Information Notice 2010-17, Common Cause Failure of Boiling-Water Reactor Recirculation Pumps with Variable Speed Drives: Difference between revisions
StriderTol (talk | contribs) Created page by program invented by StriderTol |
StriderTol (talk | contribs) StriderTol Bot change |
||
| Line 14: | Line 14: | ||
| page count = 4 | | page count = 4 | ||
}} | }} | ||
{{#Wiki_filter:UNITED STATES | {{#Wiki_filter:ML101330321 UNITED STATES | ||
NUCLEAR REGULATORY COMMISSION | NUCLEAR REGULATORY COMMISSION | ||
| Line 22: | Line 22: | ||
OFFICE OF NEW REACTORS | OFFICE OF NEW REACTORS | ||
WASHINGTON, DC 20555-0001 September 10, 2010 | WASHINGTON, DC 20555-0001 | ||
NRC INFORMATION NOTICE 2010-17: | |||
September 10, 2010 | |||
NRC INFORMATION NOTICE 2010-17: | |||
COMMON CAUSE FAILURE OF BOILING-WATER | |||
REACTOR RECIRCULATION PUMPS WITH | REACTOR RECIRCULATION PUMPS WITH | ||
| Line 49: | Line 53: | ||
addressees about two international events at boiling-water reactor (BWR) plants that | addressees about two international events at boiling-water reactor (BWR) plants that | ||
experienced a common cause failure of all recirculation pumps. The NRC expects that | experienced a common cause failure of all recirculation pumps. The NRC expects that | ||
recipients will review this information for applicability to their facilities and consider actions, as | recipients will review this information for applicability to their facilities and consider actions, as | ||
appropriate, to avoid similar problems. However, suggestions contained in this IN are not NRC | appropriate, to avoid similar problems. However, suggestions contained in this IN are not NRC | ||
requirements; therefore, no specific action or written response is required. | requirements; therefore, no specific action or written response is required. | ||
| Line 60: | Line 64: | ||
On June 13, 2008, at Forsmark Unit 2 in Sweden, lightning strikes caused a short circuit on the | On June 13, 2008, at Forsmark Unit 2 in Sweden, lightning strikes caused a short circuit on the | ||
offsite power grid. This resulted in a transient that tripped all eight reactor recirculation pumps. | offsite power grid. This resulted in a transient that tripped all eight reactor recirculation pumps. | ||
Each recirculation pump circuit contains an integral flywheel to prevent a rapid reduction in | Each recirculation pump circuit contains an integral flywheel to prevent a rapid reduction in | ||
pump speed. The mass of the rotating flywheel stores mechanical energy that is converted to | pump speed. The mass of the rotating flywheel stores mechanical energy that is converted to | ||
electrical power by a flywheel-generator and inverter/rectifier to continue to power the drive | electrical power by a flywheel-generator and inverter/rectifier to continue to power the drive | ||
| Line 70: | Line 74: | ||
system DC-bus (one DC-bus common for two pump-drive inverters) upon a dip in or loss of the | system DC-bus (one DC-bus common for two pump-drive inverters) upon a dip in or loss of the | ||
normal electrical power. When the inverter/rectifier is operable, the alternate power allows for | normal electrical power. When the inverter/rectifier is operable, the alternate power allows for | ||
an unchanged pump speed (in case of power dips) or a more gradual reduction in pump speed | an unchanged pump speed (in case of power dips) or a more gradual reduction in pump speed | ||
(in case of significant loss, signaled by equipment protection). In the case of a reactor | (in case of significant loss, signaled by equipment protection). In the case of a reactor | ||
recirculation pump, the coastdown produces a correspondingly more gradual reduction in | recirculation pump, the coastdown produces a correspondingly more gradual reduction in | ||
recirculation flow. However, at Forsmark Unit 2, the lightning strike tripped the normal electric | recirculation flow. However, at Forsmark Unit 2, the lightning strike tripped the normal electric | ||
power rectifier due to a sensitive protection setting; furthermore, due to a design flaw, the | power rectifier due to a sensitive protection setting; furthermore, due to a design flaw, the | ||
protective action was not signaled to the inverter/rectifier controller for the flywheel-generator. | protective action was not signaled to the inverter/rectifier controller for the flywheel-generator. As a result, the recirculation pump motors rapidly consumed the flywheel-generators stored | ||
As a result, the recirculation pump motors rapidly consumed the flywheel-generators stored | |||
energy. With no available energy storage, the recirculation pumps reduced speed faster than | energy. With no available energy storage, the recirculation pumps reduced speed faster than | ||
the assumed transient analyses in the Forsmark Unit 2 safety analysis report. The reduced | the assumed transient analyses in the Forsmark Unit 2 safety analysis report. The reduced | ||
coastdown time resulted in a short violation of the safety limit minimum critical power ratio on | coastdown time resulted in a short violation of the safety limit minimum critical power ratio on | ||
| Line 100: | Line 102: | ||
affected fuel. | affected fuel. | ||
On May 30, 2008, Olkiluoto Unit 1 in Finland had a reactor trip from 60 percent power. An | On May 30, 2008, Olkiluoto Unit 1 in Finland had a reactor trip from 60 percent power. An | ||
electrical transient resulted in a common cause failure that caused all six recirculation pumps to | electrical transient resulted in a common cause failure that caused all six recirculation pumps to | ||
stop unexpectedly. Although the coastdown of the recirculation pumps was shorter than | stop unexpectedly. Although the coastdown of the recirculation pumps was shorter than | ||
expected, the transient had no effect on fuel integrity. | expected, the transient had no effect on fuel integrity. | ||
==BACKGROUND== | ==BACKGROUND== | ||
Related NRC Generic Communications include the following: | Related NRC Generic Communications include the following: | ||
* NRC IN 96-56, Problems Associated with Testing, Tuning, or Resetting of Digital Control | * NRC IN 96-56, Problems Associated with Testing, Tuning, or Resetting of Digital Control | ||
| Line 115: | Line 117: | ||
Systems While at Power, dated October 22, 1996 (Agencywide Documents Access and | Systems While at Power, dated October 22, 1996 (Agencywide Documents Access and | ||
Management System (ADAMS) Accession No. ML031050587). This IN highlighted the | Management System (ADAMS) Accession No. ML031050587). This IN highlighted the | ||
importance of evaluating and controlling on-line manipulations of digital control systems, such as resetting a processor or performing on-line software changes, to avoid reactor | importance of evaluating and controlling on-line manipulations of digital control systems, such as resetting a processor or performing on-line software changes, to avoid reactor | ||
| Line 123: | Line 125: | ||
* IN 2010-10, Implementation of a Digital Control System under 10 CFR 50.59, dated | * IN 2010-10, Implementation of a Digital Control System under 10 CFR 50.59, dated | ||
May 28, 2010 (ADAMS Accession No. ML100080281). This IN discusses that for digital | May 28, 2010 (ADAMS Accession No. ML100080281). This IN discusses that for digital | ||
upgrades to systems that are highly safety-significant, a defense-in-depth and diversity | upgrades to systems that are highly safety-significant, a defense-in-depth and diversity | ||
| Line 136: | Line 138: | ||
that rely on energy storage separate from the recirculation pump motor and generator that could | that rely on energy storage separate from the recirculation pump motor and generator that could | ||
influence recirculation system flow following a scram. In the U.S. BWR designs, the combined | influence recirculation system flow following a scram. In the U.S. BWR designs, the combined | ||
rotating inertias of the recirculation pump and motor, the motor generator set, and the variable | rotating inertias of the recirculation pump and motor, the motor generator set, and the variable | ||
| Line 146: | Line 148: | ||
The specific common cause failure that occurred at Olkiluoto and Forsmark is not an issue for | The specific common cause failure that occurred at Olkiluoto and Forsmark is not an issue for | ||
U.S. BWRs. However, digital variable speed drive (VSD) technology may increase the | U.S. BWRs. However, digital variable speed drive (VSD) technology may increase the | ||
complexity of the recirculation pump control system and may introduce new failure modes such | complexity of the recirculation pump control system and may introduce new failure modes such | ||
| Line 152: | Line 154: | ||
as software programming errors, network problems, loss of power, and the failure of control | as software programming errors, network problems, loss of power, and the failure of control | ||
boards, that can lead to unplanned changes in pump speed. Previous operating experience for | boards, that can lead to unplanned changes in pump speed. Previous operating experience for | ||
recirculation pump VSD includes instances of unintentional reactivity changes during power | recirculation pump VSD includes instances of unintentional reactivity changes during power | ||
operation. Although the recirculation pump motors are generally non-safety related, as the | operation. Although the recirculation pump motors are generally non-safety related, as the | ||
industry upgrades their systems to digital VSD, it is important that licensees understand the potential unexpected recirculation pump behaviors that might affect core reactivity or safety | industry upgrades their systems to digital VSD, it is important that licensees understand the potential unexpected recirculation pump behaviors that might affect core reactivity or safety | ||
limits. As part of the design process when upgrading to digital VSD technology on recirculation | limits. As part of the design process when upgrading to digital VSD technology on recirculation | ||
pump systems, the following are important considerations: | |||
* | |||
Perform evaluations to identify failure modes for digital VSDs to include sources of | |||
common-cause failure, such as software. | common-cause failure, such as software. | ||
* | * | ||
Determine if the consequences of a digital VSD common-cause failure could lead to | |||
reactivity events that have not been analyzed in the plant safety analysis. | reactivity events that have not been analyzed in the plant safety analysis. | ||
* | * | ||
Ensure the reactor protection system maintains plant safety within its design basis even | |||
with a common-cause failure. | with a common-cause failure. | ||
==CONTACT== | ==CONTACT== | ||
This IN requires no specific action or written response. Please direct any questions about this | This IN requires no specific action or written response. Please direct any questions about this | ||
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor | matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor | ||
| Line 182: | Line 188: | ||
Regulation (NRR) project manager. | Regulation (NRR) project manager. | ||
/RA/ | /RA/ | ||
/RA by JTappert for/ | |||
Office of Nuclear Reactor Regulation | Timothy McGinty, Director | ||
Glenn Tracy, Director | |||
Division of Policy and Rulemaking | |||
Division of Construction Inspection and | |||
Office of Nuclear Reactor Regulation | |||
Operational Programs | |||
Office of New Reactors | Office of New Reactors | ||
Technical Contacts: | Technical Contacts: Joseph Giantelli, NRR | ||
Pong Chung, NRR | |||
301-415-0504 | |||
301-415-2473 | |||
E-mail: joseph.giantelli@nrc.gov | |||
E-mail: pong.chung@nrc.gov | |||
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections. potential unexpected recirculation pump behaviors that might affect core reactivity or safety | Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections. potential unexpected recirculation pump behaviors that might affect core reactivity or safety | ||
limits. As part of the design process when upgrading to digital VSD technology on recirculation | limits. As part of the design process when upgrading to digital VSD technology on recirculation | ||
pump systems, the following are important considerations: | pump systems, the following are important considerations: | ||
* | |||
Perform evaluations to identify failure modes for digital VSDs to include sources of | |||
common-cause failure, such as software. | common-cause failure, such as software. | ||
* | * | ||
Determine if the consequences of a digital VSD common-cause failure could lead to | |||
reactivity events that have not been analyzed in the plant safety analysis. | reactivity events that have not been analyzed in the plant safety analysis. | ||
* | * | ||
Ensure the reactor protection system maintains plant safety within its design basis even | |||
with a common-cause failure. | with a common-cause failure. | ||
==CONTACT== | ==CONTACT== | ||
This IN requires no specific action or written response. Please direct any questions about this | This IN requires no specific action or written response. Please direct any questions about this | ||
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor | matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor | ||
| Line 219: | Line 245: | ||
Regulation (NRR) project manager. | Regulation (NRR) project manager. | ||
/RA/ | /RA/ | ||
Timothy McGinty | |||
/RA by JTappert for/ | |||
Timothy McGinty, Director | |||
Glenn Tracy, Director | |||
Office of Nuclear Reactor Regulation | Division of Policy and Rulemaking | ||
Division of Construction Inspection and | |||
Office of Nuclear Reactor Regulation | |||
Operational Programs | |||
Office of New Reactors | Office of New Reactors | ||
Technical Contacts: | Technical Contacts: Joseph Giantelli, NRR | ||
Pong Chung, NRR | |||
301-415-0504 | |||
301-415-2473 | |||
E-mail: joseph.giantelli@nrc.gov | |||
E-mail: pong.chung@nrc.gov | |||
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections. | |||
ADAMS Accession Number: ML101330321 | |||
TAC ME3898 OFFICE DIRS/IOEB | |||
DE/EICB | |||
Tech Editor | |||
BC/DIRS/IOEB | |||
BC/D/EICB | |||
D/NRR/DE | |||
NAME | |||
JGiantelli | |||
PChung | |||
CHsu | |||
JThorp | |||
BKemper | |||
PHiland | |||
DATE | |||
07/27/10 | |||
07/27/10 | |||
08/15/10 e-mail 07/27/10 | |||
07/27/10 | |||
07/28/10 | |||
OFFICE NRR/PGCB | |||
NRR/PGCB | |||
BC/NRR/PGCB DD/OIP | |||
D/NRO/DCIP | |||
NAME | D/NRR/ DPR | ||
NAME | |||
CHawes | |||
DBeaulieu | |||
SRosenberg | |||
SMoore | |||
GTracy JTappert | |||
for | for | ||
OFFICE 08/26/10 | TMcGinty | ||
OFFICE 08/26/10 | |||
08/25/10 | |||
08/26/10 | |||
09/09/10 | |||
09/10/10 | |||
09/10/10 | |||
OFFICIAL RECORD COPY}} | |||
{{Information notice-Nav}} | {{Information notice-Nav}} | ||
Latest revision as of 05:58, 14 January 2025
| ML101330321 | |
| Person / Time | |
|---|---|
| Issue date: | 09/10/2010 |
| From: | Mcginty T, Tracy G Office of New Reactors, Office of Nuclear Reactor Regulation |
| To: | |
| Joseph Giantelli, NRR/DIRS/IOEB | |
| References | |
| IN-10-017 | |
| Download: ML101330321 (4) | |
ML101330321 UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
OFFICE OF NEW REACTORS
WASHINGTON, DC 20555-0001
September 10, 2010
NRC INFORMATION NOTICE 2010-17:
COMMON CAUSE FAILURE OF BOILING-WATER
REACTOR RECIRCULATION PUMPS WITH
VARIABLE SPEED DRIVES
ADDRESSEES
All holders of an operating license or construction permit for a nuclear power reactor issued
under Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of
Production and Utilization Facilities, except those who have permanently ceased operations
and have certified that fuel has been permanently removed from the reactor vessel.
All holders of or applicants for a standard design certification, standard design approval, or
combined license issued under 10 CFR Part 52, Licenses, Certifications, and Approvals for
Nuclear Power Plants.
PURPOSE
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform
addressees about two international events at boiling-water reactor (BWR) plants that
experienced a common cause failure of all recirculation pumps. The NRC expects that
recipients will review this information for applicability to their facilities and consider actions, as
appropriate, to avoid similar problems. However, suggestions contained in this IN are not NRC
requirements; therefore, no specific action or written response is required.
DESCRIPTION OF CIRCUMSTANCES
On June 13, 2008, at Forsmark Unit 2 in Sweden, lightning strikes caused a short circuit on the
offsite power grid. This resulted in a transient that tripped all eight reactor recirculation pumps.
Each recirculation pump circuit contains an integral flywheel to prevent a rapid reduction in
pump speed. The mass of the rotating flywheel stores mechanical energy that is converted to
electrical power by a flywheel-generator and inverter/rectifier to continue to power the drive
system DC-bus (one DC-bus common for two pump-drive inverters) upon a dip in or loss of the
normal electrical power. When the inverter/rectifier is operable, the alternate power allows for
an unchanged pump speed (in case of power dips) or a more gradual reduction in pump speed
(in case of significant loss, signaled by equipment protection). In the case of a reactor
recirculation pump, the coastdown produces a correspondingly more gradual reduction in
recirculation flow. However, at Forsmark Unit 2, the lightning strike tripped the normal electric
power rectifier due to a sensitive protection setting; furthermore, due to a design flaw, the
protective action was not signaled to the inverter/rectifier controller for the flywheel-generator. As a result, the recirculation pump motors rapidly consumed the flywheel-generators stored
energy. With no available energy storage, the recirculation pumps reduced speed faster than
the assumed transient analyses in the Forsmark Unit 2 safety analysis report. The reduced
coastdown time resulted in a short violation of the safety limit minimum critical power ratio on
84 core channels/fuel elements and a transient dryout condition in 18 of those core channels.
Based on its review of the analysis and inspection results that revealed no fuel damage, the
Swedish Radiation Safety Authority granted the licensees request for continued use of the
affected fuel.
On May 30, 2008, Olkiluoto Unit 1 in Finland had a reactor trip from 60 percent power. An
electrical transient resulted in a common cause failure that caused all six recirculation pumps to
stop unexpectedly. Although the coastdown of the recirculation pumps was shorter than
expected, the transient had no effect on fuel integrity.
BACKGROUND
Related NRC Generic Communications include the following:
- NRC IN 96-56, Problems Associated with Testing, Tuning, or Resetting of Digital Control
Systems While at Power, dated October 22, 1996 (Agencywide Documents Access and
Management System (ADAMS) Accession No. ML031050587). This IN highlighted the
importance of evaluating and controlling on-line manipulations of digital control systems, such as resetting a processor or performing on-line software changes, to avoid reactor
transients and plant trips.
- IN 2010-10, Implementation of a Digital Control System under 10 CFR 50.59, dated
May 28, 2010 (ADAMS Accession No. ML100080281). This IN discusses that for digital
upgrades to systems that are highly safety-significant, a defense-in-depth and diversity
analysis is performed as part of the design process to ensure that the plant has adequate
capability to cope with software common-cause failure vulnerabilities.
DISCUSSION
Unlike Olkiluoto Unit 1 and Forsmark Unit 2, U.S. BWRs do not have recirculation pump designs
that rely on energy storage separate from the recirculation pump motor and generator that could
influence recirculation system flow following a scram. In the U.S. BWR designs, the combined
rotating inertias of the recirculation pump and motor, the motor generator set, and the variable
speed coupling are used to provide a relatively slow coastdown of flow following loss of power
to the drive motors which helps ensure that the core is adequately cooled.
The specific common cause failure that occurred at Olkiluoto and Forsmark is not an issue for
U.S. BWRs. However, digital variable speed drive (VSD) technology may increase the
complexity of the recirculation pump control system and may introduce new failure modes such
as software programming errors, network problems, loss of power, and the failure of control
boards, that can lead to unplanned changes in pump speed. Previous operating experience for
recirculation pump VSD includes instances of unintentional reactivity changes during power
operation. Although the recirculation pump motors are generally non-safety related, as the
industry upgrades their systems to digital VSD, it is important that licensees understand the potential unexpected recirculation pump behaviors that might affect core reactivity or safety
limits. As part of the design process when upgrading to digital VSD technology on recirculation
pump systems, the following are important considerations:
Perform evaluations to identify failure modes for digital VSDs to include sources of
common-cause failure, such as software.
Determine if the consequences of a digital VSD common-cause failure could lead to
reactivity events that have not been analyzed in the plant safety analysis.
Ensure the reactor protection system maintains plant safety within its design basis even
with a common-cause failure.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor
Regulation (NRR) project manager.
/RA/
/RA by JTappert for/
Timothy McGinty, Director
Glenn Tracy, Director
Division of Policy and Rulemaking
Division of Construction Inspection and
Office of Nuclear Reactor Regulation
Operational Programs
Office of New Reactors
Technical Contacts: Joseph Giantelli, NRR
Pong Chung, NRR
301-415-0504
301-415-2473
E-mail: joseph.giantelli@nrc.gov
E-mail: pong.chung@nrc.gov
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections. potential unexpected recirculation pump behaviors that might affect core reactivity or safety
limits. As part of the design process when upgrading to digital VSD technology on recirculation
pump systems, the following are important considerations:
Perform evaluations to identify failure modes for digital VSDs to include sources of
common-cause failure, such as software.
Determine if the consequences of a digital VSD common-cause failure could lead to
reactivity events that have not been analyzed in the plant safety analysis.
Ensure the reactor protection system maintains plant safety within its design basis even
with a common-cause failure.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor
Regulation (NRR) project manager.
/RA/
/RA by JTappert for/
Timothy McGinty, Director
Glenn Tracy, Director
Division of Policy and Rulemaking
Division of Construction Inspection and
Office of Nuclear Reactor Regulation
Operational Programs
Office of New Reactors
Technical Contacts: Joseph Giantelli, NRR
Pong Chung, NRR
301-415-0504
301-415-2473
E-mail: joseph.giantelli@nrc.gov
E-mail: pong.chung@nrc.gov
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections.
ADAMS Accession Number: ML101330321
TAC ME3898 OFFICE DIRS/IOEB
DE/EICB
Tech Editor
BC/DIRS/IOEB
BC/D/EICB
D/NRR/DE
NAME
JGiantelli
PChung
JThorp
BKemper
PHiland
DATE
07/27/10
07/27/10
08/15/10 e-mail 07/27/10
07/27/10
07/28/10
OFFICE NRR/PGCB
NRR/PGCB
BC/NRR/PGCB DD/OIP
D/NRO/DCIP
D/NRR/ DPR
NAME
CHawes
DBeaulieu
SRosenberg
SMoore
GTracy JTappert
for
TMcGinty
OFFICE 08/26/10
08/25/10
08/26/10
09/09/10
09/10/10
09/10/10
OFFICIAL RECORD COPY