|
|
| Line 18: |
Line 18: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:Edward R. Pigott fa DUKE Site Vice President McGuire Nuclear Station | | {{#Wiki_filter:}} |
| ~ ENERGY Duke Energy MG01VP l 12700 Hagers Ferry Road Huntersville, NC 28078 o: 980.875.4111 Edward.Pigott@duke-energy.com February 16, 2023 Serial: RA-18-0190 10 CFR 50.90 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 McGuire Nuclear Station, Units 1 and 2 Docket Nos. 50-369 and 50-370, Renewed License Nos. NPF-9 and NPF-17
| |
| | |
| ==Subject:==
| |
| License Amendment Request to Revise Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times RITSTF Initiative 4b Ladies and Gentlemen:
| |
| In accordance with the provisions of Section 50.90 of Title 10 of the Code of Federal Regulations (10 CFR), Duke Energy Carolinas, LLC (Duke Energy) is submitting a request for an amendment to the Technical Specifications (TS) for McGuire Nuclear Station (MNS), Units 1 and 2.
| |
| The proposed amendment would modify TS requirements to permit the use of Risk-Informed Completion Times in accordance with Technical Specifications Task Force (TSTF) Traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times RITSTF Initiative 4b (ADAMS Accession No. ML18183A493). A model safety evaluation was provided by the NRC to the TSTF on November 21, 2018 (ADAMS Accession No. ML18267A259).
| |
| * Attachment 1 provides a description and assessment of the proposed change, the requested confirmation of applicability, and plant-specific verifications.
| |
| * Attachment 2 provides the existing TS pages marked up to show the proposed changes.
| |
| * Attachment 3 provides existing TS Bases pages marked up to show the proposed changes and is provided for information only.
| |
| * Attachment 4 provides a cross-reference between the TS included in TSTF-505, Revision 2 and the MNS plant-specific TS.
| |
| Duke Energy requests approval of the proposed license amendment 12 months following acceptance, with an implementation period of 180 days.
| |
| There are no regulatory commitments made in this submittal.
| |
| In accordance with 10 CFR 50.91(a)(1), Notice for Public Comment, the analysis about the issue of no significant hazards consideration using the standards in 10 CFR 50.92 is being provided to the Commission.
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 Page2 In accordance with 10 CFR 50 .91 (b)(1) , "Notice for Public Comment; State Consultation ," a copy of this application, with attachments, is being provided to the designated North Carolina Official.
| |
| Please refer any questions regarding this submittal to Mr. Ryan Treadway, Director - Nuclear Fleet Licensing , at (980) 373-5873.
| |
| I declare, under penalty of perjury, that the foregoing is true and correct. Executed on February 16, 2023.
| |
| Edward R. Pigott Site Vice President McGuire Nuclear Station Attachments:
| |
| : 1. Description and Assessment of the Proposed Change
| |
| : 2. Proposed Technical Specification Changes (Mark-Up)
| |
| : 3. Proposed Technical Specification Bases Changes (Mark-Up) (For Information Only)
| |
| : 4. Cross-Reference of TSTF-505 and MNS Technical Specifications
| |
| : 5. Proposed Facility Operating License Changes (Mark-Up)
| |
| | |
| ==Enclosures:==
| |
| : 1. List of Revised Required Actions to Corresponding PRA Functions
| |
| : 2. Information Supporting Consistency with Regulatory Guide 1.200, Revision 2
| |
| : 3. Information Supporting Technical Adequacy of PRA Models Without PRA Standards Endorsed by Regulatory Guide 1.200, Revision 2
| |
| : 4. Information Supporting Justification of Excluding Sources of Risk Not Addressed by the PRA Models
| |
| : 5. Baseline CDF and LERF
| |
| : 6. Justification of Application of At-Power PRA Models to Shutdown Modes
| |
| : 7. PRA Model Update Process
| |
| : 8. Attributes of the Real-Time Model
| |
| : 9. Key Assumptions and Sources of Uncertainty
| |
| : 10. Program Implementation
| |
| : 11. Monitoring Program
| |
| : 12. Risk Management Action Examples
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 Page 3 cc:
| |
| L. Dudes, Regional Administrator, Region II J. Klos, NRR Project Manager C. Safouri, NRC Senior Resident Inspector D. Crowley, Interim Section Chief, Radiation Protection Section, NC DHHS
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ATTACHMENT 1 DESCRIPTION AND ASSESSMENT OF THE PROPOSED CHANGE
| |
| | |
| ==1.0 DESCRIPTION==
| |
| | |
| The proposed amendment would modify the Technical Specifications (TS) requirements related to Completion Times (CTs) for Required Actions to provide the option to calculate a longer, risk-informed CT (RICT). A new program, the Risk-Informed Completion Time Program, is added to TS Section 5, Administrative Controls.
| |
| The methodology for using the RICT Program is described in NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0 (ADAMS Accession No. ML071200238), which was approved by the Nuclear Regulatory Commission (NRC) on May 17, 2007. Adherence to NEI 06-09-A is required by the RICT Program.
| |
| The proposed amendment is consistent with Technical Specifications Task Force (TSTF)
| |
| Traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b. However, only those Required Actions described in Attachment 4 and Enclosure 1, as reflected in the proposed TS mark-ups provided in Attachment 2, are proposed to be changed. This is because some of the modified Required Actions in TSTF-505 are not applicable to McGuire Nuclear Station (MNS), Units 1 and 2, and there are some plant-specific Required Actions not included in TSTF-505 that are included in this proposed amendment.
| |
| 2.0 ASSESSMENT 2.1 Applicability of Published Safety Evaluation Duke Energy has reviewed TSTF-505, Revision 2, and the model safety evaluation dated November 21, 2018 (ADAMS Accession No. ML18253A085). This review included the information provided to support TSTF-505 and the safety evaluation for NEI 06-09-A. As described in the subsequent paragraphs, Duke Energy has concluded that the technical basis is applicable to MNS, Units 1 and 2 and supports incorporation of this amendment in the MNS TS.
| |
| 2.2 Verifications and Regulatory Commitments In accordance with Section 4.0, Limitations and Conditions, of the safety evaluation for NEI 06-09-A, the following is provided:
| |
| : 1. Enclosure 1 identifies each of the TS Required Actions to which the RICT Program will apply, with a comparison of the TS functions to the functions modeled in the probabilistic risk assessment (PRA) of the structures, systems and components (SSCs) subject to those actions.
| |
| : 2. Enclosure 2 provides a discussion of the results of peer reviews and self-assessments conducted for the plant-specific PRA models which support the RICT Program, as discussed in Regulatory Guide (RG) 1.200, Section 4.2.
| |
| : 3. Enclosure 3 is not applicable since each PRA model used for the RICT Program is addressed using a standard endorsed by the NRC.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190
| |
| : 4. Enclosure 4 provides appropriate justification for excluding sources of risk not addressed by the PRA models.
| |
| : 5. Enclosure 5 provides the plant-specific baseline core damage frequency (CDF) and large early release frequency (LERF) to confirm that the potential risk increases allowed under the RICT Program are acceptable.
| |
| : 6. Enclosure 6 is not applicable since the RICT Program is not being applied to shutdown modes.
| |
| : 7. Enclosure 7 provides a discussion of Duke Energys programs and procedures that assure the PRA models that support the RICT Program are maintained consistent with the as-built, as-operated plant.
| |
| : 8. Enclosure 8 provides a description of how the baseline PRA model, which calculates average annual risk, is evaluated and modified to assess real-time configuration risk, and describes the scope of, and quality controls applied to the real-time model.
| |
| : 9. Enclosure 9 provides a discussion of how the key assumptions and sources of uncertainty in the PRA models were identified, and how their impact on the RICT Program was assessed and dispositioned.
| |
| : 10. Enclosure 10 provides a description of the implementing programs and procedures regarding the plant staff responsibilities for the RICT Program implementation, including risk management action (RMA) implementation.
| |
| : 11. Enclosure 11 provides a description of the implementation and monitoring program as described in NEI 06-09-A, Section 2.3.2, Step 7.
| |
| : 12. Enclosure 12 provides a description of the process to identify and provide RMAs.
| |
| 2.3 Optional Variations Duke Energy is proposing the following variations from the TS changes described in TSTF-505, Revision 2, or the applicable parts of the NRC staffs model safety evaluation dated November 21, 2018. These options were recognized as acceptable variations in TSTF-505 and the NRC model safety evaluation.
| |
| Note that, in a few instances, the MNS TS utilize different numbering and titles than the NUREG-1431, Standard Technical Specifications, Westinghouse Plants, on which TSTF-505 was based. These differences are administrative and do not affect the applicability of TSTF-505 to the MNS TS. Attachment 4 is a cross-reference that provides a comparison between the Required Actions included in TSTF-505 and the MNS Required Actions included in this license amendment request. The attachment includes a summary description of the referenced Required Actions, which is provided for information purposes only and is not intended to be a verbatim description of the Required Actions. The cross-reference identifies the following:
| |
| : 1. MNS Required Actions that have identical numbers to the corresponding NUREG-1431 Required Actions are not variations from TSTF-505, except for administrative variations (if any) such as formatting. These variations are administrative with no impact on the NRC model safety evaluation dated November 21, 2018.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190
| |
| : 2. MNS Actions that have different numbering than the NUREG-1431 Actions are an administrative variation from TSTF-505 with no impact on the NRC model safety evaluation dated November 21, 2018.
| |
| : 3. For NUREG-1431 Required Actions that are not contained in the MNS TS, the corresponding TSTF-505 mark-ups for the Required Actions are not applicable to MNS.
| |
| This is an administrative variation from TSTF-505 with no impact on the NRC model safety evaluation dated November 21, 2018.
| |
| : 4. The model application provided in TSTF-505, Revision 2 includes an attachment for revised (clean) TS pages reflecting the proposed changes. MNS is not including such an attachment due to the number of TS pages included in this submittal that have the potential to be affected by other unrelated license amendment requests and the straightforward nature of the proposed changes. Providing only mark-ups of the proposed TS changes satisfies the requirements of 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit, in that the mark-ups fully describe the changes desired. This is an administrative deviation from TSTF-505 with no impact on the NRC model safety evaluation dated November 21, 2018.
| |
| : 5. With the issuance of MNS license amendment numbers 314 and 293 (ADAMS Accession No. ML19126A030), the CT for one inoperable emergency diesel generator (DG) (currently TS 3.8.1, Condition B, Required Action B.6) was extended from 72 hours to 14 days.
| |
| However, with the proposed amendment to apply the RICT Program to the TS Action for one inoperable emergency DG, Duke Energy proposes to return to a front stop CT of 72 hours.
| |
| Additionally, the supplemental alternating current (AC) power source (i.e., Emergency Supplemental Power Source or ESPS) that was added to TS 3.8.1, Required Action B.5 by amendment numbers 314 and 293 as defense-in-depth for the CT extension in accordance with Branch Technical Position 8-8 is no longer needed for a return to a 72-hour front stop CT. Therefore, TS 3.8.1, Required Action B.5 is proposed to be deleted. With the proposed change, there will no longer be a 14-day CT, which is dependent upon ESPS availability, for an inoperable emergency DG. The front stop will be 72 hours with no regard for the status of ESPS. It is true that ESPS will continue to be available as defense-in-depth, but it would not be needed to exceed the 72-hour front stop CT. The justification for a RICT being applied to re-numbered Required Action B.5 (Restore DG to OPERABLE status.) with a front stop of 72 hours is that MNS Required Action B.5 directly correlates to Required Action B.4 of TSTF-505/NUREG-1431. These proposed changes are consistent with those approved by the NRC staff for Brunswick Steam Electric Plant, Unit No. 2 by {{letter dated|date=May 2, 2022|text=letter dated May 2, 2022}} (ADAMS Accession No. ML22082A268). The emergency DGs are also explicitly modeled in the MNS PRA and thus a RICT can be directly calculated in the real-time risk model. The TS and TS Bases mark-ups in Attachments 2 and 3 reflect these proposed changes that are in addition to the proposed change in accordance with TSTF-505, Revision 2, which is to apply the RICT Program to the TS Action for one inoperable emergency DG.
| |
| Additionally, the two license conditions that were added to Appendix B, Additional Conditions, of the Units 1 and 2 facility operating licenses with the issuance of MNS license amendment numbers 314 and 293 are no longer necessary. These license conditions are regarding control of the turbine-driven auxiliary feedwater pump and other equipment as protected equipment and maintaining the PRA risk estimates within the risk acceptance guidelines of RG 1.174 and 1.177 and were required by the NRC staff for approval of the 14-day extended emergency DG CT. Since the 14-day emergency DG CT is proposed to be
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 eliminated as discussed above for implementation of the RICT Program, Duke Energy is also proposing to eliminate the two license conditions associated with MNS license amendment numbers 314 and 293. The markup of the Unit 1 and Unit 2 facility operating licenses in Attachment 5 reflects this proposed change.
| |
| : 6. MNS TS 3.4.11 (Pressurizer PORVs) contains several pages where the ACTIONS table top row header (i.e., Condition, Required Action, Completion Time) is inadvertently missing.
| |
| Duke Energy proposes to add the header to the appropriate pages. This is an administrative variation from TSTF-505 with no impact on the NRC model safety evaluation dated November 21, 2018.
| |
| : 7. The model application provided in TSTF-505, Revision 2 states the following in the markup for TS 5.5.18.e: Methods to assess the risk from extending the Completion Times must be PRA methods used to support this license amendment, The NRC staffs model safety evaluation dated November 21, 2018 has alternate phrasing: Methods to assess the risk from extending the Completion Times must be PRA methods approved for use with this program, Duke Energy has determined that the NRC phrasing is more appropriate, which is reflected in Attachment 2.
| |
| : 8. There are several plant-specific TS Actions for which MNS is proposing to apply the RICT Program that are variations from TSTF-505, Revision 2. These TS Actions are identified in Attachment 4 with additional justification provided below:
| |
| * TS 3.3.1 Reactor Trip System (RTS) Instrumentation LCO: The RTS instrumentation for each Function in Table 3.3.1-1 shall be Operable.
| |
| Table 3.3.1-1, Function 10.a: Reactor Coolant Flow-Low (Single Loop)
| |
| Condition O (re-numbered): One Reactor Coolant Flow Low (Single Loop) channel inoperable.
| |
| Proposed MNS TS 3.3.1 Condition O (old Condition N) is a plant-specific Condition not in the NUREG-1431 STS, and therefore not in TSTF-505, Revision 2. MNS has two RTS Functions for Reactor Coolant Flow - Low (Single Loop and Two Loops), whereas TSTF-505, Revision 2 has a single RTS Function for Reactor Coolant Flow - Low.
| |
| The MNS RTS has a Reactor Coolant Flow-Low (Single Loop) trip function (i.e., Function 10.a in Table 3.3.1-1) that ensures protection is provided against violating the Departure from Nucleate Boiling Ratio (DNBR) limit due to low flow in one or more Reactor Coolant System (RCS) loops, while avoiding reactor trips due to normal variations in loop flow.
| |
| Above the P-8 setpoint, which is approximately 48% rated thermal power, a loss of flow in any RCS loop will actuate a reactor trip.
| |
| Re-numbered Condition O applies to the Reactor Coolant Flow-Low (Single Loop) reactor trip Function. With one channel inoperable, re-numbered Required Action O.1 allows 72 hours for the inoperable channel to be placed in trip.
| |
| As indicated in Table E1-1 of Enclosure 1, specific channel input is not explicitly modeled in the PRA. The MNS PRA conservatively models one generic 2/3 logic input (per train)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 which feeds into the Solid State Protection System (SSPS) and can be used to represent the TS condition. The PRA success criteria are also described in Enclosure 1.
| |
| Therefore, TS 3.3.1, Table 3.3.1-1 (Function 10.a) and corresponding Condition O (re-numbered from Condition N) meet the requirements for inclusion in the RICT Program.
| |
| * TS 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation LCO: The ESFAS instrumentation for each Function in Table 3.3.2-1 shall be OPERABLE.
| |
| Table 3.3.2-1, Function 5.b.(4): Feedwater Isolation Tavg-Low Coincident with Reactor Trip (P-4)
| |
| Condition J: One channel inoperable.
| |
| NUREG-1431, and therefore TSTF-505, Revision 2, does not contain an ESFAS instrumentation function for Feedwater Isolation - Tavg-Low Coincident with Reactor Trip (P-4). Although MNS Condition J also applies to an ESFAS function which is contained in TSTF-505, Revision 2 (i.e., Turbine Trip SG Water Level High High), the Feedwater Isolation Tavg-Low Coincident with Reactor Trip (P-4) function is site-specific.
| |
| The Feedwater Isolation Tavg-Low signal provides protection against excessive cooldown, which could subsequently introduce a positive reactivity excursion after a plant trip. There are four channels of RCS Tavg-Low (one per loop), with a two-out-of-four logic required coincident with a reactor trip signal (P-4) to initiate a feedwater isolation.
| |
| Condition J applies to the Tavg-Low feedwater isolation function and with one channel inoperable, Required Action J.1 allows 72 hours to place the channel in the tripped condition.
| |
| As indicated in Table E1-1 of Enclosure 1, the Feedwater Isolation Tavg-Low instrumentation function is not modeled explicitly in the PRA. Surrogate representation as a failure of feedwater to isolate preventing auxiliary feedwater from operating as required, is used to represent this TS condition. The PRA success criteria are also described in Enclosure 1.
| |
| Therefore, TS 3.3.2, Table 3.3.2-1 (Function 5.b.(4)) and corresponding Condition J meet the requirements for inclusion in the RICT Program.
| |
| * TS 3.4.11 Pressurizer Power Operated Relief Valves (PORVs)
| |
| LCO: Each PORV and associated block valve shall be OPERABLE.
| |
| Condition J: One Train B PORV inoperable and not capable of being manually cycled AND The other Train B block valve inoperable.
| |
| Each MNS unit has three PORVs, each with an associated block valve, that are powered from two separate safety trains. Train A constitutes one PORV and an associated block valve. Train B constitutes two PORVs, each with an associated block valve. The three PORVs and their associated block valves are required to be operable for manual
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 operation to mitigate the effects associated with a steam generator tube rupture. By maintaining two PORVs, one from each train, and their associated block valves operable, the single failure criterion is satisfied. All three PORVs are required to be operable to meet RCS pressure boundary requirements. The block valves function to isolate the flow path through either a failed open PORV or a PORV with excessive leakage.
| |
| MNS TS 3.4.11 Condition J is a plant-specific Condition not in the NUREG-1431 STS, and therefore not in TSTF-505, Revision 2.
| |
| Condition J applies to one Train B PORV and the other Train B block valve (i.e., block valve associated with the Train B PORV remaining operable) inoperable. Because one Train A PORV and associated block valve remain operable for this condition, Required Actions J.3.1 and J.3.2 allow 72 hours to restore either the PORV or block valve to operable status. There is no loss of function for this condition because of the operable Train A PORV and associated block valve.
| |
| As indicated in Table E1-1 of Enclosure 1, the configuration associated with TS 3.4.11 Condition J is explicitly modeled in the MNS PRA. The PRA success criteria are also described in Enclosure 1.
| |
| Therefore, TS 3.4.11 Condition J meets the requirements for inclusion in the RICT Program.
| |
| * TS 3.8.1 AC Sources Operating LCO: The following AC electrical sources shall be OPERABLE:
| |
| : a. Two qualified circuits between the offsite transmission network and the Onsite Essential Auxiliary Power System; and
| |
| : b. Two diesel generators (DGs) capable of supplying the Onsite Essential Auxiliary Power Systems; and
| |
| : c. The qualified circuit(s) between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES); and
| |
| : d. The DG(s) from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES; AND The automatic load sequencers for Train A and Train B shall be OPERABLE.
| |
| Condition C: One LCO 3.8.1.c offsite circuit inoperable.
| |
| Condition E: Two LCO 3.8.1.a offsite circuits inoperable. OR One LCO 3.8.1.a offsite circuit that provides power to the NSWS, CRAVS, CRACWS and ABFVES inoperable and one LCO 3.8.1.c offsite circuit inoperable. OR Two LCO 3.8.1.c offsite circuits inoperable.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 7 RA-18-0190 MNS TS 3.8.1 Conditions C and E are plant-specific Conditions not in the NUREG-1431 STS, and therefore not in TSTF-505, Revision 2. TSTF-505, Revision 2 is based on NUREG-1431 for a single unit Westinghouse plant. Conditions C and E account for the fact that MNS is a dual unit plant and that the opposite unit AC sources have the capability to supply shared systems.
| |
| By {{letter dated|date=June 28, 2019|text=letter dated June 28, 2019}}, the NRC issued Amendment Numbers 314 and 293 to the Renewed Facility Operating Licenses for MNS, Units 1 and 2, respectively. The amendments approved new LCO 3.8.1 requirements for operability of opposite unit AC sources. One of the new requirements was LCO 3.8.1.c for a qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System that is necessary to supply power to shared systems. Along with these additional LCO requirements, the NRC staff approved new Conditions and Required Actions that clarify which units AC sources to which the TS Action applies.
| |
| Condition C applies to the inoperability of one LCO 3.8.1.c qualified offsite circuit (i.e.,
| |
| qualified circuit between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES). In this Condition, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. However, the remaining operable offsite circuits and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System (i.e., there is no loss of function). Required Action C.3 allows 72 hours to restore the LCO 3.8.1.c offsite circuit to operable status, which is consistent with Required Action A.3 for one LCO 3.8.1.a offsite circuit.
| |
| Condition E applies when both offsite circuits required by LCO 3.8.1.a are inoperable, or when the offsite circuit required by LCO 3.8.1.c and one offsite circuit required by LCO 3.8.1.a are concurrently inoperable, if the LCO 3.8.1.a offsite circuit is credited with providing power to the shared sysems. Condition E is also entered when two offsite circuits required by LCO 3.8.1.c are inoperable. Condition E aligns with TSTF-505, Revision 2 Condition C, except for the additional criteria to take into account opposite unit AC power sources. The MNS Required Action E.2 to restore one (of the two) inoperable offsite circuits to operable status is equivalent to Required Action C.2 of TSTF-505, Revision 2.
| |
| As indicated in Table E1-1 of Enclosure 1, the configurations associated with MNS TS 3.8.1 Conditions C and E are explicitly modeled in the MNS PRA. The PRA success criteria are also described in Enclosure 1.
| |
| Therefore, MNS TS 3.8.1 Conditions C and E meet the requirements for inclusion in the RICT Program.
| |
| Duke Energy has determined that the application of a RICT for these MNS plant-specific TS Actions is consistent with TSTF-505, Revision 2, and with the NRCs model safety evaluation dated November 21, 2018. Application of a RICT for these plant-specific TS Actions will be controlled under the proposed RICT Program. The RICT Program provides the necessary administrative controls to permit extension of CTs and thereby delay reactor shutdown or remedial actions if risk is assessed and managed within specified limits and programmatic requirements. The specified safety function or performance levels of TS required SSCs are unchanged, and the remedial actions, including the requirement to shut
| |
| | |
| U.S. Nuclear Regulatory Commission Page 8 RA-18-0190 down the reactor, are also unchanged; only the TS Action CTs may be extended within the governance of the RICT Program.
| |
| Application of a RICT will be evaluated using the methodology and probabilistic risk guidelines contained in NEI 06-09-A, Revision 0 which was approved by the NRC. The NEI 06-09-A, Revision 0 methodology includes a requirement to perform a quantitative assessment of the potential impact of the application of a RICT on risk, to reassess risk due to plant configuration changes, and to implement compensatory measures and RMAs to maintain the risk below acceptable regulatory risk thresholds.
| |
| Therefore, the proposed application of a RICT to the above MNS plant-specific TS Actions is consistent with TSTF-505, Revision 2 and with the NRC staffs model safety evaluation dated November 21, 2018.
| |
| Duke Energy has reviewed these proposed changes and determined that they do not affect the applicability of TSTF-505, Revision 2 to the MNS TS.
| |
| | |
| ==3.0 REGULATORY ANALYSIS==
| |
| | |
| 3.1 No Significant Hazards Consideration Determination Duke Energy Carolinas, LLC (Duke Energy) has evaluated the proposed changes to the Technical Specifications (TS) using the criteria in 10 CFR 50.92 and has determined that the proposed changes do not involve a significant hazards consideration.
| |
| McGuire Nuclear Station (MNS), Units 1 and 2 requests adoption of an approved change to the standard technical specifications (STS) and plant-specific TS, to modify the TS requirements related to Completion Times for Required Actions to provide the option to calculate a longer, risk-informed Completion Time. The allowance is described in a new program in Section 5.0, Administrative Controls, entitled the Risk-Informed Completion Time Program.
| |
| As required by 10 CFR 50.91(a), an analysis of the issue of no significant hazards consideration is presented below:
| |
| : 1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?
| |
| Response: No The proposed changes permit the extension of Completion Times provided the associated risk is assessed and managed in accordance with the NRC-approved Risk-Informed Completion Time Program. The proposed changes do not involve a significant increase in the probability of an accident previously evaluated because the changes involve no change to the plant or its modes of operation. The proposed changes do not increase the consequences of an accident because the design-basis mitigation function of the affected systems is not changed and the consequences of an accident during the extended Completion Time are no different from those during the existing Completion Time.
| |
| Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 9 RA-18-0190
| |
| : 2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?
| |
| Response: No The proposed changes do not change the design, configuration, or method of operation of the plant. The proposed changes do not involve a physical alteration of the plant (no new or different kind of equipment will be installed).
| |
| Therefore, the proposed changes do not create the possibility of a new or different kind of accident from any accident previously evaluated.
| |
| : 3. Do the proposed changes involve a significant reduction in a margin of safety?
| |
| Response: No The proposed changes permit the extension of Completion Times provided that risk is assessed and managed in accordance with the NRC-approved Risk-Informed Completion Time Program. The proposed changes implement a risk-informed configuration management program to assure that adequate margins of safety are maintained. Application of these new specifications and the configuration management program considers cumulative effects of multiple systems or components being out of service and does so more effectively than the current TS.
| |
| Therefore, the proposed changes do not involve a significant reduction in a margin of safety.
| |
| Based on the above, Duke Energy concludes that the proposed changes present no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and, accordingly, a finding of "no significant hazards consideration" is justified.
| |
| 3.2 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.
| |
| | |
| ==4.0 ENVIRONMENTAL CONSIDERATION==
| |
| | |
| The proposed changes would change a requirement with respect to installation or use of a facility component located within the restricted area, as defined in 10 CFR 20, or would change an inspection or surveillance requirement. However, the proposed changes do not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed changes meet the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed changes.
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 ATTACHMENT 2 PROPOSED TECHNICAL SPECIFICATION CHANGES (MARK-UP)
| |
| [5 PAGES FOLLOW THIS COVER PAGE]
| |
| 6
| |
| | |
| Completion Times 1.3 1.3 Completion Times EXAMPLES EXAMPLE 1.3-7 (continued)
| |
| Condition A was initially entered. If Required Action A.1 is met after Condition B is entered, Condition B is exited and operation may continue in accordance with Condition A, provided the Completion Time for Required Action A.2 has not expired.
| |
| EXAMPLE 1.3-8 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One A.1 Restore subsystem 7 days subsystem to OPERABLE inoperable. status. OR In accordance with the Risk-Informed Completion Time Program B. Required B.1 Be in MODE 3. 6 hours Action and associated AND Completion Time not B.2 Be in MODE 5. 36 hours met.
| |
| When a subsystem is declared inoperable, Condition A is entered.
| |
| The 7 day Completion Time may be applied as discussed in Example 1.3-2. However, the licensee may elect to apply the Risk-Informed Completion Time Program which permits calculation of a Risk-Informed Completion Time (RICT) that may be used to complete the Required Action beyond the 7 day Completion Time. The RICT cannot exceed 30 days. After the 7 day Completion Time has expired, the subsystem must be restored to OPERABLE status within the RICT or Condition B must also be entered.
| |
| (continued)
| |
| McGuire Units 1 and 2 1.3-14 Amendment Nos. 307/286
| |
| | |
| Completion Times 1.3 1.3 Completion Times EXAMPLES EXAMPLE 1.3-8 (continued)
| |
| The Risk-Informed Completion Time Program requires recalculation of the RICT to reflect changing plant conditions. For planned changes, the revised RICT must be determined prior to implementation of the change in configuration. For emergent conditions, the revised RICT must be determined within the time limits of the Required Action Completion Time (i.e., not the RICT) or 12 hours after the plant configuration change, whichever is less.
| |
| If the 7 day Completion Time clock of Condition A has expired and subsequent changes in plant condition result in exiting the applicability of the Risk-Informed Completion Time Program without restoring the inoperable subsystem to OPERABLE status, Condition B is also entered and the Completion Time clocks for Required Actions B.1 and B.2 start.
| |
| If the RICT expires or is recalculated to be less than the elapsed time since the Condition was entered and the inoperable subsystem has not been restored to OPERABLE status, Condition B is also entered and the Completion Time clocks for Required Actions B.1 and B.2 start. If the inoperable subsystems are restored to OPERABLE status after Condition Bis entered, Conditions A and B are exited, and therefore, the Required Actions of Condition B may be terminated.
| |
| IMMEDIATE When "Immediately" is used as a Completion Time, the COMPLETION TIME Required Action should be pursued without delay and in a controlled manner.
| |
| McGuire Units 1 and 2 1.3-15 Amendment Nos. XXX/XXX I
| |
| | |
| RTS Instrumentation 3.3.1 3.3 INSTRUMENTATION 3.3.1 Reactor Trip System (RTS) Instrumentation LCO 3.3.1 The RTS instrumentation for each Function in Table 3.3.1-1 shall be OPERABLE.
| |
| APPLICABILITY: According to Table 3.3.1-1.
| |
| ACTIONS
| |
| ----------------------------------------------------------NOTE----------------------------------------------------------
| |
| Separate Condition entry is allowed for each Function.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Enter the Condition Immediately with one or more referenced in Table 3.3.1-1 required channels for the channel(s).
| |
| inoperable.
| |
| B. One Manual Reactor B.1 Restore channel to 48 hours Trip channel inoperable. OPERABLE status.
| |
| OR OR In accordance with B.2 Be in MODE 3. the Risk-Informed Completion Time Program 54 hours C. One channel or train C.1 Restore channel or train to 48 hours inoperable. OPERABLE status.
| |
| OR C.2 Open reactor trip breakers 49 hours (RTBs).
| |
| (continued)
| |
| McGuire Units 1 and 2 3.3.1-1 Amendment Nos. 184/166
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME D. One channel inoperable. ------------------NOTE-------------------
| |
| One channel may be bypassed for up to 12 hours for surveillance testing and setpoint adjustment.
| |
| D.1.1 ------------NOTE---------------
| |
| Only required to be performed when the Power Range Neutron Flux input to QPTR is inoperable Perform SR 3.2.4.2 12 hours from discovery of THERMAL POWER
| |
| > 75% RTP AND Once per 12 hours thereafter AND D.1.2 Place channel in trip. 72 hours OR OR D.2 Be in MODE 3. In accordance with the Risk-Informed Completion Time Program 78 hours (continued)
| |
| McGuire Units 1 and 2 3.3.1-2 Amendment Nos. 248/228
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME E. One channel inoperable. ------------------NOTE-------------------
| |
| One channel may be bypassed for up to 12 hours for surveillance testing.
| |
| E.1 Place channel in trip. 72 hours OR OR E.2 Be in MODE 3. In accordance with the Risk-Informed Completion Time Program 78 hours F. THERMAL POWER F.1 Reduce THERMAL 24 hours
| |
| > P-6 and < P-10, one POWER to < P-6.
| |
| Intermediate Range Neutron Flux channel OR inoperable.
| |
| F.2 Increase THERMAL 24 hours POWER to > P-10.
| |
| ------------------NOTE----------------
| |
| Limited boron concentration changes associated with RCS inventory control or limited plant temperature changes are allowed.
| |
| G. THERMAL POWER G.1 Suspend operations Immediately
| |
| > P-6 and < P-10, two involving positive reactivity Intermediate Range additions.
| |
| Neutron Flux channels inoperable. AND G.2 Reduce THERMAL 2 hours POWER to < P-6.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.3.1-3 Amendment Nos. 248/228
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME M. One channel inoperable. ------------------NOTE-------------------
| |
| One channel may be bypassed for up to 12 hours for surveillance testing.
| |
| M.1 Place channel in trip. 72 hours OR OR M.2 Reduce THERMAL In accordance with POWER to < P-7. the Risk-Informed Completion Time Program 78 hours N. Required Action and N.1 Reduce THERMAL 6 hours associated Completion POWER to < P-7.
| |
| Time of Condition M not met.
| |
| NO. One Reactor Coolant -----------------NOTE--------------------
| |
| Flow - Low (Single One channel may be bypassed for Loop) channel up to 12 hours for surveillance inoperable. testing.
| |
| NO.1 Place channel in trip. 72 hours OR OR N.2 Reduce THERMAL In accordance with POWER to < P-8. the Risk-Informed Completion Time Program 76 hours (continued)
| |
| McGuire Units 1 and 2 3.3.1-6 Amendment Nos. 250/230
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME P. Required Action and P.1 Reduce THERMAL 4 hours associated Completion POWER to < P-8.
| |
| Time of Condition O not met.
| |
| OQ. One Turbine Trip - Low ------------------NOTE-------------------
| |
| Fluid Oil Pressure One channel may be bypassed for channel inoperable. up to 12 hours for surveillance testing.
| |
| OQ.1 Place channel in trip. 72 hours OR OR O.2 Reduce THERMAL In accordance with POWER to < P-8. the Risk-Informed Completion Time Program 76 hours R. Required Action and R.1 Reduce THERMAL 4 hours associated Completion POWER to < P-8.
| |
| Time of Condition Q not met.
| |
| PS. One or more Turbine PS.1 Place channel(s) in trip. 72 hours Trip - Turbine Stop Valve Closure channels OR inoperable.
| |
| PS.2 Reduce THERMAL 76 hours POWER to < P-8.
| |
| McGuire Units 1 and 2 3.3.1-7 Amendment Nos. 248/228
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| QT. One train inoperable. ------------------NOTE-------------------
| |
| One train may be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE.
| |
| 24 hours QT.1 Restore train to OPERABLE status. OR OR In accordance with the Risk-Informed Q.2 Be in MODE 3. Completion Time Program 30 hours RU. One RTB train ------------------NOTE------------------
| |
| inoperable. One train may be bypassed for up to 4 hours for surveillance testing, provided the other train is OPERABLE.
| |
| RU.1 Restore train to OPERABLE status. 24 hours OR OR R.2 Be in MODE 3. In accordance with the Risk-Informed Completion Time Program 30 hours SV. One or more channel(s) SV.1 Verify interlock is in 1 hour inoperable. required state for existing unit conditions.
| |
| OR S.2 Be in MODE 3. 7 hours (continued)
| |
| McGuire Units 1 and 2 3.3.1-8 Amendment Nos. 248/228
| |
| | |
| RTS Instrumentation 3.3.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME TW. One or more channel(s) TW.1 Verify interlock is in 1 hour inoperable. required state for existing unit conditions.
| |
| OR T.2 Be in MODE 2. 7 hours X. Required Action and X.1 Be in MODE 2. 6 hours associated Completion Time of Condition W not met.
| |
| UY. One trip mechanism UY.1 Restore inoperable trip 48 hours inoperable for one RTB. mechanism to OPERABLE status. OR OR In accordance with the Risk-Informed U.2 Be in MODE 3. Completion Time Program 54 hours Z. Required Action and Z.1 Be in MODE 3. 6 hours associated Completion Time of Condition B, D, E, T, U, V, or Y not met.
| |
| VAA. Two RTS trains VAA.1 Enter LCO 3.0.3. Immediately inoperable.
| |
| McGuire Units 1 and 2 3.3.1-9 Amendment Nos. XXX/XXX
| |
| | |
| No technical changes this page. Pagination change only. RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 1 of 7)
| |
| Reactor Trip System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT
| |
| : 1. Manual Reactor Trip 1,2 2 B SR 3.3.1.14 NA NA 3(a), 4(a), 5(a) 2 C SR 3.3.1.14 NA NA
| |
| : 2. Power Range Neutron Flux
| |
| : a. High 1,2 4 D SR 3.3.1.1 < 110% RTP 109% RTP SR 3.3.1.2 SR 3.3.1.7 SR 3.3.1.11 SR 3.3.1.16
| |
| : b. Low 1(b),2 4 E SR 3.3.1.1 < 26% RTP 25% RTP SR 3.3.1.8 SR 3.3.1.11 SR 3.3.1.16
| |
| : 3. Power Range Neutron Flux Rate High Positive Rate 1,2 4 D SR 3.3.1.7 < 5.5% RTP 5% RTP SR 3.3.1.11 with time with time constant constant
| |
| > 2 sec > 2 sec
| |
| : 4. Intermediate Range 1(b), 2(c) 2 F,G SR 3.3.1.1 < 38% RTP 25% RTP Neutron Flux SR 3.3.1.8(j)(k)
| |
| SR 3.3.1.11(j)(k) 2(d) 2 H SR 3.3.1.1 < 38% RTP 25% RTP SR 3.3.1.8(j)(k)
| |
| SR 3.3.1.11(j)(k)
| |
| (continued)
| |
| (a) With Reactor Trip Breakers (RTBs) closed and Rod Control System capable of rod withdrawal.
| |
| (b) Below the P-10 (Power Range Neutron Flux) interlocks.
| |
| (c) Above the P-6 (Intermediate Range Neutron Flux) interlocks.
| |
| (d) Below the P-6 (Intermediate Range Neutron Flux) interlocks.
| |
| (j) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required before returning the channel to service.
| |
| (k) The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the surveillance; otherwise, the channel shall be declared inoperable. Setpoints more conservative than the NTSP are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in the UFSAR.
| |
| McGuire Units 1 and 2 3.3.1-15 Amendment Nos. 283/262
| |
| | |
| No technical changes this RTS Instrumentation page. Pagination change only.
| |
| 3.3.1 Table 3.3.1-1 (page 2 of 7)
| |
| Reactor Trip System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT
| |
| : 5. Source Range 2(d) 2 I,J SR 3.3.1.1 < 1.44 E5 cps 1.0 E5 cps Neutron Flux SR 3.3.1.8(j)(k)
| |
| SR 3.3.1.11(j)(k) 3(a), 4(a), 5(a) 2 J,K SR 3.3.1.1 < 1.44 E5 cps 1.0 E5 cps SR 3.3.1.7(j)(k)
| |
| SR 3.3.1.11(j)(k) 3(e), 4(e), 5(e) 1 L SR 3.3.1.1 N/A N/A SR 3.3.1.11
| |
| : 6. Overtemperature T 1,2 4 E SR 3.3.1.1 Refer to Note 1 Refer to SR 3.3.1.3 (Page Note 1 (Page SR 3.3.1.6 3.3.1-18) 3.3.1-18)
| |
| SR 3.3.1.7 SR 3.3.1.12 SR 3.3.1.16 SR 3.3.1.17
| |
| : 7. Overpower T 1,2 4 E SR 3.3.1.1 Refer to Note 2 Refer to SR 3.3.1.3 (Page Note 2 (Page SR 3.3.1.6 3.3.1-19) 3.3.1-19)
| |
| SR 3.3.1.7 SR 3.3.1.12 SR 3.3.1.16 SR 3.3.1.17
| |
| : 8. Pressurizer Pressure
| |
| : a. Low 1(f) 4 M SR 3.3.1.1 > 1935 psig 1945 psig SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16
| |
| : b. High 1,2 4 E SR 3.3.1.1 < 2395 psig 2385 psig SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16 (continued)
| |
| (a) With Reactor Trip Breakers (RTBs) closed and Rod Control System capable of rod withdrawal.
| |
| (d) Below the P-6 (Intermediate Range Neutron Flux) interlocks.
| |
| (e) With the RTBs open. In this condition, source range Function does not provide reactor trip but does provide indication.
| |
| (f) Above the P-7 (Low Power Reactor Trips Block) interlock.
| |
| (j) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required before returning the channel to service.
| |
| (k) The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the surveillance; otherwise, the channel shall be declared inoperable. Setpoints more conservative than the NTSP are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in the UFSAR.
| |
| McGuire Units 1 and 2 3.3.1-16 Amendment Nos. 283/262
| |
| | |
| RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 3 of 7)
| |
| Reactor Trip System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT
| |
| : 9. Pressurizer Water 1(f) 3 M SR 3.3.1.1 < 93% 92%
| |
| Level - High SR 3.3.1.7 SR 3.3.1.10
| |
| : 10. Reactor Coolant Flow - Low
| |
| : a. Single Loop 1(g) 3 per loop NO SR 3.3.1.1 > 87% 88%
| |
| SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16
| |
| : b. Two Loops 1(h) 3 per loop M SR 3.3.1.1 > 87% 88%
| |
| SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16
| |
| : 11. Undervoltage RCPs 1(f) 1 per bus M SR 3.3.1.9 > 4870 V 5082 V SR 3.3.1.10(j)(k)
| |
| SR 3.3.1.16
| |
| : 12. Underfrequency 1(f) 1 per bus M SR 3.3.1.9 > 55.9 Hz 56.4 Hz RCPs SR 3.3.1.10(j)(k)
| |
| SR 3.3.1.16
| |
| : 13. Steam Generator 1,2 4 per SG E SR 3.3.1.1 > 15% 16.7%
| |
| (SG) Water Level - SR 3.3.1.7 Low Low SR 3.3.1.10 SR 3.3.1.16
| |
| : 14. Turbine Trip
| |
| : a. Low Fluid Oil 1(g) 3 OQ SR 3.3.1.10 > 42 psig 45 psig Pressure SR 3.3.1.15
| |
| : b. Turbine Stop 1(g) 4 PS SR 3.3.1.10 > 1% open > 1% open Valve Closure SR 3.3.1.15
| |
| : 15. Safety Injection (SI) 1,2 2 trains QT SR 3.3.1.5 NA NA Input from SR 3.3.1.14 Engineered Safety Feature Actuation System (ESFAS)
| |
| (continued)
| |
| (f) Above the P-7 (Low Power Reactor Trips Block) interlock.
| |
| (g) Above the P-8 (Power Range Neutron Flux) interlock.
| |
| (h) Above the P-7 (Low Power Reactor Trips Block) interlock and below the P-8 (Power Range Neutron Flux) interlock.
| |
| (j) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required before returning the channel to service.
| |
| (k) The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the surveillance; otherwise, the channel shall be declared inoperable. Setpoints more conservative than the NTSP are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in the UFSAR.
| |
| McGuire Units 1 and 2 3.3.1-17 Amendment Nos. 287/266
| |
| | |
| RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 4 of 7)
| |
| Reactor Trip System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT
| |
| : 16. Reactor Trip System Interlocks
| |
| : a. Intermediate 2(d) 2 SV SR 3.3.1.11 > 6.6E-6% RTP 1E-5% RTP Range Neutron SR 3.3.1.13 Flux, P-6
| |
| : b. Low Power 1 1 per train TW SR 3.3.1.5 NA NA Reactor Trips Block, P-7
| |
| : c. Power Range 1 4 TW SR 3.3.1.11 < 49% RTP 48% RTP Neutron Flux, SR 3.3.1.13 P-8
| |
| : d. Power Range 1,2 4 SV SR 3.3.1.11 > 7% RTP and 10% RTP Neutron Flux, SR 3.3.1.13 < 11% RTP P-10
| |
| : e. Turbine Inlet 1 2 TW SR 3.3.1.12 < 11% turbine 10% turbine Pressure, P-13 SR 3.3.1.13 inlet pressure inlet pressure equivalent equivalent
| |
| : 17. Reactor Trip 1,2 2 trains RU, VAA SR 3.3.1.4 NA NA Breakers(i) 3(a), 4(a), 5(a) 2 trains C SR 3.3.1.4 NA NA
| |
| : 18. Reactor Trip Breaker 1,2 1 each per UY SR 3.3.1.4 NA NA Undervoltage and RTB Shunt Trip Mechanisms 3(a), 4(a), 5(a) 1 each per C SR 3.3.1.4 NA NA RTB
| |
| : 19. Automatic Trip Logic 1,2 2 trains QT, VAA SR 3.3.1.5 NA NA 3(a), 4(a), 5(a) 2 trains C SR 3.3.1.5 NA NA (a) With RTBs closed and Rod Control System capable of rod withdrawal.
| |
| (d) Below the P-6 (Intermediate Range Neutron Flux) interlocks.
| |
| (i) Including any reactor trip bypass breakers that are racked in and closed for bypassing on RTP.
| |
| McGuire Units 1 and 2 3.3.1-18 Amendment Nos. 283/262
| |
| | |
| ESFAS Instrumentation 3.3.2 3.3 INSTRUMENTATION 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation LCO 3.3.2 The ESFAS instrumentation for each Function in Table 3.3.2-1 shall be OPERABLE.
| |
| APPLICABILITY: According to Table 3.3.2-1.
| |
| ACTIONS
| |
| ---------------NOTE---------------
| |
| Separate Condition entry is allowed for each Function.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Enter the Condition Immediately with one or more referenced in Table 3.3.2-1 required channels or for the channel(s) or trains inoperable. train(s).
| |
| B. One channel or train 8.1 Restore channel or train to 48 hours inoperable. OPERABLE status.
| |
| OR GR In accordance with B.2.1 Be iA MQge d. the Risk-Informed Completion Time ANG Program B.2.2 Be iA MQge a.
| |
| §4 hours 84 hours (continued)
| |
| McGuire Units 1 and 2 3.3.2-1 Amendment Nos. 184/166
| |
| | |
| ESFAS Instrumentation 3.3.2 A CTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. One train inoperable. C.1 NOTE One train may be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE.
| |
| Restore train to 24 hours OPERABLE status.
| |
| OR GR In accordance with G.2.~ Be iR MGQE 3. the Risk-Informed Completion Time ANO Program G.2.2 Be iR MGQE a.
| |
| 30 hours eO hours D. One channel inoperable. D.1 NOTE One channel may be bypassed for up to 12 hours for surveillance testing.
| |
| Place channel in trip. 72 hours GR OR Q.2A Be iR MGQE 3. In accordance with the Risk-Informed ANO Completion Time Program Q.2.2 Be iR MGQE 4.
| |
| 78 hours 84 hours (continued)
| |
| McGuire Units 1 and 2 3.3.2-2 Amendment Nos. 2§0/230
| |
| | |
| ESFAS Instrumentation 3.3.2 A CTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME E. One Containment E.1 NOTE Pressure channel One additional channel inoperable. may be bypassed for up to 12 hours for surveillance testing.
| |
| Place channel in bypass. 72 hours GR E.2.1 Be in MODE 3. 78 hours ANQ E.2.2 Be in MODE 4. 84 hours F. One channel or train F.1 Restore channel or train to 48 hours inoperable. OPERABLE status.
| |
| OR GR In accordance with F.2.1 Be in MODE 3. the Risk-Informed Completion Time ANQ Program F.2.2 Be in MODE 4.
| |
| 54 hours eQ hours G. One Steam Line G.1 Restore channel to 48 hours Isolation Manual OPERABLE status.
| |
| Initiation - individual channel inoperable. OR G.2 Declare associated steam 48 hours line isolation valve inoperable.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.3.2-3 Amendment Nos. 24 8/228
| |
| | |
| ESFAS Instrumentation 3.3.2 A CTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME H. One train inoperable. H.1 NOTE One train may be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE.
| |
| Restore train to 24 hours OPERABLE status.
| |
| OR GR In accordance with l=CU Be iR MGQE 3. the Risk-Informed Completion Time ANO Program l=t2.2 Be iR MGQE 4.
| |
| 30 hours 3e hours I. One train inoperable. 1.1 NOTE One train may be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE.
| |
| Restore train to 24 hours OPERABLE status.
| |
| OR GR In accordance with 1.2 Be iR MGQE 3. the Risk-Informed Completion Time Program 30 hours (continued)
| |
| McGuire Units 1 and 2 3.3.2-4 Amendment Nos. 24 8/228
| |
| | |
| ESFAS Instrumentation 3.3.2 A CTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME J. One channel inoperable. J.1 NOTE One channel may be bypassed for up to 12 hours for surveillance testing.
| |
| Place channel in trip. 72 hours GR OR J .2 Be iA MGmi~ d. In accordance with the Risk-Informed Completion Time Program
| |
| +8 R9~FS K. One Main Feedwater K.1 Place channel in trip. 1 hours Pumps trip channel inoperable. GR K.2 Be iA MQge d. +R9~FS L. One required channel in L.1 Restore the inoperable 72 hours one train of Doghouse train to OPERABLE status.
| |
| Water Level-High High inoperable. OR 73 hours L.2 Perform continuous monitoring of Doghouse water level.
| |
| M. Two trains of Doghouse M.1 Perform continuous 1 hour Water Level-High High monitoring of Doghouse inoperable. water level..
| |
| (continued)
| |
| McGuire Units 1 and 2 3.3.2-5 Amendment Nos. 24 8/228
| |
| | |
| ESFAS Instrumentation 3.3.2 A CTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME Q. One channel inoperable. Q.1 Verify interlock is in 1 hour required state for existing unit condition.
| |
| OR Q.2.1 Be in MODE 3. 7 hours ANO Q.2.2 Be in MODE 4. a 1 hours R. One or more R.1 Declare affected supported Immediately Containment Pressure system inoperable.
| |
| Control System channel(s) inoperable.
| |
| S. Required Action and S.1 Be in MODE 3. 6 hours associated Completion Time of Condition B or C AND not met.
| |
| S.2 Be in MODE 5. 36 hours ST. Required Action and ST. 1 Be in MODE 3. 6 hours associated Completion Time of Condition D, E, AND F, H, P, or Q not met.
| |
| ST.2 Be in MODE 4. 12 hours
| |
| : u. Required Action and U.1 Be in MODE 3. 6 hours associated Completion Time of Condition I, J, or Knot met.
| |
| McGuire Units 1 and 2 3.3.2-7 Amendment Nos. 198/179
| |
| | |
| ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 5 of 6)
| |
| Engineered Safety Feature Actuation System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT
| |
| : 6. Auxiliary Feedwater (continued)
| |
| : e. Trip of all Main 1,2 1 perMFW K SR 3.3.2.7 NA NA Feedwater Pumps pump SR 3.3.2.9
| |
| : f. Auxiliary 1,2,3 2 per MOP, N,O SR 3.3.2.7(a)(b) ~ 6.5 psig 7.0 psig Feedwater Pump 4 perTDP SR 3.3.2.S(a)(b)
| |
| Suction Transfer SR 3.3.2.9 ~ 7.5 psig 8.0 psig on Suction (2A MOP (2A MOP Pressure - Low only) only)
| |
| : 7. Automatic Switchover to Containment Sump
| |
| : a. Refueling Water 1,2,3 3 P,ST SR 3.3.2.1 ~ 92.3 inches 95 inches Storage Tank SR 3.3.2.3(a)(b)
| |
| (RWST) Level - SR 3.3.2.S(a)(b)
| |
| Low SR 3.3.2.9 Coincident with Refer to Function 1 (Safety Injection) for all initiation functions and requirements.
| |
| Safety Injection (continued)
| |
| (a) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required before returning the channel to service.
| |
| (b) The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the surveillance; otherwise, the channel shall be declared inoperable.
| |
| Setpoints more conservative than the NTSP are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in the UFSAR.
| |
| NOTE 1: The Trip Setpoint for the Containment Pressure Control System start permissive/termination (SPIT) shall be
| |
| ~ 0.3 psig and ~ 0.4 psig. The allowable value for the SPIT shall be ~ 0.25 psig and ~ 0.45 psig.
| |
| McGuire Units 1 and 2 3.3.2-14 Amendment Nos. 293/272
| |
| | |
| LOP DG Start Instrumentation 3.3.5 3.3 INSTRUMENTATION 3.3.5 Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation LCO 3.3.5 Three channels per bus of the loss of voltage Function and three channels per bus of the degraded voltage Function shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4, When associated DG is required to be OPERABLE by LCO 3.8.2, "AC Sources Shutdown."
| |
| ACTIONS
| |
| ----------------------------------------------------------NOTE-----------------------------------------------------------
| |
| Separate Condition entry is allowed for each Function.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Place channel in trip. 6 hours with one channel per bus inoperable. OR In accordance with the Risk-Informed Completion Time Program B. One or more Functions B.1 Restore all but one channel 1 hour with two or more to OPERABLE status.
| |
| channels per bus OR inoperable.
| |
| ----------NOTE----------
| |
| Not applicable when a loss of function occurs In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.3.5-1 Amendment Nos. 184/166
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. One Train A PORV -----------------NOTE--------------------
| |
| inoperable and not Required Actions C.1 and C.2 are capable of being not applicable to a PORV made manually cycled inoperable by Required Action H.2.
| |
| C.1 Close associated block 1 hour valve.
| |
| AND C.2 Remove power from 1 hour associated block valve.
| |
| AND C.3 Restore PORV to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.4.11-2 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME D. Two Train B PORVs ------------------NOTE-------------------
| |
| inoperable and not Required Actions D.1 and D.2 are capable of being not applicable to PORVs made manually cycled. inoperable by Required Action I.2.
| |
| D.1 Close associated block 1 hour valves.
| |
| AND D.2 Remove power from 1 hour associated block valves.
| |
| AND D.3 Restore one PORV to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.4.11-3 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME E. Required Action and E.1 Be in MODE 3. 6 hours associated Completion Time of Condition A, B, AND C or D not met.
| |
| E.2 Be in MODE 4. 12 hours F. Three PORVs F.1 Close associated block 1 hour inoperable and not valves.
| |
| capable of being manually cycled. AND F.2 Remove power from 1 hour associated block valves.
| |
| AND F.3 Be in MODE 3. 6 hours AND F.4 Be in MODE 4. 12 hours G. One Train B block ------------------NOTE-------------------
| |
| valve inoperable. Required Actions G.1 and G.2 are not applicable to a block valve made inoperable by Required Action B.2.
| |
| G.1 Place associated PORV 1 hour switch in closed position and verify PORV closed.
| |
| AND G.2 Remove power from 1 hour associated PORV.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.4.11-4 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME H. One Train A block ------------------NOTE-------------------
| |
| valve inoperable. Required Actions H.1 and H.2 are not applicable to a block valve made inoperable by Required Action C.2.
| |
| H.1 Place associated PORV 1 hour switch in closed position and verify PORV closed.
| |
| AND H.2 Remove power from 1 hour associated PORV.
| |
| AND H.3 Restore block valve to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.4.11-5 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME I. Two Train B block ------------------NOTE-------------------
| |
| valves inoperable. Required Actions I.1 and I.2 are not applicable to block valves made inoperable by Required Action D.2.
| |
| I.1 Place associated PORV 1 hour switches in closed position and verify PORVs closed.
| |
| AND I.2 Remove power from 1 hour associated PORVs.
| |
| AND I.3 Restore one block valve to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.4.11-6 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME J. One Train B PORV J.1 Perform Required Actions 1 hour inoperable and not B.1 and B.2.
| |
| capable of being manually cycled AND AND J.2 Perform Required Actions 1 hour G.1 and G.2.
| |
| The other Train B block valve inoperable. AND J.3.1 Restore PORV to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time OR Program J.3.2 Restore block valve to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.4.11-7 Amendment Nos. 311/290
| |
| | |
| Pressurizer PORVs 3.4.11 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME K. Three block valves ------------------NOTE-------------------
| |
| inoperable. Required Action K.1 is not applicable to block valves made inoperable by Required Action F.2.
| |
| K.1 Place associated PORV 1 hour switches in closed position and verify PORVs closed.
| |
| AND K.2 Restore one block valve to 2 hours OPERABLE status.
| |
| L. Required Action and L.1 Be in MODE 3. 6 hours associated Completion Time of Condition G, AND H, I, J or K not met.
| |
| L.2 Be in MODE 4. 12 hours McGuire Units 1 and 2 3.4.11-8 Amendment Nos. 311/290
| |
| | |
| ECCS Operating 3.5.2 3.5 EMERGENCY CORE COOLING SYSTEMS (ECCS) 3.5.2 ECCS Operating LCO 3.5.2 Two ECCS trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, and 3.
| |
| -----------------------------------------NOTE------------------------------------------------
| |
| In MODE 3, both safety injection (SI) pump or RHR pump flow paths may be isolated by closing the isolation valves for up to 2 hours to perform pressure isolation valve testing per SR 3.4.14.1.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One or more trains A.1 Restore train(s) to 72 hours inoperable. OPERABLE status.
| |
| OR AND In accordance with At least 100% of the the Risk-Informed ECCS flow equivalent to Completion Time a single OPERABLE Program ECCS train available.
| |
| B. Required Action and B.1 Be in MODE 3. 6 hours associated Completion Time not met. AND B.2 Be in MODE 4. 12 hours McGuire Units 1 and 2 3.5.2-1 Amendment Nos. 316/295
| |
| | |
| Containment Air Locks 3.6.2 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. One or more C.1 Initiate action to evaluate Immediately containment air locks overall containment inoperable for reasons leakage rate per other than Condition A LCO 3.6.1.
| |
| or B.
| |
| AND C.2 Verify a door is closed in 1 hour the affected air lock.
| |
| AND C.3 Restore air lock to 24 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program D. Required Action and D.1 Be in MODE 3. 6 hours associated Completion Time not met. AND D.2 Be in MODE 5. 36 hours McGuire Units 1 and 2 3.6.2-4 Amendment No. 184/166
| |
| | |
| Containment Isolation Valves 3.6.3 3.6 CONTAINMENT SYSTEMS 3.6.3 Containment Isolation Valves LCO 3.6.3 Each containment isolation valve shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS
| |
| -----------------------------------------------------------NOTES--------------------------------------------------------
| |
| : 1. Penetration flow path(s) except for containment purge supply and/or exhaust isolation valves for the lower compartment, upper compartment, and incore instrument room may be unisolated intermittently under administrative controls.
| |
| : 2. Separate Condition entry is allowed for each penetration flow path.
| |
| : 3. Enter applicable Conditions and Required Actions for systems made inoperable by containment isolation valves.
| |
| : 4. Enter applicable Conditions and Required Actions of LCO 3.6.1, "Containment," when isolation valve leakage results in exceeding the overall containment leakage rate acceptance criteria.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. -------------NOTE----------- A.1 Isolate the affected 4 hours Only applicable to penetration flow path by penetration flow paths use of at least one closed OR with two containment and de-activated automatic isolation valves. valve, closed manual In accordance with
| |
| -------------------------------- valve, blind flange, or the Risk-Informed check valve inside Completion Time One or more penetration containment with flow Program flow paths with one through the valve secured.
| |
| containment isolation valve inoperable except AND for purge valve or reactor building bypass leakage not within limit.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.6.3-1 Amendment Nos. 243/224
| |
| | |
| Containment Isolation Valves 3.6.3 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. (continued) A.2 ------------NOTES--------------
| |
| : 1. Isolation devices in high radiation areas may be verified by use of administrative means.
| |
| : 2. Isolation devices that are locked, sealed, or otherwise secured may be verified by use of administrative means.
| |
| Verify the affected Once per 31 days penetration flow path is following isolation for isolated. isolation devices outside containment AND Prior to entering MODE 4 from MODE 5 if not performed within the previous 92 days for isolation devices inside containment B. ------------NOTE------------ B.1 Isolate the affected 1 hour Only applicable to penetration flow path by penetration flow paths use of at least one closed with two containment and de-activated automatic isolation valves. valve, closed manual
| |
| -------------------------------- valve, or blind flange.
| |
| One or more penetration flow paths with two containment isolation valves inoperable except for purge valve or reactor building bypass leakage not within limit.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.6.3-2 Amendment Nos. 298/277
| |
| | |
| Containment Isolation Valves 3.6.3 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. ------------NOTE------------ C.1 Isolate the affected 72 hours Only applicable to penetration flow path by penetration flow paths use of at least one closed OR with only one and de-activated automatic containment isolation valve, closed manual In accordance with valve and a closed valve, or blind flange. the Risk-Informed system. Completion Time
| |
| -------------------------------- AND Program One or more penetration C.2 -----------NOTES------------
| |
| flow paths with one 1. Isolation devices in high containment isolation radiation areas may be valve inoperable. verified by use of administrative means.
| |
| : 2. Isolation devices that are locked, sealed, or otherwise secured may be verified by use of administrative means.
| |
| Verify the affected Once per 31 days penetration flow path is following isolation isolated.
| |
| D. Reactor building bypass D.1 Restore leakage within 4 hours leakage not within limit. limit.
| |
| E. One or more penetration E.1 Isolate the affected 24 hours flow paths with one or penetration flow path by more containment purge use of at least one closed valves not within purge and de-activated automatic valve leakage limits. valve, closed manual valve, or blind flange.
| |
| AND (continued)
| |
| McGuire Units 1 and 2 3.6.3-3 Amendment Nos. 298/277
| |
| | |
| Containment Spray System 3.6.6 3.6 CONTAINMENT SYSTEMS 3.6.6 Containment Spray System LCO 3.6.6 Two containment spray trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One containment spray A.1 Restore containment spray 72 hours train inoperable. train to OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 3. 6 hours associated Completion Time not met. AND B.2 Be in MODE 5. 84 hours SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.6.6.1 -----------------------------------NOTE--------------------------------
| |
| Not required to be met for system vent flow paths opened under administrative control.
| |
| Verify each containment spray manual and power In accordance with operated valve in the flow path that is not locked, sealed, the Surveillance or otherwise secured in position is in the correct position. Frequency Control Program (continued)
| |
| McGuire Units 1 and 2 3.6.6-1 Amendment Nos. 316/295
| |
| | |
| HMS 3.6.9 3.6 CONTAINMENT SYSTEMS 3.6.9 Hydrogen Mitigation System (HMS)
| |
| LCO 3.6.9 Two HMS trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1 and 2.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One HMS train A.1 Restore HMS train to 7 days inoperable. OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time OR Program A.2 Perform SR 3.6.9.1 on the Once per 7 days OPERABLE train.
| |
| B. One containment region B.1 Restore one hydrogen 7 days with no OPERABLE ignitor in the affected hydrogen ignitor. containment region to OR OPERABLE status.
| |
| In accordance with the Risk-Informed Completion Time Program C. Required Action and C.1 Be in MODE 3. 6 hours associated Completion Time not met.
| |
| McGuire Units 1 and 2 3.6.9-1 Amendment Nos. 184/166
| |
| | |
| ARS 3.6.11 3.6 CONTAINMENT SYSTEMS 3.6.11 Air Return System (ARS)
| |
| LCO 3.6.11 Two ARS trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One ARS train A.1 Restore ARS train to 72 hours inoperable. OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 3. 6 hours associated Completion Time not met. AND B.2 Be in MODE 5. 36 hours SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.6.11.1 Verify each ARS fan starts on an actual or simulated In accordance with actuation signal, after a delay of 8 minutes and the Surveillance 10 minutes, and operates for 15 minutes. Frequency Control Program (continued)
| |
| McGuire Units 1 and 2 3.6.11-1 Amendment No. 261/241
| |
| | |
| Divider Barrier Integrity 3.6.14 3.6 CONTAINMENT SYSTEMS 3.6.14 Divider Barrier Integrity LCO 3.6.14 Divider barrier integrity shall be maintained.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. ------------NOTE------------ A.1 Restore personnel access 1 hour For this action, separate doors and equipment Condition entry is hatches to OPERABLE OR allowed for each status and closed personnel access door positions. In accordance with or equipment hatch. the Risk-Informed
| |
| -------------------------------- Completion Time One or more personnel Program access doors or equipment hatches (other than one pressurizer or one steam generator enclosure hatch addressed by Condition D) open or inoperable, other than for personnel transit entry.
| |
| B. Divider barrier seal B.1 Restore seal to 1 hour inoperable. OPERABLE status.
| |
| C. Required Action and C.1 Be in MODE 3. 6 hours associated Completion Time not met. AND C.2 Be in MODE 5. 36 hours D. One pressurizer or one D.1 Restore affected hatch to 48 hours steam generator OPERABLE status and enclosure hatch open or closed position.
| |
| inoperable.
| |
| McGuire Units 1 and 2 3.6.14-1 Amendment No. 294/273
| |
| | |
| MSIVs 3.7.2 3.7 PLANT SYSTEMS 3.7.2 Main Steam Isolation Valves (MSIVs)
| |
| LCO 3.7.2 Four MSIVs shall be OPERABLE.
| |
| APPLICABILITY: MODE 1, MODES 2 and 3 except when MSIVs are closed and de-activated.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One MSIV inoperable in A.1 Restore MSIV to 8 hours MODE 1. OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 2. 6 hours associated Completion Time of Condition A not met.
| |
| C. ------------NOTE----------- C.1 Close MSIV. 8 hours Separate Condition entry is allowed for each AND MSIV.
| |
| ------------------------------- C.2 Verify MSIV is closed. Once per 7 days One or more MSIVs inoperable in MODE 2 or 3.
| |
| (continued)
| |
| McGuire Units 1 and 2 3.7.2-1 Amendment Nos. 184/166
| |
| | |
| AFW System 3.7.5 3.7 PLANT SYSTEMS 3.7.5 Auxiliary Feedwater (AFW) System LCO 3.7.5 Three AFW trains shall be OPERABLE.
| |
| ---------------------------------------------NOTE--------------------------------------------
| |
| Only one AFW train, which includes a motor driven pump, is required to be OPERABLE in MODE 4.
| |
| APPLICABILITY: MODES 1, 2, and 3, MODE 4 when steam generator is relied upon for heat removal.
| |
| ACTIONS
| |
| ---------------------------------------------NOTE------------------------------------------------------------------------
| |
| LCO 3.0.4.b is not applicable when entering MODE 1.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. One steam supply to A.1 Restore affected equipment 7 days turbine driven AFW to OPERABLE status.
| |
| pump inoperable. OR OR In accordance with the Risk-Informed
| |
| -----------NOTE------------
| |
| Completion Time Only applicable if MODE Program 2 has not been entered following refueling.
| |
| One turbine driven AFW pump inoperable in MODE 3 following refueling.
| |
| B. One AFW train B.1 Restore AFW train to 72 hours inoperable in MODE 1, 2 OPERABLE status.
| |
| or 3 for reasons other OR than Condition A.
| |
| In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.7.5-1 Amendment Nos. 322/301
| |
| | |
| CCW System 3.7.6 3.7 PLANT SYSTEMS 3.7.6 Component Cooling Water (CCW) System LCO 3.7.6 Two CCW trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One CCW train A.1 -------------NOTE--------------
| |
| inoperable. Enter applicable Conditions and Required Actions of LCO 3.4.6, "RCS Loops MODE 4,"
| |
| for residual heat removal loops made inoperable by CCW.
| |
| Restore CCW train to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 3. 6 hours associated Completion Time of Condition A not AND met.
| |
| B.2 Be in MODE 5. 36 hours McGuire Units 1 and 2 3.7.6-1 Amendment Nos. 316/295
| |
| | |
| NSWS 3.7.7 3.7 PLANT SYSTEMS 3.7.7 Nuclear Service Water System (NSWS)
| |
| LCO 3.7.7 Two NSWS trains shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One NSWS train A.1 -------------NOTES------------
| |
| inoperable. 1. Enter applicable Conditions and Required Actions of LCO 3.8.1, "AC Sources Operating,"
| |
| for emergency diesel generator made inoperable by NSWS.
| |
| : 2. Enter applicable Conditions and Required Actions of LCO 3.4.6, "RCS LoopsMODE 4," for residual heat removal loops made inoperable by NSWS.
| |
| Restore NSWS train to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.7.7-1 Amendment Nos. 316/295
| |
| | |
| No changes this page. Provided for information only.
| |
| AC Sources Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources Operating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:
| |
| : a. Two qualified circuits between the offsite transmission network and the Onsite Essential Auxiliary Power System; and
| |
| : b. Two diesel generators (DGs) capable of supplying the Onsite Essential Auxiliary Power Systems; and
| |
| : c. The qualified circuit(s) between the offsite transmission network and the opposite units Onsite Essential Auxiliary Power System necessary to supply power to the Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES); and
| |
| : d. The DG(s) from the opposite unit necessary to supply power to the NSWS, CRAVS, CRACWS and ABFVES; AND The automatic load sequencers for Train A and Train B shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ---------------------------------------------NOTE----------------------------------------------
| |
| The opposite unit electrical power sources in LCO 3.8.1.c and LCO 3.8.1.d are not required to be OPERABLE when the associated shared systems are inoperable.
| |
| McGuire Units 1 and 2 3.8.1-1 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS
| |
| ---------------------------------------------------------NOTE-------------------------------------------------------------
| |
| LCO 3.0.4.b is not applicable to DGs.
| |
| CONDITION REQUIRED ACTION COMPLETION TIME A. One LCO 3.8.1.a offsite A.1 Perform SR 3.8.1.1 for 1 hour circuit inoperable. required OPERABLE offsite circuit(s). AND Once per 8 hours thereafter AND 24 hours from A.2 Declare required feature(s) discovery of no with no offsite power offsite power to one available inoperable when train concurrent with its redundant required inoperability of feature(s) is inoperable. redundant required feature(s)
| |
| AND A.3 Restore offsite circuit to 72 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.1-2 Amendment No. 322/301
| |
| | |
| No changes this page. Provided for information only.
| |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME B. One LCO 3.8.1.b DG B.1 Verify LCO 3.8.1.d DG(s) 1 hour inoperable OPERABLE.
| |
| AND Once per 12 hours thereafter AND B.2 Perform SR 3.8.1.1 for the 1 hour required offsite circuit(s).
| |
| AND Once per 8 hours thereafter AND B.3 Declare required feature(s) 4 hours from supported by the discovery of inoperable DG inoperable Condition B when its required concurrent with redundant feature(s) is inoperability of inoperable. redundant required feature(s)
| |
| AND B.4.1 Determine OPERABLE 24 hours DG(s) is not inoperable due to common cause failure.
| |
| OR B.4.2 Perform SR 3.8.1.2 for 24 hours OPERABLE DG(s).
| |
| AND (continued)
| |
| McGuire Units 1 and 2 3.8.1-3 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME B. (continued) B.5 Evaluate availability of 1 hour Emergency Supplemental Power Source (ESPS). AND Once per 12 hours thereafter AND B.65 Restore DG to OPERABLE 72 hours from status. discovery of unavailable ESPS OR In accordance with the Risk-Informed Completion Time Program AND 24 hours from discovery of Condition B entry .....
| |
| 48 hours concurrent with unavailability of ESPS AND 14 days (continued)
| |
| McGuire Units 1 and 2 3.8.1-4 Amendment No. 322/301
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. One LCO 3.8.1.c offsite ------------------NOTE--------------------
| |
| circuit inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, Distribution Systems - Operating, when Condition C is entered with no AC power source to a train.
| |
| C.1 Perform SR 3.8.1.1 for the 1 hour required offsite circuit(s).
| |
| AND Once per 8 hours thereafter AND C.2 Declare NSWS, CRAVS, 24 hours from CRACWS or ABFVES with discovery of no no offsite power available offsite power to one inoperable when the train concurrent with redundant NSWS, CRAVS, inoperability of CRACWS or ABFVES is redundant required inoperable. feature(s)
| |
| AND C.3 Restore LCO 3.8.1.c offsite 72 hours circuit to OPERABLE status. OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.1-5 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME D. (continued) D.4.1 Determine OPERABLE 24 hours DG(s) is not inoperable due to common cause failures.
| |
| OR D.4.2 Perform SR 3.8.1.2 for 24 hours OPERABLE DG(s).
| |
| AND D.5.1 Restore LCO 3.8.1.d DG to 72 hours OPERABLE status.
| |
| OR D.5.2 Align NSWS, CRAVS, CRACWS and ABFVES supported by the 72 hours inoperable LCO 3.8.1.d DG to an OPERABLE DG.
| |
| E. Two LCO 3.8.1.a offsite E.1 Declare required feature(s) 12 hours from circuits inoperable. inoperable when its discovery of redundant required Condition E OR feature(s) is inoperable. concurrent with inoperability of One LCO 3.8.1.a offsite redundant required circuit that provides feature(s) power to the NSWS, CRAVS, CRACWS and AND ABFVES inoperable and one LCO 3.8.1.c offsite E.2 Restore one offsite circuit 24 hours circuit inoperable. to OPERABLE status.
| |
| OR OR In accordance with Two LCO 3.8.1.c offsite the Risk-Informed circuits inoperable. Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.1-7 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME F. One LCO 3.8.1.a offsite ------------------NOTE-------------------
| |
| circuit inoperable. Enter applicable Conditions and Required Actions of LCO 3.8.9, AND "Distribution Systems Operating," when Condition F is One LCO 3.8.1.b DG entered with no AC power source inoperable. to any train.
| |
| F.1 Restore offsite circuit to 12 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time OR Program F.2 Restore DG to OPERABLE 12 hours status.
| |
| OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.1-8 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| G. Two LCO 3.8.1.b DGs G.1 Restore one DG to 2 hours Inoperable. OPERABLE status.
| |
| OR LCO 3.8.1.b DG that provides power to the NSWS, CRAVS, CRACWS and ABFVES inoperable and one LCO 3.8.1.d DG inoperable.
| |
| OR Two LCO 3.8.1.d DGs inoperable.
| |
| H. One automatic load H.1 Restore automatic load 12 hours sequencer inoperable. sequencer to OPERABLE status. OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.1-9 Amendment No. 314/293
| |
| | |
| AC Sources Operating 3.8.1 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME I. Required Action and I.1 Be in MODE 3. 6 hours associated Completion Time of Condition A, C, AND E, F, G, or H not met.
| |
| I.2 Be in MODE 5. 36 hours OR Required Action and associated Completion Time of Required Action B.2, B.3, B.4.1, B.4.2, or B.6 5 not met.
| |
| OR Required Action and associated Completion Time of Required Action D.2, D.3, D.4.1, D.4.2, D.5.1, or D.5.2 not met.
| |
| J. Three or more LCO J.1 Enter LCO 3.0.3. Immediately 3.8.1.a and LCO 3.8.1.b AC sources inoperable.
| |
| OR Three or more LCO 3.8.1.c and LCO 3.8.1.d AC sources inoperable.
| |
| McGuire Units 1 and 2 3.8.1-10 Amendment No. 314/293
| |
| | |
| DC Sources - Operating 3.8.4 3.8 ELECTRICAL POWER SYSTEMS 3.8.4 DC Sources Operating LCO 3.8.4 The four channels of DC sources shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One channel of DC A.1 Restore channel of DC 2 hours source inoperable. source to OPERABLE status. OR OR In accordance with the Risk-Informed Completion Time Program A.2.1 Verify associated bus tie 2 hours breakers are closed between DC channels.
| |
| AND A.2.2 Restore channel of DC 72 hours source to OPERABLE status. OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 3. 6 hours Associated Completion Time not met. AND B.2 Be in MODE 5. 36 hours McGuire Units 1 and 2 3.8.4-1 Amendment No. 316/295
| |
| | |
| Inverters - Operating 3.8.7 3.8 ELECTRICAL POWER SYSTEMS 3.8.7 Inverters Operating LCO 3.8.7 The four required Channels of inverters shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One inverter inoperable. A.1 --------------NOTE-------------
| |
| Enter applicable Conditions and Required Actions of LCO 3.8.9, "Distribution Systems - Operating" with any vital bus de-energized.
| |
| Restore inverter to 24 hours OPERABLE status.
| |
| OR In accordance with the Risk-Informed Completion Time Program B. Required Action and B.1 Be in MODE 3. 6 hours associated Completion Time not met. AND B.2 Be in MODE 5. 36 hours McGuire Units 1 and 2 3.8.7-1 Amendment No. 261/241
| |
| | |
| Distribution Systems - Operating 3.8.9 3.8 ELECTRICAL POWER SYSTEMS 3.8.9 Distribution Systems Operating LCO 3.8.9 Train A and Train B AC, four channels of DC, and four AC vital buses electrical power distribution subsystems shall be OPERABLE.
| |
| APPLICABILITY: MODES 1, 2, 3, and 4.
| |
| ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One or more AC A.1 Restore AC electrical 8 hours electrical power power distribution distribution subsystem(s) subsystem(s) to OR inoperable. OPERABLE status.
| |
| In accordance with the Risk-Informed Completion Time Program B. One AC vital bus B.1 Restore AC vital bus 2 hours inoperable. subsystem to OPERABLE status. OR In accordance with the Risk-Informed Completion Time Program (continued)
| |
| McGuire Units 1 and 2 3.8.9-1 Amendment No. 322/301
| |
| | |
| Distribution Systems - Operating 3.8.9 ACTIONS (continued)
| |
| CONDITION REQUIRED ACTION COMPLETION TIME C. One channel of DC C.1 Restore DC channel of 2 hours electrical power electrical power distribution distribution subsystem subsystem to OPERABLE OR inoperable. status.
| |
| In accordance with the Risk-Informed Completion Time Program D. Required Action and D.1 Be in MODE 3. 6 hours associated Completion Time not met. AND D.2 Be in MODE 5. 36 hours E. Two trains with E.1 Enter LCO 3.0.3. Immediately inoperable distribution subsystems that result in a loss of safety function.
| |
| SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.8.9.1 Verify correct breaker alignments and voltage to AC, DC, In accordance with and AC vital bus electrical power distribution subsystems. the Surveillance Frequency Control Program McGuire Units 1 and 2 3.8.9-2 Amendment No. 322/301
| |
| | |
| Programs and Manuals 5.5 5.5 Programs and Manuals 5.5.17 Surveillance Frequency Control Program (continued)
| |
| : c. The provisions of Surveillance Requirements 3.0.2 and 3.0.3 are applicable to the Frequencies established in the Surveillance Frequency Control Program.
| |
| 5.5.18 Risk-Informed Completion Time Program This program provides controls to calculate a Risk-Informed Completion Time (RICT) and must be implemented in accordance with NEI 06-09-A, Revision 0, Risk-Managed Technical Specifications (RMTS) Guidelines. The program shall include the following:
| |
| : a. The RICT may not exceed 30 days;
| |
| : b. A RICT may only be utilized in MODE 1 and 2;
| |
| : c. When a RICT is being used, any change to the plant configuration, as defined in NEI 06-09-A, Appendix A, must be considered for the effect on the RICT.
| |
| : 1. For planned changes, the revised RICT must be determined prior to implementation of the change in configuration.
| |
| : 2. For emergent conditions, the revised RICT must be determined within the time limits of the Required Action Completion Time (i.e., not the RICT) or 12 hours after the plant configuration change, whichever is less.
| |
| : 3. Revising the RICT is not required if the plant configuration change would lower plant risk and would result in a longer RICT.
| |
| : d. For emergent conditions, if the extent of condition evaluation for inoperable structures, systems, or components (SSCs) is not complete prior to exceeding the Completion Time, the RICT shall account for the increased possibility of common cause failure (CCF) by either:
| |
| : 1. Numerically accounting for the increased possibility of CCF in the RICT calculation; or
| |
| : 2. Risk Management Actions (RMAs) not already credited in the RICT calculation shall be implemented that support redundant or diverse SSCs that perform the function(s) of the inoperable SSCs, and, if practicable, reduce the frequency of initiating events that challenge the function(s) performed by the inoperable SSCs.
| |
| (continued)
| |
| McGuire Units 1 and 2 5.5-16 Amendment No. 261/241
| |
| | |
| Programs and Manuals 5.5 5.5 Programs and Manuals 5.5.18 Risk-Informed Completion Time Program (continued)
| |
| : e. The risk assessment approaches and methods shall be acceptable to the NRC. The plant PRA shall be based on the as-built, as-operated, and maintained plant; and reflect the operating experience at the plant, as specified in Regulatory Guide 1.200, Revision 2. Methods to assess the risk from extending the Completion Times must be PRA methods approved for use with this program, or other methods approved by the NRC for generic use; and any change in the PRA methods to assess risk that are outside these approval boundaries require prior NRC approval.
| |
| McGuire Units 1 and 2 5.5-17 Amendment No. XXX/XXX
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 ATTACHMENT 3 PROPOSED TECHNICAL SPECIFICATION BASES CHANGES (MARK-UP)
| |
| (FOR INFORMATION ONLY)
| |
| [ PAGES FOLLOW THIS COVER PAGE]
| |
| 60
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued) per SG, etc., basis), then the Condition may be entered separately for each steam line, loop, SG, etc., as appropriate.
| |
| A channel shall be OPERABLE if the point at which the channel trips is found equal to or more conservative than the Allowable Value. In the event a channel's trip setpoint is found less conservative than the Allowable Value, or the transmitter, instrument loop, signal processing electronics, or bistable is found inoperable, then all affected Functions provided by that channel must be declared inoperable and the LCO Condition(s) entered for the protection Function(s) affected. Unless otherwise specified, if plant conditions warrant, the trip setpoint may be set outside the NOMINAL TRIP SETPOINT calibration tolerance band as long as the trip setpoint is conservative with respect to the NOMINAL TRIP SETPOINTS. If the trip setpoint is found outside the NOMINAL TRIP SETPOINT calibration tolerance band and non-conservative with respect to the NOMINAL TRIP SETPOINT, the setpoint shall be re-adjusted.
| |
| When the number of inoperable channels in a trip Function exceed those specified in one or other related Conditions associated with a trip Function, then the unit is outside the safety analysis. Therefore, LCO 3.0.3 must be immediately entered if applicable in the current MODE of operation.
| |
| Condition A applies to all RTS protection Functions. Condition A addresses the situation where one or more required channels for one or more Functions are inoperable at the same time. The Required Action is to refer to Table 3.3.1-1 and to take the Required Actions for the protection functions affected. The Completion Times are those from the referenced Conditions and Required Actions.
| |
| 8.1 and B.2 Condition B applies to the Manual Reactor Trip in MODE 1 or 2. This action addresses the train orientation of the SSPS for this Function. With one channel inoperable, the inoperable channel must be restored to OPERABLE status within 48 hours or in accordance with the Risk-Informed Completion Time Program. In this Condition, the remaining OPERABLE channel is adequate to perform the safety function.
| |
| The Completion Time of 48 hours is reasonable considering that there are two automatic actuation trains and another manual initiation channel OPERABLE, and the low probability of an event occurring during this interval.
| |
| If the Manual Reactor Trip Function cannot be restored to OPERABLE status within the allowed 48 hour Completion Time, the unit must be brought to a McGuire Units 1 and 2 B 3.3.1-27 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued)
| |
| MODE in which the requirement does not apply. To achieve this status, the unit must be brought to at least MODE 3 1.-..ithin 6 additional hours (54 hours total time). The 6 additional hours are reasonable, based on operating experience, to reach MODE 3 from full power operation in an orderly manner and 'lJithout challenging unit systems. \I\Jith the unit in MODE 3, the MODES 1 and 2 requirements for this trip function are no longer required and Condition C is entered.
| |
| C.1 and C.2 Condition C applies to the following reactor trip Functions in MODE 3, 4, or 5 with the RTBs closed and the CRD System capable of rod withdrawal :
| |
| * Manual Reactor Trip;
| |
| * RTBs;
| |
| * RTB Undervoltage and Shunt Trip Mechanisms; and
| |
| * Automatic Trip Logic.
| |
| This action addresses the train orientation of the SSPS for these Functions.
| |
| With one channel or train inoperable, the inoperable channel or train must be restored to OPERABLE status within 48 hours. If the affected Function(s) cannot be restored to OPERABLE status within the allowed 48 hour Completion Time, the unit must be placed in a condition in which the requirement does not apply. To achieve this status, the RTBs must be opened within the next hour. The additional hour provides sufficient time to accomplish the action in an orderly manner. With the RTBs open, these Functions are no longer required.
| |
| The Completion Time is reasonable considering that in this Condition, the remaining OPERABLE train is adequate to perform the safety function, and given the low probability of an event occurring during this interval.
| |
| D.1.1. D.1.2. and D.2 Condition D applies to the Power Range Neutron Flux-High and Power Range Neutron Flux-High Positive Rate Functions.
| |
| The NIS power range detectors provide input to the CRD System and the SG Water Level Control System and, therefore, have a two-out-of-four trip logic.
| |
| A known inoperable channel must be placed in the tripped condition. This results in a partial trip condition requiring only one-out-of-three logic for actuation. The 72 hours allowed to place the inoperable channel in the tripped condition is justified in WCAP-14333-P-A (Ref. 10). Alternatively, a McGuire Units 1 and 2 B 3.3.1-28 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| ACTIONS (continued)
| |
| With one of the NIS power range detectors inoperable, 1/4 of the radial power distribution monitoring capability is lost. Therefore, SR 3.2.4.2 must be performed (Required Action D.1.1) within 12 hours of THERMAL POWER exceeding 75% RTP and once per 12 hours thereafter. Calculating QPTR every 12 hours compensates for the lost monitoring capability due to the inoperable NIS power range channel and allows continued unit operation at power levels > 75% RTP. At power levels :s, 75% RTP, operation of the core with radial power distributions beyond the design limits, at a power level where DNB conditions may exist, is prevented. The 12 hour Completion Time is consistent with the surveillance Requirement Frequency in LCO 3.2.4, "QUADRANT POWER TILT RATIO (QPTR)." Required Action D.1.1 has been modified by a Note which only requires SR 3.2.4.2 to be performed if the Power Range Neutron Flux input to QPTR becomes inoperable. Failure of a component in the Power Range Neutron Flux Channel which renders the High Flux Trip Function inoperable may not affect the capability to monitor QPTR.
| |
| As such, determining QPTR using movable incore detectors may not be necessary.
| |
| As an alternati'le to the aboye Actions, the plant must be placed in a MODE where this Function is no longer required OPERABLE Sei.1enty eight (78) hours are allowed to place the plant in MODE 3. The 78 hour completion time includes 72 hours f.or channel sorrecti'le maintenance and an additional 6 hours f.or the MODE reduction as required by Required Action D.2. This is a reasonable time, based on operating experience, to reach MODE 3 from full po*1.1er in an orderly manner and without challenging plant systems. If Required Actions cannot be completed within their allowed Completion Times, LCO 3.0.3 must be entered.
| |
| The Required Actions have been modified by a Note that allows placing the inoperable channel in the bypass condition for up to 12 hours while performing routine surveillance testing of other channels. The Note also allows placing the inoperable channel in the bypass condition to allow setpoint adjustments of other channels when required to reduce the setpoint in accordance with other Technical Specifications. The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel.
| |
| However, only one channel may be placed in bypass at any one time. The 12 hour time limit is justified in Reference 10.
| |
| McGuire Units 1 and 2 B 3.3.1-29 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued)
| |
| E.1 and E.2 Condition E applies to the following reactor trip Functions:
| |
| * Power Range Neutron Flux-Low;
| |
| * Overtemperature LiT;
| |
| * Overpower LiT;
| |
| * Pressurizer Pressure-High; and
| |
| * SG Water Level-Low Low.
| |
| A known inoperable channel must be placed in the tripped condition within 72 hours or in accordance with the Risk-Informed Completion Time Program .
| |
| Placing the channel in the tripped condition results in a partial trip condition requiring only one-out-of-three logic for actuation of the two-out-of-four trips.
| |
| The 72 hours allowed to place the inoperable channel in the tripped condition is justified in Reference 10.
| |
| If the operable channel cannot be placed in the trip condition within the specified Completion Time, the unit must be placed in a MODE where these functions are not required OPERABLE. An additional 6 hours is alloi.ved to place the unit in MODE 3. Six hours is a reasonable time, based on operating experience, to place the unit in MODE 3 from full power in an orderly manner and without challenging unit systems.
| |
| The Required Actions have been modified by a Note that allows placing the inoperable channel in the bypassed condition for up to 12 hours while performing routine surveillance testing of the other channels. The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 12 hour time limit is justified in Reference 10.
| |
| F.1 and F.2 Condition F applies to the Intermediate Range Neutron Flux trip when THERMAL POWER is above the P-6 setpoint and below the P-10 setpoint and one channel is inoperable. Above the P-6 setpoint and below the P-10 setpoint, the NIS intermediate range detector performs the monitoring Functions. If THERMAL POWER is greater than the P-6 setpoint but less than the P-10 setpoint, 24 hours is allowed to reduce THERMAL POWER below the P-6 setpoint or increase to THERMAL POWER above the P-10 setpoint. The NIS Intermediate Range Neutron Flux channels must be OPERABLE when the McGuire Units 1 and 2 B 3.3.1-30 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued)
| |
| With the unit in this Condition, the NIS source range performs a monitoring function. With less than the required number of source range channels OPERABLE, operations involving positive reactivity additions shall be suspended immediately. In addition to suspension of positive reactivity additions, all valves that could add unborated water to the RCS must be closed within 1 hour as specified in LCO 3.9.2. The isolation of unborated water sources will preclude a boron dilution accident.
| |
| Also, the SOM must be verified within 1 hour and once every 12 hours thereafter as per SR 3.1.1.1, SOM verification. With no source range channels OPERABLE, core monitoring is severely reduced. Verifying the SOM within 1 hour allows sufficient time to perform the calculations and determine that the SOM requirements are met. The SOM must also be verified once per 12 hours thereafter to ensure that the core reactivity has not changed. Required Action L.1 precludes any positive reactivity additions; therefore, core reactivity should not be increasing, and a 12 hour Frequency is adequate. The Completion Times of within 1 hour and once per 12 hours are based on operating experience in performing the Required Actions and the knowledge that unit conditions will change slowly. Required Action L.1 is modified by a note which permits plant temperature changes provided the temperature change is accounted for in the calculated SOM and that Keff remains < 0.99. Introduction of temperature changes including temperature increases when a positive MTC exists, must be evaluated to ensure they do not result in a loss of required SOM or adequate margin to criticality.
| |
| M.1 and M.2 Condition M applies to the following reactor trip Functions:
| |
| * Pressurizer Pressure-Low;
| |
| * Pressurizer Water Level-High;
| |
| * Reactor Coolant Flow-Low (Two Loops) ;
| |
| * Undervoltage RCPs; and
| |
| * Underfrequency RCPs.
| |
| With one channel inoperable, the inoperable channel must be placed in the tripped condition within 72 hours or in accordance with the Risk-Informed Completion Time Program. Placing the channel in the tripped condition results in a partial trip condition requiring only one additional channel to initiate a reactor trip above the P-7 setpoint (and below the P-8 setpoint for the McGuire Units 1 and 2 B 3.3.1-33 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued)
| |
| Reactor Coolant Flow-Low (Two Loops) Function). These Functions do not have to be OPERABLE below the P-7 setpoint because, for the Pressurizer Water Level-High function, transients are slow enough for manual action; and for the other functions, power distributions that would cause a DNB concern at this low power level are unlikely. The 72 hours allowed to place the channel in the tripped condition is justified in Reference 10. An additional 6 houFS is allowed to reduce THERMAL POWER to below P 7 if the inoperable channel cannot be restored to OPERABLE status or placed in trip within the specified Completion Time.
| |
| Allowance of this time interval takes into consideration the redundant capability provided by the remaining redundant OPERABLE channel, and the low probability of occurrence of an event during this period that may require the protection afforded by the Functions associated with Condition M.
| |
| The Required Actions ruwe-has been modified by a Note that allows placing the inoperable channel in the bypassed condition for up to 12 hours while performing routine surveillance testing of the other channels. The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 12 hour time limit is justified in Reference 10.
| |
| N.1 If the Required Action and associated Completion Time of Condition M is not met, 6 hours is allowed to reduce THERMAL POWER to below P-7.
| |
| NO.1 and N.2 Condition -N-O applies to the Reactor Coolant Flow-Low (Single Loop) reactor trip Function. With one channel inoperable, the inoperable channel must be placed in trip within 72 hours or in accordance with the Risk-Informed Completion Time Program. If the channel cannot be restored to OPERABLE status or the channel placed in trip within the 72 hours, then THERMAL POWER must be reduced below the P 8 setpoint within the next 4 hours. This places the unit in a MODE where the LCO is no longer applicable. This trip Function does not have to be OPERABLE below the P-8 setpoint because other RTS trip Functions provide core protection below the P-8 setpoint. The 72 hours allowed to restore the channel to OPERABLE status or place in trip and the 4 additional houFS allowed to reduce THERMAL POWER to below the P 8 setpoint are is justified in Reference 10.
| |
| The Required Actions ruwe-has been modified by a Note that allows placing the inoperable channel in the bypassed condition for up to 12 hours while performing routine surveillance testing of the other channels. The note also McGuire Units 1 and 2 B 3.3.1-34 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 12 hour time limit is justified in Reference 10.
| |
| P.1 If the Required Action and associated Completion Time of Condition O is not met, 4 hours is allowed to reduce THERMAL POWER to below P-8. The 4 hours allowed to reduce THERMAL POWER to below the P-8 setpoint is justified in Reference 10.
| |
| McGuire Units 1 and 2 B 3.3.1-35 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued) 0.1, 0.2, P.1, and P.2Q.1 Condition O and PQ apply-applies to Turbine Trip on Low Fluid Oil Pressure or on Turbine Stop Valve Closure. With a channel inoperable, the inoperable channel must be placed in the trip condition within 72 hours or in accordance with the Risk-Informed Completion Time Program . If placed in the tripped condition, this results in a partial trip condition requiring fewer additional channel to initiate a reactor trip. If the channel cannot be restored to OPERABLE status or placed in the trip condition , then power rnust be reduced belo1N the P 8 setpoint within the ne~<t 4 hours. The 72 hours allowed to place the inoperable channel in the tripped condition and the 4 hours allo1.¥ed for reducing power are-is justified in Reference 10.
| |
| The Required Actions of Condition G-Q ruwe-has been modified by a Note that allows placing the inoperable channel in the bypassed condition for up to 12 hours while performing routine surveillance testing of the other channels.
| |
| The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 12 hour time limit is justified in Reference 10.
| |
| R.1 If the Required Action and associated Completion Time of Condition Q is not met, THERMAL POWER must be reduced below the P-8 setpoint within 4 hours. This places the unit in a MODE where the LCO is no longer applicable.
| |
| S.1 and S.2 Condition S applies to Turbine Trip on Turbine Stop Valve Closure. With a channel inoperable, the inoperable channel must be placed in the trip condition within 72 hours. If placed in the tripped condition , this results in a partial trip condition requiring fewer additional channel to initiate a reactor trip.
| |
| If the channel cannot be restored to OPERABLE status or placed in the trip condition , then power must be reduced below the P-8 setpoint within the next 4 hours. The 72 hours allowed to place the inoperable channel in the tripped condition and the 4 hours allowed for reducing power are justified in Reference 10.
| |
| QT.1 and Q.2 Condition Q-T applies to the SI Input from ESFAS reactor trip and the RTS Automatic Trip Logic in MODES 1 and 2. These actions address the train orientation of the RTS for these Functions. With one train inoperable, 24 hours are allowed to restore the train to OPERABLE status (Required a
| |
| Action Q.1) or the unit rnust be placed in MODE within the nmd 6 hours ..
| |
| McGuire Units 1 and 2 B 3.3.1-36 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES Alternatively, the Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The Completion Time of 24 hours (Required Action QT. 1) is reasonable considering that in this Condition, the remaining OPERABLE train is adequate to perform the safety function and given the low probability of an event during this interval. The 24 hours allowed to restore the inoperable RTS Automatic Trip Logic train to OPERABLE status is justified in Reference 10. The additional Completion Time of 6 hours (Required Action Q.2) is reasonable, based on operating experience, to reach MODE :3 from full po1.¥er in an orderly manner and without challenging unit systems.
| |
| The Required Actions have been modified by a Note that allows bypassing one train up to 4 hours for surveillance testing, provided the other train is OPERABLE. The 4 hour time limit for testing the RTS Automatic Trip Logic train may include testing the RTB also, if both the Logic test and RTB test are conducted within the 4 hour time limit. The 4 hour time limit is justified in Reference 10.
| |
| McGuire Units 1 and 2 B 3.3.1-37 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES ACTIONS (continued)
| |
| RU .1 and R.2 Condition ~U applies to the RTBs in MODES 1 and 2. These actions address the train orientation of the RTS for the RTBs. With one train inoperable, 24 hours is allowed for train corrective maintenance to restore the train to OPERABLE status. or the unit must be placed in MODE 3 'Nithin the ne:Xt 6 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The 24 hour Completion Time is justified in Reference 11. The Completion Time of 6 hours is reasonable, based on operating mcperience, to reach MODE 3 from full po1A<er in an orderly manner and without challenging unit systems. Placing the unit in MODE 3 removes the requirement for this particular Function.
| |
| The Required Actions have been modified by a Note. The Note allows one RTB to be bypassed for up to 4 hours for surveillance testing, provided the other RTB is OPERABLE. The 4 hour time limit is justified in Reference 11.
| |
| SV. 1 and S.2 Condition S-V applies to the P-6 and P-10 interlocks. With one or more channel(s) inoperable for one-out-of-two or two-out-of-four coincidence logic, the associated interlock must be verified to be in its required state for the existing unit condition within 1 hour or the unit must be placed in MODE 3 within the ne:Xt 6 hours. Verifying the interlock status, by visual observation of the control room status lights, manually accomplishes the interlock's Function.
| |
| The Completion Time of 1 hour is based on operating experience and the minimum amount of time allowed for manual operator actions. +he Completion Time of 6 hours is reasonable, based on operating mcperience, to reach MODE 3 from full power in an orderly manner and without challenging unit systems. The 1 hour and 6 hour Completion Times are equal to the time allowed by LCO 3.0.3 for shutdown actions in the e11ent of a complete loss of RTS Function.
| |
| TW.1 and T.2 Condition T-W applies to the P-7, P-8, and P-13 interlocks. With one or more channel(s) inoperable for one-out-of-two or two-out-of-four coincidence logic, the associated interlock must be verified to be in its required state for the existing unit condition within 1 hour or the unit must be placed in MODE 2 within the ne:Xt 6 hours. These actions are conservative for the case where power level is being raised. Verifying the interlock status, by visual observation of the control room status lights, manually accomplishes the interlock's Function. The Completion Time of 1 hour is based on operating experience and the minimum amount of time allowed for manual operator actions. The Completion Time of 6 hours is reasonable, based on operating McGuire Units 1 and 2 B 3.3.1-38 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES e:><perience, to reach MODE 2 from full power in an orderly manner and without challenging unit systems.
| |
| ACTIONS (continued)
| |
| If the Required Action and associated Completion Time of Condition W is not met, the unit must be placed in MODE 2 within 6 hours. The Completion Time of 6 hours is reasonable, based on operating experience, to reach MODE 2 from full power in an orderly manner and without challenging unit systems.
| |
| YY.1 and U.2 Condition .LJ-Y applies to the RTB Undervoltage and Shunt Trip Mechanisms, or diverse trip features, in MODES 1 and 2. With one of the diverse trip features inoperable, it must be restored to an OPERABLE status within 48 hours or the unit must be placed in a MODE where the requirement does a
| |
| not apply. This is accomplished by placing the unit in MODE within the ne:><t 6 hours (54 hours total time).or in accordance with the Risk-Informed Completion Time Program. With both diverse trip features inoperable, the reactor trip breaker is inoperable and Condition R--U is entered. TRe Completion Time of 6 hours is a reasonable time, based on operating a
| |
| e:><perience, to reach MODE from full power in an orderly manner and without challenging unit systems.
| |
| VVith the unit in MODE a, the MODES 1 and 2 requirement for this function is no longer required and Condition C is entered. The affected RTB shall not be bypassed while one of the diverse features is inoperable except for the time required to perform maintenance to one of the diverse features. The allowable time for performing maintenance of the diverse features is 2 hours for the reasons stated under Condition RU .
| |
| The Completion Time of 48 hours for Required Action YY.1 is reasonable considering that in this Condition there is one remaining diverse feature for the affected RTB, and one OPERABLE RTB capable of performing the safety function and given the low probability of an event occurring during this interval.
| |
| If the Required Action and associated Completion Time of Condition B, D, E, T, U, V, or Y is not met, the unit must be placed in MODE 3 within 6 hours.
| |
| The Completion Time of 6 hours is a reasonable time, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging unit systems.
| |
| McGuire Units 1 and 2 B 3.3.1-39 Revision No. 44e
| |
| | |
| RTS Instrumentation B 3.3.1 BASES V-AA.1 With two RTS trains inoperable, no automatic capability is available to shut down the reactor, and immediate plant shutdown in accordance with LCO 3.0.3 is required.
| |
| SURVEILLANCE The SRs for each RTS Function are identified by the SRs column of REQUIREMENTS Table 3.3.1-1 for that Function.
| |
| A Note has been added to the SR Table stating that Table 3.3.1-1 determines which SRs apply to which RTS Functions.
| |
| Note that each channel of process protection supplies both trains of the RTS.
| |
| When testing Channel I, Train A and Train B must be examined. Similarly, Train A and Train B must be examined when testing Channel 11, Channel 111, and Channel IV (if applicable). The CHANNEL CALIBRATION and COTs are performed in a manner that is consistent with the assumptions used in analytically calculating the required channel accuracies.
| |
| McGuire Units 1 and 2 B 3.3.1-40 Revision No. 44e
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| When the number of inoperable channels in a trip function exceed those specified in one or other related Conditions associated with a trip function, then the unit is outside the safety analysis. Therefore, LCO 3.0.3 should be immediately entered if applicable in the current MODE of operation.
| |
| Condition A applies to all ESFAS protection functions.
| |
| Condition A addresses the situation where one or more channels or trains for one or more Functions are inoperable at the same time. The Required Action is to refer to Table 3.3.2-1 and to take the Required Actions for the protection functions affected. The Completion Times are those from the referenced Conditions and Required Actions.
| |
| 8.1 , B.2.1 and B.2.2 Condition B applies to manual initiation of:
| |
| * SI ;
| |
| * Phase A Isolation; and
| |
| * Phase B Isolation.
| |
| This action addresses the train orientation of the SSPS for the functions listed above. If a channel or train is inoperable, 48 hours is allowed to return it to an OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program . Note that for containment spray and Phase B isolation, failure of one or both channels in one train renders the train inoperable. Condition B, therefore, encompasses both situations. The specified Completion Time is reasonable considering that there are two automatic actuation trains and another manual initiation train OPERABLE for each Function, and the low probability of an event occurring during this interval. If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which the LCO does not apply. This is done a
| |
| by placing the unit in at least MODE within an additional 6 hours (54 hours total time) and in MODE 5 within an additional 30 hours (84 hours total time).
| |
| The allo1.**.iable Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
| |
| McGuire Unit 1 and 2 B 3.3.2-27 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| C.1 , C.2.1 and C.2.2 Condition C applies to the automatic actuation logic and actuation relays for the following functions:
| |
| * SI ;
| |
| * Phase A Isolation; and
| |
| * Phase B Isolation.
| |
| This action addresses the train orientation of the SSPS and the master and slave relays. If one train is inoperable, 24 hours are allowed to restore the train to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program . The 24 hours allowed for restoring the inoperable train to OPERABLE status is justified in Reference 10. The specified Completion Time is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which the LCO does not apply. This is done by placing the unit in at least MODE 3 within an additional 6 hours (30 hours total time) and in MODE 5 within an additional 30 hours (60 hours total time).
| |
| The Completion Times are reasonable, based on operating e>Eperience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
| |
| The Required Actions are-is modified by a Note that allows one train to be bypassed for up to 4 hours for surveillance testing, provided the other train is OPERABLE. The Required Actions are-is not required to be met during this time, unless the train is discovered inoperable during the testing. This allowance is based on the reliability analysis assumption of WCAP-10271-P-A (Ref. 7) that 4 hours is the average time required to perform train surveillance.
| |
| If an individual SSPS slave relay or slave relay contact is incapable of actuating, then the equipment operated by the slave relay or slave relay contact is inoperable. An SSPS train is not inoperable due to an individual SSPS slave relay or slave relay contact being incapable of actuating.
| |
| D.1 , D.2.1, and D.2.2 Condition D applies to:
| |
| * Containment Pressure-High;
| |
| * Pressurizer Pressure-Low Low;
| |
| * Steam Line Pressure-Low; McGuire Unit 1 and 2 B 3.3.2-28 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| * Steam Line Pressure-Negative Rate-High ;
| |
| * SG Water Level - High High (P-14) for the Feedwater Isolation Function.
| |
| * SG Water level-Low Low, and
| |
| * Loss of offsite power.
| |
| If one channel is inoperable, 72 hours are allowed to restore the channel to OPERABLE status or to place it in the tripped condition. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. Generally this Condition applies to functions that operate on two-out-of-three logic. Therefore, failure of one channel places the Function in a two-out-of-two configuration. One channel must be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements. The 72 hours allowed to restore the channel to OPERABLE status or placed in the tripped condition is justified in Reference 10.
| |
| Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours requires the unit be placed in MODE 3 within the following 6 hours and MODE 4 within the ne~ 6 hours.
| |
| The allo1l..<<ed Completion Times are reasonable, based on operating e>Eperience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4, these Functions are no longer required OPER/\,BLE.
| |
| The Required Actions are---is modified by a Note that allows the inoperable channel to be bypassed for up to 12 hours for surveillance testing of other channels. The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 12 hours allowed for testing, are justified in Reference 10.
| |
| E.1 , E.2.1, and E.2.2 Condition E applies to:
| |
| * Containment Phase B Isolation Containment Pressure - High-High, and
| |
| * Steam Line Isolation Containment Pressure - High High.
| |
| McGuire Unit 1 and 2 B 3.3.2-29 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| Neither of these signals has input to a control function. Thus, two-out-of-three logic is necessary to meet acceptable protective requirements. However, a two-out-of-three design would require tripping a failed channel. This is undesirable because a single failure would then cause spurious isolation initiation. Therefore, these channels are designed with two-out-of-four logic so that a failed channel may be bypassed rather than tripped. Note that one channel may be bypassed and still satisfy the single failure criterion.
| |
| Furthermore, with one channel bypassed, a single instrumentation channel failure will not spuriously initiate isolation.
| |
| To avoid the inadvertent actuation of Phase B containment isolation, the inoperable channel should not be placed in the tripped condition. Instead it is bypassed. Restoring the channel to OPERABLE status, or placing the inoperable channel in the bypass condition within 72 hours, is sufficient to assure that the Function remains OPERABLE and minimizes the time that the Function may be in a partial trip condition (assuming the inoperable channel has failed high). The Completion Time is further justified based on the low probability of an event occurring during this interval. Failure to restore the inoperable shannel to OPERABLE status, or plase it in the bypassed sondition within72 hours, requires the unit be plased in MODE 3 within the following 6 hours and MODE 4 1Nithin the next 6 hours. The allowed Completion Times are reasonable, based on operating experiense, to reash the required unit sonditions from full power sonditions in an orderly manner and without shallenging unit systems. In MODE 4, these Funstions are no longer required OPERABLE.
| |
| The Required Actions are-is modified by a Note that allows one additional channel to be bypassed for up to 12 hours for surveillance testing. Placing a second channel in the bypass condition for up to 12 hours for testing purposes is acceptable based on the results of Reference 10.
| |
| F. 1, F.2.1, and F.2.2 Condition F applies to:
| |
| * Manual Initiation of Steam Line Isolation; and
| |
| * P-4 Interlock.
| |
| McGuire Unit 1 and 2 B 3.3.2-30 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| For the Manual Initiation and the P-4 Interlock Functions, this action addresses the train orientation of the SSPS. If a train or channel is inoperable, 48 hours is allowed to return it to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The specified Completion Time is reasonable considering the nature of these Functions, the available redundancy, and the low probability of an event occurring during this interval. If the Funstion cannot be returned to OPERABLE status, the unit must be placed in MODE 3 \*.iithin the next 6 hours and MODE 4 within the following 6 hours. The allowed Completion Times are reasonable, based on operating mEperience, to reach the required unit conditions from full power in an orderly manner and 1.¥ithout challenging unit systems. In MODE 4, the unit does not have any analyzed transients or conditions that require the explicit use of the protestion funstions noted above.
| |
| G.1 and G.2 Condition G applies to manual initiation of Steam Line Isolation.
| |
| This action addresses the operability of the manual steam line isolation function for each individual main steam isolation valve. If a channel is inoperable, 48 hours is allowed to return it to an OPERABLE status. If the train cannot be restored to OPERABLE status, the Conditions and Required Actions of LCO 3.7 .2, "Main Steam Isolation Valves," must be entered for the associated inoperable valve. The specified Completion Time is reasonable considering that there is a system level manual initiation train for this Function and the low probability of an event occurring during this interval.
| |
| H. 1, H.2.1 and H.2.2 Condition H applies to the automatic actuation logic and actuation relays for the Steam Line Isolation, Feedwater Isolation, and AFW actuation Functions.
| |
| The action addresses the train orientation of the SSPS and the master and slave relays for these functions. If one train is inoperable, 24 hours are allowed to restore the train to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The 24 hours allowed for restoring the inoperable train to OPERABLE status is justified in Reference 10. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be returned to OPERABLE status, the unit must be brought to MODE 3 within the next 6 hours and MODE 4 within the following 6 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit McGuire Unit 1 and 2 B 3.3.2-31 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES conditions from full power conditions in an orderly manner and without challenging unit systems.
| |
| Placing the unit in MODE 4 remo 1.ies all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the m<plicit use of the protection functions noted abo1.ie.
| |
| The Required Actions are-is modified by a Note that allows one train to be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 7) assumption that 4 hours is the average time required to perform channel surveillance.
| |
| If an individual SSPS slave relay or slave relay contact is incapable of actuating, then the equipment operated by the slave relay or slave relay contact is inoperable. An SSPS train is not inoperable due to an individual SSPS slave relay or slave relay contact being incapable of actuating.
| |
| 1.1 and 1.2 Condition I applies to the automatic actuation logic and actuation relays for the Turbine Trip Function.
| |
| This action addresses the train orientation of the SSPS and the master and slave relays for this Function. If one train is inoperable, 24 hours are allowed to restore the train to OPERABLE status. or the unit must be placed in MODE 3 within the following 6 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| The 24 hours allowed for restoring the inoperable train to OPERABLE status is justified in Reference 10. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval.
| |
| The allowed Completion Time of 6 hours is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. These functions are no longer required in MODE 3. Placing the unit in MODE 3 removes all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the explicit use of the protection functions noted above.
| |
| The Required Actions are-is modified by a Note that allows one train to be bypassed for up to 4 hours for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 7) assumption that 4 hours is the average time required to perform channel surveillance.
| |
| McGuire Unit 1 and 2 B 3.3.2-32 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| If an individual SSPS slave relay or slave relay contact is incapable of actuating, then the equipment operated by the slave relay or slave relay contact is inoperable. An SSPS train is not inoperable due to an individual SSPS slave relay or slave relay contact being incapable of actuating.
| |
| J.1 and J.2 Condition J applies to :
| |
| * SG Water Level-High High (P-14) for the Turbine Trip Function; and
| |
| * Tavg-LOW.
| |
| If one channel is inoperable, 72 hours are allowed to restore one channel to OPERABLE status or to place it in the tripped condition. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. If placed in the tripped condition, the Function is then in a partial trip condition where one-out-of-two logic will result in actuation.
| |
| The 72 hours allowed to restore the channel to OPERABLE status or to place it in the tripped condition is justified in Reference 10. Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours requires the unit to be placed in MODE 3 11.iithin the following 6 hours. The allowed Completion Time of 78 hours is reasonable, based on operating e*perience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, these Functions are no longer required OPERABLE.
| |
| The Required Actions are-is modified by a Note that allows the inoperable channel to be bypassed for up to 12 hours for surveillance testing of other channels. The note also allows an OPERABLE channel to be placed in bypass for up to 12 hours for testing of the bypassed channel. However, only one channel may be placed in bypass at any one time. The 72 hours allowed to place the inoperable channel in the tripped condition, and the 12 hours allowed for a channel to be in the bypassed condition for testing, are justified in Reference 10.
| |
| K.1 and K.2 Condition K applies to the AFW pump start on trip of all MFW pumps.
| |
| This action addresses the relay contact orientation for the auto start function of the AFW System on loss of all MFW pumps. The OPERABILITY of the AFW System must be assured by allowing automatic start of the AFW System McGuire Unit 1 and 2 B 3.3.2-33 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES pumps. If a channel is inoperable, 1 hour is allowed to place the channel in trip. If placed in the tripped condition , the function is then in a partial trip condition where a one-out-of-one logic will result in actuation. If the channel is not placed in trip ,..,ithin 1 hour, 6 hours are ACTIONS (continued) allowed to place the unit in MODE a. The allowed Completion Time of 6 hours is reasonable, based on operating experience, to reach MODE from full a power conditions in an orderly manner and 1A*ithout challenging unit systems. In MODE a, the unit does not have any analyzed transients or conditions that require the explicit use of the protection function noted above .
| |
| .b1 Condition L applies to the Doghouse Water Level - High High.
| |
| The failure of one required channel in one train in either reactor building doghouse results in a loss of redundancy for the function. The function can still be initiated by the remaining operable train . The inoperable train is, required to be restored to OPERABLE status within 72 hours, or continuous visual monitoring of the doghouse water level must be implemented in the following hour.
| |
| The allowed Completion Time is reasonable considering that the redundant train remains OPERABLE to initiate the function if required.
| |
| M.1, M.2.1 and M.2.2 Condition M applies to the Doghouse Water Level - High High.
| |
| The failure of two trains in either reactor building doghouse results in a loss of the function. Continuous visual monitoring of the doghouse water level must be implemented in the following hour.
| |
| The allowed Completion Time provides sufficient time for the operating staff to establish the required monitoring.
| |
| N.1 and N.2 Condition N applies to the Auxiliary Feedwater Pumps Suction Transfer on Suction Pressure Low.
| |
| If one or more channels on a single AFW pump is inoperable, 48 hours is allowed to restore the channel(s) to OPERABLE status or to declare the McGuire Unit 1 and 2 B 3.3.2-34 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| Q.1 . Q.2.1 and Q.2.2 Condition Q applies to the P-11 and P-12 interlocks.
| |
| With one channel inoperable, the operator must verify that the interlock is in the required state for the existing unit condition. The verification is performed by visual observation of the permissive status light in the unit control room. This action manually accomplishes the function of the interlock. Determination must be made within 1 hour. The 1 hour Completion Time is equal to the time allowed by LCO 3.0.3 to initiate shutdown actions in the event of a complete loss of ESFAS function. If the interlock is not in the required state (or placed in the required state) for the me:isting unit condition, the unit must be placed in MODE 3 within the nmd 6 hours and MODE 4 within the following 6 hours. The allo\*.ied Completion Times are reasonable, based on operating me:perience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. Placing the unit in MODE 4 remo 1.ies all requirements for OPERABILITY of these interlocks.
| |
| R.1 Condition R applies to the Containment Pressure Control System Start and Terminate Permissives.
| |
| With one or more channels inoperable, the affected containment spray, containment air return fans, and hydrogen skimmer fans must be declared inoperable immediately. The supported system LCOs provide the appropriate Required Actions and Completion Times for the equipment made inoperable by the inoperable channel. The immediate Completion Time is appropriate since the inoperable channel could prevent the supported equipment from starting when required. Additionally, protection from an inadvertent actuation may not be provided if the terminate function is not OPERABLE.
| |
| S.1 and S.2 If the Required Action and associated Completion Time of Condition B or C is not met, the unit must be placed in a MODE in which the LCO does not apply.
| |
| This is accomplished by placing the unit in MODE 3 within 6 hours and MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 5, these Functions are no longer required OPERABLE.
| |
| ST. 1 and ST. 2 Condition S applies to RVVST Le1.iel Low Coincident with Safety Injection.
| |
| McGuire Unit 1 and 2 B 3.3.2-36 Revision No. 4-72
| |
| | |
| ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)
| |
| When Required Actions cannot be completed 1Nithin their Completion Time, the unit must be brought to a MODE or Condition in 1lJhich the LCO requirements are not applicable. To achieve this status, the unit must be brought to at least a
| |
| MODE within 6 hours and MODE 4 within 12 hours of entering the Condition.
| |
| The allowed Completion Times are reasonable, based on operating e>Eperience, to reach the required unit conditions from full power conditions in an orderly manner and 1Nithout challenging unit systems. In MODE 4, the unit does not have any analyzed transients of conditions that require the e>Eplicit use of the protection functions noted above.If the Required Action and associated Completion Time of Condition D, E, F, H, P, or Q is not met, the unit must be placed in MODE 3 within 6 hours and MODE 4 within 12 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4, these Functions are no longer required OPERABLE.
| |
| U.1 If the Required Action and associated Completion Time of Condition I, J, or K is not met, the unit must be placed in MODE 3 within 6 hours. The allowed Completion Time of 6 hours is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, these Functions are no longer required OPERABLE.
| |
| SURVEILLANCE The SRs for each ESFAS Function are identified by the SRs column of REQUIREMENTS Table 3.3.2-1.
| |
| A Note has been added to the SR Table to clarify that Table 3.3.2-1 determines which SRs apply to which ESFAS Functions.
| |
| Note that each channel of process protection supplies both trains of the ESFAS. When testing channel I, train A and train B must be examined.
| |
| Similarly, train A and train B must be examined when testing channel II, channel Ill, and channel IV (if applicable). The CHANNEL CALIBRATION and COTs are performed in a manner that is consistent with the assumptions used in analytically calculating the required channel accuracies.
| |
| SR 3.3.2.1 Performance of the CHANNEL CHECK ensures that a gross failure of instrumentation has not occurred. A CHANNEL CHECK is normally a comparison of the parameter indicated on one channel to a similar McGuire Unit 1 and 2 B 3.3.2-37 Revision No. 4-72
| |
| | |
| LOP DG Start Instrumentation B 3.3.5 BASES ACTIONS (continued)
| |
| A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this Specification may be entered independently for each Function listed in the LCO. The Completion Time(s) of the inoperable channel(s) of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.
| |
| A.1 Condition A applies to the LOP DG start Function with one loss of voltage or degraded voltage channel per bus inoperable.
| |
| If one channel is inoperable, Required Action A.1 requires that channel to be placed in trip within 6 hours or in accordance with the Risk-Informed Completion Time Program. With a channel in trip, the LOP DG start instrumentation channels are configured to provide a one-out-of-two logic to initiate a trip of the incoming offsite power.
| |
| The specified Completion Time is reasonable considering the Function remains fully OPERABLE on every bus and the low probability of an event occurring during these intervals.
| |
| B.1 Condition B applies when more than one loss of voltage or more than one degraded voltage channel on a single bus is inoperable.
| |
| Required Action B.1 requires restoring all but one channel to OPERABLE status. The 1 hour Completion Time should allow ample time to repair most failures and takes into account the low probability of an event requiring an LOP start occurring during this interval. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| C.1 Condition C applies to each of the LOP DG start Functions when the Required Action and associated Completion Time for Condition A or B are not met.
| |
| In these circumstances the Conditions specified in LCO 3.8.1, "AC Sources-Operating," or LCO 3.8.2, "AC SourcesShutdown," for the DG made inoperable by failure of the LOP DG start instrumentation are McGuire Units 1 and 2 B 3.3.5-4 Revision No. 115
| |
| | |
| Pressurizer PORVs B 3.4.11 BASES ACTIONS (continued)
| |
| B.1 and B.2 If one Train B PORV is inoperable and not capable of being manually cycled, it must be either restored or isolated by closing and removing power from the associated block valve. The Completion Times of 1 hour are reasonable, based on challenges to the PORVs during this time period, and provides the operator adequate time to correct the situation.
| |
| Required Actions 8.1 and 8.2 are modified by a Note stating that these Required Actions are not applicable to a Train B PORV made inoperable by Required Action G.2. Because one Train B PORV and one Train A PORV remain OPERABLE, continued plant operation is allowed after the required actions are completed. If the Required Actions cannot be completed within the specified time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition E.
| |
| C.1. C.2 and C.3 If one Train A PORV is Inoperable and not capable of being manually cycled, it must be either restored or isolated by closing and removing power from the associated block valve. The completion Times of 1 hour are reasonable, based on challenges to the PORVs during this time period, and provides the operator adequate time to correct the situation.
| |
| Required Actions C.1 and C.2 are modified by a Note stating that these Required Actions are not applicable to a Train A PORV made inoperable by Required Action H.2. Because at least one Train B PORV remains Operable, an additional 72 hours is provided to restore the inoperable PORV to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. If the PORV cannot be restored within this additional time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition E.
| |
| D.1. D.2. and D.3 If two Train B PORVs are inoperable and not capable of being manually cycled, they must be either restored or isolated by closing and removing power from the associated block valves. The Completion Times of 1 hour are reasonable, based on challenges to the PORVs during this time period, and provides the operator adequate time to correct the situation.
| |
| Required Actions D.1 and D.2 are modified by a Note stating that these Required Actions are not applicable to two Train B PORVs made inoperable by Required Action 1.2. Because one Train A PORV remains OPERABLE, an additional 72 hours is provided to restore one of the inoperable PORVs to OPERABLE status. Alternatively, a Completion McGuire Units 1 and 2 B 3.4.11-4 Revision No. 492
| |
| | |
| Pressurizer PORVs B 3.4.11 BASES Time can be determined in accordance with the Risk-Informed Completion Time Program. If the PORV cannot be restored within this additional time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition E.
| |
| E.1 and E.2 If the Required Action of Condition A , B, C or D is not met, then the plant must be brought to a MODE in which the LCO does not apply. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours and to MODE 4 within 12 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems. In MODES 4 and 5, maintaining PORV OPERABILITY may be required. See LCO 3.4.12.
| |
| F.1, F.2, F.3, and F.4 If three PORVs are inoperable and not capable of being manually cycled ,
| |
| it is necessary to either restore at least one PORV within the Completion Time of 1 hour or isolate the flow paths by closing and removing power from the associated block valves. The Completion Time of 1 hour is reasonable, based on the small potential for challenges to the system during this time period, and provides the operator adequate time to correct the situation. If one PORV is restored and two PORVs remain inoperable, then the plant will be in Conditions B and C, or Conditions B and D, with the time clock started at the original declaration of having three PORVs inoperable. If PORVs are not restored within the Completion Times, then the plant must be brought to a MODE in which the LCO does not apply. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours and to MODE 4 within 12 hours.
| |
| G.1 and G.2 If one Train B block valve is inoperable, then it is necessary to either restore the block valve to OPERABLE status within the Completion Time of 1 hour or place the associated PORV in the closed position and remove power from the solenoid to preclude its automatic opening.
| |
| Required Actions G.1 and G.2 are modified by a Note stating that these Required Actions are not applicable to a Train B block valve made Inoperable by Required Action 8.2. The Completion Time of 1 hour is reasonable, based on the small potential challenges to the system during this time period, and provides the operator time to correct the situation.
| |
| Because one Train B PORV and associated block valve and one Train A PORV and associated block valve remain OPERABLE, continued plant operation is allowed after the Required Actions are completed. If the McGuire Units 1 and 2 B 3.4.11-5 Revision No. 492
| |
| | |
| Pressurizer PORVs B 3.4.11 BASES ACTIONS (continued)
| |
| H.1, H.2 and H.23 If the Train A block valve is inoperable and cannot be restored to OPERABLE status within 1 hour, the Required Action is to place the PORV in the closed position and remove power from the solenoid to preclude its automatic opening for an overpressure event and to avoid the potential for a stuck open PORV during the time the block valve is inoperable. Required Actions H.1 and H.2 are modified by a Note stating that these Required Actions are not applicable to a Train A block valve made inoperable by Required Action C.2. The Completion Time of 1 hour is reasonable, based on the small potential for challenges to the system during the time period, and provides the operator time to correct the situation. Because at least one Train B PORV and associated block valve remain OPERABLE, ana additional 72 hours is provided to restore the inoperable block valve to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. If the block valve cannot be restored within this additional time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition L.
| |
| 1.1, 1.2, and 1.3 If two Train B block valves are inoperable and cannot be restored to OPERABLE status within 1 hour, the Required Actions are to place the PORVs In the closed position and remove power from the solenoids to preclude their automatic opening for an overpressure event and to avoid the potential for stuck open PORVs during the time the block valves are inoperable. Required Actions 1.1 and 1.2 are modified by a Note stating that these Required Actions are not applicable to two Train B block valves made inoperable by Required Action D.2. The Completion Time of 1 hour is reasonable, based on the small potential for challenges to the system during this time period, and provides the operator time to correct the situation. Because one Train A PORV and associated block valve remain OPERABLE, an additional 72 hours is provided to restore one of the two inoperable Train B block valves to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. If at least one Train B block valve cannot be restored within this additional time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition L.
| |
| J.1, J.2, J.3.1 and J.3.2 If one Train B PORV and the other Train B block valve are inoperable, then It Is necessary to either restore the PORV or block valve to McGuire Units 1 and 2 B 3.4.11-7 Revision No. 4-92
| |
| | |
| Pressurizer PORVs B 3.4.11 BASES OPERABLE status within the Completion Time of 1 hour or perform the required actions of Conditions B and G. The Completion Times of 1 hour are reasonable, based on the small potential for challenges to the system during this time period, and provides the operator adequate time to correct the situation. Because one Train A PORV and associated block valve remain OPERABLE, an additional 72 hours is provided to restore either the PORV or block valve to OPERABLE status. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. If the PORV or block valve cannot be restored within this additional time, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition L.
| |
| K.1 and K.2 If three block valves are inoperable, it is necessary to place the associated PORVs in the closed position and verify the PORVs closed within 1 hour and restore at least one block valve to OPERABLE status within 2 hours. Required Action K.1 is modified by a Note stating that this Required Action is not applicable to block valves made inoperable by Required Action F.2. The Completion Times are reasonable, based on the small potential for challenges to the system during this time period, and provides the operator time to correct the situation. If the block valves cannot be restored within the specified times, the plant must be brought to a MODE in which the LCO does not apply, as required by Condition L.
| |
| SURVEILLANCE SR 3.4.11.1 REQUIREMENTS Block valve cycling verifies that the valve(s) can be closed if needed. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. If the block valve is closed to isolate a PORV that is capable of being manually cycled, the OPERABILITY of the block valve is of importance, because opening the block valve is necessary to permit the PORV to be used for manual control of reactor pressure. If the block valve is closed to isolate an otherwise inoperable PORV, the maximum Completion Time to restore the PORV and open the block valve is 72 hours. Furthermore, these test requirements would be completed by the reopening of a recently closed block valve upon restoration of the PORV to OPERABLE status (i.e., completion of the Required Actions fulfills the SR).
| |
| The Note modifies this SR by stating that it is not required to be met with the block valve closed, in accordance with the Required Action of this LCO.
| |
| McGuire Units 1 and 2 B 3.4.11-8 Revision No. 492
| |
| | |
| ECCSOperating B 3.5.2 BASES APPLICABILITY (continued)
| |
| This LCO is only applicable in MODE 3 and above. Below MODE 3, the SI signal setpoint is manually bypassed by operator control, and system functional requirements are relaxed as described in LCO 3.5.3, "ECCS Shutdown."
| |
| As indicated in the Note, the flow path may be isolated for 2 hours in MODE 3, under controlled conditions, to perform pressure isolation valve testing per SR 3.4.14.1. The flow path is readily restorable from the control room.
| |
| In MODES 5 and 6, plant conditions are such that the probability of an event requiring ECCS injection is extremely low. Core cooling requirements in MODE 5 are addressed by LCO 3.4.7, "RCS Loops MODE 5, Loops Filled," and LCO 3.4.8, "RCS LoopsMODE 5, Loops Not Filled." MODE 6 core cooling requirements are addressed by LCO 3.9.5, "Residual Heat Removal (RHR) and Coolant Circulation High Water Level," and LCO 3.9.6, "Residual Heat Removal (RHR) and Coolant CirculationLow Water Level."
| |
| ACTIONS A.1 With one or more trains inoperable and at least 100% of the ECCS flow equivalent to a single OPERABLE ECCS train available, the inoperable components must be returned to OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. The 72 hour Completion Time is based on an NRC reliability evaluation (Ref. 6) and is a reasonable time for repair of many ECCS components.
| |
| An ECCS train is inoperable if it is not capable of delivering design flow to the RCS. Individual components are inoperable if they are not capable of performing their design function or supporting systems are not available.
| |
| The LCO requires the OPERABILITY of a number of independent subsystems. Due to the redundancy of trains and the diversity of subsystems, the inoperability of one component in a train does not render the ECCS incapable of performing its function. Neither does the inoperability of two different components, each in a different train, necessarily result in a loss of function for the ECCS. The intent of this Condition is to maintain a combination of equipment such that 100% of the ECCS flow equivalent to a single OPERABLE ECCS train remains available. This allows increased flexibility in plant operations under circumstances when components in opposite trains are inoperable.
| |
| McGuire Units 1 and 2 B 3.5.2-6 Revision No. 166
| |
| | |
| Containment Air Locks B 3.6.2 BASES ACTIONS (continued)
| |
| Additionally, the affected air lock(s) must be restored to OPERABLE status within the 24 hour Completion Time or in accordance with the Risk-Informed Completion Time Program . The specified time period is considered reasonable for restoring an inoperable air lock to OPERABLE) status, assuming that at least one door is maintained closed in each affected air lock.
| |
| D.1 and D.2 If the inoperable containment air lock cannot be restored to OPERABLE status within the required Completion Time, the plant must be brought to a MODE in which the LCO does not apply. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours and to MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems.
| |
| SURVEILLANCE SR 3.6.2.1 REQUIREMENTS Maintaining containment air locks OPERABLE requires compliance with the leakage rate test requirements of the Containment Leakage Rate Testing Program. This SR reflects the leakage rate testing requirements with regard to air lock leakage (Type B leakage tests). The acceptance criteria were established during initial air lock and containment OPERABILITY testing. The periodic testing requirements verify that the air lock leakage does not exceed the allowed fraction of the overall containment leakage rate. The Frequency is required by the Containment Leakage Rate Testing Program.
| |
| The SR has been modified by two Notes. Note 1 states that an inoperable air lock door does not invalidate the previous successful performance of the overall air lock leakage test. This is considered reasonable since either air lock door is capable of providing a fission product barrier in the event of a OBA. Note 2 has been added to this SR requiring the results to be evaluated against the acceptance criteria which are applicable to SR 3.6.1.1. This ensures that air lock leakage is properly accounted for in determining the combined Type B and C containment leakage rate.
| |
| SR 3.6.2.2 McGuire Units 1 and 2 B 3.6.2-6 Revision No. 44&
| |
| | |
| Containment Isolation Valves B 3.6.3 BASES ACTIONS (continued)
| |
| The ACTIONS are further modified by a third Note, which ensures appropriate remedial actions are taken, if necessary, if the affected systems are rendered inoperable by an inoperable containment isolation valve.
| |
| In the event the containment isolation valve leakage results in exceeding the overall containment leakage rate, Note 4 directs entry into the applicable Conditions and Required Actions of LCO 3.6.1.
| |
| A.1 and A.2 In the event one containment isolation valve in one or more penetration flow paths is inoperable except for purge valve or reactor building bypass leakage not within limit, the affected penetration flow path must be isolated. The method of isolation must include the use of at least one isolation barrier that cannot be adversely affected by a single active failure. Isolation barriers that meet this criterion are a closed and de-activated automatic containment isolation valve, a closed manual valve, a blind flange, and a check valve inside containment with flow through the valve secured. For a penetration flow path isolated in accordance with Required Action A.1, the device used to isolate the penetration should be the closest available one to containment. Required Action A.1 must be completed within 4 hours or in accordance with the Risk-Informed Completion Time Program. The 4 hour Completion Time is reasonable, considering the time required to isolate the penetration and the relative importance of supporting containment OPERABILITY during MODES 1, 2, 3, and 4.
| |
| For affected penetration flow paths that cannot be restored to OPERABLE status within the 4 hour Completion Time and that have been isolated in accordance with Required Action A.1, the affected penetration flow paths must be verified to be isolated on a periodic basis. This is necessary to ensure that containment penetrations required to be isolated following an accident and no longer capable of being automatically isolated will be in the isolation position should an event occur. This Required Action does not require any testing or device manipulation.
| |
| Rather, it involves verification, through a system walkdown or computer status indication, that those isolation devices outside containment and capable of being mispositioned are in the correct position. The Completion Time of "once per 31 days following isolation for isolation devices outside containment" is appropriate considering the fact that the devices are operated under administrative controls and the probability of their misalignment is low. For the isolation devices inside containment, the time period specified as "prior to entering MODE 4 from MODE 5 if not performed within the previous 92 days" is based on engineering judgment and is considered reasonable in view of the inaccessibility of McGuire Units 1 and 2 B 3.6.3-5 Revision No. 160
| |
| | |
| Containment Isolation Valves B 3.6.3 BASES ACTIONS (continued)
| |
| C.1 and C.2 With one or more penetration flow paths with one containment isolation valve inoperable, the inoperable valve flow path must be restored to OPERABLE status or the affected penetration flow path must be isolated.
| |
| The method of isolation must include the use of at least one isolation barrier that cannot be adversely affected by a single active failure.
| |
| Isolation barriers that meet this criterion are a closed and de-activated automatic valve, a closed manual valve, and a blind flange. A check valve may not be used to isolate the affected penetration flow path.
| |
| Required Action C.1 must be completed within the 72 hour Completion Time or in accordance with the Risk-Informed Completion Time Program.
| |
| The specified time period is reasonable considering the relative stability of the closed system (hence, reliability) to act as a penetration isolation boundary and the relative importance of maintaining containment integrity during MODES 1, 2, 3, and 4. In the event the affected penetration flow path is isolated in accordance with Required Action C.1, the affected penetration flow path must be verified to be isolated on a periodic basis.
| |
| This periodic verification is necessary to assure leak tightness of containment and that containment penetrations requiring isolation following an accident are isolated. The Completion Time of once per 31 days following isolation for verifying that each affected penetration flow path is isolated is appropriate because the valves are operated under administrative controls and the probability of their misalignment is low.
| |
| Condition C is modified by a Note indicating that this Condition is only applicable to those penetration flow paths with only one containment isolation valve and a closed system. The closed system must meet the requirements of Reference 5. This Note is necessary since this Condition is written to specifically address those penetration flow paths in a closed system.
| |
| Required Action C.2 is modified by two Notes. Note 1 applies to valves and blind flanges located in high radiation areas and allows these devices to be verified closed by use of administrative means. Allowing verification by administrative means is considered acceptable, since access to these areas is typically restricted. Note 2 applies to isolation devices that are locked, sealed, or otherwise secured in position and allows these devices to be verified closed by use of administrative means. Allowing verification by administrative means is considered acceptable, since the function locking, sealing, or securing components is to ensure that these devices are not inadvertently repositioned. Therefore, the probability of misalignment of these valves, once they have been verified to be in the proper position, is small.
| |
| McGuire Units 1 and 2 B 3.6.3-7 Revision No. 160
| |
| | |
| Containment Spray System B 3.6.6 BASES APPLICABLE SAFETY ANALYSES (continued)
| |
| Inadvertent actuation is precluded by design features consisting of an additional set of containment pressure sensors which prevents operation when the containment pressure is below the containment pressure control system permissive.
| |
| The Containment Spray System satisfies Criterion 3 of 10 CFR 50.36 (Ref.
| |
| 5).
| |
| LCO During a DBA, one train of Containment Spray System is required to provide the heat removal capability assumed in the safety analyses. To ensure that this requirement is met, two containment spray trains must be OPERABLE with power from two safety related, independent power supplies. Therefore, in the event of an accident, at least one train operates.
| |
| Each Containment Spray System includes a spray pump, headers, valves, heat exchangers, nozzles, piping, instruments, and controls to ensure an OPERABLE flow path capable of being manually initiated to take suction from the Containment Sump and delivering it to the Containment Spray Rings. Management of gas voids is important to Containment Spray System OPERABILITY.
| |
| APPLICABILITY In MODES 1, 2, 3, and 4, a DBA could cause a release of radioactive material to containment and an increase in containment pressure and temperature requiring the operation of the Containment Spray System.
| |
| In MODES 5 and 6, the probability and consequences of these events are reduced because of the pressure and temperature limitations of these MODES. Thus, the Containment Spray System is not required to be OPERABLE in MODE 5 or 6.
| |
| ACTIONS A.1 With one containment spray train inoperable, the affected train must be restored to OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. The components in this degraded condition are capable of providing 100% of the heat removal after an accident. The 72 hour Completion Time was developed taking into account the redundant heat removal and iodine removal capabilities afforded by the OPERABLE train and the low probability of a DBA occurring during this period.
| |
| McGuire Unit 1 and 2 B 3.6.6-4 Revision No. 160
| |
| | |
| HMS B 3.6.9 BASES APPLICABILITY Requiring OPERABILITY in MODES 1 and 2 for the HMS ensures its immediate availability after safety injection and scram actuated on a LOCA initiation. In the post accident environment, the two HMS subsystems are required to control the hydrogen concentration within containment to near its flammability limit of 4.0 v/o assuming a worst case single failure. This prevents overpressurization of containment and damage to safety related equipment and instruments located within containment.
| |
| In MODES 3 and 4, both the hydrogen production rate and the total hydrogen production after a LOCA would be significantly less than that calculated for the DBA LOCA. Also, because of the limited time in these MODES, the probability of an accident requiring the HMS is low.
| |
| Therefore, the HMS is not required in MODES 3 and 4.
| |
| In MODES 5 and 6, the probability and consequences of a LOCA are reduced due to the pressure and temperature limitations of these MODES. Therefore, the HMS is not required to be OPERABLE in MODES 5 and 6.
| |
| ACTIONS A.1 and A.2 With one HMS train inoperable, the inoperable train must be restored to OPERABLE status within 7 days or in accordance with the Risk-Informed Completion Time Program or the OPERABLE train must be verified OPERABLE frequently by performance of SR 3.6.9.1. The 7 day Completion Time is based on the low probability of the occurrence of a degraded core event that would generate hydrogen in amounts equivalent to a metal water reaction of 75% of the core cladding, the length of time after the event that operator action would be required to prevent hydrogen accumulation from exceeding this limit, and the low probability of failure of the OPERABLE HMS train. Alternative Required Action A.2, by frequent surveillances, provides assurance that the OPERABLE train continues to be OPERABLE.
| |
| B.1 Condition B is one containment region with no OPERABLE hydrogen ignitor. Thus, while in Condition B, or in Conditions A and B simultaneously, there would always be ignition capability in the adjacent containment regions that would provide redundant capability by flame propagation to the region with no OPERABLE ignitors.
| |
| Required Action B.1 calls for the restoration of one hydrogen ignitor in each region to OPERABLE status within 7 days or in accordance with the Risk-Informed Completion Time Program. The 7 day Completion Time is based on the same reasons given under Required Action A.1.
| |
| McGuire Units 1 and 2 B 3.6.9-3 Revision No. 131
| |
| | |
| ARS B 3.6.11 BASES ACTIONS A.1 If one of the required trains of the ARS is inoperable, it must be restored to OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. The 72 hour Completion Time was developed taking into account the redundant flow of the OPERABLE ARS train and the low probability of a DBA occurring in this period.
| |
| B.1 and B.2 If the ARS train cannot be restored to OPERABLE status within the required Completion Time, the plant must be brought to a MODE in which the LCO does not apply. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours and to MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems.
| |
| SURVEILLANCE SR 3.6.11.1 REQUIREMENTS Verifying that each ARS fan starts on an actual or simulated actuation signal, after a delay 8.0 minutes and 10.0 minutes, and operates for 15 minutes is sufficient to ensure that all fans are OPERABLE and that all associated controls and time delays are functioning properly. It also ensures that blockage, fan and/or motor failure, or excessive vibration can be detected for corrective action. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.
| |
| SR 3.6.11.2 Verifying ARS fan motor current to be at rated speed with the return air dampers closed confirms one operating condition of the fan. This test is indicative of overall fan motor performance. Such inservice tests confirm component OPERABILITY, trend performance, and detect incipient failures by indicating abnormal performance. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.
| |
| SR 3.6.11.3 Verifying the OPERABILITY of the return air damper provides assurance that the proper flow path will exist when the fan is started. This McGuire Unit 1 and 2 B 3.6.11-4 Revision No. 138
| |
| | |
| Divider Barrier Integrity B 3.6.14 BASES LCO (continued) assumption that, for personnel transit, the time during which a door is open will be short (i.e., shorter than the Completion Time of 1 hour for Condition A). The divider barrier functions with the ice condenser to limit the pressure and temperature that could be expected following a DBA.
| |
| APPLICABILITY In MODES 1, 2, 3, and 4, a DBA could cause an increase in containment pressure and temperature requiring the integrity of the divider barrier.
| |
| Therefore, the LCO is applicable in MODES 1, 2, 3, and 4.
| |
| The probability and consequences of these events in MODES 5 and 6 are low due to the pressure and temperature limitations of these MODES. As such, divider barrier integrity is not required in these MODES.
| |
| ACTIONS A.1 If one or more personnel access doors or equipment hatches (other than one pressurizer or one steam generator enclosure hatch addressed by Condition D) are open or inoperable, except for personnel transit entry, 1 hour is allowed to restore the door(s) and equipment hatches to OPERABLE status and the closed position. The 1 hour Completion Time is consistent with LCO 3.6.1, "Containment," which requires that containment be restored to OPERABLE status within 1 hour.
| |
| Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. Personnel access doors or equipment hatches open or inoperable in accordance with Condition A are not included in the ice condenser steam bypass analysis that provides the basis for Condition D. Conditions A and D are each implemented independently.
| |
| Condition A has been modified by a Note to provide clarification that, for this LCO, separate Condition entry is allowed for each personnel access door or equipment hatch.
| |
| B.1 If the divider barrier seal is inoperable, 1 hour is allowed to restore the seal to OPERABLE status. The 1 hour Completion Time is consistent with LCO 3.6.1, which requires that containment be restored to OPERABLE status within 1 hour.
| |
| C.1 and C.2 McGuire Units 1 and 2 B 3.6.14-3 Revision No. 151
| |
| | |
| MSIVs B 3.7.2 BASES SAFETY ANALYSES (continued) reactivity addition. Closure of the MSIVs isolates the break and limits the blowdown to a single steam generator.
| |
| : c. A break downstream of the MSIVs will be isolated by the closure of the MSIVs.
| |
| : d. Following a steam generator tube rupture, closure of the MSIVs isolates the ruptured steam generator from the intact steam generators to minimize radiological releases.
| |
| : e. The MSIVs are also utilized during other events such as a feedwater line break. This event is less limiting so far as MSIV OPERABILITY is concerned.
| |
| The MSIVs satisfy Criterion 3 of 10 CFR 50.36 (Ref. 3).
| |
| LCO This LCO requires that four MSIVs in the steam lines be OPERABLE.
| |
| The MSIVs are considered OPERABLE when the isolation times are within limits, and they close on an isolation actuation signal. The accumulator air pressure must also be > 60 psig.
| |
| This LCO provides assurance that the MSIVs will perform their design safety function to mitigate the consequences of accidents that could result in offsite exposures comparable to the 10 CFR 100 (Ref. 4) limits or the NRC staff approved licensing basis.
| |
| APPLICABILITY The MSIVs must be OPERABLE in MODE 1, and in MODES 2 and 3 except when closed and de-activated, when there is significant mass and energy in the RCS and steam generators. When the MSIVs are closed, they are already performing the safety function.
| |
| In MODE 4, normally most of the MSIVs are closed, and the steam generator energy is low.
| |
| In MODE 5 or 6, the steam generators do not contain much energy because their temperature is below the boiling point of water; therefore, the MSIVs are not required for isolation of potential high energy secondary system pipe breaks in these MODES.
| |
| ACTIONS A.1 With one MSIV inoperable in MODE 1, action must be taken to restore OPERABLE status within 8 hours or in accordance with the Risk-Informed Completion Time Program. Some repairs to the MSIV can be made with I McGuire Units 1 and 2 B 3.7.2-3 -
| |
| Revision No. 160 I
| |
| | |
| MSIVs B 3.7.2 BASES ACTIONS (continued) the unit hot. The 8 hour Completion Time is reasonable, considering the low probability of an accident occurring during this time period that would require a closure of the MSIVs.
| |
| The 8 hour Completion Time is greater than that normally allowed for containment isolation valves because the MSIVs are valves that isolate a closed system penetrating containment. These valves differ from other containment isolation valves in that the closed system provides an additional means for containment isolation.
| |
| B.1 If the MSIV cannot be restored to OPERABLE status within 8 hours, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in MODE 2 within 6 hours and Condition C would be entered. The Completion Times are reasonable, based on operating experience, to reach MODE 2 and to close the MSIVs in an orderly manner and without challenging unit systems.
| |
| C.1 and C.2 Condition C is modified by a Note indicating that separate Condition entry is allowed for each MSIV.
| |
| Since the MSIVs are required to be OPERABLE in MODES 2 and 3, the inoperable MSIVs may either be restored to OPERABLE status or closed.
| |
| When closed, the MSIVs are already in the position required by the assumptions in the safety analysis.
| |
| The 8 hour Completion Time is consistent with that allowed in Condition A.
| |
| For inoperable MSIVs that cannot be restored to OPERABLE status within the specified Completion Time, but are closed, the inoperable MSIVs must be verified on a periodic basis to be closed. This is necessary to ensure that the assumptions in the safety analysis remain valid. The 7 day Completion Time is reasonable, based on engineering judgment, in view of MSIV status indications available in the control room, and other administrative controls, to ensure that these valves are in the closed position.
| |
| McGuire Units 1 and 2 B 3.7.2-4 -
| |
| Revision No. 160 I
| |
| | |
| BASES AFW System B 3.7.5 LCO (continued)
| |
| The LCO is modified by a Note indicating that one AFW train, which includes a motor driven pump, is required to be OPERABLE in MODE 4.
| |
| This is because of the reduced heat removal requirements and short period of time in MODE 4 during which the AFW is required and the insufficient steam available in MODE 4 to power the turbine driven AFW pump.
| |
| APPLICABILITY In MODES 1, 2, and 3, the AFW System is required to be OPERABLE in the event that it is called upon to function when the MFW is lost. In addition, the AFW System is required to supply enough makeup water to replace the steam generator secondary inventory, lost as the unit cools to MODE 4 conditions.
| |
| In MODE 4 the AFW System may be used for heat removal via the steam generators.
| |
| In MODE 5 or 6, the steam generators are not normally used for heat removal, and the AFW System is not required.
| |
| ACTIONS A Note prohibits the application of LCO 3.0.4.b to an inoperable AFW train when entering MODE 1. There is an increased risk associated with entering MODE 1 with an AFW train inoperable and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.
| |
| A.1 If one of the two steam supplies to the turbine driven AFW train is inoperable, or if a turbine driven pump is inoperable while in MODE 3 immediately following refueling, action must be taken to restore the inoperable equipment to an OPERABLE status within 7 days or in accordance with the Risk-Informed Completion Time Program. The 7 day Completion Time is reasonable, based on the following reasons:
| |
| : a. For the inoperability of a steam supply to the turbine driven AFW pump, the 7 day Completion Time is reasonable since there is a redundant steam supply line for the turbine driven pump.
| |
| : b. For the inoperability of a turbine driven AFW pump while in MODE 3 immediately subsequent to a refueling, the 7 day Completion Time is reasonable due to the minimal decay heat levels in this situation.
| |
| McGuire Units 1 and 2 B 3.7.5-4 Revision No. 173
| |
| | |
| BASES AFW System B 3.7.5 ACTIONS (continued)
| |
| : c. For both the inoperability of a steam supply line to the turbine driven pump and an inoperable turbine driven AFW pump while in MODE 3 immediately following a refueling, the 7 day Completion Time is reasonable due to the availability of redundant OPERABLE motor driven AFW pumps; and due to the low probability of an event requiring the use of the turbine driven AFW pump.
| |
| Condition A is modified by a Note which limits the applicability of the Condition to when the unit has not entered MODE 2 following a refueling.
| |
| Condition A allows the turbine-driven AFW pump to be inoperable for 7 days vice the 72 hour Completion Time in Condition B. This longer Completion Time is based on the reduced decay heat following refueling and prior to the reactor being critical.
| |
| B.1 With one of the required AFW trains (pump or flow path) inoperable in MODE 1, 2, or 3 for reasons other than Condition A, action must be taken to restore OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. This Condition includes the loss of two steam supply lines to the turbine driven AFW pump. The 72 hour Completion Time is reasonable, based on redundant capabilities afforded by the AFW System, time needed for repairs, and the low probability of a DBA occurring during this time period.
| |
| C.1 and C.2 When Required Action A.1 or B.1 cannot be completed within the required Completion Time, or if two AFW trains are inoperable in MODE 1, 2, or 3, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours, and in MODE 4 within 12 hours.
| |
| The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
| |
| In MODE 4 with two AFW trains inoperable, operation is allowed to continue because only one motor driven pump AFW train is required in accordance with the Note that modifies the LCO. Although not required, the unit may continue to cool down and initiate RHR.
| |
| D.1 If all three AFW trains are inoperable in MODE 1, 2, or 3, the unit is in a seriously degraded condition with no safety related means for conducting a cooldown, and only limited means for conducting a cooldown with McGuire Units 1 and 2 B 3.7.5-5 Revision No. 173
| |
| | |
| CCW System B 3.7.6 BASES ACTIONS A.1 Required Action A.1 is modified by a Note indicating that the applicable Conditions and Required Actions of LCO 3.4.6, "RCS LoopsMODE 4,"
| |
| be entered if an inoperable CCW train results in an inoperable RHR loop.
| |
| This is an exception to LCO 3.0.6 and ensures the proper actions are taken for these components.
| |
| If one CCW train is inoperable, action must be taken to restore OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. In this Condition, the remaining OPERABLE CCW train is adequate to perform the heat removal function.
| |
| The 72 hour Completion Time is reasonable, based on the redundant capabilities afforded by the OPERABLE train, and the low probability of a DBA occurring during this period.
| |
| B.1 and B.2 If the CCW train cannot be restored to OPERABLE status within the associated Completion Time, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours and in MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.
| |
| SURVEILLANCE SR 3.7.6.1 REQUIREMENTS This SR is modified by a Note indicating that the isolation of the CCW flow to individual components may render those components inoperable but does not affect the OPERABILITY of the CCW System.
| |
| Verifying the correct alignment for manual, power operated, and automatic valves in the CCW flow path provides assurance that the proper flow paths exist for CCW operation. This SR does not apply to valves that are locked, sealed, or otherwise secured in position, since these valves are verified to be in the correct position prior to locking, sealing, or securing. This SR also does not apply to valves that cannot be inadvertently misaligned, such as check valves. This Surveillance does not require any testing or valve manipulation; rather, it involves verification that those valves capable of being mispositioned are in the correct position.
| |
| The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.
| |
| McGuire Units 1 and 2 B 3.7.6-3 Revision No. 159
| |
| | |
| NSWS B 3.7.7 BASES LCO (continued) heat loads, assuming that the worst case single active failure occurs coincident with the loss of offsite power.
| |
| An NSWS train is considered OPERABLE during MODES 1, 2, 3, and 4 when:
| |
| : a. The associated unit's pump is OPERABLE; and
| |
| : b. The associated piping, valves, and instrumentation and controls required to perform the safety related function are OPERABLE.
| |
| Portions of the NSWS system are shared between the two units (Figure B 3.7.7-1). The shared portions of the system must be OPERABLE for each unit when that unit is in the MODE of Applicability. If a shared NSWS component becomes inoperable, or normal and emergency power to shared components become inoperable, then the Required Actions of this LCO must be entered independently for each unit that is in the MODE of applicability of the LCO.
| |
| APPLICABILITY In MODES 1, 2, 3, and 4, the NSWS is a normally operating system that is required to support the OPERABILITY of the equipment serviced by the NSWS and required to be OPERABLE in these MODES.
| |
| In MODES 5 and 6, the requirements of the NSWS are determined by the systems it supports.
| |
| ACTIONS A.1 If one NSWS train is inoperable, action must be taken to restore OPERABLE status within 72 hours or in accordance with the Risk-Informed Completion Time Program. In this Condition, the remaining OPERABLE NSWS train is adequate to perform the heat removal function. However, the overall reliability is reduced because a single failure in the OPERABLE NSWS train could result in loss of NSWS function. Required Action A.1 is modified by two Notes. The first Note indicates that the applicable Conditions and Required Actions of LCO 3.8.1, "AC Sources Operating," should be entered if an inoperable NSWS train results in an inoperable emergency diesel generator. The second Note indicates that the applicable Conditions and Required Actions of LCO 3.4.6, "RCS LoopsMODE 4," should be entered if an inoperable NSWS train results in an inoperable decay heat removal train.
| |
| McGuire Units 1 and 2 B 3.7.7-3 -
| |
| Revision No. 166 I
| |
| | |
| AC Sources-Operating B 3.8.1 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.1 AC Sources-Operating BASES BACKGROUND The unit Essential Auxiliary or Class 1E AC Electrical Power Distribution System AC sources consist of the offsite power sources (preferred power sources, normal and alternate(s)), and the onsite standby power sources (Train A and Train B diesel generators (DGs)). As required by 10 CFR 50, Appendix A, GDC 17 (Ref. 1), the design of the AC electrical power system provides independence and redundancy to ensure an available source of power to the Engineered Safety Feature (ESF) systems.
| |
| The onsite Class 1E AC Distribution System is divided into redundant load groups (trains) so that the loss of any one group does not prevent the minimum safety functions from being performed. Each train has connections to two preferred offsite power sources and a single DG.
| |
| At the 600V level of the onsite Class 1E AC Distribution System, there are two motor control centers (MCC) per train (for a total of four MCCs) that supply all of the shared systems on both units. The MCCs 1EMXG and 1EMXH supply Train A shared systems. The MCCs 2EMXG and 2EMXH supply Train B shared systems. The term shared systems is defined as the shared components of Train A or Train B of Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS),
| |
| Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES). The MCCs 1EMXG and 1EMXH are normally aligned to receive power from load centers 1ELXA (1 EMXH) and 1ELXC (1 EMXG) but if desired or required to maintain operability of the Train A shared systems, can be swapped to receive power from load centers 2ELXA (1 EMXH) and 2ELXC (1 EMXG).
| |
| The MCCs 2EMXG and 2EMXH are normally aligned to receive power from load centers 2ELXB (2EMXH) and 2ELXD (2EMXG) but if desired or required to maintain operability of the Train B shared systems, can be swapped to receive power from load centers 1ELXB (2EMXH) and 1ELXD (2EMXG).
| |
| There are also pro¥isions to accommodate the connecting of the Emergency Supplemental Pov.'er Source (ESPS) to one train of either unit's Class 1E AC Distribution System. The ESPS consists of two 50%
| |
| capacity non safety related commercial grade DGs. Manual actions are required to align the ESPS to the station and only one of the station's four onsite Class 1E Distribution System trains can be supplied by the ESPS McGuire Units 1 and 2 B 3.8.1-1 Revision No. 73
| |
| | |
| AC Sources-Operating B 3.
| |
| | |
| ==8.1 BACKGROUND==
| |
| (continued) at any given time. The ESPS is made a1.iailable to support mctended Completion Times in the event of an inoperable DG as well as a defense in depth source of AC power to mitigate a station blackout event. The ESPS would remain disconnected from the Class 1E AC Distribution System unless required for supplemental power to one of the four 4.16 kV ESF buses.
| |
| Offsite power is supplied to the unit switchyard(s) from the transmission network by two transmission lines. From the switchyard(s), two electrically and physically separated circuits provide AC power, through step down station auxiliary transformers, to the 4.16 kV ESF buses. A detailed description of the offsite power network and the circuits to the Class 1E ESF buses is found in the UFSAR, Chapter 8 (Ref. 2).
| |
| A qualified offsite circuit consists of all breakers, transformers, switches, interrupting devices, cabling, and controls required to transmit power from the offsite transmission network to the onsite Class 1E ESF bus(es).
| |
| The offsite transmission systems normally supply their respective unit's onsite power supply requirements. However, in the event that one or both buslines of a unit become unavailable, or by operational desire, it is acceptable to supply that unit's offsite to onsite power requirements by aligning the affected 4160V bus of the opposite unit via the standby transformers, SATA and SATB in accordance with Regulatory Guides 1.6 and 1.81 (Ref. 12 and 13). In this alignment, each unit's offsite transmission system could simultaneously supply its own 4160V buses and one (or both) of the buses of the other unit.
| |
| Although a single auxiliary transformer (1ATA, 1ATB, 2ATA, 2ATB) is sized to carry all of the auxiliary loads of its unit plus both trains of essential 4160V loads of the opposite unit, the LCO would not be met in this alignment due to separation criteria.
| |
| Each unit's Train A and B 4160V bus must be derived from separate qualified offsite circuits. The first qualified offsite circuit can be derived from any of the four buslines (1A, 1B, 2A, or 28). The second qualified offsite circuit must not derive its power from the same qualified offsite circuit as the first. Additionally, the Train A and Train B Class 1E AC Distribution Systems providing power to the Train A and Train B shared systems must not derive their power from the same qualified offsite circuit.
| |
| McGuire Units 1 and 2 B 3.8.1-2 Revision No. +-J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition A for a period that should not exceed 72 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. With one offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.
| |
| The 72 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
| |
| 8.1 It is required to administratively verify the LCO 3.8.1.d DG(s) OPERABLE within one hour and to continue this action once per 12 hours thereafter until restoration of the required LCO 3.8.1.b DG(s) is accomplished. This verification provides assurance that the LCO 3.8.1 .d DG is capable of supplying the onsite Class 1E AC Electrical Power Distribution System.
| |
| If one LCO 3.8.1.d DG is discovered to be inoperable when performing the administrative verification of operability, then Condition Dis entered for that DG. If two LCO 3.8.1.d DGs are discovered to be inoperable when performing the administrative verification of operability, then Condition G is entered.
| |
| If no DG(s) from the opposite unit is aligned to supply power to a train(s) of shared systems, then by definition there is no LCO 3.8.1.d DG(s) to verify OPERABLE. In this instance, RA 8.1 is considered met at each performance.
| |
| To ensure a highly reliable power source remains with an inoperable LCO 3.8.1.b DG, it is necessary to verify the availability of the required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.
| |
| McGuire Units 1 and 2 83.8.1-10 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued) been lost. The 4 hour Completion Time takes into account the OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
| |
| B.4.1 and B.4.2 Required Action 8.4.1 provides an allowance to avoid unnecessary testing of OPERABLE DG(s). If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed. If the cause of inoperability exists on other DG(s), the other DG(s) would be declared inoperable upon discovery and Condition D and/or G of LCO 3.8.1 , as applicable, would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action 8.4.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG(s), performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.
| |
| In the event the inoperable DG is restored to OPERABLE status prior to completing either 8.4.1 or 8.4.2, the problem investigation process will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour constraint imposed while in Condition B.
| |
| These Conditions are not required to be entered if the inoperability of the DG is due to an inoperable support system, an independently testable component, or preplanned testing or maintenance. If required, these Required Actions are to be completed regardless of when the inoperable DG is restored to OPERABLE status.
| |
| According to Generic Letter 84-15 (Ref. 8), 24 hours is reasonable to confirm that the OPERABLE DG(s) is not affected by the same problem as the inoperable DG.
| |
| In order to m<tend the Completion Time for an inoperable DG from 72 hours to 14 days, it is necessary to 1,erify the a1,ailability of the ESPS within 1 hour of entry into TS 3.8.1 LCO and every 12 hours thereafter.
| |
| Since Required Action B.5 only specifies "evaluate, " discovering the ESPS una1,ailable does not result in the Required Action being not met (i.e. the evaluation is performed). However, on discovery of an unavailable ESPS, the Completion Time for Required Action B.6 starts the 72 hour and/or 24 hour clock.
| |
| McGuire Units 1 and 2 83.8.1-12 Revision No. 7-J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| ESPS mmilability requires that:
| |
| : 1) The load test has been performed within 30 days of entry into the e~ended Completion Time. The Required Action evaluation is met 111ith an administrative verification of this prior to testing ; and
| |
| : 2) ESPS fuel tank level is verified locally to be > 24 hour supply; and
| |
| : 3) ESPS supporting system parameters for starting and operating are verified to be 1Nithin required limits for functional availability (e.g., battery state of charge).
| |
| The ESPS is not used to e>ctend the Completion Time for more than one inoperable DG at any one time.
| |
| B,.eB.5 In accordance with Branch Technical Position 8 8 (Ref. 14), operation may continue in Condition B for a period that should not e>cceed 14 days, provided a supplemental AC poi.\1er source is a¥ailable.
| |
| In Condition B, the remaining OPERABLE DGs, available ESPS andand offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. The 14 day72 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| If the ESPS is or becomes una11ailable with an inoperable LCO 3.8.1.b DG, then action is required to restore the ESPS to available status or to restore the DG to OPERABLE status within 72 hours from discm,1ery of unmmilable ESPS. l=lowever, if the ESPS una*,ailability occurs at or sometime after 48 hours of continuous LCO 3.8.1 .b DG inoperability, then the remaining time to restore the ESPS to available status or to restore the DG to OPERABLE status is limited to 24 hours.
| |
| The 72 hour and 24 hour Completion Times allow for an exception to the normal "time zero" for beginning the allo11.*ed outage time "clock." The 72 hour Completion Time only begins on discovery that both:
| |
| : a. An inoperable DG exists; and
| |
| : b. ESPS is una*,ailable.
| |
| The 24 hour Completion Time only begins on disco¥ery that:
| |
| : a. An inoperable DG exists for > 48 hours; and McGuire Units 1 and 2 83.8.1-13 Revision No. 7-J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| : b. ESPS is unmmilable.
| |
| Therefore, \*.ihen one LCO 3.8.1 .b DG is inoperable due to either preplanned maintenance (pre1.ienti¥e or correcti¥e) or unplanned corrective maintenance work, the Completion Time can be extended from 72 hours to 14 days if ESPS is verified available for backup operation.
| |
| C.1 Condition C addresses the inoperability of the LCO 3.8.1.c qualified offsite circuit(s) between the offsite transmission network and the opposite unit's Onsite Essential Auxiliary Power System when the LCO 3.8.1.c qualified offsite circuit(s) is necessary to supply power to the shared systems. If Condition C is entered concurrently with the inoperability of LCO 3.8.1.d DG(s) the NOTE requires the licensed operator to evaluate if the TS 3.8.9 "Distribution Systems - Operating" requirement that "OPERABLE AC electrical power distribution subsystems require the associated buses, load centers, motor control centers, and distribution panels to be energized to their proper voltages" continues to be met. In the case where the inoperable LCO 3.8.1.c qualified offsite circuit and inoperable LCO 3.8.1.d DG are associated with the same train there is no longer assurance that train of "Distribution Systems - Operating" can be energized to the proper voltage and therefore TS 3.8.9 Condition A must be entered.
| |
| To ensure a highly reliable power source remains with one required LCO 3.8.1.c offsite circuit inoperable, it is necessary to verify the OPERABILITY of the remaining required offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action not met. However, if a second required circuit fails SR 3.8.1.1, the second offsite circuit is inoperable, and Condition A and E, as applicable, for the two offsite circuits inoperable, is entered.
| |
| Required Action C.2, which only applies if the train cannot be powered from an offsite source, is intended to provide assurance that an event coincident with a single failure of the associated DG will not result in a complete loss of safety function for the NSWS, CRAVS, CRACWS or the ABFVES. The Completion Time for Required Action C.2 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action, the Completion Time only begins on discovery that both:
| |
| McGuire Units 1 and 2 B 3.8.1-14 Revision No. 7-J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| : a. The train has no offsite power supplying its loads; and
| |
| : b. NSWS, CRAVS, CRACWS or ABFVES on the other train that has offsite power is inoperable.
| |
| If at any time during the existence of Condition C (one required LCO 3.8.1.c offsite circuit inoperable) a train of NSWS, CRAVS, CRACWS or ABFVES becomes inoperable, this Completion Time begins to be tracked.
| |
| Discovering no offsite power to one train of the onsite Class 1E Electrical Power Distribution System coincident with one train of NSWS, CRAVS, CRACWS or ABFVES that is associated with the other train that has offsite power, results in starting the Completion Time for the Required Action. Twenty-four hours is acceptable because it minimizes risk while allowing time for restoration before subjecting the unit to transients associated with shutdown.
| |
| The remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to Train A and Train B of the onsite Class 1E Distribution System. The 24 hour Completion Time takes into account the component OPERABILITY of the redundant counterpart to the inoperable NSWS, CRAVS, CRACWS or ABFVES. Additionally, the 24 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
| |
| C.3 Consistent with the time provided in ACTION A, operation may continue in Condition C for a period that should not exceed 72 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. With one required LCO 3.8.1.c offsite circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuits and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System.
| |
| If the LCO 3.8.1.c required offsite circuit cannot be restored to OPERABLE status within 72 hours, then Condition I must be entered immediately.
| |
| McGuire Units 1 and 2 83.8.1-15 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued) safety trains. This includes motor driven auxiliary feedwater pumps.
| |
| Single train features, such as turbine driven auxiliary pumps, are not included in the list.
| |
| The Completion Time for Required Action E.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action the Completion Time only begins on discovery that both:
| |
| : a. All required offsite circuits are inoperable; and
| |
| : b. A required feature is inoperable.
| |
| If at any time during the existence of Condition E (two LCO 3.8.1.a offsite circuits inoperable, or one LCO 3.8.1 .a offsite circuit that provides power to the NSWS, CRAVS, CRACWS and ABFVES inoperable and the required LCO 3.8.1.c offsite circuit inoperable, or two offsite circuits required by LCO 3.8.1.c inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked.
| |
| According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition E for a period that should not exceed 24 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program . This level of degradation means that the offsite electrical power system does not have the capability to effect a safe shutdown and to mitigate the effects of an accident; however, the onsite AC sources have not been degraded. This level of degradation generally corresponds to a total loss of the immediately accessible offsite power sources.
| |
| Because of the normally high availability of the offsite sources, this level of degradation may appear to be more severe than other combinations of two AC sources inoperable that involve one or more DGs inoperable.
| |
| However, two factors tend to decrease the severity of this level of degradation:
| |
| : a. The configuration of the redundant AC electrical power system that remains available is not susceptible to a single bus or switching failure; and
| |
| : b. The time required to detect and restore an unavailable offsite power source is generally much less than that required to detect and restore an unavailable onsite AC source.
| |
| McGuire Units 1 and 2 83.8.1-19 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| With both of the required offsite circuits inoperable, sufficient onsite AC sources are available to maintain the unit in a safe shutdown condition in the event of a DBA or transient. In fact, a simultaneous loss of offsite AC sources, a LOCA, and a worst case single failure were postulated as a part of the design basis in the safety analysis. Thus, the 24 hour Completion Time provides a period of time to effect restoration of one of the offsite circuits commensurate with the importance of maintaining an AC electrical power system capable of meeting its design criteria.
| |
| According to Reference 6, with the available offsite AC sources, two less than required by the LCO, operation may continue for 24 hours. If two offsite sources are restored within 24 hours, unrestricted operation may continue. If only one offsite source is restored within 24 hours, power operation continues in accordance with Condition A or C, as applicable.
| |
| F.1 and F.2 Pursuant to LCO 3.0.6, the Distribution System ACTIONS would not be entered even if all AC sources to it were inoperable, resulting in de-energization. Therefore, the Required Actions of Condition F are modified by a Note to indicate that when Condition F is entered with no AC source to any train, the Conditions and Required Actions for LCO 3.8.9, "Distribution Systems-Operating," must be immediately entered. This allows Condition F to provide requirements for the loss of one offsite circuit and one DG, without regard to whether a train is de-energized. LCO 3.8.9 provides the appropriate restrictions for a de-energized train.
| |
| According to Regulatory Guide 1.93 (Ref. 7), operation may continue in Condition F for a period that should not exceed 12 hours. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| In Condition F, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition E (loss of two required offsite circuits). This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| McGuire Units 1 and 2 B 3.8.1-20 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued)
| |
| G.1 With two LCO 3.8.1.b DGs inoperable, there are no remaining standby AC sources to provide power to most of the ESF systems. With one LCO 3.8.1.d DG inoperable and the LCO 3.8.1.b DG that provides power to the NSWS, CRAVS , CRACWS and ABFVES inoperable, or with two DGs required by LCO 3.8.1.d inoperable, there are no remaining standby AC sources to the NSWS, CRAVS, CRACWS and ABFVES. Thus, with an assumed loss of offsite electrical power, insufficient standby AC sources are available to power the minimum required ESF functions. Since the offsite electrical power system is the only source of AC power for this level of degradation, the risk associated with continued operation for a very short time could be less than that associated with an immediate controlled shutdown (the immediate shutdown could cause grid instability, which could result in a total loss of AC power). Since any inadvertent generator trip could also result in a total loss of offsite AC power, however, the time allowed for continued operation is severely restricted.
| |
| The intent here is to avoid the risk associated with an immediate controlled shutdown and to minimize the risk associated with this level of degradation.
| |
| According to Reference 7, with both LCO 3.8.1 .b DGs inoperable, or with the LCO 3.8.1.b DG that provides power to the NSWS, CRAVS, CRACWS and ABFVES and the LCO 3.8.1.d DG inoperable, or with two DGs required by LCO 3.8.1.d inoperable, operation may continue for a period that should not exceed 2 hours.
| |
| H.1 The sequencer(s) is an essential support system to both the offsite circuit and the DG associated with a given ESF bus. Furthermore, the sequencer is on the primary success path for most major AC electrically powered safety systems powered from the associated ESF bus.
| |
| Therefore, loss of an ESF bus sequencer affects every major ESF system in the train. The 12 hour Completion Time provides a period of time to correct the problem commensurate with the importance of maintaining sequencer OPERABILITY. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. This time period also ensures that the probability of an accident (requiring sequencer OPERABILITY) occurring during periods when the sequencer is inoperable is minimal.
| |
| McGuire Units 1 and 2 B 3.8.1-21 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.8.1 ACTIONS (continued) 1.1 and 1.2 If any Required Action and associated Completion Time of Conditions A ,
| |
| C, E, F, G, or H, are not met, the unit must be brought to a MODE in which the LCO does not apply. Furthermore, if any Required Action and associated Completion Time of Required Actions 8.2, 8.3, 8.4.1, 8.4.2, B.e5, E.2, E.3, E.4.1, E.4.2, E.5.1 or E.5.2 are not met, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours and to MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.
| |
| 4:.1 Condition J corresponds to a level of degradation in which all redundancy in LCO 3.8.1.a and LCO 3.8.1.b AC electrical power supplies has been lost or in which all redundancy in LCO 3.8.1.c and LCO 3.8.1.d AC electrical power supplies has been lost. At this severely degraded level, any further losses in the AC electrical power system will cause a loss of function. Therefore, no additional time is justified for continued operation.
| |
| The unit is required by LCO 3.0.3 to commence a controlled shutdown.
| |
| SURVEILLANCE The AC sources are designed to permit inspection and testing of all REQUIREMENTS important areas and features, especially those that have a standby function, in accordance with 10 CFR 50, Appendix A, GDC 18 (Ref. 9).
| |
| Periodic component tests are supplemented by extensive functional tests during refueling outages (under simulated accident conditions). The SRs for demonstrating the OPERABILITY of the DGs are in accordance with the recommendations of Regulatory Guide 1.9 (Ref. 3) and Regulatory Guide 1.137 (Ref. 11 ), as addressed in the UFSAR.
| |
| Since the McGuire DG manufacturer, Nordberg, is no longer in business, McGuire engineering is the designer of record. Therefore, the term "manufacturer's or vendor's recommendations" is taken to mean the recommendations as determined by McGuire engineering, with specific Nordberg input as it is available, that were intended for the DGs, taking into account the maintenance, operating history, and industry experience, when available.
| |
| Where the SRs discussed herein specify voltage and frequency tolerances, the following is applicable. The minimum steady state output McGuire Units 1 and 2 B 3.8.1-22 Revision No. 4+J
| |
| | |
| AC Sources-Operating B 3.
| |
| | |
| ==8.1 REFERENCES==
| |
| (continued)
| |
| : 13. Regulatory Guide 1.8.1 , Rev. 1, January 1975.
| |
| : 14. Branch Technical Position 8 8, February 2012.
| |
| : 15. Appro¥ed MNS TS 3.8.1 License Amendment (ML1Q12A030)
| |
| McGuire Units 1 and 2 B 3.8.1-35 Revision No. +-J
| |
| | |
| DC SourcesOperating B 3.8.4 BASES APPLICABLE SAFETY ANALYSES (continued)
| |
| : a. An assumed loss of all offsite AC power or all onsite AC power; and
| |
| : b. A worst case single failure.
| |
| The DC sources satisfy Criterion 3 of 10 CFR 50.36 (Ref. 8).
| |
| LCO Each DC channel consisting of one battery, battery charger for each battery and the corresponding control equipment and interconnecting cabling supplying power to the associated bus within the train is required to be OPERABLE to ensure the availability of the required power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AOO) or a postulated DBA. Loss of any channel of DC does not prevent the minimum safety function from being performed (Ref. 4).
| |
| An OPERABLE channel of DC requires the battery and respective charger to be operating and connected to the associated DC bus.
| |
| APPLICABILITY The DC electrical power sources are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure safe unit operation and to ensure that:
| |
| : a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
| |
| : b. Adequate core cooling is provided, and containment integrity and other vital functions are maintained in the event of a postulated DBA.
| |
| The DC electrical power requirements for MODES 5 and 6 are addressed in the Bases for LCO 3.8.5, "DC Sources Shutdown."
| |
| ACTIONS A.1 and A.2 Condition A represents one channel of DC with a loss of ability to fully respond to a DBA with the worst case single failure. Two hours is provided to restore the channel of DC to OPERABLE status and is consistent with the allowed time for an inoperable channel of DC distribution system requirement. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| McGuire Units 1 and 2 B 3.8.4-3 Revision No. 166
| |
| | |
| DC SourcesOperating B 3.8.4 BASES ACTIONS (continued)
| |
| If one of the required channels of DC is inoperable (e.g., inoperable battery, inoperable battery charger(s), or inoperable battery charger and associated inoperable battery), the remaining DC channels have the capacity to support a safe shutdown and to mitigate an accident condition. If the channel of DC cannot be restored to OPERABLE status, Action A.2 must be entered and the DC channel must be energized from an OPERABLE channel, from the same train, within 2 hours. The capacity of the redundant channel is sufficient to supply its normally supplied channel and cross tied channel for the required time, in case of a DBA event. The inoperable channel of DC must be returned to OPERABLE status within 72 hours and the cross ties to the other channel open. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The 72 hour Completion Time reflects a reasonable time to assess unit status as a function of the inoperable channel of DC and, if the DC channel is not restored to OPERABLE status, to prepare to effect an orderly and safe unit shutdown.
| |
| B.1 and B.2 If the inoperable channel of DC cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours and to MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.
| |
| The Completion Time to bring the unit to MODE 5 is consistent with the time required in Regulatory Guide 1.93 (Ref. 9).
| |
| SURVEILLANCE SR 3.8.4.1 REQUIREMENTS Verifying battery terminal voltage while on float charge for the batteries helps to ensure the effectiveness of the charging system and the ability of the batteries to perform their intended function. Float charge is the condition in which the charger is supplying the continuous charge required to overcome the internal losses of a battery (or battery cell) and maintain the battery (or a battery cell) in a fully charged state. The voltage requirements are based on the nominal design voltage of the battery and are consistent with the initial voltages assumed in the battery sizing calculations. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.
| |
| McGuire Units 1 and 2 B 3.8.4-4 Revision No. 166
| |
| | |
| Inverters-Operating B 3.8.7 BASES SAFETY ANALYSES (continued)
| |
| Inverters are a part of the distribution system and, as such, satisfy Criterion 3 of 10 CFR 50.36 (Ref. 4).
| |
| LCO The inverters ensure the availability of AC electrical power for the systems instrumentation required to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence (AOO) or a postulated DBA.
| |
| Maintaining the required inverters OPERABLE ensures that the redundancy incorporated into the design of the RPS and ESFAS instrumentation and controls is maintained. The four inverters (two per train) ensure an uninterruptible supply of AC electrical power to the AC vital buses even if the 4.16 kV safety buses are de-energized.
| |
| Operable inverters require the associated vital bus to be powered by the inverter with output voltage and frequency within tolerances, and power input to the inverter from a 125 VDC station battery.
| |
| APPLICABILITY The inverters are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
| |
| : a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
| |
| : b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
| |
| Inverter requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.8, "InvertersShutdown."
| |
| ACTIONS A.1 With a required inverter inoperable, its associated AC vital bus becomes inoperable until it is manually re-energized from its voltage regulated transformer.
| |
| For this reason a Note has been included in Condition A requiring the entry into the Conditions and Required Actions of LCO 3.8.9, "Distribution SystemsOperating." This ensures that the vital bus is re-energized within 2 hours.
| |
| McGuire Units 1 and 2 B 3.8.7-2 Revision No. -115 I
| |
| | |
| Inverters-Operating B 3.8.7 BASES ACTIONS (continued)
| |
| Required Action A.1 allows 24 hours to fix the inoperable inverter and return it to service. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program. The 24 hour limit is based upon engineering judgment, taking into consideration the time required to repair an inverter and the additional risk to which the unit is exposed because of the inverter inoperability. This has to be balanced against the risk of an immediate shutdown, along with the potential challenges to safety systems such a shutdown might entail. When the AC vital bus is powered from its regulated voltage transformer, it is relying upon interruptible AC electrical power sources (offsite and onsite). The uninterruptible inverter source to the AC vital buses is the preferred source for powering instrumentation trip setpoint devices.
| |
| B.1 and B.2 If the inoperable devices or components cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours and to MODE 5 within 36 hours. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.
| |
| SURVEILLANCE SR 3.8.7.1 REQUIREMENTS This Surveillance verifies that the inverters are functioning properly with all required circuit breakers closed and AC vital bus energized from the inverter. The verification of proper voltage output ensures that the required power is readily available for the instrumentation of the RPS and ESFAS connected to the AC vital buses. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.
| |
| REFERENCES 1. UFSAR, Chapter 8.
| |
| : 2. UFSAR, Chapter 6.
| |
| : 3. UFSAR, Chapter 15.
| |
| : 4. 10 CFR 50.36, Technical Specifications, (c)(2)(ii).
| |
| McGuire Units 1 and 2 B 3.8.7-3 Revision No. -115 I
| |
| | |
| Distribution SystemsOperating B 3.8.9 BASES APPLICABILITY The electrical power distribution subsystems are required to be OPERABLE in MODES 1, 2, 3, and 4 to ensure that:
| |
| : a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of AOOs or abnormal transients; and
| |
| : b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.
| |
| Electrical power distribution subsystem requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.10, "Distribution SystemsShutdown."
| |
| ACTIONS A.1 With one or more required AC buses, load centers, motor control centers, or distribution panels, except AC vital buses, in one train inoperable, the remaining AC electrical power distribution subsystem in the other train is capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining power distribution subsystems could result in the minimum required ESF functions not being supported. Therefore, the required AC buses, load centers, motor control centers, and distribution panels must be restored to OPERABLE status within 8 hours or in accordance with the Risk-Informed Completion Time Program.
| |
| Condition A worst scenario is one train without AC power (i.e., no offsite power to the train and the associated DG inoperable). In this Condition, the unit is more vulnerable to a complete loss of AC power. It is, therefore, imperative that the unit operator's attention be focused on minimizing the potential for loss of power to the remaining train by stabilizing the unit, and on restoring power to the affected train. The 8 hour time limit before requiring a unit shutdown in this Condition is acceptable because of:
| |
| : a. The potential for decreased safety if the unit operator's attention is diverted from the evaluations and actions necessary to restore power to the affected train, to the actions associated with taking the unit to shutdown within this time limit; and
| |
| : b. The potential for an event in conjunction with a single failure of a redundant component in the train with AC power.
| |
| McGuire Units 1 and 2 B 3.8.9-3 Revision No. 173
| |
| | |
| Distribution SystemsOperating B 3.8.9 BASES ACTIONS (continued)
| |
| B.1 With one AC vital bus inoperable, the remaining OPERABLE AC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition. Overall reliability is reduced, however, since an additional single failure could result in the minimum ESF functions not being supported. Therefore, the required AC vital bus must be restored to OPERABLE status within 2 hours by powering the bus from the associated inverter via inverted DC or regulated voltage transformer.
| |
| Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| Condition B represents one AC vital bus without power; potentially both the DC source and the associated AC source are nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all noninterruptible power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining vital buses and restoring power to the affected vital bus.
| |
| This 2 hour limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate vital AC power. Taking exception to LCO 3.0.2 for components without adequate vital AC power, that would have the Required Action Completion Times shorter than 2 hours if declared inoperable, is acceptable because of:
| |
| : a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) and not allowing stable operations to continue;
| |
| : b. The potential for decreased safety by requiring entry into numerous Applicable Conditions and Required Actions for components without adequate vital AC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected train; and
| |
| : c. The potential for an event in conjunction with a single failure of a redundant component.
| |
| The 2 hour Completion Time takes into account the importance to safety of restoring the AC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE vital buses, and the low probability of a DBA occurring during this period.
| |
| McGuire Units 1 and 2 B 3.8.9-4 Revision No. 173
| |
| | |
| Distribution SystemsOperating B 3.8.9 BASES ACTIONS (continued)
| |
| C.1 With one DC bus in one train inoperable, the remaining DC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining DC electrical power distribution subsystem could result in the minimum required ESF functions not being supported. Therefore, the DC buses must be restored to OPERABLE status within 2 hours by powering the bus from the associated battery or charger. Alternatively, a Completion Time can be determined in accordance with the Risk-Informed Completion Time Program.
| |
| Condition C represents one DC bus without adequate DC power; potentially both with the battery significantly degraded and the associated charger nonfunctioning. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining channels and restoring power to the affected channel.
| |
| This 2 hour limit is more conservative than Completion Times allowed for the vast majority of components that would be without power. Taking exception to LCO 3.0.2 for components without adequate DC power, which would have Required Action Completion Times shorter than 2 hours, is acceptable because of:
| |
| : a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) while allowing stable operations to continue;
| |
| : b. The potential for decreased safety by requiring entry into numerous applicable Conditions and Required Actions for components without DC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected channel; and
| |
| : c. The potential for an event in conjunction with a single failure of a redundant component.
| |
| The 2 hour Completion Time for DC buses is consistent with Regulatory Guide 1.93 (Ref. 4).
| |
| D.1 and D.2 If the inoperable distribution subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a McGuire Units 1 and 2 B 3.8.9-5 Revision No. 173
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 ATTACHMENT 4 CROSS-REFERENCE OF TSTF-505 AND MNS TECHNICAL SPECIFICATIONS
| |
| [12 PAGES FOLLOW THIS COVER PAGE]
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION Reactor Trip System (RTS) Instrumentation - Manual Reactor Trip YES (MODES 1 and 2)
| |
| TSTF-505: LCO 3.3.1, Condition B, RA B.2 MNS: LCO 3.3.1, Condition B, RA B.2 Reactor Trip System (RTS) Instrumentation - Manual Reactor Trip NO This Condition has MODE 3 - 5 applicability only and is not proposed to be included in the (MODES 3, 4 and 5) MNS scope.
| |
| TSTF-505: LCO 3.3.1, Condition C, RA C.1 MNS: LCO 3.3.1, Condition C, RA C.1 Reactor Trip System (RTS) Instrumentation - Power Range Neutron Flux - NO VARIATION: MNS does not have RAs that are equivalent to TSTF-505, RAs D.1.1 and D.1.2 High for TS 3.3.1.
| |
| TSTF-505: 3.3.1, Condition D, RAs D.1.1, D.1.2 MNS: N/A Reactor Trip System (RTS) Instrumentation - Power Range Neutron Flux - YES EDITORIAL: TS 3.3.1, Condition D in TSTF-505, Rev. 2 specifies "One Power Range Neutron High Flux - High channel inoperable." whereas the MNS equivalent TS specifies "One channel TSTF-505: 3.3.1, Condition D, RA D.2.1 inoperable." MNS Condition D also corresponds to the RTS Function Power Range Neutron MNS: 3.3.1, Condition D, RA D.1.2 Flux Rate - High Postive Rate. Additional justification is required per TSTF-505, Rev. 2 and is provided in Enclosure 1.
| |
| Reactor Trip System (RTS) Instrumentation - Power Range Neutron Flux - YES Low TSTF-505: 3.3.1, Condition E, RA E.1 MNS: 3.3.1, Condition E, RA E.1 Reactor Trip System (RTS) Instrumentation - Power Range Neutron Flux YES EDITORIAL: The TSTF-505, Rev. 2 Function 3.a in TS Table 3.3.1-1 for Power Range Neutron Rate - High Positive Rate Flux Rate - High Positive Rate corresponds to Condition E. The equivalent MNS RTS TSTF-505: 3.3.1, Condition E, RA E.1 Function 3.a for Power Range Neutron Flux Rate - High Postive Rate corresponds to MNS: 3.3.1, Condition D, RA D.1.2 Condition D. Both TSTF-505, Rev. 2 Condition E and MNS Condition D are within the scope of the TSTF-505 Traveler for adoption into the RICT Program and both the Required Actions E.1 (TSTF-505) and D.1.2 (MNS) are to place the inoperable channel in trip.
| |
| Reactor Trip System (RTS) Instrumentation - Power Range Neutron Flux NO VARIATION: MNS TS Table 3.3.1-1 does not include a Function for Power Range Neutron Rate - High Negative Rate Flux Rate - High Negative Rate.
| |
| TSTF-505: 3.3.1, Condition E, RA E.1 MNS: N/A Reactor Trip System (RTS) Instrumentation - Source Range Neutron Flux NO This Condition has MODE 3 - 5 applicability only and is not proposed to be included in the TSTF-505: 3.3.1, Condition J, RA J.1 MNS scope.
| |
| MNS: 3.3.1, Condition K, RA K.1
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION Reactor Tri~ S)lstem {RTS) Instrumentation - Overtem~erature t.T YES TSTF-505: 3.3.1, Condition E, RA E.1 MNS: 3.3.1, Condition E, RA E.1 Reactor Tri~ S)lstem {RTS) Instrumentation - Over~ower t.T YES TSTF-505: 3.3.1, Condition E, RA E.1 MNS: 3.3.1, Condition E, RA E.1 Reactor Trip System (RTS) Instrumentation - Pressurizer Pressure - Low YES TSTF-505: 3.3.1, Condition L, RA L.1 MNS: 3.3.1, Condition M, RA M.1 Reactor Trip System (RTS) Instrumentation - Pressurizer Pressure - High YES TSTF-505: 3.3.1, Condition E, RA E.1 MNS: 3.3.1, Condition E, RA E.1 Reactor Trip System (RTS) Instrumentation - Pressurizer Water Level - YES High TSTF-505: 3.3.1, Condition L, RA L.1 MNS: 3.3.1, Condition M, RA M.1 Reactor Trip System (RTS) Instrumentation - Reactor Coolant Flow - Low YES VARIATION: MNS has two RTS Functions for Reactor Coolant Flow - Low (Single Loop and (Single Loop) Two Loops), whereas TSTF-505, Rev. 2 has a single RTS Function for Reactor Coolant Flow -
| |
| TSTF-505: N/A Low. The MNS Reactor Coolant Flow - Low (Single Loop) Function corresponds to MNS: 3.3.1, Condition O, RA O.1 renumbered site-specific Condition O ("One Reactor Coolant Flow - Low (Single Loop) channel inoperable."). The re-numbered site-specific RA O.1 is to place the channel in trip, for which a RICT can be directly calculated. More discussion is provided in Attachment 1 of the license amendment request.
| |
| Reactor Trip System (RTS) Instrumentation - Reactor Coolant Flow - Low YES EDITORIAL: The MNS Function is Reactor Coolant Flow - Low (Two Loops), whereas the (Two Loops) equivalent TSTF-505, Rev. 2 Function is Reactor Coolant Flow - Low.
| |
| TSTF-505: 3.3.1, Condition L, RA L.1 MNS: 3.3.1, Condition M, RA M.1 Reactor Trip System (RTS) Instrumentation - Reactor Coolant Pump NO VARIATION: The MNS TS do not have this specification.
| |
| (RCP) Breaker Position (Single Loop)
| |
| TSTF-505: 3.3.1, Condition N, RA N.1 MNS: N/A Reactor Trip System (RTS) Instrumentation - Reactor Coolant Pump NO VARIATION: The MNS TS do not have this specification.
| |
| (RCP) Breaker Position (Two Loops)
| |
| TSTF-505: 3.3.1, Condition P, RA P.1 MNS: N/A
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION Reactor Trip System (RTS) Instrumentation - Undervoltage RCPs YES TSTF-505: 3.3.1, Condition L, RA L.1 MNS: 3.3.1, Condition M, RA M.1 Reactor Trip System (RTS) Instrumentation - Underfrequency RCPs YES TSTF-505: 3.3.1, Condition L, RA L.1 MNS: 3.3.1, Condition M, RA M.1 Reactor Trip System (RTS) Instrumentation - Steam Generator (SG) YES EDITORIAL: The Function for MNS is "Steam Generator (SG) Water Level - Low Low".
| |
| Water Level - Low TSTF-505: 3.3.1, Condition E, RA E.1 MNS: 3.3.1, Condition E, RA E.1 Reactor Trip System (RTS) Instrumentation - Steam Generator (SG) NO VARIATION: The MNS TS do not have this RTS Function.
| |
| Water Level - Low - Coincident with Steam Flow/Feedwater Flow Mismatch TSTF-505: 3.3.1, Condition E, RA E.1 MNS: N/A Reactor Trip System (RTS) Instrumentation - Turbine Trip - Low Fluid Oil YES EDITORIAL: The MNS RTS Function is "One Turbine Trip - Low Fluid Oil Pressure channel Pressure inoperable." whereas the TSTF-505, Rev. 2 Condition is "One Turbine Trip channel TSTF-505: 3.3.1, Condition R, RA R.1 inoperable."
| |
| MNS: 3.3.1, Condition Q, RA Q.1 Reactor Trip System (RTS) Instrumentation - Turbine Trip - Turbine Stop NO VARIATION: MNS Condition S (i.e., One or more Turbine Trip - Turbine Stop Valve Closure Valve Closure channels inoperable) could consitute a loss of safety function with more than one channel TSTF-505: 3.3.1, Condition R, RA R.1 inoperable and is therefore not being proposed to be included in the scope of the RICT MNS: 3.3.1, Condition S, RA S.1 Program.
| |
| Reactor Trip System (RTS) Instrumentation - Safety Injection (SI) Input YES from Engineered Safety Feature Actuation System (ESFAS)
| |
| TSTF-505: 3.3.1, Condition T, RA T.1 MNS: 3.3.1, Condition T, RA T.1 Reactor Trip System (RTS) Instrumentation - Reactor Trip Breakers YES Additional justification is required in accordance with TSTF-505, Revision 2 (Table 1). The (RTBs) additional justification is provided in LAR Enclosure 1.
| |
| TSTF-505: 3.3.1, Condition U, RA U.1 MNS: 3.3.1, Condition U, RA U.1 Reactor Trip System (RTS) Instrumentation - Reactor Trip Breaker YES Undervoltage and Shunt Trip Mechanisms TSTF-505: 3.3.1, Condition Y, RA Y.1 MNS: 3.3.1, Condition Y, RA Y.1 Reactor Trip System (RTS) Instrumentation - Automatic Trip Logic YES TSTF-505: 3.3.1, Condition T, RA T.1 MNS: 3.3.1, Condition T, RA T.1
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION ESFAS Instrumentation - Safety Injection (Manual Initiation) YES TSTF-505: 3.3.2, Condition B, RA B.1 MNS: 3.3.2, Condition B, RA B.1 ESFAS Instrumentation - Safety Injection (Automatic Actuation Logic YES and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition C, RA C.1 MNS: 3.3.2, Condition C, RA C.1 ESFAS Instrumentation - Safety Injection (Containment Pressure - High) YES TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Safety Injection (Pressurizer Pressure - Low) YES TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Safety Injection (Steam Line Pressure - Low) NO VARIATION: The MNS TS do not have this specification.
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Safety Injection (Steam Line Pressure - High NO VARIATION: The MNS TS do not have this specification.
| |
| Differential Pressure Between Steam Lines)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Safety Injection (High Steam Flow in Two NO VARIATION: The MNS TS do not have this specification.
| |
| Steam Lines Coincident with Tavg - Low Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Safety Injection (High Steam Flow in Two NO VARIATION: The MNS TS do not have this specification.
| |
| Steam Lines Coincident with Steam Line Pressure - Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Containment Spray (Manual Initiation) NO VARIATION: The MNS TS do not have this specification.
| |
| TSTF-505: 3.3.2, Condition B, RA B.1 MNS: N/A ESFAS Instrumentation - Containment Spray (Automatic Actuation Logic NO VARIATION: The MNS TS do not have this specification.
| |
| and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition C, RA C.1 MNS: N/A
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION ESFAS Instrumentation - Containment Spray (Containment Pressure NO VARIATION: The MNS TS do not have this specification.
| |
| High - 3 (High High))
| |
| TSTF-505: 3.3.2, Condition E, RA E.1 MNS: N/A ESFAS Instrumentation - Containment Spray (Containment Pressure NO VARIATION: The MNS TS do not have this specification.
| |
| High - 3 (Two Loop Plants))
| |
| TSTF-505: 3.3.2, Condition E, RA E.1 MNS: N/A ESFAS Instrumentation - Containment Isolation (Phase A Isolation - YES Manual Initiation)
| |
| TSTF-505: 3.3.2, Condition B, RA B.1 MNS: 3.3.2, Condition B, RA B.1 ESFAS Instrumentation - Containment Isolation (Phase A Isolation - YES Automatic Actuation Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition C, RA C.1 MNS: 3.3.2, Condition C, RA C.1 ESFAS Instrumentation - Containment Isolation (Phase B Isolation - YES Manual Initiation)
| |
| TSTF-505: 3.3.2, Condition B, RA B.1 MNS: 3.3.2, Condition B, RA B.1 ESFAS Instrumentation - Containment Isolation (Phase B Isolation - YES Automatic Actuation Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition C, RA C.1 MNS: 3.3.2, Condition C, RA C.1 ESFAS Instrumentation - Steam Line isolation (Manual Initiation) YES TSTF-505: 3.3.2, Condition F, RA F.1 MNS: 3.3.2, Condition F, RA F.1 ESFAS Instrumentation - Steam Line isolation (Automatic Actuation YES Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition G, RA G.1 MNS: 3.3.2, Condition H, RA H.1 ESFAS Instrumentation - Steam Line isolation (Steam Line Pressure - YES Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION ESFAS Instrumentation - Steam Line isolation (Steam Line Pressure - NO This Function has MODE 3 applicability only and is not proposed to be included in the MNS Negative Rate - High) scope.
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Steam Line isolation (High Steam Flow in Two NO VARIATION: The MNS TS do not have this Steam Line Isolation function.
| |
| Steam Lines)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Steam Line isolation (High Steam Flow in Two NO VARIATION: The MNS TS do not have this Steam Line Isolation function.
| |
| Steam Lines - Coincident with Tavg - Low Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Steam Line isolation (High Steam Flow in Two NO VARIATION: The MNS TS do not have this Steam Line Isolation function.
| |
| Steam Lines - Coincident with Steam Line Pressure - Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: N/A ESFAS Instrumentation - Turbine Trip and Feedwater Isolation (Turbine YES Trip - Automatic Actuation Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition H, RA H.1 MNS: 3.3.2, Condition I, RA I.1 ESFAS Instrumentation - Turbine Trip and Feedwater Isolation (Turbine YES Trip - SG Water Level - High High (P-14))
| |
| TSTF-505: 3.3.2, Condition I, RA I.1 MNS: 3.3.2, Condition J, RA J.1 ESFAS Instrumentation - Turbine Trip and Feedwater Isolation YES (Feedwater Isolation - Automatic Actuation Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition G, RA G.1 MNS: 3.3.2, Condition H, RA H.1 ESFAS Instrumentation - Turbine Trip and Feedwater Isolation YES (Feedwater Isolation - SG Water Level - High High (P-14))
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION ESFAS Instrumentation - Turbine Trip and Feedwater Isolation YES VARIATION: TSTF-505, Revision 2 does not contain a Function in TS 3.3.2 (ESFAS (Feedwater Isolation - Tavg-Low Coincident with Reactor Trip) Instrumentation) for Feedwater Isolation - Tavg-Low Coincident with Reactor Trip (P-4).
| |
| TSTF-505: N/A This site-specific instrumentation Function is modeled by the MNS PRA and thus a RICT can MNS: 3.3.2, Condition J, RA J.1 be directly calculated. MNS Required Action J.1 also corresponds to a separate Function which is in the scope of TSTF-505, Revision 2 for inclusion in the RICT Program (i.e.,
| |
| Turbine Trip - SG Water Level - High High which is Required Action I.1 in TSTF-505, Rev. 2).
| |
| ESFAS Instrumentation - Auxiliary Feedwater (Automatic Actuation YES Logic and Actuation Relays)
| |
| TSTF-505: 3.3.2, Condition G, RA G.1 MNS: 3.3.2, Condition H, RA H.1 ESFAS Instrumentation - Auxiliary Feedwater (SG Water Level - Low YES Low)
| |
| TSTF-505: 3.3.2, Condition D, RA D.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Auxiliary Feedwater (Station Blackout - Loss of YES EDITORIAL: The Function in TSTF-505, Revision 2 is Auxiliary Feedwater - Loss of Offsite voltage) Power.
| |
| TSTF-505: 3.3.2, Condition F, RA F.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Auxiliary Feedwater (Station Blackout - YES EDITORIAL: The Function in TSTF-505, Revision 2 is Auxiliary Feedwater - Loss of Offsite Degraded voltage) Power.
| |
| TSTF-505: 3.3.2, Condition F, RA F.1 MNS: 3.3.2, Condition D, RA D.1 ESFAS Instrumentation - Auxiliary Feedwater (Trip of all Main NO VARIATION: This Condition represents a loss of function for MNS and is therefore not Feedwater Pumps) proposed to be included in the scope of the RICT Program.
| |
| TSTF-505: 3.3.2, Condition J, RA J.1 MNS: 3.3.2, Condition K, RA K.1 ESFAS Instrumentation - Auxiliary Feedwater (Undervoltage Reactor NO VARIATION: The MNS TS do not contain this ESFAS Function.
| |
| Coolant Pump)
| |
| TSTF-505: 3.3.2, Condition I, RA I.1 MNS: N/A ESFAS Instrumentation - Auxiliary Feedwater (Auxiliary Feedwater NO VARIATION: The TS 3.3.2 Condition F in TSTF-505, Revision 2 is for one channel or train Pump Suction Transfer on Suction Pressure - Low) inoperable and therefore does not represent a loss of safety function. However, the TSTF-505: 3.3.2, Condition F, RA F.1 equilavent MNS TS 3.3.2 Condition N is for one or more channels of Auxiliary Feedwater MNS: 3.3.2, Condition N, RA N.1 Suction Pressure-Low for one auxiliary feedwater pump and could represent a loss of function. Therefore, this ESFAS Function is not proposed to be in the scope of the MNS RICT Program.
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION ESFAS Instrumentation - ESFAS Interlocks (Reactor Trip, P-4) YES TSTF-505: 3.3.2, Condition F, RA F.1 MNS: 3.3.2, Condition F, RA F.1 Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation YES TSTF-505: 3.3.5, Condition A, RA A.1 MNS: 3.3.5, Condition A, RA A.1 Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation YES TSTF-505, Revision 2 Table 1 specifies that this Condition B requires additional justification.
| |
| TSTF-505: 3.3.5, Condition B, RA B.1 A Note is proposed for the Completion Time of TS 3.3.5, Condition B, RA B.1 that precludes MNS: 3.3.5, Condition B, RA B.1 use of the RICT Program for a loss of function.
| |
| Boron Dilution Protection System (BDPS) NO VARIATION: MNS does not have a Boron Dilution Protection System instrumentation TS.
| |
| TSTF-505: 3.3.9, Condition A, RA A.1 MNS: N/A RCS Loops - MODE 3 NO This Condition has MODE 3 applicability only and is not proposed to be included in the TSTF-505: 3.4.5, Condition A, RA A.1 MNS scope.
| |
| MNS: 3.4.5, Condition A, RA A.1 RCS Loops - MODE 3 NO These Conditions have MODE 3 applicability only and is not proposed to be included in the TSTF-505: 3.4.5, Condition C, RAs C.1, C.2 MNS scope.
| |
| MNS: 3.4.5, Condition C, RAs C.1, C.2 Pressurizer NO VARIATION: Pressurizer heaters are not adequately modeled in the PRA and therefore this TSTF-505: 3.4.9, Condition B, RA B.1 Action is not proposed to be in the scope of the RICT Program.
| |
| MNS: 3.4.9, Condition B, RA B.1 Pressurizer Power Operated Relief Valves (PORVs) YES EDITORIAL: The TSTF-505, Revision 2 Condition B is for "One [or two] PORV[s] inoperable TSTF-505: 3.4.11, Condition B, RA B.3 and not capable of being manually cycled." The MNS Condition C is for "One Train A PORV MNS: 3.4.11, Condition C, RA C.3 inoperable and not capable of being manually cycled." The Required Action B.3 for TSTF-505 and C.3 for MNS are equivalent.
| |
| Pressurizer Power Operated Relief Valves (PORVs) YES EDITORIAL: The TSTF-505, Revision 2 Condition B is for "One [or two] PORV[s] inoperable TSTF-505: 3.4.11, Condition B, RA B.3 and not capable of being manually cycled." MNS Condition D is for two train B PORVs MNS: 3.4.11, Condition D, RA D.3 inoperable and not capable of being manually cycled. The Required Action B.3 for TSTF-505 and Required Action D.3 for MNS to restore one PORV to OPERABLE status are equivalent.
| |
| Pressurizer Power Operated Relief Valves (PORVs) YES EDITORIAL: The TSTF-505, Revision 2 Condition C is for "One [or two] block valve(s)
| |
| TSTF-505: 3.4.11, Condition C, RA C.2 inoperable." The MNS Condition H is for "One Train A block valve inoperable." The MNS: 3.4.11, Condition H, RA H.3 Required Action C.2 for TSTF-505 and the Required Action H.3 for MNS to restore the Train A block valve to OPERABLE status are equivalent.
| |
| Pressurizer Power Operated Relief Valves (PORVs) YES EDITORIAL: The TSTF-505, Revision 2 Condition C is for "One [or two] block valve(s)
| |
| TSTF-505: 3.4.11, Condition C, RA C.2 inoperable." The MNS Condition I is for "Two Train B block valves inoperable." The MNS: 3.4.11, Condition I, RA I.3 Required Action C.2 for TSTF-505 and the Required Action I.3 for MNS to restore one Train B block valve to OPERABLE status are equivalent.
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION Pressurizer Power Operated Relief Valves (PORVs) YES VARIATION: MNS TS 3.4.11, Condition J ("One Train B PORV inoperable and not capable of TSTF-505: N/A being manually cycled AND The other Train B block valve inoperable.") is a plant-specific MNS: 3.4.11, Condition J, RAs J.3.1, J.3.2 Action that is not specified in TSTF-505, Revision 2. However, the Required Actions J.3.1 and J.3.2 are restoration actions and the PRA explicitly models these SSCs. Therefore, RAs J.3.1 and J.3.2 meet the criteria for inclusion in the MNS RICT Program. Further discussion is provided in Attachment 1 of the LAR.
| |
| Emergency Core Cooling System (ECCS) - Operating YES EDITORIAL: In addition to MNS TS 3.5.2 Condition A specifying "One or more trains TSTF-505: 3.5.2, Condition A, RA A.1 inoperable", it also specifies "At least 100% of the ECCS flow equivalent to a single MNS: 3.5.2, Condition A, RA A.1 OPERABLE ECCS train available."
| |
| Table 1 of TSTF-505, Revision 2 requires additional justification for this ECCS - Operating TS Action. Table 1 states that "Acceptable justification is TS Condition requiring 100% flow equivalent to a single ECCS train." Part of MNS TS 3.5.2, Condition A states "At least 100%
| |
| of the ECCS flow equivalent to a single OPERABLE ECCS train available." Therefore, Condition A, RA A.1 is acceptable for inclusion in the MNS RICT Program.
| |
| Containment Air Locks YES Table 1 of TSTF-505, Revision 2 requires additional justification for this Containment Air TSTF-505: 3.6.2, Condition C, RA C.3 Locks TS Action. RA C.1 states: "Initiate action to evaluate overall containment leakage rate MNS: 3.6.2, Condition C, RA C.3 per LCO 3.6.1." Per TS 3.6.1, excessive leakage would require a unit shutdown if containment is not restored to operable status within 1 hour.
| |
| Containment Isolation Valves YES TSTF-505: 3.6.3, Condition A, RA A.1 MNS: 3.6.3, Condition A, RA A.1 Containment Isolation Valves YES TSTF-505: 3.6.3, Condition C, RA C.1 MNS: 3.6.3, Condition C, RA C.1 Containment Spray System (Ice Condenser) YES Additional justification is provided in LAR Enclosure 1.
| |
| TSTF-505: 3.6.6C, Condition A, RA A.1 MNS: 3.6.6, Condition A, RA A.1 Hydrogen Ignition System (HIS) (Ice Condenser) YES EDITORIAL: TSTF-505, Revision 2, which is based on NUREG-1431 for Westinghouse plants, TSTF-505: 3.6.10, Condition A, RA A.1 refers to the Hydrogen Ignition System. The MNS equilavent system is referred to as the MNS: 3.6.9, Condition A, RA A.1 Hydrogen Mitigation System (HMS).
| |
| Hydrogen Ignition System (HIS) (Ice Condenser) YES EDITORIAL: TSTF-505, Revision 2, which is based on NUREG-1431 for Westinghouse plants, TSTF-505: 3.6.10, Condition B, RA B.1 refers to the Hydrogen Ignition System. The MNS equilavent system is referred to as the MNS: 3.6.9, Condition B, RA B.1 Hydrogen Mitigation System (HMS).
| |
| Air Return System (ARS) (Ice Condenser) YES TSTF-505: 3.6.14, Condition A, RA A.1 MNS: 3.6.11, Condition A, RA A.1
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION Ice Condenser Doors NO VARIATION: Ice condenser doors are not adequately modeled in the PRA and therefore TSTF-505: 3.6.16, Condition A, RA A.1 this Action is not proposed to be in the scope of the RICT Program.
| |
| MNS: 3.6.13, Condition A, RA A.1 Ice Condenser Doors NO VARIATION: Ice condenser doors are not adequately modeled in the PRA and therefore TSTF-505: 3.6.16, Condition B, RA B.2 this Action is not proposed to be in the scope of the RICT Program.
| |
| MNS: 3.6.13, Condition B, RA B.2.2 Divider Barrier Integrity (Ice Condenser) YES TSTF-505: 3.6.17, Condition A, RA A.1 MNS: 3.6.14, Condition A, RA A.1 Main Steam Isolation Valves (MSIVs) YES Additional justification is required in accordance with TSTF-505, Revision 2. The additional TSTF-505: 3.7.2, Condition A, RA A.1 justification is provided in LAR Enclosure 1.
| |
| MNS: 3.7.2, Condition A, RA A.1 Atmospheric Dump Valves (ADVs) NO VARIATION: MNS does not have a TS for ADVs.
| |
| TSTF-505: 3.7.4, Condition A, RA A.1 MNS: N/A Atmospheric Dump Valves (ADVs) NO VARIATION: MNS does not have a TS for ADVs.
| |
| TSTF-505: 3.7.4, Condition B, RA B.1 MNS: N/A Auxiliary Feedwater (AFW) System YES TSTF-505: 3.7.5, Condition A, RA A.1 MNS: 3.7.5, Condition A, RA A.1 Auxiliary Feedwater (AFW) System YES TSTF-505: 3.7.5, Condition B, RA B.1 MNS: 3.7.5, Condition B, RA B.1 Component Cooling Water (CCW) System YES TSTF-505: 3.7.7, Condition A, RA A.1 MNS: 3.7.6, Condition A, RA A.1 Service Water System (SWS) YES EDITORIAL: TSTF-505, Revision 2 refers to the "Service Water System," whereas MNS TS TSTF-505: 3.7.8, Condition A, RA A.1 refer to the "Nuclear Service Water System (NSWS)."
| |
| MNS: 3.7.7, Condition A, RA A.1 Ultimate Heat Sink (UHS) NO VARIATION: MNS does not have an equivalent TS Action for cooling towers. The MNS TSTF-505: 3.7.9, Condition A, RA A.1 Ultimate Heat Sink is the Standby Nuclear Service Water Pond (SNSWP) which is contained MNS: N/A in TS 3.7.8. However, the Required Actions associated with MNS TS 3.7.8 Condition A (SNSWSP inoperable) are to be in MODE 3 in 6 hours and be in MODE 5 in 36 hours.
| |
| Therefore, the SNSWP is not proposed to be in the scope of the MNS RICT Program.
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION AC Sources - Operating YES TSTF-505: 3.8.1, Condition A, RA A.3 MNS: 3.8.1, Condition A, RA A.3 AC Sources - Operating YES VARIATION: Discussion of this optional change/variation is discussed in Attachment 1 of TSTF-505: 3.8.1, Condition B, RA B.4 the license amendment request.
| |
| MNS: 3.8.1, Condition B, RA B.5 AC Sources - Operating YES VARIATION: TSTF-505, Revision 2 is based on NUREG-1431 for a single unit Westinghouse TSTF-505: N/A plant. MNS is a two unit plant that includes a Condition C for an inoperable offsite circuit MNS: 3.8.1, Condition C, RA C.3 on the opposite unit necessary to supply shared systems. Since offsite circuits are adequately modeled by the PRA and a RICT can be directly calculated, this plant-specific Action statement is proposed to be included in the scope of the MNS RICT Program.
| |
| Further discussion is provided in Attachment 1 of the LAR.
| |
| AC Sources - Operating YES VARIATION: MNS TS 3.8.1 Condition E contains 2 additional combinations for two offsite TSTF-505: 3.8.1, Condition C, RA C.2 circuits inoperable beyond that which is in TSTF-505, Rev. 2 to take into account the MNS: 3.8.1, Condition E, RA E.2 opposite unit. However, the MNS Required Action to restore one (of the two) inoperable offsite circuits to OPERABLE status is equivalent to TSTF-505, Revision 2. Since offsite circuits are adequately modeled in the PRA and a RICT can be directly calculated, this plant-specific Action statement is proposed to be included in the scope of the MNS RICT Program. Further discussion is provided in Attachment 1 of the LAR.
| |
| AC Sources - Operating YES TSTF-505: 3.8.1, Condition D, RA D.1, D.2 MNS: 3.8.1, Condition F, RA F.1, F.2 AC Sources - Operating YES TSTF-505: 3.8.1, Condition F, RA F.1 MNS: 3.8.1, Condition H, RA H.1 DC Sources - Operating YES EDITORIAL: MNS TS 3.8.4 does not distinguish separate Action statements for different TSTF-505: 3.8.4, Condition A, RA A.3 causes of inoperability, but applies the limiting 2-hour Completion Time for any cause of a MNS: 3.8.4, Condition A, RAs A.1, A.2.2 DC source being inoperable (MNS RA A.1). If it is verified that the associated bus tie breakers are closed between DC channels, then a 72-hour Completion Time is applied for restoring the channel of DC source to OPERABLE status.
| |
| | |
| Attachment 4 RA-18-0190 Cross-Reference of TSTF-505 and McGuire Technical Specifications LCO ACTION TSTF-505/MNS TS IN SCOPE? DISCUSSION DC Sources - Operating YES EDITORIAL: MNS TS 3.8.4 does not distinguish separate Action statements for different TSTF-505: 3.8.4, Condition B, RA B.1 causes of inoperability, but applies the limiting 2-hour Completion Time for any cause of a MNS: 3.8.4, Condition A, RAs A.1, A.2.2 DC source being inoperable (MNS RA A.1). If it is verified that the associated bus tie breakers are closed between DC channels, then a 72-hour Completion Time is applied for restoring the channel of DC source to OPERABLE status.
| |
| DC Sources - Operating YES EDITORIAL: MNS TS 3.8.4 does not distinguish separate Action statements for different TSTF-505: 3.8.4, Condition C, RA C.1 causes of inoperability, but applies the limiting 2-hour Completion Time for any cause of a MNS: 3.8.4, Condition A, RAs A.1, A.2.2 DC source being inoperable (MNS RA A.1). If it is verified that the associated bus tie breakers are closed between DC channels, then a 72-hour Completion Time is applied for restoring the channel of DC source to OPERABLE status.
| |
| Inverters - Operating YES TSTF-505: 3.8.7, Condition A, RA A.1 MNS: 3.8.7, Condition A, RA A.1 Distribution Systems - Operating YES TSTF-505: 3.8.9, Condition A, RA A.1 MNS: 3.8.9, Condition A, RA A.1 Distribution Systems - Operating YES EDITORIAL: The MNS TS 3.8.9 Action B is for one AC vital bus inoperable whereas the TSTF-TSTF-505: 3.8.9, Condition B, RA B.1 505, Revision 2 Action B specifies one or more AC vital buses inoperable.
| |
| MNS: 3.8.9, Condition B, RA B.1 Distribution Systems - Operating YES TSTF-505: 3.8.9, Condition C, RA C.1 MNS: 3.8.9, Condition C, RA C.1
| |
| | |
| U.S. Nuclear Regulatory Commission RA-18-0190 ATTACHMENT 5 PROPOSED FACILITY OPERATING LICENSE CHANGES (MARK-UP)
| |
| [2 PAGES FOLLOW THIS COVER PAGE]
| |
| | |
| APPENDIX B ADDITIONAL CONDITIONS FACILITY OPERATING LICENSE NO. NPF-9 Duke Energy Carolinas, LLC comply with the following conditions on the schedules noted below:
| |
| Amendment Additional Conditions Implementation Date Number 314 During the extended DG Completion Times Upon implementation authorized by Amendment No. 314, the turbine- of Amendment No.
| |
| driven auxiliary feedwater pump will not be removed 314.
| |
| from service for elective maintenance activities. The turbine-driven auxiliary feed water pump will controlled as "protected equipment" during the extended DG CT. The Non-CT EDGs, ESPS, Component Cooling System, Safe Shutdown Facility, Nuclear Service Water System, Chemical and Volume Control System, Diesel Air Compressors, Residual Heat Removal system, motor driven auxiliary feed water pumps, and the switchyard will also be controlled as "protected equipment."
| |
| 314 The risk estimates associated with the 14-day EDG Upon implementation Completion Time LAR (including those results of of Amendment No.
| |
| associated sensitivity studies) will be updated, as 314.
| |
| necessary to incorporate the as-built, as-operated ESPS modification. Duke Energy will confirm that any updated risk estimates continue to meet the risk acceptance guidelines of RG 1.174 and RG 1.177.
| |
| -B4-Renewed License No. NPF-9 Amendment No. 314
| |
| | |
| APPENDIX B ADDITIONAL CONDITIONS FACILITY OPERATING LICENSE NO. NPF-9 Duke Energy Carolinas, LLC comply with the following conditions on the schedules noted below:
| |
| Amendment Additional Conditions Implementation Date Number 293 During the extended DG Completion Times Upon implementation authorized by Amendment No. 293, the turbine- of Amendment No.
| |
| driven auxiliary feedwater pump will not be removed 293.
| |
| from service for elective maintenance activities. The turbine-driven auxiliary feed water pump will controlled as "protected equipment" during the extended DG CT. The Non-CT EDGs, ESPS, Component Cooling System, Safe Shutdown Facility, Nuclear Service Water System, Chemical and Volume Control System, Diesel Air Compressors, Residual Heat Removal system, motor driven auxiliary feed water pumps, and the switchyard will also be controlled as "protected equipment."
| |
| 293 The risk estimates associated with the 14-day EDG Upon implementation Completion Time LAR (including those results of of Amendment No.
| |
| associated sensitivity studies) will be updated, as 293.
| |
| necessary to incorporate the as-built, as-operated ESPS modification. Duke Energy will confirm that any updated risk estimates continue to meet the risk acceptance guidelines of RG 1.174 and RG 1.177.
| |
| Renewed License No. NPF-17 Amendment No. 293 B-4
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 1 LIST OF REVISED REQUIRED ACTIONS TO CORRESPONDING PRA FUNCTIONS
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE The purpose of this enclosure is to provide a mapping of identified in-scope Technical Specifications (TS) statements to modeled (and surrogate) Probabilistic Risk Assessment (PRA) functions. This mapping provides the basis by which to quantify the increase in risk associated with extending the Completion Time for a given TS Action and to calculate a Risk-Informed Completion Time (RICT) for the RICT Program application.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. NUREG/CR-5500, Volume 2, Reliability Study: Westinghouse Reactor Protection System, 1984-1995, December 1998.
| |
| : 4. TSTF-505-A, Rev. 2, Technical Specifications Task Force Improved Standard Technical Specifications Change Traveler, November 2018.
| |
| : 5. Updated Final Safety Analysis Report (UFSAR) McGuire Nuclear Station, Revision 23.
| |
| : 6. TSTF-411, Surveillance Test Interval Extensions for Components of the Reactor Protection System (WCAP-15376-P), Revision 1, dated August 7, 2002 (ADAMS Accession No. ML022470164).
| |
| : 7. NRC Letter from NRC to McGuire Nuclear Station, McGuire Nuclear Station, Units 1 and 2, Issuance of Amendments Regarding Reactor Trip System and Engineered Safety Features Actuation System Completion Times, Bypass Test Times and Surveillance Test Intervals, Dated December 30, 2008 (ADAMS Accession No. ML083520046).
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 2 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) identifies the following necessary content:
| |
| * The license amendment request (LAR) will provide identification of the TS Limiting Conditions for Operation (LCOs) and Required Actions to which the RICT Program will apply.
| |
| * The LAR will provide a comparison of the TS functions to the PRA modeled functions of the structures, systems and components (SSCs) subject to those LCO actions.
| |
| * The comparison should justify that the scope of the PRA model, including applicable success criteria such as number of SSCs required, flow rate, etc., are consistent with licensing basis assumptions (i.e., 10 CFR 50.46 emergency core cooling system (ECCS) flowrates) for each of the TS requirements, or an appropriate disposition or programmatic restriction will be provided.
| |
| This enclosure provides confirmation that the McGuire Nuclear Station (MNS) PRA models include the necessary scope of SSCs and their functions to address each proposed application of the RICT Program to the proposed scope of TS LCOs. The enclosure also provides the information requested by Section 4.0, Item 2 of Reference 1. The comparison includes each of
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 the TS LCOs and associated Required Actions within the scope of the RICT Program. The MNS PRA model has the capability to model directly, or using a bounding surrogate, the risk impact of entering each of the Actions associated with the TS LCOs that are in the scope of the RICT Program.
| |
| Table E1-1 below lists each MNS TS Action to which the RICT Program is proposed to be applied. The table also documents the following information regarding the TS with the associated safety analyses, the analogous PRA functions and the results of the comparison:
| |
| * Column Technical Specification: Lists the LCOs within the scope of the proposed RICT Program
| |
| * Column Technical Specification Action: Lists the corresponding Action currently in the MNS TS
| |
| * Column Corresponding SSC(s): Lists the SSC(s) addressed by each TS Action
| |
| * Column Function Covered by TS LCO Condition: Contains a summary from the design basis analyses
| |
| * Column Design Success Criteria: Contains a summary of the success criteria from the design basis analyses
| |
| * Column SSCs Modeled in the PRA: Indicates whether the SSCs addressed by the TS LCO and Action are included in the PRA
| |
| * Column PRA Success Criteria: Lists the functions success criteria in the PRA model
| |
| * Column Comments: Provides the justification or resolution to address any inconsistencies between the TS and PRA functions regarding the scope of SSCs and the success criteria. Where the PRA scope of SSCs is not consistent with the TS, additional information is provided to describe how the LCO Action can be evaluated using appropriate surrogate events in the PRA model. Differences in the success criteria for TS functions are addressed to demonstrate PRA criteria provide a realistic estimate of the risk of the TS LCOs and Actions as required by Reference 2.
| |
| The corresponding SSCs for each TS Condition and the associated TS functions are identified and compared to the PRA models. This description also includes the design success criteria and the applicable PRA success criteria. Any differences between the scope or success criteria are described in the table. Scope differences are justified by identifying appropriate surrogate events which permit a risk evaluation to be completed using the Configuration Risk Management Program (CRMP) tool for the RICT Program. Differences in success criteria typically arise due to the requirement in the ASME/ANS PRA Standard to make PRAs realistic rather than bounding, whereas design basis criteria are necessarily conservative and bounding.
| |
| The use of realistic success criteria is necessary to conform to Capability Category II of the ASME/ANS PRA Standard as required by NEI 06-09-A (Reference 2).
| |
| For the purposes of the MNS RICT program, the definition for loss of function or loss of safety function for the subject license amendment request is verbatim from TSTF-505, Revision 2.
| |
| That is, a loss of safety function exists when, assuming no concurrent single failure, no concurrent loss of offsite power, or no concurrent loss of onsite diesel generators, a safety function assumed in the accident analysis cannot be performed.
| |
| Examples of calculated RICTs are provided in Table E1-2 for each individual Action to which the RICT Program is proposed to apply. These calculations assume the SSC in question is the only SSC out-of-service, and thus the values in Table E1-2 are representative examples only.
| |
| Following RICT Program implementation, RICT calculations will be based upon the actual real-
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 time maintenance configuration of the plant and the current revision of the PRA model representing the as-built, as-operated condition of the plant, as required by NEI 06-09-A (Reference 2) and the NRC Safety Evaluation. Thus, in practice, RICT values may differ from the RICTs presented in Table E1-2.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 Table E1-1 In-Scope TS LCO/Conditions to Corresponding PRA Functions Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.B One Manual 2 channels The Manual Reactor Trip ensures that 1 channel Not Explicitly Same Manual instrumentation is Reactor Trip the control room operator can initiate a not explicitly modeled, but channel inoperable reactor trip at any time by using either of TS condition can be Reactor Trip two reactor trip switches in the control represented through System (RTS) room. A Manual Reactor Trip either failure of human Instrumentation - accomplishes the same results as any action to manually trip Manual Reactor one of the automatic trip Functions. It reactor or failure of Trip (MODES 1 may be used by the reactor operator to individual reactor trip and 2) shut down the reactor whenever any breakers. Surrogate parameter is rapidly trending toward its representation is Trip Setpoint bounding, as RICT entry condition would not prevent manual reactor trip function or operation of the reactor trip breakers.
| |
| 3.3.1.D One channel 4 channels The Power Range Neutron FluxHigh 2 channels Not Explicitly Same Neutron flux channels not inoperable trip Function ensures that protection is explicitly modeled, but TS provided, from all power levels, against a condition can be Reactor Trip positive reactivity excursion leading to represented through a System (RTS) DNB during power operations. These can failure of one of two trains Instrumentation - be caused by rod withdrawal or of automatic RTS trip Power Range reductions in RCS temperature. inputs.
| |
| Neutron Flux -
| |
| High 3.3.1.D One channel 4 channels The Power Range Neutron FluxHigh 2 channels Not Explicitly Same Neutron flux channels not inoperable Positive Rate trip Function ensures that explicitly modeled, but TS protection is provided against rapid condition can be Reactor Trip increases in neutron flux that are represented through a System (RTS) characteristic of an RCCA drive rod failure of one of two trains Instrumentation - housing rupture and the accompanying of automatic RTS trip Power Range ejection of the RCCA. This Function inputs.
| |
| Neutron Flux complements the Power Range Neutron Rate - High Flux-High and Low Setpoint trip Positive Rate Functions to ensure that the criteria are met for a rod ejection from the power range.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.E One channel 4 channels The LCO requirement for the Power 2 channels Not Explicitly Same Neutron flux channels not inoperable Range Neutron FluxLow trip Function explicitly modeled, but TS ensures that protection is provided condition can be Reactor Trip against a positive reactivity excursion represented through a System (RTS) from low power or subcritical conditions. failure of one of two trains Instrumentation - of automatic RTS trip Power Range See Note 1.
| |
| inputs.
| |
| Neutron Flux -
| |
| Low 3.3.1.E One channel 4 channels The Overtemperature b.T trip Function is 2 channels Not Explicitly Same Overtemperature inoperable provided to ensure that the design limit channels not explicitly DNBR is met. This trip Function also modeled, but TS Reactor Trip limits the range over which the condition can be System (RTS) Overpower b.T trip Function must provide represented through a Instrumentation - protection. The inputs to the failure of one of two trains Overtemperature Overtemperature b.T trip include of automatic RTS trip b.T pressurizer pressure, coolant inputs.
| |
| temperature, axial power distribution, and reactor power as indicated by loop b.T assuming full reactor coolant flow.
| |
| 3.3.1.E One channel 4 channels The Overpower b.T trip Function ensures 2 channels Not Explicitly Same Overpower channels not inoperable that protection is provided to ensure the explicitly modeled, but TS integrity of the fuel (i.e., no fuel pellet condition can be Reactor Trip melting and less than 1% cladding strain) represented through a System (RTS) under all possible overpower conditions. failure of one of two trains Instrumentation - of automatic RTS trip Overpower b.T inputs.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 7 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.E One channel 4 channels The Pressurizer Pressure-High trip 2 channels Not Explicitly Same Pressurizer pressure high inoperable Function ensures that protection is channels not explicitly provided against over pressurizing the modeled, but TS Reactor Trip RCS. This trip Function operates in condition can be System (RTS) conjunction with the pressurizer relief and represented through a Instrumentation - safety valves to prevent RCS failure of one of two trains Pressurizer overpressure conditions. of automatic RTS trip Pressure - High inputs.
| |
| 3.3.1.E One channel 4 channels per The SG Water Level-Low Low trip 2 channels Yes Same SSCs are modeled inoperable S/G Function ensures that protection is (per S/G) consistently with the TS provided against a loss of heat sink and scope and so can be Reactor Trip actuates the AFW System prior to directly evaluated by the System (RTS) uncovering the SG tubes. The SGs are CRMP.
| |
| Instrumentation - the heat sink for the reactor. In order to Steam Generator The success criteria in act as a heat sink, the SGs must contain the PRA are consistent (SG) Water a minimum amount of water. A narrow Level - Low Low with the design basis range low low level in any SG is criteria.
| |
| indicative of a loss of heat sink for the reactor.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 8 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.M One channel 4 channels The Pressurizer PressureLow trip 2 channels Yes Same SSCs are modeled inoperable Function ensures that protection is consistently with the TS provided against violating the DNBR limit scope and so can be Reactor Trip due to low pressure. directly evaluated by the System (RTS) CRMP.
| |
| Instrumentation - See Note 2.
| |
| Pressurizer The success criteria in Pressure - Low the PRA are consistent with the design basis criteria.
| |
| 3.3.1.M One channel 3 channels The Pressurizer Water Level-High trip 2 channels Not Explicitly Same Specific channel input is inoperable Function provides a backup signal for the not explicitly modeled.
| |
| Pressurizer PressureHigh trip and also The MNS PRA Reactor Trip provides protection conservatively models System (RTS) one generic 2/3 logic Instrumentation - against water relief through the pressurizer safety valves. input (per train) which Pressurizer feeds into SSPS and can Water Level - See Note 2.
| |
| be used to conservatively High represent the TS condition.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 9 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.M One channel 3 channels (3 The Reactor Coolant Flow-Low (Two 2 channels Not Explicitly Same Specific channel input is inoperable per loop) Loops) trip Function ensures that not explicitly modeled.
| |
| protection is provided against violating The MNS PRA Reactor Trip the DNBR limit due to low flow in two or conservatively models System (RTS) more RCS loops while avoiding reactor one generic 2/3 logic Instrumentation - trips due to normal variations in loop flow. input (per train) which Reactor Coolant feeds into SSPS and can Flow - Low (Two See Note 4.
| |
| be used to conservatively Loops) represent the TS condition.
| |
| 3.3.1.M One channel 4 channels (1 The Undervoltage RCPs reactor trip 2 channels Not Explicitly One of two SSPS train Undervoltage RCP inoperable per bus) Function ensures that protection is inputs channels not explicitly provided against violating the DNBR limit modeled, but TS Reactor Trip due to a loss of flow in two or more RCS condition can be System (RTS) loops. represented through a Instrumentation - failure of one of two trains Undervoltage See Note 2.
| |
| of automatic RTS trip RCPs inputs.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 10 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.M One channel 4 channels (1 The Underfrequency RCPs reactor trip 2 channels Not Explicitly One of two SSPS train Underfrequency RCP inoperable per bus) Function ensures that protection is inputs channels not explicitly provided against violating the DNBR limit modeled, but TS Reactor Trip due to a loss of flow in two or more RCS condition can be System (RTS) loops from a major network frequency represented through a Instrumentation - disturbance. failure of one of two trains Underfrequency of automatic RTS trip RCPs See Note 2.
| |
| inputs.
| |
| 3.3.1.O One Reactor 3 channels (3 The Reactor Coolant Flow-Low (Single 2 channels Not Explicitly Same Specific channel input is Coolant Flow - Low per loop) Loop) trip Function ensures that not explicitly modeled.
| |
| (Single Loop) protection is provided against violating The MNS PRA Reactor Trip channel inoperable the DNBR limit due to low flow in one or conservatively models System (RTS) more RCS loops, while avoiding reactor one generic 2/3 logic Instrumentation - trips due to normal variations in loop flow. input (per train) which Reactor Coolant feeds into SSPS and can Flow - Low See Note 3.
| |
| be used to conservatively (Single Loop) represent the TS condition.
| |
| 3.3.1.Q One Turbine Trip 3 channels The Turbine Trip-Low Fluid Oil Pressure 2 channels Not Explicitly Same Specific channel input is Low Fluid Oil trip Function anticipates the loss of heat not explicitly modeled.
| |
| Pressure channel removal capabilities of the secondary The MNS PRA Reactor Trip inoperable system following a turbine trip. This trip conservatively models System (RTS) Function acts to minimize the one generic 2/3 logic Instrumentation - pressure/temperature transient on the input (per train) which Turbine Trip - reactor. feeds into SSPS and can Low Fluid Oil See Note 3. be used to conservatively
| |
| : Pressure, represent the TS condition.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 11 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.T One train 2 trains The SI Input from ESFAS ensures that if 1 train Yes Same SSCs are modeled inoperable a reactor trip has not already been consistently with the TS generated by the RTS, the ESFAS scope and so can be Reactor Trip automatic actuation logic will initiate a directly evaluated by the System (RTS) reactor trip upon any signal that initiates CRMP.
| |
| Instrumentation - SI.
| |
| Safety Injection The success criteria in (SI) Input from the PRA are consistent Engineered with the design basis Safety Features criteria.
| |
| Actuation System (ESFAS) 3.3.1.T One train 2 trains The LCO requirement for the RTBs and 1 train Yes Same SSCs are modeled inoperable Automatic Trip Logic ensures that means consistently with the TS are provided to interrupt the power to scope and so can be Reactor Trip allow the rods to fall into the reactor core. directly evaluated by the System (RTS) Each RTB is equipped with an CRMP.
| |
| Instrumentation - undervoltage coil and a shunt trip coil to RTS Automatic The success criteria in trip the breaker open when needed. Each the PRA are consistent Trip Logic train RTB has a bypass breaker to allow with the design basis testing of the trip breaker while the unit is criteria.
| |
| at power. The reactor trip signals generated by the RTS Automatic Trip Logic cause the RTBs and associated bypass breakers to open and shut down the reactor.
| |
| 3.3.1.U One RTB train 2 trains This trip Function applies to the RTBs 1 train Yes Same SSCs are modeled inoperable exclusive of individual trip mechanisms. consistently with the TS The LCO requires two OPERABLE trains scope and so can be Reactor Trip of trip breakers. A trip breaker train directly evaluated by the System (RTS) consists of all trip breakers associated CRMP.
| |
| Instrumentation - with a single RTS logic train that are Reactor Trip The success criteria in racked in, closed, and capable of the PRA are consistent Breakers (RTBs) supplying power to the CRD System. with the design basis Thus, the train may consist of the main criteria.
| |
| breaker, bypass breaker, or main breaker and bypass breaker, depending upon the system configuration. Two OPERABLE trains ensure no single random failure can disable the RTS trip capability.
| |
| See Note 5.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 12 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.1.Y One trip Undervoltage OPERABILITY of both trip mechanisms One trip Yes Same SSCs are modeled mechanism trip mechanism on each breaker ensures that no single mechanism consistently with the TS inoperable for one and Shunt trip trip mechanism failure will prevent scope and so can be Reactor Trip RTB mechanism per opening any breaker on a valid signal. directly evaluated by the System (RTS) RTB (Undervoltage CRMP.
| |
| Instrumentation - trip or Shunt Reactor Trip Trip) The success criteria in Breaker (2 per train) the PRA are consistent Undervoltage with the design basis and Shunt Trip criteria.
| |
| Mechanisms 3.3.2.B One channel or 2 channels The LCO requires one channel per train 1 channel Not Explicitly Same Switches and instruments train inoperable to be OPERABLE. The operator can not explicitly modeled. An initiate SI at any time by using either of Operator action failure to ESFAS two switches in the control room. This manually initiate SI can Instrumentation action will cause actuation of all be used to conservatively
| |
| - Safety Injection components in the same manner as any represent the function.
| |
| (Manual of the automatic actuation signals. The The surrogate is Initiation) LCO for the Manual Initiation Function inherently conservative ensures the proper amount of as it fails manual initiation redundancy is maintained in the manual of SI entirely while TS ESFAS actuation circuitry to ensure the condition does not fail the operator has manual ESFAS initiation function.
| |
| capability.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 13 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.B One channel or 2 channels Containment Isolation provides isolation 1 channel Not Explicitly Generally same, but Manual phase A isolation train inoperable of the containment atmosphere, and all surrogate assumes is not explicitly modeled process systems that penetrate failure of containment in the PRA. Failure to ESFAS containment, from the environment. This isolate containment can Instrumentation Function is necessary to prevent or limit be conservatively
| |
| - Containment the release of radioactivity to the represented through Isolation (Phase environment in the event of a large break containment bypass.
| |
| A Isolation - LOCA.
| |
| Manual Initiation)
| |
| Manual Phase A Containment Isolation is actuated by either of two switches in the control room. Either switch actuates both trains
| |
| | |
| U.S. Nuclear Regulatory Commission Page 14 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.B One channel or 1 channel per The Phase B signal isolates CCW and 1 train Not Explicitly Generally same, but Phase B isolation is not train inoperable train (2 trains) NSWS. This occurs at a relatively high surrogate assumes explicitly modeled in the containment pressure that is indicative of failure of containment PRA. Failure to isolate ESFAS a large break LOCA or an SLB. For these containment can be Instrumentation events, forced circulation using the RCPs conservatively
| |
| - Containment is no longer desirable. Isolating the CCW represented through Isolation (Phase and NSWS at the higher pressure does containment bypass.
| |
| B Isolation - not pose a challenge to the containment Manual Initiation) boundary because the CCW System and NSWS are closed loops inside containment. Manual and automatic initiation of Phase B containment isolation must be OPERABLE in MODES 1, 2, and 3, when there is a potential for an accident to occur. Phase B Containment Isolation is accomplished by Manual Initiation, Automatic Actuation Logic and Actuation Relays, and by Containment Pressure channels The Containment Pressure trip of Phase B Containment Isolation is energized to trip in order to minimize the potential of spurious trips that may damage the RCPs.
| |
| 3.3.2.C One train 2 trains This LCO requires two trains to be 1 train Yes Same SSCs are modeled inoperable OPERABLE. Actuation logic consists of consistently with the TS all circuitry housed within the actuation scope and so can be ESFAS subsystems, including the initiating relay directly evaluated by the Instrumentation contacts responsible for actuating the CRMP.
| |
| - Safety Injection ESF equipment. Manual and automatic (Automatic The success criteria in initiation of SI must be OPERABLE in the PRA are consistent Actuation Logic MODES 1, 2, and 3. In these MODES, and Actuation with the design basis there is sufficient energy in the primary criteria.
| |
| Relays) and secondary systems to warrant automatic initiation of ESF systems.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 15 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.C One train 2 trains This LCO requires two trains to be 1 train Yes Same SSCs are modeled inoperable OPERABLE. Actuation logic consists of consistently with the TS all circuitry housed within the actuation scope and so can be ESFAS subsystems, including the initiating relay directly evaluated by the Instrumentation contacts responsible for actuating the CRMP.
| |
| - Containment equipment. Manual and automatic Isolation (Phase The success criteria in initiation of Phase A Containment the PRA are consistent A Isolation - Isolation must be OPERABLE in MODES Automatic with the design basis 1, 2, and 3, when there is a potential for criteria.
| |
| Actuation Logic an accident to occur. Phase A and Actuation Containment Isolation is also initiated by Relays) all Functions that initiate SI. The Phase A Containment Isolation requirements for these Functions are the same as the requirements for their SI function.
| |
| 3.3.2.C One train 2 trains The Phase B signal isolates CCW and 1 train Not Explicitly PRA success criteria for Phase B isolation aspects inoperable NSWS. This occurs at a relatively high chosen surrogate events are not explicitly modeled containment pressure that is indicative of is one of two trains in the PRA. Surrogate ESFAS a large break LOCA or an SLB. For these mapping which fails train Instrumentation events, forced circulation using the RCPs inputs to containment
| |
| - Containment is no longer desirable. Isolating the CCW isolation can be used to Isolation (Phase and NSWS at the higher pressure does conservatively represent B Isolation - not pose a challenge to the containment the TS condition.
| |
| Automatic boundary because the CCW System and Actuation Logic NSWS are closed loops inside and Actuation containment. Manual and automatic Relays) initiation of Phase B containment isolation must be OPERABLE in MODES 1, 2, and 3, when there is a potential for an accident to occur. Phase B Containment Isolation is accomplished by Manual Initiation, Automatic Actuation Logic and Actuation Relays, and by Containment Pressure channels. The Containment Pressure trip of Phase B Containment Isolation is energized to trip in order to minimize the potential of spurious trips that may damage the RCPs.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 16 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.D One channel 3 channels This signal provides protection against 2 channels Yes Same SSCs are modeled inoperable the following accidents: consistently with the TS SLB inside containment; scope and so can be ESFAS directly evaluated by the Instrumentation LOCA; and CRMP.
| |
| - Safety Injection Feed line break inside containment.
| |
| (Containment The success criteria in Pressure - High) Containment Pressure-High provides no the PRA are consistent input to any control functions. Thus, three with the design basis OPERABLE channels are sufficient to criteria.
| |
| satisfy protective requirements with a two-out-of-three logic.
| |
| 3.3.2.D One channel 4 channels This signal provides protection against 2 channels Yes Same SSCs are modeled inoperable the following accidents: consistently with the TS Inadvertent opening of a steam scope and so can be ESFAS directly evaluated by the Instrumentation generator (SG) relief or safety valve; CRMP.
| |
| - Safety SLB; Injection The success criteria in A spectrum of rod cluster control (Pressurizer the PRA are consistent assembly ejection accidents (rod Pressure - Low) with the design basis ejection);
| |
| criteria.
| |
| Inadvertent opening of a pressurizer relief or safety valve; LOCAs; and SG Tube Rupture.
| |
| Pressurizer pressure provides both control and protection functions: input to the Pressurizer Pressure Control System, reactor trip, and SI. Therefore, the actuation logic must be able to withstand both an input failure to control system, which may then require the protection function actuation, and a single failure in the other channels providing the protection function actuation. Thus, four OPERABLE channels are required to satisfy the requirements with a two-out-of-four logic.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 17 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.D One channel 3 per steam line Steam Line Pressure-Low provides 2 per steam Not explicitly Instrumentation not Instrumentation is not inoperable closure of the MSIVs in the event of an line explicitly modeled, but explicitly modeled.
| |
| SLB to maintain three unfaulted SGs as a PRA models cooldown Surrogate mapping which ESFAS heat sink for the reactor and to limit the on three un-faulted SGs assumes one train of Instrumentation mass and energy release to containment. ESFAS is inoperable can
| |
| - Steam Line This Function provides closure of the be used to conservatively isolation (Steam MSIVs in the event of a feed line break to represent the TS Line Pressure - ensure a supply of steam for the turbine condition.
| |
| Low) driven AFW pump. Steam Line Pressure-Low Function must be OPERABLE in MODES 1, 2, and 3 (above P-11), with any main steam valve open, when a secondary side break or stuck open valve could result in the rapid depressurization of the steam lines.
| |
| See Notes 6 and 7.
| |
| 3.3.2.D One channel 3 per S/G This signal provides protection against 2 per S/G Yes Same SSCs are modeled inoperable excessive feedwater flow. The ESFAS consistently with the TS SG water level instruments provide input scope and so can be ESFAS to the SG Water Level Control System. directly evaluated by the Instrumentation Therefore, the actuation logic must be CRMP.
| |
| - Turbine Trip able to withstand both an input failure to and Feedwater The success criteria in the control system (which may then the PRA are consistent Isolation require the protection function actuation)
| |
| (Feedwater with the design basis and a single failure in the other channels criteria.
| |
| Isolation - SG providing the protection function Water Level - actuation. Only three protection channels High High (P- are necessary to satisfy the protective 14)) requirements. The setpoints are based on percent of narrow range instrument span.
| |
| See Note 8.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 18 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.D One channel 4 per S/G SG Water Level-Low Low provides 2 per S/G Yes Same SSCs are modeled inoperable protection against a loss of heat sink. A consistently with the TS feed line break, inside or outside of scope and so can be ESFAS containment, or a loss of MFW, would directly evaluated by the Instrumentation result in a loss of SG water level. SG CRMP.
| |
| - Auxiliary Water Level-Low Low provides input to Feedwater (SG The success criteria in the SG Level Control System. Therefore, the PRA are consistent Water Level - the actuation logic must be able to Low Low) with the design basis withstand both an input failure to the criteria.
| |
| control system which may then require a protection function actuation and a single failure in the other channels providing the protection function actuation. Thus, four OPERABLE channels are required to satisfy the requirements with two-out-of-four logic. The setpoints are based on percent of narrow range instrument span.
| |
| SG Water Level - Low Low in any operating SG will cause the motor driven AFW pumps to start. The system is aligned so that upon a start of the pump, water immediately begins to flow to the SGs. SG Water Level - Low Low in any two operating SGs will cause the turbine driven pumps to start.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 19 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.D One channel 3 channels per A loss of power to the service buses will 2 channels per Not Explicitly Same Bus channels are not inoperable bus be accompanied by a loss of reactor bus explicitly modeled.
| |
| coolant pumping power and the Surrogate representation ESFAS subsequent need for some method of through SBO relays Instrumentation decay heat removal. The loss of power is provide equivalent risk
| |
| - Auxiliary detected by a voltage drop on each impact by failing the start Feedwater essential service bus. Loss of power to signals to the pumps.
| |
| (Station Blackout either essential service bus will start the
| |
| - Loss of voltage) turbine driven and motor driven AFW pumps to ensure that at least two SGs contain enough water to serve as the heat sink for reactor decay heat and sensible heat removal following the reactor trip. The turbine driven pump does not start on a loss of power coincident with a SI signal. Function must be OPERABLE in MODES 1, 2, and 3 to ensure that the SGs remain the heat sink for the reactor.
| |
| 3.3.2.D One channel 3 channels per A degraded voltage to the service buses 2 channels per Not Explicitly Same Bus channels are not inoperable bus will be accompanied by a loss of reactor bus explicitly modeled.
| |
| coolant pumping power and the Surrogate representation ESFAS subsequent need for some method of through SBO relays Instrumentation decay heat removal. The degraded provide equivalent risk
| |
| - Auxiliary voltage is detected by a voltage drop on impact by failing the start Feedwater each essential service bus. Degraded signals to the pumps.
| |
| (Station Blackout voltage to either essential service bus will
| |
| - Degraded start the turbine driven and motor driven voltage)
| |
| AFW pumps to ensure that at least two SGs contain enough water to serve as the heat sink for reactor decay heat and sensible heat removal following the reactor trip. The turbine driven pump does not start on a loss of power coincident with a SI signal. Function must be OPERABLE in MODES 1, 2, and 3 to ensure that the SGs remain the heat sink for the reactor.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 20 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.F One channel or 2 trains Isolation of the main steam lines provides 1 train Not Explicitly Isolate ruptured steam Manual steam line train inoperable protection in the event of an SLB inside line, limiting blowdown to isolation is not explicitly or outside containment. Rapid isolation of 1 SG modeled. Surrogate ESFAS the steam lines will limit the steam break representation through Instrumentation accident to the blowdown from one SG, failure of MSIVs to isolate
| |
| - Steam Line at most. For an SLB upstream of the is used as a conservative isolation (Manual main steam isolation valves (MSIVs), surrogate to represent the Initiation) inside or outside of containment, closure TS condition.
| |
| (System) of the MSIVs limits the accident to the blowdown from only the affected SG. For an SLB downstream of the MSIVs, closure of the MSIVs terminates the accident as soon as the steam lines depressurize. Steam Line Isolation also mitigates the effects of a feed line break and ensures a source of steam for the turbine driven AFW pump during a feed line break. Manual initiation of Steam Line Isolation can be accomplished from the control room. There are two system level switches in the control room and either switch can initiate action to immediately close all MSIVs.
| |
| See Note 7.
| |
| 3.3.2.F One channel or 1 per train, 2 The P-4 interlock is enabled when a 1 train Not Explicitly PRA models manual P-4 interlocks not train inoperable trains reactor trip breaker (RTB) and its control of safety injection explicitly modeled.
| |
| associated bypass breaker is open. and associated master Surrogate representation ESFAS Operators are able to reset SI 60 relays to initiate SI when through failure of human Instrumentation seconds after initiation. If a P-4 is present necessary and to control action to manually
| |
| - ESFAS when SI is reset, subsequent automatic inadvertent SI. actuate safety injection is Interlocks SI initiation will be blocked until the RTBs used to represent the TS (Reactor Trip, P- have been manually closed. This condition..
| |
| : 4) Function allows operators to take manual control of SI systems after the initial phase of injection is complete while avoiding multiple SI initiations.
| |
| See Note 9.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 21 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.H One train 2 trains Isolation of the main steam lines provides 1 train Not Explicitly Same Automatic actuation inoperable protection in the event of an SLB inside instrumentation is not or outside containment. Rapid isolation of explicitly modeled.
| |
| ESFAS the steam lines will limit the steam break Surrogate representation Instrumentation accident to the blowdown from one SG, through failure of MSIVs
| |
| - Steam Line at most. For an SLB upstream of the to isolate conservatively isolation main steam isolation valves (MSIVs), represents TS condition.
| |
| (Automatic inside or outside of containment, closure Actuation Logic of the MSIVs limits the accident to the and Actuation blowdown from only the affected SG. For Relays) an SLB downstream of the MSIVs, closure of the MSIVs terminates the accident as soon as the steam lines depressurize. Steam Line Isolation also mitigates the effects of a feed line break and ensures a source of steam for the turbine driven AFW pump during a feed line break. This LCO requires two trains to be OPERABLE. Actuation logic consists of all circuitry housed within the actuation subsystems, including the initiating relay contacts responsible for actuating the equipment. Manual and automatic initiation of steam line isolation must be OPERABLE in MODES 1, 2, and 3 when there is sufficient energy in the RCS and SGs to have an SLB or other accident.
| |
| See Note 7.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 22 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.H One train 2 trains The primary functions of the Turbine Trip 1 train Not Explicitly FW isolate and auxiliary Instrumentation is not inoperable and Feedwater Isolation signals are to feedwater system explicitly modeled.
| |
| prevent damage to the turbine due to provides secondary side Surrogate representation ESFAS water in the steam lines, stop the cooling through failure of auxiliary Instrumentation excessive flow of feedwater into the SGs, feedwater is used to
| |
| - Turbine Trip and to limit the energy released into represent the TS and Feedwater containment. These Functions are condition, as a failure of Isolation necessary to mitigate the effects of a high feedwater to isolate (Feedwater water level in the SGs, which could result would prevent auxiliary Isolation - in carryover of water into the steam lines feedwater from operating Automatic and excessive cooldown of the primary as required.
| |
| Actuation Logic system. The SG high water level is due to and Actuation excessive feedwater flows. Feedwater Relays) isolation serves to limit the energy released into containment upon a feedwater line or steam line break inside containment. This LCO requires two trains to be OPERABLE. Actuation logic consists of all circuitry housed within the actuation subsystems, including the initiating relay contacts responsible for actuating the equipment.
| |
| See Note 8.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 23 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.H One train 2 trains The AFW System is designed to provide 1 train Not Explicitly Same Automatic actuation is not inoperable a secondary side heat sink for the reactor modeled. Surrogate in the event that the MFW System is not representation through ESFAS available. The system has two motor AFW start failures can Instrumentation driven pumps and a turbine driven pump, conservatively represent
| |
| - Auxiliary making it available during normal and the TS condition.
| |
| Feedwater accident operation. The normal source of (Automatic water for the AFW System is the non-Actuation Logic safety related AFW Storage Tank (Water and Actuation Tower). A low suction pressure to the Relays) AFW pumps will automatically realign the pump suctions to the Nuclear Service Water System (NSWS)(safety related).
| |
| The AFW System is aligned so that upon a pump start, flow is initiated to the respective SGs immediately. This LCO requires two trains to be OPERABLE.
| |
| Actuation logic consists of all circuitry housed within the actuation subsystems, including the initiating relay contacts responsible for actuating the equipment.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 24 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.I One train 2 trains The primary functions of the Turbine Trip 1 train Not Explicitly FW isolate and auxiliary Instrumentation is not inoperable and Feedwater Isolation signals are to feedwater system explicitly modeled.
| |
| prevent damage to the turbine due to provides secondary side Surrogate representation ESFAS water in the steam lines, stop the cooling through failure of auxiliary Instrumentation excessive flow of feedwater into the SGs, feedwater is used to
| |
| - Turbine Trip and to limit the energy released into represent the TS and Feedwater containment. These Functions are condition, as a failure of Isolation necessary to mitigate the effects of a high feedwater to isolate (Turbine Trip - water level in the SGs, which could result would prevent auxiliary Automatic in carryover of water into the steam lines feedwater from operating Actuation Logic and excessive cooldown of the primary as required.
| |
| and Actuation system. The SG high water level is due to Relays) excessive feedwater flows. Feedwater isolation serves to limit the energy released into containment upon a feedwater line or steam line break inside containment. This LCO requires two trains to be OPERABLE. Actuation logic consists of all circuitry housed within the actuation subsystems, including the initiating relay contacts responsible for actuating the equipment.
| |
| 3.3.2.J One channel 3 per S/G This signal prevents damage to the 2 per S/G Yes Same SSCs are modeled inoperable turbine due to water in the steam lines. consistently with the TS The ESFAS SG water level instruments scope and so can be ESFAS provide input to the SG Water Level directly evaluated by the Instrumentation Control System. Therefore, the actuation CRMP.
| |
| - Turbine Trip logic must be able to withstand both an and Feedwater The success criteria in input failure to the control system (which the PRA are consistent Isolation may then require the protection function (Turbine Trip - with the design basis actuation) and a single failure in the other criteria.
| |
| SG Water Level - channels providing the protection function High High (P- actuation. Only three protection channels 14)) are necessary to satisfy the protective requirements. The setpoints are based on percent of narrow range instrument span.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 25 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.3.2.J One channel 4 channels (1 This signal provides protection against 2 channels Not Explicitly FW isolate and auxiliary Instrumentation is not inoperable per loop) excessive cooldown, which could feedwater system explicitly modeled.
| |
| subsequently introduce a positive provides secondary side Surrogate representation ESFAS reactivity excursion after a plant trip. cooling through failure of auxiliary Instrumentation There are four channels of RCS Tavg- feedwater is used to
| |
| - Turbine Trip Low (one per loop), with a two-out-of-four represent the TS and Feedwater logic required coincident with a reactor condition, as a failure of Isolation trip signal (P-4) to initiate a feedwater feedwater to isolate (Feedwater isolation. would prevent auxiliary Isolation - Tavg- feedwater from operating Low) See Note 8.
| |
| as required.
| |
| 3.3.5.A One or more 3 channels per The LCO for LOP DG start 2 channels per Yes Same SSCs are modeled Functions with one function per bus instrumentation requires that three function per consistently with the TS channel per bus channels per bus of both the loss of bus scope and so can be Loss of Power inoperable voltage and degraded voltage Functions directly evaluated by the (LOP) Diesel shall be OPERABLE in MODES 1, 2, 3, CRMP.
| |
| Generator (DG) and 4 when the LOP DG start Start The success criteria in instrumentation supports safety systems the PRA are consistent Instrumentation associated with the ESFAS. with the design basis criteria.
| |
| 3.3.5.B One or more 3 channels per The LCO for LOP DG start 2 channels per Yes Same SSCs are modeled Functions with two function per bus instrumentation requires that three function per consistently with the TS or more channels channels per bus of both the loss of bus scope and so can be Loss of Power per bus inoperable. voltage and degraded voltage Functions directly evaluated by the (LOP) Diesel shall be OPERABLE in MODES 1, 2, 3, CRMP.
| |
| Generator (DG) and 4 when the LOP DG start Start The success criteria in instrumentation supports safety systems the PRA are consistent Instrumentation associated with the ESFAS. with the design basis criteria.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 26 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.4.11.C One Train A PORV 3 Pzr PORVs The LCO requires the PORVs and their 1 Pzr PORV Yes Same, for non-ATWS SSCs are modeled inoperable and not (1 A train, 2 B associated block valves to be scenarios. consistently with the TS capable of being train) OPERABLE for manual operation to PRA requires 2 of 3 or 3 scope and so can be Pressurizer manually cycled mitigate the effects associated with an directly evaluated by the Power Operated of 3 PORVs for ATWS SGTR. sequences. CRMP.
| |
| Relief Valves (PORVs) By maintaining two PORVs, one from The success criteria in each train, and their associated block the PRA are consistent valves OPERABLE, the single failure with the design basis criterion is satisfied. Three PORVs are criteria for non-ATWS required to be OPERABLE to meet RCS scenarios, and more pressure boundary requirements. The restrictive for ATWS.
| |
| block valves are available to isolate the flow path through either a failed open PORV or a PORV with excessive leakage. Satisfying the LCO helps minimize challenges to fission product barriers.
| |
| 3.4.11.D Two Train B 3 Pzr PORVs The LCO requires the PORVs and their 1 Pzr PORV Yes Same, for non-ATWS SSCs are modeled PORVs inoperable (1 A train, 2 B associated block valves to be scenarios. consistently with the TS and not capable of train) OPERABLE for manual operation to PRA requires 2 of 3 or 3 scope and so can be Pressurizer being manually mitigate the effects associated with an directly evaluated by the Power Operated of 3 PORVs for ATWS cycled SGTR. sequences. CRMP.
| |
| Relief Valves (PORVs) By maintaining two PORVs, one from The success criteria in each train, and their associated block the PRA are consistent valves OPERABLE, the single failure with the design basis criterion is satisfied. Three PORVs are criteria for non-ATWS required to be OPERABLE to meet RCS scenarios, and more pressure boundary requirements. The restrictive for ATWS.
| |
| block valves are available to isolate the flow path through either a failed open PORV or a PORV with excessive leakage. Satisfying the LCO helps minimize challenges to fission product barriers.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 27 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.4.11.H One Train A block 3 block valves The LCO requires the PORVs and their 1 block valve Yes Same, for non-ATWS SSCs are modeled valve inoperable (one per associated block valves to be associated scenarios. consistently with the TS PORV) OPERABLE for manual operation to with an PRA requires 2 of 3 or 3 scope and so can be Pressurizer mitigate the effects associated with an OPERABLE directly evaluated by the Power Operated of 3 PORVs for ATWS SGTR. PORV sequences. CRMP.
| |
| Relief Valves (PORVs) By maintaining two PORVs, one from The success criteria in each train, and their associated block the PRA are consistent valves OPERABLE, the single failure with the design basis criterion is satisfied. Three PORVs are criteria for non-ATWS required to be OPERABLE to meet RCS scenarios, and more pressure boundary requirements. The restrictive for ATWS.
| |
| block valves are available to isolate the flow path through either a failed open PORV or a PORV with excessive leakage. Satisfying the LCO helps minimize challenges to fission product barriers.
| |
| 3.4.11.I Two Train B block 3 block valves The LCO requires the PORVs and their 1 block valve Yes Same, for non-ATWS SSCs are modeled valves inoperable (one per associated block valves to be associated scenarios. consistently with the TS PORV) OPERABLE for manual operation to with an PRA requires 2 of 3 or 3 scope and so can be Pressurizer mitigate the effects associated with an OPERABLE directly evaluated by the Power Operated of 3 PORVs for ATWS SGTR. PORV sequences. CRMP.
| |
| Relief Valves (PORVs) By maintaining two PORVs, one from The success criteria in each train, and their associated block the PRA are consistent valves OPERABLE, the single failure with the design basis criterion is satisfied. Three PORVs are criteria for non-ATWS required to be OPERABLE to meet RCS scenarios, and more pressure boundary requirements. The restrictive for ATWS.
| |
| block valves are available to isolate the flow path through either a failed open PORV or a PORV with excessive leakage. Satisfying the LCO helps minimize challenges to fission product barriers
| |
| | |
| U.S. Nuclear Regulatory Commission Page 28 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.4.11.J One Train B PORV 3 Pzr PORVs The LCO requires the PORVs and their One Pzr Yes Same, for non-ATWS SSCs are modeled inoperable and not and associated associated block valves to be PORV and scenarios. consistently with the TS capable of being block valves OPERABLE for manual operation to associated PRA requires 2 of 3 or 3 scope and so can be Pressurizer manually cycled mitigate the effects associated with an block valve directly evaluated by the Power Operated of 3 PORVs for ATWS AND The other SGTR. sequences. CRMP.
| |
| Relief Valves Train B block valve (PORVs) By maintaining two PORVs, one from The success criteria in inoperable. each train, and their associated block the PRA are consistent valves OPERABLE, the single failure with the design basis criterion is satisfied. Three PORVs are criteria for non-ATWS required to be OPERABLE to meet RCS scenarios, and more pressure boundary requirements. The restrictive for ATWS.
| |
| block valves are available to isolate the flow path through either a failed open PORV or a PORV with excessive leakage. Satisfying the LCO helps minimize challenges to fission product barriers.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 29 RA-18-0190 3.5.2.A One or more trains 2 ECCS trains In MODES 1, 2, and 3, two independent 1 ECCS Train Yes Same SSCs are modeled inoperable AND At (and redundant) ECCS trains are consistently with the TS least 100% of the required to ensure that sufficient ECCS scope and so can be Emergency Core ECCS flow flow is available, assuming a single directly evaluated by the Cooling System equivalent to a failure affecting either train. Additionally, CRMP.
| |
| (ECCS) - single OPERABLE individual components within the ECCS Operating The success criteria in ECCS train trains may be called upon to mitigate the the PRA are consistent available. consequences of other transients and with the design basis accidents. In MODES 1, 2, and 3, an criteria.
| |
| ECCS train consists of a centrifugal charging subsystem, an SI subsystem, and an RHR subsystem. Each train includes the piping, instruments, and controls to ensure an OPERABLE flow path capable of taking suction from the RWST upon an SI signal and automatically transferring suction to the containment sump. With one or more trains inoperable and at least 100% of the ECCS flow equivalent to a single OPERABLE ECCS train available, the inoperable components must be returned to OPERABLE status within 72 hours.
| |
| The 72 hour Completion Time is based on an NRC reliability evaluation and is a reasonable time for repair of many ECCS components. The LCO requires the OPERABILITY of a number of independent subsystems. Due to the redundancy of trains and the diversity of subsystems, the inoperability of one component in a train does not render the ECCS incapable of performing its function. Neither does the inoperability of two different components, each in a different train, necessarily result in a loss of function for the ECCS. The intent of this Condition is to maintain a combination of equipment such that 100% of the ECCS flow equivalent to a single OPERABLE ECCS train remains available. This allows increased flexibility in plant operations under circumstances when components in opposite trains are inoperable.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 30 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.2.C One or more 2 Doors per With one or more air locks inoperable for 1 door per Air Yes Same SSCs are modeled containment air Airlock reasons other than those described in Lock consistently with the TS locks inoperable for Condition A or B, Required Action C.1 scope and so can be Containment Air reasons other than requires action to be initiated immediately directly evaluated by the Locks Condition A or B to evaluate previous combined leakage CRMP.
| |
| rates using current air lock test results. The success criteria in An evaluation is acceptable, since it is the PRA are consistent overly conservative to immediately with the design basis declare the containment inoperable if criteria.
| |
| both doors in an air lock have failed a seal test or if the overall air lock leakage is not within limits. In many instances (e.g., only one seal per door has failed),
| |
| containment remains OPERABLE, yet only 1 hour (per LCO 3.6.1) would be provided to restore the air lock door to OPERABLE status prior to requiring a plant shutdown. In addition, even with both doors failing the seal test, the overall containment leakage rate can still be within limits.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 31 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.3.A Note: Only 2 containment The containment isolation valves form 1 containment Not Explicitly Same Not all containment applicable to isolation valves part of the containment pressure isolation valve isolation paths are penetration flow boundary and provide a means for fluid explicitly modeled. For Containment paths with two penetrations not serving accident those cases where Isolation Valves containment consequence limiting systems to be isolation is not explicitly isolation valves. provided with two isolation barriers that modeled, failure to isolate One or more are closed on a containment isolation containment can be penetration flow signal. These isolation devices are either conservatively paths with one passive or active (automatic). Manual represented through containment valves, de-activated automatic valves containment bypass.
| |
| isolation valve secured in their closed position (including inoperable except check valves with flow through the valve for purge valve or secured), blind flanges, and closed reactor building systems are considered passive devices.
| |
| bypass leakage not Check valves, or other automatic valves within limit. designed to close without operator action following an accident, are considered active devices. Two barriers in series are provided for each penetration so that no single credible failure or malfunction of an active component can result in a loss of isolation or leakage that exceeds limits assumed in the safety analyses. One of these barriers may be a closed system.
| |
| These barriers (typically containment isolation valves) make up the Containment Isolation System.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 32 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.3.C Note: Only 2 containment The containment isolation valves form Closed system Not Explicitly Same Not all containment applicable to boundaries (1 part of the containment pressure intact isolation paths are penetration flow containment boundary and provide a means for fluid explicitly modeled. For Containment paths with only one isolation valve penetrations not serving accident those cases where Isolation Valves containment and closed consequence limiting systems to be isolation is not explicitly isolation valve and system provided with two isolation barriers that modeled, failure to isolate a closed system. are closed on a containment isolation containment can be One or more signal. These isolation devices are either conservatively penetration flow passive or active (automatic). Manual represented through paths with one valves, de-activated automatic valves containment bypass.
| |
| containment secured in their closed position (including isolation valve check valves with flow through the valve inoperable. secured), blind flanges, and closed systems are considered passive devices.
| |
| Check valves, or other automatic valves designed to close without operator action following an accident, are considered active devices. Two barriers in series are provided for each penetration so that no single credible failure or malfunction of an active component can result in a loss of isolation or leakage that exceeds limits assumed in the safety analyses. One of these barriers may be a closed system.
| |
| These barriers (typically containment isolation valves) make up the Containment Isolation System.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 33 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.6.A One containment 2 trains During a DBA, one train of Containment 1 train Yes Same SSCs are modeled spray train Spray System is required to provide the consistently with the TS inoperable heat removal capability assumed in the scope and so can be Containment safety analyses. To ensure that this directly evaluated by the Spray System requirement is met, two containment CRMP.
| |
| (Ice Condenser) spray trains must be OPERABLE with The success criteria in power from two safety related, the PRA are consistent independent power supplies. Therefore, with the design basis in the event of an accident, at least one criteria.
| |
| train operates.
| |
| Each Containment Spray System includes a spray pump, headers, valves, heat exchangers, nozzles, piping, instruments, and controls to ensure an OPERABLE flow path capable of being manually initiated to take suction from the Containment Sump and delivering it to the Containment Spray Rings.
| |
| Management of gas voids is important to Containment Spray System OPERABILITY.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 34 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.9.A One HMS train 2 trains Two HMS trains must be OPERABLE 1 train Yes Same SSCs are modeled inoperable. with power from two independent, safety consistently with the TS related power supplies. For this unit, an scope and so can be Hydrogen OPERABLE HMS train consists of 34 of directly evaluated by the Mitigation 35 ignitors energized on the train. CRMP.
| |
| System (HMS) Operation with at least one HMS train (Ice Condenser) The success criteria in ensures that the hydrogen in containment the PRA are consistent can be burned in a controlled manner. with the design basis Unavailability of both HMS trains could criteria.
| |
| lead to hydrogen buildup to higher concentrations, which could result in a violent reaction if ignited. The reaction could take place fast enough to lead to high temperatures and overpressurization of containment and, as a result, breach containment or cause containment leakage rates above those assumed in the safety analyses. Damage to safety related equipment located in containment could also occur.
| |
| The 7 day Completion Time is based on the low probability of the occurrence of a degraded core event that would generate hydrogen in amounts equivalent to a metal water reaction of 75% of the core cladding, the length of time after the event that operator action would be required to prevent hydrogen accumulation from exceeding this limit, and the low probability of failure of the OPERABLE HMS train. Alternative Required Action A.2, by frequent surveillances, provides assurance that the OPERABLE train continues to be OPERABLE.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 35 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.9.B One containment 2 hydrogen Two HMS trains must be OPERABLE 1 hydrogen Not Explicitly Same Hydrogen igniters per region with no igniters per with power from two independent, safety igniter per containment region are OPERABLE containment related power supplies. For this unit, an containment not explicitly modeled.
| |
| Hydrogen hydrogen ignitor region OPERABLE HMS train consists of 34 of region Surrogate modeling Mitigation 35 ignitors energized on the train. utilizing failure of a train System (HMS) Operation with at least one HMS train of HMS can represent the (Ice Condenser) ensures that the hydrogen in containment TS Condition.
| |
| can be burned in a controlled manner.
| |
| Unavailability of both HMS trains could lead to hydrogen buildup to higher concentrations, which could result in a violent reaction if ignited. The reaction could take place fast enough to lead to high temperatures and overpressurization of containment and, as a result, breach containment or cause containment leakage rates above those assumed in the safety analyses. Damage to safety related equipment located in containment could also occur.
| |
| Condition B is one containment region with no OPERABLE hydrogen ignitor.
| |
| Thus, while in Condition B, or in Conditions A and B simultaneously, there would always be ignition capability in the adjacent containment regions that would provide redundant capability by flame propagation to the region with no OPERABLE ignitors.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 36 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.11.A One ARS train 2 trains he ARS is designed to assure the rapid 1 train Not Explicitly PRA models the Ice ARS is not explicitly inoperable return of air from the upper to the lower Condenser for scenarios modeled. Surrogate containment compartment after the initial which rely on ice modeling utilizing failure Air Return blowdown following a Design Basis condenser to prevent of the ice condenser can System (ARS) Accident (DBA). The return of this air to LERF represent the TS (Ice Condenser) the lower compartment and subsequent Condition.
| |
| recirculation back up through the ice condenser assists in cooling the containment atmosphere and limiting post accident pressure and temperature in containment to less than design values. Limiting pressure and temperature reduces the release of fission product radioactivity from containment to the environment in the event of a DBA. The ARS also promotes hydrogen dilution by mixing the hydrogen with containment atmosphere and distributing throughout the containment.
| |
| The ARS consists of two separate trains of equal capacity, each capable of meeting the design bases. Each train includes a 100% capacity air return fan and associated motor operated damper in the fan discharge line to the containment lower compartment
| |
| | |
| U.S. Nuclear Regulatory Commission Page 37 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.6.14.A NOTE: For this The divider This LCO establishes the minimum Bypass Not Explicitly PRA models the Ice Divider hatches and action, separate barrier consists equipment requirements to ensure that leakage, in the Condenser for scenarios doors are not explicitly Condition entry is of the operating the divider barrier performs its safety event of a which rely on ice modeled. Surrogate Divider Barrier allowed for each deck and function of ensuring that bypass leakage, DBA, does not condenser to prevent modeling utilizing failure Integrity (Ice personnel access associated in the event of a DBA, does not exceed exceed the LERF of the ice condenser can condenser) door or equipment seals, the bypass leakage assumed in the bypass represent the TS hatch. personnel accident analysis. Included are the leakage Condition.
| |
| One or more access doors, requirements that the personnel access assumed in personnel access and equipment doors and equipment hatches in the the accident doors or equipment hatches that divider barrier are OPERABLE and analysis hatches (other than separate the closed and that the divider barrier seal is one pressurizer or upper and properly installed and has not degraded one steam lower with time. An exception to the generator containment requirement that the doors be closed is enclosure hatch compartments. made to allow personnel transit entry addressed by through the divider barrier. The basis of Condition D) open this exception is the assumption that, for or inoperable, other personnel transit, the time during which a than for personnel door is open will be short (i.e., shorter transit entry. than the Completion Time of 1 hour for Condition A). The divider barrier functions with the ice condenser to limit the pressure and temperature that could be expected following a DBA.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 38 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.7.2.A One MSIV Four MSIVs This LCO requires that four MSIVs in the MSIV on Yes Same SSCs are modeled inoperable in steam lines be OPERABLE. The MSIVs affected steam consistently with the TS MODE 1 are considered OPERABLE when the line closes or scope and so can be Main Steam isolation times are within limits, and they remaining 3 directly evaluated by the Isolation Valves close on an isolation actuation signal. MSIVs on CRMP.
| |
| (MSIVs) The accumulator air pressure must also unaffected The success criteria in be > 60 psig. steam lines the PRA are consistent This LCO provides assurance that the close with the design basis MSIVs will perform their design safety The design criteria.
| |
| function to mitigate the consequences of basis of the accidents that could result in offsite MSIVs is exposures comparable to the 10 CFR established by 100 limits or the NRC staff approved the licensing basis. containment With one MSIV inoperable in MODE 1, and SAFETY action must be taken to restore ANALYSES OPERABLE status within 8 hours. Some core response repairs to the MSIV can be made with the analyses for unit hot. The 8 hour Completion Time is the large reasonable, considering the low steam line probability of an accident occurring break (SLB) during this time period that would require events, a closure of the MSIVs. discussed in the UFSAR, The 8 hour Completion Time is greater Section 6.2 .
| |
| than that normally allowed for The design containment isolation valves because the precludes the MSIVs are valves that isolate a closed blowdown of system penetrating containment. These more than one valves differ from other containment steam isolation valves in that the closed system generator.
| |
| provides an additional means for containment isolation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 39 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.7.5.A One steam supply 2 steam If one of the two steam supplies to the 1 steam Yes Same SSCs are modeled to turbine driven supplies to turbine driven AFW train is inoperable, or supply to consistently with the TS AFW pump turbine driven if a turbine driven pump is inoperable turbine driven scope and so can be Auxiliary inoperable AFW pump while in MODE 3 immediately following AFW pump directly evaluated by the Feedwater refueling, action must be taken to restore CRMP.
| |
| (AFW) System 3 trains AFW 1 train AFW pumps) the inoperable equipment to an pump The success criteria in OPERABLE status within 7 days. The 7 the PRA are consistent day Completion Time is reasonable, with the design basis based on the following reasons: criteria.
| |
| : a. For the inoperability of a steam supply to the turbine driven AFW pump, the 7 day Completion Time is reasonable since there is a redundant steam supply line for the turbine driven pump.
| |
| : b. For the inoperability of a turbine driven AFW pump while in MODE 3 immediately subsequent to a refueling, the 7 day Completion Time is reasonable due to the minimal decay heat levels in this situation.
| |
| : c. For both the inoperability of a steam supply line to the turbine driven pump and an inoperable turbine driven AFW pump while in MODE 3 immediately following a refueling, the 7 day Completion Time is reasonable due to the availability of redundant OPERABLE motor driven AFW pumps; and due to the low probability of an event requiring the use of the turbine driven AFW pump.
| |
| Condition A is modified by a Note which limits the applicability of the Condition to when the unit has not entered MODE 2 following a refueling. Condition A allows the turbine-driven AFW pump to be inoperable for 7 days vice the 72 hour Completion Time in Condition B. This longer Completion Time is based on the reduced decay heat following refueling and prior to the reactor being critical.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 40 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.7.5.B One AFW train 3 trains AFW With one of the required AFW trains 1 train of AFW Yes Same SSCs are modeled inoperable in (pump or flow path) inoperable in MODE consistently with the TS MODE 1, 2 or 3 for 1, 2, or 3 for reasons other than scope and so can be Auxiliary reasons other than Condition A, action must be taken to directly evaluated by the Feedwater Condition A. restore OPERABLE status within 72 CRMP.
| |
| (AFW) System hours. This Condition includes the loss of The success criteria in two steam supply lines to the turbine the PRA are consistent driven AFW pump. The 72 hour with the design basis Completion Time is reasonable, based on criteria.
| |
| redundant capabilities afforded by the AFW System, time needed for repairs, and the low probability of a DBA occurring during this time period.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 41 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.7.6.A One CCW train 2 trains The CCW System provides a heat sink 1 train Yes Adequate KC flow is SSCs are modeled inoperable for the removal of process and operating defined in the PRA as consistently with the TS heat from safety related components having a minimum of two scope and so can be Component during a Design Basis Accident (DBA) or KC pumps and one KC directly evaluated by the Cooling Water transient. During normal operation, the heat exchanger CRMP.
| |
| System (CCW) CCW System also provides this function available along with a The success criteria in for various nonessential components, as flow path to the loads the PRA are less well as the spent fuel storage pool. The restrictive than the design CCW System serves as a barrier to the basis criteria but reflect release of radioactive byproducts realistic modeling of the between potentially radioactive systems system in accordance and the Nuclear Service Water System with PRA technical (NSWS), and thus to the environment. adequacy requirements.
| |
| The CCW System is arranged as two independent, full capacity cooling loops, and has isolatable nonsafety related components. Each safety related train includes two pumps, surge tank, heat exchanger, piping, valves, and instrumentation. Each safety related train is powered from a separate bus. An open surge tank provides for expansion and contraction of the system. Both pumps in each train are automatically started on receipt of a safety injection or Station Blackout signal, and all nonessential components are isolated.
| |
| The CCW trains are independent of each other to the degree that each has separate controls and power supplies and the operation of one does not depend on the other. In the event of a DBA, one CCW train is required to provide the minimum heat removal capability assumed in the safety analysis for the systems to which it supplies cooling water. To ensure this requirement is met, two trains of CCW must be OPERABLE. At least one CCW train will operate assuming the worst case single active failure occurs coincident with a loss of offsite power.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 42 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.7.7.A One NSWS train 2 trains Two NSWS trains are required to be 1 train Yes PRA success is defined SSCs are modeled inoperable OPERABLE to provide the required as the ability of the RN consistently with the TS redundancy to ensure that the system System to supply flow to scope and so can be Nuclear Service functions to remove post-accident heat essential header A and directly evaluated by the Water System loads, assuming that the worst case essential header B. CRMP.
| |
| (NSWS) single active failure occurs coincident The top events in the The success criteria in with the loss of offsite power. PRA consider flow from the PRA reflect realistic An NSWS train is considered the opposite unit RN as modeling of the system in OPERABLE during MODES 1, 2, 3, and well as the RV system to accordance with PRA 4 when: the essential headers. technical adequacy
| |
| : a. The associated unit's pump is requirements.
| |
| OPERABLE; and
| |
| : b. The associated piping, valves, and instrumentation and controls required to perform the safety related function are OPERABLE.
| |
| Portions of the NSWS system are shared between the two units. The shared portions of the system must be OPERABLE for each unit when that unit is in the MODE of Applicability. If a shared NSWS component becomes inoperable, or normal and emergency power to shared components become inoperable, then the Required Actions of this LCO must be entered independently for each unit that is in the MODE of applicability of the LCO.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 43 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.1.A One LCO 3.8.1.a 2 offsite circuits Two qualified circuits between the offsite 1 offsite circuit Yes As needed to supply SSCs are modeled offsite circuit transmission network and the onsite or 1 supported functions consistently with the TS inoperable. Class 1E Electrical Power System and emergency scope and so can be AC Sources - separate and independent DGs for each diesel directly evaluated by the Operating train ensure availability of the required generator CRMP.
| |
| power to shut down the reactor and The success criteria in maintain it in a safe shutdown condition the PRA are consistent after an anticipated operational with the design basis occurrence (AOO) or a postulated DBA. criteria.
| |
| The loss of an electrical function does not go to core damage unless the supported equipment is required. Risk significant power dependencies are represented in the PRA as built, as operated.
| |
| 3.8.1.B One LCO 3.8.1.b 2 EDGs Two qualified circuits between the offsite 1 offsite circuit Yes As needed to supply SSCs are modeled DG inoperable transmission network and the onsite or 1 supported functions consistently with the TS Class 1E Electrical Power System and emergency scope and so can be AC Sources - separate and independent DGs for each diesel directly evaluated by the Operating train ensure availability of the required generator CRMP.
| |
| power to shut down the reactor and The success criteria in maintain it in a safe shutdown condition the PRA are consistent after an anticipated operational with the design basis occurrence (AOO) or a postulated DBA. criteria.
| |
| The loss of an electrical function does not go to core damage unless the supported equipment is required. Risk significant power dependencies are represented in the PRA as built, as operated.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 44 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.1.C One LCO 3.8.1.c Offsite circuit Condition C addresses the inoperability 1 train of Yes As needed to supply SSCs are modeled offsite circuit supply to of the LCO 3.8.1.c qualified offsite shared supported functions consistently with the TS inoperable. opposite Unit circuit(s) between the offsite transmission systems scope and so can be AC Sources - when supplying network and the opposite units Onsite supplied by directly evaluated by the Operating power to 1 train Essential Auxiliary Power System when offsite circuit CRMP.
| |
| of shared the LCO 3.8.1.c qualified offsite circuit(s) or EDG The success criteria in systems is necessary to supply power to a train of the PRA are consistent shared systems. The shared systems with the design basis are: NSWS, CRAVS, CRACWS and criteria.
| |
| ABFVES The loss of an electrical function does not go to core damage unless the supported equipment is required. Risk significant power dependencies are represented in the PRA as built, as operated.
| |
| 3.8.1.E Two LCO 3.8.1.a 2 offsite circuits Condition E is entered when both offsite 1 offsite circuit Yes As needed to supply SSCs are modeled offsite circuits circuits required by LCO 3.8.1.a are or 1 EDG supported functions consistently with the TS inoperable OR One inoperable, or when the offsite circuit scope and so can be AC Sources LCO 3.8.1.a offsite required by LCO 3.8.1.c and one offsite directly evaluated by the Operating circuit that provides circuit required by LCO 3.8.1.a are CRMP.
| |
| power to the concurrently inoperable, if the LCO The success criteria in NSWS, CRAVS, 3.8.1.a offsite circuit is credited with the PRA are consistent CRACWS and providing power to the NSWS, CRAVS, with the design basis ABFVES CRACWS and ABFVES. Condition E is criteria.
| |
| inoperable and one also entered when two offsite circuits LCO 3.8.1.c offsite required by LCO 3.8.1.c are inoperable. The loss of an electrical circuit inoperable function does not go to OR Two LCO core damage unless the 3.8.1.c offsite supported equipment is circuits inoperable. required. Risk significant power dependencies are represented in the PRA as built, as operated.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 45 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.1.F One LCO 3.8.1.a 2 offsite circuits Pursuant to LCO 3.0.6, the Distribution 1 offsite circuit Yes As needed to supply SSCs are modeled offsite circuit 2 EDGs System ACTIONS would not be entered or 1 EDG supported functions consistently with the TS inoperable AND even if all AC sources to it were scope and so can be AC Sources One LCO 3.8.1.b inoperable, resulting in deenergization. directly evaluated by the Operating DG inoperable Therefore, the Required Actions of CRMP.
| |
| Condition F are modified by a Note to The success criteria in indicate that when Condition F is entered the PRA are consistent with no AC source to any train, the with the design basis Conditions and Required Actions for LCO criteria.
| |
| 3.8.9, "Distribution SystemsOperating,"
| |
| must be immediately entered. This allows The loss of an electrical Condition F to provide requirements for function does not go to the loss of one offsite circuit and one DG, core damage unless the without regard to whether a train is supported equipment is deenergized. LCO 3.8.9 provides the required. Risk significant appropriate restrictions for a deenergized power dependencies are train. represented in the PRA as built, as operated.
| |
| In Condition F, individual redundancy is lost in both the offsite electrical power system and the onsite AC electrical power system. Since power system redundancy is provided by two diverse sources of power, however, the reliability of the power systems in this Condition may appear higher than that in Condition E (loss of two required offsite circuits).
| |
| This difference in reliability is offset by the susceptibility of this power system configuration to a single bus or switching failure. The 12 hour Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 46 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.1.H One automatic load 2 automatic The sequencer(s) is an essential support 1 automatic Yes As needed to supply SSCs are modeled sequencer load system to both the offsite circuit and the load supported functions consistently with the TS inoperable. sequencers DG associated with a given Engineered sequencer scope and so can be AC Sources - Safety Features (ESF) bus. Furthermore, directly evaluated by the Operating the sequencer is on the primary success CRMP.
| |
| path for most major AC electrically The success criteria in powered safety systems powered from the PRA are consistent the associated ESF bus. Therefore, loss with the design basis of an ESF bus sequencer affects every criteria.
| |
| major ESF system in the train. The 12 hour Completion Time provides a period The loss of an electrical of time to correct the problem function does not go to commensurate with the importance of core damage unless the maintaining sequencer OPERABILITY. supported equipment is This time period also ensures that the required. Risk significant probability of an accident (requiring power dependencies are sequencer OPERABILITY) occurring represented in the PRA during periods when the sequencer is as built, as operated.
| |
| inoperable is minimal.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 47 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.4.A One channel of DC 2 Trains of DC Each DC channel consisting of one 2 channels of Yes As needed to supply SSCs are modeled source inoperable. Sources battery, battery charger for each battery DC sources to supported functions consistently with the TS 4 channels of and the corresponding control equipment 1 Train scope and so can be DC Sources and interconnecting cabling supplying directly evaluated by the Operating DC sources (2 channels per power to the associated bus within the CRMP.
| |
| Train) train is required to be OPERABLE to The success criteria in ensure the availability of the required the PRA are consistent power to shut down the reactor and with the design basis maintain it in a safe condition after an criteria.
| |
| anticipated operational occurrence (AOO) or a postulated DBA. Loss of any channel The loss of an electrical of DC does not prevent the minimum function does not go to safety function from being performed. core damage unless the supported equipment is An OPERABLE channel of DC requires required. Risk significant the battery and respective charger to be power dependencies are operating and connected to the represented in the PRA associated DC bus.
| |
| as built, as operated.
| |
| Condition A represents one channel of DC with a loss of ability to fully respond to a DBA with the worst case single failure. Two hours is provided to restore the channel of DC to OPERABLE status and is consistent with the allowed time for an inoperable channel of DC distribution system requirement.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 48 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.7.A One inverter 4 Inverters The inverters ensure the availability of 1 train of vital Yes As needed to supply SSCs are modeled inoperable. (2 Inverters per AC electrical power for the systems AC power supported functions consistently with the TS Inverters - train) instrumentation required to shut down the inverters - 2 scope and so can be Operating reactor and maintain it in a safe condition inverters directly evaluated by the after an anticipated operational CRMP.
| |
| occurrence (AOO) or a postulated DBA. The success criteria in Maintaining the required inverters the PRA are consistent OPERABLE ensures that the redundancy with the design basis incorporated into the design of the RPS criteria.
| |
| and ESFAS instrumentation and controls The loss of an electrical is maintained. The four inverters (two per function does not go to train) ensure an uninterruptible supply of core damage unless the AC electrical power to the AC vital buses supported equipment is even if the 4.16 kV safety buses are de- required. Risk significant energized. power dependencies are Operable inverters require the associated represented in the PRA vital bus to be powered by the inverter as built, as operated.
| |
| with output voltage and frequency within tolerances, and power input to the inverter from a 125 VDC station battery.
| |
| 3.8.9.A One or more AC 2 trains AC The required power distribution 1 train AC Yes As needed to supply SSCs are modeled electrical power electrical power subsystems ensure the availability of electrical supported functions consistently with the TS distribution distribution AC, DC, and AC vital bus electrical power power scope and so can be Distribution subsystem(s) subsystems. for the systems required to shut down the distribution directly evaluated by the Systems - inoperable. Each train of an reactor and maintain it in a safe condition subsystem, CRMP.
| |
| Operating AC power after an anticipated operational not including The success criteria in distribution occurrence (AOO) or a postulated DBA. vital AC the PRA are consistent subsystem, not The AC, DC, and AC vital bus electrical subsystems with the design basis including vital power distribution subsystems are and including criteria.
| |
| AC required to be OPERABLE. an essential subsystems, 4160V bus, The loss of an electrical Maintaining the Train A and Train B AC, function does not go to include an channels of DC, and AC vital buses two essential essential 4160V core damage unless the OPERABLE ensures that the redundancy 600V load supported equipment is bus, two incorporated into the design of ESF is not centers and essential 600V five 600V required. Risk significant defeated. Therefore, a single failure load centers power dependencies are within any system or within the electrical motor control and five 600V centers represented in the PRA power distribution subsystems will not motor control as built, as operated.
| |
| prevent safe shutdown of the reactor.
| |
| centers
| |
| | |
| U.S. Nuclear Regulatory Commission Page 49 RA-18-0190 Technical Design SSCs Technical Corresponding Function Covered by TS LCO Specification Success Modeled in PRA Success Criteria Comments Specification SSC(s) Condition Action Criteria PRA 3.8.9.B One AC vital bus 2 trains AC vital The required power distribution 1 train AC vital Yes As needed to supply SSCs are modeled inoperable. buses (2 buses subsystems ensure the availability of buses supported functions consistently with the TS per train) AC, DC, and AC vital bus electrical power scope and so can be Distribution for the systems required to shut down the directly evaluated by the Systems reactor and maintain it in a safe condition CRMP.
| |
| Operating after an anticipated operational The success criteria in occurrence (AOO) or a postulated DBA. the PRA are consistent The AC, DC, and AC vital bus electrical with the design basis power distribution subsystems are criteria.
| |
| required to be OPERABLE.
| |
| The loss of an electrical Maintaining the Train A and Train B AC, function does not go to channels of DC, and AC vital buses core damage unless the OPERABLE ensures that the redundancy supported equipment is incorporated into the design of ESF is not required. Risk significant defeated. Therefore, a single failure power dependencies are within any system or within the electrical represented in the PRA power distribution subsystems will not as built, as operated.
| |
| prevent safe shutdown of the reactor.
| |
| 3.8.9.C One channel of DC 2 trains of DC The required power distribution 1 train of DC Yes As needed to supply SSCs are modeled electrical power electrical power subsystems ensure the availability of electrical supported functions consistently with the TS distribution distribution AC, DC, and AC vital bus electrical power power scope and so can be Distribution subsystem subsystem (2 for the systems required to shut down the distribution directly evaluated by the Systems - inoperable. channels per reactor and maintain it in a safe condition CRMP.
| |
| Operating train) after an anticipated operational The success criteria in occurrence (AOO) or a postulated DBA. the PRA are consistent The AC, DC, and AC vital bus electrical with the design basis power distribution subsystems are criteria.
| |
| required to be OPERABLE.
| |
| The loss of an electrical Maintaining the Train A and Train B AC, function does not go to channels of DC, and AC vital buses core damage unless the OPERABLE ensures that the redundancy supported equipment is incorporated into the design of ESF is not required. Risk significant defeated. Therefore, a single failure power dependencies are within any system or within the electrical represented in the PRA power distribution subsystems will not as built, as operated.
| |
| prevent safe shutdown of the reactor.
| |
| Notes to table E1-1:
| |
| : 1. Below the P-10 (Power Range Neutron Flux) interlock
| |
| : 2. Above the P-7 (Low Power Reactor Trips Block) interlock
| |
| : 3. Above the P-8 (Power Range Neutron Flux) interlock
| |
| : 4. Above the P-7 (Low Power Reactor Trips Block) interlock and below the P-8 (Power Range Neutron Flux) interlock
| |
| | |
| U.S. Nuclear Regulatory Commission Page 50 RA-18-0190
| |
| : 5. Including any reactor trip bypass breakers that are racked in and closed for bypassing on RTP
| |
| : 6. Above the P-11 (Pressurizer Pressure) interlock
| |
| : 7. Except when all MSIVs are closed and de-activated
| |
| : 8. Except when all MFIVs, MFCVs, and associated bypass valves are closed and de-activated or isolated by a closed manual valve.
| |
| : 9. The functions of the Reactor Trip, P-4 interlock required to meet the LCO are:
| |
| * Trip the main turbine MODES 1 and 2
| |
| * Isolate MFW with coincident low Tavg MODES 1, 2, and 3
| |
| * Prevent re-actuation of SI after a manual reset of SI MODES 1, 2, and 3
| |
| * Prevent opening MFIVs if closed on SI or SG Water Level High High MODES 1, 2, and 3
| |
| | |
| U.S. Nuclear Regulatory Commission Page 51 RA-18-0190 Table E1-2: In-Scope TS LCO RICT Estimates Technical RICT Estimate1 Specification Technical Specification Condition (Days) 3.3.1.B Reactor Trip System (RTS) Instrumentation - One Manual Reactor Trip 30.0 channel inoperable 3.3.1.D Reactor Trip System (RTS) Instrumentation - One channel inoperable 30.0 3.3.1.E Reactor Trip System (RTS) Instrumentation - One channel inoperable 30.0 3.3.1.M Reactor Trip System (RTS) Instrumentation - One channel inoperable 30.0 3.3.1.O Reactor Trip System (RTS) Instrumentation - One Reactor Coolant Flow - 30.0 Low (Single Loop) channel inoperable 3.3.1.Q Reactor Trip System (RTS) Instrumentation - One Turbine Trip - Low Fluid 30.0 Oil Pressure channel inoperable 3.3.1.T Reactor Trip System (RTS) Instrumentation - One train inoperable 30.0 3.3.1.U Reactor Trip System (RTS) Instrumentation - One RTB train inoperable 30.0 3.3.1.Y Reactor Trip System (RTS) Instrumentation - One trip mechanism 30.0 inoperable for one RTB 3.3.2.B ESFAS Instrumentation - One channel or train inoperable 11.0 3.3.2.C ESFAS Instrumentation - One train inoperable 11.0 3.3.2.D ESFAS Instrumentation - One channel inoperable 30.0 3.3.2.F ESFAS Instrumentation - One channel or train inoperable 12.3 3.3.2.H ESFAS Instrumentation - One train inoperable N/A2 3.3.2.I ESFAS Instrumentation - One train inoperable 30.0 3.3.2.J ESFAS Instrumentation - One channel inoperable 30.0 3.3.5.A Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation - One or 30.0 more Functions with one channel per bus inoperable 3.3.5.B Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation - One or 30.0 more Functions with two or more channels per bus inoperable 3.4.11.C Pressurizer Power Operated Relief Valves (PORVs) - One Train A PORV 10.4 inoperable and not capable of being manually cycled 3.4.11.D Pressurizer Power Operated Relief Valves (PORVs) - Two Train B PORVs 9.6 inoperable and not capable of being manually cycled 3.4.11.H Pressurizer Power Operated Relief Valves (PORVs) - One Train A block 30.0 valve inoperable 3.4.11.I Pressurizer Power Operated Relief Valves (PORVs) - Two Train B block 30.0 valves inoperable 3.4.11.J Pressurizer Power Operated Relief Valves (PORVs) - One Train B PORV 9.6 inoperable and not capable of being manually cycled AND The other Train B block valve inoperable.
| |
| 3.5.2.A Emergency Core Cooling System (ECCS) - Operating - One or more trains 30.0 inoperable AND At least 100% of the ECCS flow equivalent to a single OPERABLE ECCS train available.
| |
| 3.6.2.C Containment Air Locks - One or more containment air locks inoperable for 11.0 reasons other than Condition A or B 3.6.3.A Containment Isolation Valves - One or more penetration flow paths with one 11.0 containment isolation valve inoperable except for purge valve or reactor building bypass leakage not within limit.
| |
| 3.6.3.C Containment Isolation Valves - One or more penetration flow paths with one 11.0 containment isolation valve inoperable.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 52 RA-18-0190 Table E1-2: In-Scope TS LCO RICT Estimates Technical RICT Estimate1 Specification Technical Specification Condition (Days) 3.6.6.A Containment Spray System (Ice Condenser) - One containment spray train 30.0 inoperable 3.6.9.A Hydrogen Mitigation System (HMS) (Ice Condenser) - One HMS train 30.0 inoperable.
| |
| 3.6.9.B Hydrogen Mitigation System (HMS) (Ice Condenser) - One containment 30.0 region with no OPERABLE hydrogen ignitor 3.6.11.A Air Return System (ARS) (Ice Condenser) - One ARS train inoperable 30.0 3.6.14.A Divider Barrier Integrity (Ice condenser) - One or more personnel access 30.0 doors or equipment hatches (other than one pressurizer or one steam generator enclosure hatch addressed by Condition D) open or inoperable, other than for personnel transit entry.
| |
| 3.7.2.A Main Steam Isolation Valves (MSIVs) - One MSIV inoperable in MODE 1 30.0 3.7.5.A Auxiliary Feedwater (AFW) System - One steam supply to turbine driven 30.0 AFW pump inoperable 3.7.5.B Auxiliary Feedwater (AFW) System - One AFW train inoperable in MODE 1, 30.0 2 or 3 for reasons other than Condition A.
| |
| 3.7.6.A Component Cooling Water System (CCW) - One CCW train inoperable 30.0 3.7.7.A Nuclear Service Water System (NSWS) - One NSWS train inoperable 30.0 3.8.1.A AC Sources - Operating - One LCO 3.8.1.a offsite circuit inoperable. 30.0 3.8.1.B AC Sources - Operating - One LCO 3.8.1.b DG inoperable 30.0 3.8.1.C AC Sources - Operating - One LCO 3.8.1.c offsite circuit inoperable. 30.0 3.8.1.E AC Sources Operating - Two LCO 3.8.1.a offsite circuits inoperable OR 30.0 One LCO 3.8.1.a offsite circuit that provides power to the NSWS, CRAVS, CRACWS and ABFVES inoperable and one LCO 3.8.1.c offsite circuit inoperable OR Two LCO 3.8.1.c offsite circuits inoperable 3.8.1.F AC Sources Operating - One LCO 3.8.1.a offsite circuit inoperable AND 30.0 One LCO 3.8.1.b DG inoperable 3.8.1.H AC Sources - Operating - One automatic load sequencer inoperable. 30.0 3.8.4.A DC Sources Operating - One channel of DC source inoperable N/A2 3.8.7.A Inverters - Operating - One inverter inoperable. 30.0 3.8.9.A Distribution Systems - Operating - One or more AC electrical power N/A2 distribution subsystem(s) inoperable.
| |
| 3.8.9.B Distribution Systems Operating - One AC vital bus inoperable. N/A2 Distribution Systems - Operating - One channel of DC electrical power 3.8.9.C N/A2 distribution subsystem inoperable.
| |
| Notes to Table E1-2:
| |
| (1) RICTs are based on representative PRA model calculations. RICTs calculated to be greater than 30 days are capped at 30 days based on NEI 06-09-A. RICTs are rounded to nearest tenth of a day.
| |
| (2) Per NEI 06-09, Revision 0-A, for cases where the total CDF or LERF is greater than 1E-03/yr or 1E-04/yr, respectively, the RICT Program will not be entered.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 53 RA-18-0190 4.0 ADDITIONAL JUSTIFICATION FOR SPECIFIC ACTIONS Table 1, Conditions Requiring Additional Technical Justification, of TSTF-505, Revision 2 (Reference 4) contains a list of Required Actions that may be proposed for inclusion in a RICT Program, but which require additional technical justification to be provided by the licensee. This section contains the specific additional technical justification.
| |
| TABLE E1-3 IDENTIFIED REQUIRED ACTIONS WHICH REQUIRE ADDITIONAL JUSTIFICATION FOR INCLUSION IN TSTF-505 APPLICATION NUREG-1431 LCO Requirements Suggested Corresponding MNS Standard and Condition Information Technical Specification Specification 3.3.1.D LCO: The RTS Licensee must justify Power Range instrumentation for that the condition Neutron Flux High each Function in does not represent 3.3.1 Action D.1.2 Table 3.3.1-1 shall be the inability to OPERABLE. perform the safety function assumed in Condition: One the FSAR given the Power Range loss of spacial Neutron Flux - High distribution of the channel inoperable. remaining Power Range detectors.
| |
| The justification can include that the Actions require periodic monitoring of spacial power distribution and imposition of compensatory limits and reduced power.
| |
| 3.3.1.U LCO: The RTS The licensee must Reactor Trip Breakers instrumentation for include information 3.3.1 Action U.1 each Function in regarding how the Table 3.3.1-1 shall be TSTF-411 conditions OPERABLE. and limitations will be implemented (or Condition: One RTB similar conditions if train inoperable TSTF-411 has not been adopted),
| |
| including discussion of ATWS Mitigation System Actuation (AMSAC), and why those actions are sufficient, including a discussion of defense in depth.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 54 RA-18-0190 TABLE E1-3 IDENTIFIED REQUIRED ACTIONS WHICH REQUIRE ADDITIONAL JUSTIFICATION FOR INCLUSION IN TSTF-505 APPLICATION NUREG-1431 LCO Requirements Suggested Corresponding MNS Standard and Condition Information Technical Specification Specification 3.3.5.B LCO: [Three] Licensee must justify LOP Diesel channels per bus of that two or more Generator Start the loss of voltage channels per bus Instrumentation Function and [three] inoperable is not a 3.3.5 Action B.1 channels per bus of condition in which all the degraded voltage required trains or Function shall be subsystems of a TS OPERABLE. required system are inoperable or modify Condition: One or the Action to not more Functions with apply a RICT when two or more channels all required trains or per bus inoperable. subsystems are inoperable.
| |
| 3.5.2.A LCO: Two ECCS Licensee must justify ECCS - Operating trains shall be that one or more 3.5.2 Action A.1 OPERABLE. ECCS trains inoperable is not a Condition: One or condition in which all more [ECCS] trains required trains or inoperable. subsystems of a TS required system are inoperable.
| |
| Acceptable justification is TS Condition requiring 100% flow equivalent to a single ECCS train.
| |
| 3.6.2.C LCO: [Two] Licensee must justify Containment Air containment air that an inoperable Locks lock[s] shall be containment air lock 3.6.2 Action C.3 OPERABLE. is not a condition in which all required Condition: One or trains or subsystems more containment air of a TS required locks inoperable for system are reasons other than inoperable. An an inoperable door or acceptable argument inoperable interlock may be that a note in mechanism. TS 3.6.2 requires the condition to be assessed in accordance with TS 3.6.1, Containment
| |
| | |
| U.S. Nuclear Regulatory Commission Page 55 RA-18-0190 TABLE E1-3 IDENTIFIED REQUIRED ACTIONS WHICH REQUIRE ADDITIONAL JUSTIFICATION FOR INCLUSION IN TSTF-505 APPLICATION NUREG-1431 LCO Requirements Suggested Corresponding MNS Standard and Condition Information Technical Specification Specification Integrity, and excessive leakage would require an immediate plant shutdown under that TS.
| |
| 3.6.6C.A LCO: Containment Licensee must justify Containment Spray Spray System (Ice the ability to Systems Condenser) calculate a RICT for 3.6.6 Action A.1 the condition, Condition: One including how the containment spray system is modeled in train inoperable. the PRA, whether all functions of the system are modeled, and, if a surrogate is used, why that modeling is conservative.
| |
| 3.7.2.A LCO: [Four] MSIVs Licensee must justify Main Steam Isolation shall be OPERABLE. that the condition Valves (MSIVs) would not prevent 3.7.2 Action A.1 Condition: One MSIV performance of the inoperable in MODE steam line break
| |
| : 1. isolation function assumed in the accident analysis. An acceptable method may be a second MSIV per steam line, another design feature, or an alternate method of preventing blowdown of more than one steam generator.
| |
| Duke Energys justification for each of the MNS Specifications is provided below.
| |
| LCO 3.3.1 Action D.1, Power Range Neutron Flux High As described in Section 7.2.2.3.1, Neutron Flux, of the MNS UFSAR (Reference 5):
| |
| Four power range nuclear instrumentation channels are provided for overpower protection. An additional signal for automatic rod control is derived
| |
| | |
| U.S. Nuclear Regulatory Commission Page 56 RA-18-0190 by comparing the four NIS channels and selecting the "2nd highest". If any channel fails in such a way as to produce a high or low output, that channel does not cause control rod movement because of the "2nd highest" algorithm.
| |
| Two out of four overpower trip logic ensure an overpower trip if needed even with an independent failure in another channel.
| |
| In addition, channel deviation signals in the control system give an alarm if any significant power range channel deviation occurs. Also, the control system responds only to rapid changes in indicated neutron flux; slow changes or drifts are compensated by the temperature control signals. Finally, an overpower signal from any nuclear power range channel blocks manual and automatic rod withdrawal. The setpoint for this rod stop is below the reactor trip setpoint.
| |
| The alarms and actions described above signify periodic monitoring of spatial power distribution and imposition of compensatory limits and reduced power. Also, with one channel inoperable, the safety function assumed in the UFSAR to initiate a reactor trip when the monitored parameter (i.e., Power Range neutron flux) reaches the high setpoint is still maintained.
| |
| Consistent with the UFSAR description above and Table 3.3.1-1 of the MNS TS, there are a total of four channels and only two channels are needed for a reactor trip to occur. Therefore, MNS LCO 3.3.1 Condition D, Action D.1 meets the listed requirements for inclusion in the RICT Program.
| |
| LCO 3.3.1 Action U.1, Reactor Trip Breakers (RTBs)
| |
| TSTF-411, Surveillance Test Interval Extensions for Components of the Reactor Protection System (WCAP-15376-P) (Reference 6) has been adopted at MNS (Reference 7). The MNS PRA models meet the expectations for PRA scope and quality as presented in RG 1.200, Revision 2, to support the requirements of the RICT Program. Specific discussion of the PRA model technical adequacy is discussed in Enclosure 2.
| |
| Section 7.7.1.16 of the McGuire UFSAR (Reference 5), ATWS Mitigation Actuation Circuitry, the AMSAC design allows for independent response to an ATWS event without relying on the Reactor Protection System (RPS). The AMSAC system trips the main turbine, starts the motor driven auxiliary feedwater pumps, and closes blowdown and sampling valves in response to an ATWS event. As stated in the UFSAR, the AMSAC design complies with the NRC Safety Evaluation Report (SER) at MNS.
| |
| Therefore, MNS LCO 3.3.1 Condition U, Action U.1 meets the requirements for inclusion in the RICT program.
| |
| LCO 3.3.5 Action B.1, Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation Loss of more than one channel affecting a single bus is not a loss of safety function. A note is included for the proposed Completion Time of TS 3.3.5, Required Action B.1, to preclude RICT entry for a loss of function condition.
| |
| LCO 3.5.2 Action A.1, ECCS Operating The MNS TS Actions for ECCS are restricted to a single inoperable train. The proposed change will not alter the fact that the Actions are restricted to a single train. Specifically, MNS LCO
| |
| | |
| U.S. Nuclear Regulatory Commission Page 57 RA-18-0190 3.5.2 does not contain an Action for more than one ECCS subsystem inoperable, and Standard Technical Specifications (i.e., NUREG-1431) and TSTF-505 Specification 3.5.2.A one or more ECCS subsystems inoperable Condition does not apply. Therefore, MNS LCO 3.5.2 Action A.1 meets the requirements for inclusion in the RICT Program.
| |
| LCO 3.6.2 Action C.3, Containment Air Locks As indicated in Table E1-1 of this enclosure above, the containment air locks are modeled in the MNS PRA. The PRA success criteria is the same as the design success criteria (i.e., 2 of 2 air locks).
| |
| Compliance with remaining portions of MNS LCO 3.6.2 Action C.1 and Action C.2 ensure that there is a physical barrier (e.g., closed door) and an acceptable overall leakage from containment. Thus, the function is still maintained. Action C.1 of LCO 3.6.2 requires the condition to be assessed in accordance with LCO 3.6.1 (i.e., Initiate action to evaluate overall containment leakage rate per LCO 3.6.1). Note 3 for LCO 3.6.2 applies to all the Specification 3.6.2 Action statements and directs entry into LCO 3.6.1 for Containment when the air lock leakage results exceed the overall containment leakage rate. LCO 3.6.1 requires restoration of Containment Integrity within 1 hour or the unit must commence a shutdown.
| |
| Therefore, MNS LCO 3.6.2 Action C.3 meets the listed requirements for inclusion in the RICT Program.
| |
| LCO 3.6.6 Action A.1, Containment Spray System The SSCs associated with the containment depressurization and cooling function of MNS LCO 3.6.6 following a LOCA or steam line break are explicitly modeled in the MNS PRA. The iodine removal function of the containment spray trains is not required for mitigation of severe accidents and is thus not modeled in the MNS PRA. The PRA success criteria for containment spray is 1 of 2 trains, which is the same as the design success criteria for the system.
| |
| The function covered by MNS LCO 3.6.6 is containment heat removal following a LOCA. The SSCs for containment sprays are modeled in the MNS PRA consistent with the TS scope and can be directly evaluated. The success criteria in the PRA for the containment sprays in LCO 3.6.6 (i.e., 1 of 2 containment spray trains) are based on realistic containment heat removal capabilities of the containment spray system consistent with the PRA Standard for Capability Category II.
| |
| Since the containment spray SSCs are adequately modeled in the MNS PRA and a RICT can be calculated for the conditions, MNS LCO 3.6.6 Action A.1 meets the listed requirements for inclusion in the RICT Program.
| |
| LCO 3.7.2 Action A.1, Main Steam Isolation Valves (MSIVs)
| |
| A portion of the MNS licensing basis, as stated in Section 15.1.5, Steam System Piping Failure of the UFSAR (Reference 5), is the following (emphasis in underline):
| |
| Steam release from more than one steam generator will be prevented by automatic trip of the fast acting isolation valves in the steam lines by a low steam line pressure signals, high-high containment pressure signals, or high negative steam line pressure rate signals. Even with the failure of one valve,
| |
| | |
| U.S. Nuclear Regulatory Commission Page 58 RA-18-0190 release is ended for the other steam generators while the one generator blows down. The isolation valves are designed to be fully closed in 8 seconds from receipt of a closure signal.
| |
| Even with one MSIV inoperable (but open) in accordance with MNS LCO 3.7.2 (Action A.1), an uncontrolled blowdown of more than one steam generator would not occur following a steam line break. For example, when one MSIV is inoperable on one steam line and a postulated steam line break occurs on a separate steam line, the design function is still performed because the remaining operable MSIVs will close. The steam line break isolation function assumed in the accident analysis is maintained with one MSIV inoperable (but open). Therefore, MNS LCO 3.7.2 (Action A.1) meets the listed requirements for inclusion in the RICT Program.
| |
| 5.0 MAINTAINING DEFENSE-IN-DEPTH TSTF-505 (Reference 4) sets forth the following as guidance for what is to be included in this
| |
| | |
| ==Enclosure:==
| |
| | |
| The description of proposed changes to the protective instrumentation and control features in TS Section 3.3, "Instrumentation," should confirm that at least one redundant or diverse means (other automatic features or manual action) to accomplish the safety functions (for example, reactor trip, SI, containment isolation, etc.) remains available during use of the RICT, consistent with the defense-in-depth philosophy as specified in RG 1.174. (Note that for each application, the staff may selectively audit the licensing basis of the most risk-significant functions with proposed RICTs to verify that such diverse means exist.)
| |
| The following sections provide the justification that defense-in-depth, either through redundancy or through diversity, is maintained for the applicable functions throughout the application of the RICT Program. The tables show that for each reactor trip system (RTS) function and each engineered safety features actuation system (ESFAS) instrument function, there is at least one diverse means for initiating the safety function. Table E1-4 shows the diverse means for initiating the safety function (i.e., reactor trip) for RTS instrumentation. Table E1-5 shows the diverse means for initiating the safety function (e.g., safety injection, containment isolation, containment spray, etc.) for each ESFAS instrument.
| |
| 5.1 Reactor Trip System Instrumentation (TS 3.3.1)
| |
| The RTS design creates defense-in-depth through the degree of redundancy for each of its channels for each Functional Unit.
| |
| * Each Functional Unit has multiple channels, with a minimum of 2 channels for Functional Units proposed for the RICT Program.
| |
| * Each Functional Unit proposed to be in the scope of the RICT Program will cause a reactor trip with 1/2, 2/3, or 2/4 tripped channels.
| |
| * A bypassed channel does not trip. It reduces the total available channels by 1, for example from 2/4 to 2/3, or from 2/3 to 2/2.
| |
| * When applicable, if 1 channel in the Functional Unit is out of service, then that channel may be placed in a tripped state, for example reducing the redundancy from 2/4 required tripped channels to 1/3 required tripped channels.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 59 RA-18-0190 The Reactor Trip System also employs diversity in the number and variety of different inputs which will initiate a reactor trip. A given reactor trip will typically be accompanied by several diverse reactor trip inputs from the RTS.
| |
| * Manual Reactor Trip 1/2 channels to trip
| |
| * Power Range Neutron Flux (High) 2/4 channels to trip
| |
| * Power Range Neutron Flux (Low) 2/4 channels to trip
| |
| * Power Range Neutron Flux (High Positive Rate) 2/4 channels to trip
| |
| * Intermediate Range High Neutron Flux 1/2 channels to trip
| |
| * Source Range High Neutron Flux 1/2 channels to trip
| |
| * Overtemperature b.T 2/4 channels to trip
| |
| * Overpower b.T 2/4 channels to trip
| |
| * Pressurizer Pressure (Low) 2/4 channels to trip
| |
| * Pressurizer Pressure (High) 2/4 channels to trip
| |
| * Pressurizer Water Level (High) 2/3 channels to trip
| |
| * Reactor Coolant Flow - Low (Single Loop) 2/3 channels to trip per loop
| |
| * Reactor Coolant Flow - Low (Two Loops) 2/3 channels to trip per loop
| |
| * Undervoltage RCPs (1 per bus) 2/4 channels to trip
| |
| * Underfrequency RCPs (1 per bus) 2/4 channels to trip
| |
| * Steam Generator (SG) Water Level (Low Low) 2/4 channels to trip per SG
| |
| * Turbine Trip (Low Fluid Oil Pressure) 2/3 channels to trip
| |
| * Turbine Trip (Turbine Stop Valve Closure) 4/4 stop valves closed
| |
| * Safety Injection (SI) Input from ESFAS 1/2 trains to trip
| |
| * Reactor Trip Breakers 1/2 trains to trip
| |
| * Automatic Trip Lock Logic 1/2 trains to trip TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Two manual reactor trip switches Manual Reactor a. Automatic actuation Reactor Trip 2) Train A and Train B Trip failed trip breakers
| |
| : 3) Automatic reactor trips
| |
| : a. Feedwater system 1) Automatic Protection Power Range malfunctions causing a. Low-Low Steam Neutron Flux Reactor Trip an increase in Generator Level Reactor Trips feedwater flow b. Overpower b.T (High & Low)
| |
| UFSAR 15.1.2 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 60 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Intermediate
| |
| : b. Uncontrolled rod Range High Neutron cluster control Flux Reactor Trip assembly bank b. Source Range withdrawal from a High Neutron Flux subcritical or low Reactor Trip power startup c. Power Range condition Neutron Flux High UFSAR 15.4.1 Positive Rate Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : c. Spectrum of rod
| |
| : a. Power Range cluster control Neutron Flux High assembly ejection Positive Rate Reactor accidents Trip UFSAR 15.4.8
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Overtemperature I:,. T
| |
| : d. Uncontrolled rod
| |
| : b. High Pressurizer cluster control Pressure Reactor Trip assembly bank
| |
| : c. Overpower I:,. T withdrawal at power
| |
| : d. High Pressurizer UFSAR 15.4.2 Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : a. Spectrum of rod 1) Automatic Protection Power Range cluster control a. Power Range Neutron Flux High Reactor Trip assembly ejection Neutron Flux Reactor Positive Rate accidents Trips (High & Low)
| |
| Reactor Trip UFSAR 15.4.8 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. High Pressurizer Pressure Reactor Overtemperature a. Loss of external load Trip I:,. T Reactor Trip UFSAR 15.2.2 b. High Pressurizer Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 61 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. High Pressurizer Pressure Reactor Trip
| |
| : b. Turbine Trip b. Reactor Trip on UFSAR 15.2.3, Turbine Trip 15.2.5 c. High Pressurizer Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : c. Inadvertent closure 1) Automatic Protection of main steam a. High Pressurizer isolation valves Pressure Reactor Trip UFSAR 15.2.4 2) Manual Trip
| |
| : d. Chemical and 1) Automatic Protection volume control a. Power Range system malfunction Neutron Flux Reactor that results in a Trips decrease in boron b. Overpower 11T concentration in the 2) Manual Trip reactor coolant UFSAR 15.4.6
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : e. Uncontrolled rod Trips cluster control b. High Pressurizer assembly bank Pressure Reactor Trip withdrawal at power c. Overpower 11T UFSAR 15.4.2 d. High Pressurizer Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : f. Rod cluster control Trips assembly
| |
| : b. Low Pressurizer misoperation Pressure Reactor Trip UFSAR 15.4.3
| |
| : c. High Pressurizer Pressure Reactor Trip
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 62 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Low Pressurizer
| |
| : g. Inadvertent opening Pressure Reactor Trip of a pressurizer
| |
| : b. Reactor Trip On safety or relief valve Safety Injection UFSAR 15.6.1 Initiation
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Low Pressurizer
| |
| : h. Steam generator Pressure Reactor Trip tube failure b. Reactor Trip On UFSAR 15.6.3 Safety Injection Initiation
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Feedwater system a. Low-Low Steam malfunctions causing Generator Level an increase in b. Power Range feedwater flow Neutron Flux UFSAR 15.1.2 Reactor Trips
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Low-Low Steam Generator Level
| |
| : b. Reactor Trip On
| |
| : b. Steam system piping Safety Injection failure Initiation UFSAR 15.1.5
| |
| : c. Power Range Neutron Flux Reactor Trips Overpower l:!,.T Reactor Trip
| |
| : 2) Manual Trip
| |
| : c. Chemical and 1) Automatic Protection volume control a. Power Range system malfunction Neutron Flux Reactor that results in a Trips decrease in boron b. Overtemperature concentration in the l:!,.T reactor coolant 2) Manual Trip UFSAR 15.4.6
| |
| : d. Chemical and 1) Automatic Protection volume control a. High Pressurizer system malfunction Water that increases Level Reactor Trip.
| |
| reactor coolant inventory 2) Manual Trip UFSAR 15.5.2
| |
| | |
| U.S. Nuclear Regulatory Commission Page 63 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Inadvertent operation
| |
| : a. Reactor Trip On of the ECCS during Safety Injection power operation Initiation UFSAR 15.5.1
| |
| : 2) Manual Trip
| |
| : b. Chemical and 1) Automatic Protection volume control a. Overtemperature system malfunction I:,.T that decreases 2) Manual Trip reactor coolant inventory UFSAR 15.5.2
| |
| : 1) Automatic Protection Low Pressurizer
| |
| : a. Overtemperature Pressure Reactor Reactor Trip
| |
| : c. Steam generator I:,.T Trip tube failure b. Reactor Trip On UFSAR 15.6.3 Safety Injection Initiation
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : d. Loss of coolant a. Reactor Trip On accident Safety UFSAR 15.6.5 Injection Initiation
| |
| : 2) Manual Trip
| |
| : e. Rod cluster control 1) Automatic Protection assembly a. Overtemperature misoperation I:,. T UFSAR 15.4.3 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Overtemperature I:,.T
| |
| : a. Loss of external load
| |
| : b. High Pressurizer UFSAR 15.2.2 Water Level Reactor Trip
| |
| : 2) Manual Trip High Pressurizer
| |
| : 1) Automatic Protection Pressure Reactor Reactor Trip
| |
| : a. Overtemperature Trip I:,.T
| |
| : b. Turbine trip b. Reactor Trip on UFSAR Turbine Trip 15.2.3,15.2.5 c. High Pressurizer Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 64 RA-18-0190 TABLE E1- REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : c. Inadvertent closure 1) Automatic Protection of main steam a. Overtemperature isolation valves T UFSAR 15.2.4 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : d. Uncontrolled rod Trips cluster control b. Overtemperature assembly bank T withdrawal at power c. Overpower T UFSAR 15.4.2 d. High Pressurizer Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : e. Rod cluster control 1) Automatic Protection assembly a. Overtemperature misoperation T UFSAR 15.4.3 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. High Pressurizer
| |
| : a. Loss of external load Pressure Reactor Trip UFSAR 15.2.2 b. Overtemperature T
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. High Pressurizer Pressure Reactor Trip
| |
| : b. Turbine trip
| |
| : b. Overtemperature UFSAR T
| |
| 15.2.3,15.2.5 High Pressurizer c. Reactor Trip on Water Level Reactor Trip Turbine Trip Reactor Trip 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : c. Uncontrolled rod Trips cluster control b. Overtemperature assembly bank T withdrawal at power c. High Pressurizer UFSAR 15.4.2 Pressure
| |
| : d. Overpower T Reactor Trip
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 65 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Partial loss of forced a. RCP undervoltage reactor coolant flow b. RCP UFSAR 15.3.1 underfrequency Low Reactor 2) Manual Trip Coolant Flow Reactor Trip b. Reactor coolant 1) Manual Trip Reactor Trips pump shaft seizure (Single & 2 Loops)
| |
| UFSAR 15.3.3
| |
| : c. Reactor coolant 1) Manual Trip pump shaft break UFSAR 15.3.4
| |
| : 1) Automatic Protection
| |
| : a. Feedwater system
| |
| : a. Power Range malfunctions causing Neutron Flux Reactor an increase in Trips feedwater flow
| |
| : b. Overpower 11T UFSAR 15.1.2
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : b. Steam system piping Trips failure b. Overpower 11T UFSAR 15.1.5 c. Reactor Trip On Safety Injection Initiation
| |
| : 2) Manual Trip Low-Low Steam 1) Automatic Protection Generator Water Reactor Trip a. Power Range Level Reactor Trip Neutron Flux Reactor
| |
| : c. Inadvertent opening Trips of a SG relief or
| |
| : b. Overpower 11T safety valve
| |
| : c. Reactor Trip On UFSAR 15.1.4 Safety Injection Initiation
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Overtemperature 11T
| |
| : d. Feedwater system b. High Pressurizer pipe break Pressure Reactor Trip UFSAR 15.2.8 c. Reactor Trip On Safety Injection Initiation
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 66 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Low Reactor Coolant Flow Reactor Reactor Coolant a. Complete loss of Trips Pumps forced reactor Reactor Trip b. Reactor Coolant Undervoltage coolant flow Pumps Reactor Trip UFSAR 15.3.2 Underfrequency Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Low Reactor Reactor Coolant a. Complete loss of Coolant Flow Reactor Pumps forced reactor Trips Reactor Trip Underfrequency coolant flow b. Reactor Coolant Reactor Trip UFSAR 15.3.2 Pumps Undervoltage Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. High Pressurizer Pressure Reactor Trip
| |
| : b. Overtemperature I:,. T
| |
| : a. Turbine trip
| |
| : c. High Pressurizer Reactor Trip On UFSAR 15.2.3, Reactor Trip Water Turbine Trip 15.2.5 Level Reactor Trip
| |
| : d. Low-Low Steam Generator Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor
| |
| : a. Inadvertent opening Trips Reactor Trip On of a SG relief or b. Overpower I:,. T Safety Injection Reactor Trip safety valve c. Low-Low Steam Initiation UFSAR 15.1.4 Generator Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| | |
| U.S. Nuclear Regulatory Commission Page 67 RA-18-0190 TABLE E1-4 REACTOR TRIP SYSTEM (RTS) INSTRUMENTATION DIVERSITY Plant Function Safety Function Diverse Reactor Trips Condition/Accident
| |
| : 1) Automatic Protection
| |
| : a. Power Range Neutron Flux Reactor Trips
| |
| : b. Steam system piping
| |
| : b. Overpower !:,.T failure
| |
| : c. Low-Low Steam UFSAR 15.1.5 Generator Water Level Reactor Trip
| |
| : 2) Manual Trip
| |
| : 1) Automatic Protection
| |
| : a. Overtemperature
| |
| !:,.T
| |
| : b. High Pressurizer
| |
| : c. Feedwater system Pressure Reactor Trip pipe break
| |
| : c. Low-Low Steam UFSAR 15.2.8 Generator Water Level Reactor Trip
| |
| : 2) Manual Trip 5.2 Engineered Safety Features Actuation System Instrumentation (TS 3.3.2)
| |
| The Engineered Safety Features Actuation System (ESFAS) design creates defense-in-depth through the degree of redundancy for each of its channels for each Functional Unit.
| |
| * Each Functional Unit has multiple channels.
| |
| * Each Functional Unit will actuate its associated equipment with 1/2, 2/3, or 2/4 tripped channels.
| |
| * A bypassed channel does not trip. It reduces the total available channels by 1, for example from 2/4 to 2/3, or from 2/3 to 2/2.
| |
| * When applicable, if 1 channel in the Functional Unit is out of service, then that channel may be placed in a tripped state, for example reducing the redundancy from 2/4 required tripped channels to 1/3 required tripped channels.
| |
| ESFAS also employs diversity in the number and variety of different inputs which will actuate the associated equipment.
| |
| Safety Injection o Manual Initiation 1/2 channels to actuate o Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Containment Pressure High 2/3 channels to actuate o Pressurizer Pressure Low Low 2/4 channels to actuate Containment Isolation o Phase A Isolation Manual Initiation 1/2 channels to actuate
| |
| | |
| U.S. Nuclear Regulatory Commission Page 68 RA-18-0190 o Phase A Isolation Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Phase B Isolation Manual Initiation 1/2 channels to actuate o Phase B Isolation Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Phase B Isolation on Containment Pressure High High 2/4 channels to actuate Steam Line Isolation o Manual Initiation (System) - 1/2 channels to actuate o Manual Initiation (Individual) 1 per line o Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Containment Pressure High High 2/4 channels to actuate o Steam Line Pressure Low 2/3 channels to actuate o Steam Line Pressure Negative Rate High 2/3 channels to actuate Turbine Trip and Feedwater Isolation o Turbine Trip - Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Turbine Trip - SG Water Level High High (P-14) 2/3 channels to actuate o Feedwater Isolation - Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o Feedwater Isolation - SG Water Level High High (P-14) 2/3 channels to actuate o Feedwater Isolation - Tavg-Low (coincident with Reactor Trip, P-4) 2/4 channels to actuate o Feedwater Isolation Doghouse Water Level High High (3 per train per Doghouse) 2/3 channels to actuate Auxiliary Feedwater o Automatic Actuation Logic and Actuation Relays 1/2 channels to actuate o SG Water Level Low Low 2/4 channels to actuate o Station Blackout Loss of Voltage 2/3 channels to actuate o Station Blackout Degraded Voltage 2/3 channels to actuate o Auxiliary Feedwater Pump Suction Transfer on Suction Pressure Low; 2 per MDP, 4 per TDP(2 trains) 2/2 per train to actuate Automatic Switchover to Containment Sump o Refueling Water Storage Tank (RWST) Level Low (Coincident with Safety Injection) 2/3 channels Not all McGuire ESFAS TS 3.3.2 Conditions and Required Actions are within the scope of this license amendment request. Table E1-5 does not include out of scope instrumentation.
| |
| TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Two trains of Automatic manual Manual Initiation Safety Injection (SI) actuation failed pushbuttons
| |
| : 2) Automatic SI
| |
| | |
| U.S. Nuclear Regulatory Commission Page 69 RA-18-0190 TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Two trains of Automatic Actuation Logic Conditions automatic Safety Injection (SI) and Actuation Relays requiring SI actuation
| |
| : 2) Manual SI
| |
| : 1) Automatic SI
| |
| : a. Pressurizer Steamline break Pressure Low inside containment Low
| |
| : 2) Manual SI Containment Pressure - 1) Automatic SI Safety Injection (SI)
| |
| High a. Pressurizer LOCA Pressure Low Low
| |
| : 2) Manual SI Feed line break 1) Manual SI inside containment Inadvertent 1) Manual SI opening of a steam generator relief or safety valve
| |
| : 1) Automatic SI a.
| |
| Containment Pressure Steamline break High (if break in containment)
| |
| Pressurizer Pressure 2) Manual SI Safety Injection (SI)
| |
| Low Low 1) Automatic SI A spectrum of rod a.
| |
| cluster control Containment assembly ejection Pressure accidents (rod High ejection)
| |
| : 2) Manual SI
| |
| : 1) Automatic SI Inadvertent a.
| |
| opening of a Containment pressurizer relief or Pressure safety valve High
| |
| : 2) Manual SI
| |
| | |
| U.S. Nuclear Regulatory Commission Page 70 RA-18-0190 TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Automatic SI a.
| |
| Containment LOCAs Pressure High
| |
| : 2) Manual SI SG Tube Rupture 1) Manual SI
| |
| : 1) Two trains of manual Containment Isolation Automatic pushbuttons Manual Initiation (Ph A) Actuation failed 2) Two trains of automatic Ph A isolation
| |
| : 1) Two trains of SI conditions automatic Ph Automatic Actuation Logic Containment Isolation requiring Ph A A actuation and Actuation Relays (Ph A) isolation 2) Manual Ph A isolation
| |
| : 1) Two trains of manual Containment Isolation Automatic pushbuttons Manual Initiation (Ph B) Actuation failed 2) Two trains of automatic Ph B isolation
| |
| : 1) Two trains of Conditions automatic Ph Automatic Actuation Logic Containment Isolation requiring Ph B B actuation and Actuation Relays (Ph B) isolation 2) Manual Ph B isolation
| |
| : 1) Manual Ph B
| |
| : 1) LOCA isolation Containment Pressure Containment Isolation
| |
| : 2) Steamline 2) Two trains of High High (Ph B) break automatic Ph B isolation
| |
| : 1) Two trains of manual pushbuttons Automatic Manual Initiation (System) Steam Line Isolation 2) Two trains of Actuation failed automatic steam line isolation
| |
| | |
| U.S. Nuclear Regulatory Commission Page 71 RA-18-0190 TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Two trains of automatic Conditions Automatic Actuation Logic steam line Steam Line Isolation requiring steam and Actuation Relays isolation line isolation
| |
| : 2) Manual steam line isolation
| |
| : 1) Two trains of automatic steam line isolation
| |
| : a. Low steam Steam Line Pressure - line pressure Steam Line Isolation Steamline break Low b. High negative steam pressure rate
| |
| : 2) Manual steam line isolation
| |
| : 1) Two trains of automatic steam line isolation
| |
| : a. Low steam Steam Line Pressure line pressure Steam Line Isolation Steamline break Negative Rate - High b. High negative steam pressure rate
| |
| : 2) Manual steam line isolation
| |
| : 1) Feedwater 1) Manual system turbine trip Turbine Trip malfunctions switches Turbine Trip and 2) Two trains of Automatic Actuation Logic that result in an Feedwater Isolation automatic And Actuation Relays increase in feedwater flow turbine trip
| |
| : 2) Safety Injection actuation
| |
| : 1) Manual Feedwater system turbine trip Turbine Trip malfunctions that switches Turbine Trip and SG Water Level result in an 2) Two trains of Feedwater Isolation High High increase in automatic feedwater flow turbine trip actuation
| |
| | |
| U.S. Nuclear Regulatory Commission Page 72 RA-18-0190 TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Feedwater 1) Manual system feedwater malfunctions isolation that result in an pushbuttons increase in 2) Two trains of Feedwater Isolation feedwater flow automatic Turbine Trip and Automatic Actuation Logic feedwater Feedwater Isolation 2) Safety Injection And Actuation Relays isolation
| |
| : 3) Excessive actuation cooldown
| |
| : 4) Feedwater break in doghouse
| |
| : 1) Manual feedwater Feedwater system isolation Feedwater Isolation malfunctions that pushbuttons Turbine Trip and SG Water Level result in an 2) Two trains of Feedwater Isolation High High increase in automatic feedwater flow feedwater isolation actuation
| |
| : 1) Manual feedwater isolation Feedwater Isolation Excessive pushbuttons Turbine Trip and TavgLow coincident with cooldown after 2) Two trains of Feedwater Isolation Reactor Trip, P-4 Reactor Trip automatic feedwater isolation actuation
| |
| : 1) Two trains of automatic Conditions auxiliary Automatic Actuation Logic Auxiliary Feedwater requiring Auxiliary feedwater And Actuation Relays Feedwater actuation
| |
| : 2) Manually start pump(s)
| |
| : 1) Two trains of automatic auxiliary SG Water Level Low Auxiliary Feedwater Loss of heat sink feedwater Low actuation
| |
| : 2) Manually start pump(s)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 73 RA-18-0190 TABLE E1- 5 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (ESFAS) INSTRUMENTATION DIVERSITY Accident Diverse ESFAS Instrument Safety Feature Condition Protection
| |
| : 1) Two trains of automatic auxiliary Station Blackout Loss of Auxiliary Feedwater Loss of heat sink feedwater Voltage actuation
| |
| : 2) Manually start pump(s)
| |
| : 1) Two trains of automatic auxiliary Station Blackout Auxiliary Feedwater Loss of heat sink feedwater Degraded Voltage actuation
| |
| : 2) Manually start pump(s)
| |
| Reduce/prevent 1. Manual excessive NCS turbine trip cooldown for: 2. Manual
| |
| : 1) Trips feedwater turbine isolation
| |
| : 2) Isolate pushbuttons feedwater 3. Operator with actions in coincident EPs.
| |
| low Tavg 4. Manually
| |
| : 3) Prevent re- close actuation of feedwater Reactor Trip, P-4 ESFAS Interlocks SI after a isolation manual valves reset of SI 5. Two trains of
| |
| : 4) Prevent P-4 signal opening of feedwater isolation valves if they were closed on SI or SG Water Level High High
| |
| | |
| U.S. Nuclear Regulatory Commission Page 74 RA-18-0190
| |
| | |
| ==6.0 DESCRIPTION==
| |
| OF ELECTRICAL POWER SYSTEMS AND NON-UNIFORM LOADING AT MCGUIRE Offsite Power The offsite power systems consist of all sources of electric power and their associated transmission systems outside of the generating station. The boundary between the Offsite Power System and the Onsite Power System is the main stepup transformer terminations on the low voltage side. On Unit 1, the 230kV switchyard provides offsite power through two separate and independent overhead transmission lines, Buslines (BL) 1A and 1B connected to Main Step-up Transformers (MSUT) 1A and 1B. On Unit 2, the 525kV switchyard provides offsite power through two separate and independent overhead transmission lines, BL 2A and BL 2B, connected to MSUTs 2A and 2B. The secondary (low voltage) side of all 4 MSUTs operates at 24kV and each feeds station auxiliary loads through unit auxiliary transformers 1ATA, 1ATB, 2ATA and 2ATB, respectively. Each of these unit auxiliary transformers has the capacity to carry all the auxiliaries of one operating nuclear unit plus the safety shutdown loads of the other nuclear unit. Also, each unit auxiliary transformer (24kV/6.9kV) has two secondary windings with each winding supplying a 6.9 kV switchgear group. These 6.9kV switchgear groups supply all unit auxiliaries including normal and alternate connections to the essential 4160V ESF buses (1ETA, 1ETB, 2ETA and 2ETB). Upon loss of one of the independent offsite circuits, the affected 6.9kV switchgear groups automatically transfer to the other unit auxiliary transformer.
| |
| Essential Bus Power Sources As described above, the essential ESF 4160V buses (1ETA, 1ETB, 2ETA and 2ETB) are normally powered from offsite power via the 6.9kV switchgear groups. Each essential 4160V bus also has a dedicated onsite diesel generator (DG) source. If the normal and alternate offsite sources are unavailable, the onsite emergency DG supplies power to the 4160V ESF bus.
| |
| There are also provisions to accommodate the connecting of the Emergency Supplemental Power Source (ESPS) to one train of either units Class 1E AC Distribution System. The ESPS consists of two 50% capacity non-safety related commercial grade DGs. Manual actions are required to align the ESPS to the station and only one of the stations four onsite Class 1E Distribution System trains can be supplied by the ESPS at any given time.
| |
| Non-Uniform Loading (Shared Systems)
| |
| McGuire has several shared systems/components powered from the essential ESF 4160V buses. These shared systems/components are:
| |
| * Nuclear Service Water System (NSWS) shared valves
| |
| * Control Room Area Ventilation System (CRAVS)
| |
| * Control Room Area Chilled Water System (CRACWS)
| |
| * Auxiliary Building Filtered Ventilation Exhaust System (ABFVES)
| |
| * Groundwater Drainage System The A Train shared loads are normally aligned to Unit 1,1ETA. The B Train shared loads are normally aligned to Unit 2, 2ETB. But if desired or required to maintain operability of the shared systems, they can be swapped to receive power from the other Unit (A Train to 2ETA and B Train to 1ETB).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 75 RA-18-0190 Table E1-6 below documents the shared loading scheme:
| |
| Table E1-6: McGuire Shared Essential Loads Electrical Alignment 1ETA Bus (4160V) 1ETB Bus (4160V) 2ETA Bus (4160V) 2ETB Bus (4160V)
| |
| A CRACWS Chiller B CRACWS Chiller A CRACWS Chiller B CRACWS Chiller (Normal) (Alternate) (Alternate) (Normal) 1EMXG 600 V Loads 2EMXG 600 V Loads 1EMXG 600 V Loads 2EMXG 600 V Loads (Normal) (Alternate) (Alternate) (Normal)
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRACWS CRACWS CRACWS CRACWS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRAVS CRAVS CRAVS CRAVS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train ABFVES ABFVES ABFVES ABFVES components components components components
| |
| * One A Train
| |
| * Three B Train
| |
| * One A Train
| |
| * Three B Train Groundwater Groundwater Groundwater Groundwater Drainage Drainage Drainage Drainage Sump Pump Sump Pumps Sump Pump Sump Pumps 1EMXH 600 V Loads 2EMXH 600 V Loads 1EMXH 600 V Loads 2EMXH 600 V Loads (Normal) (Alternate) (Alternate) (Normal)
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train NSWS shared NSWS shared NSWS shared NSWS shared valves valves valves valves
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRACWS CRACWS CRACWS CRACWS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRAVS CRAVS CRAVS CRAVS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train ABFVES ABFVES ABFVES ABFVES components components components components
| |
| * Two A Train
| |
| * Two A Train Groundwater Groundwater Drainage Drainage Sump Pumps Sump Pumps (1EMXH-1) (1EMXH-1)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 2 INFORMATION SUPPORTING CONSISTENCY WITH REGULATORY GUIDE 1.200, REVISION 2
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE The purpose of this Enclosure is to document the technical adequacy of the McGuire Nuclear Station (MNS) probabilistic risk assessment (PRA) models in support of the license amendment request (LAR) to modify Technical Specification (TS) requirements to allow the use of Risk-Informed Completion Times (RICT) in accordance with TSTF-505 (Reference 1).
| |
| Specifically, this Enclosure provides a discussion of the results of the peer reviews and self-assessments of the internal events, internal flood, fire, and high winds PRA models supporting this application. This Enclosure also provides confirmation that the clarifications and qualifications found in RG 1.200 (Reference 4) to the relevant PRA standards against which the PRA models have been assessed are met.
| |
| There are no open Finding level F&Os and all applicable Supporting Requirements (SR) are met at Capability Category (CC) II or better.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. Final Revised Model Safety Evaluation of Traveler TSTF-505, Revision 2, Provide Risk-Informed Extended Completion Times RITSTF Initiative 4B, November 21, 2018 (ADAMS Accession No. ML18267A259).
| |
| : 4. Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2, US Nuclear Regulatory Commission, March 2009.
| |
| : 5. Nuclear Energy Institute (NEI) 05-04, Process for Performing Internal Events PRA Peer Reviews Using the ASME/ANS PRA Standard, Revision 2.
| |
| : 6. NEI 07-12, Fire Probabilistic Risk Assessment (FPRA) Peer Review Process Guidelines, Revision 1.
| |
| : 7. Letter from NRC to NEI, U.S. Nuclear Regulatory Commission Acceptance on Nuclear Energy Institute Appendix X to Guidance 05-04, 07-12, And 12-13, Close-Out of Facts and Observations (F&Os), May 3, 2017 (ADAMS Accession No. ML17079A427).
| |
| : 8. Duke Energy calculation, MCC-1535.00-00-0204, McGuire Nuclear Station PRA Peer Review F&O Resolutions, Revision 8.
| |
| : 9. NEI 17-07, Performance of PRA Peer Reviews using the ASME/ANS PRA Standard, August 2019 (ADAMS Accession No. ML19241A615).
| |
| : 10. ASME/ANS RA-Sa-2009, Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME and the American Nuclear Society, February 2009.
| |
| : 11. Duke Energy procedure, AD-NF-NGO-0502, Probabilistic Risk Assessment (PRA) Model Technical Adequacy, Revision 4.
| |
| : 12. ASME/ANS RA-Sb-2013, Addenda to ASME/ANS RA-S-2008 Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications, ASME and the American Nuclear Society, September 2013.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 3 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the LAR provide a discussion of the results of peer reviews and self-assessments conducted for the plant-specific PRA models which support the RICT Program, including the resolution or disposition of any identified deficiencies (i.e., facts and observations from peer reviews). Specifically, this includes a comparison of the requirements of RG 1.200 using the elements of the PRA Standard for Capability Category II. The history of F&O closure reviews for each of the models discussed below are referenced and documented in Reference 8.
| |
| 4.0 PRA QUALITY/TECHNICAL ADEQUACY The PRA models supporting this application have been assessed against RG 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2 (Reference 4) consistent with NRC Regulatory Issue Summary (RIS) 2007-06.
| |
| The MNS PRA models are sufficiently robust and suitable for use in risk-informed processes such as regulatory decision making. The peer reviews that have been conducted and the resolution of findings from those reviews demonstrate that the internal events, internal flooding, large early release frequency (LERF), fire, and high winds models of the PRA have been performed in a technically sound manner. The assumptions and approximations used in development of the PRA have also been reviewed and are appropriate for their application.
| |
| Duke Energy procedures are in place for controlling and updating the models, when appropriate, and for assuring that the model represents the as-built, as-operated plant (Reference 11). The conclusion, therefore, is that the MNS PRA models are acceptable to be used as the basis for risk-informed applications including assessment of proposed TS amendments.
| |
| The MNS PRA Models of Record (MORs) are maintained as controlled documents and are updated on a periodic basis to represent the as-built, as-operated plant.
| |
| Duke Energy procedures provide the guidance, requirements, and processes for the maintenance, update, and upgrade of the PRA (Reference 11):
| |
| * The process includes a review of plant changes, selected plant procedures, and plant operating data as required, through a chosen freeze date to assess the effect on the PRA model.
| |
| * The PRA model and controlling documents are revised as necessary to incorporate those changes determined to impact the model.
| |
| * The determination of the extent of model changes includes the following:
| |
| o Accepted industry PRA practices, ground rules, and assumptions consistent with those employed in the ASME/ANS PRA Standard (Reference 10),
| |
| o Current industry practices, o NRC guidance (e.g., RG 1.174 and RG 1.177),
| |
| o Advances in PRA technology and methodology, and o Changes in external hazard conditions.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 4.1 PRA Review Process Results 4.1.1 Internal Events The MNS Units 1 and 2 Internal Events PRA model Peer Review was performed in June 2015 against the ASME PRA Standard (Reference 10), Regulatory Guide 1.200, Revision 2 (Reference 4), and NEI 05-04 (Reference 5).
| |
| Resolved findings were reviewed and closed in February 2016 using the process documented in the draft of Appendix X to NEI 05-04, NEI 07-12 and NEI 12-13, Close-out of Facts and Observations, published at the time of review. Subsequently, the finding closure review was reperformed in May 2019 to the approved process documented in Appendix X to NEI 05-04, NEI 07-12 and NEI 12-13 (Reference 7). A subsequent finding closure review was conducted in November 2021. Resolved findings were reviewed and closed using the process documented in NEI 17-07, Performance of PRA Peer Reviews Using the ASME/ANS PRA Standard, (Reference 9).
| |
| The results of these reviews have been documented and are available for NRC audit.
| |
| In conclusion, all the finding level F&Os have been closed, and all associated SRs are now judged to be met at CC II or higher. There are no PRA upgrades that have not been peer reviewed.
| |
| 4.1.2 LERF The MNS Units 1 and 2 LERF PRA model peer review was performed in December 2012 against ASME/ANS PRA Standard RA-Sa-2009 (Reference 10), RG 1.200 Revision 2 (Reference 4), and NEI 05-04 (Reference 5).
| |
| Resolved findings were reviewed and closed in November 2018 using the process documented in Appendix X to NEI 05-04, 07-12, and 12-13. A subsequent finding closure review was conducted in June 2022 where resolved findings were reviewed and closed using the process documented in NEI 17-07 (Reference 9).
| |
| The results of these reviews have been documented and are available for NRC audit.
| |
| In conclusion, all the finding level F&Os have been closed, and all associated SRs are now judged to be met at CC II or higher. There are no PRA upgrades that have not been peer reviewed.
| |
| 4.1.3 Internal Flooding The MNS Units 1 and 2 Internal Flooding PRA model peer review was performed in September 2011 against ASME/ANS PRA Standard RA-Sa-2009 (Reference 10), RG 1.200 Revision 2 (Reference 4), and NEI 05-04 (Reference 5).
| |
| A finding closure review was conducted on the Internal Flooding PRA model in November 2018 where resolved findings were reviewed and closed using the process documented in Appendix X to NEI 05-04, 07-12, and 12-13. A subsequent finding closure review was conducted in June 2022 where resolved findings were reviewed and closed using the process documented in NEI 17-07 (Reference 9).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 The results of these reviews have been documented and are available for NRC audit.
| |
| In conclusion, all the finding level F&Os have been closed, and all associated SRs are now judged to be met at CC II or higher. There are no PRA upgrades that have not been peer reviewed.
| |
| 4.1.4 Fire The MNS Units 1 and 2 Fire Probabilistic Risk Assessment (FPRA) Peer Review was performed in 2010 against the ASME/ANS PRA Standard (Reference 10), RG 1.200, Revision 2 (Reference 4), and NEI 07-12 (Reference 6). In 2019, 2020, 2021, and 2022 Focused Scope Peer Reviews (FSPRs) were performed to address various PRA upgrades where all of the FSPRs were performed against the ASME/ANS PRA Standard (Reference 10), RG 1.200 Revision 2 (Reference 4), and Nuclear Energy Institute (NEI) 07-12 (Reference 6) or NEI 17-07 (Reference 9).
| |
| Finding closure reviews were conducted on the FPRA model in January 2019 and December 2020 where resolved findings were reviewed and closed using the process documented in Appendix X to NEI 05-04, 07-12 and 12-13. Subsequent closure reviews were conducted on the FPRA model in November 2021 and September 2022 where resolved findings were reviewed and closed using the process documented in NEI 17-07 (Reference 9). In some instances, a FSPR and F&O closure review was conducted in parallel, however, in each instance, the scope for the F&O closure did not include any findings generated from the parallel FSPR. The following list provides a summary of the scope for each review and the detailed reports for each review are available for NRC audit.
| |
| * January 2019 FSPR: Assesses a model upgrade to use Human Reliability Analysis (HRA) Calculator Software for Fire PRA Human Failure Event (HFE) Analysis
| |
| * January 2019 F&O Closure: This closure review was performed in parallel to the January 2019 FSPR and does not assess findings generated in the parallel FSPR
| |
| * December 2020 FSPR: Assesses a model upgrade to use the Obstructed Radiation Method
| |
| * December 2020 F&O Closure: Assesses two findings generated in the January 2019 FSPR on HRA
| |
| * November 2021 FSPR: Assesses two newly applicable SRs and one SR previously assessed at Capability Category I with no open finding
| |
| * November 2021 F&O Closure: Assesses select findings from 2020 FSPR
| |
| * August 2022 FSPR: Assesses a newly applicable SR and a model upgrade to use a quantitative analysis for fire impacts to structural steel.
| |
| * September 2022 F&O Closure: Assesses closure of the finding from the August 2022 FSPR The results of these reviews have been documented and are available for NRC audit.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 In conclusion, all the finding level F&Os have been closed, and all associated SRs are now judged to be met at CC II or higher. There are no PRA upgrades that have not been peer reviewed.
| |
| 4.1.5 High Winds The MNS Units 1 and 2 High Winds PRA model peer review was performed in October 2014 against ASME/ANS PRA Standard RA-Sb-2013 (Reference 12), RG 1.200 Revision 2 (Reference 4), and NEI 05-04 (Reference 5).
| |
| A finding closure review was conducted on the High Winds PRA model in December 2021 where resolved findings were reviewed and closed using the process documented in NEI 17-07 (Reference 9).
| |
| The results of these reviews have been documented and are available for NRC audit.
| |
| In conclusion, all the finding level F&Os have been closed, and all associated SRs are now judged to be met at CC II or higher. There are no PRA upgrades that have not been peer reviewed.
| |
| 5.0 OPEN FINDING LEVEL FACTS AND OBSERVATIONS 5.1 Internal Events All finding level F&O dispositions for the Internal Events PRA were determined to have been adequately addressed by an independent review and are now considered closed. There are zero open finding level F&Os and all applicable SRs are met at CC II or higher (Reference 8).
| |
| 5.2 Internal Flooding All finding level F&O dispositions for the Internal Flooding PRA were determined to have been adequately addressed by an independent review and are now considered closed. There are zero open finding level F&Os and all applicable SRs are met at CC II or higher (Reference 8).
| |
| 5.3 LERF All finding level F&O dispositions for the LERF PRA were determined to have been adequately addressed by an independent review and are now considered closed. There are zero open finding level F&Os and all applicable SRs are met at CC II or higher (Reference 8).
| |
| 5.4 Fire All finding level F&O dispositions for the Fire PRA were determined to have been adequately addressed by an independent review and are now considered closed. There are zero open finding level F&Os and all applicable SRs are met at CC II or higher (Reference 8).
| |
| 5.5 High Winds All finding level F&O dispositions for the High Winds PRA were determined to have been adequately addressed by an independent review and are now considered closed. There are zero open finding level F&Os and all applicable SRs are met at CC II or higher (Reference 8).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 3 INFORMATION SUPPORTING TECHNICAL ADEQUACY OF PRA MODELS WITHOUT PRA STANDARDS ENDORSED BY REGULATORY GUIDE 1.200, REVISION 2
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 This Enclosure is not applicable to the McGuire Nuclear Station (MNS) submittal. Duke Energy is not proposing to use any PRA models in the MNS Risk-Informed Completion Time Program for which a PRA standard, as endorsed by the NRC in RG 1.200, Revision 2, does not exist.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 4 INFORMATION SUPPORTING JUSTIFICATION OF EXCLUDING SOURCES OF RISK NOT ADDRESSED BY THE PRA MODELS
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190
| |
| | |
| ==1.0 INTRODUCTION==
| |
| AND SCOPE Topical Report NEI 06-09, Revision 0-A (Reference 1), as clarified by the Nuclear Regulatory Commission (NRC) final safety evaluation (Reference 2), requires that the License Amendment Request (LAR) provide a justification for exclusion of risk sources from the Probabilistic Risk Assessment (PRA) model based on their insignificance to the calculation of configuration risk as well as discuss conservative or bounding analyses applied to the configuration risk calculation.
| |
| This enclosure addresses this requirement by discussing the overall generic methodology to identify and disposition such risk sources. This enclosure also provides the McGuire Nuclear Station (MNS) specific results of the application of the generic methodology and the disposition of impacts on the MNS Risk-Informed Completion Time (RICT) Program. Section 3 of this enclosure presents the plant-specific analysis of the MNS seismic hazard. Section 4 of this enclosure presents the plant specific analysis of the MNS high wind hazard. Section 5 presents the justification for excluding External Flooding for MNS. Section 6 of this enclosure presents the justification for excluding analyses of other external hazards from the MNS PRA.
| |
| Topical Report NEI 06-09 does not provide a specific list of hazards to be considered in a RICT Program. However, non-mandatory Appendix 6-A in the ASME/ANS PRA Standard (Reference 3) provides a guide for identification of most of the possible external events for a plant site. Additionally, NUREG-1855 (Reference 4) provides a discussion of hazards that should be evaluated to assess uncertainties in plant PRAs and support the risk-informed decision-making process. This information was reviewed for the MNS site and augmented with a review of information on the site region and plant design to identify the set of external events to be considered. The information in the UFSAR regarding the geologic, seismologic, hydrologic, and meteorological characteristics of the site region as well as present and projected industrial activities in the vicinity of the plant were also reviewed for this purpose. No new site-specific and plant-unique external hazards were identified through this review. The list of hazards in Appendix 6-A of the PRA Standard were considered for MNS as summarized in Table E4-6.
| |
| The scope of this enclosure is consideration of the hazards in Table E4-6 for MNS. As explained in subsequent sections of this enclosure, risk contributions from seismic and high wind events are evaluated quantitatively, and the other listed external hazards are evaluated and screened as having low risk.
| |
| 2.0 TECHNICAL APPROACH The guidance contained in NEI 06-09 states that all hazards that contribute significantly to incremental risk of a configuration must be quantitatively addressed in the implementation of the RICT Program. The following approach focuses on the risk implications of specific external hazards in the determination of the risk management action time (RMAT) and RICT for the Technical Specification (TS) Limiting Conditions for Operation (LCOs) selected to be part of the RICT Program.
| |
| Consistent with NUREG-1855 (Reference 4), external hazards may be addressed by:
| |
| : 1) Screening the hazard based on a low frequency of occurrence,
| |
| : 2) Bounding the potential impact and including it in the decision-making, or
| |
| : 3) Developing a PRA model to be used in the RMAT/RICT calculation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 The overall process for addressing external hazards considers two aspects of the external hazard contribution to risk.
| |
| * The first is the contribution from the occurrence of beyond design basis conditions, e.g.,
| |
| winds greater than design, seismic events greater than the design-basis earthquake (DBE), etc. These beyond design basis conditions challenge the capability of the SSCs to maintain functionality and support safe shutdown of the plant.
| |
| * The second aspect addressed is the challenges caused by external conditions that are within the design basis, but still require some plant response to assure safe shutdown, e.g., high winds or seismic events causing loss of offsite power, etc. While the plant design basis assures that the safety related equipment necessary to respond to these challenges are protected, the occurrence of these conditions nevertheless causes a demand on these systems that present a risk.
| |
| Hazard Screening The first step in the evaluation of an external hazard is screening based on an estimation of a bounding core damage frequency (CDF) for beyond design basis hazard conditions. An example of this type of screening is reliance on the NRCs 1975 Standard Review Plan (SRP)
| |
| (Reference 5), which is acknowledged in the NRCs Individual Plant Examination of External Events (IPEEE) procedural guidance (Reference 6) as assuring a bounding CDF of less than 1E-6/yr for each hazard. The bounding CDF estimate for hazard screening is often characterized by the likelihood of the site being exposed to conditions that are beyond the design basis limits and an estimate of the bounding conditional core damage probability (CCDP) for those conditions. If the bounding CDF for the hazard can be shown to be less than 1E-6/yr, then beyond design basis challenges from that hazard can be screened out and do not need to be addressed quantitatively in the RICT Program.
| |
| The basis for this hazard screening approach is as follows:
| |
| * The overall calculation of a RICT is limited to an incremental core damage probability (ICDP) of 1E-5.
| |
| * The maximum time interval allowed for a RICT is 30 days.
| |
| * If the maximum CDF contribution from a hazard is <1E-6/yr, then the maximum ICDP from the hazard is <1E-7 (1E-6/yr
| |
| * 30 days/365 days/yr).
| |
| * Thus, the bounding ICDP contribution from the hazard is shown to be less than 1% of the permissible ICDP in the bounding time for the condition. Such a minimal contribution is not significant to the decision in computing a RICT.
| |
| The MNS IPEEE hazard screening analysis (Reference 7) has been updated to reflect current MNS site conditions. The results are discussed in Section 6 and show that all the events listed in Table E4-6 can be screened except seismic events for McGuire. While high winds can be screened at McGuire based on average risk, there are configuration specific conditions identified for McGuire such that development of a High Winds RICT penalty was warranted as discussed in Section 4 below.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 Hazard Analysis CDF and LERF There are two options in cases where the bounding CDF for screening purposes for an external hazard cannot be shown to be less than 1E-6/yr. The first option is to develop a PRA model that explicitly models the challenges created by the hazard and the role of the SSCs included in the RICT Program in mitigating those challenges. The second option for addressing an unscreened external hazard is to compute CDF and LERF estimates for the hazard that are employed conservatively in RICT calculations. This second option is referred to as a hazard penalty approach. Section 3 describes the method used to calculate seismic CDF and LERF penalty values and Section 4 describes the high wind penalty values; both will be used in the calculation of RICT. This seismic and high wind penalty values will be added to the internal events and fire CDF and LERF to calculate the RICT; the seismic and high wind penalty values will apply to all RICT configurations.
| |
| High Wind (HW) Hazard Duke Energy requests use of the High Winds PRA to be retained as an option for this application. As noted in other sections of this LAR, the MNS High Winds PRA is a RG 1.200 Revision 2 compliant model that represents the as-built, as-operated plant. Due to current computing limitations the model cannot be quantified in a timely manner to support real-time risk scenarios. As these computing limitations are resolved, Duke Energy could use the High Winds PRA in the real time risk monitor tool similar to how the Fire PRA model is applied in the tool via the one-top all hazard PRA model. Since the High Winds PRA is a realistic model, the risk contribution for most scenarios is actually much less than the reasonably bounding penalty proposed above. The impact to RICTs calculated to be near 30 days is non-trivial when comparing the HW penalty factor to the HW PRA. For example, if a RICT is calculated to be 25 days with the proposed 1E-5 HW penalty factor, using the HWPRA instead of the penalty would provide approximately an additional 2 days on the RICT. Additionally, and more impactful in this application, using the more realistic risk calculation from the HWPRA will allow the risk to accrue at a lower rate against the annual RICT risk budget when any RICTs entered. The ability to use the HW PRA would benefit this application, while maintaining integrity of the risk calculations.
| |
| Duke Energy will only use one HW risk assessment methodology, penalty or PRA quantification, for any RICT entry. RICT program documentation will include which method was applied when calculating the results for a particular RICT.
| |
| Risks from Hazard Challenges Given the selection of an estimated bounding CDF/LERF, the approach considered must assure that the RICT Program calculations reflect the change in CDF/LERF caused by the out of service equipment. For MNS, as discussed later in this enclosure, the only beyond design basis hazard that could not be screened out are the seismic hazard, and the approach used considers that the change in risk with equipment out of service will not be higher than the estimated seismic CDF. In addition, while the high wind hazard for MNS was screened for the average test and maintenance conditions, it could not be screened under RICT configuration-specific conditions.
| |
| The above steps address the direct risks from damage to the facility from external hazards.
| |
| While the direct CDF contribution from beyond design basis hazard conditions can be shown to be non-significant using these steps without a full PRA, there are risks that may be addressed.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 These risks are related to the fact that some external hazards can cause a plant challenge even for hazard severities that are less than the design basis limit. For example, high winds, tornadoes, and seismic events below the design basis levels can cause extended loss of offsite power conditions. Additionally, depending on the site, external floods can challenge the availability of normal plant heat removal mechanisms.
| |
| The approach taken in this step is to identify the plant challenges caused by the occurrence of the hazard within the design basis and evaluate whether the risks associated with these events are either already considered in the existing PRA model or they are not significant to risk.
| |
| 3.0 SEISMIC RISK CONTRIBUTION ANALYSIS Introduction The TSTF-505 (Risk Informed Completion Time RICT) program requires accounting for seismic risk contribution in calculating extended risk informed technical specification (TS) completion times (CT, also referred to as Allowed Outage Time, AOT).
| |
| Duke submitted (Reference 7) a focused-scope seismic PRA (SPRA) for MNS in response to the NRC IPEEE request. The MNS IPEEE SPRA was supplemented by seismic walkdowns following the seismic margin assessment (SMA) procedures of EPRI-NP 6041 (Reference 8) and per the 0.3g peak ground acceleration (PGA) review level earthquake (RLE) for the MNS site recommended by the NRC in NUREG-1407 (Reference 6). The MNS IPEEE SPRA was updated for a short period of time after the IPEEE. Reference 9 is a 2001 update to the MNS IPEEE SPRA to address various PRA logic updates (e.g., new HRA data, new common cause factor (CCF) data, various logic model adjustments). However, the MNS SPRA has not been updated in recent years to capture various SPRA revised methodologies such as changes in seismic hazard development methodologies and ground motions and updates to the ASME/ANS PRA Standard. As such, the MNS IPEEE SPRA (References 7 and 9) is not used as the direct basis for this risk application but is used to provide input into the calculation process (i.e., estimation of the plant level seismic fragility).
| |
| An alternative approach is taken here to estimate the seismic core damage frequency (SCDF)
| |
| RICT penalty value for use in the TSTF-505 program. The SCDF RICT penalty alternative estimation approach is based on the latest MNS seismic hazard curve (Reference 10) and using a plant level seismic fragility based on the MNS IPEEE seismic analyses (this is a typical approach to estimating SCDF in RICT calculations). The calculation of the seismic large early release frequency (SLERF) RICT penalty value is performed by convolving the plant seismic core damage penalty described above with an assumed independent containment integrity seismic high confidence of low probability of failure (HCLPF). That is, the SLERF RICT penalty can be estimated by convolving the plant seismic hazard with the plant limiting HCLPF for core damage and the limiting HCLPF for containment integrity.
| |
| Throughout NEI 06-09 and the NRC Safety Evaluation (SE) for that document, reference is made to either a bounding or conservative analysis, or sometimes to a reasonable bounding analysis, as being acceptable to account for risk for external hazards when a PRA model is not available. A truly bounding analysis would assume characteristics such as SCDF equal to the seismic hazard frequency of the safe shutdown earthquake (SSE) and an estimated averaged seismic conditional large early release probability (SCLERP) of 1.0, both of which are neither reasonable nor useful estimates. Using such a bounding approach or overly conservative seismic penalty would result in seismic risk inappropriately dominating RICT calculations. As
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 discussed in this section, the MNS RICT evaluation estimates nominal SCDF and SLERF penalty values explicitly for the purposes of RICT calculations and these penalty estimates are then conservatively used directly as annual delta SCDF and delta SLERF in each RICT calculation.
| |
| 3.1 Assumptions and Ground Rules The following paragraphs establish the important analysis assumptions, boundary conditions and ground rules related to this calculation.
| |
| : 1. Applicable to Both MNS Unit 1 and MNS Unit 2: The SCDF and SLERF RICT penalty values calculated in this report are applicable for use for MNS Unit 1 and MNS Unit 2 RICT calculations, based on the following:
| |
| * A single seismic hazard curve applies to the MNS site.
| |
| * MNS-1 and MNS-2 are the same design plants with the same seismic design basis.
| |
| * The seismic analysis approaches used in the MNS IPEEE are the same for both units.
| |
| * The conclusions from the MNS IPEEE seismic analyses used in this analysis are applicable to either unit.
| |
| : 2. Hazard Curve: The MNS seismic hazard is defined by the seismic hazard curve provided to the NRC in Reference 11 and developed per the probabilistic seismic hazard analysis documented in Reference 10.
| |
| : 3. PGA Metric: The ground motion metric used to define the seismic hazard in this analysis is peak ground acceleration (PGA). PGA is a common ground motion metric used in seismic risk assessment analyses for nuclear power plants (Reference 12).
| |
| : 4. Plant Level Seismic Fragility: The assumed plant level fragility used for the MNS plant is based on the MNS IPEEE seismic analyses. The MNS IPEEE seismic analyses were performed in response to the guidelines contained in Generic Letter 88-20 Supplement 4 (Reference 13), NUREG 1407 (Reference 6) and EPRI NP-6041 (Reference 8). The plant level seismic fragility is obtained from Reference 14 which includes a summary of the results of the MNS IPEEE.
| |
| : 5. Convolution to Determine SCDF RICT Penalty Value: The calculation of the SCDF RICT penalty value is performed by a mathematical convolution of the PGA-based seismic hazard curve and the MNS PGA-based plant level fragility.
| |
| This convolution estimation approach is a common analysis in approximating an SCDF for use in risk-informed decision making (e.g., it is commonly used in RICT seismic penalty calculations; the NRC used this approach in the GI-199 risk assessment in Reference 15) in absence of a current full-scope SPRA. As this result is to be used as a surrogate for configuration risk delta SCDF estimates, this convolution includes adjustments to reduce over-conservatism in the RICT application (refer to Section 3.5).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 7 RA-18-0190
| |
| : 6. Convolution to Determine SLERF RICT Penalty Value: The calculation of the SLERF RICT penalty value is performed by a second mathematical convolution in parallel with the SCDF convolution of the PGA-based seismic hazard curve and using a PGA-based seismic HCLPF for the containment function based on the conclusions of the MNS IPEEE seismic analyses (Reference 7). This convolution estimation approach has been used in RICT seismic penalty calculations, and accepted by the NRC, in the absence of a full-scope SPRA. As this result is to be used as a surrogate for configuration risk delta SLERF estimates, this convolution includes adjustments to reduce over-conservatism in the RICT application (refer to Section 3.6).
| |
| : 7. Consideration of S-LOOP: The analysis also assesses the incremental risk associated with seismic-induced LOOP that may occur from seismic events below the MNS seismic design basis. The analysis compares a convolution estimation of seismic-induced LOOP frequency with the random LOOP frequencies in the MNS Full Power Internal Events (FPIE) PRA. This analysis aspect and approach has been used in past RICT seismic penalty calculations.
| |
| 3.2 Methodology The general approach to estimation of the SCDF RICT penalty is to use the plant level seismic fragility and convolve the corresponding failure probabilities as a function of seismic hazard level with the seismic hazard curve frequencies of occurrence. This is a commonly used approach to estimate SCDF when a current maintained seismic PRA is not available. This approach is the same as that used in previous TSTF-505 submittals, such as the Vogtle pilot TSTF-505 license amendment request submittal (Reference 16) and the Calvert Cliffs TSTF-505 submittal (Reference 17).
| |
| The key elements of the RICT penalty convolution calculations (i.e., seismic hazard curve and associated hazard intervals used in the convolution calculation; plant level seismic-induced failure probabilities based on the plant level seismic fragility; and the resulting SCDF and SLERF RICT penalty values) are discussed in the next sub-Sections.
| |
| 3.3 Seismic Hazard and Intervals The MNS seismic hazard in units of g (PGA, peak ground acceleration) used in this calculation is shown in Table E4-1 (from Reference 11, which includes the relevant hazard curves from Reference 10). This seismic hazard applies to the MNS site and, as such, is applicable to both MNS Unit 1 and MNS Unit 2. The mean fractile annual exceedance frequencies of Table E4-1 are used in the calculations here; use of mean values is a typical and expected PRA practice. The frequency of each data point on the curve is the frequency of that specific g level or higher. The seismic hazard curve progresses from extremely low magnitude earthquakes well below the MNS operating basis earthquake (OBE) of 0.08g (Reference 7) to extremely large magnitude earthquakes well beyond the MNS safe shutdown earthquake (SSE) of 0.15g PGA (Reference 7).
| |
| To facilitate calculation of the MNS plant fragility probability at each seismic hazard interval, a representative point value acceleration (g PGA) is calculated for each interval. The representative g value for the seismic hazard intervals is calculated using a geometric mean approach (i.e., the square root of the product of the g-level values at the beginning and end of a given interval). For the last open-ended seismic interval greater than 10g, the representative
| |
| | |
| U.S. Nuclear Regulatory Commission Page 8 RA-18-0190 g-level is estimated as 11g PGA. The precision of the representative magnitude used for the final open-ended seismic interval in the SCDF RICT penalty convolution is immaterial given that the calculated seismic fragility failure probability of the final hazard interval (as well as the preceding four hazard intervals) is 1.0 and the contribution from this final interval has a negligible contribution to the overall SCDF RICT penalty value.
| |
| The seismic hazard interval annual initiating event frequency is calculated (except for the final interval) by subtracting the mean exceedance frequency associated with the g-interval (high) end point from the mean exceedance frequency associated with the g-interval beginning point.
| |
| The frequency of the last seismic hazard interval is the exceedance frequency at the beginning point of that interval. This is common practice in industry SPRAs (Reference 12).
| |
| Table E4-1: 2014 Seismic Hazard Data for McGuire (Reproduced from Reference 10 Table A-1a. Mean and Fractile Seismic Hazard Curves for PGA)
| |
| Fractiles (g PGA) Mean 0.05 0.16 0.50 0.84 0.95 0.0005 5.21E-02 3.33E-02 4.43E-02 5.27E-02 6.00E-02 6.54E-02 0.001 4.15E-02 2.35E-02 3.42E-02 4.19E-02 4.98E-02 5.50E-02 0.005 1.58E-02 7.03E-03 1.08E-02 1.53E-02 1.95E-02 2.92E-02 0.01 8.18E-03 3.28E-03 4.77E-03 7.45E-03 1.04E-02 1.90E-02 0.015 5.16E-03 1.82E-03 2.64E-03 4.43E-03 6.83E-03 1.38E-02 0.03 2.07E-03 5.20E-04 7.77E-04 1.49E-03 2.96E-03 7.13E-03 0.05 9.66E-04 1.79E-04 2.80E-04 5.91E-04 1.40E-03 3.90E-03 0.075 5.06E-04 7.66E-05 1.27E-04 2.80E-04 7.13E-04 2.19E-03 0.1 3.14E-04 4.37E-05 7.45E-05 1.72E-04 4.31E-04 1.38E-03 0.15 1.56E-04 2.07E-05 3.79E-05 8.85E-05 2.16E-04 6.64E-04 0.3 4.50E-05 5.66E-06 1.16E-05 2.84E-05 6.73E-05 1.57E-04 0.5 1.70E-05 1.98E-06 4.31E-06 1.13E-05 2.72E-05 5.27E-05 0.75 7.41E-06 7.77E-07 1.72E-06 4.90E-06 1.21E-05 2.25E-05 1 3.92E-06 3.63E-07 8.23E-07 2.53E-06 6.54E-06 1.21E-05 1.5 1.46E-06 1.07E-07 2.53E-07 8.72E-07 2.46E-06 4.83E-06 3 2.03E-07 7.55E-09 2.10E-08 9.79E-08 3.23E-07 7.77E-07 5 3.50E-08 7.34E-10 2.22E-09 1.32E-08 5.20E-08 1.55E-07 7.5 7.02E-09 1.77E-10 3.63E-10 2.13E-09 9.51E-09 3.47E-08 10 1.99E-09 1.16E-10 1.64E-10 5.66E-10 2.57E-09 1.05E-08
| |
| | |
| U.S. Nuclear Regulatory Commission Page 9 RA-18-0190 Plant Level Fragility The plant level seismic fragility is a curve of the conditional probability of plant damage as a function of seismic hazard input level. In the case of the MNS IPEEE SPRA and this seismic penalty calculation, the plant damage in question is core damage. As discussed in Section 3.1, this RICT seismic penalty calculation uses plant level seismic fragility based on the MNS IPEEE SPRA and as reported in Reference 14. Given that MNS Unit 1 and MNS Unit 2 are the same design type plants, with the same seismic design, and the MNS IPEEE seismic approaches were the same for both units, this plant level fragility is applicable for use for MNS Unit 1 as well as for MNS Unit 2.
| |
| The assumed plant level fragility used for the MNS plant for RICT seismic penalty calculations is based on the MNS IPEEE SPRA. The MNS IPEEE SPRA was performed in response to the guidelines contained in Generic Letter 88-20 Supplement 4 (Reference 13), NUREG 1407 (Reference 6) and EPRI NP-6041 (Reference 8). Although the MNS IPEEE seismic analyses do not specifically cite a plant-level HCLPF or Median fragility value, Reference 14 (i.e., the MNS IPEEE Adequacy report in support of the MNS Near-Term Task Force (NTTF) 2.3 Seismic Walkdown submittal) estimates a plant-level HCLPF fragility from the MNS IPEEE SPRA results.
| |
| This RICT seismic penalty calculation uses a high confidence of low probability of failure (HCLPF) value of 0.17g PGA as the defining point (along with an uncertainty factor) to describe the MNS plant level seismic fragility. This estimate is obtained from Section 2.2 of Reference 14. The uncertainty parameter for the plant level seismic capacity in this analysis is represented by a composite beta factor ( c) value of 0.4. Characterizing the uncertainty of seismic plant capacity with a composite beta factor ( c) nominal value of 0.4 is a commonly-accepted approximation (e.g., a composite beta factor value of 0.4 was used by the NRC as a general rule in the GI-199 risk assessment calculations for US nuclear plants, Reference 15). The 13c value of 0.74 cited in GI-199, Table C-2 (Reference 15) for the MNS plant level fragility is not used here because it could not be traced to MNS IPEEE information and it is an unusually suspect high value.
| |
| The HCLPF capacity point represents an earthquake level at which there is a 5% probability of failure with 95% confidence (thus, on the 95% confidence curve of a family of fragility curves it is the g level corresponding to 5% failure probability). On the Mean fragility curve, the HCLPF g level is approximately the 1% failure probability. The MNS plant level seismic fragility is shown below in Figure E4-1 based on the fragility equation in Section 3.5.1.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 10 RA-18-0190 Figure E4-1: McGuire Plant Level Seismic Fragility Curve (Mean)
| |
| MNS Plant Level Seismic Fra1ility Curve (Mean) 1.0 0.9 0.8 0,7
| |
| !! 0.6
| |
| :a lI!! 0.5 0.4 i 0.3 0.2 0.1 0.0 0 0.2 0.4 0.6 0.8 1 Acceleration (I PGA) 3.4 SCDF RICT Penalty Calculation The approach to estimation of the SCDF for use as the seismic penalty in RICT calculations is to perform a numerical convolution calculation of the MNS seismic hazard curve with the MNS plant level seismic fragility curve. Convolution is a mathematical term that refers to combining (e.g., multiplying) two or more inter-related functions. In the case of seismic risk estimation, the inter-related functions are the seismic hazard curve and SSC fragility curves. The hazard curve is a function of increasing magnitude of the hazard load with corresponding reduction in occurrence frequency. The SSC fragility function is increasing probability of SSC failure with increasing magnitude of the hazard load. Convolution is a basic aspect of SPRA (as well as other hazard risk models, e.g., high winds and tornadoes).
| |
| When a current comprehensive plant-specific SPRA is not available, an approximation of SCDF can be obtained by a simple convolution of the site seismic hazard curve and an estimated plant level seismic fragility (refer to Section 3.4 for the discussion of the MNS plant level seismic fragility). This is the approach used in this calculation to estimate SCDF for use as a seismic penalty in RICT calculations. This is a commonly used approach to estimate SCDF when a seismic PRA is not available. This approach is the same as that used in past LARs, such as the Vogtle pilot TSTF-505 license amendment request submittal (Reference 16) and the Calvert Cliffs TSTF-505 submittal (Reference 17). The NRC also used this approach in the GI-199 risk assessment in Reference 15. This method is also discussed in Sections 10-B.9-3 and 10-B.9-4 of the ASME/ANS PRA Standard (Reference 3), as well as in Section 2.1 of Reference 18.
| |
| The convolution math in a full SPRA model is performed by the PRA software used to develop and quantify the SPRA. For a simple convolution of the plant level fragility, the convolution can be performed in a spreadsheet calculation because it is a targeted calculation and not a calculation that incorporates the Boolean intersection of thousands of various failure probabilities. Such a convolution calculation can be performed in a Microsoft Excel spreadsheet calculation (this is a common technique) to multiply seismic hazard curve interval frequencies with the associated fragility probabilities. This is the approach used here. The calculation of the
| |
| | |
| U.S. Nuclear Regulatory Commission Page 11 RA-18-0190 plant level fragility failure probabilities as a function of hazard interval are discussed in the next sub-section.
| |
| 3.4.1 Seismic Failure Probabilities The seismic failure probability of the MNS limiting plant fragility for each seismic hazard interval is calculated using the following fragility equations (this is for the Mean confidence level). These are the typical lognormal fragility equations used in most hazard PRAs (Reference 12).
| |
| Fragility (i.e., failure probability) = [ln(A/Am)/c],
| |
| where
| |
| <I> is the standard lognormal distribution function A is the g level in question, Am is the median seismic capacity, and the uncertainty parameters (betas) are related as follows:
| |
| c = (u^2 + r^2)^0.5.
| |
| HCLPF and Am are related as follows:
| |
| Am = HCLPF / (exp -2.33c)
| |
| The SCDF RICT penalty is evaluated corresponding to the plant level fragility based on the MNS IPEEE analysis, 0.17g PGA HCLPF (Section 2.2 of Reference 14).
| |
| With all parameters specified, the hazard interval-specific MNS plant level failure probabilities are calculated as defined above. The interval-specific failure probabilities are shown in Table E4-2 for each interval (along with the hazard interval initiating event frequencies and the total convolved SCDF RICT penalty value).
| |
| 3.4.2 SCDF RICT Penalty Convolution Calculation The SCDF for each hazard interval is computed as the product of the hazard interval initiating event frequency (/yr) and the plant level fragility failure probability for that same hazard interval. The results per hazard interval are then straight summed to produce the overall total SCDF RICT penalty across the entire hazard curve. The SCDF RICT penalty convolution calculation is summarized in Table E4-2 and shows the total estimated SCDF penalty for RICT is 1.7E-05/yr.
| |
| Table E4-2 provides the following information:
| |
| * MNS plant level seismic fragility inputs
| |
| * Seismic hazard intervals and their associated initiating event frequencies (Mean) and representative magnitudes
| |
| | |
| U.S. Nuclear Regulatory Commission Page 12 RA-18-0190
| |
| * Plant level fragility failure probabilities (Mean) per hazard interval
| |
| * Convolved SCDF per interval and total SCDF RICT penalty value Use of Fragility Complement to Reduce Conservatism in Penalty Value The purpose of the RICT penalty convolution calculation is to produce seismic penalty values for use in RICT calculations. These penalty values are conservatively used in the RICT calculation processes by applying the total estimated annual SCDF and SLERF penalty values as delta risk SCDF and delta risk SLERF in each RICT calculation, regardless of the duration of the completion time or the risk importance of the SSC of a given RICT calculation.
| |
| The above-described approach is conservative for configuration risk assessment calculations, and indeed can be overly conservative. The particular conservatism discussed here relates to the fact that a large fraction of the calculated risk from higher magnitude seismic events is due to seismic-induced failures of SSCs and not by equipment out of service probabilities or non-seismic induced failures (e.g., failure to start, failure to run). This fact that hazard PRAs have little impact on component outage risk determinations is well known in nuclear power plant risk assessments. If an SPRA were available to quantify, it would show that the delta risk results for larger magnitude earthquakes are negligibly impacted by equipment out-of-service configuration changes in the SPRA model.
| |
| For example, the 2021 EPRI study EPRI 3002020744 Investigation of Seismic Probabilistic Risk Assessment (SPRA) Quantification to Simplify PRA Models Used to Assess Risk Informed Completion Times (RICT) (Reference 19) was performed as part of an EPRI Configuration Risk Management Forum research task. The study documents the results of an investigation into the contribution of seismic PRAs to delta risk results and their impact on RICT calculations for risk-managed technical specifications (RMTS) programs. This EPRI study acquired PRA models from three (3) different U.S. nuclear power plants and performed quantifications using the internal events, internal fires, and seismic PRA models. The three plants included two (2) PWRs and one BWR, representing different plant locations and plant seismicity (central/eastern US seismic zone as well as the western US). With respect to the use of seismic penalty values in RICT calculations, EPRI 3002020744 noted current approaches for developing the seismic penalty factors may be significantly conservative for most RICT calculations.
| |
| Section 5 of EPRI 3002020744 summarizes the following key observations related to RICT configuration seismic risk calculations:
| |
| The results show that while seismic risk can be an important contributor to overall plant risk, the seismic risk impact on the types of delta-risk calculations used to support RMTS is much less significant. The equipment unavailability case studies that were selected for each plant included single component outages of risk-significant equipment, as well as a sampling of simultaneous equipment outages from multiple systems (including cross-train outages). As was demonstrated in the Tables presented in Section 3, the impact on calculated RICTs was insignificant for most cases and limited to a maximum of one day reduction in the RICT for cases were an impact was observed.
| |
| The above observations resulted from using maintained SPRA models to calculate dozens of equipment configuration cases for each of the three plants in the study. Based on the above
| |
| | |
| U.S. Nuclear Regulatory Commission Page 13 RA-18-0190 observations, one of the suggestions offered in EPRI 3002020744 is to exclude higher magnitude seismic events from delta risk calculations.
| |
| Reference 20 is a conference paper that discusses seismic penalty convolution calculation refinement to reduce these conservatisms to useful levels. The refinement suggested in Reference 20 targets the key observation noted above, i.e., that higher magnitude hazards (seismic events in this case) have a non-significant impact on delta risk calculations. At the higher intensity earthquakes, the seismic-induced failure probabilities (representing the CCDP and CLERP in these RICT penalty convolution calculations) approach 1.0 (i.e., the upper limit, by definition, of a probability) such that the delta-risk impact from equipment outage assumptions will be non-significant at this end of the hazard curve. For example, as can be seen from Table E4-2 (as well as Figure E4-1), the plant level seismic fragility failure probability is effectively 1.0 for earthquakes of 1g PGA and higher; equipment configurations will not change these 1.0 CCDP values. For earthquakes in the 0.5 to 1.0 g PGA range, the plant level seismic fragility failure probabilities are still very high (greater than 0.5).
| |
| To address this conservatism, Reference 20 recommends applying the fragility complement (i.e., 1.0 minus fragility failure probability) for each hazard interval where the plant level fragility (and/or containment fragility) failure probability exceeds 0.5. This suggested approach is to reflect in the use of the penalty value in RICT calculation a similar effect (i.e., out-of-service configurations have non-significant delta risk impact from high magnitude events) that would result if an SPRA were available and used. This is the approach used in this calculation to reduce excess conservatisms in the use of the calculated RICT seismic penalty values. This refinement is implemented in the Convolved SCDF Frequency for RICT column of Table E4-2 (the cell entries in blue text indicate those hazard intervals where the refinement occurs).
| |
| For hazard intervals where the plant level fragility is >0.5, the fragility complement value is used to calculate the RICT penalty convolved frequency result for that hazard interval (e.g., in the case of the 0.5 to 0.75 hazard interval: 9.59E-06/yr seismic hazard interval annual frequency x (1.0 - 0.809 seismic-induced plant level fragility failure probability) = 1.83E-06/yr).
| |
| If the fragility complement adjustments were not implemented, the seismic penalty approach would become inappropriately conservative for use in the RICT process. For example, if the seismic penalty values were calculated without use of the above fragility complement approach, an otherwise 30-day RICT result would inappropriately become < 20 days due to the overly conservative seismic penalty.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 14 RA-18-0190 Table E4-2: Convolution Calculation Summary of McGuire SCDF RICT Penalty MNS Plant Level Fragility Inputs MNS Se ismic Hazard Curve Convolution Calculation (IPEEE Adequacy Report) (PGA) (MNS Plant Level Seismic fragility with Seismic Hazard)
| |
| Hazard Interval Hazard Convo lved Mean Representativ e Hazard Interval SCOF Exceedance Magnitude Interval PLF Occurrence Frequency HCLPF Am Acceleration Frequency (geo. mean, g Fragility Frequency for RICT la PGAl la . PGAl Be lo \ llvrl PGAI /Mean! llvrl llvrl 0.17 0.43 0.40 0.0005 5.21 E-02 0.0007 3.59E-58 1.06E-02 3.80E-60 0.001 4.15E-02 0.0022 7.68E-40 2.57E-02 1.97E-41 0.005 1.58E-02 0.0071 4.36E-25 7.62E-03 3.32E-27 0.01 8.18E-03 0.0122 2.64E-19 3.02E-03 7.97E-22 0.015 5.16E-03 0.021 2 2.48E-14 3.09E-03 7.67E-17 0.03 2.07E-03 0.0387 8.30E-10 1.10E-03 9.16E-13 0.05 9.66E-04 0.061 2 5.23E-07 4.60E-04 2.41 E-10 0.075 5.06E-04 0.0866 2.96E-05 1.92E-04 5.68E-09 0 .1 3.14E-04 0.1225 8.17E-04 1.58E-04 1.29E-07 0.1 5 1.56E-04 0.2121 3.78E-02 1.11E-04 4.20E-06 0.3 4.50E-05 0.3873 3.93E-01 2.BOE-05 1.10E-05 0.5 1.70E-05 0.6124 8.09E-01 9.59E-06 1.83E-06 0.75 7.41E-06 0.8660 9.59E-01 3.49E-06 1.43E-07 1 3.92E-06 1.2247 9.95E-01 2.46E-06 1.12E-08 1.5 1.46E-06 2.1213 1.00E+OO 1.26E-06 4.33E-11 3 2.03E-07 3.8730 1.00E+OO 1.68E-07 3.47E-15 5 3.50E-08 6.1237 1.00E+OO 2.BOE-08 4.69E-19 7 .5 7.02E-09 8.6603 1.00E+OO 5.03E-09 1.65E-22 10 1.99E-09 11.0000 1.00E+OO 1.99E-09 6.63E-25 Total Convolved SCOF RICT Penalty (1/y r): 1.73E-05 3.4.3 SCDF RICT Penalty Comparison with McGuire IPEEE SPRA SCDF The SCDF RICT penalty value from the convolution calculation above (1.7E-05/yr) is 55%
| |
| higher than the 1.1E-05/yr SCDF from the MNS IPEEE SPRA (Reference 7. Although the simple convolution of a seismic hazard curve and a plant-level fragility estimate is an approximation of SCDF and is not expected to match exactly the SCDF that would be produced from a comprehensive maintained SPRA, the significantly higher SCDF from this convolution calculation is reasonable from a prima facia perspective given the higher occurrence rates of the latest MNS seismic hazard curve (Reference 11), which includes the relevant hazard curves from Reference 10). The MNS SCDF RICT penalty value is still significantly higher than the MNS IPEEE SPRA SCDF result even after the RICT penalty refinement discussed above.
| |
| The EPRI seismic hazard curve (tabulated points obtained here from Reference 21) used in the MNS IPEEE SPRA estimate of 1.1E-05/yr is shown in Figure E4-2 along with the MNS NTTF 2.1 seismic hazard curve (Reference 11), which includes the relevant hazard curves from Reference 10). As can be seen from Figure E4-2, the MNS NTTF 2.1 seismic hazard curve of 2014, which is used in this RICT seismic penalty calculation, is significantly higher in occurrence frequency than the hazard curve used in the 1994 MNS IPEEE SPRA. At the SSE (0.15g PGA) the annual exceedance frequency from the NTTF 2.1 seismic hazard curve is approximately two times that of the hazard curve used in the MNS IPEEE; at 1g PGA the NTTF 2.1 seismic hazard curve is more than an order of magnitude higher exceedance frequency than the MNS IPEEE hazard curve. This comparison and Figure E4-2 are provided as qualitative information.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 15 RA-18-0190 Figure E4-2: Comparison of McGuire IPEEE and NTTF 2.1 Seismic PGA Hazard Curves 1e.1 1E-2 11:-3
| |
| : -.. NTTFU .... . , M - ~
| |
| i ,.,.
| |
| ""-""""'- I , *-McGuire IPEEE (Mean)
| |
| I' 1E--4
| |
| !er l
| |
| .* 1E-6
| |
| - ~
| |
| ~
| |
| 8C:
| |
| 'D
| |
| *~ 11:--6 w
| |
| ii
| |
| :s i
| |
| C:
| |
| i 1E-7 1E-8 1E"9 0.1 0.3 0.5 0.7 0.9 1.1 Pok Ground Accelarallm (fl PGA) 3.5 SLERF RICT Penalty Calculation The MNS IPEEE provides no quantitative information regarding the LERF risk metric. For use of a seismic penalty estimate in RICT calculations, it can be unacceptably conservative to simply assume that Delta SCDF = Delta SLERF. As such, a less conservative approach is pursued here for the MNS SLERF RICT penalty estimation. The estimation of the SLERF RICT penalty is performed here as a double convolution of the MNS seismic hazard curve (refer to Section 3.3), the plant level fragility (refer to Section 3.4), and a separate independent seismic fragility for containment integrity. The results per hazard interval are then straight summed to produce the overall total SLERF across the hazard curve. This approach has been used in past RICT LARs (e.g., Reference 22) and is an NRC-preferred approach as evidenced in recent (2020 2022) audits and RAIs to industry RICT LARs.
| |
| The assumed seismic capacity for containment integrity used in the MNS SLERF calculation has a HCLPF value of 0.3g PGA (and, same as the plant level fragility, with a composite beta factor ( f3 c) of 0.4), as described below:
| |
| * The assumed 0.3g PGA HCLPF for MNS containment integrity is based on the results of the MNS IPEEE seismic analyses (Reference 7).
| |
| * The plant walkdown portion of the MNS IPEEE seismic analyses was performed to a 0.3g PGA review level earthquake (RLE).
| |
| * The MNS IPEEE seismic analysis did not identify any containment vulnerabilities (Reference 23 and 24). The IPEEE seismic analyses evaluated containment performance from structural, isolation and bypass perspectives. The structure was found to be seismically rugged.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 16 RA-18-0190
| |
| * The seismic PRA portion of the MNS IPEEE calculated very high seismic capacities for containment related SSCs, some examples are shown below (note that Medians, Am, are typically a factor of ~2x that of HCLPF values):
| |
| Steel containment vessel: Am=9.0g (buckling)
| |
| Internal Structures: Am=3.1g (crane wall)
| |
| Reactor Building: Am=2.8g (shear wall)
| |
| Containment penetrations: Am=2.8g Containment isolation signal cabinets: Am=1.5g The SLERF convolution calculation is summarized in Table E4-3. Table E4-3 provides the following information:
| |
| * MNS containment fragility inputs
| |
| * Seismic hazard intervals and their associated initiating event frequencies (Mean) and representative magnitudes
| |
| * Plant level fragility failure probabilities (Mean) per hazard interval
| |
| * Containment fragility failure probabilities (Mean) per hazard interval
| |
| * Convolved SLERF per interval and total SLERF RICT penalty value Use of Fragility Complement to Reduce Conservatism in Penalty Value The SLERF RICT penalty calculations also employ the fragility complement refinement discussed in Section 3.4.2. This refinement is implemented in the Convolved SLERF Frequency for RICT column of Table E4-3 (the cell entries in blue text indicate those hazard intervals where the refinement occurs). For example, in the case of the 0.5 to 0.75 hazard interval for the SLERF RICT penalty calculation: 9.59E-06/yr seismic hazard interval annual frequency x (1.0 - 0.809 seismic-induced plant level fragility failure probability) x 0.292 seismic-induced containment fragility = 5.36E-07/yr. The fragility complement is not applied to the containment fragility in this example hazard interval because the fragility failure probability is less than the refinement criterion of 0.5 used in this calculation (as outlined in Section 3.4.2).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 17 RA-18-0190 Table E4-3: Convolution Calculation Summary of McGuire SLERF RICT Penalty MNS Containment Fragility Inputs MNS Seismic Hazard Curve Convolution Calculation (IP EEE SPRNSMA) (PGA) (MNS Plant Level and Containment Seismic fragilities with PGA Hazard)
| |
| Hazard Interval Hazard Hazard Convolved Mean Representative Hazard Interval Interval SLERF Exceedance Magnitude Interval PLF Containment Occurrence Frequency HCLPF Am Acceleration Frequency (geo. mean, g Fragility Fragility Frequency for RICT (g, PGA) (g, PGA) (3c lal (/yr) PGA) (Mean) (Mean) (/yr) (/yr) 0.30 0.76 0.40 0.0005 5.21E-02 0.0007 3.59 E-58 1.55E-68 1.06E-02 5.90E-128 0.001 4.1 5E-02 0.0022 7.68E-40 1.95E-48 2.57E-02 3.85E-89 0.005 1.58E-02 0.0071 4.36E-25 6.42E-32 7.62E-03 2.13E-58
| |
| +
| |
| 0.01 8.1 8E-03 0.0122 2.64E-19 2.68E-25 3.02E-03 2.14E-46
| |
| +
| |
| 0.D15 5.1 6E-03 0.0212 2.48E-14 1.73E-19 3.09E-03 1.33E-35
| |
| +
| |
| 0.03 2.07E-03 0.0387 8.30E-10 4.74 E-14 1.10E-03 4.34E-26
| |
| +
| |
| 0.05 9.66E-04 0.0612 5.23E-07 1.46E-10 4.60E-04 3.52E-20
| |
| +
| |
| 0.075 5.06E-04 0.0866 2.96E-05 2.72 E-08 1.92E-04 1.55E-16
| |
| +
| |
| 0.1 3.14E-04 0.1225 8.17E-04 2.44 E-06 1.58E-04 3.1 5E-13
| |
| +
| |
| 0.15 1.56E-04 0.2121 3.78E-02 6.96E-04 1.11 E-04 2.92E-09
| |
| +
| |
| 0.3 4.50E-05 0.3873 3.93E-01 4.54E-02 2.80E-05 4.99E-07
| |
| +
| |
| 0.5 1.70E-05 0.6124 8.09E-01 2.92E-01 9.59E-06 5.36E-07
| |
| +
| |
| 0.75 7.41E-06 0.8660 9.59E-01 6.26E-01 3.49E-06 5.34E-08
| |
| +
| |
| 1 3.92 E-06 1.2247 9.95E-01 8.82E-01 2.46E-06 1.32E-09
| |
| +
| |
| 1.5 1.46E-06 2.1213 1.00E+00 9.95E-01 1.26E-06 2.27E-13
| |
| +
| |
| 3 2.03E-07 3.8730 1.00E+00 1.00E+00 1.68E-07 8.34E-20
| |
| +
| |
| 5 3.50 E-08 6.1 237 1.00E+00 1.00E+00 2.80E-08 4.42E-26
| |
| +
| |
| 7.5 7.02E-09 8.6603 1.00E+00 1.00E+00 5.03E-09 1.01E-31
| |
| +
| |
| 10 1.99E-09 11.0000 1.00E+00 1.00E+00 1.99E-09 8.21E-36
| |
| +
| |
| Total Convolved SLERF RICT Penalty (1/yr): 1.09E-06 Containment Isolation In addition, the following discussions regarding seismic-induced structural failure of containment and containment isolation failure (both random and seismic-induced) are provided to support the reasonableness of the average SCLERP estimation (e.g., there are no normally-open AC-powered motor-operated containment isolation valves (CIV):
| |
| * Containment Isolation Random Failure: Random failure of primary containment isolation is already included in the average SCLERP estimation discussed previously but it is a small contributor to the SCLERP.
| |
| * Containment Isolation Fragility: Seismic-induced failure of containment isolation is very low likelihood and encompassed by the average SCLERP resulting from the SLERF RICT penalty value of this analysis. Most of the containment isolation valves of interest to the LERF risk metric are air-operated valves (AOVs), most normally-closed at-power, that fail-safe closed on loss of pneumatic or electric power (e.g., seismic-induced LOOP). Successful containment isolation for seismic-induced accidents is not dependent upon pneumatic supply, electric power, or containment isolation signals (i.e., ~99% of SCDF involves seismic-induced LOOP and the AOV CIVs fail-safe closed under such conditions).
| |
| CIVs have very high seismic capacities such that seismic loading will have a negligible likelihood of failing the CIVs in the open position. The predominant CIVs in potential LERF pathways from the containment are AOVs that fail-safe closed via internal spring force inside the AOV operator. Once closed, these valves do not need to open again during or after the seismic event. Therefore, they do not meet the definition of an active valve per the air operated valve equipment class (per the EPRI Seismic Qualification User Group (SQUG)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 18 RA-18-0190 Generic Implementation Procedure, GIP, and EPRI NP-7149 Seismic Adequacy of Equipment Classes). The spring will successfully cause the AOV CIVs to shut at accelerations much greater than those associated with the functional failure capacity used to determine the fragility of active valves. As such, the AOV CIVs are essentially inactive valves, which are inherently rugged as there is not a credible seismic failure mechanism that would prevent the valves from failing shut as desired. In addition, both in-series AOV CIVs in a penetration line would have to seismically fail to fail-safe closed to result in an open release pathway.
| |
| Some containment penetration pathways use motor operated valves (MOV) for containment isolation which would require electric power for closure and for an isolation signal. However, such CIV MOVs are not significant to LERF for one or more of the following reasons:
| |
| MOV in closed position during at-power operation and at the time of the seismic event (e.g., hydrogen purge)
| |
| Very small line AOV or check valve PCIV in-series with the MOV Penetration is a closed-loop system that would not represent a large magnitude release pathway (thus, not LERF release) 3.6 Seismic Induced Loss of Offsite Power Previous TSTF-505 applications have also included discussion and evaluation of any incremental risk associated with challenges to the facility that do not exceed the design capacity and the past submittals have focused on the challenge of seismically-induced LOOP.
| |
| The MNS seismic penalty calculations already encompass seismic events within (i.e., at or below) the design basis by conservatively including very low magnitude seismic events (as low as 0.0005g peak ground acceleration, PGA, i.e., significantly lower than the MNS SSE) in the SCDF and SLERF seismic penalty convolution calculations. Additional discussions and calculations are provided below.
| |
| The methodology for computing the seismically-induced LOOP frequency is to convolve the MNS mean seismic hazard curve with the offsite power fragility. Past TSTF-505 applications have approached this discussion conservatively by performing the convolution over the entire hazard curve (not just below the design basis). That same approach is used in this discussion. The MNS seismic hazard curve is as described previously in Table E4-1.
| |
| Table E4-4 provides the mean seismic hazard data and the LOOP seismic-induced failure probability (increasing with increase seismic magnitude) based on the fragility of offsite power.
| |
| The convolution calculation includes the entire hazard curve from earthquakes magnitudes well below the MNS operating basis earthquake to well beyond the MNS safe shutdown earthquake (SSE=0.15g PGA).
| |
| The failure probabilities for LOOP are represented by failure of ceramic insulators in the power distribution system, based on the following fragility data from Table A-0-4 of the NRC RASP Handbook, Volume 2 (Reference 25), this is a common offsite power fragility used for Central and Eastern US SPRAs:
| |
| | |
| U.S. Nuclear Regulatory Commission Page 19 RA-18-0190 Offsite Power Capacity (ceramic insulators): Am = 0.30g; r = 0.30, u = 0.45 Given the mean frequency and failure probability for each seismic interval, it is straightforward to compute the estimated frequency of seismically induced loss of offsite power for the MNS site by taking the product of the interval frequency and the offsite power failure probability. As shown in Table E4-4, the total seismic LOOP frequency across the entire seismic hazard curve approximately 7.3E-05/yr. Note that this overstates the below-design challenge frequency but is conservative for this purpose.
| |
| Table E4-4: MNS Seismic Induced LOOP Frequency Estimate (Across Entire Hazard Curve)
| |
| Offslte Power Fragility Inputs MNS Seismic Hazard curve convolution Calculation (Offslte Power fraglllty with Selamlc Hazard) 0.05 9.66E-04 0.0612 1.55E-03 4.60E-04 7.12E-07 0.075 5.06E-o4 0.0866 1.02E-02 1.92E-04 1.97E-06 0.1 3.14E-04 0.1225 4.68E-02 1.58E-04 7.40E-06 0.15 1.56E-04 0.2121 2.54E-01 1.11E-04 2.82E-o5 0.3 4.50E-05 0.3873 6.75E-01 2.80E-o5 1.89E-o5 0.5 1.70E-05 0.6124 9.03E-01 9.59E-06 8.66E-06 0.75 7.41E-06 0.8660 9.74E-01 3.49E-06 3.40E-06 1 3.92E-06 1.2247 9.95E-01 2.46E-06 2.45E-06 1.5 1.46E-06 2.1213 1.00E+o0 1.26E-06 1.26E-06 3 2.03E-07 3.8730 1.00E+OO 1.68E-07 1.68E-07 5 3.50E-08 6.1237 1.00E+00 2.S0E-08 2.SOE-08 7.5 7.02E-09 8.6603 1.00E+00 5.03E-o9 5.03E-09 10 1.99E-09 11.0000 1.00E+o0 1.99E-o9 1.99E-o9 Total Convolved Seismic-Induced LOOP Across Hazard Curve (1/yr):
| |
| l Convolved Seismic-Induced LOOP Within Design Basis 1 r:
| |
| The FPIE PRA models LOOP frequency is derived from plant-centered, switchyard-centered, grid-related, and weather-related events. Based on the MNS FPIE PRA, the total frequency of unrecovered loss of offsite power (i.e., the sum of the frequency multiplied by the non-recovery probability at 24 hours over these LOOP events), is 5.2E-4/yr.
| |
| The total (i.e., across the entire hazard curve) seismically-induced (unrecoverable) LOOP frequency is approximately 14% (i.e., 7.3E-05 / 5.2E-04 = 14%) of the total unrecovered LOOP frequency already addressed in the MNS FPIE PRA. The below-design basis (i.e., less than SSE of 0.15g PGA) seismic-induced LOOP frequency is approximately 2% (i.e., 1.0E-05 / 5.2E-04 = 2%) of the total unrecovered LOOP frequency already addressed in the MNS FPIE PRA; this frequency is judged to be a reasonably small fraction that it will not significantly impact the RICT Program calculations, and it can be omitted. In addition, as previously stated, the MNS SCDF and SLERF seismic penalty values already address the fraction of seismic-induced LOOP events within (i.e., at or below) the design basis by conservatively including very low magnitude seismic events in the seismic penalty convolution calculations.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 20 RA-18-0190 3.7 Seismic Results The calculated seismic SCDF and SLERF RICT penalty values for MNS for use as the seismic penalty in RICT calculations are:
| |
| * SCDFRICT seismic penalty: 1.7E-05/yr
| |
| * SLERFRICT seismic penalty: 1.1E-06/yr The seismic penalty values summarized above are calculated specifically for use in RICT calculations. The SCDF and SLERF estimates cited in Enclosure 5 of this LAR in support of the total site risk estimation are baseline seismic risk estimates. The baseline calculations produce different SCDF and SLERF values than the RICT penalty values. The baseline seismic risk calculations in Enclosure 5 are similar to the RICT penalty calculations except the baseline calculations: 1) remove the fragility complement approach, 2) incorporate the plant availability factor; and 3) uses a higher seismic capacity for the containment function to reflect a realistic estimation of annual baseline SLERF.
| |
| 4.0 EXTREME WINDS ANALYSIS This section provides an analysis of the High Winds / Tornados risk impact for MNS. Since MNS has a High Winds (HW) PRA model, it is used as the primary input to this analysis. The HW PRA model includes CDF and LERF for both units, and includes straight winds, tornado, and hurricane hazards. Detailed documentation of this analysis is provided in Reference 26.
| |
| 4.1 High Winds Loss of Offsite Power Events Approximately 75% of the MNS HW PRA CDF (~65% of LERF) is due to wind-induced LOOP events with random equipment and operator failures along with failure to recover offsite power.
| |
| Thus, a large percentage of the total HW PRA CDF does not involve any wind-induced (wind pressure or missile) failures except for the loss of offsite power.
| |
| These lower wind speed scenarios are similar to typical internal event weather-related LOOP scenarios, with the exception that the HW PRA conservatively assumes no offsite power recovery. Ninety-nine percent of the Unit 1 CDF (98% of LERF) from these wind-induced LOOP scenarios (without additional wind-induced failures) is from F1 and F2 wind speeds (i.e., less than or equal to 157 mph) and approximately 83% of CDF and LERF is from F1 wind speeds (less than or equal to 112 mph).
| |
| The weather-related LOOP contribution to the internal events CDF subsumes these more frequent low wind speed events and the assumption that offsite power is not recovered for lower wind speed events (especially F1 winds) is very conservative (Reference 27). While it is acknowledged that high intensity winds (e.g., F3 and greater) are rare and may not be fully represented in the (data-based) weather-related LOOP frequency, it is reasonable to expect that the lower intensity events are already accounted for in the internal events model. Since the internal events sequences consider the likelihood of offsite power recovery, they are judged to be more realistic. The higher intensity events are a small contributor to the HW CDF.
| |
| Therefore, non-recoverable wind-induced LOOP events without wind-induced failures can be screened using Criterion C4 (event is included in the definition of another event). The resulting CDF and LERF, after removing the cutsets with only random failures and operator actions is
| |
| | |
| U.S. Nuclear Regulatory Commission Page 21 RA-18-0190 referred to as the "HW Failures Only" CDF and LERF. The method used to determine the HW Failures Only results is to apply recovery rules to eliminate cutsets that do not include wind pressure or missile fragility basic events.
| |
| For this TSTF-505 application, the "HW Failures Only" CDF is also less than 1E-6/yr. However, this is the average maintenance case and does not reflect the CDF associated with configurations that could be entered into during a RICT configuration. A review of Risk Achievement Worth (RAW) values in the "HW Failures Only" scenarios indicates that the CDF for some configurations (e.g., DC power, emergency diesel generators (EDGs), or Nuclear Service Water (RN) Trains unavailable) would have CDF greater than 1E-6/yr. Therefore, a penalty factor is warranted to account for the HW risk during RICT configurations.
| |
| 4.2 Hurricanes The TSTF-505 application (i.e., RICT program) is an at-power only application (i.e., Modes 1 and 2) and not for shutdown conditions. Site procedures for response to severe weather directs Operations personnel to place the plant in Mode 3 at least two hours prior to the anticipated arrival of sustained winds in excess of 74 mph at the site (References 28 and 29). Hurricanes therefore do not apply to the RICT Program and can be screened from inclusion in RICT Program calculations.
| |
| 4.3 Development of Penalty Factors The current high winds PRA model of record (Reference 26) was used as the primary input into the screening analysis and development of penalty factors. This screening analysis is based on CDF being less than 1E-6/yr (PS4 - Bounding mean CDF is < 1E-6/yr.). For this TSTF-505 application, penalty factors are developed since not all RICT configurations screen.
| |
| Conservative penalty factors were developed and are based on the HW PRA.
| |
| As discussed in Reference 26, the total CDF for HW hazards is 3.0E-6/yr and 3.1E-6/yr for Units 1 and 2, respectively. LERF is approximately 1.1E-7/yr for both units. These values are above the numerical screening criteria of 1E-6/yr and 1E-7/yr for CDF and LERF. However, a large percentage of CDF and LERF (approximately 75% and 65%, respectively) are wind-induced LOOP events with random equipment and operator failures and failure to recover offsite power.
| |
| The CDF and LERF due to scenarios/sequences involving wind-induced failures, either wind pressure or wind-borne missiles, are estimated to be approximately 8E-7/yr and 4E-8/yr, respectively. Nearly all of these scenarios are associated with wind speeds in the F1 to F2 range (less than or equal to 157 mph).
| |
| Although average maintenance CDF and LERF are less than 1E-6/yr and 1E-7/yr, the CDF and LERF associated with certain LCO configurations are greater than 1E-6/yr and 1E-7/yr.
| |
| Therefore, conservative penalty factors are used to account for the HW hazard risk in configuration RICT calculations. The penalty factors assigned are:
| |
| * 11CDF Penalty Factor = 1E-5/yr for both units, except for LCO/SSC combinations a higher penalty is assigned as shown below.
| |
| * 11CDF Penalty Factor = 5E-5/yr for both units, for the following LCO/SSC combinations:
| |
| o 3.3.2.H for AFW Actuation Logic o 3.3.5.B for any 2 channels of loss of power signals for B Bus.
| |
| o 3.8.4.A for D 125VDC Channel
| |
| | |
| U.S. Nuclear Regulatory Commission Page 22 RA-18-0190 o 3.8.9.C for D 125VDC I&C Panel Powerboard LERF Penalty Factor = 1E-6/yr for both units FLEX strategies are not credited in the high wind PRA used to develop the HW penalty values, which contributes to the demonstrably conservative values. Furthermore, the CDF and LERF values calculated for some LCO configurations do not account for procedural guidance (e.g.,
| |
| References 29 and 28) to return equipment to service in the event of certain weather situations, which is conservative.
| |
| 4.4 Extreme Winds Conclusions This screening analysis is based on CDF being less than 1E-6/yr (PS4 - Bounding mean CDF is
| |
| < 1E-6/yr.). For this TSTF-505 application, while average yearly CDF and LERF values are below the screening threshold, HW penalty factors were developed since not all RICT configurations screen as discussed below. Conservative penalty factors were developed and are based on the HW PRA.
| |
| The CDF and LERF values calculated for some LCO configurations do not account for procedural guidance (e.g., References 27 and 28) to return equipment to service in the event of certain weather situations, which is conservative.
| |
| 5.0 EXTERNAL FLOODING ASSESSMENT 5.1 Current Risk Basis This analysis reviews all flood causing mechanisms for applicability to MNS and provides a basis for screening the mechanisms from further consideration. Given the new information available following the completion of the post-Fukushima flood reevaluation activities, this calculation will provide the justification for screening the external flood hazard from further consideration in the MNS PRA and future risk-informed applications. The hazards considered in the Flood Hazard Reevaluation Report (FHRR Reference 30) include:
| |
| * Tsunami
| |
| * Ice-induced Flooding
| |
| * Channel Diversion
| |
| * Flooding in Streams and Rivers
| |
| * Failure of Dams o Upstream (Combined Event) o Standby Nuclear Service Water Pond Dam (downstream)
| |
| * Probable Maximum Storm Surge
| |
| * Seiche
| |
| * Local Intense Precipitation
| |
| * Combined Effects The FHRR evaluated the nine flooding hazards listed above. Below are the flooding mechanisms exceeding the Current Design Basis (CDB) as per the MNS FHRR and which could pose a potential challenge to MNS key safety functions:
| |
| * Local Intense Precipitation (LIP)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 23 RA-18-0190
| |
| * Flooding in Streams and Rivers (referred to as Flooding in Reservoirs in MNS FHRR)
| |
| * Failure of Dams
| |
| * Probable Maximum Storm Surge and Seiche/Wind Wave Runup The worst-case scenario for mechanisms other than LIP (henceforth referred to as Combined Effects (CE) flooding), produces a maximum still water elevation (SWE) of 778.5 ft mean sea level (msl) for Lake Norman as shown below in Table E4-5: McGuire Flood Scenarios and Parameters (Reference 30). Wind wave runup (part of the storm surge flooding mechanism stated above) was determined to be 778.54 ft msl. Due to the high-water levels on Lake Norman, the protective embankments north of the site would be overtopped due to the reevaluated maximum water surface elevations (WSEs), resulting in an on-site water level of 760.7 ft msl.
| |
| The LIP flood causing mechanism also was found to exceed the CDB and produces a maximum WSE of 761.1 ft around the Auxiliary Building (AB) which houses all SSCs related to maintaining key safety functions (KSFs). Additionally, parameters for warning time, site preparation and period of inundation were determined, as they were not previously included in the design basis for MNS.
| |
| Table E4-5: McGuire Flood Scenarios and Parameters (Reference 30)
| |
| Flood Scenario Parameter CDB Reevaluated Bounded Flood Flood or Not Hazard Hazard Bounded CE Flood Max Still Water Elevation (ft. MSL) 767.9 778.5 NB Max Wave Run-up Elevation 774.75 778.54 NB Local Max Still Water Elevation (ft. MSL) 760.4 761.1 NB Intense Precipitation Warning Time (hours) N/I* 72 NB Period of Site Preparation (hours) N/I* 24 NB Period of Inundation (hours) N/I* 2.5 NB
| |
| *Note: N/I is Not Included.
| |
| Following the conclusion of the FHRR, permanent protective barriers on the north embankment were installed to raise the flood protection levels at the site to prevent water from the CE flood encroaching on the AB. This modification is permanent, passive protection that does not require any human actions to keep the site dry.
| |
| For the LIP mechanism, MNS relies on installing temporary, engineered flood barriers at several locations around the AB. Plant procedures discuss that the site receives warnings of an approaching storm that could produce rainfall greater than 5.35 or more over a 24-hour period
| |
| | |
| U.S. Nuclear Regulatory Commission Page 24 RA-18-0190 within the next 72 hours. The site begins preparations to install flood barriers approximately 24 hours before the arrival of the storm. These barriers require approximately 1.4 hours to install (References 32 and 33). The barriers are engineered for rapid deployment and ample recovery time is available should troubleshooting or reinstallation be required. With the barriers in place, all SSCs related to KSFs are maintained free from flood waters throughout the event.
| |
| 5.2 Challenges Posed Weather induced Loss of Offsite Power (LOSP) is a potential challenge. However, the risk from this challenge is subsumed in the Internal Events PRA, as the initiator and consequences are included in that model. Once the flood barriers are in place, offsite power is not required for a successful response or to screen the XF hazards.
| |
| 5.3 Disposition for LAR Development for Risk-Informed Applications Disposition for TSTF-505 Program The CE flood requires no actions, modifications, or configuration specific considerations given the permanent installation of flood barriers along the embankment preventing water from entering the site. The site is considered dry with no postulated impacts from these mechanisms.
| |
| For the LIP event, evaluation of the Overall Site Response was provided in Section 6 of the Focused Evaluation (FE Reference 32) and received staff concurrence in the Staff Assessment of the FE (Reference 33). In their assessment, NRC staff concluded in Section 3.3.5 of Reference 33 that the licensee has demonstrated that adequate passive features exist to provide flood protection of key SSCs against a beyond-design-basis LIP event.
| |
| Based on the plant design and procedural response, the CE flood and LIP event are screened from further consideration in the TSTF-505 program based on Criterion C1 where the event damage potential is less than events for which the plant is designed.
| |
| Configuration Specific Considerations There are no configuration specific considerations for this hazard.
| |
| 6.0 EVALUATION OF EXTERNAL EVENT CHALLENGES AND IPEEE UPDATE RESULTS This section provides an evaluation of other external hazards. The results of the assessment of these hazards are provided in Table E4-6. Table E4-7 provides the summary criteria for screening of the hazards listed in Table E4-6.
| |
| Hazard Screening The IPEEE for MNS provides an assessment of the risk to MNS associated with these hazards.
| |
| Additional analyses have been performed since the IPEEE to provide updated risk assessments of various hazards, such as aircraft impacts, industrial facilities and pipelines, and external flooding. These analyses are documented in the UFSAR (Reference 38). Table E4-6 reviews and provides the bases for the screening of external hazards, identifies any challenges posed, and identifies any additional treatment of these challenges, if required. The conclusions of the
| |
| | |
| U.S. Nuclear Regulatory Commission Page 25 RA-18-0190 assessment, as documented in Table E4-6, assure that the hazard either does not present a design-basis challenge to MNS, or is adequately addressed in the PRA.
| |
| In the application of Risk-Informed Completion Times, a significant consideration in the screening of external hazards is whether particular plant configurations could impact the decision on whether a particular hazard that screens under the normal plant configuration and the base risk profile would still screen given the particular configuration. The external hazards screening evaluation for MNS has been performed accounting for such configuration-specific impacts. The process involves several steps.
| |
| As a first step in this screening process, hazards that screen for one or more of the following criteria (as defined in Table E4-7) still screen regardless of the configuration, as these criteria are not dependent on the plant configuration.
| |
| * The occurrence of the event is of sufficiently low frequency that its impact on plant risk does not appreciably impact CDF or LERF. (Criterion C2)
| |
| * The event cannot occur close enough to the plant to affect it. (Criterion C3)
| |
| * The event which subsumes the external hazard is still applicable and bounds the hazard for other configurations (Criterion C4)
| |
| * The event develops slowly, allowing adequate time to eliminate or mitigate the hazard or its impact on the plant. (Criterion C5)
| |
| The next step in the screening process is to consider the remaining hazards (i.e., those not screened per the above criteria) to consider the impact of the hazard on the plant given particular configurations for which a RICT is allowed. For hazards for which the ability to achieve safe shutdown may be impacted by one or more such plant configurations, the impact of the hazard to particular SSCs is assessed and a basis for the screening decision applicable to configurations impacting those SSCs is provided.
| |
| As noted above, the configurations to be evaluated are those involving unavailable SSCs whose LCOs are included in the RICT program.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 26 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Per the IPEEE (Reference 35), an assessment of aircraft impact risk was performed with the total crash probability listed as 1.3E-08/yr.
| |
| The assessment was updated using recent air traffic data using the guidance provided in NUREG 0800 Section 3.5.1.6 (Reference 36).
| |
| The primary change that has occurred since the conduct of the IPEEE analyses is the increase in air traffic, particularly commercial air traffic that uses the Charlotte-Douglas International Airport (CLT).
| |
| Aircraft Impact Y PS4 To assess the current risk, recent data for CLT were obtained via a query of the Air Traffic Activity System (ATADS) database.
| |
| Data from 2017 through 2021 (5 years) were obtained (Reference 37).
| |
| The largest value of annual air operations was 579,147 for calendar year 2019.
| |
| Because air traffic was significantly reduced from 2020 2022 due to the COVID-19 pandemic, a conservative value of 600,000 annual total air operations for the CLT airport was assumed and then increased by 25% to account for other air operations (e.g., flyovers and landings at secondary airports); this 1
| |
| The list of hazards and their potential impacts considered those items listed in Tables D-1 and D-2 in Appendix D of RG 1.200, Rev. 3 (Reference 42).
| |
| 2 See Table E4-7 for descriptions of the screening criteria.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 27 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 provides a reasonable conservative estimate of 750,000 annual flights in the CLT area. As in the IPEEE, this total population was apportioned equally among the four possible directions; resulting in a target population of 187,500 flights that would be within the sector that could potentially result in a crash onto the MNS plant site.
| |
| The analysis applied the methods used in the IPEEE using the same assumed apportionment among the two applicable air corridors (V37 and V454). This analysis resulted in an updated value of the probability of an aircraft crash onto the MNS site of 3.2E-8, which is a factor of 3 below the risk criteria specified in the NRC Standard Review Plan (SRP) for probability of aircraft accidents that could result in releases that exceed 10CFR100 limits of less than 1E-7 per year.
| |
| Based on this review, the Aircraft Impact hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), there are no mountains in the vicinity of McGuire from Avalanche Y C3 which a significant avalanche could be generated.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 28 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Based on this review, the Avalanche hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| This hazard is slow to develop and can be identified via monitoring and managed via standard maintenance process. Actions committed to and completed by MNS in response to Generic Letter 89-13 provide on-going control of biological hazards. These include performance of periodic maintenance work orders to inspect the intake structures, Biological Events Y C5 perform flow balance/testing, periodic flushing, and heat exchanger cleaning.
| |
| Based on this review, the Biological Events hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), McGuire is located more than 150 miles from the nearest coastal area. However, to protect the lake edge from erosion, the yard areas subjected Coastal Erosion Y C1 to waves are protected by riprap underlain by a thick subgrade of filter material. Therefore, lake edge erosion will not be a significant problem.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 29 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Based on this review, the Coastal Erosion hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), The effect of a drought at McGuire is insignificant because there are upstream dams that provide water level control on Lake Norman.
| |
| Drought Y C1 Based on this review, the Drought hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| See Section 5.
| |
| Based on this review, the External Flood hazard is considered to be negligible.
| |
| External Flood Y C1 There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 30 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 See Section 4 of this Enclosure for use of high wind penalties. However, Duke Energy requests the option to use the high winds PRA in lieu of high wind penalties. See Extreme Winds Section 2, "High Wind Hazard."
| |
| N N/A and Tornadoes Per the IPEEE (Reference 35), accident data involving surface vehicles or aircraft would include the effects of fog.
| |
| Per the UFSAR Section 2.3.2.3 (Reference
| |
| [38], consideration has been given to possible environmental effects associated with heat dissipation from the cooling pond (Lake Norman, vicinity of McGuire Nuclear Station).
| |
| A review of the literature and operating Fog Y C1 experience to date would suggest that effects of fogging and icing are minimal for the properly designed cooling pond.
| |
| Based on this review, the Fog hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), bush and Forest Fire Y C1 local forest fires are handled by the local fire department. Such fires are not considered to
| |
| | |
| U.S. Nuclear Regulatory Commission Page 31 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 have any impact on the station because the site is cleared and the fire cannot propagate to station buildings or equipment.
| |
| Per the UFSAR Section 2.2.3 (Reference 38),
| |
| the only potential fire hazard in the plant vicinity is a brush fire. The plant fire protection system is adequate to prevent any possible damage from a fire due to this origin.
| |
| Based on this review, the Forest Fire hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), both the Reactor Building and the Auxiliary Building are designed for a combination of snow, ice, and rain. (C1)
| |
| In addition, the principal effects of such events would be to cause a loss of off-site C1 power, which is addressed for weather-Frost Y C4 related LOOP scenarios in the FPIE PRA model for McGuire. (C4)
| |
| Based on this review, the Frost hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard
| |
| | |
| U.S. Nuclear Regulatory Commission Page 32 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), both the Reactor Building and the Auxiliary Building are designed for a combination of snow, ice, and rain. (C1)
| |
| In addition, the principal effects of such events would be to cause a loss of off-site power, which is addressed for weather-C1 related LOOP scenarios in the FPIE PRA Hail Y C4 model for McGuire. (C4)
| |
| Based on this review, the Hail hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), the effect of high summer temperatures at McGuire is insignificant because there are upstream dams that provide water level control on Lake Norman.
| |
| High Summer C1 Y In addition, the principal effects of such Temperature C4 events would be to cause a loss of off-site power, which is addressed for weather-related LOOP scenarios in the FPIE PRA model for McGuire. (C4)
| |
| Based on this review, the High Summer
| |
| | |
| U.S. Nuclear Regulatory Commission Page 33 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Temperature hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), McGuire is located more than 150 miles from the nearest coastal area.
| |
| See also External Flood High Tide Y C4 Based on this review, the High Tide hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| See Section 4, "Hurricanes" and External Flood / Intense Precipitation.
| |
| Based on this review, the Hurricane (Tropical Hurricane (Tropical Cyclone) hazard is considered to be Y C4 negligible.
| |
| Cyclone)
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| C1 Per the IPEEE (Reference 35), Both the Ice Cover Y Reactor Building and the Auxiliary Building
| |
| | |
| U.S. Nuclear Regulatory Commission Page 34 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 C4 are designed for ice. (C1)
| |
| In addition, the principal effects of such events would be to cause a loss of off-site power, which is addressed for weather-related LOOP scenarios in the FPIE PRA model for McGuire. (C4)
| |
| Based on this review, the Ice Cover hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), there are no military or industrial facilities within a 5-mile radius of the plant.
| |
| Per UFSAR Section 2.2 (Reference [38]),
| |
| military and transportation facilities are nearly non-existent and only a few industrial facilities are located in the vicinity of McGuire. The Industrial or Military few facilities that do exist have no effect on Y C1 Facility Accident the McGuire Nuclear Station nor will McGuire Nuclear Station have any effect on the existing facilities.
| |
| Based on this review, the Industrial or Military Facility Accident hazard is considered to be negligible.
| |
| There are no configuration-specific
| |
| | |
| U.S. Nuclear Regulatory Commission Page 35 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| The McGuire Internal Events and Internal Internal Flood N/A N/A Flood PRA model addresses risk from internal Flood events.
| |
| Internal Fire N/A N/A The McGuire Internal Fire PRA model addresses risk from internal fires Per the IPEEE (Reference 35), Landslides are considered an insignificant hazard at McGuire. The Standby Nuclear Service Water Pond (SNSWP) dam is the only natural or man made slope which, upon failure, would prevent safe shutdown of the plant.
| |
| Therefore, the SNSWP was statically designed for stability under all loading Landslide Y C1 conditions Based on this review, the Landslide hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), The most probable effect of lightning is the loss of off-site power due to a strike in the switchyard.
| |
| Lightning Y C4 These occurrences are accounted for in the loss of off-site power initiating event frequency.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 36 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Based on this review, the Lightning hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), The effect of low lake level, or low river water level at McGuire is insignificant because there are upstream dams that provide water level control on Lake Norman.
| |
| Low Lake or River Based on this review, the Low Lake or River Y C1 Water Level Water Level hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), the Reactor Building and the Auxiliary Building are designed for a combination of snow and ice.
| |
| These hazards are commensurate with low winter temperatures. (C1)
| |
| Low Winter C1 Y
| |
| Temperature C4 In addition, low winter temperatures causing failure of instruments are included in the plant trip frequency data. (C4)
| |
| Based on this review, the Low Winter Temperature hazard is considered to be
| |
| | |
| U.S. Nuclear Regulatory Commission Page 37 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), this event has significantly lower frequency than other events with similar uncertainties. The occurrence of a meteorite event could not result in worse consequences than other external events of a higher frequency.
| |
| Therefore, this event is excluded because it Meteorite/Satellite will not significantly influence the total risk.
| |
| Y PS4 Strikes Based on this review, the Meteorite/Satellite Strikes hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 38 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Per the IPEEE (Reference 35), gas pipeline maps of the area around the McGuire plant site were reviewed and indicated that there were no changes to the original PRA screening information as contained in the FSAR.
| |
| Per the FSAR Section 2.2.3 (Reference 38),
| |
| there are two gas pipelines: one 36-inch diameter and one 42-inch diameter located one mile south of the plant. The consequences a rupture of the 42-inch gas pipeline rupture was evaluated. The evaluation included the potential effects of the gas at the plant, an unconfined in-air Pipeline Accident Y C3 explosion, and surface blast at the point of rupture.
| |
| The evaluation found the effects of gas at the plant were well below the flammability threshold. The unconfined in-air explosion and surface blast effects only resulted in a worst-case overpressure of 1.3 to 1.8 psi at the plant, which is considered minor.
| |
| Based on this review, the Pipeline Accident hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 39 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 See analysis in Section 5.
| |
| Based on this review, the hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program Precipitation, evaluation.
| |
| Y C1 Intense Per the IPEEE (Reference 35), potential hazards from the storage of toxic material on-site is minimal.
| |
| Per FSAR Section 2.1.4 (Reference [38]), no large quantities of caustic or flammable Release of material will be stored on site.
| |
| Chemicals from Y C1 Onsite Storage MNS updated its Toxic Gas evaluation in July 2022 (Reference 39) to evaluate onsite and offsite chemical hazards in accordance with Regulatory Guide 1.78, Rev. 1 (Reference 40). The evaluation considered potential onsite and offsite stationary and mobile hazardous chemical sources that could pose
| |
| | |
| U.S. Nuclear Regulatory Commission Page 40 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 a threat to control room habitability upon release within 5 miles of MNS. The evaluation concluded that there are no toxic gas hazardous chemical threats to control room habitability.
| |
| Based on this review, the Release of Chemicals from Onsite Storage hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), No present means exist to divert or reroute the river flow through the dams other than insignificant amounts of water used for municipal supply.
| |
| Per UFSAR Section 2.4.9 (Reference 38),
| |
| There are five reservoirs on the Catawba River upstream of Cowans Ford Dam, all of which have operating hydroelectric power River Diversion Y C1 plants located on them. Since Duke owns and controls the levels of each reservoir above the site of McGuire Nuclear Station, any upstream diversion or rerouting of the source of cooling water is very unlikely to happen. No present means exist to divert or reroute other than minor amounts used for municipal water supply.
| |
| Based on this review, the River Diversion
| |
| | |
| U.S. Nuclear Regulatory Commission Page 41 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), McGuire is located more than 150 miles from the nearest area with a large sand deposit. The likelihood of occurrence is insignificant Sandstorm Y C1 Based on this review, the Sandstorm hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per FSAR Section 2.4.5.2 (Reference 38),
| |
| Lake Norman, immediately north of the plant, is a relatively new inland lake with no history of surge or seiche Flood.
| |
| See also External Flood.
| |
| Seiche Y C1 Based on this review, the Seiche hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Seismic Activity N N/A See Section 3.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 42 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Per the IPEEE (Reference 35), both the Reactor Building and the Auxiliary Building are designed for snow.
| |
| Based on this review, the Snow hazard is Snow Y C1 considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per FSAR Section 2.5 (Reference 38),
| |
| extensive investigations on soil and rock samples found that subsurface conditions of the site have no adverse impact on the design, construction, or operation of the station.
| |
| Soil Shrink-Swell Y C1 Based on this review, the Soil Shrink-Swell hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| See External Flood.
| |
| Based on this review, the Storm Surge Storm Surge Y C1 hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program
| |
| | |
| U.S. Nuclear Regulatory Commission Page 43 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 evaluation.
| |
| Per the IPEEE (Reference 13), leaks from containers of chlorine (used for drinking water purification and sanitary waste treatment) and other potential toxic gas sources were evaluated which found that it is unlikely that leaks from these containers would result in dangerous concentrations in the Control Room.
| |
| MNS updated its Toxic Gas evaluation in July 2022 (Reference 39) to evaluate onsite and offsite chemical hazards in accordance with Regulatory Guide 1.78, Rev. 1 (Reference 40).
| |
| Toxic Gas Y C1 The evaluation considered potential onsite and offsite stationary and mobile hazardous chemical sources that could pose a threat to control room habitability upon release within 5 miles of MNS. The evaluation concluded that there are no toxic gas hazardous chemical threats to control room habitability.
| |
| See also Release of Chemicals from Onsite Storage.
| |
| Based on this review, the Toxic Gas hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program
| |
| | |
| U.S. Nuclear Regulatory Commission Page 44 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 evaluation.
| |
| Per the IPEEE (Reference 35), there are no industries within 5 miles of McGuire which transport or store products harmful to the station.
| |
| Per FSAR Section 2.2.2 (Reference 38), the major north-south transportation corridors in the vicinity of the site are U.S. 321, located approximately 15 miles west of the site, N.C.
| |
| 16, located approximately three miles west of the site, and I-77 located approximately five miles east of the site. The major east-west transportation corridors are I-40, located approximately 25 miles north of the site, and I-85, located approximately 12 miles south of Transportation Y C3 the site. N.C. 150, located approximately 11 Accidents miles northwest of the site, and N.C. 73, located approximately 0.4 miles south of the site, are primarily used by local residents, commuters, and for recreational access to Lake Norman. There are no manufacturers or suppliers of hazardous materials within 10 miles of the site. The shipment of hazardous materials is, however, regulated by the U.S.
| |
| Department of Transportation (USDOT).
| |
| Based on the USDOT regulations and the proximity of alternate major high-speed highways bypassing the site, the probability of MNS being affected by shipment of hazardous materials is insignificant.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 45 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 Based on this review, the Transportation Accidents hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), McGuire is located more than 150 miles from the nearest coastal area at an elevation of 760 ft. mean sea level. Therefore, tsunami effects are insignificant.
| |
| See also External Flood.
| |
| Tsunami Y C3 Based on this review, the Tsunami hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), the majority of the structures at MNS are located either along or within close proximity to the longitudinal centerlines of the respective Turbine-Generated turbines. Calculations on turbine missiles Y C4 Missiles prepared for MNS indicate that the contribution to plant risk from the turbines would be insignificant Per FSAR Section 3.5.2.2, the credited
| |
| | |
| U.S. Nuclear Regulatory Commission Page 46 RA-18-0190 Table E4-6: Evaluation of Other External Hazards1 Screening Result External Hazard Screened? Screening Comment (Y/N) Criterion2 turbine-generator missiles are low trajectory.
| |
| All Category 1 structures, with the exception of the New Fuel Storage Vault exposed to this hazard are designed to withstand their effect and meet Regulatory Guide 1.115, Rev. 1 (Reference 41).
| |
| Based on this review, the Turbine-Generated Missiles hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| Per the IPEEE (Reference 35), No active volcanoes exist within the vicinity of McGuire.
| |
| Based on this review, the Volcanic Activity Volcanic Activity Y C3 hazard is considered to be negligible.
| |
| There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| See External Flood.
| |
| Based on this review, the Waves hazard is considered to be negligible.
| |
| Waves Y C1 There are no configuration-specific considerations for this hazard. This hazard can be excluded from the TSTF-505 program evaluation.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 47 RA-18-0190 Table E4-7: Progressive Screening Approach for Addressing External Hazards Event Analysis Criterion Source C1. Event damage potential is < NUREG/CR-2300 and events for which plant is ASME/ANS Standard designed. RA-Sa-2009 C2. Event has lower mean NUREG/CR-2300 and frequency and no worse ASME/ANS Standard consequences than other events RA-Sa-2009 analyzed.
| |
| Initial Preliminary NUREG/CR-2300 and C3. Event cannot occur close Screening ASME/ANS Standard enough to the plant to affect it.
| |
| RA-Sa-2009 NUREG/CR-2300 and C4. Event is included in the ASME/ANS Standard definition of another event.
| |
| RA-Sa-2009 C5. Event develops slowly, ASME/ANS Standard allowing adequate time to RA-Sa-2009 eliminate or mitigate the threat.
| |
| PS1. Design basis hazard ASME/ANS Standard cannot cause a core damage RA-Sa-2009 accident.
| |
| PS2. Design basis for the event NUREG-1407 and meets the criteria in the NRC ASME/ANS Standard 1975 Standard Review Plan Progressive Screening RA-Sa-2009 (SRP).
| |
| PS3. Design basis event mean NUREG-1407 as modified in frequency is < 1E-5/y and the ASME/ANS Standard mean conditional core damage RA-Sa-2009 probability is < 0.1.
| |
| NUREG-1407 and PS4. Bounding mean CDF is <
| |
| ASME/ANS Standard 1E-6/y.
| |
| RA-Sa-2009 Screening not successful. PRA NUREG-1407 and Detailed PRA needs to meet requirements in ASME/ANS Standard the ASME/ANS PRA Standard. RA-Sa-2009
| |
| | |
| U.S. Nuclear Regulatory Commission Page 48 RA-18-0190
| |
| | |
| ==7.0 CONCLUSION==
| |
| S Based on this analysis of external hazards for MNS, no additional external hazards other than seismic events need to be added to the existing PRA model. The evaluation concluded that the hazards either do not present a design-basis challenge to MNS, the challenge is adequately addressed in the PRA, or the hazard has a negligible impact on the calculated RICT and can be excluded.
| |
| Therefore, MNS will apply a seismic penalty in the risk evaluations performed as part of the process to calculate a RICT. As described in Enclosure 10, MNS will either apply a high wind penalty or use a HW PRA in the risk evaluations performed as part of the process to calculate a RICT. All other external hazards are considered to be insignificant for this application and will not be included in the RICT calculation.
| |
| The ICDP/ILERP acceptance criteria of 1E-5/1E-6 will be used within the PHOENIX framework to calculate the resulting RICT and RMAT based on the total configuration-specific delta CDF/LERF attributed to internal events and internal fire, plus the seismic and tornado risk bounding delta CDF/LERF values.
| |
| | |
| ==8.0 REFERENCES==
| |
| | |
| [1] Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, "Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines,"
| |
| Revision 0-A, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| [2] Letter from Jennifer M. Golder (NRC) to Biff Bradley (NEI), "Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines,"
| |
| May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| [3] ASME/ANS RA-Sa-2009, "Standard for Level 1/Large Early Release Frequency Probabilistic Risk Assessment for Nuclear Power Plant Applications," Addendum A to RAS-2008, ASME, New York, NY, American Nuclear Society, La Grange Park, Illinois, February 2009.
| |
| [4] NUREG-1855, "Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making," Revision 1, March 2017.
| |
| [5] NUREG-75/087, "Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants, LWR Edition," 1975.
| |
| [6] NUREG-1407, "Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities," June 1991.
| |
| [7] McGuire Nuclear Station, "IPEEE Submittal Report," June 1, 1994.
| |
| [8] Electric Power Research Institute (EPRI) NP-6041-SL, "A Methodology for Assessment of Nuclear Power Plant Seismic Margin", Revision 1, August 1991.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 49 RA-18-0190
| |
| [9] McGuire Nuclear Station, Severe Accident Analysis, "McGuire PRA System Documentation; External Events Seismic Analysis," MCC-1535.00-00-0049, Rev. 3, November 9, 2001.
| |
| [10] ENERCON, Report No. DUKCORP042-PR-002, Rev. 0, "Seismic Hazard and Screening Report for McGuire Nuclear Station," March 13, 2014.
| |
| [11] Duke Energy Letter to NRC, McGuire Nuclear Station Units 1 and 2, "Seismic Hazard and Screening Report (CEUS Sites), Response to NRC 10 CFR 50.54(f) Request for Information Pursuant to Title 10 of the Code of Federal Regulations 50.54(f) regarding Recommendations 2.1, 2.3 and 9.3 of the Near-Term Task Force Review of Insights from the Fukushima Dai-ichi Accident," (ADAMS Accession No. ML14098A421), dated March 20, 2014.
| |
| [12] Electric Power Research Institute (EPRI) 3002000709, "Seismic Probabilistic Risk Assessment Implementation Guide," December 2013.
| |
| [13] Generic Letter 88-20, "Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities - 10 CFR 50.54(f), Supplement 4," USNRC, June 1991.
| |
| [14] ARES Corporation, Report No. 030319.13.05.01-001, Rev. B, "IPEEE Adequacy Review for Duke Energys McGuire Nuclear Station," April 2014.
| |
| [15] Generic Issue (GI) 199, "Implications of Updated Probabilistic Seismic Hazard Estimates in Central and Eastern United States on Existing Plants," U.S. NRC Information Notice (IN) 2010-18, (ADAMS Accession No. ML100270582), dated September 2, 2010.
| |
| [16] Souther Nuclear Operating Company, Inc. Letter to the NRC, Vogtle Electric Generating Plant Units 1 and 2 License Amendment Request to Revise Technical Specifications to Implement NEI 06-09, Revision 0, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, (Enclosure E3), September 13, 2012 (ADAMS Accession No. ML12258A055).
| |
| [17] Exelon Generation Company, LLC Letter to NRC, License Amendment Request to Revise Technical Specifications to Adopt Risk Informed Completion Times TSTF-505, Revision 1, Provide Risk-Informed Extended Completion Times - RITSTF Initiative 4b," February 25, 2016 (ADAMS Accession No. ML16060A223).
| |
| [18] Kennedy, R.P., "Overview of Methods for Seismic PRA and Margin Analysis Including Recent Innovations," Conference paper at Tokyo 1999 OECD/NEA Workshop on Seismic Risk, Proceedings of the OECD/NEA Workshop on Seismic Risk, NEA/CSNI/R(99)28, (ADAMS Accession No. ML042960158), August 1999.
| |
| [19] Investigation of Seismic Probabilistic Risk Assessment (SPRA) Quantification to Simplify PRA Models Used to Assess Risk-Informed Completion Times, EPRI Configuration Risk Management Forum Research Task. EPRI, Palo Alto, CA: 2021. 3002020744.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 50 RA-18-0190
| |
| [20] Jung, S. (Duke Energy), "Improved Seismic Penalty Approach for RICT," Electric Power Research Institute Configuration Risk Management Forum (CRMF) Conference, Charlotte, NC, March 28, 2022.
| |
| [21] McGuire Nuclear Station, "Seismic Hazard Curve Sensitivity Study For the McGuire IPEEE," MCC-1535.00-00-0003, 1994.
| |
| [22] NRC letter to Exelon Generation Company, LLC, Braidwood Station, Units 1 and 2, and Byron Station, Unit Nos. 1 and 2 - Issuance of Amendments Nos. 206, 206, 212, and 212 RE: Adoption of TSTF-505, Revision 2, "Provide Risk-Informed Extended Completion Times RITSTF Initiative 4B' (EPID L-2018-LLA-0727)," (ADAMS Accession No. ML20037B221), dated March 30, 2020.
| |
| [23] NRC letter to McGuire Nuclear Station, Unit 1, "Staff Assessment of the Seismic Walkdown Report Supporting Implementation of Near-Term Task Force Recommendation 2.3 Related to the Fukushima Dai-Ichi Nuclear Power Plant Accident," (TAC NO. MF0140), (ADAMS Accession No. ML14114A305), dated May 8, 2014.
| |
| [24] NRC Letter to McGuire Nuclear Station, Unit 2, "Staff Assessment of the Seismic Walkdown Report Supporting Implementation of Near-Term Task Force Recommendation 2.3 Related to the Fukushima Dai-Ichi Nuclear Power Plant Accident," (TAC NO. MF0141), (ADAMS Accession No. ML14112A497), dated May 8, 2014.
| |
| [25] U.S. Nuclear Regulatory Commission, "Risk Assessment of Operational Events, Volume 2 External Events Internal Fires Internal Flooding Seismic Other External Events Frequencies of Seismically-Induced LOOP Events (RASP Handbook)," Revision 1.02, (ADAMS Accession No. ML17349A301), dated November 2017.
| |
| [26] MCC-1535.00-00-0178, McGuire Nuclear Station High Wind Probabilistic Risk Assessment, Revision 4, November 2022.
| |
| [27] High Wind Loss of Offsite Power Durations and Recovery. EPRI, Palo Alto, CA: 2020.
| |
| 3002018232.
| |
| [28] RP/0/A/5700/006, Natural Disasters, Revision 036.
| |
| [29] RP/0/B/5700/027, Severe Weather Preparation, Revision 013.
| |
| [30] Duke Energy Letter to NRC, "Flood Hazard Reevaluation Report, Response to NRC 10 CFR 50.54(f) Request for Information Pursuant to Title 10 of the Code of Federal Regulations 50.54(f) Regarding Recommendations 2.1, 2.3 and 9.3 of Near-Term Task Force Review of Insights from the Fukushima Dai-ichi Accident," dated March 12, 2014 (ADAMS Accession No. ML14083A415).
| |
| [31] [Not used]
| |
| | |
| U.S. Nuclear Regulatory Commission Page 51 RA-18-0190
| |
| [32] Duke Energy Letter to NRC, "Response to March 12, 2012, Request for Information Enclosure 2, Recommendation 2.1, Flooding, Required Response 3, Flooding Focused Evaluation Summary Submittal" (ADAMS Accession No. ML17187A172), dated June 28, 2017.
| |
| [33] NRC Letter to Duke Energy, "McGuire Nuclear Station, Units 1 and 2 Staff Assessment of Flooding Focused Evaluation (CAC Nos. MG0127 and MG0128; EPID L-2017-JLD-0017)"
| |
| (ADAMS Accession No. ML18031A564), dated February 12, 2018.
| |
| [34] [Not used]
| |
| [35] Duke Power letter to NRC, McGuire Nuclear Station, Units 1 and 2, Individual Plant Examination of External Events (IPEEE) Submittal, dated June 1, 1994 (ADAMS Accession No. 9406140331).
| |
| [36] NUREG-0800, "Standard Review Plan (SRP) for the Review of Safety Analysis Reports for Nuclear Power Plants," Section 3.5.1.6, "Aircraft Hazards," Revision 4, March 2010.
| |
| [37] Calculation MCC-1535.00-00-0252, MNS 50.69 and TSTF-505 LAR Support Calculation, Revision 1
| |
| [38] McGuire Nuclear Station Updated Final Safety Analysis Report (UFSAR), April 2020.
| |
| [39] Calculation MCC-1211.00-00-0141, "McGuire Nuclear Station Control Room Habitability Toxic Gas Review," Rev. 4, July 2022.
| |
| [40] Regulatory Guide (RG) 1.78, "Evaluating the Habitability of a Nuclear Power Plant Control Room During a Postulated Hazardous Chemical Release," Revision 1, (ADAMS Accession No. ML013100014), December 2001.
| |
| [41] RG 1.115, "Protection Against Low Trajectory Turbine Missiles," U.S. Nuclear Regulatory Commission, Revision 1, July 1977 (ADAMS Accession No. ML003739456).
| |
| [42] RG 1.200, "Acceptability of Probabilistic Risk Assessment Results for Risk-Informed Activities," Revision 3, December 2020 (ADAMS Accession No. ML20238B871).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 5 BASELINE CDF AND LERF
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE The purpose of this Enclosure is to document the baseline Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) for the hazards used for the McGuire TSTF-505 license amendment request (LAR) and the RICT Program. The baseline plant risk is an integral part of the calculation of risk-informed completion times (RICTs).
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1, November 2002.
| |
| : 4. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 2, May 2011.
| |
| : 5. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3, January 2018.
| |
| : 6. NUREG-2169, Nuclear Power Plant Fire Ignition Frequency and Non-Suppression Probability Estimation Using the Updated Fire Events Database, January 2015.
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 6 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the LAR provide the plant-specific total CDF and total LERF to confirm that these are less than 10-4/year and 10-5/year, respectively. This assures that the potential risk increases allowed under the RICT Program are consistent with the limits set forth in RG 1.174, Revision 1 (Reference 3). Note that RG 1.174, Revision 2 (Reference 4) and RG 1.174, Revision 3 (Reference 5), did not revise these limits.
| |
| 4.0 BASELINE RISK Baseline risk, as well as the model files used to reproduce baseline risk, are documented in each hazards quantification calculation. Baseline risk, in these calculations, are documented as nominal maintenance. For the quantitative purposes of this LAR, these nominal-maintenance results are utilized as a bounding representation of CDF and LERF. Note that for RICT Program implementation, the models used will be no-maintenance models.
| |
| The baseline results from the McGuire PRA models are provided in Table E5-1a and Table E5-1b below. Values for high winds are reported from the PRA quantification calculation. The PRA is considered a better estimate of contribution to overall site risk than the proposed high winds penalty factor. Baseline seismic risk is estimated using the convolution method described in , Sections 3.4 and 3.5 for CDF and LERF respectively. Both the CDF and LERF values reported below are calculated without applying the complement factor described in
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 . The RICT seismic LERF (SLERF) penalty calculation assumed a containment fragility of 0.3g PGA. Using information from the MNS IPEEE, this baseline SLERF estimate calculation assumes a higher seismic capacity for the containment function to reflect realism in the baseline calculation.
| |
| Table E5-1a Total Baseline Unit 1 CDF & LERF Baseline CDF Baseline LERF Source Contribution Source Contribution Internal Internal Events 3.14E-06 Events 3.96E-07 PRA PRA Internal Internal Flooding 4.86E-06 Flooding 5.89E-07 PRA PRA Fire PRA 3.37E-05 Fire PRA 5.12E-06 HW 3.02E-06 HW 1.12E-07 Seismic 2.85E-05 Seismic 2.41E-06 Other Other No significant No significant External External contribution contribution Events Events Total Total 7.32E-05 8.63E-06 CDF LERF Table E5-1b Total Baseline Unit 2 CDF & LERF Baseline CDF Baseline LERF Source Contribution Source Contribution Internal Internal Events 3.16E-06 Events 4.20E-07 PRA PRA Internal Internal Flooding 6.38E-06 Flooding 6.17E-07 PRA PRA Fire PRA 4.06E-05 Fire PRA 5.01E-06 HW 3.13E-06 HW 1.08E-07 Seismic 2.85E-05 Seismic 2.41E-06 Other Other No significant No significant External External contribution contribution Events Events Total Total 8.18E-05 8.57E-06 CDF LERF Note 1: The HW portion is from the high winds PRA.
| |
| Note 2: The seismic contribution is developed by convolving the seismic hazard with representative fragilities for CDF and LERF.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 As demonstrated, CDF is less than the limit of 1E-04 imposed by RG 1.174 (Reference 2.3, 2.4 and 2.5). LERF is also lower than the imposed limit of 1E-05. Thus, the PRAs are acceptable for use in risk-informed applications.
| |
| The total risk for Unit 1 is 7.50E-05 for CDF and 8.60E-06 for LERF and the total risk for Unit 2 is 8.37E-5 for CDF and 8.56E-6 for LERF after the internal events, internal flooding, high winds, and fire PRA models have been updated to include the potential impacts in risk associated with statement-of-knowledge-correlation (SOKC) as well as the addition of an estimation for risk based on convolving the seismic hazard with representative fragilities for CDF and LERF.
| |
| An assessment of parametric uncertainty was performed for Internal Events, Internal Flooding, High Winds, and Fire CDF and LERF using UNCERT with a Monte-Carlo sampling approach with 30,000, 10,000, 50,000, 100,000 samples respectively. The parametric uncertainty analysis addresses SOKC for basic events sharing the same type code and that appear in the same cutset. The impact of the SOKC is reflected by an increase in the calculated risk from the simulation, if applicable. Given that the UNCERT program results do not indicate significant increase in risk over the point estimate risk, it is concluded that there are no significant data correlations from type-coded data events. However, the potential for non-type coded data events specific to the fire analysis needed to be examined as shown below:
| |
| Area of Uncertainty Discussion
| |
| : 1. Ignition frequency NUREG-2169 (Reference 2.6) provides the distribution and parameter error factors based on ignition frequency binning. This parametric uncertainty is applied to each of the ignition source frequencies used in the analysis. The updated Bin 04 and Bin 15 frequencies were not provided with calculated parameter error factors. These were calculated for the lognormal distribution using the provided 95th and 50th percentiles.
| |
| : 2. Non-suppression Since NSP is a combination of automatic and manual probabilities suppression activities it was judged that following the same error factors as the HRA would be appropriate.
| |
| : 3. Severity Factors Generic uncertainty parameters are applied to the severity factor values. The error factors selected were done using engineering judgement. The values follow the HRA error factor assignment, with some additional steps to capture different ranges.
| |
| * SF Value < 0.001 o Error Factor = 10
| |
| * SF Value === 0.001 and < 0.1 o Error Factor = 3
| |
| * SF Value === 0.1 and < 0.25 o Error Factor = 2
| |
| * SF Value === 0.25 o Error Factor = 1
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 6 JUSTIFICATION OF APPLICATION OF AT-POWER PRA MODELS TO SHUTDOWN MODES
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 This Enclosure is not applicable to the McGuire Nuclear Station submittal. Duke Energy is proposing to apply the Risk-Informed Completion Time Program only in Modes 1 and 2.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 7 PRA MODEL UPDATE PROCESS
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE This enclosure describes how the McGuire Nuclear Station (MNS) PRA models used in the calculation of Completion Times are maintained consistent with the as-built, as-operated plant.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. Duke Energy procedure, AD-NF-NGO-0502, Probabilistic Risk Assessment (PRA)
| |
| Model Technical Adequacy, Revision 5, February 2022.
| |
| : 4. Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 2, March 2009.
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 8 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the license amendment request (LAR) provide a discussion of the licensees programs and procedures which assure the Probabilistic Risk Assessment (PRA) models which support the Risk-Managed Technical Specifications (RMTS) are maintained consistent with the as-built/as-operated plant.
| |
| This enclosure describes the administrative controls and procedural processes applicable to the configuration control of PRA models used to support the Risk-Informed Completion Time (RICT)
| |
| Program, which will be in place to ensure that these models reflect the as-built/as-operated plant. Plant changes, including physical modifications and procedure revisions will be identified and reviewed prior to implementation to determine if they could impact the PRA models per AD-NF-NGO-0502 (Reference 3). The configuration control program will ensure these plant changes are incorporated into the PRA models as appropriate. The process will include discovered conditions associated with the PRA models, which will be addressed by the applicable site Corrective Action Program (CAP).
| |
| Should a plant change or a discovered condition be identified that has a significant impact to the RICT Program calculations, as defined by the above procedure, an unscheduled update of the PRA model will be implemented. Otherwise, the PRA model change is incorporated into a subsequent periodic model update. Such pending changes are considered when evaluating other changes until they are fully implemented into the PRA models. Periodic updates are typically performed every two refueling cycles.
| |
| 4.0 PRA MODEL UPDATE PROCESS 4.1 PRA Model Maintenance and Update The Duke Energy risk management process ensures that the applicable PRA models (i.e.,
| |
| Internal Events, Internal Flooding, and Fire models) used to support the RICT program reflect
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 the as-built and as-operated plant. The PRA configuration control procedure (Reference 3) delineates the responsibilities and guidelines for updating the PRA models and includes criteria for both periodic and unscheduled PRA model updates.
| |
| The process includes provisions for monitoring potential impact areas affecting the technical elements of the PRA models (e.g., due to plant changes, plant/industry operational experience, or errors/limitations identified in the model), assessing the risk impact of unincorporated changes, and controlling the model and necessary computer files, including those associated with the Configuration Risk Management Program (CRMP) model.
| |
| Changes to the PRA models that are considered an upgrade (as opposed to model maintenance) per Regulatory Guide 1.200, Revision 2 (Reference 4) receive a peer review focused on those aspects of the PRA models that represent the upgrade. In this way, the PRA models are ensured to remain in compliance with the ASME/ANS PRA Standard.
| |
| 4.2 Review of Plant Changes for Incorporation into the PRA Models The following describes the process used to review plant changes for applicability to the PRA models.
| |
| : 1. Plant changes or discovered conditions are reviewed for potential impact to the PRA models, including the CRMP model and the subsequent risk calculations which support the RICT program (Reference 2, Section 2.3.4, Items 7.2 and 7.3, and 2.3.5, Items 9.2 and 9.3).
| |
| : 2. Plant changes that meet the criteria defined in Reference 3 will be incorporated into the applicable PRA model(s), consistent with Reference 2 guidance. Otherwise, the change is assigned a priority and is incorporated as part of a subsequent periodic update in accordance with procedural requirements (Reference 2, Section 2.3.5, Item 9.2).
| |
| : 3. PRA updates for plant changes are performed at least once every two refueling cycles, consistent with the guidance of NEI 06-09 (Reference 2, Section 2.3.4, Item 7.1 and 2.3.5, Item 9.1).
| |
| : 4. If a PRA model change is required for the CRMP model but cannot be immediately implemented for a significant plant change or discovered condition, either:
| |
| : a. Interim analyses to address the expected risk impact of the change will be performed. In such a case, these interim analyses become part of the RICT Program calculation process until the plant changes are incorporated into the PRA model during the next update. The use of such bounding analyses is consistent with the guidance in Reference 2.
| |
| : b. Appropriate administrative restrictions on the use of the RICT Program for extended Completion Times (CTs) are put in place until the model changes are completed, consistent with the guidance of Reference 2.
| |
| These actions satisfy the requirements of Reference 2, Section 2.3.5, Item 9.3.
| |
| Plant modifications and procedure changes potentially impacting the PRA undergo a thorough review process to determine the impact on the PRA. These changes to the plant are screened
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 based on fleet procedural requirements, which includes an absolute delta in CDF (or LERF) or a percentage increase in CDF (or LERF), whichever is greater. These values are consistent with normal industry practice. If a plant change exceeds these values, then an interim model change is implemented. A non-routine update may be completed based on engineering judgment if the quantitative criteria are not met, which may include the potential impact to one or more applications. Additionally, a PRA model update is completed when it is determined that the current PRA model does not adequately represent the plant in supporting any PRA applications of interest.
| |
| A significant impact to the RICT Program calculations as it relates to the PRA update process would be a plant design or procedural change that exceeds the quantitative limits described in Duke Energy procedure AD-NF-NGO-0502 (Reference 3). These limits are consistent with normal industry practice.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 8 ATTRIBUTES OF THE REAL-TIME MODEL
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE This enclosure describes how the baseline Probabilistic Risk Assessment (PRA) model, which calculates average annual risk, is evaluated and modified for use in a real-time risk (RTR) model to assess real-time configuration risk, and describes the scope of, and quality controls applied to, the real-time model. In NEI 06-09-A, the RTR model is referred to as the Configuration Risk Management Program (CRMP), but that term is not used in TSTF-505. The two terms are used here interchangeably.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. Regulatory Guide 1.200, An Approach for Determining the Technical Adequacy of Probabilistic Risk Assessment Results for Risk-Informed Activities, Revision 3, December 2020.
| |
| : 4. Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3, January 2018.
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 9 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the license amendment request (LAR) provide a description of PRA models and tools used to support the RMTS. This includes identification of how the baseline PRA model is modified for use in the CRMP tools, quality requirements applied to the PRA models and CRMP tools, consistency of calculated results from the PRA model and the CRMP tools, and training and qualification programs applicable to personnel responsible for development and use of the CRMP tools. This item should also confirm that the Risk-Informed Completion Time (RICT) Program tools can be readily applied for each Technical Specification (TS) Limiting Condition for Operation (LCO) within the scope of the plant-specific submittal.
| |
| This enclosure describes the necessary changes to the peer-reviewed baseline PRA models for use in the CRMP software to support the RICT Program. The process employed to adapt the baseline models is demonstrated:
| |
| * to preserve the Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) quantitative results
| |
| * to maintain the quality of the peer-reviewed PRA models
| |
| * to correctly accommodate changes in risk due to configuration-specific considerations.
| |
| Quality controls and training programs applicable to the CRMP are also discussed in this enclosure.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 4.0 TRANSLATION OF BASELINE PRA MODEL FOR USE IN REAL-TIME RISK The baseline PRA models for Internal Events, Internal Flooding, and Fire are the peer-reviewed models which will be implemented into the CRMP software tool. These models are updated when necessary to incorporate plant changes to reflect the as-built, as-operated plant. The three models are all currently maintained as separate models. These models will be used in the CRMP. The models may be optimized for quantification speed but are verified to provide the same result as the baseline models in accordance with approved procedures.
| |
| The CRMP software will be used to facilitate all configuration-specific risk calculations and support the RICT Program implementation. The baseline PRA models are modified as follows for use in configuration risk calculations:
| |
| * The unit availability factor is set to 1.0 (i.e., the unit is available)
| |
| * Maintenance unavailability of structures, systems, and components (SSCs) in the PRA model is set to zero/false unless the unavailability is due to the configuration in question
| |
| * Mutually exclusive combinations, including normally disallowed maintenance combinations, are adjusted to allow accurate analysis of the configuration
| |
| * Average alignment fractions of running/standby equipment trains are adjusted to one/true or zero/false to accurately represent the configuration
| |
| * Out-of-service equipment is reflected in the CRMP models initiating event models as well as in the system response models. Support system initiating events are explicitly included in the PRA model.
| |
| * There are no changes in the PRA success criteria due to seasonal variations The CRMP software is designed to quantify the unit-specific configuration for Internal Events, Internal Flooding, and Fire, and includes the Seismic and High Winds penalty factors when calculating the risk management action time (RMAT) and RICT. The unique aspect of the CRMP software for the RICT Program is the quantification of Fire risk, as well as the inclusion of the Seismic penalty factor. The other adjustments above are those used for the evaluation of risk under the 10 CFR 50.65(a)(4) program.
| |
| The CRMP software does not use pre-solved cutsets for RICT calculations. Configuration risk is calculated for each unique combination of out-of-service equipment, and the risk results are stored in the Phoenix SQL database.
| |
| For preventative maintenance actions, Duke Energys approach is that common cause events are not adjusted. Adjustments to the common cause failure (CCF) grouping or CCF probabilities are not necessary when a component is taken out-of-service for preventative maintenance. The component is not out-of-service for reasons subject to a potential CCF, and so the in-service components are not subject to increases in common cause probabilities.
| |
| Regulatory Guide 1.177 describes how CCFs should be treated differently for preventive maintenance conditions than as described for failure of a component. The McGuire Nuclear Station (MNS) approach is conservative in that CCF basic events are retained for components removed for maintenance. This approach may slightly increase the risk and shorten the calculated Completion Time, which would reflect a conservative modeling assumption.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 5.0 QUALITY REQUIREMENTS AND CONSISTENCY OF PRA MODEL AND CONFIGURATION RISK TOOLS The approach for establishing and maintaining the quality of the PRA models, including the CRMP model, includes both a PRA model update process (described in Enclosure 7) and the use of self-assessments and independent peer review (described in Enclosure 2).
| |
| The information provided in Enclosure 2 demonstrates that the sites Internal Events, Internal Flood, and Fire PRA models reasonably conform to the associated industry standards endorsed by Regulatory Guide 1.200 (Reference 3). This information provides a robust basis for concluding that the PRA models are of sufficient quality for use in risk-informed licensing initiatives.
| |
| For maintenance of an existing CRMP model, changes made to the baseline PRA model in translation to the CRMP model are currently, and will continue to be, controlled and documented. An acceptance test is performed after every CRMP model update. This testing also verifies correct mapping of plant components to the basic events in the CRMP model.
| |
| 6.0 TRAINING AND QUALIFICATION The PRA staff is responsible for development and maintenance of the CRMP model.
| |
| Operations and Work Control staff will use the CRMP tool under the RICT Program. PRA Staff and Operations are trained in accordance with a program using National Academy for Nuclear Training (NANT) documents (ACAD), which is also accredited by the Institute of Nuclear Power Operations (INPO).
| |
| 7.0 APPLICATION OF THE CRMP TOOL TO THE RICT PROGRAM SCOPE The chosen CRMP tool, an Electric Power Research Institute (EPRI) product called Phoenix Risk Monitor (PRM), will be used to facilitate all configuration-specific risk calculations and support the RICT Program implementation. This program is specifically designed to support implementation of the RICT Program. PRM will permit the user to evaluate all plant configurations using appropriate mapping of plant equipment to PRA basic events. The equipment in the scope of the RICT Program will be able to be evaluated in the appropriate PRA models. The CRMP will meet RG 1.174 (Reference 4) and Duke Energy software quality assurance requirements.
| |
| 8.0 INTERACTIONS BETWEEN UNITS This section provides an overview of the key system interactions between the MNS units. Table 1-1 of the MNS Updated Final Safety Analysis Report (UFSAR) provides a listing of shared facilities and equipment. Table 8-6 of the UFSAR provides a listing of equipment shared by both units.
| |
| The following discussion focuses on the shared system aspects and unit crossties of various important shared or cross-tied SSCs.
| |
| 8.1 Nuclear Service Water System (NSWS)
| |
| The NSWS provides cooling water from Lake Norman or the Standby Nuclear Service Water Pond (SNSWP) to various safety related and non-safety related heat exchangers. In addition,
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 the system acts as an assured source of makeup water for various requirements and as the normal supply of water for the Containment Ventilation Cooling Water System.
| |
| The NSWS is designed with common supply and common discharge piping sections. These piping sections have various common train-related motor operated valves which provide for train separation and for system alignment capability. These shared supply and discharge headers are all designed with sufficient capacity to support both units for design basis accident flow requirements.
| |
| 8.2 Essential AC Power The essential Engineered Safeguards Feature (ESF) 4160V buses (1ETA, 1ETB, 2ETA and 2ETB) are normally powered from offsite power via the 6.9kV switchgear groups. Each essential 4160V bus also has a dedicated onsite diesel generator (DG) source. If the normal and alternate offsite sources are unavailable, the onsite emergency DG supplies power to the 4160V ESF bus. The alternate feed to each of the 4160V buses is supplied through train related shared transformers (SATA and SATB), respectively, which can be aligned to the offsite power circuit of either unit.
| |
| There are also provisions to accommodate the connecting of the Emergency Supplemental Power Source (ESPS) to one train of either units essential ESF 4160V buses. The ESPS consists of two 50% capacity non-safety related commercial grade DGs. Manual actions are required to align the ESPS to the station and only one of the stations four onsite Class 1E Distribution System trains can be supplied by the ESPS at any given time.
| |
| The four essential 4160 V buses each feed shared 600V motor control centers (MCC) 1EMXG, 1EMXH, 2EMXG and 2EMXH. The normal alignment has Unit 1 (1ETA) aligned to the A Train MCCs and Unit 2 (2ETB) aligned to the B Train MCCs. However, if desired or required to maintain operability of the shared systems, MCCs can be swapped to receive power from the other Unit (A Train to 2ETA and B Train to 1ETB). These shared MCCs provide power to the following shared system components:
| |
| * NSWS shared valves
| |
| * Control Room Area Ventilation System (CRAVS)
| |
| * Control Room Area Chilled Water System (CRACWS)
| |
| * Auxiliary Building Filtered Ventilation Exhaust System (ABFVES)
| |
| * Groundwater Drainage System The table below shows the shared electrical loading scheme associated with Essential AC Power.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 McGuire Shared Essential Loads Electrical Alignment 1ETA Bus (4160V) 1ETB Bus (4160V) 2ETA Bus (4160V) 2ETB Bus (4160V)
| |
| A CRACWS Chiller B CRACWS Chiller A CRACWS Chiller B CRACWS Chiller (Normal) (Alternate) (Alternate) (Normal) 1EMXG 600V Loads 2EMXG 600V Loads 1EMXG 600V Loads 2EMXG 600V Loads (Normal) (Alternate) (Alternate) (Normal)
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRACWS CRACWS CRACWS CRACWS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRAVS CRAVS CRAVS CRAVS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train ABFVES ABFVES ABFVES ABFVES components components components components
| |
| * One A Train
| |
| * Three B Train
| |
| * One A Train
| |
| * Three B Train Groundwater Groundwater Groundwater Groundwater Drainage Drainage Drainage Drainage Sump Pump Sump Pumps Sump Pump Sump Pumps 1EMXH 600V Loads 2EMXH 600V Loads 1EMXH 600V Loads 2EMXH 600V Loads (Normal) (Alternate) (Alternate) (Normal)
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train NSWS shared NSWS shared NSWS shared NSWS shared valves valves valves valves
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRACWS CRACWS CRACWS CRACWS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train CRAVS CRAVS CRAVS CRAVS components components components components
| |
| * A Train
| |
| * B Train
| |
| * A Train
| |
| * B Train ABFVES ABFVES ABFVES ABFVES components components components components
| |
| * Two A Train
| |
| * Two A Train Groundwater Groundwater Drainage Drainage Sump Pumps Sump Pumps 8.3 125V DC and 120V AC Vital Instrumentation and Control Power System 125V DC The 125V DC Vital Instrumentation and Control Power System consists of five chargers (one charger for each channel and a spare charger which can be aligned to any of the four channels), four 125V DC batteries, four distribution centers (with associated breakers), and eight separate panelboards. The system is designed to support a manual connection of two distribution centers (either EVDA and EVDC or EVDB and EVDD) during periods of battery maintenance.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 7 RA-18-0190 The DC system is divided into four independent and physically separated load groups. Each load group is comprised of the following: one battery, one battery charger, one DC distribution center, and two DC power panelboards.
| |
| This system is shared between the two MNS units and supplies four normally independent power channels for reactor control and instrumentation. Three of the four channels will ensure that the overall system functional capability is maintained. However, a loss of any two of these channel sources would result in a shutdown of both MNS units.
| |
| The following is a list of typical loads powered from the 125V DC Vital Instrumentation and Control Power System Distribution Centers (EVDA, EVDB, EVDC, and EVDD):
| |
| * Auxiliary Safeguards Cabinets Control Power
| |
| * Turbine Trip
| |
| * ETA and ETB Control Power
| |
| * Diesel Generator Sequencers Control Power
| |
| * Miscellaneous Chemical Volume and Control System Solenoids
| |
| * Pressurizer PORV Solenoids
| |
| * Reactor Trip Switchgear Control Power
| |
| * 600V Load Centers ELXA, ELXB, ELXC, and ELXD Control Power
| |
| * Power Supplies to the Reactor Vessel Head Vents
| |
| * Ventilation Units Shunt Trip Coils
| |
| * Reactor Coolant Pump Under-frequency and Under-voltage Monitor Panels 120V AC The 120V AC Vital Instrumentation and Control Power System consists of four vital panelboards and four inverters to each unit. The four vital panelboards normally receive power through static inverters 1(2) EVIA, 1(2) EVIB, 1(2) EVIC, and 1(2) EVID. These static inverters are fed from the 125V DC Vital Instrumentation and Control Power System distribution centers (EVDA, EVDB, EVDC, and EVDD). When an inverter is intentionally taken out of service, a regulated power supply (1KRP for Unit 1 and 2KRP for Unit 2) is also provided as an alternate power source to allow uninterruptible manual power transfer to panelboards 1(2) EVKA, 1(2) EVKB, 1(2) EVKC, and 1(2) EVKD.
| |
| This system provides four independent channels for instrumentation and control power to both units. The A train loads are fed from channels A and C, while the B train loads are fed from channels B and D. Three of the four channels will ensure that the overall system functional capability is maintained. However, a loss of any two of these channel sources would result in a shutdown of the respective unit.
| |
| The following is a list of typical loads powered from the 120V AC distribution centers:
| |
| * NIS Channels 1 through 4 Instrument Power
| |
| * NIS Channels 1 through 4 Control Power
| |
| * SSPS Instrument Power
| |
| * SSPS Control Power
| |
| * Refueling Water Storage Tank Channels 1 through 4 Instrument Power
| |
| * Containment Radiation Monitors Isolation Valves
| |
| * Auxiliary Safeguard Cabinets Instrument Power
| |
| | |
| U.S. Nuclear Regulatory Commission Page 8 RA-18-0190
| |
| * Post-Accident Recorders
| |
| * Post-Accident Annunciators 8.4 125V DC and 240/120V AC Auxiliary Control Power 125V DC Auxiliary Control Power The 125V DC Auxiliary Control Power System is a shared system that consists of three chargers (one for each of two channels and a spare charger which can be aligned to either channel), two 125V DC batteries, and six distribution centers (DCA, DCA-1, DCA-2, DCB, DCB-1, and DCB-2). This system provides DC power for the control of equipment located within the auxiliary and turbine buildings, the operator aid computer static inverters, and the auxiliary control power static inverters.
| |
| 240/120V AC Auxiliary Control Power The 120V AC Auxiliary Control Power System is normally fed from the 125V DC distribution centers through static inverters and consists of two 120V AC auxiliary control power panelboards, two 240/120V AC operator aid computer power panelboards, two 240/120V AC regulated power panelboards, two 240/120V AC distribution centers, two 600V AC regulators, two 600/240/120V AC transformers, five inverters, a breaker alignment panel, and four disconnect switches.
| |
| 8.5 Instrument Air System The shared portion of the Instrument Air System contains three 100% centrifugal air compressors, two 50% diesel powered rotary screw compressors and 3 Instrument Air receiver tanks (312 cubic feet each). Downstream of the compressors, three desiccant air dryers dry the air.
| |
| Cooling water is provided for the centrifugal compressors from the shared Recirculated Cooling Water System.
| |
| The centrifugal compressors (D, E, and F) are designed to deliver 1500 SCFM of air at 100 psig. The centrifugal compressors are normally in service with one compressor in Lead (105 psig) mode, one compressor in First Backup (100 psig) mode and the third in Auto Hot Start (OFF and will auto-start at 95 psig) mode. The D compressor electrical supply is from Unit 1, E is from Unit 2 and F can be supplied from either unit with a power supply transfer switch.
| |
| A backup compressed air supply connection is supplied in order to provide the compressed air necessary to restart the centrifugal compressors after a loss of instrument air, and after the Instrument Air System pressure has decreased below the amount needed to operate compressor controls.
| |
| The two diesel-powered instrument air compressors will automatically start upon lowering air pressure, failure of the instrument air compressor sequencer panel, or loss of Recirculated Cooling Water System flow. Each of the compressors is designed to deliver 1200 SCFM of air at up to 150 psig.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 9 RA-18-0190 From the air receivers, the air is routed through two parallel headers. Instrument air is then passed through any combination of the three desiccant dryers (A-C), which are piped in parallel.
| |
| Generally, two desiccant dryers are in service with one in standby. Before being discharged to the Unit 1 and 2 headers, air is passed through an after-filter on each dryer skid.
| |
| 8.6 Control Room Ventilation and Chilled Water MNS has a shared Control Room. The Control Room Ventilation System has two redundant trains with each comprised of three subsystems. The subsystems are:
| |
| * Control Room Ventilation System
| |
| * Control Room Area Ventilation System [includes cables rooms, battery rooms, electrical penetration rooms (MG set rooms)]
| |
| * Switchgear Rooms Ventilation System The Control Room Area Chilled Water System has two redundant trains and each provides chilled water to the Control Room air handling units (AHU), the Control Room area AHUs, and the switchgear AHUs.
| |
| Each train of Control Room ventilation and Control Room chilled water is shared and each can be supplied required essential power (emergency DG backed) from either Unit 1 or Unit 2. Also, the Nuclear Service Water System cooling to the Control Room Chilled Water System chillers can be supplied from either Unit 1 or Unit 2. Normally, Unit 1 A train power and nuclear service water are aligned to A train of Control Room ventilation and chilled water and Unit 2 B train power and nuclear service water are aligned to B train of Control Room ventilation and chilled water.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 9 KEY ASSUMPTIONS AND SOURCES OF UNCERTAINTY
| |
| | |
| U.S. Nuclear Regulatory Commission Page2 RA-18-0190 1.0 PURPOSE The purpose of this enclosure is to document the assumptions and sources of uncertainty of the McGuire Nuclear Station Probabilistic Risk Assessment (PRA) models in support of the Risk-Informed Completion Time (RICT) Program in accordance with NEI 06-09-A (Reference 2).
| |
| Specifically, this enclosure provides a summary of the process for determining the assumptions and sources of uncertainty in the PRA models, including the determination of which of those are
| |
| 'key' assumptions and sources of uncertainty, and to provide dispositions of those assumptions and sources of uncertainty for the PRA models used in development of the real-time risk (RTR) model used to determine RICTs. The baseline Internal Events, Internal Flooding, Fire, and High Wind models' notebooks document assumptions and sources of uncertainty and these were reviewed during the respective model peer reviews.
| |
| In addition, NEI 06-09-A requires that the uncertainty be addressed in RICT Program RTR tools by consideration of the translation from the PRA model. The RTR model, also referred to as the Phoenix model as discussed in Enclosure 8, includes Internal Events, Internal Flooding, Fire and High Winds PRA models. The model translation uncertainties evaluation and impact assessment are limited to new uncertainties that could be introduced by application of the RTR tool during RICT Program calculations.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), "Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, 'Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines,"'
| |
| May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, "Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines," Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. NUREG-1855, "Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decisionmaking, Final Report", Revision 1, March 2017.
| |
| : 4. EPRI 1016737, ''Treatment of Parameter and Model Uncertainty for Probabilistic Risk Assessments," December 2008.
| |
| : 5. EPRI 1026511, "Practical Guidance on the use of Probabilistic Risk Assessment in Risk-Informed Applications with a Focus on the Treatment of Uncertainty," December 2012.
| |
| : 6. EPRI 1013491, "Guideline for the Treatment of Uncertainty in Risk-Informed Applications," October 2006.
| |
| : 7. McGuire Nuclear Station RICT LAR Support, Report 025129-RPT-02, "Review of Sources of Uncertainty," Revision 0, October 2022.
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 10 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the license amendment request (LAR) provide a discussion of how the key assumptions and sources of uncertainty were identified and how their impact on the RICT Program was assessed and dispositioned.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 4.0 ASSUMPTIONS AND SOURCES OF UNCERTAINTY The documentation of assumptions and sources of uncertainty outlined in this Enclosure is provided in the MNS RICT application specific notebook (Reference 7).
| |
| 4.1 Process for Identification of Assumptions and Sources of Uncertainty To identify the assumptions and uncertainties used in the Internal Events and Internal Flood base PRA models supporting the RICT Program, the generic issues identified in Table A.1 of EPRI 1016737 (Reference 4) were reviewed, as well as the PRA documentation for plant-specific assumptions and uncertainties. This identification process is consistent with NUREG-1855 Revision 1 (Reference 3) Stage E. Additionally, generic level 2 sources of uncertainty and assumptions from EPRI 1026511 (Reference 5) were evaluated. No additional key sources of model uncertainty were identified from that review of Level 2 generic uncertainties.
| |
| To identify the assumptions and uncertainties used in the Fire base PRA model supporting the RICT Program, the generic issues identified in EPRI 1026511 (Reference 5) were reviewed, as well as the PRA documentation for plant-specific assumptions and uncertainties. This identification process is consistent with NUREG-1855 Revision 1 (Reference 3) Stage E.
| |
| To identify the assumptions and uncertainties used in the High Wind base PRA model supporting the RICT Program, the MNS High Wind PRA documentation was reviewed for assumptions and uncertainties. This identification process is consistent with NUREG-1855 Revision 1 (Reference 3) Stage E.
| |
| 4.2 Process for Identification of Key Assumptions and Sources of Uncertainty To determine whether each assumption or uncertainty is key or not for this application, the assumption or uncertainty was individually assessed based on the definitions in RG 1.200 Revision 3, NUREG-1855 Revision 1 (Reference 3), and related references (i.e., EPRI 1016737, EPRI 1013491, and EPRI 1026511; References 4, 6, and 5, respectively). These documents provide definitions and guidance to identify if a specific assumption or uncertainty is key for an application and requires further consideration of the impact to the application. This assessment was applied to all uncertainties and assumptions identified via the methods described in Section 4.1 for the internal hazards (including fire) and high winds.
| |
| Assumptions or uncertainties determined not to be key are those that do not meet the definitions of key uncertainty or key assumption in RG 1.200 Revision 3, N UREG-1855 Revision 1 (Reference 3), or related references. Specifically, the following considerations were used to determine those assumptions and uncertainties that do not require further consideration as key to the application:
| |
| * The uncertainty or assumption is implementing a "consensus model" as defined in NUREG-1855 Revision 1 (Reference 3).
| |
| * The uncertainty or assumption will have no impact on the PRA results and therefore no impact on the duration of the calculated RICT.
| |
| * There is no different reasonable alternative to the assumption which would produce different results and/or there is no reasonable alternative that is at least as sound as the assumption being challenged. (RG 1.200 Revision 3)
| |
| * The uncertainty or assumption implements a conservative bias in the PRA model, and that conservatism does not influence the results. These conservatisms are expected to
| |
| | |
| U.S. Nuclear Regulatory Commission Page4 RA-18-0190 be slight and only applied to minor contributors to the overall model. EPRI 1013491 (Reference 6) uses the term "realistic conservatisms". Thus, uncertainties and assumptions that implement realistic (slight) conservatisms can be screened from further consideration.
| |
| * EPRI 1013491 (Reference 6) elaborates on the definition of a consensus model to include those areas of the PRA where extensive historical precedence is available to establish a model that has been accepted and yields PRA results that are considered reasonable and realistic. Thus, uncertainties and assumptions for which there is extensive historical precedence, and for which produced results are reasonable and realistic, can be screened from further consideration.
| |
| If the assumption or uncertainty does not meet one of the considerations above, then it is retained as "key" for the application and is presented in Table E9-1. This assessment was applied to all uncertainties and assumptions identified via the methods in Section 4.1 for the internal hazards (including fire) and high winds.
| |
| 4.3 Identified Key Sources of Uncertainty Table E gives a summary of assumptions identified as potential key sources of uncertainty for the RICT application. Ultimately, a sensitivity study was performed, which determined that the assumptions in Table E9-1 are in fact not key for this application. Therefore, there is no key source of uncertainty. Note that the MNS PRA does not model digital instruments and thus no Limiting Conditions for Operation are impacted.
| |
| Table E9-1 : Identified Potential Key Assumptions and Uncertainties - Internal Hazards (Internal Events, Flood, And Fire) and High Winds Hazard Basis for Categorization as ID Modeling Assumption Description Summary Potential Key Source of Uncertainty 0039-04 NI pump miniflow lines are assumed not Not modeling the NI pump 0039-08 necessary for pump start success. miniflow line may underestimate the risk in sequences in which reactor pressure is above the pump shutoff head. This situation could occur during a small LOCA, for which the charging pumps initially operate. Loss of the NI pump miniflow could potentially damage the NI pump. If subsequently the charging pumps were to fail, all high-pressure injection would be lost. This assumption is investigated further by running a sensitivity study on Technical Specification 3.5.2.A. In the
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 Table E9-1 : Identified Potential Key Assumptions and Uncertainties - Internal Hazards (Internal Events, Flood, And Fire) and High Winds Hazard Basis for Categorization as ID Modeling Assumption Description Summary Potential Key Source of Uncertainty RICT evaluation of Technical Specification 3.5.2.A, one train of emergency core cooling systems (ECCS),
| |
| involving charging (NV),
| |
| safety injection (NI) and low pressure injection (ND) systems, is assumed unavailable. The sensitivity study evaluates the change in completion time when the NI pump of the other train is lost, due to a miniflow line-related assumed failure. This sensitivity analysis is conservative because 1) no random failure is applied (i.e,.
| |
| a guaranteed failure of the NI pump is assumed to occur),
| |
| and 2) the failure is assumed to occur for a wide range of sequences, even though the NI miniflow failure would not fail the NI pumps in sequences where the RCS pressure inherently drops below the NI shutoff head. To remove excessive conservatism, the sensitivity study excludes a few cutsets where a large LOCA occurs and for which it is known that the miniflow line operability is irrelevant (due to the immediate drop in pressure caused by the large LOCA).
| |
| Despite its conservatism, the sensitivity study yields the same 30-day completion time as the baseline case. On that basis, the assumption is considered to be not key for the RICT application.
| |
| | |
| U.S. Nuclear Regulatory Commission Page6 RA-18-0190 4.4 FLEX Modeling Uncertainty Consideration FLEX equipment is not incorporated into the MNS PRA models. Therefore, FLEX equipment will not impact the PRA results used in the RICT program. Should FLEX equipment be added to the PRA models in the future, prior to implementation of the RICT Program crediting FLEX, the change to the PRA will be evaluated to determine if it is a PRA upgrade as defined in the PRA standard (ASME/ANS RA-Sa-2009, as endorsed by RG 1.200, Revision 3), and peer reviewed as appropriate. Any findings from a peer review will be resolved and reflected in the PRA of record prior to implementation of a RICT Program crediting FLEX.
| |
| 5.0 ASSESSMENT OF TRANSLATION (REAL-TIME RISK MODEL) UNCERTAINTIY IMPACTS Incorporation of the baseline PRA models into the Real Time Risk model used for RICT Program calculations may introduce new sources of model uncertainty. Table E9-2 provides a description of the relevant model changes and dispositions of whether any of the changes made represent possible new sources of model uncertainty that must be addressed. Refer to for additional discussion regarding the Real-Time Risk model.
| |
| Table E9-2: Assessment of Translation Uncertainty Impacts Real Time Risk Model Change and Impact on Model Disposition Assumptions PRA model logic The model will be logically Since the CRMP model will structure may be equivalent and produce results produce comparable numerical optimized to increase comparable to the baseline PRA results, this is not a key source solution speed. logic model. of uncertainty for the RICT program.
| |
| Set plant availability Since the CRMP is intended to This change is intended to factor (Reactor evaluate specific configurations model the at-power plant and is Critical Years Factor) during at-power conditions, the use not a source of uncertainty.
| |
| basic event to 1.0. of a plant availability factor less than 1 is not appropriate. This change allows the CRMP model to produce appropriate results for specific at-power configurations.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 10 PROGRAM IMPLEMENTATION
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE This enclosure provides a description of the implementing programs and procedures regarding the plant staff responsibilities for the Risk-Informed Completion Time (RICT) Program implementation including training of plant personnel, and specifically discusses the decision process for risk management action (RMA) implementation during extended Completion Times (CTs).
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 11 of the NRC Final Safety Evaluation for NEI 06-09-A (Reference 1) requires that the license amendment request (LAR) provide a description of the implementing programs and procedures regarding the plant staff responsibilities for the RMTS implementation, and specifically discuss the decision process for RMA implementation during a RICT. This enclosure provides the required description.
| |
| 4.0 RICT PROGRAM AND PROCEDURES A program description and implementing procedures will be developed by Duke Energy for the RICT Program. This program description will serve to establish management responsibilities and general requirements for training, implementation, and monitoring of the RICT Program, including development and maintenance of the Configuration Risk Management Program (CRMP) software tool and model reflecting the as-built, as-operated plant.
| |
| The RICT program will be implemented by site procedures which fully address all aspects of the guidance in NEI 06-09-A (Reference 2). The program will be integrated with online work control processes, which identify the need to enter a Technical Specifications (TS) Action Statement.
| |
| Operations, specifically the control room staff, is responsible for compliance with TS. With RICT Program implementation, Operations will additionally be responsible for implementation of a RICT and any RMAs determined to be appropriate for the plant configuration. Entry into a RICT will require management approval prior to planned maintenance activities and as soon as practical following emergent conditions.
| |
| The procedures developed for the RICT Program will address the following attributes consistent with NEI 06-09-A:
| |
| * Plant management positions with authority to approve entry into the RICT Program, both for pre-planned maintenance activities and emergent conditions
| |
| * Definitions related to the RICT Program
| |
| * Plant conditions for which the RICT Program is applicable
| |
| * Departmental and positional responsibilities for activities in the RICT Program
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190
| |
| * Conditions under which entry into a RICT is forbidden or otherwise may not be voluntarily entered for calculation of RICTs and RMA Times (RMATs)
| |
| * Conditions for exiting a RICT
| |
| * Implementation of the RICT Programs 30-day back-stop limit
| |
| * Use of the CRMP software tool with the RICT Program
| |
| * Requirements to identify and implement RMAs when the RMAT is exceeded or is anticipated to be exceeded
| |
| * Consideration of common cause failure (CCF) potential in emergent RICTs
| |
| * The use of RMAs, including the conditions under which they may be credited in RICT calculations
| |
| * Requirements for training on the RICT Program
| |
| * Documentation requirements as they relate to individual RICT calculations, implementation of extended CTs, and accumulated annual risk 5.0 RICT PROGRAM TRAINING The scope for training for the RICT Program will include rules for the new TS program, CRMP tool, TS Actions included in the RICT Program, and the implementing procedures. Training will be conducted for the following Duke Energy personnel, as applicable:
| |
| Site Personnel
| |
| * Plant Manager
| |
| * Operations Manager
| |
| * Operations Personnel (Licensed and Non-Licensed)
| |
| * Operations Work Control Managers
| |
| * Operations Work Control Personnel
| |
| * Work Week Managers
| |
| * Operations Training
| |
| * Outage Manager
| |
| * Engineering
| |
| * Regulatory Personnel
| |
| * Selected Maintenance Personnel
| |
| * Other Selected Management Corporate Personnel
| |
| * Operations Corporate Functional Area Manager
| |
| * Licensing/Regulatory Affairs Management and Personnel
| |
| * Probabilistic Risk Assessment Management and Personnel
| |
| * Training Management and Personnel
| |
| * Other Selected Management Training will be carried out in accordance with the Systematic Approach to Training as well as Duke Energy training procedures and processes. Duke Energy procedures are written based on the Institute of Nuclear Power Operations (INPO) Accreditation (ACAD) requirements, as developed and maintained by the National Academy for Nuclear Training (NANT). Duke Energy
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 has planned three levels of training for implementation of the RICT Program. They are described below.
| |
| 5.1 Level 1 Training - User Training This training is the most detailed and is intended for those individuals who will be directly involved in the implementation of the RICT Program.
| |
| 5.2 Level 2 Training - Management Training This training is applicable to plant management positions with the authority to approve entry into the RICT Program, as well as those supervisory, managerial, and other positions who will closely support RICT Program implementation. This group of personnel will not be qualified to perform the tasks for actual implementation of the RICT Program.
| |
| 5.3 Level 3 Training - Site Awareness Training This training is intended for the remaining personnel who require an awareness of the RICT Program.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 11 MONITORING PROGRAM
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE This enclosure describes the monitoring program for cumulative risk impacts as described in NEI 06-09-A, Section 2.3.2, Step 7. This should include a description of how the calculations are made and what actions and thresholds are applied when corrective measures are necessary due to excessive risk increases.
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 1, November 2002.
| |
| : 4. Regulatory Guide 1.174, An Approach For Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Revision 3, January 2018.
| |
| : 5. Regulatory Guide 1.177, An Approach for Plant-Specific, Risk-Informed Decision Making: Technical Specifications, Revision 2, January 2021.
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 12 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the license amendment request (LAR) provide a description of the implementation and monitoring program as described in Regulatory Guide (RG) 1.174, Revision 1 (Reference 3) and NEI 06-09-A, Revision 0. Note that RG 1.174, Revision 3 (Reference 4),
| |
| issued by the NRC in January 2021, made editorial changes to the applicable section referenced in the NRC Safety Evaluation for Section 4.0, Item 12.
| |
| | |
| ==4.0 DESCRIPTION==
| |
| OF THE MONITORING PROGRAM The Risk-Informed Completion Time (RICT) Program requires the calculation of the cumulative risk impact at least every refueling cycle, not to exceed 24 months, as set forth in NEI 06-09, Revision 0 (Reference 2). For each assessment period under evaluation, data will be collected for each of the risk increases associated with the application of the RICT Program (i.e., periods in which an extended Completion Time (CT) beyond the front-stop CT is invoked) and summed.
| |
| This will be done for both Core Damage Frequency (CDF) and Large Early Release Frequency (LERF). The data of interest is the change in CDF and LERF (~CDF and ~LERF, respectively) above the zero-maintenance baseline levels for the durations of operation in the extended CT.
| |
| The calculated delta-risk is converted to average annual values.
| |
| The resulting total average annual delta-risk for extended CTs is then compared to the guidance established in RG 1.174 (Reference 4), specifically Figures 4 and 5 for CDF and LERF, respectively. For cases in which the annual risk increase is acceptable (i.e., not in Region I),
| |
| the RICT Program implementation is considered acceptable for the assessment period.
| |
| Otherwise, further assessment of the factors causing the exceedance of RG 1.174 guidance, as
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 well as implementation of corrective actions to ensure continuing plant operation is within guidance, will be conducted under the sites Corrective Action Program.
| |
| The assessment will raise some points for consideration for each evaluation period, including but not limited to the following:
| |
| * RICT applications that dominate the annual risk increase
| |
| * Relative contributions of planned and unplanned (i.e., emergent) RICT applications
| |
| * Risk Management Actions (RMAs) implemented but not credited in the risk calculations
| |
| * Risk of using a RICT versus not using a RICT and instead using multiple shorter system, structure, or component (SSC) outages
| |
| * Reduction in overall risk levels through improvements to SSC reliability and availability due to improved maintenance strategies allowed through the RICT program Corrective actions identified in the assessment to be necessary and appropriate are developed and approved as appropriate. These may include:
| |
| * Administrative restrictions on RICT use for specific high-risk configurations
| |
| * Additional RMAs for specific high-risk configurations
| |
| * Rescheduling of planned maintenance activities
| |
| * Deferring planned maintenance to shutdown conditions
| |
| * Use of temporary equipment to replace out-of-service SSCs
| |
| * Plant modifications to reduce the risk impact of future planned maintenance configurations In addition to impacting cumulative risk, the unavailability of SSCs may also be impacted by the implementation of the RICT Program. The existing Maintenance Rule (MR) monitoring programs set forth in 10 CFR 50.65(a)(1) and (a)(2) provide for evaluation and disposition of unavailability impacts that may be incurred from RICT Program implementation. Use of the MR Program is acceptable since SSCs in the scope of the RICT Program are also within the scope of the MR Program.
| |
| The monitoring program for MR, along with the specific assessment of cumulative risk impact described above, serve as the Implementation and Monitoring Program for the RICT Program as defined in Element 3 of RG 1.174 and NEI 06-09-A.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 1 RA-18-0190 ENCLOSURE 12 RISK MANAGEMENT ACTION EXAMPLES
| |
| | |
| U.S. Nuclear Regulatory Commission Page 2 RA-18-0190 1.0 PURPOSE This enclosure describes the process for identification of Risk Management Actions (RMAs) applicable during extended Completion Times (CTs) and provides examples of RMAs. RMAs will be governed by plant procedures for planning and scheduling maintenance activities. The procedures will provide guidance for the determination and implementation of RMAs when entering the Risk-Informed Completion Time (RICT) Program consistent with the guidance provided in NEI 06-09-A (Reference 2).
| |
| | |
| ==2.0 REFERENCES==
| |
| : 1. NRC Letter from Jennifer M. Golder to Biff Bradley (NEI), Final Safety Evaluation for Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS) Guidelines, May 17, 2007 (ADAMS Accession No. ML071200238).
| |
| : 2. Nuclear Energy Institute (NEI) Topical Report (TR) NEI 06-09-A, Risk-Informed Technical Specifications Initiative 4b, Risk-Managed Technical Specifications (RMTS)
| |
| Guidelines, Revision 0, October 12, 2012 (ADAMS Accession No. ML12286A322).
| |
| : 3. NUREG-1855, Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decision Making, Revision 1, U.S. Nuclear Regulatory Commission, March 2017 (ADAMS Accession No. ML17062A466).
| |
| : 4. EPRI TR-1026511, Practical Guidance on the Use of Probabilistic Risk Assessment in Risk-Informed Applications with a Focus on the Treatment of Uncertainty, Technical Update, Electric Power Research Institute, December 2012.
| |
| : 5. TSTF-505-A, Rev. 2, Technical Specifications Task Force Improved Standard Technical Specifications Change Traveler, November 2018.
| |
| : 6. Southern Nuclear Letter to US NRC, Vogtle Electric Generating Plant, Units 1 and 2 Response to Request for Additional Information on Technical Specifications Change to Adopt Risk Informed Completion Times, April 14, 2017 (ADAMS Accession No. ML17108A253).
| |
| | |
| ==3.0 INTRODUCTION==
| |
| | |
| Section 4.0, Item 13 of the NRC Final Safety Evaluation (Reference 1) for NEI 06-09-A (Reference 2) requires that the license amendment request (LAR) provide a description of the process to identify and provide compensatory measures and RMAs during extended CTs, including specific examples.
| |
| RMAs will be governed by plant procedures for planning and scheduling maintenance activities.
| |
| These procedures will provide guidance for the determination and implementation of RMAs when entering the RICT Program and is consistent with the guidance set forth in NEI 06-09-A (Reference 2).
| |
| 4.0 RESPONSIBILITIES Work Management is responsible for developing RMAs with assistance from Operations and Probabilistic Risk Assessment (PRA) for planned entries into the RICT Program. Operations is responsible for approval and implementation of these identified RMAs. Additionally, for emergent entries into the RICT Program, Operations is responsible for development of RMAs.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 3 RA-18-0190 5.0 PROCEDURAL GUIDANCE For planned maintenance activities, implementation of RMAs will be required if it is anticipated that the risk management action time (RMAT) will be exceeded. For emergent activities, RMAs must be implemented if the RMAT is reached. Additionally, if an emergent event occurs which requires recalculation of a RMAT already in place, the procedure will require a reevaluation of the existing RMAs for the new plant configuration to determine if the new RMAs are appropriate.
| |
| These requirements of the RICT Program are consistent with the guidance of NEI 06-09-A (Reference 2).
| |
| For emergent entry into a RICT, if the extent of condition is not known, RMAs related to the success of redundant and diverse structures, systems, or components (SSCs) and reducing the likelihood of initiating events relying on the affected function will be developed to address the increased likelihood of a common cause event.
| |
| RMAs will be implemented no later than the point at which an incremental core damage probability (ICDP) of 1.0E-06 is reached, or no later than the point at which an incremental large early release probability (ILERP) of 1.0E-07 is reached. If, as the result of an emergent condition, the instantaneous core damage frequency (CDF) or the instantaneous large early release frequency (LERF) exceeds 1.0E-03 per year or 1.0E-04 per year, respectively, RMAs are also required to be implemented. These requirements are consistent with the guidelines of NEI 06-09-A (Reference 2).
| |
| By determining which SSCs are most important from a CDF or LERF perspective for a specific plant configuration, RMAs may be created to protect these SSCs. Similarly, knowledge of the initiating event or sequence contribution to the configuration-specific CDF or LERF allows development of RMAs that enhance the capability to mitigate such events. The guidance in NUREG-1855 (Reference 3) and EPRI TR-1026511 (Reference 4) will be used in examining PRA results for significant contributors for the configuration, to aid in identifying appropriate compensatory measures (e.g., related to risk-significant systems that may provide diverse protection, or important support systems, or human actions). Enclosure 9 identifies several areas of uncertainty in the Internal Events, Internal Flooding, and Fire PRAs that will be considered in defining configuration-specific RMAs when entering a RICT.
| |
| If the planned maintenance activity or emergent condition scope includes an SSC that is identified to impact the Fire PRA as identified in the Configuration Risk Management Program (CRMP) software tool, Fire PRA-specific RMAs associated with that SSC will be implemented per plant procedure.
| |
| It is possible to credit RMAs in RICT calculations, to the extent the associated plant equipment and operator actions are modeled in the PRA; such quantification of RMAs, however, is neither required nor expected by NEI 06-09-A (Reference 2). Regardless, if RMAs are to be credited in RICT calculations, the relevant procedure instructions will be consistent with the guidance set forth in NEI 06-09-A (Reference 2).
| |
| | |
| U.S. Nuclear Regulatory Commission Page 4 RA-18-0190 6.0 TYPES OF RISK MANAGEMENT ACTIONS NEI 06-09-A (Reference 2) classifies RMAs into three categories, as discussed below.
| |
| : 1. Actions to increase risk awareness and control
| |
| * Shift brief
| |
| * Pre-job brief
| |
| * Training (formal or informal)
| |
| * Presence of system engineer or other subject matter expert (SME) related to the activity
| |
| * Special purpose procedure to identify risk sources and contingency plans
| |
| : 2. Actions to reduce the duration of maintenance activities
| |
| * Pre-staging materials
| |
| * Conducting training on mock-ups
| |
| * Performing the activity around the clock
| |
| * Performing walkdowns on the actual system(s) to be worked on prior to beginning work
| |
| : 3. Actions to minimize the magnitude of the risk increase
| |
| * Suspending or minimizing activities on redundant systems
| |
| * Suspending or minimizing activities on other systems that adversely affect the CDF or LERF
| |
| * Suspending or minimizing activities on systems that may cause a trip or transient to minimize the likelihood of an initiating event that the out-of-service component is meant to mitigate
| |
| * Using temporary equipment to provide backup power, ventilation, etc.
| |
| * Rescheduling other maintenance activities 7.0 CRITERIA AND INSIGHTS FOR DETERMINATION OF COMPENSATORY MEASURES AND RISK MANAGEMENT ACTIONS Risk Management is based on a graded approach where higher risk levels require more rigorous preparation and execution efforts. The risk levels and examples of the increasing effort for RMAs are noted in the table below:
| |
| Required Risk Management Risk Indicator Color Actions (RMAs)
| |
| Green None (Normal Work Controls)
| |
| (Not Risk Significant)
| |
| Yellow Level 1 RMAs (Caution - Low Risk)
| |
| Orange Level 1 and Level 2 RMAs (Degraded - Medium Risk)
| |
| Red Level 1, Level 2, and Level 3 (Severely Degraded - High RMAs Risk)
| |
| | |
| U.S. Nuclear Regulatory Commission Page 5 RA-18-0190 Each RMA level prescribes several actions and approvals with increasing scope as the risk increases. For example, an orange risk condition prescribes much more effort for protected equipment, operator briefings, etc. than a green risk condition. Additionally, approval levels for each level of RMA increases (e.g., Level 1 requires Shift Manager approval and Level 2 requires Plant Manager approval, note these specific positions are subject to change but are shown as an example).
| |
| Entry into a yellow or orange risk condition is not typical. However, such occurrences are allowed per procedure. Entry into these risk conditions is carefully scrutinized by plant staff and management. Mitigating actions are developed throughout the planning process to address the risk condition consistent with Duke Energy procedures.
| |
| Voluntary entry into a red risk condition is not allowed. If emergent issues cause entry into a red risk condition, immediate actions are taken to reduce risk, including restoration of components important to accident mitigation to a functional state at the very least. If risk cannot be reduced in a reasonable amount of time, an orderly transition to Mode 3 is considered. Orderly transition to Mode 3 is a controlled shutdown of the plant (versus a plant trip), which typically takes approximately 3 hours. An operating shift is permitted to take conservative action to shut down the plant at any time if conditions warrant. The recommendation based on risk color is simply an additional prompt based on the current plant configuration and items out of service. This controlled unit shutdown could also be required due to expiration of a RICT, which would occur if the entire RICT was utilized (at which point a red cumulative risk will have been reached).
| |
| The typical Required Action per the associated Technical Specification Action would be to be in Mode 3 within the next 6 hours.
| |
| RICT RMAs are identified based on configuration-specific risk and generally fit into three categories:
| |
| : 1. Actions to increase risk awareness and control
| |
| : 2. Actions to reduce the duration of maintenance activities
| |
| : 3. Actions to minimize the magnitude of the risk increase RMAs for the RICT Program can be developed both qualitatively and quantitatively. Examples of qualitatively determined RMAs include:
| |
| * Actions to increase awareness of the plant conditions (e.g. protected equipment boundaries to keep personnel physically away from equipment important for defense-in-depth),
| |
| * Pre-staging of materials (e.g. portable pumps, diesel generators, or air compressors)
| |
| * Training on mockups (e.g. maintenance training to minimize time in the repair activity)
| |
| * Rescheduling of other maintenance activities (e.g. cross train planned maintenance)
| |
| RMAs can also be selected using quantitative insights given by the Configuration Risk Management Program (CRMP). These insights address risk from internal events, internal flood, and internal fires. Examples include:
| |
| * Identification of important equipment or trains for protection,
| |
| * Identification of important Operator Actions for briefings,
| |
| * Identification of key flood compartments, fire initiators and fire zones.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 6 RA-18-0190 Common Cause RMAs lower configuration risk by focusing on:
| |
| : a. Availability of SSCs providing redundancy to the failed SSC.
| |
| : b. Availability of diverse SSCs providing redundancy for functions performed by the failed SSC
| |
| : c. Reducing the likelihood of events that can impact the availability of the SSCs described in (a) and (b).
| |
| : d. Readiness of operators to respond to initiating events assuming SSCs susceptible to failure by common cause will fail.
| |
| : e. Readiness of maintenance to respond to additional failures of SSCs described in (a) and (b).
| |
| RMAs for each RICT are recorded in the operations tracking and turnover tools (e.g., logs) and RMAs are included with the RICT documentation package, typically captured in a condition report or similar process.
| |
| According to Duke Energy procedures, Common Cause RMAs shall include the following actions:
| |
| : 1. Defer maintenance and testing activities that could generate an initiating event for which event mitigation may require operation of SSCs susceptible to failure by common cause.
| |
| : 2. Establish a compensatory action, shift brief, or Standing Instruction that focuses on actions operators will take in response to an initiating event and failure of SSCs susceptible to failure by common cause.
| |
| : 3. For SSCs that provide redundancy to the failed SSC or the function performed by the SSC:
| |
| : a. Reduce the likelihood of unavailability, including for support systems and power supplies.
| |
| : b. Perform non-intrusive inspections.
| |
| : c. Defer maintenance and testing activities that could impact the availability of the SSC.
| |
| Additional RMAs may be used and would be identified using the methodology described above.
| |
| If plant personnel establish a high degree of confidence such that no common cause failure mechanism exists that could affect the redundant component(s), or if an adjustment to the RICT calculation is made to numerically account for the increased probability of common cause failure in the CRMP model, then no Common Cause RMAs are required. Numerical adjustment for increased possibility of CCF will not typically be performed.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 7 RA-18-0190 8.0 EXAMPLE RMAs Representative examples of RMAs that may be considered during a RICT Program entry, to reduce the risk impact and ensure adequate defense-in-depth, for TS 3.8 electrical equipment and for several other examples are provided below. As directed in TSTF-505-A Rev 2 (Reference 5), additional focus has been made on TS 3.8, Electrical Power Systems, in particular, similar to what has been provided by Southern Nuclear in their request for additional information (RAI) response {{letter dated|date=April 14, 2017|text=letter dated April 14, 2017}} (Reference 6).
| |
| 8.1 TS 3.8 ACTION STATEMENTS To adequately demonstrate a reasonable balance of defense-in-depth is maintained, the following sample RMAs are provided for TS 3.8 Action Statements, which pertain to safety-related electrical equipment.
| |
| 8.1.1 TS 3.8.1 Action A One Offsite Circuit Inoperable For TS 3.8.1, Action A, one offsite circuit inoperable, the sample calculated RICT provided in is on the order of 132 days, compared to the front stop Completion Time of 72 hours. Example RMAs to ensure a reasonable balance of defense-in-depth is maintained during the example emergent scenario for TS 3.8.1, Action A are as follows:
| |
| : 1. Actions to increase risk awareness and control.
| |
| Briefing of the on-shift operations crew concerning the unit activities, including any compensatory measures established, and review of the appropriate emergency operating procedures for a Loss of Offsite Power and station blackout.
| |
| Notification to the Duke Energy Carolinas (DEC) Balancing Authority (BA) and Transmission Operations (TO) of the configuration so that any planned activities with the potential to cause a grid disturbance are deferred.
| |
| Conditional vulnerability preparation plans outlined in fleet operational and work management procedures to assess redundant component health, identify appropriate contingency actions, and establish monitoring requirements.
| |
| : 2. Actions to reduce the duration of maintenance activities.
| |
| For preplanned RICT entry, creation of a sub schedule related to the specific evolution which is reviewed for personnel resource availability Confirmation of parts availability prior to entry into a preplanned RICT.
| |
| Walkdown of work prior to execution.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 8 RA-18-0190
| |
| : 3. Actions to minimize the magnitude of the risk increase.
| |
| Evaluation of weather conditions for threats to the reliability of remaining offsite power supplies.
| |
| Management of elective maintenance in the switchyard, on the station electrical distribution systems, and on the main step-up and auxiliary transformers associated with the unit in the RICT in accordance with current site-specific guidance and practices.
| |
| Protection of the remaining offsite source, including switchyard and transformers.
| |
| Deferral of planned maintenance or testing that affects the reliability of DGs and their associated support equipment. Treat these as protected equipment.
| |
| Deferral of planned maintenance or testing on redundant train safety systems. If testing or maintenance activities must be performed, a review of the potential risk impact will be performed.
| |
| Operational risk management strategies outlined in fleet operational and work management procedures to improve risk mitigation capabilities through actions to prevent, detect, and correct issues during heightened risk configurations.
| |
| 8.1.2 TS 3.8.1 Action F One Offsite Circuit Inoperable and One Diesel Generator Inoperable For TS 3.8.1, Action F, one offsite circuit inoperable and one DG inoperable, the sample calculated RICT provided in Enclosure 1 is on the order of 69 days (limited to a 30-day backstop), as compared to the proposed front stop Completion Time of 72 hours (Note: The discussion regarding a return to a front stop Completion Time of 72 hours for one DG inoperable is provided in Attachment 1, Section 2.3 of this license amendment request). Example RMAs to ensure a reasonable balance of defense-in-depth is maintained during the example emergent scenario for TS 3.8.1, Action F are as follows:
| |
| : 1. Actions to increase risk awareness and control.
| |
| Briefing of the on-shift Operations crew concerning the unit activities, including any compensatory measures established, and review of the appropriate emergency operating procedures for a Loss of Offsite Power and station blackout.
| |
| Notification to the Duke Energy Carolinas (DEC) Balancing Authority (BA) and Transmission Operations (TOP) of the configuration so that any planned activities with the potential to cause a grid disturbance are deferred.
| |
| Proactive implementation of RMAs during times of high grid stress conditions, such as during high demand conditions.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 9 RA-18-0190 For a planned RICT, prior to removal from service the actions in the associated loss of bus procedure would be reviewed and implemented.
| |
| Conditional vulnerability preparation plans outlined in fleet operational and work management procedures to assess redundant component health, identify appropriate contingency actions, and establish monitoring requirements.
| |
| : 2. Actions to reduce the duration of maintenance activities.
| |
| For preplanned RICT entry, creation of a sub schedule related to the specific evolution which is reviewed for personnel resource availability.
| |
| Confirmation of parts availability prior to entry into a preplanned RICT.
| |
| Walkdown of work prior to execution.
| |
| : 3. Actions to minimize the magnitude of the risk increase.
| |
| Evaluation of weather conditions for threats to the reliability of remaining offsite power supplies.
| |
| Management of elective maintenance in the switchyard, on the station electrical distribution systems, and on the main step-up and auxiliary transformers associated with the unit in the RICT in accordance with current site-specific guidance.
| |
| Evaluation of the availability of the opposite units electrical distribution system and ability to supply power to the subject unit's Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES).
| |
| Deferral of planned maintenance or testing that affects the reliability of operable DGs (including the opposite unit's DGs) and their associated support equipment. Treat the remaining operable DGs (including the opposite unit's DGs) as protected equipment.
| |
| Evaluate currently ongoing maintenance activities and prioritize activities for return to service per CRMP Component Importance report.
| |
| Operational risk management strategies outlined in fleet operational and work management procedures to improve risk mitigation capabilities through actions to prevent, detect, and correct issues during heightened risk configurations.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 10 RA-18-0190 8.1.3 TS 3.8.1 Action H One Automatic Load Sequencer Inoperable For TS 3.8.1, Action H, one automatic load sequencer inoperable, the sample calculated RICT provided in Enclosure 1 is on the order of 74 days (limited to 30-day backstop), as compared to the current front stop Completion Time of 12 hours. Example RMAs to ensure a reasonable balance of defense-in-depth is maintained during the example emergent scenario for TS 3.8.1, Action H are as follows:
| |
| : 1. Actions to increase risk awareness and control.
| |
| Briefing of the on-shift operations crew concerning the unit activities, including any compensatory measures established, and review of the appropriate emergency operating procedures for a Loss of Offsite Power and station blackout.
| |
| Notification to the Duke Energy Carolinas (DEC) Balancing Authority (BA) and Transmission Operations (TOP) of the configuration so that any planned activities with the potential to cause a grid disturbance are deferred.
| |
| Proactive implementation of RMAs during times of high grid stress conditions prior to reaching the RMAT, such as during high demand conditions.
| |
| For a planned RICT, prior to removal from service the actions in the associated loss of bus procedure would be reviewed and implemented.
| |
| Conditional vulnerability preparation plans outlined in fleet operational and work management procedures to assess redundant component health, identify appropriate contingency actions, and establish monitoring requirements.
| |
| : 2. Actions to reduce the duration of maintenance activities.
| |
| For preplanned RICT entry, creation of a sub schedule related to the specific evolution which is reviewed for personnel resource availability.
| |
| Confirmation of parts availability prior to entry into a preplanned RICT.
| |
| Walkdown of work prior to execution.
| |
| : 3. Actions to minimize the magnitude of the risk increase.
| |
| Evaluation of weather conditions for threats to the reliability of remaining offsite power supplies.
| |
| Management of elective maintenance in the switchyard, on the station electrical distribution systems, and on the main step-up and auxiliary transformers associated with the unit in the RICT in accordance with current site-specific guidance.
| |
| | |
| U.S. Nuclear Regulatory Commission Page 11 RA-18-0190 Evaluation of the availability of the opposite units electrical distribution system and ability to supply power to the subject unit's Nuclear Service Water System (NSWS), Control Room Area Ventilation System (CRAVS), Control Room Area Chilled Water System (CRACWS) and Auxiliary Building Filtered Ventilation Exhaust System (ABFVES).
| |
| Deferral of planned maintenance or testing that affects the reliability of operable DGs (including the opposite unit's DGs) and their associated support equipment. Treat the remaining operable DGs (including the opposite unit's DGs) as protected equipment.
| |
| Evaluate currently ongoing maintenance activities and prioritize activities for return to service per CRMP Component Importance report.
| |
| Operational risk management strategies outlined in fleet operational and work management procedures to improve risk mitigation capabilities through actions to prevent, detect, and correct issues during heightened risk configurations.
| |
| 8.2 Other Example RMAs To provide a more diverse set of examples for sample RMAs, the following is provided to demonstrate that a reasonable balance of defense-in-depth is maintained.
| |
| 8.2.1 TS 3.7.5 Action B One Auxiliary Feedwater (AFW) Train Inoperable For TS 3.7.5, Action B, one AFW train inoperable, the sample calculated RICT provided in is on the order of 44 days (limited to 30-day backstop), as compared to the current front stop Completion Time of 72 hours. Example RMAs to ensure a reasonable balance of defense-in-depth is maintained during the example emergent scenario for TS 3.7.5, Action B are as follows:
| |
| : 1. Actions to increase risk awareness and control.
| |
| Briefing of the on-shift Operations crew concerning the unit activities, including any compensatory measures established.
| |
| Briefing of the on-shift Operations crew of actions operators will take in response to plant transients, including manual operation of the AFW pumps along with mitigating strategies in the event of loss of secondary heat sink conditions.
| |
| Evaluate plant configuration to identify appropriate protected equipment schemes utilizing insights from the CRMP Component Importance report.
| |
| Update and report of daily risk profile and unit status report.
| |
| Conditional vulnerability preparation plans outlined in fleet operational and work management procedures to assess redundant component health,
| |
| | |
| U.S. Nuclear Regulatory Commission Page 12 RA-18-0190 identify appropriate contingency actions, and establish monitoring requirements.
| |
| : 2. Actions to reduce the duration of maintenance activities.
| |
| For preplanned RICT entry, creation of a sub schedule related to the specific evolution which is reviewed for personnel resource availability.
| |
| Confirmation of parts availability prior to entry into a preplanned RICT.
| |
| Evaluate the appropriateness of continuous maintenance and engineering support coverage.
| |
| Walkdown of work prior to execution.
| |
| : 3. Actions to minimize the magnitude of the risk increase.
| |
| Defer planned maintenance or testing activities on diverse main or auxiliary feedwater train subsystems and their associated support equipment. Evaluate treating those systems as protected equipment.
| |
| Consider deferring planned maintenance or testing that elevates plant risk. If testing or maintenance activities must be performed, a review of the potential risk impact will be performed.
| |
| Perform additional main and auxiliary feedwater train system walkdowns to ensure redundant components exhibit appropriate equipment performance.
| |
| Operational risk management strategies outlined in fleet operational and work management procedures to improve risk mitigation capabilities through actions to prevent, detect, and correct issues during heightened risk configurations.}}
| |
