DCL-15-091, Diablo Canyon, Units 1 and 2 - Submits License Amendment Request Exigent Revision to Technical Specification 3.8.9. Distribution Systems - Operating: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
 
Line 1: Line 1:
{{Adams
#REDIRECT [[DCL-15-091, Submits License Amendment Request Exigent Revision to Technical Specification 3.8.9. Distribution Systems - Operating]]
| number = ML15224B642
| issue date = 08/12/2015
| title = Diablo Canyon, Units 1 and 2 - Submits License Amendment Request Exigent Revision to Technical Specification 3.8.9. Distribution Systems - Operating
| author name = Allen B S
| author affiliation = Pacific Gas & Electric Co
| addressee name =
| addressee affiliation = NRC/Document Control Desk, NRC/NRR
| docket = 05000275, 05000323
| license number = DPR-080, DPR-082
| contact person =
| case reference number = DCL-15-091, LAR 15-04
| document type = Letter type:DCL, License-Application for Facility Operating License (Amend/Renewal) DKT 50
| page count = 43
}}
 
=Text=
{{#Wiki_filter:Pac i fic Gas and E l ectr i c Company B arry S. Allen Diablo Canyon Power Plant Vice President, Nuclear Services Mail Code 104/6 P. 0. Box 56 Avila Beach, CA 93424 August 12, 2015 805.545.4888 PG&E Letter DCL-15 -091 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 Diablo Canyon Units 1 and 2 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 License Amendment Request 15-04 10 CFR 50.90 Internal:
691.4888 Fax: 805.545.6445 Exigent Revision to Technical Specification 3.8.9. "Distribution Systems-Operating" Dear Commissioners and Staff: Pursuant to 10 CFR 50.90, Pacific Gas and Electric Company (PG&E) hereby requests approval of the enclosed proposed amendment to Facility Operating License Nos. DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant, respectively.
The enclosed license amendment request (LAR) proposes to revise Technical Specification (TS) 3.8.9, "Distribution Systems-Operating." The proposed change would revise the TS 3.8.9, Condition 8, Required Action 8.1 Completion Time (CT) from 2 hours to 24 hours. This amendment request represents a risk-informed licensing change. The proposed change meets the criteria of Regulatory Guide (RG) 1.17 4, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," and RG 1.177, Revision 1, "An Approach for Plant Specific, Risk-Informed Decision making: Technical Specifications," for risk-informed changes. On June 29, 2015, the output breaker for Unit 1 Inverter IY-14 spuriously opened deenergizing Vital 120 Volts Alternating Current (VA C) instrument panel PY-14. The breaker was closed, reenergizing PY-14 and returning IY-14 and PY-14 to Operable.
On July 20, 2015, the output breaker for Unit 1* Inverter IY-14 spuriously opened again. As with the June 29, 2015, occurrence, the breaker was closed, reenergizing PY-14 and returning IY-14 and PY-14 to Operable.
A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
* Diablo Canyon
* Palo Verde
* Wolf Creek I I Document Control Desk
* August12,2015
' & Page 2 PG&E Letter DCL-15-091 Due to the issues with the IY-14 output breaker, PG&E evaluated options for replacing the breaker online and determined current TS CTs are insufficient to support online replacement.
The output breaker for Inverter IY-14 is associated with TS 3.8.7, Operating." TS 3.8.7, Condition A, "One Required inverter inoperable," Required Action A.1 includes a note to, "Enter applicable Conditions and Required Actions of LCO 3.8.9, 'Distribution Systems-Operating' with any vital 120 VAC bus deenergized." TS 3.8.7, Condition A has aCT of 24 hours, however, TS 3.8.9, Condition B, only has a 2-hour CT. PG&E reviewed other TS and Equipment Control Guidelines (ECGs) impacted due to an inoperable 120 VAC vital bus subsystem inoperable and did not identify any actions less than 24 hours associated with a plant shutdown.
The purpose of this LAR is to revise TS 3.8.9, in support of replacing electronic style inverter output breakers online. PG&E requests NRC approval of this LAR within three weeks of the submittal date to support replacing the output breaker for Unit 1 Inverter IY-14 online as a prudent measure to prevent potential transients, should the breaker spuriously open, and to improve overall plant safety. The existing output breaker design utilizes an electronic trip device to monitor the breaker current and initiate opening when appropriate.
The apparent cause of the spurious opening of the breaker is false actuation of the electronic trip device in the breakers.
To eliminate this apparent cause, the existing electronic style output breakers will be replaced with nonelectronic style breakers.
Prompt replacement of the output breaker for Inverter IY-14 would eliminate this electronic trip failure mechanism.
An installed spare output breaker on IY-14 has been temporarily paralleled with the normal output breaker to reduce the impact of a normal output breaker spurious opening, however, since both breakers are of the same electronic design, there is still a potential for loss of inverter output power from false actuation of the electronic trip device in the breakers.
If this were to occur, and operators were unable to restore the inverter output power, the 24-hour CT would be sufficient to replace the normal output breaker and avoid an unnecessary shutdown.
Additionally, PG&E plans to replace all electronic style output breakers for the vital IY inverters with nonelectronic style breakers during or before Unit 1 Refueling Outage 19 (1R19) and Unit 2 Refueling Outage 19 (2R19). The 1R19 outage is scheduled for October 2015. The 2R19 outage is scheduled for May 2016. Exigent review and approval of this TS change would also provide additional opportunity (more maintenance outage windows) to appropriately schedule and replace Unit 2 IY breakers prior to 2R19. A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
* Diablo Canyon
* Palo Verde
* Wolf Creek Document Control Desk August12,2015 Page 3 PG&E Letter DCL-15-091 The changes in this LAR are not required to address an immediate safety concern. PG&E requests approval of this LAR within three weeks of the submittal date. PG&E requests the license amendment(s) be made effective upon NRC issuance, to be implemented within 7 days from the date of issuance.
PG&E makes no regulatory commitments (as defined by NEI 99-04) in this letter. This letter includes no revisions to existing regulatory commitments.
In accordance with site administrative procedures and the Quality Assurance Program, the proposed amendment has been reviewed by the Plant Staff Review Committee.
Pursuant to 10 CFR 50.91, PG&E is sending a copy of this proposed amendment to the California Department of Public Health. If you have any questions or require additional information, please contact Mr. Hossein Hamzehee at 805-545-4720. I state under penalty of perjury that the foregoing is true and correct. Executed on August 12, 2015. Sincerely,
/kL-Vice President-Nuclear Services mjrm/4557/50709593 Enclosure cc: Diablo Distribution cc/enc: Marc L. Dapas, NRC Region IV Siva P. Ling am, NRR Project Manager Gonzalo L. Perez, Branch Chief, California Dept of Public Health John Reynoso, NRC Acting Senior Resident Inspector A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
* Diablo Canyon
* Palo Verde
* Wolf Creek Enclosure PG&E Letter DCL-15-091 Evaluation of the Proposed Change License Amendment Request 15-04 Revision to Technical Specification 3.8.9, "Distribution Systems -Operating" 1.
 
==SUMMARY==
DESCRIPTION
: 2. DETAILED DESCRIPTION
: 3. TECHNICAL EVALUATION
: 4. REGULATORY EVALUATION
 
===4.1 Applicable===
 
Regulatory Requirements/Criteria
 
===4.2 Precedent===
 
===4.3 Significant===
 
Hazards Consideration
 
===4.4 Conclusions===
: 5. ENVIRONMENTAL CONSIDERATION
: 6. REFERENCES ATTACHMENTS:
: 1. Technical Specification Page (Markups)
: 2. Technical Specification (Retyped page) 3. Technical Specification Bases Page (Markups)
Enclosure PG&E Letter DCL-15-091 Evaluation of the Proposed Change 1.
 
==SUMMARY==
DESCRIPTION This letter is an exigent request to amend Operating Licenses DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant (DCPP), respectively. The proposed change would revise the Operating Licenses to revise Technical Specification (TS) 3.8.9, "Distribution Systems-Operating." The proposed change would revise the TS 3.8.9, Condition B, Required Action B.1 Completion Time (CT) from 2 hours to 24 hours to, "Restore 120 VAC vital bus subsystem to OPERABLE status," for "One 120 VAC vital bus subsystem inoperable
." 2. DETAILED DESCRIPTION Proposed Amendment The proposed change would revise the TS 3.8.9, Condition B, Required Action B.1 CT from 2 hours to 24 hours to "Restore 120 VAC vital bus subsystem to OPERABLE status" for "One 120 VAC vital bus subsystem inoperable." B. One 1 20 VA C vita l bus subsystem inoperab l e. 8.1 Res t ore 120 VAG vital b u s su b sys t em t o OPERAB L E s t a tu s. 1\0 The proposed TS change is noted on the marked-up TS page provided in Attachment
: 1. The revised TS page is provided in Attachment
: 2. The TS Bases change is contained for information only in Attachment
: 3. This LAR proposes a change toTS 3.8.9, "Distribution Systems-Operating." A change toTS 3.8.9, "Distribution Systems-Operating," was also proposed in PG&E Letter DCL-13-1 06, "Revision to Technical Specifications to Adopt Risk Informed Completion Times TSTF-505, Revision 1, 'Provide Risk-Informed Extended Completion Times-RITSTF Initiative 4B,"' dated November 25, 2013. If this LAR is approved prior to approval of the LAR discussed above, a newTS retyped page will be provided.
System Description The onsite Class 1 E electrical power distribution system is designed with three 4160 V and 480 V Vital Buses (F , G, and H) and three 125 VDC vital buses. The 1 Enclosure PG&E Letter DCL-15-091 plant protection system (PPS) is designed with four Input Channels (1, II, Ill, and IV) powered from four 120 VAG Vital Buses (1, 2, 3, and 4). The four channels provide input to the solid state protection system (SSPS) Trains A and B. Each SSPS train actuates engineered safety feature (ESF) equipment in the three vital alternating current (AC) and direct current (DC) buses and certain nonvital equipment in the nonvital AC and DC buses. There are three AC electrical power subsystems, each comprised of a primary ESF 4.16 kV bus and secondary 480 and 120 V buses, distribution panels, motor control centers and load centers. Each 4.16 kV ESF bus has two separate and independent offsite sources of power as well as a dedicated onsite diesel generator (DG) source. Each 4.16 kV ESF bus is normally connected to the 500 kV offsite source. After a loss of this normal 500 kV offsite power source to a 4.16 kV ESF bus, a transfer to the alternate 230 kV offsite source is accomplished by utilizing a time delayed bus undervoltage relay. If all offsite sources are unavailable, the onsite emergency DG supplies power to the 4.16 kV ESF bus. Control power for the 4.16 kV breakers is supplied from the Class 1 E batteries.
The 120 VAG vital buses are arranged in four buses and are normally powered from the inverters.
The alternate power supply for the 120 VAG vital buses are Class 1 E constant voltage source transformers powered from the same bus as the associated inverter, and its use is governed by Limiting Conditions for Operation (LCO) 3.8.7, "Inverters-Operating." Each constant voltage source transformer is powered from a Class 1 E AC bus. In addition, each inverter can be powered from a bus other than its associated bus.
* The Class 1 E AC, DC, and 120 VAG vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, Reactor Coolant System (RCS), and containment design limits are not exceeded.
Figure 1 below provides an overview of the vital instrument power distribution system design. 2 Figure 1 I 1\) (l) "' 1\) Q) 1 H Enclosure PG&E Letter DCL-15-091 Vital Inst r ument Power Distribution Ove r view V i t a i 480 V AC 1G V i ta l 120VAC Syste m 1 F U n it 1 i Un i t 2 l 3 2F V i ta l 480 V AC 2G r-'1-1 J I r--*-*-*--2H _,_,J -**-*-**-*-1-r-1-1-1-_l_l_l_ LI-1-1-J--*-*-*--*--*-
&sect; I l; -i l-1 1m I I '']I:P I I I I u -i 0 1 0 "-> "-> w (,.) "-> m i Q) ..,. '< I I I I I P Y23A I I P Y23 , V it a l 120VAC S y stem N ote: E D -Battery charge r a n d AC-DC co nv e rt e r SD -1 2 0V DC d i st r ibutio n p a n e l I Y -UPS a n d DC -AC in verter (bypassab l e) PY-1 2 0V AC d i s tr ibutio n pa n e l T R Y-48 0 VAC-1 20 V AC transfo lillll er and r*eg u l a t*o r Purpose for Proposed Amendment Enclosure PG&E Letter DC L 091 On June 29, 2015, the output breaker for Unit 1 Inverter IY-14 spuriously opened deenergizing Vital120 VAC Instrument Panel PY-14. The breaker was closed, reenergizing PY-14 and returning IY-14 and PY-14 to Operable. On July 20, 2015, the output breaker for Unit 1 Inverter IY-14 spuriously opened again. As with the June 29, 2015, occurrence, the breaker was closed, reenergizing PY-14 and returning IY-14 and PY-14 to Operable. Due to the issues with the breaker, PG&E evaluated options for replacing the breaker online and determined the current TS CT is insufficient to support online replacement.
The output breaker for Inverter IY-14 is associated with TS 3.8.7, Operating." TS 3.8.7, Condition A, "One Required inverter inoperable," Required Action A.1 includes a note to, "Enter applicable Conditions and Required Actions of LCO 3.8.9, 'Distribution Systems-Operating' with any vital 120 VAC bus deenergized." TS 3.8.7, Condition A has aCT of 24 hours, however, TS 3.8.9, Condition B, only has a 2-hour CT. PG&E reviewed other TS and Equipment Control Guidelines (ECGs) impacted due to an inoperable 120 VAC vital bus subsystem inoperable and did not identify any actions less than 24 hours associated with a plant shutdown. The purpose of this LAR is to revise TS 3.8.9 in support of replacing 120 VAC vital bus inverter output breakers online. PG&E requests NRC approval of this LAR within three weeks of the submittal date to support replacing the output breaker for Unit 1 Inverter IY-14 online as a prudent measure to prevent potential transients, should the breaker spuriously open, and to improve overall plant safety. The existing output breaker design utilizes an electronic trip device to monitor the breaker current and initiate opening when appropriate.
The apparent cause of the spurious opening of the breaker is false actuation of the electronic trip device in the breakers.
To eliminate this apparent cause, the existing electronic style output breakers will be replaced with nonelectronic style breakers.
Prompt replacement of the output breaker for Inverter IY-14 would eliminate this electronic trip failure mechanism.
An installed spare output breaker on IY-14 has been temporarily paralleled with the normal output breaker to reduce the impact of a normal output breaker spuriously opening, however, since both breakers are of the same electronic design, there is still a potential for loss of inverter output power from false actuation of the electronic trip device in the breakers.
If this were to occur, and operators were unable to restore the inverter output power, the 24-hour CT would be sufficient to replace the normal output breaker and avoid an unnecessary shutdown. 4 Enclosure PG&E Letter DCL-15-091 Additionally, PG&E plans to replace all electronic style output breakers for the vital IY inverters with nonelectronic style breakers during or before Unit 1 Refueling Outage 19 (1 R 19) and Unit 2 Refueling Outage 19 (2R 19). The 1 R 19 outage is scheduled for October 2015. The 2R 19 outage is scheduled for May 2016. Exigent review and approval of this TS change would also provide additional opportunity (more maintenance outage windows) to appropriately schedule and replace Unit 2 electronic style output breakers for IY inverters prior to 2R19. The output breakers for IY inverters are currently Operable.
The new nonelectronic style breakers would eliminate a possible susceptibility to false actuation of the electronic trip device. Risk-Informed Licensing Change This LAR represents a risk-informed licensing change. The proposed change meets the criteria of Regulatory Guide (RG) 1.17 4, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Specific Changes to the Licensing Basis," and RG 1.177, Revision 1, "An Approach for Plant-Specific, Risk-Informed Decision making: Technical Specifications," for risk-informed changes. RG 1.177, Revision 1, discusses the acceptable reasons for requesting TS changes. The following categories apply to this LAR: Improvement to operational safety: A change to the TS can be made due to reductions in the plant risk or a reduction in the occupational exposure of plant personnel in complying with the TS requirements.
Consistency with risk basis in regulatory requirements:
TS requirements can be changed to reflect improved design features in a plant or to reflect equipment reliability improvements that make a previous requirement unnecessarily stringent or ineffective.
TS may be changed to establish consistently-based requirements across the industry or across an industry group. Reduce unnecessary burdens: The change may be requested to reduce unnecessary burdens in complying with current TS requirements, based on operating history of the plant or the industry in general. This includes extending CT (1) that are too short to complete repairs when components fail with the plant at-power, (2) to complete additional maintenance activities at-power to reduce plant down time, and (3) provide increased flexibility to plant operators.
: 3. TECHNICAL EVALUATION Background Enclosure PG&E Letter DCL-15-091 There were 5 spurious Vital Instrument AC (IY inverter) output breaker openings in the last 9 years: May 6, 2006: Spurious opening of Inverter IY-24 output breaker during Unit 2 Refueling Outage 13 June 6, 2012: Spurious opening of Inverter IY-14 output breaker during Unit 1 Refueling Outage 17 February 23, 2013: Spurious opening of Inverter IY-23 output breaker during Unit 2 Refueling Outage 17 June 29, 2015: Spurious opening of Unit 1 Inverter IY-14 output breaker on-line July 20, 2015: Spurious opening of Unit 1 Inverter IY-14 output breaker on-line The apparent cause for the spurious actuation or opening of the output breakers, which causes a loss of their Vital Instrument AC Bus Distribution Panels, is a false actuation of the electronic trip device. All IY inverter output breaker failure events occurred at different time periods. In the Probabilistic Risk Assessment (PRA) analysis it is conservatively assumed that there is a potential for failure causes that may be common to the output breakers of all the Instrument AC Channels.
The extended allowed outage time (AOT) for the 120 VAC vital bus subsystem will be used to replace the current IY inverter electronic style breakers with nonelectronic style breakers which do not utilize an electronic trip device so they will not be susceptible to false electronic trip device actuation.
Operating experiences from the industry and manufacturer of the breakers indicate that the nonelectronic style breakers are the industry norm for nuclear applications and DCPP is an outlier by having the electronic style output breakers.
Replacing the output breaker for Inverter IY-14 requires the removal of the affected channel of Instrument AC power from service. The analysis performed in the PRA calculation file provides a risk-informed basis for changing the LCO CT from 2 hours to 24 hours. 6 Impact on Defense-In-Depth and Safety Margins Impact on Defense-in Depth
* Enclosure PG&E Letter DCL-15-091 There are four 120 VAC vital buses that are normally powered by the Class 1 E UPS inverters.
The Class 1 E UPS inverters are the preferred source of power for the AC vital buses because of the stability and reliability they achieve. The PPS is designed with four Input Channels (1, II, Ill, and IV) powered from the four 120 VAC Vital Buses (1, 2, 3, and 4). The four channels provide input to the SSPS Trains A and B. Two of the four 120 VAC vital buses have two separate 120 VAC power panels (PY panel) and the other two 120 VAC vital buses have only one associated power panel. Each 120 VAC panel is powered from the inverter though an output breaker on the inverter.
The SSPS input relays are fail-safe (with the exception of the input circuits that initiate containment spray (CS) and the radiation monitoring channels that initiate containment ventilation isolation).
Each SSPS train receives inputs on Channels 1, 2, 3, and 4. Inputs are powered from 120 VAC Class 1E busses associated with that Channel (1, 2, 3, and 4). Contacts of the SSPS input relays provide inputs to the logic portion of SSPS where the coincidence logic (2-out-of-3, 2-out-of-4) is performed.
Therefore, loss of one 120 VAC Class 1 E bus to the SSPS inputs, with the input fail-safe (exceptions noted above), will not prevent any of the SSPS trains from performing their coincident logic function.
The SSPS output slave relays require power to actuate. The output relays of SSPS Train A are powered by PY11/21 (Unit 1/Unit 2) and Train Bare powered by PY14/24 (Unit 1/Unit 2). Therefore, deenergizing a 120 VAC Class 1 E bus will only affect one train of SSPS output relays. The other train remains functional to perform its intended safety The 120 VAC vital bus electrical power distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel, RCS, and containment design limits are not exceeded.
The 120 VAC vital buses are support systems for Reactor Trip Instrumentation, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, and several other TS 3.3 Instrumentation Systems. In addition, the 120 VAC vital buses also support other TS equipment such as the Auxiliary Feedwater System by providing power to their associated control systems. Loss or removal from service of any single PY panel to support IY inverter output breaker replacement will not cause a significant plant transient or reactor trip unless there is additional equipment out-of-service that will cause the 7 Enclosure PG&E Letter DCL-15-091 coincidence for an ESF function to be met. Depending on the PY panel affected, the unexpected loss of a PY panel may cause system actuations that require Operator response.
This is due to loss of systems such as the RCS Letdown flowpath, charging controls, and RCS makeup controls.
In order to perform maintenance on the IY inverter output breakers, a planned deenergization of a PY panel would mitigate any plant control issues, by preemptively placing the plant in a condition where an operator response action would not need to be taken in a rapid fashion (e.g., excess letdown placed in service).
No new accidents or transients would be introduced by increasing the CT for restoration of a PY panel. Reactor Trip Instrumentation and ESFAS Instrumentation redundancy may be reduced while the PY panel is deenergized.
Many bistables will be placed in the trip condition, lowering the redundancy to where a single channel failure would cause a reactor trip or safety injection.
This would increase the likelihood of an inadvertent ESF initiation slightly.
This potential impact of an inadvertent ESF initiation is not considered risk significant and has been evaluated as part of the overall PRA risk assessment.
No new operator actions related to the CT extensions are required to maintain plant safety. The Emergency Operating Procedures provide for instructions on how to respond to the anticipated system degradations in the event that a reactor trip or safety injection may occur during the period a PY panel is deenergized.
Specifically, the EOPs provide direction on operation of the Auxiliary Feedwater System, the Steam Generator (SG) Power Operated Relief Valves, the Charging System, and RCS Letdown System. The proposed change needs to meet the defense-in-depth principle, which consists of a number of elements.
These elements and the impact of the proposed change on each follow:
* A reasonable balance among prevention of core damage, prevention of containment failure and consequence mitigation is preserved.
Providing an extended CT for the inverter output breakers has a very small impact on Core Damage Frequency (CDF), a small impact on consequence mitigation, and a very small impact on Large Early Release Frequency (LERF). The proposed change does not significantly degrade the ability of one barrier to fission product release and compensate with an improvement of another. The balance between prevention of core damage and prevention of containment failure and consequence mitigation is maintained.
Furthermore, no new accidents or transients are introduced with the proposed change. While in the TS condition for one 120 VAG vital bus subsystem inoperable, the likelihood of an inadvertent ESF initiation is slightly increased.
This potential impact of an inadvertent ESF initiation is not considered risk* 8 Enclosure PG&E Letter DCL-15-091 significant and has been evaluated as part of the overall PRA risk assessment.
* Over-reliance on programmatic activities to compensate for weaknesses in plant design. The proposed change will provide sufficient time to replace electronic style inverter output breakers with nonelectronic style breakers. All safety systems will still perform their design functions and there will be no additional reliance on additional systems, procedures, or operator actions. The calculated risk increase for the CT changes is very small and additional control processes are not required to be put into place to compensate for any risk increase.
* System redundancy, independence, and diversity are maintained commensurate with the expected frequency and consequences of challenges to the system. The proposed change will provide additional time to complete existing TS 3.8.9, Required Action 8.1. While in TS 3.8.9, Condition B, equipment redundancy is reduced. There are no proposed plant modifications that would impact plant design redundancy, independence, or diversity of the components, or on the ability of the plant to respond to a plant trip, safety injection (SI), or accident with diverse systems. With a single failure impacting a 120 VAC vital bus subsystem, or Condition entry for a limited duration, the redundant Operable equipment will continue to perform their design functions. The proposed change will allow for earlier replacement with components that are more reliable (not susceptible to false actuation of the electronic trip device) and will remain reliable after the proposed change is implemented.
* Defenses against potential common cause failures are maintained and the potential for introduction of new common cause failure mechanisms is assessed.
Defenses against common cause failures are maintained.
The CT extensions requested are not so significant that any new common cause failure mechanisms would occur. In addition, the operating environment for these components remains the same; therefore, new common cause failure modes are not expected. The number, design, and types of components used for 120 VAC subsystems remain the same with these changes so the system maintains the potential against common cause failures.
9
* Independence of barriers is not degraded.
Enclosure PG&E Letter DCL-15-091 The barriers protecting the public and the independence of these barriers are maintained.
Assessment of maintenance activities per 10 CFR 50.65 in accordance with existing PG&E procedures ensures that multiple systems will not be out-of-service simultaneously during the extended CT that could lead to degradation of these barriers, and an increase in risk to the public. In addition, the extended CT does not provide a mechanism that degrades the independence of the fuel cladding, RCS, and containment barriers.
* Defenses against human errors are maintained.
No new operator actions related to the CT extensions are required to maintain plant safety. No changes to current operating, or maintenance procedures are required due to these changes. The increase in the CT provides additional time and flexibility to allow replacing the IY inverter electronic output breakers without requiring an unplanned shutdown or cooldown.
Impact on Safety Margins During the time period that a 120 VAC PY panel is out-of-service per the proposed revision toTS 3.8.9 Condition B CT, there will not be a significant reduction in a margin of safety for any Design Basis Accidents (DBAs) evaluated in the Updated Final Safety Analysis Report (UFSAR). The four 120 VAC systems are electrically downstream of the 4 kV and 480 VAC ESF equipment that is required for DBA mitigation.
The removal from service due to maintenance or a single failure of any IY inverter output breaker can only impact a single ESF train of equipment.
Therefore, a single failure in the instrumentation and control power supply system or its associated power supplies does not prevent the minimum safety functions from being performed.
Therefore, during the LCO time period, there will be at least one full train of ESF equipment available such that the Emergency Core Cooling System, Auxiliary Feedwater (AFW) system, and containment heat removal system comprised of CS and Containment Fan Cooler Units (CFCUs) will be able to ensure that adequate core cooling, RCS integrity and containment integrity are maintained for all DBAs.
* The associated loss of instrument and control power for any given 120 VAC system will not adversely impact any ESF or reactor protection function.
Any affected reactor protection bistables (with the exception of the input circuits that initiate CS and the radiation monitoring channels that initiate containment ventilation isolation) will be placed in the conservative tripped state and at least one full train of ESF equipment will be available during the LCO time period. In addition, the operator actions required to respond to the affected equipment for a 10 Enclosure PG&E Letter DCL-15-091 deenergized 120 VAC panel are already explicitly defined and addressed in current operating procedures.
In summary, there will be no adverse impact on any ESF equipment function required for DBA mitigation such that no fission product barrier design basis limit for fuel, RCS, or containment or safety limit described in the UFSAR will be exceeded or altered. The proposed change does not involve a significant reduction in a margin of safety per 10 CFR 50.92. Therefore, the proposed change has no impact on safety margins. Assessment of Impact on Risk A PRA has been performed using the NRC's three-tier approach described in RG 1.177, Revision 1. The three tiers consist of: Tier 1 -PRA Capability and Insights Tier 2 -Avoidance of Risk-Significant Plant Configurations, and *Tier 3 -Risk-Informed Configuration Risk Management Tier 1: PRA Capability and Insights PRA Capability The scope, level of detail, and quality of the Diablo Canyon PRA (DCPRA) are sufficient to support a technically defensible and realistic evaluation of the risk change from this proposed CT extension.
The DCPRA used in this evaluation is a full scope Level 1 and Level 2 PRA model that addresses internal, seismic and fire events at full powe( The DCPRA is performed for Unit 1, but it is equally applicable to Unit 2 because the two units are essentially identical.
The DCPRA is based on the original 1988 DCPRA that was performed as part of the Long Term Seismic Program (LTSP). The DCPRA-1988 was a full scope Level 1 PRA that evaluated internal and external events. The DCPRA was subsequently updated to support the Individual Plant Examination (IPE) (1991) and the Individual Plant Examination for External Events (IPEEE) (1993). Since 1993, several other updates have been made to incorporate plant and procedure changes, update plant specific reliability and equipment unavailability data, improve the fidelity of the model, incorporate Westinghouse Owners Group (WOG) Peer Review comments, and support other applications, such as On-line Maintenance, Risk-Informed In-Service Inspection, Emergency Diesel Generator CT Extension, and Mitigating System Performance Index (MSPI). The current Model of Record DC03 has been Peer Reviewed against RG 1.200, Revision 2, "An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities," Capability 11 Enclosure PG&E Letter DCL-15-091 Category II, for Internal Events and Internal Flooding. All Facts and Observations have been resolved. As a result of the sound basis of the original model as documented in NUREG-0675 (Supplemental Safety Evaluation Report (SSER) No. 34) and NUREG/CR-5726, the considerable effort to incorporate the latest industry insights into the PRA, self-assessments, and certification peer reviews, PG&E is confident that the results of the risk evaluation are technically sound and consistent with the expectations for PRA quality set forth in RG 1.177, Revision 1, and RG 1.17 4, Revision 2. Fire and Other External Events A fire analysis was conducted as part of the original DCPRA-1988.
The NRC reviewed the L TSP and issued SSER No. 34 accepting DCPRA-1988.
The Fire PRA was updated to support the 1993 IPEEE. Other than control room (CR) and cable spreading room (CSR) fire scenarios, the Fire PRA quantifies the CDF associated with most internal fire initiating events using the same linked event tree models as the internal and seismic events analyses.
Separate event trees using conservative assumptions were developed for evaluating CR and CSR fire scenarios.
The evaluation of high winds , external floods, and other external events, which was done as part of the IPEEE, revealed no potential vulnerabilities.
The proposed extension to the CT for the Instrument AC distribution panel has negligible effect on the risk profile at DCPP from other external events. RG 1.177, Revision 1, requires the evaluation of the proposed change on the total risk (i.e., on-line and shutdown risk). This evaluation only quantifies the risk associated at power with the inoperable IY-14 output breaker, if the IY-14 output breaker is inoperable for a time period greater than that allowed by the current TS (2 hours). This is conservative since the risk of the TS-driven shutdown is not used to balance the risk of the proposed extended CT. Methodology The general methodology of evaluating the proposed change in accordance with RG 1.17 4, Revision 2, and RG 1.177, Revision 1, involves identifying the areas of concern relating to the IY-14 output breaker when in an out-of-specification (OOS) design limit condition and quantifying its impact on risk. The areas of concern are creating a new initiating event (IE), an increase in the frequency of an existing IE(s), and impact on the consequence of an IE. The steps for the analysis of the impact of common cause failures of the IY inverter output breaker on the availability/reliability of the Instrument AC power system, 12 Enclosure PG&E Letter DCL-15-091 and the risk impact of removing the affected channel of Instrument AC power for the replacement of IY-14 Inverter Output Breaker 52-14B2, are as follows:
* Data Analysis -IY inverter output breaker failure rate and common cause failure factors evaluation
* System Analysis -Develop top event model to account for common cause failures of IY inverter output breakers.
Account for common cause. failures of the output breakers in the Loss of two Channels Instrument AC power initiating event
* Event Sequence!Tree Analysis -Evaluate the risk metrics of base model
* Evaluate the risk impact of removing one channel of Instrument AC power from power for breaker replacement
: 1. Data Analysis The generic failure rate for the IY inverter output breakers is updated using the DCPP failure event data and operating experience for these breakers.
The Bayesian Update approach is adopted in the component failure rate update the following case:
* Last 10 years of operating experience (January 1, 2005, through July 21, 2015). Table 1 shows a summary of the operating hours for the IY inverter output breakers for 1 0 years. With 5 IY inverter output breakers failure events occurring in the last 1 0 years, the updated failure rates for the IY inverter output breakers are shown in the table below: Com12onent Failure Rate Designator Mean 5th%, Median 95 tho/o per Hour Generic Prior ZTCB2T 1.71 E-07 4.85E-08 1.38E-07 3.88E-07 10 years' 0(2erating ZTCB10 3.20E-06 8.78E-07 2.86E-06 6.08E-06 Ex(2erience*
*The Bayesian updated generic data had the lambda values adjusted by Riskman because of number of breaker failures.
The hours in Table 1 below are a gross estimation of operability hours and do not take into account maintenance unavailability.
A Maintenance Rule Unavailability search was performed to find the total unavailability for all eight IY inverters over the last 10 years for all modes of operation, including refueling 13 Enclosure PG&E Letter DCL-15-091 outages (Modes 1 -6 and Defueled).
The total unavailability is 10,279 hours and comes mostly from the refueling outages when major maintenance of the panels occurs. This gives a total for Units 1 and 2 of 1 ,076,390 operating hours. Performing the Bayesian update with these total operating hours is shown below compared to using the gross estimation of hours. The mean value is actually slightly less due to the shape of the distribution. The impact is insignificant.
Operating Hours for Mean 5th% Median 95th% Bayesian update 1,086,669 3.20E-06 8.78E-07 2.86E-06 6.08E-06 1,076,390 3.14E-06 9.77E-07 2.85E-06 5.83E-06 14 Enclosure PG&E Letter DCL-15-091 Table 1. operating hours for the IV inverter output breakers for 10 years Unit 1 Breakers Hours No. of Breaker Year per Breakers operation year hours 2005 8760 6 52,560 2006 8760 6 52,560 2007 8760 6 52,560 2008 8784 6 52,704 2009 8760 6 52,560 2010 8760 6 52,560 2011 8760 6 52,560 2012 8784 6 52,704 2013 8760 6 52,560 2014 8760 6 52,560 2015 (to July 21) 4365 6 26,190 Total Unit 1 552,078 Unit 2 Breakers 2005 8760 6 52,560 2006 8760 6 52,560 2007 8760 6 52,560 2008 8784 6 52,704 2009 8760 6 52,560 2010 8760 6 52,560 2011 8760 6 52,560 2012 8784 6 52,704 2013 8760 6 52,560 2014 (Jan-Oct) 7296 6 43,776
* 2014 (Nov -Dec) 1464 3 4,392
* 2015 (to July 21) 4365 3 13,095 Total Unit 2 534,591 Total Units 1 1,086,669 and 2 Note* Three of the Unit 2 electronic style trip output breakers were replaced with nonelectronic style breakers in October of 2014. 15 Enclosure PG&E Letter DCL-15-091 To model common cause failures of the IY inverter output breakers, generic common cause Multiple-Greek-letter (MGL) factors for the breaker tripping open (transfer open) failure mode were used from the report "CCF Parameter estimations 2012 Update" by the US NRC. Since there are no common cause factors developed for breaker spurious actuation (due to the absence of data for such events), the Generic Rate CCF distributions from Section 2.2.2 of the above report for a group/population of 6 components (CCCG=6) was used for this analysis.
The MGL common cause failure factors (point estimate values) are presented in the table below: MGL Factors {designator}
Point Estimate Value Beta Factor (ZBCB2T} 2.39E-02 Gamma Factor (ZGCB2T} 7.32E-01 Delta Factor (ZDCB2T} 6.17E-01 E12silon Factor (ZECB2T} 5.02E-01 Mu Factor (ZUCB2T} 4.32E-01 2. System Analysis Top Event ICC was developed to model the output breakers of the 4 channels of Instrument AC Inverters:
Vital Instrument Inverter IY-11 output breakers:
IY11 82, IY11 83 Vital Instrument Inverter IY-12 output breaker: IY12B2 Vital Instrument Inverter IY-13 output breakers:
IY13B2, IY13B3 Vital Instrument Inverter IY-14 output breaker: IY14B2 Top Event ICC is a multi-state top event with each state associated with the status of the output breaker(s) of each of the Instrument AC Channels/Inverters.
The output breaker failure rate and the MGL factors developed in Step 1 were used in the modeling and quantification of the split fraction value for each state of Top Event ICC. Common cause failures of the output breakers are* included in the ICC top event model. The top event II for the evaluation of the Loss of two Channels of Instrument AC power (LCH 13 -for the loss of Channels 11 and 13) initiating event was also revised to include the instrument inverter output breakers.
Common cause failures among the output breakers were considered in the calculation of the frequency of this initiating event. The mean value of this frequency is used for the other Loss of two Channels of Instrument Power initiating events LCH12, LCH14, LCH 23, LCH24, and LCH34. 1@
Enclosure PG&E Letter DCL-15-091
: 3. Event Sequence Modeling and Quantification The PRA model used in this analysis (DC03MIC) is based on the latest interim model DC03MRAI.
The Top Event ICC is located in the event tree MECHSP immediately before Top Event 11. Logic rules were defined in the event tree MECHSP for the split fractions of top event ICC. In addition, the impact of the different state of top event ICC on Top Event 11 (Instrument AC Channell), Top Event 12 (Instrument AC Channell I), Top Event 13 (Instrument AC Channel Ill), and Top Event 14 (Instrument AC Channel IV) were also modeled via split fraction logic rules. Loss of Two Channels of Conditional Instrument AC Power given one Channel is Initiating Event removed from service 6.60E-05 All the Unit 1 initiating events were quantified using the updated event sequence model and the results of the CDF and the LERF for the various types/groups of initiating events are shown in the table below. These results are referred to as the base case result: Initiator CDF LERF per Internal Events 1.13E-05 1.65E-06 Seismic Events 2.62E-05 3.67E-06 Internal Fire Events 1.52E-05 1.11 E-07 Internal Flooding 7.91 E-06 1.86E-07 Events Total {Base Case} 6.06E-05 5.62E-06 17 Enclosure PG&E Letter DCL-15-091
: 4. Risk Evaluation for the Proposed IY-14 Inverter Output Breaker (52-14B2)
Replacement The proposed replacement of IY-14 Inverter Output Breaker 52-14B2 requires the Instrument AC Channel IV (Top Event 14) to be taken out-of-service.
Because the exigent LAR to support this replacement will be applicable to any of the instrument AC channels, the instrument channel with the highest risk impact was used to evaluate the acceptability of the change. To model the risk impact of this activity, the following steps were taken:
* Generate the DCPP PRA model DC03MRAK by "cloning" it from the DC03MIC Model.
* Set the Top Event 14 in the event tree MECHSP of the DC03MRAK model to a guaranteed failure status via logic rule. This effectively removes Instrument AC Channel IV from service.
* Given the removal of the affected channel of Instrument AC power (Channel IV-Top Event 14) for replacing Output Breaker 52-14B2, loss of any of the other channels of Instrument AC power (Channell, II, or Ill) would lead to a reactor trip. In addition, the LCO allowed outage time for the inoperable channel of Instrument AC power (for Output Breaker 52-14B2 replacement) is assumed to be 24 hours for this analysis.
* The following Loss of one Channel of Instrument AC Power initiating events given the removal of Instrument AC power Channel IV from service are considered in this analysis;
-LCH14 -LCH24 -LCH34 Since the Loss of two Channels of Instrument AC Power initiating event is based on Top Event II (loss of Instrument AC Channels I and Ill), removal of one channel of Instrument AC power from service is done in this top event by setting the components associated with Instrument AC Channel I to a failed/unavailable state and extending the AOT to 24 hours. The frequency values for these initiating events are then quantified.
* Requantify event sequence/tree model for all the initiating events to determine the increase in the CDF and LERF
* Calculate the increase (compared to the baseline values) in CDF and LERF when one Instrument AC power channel is removed from service
* Calculate the Conditional Core Damage Probability (CCDP) and Conditional Large Early Release Probability (CLERP) for the above two time periods 18 Enclosure PG&E Letter DCL-15-091 This process was repeated for each instrument AC channel by making the logic changes shown in the table below. Each model referenced in the table is based on a clone of the IY14 application model DC03MRAK with the 14=F logic impact removed. Channel Model Logic Change IY11 DC03MRA1 11 =F Inserted at beginning of 11 Rules IY12 DC03MRA2 12=F Inserted at beginning of 11 Rules IY13 DC03MRA3 13=F Inserted at beginning of 11 Rules The resulting conditional loss of the remaining Instrument AC Power Channel (given one Instrument AC Power Channel (IV) is removed from service) is provided in the table below: Loss of Two Channels Conditional given one of Instrument AC Power Channel is removed from service Initiating Event LCH14 4.213E-05 LCH24 4.213E-05 LCH34 4.213E-05 The results of the requantification of the event sequence model (DC03MRAK) for the initiating events are shown in the table below: Group Description Base IY11 IY12 IY13 IY14 Case ICDF CDF for all Internal IEs 1.13E-05 2.47E-05 5.24E-05 5.24E-05 2.25E-05 ILERF Large Early Containment 1.65E-06 5.41 E-06 3.10E-06 3.1 OE-06 5.22E-06 Failure and Bypass OFCDF Original Fire CDF 1.52E-05 1.53E-05 1.53E-05 1.53E-05 1.53E-05 OFLERF Original Fire LERF 1.11 E-07 1.12E-07 1.14E-07 1.14E-07 1.12E-07 SCDF Seismic CDF 2.62E-05 2.87E-05 2.62E-05 2.62E-05 2.89E-05 SLERF Large Early Containment 3.67E-06 4.03E-06 3.67E-06 3.67E-06 4.05E-06 Failure and Bypass (Seismic)
U1CDFIC Unit 1 CDF for Internal, 6.06E-05 7.71 E-05 1.03E-04 1.04E-04 7.51 E-05 Seismic, Flooding, Fire U1FLCDF Unit 1 Internal Flooding 7.91 E-06 8.47E-06 9.05E-06 1.01 E-05 8.44E-06 CDF U1 FLLERF Unit 1 Internal Flooding 1.86E-07 2.11 E-07 2.13E-07 2.46E-07 2.09E-07 LERF U1LERFIC Unit 1 LERF for Internal, 5.62E-06 9.77E-06 7.1 OE-06 7.13E-06 9.59E-06 Seismic, Flooding, Fire 19 Enclosure PG&E Letter DCL-15-091 The highlighted results in the table above show the highest results for CDF and LERF. The largest increase in CDF occurs for the IY13 channel. One of the key contributions to CDF for the IY13 case is from small loss-of-coolant accident (LOCA) (including Seal LOCAs and power operated relief valve (PORV) LOCAs) scenarios where the loss of the IY13 channel results in a failure to open of the Residual Heat Removal (RHR) Train B Miniflow Valve (FCV-641 B) coupled with a random failure of RHR Train A. For LERF, the IY11 case results in the highest risk. The key contributor to LERF for this model configuration is from SG tube rupture scenarios where one train of SSPS fails due to the loss of IY11 coupled with a random failure of SSPS Train B. The operator action to perform manual Sl actuation then fails and, due to complete dependency between the manual Sl action and the operator diagnosis of a tube rupture, core damage occurs. The highest CDF metric that will determine the bounding CT is from the IY13 case, and the highest LERF metric that will determine the bounding CT is from the IY11 case. Risk Metrics 11CDFAvE =change in the average CDF due to the unavailability of Instrument AC power Channel IV. This risk metric is used to compare against the criteria of RG 1.17 4, Revision 2, to determine whether a change in CDF is regarded as risk significant.
These criteria are a function of the baseline annual average core damage frequency, CDFaAsE. 11LERFAvE
=change in the annual average LERF due to the unavailability of Instrumental AC power Channel IV. Similar to 11CDFAvE, RG 1.174 criteria were also applied to judge the significance of changes in this risk metric. /CCDP = incremental conditional core damage probability with Instrumental AC Power Channel IV out-of-service for an interval of time equal to the proposed CT (i.e., 24 hours). This risk metric is used as suggested in RG 1.177 to determine whether a proposed CT has an acceptable risk impact. /CLERP = incremental conditional large early release probability with Instrumental AC power Channel IV out-of-service for an interval of time equal to the proposed CT (i.e., 24 hours). Similar to incremental conditional core damage probability (ICCDP), RG 1.177 criteria were also applied to judge the significance of changes in this risk metric. 20 Enclosure PG&E Letter DCL-15-091 The above risk metrics were quantified using the equations provided below. Change in CDF/LERF The equation for the change in the annual average CDF is provided below: . \. I , T oos I 1 , = --xl_CDF 00 s-CD Fa-ts&#xa3;) \ (Equation
: 1) where the following definitions apply: . ( T o o sJ Foo s=!--" Ji*E.tR = The annualized fraction of time that Instrument AC Power Channel IV is expected to be unavailable as a result of the increased CT Too s =Additional time per year that Instrument AC Power Channel IV is expected to be unavailable as a result of the increased CT. CDFoo s = CDF evaluated from the PRA model with Instrument AC Power Channel IV unavailable.
CDF B.l!E = Baseline annual average CDF with average unavailability of AC Power Channel IV consistent with the current TS AOT (2 hours). This is the CDF result of the current baseline DCPP PRA model Unit 1. A similar approach was used to evaluate the change in the average LERF (l1LERFAvE).
= F oos x ( LERF oos -L E R.F 8 *
..-"'I: \ . =l_Qf!..l xr rp or:--r z:: ol:" \ -L.J:I..r
-.L.IU" !:1. .:1 T . . .... ., .............. \. (Equation
: 2) where the following definitions were applied. LERF oos = LERF evaluated from the PRA model for Unit 1 with Instrument AC Power Channel IV unavailable.
21 Enclosure PG&E Letter DCL-15-091 LERF E.1S E= Baseline annual average LERF with average unavailability of Instrument AC Power Channel IV consistent with the current TS AOT (2 hours). This is the LERF result of the current baseline DCPP PRA for Unit 1. Incremental Conditional Probabilities The ICCDP and incremental conditional large early release probability (ICLERP) are computed using their definitions in RG 1.177. The ICCDP values are dimensionless probabilities used to evaluate the incremental probability of a core damage event over a period of time equal to the extended CT. This should not be confused with the evaluation of l1CDFAvE, in which the CDF is based on expected unavailability.
However, the endstate frequencies used to calculate ICCDP/ICLERP are the same as those used to calculate the change in CDF/LERF as described in the previous section. The ICCDP is calculated by multiplying the change in CDF by the full CT (T cr) requested.
Therefore, ICCD P =(C D F oos -CDF SASE )x T cr (Equation
: 3) Similarly, ICLERP is defined as follows. ICLERP =(LERF 00 s -LERFru s E)x Tcr (Equation
: 4) where Tcr is the proposed CT, in year (i.e., 24 hours or 2.740E-03 year) The applicable methodology/criteria for assessing the risk associated with extending the CT forTS systems/components is provided in RG 1.177. Assumptions/Assertions
: 1. To estimate the risk impact to the change in average CDF as a result of the change in the Complete Time as described in Reg. Guide 1.177, Revision 1, the current annual out-of-service outage duration for one channel of Instrument AC power is conservatively assumed to be 2 hours for Modes 1 through 4. This is used in the T oos time and is used to estimate the possible additional risk for having longer outage times for the Vital Instrument Power channels under the new proposed CT. A Maintenance Rule Unavailability review for Modes 1 -4 showed an average outage out-of-service time much less than the assumed 2 hours. 2. The extended TS CT of 24 hours forTS 3.8.9 Condition B could be used for the associated output breaker replacement for any of the IY output breakers.
This analysis is bounding for any of the four channels on Unit 1 and is also 22 Enclosure PG&E Letter DCL-15-091 applicable to Unit 2. Note that for Unit 2, there are only three susceptible IY output breakers, therefore the common cause contributions would be less and the risk impact would be bounded by the Unit 1 analysis.
: 3. The average maintenance PRA model used in this analysis (DC03MIC) is based on the latest interim model (DC03MRAI).
: 4. All IY output breakers that are of the electronic style trip device type are assumed to be susceptible to the trip mechanism of IY-14, and common cause is modeled for those breakers.
: 5. This risk assessment is for the maintenance work of replacing the IY output breakers with an electronic style trip device, with a nonelectronic style trip device that is not susceptible to false actuation, which could spuriously cause the breaker to open. Base case Core Damage Frequency, CDFsAsE = 6.06E-05 per year Base case Large Early Release Frequency, LERFsAsE = 5.62E-06 per year One Instrument AC Power Channel Ill Unavailable, CDFoos = 1.04E-04 per year One Instrument AC Power Channel IV Unavailable, LERFoos = 9. 77E-06 per year One Instrument AC Power Channel IV OOS Duration, T oos = 2 + 24 = 26 hours Proposed CT for output breaker replacement, T cr = 24 hours Availability factor for DCPP Unit 1 = 0.9 Number of hours in one reactor year for DCPP Unit 1, T YEAR = 0.9
* 8760 = 7884 hours 23 Acceptance Criteria Enclosure PG&E Letter DCL-15-091 The acceptance guidelines forTS changes are provided in Sections 2.4 and 2.5 of RG 1.17 4 and for CT changes in Section 2.4 of RG 1.177. The impact of the proposed change is considered very small and low risk if the estimated risk metric values are less than those listed below. Risk Criteria Metric !1CDFAVE 1.0 E-06 per reactor year MERFAVE 1.0 E-07 per reactor year ICCDP 1.0 E-06 ICLERP 1.0 E-07 Calculation
: 1) Calculate the change in CDF and LERF using the component models. !1CDF= CDFoos-CDF BASE= 4.34E-05 per year 11LERF= LERFoos -LERF BASE = 4.15E-06 per year 2) Calculate the RG 1.17 4 and 1.177 Risk Metrics Change in CDF/LERF Using Equations 1 and 2, the changes in the annual average CDF and LERF are calculated as follows:
= (T oos/T YEAR) * (CDFoos-CDFsAsE) = (26/7884)
* (1.04E 6.06E-05)
= 1.43E-07 per reactor year Similarly, by substituting MERF in place of 11CDF,
= (T oos/TYEAR)
* (LERFoos-LERFsAsE)
= (26/7884)
* (9.77E 5.62E-06)
= 1.37E-08 per reactor year 24 Enclosure PG&E Letter DCL-15-091 Incremental Conditional Core Damage Probabilities (ICCDPs) The ICPs (ICCDP and ICLERP) are calculated based on Equations 3 and 4 with an additional parameter, T F , which is introduced to account for the difference in the duration of applicable operating modes. The value of T F is 24 hours. Incremental conditional core damage probability with Instrumental AC power Channel IV out-of-service for an interval of time equal to the proposed CT (i.e., 24 hours or 2.74E-03 year), ICCDP = (CDFoos-CDFsAsE)
* T cT = (1.04E 6.06E-05)
* 2.74E-03 = 1.19E-07 Incremental conditional large early release probability with Instrumental AC power Channel IV out-of-service for an interval of time equal to the proposed CT (i.e., 24 hours or 2.74E-03 year), ICLERP = (LERFoos-LERFsAsE)
* TcT = (9.77E 5.62E-06)
* 2.74E-03 = 1.14E-08 Results And Conclusion The table below lists the results of the risk metrics along with their RG 1.17 4 and RG 1.177 acceptance criteria.
Risk Metric Acceptance Criteria IY-13 OOS for CDF and IY11 OOS for LERF
* 1.0 E-06 1.43E-07
* 1.0 E-07 1.37E-08 ICCDP 1.0 E-06 1.19E-07 ICLERP 1.0 E-07 1.14E-08 Note:* The unit is per reactor year Based on the results of the risk metrics calculated above the impact of the proposed change in CT to 24 hours of any one Instrument AC Channel is considered low risk as the risk metric values meet the acceptance criteria forTS changes provided in Sections 2.4 and 2.5 of RG 1.17 4 and for AOT changes in Section 2.4 of RG 1.177. The bounding CDF metric calculated above for removing Instrument AC Power Channell II (IY-13) from service and bounding LERF metric from AC Power Channell (IY-11) are also applicable to the cases where AC Power Channell I (IY-12), or Channel IV (IY-14) is re*moved from service for the replacement of the associated output breaker(s).
25 Enclosure PG&E Letter DCL-15-091 In the calculation of the risk metrics for the removal of one Instrument AC Power Channel from service as discussed above, the following has an impact on the results:
* Modeling of common cause failure of the output breakers
* Conditional failure probability an Instrument AC Power Channel given another Instrument AC Power Channel has been removed from service Contributions from the common cause failures of the output breakers is highest when it is assumed either Instrument AC Power Channel II (IY-12) or IV (IY-14) is removed from service since the number of breakers involved in common cause failures in the remaining three Instrument AC Power Channels is the most [a total of 5-two each from Channels I (IY-11) and Ill (IY-13), and one from either Channell I (IY-12) or IV (IY-14)].
Therefore, the results of the modeling of the common cause failures of the output breakers as discussed above are directly applicable to the case in which Instrument AC Power Channell I (IY-12) is removed from service, and the results will be conservative when applied to the cases in which either Instrument AC Power Channell (IY-11) or Instrument AC Power Channell II (IY-13) is removed from service. The conditional failure probability of an Instrument AC Power Channel given another Instrument AC Power Channel has been removed from service is based on the model for Instrument AC Power Channell II (IY-13) in the PRA model. This Instrument AC Power Channel has two output breakers -compared to only one output breaker for Instrument AC Power Channell I (IY-12) and Instrument AC Power Channel IV (IY-14). Instrument AC Power Channell (IY-11) also has two output breakers.
The other components (such as inverter, regulating transformer, etc.) are essentially the same in all the Instrument AC Power Channels.
Therefore, this conditional failure probability value is exact when used for the case of removing Instrument AC Power Channell I (IY-12) or Instrument AC Power Channel IV (IY-14) from service and is conservative when used for the case of removing Instrument AC Power Channell (IY-11) or Instrument AC Power Channell II (IY-13) from service. Additionally, it should be noted that Unit 2 only has three susceptible electronic style IY inverter 120 VAC output breakers currently installed, therefore the Unit 1 results above bound Unit 2. Tier 2: Avoidance of Risk-Significant Plant Configurations The objective of the second tier, which is applicable to CT extensions, is to provide reasonable assurance that risk-significant plant equipment outage configurations will not occur when equipment is out-of-service.
If risk-significant configurations do occur, then enhancements to TS or procedures, such as limiting unavailability of backup systems, increased surveillance frequencies, or 26 Enclosure PG&E Letter DCL-15-091 upgrading procedures or training, can be made that avoid, limit, or lessen the importance of these configurations.
Adhering to the current TS requirements and procedures will prevent these types of risk-significant configurations from occurring.
Therefore, there is reasonable assurance that risk-significant plant equipment configurations will not occur when the component is OOS using the proposed TS changes. No other changes to the TS or procedures, or any compensatory actions, are required as the result of this proposed LAR. Because the dominant initiator in this analysis is a reactor trip, the potential configurations that should be avoided while the 120 VAC vital bus subsystem is out-of-service per TS 3.8.9 include those that are important to mitigation for a reactor trip. As such, activities that could reduce the unavailability/reliability of following systems/components should be avoided:
* the Auxiliary Feedwater System
* any of the other three 120VAC vital buses
* the redundant SSPS Train Tier 3: Risk-Informed Configuration Risk Management The objective of the third tier is to ensure that the risk impact of out-of-service equipment is evaluated prior to performing any maintenance activity.
As stated in RG 1.177, "a viable program would be one that is able to uncover significant plant equipment outage configurations as they evolve during real-time, normal plant operation." The third-tier requirement is an extension of the tier requirement, but addresses the limitation of not being able to identify all possible risk-significant plant configurations in the second-tier evaluation.
PG&E has developed a process for online risk assessment and management.
Following the process and procedures ensures that the risk impact of equipment unavailability is appropriately evaluated prior to performing any maintenance activity or following an equipment failure or other internal or external event that impacts risk. PG&E Administrative Procedure AD7.DC6, "On-Line Maintenance Risk Management," provides guidance for managing safety function, probabilistic, and plant trip risks as required by 10 CFR 50.65(a)(4) of the Maintenance Rule. The procedure addresses risk management practices in the maintenance planning phase and maintenance execution (real time) phase for Modes 1 (Power Operation) through 4 (Hot Shutdown).
Appropriate consideration is given to equipment unavailability, operational activities such as testing, and weather conditions. 27 Enclosure PG&E Letter DCL-15-091 In general, risk from performing maintenance on-line is minimized by:
* Performing only those preventive and corrective maintenance items on-line required to maintain the reliability of structures, systems, and components (SSCs).
* Minimizing cumulative unavailability of safety-related and risk-significant SSCs by limiting the number of at-power maintenance outage windows per cycle per train/component.
* Minimizing the total number of SSCs out-of-service at the same time.
* Minimizing the risk of initiating plant transients (trips) that could challenge safety systems by implementing compensatory measures.
* Avoiding higher risk combinations of out-of-service SSCs using PRA insights.
* Maintaining defense-in-depth by avoiding combinations of out-of-service SSCs that are related to similar safety functions or that affect multiple safety functions.
* Scheduling in train/bus windows to avoid removing equipment from different trains simultaneously.
In general, risk is managed by:
* Evaluating plant trip risk activities or conditions and mitigating them by taking appropriate compensatory measures and/or ensuring defense-in-depth of safety systems that are challenged by a plant trip.
* Evaluating and controlling risk based on probabilistic and key safety function defense-in-depth evaluations.
* Implementing compensatory measures and requirements for management authorization or notification for certain "high-risk" configurations.
Actions are taken and appropriate attention is given to configurations and situations commensurate with the level of risk as evaluated using AD7.DC6. This occurs both during planning and real time (execution) phases. For planned maintenance activities, an assessment of the overall risk of the activity on plant safety, including benefits to system reliability and performance, is currently performed and documented per AD7.DC6 prior to scheduled work. Consideration is given to plant and external conditions, the number of activities being performed concurrently, the potential for plant trips, and the availability of redundant trains. 28 \
Enclosure PG&E Letter DC L 091 Risk is evaluated, managed and documented for all activities or conditions based on the current plant state:
* Before any planned or emergent maintenance is to be performed.
* As soon as possible when an emergent plant condition is discovered.
* As soon as possible when an external or internal event or condition is recognized.
Compensatory measures are implemented as necessary and if the risk assessment reveals unacceptable risk, a course of action is determined to restore degraded or failed safety functions and reduce the probabilistic risk. S u mmarv/Conclusion Based on the above, the change to the TS 3.8.9 Condition 8 CT to 24 hours is acceptable.
: 4. REGULATORY EVALUATION
 
===4.1 Applicable===
 
Regulatory Requirements/Criteria RG 1.17 4, Revision 2, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," dated May 2011, and RG 1.177, Revision 1, "An Approach for Plant-Specific, Risk-Informed Decision Making: Technical Specifications," dated May 2011, provide specific guidance and acceptance criteria for assessing the nature and impact of licensing-basis changes, including proposed permanent TS changes in AOTs or CTs by considering engineering issues and applying risk insights.
In addition, Chapter 16.1, "Risk-Informed Decision Making: Technical Specifications," of the Nuclear Regulatory Commission (NRC, the Commission)
Standard Review Plan (SRP), NUREG-0800, describes acceptable approaches and guidelines in reviewing proposed TS modifications, including CT changes as part of risk-informed decision making. The Maintenance Rule, 10 CFR 50.65(a)(4), requires licensees to perform assessments before conducting maintenance activities on SSCs that are covered by the Maintenance Rule, and to manage any increase in risk that may result from the proposed activities.
RG 1.160, "Monitoring the Effectiveness of Maintenance at Nuclear Power Plants," dated May 2012, provides guidance on implementing the provisions of 10 CFR 50.65(a)(4).
RG 1.17 4, Section 2.3, Element 3, "Define Implementation and Monitoring Program," states that monitoring that is in conformance with the Maintenance Rule can be used to satisfy Element 3 when the monitoring 29 Enclosure PG&E Letter DCL-15-091 performed under the Maintenance Rule is sufficient for the SSCs affected by the risk-informed application.
General Design Criterion (GDC) 17 (1971 ), "Electric power systems," of Appendix A, "General Design Criteria for Nuclear Power Plants," to 1 0 CFR Part 50 requires, in part, that nuclear power plants have onsite and offsite electric power systems to permit the functioning of SSCs that are important to safety. The onsite power system is required to have sufficient independence, redundancy, and testability to perform its safety function, assuming a single failure. The offsite power system is required to supply power to the onsite electric distribution system by two physically independent circuits that are designed and located so as to minimize, to the extent practical, the likelihood of their simultaneous failure under operating and postulated accident and environmental conditions.
In addition, this criterion requires provisions to minimize the probability of losing electric power from the remaining electric power supplies as a result of loss of power from the unit, the offsite transmission network, or the onsite power supplies. The DCPP Units 1 and 2 designs conform to Criterion
: 17. The Class 1 E 120 VAC system is required to have sufficient capacity, capability, independence, redundancy, and testability to perform its safety function assuming a single failure. GDC-18 (1971), "Inspection and testing of electric power systems," requires that electric power systems that are important to safety must be designed to permit appropriate periodic inspection and testing. The DCPP Units 1 and 2 designs conform to Criterion
: 18. The Class 1 E portion of the 120 VAC system design permits appropriate periodic inspection and testing of functional and operational performance of the system as a whole and under conditions as close to design as practical.
Safety Guide 6 , March 1971 -"Independence Between Redundant Standby (Onsite) Power Sources and Between their Distribution Systems." The Class 1 E portion of the 120 VAC system is designed such that electrically powered loads are separated into redundant load groups such that loss of any one group will not prevent the minimum safety functions from being performed.
The TS for DCPP, Units 1 and 2, currently require that an instrument bus must be reenergized within 2 hours (TS 3.8.9, "Distribution Operating")
and an inoperable inverter must be restored within a CT of 24 hours (TS 3.8.7). The proposed license amendment would change the CT for restoring a 120 VAC vital bus subsystem from 2 hours to 24 hours, consistent with the CT for an inoperable inverter. 30 Enclosure PG&E Letter DCL-15-091 In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. 4.2 Precedent On November 19, 2003, the NRC approved amendments 135/135 for Byron Station and amendments 129/129 for Braidwood Station to increase the CT for an inoperable inverter from 24 hours to 7 days. While the TS being revised is different from the proposed TS, these amendments were also risk-informed CT changes for an electrical system. 4.3 Significant Hazards Consideration PG&E has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below: 1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?
Response:
No. The requested change does not physically alter any plant structures, systems, or components, and does not affect or create new accident initiators or precursors.
The completion time (CT) to perform a required action is not an accident initiator; therefore, there is no effect on the probability of accidents previously evaluated.
An alternating current (AC) source is required to mitigate the consequences of accidents previously evaluated in the Final Safety Analysis Report Update. The requested change to allow one 120 Volts Alternating Current (VAC) vital bus subsystem to be inoperable for up to 24 hours does not increase the consequences of those accidents since an additional redundant train is available.
Additionally, the redundant 120 VAC vital bus subsystem remains operable and capable of performing its required function.
The requested change does not affect the types or amounts of 31 Enclosure PG&E Letter DCL-15-091 radionuclides released following an accident, or the initiation and duration of their release. Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.
: 2. Does the proposed change create the possibility of a new or different accident from any accident previously evaluated?
Response:
No. The proposed amendment will not change the design function or operation of the structures, systems, and components (SSCs) involved, nor will it affect the SSCs' operation or their ability to perform their design function.
The proposed change will not create the possibility of a new or different kind of accident due to credible new failure mechanisms, malfunctions, or accident initiators not considered in the design and licensing bases. Therefore, the proposed change does not create the possibility of a new or different accident from any accident previously evaluated.
: 3. Does the proposed change involve a significant reduction in a margin of safety? Response:
No. The proposed amendment does not involve a significant reduction in a margin of safety. There will always be at least one full train of Engineered Safety Feature (ESF) equipment available such that the Emergency Core Cooling System, Auxiliary Feedwater system, and containment heat removal system will be able to ensure that adequate core cooling, Reactor Coolant System (RCS) integrity and containment integrity are maintained for all Design Basis Accidents (DBA). There will be no adverse impact on any ESF equipment function required for DBA mitigation such that no safety limit or fission product barrier design basis limit for the fuel, RCS, or containment described in the Updated Final Safety Analysis Report (UFSAR) will be exceeded or altered. Therefore, the proposed change does not involve a significant reduction in a margin of safety. 32 Enclosure PG&E Letter DCL-15-091 Based on the above evaluation, PG&E concludes that the proposed change does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.
 
===4.4 Conclusions===
 
In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. 5. ENVIRONMENTAL CONSIDERATION PG&E has evaluated the proposed amendment and has determined that the proposed amendment does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure.
Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).
Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.
: 6. REFERENCES None. 33 Enclosure Attachment 1 PG&E Letter DCL-15-091 Technical Specification Page (Markups) 
 
===3.8 ELECTRICAL===
 
POWER SYSTEMS 3.8.9 Distribution Systems-Operating Distribution Systems -Operating 3.8.9 LCO 3.8.9 The required Class 1 E AC, DC, and 120 VAG vital bus electrical power distribution subsystems shall be OPERABLE.
APPLICABILITY:
MODES 1, 2, 3, and 4. ACTIONS CONDITION A. One AC electrical power A.1 distribution subsystem inoperable.
B. One 120 VAG vital bus B.1 subsystem inoperable.
C. One DC electrical power C.1 distribution subsystem inoperable.
D. Required Action and D.1 associated Completion AND Time not met. D.2 E. Two required Class 1 E AC, E.1 DC, or 120 VAG vital buses with inoperable distribution subsystems that result in a loss of safety function.
DIABLO CANYON-UNITS 1 & 2 REQUIRED ACTION COMPLETION TIME Restore AC electrical 8 hours power distribution subsystem to OPERABLE status. Restore 120 VAG vital hours bus subsystem to '0 OPERABLE status. Restore DC electrical 2 hours power distribution subsystem to OPERABLE status. Be in MODE 3. 6 hours Be in MODE 5. 36 hours Enter LCO 3.0.3. Immediately 3.8-29 Unit 1 -Amendment No. -+de,-21-5 , Unit 2 -Amendment No. +de, 2+7 ,
Enclosure Attachment 2 PG&E Letter DCL-15-091 Technical Specification (Retyped page) Remove Page Insert Page 3.8-29 3.8-29 
 
===3.8 ELECTRICAL===
 
POWER SYSTEMS 3.8.9 Distribution Systems-Operating Distribution Systems -Operating 3.8.9 LCO 3.8.9 The required Class 1 E AC, DC, and 120 VAC vital bus electrical power distribution subsystems shall be OPERABLE.
APPLICABILITY:
MODES 1, 2, 3, and 4. ACTIONS CONDITION A. One AC electrical power distribution subsystem inoperable.
B. One 120 VAC vital bus subsystem inoperable.
C. One DC electrical power distribution subsystem inoperable.
D. Required Action and associated Completion Time not met. E. Two required Class 1 E AC, DC, or 120 VAC vital buses with inoperable distribution subsystems that result in a loss of safety function.
DIABLO CANYON -UNITS 1 & 2 A.1 B.1 C.1 D.1 AND D.2 E.1 REQUIRED ACTION COMPLETION TIME Restore AC electrical 8 hours power distribution subsystem to OPERABLE status. Restore 120 VAC vital 24 hours bus subsystem to OPERABLE status. Restore DC electrical 2 hours power distribution subsystem to OPERABLE status. Be in MODE 3. 6 hours Be in MODE 5. 36 hours Enter LCO 3.0.3. Immediately 3.8-29 Unit 1 -Amendment Unit 2 -Amendment No.
Enclosure Attachment 3 PG&E Letter DCL-15-091 Technical Specification Bases Page (Markups) (For information only)
BASES ACT I ONS B.*1 (cont i nued) Distribu ti on Systems -B 3.8..9 constant voltage trn n sfo m1 er. T he r equ i red AC vit a l b u s subs y s t erns must then be re-powered by restor i ng i t"s associa t ed t o OP E RABLE s t atus with i n 24 hours u nd er LCO 3.8..7. ACT I: ON A. 1. Cond i ti on B represents one *1 , 20 VAC v i ta l bus w i thou t power, po t en tiall y both t he DC source and the assoc i ated AC sou r ce a r e nonfunc t toning. In th i s s it uat i on , tile un i t i s significant l y m ore vulnerab l e t o a comp l e t e l oss of a ll power. I t i s , the r efore, imp erative that the operator*s attentio n focus on stab il izing the un i t , m i n i mizing the potentia l for l oss of power t o the ren1a i n i ng v i t a l buses and pow er to the affected 12 0 VAG v it al bus subsyste m. This 2 hGYr limit is mgr:a cooser\!dti-VQ than CGJnpletioo Tim9s allg*NQg the vast majom'l of compoAents that are *tlithout aeequate 120 Vl'*.C e 24 h o u r li m i t is a ri s k i n fo m e d comp l e t i o n t i me. T h e *n e. i s co n sis t e nt.,__.,.-* t he t ime a ll o\\'e d f o r il n i nopera b l e i n v e rt er nd er LCO 3.8.7 , a n d s oi ent t i n c t o comp l e t e rep a i rs o r compo n e n t rep l ace rn ent Tak i n g excep t i o n to lCO 3.0.2 for compo n e nt s w ithou t adequa t e vital 120 V AG power. that w ou ld ha v e the Requ i red Act i on Comp l etion T i mes shorte r t han 2 4. h ours if declared i noperab l e, i s acceptab l , e b ecause of: a. The po t e nti a l f o r decreased safety by requ iri ng a c h a n ge i n un it cond i tions (i.e .* requ i r ing a s hu tdov m) a nd not a ll ov-Jin g opera ti ons to con t inu e; b. The po t e ntial for decreased by requ iring e nt ry into nume r ous App li cable Cond it tons a nd Requ i r ed Actions for compone nt s w i thout adequa t e vi ta l 120 VA C po w er a nd not pro vi d i n g sufficient tim e for the ope r ators t o perform the necessar y e v a l ua ti ons and actions fo r r estoring powe r to the affected and c_ The potential for an e v ent i n con j unct i on Yith a sing l e f a il u r e o f a redundant component d_ T he 2_1 h ou r Co: mpl et i on T i me takes i n t o acco un t t he i mp ortance t o safety of res t o rin g the 1 20 VA C v i ta l bus to OPERABLE s t atus. the redundant capa b i li ty a ffo rded b y lll e other OPERABL E *1 20 V AC vi ta l buses, and the l ov.r probab il ity of a DBA occurring during th i s period. (co nt i nued) DfABLO CANYON-U NlTS 1 & 2 Rev 9D Page M of '92}}

Latest revision as of 17:01, 2 February 2019

Redirect to:

Retrieved from "https://kanterella.com/w/index.php?title=DCL-15-091,_Diablo_Canyon,_Units_1_and_2_-_Submits_License_Amendment_Request_Exigent_Revision_to_Technical_Specification_3.8.9._Distribution_Systems_-_Operating&oldid=1266997"