Response to NRC Request for Additional Information Regarding PG&E Letter DCL-11-059, License Amendment Request 11-04, Revision to Technical Specification 3.6.6, 'Containment Spray and Cooling Systems,' ...

ML12038A041
Person / Time
Site:	Diablo Canyon
Issue date:	02/06/2012
From:	Becker J R Pacific Gas & Electric Co
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
DCL-11-059, DCL-12-017
Download: ML12038A041 (16)
v • d • e

Text

Pacific Gas and Electric Company February 6,2012 PG&E Letter DCL-12-017 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 Diablo Canyon Units 1 and 2 James R. Becker Site Vice President 10 CFR 50.90 Diablo Canyon Power Plant Mail Code 104/6 P. O. Box 56 Avila Beach, CA 93424 805.545.3462 Internal:

691.3462 Fax: 805.545.6445 Response to NRC Request for Additional Information regarding PG&E Letter DCL-11-059. "License Amendment Request 11-04. Revision to Technical Specification (TS) 3.6.6. 'Containment Spray and Cooling Systems.'

TS 3.7.5. 'Auxiliary Feedwater (AFW) System.' TS 3.8.1. 'AC Sources -Operating.'

TS 3.8.9. 'Distribution Systems -Operating.'

and TS Example 1.3-3"

Reference:

1. PG&E Letter DCL-11-059, "License Amendment Request 11-04, Revision to Technical Specification (TS) 3.6.6, 'Containment Spray and Cooling Systems,'

TS 3.7.5, 'Auxiliary Feedwater (AFW) System,' TS 3.8.1, 'AC Sources -Operating,'

TS 3.8.9, 'Distribution Systems -Operating,'

and TS Example 1.3-3," dated June 1, 2011 In Reference 1, Pacific Gas and Electric Company (PG&E) submitted a license amendment request to revise Technical Specification (TS) 3.6.6, "Containment Spray and Cooling Systems," TS 3.7.5, "Auxiliary Feedwater (AFW) System," TS 3.8.1 , "AC Sources -Operating," TS 3.8.9, "Distribution Systems -Operating," and TS Example 1.3-3. The NRC Staff provided a request for additional information (RAI) via e-mail, dated January 5, 2012. The Enclosure to this letter provides PG&E's response to the NRC request for additional information.

PG&E makes no regulatory commitments (as defined by NEI 99-04) in this letter. If you have any questions or require additional information, please contact Mr. Tom Baldwin at (805) 545-4720.

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

• Comanche Peak

• Diablo Canyon

• Palo Verde

• San Onofre

• South Texas Project

• Wolf Creek Document Control Desk February 6,2012 Page 2 PG&E Letter DCL-12-017 I state under penalty of perjury that the foregoing is true and correct. Executed on February 6,2012. Site Vice President Mjrm/4557/50329767 Enclosure cc: Diablo Distribution cc/enc: Elmo E. Collins, NRC Region IV Nathanial B. Ferrer, NRC Project Manager Michael S. Peck, NRC Senior Resident Inspector Alan B. Wang, NRR Project Manager A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

• Comanche Peak

• Diablo Canyon

• Palo Verde

• San Onofre

• South Texas Project

• Wolf Creek Enclosure PG&E Letter DCL-12-0177 PG&E Response to NRC Request for Additional Information regarding PG&E Letter DCL-11-059, "License Amendment Request 11-04, Revision to Technical Specification (TS) 3.6.6, 'Containment Spray and Cooling Systems,'

TS 3.7.5, 'Auxiliary Feedwater (AFW) System,' TS 3.8.1, 'AC Sources -Operating,'

TS 3.8.9, 'Distribution Systems -Operating,'

and TS Example 1.3-3." NRC Question 1: On page 8 of the application letter dated June 1, 2011, the licensee, PG&E, states, "under the scenario with one steam supply for the turbine-driven auxiliary feedwater pump (TDAFWP) inoperable and one motor-driven auxiliary feedwater pump (MDAFWP) inoperable, a feed line or steam line rupture could challenge the capability of the auxiliary feedwater (AFW) system to provide feedwater." The staff is evaluating conditions of the plant during scenarios such as a feedwater line break (FWLB) or a main steamline break (MSLB) on steam generator (SG) 3 occurs when the MDAFWP 1-2 for SG1 and SG2 is inoperable and the steam supply from SG2 to the TDAFWP is inoperable.

This scenario would leave only SG4 supplied by MDAFWP 1-3 available.

In final safety analysis report (FSAR) Table 6.5-2, the licensee requires a minimum of 390 gpm auxiliary feedwater (AFW) flow to 2 of the 4 intact SGs to mitigate a main feed line break. Therefore, in such scenarios the licensee would not meet the design requirement as stipulated in their design basis to mitigate an accident.

Hence, the request to continue operations for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> with one steam supply inoperable coincident with an inoperable motor driven pump may result in such postulated scenario that is beyond the current analyzed design basis. In its draft safety evaluation report (SER) for TSTF-412, dated April 14, 2006, the staff considered the possible credit for operators having the ability to remotely feed other SGs from the control room using the operable MDAFWP. Figure 1 in the letter dated June 1, 2011, does show a possible cross tie line between the discharge headers of MDAFWP's.

However, in their application the licensee does not mention using the cross tie line to mitigate accidents when the plant is in a degraded condition.

The staff requests the licensee to justify their proposed TS that allows for continued operations for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> in conditions that result in an unanalyzed condition.

Note: the licensee can limit the proposed condition, where the inoperable steam supply could only exist on the SG that can be fed by the operable MDAFWP. PG&E Response:

The model safety evaluation for Technical Specification Task Force (TSTF)-412 states the following which is applicable to the DCPP application: "A proposed 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is applicable to plants that may provide insufficient flow to the steam generators (SGs) in accordance with accident analyses assumptions if a main steam line break (MSLB) or feedwater line break 1 Enclosure PG&E Letter DCL-12-017 (FLB) were to occur that renders the remaining steam supply to the turbine driven AFW/EFW pump inoperable (a concurrent single failure is not assumed).

Insufficient feedwater flow could result, for example, if a single motor driven AFW IEFW train does not have sufficient capacity to satisfy accident analyses assumptions, or if the operable pump is feeding the faulted SG (Le., the SG that is aligned to the operable steam supply for the turbine driven AFW IEFW pump). [This would typically apply to plants with each AFW IEFW motor driven pump having less than 100% of the required flow.]" The model safety evaluation for TSTF-412 also states: "The STS typically allows a72 hour or longer Completion Time for Conditions where the remaining operable equipment is able to mitigate postulated accidents without assuming a concurrent single active failure. In this particular case, a 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is proposed for the situation where the AFW IEFW system would be able to perform its function for most postulated events, and would only be challenged by a MSLB or FLB that renders the remaining operable steam supply to the turbine driven AFW/EFW pump inoperable.

Additionally, depending on the capacity of the operable motor driven AFW/EFW pump, it may be able to mitigate MSLB and FLB accidents during those instances when it is not aligned to the faulted SG. The selection of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for the Completion Time is based on the remaining operable steam supply to the turbine driven AFW IEFW pump and the continued functionality of the turbine driven AFW IEFW train, the remaining operable motor driven AFW IEFW train, and the low likelihood of an event occurring during this 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> period that would challenge the capability of the AFW IEFW system to provide feedwater to the SGs. The proposed Completion Time for this particular situation is consistent with what was approved for Waterford 3 by License Amendment 173 for a similar Condition (ADAMS Accession No. ML012840538), and it is consistent with the STS in that the proposed Completion Time is much less than the 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> that is allowed for the situation where accident mitigation capability is maintained.

Therefore, the NRC staff agrees that the proposed 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is acceptable for this particular situation." The proposed 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> completion time is appropriate because the AFW system would, consistent with the above TSTF scenario, be able to perform its function for most postulated events, and would only be challenged by a MSLB or FLB that renders the remaining operable steam supply to the turbine driven AFW IEFW pump inoperable.

The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> completion time is consistent with the assumptions in the TSTF and is appropriate, "based on the remaining operable steam supply to the turbine driven AFW IEFW pump and the continued functionality of the turbine driven AFW IEFW train, the remaining operable motor driven AFW IEFW train, and the low likelihood of an event occurring during this 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> period that would challenge the capability of the AFW IEFW system to provide feedwater to the SGs." The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> proposed completion time is much less than the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> completion time applicable for a single inoperable AFW pump, and less than the TSTF-412 48 hour5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> 2 Enclosure PG&E Letter DCL-12-017 completion time applicable when the remaining operable motor driven AFW train is capable of providing sufficient feedwater flow in accordance with accident analyses assumptions.

PG&E does not rely upon or take credit for the cross tie line between the two motor driven pumps for any design basis accident mitigations since the required valves must be manually operated at remote plant locations that may not be accessible under all accident scenarios.

NRC Question 2: Based upon the event that happened June 29, 2009, the Eagle control system has a failure mode in which a single failure affects the operability of both MDAFW pumps. The FSAR section 3.3.2.3.2.7, External Design Class I Piping and Valves, evaluated events related to AFW valves. However, there is no discussion on the affects of the Eagle system Loop Calculation Processor (LCP) card failure. The licensee's design basis for emergency core cooling system addresses shared active components and delineates that components must meet the criteria stated in FSAR 3. 1.8.8 Criterion

44. Also, FSAR Section 7.2.2.2.9 describes the standards that the Eagle 21 system must meet. The staff requests the licensee a) provide an evaluation of the Eagle LCP card failure modes, to include consequences of a latent failure, b) Determine how the Eagle system with its card failures satisfies the design requirements described in FSAR Section 7.2.2.2.9, c) determine if the LCP card failure is a limiting failure, d) Evaluate whether the FSAR should include a discussion on this failure mode. Typically, the discharge valve is mostly closed when starling centrifugal pumps. However, the proposed immediate action directs operators to demand LCV valves full open. e) Describe how this action affects the operation of the MDAFWPs. f) Will upgrading the Eagle 21 Process Protection System address this failure mode? PG&E Response: (a) Provide an evaluation of the Eagle LCP card failure modes, to include consequences of a latent failure. . The Eagle 21 System is designed to provide for predetermined failure modes for loss-of-power and diagnostic situations.

Loop Processor Subsystem diagnostic detections are classified into two major groups, Fatal and Non-Fatal.

Non-Fatal diagnostic detections do not result in deliberate action to the reactor trip engineered safety feature (RT/ESF) comparators or the analog outputs. However, a contact is actuated for a "Trouble" status light and/or "Channel Set Failure" annunciator to provide for operator detectability.

Each Eagle-21 system rack also provides a contact output for a "Channel Set Failure" annunciator to alert the operator that a Fatal diagnostic detection has occurred.

A single annunciator is provided with four (4) reflash inputs (1 per protection set). The annunciator printout is used to identify the failed protection set. Fatal diagnostic detections result in the setting of all RT/ESF comparators to the same preferred 3

Enclosure PG&E Letter DCL-12-017 failure mode specified by the protection system functional requirements for of-power conditions.

Most analog outputs to indicators, recorders, control systems, plant computer, etc. are designed to fail-as-is upon detection of a Loop Processor Subsystem fatal diagnostic in order to prevent perturbation of plant control systems. Eagle 21 provides the steam generator (SG) level signal outputs to the AFW level control valve (LCV) positioners.

When a Fatal failure occurs, the SG level signal from Eagle 21 will fail "as-is" on the rack, nominally 65.2 percent (SG level setpoint), which results in a valve position of 50 percent open on an AFW demand. The valves are normally maintained full open in standby while the unit is at power. The failed "as-is" valve demand would result in the valves stroking closed to 50 percent open on an AFW actuation signal, throttling flow to the SG, inhibiting full open positions. (b) Determine how the Eagle system with its card failures satisfies the design requirements described in FSAR Section 7.2.2.2.9 Final Safety Analysis Report Update (FSARU) Section 7.2.2.2.9 states the following: "The standards that are applicable to the Eagle 21 Design, Verification, and Validation Plan are IEEE Standard 603-1980 (Reference 28), Regulatory Guide 1.152 (Reference 29), Regulatory Guide 1.153 (Reference 30), and ANS-7-4.3.2 (Reference 31 )." PG&E has reviewed the above standards and determined that the standards are met with the exception of IEEE 603-1980, Subpart 6.3.1. IEEE 603-1980, 6.3.1 states, "Where a single credible event, including all direct and consequential results of that event, can cause a nonsafety system action that results in a condition requiring protective action and can concurrently prevent the protective action in those sense and command feature channels designated to provide principal protection against the condition, one or more of the following requirements shall be met: ... " Alternate channels are not available to satisfy 6.3.1 (1) and 6.3.1 (2). Subpart 6.3.1 is not met because a Loop Calculation Processor (LCP) Card failure or rack lockup results in a condition requiring protective action when conservatively interpreting the requirement to place the LCVs in manual as equivalent to the portion of the IEEE 603-1980 definition of "protective action" that describes "operation of equipment within the execute features for the purpose of accomplishing a safety function." Regulatory Guide (RG) 1.153, December 1985, which provides a replacement Figure 7 of IEEE 603-1980, is consistent with the conclusion that the criteria of 6.3.1 (1) and 4 Enclosure PG&E Letter OCL-12-017 6.3.1 (2) are not met. RG 1.152, dated November 1985, does not modify nor impose additional requirements with respect to safety/nonsafety system interactions. (c) Determine if the LCP card failure is a limiting failure. The LCP card failure is not the limiting single AFW system failure for accident mitigation.

The feedline rupture is the limiting accident for AFW system minimum flow requirements.

The failure of the turbine-driven (TO) AFW pump would be the limiting failure since it would normally be able to feed three intact SGs to mitigate the accident.

The LCP card failure could at worst result in the closure of one LCV on each motor-driven (MO) AFW pump, or the loss of AFW flow to two intact SGs. (d) Evaluate whether the FSAR should include a discussion on this failure mode. Typically, the discharge valve is mostly closed when starling centrifugal pumps. However, the proposed immediate action directs operators to demand LCV valves full open. As discussed in response (c) above, the LCP card failure at worst could be comparable to the failure of one MOAFW pump feeding two intact SGs. This failure remains bounded by the Loss of Normal Feedwater and feedline rupture accident analyses as currently presented in the FSARU. Since the FSARU does not typically provide discussion of nonlimiting system failures, it is not considered necessary to specifically discuss the LCP card failure within the FSARU. The OCPP AFW LCVs are normally full open and deenergized when the AFW system is not in use. (e) Describe how this action affects the operation of the MDAFWPs. Placing the level control valves in manual overrides the automatic SG level control function and automatic pump runout protection.

The level control valves are normally full open and deenergized.

Upon an AFW actuation, while the level control valves are in automatic control, the automatic control will reposition the valves based on the SG level signal. In the case of a failed LCP, rack lock up, or power failure with the level control valves in automatic control, the failed as-is SG level signal will be provided to the controllers that drive the level control valves to meet flow requirements.

With manual control set and the valve demand set to full open, the level control valves will remain in the full open position upon AFW actuation, and may be adjusted to control SG level or provide runout protection by manually adjusting the controls in the control room. (f) Will upgrading the Eagle 21 Process Protection System address this failure mode? This failure mode will not exist when Eagle 21 is replaced. (Reference PG&E Letter OCL-11-1 04, "License Amendment Request 11-07 Process Protection System Replacement," dated October 26,2011) 5 NRC Question 3: Enclosure PG&E Letter DCL-12-017 The licensee is proposing a new condition "8" be added to TS 3.7.5 to accommodate inoperability of the automatic control of the level control valves (LCV) to the SGs from the MDAFWPs. This condition results in both MDAFWP trains being declared inoperable.

Current TS follow staff guidance to initiate a plant shutdown when both trains of MDAFWP are inoperable.

The licensee is proposing an immediate action to place both LCVs in manual with a full open demand. The licensee only proposes an immediate action and does not propose a completion time to return the automatic control to operable status. Furthermore, does the immediate action to place both LCVs in manual operation create any other credited actions (and associated completion times) for the "dedicated operator"?

In addition the licensee claims it does not have to analyze for additional equipment failures while in the proposed TS Action statement due to inoperable automatic control of the MDAFW LCV(s). The relaxation of meeting the single failure criterion was intended to be temporary.

Since the proposed action statement does not stipulate a completion time to return the automatic control, the system could remain in the degraded condition indefinitely.

Therefore, for indefinite operating conditions, the staff requires the licensee to evaluate for additional equipment failures while in this degraded condition.

The staff requests the licensee provide an evaluation of additional equipment failures while the control valves automatic ability is inoperable, or provide a completion time to restore the function and its basis. PG&E Response:

Once the operators have performed the immediate action to place the affected AFW LCVs in manual control with the valve demand set to full open, there are no other required operator actions or associated completion times. As described in PG&E Letter DCL-11-059 (LAR 11-04, Reference

1) and clarified in this response, the AFW system configuration as allowed by new Technical Specification (TS) 3.7.5 Condition B is capable of automatically fulfilling required design basis accident mitigation functions when considering a limiting single active system failure. The proposed TS 3.7.5 Condition B only allows indefinite operation under the specific condition in which all three AFW pumps are available for automatic operation and the only degraded system component is the loss of one automatic level control valve (LCV) on one or more MDAFW pumps. Any other AFW system component failure would place the plant in a more restrictive TS 3.7.5 Limiting Condition of Operation (LCO) Action statement and associated completion time than allowed by Condition B. The MDAFW pump LCVs perform the nonsafety-related function of SG level control and the safety-related function of throttling to prevent pump runout conditions when feeding a faulted SG. As described in the LAR 11-04, runout protection is not a concern for the Loss of Normal Feedwater event since it do.es not involve a faulted SG. Therefore, manually placing the inoperable LCV to full open ensures that the two MDAFW pumps 6 Enclosure PG&E Letter DCL-12-017 can provide the minimum flow assumed in the safety analysis even when considering the limiting single failure of the TDAFW pump. The feedline rupture accident does result in a faulted and depressurized SG. Therefore, PG&E performed additional evaluations of the AFW system performance to demonstrate acceptable accident mitigation with one LCV on each MDAFW pump incapable of automatically throttling for runout protection as designed.

In TS 3.7.5 Condition B, each MDAFW pump would still have one LCV capable of automatic throttling.

The limiting plant condition that occurs during a feedline rupture occurs when the faulted SG is completely depressurized.

However, the feedline rupture initiates a rapid main steam isolation signal that automatically isolates the intact SGs from the fault. As shown in FSARU Figure 15.4.2-13, the intact SGs then pressurize to the lowest main steam safety valve setpoint to provide secondary steam heat removal well before the faulted SG is completely depressurized.

PG&E has performed evaluations of the AFW system performance to establish that the single operable LCV on each MDAFW pump is still capable of preventing adverse pump runout conditions for the limiting single failures assumed in the FSAR accident analyses.

7

'0 len .. _0-;,

390 gpm > 390 gpm NA Faulted SG3 o gpm NA(2) o gpm Intact SG 4 > 195 gpm NA(2) >195 gpm Failure Case 1. TDAFW PP 1 Fails Intact SGs 1 and 2 FAIL > 390 gpm NA(2) Faulted SG3 FAIL NA(2) Ogpm Intact SG 4 FAIL NA(2) > 195 gpm Failure Case 2. MDAFW PP 2 Fails Intact SGs 1 and 2 > 390 gpm FAIL NA(2) Faulted SG3 o gpm NA(2) Ogpm Intact SG 4 > 195 gpm NA(2) > 195 gpm Failure Case 3. MDAFW PP 3 Fails Intact SGs 1 and 2 > 390 gpm > 390 gpm NA(2) Faulted SG3 o gpm NA(2) FAIL Intact SG 4 > 195 gpm NA(2) FAIL Note 1 -AFW flow rates are at ten minutes after the FLB occurs when operators isolate the faulted SG3. Note 2 -MDAFW pump 2 only feeds SG 1 and SG2 while MDAFW pump 3 only feeds SG3 and SG4. 10 NRC Question 4: Enclosure PG&E Letter DCL-12-017 In Enclosure 2 of letter dated, June 1, 2011, the licensee provides "example 4': showing how the individual completion times would be limited to less than the 10 day second limiting condition for operation (LCD) time limit. These action statements are based upon existing TS. However, the licensee is also proposing changes to TS 3.7.5 in accordance with TSTF-412 and TSTF-340. The licensee does not provide an assessment the new action statements and completion times that will be allowed with the incorporation of these TSTFs. The intent of the second action statement was to limit not meeting LCD 3.7.5 to less than 10 days. Since the limit of the previous completion times were 7 days and 3 days, then 10 days could not be exceeded without re-entry into first action statement or shutting down the plant. With the incorporation of TSTF-412 and TSTF-340, there are two provisions under Condition that allow a 7-day completion time. Together, there exist a possible scenario where the LCD could not be met for up to 14-days. For example, coming out of a refueling outage the licensee tests the steam-driven AFW pump and finds a faulty governor and enters an action statement with a 7 day completion time for an inoperable steam driven AFW pump. After 6 days, they retest the pump and the governor is operable. However, during the test one of the steam admission valves fails. The action statement for an inoperable steam supply allows the licensee 7 days to return it to operable status. If the licensee exits the initial 7 day completion time and starts a new 7 day completion time, the AFW system LCD could possibly not be met for greater than the 10 day limit that exists with the second action statement. The staff requests the licensee to assess implementation of TSTF-439 under the new conditions being proposed within this amendment to justify whether the second completion time can be removed. PG&E Response: Assess implementation of TSTF-439 under the new conditions being proposed within the amendment. Under the new conditions being proposed: Condition A TS 3.7.5 Condition A provides that if the TDAFW is inoperable due to one inoperable steam supply or inoperable in MODE 3 following refueling, a 7 -day completion time is allowed to restore the equipment to OPERABLE status. Condition B TS 3.7.5 Condition B requires immediately placing affected AFW level control valves in manual control with valve demand full open or declaring the associated AFW train inoperable. 11 Condition C Enclosure PG&E Letter DCL-12-017 TS 3.7.5 Condition C, applicable for the TDAFW train inoperable for reasons other than Condition A or a MDAFW train inoperable, requires restoring the AFW train to OPERABLE status in 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. Condition D TS 3.7.5 Condition D, applicable when the TDAFW train is inoperable due to one inoperable steam supply and a MDAFW train inoperable, requires restoration of the inoperable steam supply or the MDAFW train within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. Condition E, applicable when either Condition A, C, or D completion times are not met or two AFW trains are inoperable for reasons other than Condition D, requires the plant to be in MODE 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and MODE 4 in 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br />, where only one MDAFW train is required to be OPERABLE. Conditions F and G both require immediate action to restore an AFW train to operable status. The scenario in NRC Question 4 above states the following: " ... coming out of a refueling outage the licensee tests the steam-driven AFW pump and finds a faulty governor and enters an action statement with a 7 day completion time for an inoperable steam driven AFW pump. After 6 days, they retest the pump and the governor is operable. However, during the test one of the steam admission valves fails. The action statement for an inoperable steam supply allows the licensee 7 days to return it to operable status. If the licensee exits the initial 7 day completion time and starts a new 7 day completion time, the AFW system LCO could possibly not be met for greater than the 10 day limit that exists with the second action statement." The above statement is not correct. TS Use and Application requires that, "An ACTIONS Condition remains in effect and the Required Actions apply until the Condition no longer exists or the unit is not within the LCO Applicability." If while testing to restore the TDAFW pump to OPERABLE status for a "Turbine driven AFW pump inoperable in MODE 3 following refueling," one of the steam admission valves fails, Condition A could not be exited because the TDAFW pump was not restored to OPERABLE status. Under a different scenario where the governor is restored to OPERABLE status and then it is discovered that one of the steam supplies is inoperable, the current existing second completion time would not apply. This is the case whenever the LCO is satisfied, even if momentarily, and would not be restricted by a second completion time, including the current Diablo Canyon Power Plant (DCPP) TS. The regulatory oversight process and Maintenance Rule program provide strong incentives for limiting the time that risk significant equipment is inoperable. 12 NRC Question 5: Enclosure PG&E Letter DCL-12-017 In enclosure 2 of letter dated, June 1,2011, the licensee states, "The administrative controls will ensure that a single contiguous occurrence of failing to meet the LCO will not be extended beyond the additive Completion Times of the two Required Actions for restoration unless a risk evaluation is performed, and the risk impact is managed." TS 3.7.5 and TS 3.8.1 include the statement, "LCO 3.0.4b is not applicable." LCO 3.0.4b permits the licensee to perform a risk assessment addressing inoperable systems and components, and based upon the results allows the licensee an exception to the restriction on not changing modes. Based upon the risk importance of AFW and emergency diesel generator (EDG) systems, their respective TS prohibit the use of using a risk assessment to be exempt from the mode change restriction. The staff requests the licensee justify why administrative controls should allow a risk evaluation for AFW and EDG systems to extend conditions where the system is not meeting the LCO beyond the first completion time. PG&E Response: The proposed amendment does not change the restriction where LCO 3.0.4b is not applicable. PG&E believes the original intent of the second completion times, consistent with the TSTF-439 Background section, was to prevent indefinite operation while failing to meet a LCO. Specifically, the following was included in the TSTF: An NRC internal memo dated August 5, 1991, described the issue. As stated in the memo, "In these Specifications the following phrase was added in the Completion Time column of the Conditions that could extend the AOT: '[10 days] from discovery of failure to meet the LCO.' The [10 day] Completion Time cap is found by adding the maximum Completion Times from the two Conditions that could extend the AOT." In the case of TS 3.7.5 for AFW, the TSTF further states: "The second Completion Time is not needed. For the second Completion Time to be limiting, Conditions A and B must be entered concurrently. However, Condition C requires an immediate shutdown when two trains are inoperable. Therefore, the second Completion Time will never be limiting and can be removed. In addition, the Reactor Oversight Process monitors the availability of the AFW system. Such frequent, repeated failures of the AFW system would be reported to the NRC and this represents a strong disincentive to such operation." 13 Enclosure PG&E Letter DCL-12-017 In addition to the programs that were implemented after second completion times, " ... a requirement is added to Section 1.3 of the Technical Specifications to require licensees to have administrative controls to limit the maximum time allowed for any combination of Conditions that result in a single contiguous occurrence of failing to meet the LCD. These administrative controls should consider plant risk and shall limit the maximum contiguous time of failing to meet the LCD. This Technical Specification requirement, when considered with the regulatory processes discussed above, provide an equivalent or superior level of plant safety without the unnecessary complication of the Technical Specifications by second Completion Times on some Specifications." Consistent with the supplement provided by Comanche Peak on November 30, 2007, PG&E provided the following commitment in PG&E Letter DCL-11-059: PG&E will revise procedure OP1.DC17, "Control of Equip Required by Technical Specifications or Designated Programs." The administrative controls will ensure that a single contiguous occurrence of failing to meet the LCD will not be extended beyond the additive Completion Times of the two Required Actions for restoration unless a risk evaluation is performed, and the risk impact is managed. This TS requirement, when considered with the regulatory processes discussed above, provide an equivalent or superior level of plant safety without the unnecessary complication of the TS by second Completion Times on some specifications. 14