Information Notice 1994-20, Common-Cause Failures Due to Inadequate Design Control and Dedication: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
 
Line 14: Line 14:
| page count = 11
| page count = 11
}}
}}
{{#Wiki_filter:UNITED STATES NUCLEAR REGULATORY
{{#Wiki_filter:UNITED STATES


COMMISSION
NUCLEAR REGULATORY COMMISSION


===OFFICE OF NUCLEAR REACTOR REGULATION===
OFFICE OF NUCLEAR REACTOR REGULATION
WASHINGTON, D.C. 20555 March 17, 1994 NRC INFORMATION


NOTICE NO. 94-20: COMMON-CAUSE
WASHINGTON, D.C. 20555 March 17, 1994 NRC INFORMATION NOTICE NO. 94-20:     COMMON-CAUSE FAILURES DUE TO INADEQUATE


===FAILURES DUE TO INADEQUATE===
DESIGN CONTROL AND DEDICATION
DESIGN CONTROL AND DEDICATION


==Addressees==
==Addressees==
All holders of operating
All holders of operating licenses or construction permits for nuclear power


licenses or construction
reactors.
 
permits for nuclear power reactors.


==Purpose==
==Purpose==
This information
This information notice is being provided to alert addressees to potential
 
notice is being provided to alert addressees
 
to potential common-cause
 
failures resulting
 
from inadequate
 
design control and dedication
 
measures implemented
 
for the replacement
 
of electromechanical
 
relays with digital microprocessor-based
 
relays. It is expected that recipients
 
will review the information
 
for applicability
 
to their facilities
 
and consider actions, as appropriate, to avoid similar problems.
 
===However, suggestions===
contained
 
in this information
 
notice do not constitute
 
NRC requirements;
therefore, no specific action or written response is required.Description
 
of Circumstances
 
A common-cause
 
failure at the Beaver Valley Unit 2 Power Station rendered inoperable
 
multiple trains of a system designed to mitigate the consequences
 
of an accident.
 
On November 4, 1993, during testing of the Train A, 2-1 emergency
 
diesel generator (EDG) load sequencer, the sequencer
 
failed to automatically
 
load safety-related
 
equipment
 
onto the emergency


bus. Two suspect relays were replaced and the surveillance
common-cause failures resulting from inadequate design control and dedication


test was successfully
measures implemented for the replacement of electromechanical relays with


repeated.
digital microprocessor-based relays. It is expected that recipients will


On November 6, 1993, during surveillance
review the information for applicability to their facilities and consider


testing, the Train B, 2-2 EDG load sequencer
actions, as appropriate, to avoid similar problems. However, suggestions


failed to automatically
contained in this information notice do not constitute NRC requirements;
therefore, no specific action or written response is required.


load safety-related
==Description of Circumstances==
A common-cause failure at the Beaver Valley Unit 2 Power Station rendered


equipment
inoperable multiple trains of a system designed to mitigate the consequences


onto the emergency
of an accident. On November 4, 1993, during testing of the Train A, 2-1 emergency diesel generator (EDG) load sequencer, the sequencer failed to


bus. An NRC Augmented
automatically load safety-related equipment onto the emergency bus. Two


Inspection
suspect relays were replaced and the surveillance test was successfully


Team was sent to the site to review the circumstances
repeated. On November 6, 1993, during surveillance testing, the Train B, 2-2 EDG load sequencer failed to automatically load safety-related equipment onto


surrounding
the emergency bus. An NRC Augmented Inspection Team was sent to the site to


these events (Inspection
review the circumstances surrounding these events (Inspection Report


Report 50-412/93-81).
50-412/93-81).


Discussion
Discussion


The EDG load sequencers
The EDG load sequencers control the sequence in which safety-related equipment


control the sequence in which safety-related
starts after the EDG restores power when normal power is lost on the emergency


equipment starts after the EDG restores power when normal power is lost on the emergency busses. Timer/relays
busses. Timer/relays are used to load the safety-related equipment in six


are used to load the safety-related
discrete steps during a 1-minute period. The same type of timer/relay is also


equipment
used to reset the diesel generator load sequencer if a safety injection or a


in six discrete steps during a 1-minute period. The same type of timer/relay
9403110132    PbR    'tE      V40Nv+        9u-oCo            Cqc3I


is also used to reset the diesel generator
u3/\


load sequencer
IN 0,-0O


if a safety injection
March 17, 1994 containment isolation Phase B signal is received. Resetting the load


or a 9403110132 PbR 'tE V40Nv+ 9u-oCo Cqc3I u3/\
sequencer allows necessary emergency core cooling system equipment to be
IN 0,-0O March 17, 1994 containment


isolation
loaded. The load sequencers originally used electromechanical timer/relays


Phase B signal is received.
to generate the timed steps and sequencer reset function. The electro- mechanical timer/relays were replaced with microprocessor-based timer/relays


Resetting
during the second refueling outage, in November 1990. Each train of the load


the load sequencer
sequencer has eight Model 365A digital microprocessor-based timer/relays


allows necessary
manufactured by Automatic Timer Controls Inc. The timer/relays were purchased


emergency
as commercial-grade items and dedicated for safety-related service.


core cooling system equipment
A review of these events indicated that the microprocessor-based timer/relay


to be loaded. The load sequencers
failed as a result of the voltage spikes that were generated by the auxiliary


originally
relay coil controlled by the timer/relay. The voltage spikes, also referred


used electromechanical
to as "inductive kicks," were generated when the timer/relay time-delay


timer/relays
contacts interrupted the current to the auxiliary relay coil. These spikes


to generate the timed steps and sequencer
then arced across the timer/relay contacts. This arcing, in conjunction with


reset function.
the inductance and wiring capacitance, generated fast electrical noise


The electro-mechanical
transients called "arc showering" (electromagnetic interference). The peak


timer/relays
voltage noise transient changes as a function of the breakdown voltage of the


were replaced with microprocessor-based
contact gap, which changes as the contacts move apart and/or bounce. These


timer/relays
noise transients caused the microprocessor in the timer/relay to fail. The


during the second refueling
failure of the microprocessor-based timer/relay caused the time-delay contacts


outage, in November 1990. Each train of the load sequencer
to reclose shortly after they had properly opened as part of the load


has eight Model 365A digital microprocessor-based
sequencer operation. Closing the time-delay contact locked out (deenergized)
the load sequencer master relay and prevented the load sequencer from


timer/relays
operating. To correct the identified problem, the licensee installed diodes


manufactured
across the auxiliary relay coils to suppress the voltage spike that had caused


by Automatic
the microprocessor-based timer/relay failure. This modification was confirmed


Timer Controls Inc. The timer/relays
to correct the problem through successful testing of the EDG load sequencer.


were purchased as commercial-grade
The design control for the selection and review for suitability of the


items and dedicated
microprocessor timer/relays for this application was not adequate. The


for safety-related
modification design data did not identify the potential for voltage spiking by


service.A review of these events indicated
the auxiliary relays and translate that potential into electromagnetic


that the microprocessor-based
interference requirements for the equipment purchase specification and the


timer/relay
dedication testing specification. As a result of inadequate design control, a


failed as a result of the voltage spikes that were generated
common-cause failure mechanism was introduced into the diesel generator load


by the auxiliary relay coil controlled
sequencers.


by the timer/relay.
This event highlights the need to ensure proper design control activities when


The voltage spikes, also referred to as "inductive
replacing discrete component electrical or electromechanical devices with


kicks," were generated
digital microprocessor-based electronic devices. Specifically, the event


when the timer/relay
IN 9"-iO


time-delay
March 17, 1994 shows that safety-significant, common-mode failures can occur when the design


contacts interrupted
review does not ensure that the digital, microprocessor-based replacement


the current to the auxiliary
equipment is compatible for the specific application and service environment.


relay coil. These spikes then arced across the timer/relay
This information notice requires no specific action or written response. If


contacts.
you have any questions about the information in this notice, please contact


This arcing, in conjunction
one of the technical contacts listed below or the appropriate Office of


with the inductance
Nuclear Reactor Regulation (NRR) project manager.


and wiring capacitance, generated
Brian K. Grimes, Director


fast electrical
Division of Operating Reactor Support


noise transients
Office of Nuclear Reactor Regulation


called "arc showering" (electromagnetic
Technical contacts:  John Calvert, RI


interference).
(610) 337-5194 Eric Lee, NRR


The peak voltage noise transient
(301) 504-3201 Attachment:


changes as a function of the breakdown
===List of Recently Issued NRC Information Notices===


voltage of the contact gap, which changes as the contacts move apart and/or bounce. These noise transients
Attk.-hment


caused the microprocessor
IN 94-20
                                                          March 17, 1994 LIST OF RECENTLY ISSUED


in the timer/relay
NRC INFORMATION NOTICES


to fail. The failure of the microprocessor-based
Information                                    Date of


timer/relay
Notice No.            Subject                Issuance  Issued to


caused the time-delay
94-19          Emergency Diesel                03/16/94  All holders of OLs or CPs


contacts to reclose shortly after they had properly opened as part of the load sequencer
Generator Vulnerability                    for nuclear power reactors.


operation.
to Failure from Cold


Closing the time-delay
Fuel Oil


contact locked out (deenergized)
94-18          Accuracy of Motor-              03/16/94  All holders of OLs or CPs
the load sequencer


master relay and prevented
Operated Valve Diag-                      for nuclear power reactors.


the load sequencer
nostic Equipment


from operating.
(Responses to Sup- plement 5 to Generic


To correct the identified
Letter 89-10)
94-17          Strontium-90 Eye Appli-        03/11/94  All U.S. Nuclear Regulatory


problem, the licensee installed
cators: Submission of                      Commission Medical Use


diodes across the auxiliary
Quality Management Plan                    Licensees.


relay coils to suppress the voltage spike that had caused the microprocessor-based
(QMP), Calibration, and


timer/relay
Use


failure. This modification
94-16          Recent Incidents Resulting      03/03/94  All U.S. Nuclear Regulatory


was confirmed to correct the problem through successful
in Offsite Contamination                  Commission material and fuel


testing of the EDG load sequencer.
cycle licensees.


The design control for the selection
94-15          Radiation Exposures during      03/02/94  All U.S. Nuclear Regulatory


and review for suitability
an Event Involving a Fixed                Commission licensees author- Nuclear Gauge                              ized to possess, use, manu- facture, or distribute


of the microprocessor
industrial nuclear gauges.


timer/relays
94-14          Failure to Implement          02/24/94  All holders of OLs or CPs


for this application
Requirements for Biennial                  for nuclear power and non- Medical Examinations and                  power reactors and all


was not adequate.
Notification to the NRC                    licensed reactor operators


The modification
of Changes in Licensed                    and senior reactor


design data did not identify the potential
Operator Medical Conditions                operators.


for voltage spiking by the auxiliary
92-36,          Intersystem LOCA              02/22/94  All holders of OLs or CPs


relays and translate
Supp. 1        Outside Containment                        for nuclear power reactors.


that potential
OL = Operating License


into electromagnetic
CP = Construction Permit


interference
IN4-20
                                                          March 17, 1994 shows that safety-significant, common-mode failures can occur when the design


requirements
review does not ensure that the digital, microprocessor-based replacement


for the equipment
equipment is compatible for the specific application and service environment.


purchase specification
This information notice requires no specific action or written response. If


and the dedication
you have any questions about the information in this notice, please contact


testing specification.
one of the technical contacts listed below or the appropriate Office of


As a result of inadequate
Nuclear Reactor Regulation (NRR) project manager.                  odginal signed by


design control, a common-cause
Brian K. Grimes, Director Brian LGnmeI


failure mechanism
Division of Operating Reactor Support


was introduced
Office of Nuclear Reactor Regulation


into the diesel generator
Technical contacts:        John Calvert, RI


load sequencers.
(610) 337-5194 Eric Lee, NRR


This event highlights
(301) 504-3201 Attachment:


the need to ensure proper design control activities
===List of Recently Issued Information Notices===
*SEE PREVIOUS CONCURRENCE


when replacing
OFFICE      *OGCB        *TECH ED.      *REGION I    *REGION I    l *REGION I


discrete component
NAME      CVHodge      RSanders      JCalvert      JTrapp          JWiggins


electrical
DATE      0126/94      01/25/94      01/26/94      01/26/94        01/26/94
  *HICB/DRC H    *C:HICB/NRR      ;*D:DSSA/NRR    *AC:OC/R        D:D


or electromechanical
ELee            JSWermiel        ACThadani      AJKugler


devices with digital microprocessor-based
01/21/94        01/27/94          02/14/94      02/07/94        03/// /94
                                                    *D:DRIL/NRR


electronic
CERossi


devices. Specifically, the event
03/01/94 DOCUMENT NAME:    94-20.IN


IN 9"-iO March 17, 1994 shows that safety-significant, common-mode
-IN4-XX


failures can occur when the design review does not ensure that the digital, microprocessor-based
February xx, 1994 shows that safety-significant, common-mode failures can occur when the design


replacement
review does not ensure that the digital, microprocessor-based replacement


equipment
equipment is compatible for the specific application and service environment.


is compatible
This information notice requires no specific action or written response. If


for the specific application
you have any questions about the information in this notice, please contact


and service environment.
one of the technical contacts listed below or the appropriate Office of


This information
Nuclear Reactor Regulation (NRR) project manager.


notice requires no specific action or written response.
Brian K. Grimes, Director


If you have any questions
Division of Operating Reactor Support


about the information
Office of Nuclear Reactor Regulation


in this notice, please contact one of the technical
Technical Contacts:                John Calvert, Region I


contacts listed below or the appropriate
(610) 337-5194 Eric Lee, NRR


Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
(301) 504-3201 Attachments:          1. List of Recently Issued Information Notices


===Reactor Support Office of Nuclear Reactor Regulation===
*SFF PRFVTOUS CONCURRENCE
Technical


contacts:
OFFICE          *OGCB          *TECH ED.      *REGION I      *REGION I        *REGION I
John Calvert, RI (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachment:
List of Recently Issued NRC Information


Notices
NAME            CVHodge        RSanders        JCalvert        JTrapp          JWiggins


Attk.-hment
DATE            01/26/94        01/25/94        01/26/94        01/26/94        01/26/94
  *HICB/DRCH            *C:HICB/NRR        l D:DSSA/NRR ,    *AC:OGCB/NRR        D:DORS/NRR


IN 94-20 March 17, 1994 LIST OF RECENTLY ISSUED NRC INFORMATION
ELee                  JSWermiel            ACThadaniW      AJKugler            BKGrimes


NOTICES Information
01/27/94              01/27/94            02/J/94        02/07/94            02/  /94 lAMIIMFNT Mr.        fl0TI1VFIV    TNIIF          fQ,    .            g 1 I            AA]
                                                                                                  Vd


Date of Notice No. Subject Issuance Issued to 94-19 94-18 94-17 94-16 94-15 Emergency
Uvvu%1JLII I Urs


Diesel Generator
1IL.      LO A MLLI  . .- w          bCO  I


===Vulnerability===
~~ 4,~A-     _              onuV
to Failure from Cold Fuel Oil Accuracy of Motor-Operated Valve Diag-nostic Equipment (Responses


to Sup-plement 5 to Generic Letter 89-10)Strontium-90
IN i4-XX
Eye Appli-cators: Submission


of Quality Management
February xx, 1994 shows that safety-significant, common-mode failures can occur when the design


Plan (QMP), Calibration, and Use Recent Incidents
review does not ensure that the digital, microprocessor-based replacement


===Resulting in Offsite Contamination===
equipment is compatible for the specific application and service environment.
Radiation


Exposures
This information notice requires no specific action or written response. If


during an Event Involving
you have any questions about the information in this notice, please contact


a Fixed Nuclear Gauge Failure to Implement Requirements
one of the technical contacts listed below or the appropriate Office of


for Biennial Medical Examinations
Nuclear Reactor Regulation (NRR) project manager.


and Notification
Brian K. Grimes, Director


to the NRC of Changes in Licensed Operator Medical Conditions
Division of Operating Reactor Support


Intersystem
Office of Nuclear Reactor Regulation


===LOCA Outside Containment===
Technical Contacts:          John Calvert, Region I
03/16/94 03/16/94 03/11/94 03/03/94 03/02/94 02/24/94 02/22/94 All holders of OLs or CPs for nuclear power reactors.All holders of OLs or CPs for nuclear power reactors.All U.S. Nuclear Regulatory


Commission
(610) 337-5194 Eric Lee, NRR


Medical Use Licensees.
(301) 504-3201 Attachments:    1. List of Recently Issued Information Notices


===All U.S. Nuclear Regulatory===
*SEE PREVIOUS CONCURRENCE
Commission


material and fuel cycle licensees.
OFFICE    *OGCB          *TECH ED.       *REGION I      *REGION I      *REGION I


===All U.S. Nuclear Regulatory===
NAME      CVHodge          RSanders      JCalvert      JTrapp        JWiggins
Commission


licensees
DATE      01/26/94        01/25/94      01/26/94      01/26/94      01/26/94
  *HICB/DRCH      *C:HICB/NRR        I AC:OGCB/NRR  I D:DORS/NRR


author-ized to possess, use, manu-facture, or distribute
ELee            JSWermiel            AJKuglert! I BKGrimes


industrial
01/27/94        01/27/94              02/ 1/94      I 02/  /94
                        .^^.  .s                                  _ DAIw


nuclear gauges.All holders of OLs or CPs for nuclear power and non-power reactors and all licensed reactor operators and senior reactor operators.
W CUMLNI NAML:  UIlKLLAY.Nl-


All holders of OLs or CPs for nuclear power reactors.94-14 92-36, Supp. 1 OL = Operating
I


License CP = Construction
IN 94-XX


Permit
February xx,  1994 electronic devices.              Specifically, the event shows that safety- significant, common-mode failures can occur when the design


IN 4-20 March 17, 1994 shows that safety-significant, common-mode
review does not ensure that the digital, microprocessor-based


failures can occur when the design review does not ensure that the digital, microprocessor-based
replacement equipment is compatible for the specific application
 
replacement
 
equipment
 
is compatible
 
for the specific application


and service environment.
and service environment.


This information
This information notice requires no specific action or written


notice requires no specific action or written response.
response.       If you have any questions about the information in


If you have any questions
this notice, please contact one of the technical contacts listed


about the information
below or the appropriate Office of Nuclear Reactor Regulation


in this notice, please contact one of the technical
(NRR) project manager.


contacts listed below or the appropriate
Brian K. Grimes, Director


Office of Nuclear Reactor Regulation (NRR) project manager. odginal signed by Brian K. Grimes, Director Brian LGnmeI Division of Operating
Division of Operating Reactor


===Reactor Support Office of Nuclear Reactor Regulation===
Support
Technical


contacts: John Calvert, RI (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachment:
Office of Nuclear Reactor
List of Recently Issued Information


Notices*SEE PREVIOUS CONCURRENCE
Regulation


OFFICE *OGCB *TECH ED. *REGION I *REGION I l *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 0126/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRC
Technical Contacts: John Calvert, Region I


H *C:HICB/NRR
(610) 337-5194 Eric Lee, NRR


;*D:DSSA/NRR
(301) 504-3201 Attachments:         1. List of Recently Issued


*AC:OC/R D:D ELee JSWermiel
Information Notices


ACThadani
*SEE PREVIOUS CONCURRENCE


AJKugler 01/21/94 01/27/94 02/14/94 02/07/94 03/// /94*D:DRIL/NRR
OFFICE      *OGCB            *TECH ED.      *REGION I    *REGION I  *REGION I


CERossi 03/01/94 DOCUMENT NAME: 94-20.IN
NAME         CVHodge        RSanders        JCalvert    JTrapp      JWiggins


-IN4-XX February xx, 1994 shows that safety-significant, common-mode
DATE        01/26/94      j  01/25/94      01/26/94      01/26/94    01/26/94 I            I


failures can occur when the design review does not ensure that the digital, microprocessor-based
IELee


replacement
*HICB/DRCH I*C:HICB/NRR


equipment
01/27/94 JSWermiel


is compatible
01/27/94 C:OGCB/NRR


for the specific application
GHMarcus


and service environment.
01/  /94 D:DORS/NRR


This information
BKGrimes


notice requires no specific action or written response.
01/  /94 TTTt .l~m      _
              X 1SF._    o    Tb  V1 T T--
  VLkCUM!;N'1  iAmzI;:    Ul~x.t!;LAYX.J.NJV


If you have any questions
Is ,
                                                          IN 94-XX


about the information
February xx, 1994 This information notice requires no specific action or written


in this notice, please contact one of the technical
response.  If you have any questions about the information in


contacts listed below or the appropriate
this notice, please contact one of the technical contacts listed


Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
below or the appropriate Office of Nuclear Reactor Regulation


===Reactor Support Office of Nuclear Reactor Regulation===
(NRR) project manager.
Technical


Contacts: John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:
Brian K. Grimes, Director
1. List of Recently Issued Information


Notices*SFF PRFVTOUS CONCURRENCE
Division of Operating Reactor


OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRCH
Support


*C:HICB/NRR
Office of Nuclear Reactor


l D:DSSA/NRR , *AC:OGCB/NRR
Regulation


D:DORS/NRR
Technical Contacts: John Calvert, Region I


ELee JSWermiel
(610) 337-5194 Eric Lee, NRR


ACThadaniW
(301) 504-3201 Attachments:    1. List of Recently Issued


AJKugler BKGrimes 01/27/94 01/27/94 02/J/94 02/07/94 02/ /94 lAMIIMFNT
Information Notices


Mr. fl0TI1VFIV
-
      *SEE PREVIOUS CONCURRENCE


TNIIF fQ, .g 1 I AA]Vd Uvvu%1JLII
OFFICE  *OGCB      *TECH ED.     *REGION I    *REGION I  *REGION I


I Urs 1IL.LO A MLLI ..-w bCO I~~ 4,~ A- _onuV
NAME    CVHodge    RSanders      JCalvert    JTrapp      JWiggins


IN i4-XX February xx, 1994 shows that safety-significant, common-mode
DATE    01/26/94    01/25/94      01/26/94    101/26/94.  01/26/94
        *HICB/DRCH .C:1JI1P1v/4R      C:OGCB/NRR  D:DORS/NRR


failures can occur when the design review does not ensure that the digital, microprocessor-based
E~ee    JS/f'm    t 'P


replacement
ELee                        I GHMarcus    BKGrimes


equipment
01/27/94    0
                    01/2.7/94        01/  /94    01/  /94 UDOUMENT NAME:      1GRELAY.INF


is compatible
I


for the specific application
IN 94-XX


and service environment.
February xx,      1994 This information notice requires no specific action or written


This information
response.      If you have any questions about the information in


notice requires no specific action or written response.
this notice, please contact one of the technical contacts listed


If you have any questions
below or the appropriate Office of Nuclear Reactor Regulation


about the information
(NRR) project manager.


in this notice, please contact one of the technical
Brian K. Grimes, Director


contacts listed below or the appropriate
Division of Operating Reactor


Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
Support


===Reactor Support Office of Nuclear Reactor Regulation===
Office of Nuclear Reactor
Technical


Contacts: John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:
Regulation
1. List of Recently Issued Information


Notices*SEE PREVIOUS CONCURRENCE
Technical Contacts: John Calvert, Region I


OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRCH
(610) 337-5194 Eric Lee, NRR


*C:HICB/NRR
(301) 504-3201 Attachments:         1. List of Recently Issued


I AC:OGCB/NRR
Information Notices


I D:DORS/NRR
'e.Az*VVV 1  4                        eCmewwr


ELee JSWermiel
Iosubi


AJKuglert!
i
I BKGrimes 01/27/94 01/27/94 02/ 1/94 I 02//94.^^. .s _ DAIw W CUMLNI NAML: UIlKLLAY.Nl- I IN 94-XX February xx, 1994 electronic


devices. Specifically, the event shows that safety-significant, common-mode
*SET      W


failures can occur when the design review does not ensure that the digital, microprocessor-based
DrTAT1T    t"(WrTTDDPWNOT                                        £4
  -
      --              --                            e'u'  Im v          :@F-F -    WII  VW


replacement
OFFICE    OGCB    V    *TECH ED.  REGION I            REGION I      REGION I


equipment
NAME      CVHodge        RSanders    JCalvert            JTrapp        JWiggins


is compatible
DATE___  0        94    01/25/94    01_//94              01/2. /94      01/ZL/94 HICB/DRCH      C:HICB/NRR      C:OGCB/NRR          D:DORS/NRR


for the specific application
E44Le      jJSWermiel        GHlarcus            BKGrimes


and service environment.
01/77/94      01/ /94          01/  /94        [01/      /94 DOCUMENT NAME:          DIGRELAY.INF


This information
*SEE PREVIOUS CONCURRENCE
 
notice requires no specific action or written response.
 
If you have any questions
 
about the information
 
in this notice, please contact one of the technical
 
contacts listed below or the appropriate
 
Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
 
===Reactor Support Office of Nuclear Reactor Regulation===
Technical
 
Contacts:
John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:
1. List of Recently Issued Information
 
Notices*SEE PREVIOUS CONCURRENCE
 
OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 j 01/25/94 01/26/94 01/26/94 01/26/ 94*HICB/DRCH
 
I*C:HICB/NRR
 
I C:OGCB/NRR
 
I D:DORS/NRR
 
IELee JSWermiel
 
GHMarcus BKGrimes 01/27/94 01/27/94 01/ /94 01/ /94 TT Tt .l~m X 1SF._ _ o Tb V1 T T--VLkCUM!;N'1 iAmzI;: Ul~x.t!;LAYX.J.NJV
 
Is , IN 94-XX February xx, 1994 This information
 
notice requires no specific action or written response.
 
If you have any questions
 
about the information
 
in this notice, please contact one of the technical
 
contacts listed below or the appropriate
 
Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
 
===Reactor Support Office of Nuclear Reactor Regulation===
Technical
 
Contacts:
John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:
1. List of Recently Issued Information
 
Notices*SEE PREVIOUS CONCURRENCE
 
-OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 101/26/94.
 
01/26/94*HICB/DRCH
 
.C:1JI1P1v/4R
 
C:OGCB/NRR
 
D:DORS/NRR
 
E~ee JS/f'm t 'P ELee I GHMarcus BKGrimes 01/27/94 0 01/2.7/94
01/ /94 01/ /94 UDOUMENT NAME: 1GRELAY.INF
 
I IN 94-XX February xx, 1994 This information
 
notice requires no specific action or written response.
 
If you have any questions
 
about the information


in this notice, please contact one of the technical
OFFICE   OGCB           TECH ED.         REGION I           REGION I   REGION I
 
contacts listed below or the appropriate
 
Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating
 
===Reactor Support Office of Nuclear Reactor Regulation===
Technical
 
Contacts:
John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:
1. List of Recently Issued Information
 
Notices'e.Az*VVV
 
1 £4 eCmewwr bi Iosu i*SET W DrTAT1T t"(WrTTDDPWNOT
 
---- -- e'u' Im v :@F-F -WI I VW OFFICE OGCB V *TECH ED. REGION I REGION I REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE___ 0 94 01/25/94 01_//94 01/2. /94 01/ZL/94 HICB/DRCH C:HICB/NRR
 
C:OGCB/NRR
 
D:DORS/NRR
 
E44Le j JSWermiel
 
GHlarcus BKGrimes 01/77/94 01/ /94 01/ /94 [01/ /94 DOCUMENT NAME: DIGRELAY.INF
 
*SEE PREVIOUS CONCURRENCE


OFFICE OGCB TECH ED. REGION I REGION I REGION I NAME CVHodge %L4k JCalvert JTrapp JWiggins DATE 01/ /94 01/'f/94 01/ /94 01/ /94 01/ /94_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 5I HICB/DRCH C:HICB/NRR
NAME     CVHodge         %L4k             JCalvert           JTrapp     JWiggins


IC:OGCB/NRR
DATE    01/   /94      01/'f/94          01/        /94      01/  /94    01/  /94
              _  _ _ _ _ __ _ __ _ _  _ _ _ _  _ _ _ _  _ _ _          5I


D:DORS/NRR
HICB/DRCH      C:HICB/NRR          IC:OGCB/NRR          D:DORS/NRR


ELee JSWermiel
ELee         JSWermiel             GHMarcus            BKGrimes


GHMarcus BKGrimes 01/ /94 01/ /94 01/ /94 01/ /94 DOCUMENT NAME: DIGRELAY.INF}}
01/ /94       01/   /94           01/     /94         01/   /94 DOCUMENT NAME:     DIGRELAY.INF}}


{{Information notice-Nav}}
{{Information notice-Nav}}

Latest revision as of 04:27, 24 November 2019

Common-Cause Failures Due to Inadequate Design Control and Dedication
ML031060589
Person / Time
Site: Beaver Valley, Millstone, Hatch, Monticello, Calvert Cliffs, Dresden, Davis Besse, Peach Bottom, Browns Ferry, Salem, Oconee, Nine Mile Point, Palisades, Palo Verde, Perry, Indian Point, Fermi, Kewaunee, Catawba, Harris, Wolf Creek, Saint Lucie, Point Beach, Oyster Creek, Watts Bar, Hope Creek, Grand Gulf, Cooper, Sequoyah, Byron, Pilgrim, Arkansas Nuclear, Three Mile Island, Braidwood, Susquehanna, Summer, Prairie Island, Columbia, Seabrook, Brunswick, Surry, Limerick, North Anna, Turkey Point, River Bend, Vermont Yankee, Crystal River, Haddam Neck, Ginna, Diablo Canyon, Callaway, Vogtle, Waterford, Duane Arnold, Farley, Robinson, Clinton, South Texas, San Onofre, Cook, Comanche Peak, Yankee Rowe, Maine Yankee, Quad Cities, Humboldt Bay, La Crosse, Big Rock Point, Rancho Seco, Zion, Midland, Bellefonte, Fort Calhoun, FitzPatrick, McGuire, LaSalle, Fort Saint Vrain, Shoreham, Satsop, Trojan, Atlantic Nuclear Power Plant  Entergy icon.png
Issue date: 03/17/1994
From: Grimes B
Office of Nuclear Reactor Regulation
To:
References
IN-94-020, NUDOCS 9403110132
Download: ML031060589 (11)
v  d  e


UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555 March 17, 1994 NRC INFORMATION NOTICE NO. 94-20: COMMON-CAUSE FAILURES DUE TO INADEQUATE

DESIGN CONTROL AND DEDICATION

Addressees

All holders of operating licenses or construction permits for nuclear power

reactors.

Purpose

This information notice is being provided to alert addressees to potential

common-cause failures resulting from inadequate design control and dedication

measures implemented for the replacement of electromechanical relays with

digital microprocessor-based relays. It is expected that recipients will

review the information for applicability to their facilities and consider

actions, as appropriate, to avoid similar problems. However, suggestions

contained in this information notice do not constitute NRC requirements;

therefore, no specific action or written response is required.

Description of Circumstances

A common-cause failure at the Beaver Valley Unit 2 Power Station rendered

inoperable multiple trains of a system designed to mitigate the consequences

of an accident. On November 4, 1993, during testing of the Train A, 2-1 emergency diesel generator (EDG) load sequencer, the sequencer failed to

automatically load safety-related equipment onto the emergency bus. Two

suspect relays were replaced and the surveillance test was successfully

repeated. On November 6, 1993, during surveillance testing, the Train B, 2-2 EDG load sequencer failed to automatically load safety-related equipment onto

the emergency bus. An NRC Augmented Inspection Team was sent to the site to

review the circumstances surrounding these events (Inspection Report

50-412/93-81).

Discussion

The EDG load sequencers control the sequence in which safety-related equipment

starts after the EDG restores power when normal power is lost on the emergency

busses. Timer/relays are used to load the safety-related equipment in six

discrete steps during a 1-minute period. The same type of timer/relay is also

used to reset the diesel generator load sequencer if a safety injection or a

9403110132 PbR 'tE V40Nv+ 9u-oCo Cqc3I

u3/\

IN 0,-0O

March 17, 1994 containment isolation Phase B signal is received. Resetting the load

sequencer allows necessary emergency core cooling system equipment to be

loaded. The load sequencers originally used electromechanical timer/relays

to generate the timed steps and sequencer reset function. The electro- mechanical timer/relays were replaced with microprocessor-based timer/relays

during the second refueling outage, in November 1990. Each train of the load

sequencer has eight Model 365A digital microprocessor-based timer/relays

manufactured by Automatic Timer Controls Inc. The timer/relays were purchased

as commercial-grade items and dedicated for safety-related service.

A review of these events indicated that the microprocessor-based timer/relay

failed as a result of the voltage spikes that were generated by the auxiliary

relay coil controlled by the timer/relay. The voltage spikes, also referred

to as "inductive kicks," were generated when the timer/relay time-delay

contacts interrupted the current to the auxiliary relay coil. These spikes

then arced across the timer/relay contacts. This arcing, in conjunction with

the inductance and wiring capacitance, generated fast electrical noise

transients called "arc showering" (electromagnetic interference). The peak

voltage noise transient changes as a function of the breakdown voltage of the

contact gap, which changes as the contacts move apart and/or bounce. These

noise transients caused the microprocessor in the timer/relay to fail. The

failure of the microprocessor-based timer/relay caused the time-delay contacts

to reclose shortly after they had properly opened as part of the load

sequencer operation. Closing the time-delay contact locked out (deenergized)

the load sequencer master relay and prevented the load sequencer from

operating. To correct the identified problem, the licensee installed diodes

across the auxiliary relay coils to suppress the voltage spike that had caused

the microprocessor-based timer/relay failure. This modification was confirmed

to correct the problem through successful testing of the EDG load sequencer.

The design control for the selection and review for suitability of the

microprocessor timer/relays for this application was not adequate. The

modification design data did not identify the potential for voltage spiking by

the auxiliary relays and translate that potential into electromagnetic

interference requirements for the equipment purchase specification and the

dedication testing specification. As a result of inadequate design control, a

common-cause failure mechanism was introduced into the diesel generator load

sequencers.

This event highlights the need to ensure proper design control activities when

replacing discrete component electrical or electromechanical devices with

digital microprocessor-based electronic devices. Specifically, the event

IN 9"-iO

March 17, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical contacts: John Calvert, RI

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachment:

List of Recently Issued NRC Information Notices

Attk.-hment

IN 94-20

March 17, 1994 LIST OF RECENTLY ISSUED

NRC INFORMATION NOTICES

Information Date of

Notice No. Subject Issuance Issued to

94-19 Emergency Diesel 03/16/94 All holders of OLs or CPs

Generator Vulnerability for nuclear power reactors.

to Failure from Cold

Fuel Oil

94-18 Accuracy of Motor- 03/16/94 All holders of OLs or CPs

Operated Valve Diag- for nuclear power reactors.

nostic Equipment

(Responses to Sup- plement 5 to Generic

Letter 89-10)

94-17 Strontium-90 Eye Appli- 03/11/94 All U.S. Nuclear Regulatory

cators: Submission of Commission Medical Use

Quality Management Plan Licensees.

(QMP), Calibration, and

Use

94-16 Recent Incidents Resulting 03/03/94 All U.S. Nuclear Regulatory

in Offsite Contamination Commission material and fuel

cycle licensees.

94-15 Radiation Exposures during 03/02/94 All U.S. Nuclear Regulatory

an Event Involving a Fixed Commission licensees author- Nuclear Gauge ized to possess, use, manu- facture, or distribute

industrial nuclear gauges.

94-14 Failure to Implement 02/24/94 All holders of OLs or CPs

Requirements for Biennial for nuclear power and non- Medical Examinations and power reactors and all

Notification to the NRC licensed reactor operators

of Changes in Licensed and senior reactor

Operator Medical Conditions operators.

92-36, Intersystem LOCA 02/22/94 All holders of OLs or CPs

Supp. 1 Outside Containment for nuclear power reactors.

OL = Operating License

CP = Construction Permit

IN4-20

March 17, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager. odginal signed by

Brian K. Grimes, Director Brian LGnmeI

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical contacts: John Calvert, RI

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachment:

List of Recently Issued Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I l *REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE 0126/94 01/25/94 01/26/94 01/26/94 01/26/94

  • HICB/DRC H *C:HICB/NRR  ;*D:DSSA/NRR *AC:OC/R D:D

ELee JSWermiel ACThadani AJKugler

01/21/94 01/27/94 02/14/94 02/07/94 03/// /94

  • D:DRIL/NRR

CERossi

03/01/94 DOCUMENT NAME: 94-20.IN

-IN4-XX

February xx, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachments: 1. List of Recently Issued Information Notices

  • SFF PRFVTOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94

  • HICB/DRCH *C:HICB/NRR l D:DSSA/NRR , *AC:OGCB/NRR D:DORS/NRR

ELee JSWermiel ACThadaniW AJKugler BKGrimes

01/27/94 01/27/94 02/J/94 02/07/94 02/ /94 lAMIIMFNT Mr. fl0TI1VFIV TNIIF fQ, . g 1 I AA]

Vd

Uvvu%1JLII I Urs

1IL. LO A MLLI . .- w bCO I

~~ 4,~A- _ onuV

IN i4-XX

February xx, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachments: 1. List of Recently Issued Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94

  • HICB/DRCH *C:HICB/NRR I AC:OGCB/NRR I D:DORS/NRR

ELee JSWermiel AJKuglert! I BKGrimes

01/27/94 01/27/94 02/ 1/94 I 02/ /94

.^^. .s _ DAIw

W CUMLNI NAML: UIlKLLAY.Nl-

I

IN 94-XX

February xx, 1994 electronic devices. Specifically, the event shows that safety- significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based

replacement equipment is compatible for the specific application

and service environment.

This information notice requires no specific action or written

response. If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachments: 1. List of Recently Issued

Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE 01/26/94 j 01/25/94 01/26/94 01/26/94 01/26/94 I I

IELee

  • HICB/DRCH I*C:HICB/NRR

01/27/94 JSWermiel

01/27/94 C:OGCB/NRR

GHMarcus

01/ /94 D:DORS/NRR

BKGrimes

01/ /94 TTTt .l~m _

X 1SF._ o Tb V1 T T--

VLkCUM!;N'1 iAmzI;: Ul~x.t!;LAYX.J.NJV

Is ,

IN 94-XX

February xx, 1994 This information notice requires no specific action or written

response. If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachments: 1. List of Recently Issued

Information Notices

-

  • SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE 01/26/94 01/25/94 01/26/94 101/26/94. 01/26/94

  • HICB/DRCH .C:1JI1P1v/4R C:OGCB/NRR D:DORS/NRR

E~ee JS/f'm t 'P

ELee I GHMarcus BKGrimes

01/27/94 0

01/2.7/94 01/ /94 01/ /94 UDOUMENT NAME: 1GRELAY.INF

I

IN 94-XX

February xx, 1994 This information notice requires no specific action or written

response. If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194 Eric Lee, NRR

(301) 504-3201 Attachments: 1. List of Recently Issued

Information Notices

'e.Az*VVV 1 4 eCmewwr

Iosubi

i

  • SET W

DrTAT1T t"(WrTTDDPWNOT £4

-

-- -- e'u' Im v  :@F-F - WII VW

OFFICE OGCB V *TECH ED. REGION I REGION I REGION I

NAME CVHodge RSanders JCalvert JTrapp JWiggins

DATE___ 0 94 01/25/94 01_//94 01/2. /94 01/ZL/94 HICB/DRCH C:HICB/NRR C:OGCB/NRR D:DORS/NRR

E44Le jJSWermiel GHlarcus BKGrimes

01/77/94 01/ /94 01/ /94 [01/ /94 DOCUMENT NAME: DIGRELAY.INF

  • SEE PREVIOUS CONCURRENCE

OFFICE OGCB TECH ED. REGION I REGION I REGION I

NAME CVHodge %L4k JCalvert JTrapp JWiggins

DATE 01/ /94 01/'f/94 01/ /94 01/ /94 01/ /94

_ _ _ _ _ __ _ __ _ _ _ _ _ _ _ _ _ _ _ _ _ 5I

HICB/DRCH C:HICB/NRR IC:OGCB/NRR D:DORS/NRR

ELee JSWermiel GHMarcus BKGrimes

01/ /94 01/ /94 01/ /94 01/ /94 DOCUMENT NAME: DIGRELAY.INF


Retrieved from "https://kanterella.com/w/index.php?title=Information_Notice_1994-20,_Common-Cause_Failures_Due_to_Inadequate_Design_Control_and_Dedication&oldid=2201183"