensive than availability data would play a The first annual report would identify what would be required for compliance with the maintenance rule: however, for the systems significant role in improving such t he systems, trains, and ensembles of decision making. :omponents covered by the reporting covered, these data elements would serve to improve implementation of the maintenance rnle. requirements of the rule; subsequent To cite one example, under 10 CFR 50.65(a)(2), risk "4NUMARC 93-01, which the NRC has endorsed mnual reports would either state that significant systems may be considered to be subject as describing one acceptable way of meeting the no changes were made subsequent to to an effective preventive maintenance program requiremrnts of the NRC's maintenance rule, he previous annual report or describe and, thus, not subject to condition or performance indicates in Section 12.2.4 that the adjustment for t he changes made.

monitoring unless "maintenance preventable" balancing of objectives needs to he done for risk failures occur. However, gathering the reliability significant structures, systems, and components The summary information would be and availability information specified in this (SSCs). However, for other SSCa it is acceptable to reported annually and compiled on the proposed rnle, including data elements such as measure operating SSC performance against overall 1basis of calendar quarters, or on a more concurrent outages and the causes of failures, plant performance criteria and standby system would provide a bettu picture of a system's frequent basis at the option of each performance against specific perfonnance criteria.

performance and the effectiveness of the preventive maintenance program than simply awaiting the occurrence of "maintenance preventable" failures.

This is reasonable in that, for systems that are less risk-significant, the expense of a rigorous balancing' is not warranted.

individual licensee. Records and documentation of each occurrence of a demand, failure, or unavailable period I

A-6

Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules 5323 that provide the basis for the summary effectively utilize these estimates. For For example, it is expected to be data reported to the NRC would be example, a high unplanned necessary to review the actual required to be maintained on site and unavailability may indicate a need for unavailable hours in order to estimate made available for NRC inspection. more preventive maintenance; a high the mean repair times for key In developing these data elements the planned unavailability may indicate the components for the purpose of updating NRC has, over the past three years, opposite.

The unavailable hours due to support the staff's PRA models.

reached a consensus on the minimum Regulatory Guide data'needed to support risk-based systems failure or unavailability are applications and enhance needed to properly capture concurrent A new regulatory guide will be implementation of the maintenance outages and to eliminate double prepared and issued to provide rule. During this period NRC staff has counting. For example, an Emergency supplementary guidance. The guide will also interacted extensively with INPO Service Water (ESW) train being present an acceptable way to define the and NEI in an effort to define the unavailable may result in other trains systems and equipment subject to the minimum reliability and availability being unavailable as well; however, for rule and it will provide risk-based data needed to satisfy the needs of both purposes of estimating risk in a PRA definitions of failure as well as train and NRC risk-based regulatory applications study, that unavailability should not be system boundaries consistent with PRA and industry (licensee) uses of PRA. counted more than once. applications. The format in which data The number of demands and the The date of each failure is needed to would be provided to the NRC and a number of successful starts are needed allow screening for potential common suggested format for maintaining on-site to estimate demand reliability, i.e., the cause failures. Failures that occur documentation and record keeping fraction of demands that result in closely together in time warrant review would be included. In order to reduce successful starts. (The complement of to see whether a common cause failure costs, use of electronic data submittal this fraction provides an estimate of the may be involved. Common cause will be considered a priority objective in probability of failure on demand). The failures may indicate a need for revised developing and implementing the guide.

actual number of demands and maintenance procedures or staggered A draft guide will be published for successes, as opposed to the ratio, is testing. Common cause failure rates are comment before it is finalized. A public needed for purposes such as: (1) also needed for PRA models because of workshop is planned after publication providing a measure of confidence in their importance in system reliability of the draft guide. The comment period the results and (2) permitting proper and availability estimates. for this proposed rule will not expire combination of data from different Failure cause and failure mode until at least 30 days after publication plants. information are needed to support of the draft regulatory guide.

The type of demand is needed to common cause failure analysis as discussed above and to associate the Definitions determine whether or not the demand reliability estimated by testing is failure with the correct failure mode for The basic definitions used in approximately the same as the demand input into PRA models. reporting under § 50.76 are discussed reliability for actual demands. Quarterly data are needed to conduct below; further details will be addressed Sometimes it is not, indicating a need first order trending studies to identify in the regulatory guide. For example, for additional data analysis in making areas of emerging concern with regard to the basic definition of failure is reliability estimates. overall plant and system performance. provided here; further details, such as The plant mode at the time of a More frequent compilation is acceptable how to handle a case where the demand is needed to estimate the at the discretion of each licensee. operators prematurely terminate system demand frequency, demand reliability, An identification of the systems, operation following a real demand, will and unavailability according to plant trains, and ensembles of components be discussed in the regulatory guide. In mode. These factors, as well as the risk subject to the rule is needed because particular, the regulatory guide will associated with unreliability and identification of the components within define risk-significant safety function(s) unavailability, can be quite different the systems, trains, and ensembles is and failures for systems and equipment depending on whether the plant is in necessary for proper use and evaluation covered by this proposed rule.

operation or shut down. of the data by the staff and for industry Demand is an occurrence where a The hours of operation following wide generic applications to account for system or train is called upon to successful starts are needed to estimate physical differences between plants. For perform its risk-significant safety the probability the equipment will example, simplified system diagrams function. A demand may be manual or function for a specified period of time. could be marked to show the systems, automatic. It may occur in response to This information is needed for systems trains, and ensembles against which the a real need, a test, an error, an that must operate for an extended data would be reported. equipment malfunction or other period following an accident to fulfill a Retention of records and spurious causes. For the purposes of risk-significant safety function. documentation that provide the bases reporting under this rule, the demands The number of hours that equipment for the summary data report to the NRC of interest are those which are actual is not available (unavailable hours) is for a period of several years is consistent demands or closely simulate actual needed to estimate the fraction of time with maintenance rule applications. For demands for the train or specific that a train is not available to perform example, monitoring reliability for a few equipment involved.

its risk-significant safety function. For years may be used to determine trends Failure,for the purpose of reporting some systems this can be an important in order to achieve the balance under this rule, is an occurrence where or dominant contributor to the overall described in 10 CFR 50.65(a)(3)-i.e., a system or train fails to perform its risk probability of failure to perform the the balance between preventing failures significant safety function. A failure system's safety function. It can be through maintenance and minimizing may occur as a result of a hardware significantly affected by elective unavailability due to monitoring and malfunction, a software malfunction, or maintenance. preventive maintenance. In addition, a human error. Failures to start in The type of unavailable hours on-site data are needed to provide a response to a demand are reported (planned or unplanned) is needed to scrutable basis for regulatory decisions. under paragraph 50.76(b)(1)(i). Failures A-7

5324 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules to run after a successful start are equipment that have been substantially "sunset provision" in the rule, whereby reported under paragraph 50.76(b)(1](ii). involved in significant events in U. S. the rule would automatically expire Unavailabilityis the probability that a reactors. These systems were found to after a specified period of time unless:

required system or train is not in a fall into the following categories: (i) a condition specified in the rule is condition to perform or is not capable 1. Basic systems. As indicated above, fulfilled, or (ii) the Commission engages of performing its risk-significant safety the NRC expects that these systems in a rulemaking which extends the function. This may result from failure to would be included in the scope of the effectiveness of the rule. The start, from failure to run, or from rule for all plants. The basic systems on Commission requests public comments intentional or unintentional removal of the proposed list have been confirmed on whether the proposed rule should equipment from service (e.g., for to have been substantially involved in contain such a sunset provision, and if maintenance or testing). signi ficant events. so, the period of time after which the Risk-significant safety function is a 2. Plant-specific systems. Systems rule should automatically expire.

safety function that has or could have a such as service water and component GrandfatherProvision.There may be significant effect on risk (in terms of cooling water are risk-significant, but some plants for which, at the time that avoiding core damage accidents or the significance varies widely, the proposed rule may be adopted by preserving containment integrity for the depending upon plant-specific designs. the Commission as a final rule, licensees purposes of reporting under this It is expected that these systems will be have already announced plans to proposed rule). included, as appropriate, based on discontinue operation in the near future.

Reportable systems and equipment plant-specific PRA studies. Other Furthermore, licensees may determine are the event-mitigating systems and systems, such as containment purge, in the future to discontinue operation at equipment which have or could have a appear infrequently in connection with some plants. In either case, there may be significant effect on risk in terms of significant events and are not expected less reason to require collection and avoiding core damage accidents or to be risk-significant for any plants. repeting of the information preserving containment integrity. The 3. Initiating systems. Systems such as contemplated by the proposed rule at reportable systems and equipment will main feedwater and offsite power are such plants and it may be advisable to be determined by each licensee. The primarily considered to be initiators of exempt such plants from the regulatory guide will describe significant events, rather than mitigation information collection and reporting acceptable methods for making that systems. Existing reporting requirements of the proposed rule (i.e.,

requirements in 10 CFR 50.72 and 10 "grandfathering"). The Commission determination.

It is expected that the rule will CFR 50.73 provide enough information requests public comments on whether produce a set of basic systems for which to characterize the important initiating the proposed rule should exempt plants reliability data will be reported for all systems for the purpose of PRA studies. that have announced (or will announce)

4. Non-measurable items. Items such plans to discontinue operation within a plants that have them. However, these basic systems are not sufficient by as reactor coolant system corrosion are short time (e.g., two years).

themselves. Additional systems and not amenable to meaningful measurement by the methods of this Conclusion equipment to be addressed will depend proposed rule. As discussed under the subject "Move on plant-specific features. Listed below Based on this review, the systems and to Risk-Based Regulation," the is the set of basic systems that the equipment to be included in the scope information to be collected under the Commission is currently considering for of the rule are considered reasonably proposed rule is necessary for the identification in the draft regulatory consistent with operating experience in development and implementation of guide. terms of involvement in significant risk-based regulatory processes. Risk Basic PWR systems Basic BWR systems events. Accordingly, it is expected that based regulatory approaches provide a reliability and availability information means for the Commission to maintain, Auxiliary feedwater .... Reactor core isolation for those systems and equipment will be and in some cases improve, safety while cooling or isolation well suited for identifying plants and reducing impacts on licensees as well as condenser. systems at increased risk for significant NRC resource expenditures, by focusing High pressure safety Feedwater coolant in events. regulatory requirements and activities injection jection, high pres Minimizing Costs. The NRC intends on the most risk-significant areas. In sure coolant injec that the data required to be collected addition, this information would tion or high pres and reported under this proposed rule improve the NRC's oversight of sure core spray, as licensees' implementation of the appropriate. be essentially the same as would be Reactor protection ..... Reactor protection. required for monitoring reliability and/ maintenance rule. It would also enhance Low pressure safety Low pressure coolant or availability for other purposes, such licensee's capabilities to implement the injection, injection and low as monitoring system reliability where evaluation and goal-setting activities pressure core that is the option chosen for compliance required by the maintenance rule by spray. with the maintenance rule. Thus, it providing licensees with access to Emergency ac power Emergency ac power. should be practical to gather and report current industry-wide reliability and the data without significant additional availability information for some of the As discussed above, the systems and cost. This will be a priority goal in risk-significant systems and equipment equipment to be included in the scope developing the guidance to be included within the scope of the maintenance of the rule would be those event in the new regulatory guide. rule. The Commission has also prepared mitigating systems and equipment that Sunset Provision.As experience is a regulatory analysis (see "Regulatory have or could have a significant effect gained with implementing the proposed Analysis") which identified alternatives on risk in terms of avoiding core damage rule and utilizing the information for collecting the information for use by accidents or preserving containment required to be collected and reported, a both licensees and the NRC, and integrity. To ensure that this approach reassessment may be necessary or evaluated the costs of each viable is consistent with operating experience, desirable. One way of assuring such a alternative. Based upon these factors, the NRC has considered the systems and reassessment would be to include a the Commission believes that the costs A-8

5325 Federal RegUter / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules

4. How can the burden of the the backfit rule, 10 CFR 50.109, does not of the proposed rule's information apply to this proposed rule, and collection and reporting requirements collection of information be minimized including by using automated collection therefore, a backfit analysis is not are justified in view of the potential required for this proposed rule because safety significance and projected techniques?

Send comments on any aspect of this these amendments do not involve any benefits of the information in NRC provisions which would impose backfits regulatory activities. proposed collection of information, including suggestions for reducing the as defined in 10 CFR 50.109(a)(1).

Submission of Comments in Electronic burden, to the Information and Records However, as discussed above in Format Management Branch (T-6-F33), U.S. "Regulatory Analysis," the Commission Nuclear Regulatory Commission, has prepared a regulatory analysis Commenters are encouraged to which summarizes the purpose and submit, in addition to the original paper Washington, DC 20555-0001, and to the intended use of the information copy, a copy of their comments in an Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, proposed to be collected, identifies electronic format on IBM PC DOS alternatives for collection and reporting compatible 3.5- or 5.25-inch, double (3150-0011), Office of Management and Budget, Washington, DC 20503. of the proposed information, and sided, diskettes. Data files should be identifies the impacts and benefits of provided in WordPerfect 5.0 or 5.1. Comments to OMB on the collections of information or on the above issues the alternatives.

ASCII code is also acceptable, or if This regulatory analysis constitutes a formatted text is required, data files should be submitted by March 13, 1996.

Comments received after this date will disciplined process for evaluating the should be submitted in IBM Revisable potential benefits and projected impacts Format Text Document Content be considered if it is practical to do so, but assurance of consideration cannot (burdens) of information collection and Architecture (RFT/DCA) format. reporting requirements such as the be given to comments received after this Environmental Impact- Categorical date. proposed rule. The Commission Exclusion therefore concludes that the objective Public Protection Notification underlying the Commission's adoption The proposed rule sets forth The NRC may not conduct or sponsor, of the Backfit Rule-that regulatory requirements for the collection, and a person is not required to respond impacts are assessed under established maintenance, and reporting of reliability to, a collection of information unless it criteria in a disciplined process--is and availability data for certain risk displays a currently valid OMB control being met for this proposed rule.

significant systems and equipment. The number.

NRC has determined that this proposed List of Subjects in 10 CFR Part 50 rule is the type of action described in Regulatory Analysis Antitrust, Classified information, categorical exclusion, 10 CFR The Commission has prepared a draft Criminal penalties, Fire protection, 51.22(c)(3)(ii). Therefore, neither an regulatory analysis on this proposed Intergovernmental relations, Nuclear environmental impact statement nor an regulation. The analysis examines the power plants and reactors, Radiation environmental assessment has been costs and benefits of the alternatives protection, Reactor siting criteria, prepared for this proposed regulation. considered by the Commission. The Reporting and record keeping Paperwork Reduction Act Statement draft analysis is available for inspection requirements.

in the NRC Public Document Room, For the reasons set out in the This proposed rule amends 2120 L Street NW. (Lower Level), preamble and under the authority of the information collection requirements that Washington, DC. Single copies of the Atomic Energy Act of 1954, as amended, are subject to the Paperwork Reduction draft analysis may be obtained from: the Energy Reorganization Act of 1974, Act of 1995 (44 U.S.C. 3501 et seq.). Dennis Allison, Office for Analysis and as amended, and 5 U.S.C. 553, the NRC This rule has been submitted to OMB Evaluation of Operational Data, U.S. is proposing to adopt the following for review and approval of the Nuclear Regulatory Commission, amendments to 10 CFR Part 50.

Paperwork Reduction Act requirements. Washington, DC 20555-0001, The public reporting burden for this Telephone (301) 415-6835. PART 50--OOMESTIC UCENSING OF collection of information is estimated to PRODUCTION AND UTIUZATION average 1375 hours0.0159 days <br />0.382 hours <br />0.00227 weeks <br />5.231875e-4 months <br /> per response (i.e., Regulatory Flexibility Certification FACILITIES per commercial nuclear power reactor In accordance with the Regulatory 1. The authority citation for Part 50 per year), including the time for Flexibility Act of 1980 (5 U.S.C. 605 continues to read as follows:

reviewing instructions, searching (B)), the Commission certifies that this existing data sources, gathering and rule will not, if promulgated, have a Authority: Sections 102,103,104, 105, maintaining the data needed, and significant economic impact on a 161, 182, 183, 186, 189,68 Stat. 936, 937, completing and reviewing the collection substantial number of small entities. 938. 948,953, 954,955,956. as amended, sec. 234, 83 Stat 1244, as amended (42 of information. The Commission is The proposed rule affects only the U.S.C. 2132, 2133. 2134, 2135, 2201, 2232, seeking public comment on the licensing and operation of nuclear 2233, 2236, 2239, 2282); secs. 201, as potential impact of the collection of power plants. The companies that own amended, 202, 206, 88 Stat. 1242, as information contained in the proposed these plants do not fall within the scope amended, 1244, 1246 (42 U.S. C. 5841, 5842, rule and on the following issues: of the definition of "small entities" set 5846).

1. Is the proposed collection of forth in the Regulatory Flexibility Act or Section 50.7 also issued under Pub. L. 95 601, sec. 10, 92 Stat 2951 as amended by information necessary for the proper the size standards adopted by the NRC Pub. L. 102-486, sec. 2902, 106 Stat 3123, (42 performance of the functions of the on April 11, 1995 (60 FR 18344-10 U.S.C. 5851). Section 50.10 also issued under NRC, and does the information have CFR 2.810. secs. 101, 185, 68 Stat. 936, 955, as amended practical utility? (42 U.S.C. 2131, 2235]; sec. 102, Pub. L. 91 Backfit Analysis 190, 83 Stat. 853 (42 U.S.C. 4332). Sections
2. Is the estimate of burden accurate?
3. Is there a way to enhance the The proposed rule sets forth 50.13, and 50.54(dd), and 50.103 also issued requirements for reporting and record under sec. 108, 68 Stat. 939, as amended (42 quality, utility, and clarity of the U.S.C. 2138). Sections 50.23, 50.35, 50.55, information to be collected? keeping. The NRC has determined that A-9

5326 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and 50.56 also issued under sec. 185, 68 Stal (iii) The number of hours equipment DEPARTMENT OF TRANSPORTATION 955 (42 U.S.C. 2235). Sections 50.33a, 50.551 is unavailable, characterized according and Appendix Q also issued under sec. 102, to the identification of the train affected Pub. L.91-190, 83 Stat. 853 (42 U.S.C. 4332] Federal Aviation Administration Sections 50.34 and 50.54 also issued under the plant mode at the time equipment is sec. 204, 88 Stat. 1245 ,42 U.S.C. 5844). unavailable (operating or shutdown), 14 CFR Part 39 Sections 50.58, 50.91, and 50.92 also issued characterization of the unavailable [Docket No. 93-NM-133-AD]

under Pub. L 97-415, 96 Stat. 2073 (42 period (planned, unplanned, or support U.S.C. 2239). Section 50.78 also issued tude,r system unavailable), and, if due to a Airworthiness Directives; Airbus sec. 122, 68 Stat. 939 (42 U.S.C. 2152). support system being unavailable, Industrie Model A300, A310, and A300 Sections 50.80-50.81 also issued under sec. identification of the support system; 600 Series Airplanes 184,68 Stat. 954, as amended (42 U.S.C. (iv) For each period equipment is 2234). Appendix F also issued under sec. unavailable due to component failure(s), AGENCY: Federal Aviation 187,68 Stat. 955 (42 U.S.C. 2237). a failure record identifying the Administration, DOT.

2. Section 50.8(b) is revised to read as component(s) and providing the failure ACTION: Supplemental notice of follows: date, duration, mode, cause, and effect; proposed rulemaking; reopening of and comment period.

§50.8 Infornmallon collection (v) The number of hours when two or re-qCirUmB" oM a ol. more trains from the same or different

SUMMARY

This document revises an systems were concurrently unavailable, earlier proposed airworthiness directive (b) The approved information characterized according to the (AD), applicable to certain Airbus collection requirements contained in identification of the trains that were Model A300, A310, and A300-600 this part appear in §§ 50.30, 50.33, unavailable. series airplanes, that would have 50.33a, 50.34, 50.34a, 50.35, 50.36, (2) The initial annual report described required inspections to detect missing 50.36a, 50.48, 50.49, 50.54, 50.55, in (b)(1) above shall identify the fasteners, cracked fitting angles, and 50.55a, 50.59, 50.60, 50.61, 50.63, 50.64, systems, trains, and ensembles of elongated fastener holes in certain 50.65, 50.71, 50.72, 50.75, 50.76, 50.80, components covered by paragraph (b)(3) frames, and correction of discrepancies.

50.82, 50.90, 50.91, 50.120, and below; subsequent annual reports shall That proposal was prompted by Appendices A, B, E, G, H, I, J, K, M, N, either state that no changes were made discrepancies found at the fitting angles 0, Q, and R. subsequent to the previous annual on the frame at which a certain report or describe any changes made. electronic rack is'attached. This action

3. Section 50.76 is added to read as f3) The requirements of paragraphs revises the proposed rule by revising the follows: (b)(1) and (b)(2) of this section apply to inspection thresholds and repetitive those event-mitigation systems, and intervals; providing an optional

§ 50.76 Reporting reliability and ensembles of components treated as avallability Infom'ation for risk-significant terminating action; and deleting certain single entities in certain probabilistic airplanes from the applicability. The systems and equipment.

(a) Applicability.This section applies risk assessments where a system or train treatment would not be appropriate, actions specified by this proposed AD are intended to prevent damage t

to all holders of operating licenses for which have or could have a significant commercial nuclear power plants under propagation that could lead to failure of effect on risk in terms of avoiding core the rack-to-structure attachment points, 10 CFR 50.21b or 50.22 and all holders damage accidents or preserving and subsequently could result in loss of of combined operating licenses for containment integrity. airplane systems, structural damage, commercial nuclear power plants under (4) Each licensee shall maintain and possible electrical arcing.

10 CFR 52.97. records and documentation of each (b) Requirements. (1) Each licensee DATES: Comments must be received by occurrence of a demand, failure, or March 4, 1996.

shall submit an annual report to the unavailable period that provide the NRC that contains the following ADDRESSES: Submit comments in basis for the data reported in paragraph information, compiled on the basis of triplicate to the Federal Aviation (b)(1) of this section on site and calendar quarters, or on a more frequent Administration (FAA), Transport available for NRC inspection for a basis at the option of each licensee, for Airplane Directorate, ANM-103, period of 5 years after the date of the systems, trains, and ensembles of Attention: Rules Docket No. 93-NM report specified in paragraph (b)(1) of components in paragraph (b)(3) of this 133-AD, 1601 Lind Avenue SW.,

this section.

section: (c) Implementation. Licensees shall Renton, Washington 98055-4056.

(i) The number of demands, the Comments may be inspected at this begin collecting the information number of failures to start associated required by paragraph (b) of this section location between 9:00 a.m. and 3:00 with such demands, and the dates of on January 1, 1997, and shall submit the p.m., Monday through Friday, except such failures, characterized according to first report required by paragraph (b)(1) Federal holidays.

the identification of the train affected, of this section by January 31, 1998. The service information referenced in the type of demand (test, inadvertent/ Thereafter, each annual report required the proposed rule may be obtained from

-spurious, or actual need), and the plant by paragraph (b)(1) of this section shall Airbus Industrie, 1 Rond Point Maurice mode at the time of the demand Bellonte, 31707 Blagnac Cedex, France.

be submitted by January 31 of the (operating or shutdown); following year. This information may be examined at (ii) The number of hours of operation the FAA, Transport Airplane following each successful start, Dated at Rockville, MD, this 2nd day of Directorate, 1601 Lind Avenue, SW.,

characterized according to the February, 1996. Renton, Washington.

identification of the train affected and For the Nuclear Regulatory Commission.

FOR FURTHER FORMATION CONTACT: Tim whether or not the operation was John C. Heyle, Backman, Aerospace Engineer, terminated because of equipment Secretoryof the Commission. Standardization Branch, ANM-113, failure, with the dates of any such [FR Doc. 96-2698 Filed 2-9-96; 8:45 am] FAA, Transport Airplane Directorate, failures; 75-"1-P CO.DEOcc 1601 Lind Avenue SW., Renton, A-I0

APPENDIX B GLOSSARY Actual Demand is a command to a reportable system, train, or equipment group to initiate action to perform its risk-significant function in response to a need for the function arising from an accident or transient.

Availability as used in this regulatory guide is the probability that a reportable system, train, or equipment group is capable of performing on demand its risk-significant safety function during a reportable plant operational state. It is estimated by dividing the number of hours that a system, train, or equipment group is available to perform its risk-significant safety function by the total number of hours that the plant is in a specific reportable plant operational state during a quarter.

Concurrent unavailable hours are the hours when two or more trains or equipment groups in reportable systems were unavailable at the same time to perform their risk-significant safety function during a plant operational state for which they were both reportable.

Core damage freauency is a measure of risk estimated by assessing the average yearly frequency of core damage that is expected for an individual nuclear power plant from the plant's probabilistic risk assessment (PRA).

Equipment group is a portion of a reportable system that is defined to indicate a group of components that are all commanded to perform their risk-significant safety function by a particular type of reportable demand.

Front-line system is a collection of components and structures designated and installed to perform one or more safety functions such as core inventory make up or containment cooling.

Principal component is an element of a train or equipment group necessary for the train or equipment group to perform its risk-significant safety function and is the lowest level of detail normally included in the plant equipment representation in its PRA models. For example, principal components would include:

  • Motor operated valves (manual or automatic), including motors and power supplies up to the first power breaker
  • Air operated valves, including air to local supply valves
  • Station battery output breakers and relays
  • Heat exchangers
  • RPS instrument logical output relays, such as the four k-relays in the example PWR scram system
  • Hydraulic control units in BWR RPS Reliability as used in this regulatory guide is reliability on demand and the probability that a system, train, or equipment group will successfully complete its risk-significant safety function when called upon to do so during a period when it is considered to be available.

Risk-importance measure is any quantitative calculation that measures the relative or absolute contribution to risk of an attribute that has an impact on risk.

Risk-siqnificant is the term given to any aspect of nuclear power operations that could have an effect on risk (either core damage frequency or health effects to the public).

Risk-significant safety function is a safety function, for the purposes of reporting under the proposed rule, that has or could have a significant effect on risk in terms of preventing core damage accidents or preserving containment integrity. The accomplishment of a risk-significant safety function does not necessarily correspond to operability requirements for design basis accidents.

It corresponds to the successful completion of the mission as modeled in PRAs.

Spurious demand is a command given to equipment that arises from a false signal that mimics an actual demand.

Support system is a system that provides a needed function to front-line or other systems but does not provide a direct safety function itself. Examples are electric power, service water, component cooling water, and automatic actuation systems.

Surveillance or test demand is a command given to equipment to prove that the equipment is available to perform its risk-significant safety function.

Unavailability and Unreliability are the complementary functions of availability and reliability.

B-2

APPENDIX C EXAMPLES OF REPORTABLE SYSTEMS This appendix provides several examples (Tables C-i thru C-5) of the types and numbers of systems that could be selected for final expert panel review and selection using the system level calculation alternate (with FV>O.I or RAW >100). These examples, which apply to five sample plants, were prepared by the NRC staff to illustrate the principles involved. Similar outcomes in selecting risk-significant systems for reporting reliability and availability data are expected when using the maintenance rule risk-significant structures, systems, and components (SSCs) and supplemental expert panel screening.

However, more emphasis is placed on qualititative screening when using the maintenance rule SSCs as a starting point. In each case, the screening considerations discussed in Regulatory Position 1.2, Other Reportable Systems, would be applied. For reference they are summarized below.

0 Event initiating systems (as opposed to mitigating systems) may be excluded.

a Support systems that support several reportable systems should be considered.

  • Systems and structures, such as containment structures and ice condensers, for which risk is more a function of capability than reliability, may be excluded.
  • Systems and equipment that are risk-significant only because the likelihood of operator error may be excluded.

0 Systems and equipment that make large contributions to shutdown risk and are significant contributors to overall risk should be included.

0 Systems and equipment that have a contribution to risk that is small compared to that of the basic systems may be excluded.

  • Systems important for the more risk-significant aspects of containment integrity.

Any of these considerations that were a significant factor in adding or deleting a system from Tables C-i through C-5 have been indicated in parentheses.

C-I

TABLE C-1: PLANT 1 - BWR, MARK 3 CONTAINMENT, GE TYPE 6 Risk Achievement Basic Candidate for System Name Fussell-Vesely Ratio Reason to Worth Ratio System Reportable System Include or Exclude Standby Service Water System 0.44 36200 No Yes High FV and RAW Emergency ac Power System 0.36 Less than 100 Yes Yes Auto. Depressurization System Less than 0.1 Less than 100 No No Residual Heat Removal System' Less than 0.1 Less than 100 Yes Yes Power Conversion System Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 26802 No Yes High RAW Safety Feature Actuation Less than 0.1 SEng.

Less than 100 No No High Pressure Core Spray Less than 0.1 Less than 100 Yes Yes Reactor Protection System Less than 0.1 Less than 100 Yes Yes Standby Liquid Control System Less than 0.1 Less than 100 No No Reactor Core Isolation Cooling 3 Yes Yes For Plant 1, we would expect seven systems to be candidate reportable systems.

I 1 Also decay heat removed function, low pressure core spray, containment spray and shutdown cooling function.

2 Largely HVAC support (accumulators are the backup).

Importance values not available.

C

TABLE C-2: PLANT 2 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT, CE Risk Achievement Basic Candidate for Reason to System Name Fussell-Vesely Ratio Worth Ratio System Reportable System Include or Exclude Main Feedwater 0.991 Less than 100 No No Always running, (c).

Auxilliary Feedwater 0.41 3130 Yes Yes Emergency AC Power 0.39 6620 Yes Yes High Pressure Safety Injection 0.32 268 Yes Yes Reactor Protection System 0.12 127000 Yes Yes HVAC/Chilled Water' 0.19 7390 No Yes See footnote 2.

Component 4Cooling Water3 Less than 0.1 161 No No See footnote 3.

Main Steam Less than 0.1 313 No Yes High RAW.

C Containment Spray Less than 0.1 Less than 100 No Yes Containment integrity, (g).

SSaltwater Cooling Less than 0.1 164 No Yes High RAW Safety Injection Tanks Less than 0.1 Less than 100 No No Low Pressure Safety Injection Less than 0.1 Less than 100 Yes Yes Instrument Air & Nitrogen System Less than 0.1 Less than 100 No No Chemical & Volume Control System Less than 0.1 Less than 100 No No For Plant 2, we would expect nine systems to be candidate reportable systems.

Includes motor-driven condensate pumps which back-up the steam driven auxiliary feed pumps.

2 High RAW and support for ECCS and emergency ac, (b).

Shutdown risk consideration (a).

4 Includes isolating steam generator and providing steam to turbine driven pumps.

TABLE C-3: PLANT 3 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT CE Risk Achievement Basic Candidate for Reason to System Name Fussell-Vesely Ratio Worth Ratio System Reportable System Include or Exclude Emergency ac power system 0.68 4130 Yes Yes Auxiliary Feedwater System 0.27 135 Yes Yes High Pressure Injection System Less than 0.1 140 Yes Yes Low Pressure Injection System Less than 0.1 598 Yes Yes Feedwater System Less than 0.1 737 No No Initiating event (a).

Containment Isolation System Less than 0.1 Less than 100 No No Raw Water System Less than 0.1 118 No Yes High RAW Primary Pressure Control Less than 0.1 Less than 100 No No Circulating Water System Less than 0.1 Less than 100 No No Chemical & Volume Control Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 Less than 100 No No Turbine Plant Cooling Water Less than 0.1 Less than 100 No No Component Cooling Water Less than 0.1 Less than 100 No Yes Shutdown risk, (e).

HVAC 1 Less than 0.1 7505 No Yes Containment Cooling System Less than 0.1 Less than 100 No Yes Containment integrity, (g).

Containment Spray System Less than 0.1 Less than 100 No Yes Containment integrity, (g).

Hydogen Purge System Less than 0.1 Less than 100 No No ESFAS Logic System Less than 0.1 Less than 100 No No Reactor Protection System' Yes Yes See footnote 2.

For Plant 3, we would expect 10 systems to be candidate reportable systems.

1 High RAW and supports both ECCS and emergency ac (b).

2 importance measures not available.

I L

TABLE C-4: PLANT 4 - BWR, MARK 1 CONTAINMENT, GE TYPE 4 Basic Candidate Reportable for System Reason Include to or Exclude Risk Worth Achievement Ratio System Fussell-Vesely Ratio High FV and RAW System Name Yes 8420 High FV and RAW 0.63 No Yes 8150 Eng. Safety Feature Actuation 0.25 No Yes High FV Less than 100 Essential Service Water 0.15 No No Less than 100 Primary Containment Venting Less than 0.1 No Yes Less than 100 Condensate System Less than 0.1 Yes Yes 499 High Pressure Coolant Injection 0.11 Yes Yes Yes 1010 Residual Heat Removal' Less than 0.1 No No Less than 100 Reactor Protection System Less than 0.1 Yes Yes Less than 100 Standby Liquid Control System Less than 0.1 Less than 100 No No Emergency ac Power System I~~

Less than 0.1 Yes Yes Less than 100 Reactor Building Cooling Water Less than 0.1 Less than 100 No No Reactor Core Isolation Cooling Less than 0.1 Less than 100 No No Normal Service Water Less than 0.1 Less than 100 No No DC Power System Yes See footnote 2.

Less than 0.1 4320 No Emergency Heat, Vent, & Air Cond. Less than 0.1 Less than 100 No No High Pressure Service Water' Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 Turbine Building Cooling Water to be candidate reportable systems.

For Plant 4, we would expect nine systems heat removal.

containment spray and post-accident Also low pressure coolant injection, function (b).

water and high head safety injection 2 High RAW and support for service

TABLE C-5: PLANT 5 - PWR, LARGE DRY SUBATMOSPHERIC PRESSURE CONTAINMENT, WESTINGHOUSE THREE-LOOP Risk Achievement Basic Candidate for System Name Fussell-Vesely Ratio System Reason to Worth Ratio Reportable System Include or Exclude Emergency ac Electric Power 0.62 1370 Yes Yes Reactor Coolant Pumps 0.19 Less than 100 No No Auxiliary Feedwater System Initiating event, (a).

0.19 4740 Yes Yes Primary Pressure Relief 0.1 Less than 100 No No High Pressure Injection 1 Operator action, (d).

0.1 565 Yes Yes Low Pressure Recirculation Less than 0.1 Less than 100 No No Reactor Protection System Less than 0.1 697 Yes Yes Main Service Water Less than 0.1 565 No Yes High RAW.

Accumulators Less than 0.1 C Low Pressure Injection Less than 100 No No Less than 0.1 Less than 100 Yes Yes Main Feedwater Less than 0.1 Instrument Air System Less than 100 No No Less than 0.1 Less than 100 No No High Pressure Recirculation Less than 0.1 DC Power (1A and 1B) Less than 100 No No Less than 0.1 1952 No Yes Component Cooling Water High RAW.

Less than 0.1 Less than 100 No Yes Residual Heat Removal Shutdown risk, (e).

Less than 0.1 Less than 100 No Yes Containment Spray System Shutdown risk, (e).

Less than 0.1 Less than 100 No Yes Inside Spray Recirculation Containment integrity, (g).

Less than 0.1 Less than 100 No No Outside Spray Recirculation Less than 0.1 Less than 100 No No Consequence Limiting Control Less than 0.1 Less than 100 No No For Plant 5, we would expect 10 systems to be candidate reportable systems.

Also dedicated charging pump cooling system and safety injection actuation.

2 Largely response to loss of offsite power.

APPENDIX D RISK-IMPORTANCE MEASURES The Fussell-Vesely importance measure is a relative measure. It provides an core damage indication of the fractional contribution of a given system to frequency (CDF) at the current, or expected level of reliability.

The mathematical expression for this importance measure is:'

FV = [F(x) - F(O)] I F(x) with: evaluated with F(x) = minimal cut set upper bound (or sequence frequency) x at the basic event probabilities of all components in system their mean value, and F(O) = minimal cut set upper bound (or sequence frequency) system evaluated with the basic event probabilities of all components in x set to zero.

An alternative notation is FV =

  • qj/CDF with:
  • q, = the sum of all cut sets that contain failure modes in the system of interest, and CDF = the sum of all cut sets, i.e., the core damage frequency.

The risk achievement worth ratio (ratio form of risk increase) is a relative measure. It provides an indication of the increase in CDF if a system is assumed to always fail. Its mathematical expression is:

RAW = F(1) / F(x) of NRC Terminology and definitions are derived from NUREG/CR-1489, "A Review where (March 1994), page C-165, Staff Uses of Probabilistic Risk Assessment" (or FV is discussed in terms of the fractional contribution of a component Copies of NUREG/CR-1489 are available for inspection or copying basic event).

for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, 20555; DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC at telephone (202)634-3273; fax (202)634-3343. Copies may be purchased Office, P.O. Box 37082, current rates from the U.S. Government Printing National Washington, DC 20402-9328 (telephone (202)512-1800); or from the Road, Technical Information Service by writing NTIS at 5285 Port Royal Springfield, VA 22161.

D-1

I with F(1) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to one The importance measures routinely calculated by PRA computer codes typically are applicable to individual components only. Importance measures individual components in a system are not necessarily additive for total importance of the system. In order to compute system to compute the determining reportable systems under 10 CFR 50.76, it is importances for suggested that F(O) be estimated by setting the probabilities of all basic events zero, including common cause and human error events. F(1) in the system to estimated by setting all of the basic events unique to the similarly can be the calculation of F(1), it may be necessary to resolve the system to one. In for the cut set in order to obtain an appropriate value for Boolean equations the RAW ratio.

D-2

APPENDIX E DEFINING SYSTEMS, TRAINS, AND EQUIPMENT GROUP CONFIGURATIONS AND DATA REPORTING FORMS Suggested Principles For identifying reportable systems, trains, and equipment groups within the systems, it is suggested that licensees mark up simplified drawings. Only included.

configurations representing risk-significant safety functions need be and Separate diagrams may be needed to clearly define all reportable trains equipment groups.

the In determining system boundaries, it is suggested that licensees include a active equipment that would be challenged by an actual demand to perform would risk-significant safety function. Passive components and check valves system and also be included as needed to provide a reasonable schematic of the could contribute to failures to allow identification of passive components that or unavailable hours.

pump flow It is suggested that the system then be divided into trains (e.g., associated paths in fluid flow systems, individual diesel generators and their support subsystems).

It is suggested that equipment groups be defined as needed to indicate what This compounds are involved in demands that challenge only part of a system.

will help to ensure that the data can be properly counted.

a In deciding whether a particular component should be considered as part of front-line system or part of a support system, one should consider the following:

If a support-system component is dedicated to support an individual train the or component in a front-line system, the component should be treated same as a component of the front-line train. (It need not be shown in the front-line system schematic diagram.)

If the component supports more than one train or system operation, it should be treated as part of the support system, even if the support system is not a reportable risk-significant system.

Support systems include but are not limited to service water, component cooling, reactor building cooling, HVAC, alternating current power and direct current power systems. For the cooling water system, the components that provide the principal functional capability would include pumps, valves, and

'Simplified drawings for each plant are available in the NRC's Plant Information Book. These books are maintained in the NRC Operations Center for use in incident response. Printed copies have been provided to each licensee. In addition, they are available electronically at the NRC's home page on the Internet (http://www.nrc.gov).

E-1

heat exchangers that provide a source of cooling water for individual component I cooling water loops. The individual cooling water loops that are dedicated one front-line train or equipment group would be treated as part of the frontto line system. These cooling water loops typically contain one or more valves and heat exchangers. For electrical power systems, the components that provide the principal functional capability would include power sources (EGDs, batteries), output or feeder breakers, and busbars that connect the power supplies to load and distribution circuits. Transformers may also be included if they are located between the main power supply busbars and the balance of the load distribution circuitry. Load center circuit breakers and their relays that supply power to individual components in reportable systems would be reportable as if they were part of the component to which they supply power.

E-2

Example 1: Auxiliary Feedwater System Figure E-1 shows the PWR auxiliary feedwater system used in this example.

This figure includes those active components that must function in response to actual demands to perform risk-significant safety functions.

Passive components and check valves are included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures and/or unavailable hours.

The components shown are the principal components of the system.

Figure E-1.1 shows Train A.

Train A is defined in terms of the components that are challenged by actual demands. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and for cyclic tests that involve integrated actuation of the entire train.

Note that the discharge valves that are shared by Trains A and B are included in both trains (i.e., Trains A and B overlap). Such overlap creates a potential for overcounting demands on the shared equipment.

This train overlap should be clearly indicated to allow for proper data accounting.

While overlapping trains is an acceptable method of handling shared components, licensees have great flexibility in choosing another approach, such as arbitrarily assigning the shared valves only to Train A. In that case, the potential for undercounting demands on the shared valves would have to be addressed when the data are stored and disseminated.

Figure E-1.2 shows Train B.

Principles similar to those for Train A were used for Train B.

Figure E-1.3 shows Train C.

Principles similar to those for Train A were used, except that the Train C suction and discharge valves are not shared with other trains.

Figure E-1.4 shows components that are challenged by monthly mini-flow pump tests for each of the three trains.

Figure E-1.5 shows the components that are challenged by quarterly valve stroke tests.

Figure E-1.6 shows a report form that is acceptable to the NRC staff for reporting data on the auxiliary feedwater system.

E-3

FIGURE E-1 PWR AUXILIARY FEEDWATER SYSTEM

-o -csr 4--

- m csr To CST L1.TE~t 4,1tf L L

S-3 ril Ll

  • 1
z m

FIGURE E-1.2 TRAIN B roc rS h9Roo csr r6 csT r I,,

,racsT MOP ^7-

)"ROA? /4AMIAI 4- (

FIGURE E-1.3 TRAIN C ro cs r Steam to ji~a to Turbine

_STi 1Ro 0)w >

FIGURE E-1.4 MINI-FLOW TESTS 7-0cr m

-C-5 r MAL4A/

Z!PAAI? WA flfA L

FIGURE E-1.5 QUARTERLY VALVE STROKE TESTS ro csr m

Steam to TurbiTneS 7-o_-,c. s r

  • A014 MAI -,

C-rsE W,,1f.

FIGURE E-1.6 DATA REPORTING FORM FLUID SYSTEMS Plant/Unit: System: _ Train/Equipment Group:

Plant Operational State: Calendar Year:

Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:

TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES' 2 Actual/Spurious Demands:

Actual/Spurious Failures:

Miniflow Tests:

Miniflow Test Failures:

VAlve Stroke Tests:

Valve Stroke Failures:

Cycle Tests:

Cycle Test Failures:

OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: I Operating Hours:

Failures:

TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:

Unplanned Unavailable Hours:

TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System:

Planned Hours:

Unplanned Hours:

Support System:

Planned Hours:

Unplanned Hours:

Report the number of each type of demand during the quarter and the number of failures of principal components that occurred during each type of demand during the quarter.

2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.

E-1O

Example 2: High-Pressure Safety Injection System Figure E-2 shows the high-pressure safety injection system used in this example.

Principles similar to those discussed in the first example were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.

Figure E-2.1 shows Train A.

Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands.

Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.

Figure E-2.2 shows Train B and Equipment Group I-B.

Principles similar to those for Train A were used for Train B.

Figure E-2.3 shows Train C and Equipment Group 1-C.

Principles similar to those for Train A were used.

Figure E-2.4 shows the components challenged by monthly mini-flow tests for each of the three trains.

Figure E-2.5 shows the components challenged by valve stroke tests.

As noted on the drawing, some valves are stroke tested quarterly and other valves are stroke tested each refueling cycle. The quarterly and refueling cycle valve stroke tests would be reported separately, not added together.

Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the high-pressure safety injection system.

E-11

FIGURE E-2 PWR HIGH PRESSURE SAFETY INJECTION SYSTEM vi TO LOOP i8 m

TO LOOP 1A SAFETY INJECTION ANO REFUELINO WATER STORAGE TANW "TO LOOP 28 TO LOOP 2A FROM SHUTDOWN -**7-'

HAT EXCHANGER .'" V2 I

Xi>

-I

-n r\)

FIGURE E-2.2 TRAIN B PUMP B SAFETY INIBMW mANDREFUELNC WATER sTORtAGE TANK L

3 dMd LO 3-,fAl= MLVM DNrmflmaNv LU NOUDWMAIMM 0 NIVdl C*ý-3 3dngij

FIGURE E-2.4 MINI-FLOW TESTS MINI-FLOW PUMP TEST, PUMP B PUMP B SAFETY INJECTION AND REFUELING WATER STORAGE TANK MINI-FLOW PUMP TEST, PUMP A SAFETY INJECTION AND REFUELING WATER STORAGE TANK L

PUMP A MINI-FLOW PUMP TEST, PUMP C SAFETY INJECTION AND REFUELING WATER STORAGE PUMP C TANK E-16

FIGURE E-2.5 VALVE STROKE TESTS FROM TRAIN B SHUTDOWN A

m FROM SUMP FROM PUMP A SHUTDOWN HEAT EXCHANC TRAIN A B

-I NOTE: (1) VALVES ENCIRCLED BY DASHED LINES BELONG TO EQUIPMENT GROUP 3-,

REFUELING CYCLE STROKE TESTING.

(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY STROKE TESTING.

Example 3: PWR Residual Heat Removal System Figure E-3 shows the PWR Residual Heat Removal System example.

Principles similar to those discussed in Example 1 were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.

Figure E-3.1 shows Train A.

Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and cyclic tests that involve integrated actuation of the entire train.

Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.

Figure E-3.2 shows Train B and Equipment Group 1-B.

Principles similar to those discussed in Example I were used.

Figure E-3.3 shows the components challenged by monthly mini-flow tests for each of the two trains.

Figure E-3.4 shows the components challenged by valve stroke tests.

As noted on the drawing, some valves are stroke tested quarterly and other values are stroke tested on a refueling cycle basis. The quarterly and refueling cycle tests would be reported separately, not added together.

Figure E-1.6 shows a report form that could be modified to show the types valve stroke tests for reporting data on the residual heat removal system. of E-18

FIGURE E-3 PWR RESIDUAL HEAT REMOVAL SYSTEM V6 To Charging Pumps To SI Pumps To Spent Fuel To Pumps Charging Pool Makeup To CS Aux Nozzles To CS Pump I A To leg I Loop Cold MINIFLOW RI-IR-IAX A To Loop 2 Cold leg RH-Pump A EFG-5 m

I. To Loop 2 V1 H,,t leg To Loop 3 Hot leg From Hot RCS-XXX V2 Leg Loop 3 To Loop 3 Cold leg To Loop 4 Component WaterCooling Cold leg To SI Pumps Co"ta inment

FIGURE E-3.1 TRAIN A Rzdueing Water StMWgeTank To' LAnop ColId leg~

R) RH R-HX A RH-Pump A onC x t-i C(4Itlng To Loop 3 Cold leg 6

FIGURE E-3.2 TRAIN B Skwaw.Tmnk To L~oop I Cold k-&-

RHR-HX B To Loosp 3 Cold lwg To LAop 4 Water Cold lvg

FIGURE E-3.3 MINI-FLOW TESTS TRAIN A MINIF.OW RH-Pump A EFG-5 TRAIN B RH-Pump B E-22

/

FIGURE E-3.4 VALVE STROKE TESTS V6 To Chaering To SI Pumps Pumps To Spent Fuel To Charging pool Makeup Pumps To Aux CS Nozzles

.. ._4 _1 Sl TOPumps To CS Pump IA MINIFLOW RHRX A I

  • Cold

, To leg1 Loop Cold leg I*1I :kE*, I  ; *ComponentCooling

,IRH-Pump A E mn I~o [ I EI

........... ,,i Aote Water *- To Loop 2 Hot leg RCS-XX V3Vjo opý

-- 0- 01 V2I FHot HR-3X B leg From Hot RCS.XXX ___.... To Loop3 Leg Loop3 ......

Cold leg MINIFLOW*

RH-Pump B Component Cooling To Aux To Loop4

.... . To'Iw,,c~o.

E-Water To CS Pump I B CS Nozzles Cold leg S........

3 To S1 Pumps

.'S

\ mII NOTE: (1) VALVES ENCLOSED IN DASHED LINES BELONG TO EQUIPMENT GROUP 3-1, REFUELING CYCLE STROKE TESTS.

(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY VALVE STROKE TESTS.

Example 4: Emergency ac Power System Figure E-4 shows the emergency ac power system example.

Only one train is shown; the other trains are essentially identical. The principal components of this system are the diesel and its generator with their associated support subsystems, the output breaker, the 4160v bus, the load sequencer, and the load shed logic relay groups. There are four types of demands for this system.

1. Actual/Spurious Demands with Automatic Loading These actuations involve an ESF or undervoltage initiation signal that results (or should result) in an emergency diesel generator automatic start, load shedding, and sequencing of one or more ESF loads. The principal components are all of the principal components of the train.
2. Actual/Spurious Demands Without Automatic Loading These actuations involve ESF or other actuations that result (or should result) in an emergency diesel generator start (automatic or manual) but do not involve load shedding or sequencing. The load may be shed manually or added to the bus. The principal component is the emergency diesel generator including its support subsystems.
3. Refueling Surveillance Tests These tests are normally run during each refueling cycle. They normally involve the simulation of a loss of offsite power with an ESF actuation signal and include an automatic start of the emergency diesel generator, closure of the output breaker, and load sequencing. The test may be run for an extended period (8-24 hours) or a separate run test may be conducted. Each test that involves start and loading of the diesel generator should be counted as a demand. All the principal components of the train are included.
4. Periodic Surveillance Tests These tests are normally run monthly. They involve an automatic start of the emergency diesel generator with manual or automatic syncronization to a power bus. The principal component for this test is the emergency diesel generator and its support subsystems.

Loaded runs in excess of one hour for any of the demand types are also reported under the heading uOperating Reliability Data."

Figure E-4.1 shows a report form for reporting data on the emergency ac power system.

E-24

FIGURE E-4 EXAMPLE EMERGENCY ac POWER SYSTEM TRAIN A (TRAIN B IDENTICAL)

Fuel Oil Driven JacketEngine (51 Radiator Lube Oil Circulation Starting Air Branches lower to

& upper starting motors Note: Jacket Water Pumps are an integral part of Diesel Engine Air Receivers

FIGURE E-4.1 DATA REPORTING FORM EMERGENCY ELECTRIC POWER Plant/Unit: System: Train:

Plant Operational State: Calendar Year: Date Submitted:

Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:

TRAIN DEMANDS AND ASSOCIATED FAILURES*

Actual/Spurious Demands wlAutoload:

Actual/Spurious w/Autoload Failures:

Actual/Spurious Demands w/o Autoload:

Actual/Spurious w/o Autoload Failures:

Refueling Surveillance Tests:

Refueling Surveillance Failures:

Periodic Surveillance Tests:

Periodic Surveillance Failures:

OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)

Number of Applicable Runs:

Operating Hours:

Failures:

TRAIN UNAVAILABILITY*

Planned Unavailable Hours:

Unplanned Unavailable Hours:

TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY*

Support System:

Planned Hours:

Unplanned Hours:

Support System:

Planned Hours:

Unplanned Hours:

Attach is a component failure report for each failure associated with demands, operating reliability or unavailability.

E-26

Example 5: PWR Reactor Protection System Figure E-5 shows the PWR Reactor Protection System; this example has two subsystems.

The first consists of equipment in the reactortrip system (RTS).

The second consists of equipment specific to the diverse scram system (DSS).

The reportable equipment groups for the RTS are:

The four K-relays (i.e., K-i, K-2, K-3, and K-4) that provide output actuation from the reactor trip logic matrices.

Control rods and their trip coils.

The eight reactor trip circuit breakers, including their shunt-trip and undervoltage trip devices.

The principal components are the individual k-relays, control rods and their trip coils, reactor trip circuit breakers, shunt-trip devices, and undervoltage trip devices.

The reportable equipment group of the DSS includes the two 480v MG set load contactors used for a diverse scram. These are also the principal components.

Figure 5-1 shows the suggested form for reporting data on the PWR reactor protection systems. It is assumed that since the diverse scram system only responds to high pressurizer pressure, actual or spurious demands for the diverse scram system are rare. Thus, such demands have not been included on the example data sheet for this system. However, if a licensee decides to report this type of demand, it can be done by adding two lines to the data sheet. All actual and spurious demands of the RTS that result in or should result in reactor trip with rod motion are reportable as a system demand.

Quarterly functional tests include individual tests of the instrument channels that should result in k-relay actuation and reactor trip circuit breaker tests.

Each such series of tests that results in or should result in actuation of the k-relays and the eight trip circuit breakers should be reported as a single demand. Refueling cycle functional tests include tests of the four k-relays and the eight reactor trip circuit breakers. In addition, they include individual tests of the undervoltage trip devices and the shunt trip devices for each circuit breaker. They also include control rod insertion tests. Each series of refueling cycle tests that results in individual actuation of the principal components should be reported as a single demand. A failure record should be provided for failure of any principal component. Individual sensor and logic relay failures are not reportable unless they result in failure of a k-relay to change state. Unavailable time is not reported for the RTS.

The diverse scram system is periodically tested while the reactor is at power.

Each series of periodic tests that should result in actuation of a principal E-27

component (i.e., a load contactor) should be reported as a single demand for the diverse scram system. A failure record should be provided for any associated failure of a principal component. Unavailable hours are reported separately from demand and failure counts.

E-28

ko FIGURE E-5.1 DATA REPORTING FORM PWR REACTOR PROTECTION SYSTEM Plant/Unit: System:

Plant Operational State: Calendar Year: Date Submitted:

Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:

RTS REPORTABLE DEMANDS AND ASSOCIATED FAILURES*

Actual/Spurious Demands:

Actual/Spurious Demands Failures:

Quarterly Channel Functional Tests:

Quarterly Functional Test Failures:

Refueling Cycle Functional Tests:

Refueling Cycle Test Failures:

DIVERSE SCRAM SYSTEM REPORTABLE DEMANDS AND ASSOCIATED FAILURES Diverse Scram System Tests:

Diverse Scram Test Failures:

DIVERSE SCRAM SYSTEM UNAVAILABILITY DATA*

Planned Unavailable Hours:

Unplanned Unavailable Hours:

Support System:

Planned Hours:

Unplanned Hours:

. Attach a component failure report for each principal component failure associated with demands or unavailability.

E-30

Example 6: BWR Reactor Trip System and Alternative Rod Injection Figure E-6 shows the BWR Reactor Trip System and Alternative Rod Injection system. For the purpose of this discussion, there are two groups:

  • The first equipment group consists of equipment in the reactor trip system (RTS).
  • The second equipment group consists of equipment specific to the Alternate Rod Insertion (ARI) system.

The reportable equipment groups for the RTS are:

  • The A, B, C, and D actuation channels, through each channel's actuation (output) relay.

The backup scram solenoid valves.

The Hydraulic Control Units (HCUs) and their control rods.

The principal components are the trip channel actuation relays, backup scram solenoid valves, and the HCUs and their control rods.

The reportable equipment groups for the ARI are:

  • Individual ARI actuation channels, including each channel's actuation relay.

The ARI scram solenoid valves.

The principal components are the trip actuation relays and the scram solenoid valves.

Actual and spurious demands for the RTS and ARI equipment groups should be summed and reported on the Data Reporting Form (Figure E-6.1). A failure record should be provided for failure of any principal component. Individual sensor and logic relay failures are not reportable unless they result in failure of the actuation channel relay to change state. Also reportable are the number of test demands required by technical specifications. Tests that individually challenge all actuation channels, one at a time, should be reported as a single test demand for the actuation channel equipment group.

Tests that individually challenge both of the backup scram solenoid valves should be reported as a single test demand for that equipment group. The refueling tests of the HCUs, which typically challenge only one quarter of the HCUs during one refueling outage, should be reported as a single partial (1/4) test demand.

Reporting of unavailable time is not required for RTS equipment groups but should be reported for ARI.

E-31

FIGURE E-6 BWR REACTOR PROTECTION SYSTEM RPS 'A' Normal Supply 480 VAC RPS "8 Noi*"Spply 480VAC MCC 1133 48DVAC M M From BPS Bus"B° 120 VA RIOSBut 'A'"P m'8 2 A RPS Channel A A.

Trip Logic C C DTi oi To HCU Solenoid Valves RPS Chan Trip Logc Conac A (K 14's) Aux. A uxRea V SRelay ' (Tyaical a) 125 VDC M Au*.ay Relay1A K221B SInstrument Air ha 4 S Tupplypfty (2)

,,'1K b0 ValvesOK Instrumen(Sr leVolv DScaan Instrumnt Airo" Vae NetinScr-.

V" oumulior

FIGURE E-6.1 DATA REPORTING FORM BWR REACTOR PROTECTION SYSTEM (RTS)

Plant/Unit: System:

Plant Operational State: Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:

RTS DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demand:

Actual/Spurious Failures:

Act. Channel Test Demands:

Act. Channel Test Failures:

Partial (114) HCU Test Demands:

Partial (1/4) HCU Test Failures:

Backup Scram Sol. Valve Tests:

Backup Scram Sol. Valve Failures:

ARI DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demands:

Actual/Spurious Failures:

Channel Test Demands:

Channel Test Failures:

ARI Scram Pilot Air Header Valve Tests:

ARI Scram Pilot Air Header Failures:

ARI EQUIPMENT GROUP UNAVAILABILITY DATA Planned Unavailable Hours:

Unplanned Unavailable Hours:

ARI EQUIPMENT GROUP UNAVAILABILITY DUE TO SUPPORT SYSTEM UNAVAILABILITY Support System:

Planned Unavailable Hours:

Unplanned Unavailable Hours:

Support System:

Planned Hours:

Unplanned Hours:

E-33

DATA REPORTING FORM FOR OTHER REPORTABLE SYSTEMS Figure E-7 provides a suggested general reporting form for reporting data for other systems that may be determined to be reportable under the guidance in Regulatory Position 1.2.

The form is the same as the forms for the fluid, emergency power, and reactor protection systems except for the section on "Train Demands and Associated Failures." This section should be modified as appropriate for the reportable system and the plant's own testing regime. The first column in this section would list each type of demand (actual, spurious, and each type of test such as quarterly tests, mini-flow tests, refueling cycle tests, or other, as appropriate) for the reportable system. As discussed in Regulatory Position 1.3, each of these demands should define the boundaries of trains and equipment groups within the systems so that the boundaries include the equipment actuated by that type of demand to perform a safety function. Simplified system diagrams should be provided to indicate the equipment involved in each type of actuation. For each type of demand, include two lines or rows -- one to report the number of demands and the other to report the number of failures associated with that type of demand during each of the four quarters.

E-34

FIGURE E-7 DATA REPORTING FORM OTHER REPORTABLE SYSTEMS Plant/Unit: System: Train/Equipment Group:

Plant Operational State: Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:

TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES" 2 Types of Demands Actual/Spuri ous Demands:

Actual/Spuri ous Fail ures:

Demands:

Failures:

Demands:

Failures:

OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs:

Operating Hours:

Failures:

TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:

Unplanned Unavailable Hours:

TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY2 Support System:

Planned Hours:

Unplanned Hours:

Support System:

Planned Hours:

Unplanned Hours:

the number for each type of demand during the quarter and the number ofSReport failures of principal components associated with those types of demands during the quarter.

2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.

E-35

CONCURRENT UNAVAILABLE HOURS _

As stated in Regulatory Position 8, concurrent unavailable hours are reportable when two or more reportable systems, trains, or equipment group are unavailable at the same time during a reportable plant operational mode. Figure E-8 provides a suggested form for reporting concurrent unavailable hours. System, train, and equipment group designations should match the nomenclature used to identify them in system diagrams and data sheets (see Figures E-1 through E-6). The concurrent unavailable hours should be designated by plant mode as defined in Regulatory Position 2. The example in Figure E-8 is for a PWR with systems diagrams shown in Figures E-1 to E-4.2.

E-36

FIGURE E-8 DATA REPORTING FORM CONCURRENT UNAVAILABILITY Plant/Unit: Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 HOURS OF CONCURRENT UNAVAILABILITY/OPERATING STATE (System, train, equipment group)

Exampl e AFW-A 6.5 hrs EDG-B State 1 AFW-A 1.5 hrs EDG-B State 1 HPSI-A EDG-A 2.0 hrs HPSI-B State 1 E-37

APPENDIX F COMPONENT FAILURE RECORDS A component failure report should be submitted for each reportable failure.

The table below lists the information that should be supplied in each component failure report.

REPORT FIELD INFORMATION TO BE PROVIDED Plant name Name of unit and number System System in which the failed component is located.

Component Component type and ID number used in the system drawing.

Drawing Identification of the plant piping and instrumen tation diagram showing the location of the failed component.

Failure discovery date Date the component was discovered in a failed state.

Date last operable Date component was last verified as operable.

Failure end date Date when component was repaired.

Failure mode How the component failed to perform. (Open, close, start, run, etc.)

Failure detection method Method by which the failure was detected, e.g.,

pump test, actual demand, maintenance inspection.

Failure Description A brief narrative description of the failure, Narrative including the plant operational mode and system mode at time of discovery, the impact of the failure on system, train, or equipment group, and, if the failure was due to failure of a dedicated support system, identification of the support system and the failed component.

Cause of Failure A brief description of the cause of failure, Narrative including piece parts failed.

Corrective Action A brief description of the corrective action to Narrative restore the failed component (e.g., repaired or replaced failed piece part).

F-1

APPENDIX G EVENT LOG Figure G-1 is a suggested format for an onsite log to track the basic event data (failures, demands, run times, and unavailable hours) that form the basis for the summary data reported to the NRC. It is an example of a link between existing plant records and data systems and the summary information required by the rule.

Column I The date of the demand or the start date of the period of unavailable hours or run time.

Columns 2 and 3 The system and train or equipment groups in which the demand or period of unavailability occurred.

Columns 4, 5, 6, and 7 If the event was a demand, the next four columns would indicate whether it was successful or, if not, the type of failure (start or run) and the run time (if applicable.)

Columns 8, 9, and 10 If the event was a period of unavailable hours, the next three columns would record the unavailable hours according to whether they were planned, unplanned, or due to a support system being unavailable.

Column 11 The next to last column would use the plant's numbering or identification system for referencing plant records such as job requests, maintenance work orders, or operator logs. These plant records should provide documentation of the start of the event (demand or period of unavailable hours), the corrective action taken, and the end of the period of unavailable hours (return to service).

G-1

Col umn 12 The last column would provide any additional information needed to compile the summary data, such as the support system resulting in the front-line system being unavailable, the plant state at the time of the event, the diagram showing the principal component causing the event, or the name of the principal component.

Licensees may use whatever approach and format is most suitable to link plant records to the summary data.

G-2

FIGURE G-1 EVENT LOG Date System Train Demands Hours Plant Comments or Unavailable Records Equip- Reference ment Successful Start Run Run Planned Unplanned Due to Hours Support Group Demand Failure Failure System 1/30/96 EDG EDG A 35 JO 704645. Replace JO 783768 relief valve 3/16/96 EDG EDG B / 20 RAC 1-88048.

JO 00756384 4/19/96 AFW Train A / 88.5 Unavailable (turbine) when plant went into mode 3 4/20/96 EDG EDG B 10 ESW JO 84932 4/22/96 EDO EDG A / LG84932 Surveillance test

DRAFT REGULATORY ANALYSIS The NRC has prepared a draft regulatory analysis, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (December 19, 1995), on the proposed rule, 10 CFR 50.76. The analysis examines the costs and benefits of the alternatives considered by the NRC. The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (202) 415-6835.

R/A-1

Federal Recycling Program

\

UNITED STATES FIRST CLASS MAIL NUCLEAR REGULATORY COMMISSION POSTAGE AND FEES PAID USNRC WASHINGTON, DC 20555-0001 PERMIT NO. G-67 OFFICIAL BUSINESS PENALTY FOR PRIVATE USE, $300