ML19256F983: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(StriderTol Bot change)
 
Line 349: Line 349:
                   =
                   =
_ *=
_ *=
                        ;
                               , =,
                               , =,
1645 321
1645 321
Line 538: Line 537:
         - ti
         - ti
                   @                                    !! M
                   @                                    !! M
                                      .;_
                                       .is
                                       .is
                                       ! 3. i m.-
                                       ! 3. i m.-
Line 586: Line 584:
                                                                                                                                         .9 9o.
                                                                                                                                         .9 9o.
                                                                                                                                           . E
                                                                                                                                           . E
                                                                                                                                        ;
                                                                                                                                   .        . . ..aE.
                                                                                                                                   .        . . ..aE.
                                                                                                                                           .a .a u
                                                                                                                                           .a .a u

Latest revision as of 07:52, 22 February 2020

Emergency Feedwater Reliability Analysis for Unit 1.
ML19256F983
Person / Time
Site: Arkansas Nuclear Entergy icon.png
Issue date: 12/31/1979
From: Dorman R, Enzinna R, Weaver W
BABCOCK & WILCOX CO.
To:
Shared Package
ML19256F977 List:
References
NUDOCS 7912270161
Download: ML19256F983 (40)


Text

s i4 EMERGENCY FEEDWATER SYSTEM RELIABILITY ANALYSIS FOR THE ARKANSAS NUCLEAR ONE NUCLEAR GENERATING STATION UNIT N0. 1

~

By W. W. Weaver R. W. Dorman R. S. Enziana Revision 1 - December 1979 Babcock & Wilcox Power Generation Group Nuclear Power Generation Division P. O. Box 1260 Lynchburg, Va. 24505 1645 295 79222 70 iGl

6 TABLE OF CONTENTS Section Page Executive Summary iii 1.0 Introduction 1 1.1 Background 1 1.2 Objectives 1 1.3 Scope 1 1.4 Analysis Technique 2 1.5 Assumptions & Criteria 2 2.0 System Description 5 2.1 Overall Configuration 5 2.2 Supporting Systens & Backup Water Source 8 2.3 Power Sources 9 2.4 Instrumentation & Control 10 2.5 Operator Actions 11 2.6 Testi ng 12 2.7 Technic;.1 Specification Limitations 12 3.0 Reliability Evaluation 13 3.1 Fault Tree Technique 13 3.2 Comparative Reliability Results 13 3.3 Dominant Failure Contributors 14 References 16 Appendix A Appendix B 1645 296 i

s LIST OF FIGURES

1. ANO-1 EFWS
2. Service Water System - Alternate EFW Water Supply - ANO-1
3. AC Power Distribution to Components in EFWS and Service Water Systems -

N40-1

4. ANO-1 EFW Initiation & Control Functional Logic Diagram - Simplified
5. Comparison of AN0-1 EFWS Reliability with NRC Results for Westinghouse Plants 1645 297 ii

i EXECUTIVE

SUMMARY

The NRC has requested all operating plants with Babcock & Wilcox (B&W) designed reactors to consider means for upgrading the reliability of their Emergency Feedwater Systems (EFWS). As a part of the response to this request, AP&L and the other B&W Owners Group utilities have requested B&W to perform a simplified reliability analysis of existing emergency feedwater systems. This draft report presents the results of that reliability study for the ANO-1 EFWS.

The primary objective of this study was to evaluate AN0-1 EFWS reliability (defined as " point unavailability") using an approach which would produce results comparable to those obtained by NRC staff analyses for Westinghouse and Combustion Engineering Plants. Another objective was to identify dominant failure contributors affecting system reliability.

EFWS reliability was assessed for three cases: Loss of Main Feedwater (LMFW) with reactor trip, LMFW with Loss of Offsite Power (LMFW/ LOOP) and LMFW with Loss of all AC power (LMFW/LOAC). System reliability was assessed by the construction and analysis of fault trees.

The results of this study are on the following page. These results indicate the ANO-1 EFWS reliability, based on the reliabilities obtained by the NRC for Westinghouse plants, is low to medium for all cases.

Dominant failure contributors which were identified in this study include:

1) system unavailability resulting from preventive maintenance activities,
2) failures of EFWS initiation and control components, resulting in failure to obtain actuation for either EFWS train, 3) AC dependence of all valves needed to obtain EFW flow during LMFW/LOAC.

A similar study will be performed for each Owners Group utility and addi-tional plant specific draft reports will be prepared. At the conclusion of the program, information contained in the plant specific reports will be collected and used to generate an EFWS reliability report comparing all B&W operating plants.

1645 298 iii

CASE l' LMFW CASE 2: LOOP CASE 3. LOAC LOW MED HIGH LOW MED HIGH LOW MED HIGH 5 $ b AN ARKANSAS NUCLEAR 15 C U U ONE o O o 9 UNIT I ALL W PLANTS C C O C C @

- - m e em -

lIl MISSION SUCCESS WITHIN 5 MINUTES O--e RANGE OF W PLANTS

[] MISSION SUCCESS WITHIN 15 MINUTES

  • THE SCALE FOR CASE 3 IS NOT THE SAME AS FOR CASES I & 2 O MlSSION SUCCESS WITHIN 30 MINUTES j COMPARISON OF ANO-1 EFWS RELIABILITY WITH NRC RESULTS FOR W PLANTS N

4 4

s t

1.0 Introduction

1.1 Background

This report presents the results of a reliability study for the Arkansas Nuclear One Unit 1 (AN0-1) Emergency Feedwater System (EFWS). The NRC is conducting similar analyses for Westinghouse and Combustion Engineering plants. Preliminary results of the NRC study are available (Reference 1) and have been included in this report for comparison with the AN0-1 EFWS reliabili ty. The approach employed in this study has been developed in close coordination with the NRC and is therefore expected to yield comparable results.

1.2 Objectives The objectives of this study are:

o To perform a simplified analysis to assess the relative reliability of the AN0-1 EFWS. It is intended that the results of this analysis be directly comparable to those obtained by the NRC for Westinghouse and Combustion Engineering plants. This is assured by the use of the same evaluative technique, event scenarios, assumptions and reliability data used by the NRC.

o To identify, through the development of reliability-based insight, dominant failure contributors to the AN0-1 EFWS unreliability.

1.3 Scope Three event scenarios were analyzed:

o Case 1 - Loss of Main Feedwater with Reactor Trip (LMFW).

o Case 2 - LMFW coincident with Loss of Offsite Power (LMFW/ LOOP).

o Case 3 - LMFW coincident with Loss of all AC Power (LMFW/LOAC).

These event scenarios were taken as given; that is, postulated causes for these scenarios and the associated probabilities of their occurrence were not considered. Additionally, external common mode events (earthquakes, fires, etc.) and their effects were excluded from consideration.

For each of the three cases, system reliability as a function of time was evaluated.

1645 300

1.4 Analysis Technique The evaluation of reliability for the ANO-1 EFWS was based primarily on the construction and analysis of fault trees. This technique encourages the development of insights which permit identification of the primary con-tributors to system unreliability. Application of this technique is described in detail in Section 3.1.

1.5 Assumptions and Criteria Assumptions and criteria were made in consultation with the NRC staff and were selected to assure that the ANO-1 reliability evaluation results will be comparable to those obtained by the NRC for the Westinghouse and Combustion Engineering analyses.

1) Criterion for Mission Success - In order to evaluate the overall reliability contribution of system components, it is acessary to establish whether or not failure of those components will prevent successful accomplishment of the EFWS mission. Thus, it is necessary to explicitly define the criterion for mission success. The criterion adopted for this study was the attainment of flow from at least one pump to at least one steam generator. Mission success can be alternatively defined as at least one running pump with suction to a source of water and an open flow path to at least one generator without flow diversion.

System reliability was calculated at times of 5,15, and 30 minutes to allow for a range of operator action. These times were specifically chosen because NRC-supplied operator reliability data for these times was available; however, these times are reasonable and consistent with LMFW mitigation for B&W plants. In their study, the NRC staff has used steam generator dryout time as a criterion for successful EFWS initiation, and the 5 minute case represents a comparable result for B&W plants since emergency feedwater delivery within 5 minutes will prevent steam generator dryout. However, steam generator dryout itself does not imply serious consequences; a more appropriate criteria is the maintenance of adequate core cooling. Recent ECCS analyses (Reference 2) have shown that adequate core cooling can be maintained for times in excess of 20 minutes without EFWS operation, providing that at least one High Pressure Injection Pump is operated.

1645 301

2) Power Availability - The following assumptions were made regarding power availability: ,

LMFW - All AC and DC power was assumed available with a probability of 1.0.

LMFW/ LOOP - The most limiting diesel generator was unavailable with a probability of 10-2 The other generator was assumed available with a probability of 1.0. (The most limiting generator was DG-1 (see Figure 3) except for the case in which motor-driven EFWS pump P7B was in preventive maintenance. )

LMFW/LOAC - DC and battery-backed AC were assumed available with a probability of 1.0.

3) NRC-Supplied Data - NRC-supplied unreliability data for hardware, operator actions and preventive maintenance were assumed valid and directly applicable. These data are listed in Appendix B.
4) Coupled Manual Actions - Manual initiation of valves with identical function was considered coupled. Such valves were assumed to be both opened manually or b.oth not opened. The case in which one valve was opened and the other valve was left closed was not considered.
5) Degraded Failures - Degraded failures were not considered; that is, components were assumed to operate properly or were treated as failed.
6) Integrated Control System Reliabilit" - The degree of separation and redundancy of Integrated Control System circuits responsible for EFWS initiation and control for each EFWS train has not been fully evaluated.

For the purpose of this study, the ICS was assumed to consist of caly a single control device with signals to both EFWS trains and a combined failure probability of 7 x 10-3 was assigned to the ICS functions of pump actuation and isolation valve opening.

7) Relief Valve Opening - Operation of the EFWS turbine steam inlet relief valves is unclear. For this study, it was assumed that both valves would open at least once in the course of turbine initiation and continued use.

1645 302

8) Flow Diversion - Lines on the order of 1-inch were ignored as possible flow diversion paths. It was assumed that inadvertent opening of recirculation valves FW11A or FW12A will defeat pump P7A; similarly, opening of FW11B or FW12B will defeat pump P7B. However, the effects of the 2-inch line containing interlocked valves CV2815 and CV2816 were ignored. (These effects could include flow degradation from the turbine driven pump if both the valves are incorrectly open or damage to the pump if either valve is incorrectly closed when increased recirculation is required.)

1645 303

2.0 System Description

2.1 Overall Configuration A diagram of the ANO-1 EFWS is presented in Figure 1. The system consists of two interconnected trains, capable of supplying auxiliary feedwater to either or both steam generators under automatic or manual initiation anc control.

2.1.1 Suction The primary water source for both EFWS trains is the condensate storage tan k , T-41. This tank is required by technical specifications to contain a reserve of 107,000 gallons for EFWS use. The tank level is not indicated in the control room; however, there is a low level alarm in the control room which is battery-backed.

Water is supplied from this tank to a common suction header via a single 8-inch line containing normally open valve CS19 and check valves CS99 and CS98. There are other connections to this suction supply line including supply connections to the condensate transfer pumps and an interconnection with the unit 2 condensate storage tank, 2T-41. For this study, a penalty was taken for diverted suction flow to the transfer pumps.

However, even though the unit 2 condensate storage tank will usually be available as an alternate water supply for the unit 1 EFWS, no credit was taken for this source because technical specifications do not make unit 1 operation contingent on the availability of water from unit 2.

An alternate EFWS suction source is available from the nuclear service water system. This source is described in detail in section 2.2. Suction may be manually transferred from the condensate storage tank to the nuclear service water system by means of AC motor-operated valve pairs CV2806/CV2802 and CV2803/CV2800. A common control switch for each pair causes the valves to assume opposite positions; that is, if one valve (e.g. , CV2806) is open, then the other valve (CV2802) is closed and vice versa. Operators an alerted to perform this suction transfer by a low suction pressure alann on the common suction header.

~bSS Od

2.1.2 Pumps and Discharae Cross-Tie EFWS train A uses a turbine-driven pump, P7A, rated at 720 gpm at 1070 psig.

This flow includes a normal recirculation flow of 15 gpm. The train B pump P7B, is motor-driven and is rated at 780 gpm at 1070 psig including a nonnal recirculation flow of 78 gpm.

The pumps discharge through check valves into a discharge cross-tie line containing two normally-open AC motor-operated valves (CV2813 and CV2814). This cross-tie permits either pump to feed either or both steam generators.

2.1.3 Steam Generator Isolation Vaives The flow of emergency feedwater to each steam generator is controlled by normally-closed AC motor-operated " isolation valves" (CV2670 and CV2620).

These fast-acting valves maintain steam generator water level to the desired setpoint. Control for these valves is obtained from the Integrated Control System (ICS) and is described in detail in Section 2.4.

The ICS-controlled valves are bypassed by two normally-closed AC motor-operated oypass valves (CV2627 and CV2626). These valves are under manual control only.

2.1.4 Steam Supply for the EFWS Turbine Steam for the EFWS turbine is obtained from both steam generators via normally-closed AC motor-operated valves (CV2667 and CV2617). These valves are opened automatically by the ICS on EFWS initiation. They also may be opened by the Steam Line Break Instrumentation and Control System (SLBIC) or manually. A description of the ICS and SLBIC control for these valves is contained in Section 2.4. Valve CV2667 is bypassed by a nonnally-closed AC motor-operated valve (CV2666). This valve can be opened manually to admit steam from steam generator A to the EFWS turbine.

Steam from these valves passes into a common 4-inch line, through a restricting orifice to the turbine governor valve. A turbine overspeed trip valve is also provided to trip the turbine if turbine speed becomes excessive. Turbine trip is alarmed in the control room; the trip valve must be reset locally.

-6 1645 305

Two overpressure relief valves (PSV66G1 and PSV6602) are connected to the steam supply line upstream of the turbine governor. These. valves are expected to open anytime there is insufficient steam flow to produce a significant pressure drop across the restricting orifice. These valves may briefly open upon turbine initiation, or whenever the ICS-controlled

' isolation valves (CV2670 and CV2620) and manual bypass valves (CV2627 and CV2626) are all closed.

Turbine exhaust is vented to the atmosphere.

2.1.5 Other Important System Features Primary components for EFWS operation are described above. There are additional system features, however, which affect overall sys tem reliabili ty. These features are described below:

Recirculation and Test Lines - Recirculation and test lines are connected to the discharge piping of both pumps. Normal recirculation for pump protection is accomplished with normally open flow paths consisting of small lines, restricting orifices and needle valves as shown in Figure 1.

Additionally, for the turbine driven pump, there are two AC motor-operated valves, CV2815 and CV2816, in an alternate path which are interlocked with the EFWS isolation and bypass valves (CV2627, CV2670, CV2620 and CV2626).

If all isolation and bypass valves are blocking flow to both steam generators, CV2815 and CV2816 will open to increase recirculation flow for pump P7A. However, if any one of the four isolation or bypass valves is open, at least one of the valves, CV2815 or CV2816, will be closed.

Of significance to system reliability is the recirculation test line and its interconnected valves (FW11A, FW11B, FW12A and FW12B). These valves are used to perfonn full flow tests of the EFWS pumps by diverting flow to the condensor hotwell, the condensate storage tank or the cooling water discharge flume. For this study, it was assumed that, if either of the valves, FW11A or FW12A, is inadvertently left open, train A will be de feated. Similarly, inadvertent opening of FW11B or FV12B will defeat train B.

1645 306 SLBIC - The Steam Line Break Instrumentation and Control System isolates a steam generator in the event of a steam line oc feedwater line rupture.

The SLBIC closes main steam block valves CV2691 or CV2692 as well as main feedwater isolation valves not shown on Figure 1. The SLBIC also initiates the EFW turbine by opening steam supply valves CV2667 and CV2617.

2.1.6 Valve Indication and Operation All motor-operated valves in the EFWS are AC powered. All fail "as is" on loss of AC and all are controllable and position indicated in the control room. The power for valve control and position indication for these valves is derived from the power source for the valve operator.

For those valves which receive automatic signals from the ICS or SLBIC, manual override of the signal is possible at any time.

The atmospheric dump valves and the main steam block valves fail closed on loss of air. The dump valves fail to about 50% open on loss of control signal.

2.2 Supporting Systems and Backup Water Source The EFWS pumps, pump motor and turbine are self-contained entities without dependencies on secondary support systems. The bearings on the turbine and both pumps are lubricated by slinging oil from reservoirs near the bearings. Cooling is accomplished by heat transfer to the surroundiays.

The only support system of significance to the EFWS is the backup water supply source. This source is the service water system and those portions of this system pertinent to the EFWS are shown in Figure 2.

As shown in the figure, water is pumped from a reservoir by any or all of three service water pumps P4A, P4B or P4C which are on diesel generator-backed power. The discharge of these pumps passes through filters, check valves and normally-open manual valves (SW2A, 28, 2C) to a system of normally-closed, cross-over valves. The purpose of these cross-over valves is to divert flow from the auxiliary cooling water system to one of the service water locps if required.

1645 307 4

During normal operation, two of the three pumps will be running, supply-ing water to one loop of the service water system and to the auxiliary cooling water system. An engineered safeguard signal caused the flow to the auxiliary cooling water system to be diverted to the other service water loop. This action can also be performed manually by setting the correct valve alignments.

In any event, manual action (opening of normally closed AC motor-operated valves CV3850 or CV3851) is required to obtain water from service water Loop I or Loop II for EFWS use.

The description of valve indication and operation contained in Section 2.1.6 is applicable to the service water valves shown in Figure 2.

2.3 Power Sources A simplified diagram showing power distribution for EFWS and service water system components is shown in Figure 3. As indicated, AC power for all components needed to obtain emergency feedwater flow is derived from diesel generator-backed 4160 VAC busses.

Normally (Case 1), power for these busses is supplied from the switch-yard. However, in the event of LMFW/ LOOP (Case 2), the diesel generators are started automatically and all EFWS components will remain operable.

(The motor-driven pump is automatically loaded on bus A3 after a 100-second delay.) No manual actions are required.

In the event of LMFW/LOAC (Case 3), the EFWS is initially unavailable because of the AC dependence of EFWS valves. Manual action to locally open a turbine steam supply valve and a steam generator isolation or bypass valve is required to obtain EFWS flow. Continued operation of the turbine-driven pump may require periodic manual opening and closing of the isolation or bypass valves and the recirculation valves CV2815 and CV2816.

1645 308

_9

2.4 Instrumentation and Control 2.4.1 Initiation and Control A logic diagram showing the means of EFWS initiation ana control is provided in Fiqure 4. This t....plified diagram is intended to show function only and does not show redundancies and protective interlocks which actually exist in the harcware.

EFWS initiation and control are performed primarily by the ICS, and each is essentially a separate function of the ICS. Logic for tnese fur.ctions is battery-backed.

EFWS initiation consists of pump actuation. As shown in Figure 4( A),

low level in either steam generator, or a trip of all reactor coolant pumps, or a trip of both main feedwater pumps (if the reactor pover was greater than 5% isfP 30 seconds earlier) will result in an ICS signal to start both EFWS pumps. The pumps can also be started manually and, in addition, the turbine pump can be started by a SLBIC signal.

EPdS flow is also controlled by the ICS. This is accomplished by opening and closing the steam generator isolation valves (CV2620 and CV2670) in a manner depicted in Figure 4(B). If both main feedwater pumps have tripped, the ICS will open or close the isolation valve for each steam generator to maintain the water level near a predetermined setpoint (10%

on the startup instrumentation range). If all 4 RC pumps have tripped, the ICS will control the level to a higher setpoint (50% on the operate instrumentation range).

The isolation valve may also be opened or closed me. ally; but, in any case, the hand switch (ICS " Block Open" or " Block Close') shown in Figure 4(B) must not be set to block the desired operation.

~ ~

1645 309

2.4.2 Instrumentation The following instrumentation pertaining t0 the EFWS or supporting systems is provided in the control room.

Available in Case Case Case Instrumentation 1 2 3 e Steam Generator Level for S/G A and S/G B Yes Yes Yes e Low EFW Pump Suction Pressure Alarm Yes Yes No e EFW Discharge Pressure Yes Yes No Alarm and Indication e EFW Turbine Inlet Steam Yes Yes No Pressu re e Service Water Pressure for Yes Yes No Loop I and Loop II e EFW Flow to S/G A and S/G B Yes No No e CST Low Low Level Alarm Yes Yes Yes 2.5 Operator Actions Assuming no component failures and correct system valve alignment, no operator actions are required for EFWS mission success for Cases 1 and 2.

For Case 3, operator action is required to open a turbine steam admission valve. Also, an operator must open a steam generator isolation valve in order to achieve EFWS flow. Continued sys*,em operation may also require periodic manual valve operation to control 0TSG level, as well as opera-tion fo the pump P7A recirculation valves (CV2815 and CV2816).

In all cases, if the condensate storage tank is depleted, manual action is required to switch EFWS pump suction to the service water system.

6o5 710 2.6 Testing The operability of both EFWS pumps is checked monthly by a test using the mini-flow recirculation lines. This test demonstrates that the pumps will start, operate for 5 minutes, and develop the correct discharge pressure.

During startup and after any changes in EFWS valve alignment, all manual EFWS valves are verified to be in the correct, locked position. In addition, all non-locked valves are checked monthly to assure that they are positioned correctly. Motor-operated valves are demonstrated to be operable by quarterly tests.

Every eighteen months, the entire EFWS is functionally tested including the automatic actuation of valves and pumps, verification that feedwater is delivered to the steam generators, and verification that the system can be operated manually.

2.7 Technical Specification Limitations Technical Specifications require that both EFWS pumps be available any-time the reactor coolant temperature exceeds 280UF. If, however, the reactor is operating and one pump is determined to be inoperable, the reactor must be placed in hot shutdown within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />.

Technical Specifications also require that 107,000 gallons of water be held in reserve in the condensate storage tank for EFWS use.

1645 311 3.0 Reliability Evaluation 3.1 Fault Tree Technique The ANO-1 EFWS reliability was evaluated by constructing and analyzing a fault tree. The fault tree developed during this study is contained in Appendix A. The top level event in this tree is failure to achieve mission success; from this point, the tree branches downward to a level of detail corresponding to NRC-supplied data. This level is generally indicated by basic event circles.

For construction of the first tier of the tree (page A-1), the EFWS components in each train were grouped into three categories - Suction, Pump and Discharge. System failure can result from Suction 1 - Suction 2, Pump 1 - Pump 2, or Discharge 1 - Discharge 2 failures or from failures within one train when the other train is out of service for preventive maintenance. The fault tree also accounts for system failures resulting from combination failures such as Pump 1 - Discharge 2 with the appropriate discharge cross-connection unavailable. All combinations considered are indicated by the first tier.

The techniques used in fault-tree construction and the symbols shown in Appendix A are consistent with those used in WASH-1400 (Reference 3).

Following completion of the tree, hand calculations were performed to obtain system unavailability for 5,15 and 30 minutes for each of the three event scenario cases.

3.2 Coniparative Reliability Results The results of the analysis are presented in Figure 5. Indicated in this figure are the system reliability results for each of the three cases and for each time 5,15 and 30 minutes. The basic format for this figure, including the characterization of Lcw, Medium, and High reliability, was adopted from information presented by the NRC in Reference 1. Because the NRC-supplied input data were often unverified estimates of component and human reliability, absolute values of calculated system reliability must be de-emphasized; results have significance only when used on a relative basis for purposes of comparison. Accordingly, the intent of Figure 5 is to show the relative reliability standing of the AN0-1 EFWS for each of the three cases and also to compare these results to the 1645 312 NRC results for Westinghouse plants. The Westinghouse results and numerical values permitting construction of Figure 5 were all obtained fmm Reference 1. It should be noted that there is a scale chance for the Case 3 results; reliability results for Case 3 cannot be cross-compared with Cases 1 and 2.

As shown in Figure 5, relative to Westinghouse, ANO-1 has low to medium reliability for Casts 1 and 2; Case 3 has low reliability for success in 5 minutes, but medium reliability for success in 15-30 minutes. The under-lying causes for these reliability results are described in Section 3.3.

Some general observations may be made regarding the results in Figure 5.

As the time for operator action increases from 5 to 30 minutes, the probability of mission success usually improves. Most of the improvement occurs between 5 and 15 minutes, reflecting a significant difference in the NRC-supplied operator reliability data for these times. On the other hand, there was little difference in the operator reliability data between 15 and 30 minutes and this is reflected in the system unavailability results.

The small difference in tne results for Cases 1 and 2 indicates the relatively small effect associated with the improbable loss of one diesel generator. The Case 3 results stem from the AC dependence of all EFWS motor-operated valves.

3.3 Dominant Failure Contributors 3.3.1 Case 1 - LMFW The dominant failure contributor for Case 1 is the unavailability of one EFWS train because of preventive maintenance activities. Outage for preventive maintenance reduces system redundancy, and, coupled with component or human failure affecting the other train, results in mission failure.

Another significant contributor is component failure within the ICS that results in failure to obtain system actuation. The AN0-1 EFWS relies on common components within the ICS for initiation and control of both EFWS trains. It is apparent that this lack of separation and independence is a significant factor affecting mission success.

1645 313 Other significant failure contributors for Case 1 are:

o Flow diversion of either train because the full flow recirculation block valves FW11A, FW12A, FW11B or FW128 are inadvertently open.

o Failure of the motor-driven pump caused by incorrect alignment or plugging of suction valves CV2803 and CV2800.

o Failure to perform manual switchover to the service water system on depletion of the condensate storage tank.

3.3.2 Case 2 - LMFW/ LOOP Significant failure contributors for Case 2 are the same as for Case 1.

3.3.3 Case 3 - LMFW/LOAC The dominant failure contributor for Case 3 is the AC dependence of all valves necessary to obtain steam for the EFW turtine and admit emergency feedwater to either steam generator. The system will be initially unavailable because of this AC dependence. Subsequent manual action, described in Section 2.5, will be required to operate these valves to both initiate the system and to support continued system operation.

Another significant failure contributor for Case 3 is inadequate steam supply to the EFW turbine caused by an overpressure relief valve failing to reseat af ter opening.

1645 314 REFERENCES

1) " Auxiliary Feedwater Reliability Study", an NRC staff presentation to the ACRS at the ACRS meeting of July 26,1979,1717 "H" Street, Room 1046, Washington, D.C.
2) " Evaluation of Transient Behavior and Small Reactor Coolant System Breaks in the 177 Fuel Assembly Plant", May 7,1979.
3) WASH-1400 (NUREG-75/014), " Reactor Safety Study (Appendix II),"

USNRC, October 1975.

1645 375

  • F3.PE 1 A*C-1 EFeS TJP9N l s'acs l .

tysging el Ef 4 PAP CM'BOL 'At 48

'!! g . C5 1 I y Net.mE fa 5?09 Goe satet b

~

T' l"

  • ww s.C_% ,,,...4,...2..... . . . .

,...,C & - ><.,C

$ iC1 - m , [ h ,** -'C5

'#3 w

.. x C ' ?.. .< ,

c, r. , ,

$ a

._.. $_ Ciner_

CCatest esos eC3 s, 'l g

I'M.8  % C0ereOL tage IC3

, ,,g 3 C

$8 II e a f eilt f eilt ICS al BI ICS I l t a m I 1g ' *s os _ e Cr2826

]@.Cfft21 LJ Cv2670 s

CV2B47

,-- e e - ^,

+

6 M.--

Cini) Ci:sia

[fsiga F9138 M

Se .. iia;;

d

.. ::..i2 4H3 .

"t? i,, tt in "

" 78 Coat I Come.$T.

St1Ce Ftuetfans 08 C.S.

f 8. - -f 6.

, .. _I I

. . . . . ,t o, I 1* Rf C itC (14(1 1 S.

a CV:lil , ga a C12818 G ria Thee tit P79 80'3B-O

sf via Ne' Celete Pter Besteasst gestinasGE Cf IOS g. C1:193 t

@. .. ..C ,a r,. @'.

Cv 302 ==--- ------

C12909 b,, 7,,,

b.. ...

C,,,,.,

=

p,,,

= ,, _ . a ,,

a s". ->

CDer0f etat [

I'3f as[ Tens Lf1

- 1645 316

-e- e* *e e m- - . . = - - - - .

m., e --w-

/

FIG 2. SVC WATER SYSTEM - ALTERNATE EFW WATER SLPPLY - ANO.1 TO EFW PL;uPS b

l5911 E1 ES 2 3,33

$sli I- CV3851 g

CV3850 r l [ .h. ' (7H L SVC 84TER I I SVC #ATER l MS LOOP 11 LOOP I g I L_

_ _ . _ _J l I I CV3641 Cv3645 l l (NO)

(NC)

TO AUI. ]

C00LINGSYS,[

I h

" HS HS ES 1 __

s2

" "I g u

y y __

CV3643 (N01 , , , ,

aa i i 1 a'a CV3646 CV3644 CV3640 CV3642 (NC) (NC) (NC)

(NC)

~~

- - $#2B S#2C

!_ Sf2A (NO) . (NO) (NO) -

SEIA SflB $51C

0) G) n n n l

SVC WATER PUUP SVC gATER PUUP SVC #ATER PUUP "P4A" ap4ga ap4ga

/ \

> \ > i Il ll Il RESERVOIR 1645 317 J. /

  • FIG. 3 AC POWER DISTRIBUTION TO COMPOtENTS IN EFWS & SVC WATER SYSTEM - ANO-1 0.G.1 0.G.2

/\ /\

I

)

y 4160V AC BUS "A3" 4160V AC BUS "A4" U

) ) ) ) ) ) ) )

4 Il i p SVC SVC EFWP W TER

  1. ATER ,i "78" SVC 1 PUMP "4C" PUMP "4 A" PUMP WATER I MOTOR MOTOR MOTOR PUMP "48"i WW WW 480V AC BUS "B5" y v) -

480V AC BUS "B6" f I

]) ) lI ) l)

)/ i

_1 T

U"B52" U "B61" I f"BB2" U "B51" ')"B56" o

"""" lI +CV2617

) CV2667 + CV2800 CV2620 + /

)

U"B53" --*- CV 28 03 y "863"

_ QB55"

+ CV3850 CV 26 26-*- + CV2627

+ CV 2815 CV2806 %

-+ CV3645 + CV2666 CV3851 +

4W CV2816 +

CVee41 -

..,,.y g.,2..

- 1645 318 TO SOME EFW INSTRUMENTATION

/'

FIG. 4. ANO-1 EFA INITIATION & L;O4 TROL PJNCTI74AL LOGIO DIAGRAM SIRIFIED LEGEND OR LOGIC flTHIN ICS AND

  • r 3

- SLBic NOT

- 80lH NFDP TRIPPED CPEN y y e MANUAL BYPAS$ AT LO REACTOR

($iART T'JRBINE) PCIER (TIME DELAYED)

,g ,, _ S.G "A" LD LEVEL (A) Eff PUNP & TURBINE INiilAflog ACT.slG. b e--- 3. G "8" LD LE VEL

- ALL 4 RCP TRIPPED START C

PtuP

- NANUAL LOGIC flTHIN ICS (8) CONTROL OF EFW "lSQLAil0N VALVES" ,

~ BOTH EFrP TRIP'E0 NANUAL

  • OPEN (CLOSE)

- Se G LEVEL (>) LEFrP SETPolNT OPEN ICS SIG. 70 m c 2 20 V OPEN (CLOSE)

DUPLICATED FOR CV2670

- ALL 4 RCP TRIPPED ICS "9 LOCK OPEN"

("8 LOCK CLOSE")

HAN05tlTCH

- 3 G LEVEL ()) LRCP SETPOINT NOTE. REDUNDANCIES & PROTECTIVE INTERLOCAS NOT SH0tN 1645 319

CASE l- LMFW CASE 2: LOOP CASE 3. LOAC LOW MED HIGH LOW ME0 HIGH LOW MED HIGH 5 A $ A k ARKANSAS NUCLEAR 15 g ll E ONE 30 # ,

-e e UNIT 1

- * * - n a ALL W PLANTS . . w . w w d MISSION SUCCESS WITHIN 5 MINUTES @ g RANGE OF W PLANTS MISSION SUCCESS WITHIN 15 MINUTES

  • THE SCALE FOR CASE 3 IS NOT THE SAME AS FOR CASES I & 2 g MISSION SUCCESS WITHIN 30 MINUTES os FIGURE 5 COM3ARISON OF ANO-1 EFWS RELIABILITY WITH NRC RESULTS

$ FOR W PLANTS u

N CD

9 0

2}*

re zt.

I .*.235 !

3EE3 si

-22~

3 .i Accendix A

fI fa: 1 IEE st '

ts g!Ei(d w

" g; 1 .

=s '

~

3

!! < o lii G-

==  !!!. 4 e14 f1

-E-

~- =

-s

.a N e nu  !

i

=

-4=

= ~"g.

~3"; =50 52 2

  • 12S -

Gras E: *40

w'o *3S ('A m
  • IS*
  • 3M:  %

3 E; -

==l"

g -

A" ,~ E I

gi s
  • 30 "2B 3M=

~&2 52 E E M

6 2

==s -

3M=

~5

.o

$5 ,

3*O 54

.Y. :

e :2 MC -

=

_ *=

, =,

1645 321

$3 0

  • Ii!

a:

E n

.4 " -

.a.

e. ,.

_ _=

=

a - =

= .

.E

=. = u u-u e

, _O e_d.

.w L

=. .

=

= = = ,.

===-

=

=

u . .

= s=.

> . _O

,.=.

4

.O

. .m o.

c s =_- . .

u

_=

_ _ =_

__=_.

==

- ~ ,=_, .=

E

. .O. _=

..=- 53-

- O m o . ~. o.

y*U, e.9 M. M.

m = ._ .

,o 3 m u.

-C m-_ D

_ w.

a U U .

.u

_.a

._.- - .. .=._ _.

o -

a .

e.s. e-

. .u=

u u

_O 4_4 O

w

  • D

==

!!! 1645 322 A-2

9 8 see mee 55

  • 35a o

a --

o E YY E :"s E

-u -

E .U s

o n.s EE u2.

s ' e m..

. . w S

-e Wt

. -a .

< E E

_en

=.*

5 Y

=-

  • ad O

~M

- y 5 a t; 5 if

  • f5" 52=E IW=@Wen 0.

2 6 .

O w >==m O

  1. 5.

?: 2 3a:

E

. =

r ES

". .~a _2 F t; D

H

$---E.$

.- r .

W

~ -- -O 8u u =.

u b

tee E

- e - 5a d-= o u

g m Whu .- _e a Q m-

. 3

- u Mw o u a

2

-  ?

- * *t

{ed R $

.s- 2 1645 323

A TRAIN 8 PUNP RELATED FAILURES f

PUNP B Flav DIVERT!D COUPLED VALVES FAILS TO TEST LINE, CV2803 AND VALVE 118 OPEN CV2800 Fall f

f #

e VALVE PERATOR VALVE I RTENTLY CORRECTIVE MECHANICAL MECHANICAL LEFT N ACTION TO FAILURE AFTER TEST L L FAILURES CONTh PCsER CIRCd'T F AILURE FAILS

- O RATm VALVES CONDENSATE VALVES FAILS TD IMRTENilY STORAGE TAhK Fall TO ACTULTE AV LEFT IN MDG FAILURE POSITimi POSITION MANUAL POSITim ACTUATION FT CIRCUIT ACTUAfl0N FAILS paits MANUAL POSITIONING FAILS CONT ROL MOTOR POSER circuli CPERATORS FAILURE FAILS Fall Ab 7

1645 s24

I WDt I R

il OA CT F l

IR4 G G1 0V L E

CT A CV A

Y l

i E S V 8 G E N E

D L 0 U - VI T E A 5 L LR F S V C P A EV E O V 0 LL l

E S V 9 G E S L 9 U V 9 G A 5 L - L A

l U V C P S L V C P S

E M K R O E N U R T A L F O Q A T I A

S A W T 1 N E F O S 4 E G D A D HC T N R E 0 O O T C T A S L E

R N

I sLT I 0E 4 L V -

E T L

2 1 T4 WI -

ONT LU2 F

MT OOS NRC F

y DR E E WT ORT H"

L EO F V I O DT

&bw ANW s

7n i

e.==

s O = =,

j

=-  :

55 .=

SCEm
sE n ==

\e==e;e E=s u Sam m -

r'~

t

-g-G ==

g>wt

==g 3-d r-t

.sso ismi sm-l n

UEwU

= v= n gw

-ss e

!!Ei V 3 m_ $103 m

r-t a a u= =

t W s" W - E E Z_

"n5a 85"w un 25 m-5 h6A5 326

A CROS$ TIE FAILURES VALVE CV2813 VALVE CV2814 FAILS FAILS CLOSED CLOSED

(% (h WECHAhlCAL ECHAulCAL FAltuRE FAILURE

  • E IC' NTLY U C;lIO GYRAg VALVE FAILS FAI VALVE FAILS HRAD M[T- TO CPEN (FENI%

TO CPEN fat ENIE

\ [

} MANUAL

/ MANUAL h Q OPENihG OPENING  %

FAILS FAILS CONTROL uGTOR PCWER CONTROL 40 TOR D

POWER circuli OPERATOR FAILURE CIRCulT OPERATOR -- FAILURE FAILS FAILS FAILS falls A '1645 327

~

-G lii

=1.!@

m

  • . 3.

.s.

=r:

ii
n-

.se -

=2_

- ..g .

=

l. a. .i. m

, .  !,=

=

. . =m.

4F ii!!O O

}

- ti

@  !! M

.is

! 3. i m.-

s8 -

yi .

8:

.= c. =

O . .

a = = , - ..

2"2 *2 22003:]

4 1645 328

_/. \. =. = ,.

A-8

4

.e

_. .5 u

se

. ~ ~

45 23q. 3

.u a .

t W

~

/~ .

., a n .

Y e G -

u -

= . .

5 ., 5.3

.m -

..- C ~

i' 3

~ ~w .C G ~~,I Ia g ". .= 5

^

"= c 5.

.9 . ..

...9

=

le t

..m W

=,

. u 8

2 "

" 5 '. C

=

    • W X k 3

.9 9o.

. E

. . . ..aE.

.a .a u

. - u20 u w

"y ..:

  • M

.".,s"*' -

V

.. .= ,

- o-or .

2 **"B~ sEE 3E$

u 3gf" . .

=

f- r. ,,*, .

= g.=". 2 L

.=

2. 3 TUE="

u . ". E= _ . ,

g

"'; .=

- 5 a.6u x. 3. .. .-. .

.88*%."

u-

.a

-* u

.E 3

  • = .-

o

~ ~ g-T=..".

W.,

s.

= . ..

o. ,, e.=-.o_.

..m-u-.

.-- .N

m. E' . E ..

..s C ..

. u 3

==

W. .E _

..a=.=

o .

<-8 r.

- 9 ...

T=r

-* "*c-

=.

Y ..M

.O s >

-o 5_

u* * .

g ;5

=

. :em O

1645 329

/

22.

Eze ag:

fi.s=

g u G g . ==

= . =.

.~

.. .= -

=g sa: Eg:

E

5. " .5

!s!.

11 -

1.s.

fac 3!

E!ac as: -

.=.

-G .-

053 :2 4

3 e.. &

: 8. .=.

, .. =..=.. ..:

s= sai

+ ;;g

==

o.-  !=

m .:=

V H E. E

. .= s j ig2

s:$

"3

!.!! O O

5

-C  !!.!

S=

=

5.

3: :. O.

W

-G-an 1f*

-s 1645 330 Y

a si n=

A-10

APPli: DIX B l -

NRC-SUPPLIED DATA USC3 c0R DURPOSES OF C0' DUCTIMG !

A C0:'.PAPATl"E ASSESSMENT OF EXISTI':G AFWS DESIGMS & THEIR POTET:TIAL RELIABILITIES Point Value Esti.ute

., of Probcbili ty o f' Failure on Demand I. Component (Hardware) Failure Data

a. Val vet :

Manual Valves (Plugged) 41 x.10-Check Valves 41 x 10-Motor Operated Valves 3

!!echanical Ccmponent.;

Plugging Contribution N1 x 10 4 N1 x 10 Control Circuit (Local to Valve) w/ Quarterly Tests %6 x 10-3 w/ Monthly Tests %2 x 10-3

b. Pumps: (1 Pump)

Mechanical Components N1 x 10' C(sntrol Circuit w/ Quarterly Tests N7 x 10-3

. w/ Monthly Tests s4 x 10-3

c. Actuation Locic s7 x 10-3 .
  • Error factors of 3-10 (up and down) about such values ari not unexpected for basic data uncertainties.

B-1 1645 331

II. Furan Acts 7. Errorr. - Failure Data: .

t 1

+ Estimated Human Error / Failure Probabilities +

+ Modifying Factors & Situations + l With Local Walk- '

With Valve Position Around & Double '

l Indication in Control Room Check Procedure.s

\ w/o Either Point Est on Point Est on Point Est on Val ue Error Value Error Value Error Estimate Factor Estimate Factor Es tima te Factor A) Acts & Errors of a Pre- -

Accident Nature

1. Valves mispositioned during tes t/ maintenance.

a) Specific single 1 20 1 10 10-2 x 10

= valve wrongly selected M x 10-2 x1 X M x 10-2 x.1 Y N out of a population of valves during conduct of a test or maintenance -

act ("X" no. of valves -

in popula tion at choice).

b) Inadvertently leaves %5 x 10-4 20 45 x 10-3 10 s10-2 10 correct valve in wrong posi tion.

2. More than one valve is s1 x 10-4 20 s1 x 10-3 10 S3 x 10-3 10 affected (coupled errors).

~

h (J1

%b kJQ 8 N

i

' Appendix B II. Human Acts & Errors - Failure Data (Cont'd):

+ Estimated Human Error / Failure Probabilities +

Estimated Failure Prob. for Primary Time Actuation Operator to Actuate Needed AFWS Con:oonents B) Acts & Errors of a Post-Accident Nature

1. Manual actuation of s5 min. %5 x 10-2 AFUS from Control %15 min. s1 x 10-2

-3 Room. Considering m30 min. %5 x 10 "non-dedicated" operator to actuate AFWS and possible backup actuation of A FWS .

Ill. Maintenance Outace Cont -ibution Maintenance outage for pumps and EMOVS:

q g10 22 (# hours /caintenance act)

Maintenance 720 1645 T3 B-3