ML003739470: Difference between revisions
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
StriderTol (talk | contribs) (Created page by program invented by StriderTol) |
||
Line 26: | Line 26: | ||
I~Bill M. Morris, Dir~~or Division of Regulator$ App1licati ons Office of Nuclear Regtilatory Research | I~Bill M. Morris, Dir~~or Division of Regulator$ App1licati ons Office of Nuclear Regtilatory Research | ||
U.S. NUCLEAR REGULATORY COMMISSION April 1996 OFFICE OF NUCLEAR REGULATORY RESEARCH Division 1 Draft DG-1046 DRAFT REGULATORY GUIDE IContact:_DP._Allison_301)415_683 Contact: | U.S. NUCLEAR REGULATORY COMMISSION April 1996 OFFICE OF NUCLEAR REGULATORY RESEARCH Division 1 Draft DG-1046 DRAFT REGULATORY GUIDE IContact:_DP._Allison_301)415_683 | ||
==Contact:== | |||
D.P. Allison (301)415-6835 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR REPORT**G RELIABILITY AND AVAILABIL M._*, | |||
FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position. | FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position. | ||
Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement. Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996. | Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement. Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996. |
Revision as of 05:02, 24 December 2019
ML003739470 | |
Person / Time | |
---|---|
Issue date: | 04/30/1996 |
From: | Office of Nuclear Regulatory Research |
To: | |
References | |
DG-1046 | |
Download: ML003739470 (92) | |
Text
"UNITEDSTATES 0* NUCLEAR REGULATORY COMMISSION Z WASHINGTON, D.C. 205D5-0001 April 1996 Division 1 April 26, 1996 Task DG-1046 TO: DISTRIBUTION LIST FOR DIVISION I REGULATORY GUIDES
SUBJECT:
DRAFT REGULATORY GUIDE DG-1046, "GUIDELINES FOR REPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT IN NUCLEAR POWER PLANTS" notice of On February 12, 1996, the Nuclear Regulatory Commission published a for proposed rulemaking (61 FR 5318) that would require that licensees commercial nuclear power plants report plant-specific summaries of to the reliability and availability data for selected systems and equipment 50, NRC. This proposed Section 50.76, which is intended for 10 CFR Part also "Domestic Licensing of Production and Utilization Facilities," would require that records and documentation of each occurrence of a demand, data failure, or unavailable period that provides the basis for the summary reported to the NRC be maintained onsite and available for NRC inspection.
to The NRC has prepared Draft Regulatory Guide DG-1046 to provide guidance licensees on methods that would be acceptable to the NRC staff for implementing the proposed rule. This draft regulatory guide is being published for public comment in conjunction with public comment on the proposed rule, Section 50.76.
Comments should be submitted to the Chief, Rules Review and DirectivesU.S.
Branch, Division of Freedom of Information and Publication Services, Nuclear Regulatory Commission, Washington, DC 20555-0001. The public Comments comment period for the draft regulatory guide ends on July 5, 1996. so, but received after that date will be considered if it is practical to do assurance of consideration cannot be given for late comments.
The NRC staff is planning to conduct a workshop on June 4, 1996, to discuss the draft regulatory guide and the proposed rule. A public announcement providing information on the workshop is being published in the Federalis Register along with the announcement that this draft regulatory guide available for public comment.
I~Bill M. Morris, Dir~~or Division of Regulator$ App1licati ons Office of Nuclear Regtilatory Research
U.S. NUCLEAR REGULATORY COMMISSION April 1996 OFFICE OF NUCLEAR REGULATORY RESEARCH Division 1 Draft DG-1046 DRAFT REGULATORY GUIDE IContact:_DP._Allison_301)415_683
Contact:
D.P. Allison (301)415-6835 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR REPORT**G RELIABILITY AND AVAILABIL M._*,
FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position.
Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement. Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001. Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996.
Requests for single copies of draft guides (which may be reproduced) or for placement on an automatic distribution list for single copies of future guides in specific divisions should be made in writing to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention: Office of Administration, Distribution end Mail Services Section.
TABLE OF CONTENTS A. INTRODUCTION . . . . . . . . . . . . . . . . . . .
B. DISCUSSION . . . . . . . . . . . . . . . . . . . .
- 1*2 C. REGULATORY POSITION ..... .................
- 14
- 11I
- 1. Reportable Systems .............
- 15 1.1 Basic Systems . . . . . . . . . . . . .
- 17
- 9 1.2 Other Reportable Systems .......
1.3 Boundaries of Systems, Trains, and Equipment Groups .
- 2. Reportable Plant Operational States ....
- 12
- 3. Reportable Demands .............
- 14
- 4. Reportable Run Times ............ *
- 17 15
- 5. Reportable Failures ............
- 16 5.1 Failure on Demand ...........
- 17 5.2 Failure To Run . . . . . . . . . . . .
- 17 5.3 Recoverable Failures .........
- 18
- 6. Unavailable Hours
- 18
- 7. Hours in Plant Operational States .....
- 19
- 8. Concurrent Unavailable Hours ........
- 20
- 9. Annual Reports . . . . . . . . . . . . . . .
- 20 9.1 Summary Reliability and Availability Data
- 20 9.2 Failure Records . .. . . . . . . . . .
- 20 9.3 Identification of Systems, Trains, and Equipment Groups 21 9.4 Electronic Submittal .........
- 21
- 10. Onsite Data Storage ..... .............
- 22 DRAFT REGULATORY ANALYSIS ..... ................ R/A-1
APPENDICES APPENDIX A, Proposed Section 50.76, Including Statement of Considerations ...... ........................... A-i APPENDIX B, Glossary .............. ............................ B-i APPENDIX C, Examples of Reportable Systems ..... ................ ... C-i APPENDIX D, Risk Importance Measures ....... ................... .. D-i APPENDIX E, Defining Systems, Trains, and Equipment Group Configurations and Data Reporting Forms .... ........... .. E-1 APPENDIX F, Component Failure Records ...... ................... ... F-i APPENDIX G, Event Log ........... ........................... G-1
A. INTRODUCTION On February 12, 1996, the Commission published for public comment a proposed rule, Section 50.76, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (61 FR 5318). The proposed rule is intended for Part 50, "Domestic Licensing of Production and Utilization Facilities," of the NRC's regulations in Title 10 of the Code of Federal Regulations. A copy of the proposed rule is provided in Appendix A.
The proposed rule would require that licensees for commercial nuclear power reactors report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. It would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the summary data reported to the NRC be maintained onsite and made available for NRC inspection for 5 years.
A public workshop will be held soon after publication of this draft regulatory guide to receive comments on the proposed Section 50.76 and the supplemental guidance in this guide for implementing the proposed rule. The comment period for this proposed rule will not expire until at least 30 days after publication of this draft guide. The NRC intends to publish the final rule in December 1996.
As stated in the proposed Section 50.76, licensees would begin reporting the summary data, compiled on the basis of calendar quarters (or on a more frequent basis at the option of each licensee), for the calendar year 1997.
The first report, covering January 1 through December 31, 1997, would be submitted by January 31, 1998. Thereafter, each annual report would be submitted by January 31 of the following year.
Many terms are defined in the Glossary in Appendix B as they are used in this guide. Appendix C lists examples of systems to be reported, and Appendix D discusses risk-importance measures. Appendix E helps define systems, trains, and equipment group configurations for reporting and presents some examples of systems; it also provides some data reporting forms. Appendix F discusses records of component failures, and Appendix G is an example of an event log.
This draft regulatory guide is being developed to provide guidance to licensees on the summary data to be reported to the NRC and on the basic data I
to be maintained onsite and available for NRC inspection. It is being published for public comment in conjunction with the public comment on the proposed Section 50.76.
Regulatory guides are issued to describe and make available to the public such information as methods acceptable to the NRC staff for implementing specific parts of the Commission's regulations, techniques used by the staff in evaluating specific problems or postulated accidents, and guidance to applicants. Regulatory guides are not substitutes for regulations, and compliance with regulatory guides is not required. Regulatory guides are issued in draft form for public comment to involve the public in the early stages of developing the regulatory positions. Draft regulatory guides have not received complete staff review and do not represent official NRC staff positions.
This draft regulatory guides proposes information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This regulatory guide will be submitted to the Office of Management and Budget with the final rule for review and approval of the information collections.
The public reporting burden for this collection of information is estimated to average 1,375 hours0.00434 days <br />0.104 hours <br />6.200397e-4 weeks <br />1.426875e-4 months <br /> per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments on any aspect of this collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet electronic mail to BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0011), Office of Management and Budget, Washington, DC 20503.
The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.
2
B. DISCUSSION OVERVIEW The data collected under the proposed Section 50.76 are intended to provide reliability and availability data on selected systems and equipment in U.S. commercial nuclear power plants for use by both the NRC and its licensees.
The regulatory guide is intended to provide a flexible framework to obtain consistent data yet allow licensees to use existing data collection programs to the extent they are applicable. The reporting is intended to include the most risk-significant systems that are a subset of the risk-important systems already identified for implementation of the maintenance rule. It is estimated that a typical plant will have 7 to 10 reportable systems. Licensees will also be able to use existing surveillance and inservice test information along with information on unplanned ESF actuations to satisfy most, if not all, of the equipment demand reporting requirements. The data would be compiled by NRC in a centralized database. The definitions and information requested are intended to be sufficient to qualify the database for regulatory applications of probabilistic risk assessment (PRA) that fall within the limitations of the data. This regulatory guide has the following major features:
Only the most risk-significant systems are subject to reporting.
Regulatory Position 1.1 lists five basic systems that the NRC has determined should be reported for all plants. Regulatory Position 1.2 provides acceptable methods for licensees to determine other systems that are reportable on a plant-specific basis.
As discussed in Regulatory Position 1.3, flexibility is provided for the identification of boundaries of systems, trains, and equipment groups.
It is recommended that boundaries be defined so that systems, trains, and equipment groups are defined by a similarity of demands for equipment.
Licensees have considerable flexibility in defining boundaries to allow the use of existing testing and onsite data collection systems.
Demand and failure counts and hours that trains and equipment groups are unavailable should be identified by the train or equipment group in which 3
they occurred and the plant operational state at the time of occurrence.
(See Regulatory Position 2.)
Demands and any failures on demand should also be identified by the type of demand: (1) actual demands to perform a risk-significant safety function,' (2) spurious actuations of a train or equipment group that closely simulate actual demands, and (3) test demands. (See Regulatory Position 3.)
Degradations in equipment performance that deviate from the design basis but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under 10 CFR 50.76.
(See Regulatory Position 5.)
The hours that reportable trains and equipment groups were unavailable are reportable, whether planned or unplanned, and whether due directly to equipment in the reportable train or equipment group or due to a support system being unavailable. (See Regulatory Position 6.)
Initially, licensees should: (1) determine their reportable systems; (2) identify their risk-significant safety functions; (3) define the trains and equipment groups for these systems; and (4) identify the plant operational states for which the specified trains and equipment group data are reportable.
They should then track or log the required data and annually report the summary data as discussed in Regulatory Position 9. Licensees should keep onsite the 1The term "safety function" as used here does not necessarily correspond to (1) safety-related systems, structures, and components, as currently defined in 10 CFR 50.49, (2) a facility's design basis, (3) a facility's licensing basis, or (4) operability requirements in a facility's technical specifications. The "risk-significant safety function" is a function that has or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity. It should also be noted that the staff's current guidance on operability requirements is provided in Generic Letter 91-18, November 7, 1991,
Subject:
Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Nonconforming Conditions and on Operability. Copies are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.
4
records and documentation that provide the basis for the summary data reported to the NRC. (See Regulatory Position 10.)
Figure I is a flowchart of the guidelines for implementing the proposed rule.
C. REGULATORY POSITION The methods provided in this Regulatory Position describe means that would be acceptable to the NRC staff for meeting the requirements of the proposed Section 50.76 to 10 CFR Part 50.
The demand counts, failure counts, unavailable hours, and run time information reported to the NRC should be sufficiently accurate to allow the NRC and licensees to estimate equipment reliability and to perform risk analyses. Occasional minor errors in the reported number of actual or spurious demands, failures, or unavailable hours would be considered to be within an acceptable level of accuracy if they do not (1) have a systematic bias in one direction, (2) appear consistently in many systems, or (3) result in significant impacts on the estimated reliability and risk parameters. When estimates of demands are used, they should be very close to the average of actual counts of demands in a reporting period, consistent with the standards provided above.
- 1. REPORTABLE SYSTEMS Reportable systems are the most risk-significant systems that are a subset of the systems identified for implementation of the maintenance rule.
They include (1) a generic set of systems that the NRC has determined should be reported by all licensees, called "basic systems," and (2) other risk significant systems that individual licensees determine to be subject to the proposed rule on a plant-specific basis.
5
I I FIGURE 1. Implementation of Guidelines for Reporting Reliability Data (Italics indicate sections of this regulatory guide that provide guidance.)
6
1.1 Basic Systems TABLE 1. Basic Systems for PWRs PWR Basic System Risk-Significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads for loss of off-site power.
Reactor protection system Reactor trip for accident or transient (RPS) conditions.
Auxiliary feedwater (AFW) Decay heat removal in accident or transient system conditions, including loss of off-site power and station blackout.
High-pressure safety Safety injection, small loss-of-coolant injection (HPSI) system accident (LOCA), medium LOCA and feed and bleed.
Decay heat removal for large LOCA, post-LOCA recirculation phase.
Reactor vessel makeup during shutdown.
Low-pressure safety Safety injection, medium LOCA and large LOCA.
injection (LPSI) system/RHR Boost for high-pressure safety injection pumps at some plants for small LOCA (post LOCA recirculation phase) or for feed and bleed.
Decay heat removal for large LOCA, post-LOCA recirculation phase and shutdown operations.
Reactor vessel makeup during shutdown.
7
1_
TABLE 2. Basic Systems for BWRs BWR Basic System Risk-significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads on loss of off-site power.
Reactor protection system Reactor trip for accident or transient (RPS) conditions.
Reactor core isolation Reactor vessel injection for loss of off-site cooling system (RCIC) or power, loss of feedwater, very small LOCA, or station blackout.
Isolation condenser Core cooling via natural circulation for loss of off-site power, loss of feedwater, main condenser isolation, or station blackout.
High-pressure coolant Reactor vessel injection from condensate injection system (HPCI) storage tank or suppression pool for loss of off-site power, loss of feedwater, small LOCA, medium LOCA, or station blackout.
High-pressure core spray Reactor vessel injection from condensate system (HPCS) or storage tank or suppression pool for loss of off-site power, loss of feedwater, LOCA, or station blackout.
Feedwater coolant injection system (FWCI) Reactor vessel injection from condensate storage tank or suppression pool for loss of off-site power, loss of feedwater or LOCA.
Low-pressure coolant Reactor vessel injection from the condensate injection function of storage tank (CST) or suppression pool under residual heat removal low pressure conditions.
(RHR), low-pressure coolant injection (LPCI) and/or low pressure core spray (LPCS) system(s) and Heat removal function of Decay heat removal from the suppression pool RHR. or the reactor under low pressure conditions.
8
Some plants may have different names for the systems and equipment that provide the above risk-significant safety functions. The plant-specific names should be used as appropriate to identify the systems and equipment that accomplish the risk-significant safety functions discussed above. (Examples are provided in Appendix C).
1.2 Other Reportable Systems Each licensee should determine whether there are other plant systems, besides the basic systems, that are of sufficient risk-significance to be reportable. Systems and equipment groups are reportable if they have or could have a significant effect on risk in terms of avoiding core-damage accidents or preserving containment integrity. Generally, these systems should contribute as much or more to core-damage frequency as the basic systems. Systems meeting one or more of the following conditions should be considered reportable:
Systems with relatively high risk-importance measures as determined from the plant's full PRA.
Systems necessary for assurance of the more risk-significant aspects of containment integrity (e.g., prevent gross containment failure).
Systems necessary for shutdown from a risk perspective (decay heat removal and makeup functional capability).
To begin the process of identifying these systems, licensees should use one of two lists of systems and equipment:
(1) Licensees may use the list of SSCs determined to be risk-significant for the maintenance rule as an initial list.
(2) Licensees may wish to make a more specific determination of the systems and equipment that meet the risk-significance level intended by the proposed rule. If so, the licensee should calculate two measures, the Fussell-Vesely (FV) measure and the ratio form of the Risk Achievement Worth (RAW) measure. Systems and equipment with FV Ž 0.1 or RAW Ž 100 9
should be included in the initial list. The formulas for these measures are given in Appendix D.
A multidisciplinary expert panel, similar to the expert panel used for implementation of the maintenance rule, should use (1) or (2) above as an initial list of safety systems. The panel should then use PRA insights and evaluate other relevant application-specific information to add or delete systems to derive a list of other reportable systems. The panel should consider the following:
Systems that are important because their failure or malfunction could result in accident-initiating events need not be considered reportable unless they also have a risk-significant mitigative function. An example of a system that would not generally be reportable is the offsite (preferred) power system.
Support systems that serve several reportable systems would generally be reportable separately. However, only the trains or equipment groups that provide the principal functional capability of the system would be reported separately as a reportable support system. Trains or equipment groups in support systems that provide a dedicated support function to a single train or equipment group in a reportable system need not be reported separately or as part of a reportable support system. The reliability and availability of this support system equipment will be evidenced by its impact on reportable front-line system reliability and availability. (See Appendix E for additional guidance.)
Risk-significant structures such as containment structures and ice condensers, for which risk is more a function of capability than reliability, need not be considered reportable. However, other systems and equipment that are important for containment integrity should be considered for reportability. The expert panel should consider containment spray, containment fan coolers, suppression pool cooling, containment vacuum breakers, and portions of containment isolation with regard to their risk-significant effect on containment integrity.
Containment isolation would be a candidate to the extent that there may 10
be relatively large penetrations that are open frequently (i.e., greater than 1% of the time the reactor is operating) and could contribute to gross containment function failure.
Systems and equipment that are risk-significant only because of operator error for actuation, operation, or termination of a risk-significant safety function need not be considered reportable. The scope of the proposed rule is limited to data on equipment reliability and availability. For example, power operated relief valves would not be reportable if they were risk-significant only because of the likelihood of operator failure to open them for feed and bleed. However, this exclusion would not apply to operator or other personnel errors that could unintentionally make equipment inoperable (unavailable) with respect to its risk-significant safety function.
Systems and equipment that make a large contribution to risk during shutdown and are significant contributors to total risk should be considered reportable. The panel should consider the mitigation systems necessary for safety functions during shutdown, e.g., decay heat removal, primary inventory control, and pressure relief. The primary interest in these systems is in their availability to respond to shutdown accident scenarios.
1.3 Boundaries of Systems, Trains, and Equipment Groups The boundaries of systems, trains, and equipment groups should be defined by the nature of the demands so that the information to be reported on demands and unavailability is consistent with testing and other actuations of the equipment. Thus, trains or parts of trains that are actuated to perform a safety function or part of a safety function should be included in an equipment group. This will allow the use of tests and other actuations for all equipment within the group to be counted as one unit to simplify counting demands and unavailability. However, licensees have great flexibility in defining the boundaries of systems, trains, and equipment groups to facilitate tracking of demands associated with routine testing and other actuations (planned or unplanned), as well as considering existing data systems and technical 11
specifications. Licensees who choose an alternative method of defining trains and equipment groups should select groups of components with essentially the same test frequency and report counts of their demands.
Licensees should submit diagrams for all reportable systems, trains, and equipment groups that indicate the principal active and passive components.
Some suggested principles and a number of detailed examples for identifying and delineating systems, trains, and equipment groups are provided in Appendix E.
- 2. REPORTABLE PLANT OPERATIONAL STATES Data for reportable systems should be reported for those plant operational states for which the systems could be demanded to perform their risk-significant safety function. Data on unavailability need not be reported for operational states in which the refueling cavity is more than half full or the reactor is defueled. Reportable surveillance test demands and associated failures should be reported any time there is a valid test actuation of the reportable systems, trains, or equipment groups that meets reportability guidance (see Regulatory Position 3).
For reporting under the proposed rule, "plant operational states" should be defined by the following:
Plant operational states for PWRs:
PI Power operations and shutdown conditions without RHR initiation P2 Shutdown conditions with RHR cooling and RCS unvented P3 Shutdown conditions with RHR cooling and RCS vented but not in reduced inventory P4 Reduced inventory Plant operational states for BWRs:
BI Power operations and shutdown conditions without RHR initiation B2 Shutdown conditions with RHR cooling and RCS unvented B3 Shutdown conditions with RHR cooling and RCS vented Tables 3 and 4 show the plant operational states for which the data should be reported for the "basic systems."
12
TABLE 3. Plant Operational States for PWRs P1 P2 P3 P4 PWR Power Shutdown Shutdown Reduced Basic Operation Conditions Conditions Inventory Systems and Shutdown with RHR with RHR Modes Cooling Cooling and without RHR and RCS RCS Vented Initiations Unvented but not in Reduced Inventory Emergency ac power yes yes yes yes system Reactor protection yes no no no system Auxiliary feedwater yes yes no no system High-pressure safety yes yes yes yes injection system Low-pressure safety yes yes yes yes injection system/RHR _ I III 13
TABLE 4. Plant Operational States for BWRs BI B2 B3 BWR Power Shutdown Shutdown Basic Operation and Conditions Conditions Systems Shutdown with RHR with RHR Conditions Cooling and Cooling and without RHR RCS RCS Vented Initiation Unvented Emergency ac power system yes yes yes Reactor protection system yes no no Reactor core isolation cooling yes yes no system or Isolation condenser yes yes no High-pressure coolant injection yes yes no system High-pressure core spray system yes yes no or Feedwater coolant injection yes yes yes system Low-pressure coolant injection yes yes yes function of residual heat removal, low-pressure coolant injection or low-pressure core spray systems and Heat removal function of RHR yes yes yes and containment spray systems I II_ I For systems that are determined to be reportable based on their plant specific risk significance, reliability data should be reported for those plant operational states during which they could be used to perform their risk significant safety function.
- 3. REPORTABLE DEMANDS A reportable demand is an instance when a basic system or other risk significant system, train, or equipment group is actuated to perform its risk significant safety function. A demand may be manual or automatic. Reportable I 14
demands should include (1) actual demands, (2) spurious demands that closely simulate actual demands, (3) test demands that involve, or, if actually demanded, would involve, simultaneous or integrated actuation of all components in the system or train, and (4) certain partial train tests that provide data necessary to estimate train reliability. These partial test demands, although conducted at different time intervals, can be combined to estimate the demand reliability of the train. These partial train tests may include mini-flow pump tests, diesel generator monthly tests, valve stroke tests, RPS actuation channel tests, and special integrated system tests conducted during refueling outages. Individual component tests (e.g., valve stroke tests) that are conducted at roughly the same frequency could be reported as demands for that group. Additional guidance and examples are provided in Appendix E.
When it is impractical to count individual demands and a reasonable basis for estimating demands has been established, the reported demands may reflect the general history of the equipment rather than an exact count of every demand. The basis for count estimates of demands should be modified when changes in plant operations and testing make the estimated values inaccurate for reliability estimates. (See the discussion of accuracy at beginning of the Regulatory Position.) The use of estimated demands would not apply to actual or spurious demands to perform a risk-significant safety function or to surveillance required by technical specifications.
Test demands following maintenance or repair of equipment, if they are used to demonstrate that the equipment is ready to return to service, should not be counted as reportable demands.
Examples of reportable demands are provided in Appendix E.
- 4. REPORTABLE RUN TIMES Certain systems are required to start and operate for a relatively long test or mission time. These systems include the emergency ac power system, the fluid systems listed in Regulatory Position 1.1 and similar reportable systems selected by the methods in Regulatory Position 1.2 with risk-significant mission run times of about eight hours or more. For all run times or hours of operation greater than one hour for these systems, licensees should report (1) the number of demands (either test or in response to an actual demand) to run 15
for an hour or more, (2) the number of these runs that ended in failure, and (3) the total hours of operation of these runs (the sum of all run times greater than an hour from the time of the demand to the end of the operation).
Data on run time must be reported by the train or equipment group, by the type of demand, and by the plant operational state at the time of the demand to run.
Appendix E describes a way to report these data that is acceptable to the NRC staff.
- 5. REPORTABLE FAILURES A failure is reportable when a reportable system, train, or equipment group fails to perform its risk-significant safety function in response to a reportable demand. This information is used in conjunction with the count of reportable demands to estimate unreliability. This information should be tabulated on the data sheets provided in Appendix E. In addition, a component failure record, as described in Appendix F, should be provided. The component failure record is used to identify the actual component that failed, its cause, the effect of the failure, and other pertinent information.
Some risk-significant systems have multiple success paths because of their complexity of design and multiple safety function requirements. These systems are not easily divided into simple trains or equipment groups with simple train-level success criteria. While it may be appropriate to combine multiple success paths into a single train or equipment group for the purpose of counting demands, it would be inappropriate to report failures at that level. For example, the valves between the pumps and steam generators in a headered auxiliary feedwater system may be required to direct flow from only one pump to only one steam generator for success in some sequences, but may be required to direct flow from two pumps to two or more steam generators for success in other sequences. Thus, the failure of any of these injection valves is of potential risk-significance. A failure record is required for each principal component failure of a reportable system, train, or equipment group.
A principal component failure is also reportable when discovered by means other than a reportable demand (e.g., it is found to be unable to perform its risk-significant safety function because of actual or incipient failure by inspection or other nonreportable demands.
16
A failure in a front-line reportable system, train, or equipment group may be due to the failure of a component from a support system. If the failed support system component provides a dedicated support function to a single train or equipment group in the reportable system (as discussed in Regulatory Position 1.2), the failure of the support system component should be reported against the reportable front-line system. If the dedicated component is not indicated on the systems diagram for the reportable system, the component failure record should describe the component and its function. For example, if the heat exchanger from the service water system that is dedicated to a specific diesel generator became plugged resulting in the failure of the diesel generator, the failure should be reported as a failure of a train in the emergency ac power system due to failure of the service water heat exchanger.
On the other hand, if a failed support system component fails or causes the unavailability of more than one reportable front-line system, and the support system is also designated as a reportable system, the failure should be reported as a failure of the support system. The accompanying component failure record should describe the effects on the front-line systems. If this same situation occurs in a support system that is not itself a reportable system, the failures of each affected front-line system should be reported, with a single component failure record that indicates the connection of all the affected systems to the single support system component failure. For example, if failure of a service water pump results in failure of an emergency diesel generator (EDG) and loss of an RHR train, it should be reported as a service water system failure that caused failure or unavailable hours for an EDG train and an RHR train.
Degradations in equipment performance that do not satisfy operability requirements for design basis accidents but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under this rule (e.g., an emergency diesel generator start in 11 to 12 seconds, when the requirement to start is within 10 seconds, would not be reportable). If there is reasonable doubt about the reportability of an equipment degradation as a failure, or if precise analysis of operational capability is required to determine whether the equipment degradation represents a risk-significant safety function failure, the degradation should be reported as a failure with an appropriate explanation.
17
Failure records should be submitted to NRC with the annual reports.
Guidance on the content and format of failure records is provided in Appendix F.
5.1 Failure on Demand Failures on demand should include failures to start and achieve a steady state condition (e.g., rated speed, flow, position) and failures to operate for up to one hour. Failures to change state on demand should include failures of valves and electrical equipment that must change state (open, close, make or break contact) to fulfill their risk-significant safety functions.
Failures on demand must be reported by the train or equipment group in which the failure occurred, the type of demand, and the plant operational state at the time of failure. See Appendix E for the format for reporting failure counts.
5.2 Failure To Run Failures that occur after a successful start (i.e., start and run for one hour) should be reported as a failure to run for the train or equipment group containing the failure. See Appendix E for the format for reporting data on failure to run.
5.3 Recoverable Failures Initial actuation or run failures that are promptly recovered in a time frame consistent with the risk-significant safety function are not reportable.
The following guidance should be used:
Actuation and run failures that are promptly recovered from the control room in a short period and don't require diagnosis or repair are not reportable. The length of time for successful recovery depends on the function that must be performed, but is generally limited to less than 5 minutes. For example, failure of an emergency diesel generator to start automatically would not be reported as a failure if an operator manually started the diesel generator from the control room within a few minutes.
18
For conducting functional tests, a component may be aligned to a test position that is different from its normal standby position, leaving the train or equipment group in a configuration that would not be capable of automatically satisfying its safety function. If an operator is stationed by the realigned component with the specific responsibility of realigning it to its safety function position in case a real demand occurs during the period of the test and a reportable demand occurs, the operator's successful realignment of the component would be a successful demand, not a reportable failure. Operator error or inability to successfully operate the equipment would be reported as a failure on demand.
Any other actions by the operator to recover failures of other components should be reported as failures.
- 6. UNAVAILABLE HOURS Unavailable hours are the period of time that a reportable system, train, or equipment group is not capable of performing its risk-significant safety function for reportable plant operational states. This may occur following a failure on demand or by removal of equipment from service (e.g., for maintenance or testing). Unavailable hours must be reported as either planned (preventive maintenance, test, or other planned activities) or unplanned (e.g.,
repair of a component resulting in a system or train being unavailable). It also includes time unavailable because a support system failed or was unavailable, rendering the train or equipment group incapable of performing its risk-significant safety function.
Unavailable hours do not include conditions that are promptly recoverable from the control room, such that the risk-significant safety function could be performed as needed. Nor do they include the loss of individual components that do not result in a reportable system, train, or equipment group being unavailable.
Unavailable hours should begin when a system, train, or equipment group is either removed from service for scheduled (planned) or corrective 19
(unplanned) maintenance, or is discovered to be incapable of performing the safety function by some means other than a reportable demand (e.g., by observation of mispositioned or damaged components). When reportable equipment is determined to be unavailable by means other than a reportable demand and it is not feasible to determine the time the equipment actually became unavailable, the time the equipment became unavailable should be estimated as the mid-point between the last time the failed component was known to be functional and the time it was discovered to be failed. For example, if a component is discovered to be inoperable because of corrosion that occurred since the last successful operation, it would be difficult to determine exactly when the corrosion reached the point that the component would have failed on demand. In this case, the unavailable time should be estimated as one half the time since the last successful test plus the corrective action time needed to restore the component back to an operable state.
- 7. HOURS IN PLANT OPERATIONAL STATES Licensees should report the number of hours during each quarter that the plant was in each of the plant operational states defined in Regulatory Position 2. Examples for reporting these hours are shown in Appendix E.
- 8. CONCURRENT UNAVAILABLE HOURS Concurrent unavailable hours are to be reported when two or more trains or equipment groups in the same or different reportable systems are unavailable at the same time. The intent is to report on a loss of redundancy within and between systems as well as a concurrent loss of two or more safety functions at the train or equipment group level. For each such instance, the concurrent unavailable hours (either known hours or hours estimated by the method suggested in Regulatory Position 6) and the identity of the trains or equipment groups should be reported.
20
- 9. ANNUAL REPORTS Licensees are required to submit annual reports of the reportable summary reliability and availability data, compiled on a quarterly basis. Licensees may report data more frequently or compile information more frequently than quarterly.
9.1 Summary Reliability and Availability Data Appendix E provides formats (or data sheets) that are acceptable to the NRC staff for submitting summary reliability and availability data, along with information on compiling specific data elements.
9.2 Failure Records As discussed in Regulatory Position 5, a failure record is required for each reportable failure. Appendix F lists the information that should be supplied in each failure record. A Nuclear Plant Reliability Data System (NPRDS) failure record may be submitted in lieu of the failure record of Appendix F if it contains the information identified in Appendix F.
9.3 Identification of Systems, Trains, and Equipment Groups The initial annual report should include brief descriptions identifying the systems, trains, and equipment groups to which the summary data apply.
Subsequent annual reports should identify changes made to the systems, trains, and equipment groups. The information provided on systems, trains, and equipment groups, should include the following items.
A list of the risk-significant systems and equipment that the licensee has determined on a plant-specific basis to be reportable under the rule, as discussed in Regulatory Position 1.2.
A brief description of the risk-significant safety functions for these systems, as for the basic systems in Regulatory Position 1.1, that could 21
be used to identify risk-significant successes, failures, and unavailable time.
The plant operational states for which reliability and availability data are reportable for each risk-significant system, train, and equipment group, as for the basic systems in Regulatory Position 2.
Simplified system diagrams for each reportable system, annotated to show each risk-significant train and equipment group associated with the various types of reportable demands and unavailable hours. Examples are provided in Appendix E. These diagrams should include principal component identifiers for all reportable components that would permit the linking of failure records to specific components in the system diagrams.
9.4 Electronic Submittal Documentation of reportable reliability and availability data, failure records, and descriptive material on the systems may be submitted by letter or electronically. There are several acceptable methods and formats for submitting data electronically. Files may be sent by e-mail over the Internet or by mailing a diskette containing the data.
- 10. ONSITE DATA STORAGE Licensees should maintain records and documentation to verify and validate the summary data reported to NRC. These records should be available for NRC review. Licensees may maintain a log of each demand, failure, or unavailable period that forms the basis for the summary data reported to the NRC. Alternatively, licensees may wish to state their methods or references for linking each reportable data element (demand, failure, or unavailable period) to existing plant records. Plant records could include such items as maintenance work orders and requests, maintenance rule documentation, plant monthly operating reports, control room logs, diesel generator room logs, operations and maintenance staff planning documents, and LERs. The staff 22
suggests a format similar to Appendix G to both ensure clarity and to provide a method of easily recording information on a frequent (daily or weekly) basis.
These records should cover a period of at least the 5 most recent calendar years.
23
APPENDIX A PROPOSED RULE SECTION 50.76, "uREPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT,"
INCLUDING THE STATEMENT OF CONSIDERATIONS Published in the Federal Register on February 12, 1996 (Volume 61, No. 29, pages 5318-5326)
A-i
5318 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules not required by 5 USC 553 or any other tobacco (i) must refund the price Authority: 7 U.S.C. 1421, 1423, 1441, 1445, provision of law to pubiish a notice of support loan amount for the individual 1445-1 and 1445-2; 15 U.S.C. 714b, 714c.
proposed rulemaking with respect to the lot and (ii) will be declared to be 2. Section 1464.8 is amended by subject matter of this rule. ineligible for any other tobacco price revising the introductory text to read as support for that year. follows:
Federal Assistance Program Because of the severity of the The title and number of the Federal consequences, there is sometimes a t1464.8 Eligible tobacco.
Assistance Program, as found in the reluctance to make a finding that the Eligible tobacco for the purpose of Catalog of Federal Domestic Assistance, violation was knowing and producers pledging such tobacco as collateral for a to which this rule applies are: will sometimes contend that the nesting price support loan is any tobacco of a Commodity Loans and Purchases was the act of irresponsible employees kind for which price support is 10.051 or other handlers of tobacco. However, available, as provided in § 1464.2. that there is no apparent reason why a is in sound and merchantable condition, Environmental Evaluation refund should not be demanded for a is not nested as defined in 7 CFR Part It has been determined by an loan made on any adulterated (nested) 29, and:
environmental evaluation that this lot whether it was, as to producer, * *t * *
- action will have no significant impact "knowingly" nested or not. It must be 3. Section 1"464.9 is amended by on the quality of the human the responsibility of the producer to revising paragraph (a) to read as follows:
environment. Therefore, neither an present eligible tobacco. Nesting environmental assessment nor produces false weights, and processing §1464.9 Refund of price support advance.
environment statement is needed. problems, and by producing undue loan * * *r
- at disbursements can cause losses that (a) Received a price support advance Executive Order 12372 ultimately are born by the tobacco on tobacco that was nested, as defined This program/activity is not subject to producer because of the "no net-cost" in part 29 of this title or otherwise not the provisions of Executive Order nature of the tobacco program. eligible for price support. The county 12372, which requires The proposed rule would make committee, with concurrence of a State intergovernmental consultation with explicit that a refund wi8ll be due from committee representative, may reduce State and local officials. See the notice the loan recipient on the individual the refund with respect to tobacco related to 7 CFR Part 3015, subpart V nested lot in all cases of nesting otherwise required in this part, in published at 48 FR 2915 (une 24, 1983). ("knowing" or not). However, the rules accordance with guidelines issued by would allow the Farm Service Agency the Deputy Administrator for Farm Executive Order 12778 (FSA) county conmmittee, with the This proposed rule has been reviewed Programs.
concurrence of the FSA State ft * * *
- in accordance with Executive Order committee, to reduce the amount of the 12778. The provisions of this proposed refund demanded, in accordance with Signed at Washington, D.C., on February 5, 1996. I rule are not retroactive and preempt guidelines of the FSA Deputy State laws to the extent that such laws Administrator for Farm Programs. This Bruce R. Weber, are inconsistent with the provisions of allowance will permit adjustments to Acting Executive Vice President,Commodity this proposed rule. Before any legal avoid undue hardships to producers. Credit Corporation.
action is brought regarding This rule would not adjust the terms [FR Doc. 96-2927 Filed 2-9-96; 8:45 am) determinations made under provision of under which a producer can lose BILUNG COoE 3410-05-M 7 CFR Part 1464, the administrative eligibility for the entire crop year. for all appeal provisions set forth at 7 CFR Part lots, as a result of a nesting violation.
780 must be exhausted. For that, a "knowing" violation will still NUCLEAR REGULATORY be required. The proposed rule is, COMMISSION Paperwork Reduction Act instead, addressed to the accounting for This proposed rule does not change the individual lot that is actually nested. 10 CFR Part 50 the information collection requirements This result would be accomplished by RIN 3150-AF33 that have been approved by OMB and modifying Part 1464.8 to make more assigned control number 0560-0058. explicit that nested tobacco is per se Reporting Reliability and Availability ineligible for price support. Also, Part Information for Risk-significant Background 1464.9 would be amended to remove the Systems and Equipment Nested tobacco is tobacco in a lot reference to "knowing" violations with containing a "nest" of inferior tobacco regard to demands for refunds on AGENCY: Nuclear Regulatory or foreign material, presumably, to individual lots. Commission.
increase the payment of loan weight of Comments on this proposed rule are ACTION: Proposed rule.
the lot. A formal definition of nesting is welcomed and should be submitted by found in regulations codified at 7 CFR the date indicated in this notice.
SUMMARY
- The Nuclear Regulatory Part 29 and that definition is Commission (NRC) is proposing to List of Subjects in 7 CFR Part 1464 amend its regulations to require that incorporated in the rules for the tobacco price support program found at 7 CFR Agriculture, Assessments, Loan licensees for commercial nuclear power Part 1464. program, Price support program, reactors report plant-specific summary In some cases, the nesting may not be Tobacco, Warehouses. reliability and availability data for risk discovered until later in processing, Accordingly, it is proposed that 7 CFR significant systems and equipment ' to well after a price support loan for the Part 1464 be amended as follows:
tobacco has been disbursed. Under IIn relation to this proposed rule, the term PART 1464-TOBACCO equipment is intended to apply to an ensemble of current tobacco program rules n 7 CFR components treated as a single entity for certain Part 1464.7 through 9, a producer found 1. The authority citation for part 1464 probabilistic risk assessments (PRAs) where a to have "knowingly" presented nested continues to read as follows: system or train treatment would not be appropriate.
A-2
l.Ajliial aoeuu'*, I VnV fR1. No. 29 / Mondav. February 12. 1996 / Proposed Rules 5319 51 11-A-i-I / Vol 61 No 29 / Monday, February 12, 1996 / Proposed Rules requirements in 10 CFR 50.65, the NRC. The proposed rule would also heading PaperworkReduction Act "Requirements for Monitoring the require licensees to maintain on site, Statement.
ADDRESSES: Mail written comments to:
Effectiveness of Maintenance at Nuclear and to make available for NRC Power Plants", also do not contain inspection, records and documentation U.S. Nuclear Regulatory Commission, reporting requirements.
that provide the basis for the summary Washington, DC 20555-0001, ATTN.: krecent years, plants have performed data reported to the NRC. The systems Docketing and Service Branch. Deliver Individual Plant Evaluations (IPEs), as and equipment for which data would be written comments to the NRC at One requested in Generic Letter 88-20 and provided are a subset of the systems and White Flint North, 11555 Rockville its supplements, and submitted the equipment within the scope of the Pike, Rockville, MD, between 7:30 am results to the NRC. These submittals maintenance rule. and 4:15 pm on Federal workdays. provide measures of risk such as core The Commission has determined that Send comments regarding the damage frequency, dominant accident reporting of reliability and availability collection of information, including the sequences, and containment release information is necessary to substantially burden estimate and suggestions for category information. While system and reducing the burden, to: (1) Desk component reliability data have been improve the NRC's ability to make risk of Information and effective regulatory decisions consistent Officer, Office Affairs, NEOB-I0202 (3150 collected as part of some utility IPEs, with the Commission's policy statement Regulatory 0011), Office of Management and this information is typically not on the use of probabilistic risk included in the IPE submittals to the 16, 1995; Budget, Washington, DC 20503, and (2) NRC.
assessments (PRAs) (August Information and Records Management 60 FR 42622). This would assist the PriorEfforts NRC in improving its oversight Branch (T-6F33), U.S. Nuclear Regulatory Commission, Washington, In late 1991 and through 1992, the capabilities with respect to public DC 20555-0001. For further information NRC staff participated on an INPO health and safety and becoming more se the discussion below under the efficient by focusing its regulatory established NRC/industry review group heading Paperwork Reduction Act to make recommendations for changes program on those issues of greatest risk significance and reducing unnecessary Statement. to the Nuclear Plant Reliability Data Copies of the draft regulatory analysis, System (NPRDS). The group's final regulatory burdens on licensees. The supporting statement submitted to to INPO to collect the recommendations Commission would use the data that the OMB, and comments received may PRA-related reliability and availability would be required by the proposed rule be examined, and/or copied for a fee, at: data would have provided most of in generic issue resolution, developing NRC Public Document Room, 2120 NRC's data needs. However, INPO took quantitative indicators that can assist in The L Street NW. (Lower Level), no action on these recommendations.
assessing plant safety performance, Washington, DC. During 1992 and 1993, the NRC staff performing risk-based inspections, and continued through correspondence and pursuing modifications to specific FOR FURTHER INFORMATION CONTACT:
Dennis Allison, Office for Analysis and meetings to outline the particular data plants and basic regulations and needed and to seek INPO's assistance in guidelines. Furthermore, this Evaluation of Operational Data, U.S.
Nuclear Regulatory Commission, obtaining the data. In a December 1993 information would improve the NRC's meeting with NUMARC (now the oversight of licensees' implementation Washington, DC 20555-0001, also Telephone (301) 415-6835. Nuclear Energy Institute (NEI)), INPO of the maintenance rule. It would representatives suggested their Safety enhance licensees' capabilities to SUPPLEMENTARY INFORMATION: System Performance Indicator (SSPI) as implement the evaluation and goal a surrogate for reliability data. They setting activities required by the Background proposed expanding the indicator to maintenance rule by providing licensees CurrentRequirements additional systems and indicated that with access to current industry-wide requirements to data elements could be modified to reliability and availability information There are no existing systematically report reliability and compute actual reliability and for some of the systems and equipment availability data. Although general within the scope of the maintenance availability information; nor is there an industry-wide database to provide such agreements were reached with INPO on rule. which systems and components and information.
DATES: Comments regarding any aspect Current reporting requirements in 10 what types of data elements are of the proposed rule are due to the CFR 50.72, "Immediate notification" appropriate for risk-related applications Commission by June 11, 1996. and 10 CFR 50.73, "Licensee event and maintenance effectiveness Comments received after that date will report system," require the submittal of monitoring, no voluntary system of be considered if it is practical to do so, extensive descriptive information on providing data resulted from these but the Commission can give no selected plant and system level events. discussions. In the fall of 1994, the NRC assurance of consideration for late The Nuclear Plant Reliability Data staff began work on this rulemaking comments. The Commission intends System, a data base that industry action. In June 1995, NEI proposed to that this expiration date will be at least supports and the Institute for Nuclear discuss a voluntary approach of 30 days after publication of an Power Operations (INPO) maintains, providing reliability and availability associated draft regulatory guide for provides data on component data to the NRC based on SSPI data. The public comment. engineering characteristics and failures. NRC staff will continue to work with In addition, comments regarding the Neither of these sources includes all the industry on voluntary submittal of collection of information, including the data elements (i.e., number of demands reliability data, under a program that burden estimate and suggestions for on a system, number of hours of will meet the needs of all parties, while reducing the burden, should be operation, and information on at the same time proceeding to obtain submitted to the Office of Management maintenance unavailability) that are public comment on this proposed rule.
and Budget (OMB), and to the NRC, by needed to determine the reliability and Industry representatives have March 13, 1996. For further information availability of systems and equipment. expressed concern that reliability data, see the discussion below under the Maintenance effectiveness monitoring if publicly available, would be subject to A-3
5320 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules misuse. In certain circumstances it is a technical problem, with its attendant is necessary to identify similar permissible for the NRC to withhold risk, that may warrant generic action. equipment in various plants so that the information from public disclosure. For Similarly, a plant-specific indication of data can be properly grouped and example, pursuant to 10 CFR low reliability or availability for several analyzed to estimate overall industry 2.790(b)(1), a licensee may propose that systems might indicate a programmatic performance and plant-specific a document be withheld from public problem, with its attendant risk, and performance and to identify outliers 2
disclosure on the grounds that it may warrant plant-specific action. (good or bad).
contains trade secrets or privileged or It has been noted that prior to some Some examples of how reliability and confidential commercial or financial significant events (such as the scram availability information would be used information. However, the data that failure at Salem and the accident at to improve current NRC regulatory would be reported under this proposed Three Mile Island) there was previously applications that consider risk in the rule would not appear to qualify for existing information (such as challenge decision process are discussed below.
withholding. Reliability data used as data and reliability data for scram One of the examples involves the need input to risk-based regulatory decisions breakers and power operated relief for information to support generic should be scrutable and accessible to valves) which, if collected, recognized, regulatory actions--i.e., generic issue the public. The Commission's PRA and acted upon might have led to resolution and its associated rulemaking policy statement indicates that preventive actions. Accordingly, it is or regulatory guide revision. Another appropriate supporting data for PRA expected that reliability and availability example involves the need for analyses that support regulatory information for selected risk-significant information to determine whether decisions should be publicly available. systems would improve the NRC's further NRC action is needed at specific Similarly, the Commission's draft report oversight capability with respect to plants--i.e., indicators of plant on public responsiveness (March 31, public health and safety-i.e., the ability performance. Some involve a mixture of 1995; 60 FR 16685) indicates that the to maintain or enhance safety by plant specific and generic elements. For policy of the NRC is to make identifying and reviewing indications of example, analyzing an event at a given information available to the public increased risk and, if appropriate, taking plant could lead to a plant-specific relating to its health and safety mission, generic or plant-specific action. action such as a special inspection and/
consistent with its legal obligations to Such problems could be subtle in or to a generic action such as a bulletin protect information and its deliberative nature. For instance, licensee(s) might or generic letter.
and investigative processes. schedule train outages for maintenance Generic Issue Resolution Commenters who believe that there is at certain times, such that risks are substantially increased over what would The NRC currently uses risk estimates information subject to a proper 10 CFR 2.790(b)(1) withholding determination be expected based on random outages. in: (1) prioritizing safety issues, (2)
This situation would not be indicated deciding whether new requirements or requested by the proposed rule should staff positions to address these issues provide a specific justification for such by current reporting requirements, or even by simply reporting train are warranted, and (3) deciding whether belief.
Move to Risk-Based Regulation unavailability, but it could be indicated by the concurrent unavailability of two proposed new requirements or staff positions should be implemented. I For several years the Commission has or more trains, as would be reported Knowing the current, updated reliability been working towards increased use of under the proposed rule. Additional and availability of key systems would, PRAs in power reactor regulation. In its examples discussed below describe in some cases, lead to a better policy statement on the use of PRAs, the further specific uses of the data that understanding of the risk in these areas Commission has indicated that the use would help to enhance safety. and, thus, to more risk-effective of PRA technology should be increased In order to move towards risk-based decisions. This should both enhance in all regulatory matters to the extent regulation and the increased use of PRA public protection and reduce supported by the state-of-the-art in information, the NRC needs scrutable, unnecessary regulatory burdens.
terms of methods and data, and this plant-specific and generic reliability and Generic data would usually suffice for implies that the collection of equipment availability information. The framework this purpose; however, in some cases and human reliability data should be for an overall move towards risk-based the data would need to be divided to enhanced. Implementation of these regulation involves the development of account for specific classes or groups of policies would improve the regulatory a regulatory process. This process plants.
process through (1) improved risk includes operational procedures and Indicators of Plant Performance effective safety decision making, (2) decision criteria that require credible PRA methods, models, and data. This PRA models with plant-specific more efficient use of agency resources, framework would provide for reliability and availability data would and (3) reduction in unnecessary predictable, consistent, and objective be used to develop indicators of plant burdens on licensees. These risk-based regulatory decision making. performance and trends in plant improvements would enhance both The data that would be reported under performance which are more closely efficiency and safety.
The data reported under this this rule represent one of the needed related to risk than those currently in use. These new indicators would proposed rule would improve the NRC's elements. In addition, these data are replace some of those currently in use oversight capability with respect to needed to improve the efficiency and public health and safety by focusing the effectiveness of NRC regulatory 2 For many of the systems involved, plant specific NRC's regulatory programs in a risk applications that employ a risk-based demand and failure data will be sparse, at least effective manner. Generally, the NRC's perspective in advance of defining the initially. Until data have been collected for some ability to identify plants and systems at entire framework. time, it will be necessary to use data from similar increased risk for significant events and, Generally, plant-specific information equipment. applications, and environments at is needed because there can be wide several plants in order to obtain practical estimates thus, to take appropriate action would of reliability and uncertainty. Even when sufficient be substantially improved. For example, plant-to-plant variations in the design, plant-specific data exist to estimate plant a generic indication of low reliability or importance, reliability and availability performance, comparison to industry or group availability for a system might indicate of particular systems and equipment. It averages is often desirable.
A-4
Federal Re~ister / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules 5321 Federal~~
/ o.6,N.2 ~ ~ ody ~ ~
eray1,19 ~ ha failureratoes estmaedsrmtetn and thereby enhance NRC's ability to degraded by aging and define the extent that failure rates estimated from testing and the risk-significance of aging are approximately the same.
make risk-effective decisions with regard to identifying plants for problems. Inservice Testing increased or decreased regulatory Another class of examples involves the need for information to evaluate Inservice testing requirements, which attention. For example, it is important to are based on the provisions of the detect situations where an individual anticipated cost beneficial licensing actions, where the rationale is that risk American Society of Mechanical plant may be having reliability or Engineers Boiler and Pressure Vessel availability problems with multiple permits reductions in previous margins of safety or less prescriptive Code (ASME Code), measure the systems. functional characteristics of equipment requirements without adverse impact on Accident Sequence Precursor (ASP) and overall safety. The NRC is actively performance, such as pump flow, in Event Analysis pursuing a variety of modifications to order to detect degradation. The ASME the basic regulations and guidelines that and licensee owners' groups are Plant-specific, train-level reliability govern the operation of commercial working toward establishing risk-based and unavailability data would be used to improve the plant-specific ASP nuclear power reactor s. These frequencies for inservice testing, based modifications are characterized by on plant-specific risk ranking models which the NRC uses to compute allowing individual licensees to utilize methodologies. Changes in testing conditional core damage probability for insights from plant-specific risk frequency can affect reliability in many determining the risk-significance of ways. For example, less frequent valve operational events. In addition, dates evaluations to reduce or remove current requirements that are found to have low testing might lead to an increase in the and causes of equipment failures would risk-significance. Current regulatory demand failure rate because the valve be used to identify common cause requirements under consideration for actuating mechanism tends to bind or failures and to compute common cause failure rates for input to these models. risk-based modification include those freeze after extended periods of Improving these methods would prescribing quality assurance, in-service idleness. However, using plant-specific enhance the staff's ability to make risk inspection, in-service testing, and demand failure and unavailability data, effective decisions about which events surveillance testing. It is anticipated proposed changes can be more warrant further inspections or that a significant number of additional effectively evaluated based on the risk requests will be received that rely upon significance and performance of plant investigations and/or generic actions such as bulletins and generic letters. risk-based arguments. These changes systems and based on confidence that could adversely affect the level of safety there will be appropriate feedback to Plant-specific data are needed to better achieved by the plants if the risk assure that the level of safety is not understand an event and calculate the associated conditional core damage evaluations are flawed or the changes being degraded.
probability. It is also useful to identify are improperly executed or the changes NRC Maintenance Rule systems that have the most influence on involve synergistic effects that are not covered by the risk models or captured The maintenance rule, 10 CFR 50.65, the results. Then the risk associated was issued on July 10, 1991 (56 FR with the potential for similar events at by historical data. Current, plant specific reliability and availability data 31306). The reliability and availability other plants, which may be known to information that would be required by have low reliability for the key systems, would help the NRC monitor the licensees' programs to maintain safety the proposed reporting rule would can be considered in determining improve the NRC's oversight of whether further actions are warranted. while reducing regulatory burdens.
Relaxation of undue regulatory burdens licensees' implementation of the Risk-Based Inspections then can proceed with confidence that maintenance rule. It would also enhance there will be appropriate feedback to licensee's capabilities to implement the Current and updated system assure that the level of safety is not evaluation and goal-setting activities reliability, availability and failure data being degraded. Some examples are required by the maintenance rule by in a generic and plant-specific risk providing licensees with access to based context would be used to enhance discussed below.
the staffs ability to plan inspections current industry-wide reliability and Risk-Based Technical Specification availability information for some of the focused on the most risk-significant plant systems, components, and Technical Specification requirements systems and equipment Within the specify surveillance intervals and scope of the maintenance rule.
operations. While generic data would be used in developing risk-based allowed outage times for safety NRC Monitoring equipment for the various modes of inspection guides and a framework for is anticipated that As discussed above, current plant plant operation. It inspections, plant-specific data would specific data can provide feedback on be used to focus and optimize licensees will request a number of inspection activities at specific plants. relaxations in surveillance intervals and the effectiveness of licensee programs, allowed outage times. Current, plant including maintenance programs.
For example, an individual plant may Accordingly, these data would improve specific reliability and availability data have an atypical reliability problem the NRC's monitoring ability by would help the NRC monitor with a specific risk-significant system providing risk-based measures of the performance for the systems and and thereby warrant additional effectiveness of individual licensee equipment subject to the proposed rule.
attention. In addition, special studies Thus, proposed relaxations of maintenance programs and the overall can be conducted to determine the root surveillance intervals and allowed effectiveness of the maintenance rule.
cause of reliability problems by In addition, the NRC has expressed outage times for such systems could be comparing the characteristics of plants evaluated more effectively based on past concern about the extent to which some that have these problems with those that performance and on confidence that reactor licensees are taking systems and do not. equipment out of service for there would be appropriate feedback to Aging ensure that performance is not being maintenance during plant operation.
help degraded. In addition, failure rates from Although this practice may offer Equipment reliability data would actual demands will be used to verify economic benefits by reducing plant identify equipment that is being A-5
L 5322 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules downtime, it must be properly managed goals, taking into account industry-wide Description of ProposedRule to assure that safety is not operating experience where practical. It compromised. It should be noted that The proposed rule would require also requires periodic program licensees are required by 10 CFR evaluations, including consideration of holders of operating licenses for nuclear 50.65(a)(3) to periodically conduct unavailability due to monitoring or power reactors to report reliability and assessments and make adjustments to preventive maintenance, taking availability data for certain risk ensure that the objective of preventing industry-wide operating experience into significant systems and equipment. The failures through maintenance is account, where practical. Licensees will proposed reporting requirements would appropriately balanced against the need to monitor reliability and apply to the event-mitigating systems objective of minimizing unavailability availability of risk-significant systems, and equipment which have or could due to monitoring and preventive particularly for the periodic program have a significant effect on risk in terms maintenance. The NRC would use the evaluations.4 of avoiding core damage accidents or hours when any two or more trains from For many of the systems involved, preserving containment integrity.
the same or differenL systems are plant-specific demand and failure data Summary information reported to the concurrently unavailable to monitor will be sparse, at least initially. NRC would be:
how well licensees are managing the However statistical analysis techniques 1. The number of demands, the risk associated with such maintenance. exist that allow a licensee to analyze number of failures to start associated As discussed below, under "Licensee and evaluate data from similar with such demands, and the dates of Implementation," the data would also equipment, applications and any such failures, characterized enhance licensees' capabilities to make environments from other plants, besides according to the identification of the prudent on-line maintenance decisions. the data from their plant. These analyses train affected, the type of demand (test, The maintenance rule is also yield meaningful reliability estimates inadvertent/spurious, or actual need),
important to license renewal (10 CFR for the subject plant that can be and the plant mode at the time of the Part 54). Hence, improving the NRC's compared with performance goals. demand (operating or shutdown);
oversight of the maintenance rule could Industry-wide data would also provide 2. The number of hours of operation strengthen one of the bases for the scope a practical source for comparing plant following each successful start, of the license renewal rule. specific performance with industry characterized according to the operating experience. Although plant identification of the train affected and Licensee Implementation whether or not the operation was specific information is generally In connection with the NRC's PRA available on site, and utilities review terminated because of equipment policy, the NRC staff has defined the licensee event reports and other generic failure, with the dates of any such data elements that would improve the event informatior, NRC site visits, failures; evaluation of maintenance and has 3. The number of hours equipment is associated with early efforts to prepare established that they are the same as for maintenance rule implementation in unavailable, characterized according to those needed to support a transition the identification of the train affected, 1996, indicate that utilities do not use toward a risk- and performance-based industry operating experience in a the plant mode at the time equipment is regulatory process. The NRC believes unavailable (operating or shutdown),
systematic and consistent way for goal that the reliability and availability data characterization of the unavailable setting purposes under the maintenance that would be required by this rule period (planned, unplanned, or support rule. Based on these considerations, the would enhance licensee's capabilities to system unavailable), and, if due to a implement the evaluation and goal availability of current, industry-wide reliability and availability data would support system being unavailable, setting activities required by the dentification of the support system; enhance licensee's capabilities to maintenance rule by providing licensees 4. For each period equipment is with access to current industry-wide implement the evaluation and goal setting activities required by the unavailable due to component failure(s),
reliability and availability information failure record identifying the maintenance rule.
for some of the systems and equipment As discussed previously, the NRC has component(s) and providing the failure within the scope of the maintenance recently found cause for concern about late, duration, mode, cause, and effect; 3
rule. how some reactor licensees handle on and In some circumstances, the 5. The number of hours when two or maintenance rule requires licensees to line maintenance. Prudent on-line maintenance decisions depend on a full nore trains from the same or different establish performance or condition ssystems were concurrently unavailable, appreciation of the risk-significance of taking equipment out of service characterized according to the 3 The systems and equipment covered by this (individually or collectively) and use of dentification of the trains that were proposed rule are a subset of the systems and equipment within the scope of the maintenance plant-specific and generic reliability and navailable.
rnle. The data elements are more extensive than availability data would play a The first annual report would identify what would be required for compliance with the maintenance rule: however, for the systems significant role in improving such t he systems, trains, and ensembles of decision making. :omponents covered by the reporting covered, these data elements would serve to improve implementation of the maintenance rnle. requirements of the rule; subsequent To cite one example, under 10 CFR 50.65(a)(2), risk "4NUMARC 93-01, which the NRC has endorsed mnual reports would either state that significant systems may be considered to be subject as describing one acceptable way of meeting the no changes were made subsequent to to an effective preventive maintenance program requiremrnts of the NRC's maintenance rule, he previous annual report or describe and, thus, not subject to condition or performance indicates in Section 12.2.4 that the adjustment for t he changes made.
monitoring unless "maintenance preventable" balancing of objectives needs to he done for risk failures occur. However, gathering the reliability significant structures, systems, and components The summary information would be and availability information specified in this (SSCs). However, for other SSCa it is acceptable to reported annually and compiled on the proposed rnle, including data elements such as measure operating SSC performance against overall 1basis of calendar quarters, or on a more concurrent outages and the causes of failures, plant performance criteria and standby system would provide a bettu picture of a system's frequent basis at the option of each performance against specific perfonnance criteria.
performance and the effectiveness of the preventive maintenance program than simply awaiting the occurrence of "maintenance preventable" failures.
This is reasonable in that, for systems that are less risk-significant, the expense of a rigorous balancing' is not warranted.
individual licensee. Records and documentation of each occurrence of a demand, failure, or unavailable period I
A-6
Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules 5323 that provide the basis for the summary effectively utilize these estimates. For For example, it is expected to be data reported to the NRC would be example, a high unplanned necessary to review the actual required to be maintained on site and unavailability may indicate a need for unavailable hours in order to estimate made available for NRC inspection. more preventive maintenance; a high the mean repair times for key In developing these data elements the planned unavailability may indicate the components for the purpose of updating NRC has, over the past three years, opposite.
The unavailable hours due to support the staff's PRA models.
reached a consensus on the minimum Regulatory Guide data'needed to support risk-based systems failure or unavailability are applications and enhance needed to properly capture concurrent A new regulatory guide will be implementation of the maintenance outages and to eliminate double prepared and issued to provide rule. During this period NRC staff has counting. For example, an Emergency supplementary guidance. The guide will also interacted extensively with INPO Service Water (ESW) train being present an acceptable way to define the and NEI in an effort to define the unavailable may result in other trains systems and equipment subject to the minimum reliability and availability being unavailable as well; however, for rule and it will provide risk-based data needed to satisfy the needs of both purposes of estimating risk in a PRA definitions of failure as well as train and NRC risk-based regulatory applications study, that unavailability should not be system boundaries consistent with PRA and industry (licensee) uses of PRA. counted more than once. applications. The format in which data The number of demands and the The date of each failure is needed to would be provided to the NRC and a number of successful starts are needed allow screening for potential common suggested format for maintaining on-site to estimate demand reliability, i.e., the cause failures. Failures that occur documentation and record keeping fraction of demands that result in closely together in time warrant review would be included. In order to reduce successful starts. (The complement of to see whether a common cause failure costs, use of electronic data submittal this fraction provides an estimate of the may be involved. Common cause will be considered a priority objective in probability of failure on demand). The failures may indicate a need for revised developing and implementing the guide.
actual number of demands and maintenance procedures or staggered A draft guide will be published for successes, as opposed to the ratio, is testing. Common cause failure rates are comment before it is finalized. A public needed for purposes such as: (1) also needed for PRA models because of workshop is planned after publication providing a measure of confidence in their importance in system reliability of the draft guide. The comment period the results and (2) permitting proper and availability estimates. for this proposed rule will not expire combination of data from different Failure cause and failure mode until at least 30 days after publication plants. information are needed to support of the draft regulatory guide.
The type of demand is needed to common cause failure analysis as discussed above and to associate the Definitions determine whether or not the demand reliability estimated by testing is failure with the correct failure mode for The basic definitions used in approximately the same as the demand input into PRA models. reporting under § 50.76 are discussed reliability for actual demands. Quarterly data are needed to conduct below; further details will be addressed Sometimes it is not, indicating a need first order trending studies to identify in the regulatory guide. For example, for additional data analysis in making areas of emerging concern with regard to the basic definition of failure is reliability estimates. overall plant and system performance. provided here; further details, such as The plant mode at the time of a More frequent compilation is acceptable how to handle a case where the demand is needed to estimate the at the discretion of each licensee. operators prematurely terminate system demand frequency, demand reliability, An identification of the systems, operation following a real demand, will and unavailability according to plant trains, and ensembles of components be discussed in the regulatory guide. In mode. These factors, as well as the risk subject to the rule is needed because particular, the regulatory guide will associated with unreliability and identification of the components within define risk-significant safety function(s) unavailability, can be quite different the systems, trains, and ensembles is and failures for systems and equipment depending on whether the plant is in necessary for proper use and evaluation covered by this proposed rule.
operation or shut down. of the data by the staff and for industry Demand is an occurrence where a The hours of operation following wide generic applications to account for system or train is called upon to successful starts are needed to estimate physical differences between plants. For perform its risk-significant safety the probability the equipment will example, simplified system diagrams function. A demand may be manual or function for a specified period of time. could be marked to show the systems, automatic. It may occur in response to This information is needed for systems trains, and ensembles against which the a real need, a test, an error, an that must operate for an extended data would be reported. equipment malfunction or other period following an accident to fulfill a Retention of records and spurious causes. For the purposes of risk-significant safety function. documentation that provide the bases reporting under this rule, the demands The number of hours that equipment for the summary data report to the NRC of interest are those which are actual is not available (unavailable hours) is for a period of several years is consistent demands or closely simulate actual needed to estimate the fraction of time with maintenance rule applications. For demands for the train or specific that a train is not available to perform example, monitoring reliability for a few equipment involved.
its risk-significant safety function. For years may be used to determine trends Failure,for the purpose of reporting some systems this can be an important in order to achieve the balance under this rule, is an occurrence where or dominant contributor to the overall described in 10 CFR 50.65(a)(3)-i.e., a system or train fails to perform its risk probability of failure to perform the the balance between preventing failures significant safety function. A failure system's safety function. It can be through maintenance and minimizing may occur as a result of a hardware significantly affected by elective unavailability due to monitoring and malfunction, a software malfunction, or maintenance. preventive maintenance. In addition, a human error. Failures to start in The type of unavailable hours on-site data are needed to provide a response to a demand are reported (planned or unplanned) is needed to scrutable basis for regulatory decisions. under paragraph 50.76(b)(1)(i). Failures A-7
5324 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules to run after a successful start are equipment that have been substantially "sunset provision" in the rule, whereby reported under paragraph 50.76(b)(1](ii). involved in significant events in U. S. the rule would automatically expire Unavailabilityis the probability that a reactors. These systems were found to after a specified period of time unless:
required system or train is not in a fall into the following categories: (i) a condition specified in the rule is condition to perform or is not capable 1. Basic systems. As indicated above, fulfilled, or (ii) the Commission engages of performing its risk-significant safety the NRC expects that these systems in a rulemaking which extends the function. This may result from failure to would be included in the scope of the effectiveness of the rule. The start, from failure to run, or from rule for all plants. The basic systems on Commission requests public comments intentional or unintentional removal of the proposed list have been confirmed on whether the proposed rule should equipment from service (e.g., for to have been substantially involved in contain such a sunset provision, and if maintenance or testing). signi ficant events. so, the period of time after which the Risk-significant safety function is a 2. Plant-specific systems. Systems rule should automatically expire.
safety function that has or could have a such as service water and component GrandfatherProvision.There may be significant effect on risk (in terms of cooling water are risk-significant, but some plants for which, at the time that avoiding core damage accidents or the significance varies widely, the proposed rule may be adopted by preserving containment integrity for the depending upon plant-specific designs. the Commission as a final rule, licensees purposes of reporting under this It is expected that these systems will be have already announced plans to proposed rule). included, as appropriate, based on discontinue operation in the near future.
Reportable systems and equipment plant-specific PRA studies. Other Furthermore, licensees may determine are the event-mitigating systems and systems, such as containment purge, in the future to discontinue operation at equipment which have or could have a appear infrequently in connection with some plants. In either case, there may be significant effect on risk in terms of significant events and are not expected less reason to require collection and avoiding core damage accidents or to be risk-significant for any plants. repeting of the information preserving containment integrity. The 3. Initiating systems. Systems such as contemplated by the proposed rule at reportable systems and equipment will main feedwater and offsite power are such plants and it may be advisable to be determined by each licensee. The primarily considered to be initiators of exempt such plants from the regulatory guide will describe significant events, rather than mitigation information collection and reporting acceptable methods for making that systems. Existing reporting requirements of the proposed rule (i.e.,
requirements in 10 CFR 50.72 and 10 "grandfathering"). The Commission determination.
It is expected that the rule will CFR 50.73 provide enough information requests public comments on whether produce a set of basic systems for which to characterize the important initiating the proposed rule should exempt plants reliability data will be reported for all systems for the purpose of PRA studies. that have announced (or will announce)
- 4. Non-measurable items. Items such plans to discontinue operation within a plants that have them. However, these basic systems are not sufficient by as reactor coolant system corrosion are short time (e.g., two years).
themselves. Additional systems and not amenable to meaningful measurement by the methods of this Conclusion equipment to be addressed will depend proposed rule. As discussed under the subject "Move on plant-specific features. Listed below Based on this review, the systems and to Risk-Based Regulation," the is the set of basic systems that the equipment to be included in the scope information to be collected under the Commission is currently considering for of the rule are considered reasonably proposed rule is necessary for the identification in the draft regulatory consistent with operating experience in development and implementation of guide. terms of involvement in significant risk-based regulatory processes. Risk Basic PWR systems Basic BWR systems events. Accordingly, it is expected that based regulatory approaches provide a reliability and availability information means for the Commission to maintain, Auxiliary feedwater .... Reactor core isolation for those systems and equipment will be and in some cases improve, safety while cooling or isolation well suited for identifying plants and reducing impacts on licensees as well as condenser. systems at increased risk for significant NRC resource expenditures, by focusing High pressure safety Feedwater coolant in events. regulatory requirements and activities injection jection, high pres Minimizing Costs. The NRC intends on the most risk-significant areas. In sure coolant injec that the data required to be collected addition, this information would tion or high pres and reported under this proposed rule improve the NRC's oversight of sure core spray, as licensees' implementation of the appropriate. be essentially the same as would be Reactor protection ..... Reactor protection. required for monitoring reliability and/ maintenance rule. It would also enhance Low pressure safety Low pressure coolant or availability for other purposes, such licensee's capabilities to implement the injection, injection and low as monitoring system reliability where evaluation and goal-setting activities pressure core that is the option chosen for compliance required by the maintenance rule by spray. with the maintenance rule. Thus, it providing licensees with access to Emergency ac power Emergency ac power. should be practical to gather and report current industry-wide reliability and the data without significant additional availability information for some of the As discussed above, the systems and cost. This will be a priority goal in risk-significant systems and equipment equipment to be included in the scope developing the guidance to be included within the scope of the maintenance of the rule would be those event in the new regulatory guide. rule. The Commission has also prepared mitigating systems and equipment that Sunset Provision.As experience is a regulatory analysis (see "Regulatory have or could have a significant effect gained with implementing the proposed Analysis") which identified alternatives on risk in terms of avoiding core damage rule and utilizing the information for collecting the information for use by accidents or preserving containment required to be collected and reported, a both licensees and the NRC, and integrity. To ensure that this approach reassessment may be necessary or evaluated the costs of each viable is consistent with operating experience, desirable. One way of assuring such a alternative. Based upon these factors, the NRC has considered the systems and reassessment would be to include a the Commission believes that the costs A-8
5325 Federal RegUter / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules
- 4. How can the burden of the the backfit rule, 10 CFR 50.109, does not of the proposed rule's information apply to this proposed rule, and collection and reporting requirements collection of information be minimized including by using automated collection therefore, a backfit analysis is not are justified in view of the potential required for this proposed rule because safety significance and projected techniques?
Send comments on any aspect of this these amendments do not involve any benefits of the information in NRC provisions which would impose backfits regulatory activities. proposed collection of information, including suggestions for reducing the as defined in 10 CFR 50.109(a)(1).
Submission of Comments in Electronic burden, to the Information and Records However, as discussed above in Format Management Branch (T-6-F33), U.S. "Regulatory Analysis," the Commission Nuclear Regulatory Commission, has prepared a regulatory analysis Commenters are encouraged to which summarizes the purpose and submit, in addition to the original paper Washington, DC 20555-0001, and to the intended use of the information copy, a copy of their comments in an Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, proposed to be collected, identifies electronic format on IBM PC DOS alternatives for collection and reporting compatible 3.5- or 5.25-inch, double (3150-0011), Office of Management and Budget, Washington, DC 20503. of the proposed information, and sided, diskettes. Data files should be identifies the impacts and benefits of provided in WordPerfect 5.0 or 5.1. Comments to OMB on the collections of information or on the above issues the alternatives.
ASCII code is also acceptable, or if This regulatory analysis constitutes a formatted text is required, data files should be submitted by March 13, 1996.
Comments received after this date will disciplined process for evaluating the should be submitted in IBM Revisable potential benefits and projected impacts Format Text Document Content be considered if it is practical to do so, but assurance of consideration cannot (burdens) of information collection and Architecture (RFT/DCA) format. reporting requirements such as the be given to comments received after this Environmental Impact- Categorical date. proposed rule. The Commission Exclusion therefore concludes that the objective Public Protection Notification underlying the Commission's adoption The proposed rule sets forth The NRC may not conduct or sponsor, of the Backfit Rule-that regulatory requirements for the collection, and a person is not required to respond impacts are assessed under established maintenance, and reporting of reliability to, a collection of information unless it criteria in a disciplined process--is and availability data for certain risk displays a currently valid OMB control being met for this proposed rule.
significant systems and equipment. The number.
NRC has determined that this proposed List of Subjects in 10 CFR Part 50 rule is the type of action described in Regulatory Analysis Antitrust, Classified information, categorical exclusion, 10 CFR The Commission has prepared a draft Criminal penalties, Fire protection, 51.22(c)(3)(ii). Therefore, neither an regulatory analysis on this proposed Intergovernmental relations, Nuclear environmental impact statement nor an regulation. The analysis examines the power plants and reactors, Radiation environmental assessment has been costs and benefits of the alternatives protection, Reactor siting criteria, prepared for this proposed regulation. considered by the Commission. The Reporting and record keeping Paperwork Reduction Act Statement draft analysis is available for inspection requirements.
in the NRC Public Document Room, For the reasons set out in the This proposed rule amends 2120 L Street NW. (Lower Level), preamble and under the authority of the information collection requirements that Washington, DC. Single copies of the Atomic Energy Act of 1954, as amended, are subject to the Paperwork Reduction draft analysis may be obtained from: the Energy Reorganization Act of 1974, Act of 1995 (44 U.S.C. 3501 et seq.). Dennis Allison, Office for Analysis and as amended, and 5 U.S.C. 553, the NRC This rule has been submitted to OMB Evaluation of Operational Data, U.S. is proposing to adopt the following for review and approval of the Nuclear Regulatory Commission, amendments to 10 CFR Part 50.
Paperwork Reduction Act requirements. Washington, DC 20555-0001, The public reporting burden for this Telephone (301) 415-6835. PART 50--OOMESTIC UCENSING OF collection of information is estimated to PRODUCTION AND UTIUZATION average 1375 hours0.0159 days <br />0.382 hours <br />0.00227 weeks <br />5.231875e-4 months <br /> per response (i.e., Regulatory Flexibility Certification FACILITIES per commercial nuclear power reactor In accordance with the Regulatory 1. The authority citation for Part 50 per year), including the time for Flexibility Act of 1980 (5 U.S.C. 605 continues to read as follows:
reviewing instructions, searching (B)), the Commission certifies that this existing data sources, gathering and rule will not, if promulgated, have a Authority: Sections 102,103,104, 105, maintaining the data needed, and significant economic impact on a 161, 182, 183, 186, 189,68 Stat. 936, 937, completing and reviewing the collection substantial number of small entities. 938. 948,953, 954,955,956. as amended, sec. 234, 83 Stat 1244, as amended (42 of information. The Commission is The proposed rule affects only the U.S.C. 2132, 2133. 2134, 2135, 2201, 2232, seeking public comment on the licensing and operation of nuclear 2233, 2236, 2239, 2282); secs. 201, as potential impact of the collection of power plants. The companies that own amended, 202, 206, 88 Stat. 1242, as information contained in the proposed these plants do not fall within the scope amended, 1244, 1246 (42 U.S. C. 5841, 5842, rule and on the following issues: of the definition of "small entities" set 5846).
- 1. Is the proposed collection of forth in the Regulatory Flexibility Act or Section 50.7 also issued under Pub. L. 95 601, sec. 10, 92 Stat 2951 as amended by information necessary for the proper the size standards adopted by the NRC Pub. L. 102-486, sec. 2902, 106 Stat 3123, (42 performance of the functions of the on April 11, 1995 (60 FR 18344-10 U.S.C. 5851). Section 50.10 also issued under NRC, and does the information have CFR 2.810. secs. 101, 185, 68 Stat. 936, 955, as amended practical utility? (42 U.S.C. 2131, 2235]; sec. 102, Pub. L. 91 Backfit Analysis 190, 83 Stat. 853 (42 U.S.C. 4332). Sections
- 2. Is the estimate of burden accurate?
- 3. Is there a way to enhance the The proposed rule sets forth 50.13, and 50.54(dd), and 50.103 also issued requirements for reporting and record under sec. 108, 68 Stat. 939, as amended (42 quality, utility, and clarity of the U.S.C. 2138). Sections 50.23, 50.35, 50.55, information to be collected? keeping. The NRC has determined that A-9
5326 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and 50.56 also issued under sec. 185, 68 Stal (iii) The number of hours equipment DEPARTMENT OF TRANSPORTATION 955 (42 U.S.C. 2235). Sections 50.33a, 50.551 is unavailable, characterized according and Appendix Q also issued under sec. 102, to the identification of the train affected Pub. L.91-190, 83 Stat. 853 (42 U.S.C. 4332] Federal Aviation Administration Sections 50.34 and 50.54 also issued under the plant mode at the time equipment is sec. 204, 88 Stat. 1245 ,42 U.S.C. 5844). unavailable (operating or shutdown), 14 CFR Part 39 Sections 50.58, 50.91, and 50.92 also issued characterization of the unavailable [Docket No. 93-NM-133-AD]
under Pub. L 97-415, 96 Stat. 2073 (42 period (planned, unplanned, or support U.S.C. 2239). Section 50.78 also issued tude,r system unavailable), and, if due to a Airworthiness Directives; Airbus sec. 122, 68 Stat. 939 (42 U.S.C. 2152). support system being unavailable, Industrie Model A300, A310, and A300 Sections 50.80-50.81 also issued under sec. identification of the support system; 600 Series Airplanes 184,68 Stat. 954, as amended (42 U.S.C. (iv) For each period equipment is 2234). Appendix F also issued under sec. unavailable due to component failure(s), AGENCY: Federal Aviation 187,68 Stat. 955 (42 U.S.C. 2237). a failure record identifying the Administration, DOT.
- 2. Section 50.8(b) is revised to read as component(s) and providing the failure ACTION: Supplemental notice of follows: date, duration, mode, cause, and effect; proposed rulemaking; reopening of and comment period.
§50.8 Infornmallon collection (v) The number of hours when two or re-qCirUmB" oM a ol. more trains from the same or different
SUMMARY
- This document revises an systems were concurrently unavailable, earlier proposed airworthiness directive (b) The approved information characterized according to the (AD), applicable to certain Airbus collection requirements contained in identification of the trains that were Model A300, A310, and A300-600 this part appear in §§ 50.30, 50.33, unavailable. series airplanes, that would have 50.33a, 50.34, 50.34a, 50.35, 50.36, (2) The initial annual report described required inspections to detect missing 50.36a, 50.48, 50.49, 50.54, 50.55, in (b)(1) above shall identify the fasteners, cracked fitting angles, and 50.55a, 50.59, 50.60, 50.61, 50.63, 50.64, systems, trains, and ensembles of elongated fastener holes in certain 50.65, 50.71, 50.72, 50.75, 50.76, 50.80, components covered by paragraph (b)(3) frames, and correction of discrepancies.
50.82, 50.90, 50.91, 50.120, and below; subsequent annual reports shall That proposal was prompted by Appendices A, B, E, G, H, I, J, K, M, N, either state that no changes were made discrepancies found at the fitting angles 0, Q, and R. subsequent to the previous annual on the frame at which a certain
- * *
- report or describe any changes made. electronic rack is'attached. This action
- 3. Section 50.76 is added to read as f3) The requirements of paragraphs revises the proposed rule by revising the follows: (b)(1) and (b)(2) of this section apply to inspection thresholds and repetitive those event-mitigation systems, and intervals; providing an optional
§ 50.76 Reporting reliability and ensembles of components treated as avallability Infom'ation for risk-significant terminating action; and deleting certain single entities in certain probabilistic airplanes from the applicability. The systems and equipment.
(a) Applicability.This section applies risk assessments where a system or train treatment would not be appropriate, actions specified by this proposed AD are intended to prevent damage t
to all holders of operating licenses for which have or could have a significant commercial nuclear power plants under propagation that could lead to failure of effect on risk in terms of avoiding core the rack-to-structure attachment points, 10 CFR 50.21b or 50.22 and all holders damage accidents or preserving and subsequently could result in loss of of combined operating licenses for containment integrity. airplane systems, structural damage, commercial nuclear power plants under (4) Each licensee shall maintain and possible electrical arcing.
10 CFR 52.97. records and documentation of each (b) Requirements. (1) Each licensee DATES: Comments must be received by occurrence of a demand, failure, or March 4, 1996.
shall submit an annual report to the unavailable period that provide the NRC that contains the following ADDRESSES: Submit comments in basis for the data reported in paragraph information, compiled on the basis of triplicate to the Federal Aviation (b)(1) of this section on site and calendar quarters, or on a more frequent Administration (FAA), Transport available for NRC inspection for a basis at the option of each licensee, for Airplane Directorate, ANM-103, period of 5 years after the date of the systems, trains, and ensembles of Attention: Rules Docket No. 93-NM report specified in paragraph (b)(1) of components in paragraph (b)(3) of this 133-AD, 1601 Lind Avenue SW.,
this section.
section: (c) Implementation. Licensees shall Renton, Washington 98055-4056.
(i) The number of demands, the Comments may be inspected at this begin collecting the information number of failures to start associated required by paragraph (b) of this section location between 9:00 a.m. and 3:00 with such demands, and the dates of on January 1, 1997, and shall submit the p.m., Monday through Friday, except such failures, characterized according to first report required by paragraph (b)(1) Federal holidays.
the identification of the train affected, of this section by January 31, 1998. The service information referenced in the type of demand (test, inadvertent/ Thereafter, each annual report required the proposed rule may be obtained from
-spurious, or actual need), and the plant by paragraph (b)(1) of this section shall Airbus Industrie, 1 Rond Point Maurice mode at the time of the demand Bellonte, 31707 Blagnac Cedex, France.
be submitted by January 31 of the (operating or shutdown); following year. This information may be examined at (ii) The number of hours of operation the FAA, Transport Airplane following each successful start, Dated at Rockville, MD, this 2nd day of Directorate, 1601 Lind Avenue, SW.,
characterized according to the February, 1996. Renton, Washington.
identification of the train affected and For the Nuclear Regulatory Commission.
FOR FURTHER FORMATION CONTACT: Tim whether or not the operation was John C. Heyle, Backman, Aerospace Engineer, terminated because of equipment Secretoryof the Commission. Standardization Branch, ANM-113, failure, with the dates of any such [FR Doc. 96-2698 Filed 2-9-96; 8:45 am] FAA, Transport Airplane Directorate, failures; 75-"1-P CO.DEOcc 1601 Lind Avenue SW., Renton, A-I0
APPENDIX B GLOSSARY Actual Demand is a command to a reportable system, train, or equipment group to initiate action to perform its risk-significant function in response to a need for the function arising from an accident or transient.
Availability as used in this regulatory guide is the probability that a reportable system, train, or equipment group is capable of performing on demand its risk-significant safety function during a reportable plant operational state. It is estimated by dividing the number of hours that a system, train, or equipment group is available to perform its risk-significant safety function by the total number of hours that the plant is in a specific reportable plant operational state during a quarter.
Concurrent unavailable hours are the hours when two or more trains or equipment groups in reportable systems were unavailable at the same time to perform their risk-significant safety function during a plant operational state for which they were both reportable.
Core damage freauency is a measure of risk estimated by assessing the average yearly frequency of core damage that is expected for an individual nuclear power plant from the plant's probabilistic risk assessment (PRA).
Equipment group is a portion of a reportable system that is defined to indicate a group of components that are all commanded to perform their risk-significant safety function by a particular type of reportable demand.
Front-line system is a collection of components and structures designated and installed to perform one or more safety functions such as core inventory make up or containment cooling.
Principal component is an element of a train or equipment group necessary for the train or equipment group to perform its risk-significant safety function and is the lowest level of detail normally included in the plant equipment representation in its PRA models. For example, principal components would include:
- Motor operated valves (manual or automatic), including motors and power supplies up to the first power breaker
- Air operated valves, including air to local supply valves
- Check valve assemblies
- Emergency diesel generators, including specific supporting items such as an air start subsystem, a fuel oil day tank, or a lubricating oil cooler a Emergency diesel generator output breakers 0 Load shedding and load sequencing equipment 0 Station batteries
- Station battery output breakers and relays
- Heat exchangers
- Reactor trip breakers, including undervoltage devices and shunt trip devices B-i
- Hydraulic control units in BWR RPS Reliability as used in this regulatory guide is reliability on demand and the probability that a system, train, or equipment group will successfully complete its risk-significant safety function when called upon to do so during a period when it is considered to be available.
Risk-importance measure is any quantitative calculation that measures the relative or absolute contribution to risk of an attribute that has an impact on risk.
Risk-siqnificant is the term given to any aspect of nuclear power operations that could have an effect on risk (either core damage frequency or health effects to the public).
Risk-significant safety function is a safety function, for the purposes of reporting under the proposed rule, that has or could have a significant effect on risk in terms of preventing core damage accidents or preserving containment integrity. The accomplishment of a risk-significant safety function does not necessarily correspond to operability requirements for design basis accidents.
It corresponds to the successful completion of the mission as modeled in PRAs.
Spurious demand is a command given to equipment that arises from a false signal that mimics an actual demand.
Support system is a system that provides a needed function to front-line or other systems but does not provide a direct safety function itself. Examples are electric power, service water, component cooling water, and automatic actuation systems.
Surveillance or test demand is a command given to equipment to prove that the equipment is available to perform its risk-significant safety function.
Unavailability and Unreliability are the complementary functions of availability and reliability.
B-2
APPENDIX C EXAMPLES OF REPORTABLE SYSTEMS This appendix provides several examples (Tables C-i thru C-5) of the types and numbers of systems that could be selected for final expert panel review and selection using the system level calculation alternate (with FV>O.I or RAW >100). These examples, which apply to five sample plants, were prepared by the NRC staff to illustrate the principles involved. Similar outcomes in selecting risk-significant systems for reporting reliability and availability data are expected when using the maintenance rule risk-significant structures, systems, and components (SSCs) and supplemental expert panel screening.
However, more emphasis is placed on qualititative screening when using the maintenance rule SSCs as a starting point. In each case, the screening considerations discussed in Regulatory Position 1.2, Other Reportable Systems, would be applied. For reference they are summarized below.
0 Event initiating systems (as opposed to mitigating systems) may be excluded.
a Support systems that support several reportable systems should be considered.
- Systems and structures, such as containment structures and ice condensers, for which risk is more a function of capability than reliability, may be excluded.
- Systems and equipment that are risk-significant only because the likelihood of operator error may be excluded.
0 Systems and equipment that make large contributions to shutdown risk and are significant contributors to overall risk should be included.
0 Systems and equipment that have a contribution to risk that is small compared to that of the basic systems may be excluded.
- Systems important for the more risk-significant aspects of containment integrity.
Any of these considerations that were a significant factor in adding or deleting a system from Tables C-i through C-5 have been indicated in parentheses.
C-I
TABLE C-1: PLANT 1 - BWR, MARK 3 CONTAINMENT, GE TYPE 6 Risk Achievement Basic Candidate for System Name Fussell-Vesely Ratio Reason to Worth Ratio System Reportable System Include or Exclude Standby Service Water System 0.44 36200 No Yes High FV and RAW Emergency ac Power System 0.36 Less than 100 Yes Yes Auto. Depressurization System Less than 0.1 Less than 100 No No Residual Heat Removal System' Less than 0.1 Less than 100 Yes Yes Power Conversion System Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 26802 No Yes High RAW Safety Feature Actuation Less than 0.1 SEng.
Less than 100 No No High Pressure Core Spray Less than 0.1 Less than 100 Yes Yes Reactor Protection System Less than 0.1 Less than 100 Yes Yes Standby Liquid Control System Less than 0.1 Less than 100 No No Reactor Core Isolation Cooling 3 Yes Yes For Plant 1, we would expect seven systems to be candidate reportable systems.
I 1 Also decay heat removed function, low pressure core spray, containment spray and shutdown cooling function.
2 Largely HVAC support (accumulators are the backup).
Importance values not available.
C
TABLE C-2: PLANT 2 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT, CE Risk Achievement Basic Candidate for Reason to System Name Fussell-Vesely Ratio Worth Ratio System Reportable System Include or Exclude Main Feedwater 0.991 Less than 100 No No Always running, (c).
Auxilliary Feedwater 0.41 3130 Yes Yes Emergency AC Power 0.39 6620 Yes Yes High Pressure Safety Injection 0.32 268 Yes Yes Reactor Protection System 0.12 127000 Yes Yes HVAC/Chilled Water' 0.19 7390 No Yes See footnote 2.
Component 4Cooling Water3 Less than 0.1 161 No No See footnote 3.
Main Steam Less than 0.1 313 No Yes High RAW.
C Containment Spray Less than 0.1 Less than 100 No Yes Containment integrity, (g).
SSaltwater Cooling Less than 0.1 164 No Yes High RAW Safety Injection Tanks Less than 0.1 Less than 100 No No Low Pressure Safety Injection Less than 0.1 Less than 100 Yes Yes Instrument Air & Nitrogen System Less than 0.1 Less than 100 No No Chemical & Volume Control System Less than 0.1 Less than 100 No No For Plant 2, we would expect nine systems to be candidate reportable systems.
Includes motor-driven condensate pumps which back-up the steam driven auxiliary feed pumps.
2 High RAW and support for ECCS and emergency ac, (b).
Shutdown risk consideration (a).
4 Includes isolating steam generator and providing steam to turbine driven pumps.
TABLE C-3: PLANT 3 - PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT CE Risk Achievement Basic Candidate for Reason to System Name Fussell-Vesely Ratio Worth Ratio System Reportable System Include or Exclude Emergency ac power system 0.68 4130 Yes Yes Auxiliary Feedwater System 0.27 135 Yes Yes High Pressure Injection System Less than 0.1 140 Yes Yes Low Pressure Injection System Less than 0.1 598 Yes Yes Feedwater System Less than 0.1 737 No No Initiating event (a).
Containment Isolation System Less than 0.1 Less than 100 No No Raw Water System Less than 0.1 118 No Yes High RAW Primary Pressure Control Less than 0.1 Less than 100 No No Circulating Water System Less than 0.1 Less than 100 No No Chemical & Volume Control Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 Less than 100 No No Turbine Plant Cooling Water Less than 0.1 Less than 100 No No Component Cooling Water Less than 0.1 Less than 100 No Yes Shutdown risk, (e).
HVAC 1 Less than 0.1 7505 No Yes Containment Cooling System Less than 0.1 Less than 100 No Yes Containment integrity, (g).
Containment Spray System Less than 0.1 Less than 100 No Yes Containment integrity, (g).
Hydogen Purge System Less than 0.1 Less than 100 No No ESFAS Logic System Less than 0.1 Less than 100 No No Reactor Protection System' Yes Yes See footnote 2.
For Plant 3, we would expect 10 systems to be candidate reportable systems.
1 High RAW and supports both ECCS and emergency ac (b).
2 importance measures not available.
I L
TABLE C-4: PLANT 4 - BWR, MARK 1 CONTAINMENT, GE TYPE 4 Basic Candidate Reportable for System Reason Include to or Exclude Risk Worth Achievement Ratio System Fussell-Vesely Ratio High FV and RAW System Name Yes 8420 High FV and RAW 0.63 No Yes 8150 Eng. Safety Feature Actuation 0.25 No Yes High FV Less than 100 Essential Service Water 0.15 No No Less than 100 Primary Containment Venting Less than 0.1 No Yes Less than 100 Condensate System Less than 0.1 Yes Yes 499 High Pressure Coolant Injection 0.11 Yes Yes Yes 1010 Residual Heat Removal' Less than 0.1 No No Less than 100 Reactor Protection System Less than 0.1 Yes Yes Less than 100 Standby Liquid Control System Less than 0.1 Less than 100 No No Emergency ac Power System I~~
Less than 0.1 Yes Yes Less than 100 Reactor Building Cooling Water Less than 0.1 Less than 100 No No Reactor Core Isolation Cooling Less than 0.1 Less than 100 No No Normal Service Water Less than 0.1 Less than 100 No No DC Power System Yes See footnote 2.
Less than 0.1 4320 No Emergency Heat, Vent, & Air Cond. Less than 0.1 Less than 100 No No High Pressure Service Water' Less than 0.1 Less than 100 No No Instrument Air System Less than 0.1 Turbine Building Cooling Water to be candidate reportable systems.
For Plant 4, we would expect nine systems heat removal.
containment spray and post-accident Also low pressure coolant injection, function (b).
water and high head safety injection 2 High RAW and support for service
TABLE C-5: PLANT 5 - PWR, LARGE DRY SUBATMOSPHERIC PRESSURE CONTAINMENT, WESTINGHOUSE THREE-LOOP Risk Achievement Basic Candidate for System Name Fussell-Vesely Ratio System Reason to Worth Ratio Reportable System Include or Exclude Emergency ac Electric Power 0.62 1370 Yes Yes Reactor Coolant Pumps 0.19 Less than 100 No No Auxiliary Feedwater System Initiating event, (a).
0.19 4740 Yes Yes Primary Pressure Relief 0.1 Less than 100 No No High Pressure Injection 1 Operator action, (d).
0.1 565 Yes Yes Low Pressure Recirculation Less than 0.1 Less than 100 No No Reactor Protection System Less than 0.1 697 Yes Yes Main Service Water Less than 0.1 565 No Yes High RAW.
Accumulators Less than 0.1 C Low Pressure Injection Less than 100 No No Less than 0.1 Less than 100 Yes Yes Main Feedwater Less than 0.1 Instrument Air System Less than 100 No No Less than 0.1 Less than 100 No No High Pressure Recirculation Less than 0.1 DC Power (1A and 1B) Less than 100 No No Less than 0.1 1952 No Yes Component Cooling Water High RAW.
Less than 0.1 Less than 100 No Yes Residual Heat Removal Shutdown risk, (e).
Less than 0.1 Less than 100 No Yes Containment Spray System Shutdown risk, (e).
Less than 0.1 Less than 100 No Yes Inside Spray Recirculation Containment integrity, (g).
Less than 0.1 Less than 100 No No Outside Spray Recirculation Less than 0.1 Less than 100 No No Consequence Limiting Control Less than 0.1 Less than 100 No No For Plant 5, we would expect 10 systems to be candidate reportable systems.
Also dedicated charging pump cooling system and safety injection actuation.
2 Largely response to loss of offsite power.
APPENDIX D RISK-IMPORTANCE MEASURES The Fussell-Vesely importance measure is a relative measure. It provides an core damage indication of the fractional contribution of a given system to frequency (CDF) at the current, or expected level of reliability.
The mathematical expression for this importance measure is:'
FV = [F(x) - F(O)] I F(x) with: evaluated with F(x) = minimal cut set upper bound (or sequence frequency) x at the basic event probabilities of all components in system their mean value, and F(O) = minimal cut set upper bound (or sequence frequency) system evaluated with the basic event probabilities of all components in x set to zero.
An alternative notation is FV =
- qj/CDF with:
- q, = the sum of all cut sets that contain failure modes in the system of interest, and CDF = the sum of all cut sets, i.e., the core damage frequency.
The risk achievement worth ratio (ratio form of risk increase) is a relative measure. It provides an indication of the increase in CDF if a system is assumed to always fail. Its mathematical expression is:
RAW = F(1) / F(x) of NRC Terminology and definitions are derived from NUREG/CR-1489, "A Review where (March 1994), page C-165, Staff Uses of Probabilistic Risk Assessment" (or FV is discussed in terms of the fractional contribution of a component Copies of NUREG/CR-1489 are available for inspection or copying basic event).
for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, 20555; DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC at telephone (202)634-3273; fax (202)634-3343. Copies may be purchased Office, P.O. Box 37082, current rates from the U.S. Government Printing National Washington, DC 20402-9328 (telephone (202)512-1800); or from the Road, Technical Information Service by writing NTIS at 5285 Port Royal Springfield, VA 22161.
D-1
I with F(1) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to one The importance measures routinely calculated by PRA computer codes typically are applicable to individual components only. Importance measures individual components in a system are not necessarily additive for total importance of the system. In order to compute system to compute the determining reportable systems under 10 CFR 50.76, it is importances for suggested that F(O) be estimated by setting the probabilities of all basic events zero, including common cause and human error events. F(1) in the system to estimated by setting all of the basic events unique to the similarly can be the calculation of F(1), it may be necessary to resolve the system to one. In for the cut set in order to obtain an appropriate value for Boolean equations the RAW ratio.
D-2
APPENDIX E DEFINING SYSTEMS, TRAINS, AND EQUIPMENT GROUP CONFIGURATIONS AND DATA REPORTING FORMS Suggested Principles For identifying reportable systems, trains, and equipment groups within the systems, it is suggested that licensees mark up simplified drawings. Only included.
configurations representing risk-significant safety functions need be and Separate diagrams may be needed to clearly define all reportable trains equipment groups.
the In determining system boundaries, it is suggested that licensees include a active equipment that would be challenged by an actual demand to perform would risk-significant safety function. Passive components and check valves system and also be included as needed to provide a reasonable schematic of the could contribute to failures to allow identification of passive components that or unavailable hours.
pump flow It is suggested that the system then be divided into trains (e.g., associated paths in fluid flow systems, individual diesel generators and their support subsystems).
It is suggested that equipment groups be defined as needed to indicate what This compounds are involved in demands that challenge only part of a system.
will help to ensure that the data can be properly counted.
a In deciding whether a particular component should be considered as part of front-line system or part of a support system, one should consider the following:
If a support-system component is dedicated to support an individual train the or component in a front-line system, the component should be treated same as a component of the front-line train. (It need not be shown in the front-line system schematic diagram.)
If the component supports more than one train or system operation, it should be treated as part of the support system, even if the support system is not a reportable risk-significant system.
Support systems include but are not limited to service water, component cooling, reactor building cooling, HVAC, alternating current power and direct current power systems. For the cooling water system, the components that provide the principal functional capability would include pumps, valves, and
'Simplified drawings for each plant are available in the NRC's Plant Information Book. These books are maintained in the NRC Operations Center for use in incident response. Printed copies have been provided to each licensee. In addition, they are available electronically at the NRC's home page on the Internet (http://www.nrc.gov).
E-1
heat exchangers that provide a source of cooling water for individual component I cooling water loops. The individual cooling water loops that are dedicated one front-line train or equipment group would be treated as part of the frontto line system. These cooling water loops typically contain one or more valves and heat exchangers. For electrical power systems, the components that provide the principal functional capability would include power sources (EGDs, batteries), output or feeder breakers, and busbars that connect the power supplies to load and distribution circuits. Transformers may also be included if they are located between the main power supply busbars and the balance of the load distribution circuitry. Load center circuit breakers and their relays that supply power to individual components in reportable systems would be reportable as if they were part of the component to which they supply power.
E-2
Example 1: Auxiliary Feedwater System Figure E-1 shows the PWR auxiliary feedwater system used in this example.
This figure includes those active components that must function in response to actual demands to perform risk-significant safety functions.
Passive components and check valves are included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures and/or unavailable hours.
The components shown are the principal components of the system.
Figure E-1.1 shows Train A.
Train A is defined in terms of the components that are challenged by actual demands. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and for cyclic tests that involve integrated actuation of the entire train.
Note that the discharge valves that are shared by Trains A and B are included in both trains (i.e., Trains A and B overlap). Such overlap creates a potential for overcounting demands on the shared equipment.
This train overlap should be clearly indicated to allow for proper data accounting.
While overlapping trains is an acceptable method of handling shared components, licensees have great flexibility in choosing another approach, such as arbitrarily assigning the shared valves only to Train A. In that case, the potential for undercounting demands on the shared valves would have to be addressed when the data are stored and disseminated.
Figure E-1.2 shows Train B.
Principles similar to those for Train A were used for Train B.
Figure E-1.3 shows Train C.
Principles similar to those for Train A were used, except that the Train C suction and discharge valves are not shared with other trains.
Figure E-1.4 shows components that are challenged by monthly mini-flow pump tests for each of the three trains.
Figure E-1.5 shows the components that are challenged by quarterly valve stroke tests.
Figure E-1.6 shows a report form that is acceptable to the NRC staff for reporting data on the auxiliary feedwater system.
E-3
FIGURE E-1 PWR AUXILIARY FEEDWATER SYSTEM
-o -csr 4--
- m csr To CST L1.TE~t 4,1tf L L
S-3 ril Ll
- 1
- z m
FIGURE E-1.2 TRAIN B roc rS h9Roo csr r6 csT r I,,
,racsT MOP ^7-
)"ROA? /4AMIAI 4- (
FIGURE E-1.3 TRAIN C ro cs r Steam to ji~a to Turbine
_STi 1Ro 0)w >
FIGURE E-1.4 MINI-FLOW TESTS 7-0cr m
-C-5 r MAL4A/
Z!PAAI? WA flfA L
FIGURE E-1.5 QUARTERLY VALVE STROKE TESTS ro csr m
Steam to TurbiTneS 7-o_-,c. s r
- A014 MAI -,
C-rsE W,,1f.
FIGURE E-1.6 DATA REPORTING FORM FLUID SYSTEMS Plant/Unit: System: _ Train/Equipment Group:
Plant Operational State: Calendar Year:
_
Date Submitted:
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES' 2 Actual/Spurious Demands:
Actual/Spurious Failures:
Miniflow Tests:
Miniflow Test Failures:
VAlve Stroke Tests:
Valve Stroke Failures:
Cycle Tests:
Cycle Test Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: I Operating Hours:
Failures:
TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:
Unplanned Unavailable Hours:
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System:
Planned Hours:
Unplanned Hours:
Support System:
Planned Hours:
Unplanned Hours:
Report the number of each type of demand during the quarter and the number of failures of principal components that occurred during each type of demand during the quarter.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
E-1O
Example 2: High-Pressure Safety Injection System Figure E-2 shows the high-pressure safety injection system used in this example.
Principles similar to those discussed in the first example were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.
Figure E-2.1 shows Train A.
Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands.
Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.
Figure E-2.2 shows Train B and Equipment Group I-B.
Principles similar to those for Train A were used for Train B.
Figure E-2.3 shows Train C and Equipment Group 1-C.
Principles similar to those for Train A were used.
Figure E-2.4 shows the components challenged by monthly mini-flow tests for each of the three trains.
Figure E-2.5 shows the components challenged by valve stroke tests.
As noted on the drawing, some valves are stroke tested quarterly and other valves are stroke tested each refueling cycle. The quarterly and refueling cycle valve stroke tests would be reported separately, not added together.
Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the high-pressure safety injection system.
E-11
FIGURE E-2 PWR HIGH PRESSURE SAFETY INJECTION SYSTEM vi TO LOOP i8 m
TO LOOP 1A SAFETY INJECTION ANO REFUELINO WATER STORAGE TANW "TO LOOP 28 TO LOOP 2A FROM SHUTDOWN -**7-'
HAT EXCHANGER .'" V2 I
Xi>
-I
-n r\)
FIGURE E-2.2 TRAIN B PUMP B SAFETY INIBMW mANDREFUELNC WATER sTORtAGE TANK L
3 dMd LO 3-,fAl= MLVM DNrmflmaNv LU NOUDWMAIMM 0 NIVdl C*ý-3 3dngij
FIGURE E-2.4 MINI-FLOW TESTS MINI-FLOW PUMP TEST, PUMP B PUMP B SAFETY INJECTION AND REFUELING WATER STORAGE TANK MINI-FLOW PUMP TEST, PUMP A SAFETY INJECTION AND REFUELING WATER STORAGE TANK L
PUMP A MINI-FLOW PUMP TEST, PUMP C SAFETY INJECTION AND REFUELING WATER STORAGE PUMP C TANK E-16
FIGURE E-2.5 VALVE STROKE TESTS FROM TRAIN B SHUTDOWN A
m FROM SUMP FROM PUMP A SHUTDOWN HEAT EXCHANC TRAIN A B
-I NOTE: (1) VALVES ENCIRCLED BY DASHED LINES BELONG TO EQUIPMENT GROUP 3-,
REFUELING CYCLE STROKE TESTING.
(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY STROKE TESTING.
Example 3: PWR Residual Heat Removal System Figure E-3 shows the PWR Residual Heat Removal System example.
Principles similar to those discussed in Example 1 were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function. The components shown are the principal components of the system.
Figure E-3.1 shows Train A.
Train A is defined in terms of the components that are challenged by actual demands for safety injection. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and cyclic tests that involve integrated actuation of the entire train.
Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function. Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train.
Figure E-3.2 shows Train B and Equipment Group 1-B.
Principles similar to those discussed in Example I were used.
Figure E-3.3 shows the components challenged by monthly mini-flow tests for each of the two trains.
Figure E-3.4 shows the components challenged by valve stroke tests.
As noted on the drawing, some valves are stroke tested quarterly and other values are stroke tested on a refueling cycle basis. The quarterly and refueling cycle tests would be reported separately, not added together.
Figure E-1.6 shows a report form that could be modified to show the types valve stroke tests for reporting data on the residual heat removal system. of E-18
FIGURE E-3 PWR RESIDUAL HEAT REMOVAL SYSTEM V6 To Charging Pumps To SI Pumps To Spent Fuel To Pumps Charging Pool Makeup To CS Aux Nozzles To CS Pump I A To leg I Loop Cold MINIFLOW RI-IR-IAX A To Loop 2 Cold leg RH-Pump A EFG-5 m
I. To Loop 2 V1 H,,t leg To Loop 3 Hot leg From Hot RCS-XXX V2 Leg Loop 3 To Loop 3 Cold leg To Loop 4 Component WaterCooling Cold leg To SI Pumps Co"ta inment
FIGURE E-3.1 TRAIN A Rzdueing Water StMWgeTank To' LAnop ColId leg~
R) RH R-HX A RH-Pump A onC x t-i C(4Itlng To Loop 3 Cold leg 6
FIGURE E-3.2 TRAIN B Skwaw.Tmnk To L~oop I Cold k-&-
RHR-HX B To Loosp 3 Cold lwg To LAop 4 Water Cold lvg
FIGURE E-3.3 MINI-FLOW TESTS TRAIN A MINIF.OW RH-Pump A EFG-5 TRAIN B RH-Pump B E-22
/
FIGURE E-3.4 VALVE STROKE TESTS V6 To Chaering To SI Pumps Pumps To Spent Fuel To Charging pool Makeup Pumps To Aux CS Nozzles
.. ._4 _1 Sl TOPumps To CS Pump IA MINIFLOW RHRX A I
- Cold
, To leg1 Loop Cold leg I*1I :kE*, I ; *ComponentCooling
,IRH-Pump A E mn I~o [ I EI
........... ,,i Aote Water *- To Loop 2 Hot leg RCS-XX V3Vjo opý
-- 0- 01 V2I FHot HR-3X B leg From Hot RCS.XXX ___.... To Loop3 Leg Loop3 ......
Cold leg MINIFLOW*
RH-Pump B Component Cooling To Aux To Loop4
.... . To'Iw,,c~o.
E-Water To CS Pump I B CS Nozzles Cold leg S........
3 To S1 Pumps
.'S
\ mII NOTE: (1) VALVES ENCLOSED IN DASHED LINES BELONG TO EQUIPMENT GROUP 3-1, REFUELING CYCLE STROKE TESTS.
(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY VALVE STROKE TESTS.
Example 4: Emergency ac Power System Figure E-4 shows the emergency ac power system example.
Only one train is shown; the other trains are essentially identical. The principal components of this system are the diesel and its generator with their associated support subsystems, the output breaker, the 4160v bus, the load sequencer, and the load shed logic relay groups. There are four types of demands for this system.
- 1. Actual/Spurious Demands with Automatic Loading These actuations involve an ESF or undervoltage initiation signal that results (or should result) in an emergency diesel generator automatic start, load shedding, and sequencing of one or more ESF loads. The principal components are all of the principal components of the train.
- 2. Actual/Spurious Demands Without Automatic Loading These actuations involve ESF or other actuations that result (or should result) in an emergency diesel generator start (automatic or manual) but do not involve load shedding or sequencing. The load may be shed manually or added to the bus. The principal component is the emergency diesel generator including its support subsystems.
- 3. Refueling Surveillance Tests These tests are normally run during each refueling cycle. They normally involve the simulation of a loss of offsite power with an ESF actuation signal and include an automatic start of the emergency diesel generator, closure of the output breaker, and load sequencing. The test may be run for an extended period (8-24 hours) or a separate run test may be conducted. Each test that involves start and loading of the diesel generator should be counted as a demand. All the principal components of the train are included.
- 4. Periodic Surveillance Tests These tests are normally run monthly. They involve an automatic start of the emergency diesel generator with manual or automatic syncronization to a power bus. The principal component for this test is the emergency diesel generator and its support subsystems.
Loaded runs in excess of one hour for any of the demand types are also reported under the heading uOperating Reliability Data."
Figure E-4.1 shows a report form for reporting data on the emergency ac power system.
E-24
FIGURE E-4 EXAMPLE EMERGENCY ac POWER SYSTEM TRAIN A (TRAIN B IDENTICAL)
Fuel Oil Driven JacketEngine (51 Radiator Lube Oil Circulation Starting Air Branches lower to
& upper starting motors Note: Jacket Water Pumps are an integral part of Diesel Engine Air Receivers
FIGURE E-4.1 DATA REPORTING FORM EMERGENCY ELECTRIC POWER Plant/Unit: System: Train:
Plant Operational State: Calendar Year: Date Submitted:
Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED FAILURES*
Actual/Spurious Demands wlAutoload:
Actual/Spurious w/Autoload Failures:
Actual/Spurious Demands w/o Autoload:
Actual/Spurious w/o Autoload Failures:
Refueling Surveillance Tests:
Refueling Surveillance Failures:
Periodic Surveillance Tests:
Periodic Surveillance Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)
Number of Applicable Runs:
Operating Hours:
Failures:
TRAIN UNAVAILABILITY*
Planned Unavailable Hours:
Unplanned Unavailable Hours:
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY*
Support System:
Planned Hours:
Unplanned Hours:
Support System:
Planned Hours:
Unplanned Hours:
Attach is a component failure report for each failure associated with demands, operating reliability or unavailability.
E-26
Example 5: PWR Reactor Protection System Figure E-5 shows the PWR Reactor Protection System; this example has two subsystems.
The first consists of equipment in the reactortrip system (RTS).
The second consists of equipment specific to the diverse scram system (DSS).
The reportable equipment groups for the RTS are:
The four K-relays (i.e., K-i, K-2, K-3, and K-4) that provide output actuation from the reactor trip logic matrices.
Control rods and their trip coils.
The eight reactor trip circuit breakers, including their shunt-trip and undervoltage trip devices.
The principal components are the individual k-relays, control rods and their trip coils, reactor trip circuit breakers, shunt-trip devices, and undervoltage trip devices.
The reportable equipment group of the DSS includes the two 480v MG set load contactors used for a diverse scram. These are also the principal components.
Figure 5-1 shows the suggested form for reporting data on the PWR reactor protection systems. It is assumed that since the diverse scram system only responds to high pressurizer pressure, actual or spurious demands for the diverse scram system are rare. Thus, such demands have not been included on the example data sheet for this system. However, if a licensee decides to report this type of demand, it can be done by adding two lines to the data sheet. All actual and spurious demands of the RTS that result in or should result in reactor trip with rod motion are reportable as a system demand.
Quarterly functional tests include individual tests of the instrument channels that should result in k-relay actuation and reactor trip circuit breaker tests.
Each such series of tests that results in or should result in actuation of the k-relays and the eight trip circuit breakers should be reported as a single demand. Refueling cycle functional tests include tests of the four k-relays and the eight reactor trip circuit breakers. In addition, they include individual tests of the undervoltage trip devices and the shunt trip devices for each circuit breaker. They also include control rod insertion tests. Each series of refueling cycle tests that results in individual actuation of the principal components should be reported as a single demand. A failure record should be provided for failure of any principal component. Individual sensor and logic relay failures are not reportable unless they result in failure of a k-relay to change state. Unavailable time is not reported for the RTS.
The diverse scram system is periodically tested while the reactor is at power.
Each series of periodic tests that should result in actuation of a principal E-27
component (i.e., a load contactor) should be reported as a single demand for the diverse scram system. A failure record should be provided for any associated failure of a principal component. Unavailable hours are reported separately from demand and failure counts.
E-28
ko
--
FIGURE E-5.1 DATA REPORTING FORM PWR REACTOR PROTECTION SYSTEM Plant/Unit: System:
Plant Operational State: Calendar Year: Date Submitted:
Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:
RTS REPORTABLE DEMANDS AND ASSOCIATED FAILURES*
Actual/Spurious Demands:
Actual/Spurious Demands Failures:
Quarterly Channel Functional Tests:
Quarterly Functional Test Failures:
Refueling Cycle Functional Tests:
Refueling Cycle Test Failures:
DIVERSE SCRAM SYSTEM REPORTABLE DEMANDS AND ASSOCIATED FAILURES Diverse Scram System Tests:
Diverse Scram Test Failures:
DIVERSE SCRAM SYSTEM UNAVAILABILITY DATA*
Planned Unavailable Hours:
Unplanned Unavailable Hours:
Support System:
Planned Hours:
Unplanned Hours:
. Attach a component failure report for each principal component failure associated with demands or unavailability.
E-30
Example 6: BWR Reactor Trip System and Alternative Rod Injection Figure E-6 shows the BWR Reactor Trip System and Alternative Rod Injection system. For the purpose of this discussion, there are two groups:
- The first equipment group consists of equipment in the reactor trip system (RTS).
- The second equipment group consists of equipment specific to the Alternate Rod Insertion (ARI) system.
The reportable equipment groups for the RTS are:
- The A, B, C, and D actuation channels, through each channel's actuation (output) relay.
The backup scram solenoid valves.
The Hydraulic Control Units (HCUs) and their control rods.
The principal components are the trip channel actuation relays, backup scram solenoid valves, and the HCUs and their control rods.
The reportable equipment groups for the ARI are:
- Individual ARI actuation channels, including each channel's actuation relay.
The ARI scram solenoid valves.
The principal components are the trip actuation relays and the scram solenoid valves.
Actual and spurious demands for the RTS and ARI equipment groups should be summed and reported on the Data Reporting Form (Figure E-6.1). A failure record should be provided for failure of any principal component. Individual sensor and logic relay failures are not reportable unless they result in failure of the actuation channel relay to change state. Also reportable are the number of test demands required by technical specifications. Tests that individually challenge all actuation channels, one at a time, should be reported as a single test demand for the actuation channel equipment group.
Tests that individually challenge both of the backup scram solenoid valves should be reported as a single test demand for that equipment group. The refueling tests of the HCUs, which typically challenge only one quarter of the HCUs during one refueling outage, should be reported as a single partial (1/4) test demand.
Reporting of unavailable time is not required for RTS equipment groups but should be reported for ARI.
E-31
FIGURE E-6 BWR REACTOR PROTECTION SYSTEM RPS 'A' Normal Supply 480 VAC RPS "8 Noi*"Spply 480VAC MCC 1133 48DVAC M M From BPS Bus"B° 120 VA RIOSBut 'A'"P m'8 2 A RPS Channel A A.
Trip Logic C C DTi oi To HCU Solenoid Valves RPS Chan Trip Logc Conac A (K 14's) Aux. A uxRea V SRelay ' (Tyaical a) 125 VDC M Au*.ay Relay1A K221B SInstrument Air ha 4 S Tupplypfty (2)
,,'1K b0 ValvesOK Instrumen(Sr leVolv DScaan Instrumnt Airo" Vae NetinScr-.
V" oumulior
FIGURE E-6.1 DATA REPORTING FORM BWR REACTOR PROTECTION SYSTEM (RTS)
Plant/Unit: System:
Plant Operational State: Calendar Year: Date Submitted:
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:
RTS DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demand:
Actual/Spurious Failures:
Act. Channel Test Demands:
Act. Channel Test Failures:
Partial (114) HCU Test Demands:
Partial (1/4) HCU Test Failures:
Backup Scram Sol. Valve Tests:
Backup Scram Sol. Valve Failures:
ARI DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demands:
Actual/Spurious Failures:
Channel Test Demands:
Channel Test Failures:
ARI Scram Pilot Air Header Valve Tests:
ARI Scram Pilot Air Header Failures:
ARI EQUIPMENT GROUP UNAVAILABILITY DATA Planned Unavailable Hours:
Unplanned Unavailable Hours:
ARI EQUIPMENT GROUP UNAVAILABILITY DUE TO SUPPORT SYSTEM UNAVAILABILITY Support System:
Planned Unavailable Hours:
Unplanned Unavailable Hours:
Support System:
Planned Hours:
Unplanned Hours:
E-33
DATA REPORTING FORM FOR OTHER REPORTABLE SYSTEMS Figure E-7 provides a suggested general reporting form for reporting data for other systems that may be determined to be reportable under the guidance in Regulatory Position 1.2.
The form is the same as the forms for the fluid, emergency power, and reactor protection systems except for the section on "Train Demands and Associated Failures." This section should be modified as appropriate for the reportable system and the plant's own testing regime. The first column in this section would list each type of demand (actual, spurious, and each type of test such as quarterly tests, mini-flow tests, refueling cycle tests, or other, as appropriate) for the reportable system. As discussed in Regulatory Position 1.3, each of these demands should define the boundaries of trains and equipment groups within the systems so that the boundaries include the equipment actuated by that type of demand to perform a safety function. Simplified system diagrams should be provided to indicate the equipment involved in each type of actuation. For each type of demand, include two lines or rows -- one to report the number of demands and the other to report the number of failures associated with that type of demand during each of the four quarters.
E-34
FIGURE E-7 DATA REPORTING FORM OTHER REPORTABLE SYSTEMS Plant/Unit: System: Train/Equipment Group:
Plant Operational State: Calendar Year: Date Submitted:
Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State:
TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES" 2 Types of Demands Actual/Spuri ous Demands:
Actual/Spuri ous Fail ures:
Demands:
Failures:
Demands:
Failures:
OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs:
Operating Hours:
Failures:
TRAIN UNAVAILABILITY 2 Planned Unavailable Hours:
Unplanned Unavailable Hours:
TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY2 Support System:
Planned Hours:
Unplanned Hours:
Support System:
Planned Hours:
Unplanned Hours:
the number for each type of demand during the quarter and the number ofSReport failures of principal components associated with those types of demands during the quarter.
2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.
E-35
CONCURRENT UNAVAILABLE HOURS _
As stated in Regulatory Position 8, concurrent unavailable hours are reportable when two or more reportable systems, trains, or equipment group are unavailable at the same time during a reportable plant operational mode. Figure E-8 provides a suggested form for reporting concurrent unavailable hours. System, train, and equipment group designations should match the nomenclature used to identify them in system diagrams and data sheets (see Figures E-1 through E-6). The concurrent unavailable hours should be designated by plant mode as defined in Regulatory Position 2. The example in Figure E-8 is for a PWR with systems diagrams shown in Figures E-1 to E-4.2.
E-36
FIGURE E-8 DATA REPORTING FORM CONCURRENT UNAVAILABILITY Plant/Unit: Calendar Year: Date Submitted:
Quarter 1 Quarter 2 Quarter 3 Quarter 4 HOURS OF CONCURRENT UNAVAILABILITY/OPERATING STATE (System, train, equipment group)
Exampl e AFW-A 6.5 hrs EDG-B State 1 AFW-A 1.5 hrs EDG-B State 1 HPSI-A EDG-A 2.0 hrs HPSI-B State 1 E-37
APPENDIX F COMPONENT FAILURE RECORDS A component failure report should be submitted for each reportable failure.
The table below lists the information that should be supplied in each component failure report.
REPORT FIELD INFORMATION TO BE PROVIDED Plant name Name of unit and number System System in which the failed component is located.
Component Component type and ID number used in the system drawing.
Drawing Identification of the plant piping and instrumen tation diagram showing the location of the failed component.
Failure discovery date Date the component was discovered in a failed state.
Date last operable Date component was last verified as operable.
Failure end date Date when component was repaired.
Failure mode How the component failed to perform. (Open, close, start, run, etc.)
Failure detection method Method by which the failure was detected, e.g.,
pump test, actual demand, maintenance inspection.
Failure Description A brief narrative description of the failure, Narrative including the plant operational mode and system mode at time of discovery, the impact of the failure on system, train, or equipment group, and, if the failure was due to failure of a dedicated support system, identification of the support system and the failed component.
Cause of Failure A brief description of the cause of failure, Narrative including piece parts failed.
Corrective Action A brief description of the corrective action to Narrative restore the failed component (e.g., repaired or replaced failed piece part).
F-1
APPENDIX G EVENT LOG Figure G-1 is a suggested format for an onsite log to track the basic event data (failures, demands, run times, and unavailable hours) that form the basis for the summary data reported to the NRC. It is an example of a link between existing plant records and data systems and the summary information required by the rule.
Column I The date of the demand or the start date of the period of unavailable hours or run time.
Columns 2 and 3 The system and train or equipment groups in which the demand or period of unavailability occurred.
Columns 4, 5, 6, and 7 If the event was a demand, the next four columns would indicate whether it was successful or, if not, the type of failure (start or run) and the run time (if applicable.)
Columns 8, 9, and 10 If the event was a period of unavailable hours, the next three columns would record the unavailable hours according to whether they were planned, unplanned, or due to a support system being unavailable.
Column 11 The next to last column would use the plant's numbering or identification system for referencing plant records such as job requests, maintenance work orders, or operator logs. These plant records should provide documentation of the start of the event (demand or period of unavailable hours), the corrective action taken, and the end of the period of unavailable hours (return to service).
G-1
Col umn 12 The last column would provide any additional information needed to compile the summary data, such as the support system resulting in the front-line system being unavailable, the plant state at the time of the event, the diagram showing the principal component causing the event, or the name of the principal component.
Licensees may use whatever approach and format is most suitable to link plant records to the summary data.
G-2
FIGURE G-1 EVENT LOG Date System Train Demands Hours Plant Comments or Unavailable Records Equip- Reference ment Successful Start Run Run Planned Unplanned Due to Hours Support Group Demand Failure Failure System 1/30/96 EDG EDG A 35 JO 704645. Replace JO 783768 relief valve 3/16/96 EDG EDG B / 20 RAC 1-88048.
JO 00756384 4/19/96 AFW Train A / 88.5 Unavailable (turbine) when plant went into mode 3 4/20/96 EDG EDG B 10 ESW JO 84932 4/22/96 EDO EDG A / LG84932 Surveillance test
DRAFT REGULATORY ANALYSIS The NRC has prepared a draft regulatory analysis, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (December 19, 1995), on the proposed rule, 10 CFR 50.76. The analysis examines the costs and benefits of the alternatives considered by the NRC. The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (202) 415-6835.
R/A-1
Federal Recycling Program
\
UNITED STATES FIRST CLASS MAIL NUCLEAR REGULATORY COMMISSION POSTAGE AND FEES PAID USNRC WASHINGTON, DC 20555-0001 PERMIT NO. G-67 OFFICIAL BUSINESS PENALTY FOR PRIVATE USE, $300