ML17354A814: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 16: | Line 16: | ||
=Text= | =Text= | ||
{{#Wiki_filter: | {{#Wiki_filter:9.0 Auxiliary Systems 9.5.1 Fire Protection System 9.5.1.1 Regulatory Criteria In Revision 6 of the ABWR DCD, the applicant proposed to modify DCD Tier 2, Section 9.5.1, Fire Protection System, to clarify the likelihood of multiple spurious actuations (also called multiple spurious operations) due to fire in digital systems. The DC Renewal applicant also proposed changes to the DCD to require combined license (COL) applicants to follow the methodology in NEI 00-01, Guidance for Post Fire Safe Shutdown Circuit Analysis, Revision 2, as modified by Regulatory Guide 1.189, Fire Protection for Nuclear Power Plants, Revision 2, in order to address multiple spurious actuations in analog systems. These proposed changes are limited to clarifying the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire, clarifying the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation, and specifying the methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems for compliance with General Design Criterion (GDC) 3, Fire Protection, as set forth in Appendix A, General Design Criteria for Nuclear Power Plants, to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, and compliance with 10 CFR 50.48, Fire protection, as these regulations existed in 1997. Therefore, they are modifications, as that term is defined in Chapter 1 of this supplement, and will correspondingly be evaluated using the regulations applicable and in effect at the initial ABWR certification. | ||
The relevant regulatory requirements for this area of review are: | The relevant regulatory requirements for this area of review are: | ||
* 10 CFR 50.48 (1997), | * 10 CFR 50.48 (1997), Fire protection, subsection (a) which required, in part, a description of the means to limit fire damage to structures, systems, or components important to safety so that the capability to safely shut down the plant is ensured. | ||
* 10 CFR Part 50, Appendix A, GDC 3 (1997), | * 10 CFR Part 50, Appendix A, GDC 3 (1997), Fire Protection, as it relates to the to the fire protection program (FPP) of the GE-Hitachis United States Advanced Boiling-Water Reactor (ABWR) standard plant design. | ||
The staff conducted its review in accordance with Section 9.5.1, | The staff conducted its review in accordance with Section 9.5.1, Fire Protection Program, of NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (LWR Edition), (SRP) (1981)). In addition, the staffs review followed the guidance in Regulatory Guide (RG) 1.189, Revision 2, with respect to multiple spurious actuations in analog systems. | ||
9.5.1.2 Summary of Technical Information In NUREG-1503, Section 9.5.1, | 9.5.1.2 Summary of Technical Information In NUREG-1503, Section 9.5.1, Fire Protection System, the staff FSER for the originally certified ABWR DCD, the staff did not mention spurious actuations, nor is there a discussion on digital instrumentation & control (I&C) systems response given a fire event. For design basis fire events, generally, the originally certified ABWR DCD, Tier 2 Section 3.13.4.2, Fire Events, stated: [S]eparation criteria are maintained during design basis fire events. Internal fire in 1 | ||
9.5.1.3 Technical Evaluation The applicant provided responses to the | one affected zone will not propagate to other [redundant] divisions. Smoke is removed from the affected zone. Other zones are pressurized and also vented. Thus, the ABWR is designed to maintain safe shutdown capabilities following a fire in any affected zone. In addition in DCD Tier 2 Section 9.5.1.1.7, Spurious Control Actions, the originally certified DCD stated, The probability of two spurious signals matching is essentially zero. | ||
GEH stated that a detailed assessment of the | In a request for additional information (RAI) 09.05.01-1, dated April 29, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15118A725), the staff requested GEH to perform an evaluation for the effects of multiple spurious operations due to a fire consistent with NEI 00-01, Guidance for Post Fire Safe Shutdown Circuit Analysis, Revision 2, as modified in RG 1.189, Fire Protection for Nuclear Power Plants, Revision 2 or to propose and justify an alternative. | ||
9.5.1.3 Technical Evaluation The applicant provided responses to the staffs RAI in letters dated July 30, 2015 (ADAMS Accession No. ML15212A762), October 29, 2015 (ADAMS Accession No. ML15302A308), April 11, 2016 (ADAMS Accession No. ML16102A344), and December 7, 2016 (ADAMS Accession No. ML16342C331), including proposed DCD mark-ups. | |||
GEH stated that a detailed assessment of the ABWRs vulnerability to multiple spurious operations would need to be conducted during the detailed design phase. GEH proposed the following changes to DCD Tier 2, Sections 9.5.1.1.7 and 9.5.13.22: | |||
* a requirement that the COL applicant provide an evaluation of the ABWR's susceptibility to Multiple Spurious Operations (MSO) in accordance with the methodology contained in NEI 00-01, Revision 2, and as modified by Regulatory Guide 1.189, Revision 2. The COL applicant will submit the results of this evaluation to the NRC for review. | * a requirement that the COL applicant provide an evaluation of the ABWR's susceptibility to Multiple Spurious Operations (MSO) in accordance with the methodology contained in NEI 00-01, Revision 2, and as modified by Regulatory Guide 1.189, Revision 2. The COL applicant will submit the results of this evaluation to the NRC for review. | ||
The staff finds this acceptable since RG 1.189, Rev 2 endorses NEI 00-01, Rev 2. The DCD now provides an acceptable methodology for performing the fire-induced multiple spurious analysis, whereas the original design certification did not specify a methodology. | The staff finds this acceptable since RG 1.189, Rev 2 endorses NEI 00-01, Rev 2. The DCD now provides an acceptable methodology for performing the fire-induced multiple spurious analysis, whereas the original design certification did not specify a methodology. | ||
The applicant also addressed multiple spurious actuations due to fire in digital systems by proposing several changes to DCD Tier 2, Section 9. | The applicant also addressed multiple spurious actuations due to fire in digital systems by proposing several changes to DCD Tier 2, Section 9.5.1.1.7. First, the applicant proposes to replace the words probability is essentially zero with likelihood is miniscule. The staff finds this acceptable because the revised DCD no longer implies a probabilistic analysis was utilized, which is consistent with the application of a deterministic fire protection program. | ||
5.1.1.7. First, the applicant proposes to replace the words | Second, the applicant proposes to insert language to clarify that along with optical fiber cabling, fire-induced spurious actuation will be considered in main control room components, Remote Multiplexing Units (RMU), Essential Multiplexing System (EMS) and digital controller equipment in the C/B connected via fiber-optic cable. The staff finds this acceptable because this change properly expands the spurious actuation analysis to include the digital equipment both in and outside of the main control room fire area. Third, the applicant proposes to insert language providing a description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation. The digital architecture utilizes message 2 | ||
10 CFR 50.48 (1997) and GDC 3 (1997) and are acceptable.}} | authentication which requires the message format and sequence to be correct and to be recognized. The staff finds this acceptable because it makes use of features that are pertinent to digital systems. | ||
The staff finds acceptable the proposed changes described above because they clarify the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire and the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation. In addition, the DCD specifies the NRC-approved methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems. All the changes identified above are being tracked as Confirmatory Item 9.5.1-1. | |||
9.5.1.4 Conclusion Based on the evaluation provided in this FSER section supplement, the staff concludes that the proposed changes do not alter the safety findings made in the FSER for the original ABWR certification. In addition the changes proposed by the applicant, addressing multiple spurious actuations in analog systems, are in accordance with updated guidance in RG 1.189, Revision 2. Therefore, the staff finds that the proposed changes comply with 10 CFR 50.48 (1997) and GDC 3 (1997) and are acceptable. | |||
3}} |
Latest revision as of 07:05, 22 October 2019
ML17354A814 | |
Person / Time | |
---|---|
Site: | 05200045 |
Issue date: | 03/08/2018 |
From: | Adrian Muniz NRC/NRO/DNRL |
To: | |
Muniz A | |
Shared Package | |
ML18003A278 | List: |
References | |
Download: ML17354A814 (3) | |
Text
9.0 Auxiliary Systems 9.5.1 Fire Protection System 9.5.1.1 Regulatory Criteria In Revision 6 of the ABWR DCD, the applicant proposed to modify DCD Tier 2, Section 9.5.1, Fire Protection System, to clarify the likelihood of multiple spurious actuations (also called multiple spurious operations) due to fire in digital systems. The DC Renewal applicant also proposed changes to the DCD to require combined license (COL) applicants to follow the methodology in NEI 00-01, Guidance for Post Fire Safe Shutdown Circuit Analysis, Revision 2, as modified by Regulatory Guide 1.189, Fire Protection for Nuclear Power Plants, Revision 2, in order to address multiple spurious actuations in analog systems. These proposed changes are limited to clarifying the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire, clarifying the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation, and specifying the methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems for compliance with General Design Criterion (GDC) 3, Fire Protection, as set forth in Appendix A, General Design Criteria for Nuclear Power Plants, to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, and compliance with 10 CFR 50.48, Fire protection, as these regulations existed in 1997. Therefore, they are modifications, as that term is defined in Chapter 1 of this supplement, and will correspondingly be evaluated using the regulations applicable and in effect at the initial ABWR certification.
The relevant regulatory requirements for this area of review are:
- 10 CFR 50.48 (1997), Fire protection, subsection (a) which required, in part, a description of the means to limit fire damage to structures, systems, or components important to safety so that the capability to safely shut down the plant is ensured.
- 10 CFR Part 50, Appendix A, GDC 3 (1997), Fire Protection, as it relates to the to the fire protection program (FPP) of the GE-Hitachis United States Advanced Boiling-Water Reactor (ABWR) standard plant design.
The staff conducted its review in accordance with Section 9.5.1, Fire Protection Program, of NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (LWR Edition), (SRP) (1981)). In addition, the staffs review followed the guidance in Regulatory Guide (RG) 1.189, Revision 2, with respect to multiple spurious actuations in analog systems.
9.5.1.2 Summary of Technical Information In NUREG-1503, Section 9.5.1, Fire Protection System, the staff FSER for the originally certified ABWR DCD, the staff did not mention spurious actuations, nor is there a discussion on digital instrumentation & control (I&C) systems response given a fire event. For design basis fire events, generally, the originally certified ABWR DCD, Tier 2 Section 3.13.4.2, Fire Events, stated: [S]eparation criteria are maintained during design basis fire events. Internal fire in 1
one affected zone will not propagate to other [redundant] divisions. Smoke is removed from the affected zone. Other zones are pressurized and also vented. Thus, the ABWR is designed to maintain safe shutdown capabilities following a fire in any affected zone. In addition in DCD Tier 2 Section 9.5.1.1.7, Spurious Control Actions, the originally certified DCD stated, The probability of two spurious signals matching is essentially zero.
In a request for additional information (RAI) 09.05.01-1, dated April 29, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15118A725), the staff requested GEH to perform an evaluation for the effects of multiple spurious operations due to a fire consistent with NEI 00-01, Guidance for Post Fire Safe Shutdown Circuit Analysis, Revision 2, as modified in RG 1.189, Fire Protection for Nuclear Power Plants, Revision 2 or to propose and justify an alternative.
9.5.1.3 Technical Evaluation The applicant provided responses to the staffs RAI in letters dated July 30, 2015 (ADAMS Accession No. ML15212A762), October 29, 2015 (ADAMS Accession No. ML15302A308), April 11, 2016 (ADAMS Accession No. ML16102A344), and December 7, 2016 (ADAMS Accession No. ML16342C331), including proposed DCD mark-ups.
GEH stated that a detailed assessment of the ABWRs vulnerability to multiple spurious operations would need to be conducted during the detailed design phase. GEH proposed the following changes to DCD Tier 2, Sections 9.5.1.1.7 and 9.5.13.22:
- a requirement that the COL applicant provide an evaluation of the ABWR's susceptibility to Multiple Spurious Operations (MSO) in accordance with the methodology contained in NEI 00-01, Revision 2, and as modified by Regulatory Guide 1.189, Revision 2. The COL applicant will submit the results of this evaluation to the NRC for review.
The staff finds this acceptable since RG 1.189, Rev 2 endorses NEI 00-01, Rev 2. The DCD now provides an acceptable methodology for performing the fire-induced multiple spurious analysis, whereas the original design certification did not specify a methodology.
The applicant also addressed multiple spurious actuations due to fire in digital systems by proposing several changes to DCD Tier 2, Section 9.5.1.1.7. First, the applicant proposes to replace the words probability is essentially zero with likelihood is miniscule. The staff finds this acceptable because the revised DCD no longer implies a probabilistic analysis was utilized, which is consistent with the application of a deterministic fire protection program.
Second, the applicant proposes to insert language to clarify that along with optical fiber cabling, fire-induced spurious actuation will be considered in main control room components, Remote Multiplexing Units (RMU), Essential Multiplexing System (EMS) and digital controller equipment in the C/B connected via fiber-optic cable. The staff finds this acceptable because this change properly expands the spurious actuation analysis to include the digital equipment both in and outside of the main control room fire area. Third, the applicant proposes to insert language providing a description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation. The digital architecture utilizes message 2
authentication which requires the message format and sequence to be correct and to be recognized. The staff finds this acceptable because it makes use of features that are pertinent to digital systems.
The staff finds acceptable the proposed changes described above because they clarify the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire and the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation. In addition, the DCD specifies the NRC-approved methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems. All the changes identified above are being tracked as Confirmatory Item 9.5.1-1.
9.5.1.4 Conclusion Based on the evaluation provided in this FSER section supplement, the staff concludes that the proposed changes do not alter the safety findings made in the FSER for the original ABWR certification. In addition the changes proposed by the applicant, addressing multiple spurious actuations in analog systems, are in accordance with updated guidance in RG 1.189, Revision 2. Therefore, the staff finds that the proposed changes comply with 10 CFR 50.48 (1997) and GDC 3 (1997) and are acceptable.
3