Revision as of 02:21, 13 July 2019

Text

FPIP-0104, Revision 0 Safe Shutdown Equipment List and Fault Tree Logics
	ML071210337
Person / Time
Site:	Harris
Issue date:	04/13/2006
From:	Ertman J; Progress Energy Carolinas
To:	; Office of Nuclear Reactor Regulation
References
	FPIP-0104, Rev 0
	Download: ML071210337 (26)
	v • d • e

FPIP-0104 Rev. 0 Page 1 of 26 I Information Use FIRE PROTECTION INITIATIVES PROJECT PROJECT PROCEDURE

FPIP-0104 SAFE SHUTDOWN EQUIPMENT LIST and FAULT TREE LOGICS REVSION 0

Prepared by Reviewed by Approved by

FPIP-0104 Rev. 0 Page 2 of 26 TABLE OF CONTENTS SECTION PAGE

1.0 PURPOSE.......................................................................................................................3

2.0 REFERENCES

................................................................................................................3 3.0 DEFINITIONS..................................................................................................................4 4.0 RESPONSIBILITIES........................................................................................................7 5.0 PREREQUISITES...........................................................................................................8 6.0 PRECAUTIONS AND LIMITATIONS...............................................................................8 7.0 SPECIAL TOOLS AND EQUIPMENT.............................................................................8 8.0 ACCEPTANCE CRITERIA..............................................................................................8 9.0 INSTRUCTIONS..............................................................................................................9 9.1 Safe Shutdown Equipment List.............................................................................9 9.1.1 Safe Shutdown Performance Goals...........................................................9 9.1.2 Safe Shutdown Component Selection Criteria...........................................9 9.1.3 SSEL Structure and Format.....................................................................13 9.1.4 SSEL Validation.......................................................................................15 9.1.5 HVAC Equipment Criteria........................................................................16 9.1.6 Instrument Tubing and Air Line Evaluation..............................................16 9.2 Safe Shutdown Logic (Fault Tree Model)...........................................................17 9.2.1 Fluid System Modeling.............................................................................17 9.2.2 Electrical System Modeling......................................................................18 9.2.3 Nomenclature...........................................................................................18 9.3 Changes to Safe Shutdown Model (FTL Files)...................................................18 9.4 Benchmark Review of Basic FTL File.................................................................20 10.0 RECORDS....................................................................................................................20 ATTACHMENT 1......................................................................................................................21 ATTACHMENT 2......................................................................................................................25 Revision Summary...................................................................................................................26 FPIP-0104 Rev. 0 Page 3 of 26 1.0 PURPOSE The purpose of this procedure is to provide requirements and guidance for updating or revising the Safe Shutdown Equipment List (SSEL), or the Basic Fault Tree Logic (FTL) under the NGG Fire Protection Improvement Initiatives Project (FPIP). The initial preparation, validation, and completion of the SSEL and Basic FTL file (logic) for each of the NGG plants was performed during the Safe Shutdown Analysis (SSA) update process that was performed under Task 4 of the Project by Sargent & Lundy. However, it is anticipated that during the remaining course of the FPIP, that tasks to be performed by Progress Energy may require either the SSEL or Basic FTL file (or both) to be updated to account for additional systems or components that may be added to the safe shutdown model. Therefore, this procedure will remain an active project document for the remainder of the Project. This procedure is provided to ensure compliance with the requirements of 10CFR50 Appendix R, or the guidance of NUREG-0800, unless granted specific exemptions/deviations from the requirements/guidance in these documents by the NRC. The Fire Protection Initiatives Project has issued this procedure for the purpose of providing project level guidance during transition of the Progress Energy nuclear plant fleet to NFPA 805. At the completion of the tasks covered by this procedure, it will be cancelled or converted to a NGGC procedure as appropriate.

2.0 REFERENCES

2.1 NGG Fire Protection Program Improvement Initiatives Project Plan 2.2 FPIP-0100, Fire Protection Initiatives Project - Project Controls 2.3 Quality Assurance Program Manual, NGGM-PM-0007 2.4 CSP-NGGC-2505, Software Quality Assurance and Configuration Control of Business Computer Systems 2.5 CSP-NGGC-2507, Software Documentation and Testing 2.6 NUREG/CR-3268, Modular Fault Tree Analysis Procedures Guide 2.7 EGR-NGGC-0016, Engineering Analysis Software - Dedication and Benchmark Requirements 2.8 NEI 00-01, Guidance for Post-Fire Safe Shutdown Analysis 2.9 EGR-NGGC-0017, Preparation and Control of Design Analysis and Calculations 2.10 Fire Safe Shutdown Program Manager Database User's Manual 2.11 NUMARC 87-00, Guidelines and Technical Bases for NUMARC Initiatives Addressing Station Blackout at Light Water Reactors FPIP-0104 Rev. 0 Page 4 of 26 3.0 DEFINITIONS 3.1 Terms 3.1.1 May Denotes permission, not a requirement or a recommendation. 3.1.2 Shall Denotes a requirement or a mandatory activity. 3.1.3 Should Denotes an expected action unless there is justifiable reason not to perform the action. 3.1.4 Desired Hot Shutdown (RNP)/Hot Standby Position (CR3, HNP) The position or state a component must be in to accomplish its desired safe shutdown function while the plant is maintained in hot standby. If a component or system is not required to operate to support hot standby, then this is the same as the normal position (during power operation). The limits for Hot Shutdown/Hot Standby are defined in the station Technical Specifications.

3.1.5 Desired Cooldown (RNP)/Hot Shutdown Position (BNP, CR3) The position or state a component must be in to accomplish its desired safe shutdown function while the plant is maintained in cooldown (RNP)/hot shutdown (BNP, CR3). If a component or system is not required to operate to support cooldown/hot shutdown, then this is the same as the normal position (during power operation). The limits for Hot Shutdown are defined in the station Technical Specifications.

3.1.6 Desired Transition Mode (BNP) Position The position or state a component must be in to accomplish its desired safe shutdown function while the plant is in transition mode (hot shutdown with torus cooling). If a component or system is not required to operate to support transition mode, then this is the same as the normal position (during power operation). 3.1.7 Desired Cold Shutdown Position The position or state a component must be in to accomplish its desired safe shutdown function while the plant is cooled down to or maintained in cold shutdown. If a component or system is not required to operate to achieve or maintain cold shutdown, then this is the same as the normal position (during power operation). The limits for Cold Shutdown are defined in the station Technical Specifications.

FPIP-0104 Rev. 0 Page 5 of 26 3.1.8 Normal Position The position or state of a component during normal power operation.

3.1.9 Fail Electrical/Air Position The position or state a component will assume upon loss of its electrical power supply or its air supply.

3.1.10 Not Required (BNP) If a component or system is not required to operate to support hot shutdown, transition or cold shutdown, then the desired position will be identified as "NR" - Not Required. 3.1.11 High - Low Pressure Interface High-low pressure (HLP) interfaces are normally closed valves forming an interface between a high pressure system, or line, such as the reactor coolant system and a system (or line) with a lower design pressure, for example RHR. 3.2 Safe Shutdown Equipment List (SSEL) A documented list of equipment and components that must operate, or be prevented from maloperating, to ensure the capability to achieve and maintain post-fire safe shutdown conditions within established criteria. 3.3 Safe Shutdown Equipment (Component) Equipment and components that must operate, or be prevented from maloperating, to ensure the capability to achieve and maintain post-fire safe shutdown conditions within established criteria. 3.4 Non-Safe Shutdown Equipment (Component) In the context of this procedure, plant equipment and components that are not required to effect the safe shutdown, but have been identified during the course of developing the SSEL as having a potential effect on safe shutdown equipment. 3.5 Fault Tree Logic (FTL) Files A fault tree logic file is a text file written in a format that is suitable for direct input to the Computer Aided Fault Tree Analysis (CAFTA) computer program. The FTL file is a model of the plant's safe shutdown functions, systems, and components and documents the logic used to demonstrate safe shutdown. The file includes gates which model failures from the top event down to individual component and cable failure modes.

3.5.1 Basic FTL File The basic fault tree text file is the initial model that is intended to be imported into the FSSPMD. This basic file contains the basic equipment relationships, and does not include cable, fire zone, or fire area location information, nor does it contain exceptions (resolution strategies).

FPIP-0104 Rev. 0 Page 6 of 26 3.5.2 Augmented FTL File An augmented FTL file has been processed by the FSSPM and is suitable for import into the CAFTA Fault Tree Editor and can be used to generate fire area cut sets. This text file contains the basic FTL file information, but has been augmented by the addition of cable data, fire zone (fire area for HNP) location data, and exceptions.

3.6 Top Event The top event in a fault tree is the ultimate event (failure) being modeled. In this analysis, the top event represents failure to achieve and maintain safe shutdown conditions following a fire. A fault tree can have only one top event. Should a decision be made to subdivide the fault tree model for ease of analysis purposes, a lower level safe shutdown function may be the top event for the subdivided fault trees. 3.7 Intermediate Event Intermediate events represent lower level functional, system, train, or component failures. 3.8 Basic Events Basic events represent simple failures or faults that are not further evaluated. For the purposes of this analysis, the faults evaluated are damage to components due to fires in specific fire areas / fire zones. Therefore, the fire area / fire zone locations of components and cables are the "basic events" of the fault tree model. 3.9 Logical Operators Events are connected by logical operators. The two most common logical operators are AND gates and OR gates. OR gates are used to connect events (failures) if any one of the possible failures represented by the input events will cause the output event (failure) to occur. AND gates are used to connect events (failures) if all of the possible failures represented by the input events must occur to cause the output event (failure) to occur. Other variations of these gates are possible and may be included in the model if the situation warrants. 3.10 Logical Loops Logical loops occur in the model when two or more components each provide a support function to the other component. It is the fault tree equivalent of the question "What comes first, the chicken or the egg?" A simplified example of a logical loop is provided by a typical emergency diesel generator. The diesel generator requires cooling water for successful long-term operation. The cooling water is supplied by the service water pump, which is powered from an emergency bus, that itself is powered from the emergency diesel generator. In real life, time dependent aspects of the support functions result in this not being an issue. For the example cited, the diesel engine has its own jacket water cooling system that is capable of cooling the diesel engine for a sufficiently long period to allow the diesel engine to start, connect to the emergency bus, and then load the service water pump onto the bus and start flow through the service water system. The fault tree model is a steady state model that cannot handle such time dependencies. The fault tree analysis program cannot evaluate logical loops.

FPIP-0104 Rev. 0 Page 7 of 26 Therefore, artificial means are needed to address this situation. This is discussed below in the body of the procedure. 4.0 RESPONSIBILITIES The roles of the Safe Shutdown (SSD) Engineer and the Site Safe Shutdown (SSD) Engineer may be flexible depending upon the needs at the particular site when changes to either the SSEL or FTL are to be made. The responsibilities outlined in this document assume that the SSD Engineer assigned to support this effort, and working for the Site Safe Shutdown Engineer, would prepare any change package that was needed. However, that is not to preclude the Site SSD Engineer from serving in the role of a Preparer or Reviewer. In the event the Site SSD Engineer prepares or reviews a change package, the responsibility for approving the completed package should be performed by the Site Fire Protection Initiatives Project Coordinator. 4.1 Safe Shutdown Engineer 4.1.1 Maintain, or have access to, documentation related to the current safe shutdown analysis (SSEL and systems relied upon to satisfy safe shutdown requirements), revised SSEL maintained in the FSSPM, documents related to system operation, including P&ID's (Flow Diagrams), system descriptions, design basis documents, and post-fire shutdown procedures. 4.1.2 As necessary, review the post-fire safe shutdown documentation to determine the impact of any proposed changes (plant or safe shutdown model) to ensure that the credited safe shutdown systems can achieve the desired safe shutdown performance goals. 4.1.3 As necessary update the SSEL portion of the Fire Safe Shutdown Program Manager database. 4.1.4 Determine if existing calculations are available to support atypical configurations of safe shutdown systems. Review, as necessary, the calculations against the current area analysis compliance strategies. 4.1.5 As necessary review the current use of HVAC equipment. Evaluate the feasibility of eliminating reliance upon HVAC systems for affected rooms and areas. 4.1.6 Perform (or coordinate performance of) room heat up calculations for areas where HVAC is being postulated as being lost using the methodology of NUMARC 87-00 for station blackout, or other approved engineering analysis tool or model. 4.1.7 Evaluate the potential impact instrument sensing lines and air lines associated with existing SSEL components requiring a review, or any new components added to the SSEL. 4.1.8 As necessary revise Basic FTL file with the support of individuals familiar with IRRAS/MAR-D (Models and Results Database) text files. 4.1.9 Initiate a CRTN and prepare the necessary documentation in accordance with Reference 2.4 to validate the fault tree analysis functionality within the CAFTA program if the Basic FTL file is modified. 4.1.10 Submit revisions to the SSEL and basic FTL file to Site Safe Shutdown Engineer for review and approval.

FPIP-0104 Rev. 0 Page 8 of 26 4.1.11 Perform reviews of the SSEL, instrument tubing or air-line evaluations, room heat-up calculations, and the basic fault tree model (file) after any changes. 4.1.12 Maintain control of and approve any changes to the SSEL or Basic FTL file. 4.2 Site Fire Protection Initiatives Project Coordinator Approval of completed SSEL, instrument tubing or air-line evaluations, room heat-up calculations, and the basic fault tree model (file) after any changes in the event the Site Safe Shutdown Engineer serves in the role of the Preparer or Reviewer of that change document. 5.0 PREREQUISITES 5.1 The Fire Safe Shutdown Program Manager Database software, along with the station's specific safe shutdown data, and Basic FTL file shall have completed all required Progress Energy QA/software reviews, and have been accepted before they are released for use on the FPIP.

5.2 Personnel assigned to prepare or review documents under this Project procedure shall have the required level of training, completed qualifications for a Post-Fire Safe Shutdown Engineer, and qualifications are documented in the Progress Energy personnel qualifications database.

6.0 PRECAUTIONS AND LIMITATIONS 6.1 This procedure does not provide guidance on how to control changes to either the SSEL or the Basic FTL logic. If changes are to be processed the guidance provided in References 2.4 and 2.5 shall be followed. 6.2 The results of other FPIP Sub-tasks (specifically 4.1.5, "Circuit Analysis", 4.1.6, "Fire Area Analysis", and 4.1.8, "Manual Action Feasibility") could potentially change the deliverables produced in this task. 6.3 Change to the character processing function performed by the FSSPM is not included within the scope of this Project procedure. 6.4 The Basic FTL file processed by the FSSPM(D) prepares an Augmented FTL file that can be read by CAFTA. This logic is classified as Software Quality Level B (SWQL B).

As a result of this software classification level, changes to the Basic FTL must be made under the control of the appropriate CSP-NGGC procedures. 7.0 SPECIAL TOOLS AND EQUIPMENT N/A 8.0 ACCEPTANCE CRITERIA 8.1 Performance goals for achieving safe shutdown in the event of a fire are identified in Section 9.1.1.

8.2 In addition to meeting the performance goals specified avove, the system and component selection process utilized to develop the SSEL may need to consider additional criteria that may have been established in plant specific safe shutdown analyses or calculations (e.g. thermal-hydraulic analysis).

FPIP-0104 Rev. 0 Page 9 of 26 9.0 INSTRUCTIONS 9.1 Safe Shutdown Equipment List Review the site specific safe shutdown analysis success paths and the Safe Shutdown Equipment List to validate that all proposed changes to equipment and success paths have been correctly identified, and that the performance goal outlined below are being maintained. The Site Safe Shutdown Engineer shall be informed of any proposed changes to the plant, or post-fire safe shutdown documentation that may impact the Safe Shutdown Analysis. 9.1.1 Safe Shutdown Performance Goals A safe shutdown condition is achieved by satisfying the following safe shutdown performance goals. NOTE In the following performance goals, the word '

shall' is to be replaced with '

should' when performing work associated with the HNP as these performance goals are only guidance under NUREG 0800. 1. The reactivity control function shall be capable of achieving and maintaining cold shutdown reactivity conditions. 2. The reactor coolant makeup function shall be capable of maintaining the reactor coolant above the top of the core for BWRs and be within the level indication in the pressurizer for PWRs. 3. The reactor heat removal function shall be capable of achieving and maintaining decay heat removal. 4. The process monitoring function shall be capable of providing direct readings of the process variables necessary to perform and control the above functions. 5. The supporting functions shall be capable of providing the process cooling, lubrication, etc., necessary to permit the operation of the equipment used for safe shutdown functions. 9.1.2 Safe Shutdown Component Selection Criteria For safe shutdown systems relied upon to achieve one or more of the safe shutdown performance goals listed in subsection 9.1.1, the following criteria will be used to determine which specific components to include on the SSEL. 1. Pumps or fans which must operate to support achieving a safe shutdown performance goal shall be included on the SSEL. 2. Pumps or fans which do not perform a safe shutdown function, but which should be secured to ensure the success criteria, will be included on the SSEL.

FPIP-0104 Rev. 0 Page 10 of 26 3. Electrically operated or controlled valves or dampers located in a safe shutdown flowpath which must change position, either under manual or automatic control, shall be included on the SSEL. Manual valves located in a safe shutdown flowpath requiring repositioning during post-fire shutdown operations will also be included on the SSEL. 4. Electrically operated or controlled valves or dampers in the flow paths whose spurious operation could adversely affect system operation shall be included on the SSEL. Fire dampers (including those activated by both fusible links and electro-thermal links) in the flowpath whose operation could adversely affect system operation shall be included on the SSEL. NOTE Evaluate the impact of adding manual valves, dampers, check valves or passive components such as tanks and heat exchangers to SSEL in accordance with the following steps. 5. Properly oriented manual valves, dampers, and check valves in the flow path that do not require manual actions during post-fire shutdown operations will not be included on the SSEL. 6. Manual drain, vent and instrument root valves will not be included on the SSEL. 7. Electrically operated or controlled valves or dampers constituting system boundaries will be included on the SSEL if the spurious operation of one or more of the boundary valves could adversely affect system operation. For electrically operated or controlled valves or dampers, two valves or dampers in series forming the system boundaries will be listed on the SSEL. If three normally closed valves or dampers in series form the system boundary, all three will be included on the SSEL and it will be appropriately noted. Where a normally closed manual valve is downstream from these valves, see Item 9 below. Post-fire safe shutdown flow paths are generally identified on the marked-up piping and instrument diagrams. These flow paths can be either "Primary" or "Boundary" paths. Primary flow paths are system flow paths required to perform safe shutdown functions. In addition to the main flow paths, this includes internal recirculation, minimum flow, and process cooling flow paths. Boundary flow paths are those flow paths contiguous to primary flow paths, which must be isolated to prevent system flow diversion or inventory loss.

Boundary paths include those portions of the system, which constitute part of the system pressure boundary, but are not required safe shutdown flow paths. Boundary paths do not include any of the following items: 1) Instrument taps / lines smaller than one inch in diameter, FPIP-0104 Rev. 0 Page 11 of 26 2) System vent and drain paths isolated by manual valves, pressure relief valves, or power operated relief valves, or 3) Portions of fluid systems that are not required for safe shutdown provided the flow diversion does not degrade system operation. For items 1) and 2) above, a general SSA assumption is that passive steel components such as piping are impervious to fire damage. However, the following exceptions apply to this position: Instrument air / sensing lines made of copper material cannot be assumed to function during the postulated fire event. As such, these applications are evaluated and justified on a case by case basis, or assumed to be a boundary path which could result in a loss of inventory. (CR3 only) Instrument lines at CR3 are made of stainless steel and there may be components in item 2 that are made of stainless steel.

The ultimate tensile strength of Type 316 Stainless Steel is reduced approximately 50% at 1400ºF, and at temperatures of about 1000ºF and higher, stress rupture becomes a consideration for austenitic stainless steels. This is documented in a CR3 NCR for fire area RB-95-300. (CR3 only) It is acceptable to exclude instrument lines for water systems that are providing water via pumps as instrument lines would be affected only for the specific fire area. However, for the reactor coolant system (RCS), the make-up pumps are shut-off so that there is no makeup water to the RCS, thus the integrity of the instrument lines in the reactor building needs to be maintained. In the case of item 3) above, exclusion of certain boundary paths from the analysis will be based upon a system hydraulic evaluation or documented engineering judgment, which demonstrates the system's capability to support the safe shutdown functions. The engineering analysis or judgment will provide the technical basis for the method of operation of the credited system during postulated post-fire safe shutdown events, and what, if any, boundary isolations are required in support of system operation. 8. Passive mechanical components such as tanks that provide makeup, heat exchangers required to remove heat to achieve safe shutdown and pressure vessels, will be included on the SSEL for completeness. 9. For configuration control purposes, the first normally closed manual valve or properly oriented check valve, credited as system boundaries, will be listed on the SSEL. Where the normally closed manual valve is downstream from the electrically operated or controlled valves in the same line, the electrically operated or controlled valves do not need to be included in the SSEL. 10. Safety and/or relief valves which perform an active safe shutdown function will be included on the SSEL.

FPIP-0104 Rev. 0 Page 12 of 26 11. Safety and/or relief valves provided for equipment and piping protection will not be included on the SSEL. 12. Loops or bypasses within a system where spurious operation of an electrically operated or controlled valve or damper will not result in a loss of flow or inadequate flow to the safe shutdown success path will not be included in the SSEL. If this rule is used to exclude portions of a system, the rationale will be documented in the Safe Shutdown Analysis to be updated under Project Sub-task 4.1.10. 13. For tanks, all outlet lines will be evaluated for their functional requirements. For lines not required to be functional, a means of isolation (the first manual or electrically operated or controlled isolation valve) will be included on the SSEL to prevent unnecessary drawdown of the tank. Tank fill lines will also be evaluated as necessary. 14. Steam traps in the safe shutdown flowpath, designed to remove condensate and trap steam, will not be included on the SSEL. Based on this design function, steam exiting via these flowpaths is considered to have negligible impact on RCS cooldown. 15. Pilot valves are not included on the SSEL. The process valve with which the pilot valves are associated have been identified on the SSEL. Cabling for these solenoid valves will be associated with the process valve component number. 16. Communications and hard wired emergency lighting systems (e.g., systems/components powered from central station batteries or security diesels) that are credited in the SSA and susceptible to fire damage will be included on the SSEL. Battery pack powered emergency lighting will not be included on the SSEL. 17. Interrelated circuitry, as identified on P&ID's by dashed lines between safe shutdown components and other safe shutdown/non-safe shutdown components, shall be reviewed to identify additional components that may potentially affect safe shutdown. These components shall be included on the SSEL as appropriate. 18. For the process monitoring function, the guidance provided in IE Information Notice 84-09 will be considered in the identification of the minimum set of instruments that are required to monitor plant process variables. In addition, consideration will be given to identifying diagnostic instrumentation for existing manual actions. In some cases additional instrumentation may be required to support safe shutdown functions. This will be specified on a case by case basis, and will be the result of the manual action feasibility review. 19. Other support systems such as Service Water, CCW, and HVAC systems shall be included on the SSEL if required for system support. The component selection criteria for support systems are identical to the component selection criteria for primary safe shutdown systems as listed. 20. Emergency and offsite power components (including alternative and dedicated) associated with safe shutdown have been identified and included FPIP-0104 Rev. 0 Page 13 of 26 on the SSEL as part of Task 5, Safe Shutdown Circuit Analysis, performed by Sargent & Lundy. As part of the work performed under Task 5, the power supply for each component on the SSEL was identified by review of single line diagrams. The immediate power supply for each component was identified and added to the SSEL. These power supply components were then reviewed to determine their power source, and then that component was identified for inclusion on the SSEL. Power supplies were traced back to the emergency diesel and offsite power transformer. 21. If two electronically controlled valves in series form a high-low pressure (HLP) interface, they both must be identified as HLP valves on the SSEL. The implied position of these HLP valves for all safe shutdown modes is "Closed".

If the HLP valves also have an active safe shutdown function (i.e. other than "Closed"), the positions shown in the SSEL designate the desired position to achieve the active safe shutdown function. It is also acceptable for plants that have multi-function valves, which are listed more than once to list the HLP valves twice, once with the HLP function and once with the active safe shutdown function. 9.1.3 SSEL Structure and Format The detailed structure and format of the Safe Shutdown Equipment List has been defined in the Fire Safe Shutdown Program Manager and is described in the FSSPM User Manual. The printed version safe SSEL includes the following data: 1. Equipment Tag - Is the component ID number obtained from PassPort, or from other plant documentation if the component is not found in PassPort. 2. Equipment Name - The component description from PassPort, or from other plant documentation if the component is not found in PassPort. On the SSD Equipment form in the FSSPM, this field is entitled "Equipment Description." 3. System - Designator from PassPort for the system to which the component is associated. 4. Type - This is the code used in PassPort to designate that a specific component belongs to specific group (type) of equipment. This field is not currently being used at all plants. 5. Normal Position - The component's normal operating position. 6. Desired Hot Standby (HSB) Position - The component's desired position to achieve hot standby for CR3, or hot shutdown for RNP. On the SSD Equipment Form in the FSSPM, there are separate fields for Hot Standby and Hot Shutdown. 7. Desired Transition Position - The components desired position when in the transition mode at BNP, or cooldown at RNP. 8. Desired Cold Shutdown (CSD) Position - The components desired position to achieve its cold shutdown safe shutdown function.

FPIP-0104 Rev. 0 Page 14 of 26 9. Fail Electric Position - The position the component will take upon loss of its electrical power source, if applicable. 10. Fail Air Position - The position the component will take upon loss of its air source, for air-operated valves and dampers only. 11. High / Low Pressure (HLP) Interface - Checkbox used to identify (if checked) that the component forms part of a high / low-pressure interface with the Reactor Coolant System. 12. Cold Shutdown (CSD) Component - Check box used to identify (if checked) that the component is only required to support achieving cold shutdown conditions. 13. Manual Only - Checkbox used to indicate if the component does, or does not, require a circuit analysis. Electrical components requiring circuit analysis leave this checkbox un-checked. Manual valves, heat exchangers and other mechanical components without an electrical control or power circuit have a check mark applied to indicate they do not need to have a circuit analysis performed. Electronically controlled boundary isolation valves or other components which do not require a circuit analysis also have a check mark applied with the associated explanation in the "Notes" column. On the SSD Equipment Form in the FSSPM this field is identified as "Mechanical Only." 14. SSD - This field is used to identify which division of safe shutdown equipment the component belongs to. 15. Notes - This field includes any information that was added in the "Equipment Notes" field on the Safe Shutdown Equipment Form in the FSSPM. In addition to the SSEL data fields that appear on the SSEL Report, the FSSPM database is provided with additional data fields that appear on the Safe Shutdown Equipment form in the FSSPM. Safe shutdown equipment data can be added, modified, or deleted through the use of this form if necessary. 16. Equipment Number - The field will normally be the same as the PassPort identification also used in the "Equipment Tag" field. However, if there is a more commonly used identification for the component at the plant level and the PassPort identification does not allow for easy identification, the identification used by the plant may be entered in this field. 17. E-CODE - This is an electronic tag number used within PassPort to uniquely identify components. While a field for this identifier has been provided in the FSSPM database, it is currently not being used. 18. Equipment Rev - This revision is tied to the PassPort E-Code. This field is currently not being utilized by the FSSPM. 19. Unit - This field is provided for use on sites where there are multiple nuclear units. 20. Desired Hot Shutdown (HSD) Position - the components desired position to achieve hot shutdown at BNP or CR3.

FPIP-0104 Rev. 0 Page 15 of 26 21. Fire Zone (Fire Area for HNP) - This field is used to identify the fire zone (fire area) in which the equipment is located. 22. Show on SSEL Reports? - This check box is used to indicate which equipment should be displayed on the various SSEL Reports. If the box is not-checked, it indicates that the component provides some supporting role and does not need to appear on any SSEL reports. 23. Power Supply - The Power Supplies sub-form shows the associated power supplies for the subject safe shutdown component. This data is entered against the component through the use of the Cable/Power form which is not addressed in this project procedure. 24. FTL Tag - This field is used to indicate the format of this component in the fault tree logic file and in CAFTA. This tag number may differ from the PassPort identification number if the PassPort designation contains spaces or other characters that are not recognizable by CAFTA. 25. Modeled in FTL Logic? - This field is used to identify (with a check mark) those components that are included in the Basic FTL text file. 9.1.4 SSEL Validation When required, the process for validating changes to the SSEL will be performed in accordance with the following steps. 1. Identify the systems required to satisfy each safe shutdown performance goal. Collect documentation related to system operation. Documentation to collect includes P&IDs, Appendix R flow diagrams (BNP), system functional descriptions, system and functional design basis documents (DBDs), Fire Study (CR3) and safe shutdown operating procedures (including procedures that address for alternative flow paths such as abnormal operating procedures). 2. Review the collected documentation to determine if the system can achieve the desired performance goal. 3. Mark up the P&IDs or post-fire safe shutdown flow diagrams and Single-Line Diagrams to indicate the flow paths and system boundaries. 4. Update the SSEL portion of the FSSPM database by entering, modifying, or deleting data as appropriate for each safe shutdown component identified during the SSEL review.

5. (CR3 only) Update as necessary the highlighted P&IDs and Single-Line Diagrams used in the SSA Calculation to incorporate new safe shutdown equipment or flow paths.

6. (CR3 only) PassPort identifies Appendix R equipment with the Code Key "AR." If equipment is added to, or deleted from, the Appendix R SSEL PassPort will need to be updated to add or delete the "AR" code key. Changes in the designation of equipment will be noted for inclusion in the FPIP-0104 Rev. 0 Page 16 of 26 Engineering Change package to be prepared during the performance of Project Sub-task 4.1.12. 9.1.5 HVAC Equipment Criteria

1. For areas where the deletion of a credited HVAC system may be considered justifiable, perform a preliminary scoping evaluation based on station blackout conditions. The methodology contained in NUMARC 87-00, or other approved engineering methods, may be used for conducting room heat heat-up analysis. The heat loads considered in the evaluation will be for post-fire safe shutdown scenarios instead of a station blackout scenario. HVAC shall initially be assumed to be lost for a period of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. 2. Any room heat-up calculation that is required to support exclusion of a HVAC shall be performed in accordance with Reference 2.9. 3. The evaluation of the room heat-up calculation shall consider the operability of the equipment under elevated temperature as well as operator habitability if operator actions are required in the room or area where HVAC is evaluated as not being available. 4. Depending on the results of the room heat-up calculations (room or equipment operating temperature limits have not been exceeded), remove HVAC equipment from the SSEL. 9.1.6 Instrument Tubing and Air Line Evaluation NOTE If it is determined that sensing lines for a given instrument do not leave the fire area that contains the associated instrument, or instrument air will not be credited as part of the safe shutdown analysis, it will not be necessary to enter the sensing or air line(s) into either the FSSPM(D) or the Basic FTL if an engineering analysis is prepared to document these configurations. For all credited instruments with instrument sensing lines that traverse through fire areas other than where the instrument is located, or equipment that may be supplied by an instrument air line, perform an evaluation that includes the following steps: 1. Identify the instrument sensing lines and/or instrument air lines that are credited in the safe shutdown analysis. 2. Identify the fire zone (fire area for HNP) routing of the individual lines. 3. Enter the sensing and/or air line routing information into the FSSPM database. These lines should be treated in the same manner as cables, and associated with the safe shutdown component. It will be necessary to develop equipment ID numbers for the sensing lines that are compatible with PassPort. 4. The sensing lines will be incorporated into the fault tree by modeling instrument operation as dependent on sensing line location (If fire occurs in FPIP-0104 Rev. 0 Page 17 of 26 an area where the sensing line is routed, the instrument will be assumed to fail). 5. The instrument air lines will be evaluated to determine if they will fail due to a fire in fire areas where instrument air is relied upon to operate. The instrument air lines will be incorporated into the fault tree model as necessary. 9.2 Safe Shutdown Logic (Fault Tree Model) The safe shutdown logic has been documented in the Basic FTL file which models the safe shutdown functions, systems and components. This approach has been utilized in lieu of the traditional approach where system level, component level, and electrical logic diagrams are used to demonstrate a successful safe shutdown path. The following approach is being used at the Progress Energy plants. 9.2.1 Fluid System Modeling Fluid systems have been modeled into the Basic FTL following the basic guidance provided in Reference 2.6, but modified to with a few exceptions. Basic fluid system modeling rules are provided in Attachment 1. However, if additional guidance on the rules for system modeling, or examples is required, Reference 2.6 should be consulted. In addition to the above, the following additional guidance will be followed: 1. The fault tree model has been developed from the top down. The top of the fault tree represents achieving the various safe shutdown performance goals as described in Section 9.1.1. The model hierarchy is as follows: SSD Performance Goals Systems Flowpaths Components. 2. For fluid systems, each safe shutdown flowpath has been modeled. Diversion paths were also modeled out to the isolation valve credited on the SSEL. 3. Line numbers are not to be included in the model. 4. All components on the SSEL are specifically included in the fault tree model. 5. Component cables will not be included in the Basic FTL, but will be added when the Augmented FTL is prepared by the FSSPM(D). 6. Circular logic (logical loops) will be avoided by defining "duplicate" components on an as-needed basis. "Duplicate" component names consist of the actual component name with a suffix chosen to clearly indicate its use in the model. 7. If the Basic FTL file (model) is modified, a systematic review of the fluid system components must be performed to evaluate potential adverse impacts of simultaneous (back-to-back, before operator response can be implemented) spurious operations of various combinations of two components. The report documenting the combinations of components and the postulated adverse consequences prepared during the initial scope of FPIP-0104 Rev. 0 Page 18 of 26 work performed by S&L must be updated, and included in the plants SSA Calculation. 8. Do not include pipelines or HVAC ducts (or pipeline or duct numbers) in the fault tree model. 9. Gate descriptors shall be included in the model. For equipment use PassPort names where available. 9.2.2 Electrical System Modeling The plant electrical system and equipment power supplies have also been included in the Basic FTL file. Additional power supplies that may be identified during circuit analysis reviews shall be included in the shutdown model. All power supplies included on the SSEL will be specifically included in the electrical systems fault tree model. 9.2.3 Safeguards System Modeling (Except CR3) The Safeguards System (ESFAS, ESAS, etc.) have been included in the Basic FTL file. 9.2.4 Fast Bus Transfer Modeling (RNP Only) The Fast Bus Transfer (FBT) at RNP has been included in the Basic FTL file. 9.2.5 Nomenclature Standard nomenclature for gate and basic event naming has been used to improve the readability and comprehensibility of the fault tree model. Attachment 2 provides an explanation of the standard prefixes and suffixes that will be used in constructing the fault tree model. 9.3 Changes to Safe Shutdown Model (FTL Files)

This section describes the process for making required changes to the Basic FTL file that contains the shutdown model (logic). Section 9.2 of this procedure provides guidance related to the practice and methodology used to generate the fault tree logic. In general, changes to the Basic FTL file will only be required for the following kinds of changes. 9.3.1 Deletions of safe shutdown components will require that the component be located in the fault tree logic. Open the Basic FTL file using any word processing program such as Word, NotePad, etc. Locate the section of the file with the logic for the subject component. Use the search function if necessary. Delete all references to the subject component, modifying the fault tree logic if necessary. When finished, use the search function to verify that all references have been deleted. 9.3.2 Additions of safe shutdown components will require determination of the appropriate location in the fault tree logic to place the component. Fluid systems are modeled on a functional basis (e.g., supplying flow via a particular flowpath). Therefore, it may be necessary to add additional functional logic gates to FPIP-0104 Rev. 0 Page 19 of 26 accommodate the new component. As a minimum, the following new gates will be required.

For components modeled only for spurious operation, add a spurious operation gate in the appropriate location for the new component ("&COMPNO_SPUR"). No other change should be required.

For active components, an unavailability gate ("COMPNO_UNAV") should be added in the appropriate location. The unavailability gate should be further developed with appropriate inputs, following the guidance of Reference 2.6. Typical inputs include a damaged by fire gate ("$COMPNO_DBF"), a loss of control gate ("(COMPNO_LOC"), and a loss of power gate

(")COMPNO_LOP"). If the component requires additional support, such as ventilation, cooling water, lubrication, etc., appropriate gates should be provided and developed. 9.3.3 Changes to safe shutdown components should be reviewed for potential fault tree logic changes. In general, only changes to support requirements will require a change to the model for the affected support function gates for the component. 9.3.4 Changes to circuit analysis for specific components in general will not require a change to the fault tree model. However, changes involving the addition or deletion of a power supply will require a change. In such cases, locate the loss of power gate for the affected component, and edit the power supplies as necessary to reflect the change. If a new power supply is added, ensure that it is properly modeled in the AC power distribution model or DC power distribution model, as appropriate. 9.3.5 Any time the Basic FTL file has been changed, it should be tested using CAFTA and FSSPM(D) prior to accepting the changes. To test the file using CAFTA, open the (CAFTA) Fault Tree Editor. The Fault Tree Editor window will open. Choose "File\Open" from the menu bar. An "Open" window will open on the screen. Click on the down arrow button to open the pull down menu located in the "Files of type:" combo box. Choose "All Files (*.*)". Navigate to the directory where the Basic FTL file is stored. Open the desired file by highlighting the name and clicking on the "Open" button. Click on "Cancel" or the Close button when the "Open Database Files" window appears. 9.3.6 Test the file for circular logic. Choose "Tools / Circular Logic Check" from the menu bar. This will test the fault tree logic file for circular logic that may have been inadvertently added. If circular logic is detected, it must be corrected. 9.3.7 Test the file for gate independence. Choose "Tools / Gate Independence Check". This will test the fault tree logic for multiple tops and/or orphaned gates that may have been inadvertently created. If detected, they must be corrected. 9.3.8 Import the Basic FTL file into FSSPMD and perform the character processing by following the instructions in sections 5.2 and 5.3 of Reference 2.2. Review the error reports, if any, and ensure that all errors identified are understood. Some "Errors" may be normal, and will not prevent generation of the Augmented FTL file. The Safe Shutdown Engineer should be familiar with his plants fault tree model, and any errors that are normal and routinely appear during these processes. If unexpected errors are encountered, they must be corrected.

FPIP-0104 Rev. 0 Page 20 of 26 9.4 Benchmark Review of Basic FTL File A review of the plant's Benchmark document contained in Reference 2.2 shall be performed anytime the Basic Fault Tree Logic is modified. 9.4.1 Identify the sample equipment ID's and Basic fault tree logic that is used in the Benchmark document as a known input. 9.4.2 If the Basic Fault Tree Logic was modified for any of these components, then revise the benchmark document known inputs and expected outputs to match the modification. If the Benchmark sample data was not changed, then no further action is required. 9.4.3 Run a benchmark test on the augmented fault tree logic which incorporates the revised Basic Fault Tree Logic. 10.0 RECORDS 10.1 Changes to the FSSPM database, or Basic FTL file, shall be recorded utilizing the change control process described in Reference 2.2.

10.2 Room heat-up calculations shall be documented in a Progress Energy calculation in accordance with Reference 2.9.

FPIP-0104 Rev. 0 Page 21 of 26 ATTACHMENT 1 Sheet 1 of 4 Fluid System Modeling Rules (From NUREG/CR 3268 Modular Fault Tree Analysis Procedures Guide)

Fluid System Rule 0 (1 of 1 IN, 1 OUT) R0

This is an additional rule not noted on the modular logic guide

%FPO-OUTPTSEG OR %FLT-OUTPTSEG %FPO-INPUTSEG

Fluid System Rule 1 (2 of 2 IN, 1 OUT) R1

%FPO-OUTPTSEG OR %FLT-OUTPTSEG %FPI-OUTPTSEG %FPI-OUTPTSEG AND %FPO-INSEG#1 %FPO-INSEG#2

Fluid System Rule 2 (1 of 2 IN, 1 OUT) R2

%FPO-OUTPTSEG OR %FPO-INSEG#1 %FPO-INSEG#2 %FLT-OUTPTSEG

Fluid System Rule 3 (1 IN, N OUT - N per node) R3

%FPO-OUTSEG#1 OR %FPO-INPUTSEG %FLT-OUTSEG#1 %FPO-OUTSEG#2 OR %FPO-INPUTSEG %FLT-OUTSEG#2 %FPO-OUTSEG#3 OR %FPO-INPUTSEG %FLT-OUTSEG#3

%FPO-OUTSEG#4 OR %FPO-INPUTSEG %FLT-OUTSEG#4 %FPO-OUTSEG#5 OR %FPO-INPUTSEG %FLT-OUTSEG#5 %FPO-OUTSEG#6 OR %FPO-INPUTSEG %FLT-OUTSEG#6

Fluid System Rule 4 (1 in, 2 of 2 out - 2 R3 per node) R4

%ALIGN-FLT-X-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#2

%FPO-OUTSEG#1 OR %FPO-INPUTSEG %FLT-OUTSEG#1 %FPO-OUTSEG#2 OR %FPO-INPUTSEG %FLT-OUTSEG#2

Fluid System Rule 5 (M of N in, 1 out) R5

Note: The rule shown below is for input segments of equal flow capacity.

Therefore, if the input lines have different flow capacities and failure

criteria is not simply M of N in, then more development must be done.

%FPO-OUTPTSEG OR %FLT-OUTPTSEG %FPI-OUTPTSEG %FPI-OUTPTSEG M/N %FPO-INSEG#1 %FPO-INSEG#2 %FPO-INSEG#3 %FPO-INSEG#4 %FPO-INSEG#5 %FPO-INSEG#6

FPIP-0104 Rev. 0 Page 22 of 26 ATTACHMENT 1 Sheet 2 of 4 Fluid System Modeling Rules

Fluid System Rule 6 (1 in, M of N out - N R3 per node)

Note: The application of this rule is not universal, as a logic combination

of outputs that causes failure must be determined on a case by case basis.

Therefore, additional development may be required. However, N applications of R3

must still be applied per node, thus, R3 is repeated below also.

%ALIGN-FLT-X-SOI M/N %FAI-OUTSEG#1 %FAI-OUTSEG#2 %FAI-OUTSEG#3 %FAI-OUTSEG#4 %FAI-OUTSEG#5 %FAI-OUTSEG#6

%FPO-OUTSEG#1 OR %FPO-INPUTSEG %FLT-OUTSEG#1

%FPO-OUTSEG#2 OR %FPO-INPUTSEG %FLT-OUTSEG#2

%FPO-OUTSEG#3 OR %FPO-INPUTSEG %FLT-OUTSEG#3 %FPO-OUTSEG#4 OR %FPO-INPUTSEG %FLT-OUTSEG#4 %FPO-OUTSEG#5 OR %FPO-INPUTSEG %FLT-OUTSEG#5 %FPO-OUTSEG#6 OR %FPO-INPUTSEG %FLT-OUTSEG#6

Fluid System Rule 7 (1 in, 1 out, n DIV) R7

%FPO-OUTSEG#1 OR %FPO-INPUTSEG %FLT-OUTSEG#1 %FAI-DIVSEG#1

Fluid System Rule 8 (2 of 2 in, 2 out) R8

%FPO-OUTSEG#1 OR %FLT-OUTSEG#1 %FPI-OUTSEG#1 %FPI-OUTSEG#1 AND %FPO-CSTb %FPO-INSEG#1

%FPO-CSTb OR %FPO-INSEG#2 %FLT-CST

%FPO-OUTSEG#2 OR %FLT-OUTSEG#2 %FPI-OUTSEG#2

%FPI-OUTSEG#2 AND %FPO-CTSa %FPO-INSEG#2

%FPO-CTSa OR %FPO-INSEG#1 %FLT-CTS

Fluid System Rule 9 (2 in, 2 of 2 out - 2 R8 per node) R9

%ALIGN-FLT-X-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#2 %INFEED-CTX %DIV-CTS

%INFEED-CTX OR %FPO-INSEG#1 %FPO-INSEG#2

Fluid System Rule 10 (3 of 3 in, 2 out) R10

%FPO-OUTSEG#1 OR %FLT-OUTSEG#1 %FPI-OUTSEG#1

%FPI-OUTSEG#1 AND %FPO-CTS1 %FPO-INSEG#1 %FPO-CTS1 OR %FLT-CTS1 %FPI-CTS1 %FPI-CTS1 AND %FPO-INSEG#2 %FOP-OCS-CTS2x

%FPO-CTS2x OR %FPO-INSEG#3 %FLT-CTS2

%FPO-OUTSEG#2 OR %FLT-OUTSEG#2 %FPI-OUTSEG#2

%FPI-OUTSEG#2 AND %FPO-CTS2 %FPO-INSEG#3

%FPO-CTS2 OR %FLT-CTS2 %FPI-CTS2 %FPI-CTS2 AND %FPO-INSEG#2 %FPO-CTS1x %FPO-CTS1x OR %FPO-INSEG#1 %FLT-CTS1 FPIP-0104 Rev. 0 Page 23 of 26 ATTACHMENT 1 Sheet 3 of 4 Fluid System Modeling Rules

Fluid System Rule 11 (3 in, 2 of 2 out - 2 R10 per node) R11

%ALIGN-FLT-X-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#2 %INFEED-CTSX %DIV-CTS1 %DIV-CTS2 %INFEED-CTSX 2/3 %FPO-INSEG#1 %FPO-INSEG#2 %FPO-INSEG#3

Fluid System Rule 12 (2 of 2 in, 3 out) R12

%FPO-OUTSEG#1 OR %FLT-OUTSEG#1 %FPI-OUTSEG#1 %FPI-OUTSEG#1 AND %FPO-CTS1 %FPO-INSEG#1 %FPO-CTS1 OR %FPO-INSEG#2 %FLT-CT1 %FLT-CTS2

%FPO-OUTSEG#2 OR %FLT-OUTSEG#2 %FPI-OUTSEG#2 %FPI-OUTSEG#2 AND %FPO-CTS1x %FPO-CTS2x

%FPO-CTS1x OR %FPO-INSEG#1 %FLT-CTS1 %FPO-CTS2x OR %FPO-INSEG#2 %FLT-CTS2

%FPO-OUTSEG#3 OR %FLT-OUTSEG#3 %FPI-OUTSEG#3 %FPI-OUTSEG#3 AND %FPO-CTS2 %FPO-INSEG#2

%FPO-CTS2 OR %FPO-INSEG#1 %FLT-CTS2 %FLT-CTS1

Fluid System Rule 13 (2 in, 2 of 3 out - 1 per node), 3 R12 per node) R13

%ALIGN-FLT-W-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#2 %FAI-OUTSEG#3 %DIV-CTS1 %DIV-CTS2

%ALIGN-FLT-X-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#3 %INFEED-CTSX %DIV-CTS1 %DIV-CTS2 %INFEED-CTSX OR %FPO-INSEG#1 %FPO-INSEG#2

%ALIGN-FLT-Y-SOI AND %FAI-OUTSEG#1 %FAI-OUTSEG#2 %INFEED-CTSY %DIV-CT1 %INFEED-CTSY OR %INFEED-CTSYA %FPO-INSEG#2 %INFEED-CTYB %INFEED-CTSYA AND %FPO-INSEG#1 %FLT-OUTSEG#3 %DIV-CTS2 %INFEED-CTSYB AND %FLT-OUTSEG#3 %FLT-CTS2

%ALIGN-FLT-Z-SOI AND %FAI-OUTSEG#2 %FAI-OUTSEG#3 %INFEED-CTSZ %DIV-CTS2 %INFEED-CTSZ OR %INFEED-CTSZA %FPO-INSEG#1 %INFEED-CTSZB %INFEED-CTSZA AND %FPO-INSEG#2 %FLT-OUTSEG#1 %DIV-CTS1 %INFEED-CTSZB AND %FLT-OUTSEG#1 %FLT-CTS1

Fluid System Rule 14 (N in, 1 dvt - N per node) R14

%FAI-INSEG#1 AND %DIV-INSEG#1 %FAI-OUTPTSEG %FAI-INSEG#2 AND %DIV-INSEG#2 %FAI-OUTPTSEG %FAI-INSEG#3 AND %DIV-INSEG#3 %FAI-OUTPTSEG %FAI-INSEG#4 AND %DIV-INSEG#4 %FAI-OUTPTSEG

%FAI-INSEG#5 AND %DIV-INSEG#5 %FAI-OUTPTSEG %FAI-INSEG#6 AND %DIV-INSEG#6 %FAI-OUTPTSEG FPIP-0104 Rev. 0 Page 24 of 26 ATTACHMENT 1 Sheet 4 of 4 Fluid System Modeling Rules

Fluid System Rule 15 (1 in, M of N dvt - 1 per node) R15

%FAI-INPUTSEG AND %DIV-INPUTSEG %FAO-INPUTSEG

%FAO-INPUTSEG M/N %FAI-OUTSEG#1 %FAI-OUTSEG#2 %FAI-OUTSEG#3 %FAI-OUTSEG#4 %FAI-OUTSEG#5 %FAI-OUTSEG#6

Fluid System Rule 16 (1 source - 1 per node) R16

%FPO-ENDSEG OR %FLT-ENDSEG %FPO-ENDSEG OR %FLT-ENDSEG %FPO-ENDSEG OR %FLT-ENDSEG %FPO-ENDSEG OR %FLT-ENDSEG

Fluid System Rule 17 (1 sink - 1 per node) R17

%FAI-ENDSEG OR %DIV-ENDSEG %FAI-ENDSEG OR %DIV-ENDSEG %FAI-ENDSEG OR %DIV-ENDSEG %FAI-ENDSEG OR %DIV-ENDSEG

Segment Component %FLTs %FLTS

%FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX %FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX %FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX %FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX

%FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX %FLT-SGT TAB SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX *

Segment Diversion DIV

%DIV-SGT AND SOICOMP-TYP-XX SOICOMP-TYP-XX FAY-SOICOMP-TYP FAY-SOICOMP-TYP %FAY-SOICOMP-TYP OR SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX %FAY-SOICOMP-TYP OR SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX SOICOMP-TYP-XX

FPIP-0104 Rev. 0 Page 25 of 26 ATTACHMENT 2 Sheet 1 of 1 Standard Nomenclature for Naming Gates Standard nomenclature for naming gates and individual components has been used to make the augmented FTL file and CAFTA model easier to understand, and assess the impact of failures. Gate names for individual components use the following format. (S)COMP_ID-(Suffix) (S) Represents a prefix that that determines how data is loaded into the augmented fault tree file as it is processed by the FSSPM (prefixes are not used for all gates, only those for which additional data from the SSA database are required, or for which special processing by the program are desired). COMP_ID Is the component id or tag number, taken from plant data sources. (Suffix) Is a standard suffix denoting the failure being modeled. Typical failures with their corresponding suffixes are listed below. The list below may be expanded or modified during the course of fault tree model development to suit unique or specific failures not included in the current list. Standard Component Gate fault suffixes with explanation of meaning DBF Damaged By Fire (BNP, CR3, and HNP) IFA In Fire Area (RNP only) LOA Loss of Alarm (instrumentation only)

LOC Loss of Control circuits LOCP Loss of Control Power (control power from source other than motive power)

LOCW Loss of Cooling Water LODP Loss of Diversion Path (used for required mini-flow lines) LOFO Loss of Fuel Oil (for diesel engine) - also see LOSF LOI Loss of Indication (instrumentation only) LOIA Loss of Instrument Air LOP Loss of Power Supply LOSF Loss of Support - Fuel supply (for diesel engine driven components) - also see LOFO LOSL Loss of Support - Lubrication LOSV Loss of Support - Ventilation LOSA Loss of Support Air or Loss of Starting Air (for diesel engines)

LOSP Loss of Suction Path LOSW Loss of Support Water LOWR Loss of Cooling water Return flowpath LOWS Loss of Cooling water Supply flowpath SPUR Spurious operation UNAV Component is unavailable due to one or more fire induced failure modes Component Prefixes (S)

Attachment A of Reference 2.10 provides an explanation of the prefixes used in conjunction with naming basic events and gates in the Basic FTL file.

FPIP-0104 Rev. 0 Page 26 of 26 Revision Summary Sheet 1 of 1 Rev. 0 - Initial issue This procedure is the initial issuance under this Progress Energy document number, but was developed from combining the information and guidance provided in Sargent & Lundy project instructions (PI-SSA-HNP-0004 and PI-SSA-NGG-0004) that were developed under an outsourced task. Major differences between the Sargent & Lundy instructions and this document include: Context and references to who is performing the tasks in the document were change changed from Sargent & Lundy to Progress Energy. Cleaned up references. Revised Responsibilities section to delete references to S&L, and identify the responsibilities for the various Project personnel for the Fire Protection Initiatives Project. Deleted "Safe Shutdown System Calculations" (Section 9.1.5) from the S&L instructions as this was a unique activity to the S&L level of effort, and did not need to be included in the PE procedure. Deleted Section 9.4 from the S&L instructions as it addressed deliverables unique to the S&L level of effort. Added new Sections 9.3 and 9.4 to address making changes to the Basic FTL, and checking the benchmark test document once changes are made to the Basic FTL. Deleted Attachment 1 from the S&L documents as the information contained in this attachment is included in the FSSPM(D) User's Manual, elsewhere in this procedure.

ML071210337: Difference between revisions

Revision as of 02:21, 13 July 2019

Text

2.0 REFERENCES

2.0 REFERENCES

Navigation menu

ML071210337: Difference between revisions

Revision as of 02:21, 13 July 2019

Text

2.0 REFERENCES

2.0 REFERENCES

Navigation menu

Search