ML20133A351

From kanterella
Revision as of 03:34, 10 August 2022 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Submits Comments on Rev 9 to AP600 Ssar Which Included Rev to AP600 TS
ML20133A351
Person / Time
Site: 05200003
Issue date: 12/24/1996
From: Huffman W
NRC (Affiliation Not Assigned)
To: Liparulo N
WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
References
NUDOCS 9612310056
Download: ML20133A351 (18)


Text

- . - - - -

+0U%

e" 4 UNITED STATES j j NUCLEAR REGULATORY COMMISSION o f WASHINGTON, D.C. 20566-0001

.....* December 24, 1996

, Mr. Nicholas J. Liparulo, Manager 4

Nuclear Safety and Regulatory Analysis Nuclear and Advanced Technology Division 4

Westinghouse Electric Corporation P.O. Box 355 Pittsburgh, Pennsylvania 15230

SUBJECT:

4 INITIAL COMMENTS ON THE AP600 REVISED TECHNICAL SPECIFICATIONS (TS)

Dear Mr. Liparulo:

Revision 9 to the AP600 standard safety analysis report (SSAR) included a revision to AP600 technical specifications (08/96-Amendment 0). Westinghouse

has modelled the content of the revised AP600 TS to be consistent with NUREG-1431, " Standard Technical Specifications, Westinghouse Plants" (STS) to the maximum extent possible; however, the AP600 is a first-of-a-kind advanced light i

water reactor employing passive system designs that necessitate some new l approaches to TS. System, structures, and components included in this design, beyond those addressed by NUREG-1431, were screened by Westinghouse for i inclusion in the TS using criteria provided by 10CFR50.36. The AP600 TS also utilize optimized completion times and surveillance frequencies which deviate substantially from the STS but provide a rationale for action times based on a methodology employing deterministic and probabilistic criteria. In addition, the AP600 TS include low power and shutdown specifications, and have designated Mode 4 as the safe shutdown endstate for many LCO action statements to the extent that it can be technically justified. Westinghouse has documented tne differences between the AP600 TS and STS in a submittal to the NRC dated October 11, 1996. The staff is using this document to assist in its review of the AP600 TS.

A number of preliminary questions and comments on the revised AP600 TS are enclosed with this letter. The review of the technical specifications is not yet complete and the enclosed comments do not constitute all the comments that the staff may have. In general, the staff has not yet extensively assessed the acceptability of the optimized completion times and surveillance frequency methodology and application while reviewing TS. Additional information on the optimization criteria has been requested in a separate correspondence to Westinghouse dated December 12, 1996.

We suggest that Westinghouse provide a draft markup of AP600 TS where it concludes that changes to TS based on the staff's comments are appropriate.

Westinghouse should provide written explanation to the staff for those comments that it will not incorporate into the TS. We also request that these comments be included in the open item tracking system so that the status and disposition of these items can be tracked.

NRC FRE CENTER COPY g ,

9612310056 961224 ADOCK 052000 3

{DR

0

\

\

Mr. Nicholas J. Liparulo December 24, 1996 If you have any questions regarding this matter, you may contact me at (301) 415-1141.

Sincerely, Original Signed By:

William C. Huffman, Project Manager Standardization Project Directorate Division of Reactor Program Management Office of Nuclear Reactor Regulation Docket No.52-003

Enclosure:

As stated cc w/ enclosure:

See next page ,

DISTRIBUT LQH:

Docket-File, PDST R/F TMartin PUBLIC DMatthews TRQuay TKenyon BHuffman JSebrosky DJackson JMoore, 0-15 B18 WDean, 0-17 G21 ACRS (11) CGrimes, 0-13 AChu, 0-13 TCollins, 0-8 E23 JLyons, 0-8 D1 HLi, 0-8 H3  ;

Alevin, 0-8 E23 RJones, 0-10 E4 JKudrick, 0-8 H7  !

MSnodderly, 0-8 H7 NSaltos, 0-10 E4 JBongarra, 0-9 H15 Gholshan. 0-8 E2 GHsii, 0-8 E23 MPohida, 0-8 E4  ;

JFlack, 0-10 E4 JBrammer, 0-7 H17 GBagchi, 0-7 H15 i CLi, 0-8 D1 GThomas, 0-8 E23 JRaval, 0-8 D1 RYoung, 0-8 D1 DOCUMENT NAME: A: TS-CMMTS.PLM OfflCE PM:DPST:DRPM: TS6:ADPF:NRR I NAME WHuffmWO h AChu LL DATE 12/33/96 " __ 12//g9q l 0FFICE TSB:ADPR:N8R , l D:PDST:D_ RPM l NAME CIGrimes / T/[ 1RQuay/nIW I

.DATE 12/2.4/96 W C_12f_Q96 __l To receive a copy of thW docume nt, indica,te in the box: "C" = Copy without enclosures *E* = Copy with enclosures *N"

= No c.ipy i

4 Mr. Nicholas J. Liparulo December 24, 1996 If you have any questions regarding this matter, you may contact me at (301) 415-1141.

Sincerely, N3 William C. Huffman, Project Manager Standardization Project Directorate Division of Reactor Program Management Office of Nuclear Reactor Regulation Docket No.52-003

Enclosure:

As stated cc w/ enclosure:

See next page 1

I i

s

' Q9ESTIONS AND COMENTS CONCERNING Hr.sTI','GH095E AP600 TECMICAL SPECIFICATIONS

1) Safe Shutdown End State, LCO 3.0.3:  ;

LCO 3.0.3 specifies that when an LCO is not met and the associated Actions are not met, the plant shall be placed in MODE 5 within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />.

However, both LCOs 3.0.2 and 3.0.3 add a statement that "when plant conditions or configuration prevent the unit from being brought to the  ;

required MODE within the time limits specified using normal plant procedures, expedited actions shall be taken to establish and maintain the required plant conditions..." LCO 3.0.2 further states that " entry into LCO 3.0.3 is not'reauired in this situation" (Underline added).

This essentially amounts to a waiver for LCO 3.0.3 when the mode reduction cannot be accomplished within the required completion time as long as " expedited actions" are taken.

The situation arises because the MODE reduction completion times specified in LCO 3.0.3, when an LCO is not met, are based on the availability of non-safety, active systems, such as startup feedwater system (SFW) and normal residual heat removal system (RNS). If these active systems are not available, the AP600 passive systems alone cannot achieve MODE reduction within the specified times. Therefore, if the active heat removal systems needed for cool-down are not available, LCO 3.0.2 and 3.0.3 would not only permit longer MODE reduction times, but also exempt the MODE reduction requirement altogether as long as expedited actions are taken to accomplish unit shutdown as soon as practical. There are no further specifications regarding the " expedited actions" as well as the extended completion time.

While the SFW and RNS are necessary systems for MODE reduction within the specified completion times, they are not included in the TS because, Westinghouse contends, they do not meet any of the criteria for inclusion in the TS. Therefore, there is no TS requirement to control the reliability and availability of an important non-safety active system that is needed to complete the MODE reduction mission; and, when an LCO is not met, the compliance for LCO 3.0.3 MODE reduction is waived when this active system is unavailable. Without any control over the reliability / availability of the important RNS, there will be no control i to minimize the exemption of MODE reduction requirement when an LCO is not met, and LCO 3.0.3 becomes meaningless because it is exempt when the RNS is unavailable.

Therefore, the proposed LCOs 3.0.2 and 3.0.3, as well as their BASES, are not acceptable. The TS should be revised by either deleting the statement of compliance exemption (due to nonsafety system unavailability) from LCOs 3.0.2 and 3.0.3, or adding the reliability / availability requirements of important nonsafety systems that i are needed for completion of MODE reduction within the specified times.

In SECY-94-084, Item A. Regulatory Treatment of Non-safny Systems, the Commission indicated its acceptance of " simple technical specifications" 4 as an availability control mechanism for the important non-safety systems. If Westinghouse proposes to include in LCOs 3.0.2 and 3.0.3 the statement allowing compliance exemption, it should also propose a proper 1

- .- - - - - = - - -.

TS LCO to assure availability of those active systems which are relied upon to complete the mode reduction requirements.

2) Page B 3.0-10:

)'

There is a typo in the last paragraph in that Specification "5.5.9" should be "5.5.8."

3) B 3.).1 Shutdown Margin:

The LC0 BASES states that for steam line break accidents, if the LC0 is violated, there is a potential to exceed the DNBR limit and to exceed

, " radioactive release limits" (without referencing the 10CFR100 limits).

In the October 11, 1996, letter, Westirghouse explains that reference to 10CFR100 limits is deleted as they wilt not be applicable to AP600. Why are Part 100 limits not applicable to AP600, and what are the

" radioactive release limits" stated in the AP600 TS BASES?

4) B 3.1.3 Moderator Temperature Coefficient (MTC):

The sentence in the BACKGROUND section (fifth paragraph) of the STS, "[If the LCO limits are not met,) the core could violate criteria that prohibit a return to criticality, or the departure from nucleate hiling i ratio criteria of the approved correlation may be violated, which could lead to a loss of the fuel cladding integrity," is deleted in the AP600 TS. Westinghouse, in the October 11, 1996, letter, states that this statement applies to the AP600 and will be restored in the final TS submittal. Westinghouse should ensure this commitment is met.

5) LCO 3.1.4 Rod Group Alignment Limits:
a. When more than one red is not within the alignment limit (Condition D),

the Required Action specifies for operator to either (D.2.1) restore rods l to within the alignment limit within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, or (0.2.2) bring the plant to MODE 3 within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. The BASES states that 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> is a reasonable time to bring the plant from full power to MODE 3 in an orderly manner and without challenging plant system. Action D.2.1, which is an added option compared to STS, appears to be not logical. This is because if the operator tries and fails to restore rods to within alignment limit within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, there could be insufficient time left to bring the plant to MODE 3 in an orderly manner.

b. SR 3.1.4.3 differs from the STS in that the verification of rod drop time of each rod opposed to T willgreater be performed than or with equalT,To 500*F in STS.less than or 11, The October equal to 545 F as 1996, Westin%ouse letter explained that the basis for performing rod drop time measurement at a lower temperature is not AP600 specific, and that Wolf Creek has made a submittal for NRC approval and the WOG is pursuing this as a generic change. The staff review of the Wolf Creek submittal has determined that no sufficient technical basis has been
provided to date to warrant its acceptance. The staff is unaware of the WOG submittal for the generic change (to date). Therefore, SR 3.1.4.3 is not acceptable pending further resolution of the issue.

2

i

6) LCO 3.2.1 Heat Flux Hot Channel Factor (F,(Z)) (F Methodology):

The normalized F (Z) as a function of core height, i.e., K(Z), is deleted in LCO 3.2.1. TheBASESstatesthatfortheAP600,K(Z)is1.0. In its

October 11, 1996, letter, Westinghouse indicates that the normalized F (Z) curve for this plant is flat as it is not limited by small break LkA results. This conclusion will be subject to confirmation upon the completion of staff review of Chapter 15 LOCA analysis.
7) LCO 3.3.2 Engineered Safety Feature Actuation System Instrumentation:

Throughout LCO 3.3.2, the plant is allowed to have the end state remaining in same MODE of operation (applicable MODE) for an LCO function. There are several functions where, when the LCOs and associated Required Actions are not met, the required end MODES remain the same as the applicable MODES of the LCOs. For example:

a. Condition B (one manual initiation device inoperable) in LCO 3.3.2 is applicable to many ESF manual actuation functions (e.g.,

safeguard, CM1, containment isolation, ADS stages, passive containment cooling, passive RHR, block steam dump, IRWST injection line and recirculation valves). When the plant fails to meet the required number of channels of any of these ESF functions while in MODES 1, 2, 3, or 4, or in MODE 4 when the RCS not being cooled by RNS (Footnote j in Table 3.3.2-1), Actions B.3.1 and B.3.2 allow the plant to be in MODE 3 in 80 hours9.259259e-4 days <br />0.0222 hours <br />1.322751e-4 weeks <br />3.044e-5 months <br /> and in MODE 4 in 96 hours0.00111 days <br />0.0267 hours <br />1.587302e-4 weeks <br />3.6528e-5 months <br /> (Note: Actions B.1 or B.2 need not be complied with because of "0R" logic). This essentially allows no corrective actions for failure to comply with the required number of channels when the plant is in MODE 4. The BASES (P.-B 3.3-99) indicates that in MODE 4, these functions are no longer required to be OPERABLE. If that is the case, the Applicable MODEr in Table 3.3.2-1 should be modified to be consistent.

b. Condition C of LC0 3.3.2 is applicable to ESFACs gic (Function 25 in Table 3.3.2-1) when operating in Applicable A0 DES 1, 2, 3, or 4. Action C.2.2 allows the plant to be placed and remain in MODE 4 without any corrective actions (note: "0R" gate) for failure to meet the required channels / division of the ESFACs Logic while operating in the applicable MODES. The BASES states that in MODE 4, these functions are no longer required to be OPERABLE, which is inconsistent with the Applicable MODES in Table 3.3.2-1.
c. Inconsistencies similar to items (a) and (b) are noted below:

- Condition F ("AND" Action F.1 to place the inoperable channel in bypass, therefore the required number of channels is reduced) vs.

Functions Ib, 2b, 9b, 10b, 12b, 13c, 14b, 15b, 15c, 16a, 16c, 20b, 23b.

- Condition G vs. Function 26a.

3

i s

- Condition I (Place channel in bypass "AND" MODE 3 end state) vs.

Function 5b.

- Condition S (Boolean Logic not clear) vs. Functions ~4b, 6b, 7b, and 8a.

- Condition T vs. Function 20a.

- Condition U vs. Functions 4a, 6a, and 7a.

8) LCO 3.4.1 RCS Pressure, Temperature, and Flow DNB Lini'.s:
a. LCO 3.4.1 indicates that the RCS DN8 parameter LCO limits are specified in COLR. This is a deviation from Westinghouse STS. In the October 11, 1996, letter, Westinghouse indicates that this change is consistent with the WOG proposal to add DNB limits to the COLR in WCAP-14483, " Generic Methodology for Expanded Core Operating Limit Report," November 1995. This report is still under staff review. Prior to its approval, the removal of the RCS DNB parameters limits from TS to COLR is not acceptable.
b. There is an inconsistency in the AP600 TS. Though LCO 3.4.1 >

indicates the RCS DNB parameters limits are specified in COLR, LC0 3.4.1 is not listed in Specification 5.6.5, Core Operating Limits Report (COLR), but is listed in Specification 5.6.6, Reactor  ;

Coolant System Pressure and Temperature Limits Report (PTLR).

9) LCO 3.4.3 RCS Pressure and Temperature (P/T) Limits:

Action B.2 requires the plant to be placed in MODE 4 within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for Condition B, i.e. the Required Action and Completion Time for Condition A (LC0 not met in MODES 1, 2, 3, or 4) are not met. Therefore, if the plant is operating in MODE 4 when the LCO is not met, there would be no required action. This is inconsistent with STS, where B.2 requires the plant to be in MODE 5 with RCS pressure less than 500 psig within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. Westinghouse should provide bases or justification for this deviation.

10) LCO 3.4.4 RCS Loops - MODES I and 2:

When the LCO is not met, Required Action requires the operator to either (A1) restore all four RCPs to operating condition within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> (an added option compared to STS), or (A2) bring the ,d ant to MODE 3 within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This appears to be not logical because if the operator tries and fails to restore RCP operation within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, there would be insufficient time to bring the plant to MODE 3 in an orderly manner.

11) LCO 3.4.6 Pressurizer:
a. The operability requirement for the pressurizer heaters to provide a minimum required available capacity is deleted form the AP600 TS. The BASES states that the safety analyses do not take credit for pressurizer heater operation. The October 11, 1996, letter states that for AP600, pressurizer heaters are not needed to 4
\

! maintain subcooling in the long term during a loss of offsite

{ power. Therefore, the deletion of the pressurizer heater i 3

operability requirement is acceptable. However, the analysis of a i steam generator tube rupture event takes credit for the trip of j the pressurizer heaters. There should be a requirement on the ability to trip the pressurizer heaters in accordance with Criterion 3 of the Policy Statement.

l b. There is a typo in Required Action A.1 where the word " restore" is 3

mistyped as " reactor." Also, the Completion Times for placing the plant in MODES 3 and 4 are drastically increased from 6 and 12 i  !

i hours, respectively, to 80 and 96 hours0.00111 days <br />0.0267 hours <br />1.587302e-4 weeks <br />3.6528e-5 months <br />. Acceptability of these i Completion Times snould be further evaluated.

l 12) LCO 3.4.10 RCS Leakage Detection Instrumentation:

i i a. LCO 3.4.10 Applicability Modes include MODE 4, and Action C.2

{ requires the plant to be placed in MODE 4 in 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> when the LCO l and associated actions are not met. It appears that when the

plant was operating in MODE 4, nothing more need to be done when
the LCO is not met.
b. In a memorandum to Westinghouse dated November 26, 1996, the staff i provided comments on the AP600 detection of Reactor Coolant i Pressure Boundary leakage. For example, the staff noted that the j use of the gaseous N13/F18 monitor is inconsistent with TS l j requirements which state that the containment atmosphere i
radioactivity monitor shall be operable in modes 1, 2, 3 and 4.

! Since the leak detection capability of this instrument is j effective only above 20 percent power, its use does not appear to be appropriate for modes 2, 3, and 4, as well as mode I below 20 percent power.

13) LCO 3.4.12 Automatic Depressurization System - Operating:

When the LCO and other required actions are not met during MODES 1, 2, 3, and 4 operation, Action C.2 requires the plant to be placed in MODE 4 in l

24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. The BASES indicates the reason for the end state of MODE 4 is '

l that the probability and consequences of a design basis event are minimized. This is inconsistent with the LCO applicability MODES which l include MODE 4. If the LCO is not required to be complied with in MODE j 4, then MODE 4 should be removed from the applicability MODES, and another LCO with specific configurations and supporting analysis shall be developed for MODE 4. Otherwise, failure to meet this LCO and corrective j , actions should enter into LCO 3.0.3 immediately.

1 j 14) LCO 3.4.13 Automatic Depressurization System - Shutdown, RCS Intact J LCO 3.4.14 Automatic Depressurization System - Shutdown, RCS Open i

LCO 3.4.13 and 3.4.14 specify the configurations and operability of i various ADS stages for shutdown operation. Westinghouse should ensure

} the configurations and operability are consistent with the shutdown PRA

assumptions.

)

5 i

1

)

4

15) LCO 3.5.1 Accumulators:

LCO 3.5.1 requires both accumulators to be o>erable while in MODES 1, 2, 3, and 4 with pressurizer pressure greater tian 1000 psig.

a. In Condition A when one accumulator is inoperable due to boron concentration, nitrogen pressure, or volume outside limits, Action A.1 requires restoration within 7 days. BASES A.1 indicates that )

i this completion time is considered acceptable because deviations  !

in these parameters are expected to be slight considering the pressure and volume are verified once per 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. However, the

>oron concentration is verified or.co per 31 days per SR 3.5.1.4.

Also, there is no DBA analysis with the assumption of an j accumulator inoperable to demonstrate that the AP600 design can 3 sustain an additicnal single failure and remain able to mitigate all DBA. Therefore, it does not meet " Single Failure" criteria of I Westinghouse's proposed Completion Time Logic. Therefore the completion time should be changed to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, consistent with STS.

j

b. In Condition B when one accumulator is inoperable for reasons other than Condition A, the TS allows 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> (completion time) ,

for accumulator restoration. The BASES considers this to be acceptable, because, with one accumulator inoperable, the remaining accumulator is capable of providing the required safety l function, based on PRA success criteria thermal / hydraulic analyses. However, the design basis analyses for small break LOCA assume both accumulators to be operable. If one accumulator is inoperable, a direct vessel injection line break would render the operable accumulator useless as its contents are discharged through the break. No DBA analysis was performed for this scenario. Therefore, the 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> completion time is unacceptable.

The completion should be changed to one hour, consistent with the STS.

c. LC0 3.5.1 requires operability of both accumulators during operation in MODES I and 2, and MODES 3 and 4 with pressurizer pressure greater than 1000 psig. Action D1 requires the plant to  ;

be in MODE 3 with pressurizer pressure less than 1000 psig in 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. If the plant was in MODE 4 operation, would it need to increase the RCS temperature to above 420'F when the LCO and other corrective actions are not met? Why?

d. The Required Actions and Completion Times for Conditions C and D are not acceptable. When both accumulators are inoperable, due to boron concentration outside limits or other reasons, the plant should enter into LCO 3.0.3 immediately, consistent with STS.

6

1

)

l 16) LCO 3.5.4 Passive Residual Heat Removal Heat Exchanger - Operating:  ;

i LCO 3.5.4 specifies operability of the PRHR heat exchanger during MODES

, 1, 2, 3, and 4. When the LCO is not met for reasons other than conditions listed in the specification, the required end state is MODE 4.

! This end state and LC0 MODES of applicability are not consistent.

Failure to meet this LCO should result in immediate entry into LCO 3.0.3 ,

immediately.

)

17) !.00 3.5.6 In-Containeetit Refueling Water Storage Tank - Operating I LCO 3.5.6 specifies operability of the IRWST during MODES 1, 2, 3, and 4.

When the LCO is not met for reasons other than conditions listed in the specification, the required end state is MODE 4. This is not acceptable.

Failure to meet this LC0 should result in immediate entry into LCO 3.0.3.

18) LC0 3.5.7 IRWST - Shutdown, RCS Iwentory High LCO 3.5.8 IRWST - Shutdown, RCS Inventory Low LCO 3.5.7 and 3.5.8 specify that the IRWST, with one injection flow path and one containment recirculation flow path, shall be operable during MODE 5 and 6 operation. Since Westinghouse has not submitted the Shutdown Evaluation Report, the staff has not made a determination as to whether this configuration (compared to operability of both injection flow paths and both recirculation paths) is sufficient. Westinghouse should ensure this configuration is consistent with that assumed in the  !

shutdown PRA.

The bases for LCO 3.5.8 states that two injection and recirculation flow paths must be operable. The is inconsistent with the actual LCO and presumably in error.

19) STS LCO 3.9.4 Containment Penetrations (Refueling Operations):

The LCO for containment penetrations for refueling operation is l eliminated in AP600 TS. Westinghouse should provide the bases for deleting this LCO.

20) 5.6.5 Core Operating Limits Report (COLR):

Item b. lists the approved analytical methods used to determine the core operating limits. The small break LOCA analysis code, NOTRUMP, is not listed. Both large and small break LOCA should be listed because the small break LOCA analysis must be performed to confirm that large break LOCAs is limiting.

The approved methodology for LCO 3.2.5 OPDMS-monitored power distribution parameters is not listed in this section. Is the methodology the same as WCAP-12473, BEACON? If so, WCAP-12473 should be listed.

7

1 i 21) LCO 3.4.12 Automatic Depressurization System j~ LCO 3.5.6 In-containment Refueling Water Storage Tank i

l The squib valves are important components of these systems, however, no

operability determination criteria or surveillance requirements are j stated for these valves. These valves should be specifically addressed i

in the AP600 TS.

l 22) LCO 3.4.12 Automatic Depressurization System It is the staff's understanding that ADS 1, 2, and 3, discharge piping i have vacuum breakers to reduce possible hydrodynamic loads from water

. slugs which may form in the sparger piping. The function of these vacuum breakers is similar to those found on the safety relief valves in BWRs.

i The BWR vacuum breakers are subject to technical specification operability requirements. Westinghouse should determine if the ADS line i vacuum breakers should be subject to similar TS requirements.

} 23) LCO 3.5.2 Core Makeup Tanks

! The CMT discharge line check valves are biased open. Confirmation that j the check valve position remains open would seem to be an important l verification that the system is operable. The need to include position

! verification of these check valves into the AP600 TS should be assessed.

. This comment may also be applicable to the check valves in the IRWST ,

j injection flow path (LC0 3.5.6) l

)

24) STS LC0 3.4.14 RCS Pressure Isolation Valve Leakage i

i STS LCO 3.4.14 for the RCS PIV leakage limits is eliminated in AP600 l t TS.Section 3.4.8 in the AP600 Technical Specifications, Revision 1 dated

!- January 13, 1994 contained specifications for leak testing of Reactor i

{ Coolant System pressure isolation valves (PIVs). Amendment 0 of these i

. specifications dated August 1996 deleted these specifications. The Chemical Volume and Control System (CVS), Normal Residual Heat Removal

System (RNS), Primary Sampling System (PSS), and the Liquid Radwaste

! System (WLS) all contain PIVs. The portions of the CVS, PSS, and WLS l

! outside of their respective outside isolation valves are all non-safety i i systems and therefore non-seismic systems. In addition, the low pressure l

portions of these three systems has not been designed to the staff's 1

position discussed in the DSER, Section.3.9.3.1, "AP600 Design Criteria

] for ISLOCA" (Reference DSER Open Item 20.3-14 [0lTS 1514] for a

' discussion of this issue). If the PIVs in the CVS, PSS, and WLS are not leak tested, gross failure of the low pressure, non-seismic portions of these systems should be assumed and radiological consequences of PIV excessive leakage should be evaluated. Even if the resolution of DSER Open Item 20.3-14 results in the implementation of the criteria in DSER Section 3.9.3.1, i.e., the low pressure portion is designed to an equivalent RCS pressure, a failure resulting from a seismic event still has to be assumed because these systems are non-seismic. If the evaluation discussed above is not performed, reinstate the specifications for leak testing of RCS PIVs into the Technical Specifications, unless the low pressure portion of these systems are designed to the equivalent RCS pressure, and are reclassified as Seismic Category I.

8

25) Inservice Testing Program All the passive core cooling system LCOs, the passive containment cooling system LCO, and the main control room habitability system LC0 specify system performance surveillances in accordance with the " Inservice l

Testing Program." The AP600 Inservice Testing Program is discussed in AP600 TS Section 5.5.4 and will be consistent the with Section XI of the ASME Boiler and Pressure Vessel Code. The ASME Section XI IST program 1 does not address any system level performance requirements related to the AP600 and is not applicable to these surveillances. Detailed system i performance surveillance testing criteria should be included in the AP600 TS.

4 The staff notes that Table 3.9-17 of the AP600 SSAR provides " System Level Inservice Testing Requirements." Westinghouse should explain the  ;

relationship of this table to the AP600 TS and how these system level inservice testing requirements were established (i.e., provide the bases) and how the requirements in the table are intended to be implemented.

The staff also notes that some of the requirements are not consistent with previous NRC positions. For example, the main control room pressurization testing specified in Note 8 of Table 3.9-17 in not in accordance to the policy position defined in SECY-95-132.

26) 5.5.6 Secondary Water Chemistry Program Revise the first sentence to read: "This program provides controls for monitoring secondary water chemistry to inhibit SG tube degradation, low pressure turbine disc stress corrosion cracking, and flow accelerated corrcsion of all carbon steel components."
27) TS bases B 3.7.1, Main Steam Safety Valve, states that in MODES 4 (with normal residual heat removal system in service), there are "no credible transients requiring the MSSVs." Therefore, the applicability modes for LCO 3.7.1, Main Steam Safety Valve, do not include Mode 4 with RCS cooled by RNS.

Justify the statement that "no credible transients requiring the MSSVs."

Assuming that RNS fails during Mode 4 (with RCS cooled by RNS) and that MSSVs are not operable, explain how the secondary system overpressure can be protected.

28) In LCO 3.7.1 Action B.2, Westinghouse uses Mode 4 as the safe end state.

This is not consistent with the specified applicability modes. It should be " Mode 4 with RCS cooled by RNS" even if the justification provided in the above question concerning B 3.7.1 is found acceptable.

29) Draft TS 3.7.8, Secondary Coolant Leakage The Plant Systems Branch has reviewed Westinghouse's letter, dated July 26, 1996, regarding "AP600 LBB QUESTIONS" and found the position 9

described in the letter regarding steamline leakage control unacceptable.

In the letter, Westinghouse revised its previous response to Q410.145 2 withdrawing its TS commitment for steamline leakage detection without j withdrawing LBB for the steamline application. The staff found that the alternative method proposed by Westinghouse, using administrative procedures, did not provide sufficient measures to justify LBB application for steamlines. By letter dated September 5, 1996, the staff indicated to Westinghouse that application of LBB to the steamlines is not acceptable without a TS for mainsteam leakage detection because the technology of LBB relies on the detection of leaks prior to pipe breaks.

Westinghouse was requested to provide a proper TS for steamline leakage detection.

In response, Westinghouse provided informal draft TS 3.7.8, Secondary Coolant Leakage on October 24, 1996. The NRC staff (SPLB, TSB, and ECGB) j are reviewing it. A telecon between Westinghouse and the staff was held on November 5, 1996. The staff asked justification from Westinghouse as related to (1) the adequacy and margin of 5.0 gpm as the leakage limit and (2) the leakage reducing time of 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> before entering into Action B.I.

30) In TS bases B.3.4.11, RCS Specific Activity, Westinghouse states that "the LC0 limits are established to be consistent with the design basis fuel defect level of 0.25 percent..." as the basis for the LC0 limits.

This statement implies that the staff accepts 0.25 percent fuel defect level, which is contrary to the staff position in Chapter 11 of the DSER.

Westinghouse should reword this sentence to avoid misunderstanding.

1 The staff accepts the assumption of one percent fuel defect, not 0.25 percent, for the safety analysis in SSAR Chapter 11. For iodines and l noble gases, the staff accepts the limit of 0.4 pCi/gm as an exception j based on this limit being subject to TS control. The staff does not accept 0.25 percent fuel defect level. Therefore, Westinghouse can not i use it as the basis for establishing LC0 limits. l

31) LC0 3.7.6, Main Control Room Habitability System (VES)

(a) APPLICABILITY It is stated that " APPLICABILITY" applies for MODES 1,2,3 and 4 and during movement of irradiated fuel assemblies. The bases ,

states that VES in not required for Modes 5 or 6 (when irradiated !

fuel is not being moved) because accidents involving fission '

product release are not postulated. Where have Mode 5 and 6 l events been evaluated to justify this conclusion.

]

(b) SURVEILLANCE FREQUENCY The staff believes that the surveillance requirements for SR l 3.7.6.3, SR 3.7.6.4, SR 3.7.6.5, SR 3.7.6.6, SR 3.7.6.7, and SR l 3.7.6.8 should all be "7 Days" instead of the frequencies  !

specified unless specific justification can be provided. 1 i

10 g

9

! The surveillance frequency for SR 3.7.6.9 should be every refueling outage in accordance with SECY-35-132.

(c) SURVEILLANCE DESCRIPTION

SR 3.7.6.1 Verification of air temperature of main control room '

i j should be "78* F" and not "80' F."

, SR 3.7.6.2 should state that " Verify that the compresses air i storage tanks are pressurized with no storage tanks isolated from  :

the system to [;t 3400 psig but s 3600 psig)."  !

! SR 3.7.6.6 should state that " Verify that each VES pressure relief l

isolation valve within the MCR pressure boundary is OPERABLE upon l receipt of an actual or simulated actuation signal."

The surveillance description in SR 3.7.6.9 should be consistent with SECY-95-132. Both a minimum and maximum flow addition rate  !'

should be included in the surveillance description.

(d) BASES The " BACKGROUND" description (Page B 3.7-24, Third Paragraph, Fourth line) should state MCR initial temperature as "78* F" and not "80* F."

APPLICABLE SAFETY ANALYSES (Pages B 3.7-25) Explain why VBS does not isolate and initiate the VES on containment isolation and include the rationale in Third Paragraph. .

The Third Paragraph, First Sentence should state that "In the  !

event of high level of gaseous radioactivity outside of the MCR, '

the VBS.... filtration functions." The Third and Fourth Sentences should state that "Upon exceeding predetermined setpoint for high particulate or iodine radioactivity or all ac power loss, a safety related signal......VES storage tanks. Isolation of the VBS consists of closing safety related VBS isolation dampers in the i supply....MCR pressure boundary." l 1

32) In LCO 3.7.3, Actions C, Main Feedwater Isolation and Control Valves, the required action is not possible for two flow paths with two valves in the same flow path inoperable, in Modes 1 or 2, because the system will be not functional with both flow paths isolated. The plant should be placed  !

in Mode 3 and at least one flow path should be restored to operable  ;

status.

33) In Bases C.1 of TS 3.7.3, with two inoperable valves in the same flow ,

path, there will be no redundant system to operate automatically and perform the required safety function. Under these conditions, at least one valve in each affected flow path should be restorcd to operable status and the affected flow path should be isolated within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.

, 11

34) In LCO 3.7.7, Action B, Startup Feedwater and Control Valves, the required action is not acceptable for more than one flow paths with two inoperable valves. Because the system become inoperable with two inoperable flow paths isolated. The plant should be in Mode 3 and at least one flow path should be restored to operable status.
35) Third paragraph of the BACKGROUND in Bases B 3.7.7 (startup feedwater isolation and control valves), the statements does not correctly describe the system design and the paragraph should be revised to conform to the

, design changes.

36) In Bases B3.'i.7, Actions B.1 and B.2, for one or more flow paths with 4 both the isolation and control valves inoperable, isolation of the affected flow paths within I hour is acceptable. However, at least one flow path should be restored to operable status within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.
37) TS 3.7.7 and its bases are written without references. The TS should refer to AP600 SSAR Section 10.4.9 and should be conform with the system design and functioning.
38) The AP600 defense-in-depth and diversity analysis (WCAP-13633) takes credit for the Diverse Actuation System (DAS) in meeting the diversity requirements for reactor trip and engineered safety features actuation.

This system is used to support the AP600 risk goals by reducing the probability of a severe accident resulting from a postulated transient and a common-mode failure in the protection and control systems. The DAS

, meets the objectives of Criterion 4 of 10CFR50.36 - a structure, system, or component which operating experience or probabilistic risk assessment has shown to be significant to public health and safety. Therefore, the staff requires that the DAS be included in the AP600 technical spesifications.

39) Two of the reactor trip functions - Overtemperature Delta T and Overpower Delta T, require inputs from reactor coolant inlet and outlet i temperatures. However, RCS T-cold and T-hot were not listed in Table 3.3.1-1, " Reactor Trip System Instrumentation." Table 3.3.1-1 should be updated to include these two inputs.
40) The pressurizer level reference leg temperature compensation input provides density compensation in the pressurizer high water level protection function. Table 3.3.1-1 should be updated to include this input.
41) Table 3.3.1-1 item 16, " Reactor Trip System Interlocks" should include P-17, " Power Range Nuclear Power Negative Rate Below Setpoint Blocks Automatic Rod Withdrawal," to be consistent with design requirements.
42) Many items in Table 3.3.2-1, " Engineered Safeguard Actuation System Instrumentation" are not consistent with design information in SSAR Section 7.3. Specifically, Table 3.3.2-1 should be consistent with Table 7.3-1, " Engineered Safety Features Actuation Signals" in SSAR Section 7.3. Taole 3.3.2-1 should be updated.

12

43) Table 3.3.3-1, " Post-Accident Monitoring Instrumentation" is not consistent with Table 7.5-1, " Post-Accident Monitoring System" in SSAR Section 7.5. The parameter selection criteria for Table 3.3.3-1 should be defined in the Bases section (B3.3.3).
44) In the BASES for post-accident monitoring (PAM) instrumentation, it is stated that the PAM instrumentation ensures that the main control room operating staff can perform the diagnosis specified in the emergency operating procedures (EOPs). AP600 E0Ps include " Shutdown Safety Operation." However, the PAM instrumentation is only applicable to operating modes 1, 2, and 3. Provide PAM instrumentation in the technical specifications that will be used other than modes 1, 2, and 3 consistent with the E0Ps.
45) Because of the increased potential of common mode failure in software based systems, NRC has in past ALWR reviews taken the position that administrative controls are needed to raise the level of awareness that 1&C failures must be carefully evaluated to determine if the root causes  ;

are hardware or software failures. Failures traced to software must be carefully considered for their common mode failure potential.  ;

The following proposed wording may be used for " Common Mode Failure .

Evaluation Program" under Administrative Control in Section 5.0 to l address the above concern.

"This program provides controls to ensure that appropriate software and i hardware evaluation procedures are established to protect the plant from 1 common mode failure, and to ensure that redundant system capability is not adversely affected. This program shall evaluate the cause of inoperability, the affected components, and the plans and schedule for completing proposed remedial actions. If a determination is made that a l common mode failure exists within independent channels or independent  !

systems credited to provide functions controlled by Technical  :

Specifications, then a Special Repart shall be submitted to NRC within 30 I days. The report shall include a description of the cause of the l failure, the affected components, and plans and schedule for completing i proposed remedial activities."

46) Administrative Controls 5.2.2 (Unit Staff)

This proposed change eliminates the requirement for non-licensed operators. Non-licensed operators are not covered by 10CFR 50.54; they are only covered in Tech Specs. Will the AP600 design not use non-licensed operators?

5.2.2c (Table). The Table is inconsistent with SSAR Chapter 18 and related WCAP 14694 1.e., the SSAR and WCAP indicate that minimum requirement of 50.54 (m) will be addressed and there is no reference to this table or any other table.

13

i 5.2.2d. HP should remain in TS. Intent is not to limit this administrative procedure re: working hours to operations personnel only but to include all personnel who perform safety-related functions (e.g., l health physics personnel). Also, was the option of having an 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> work shift struck out?

47) Administrative Controls 5.3 (Unit Staff Qualifications)

Why was the STS reviewer's note and, reference under 5.3.1 to staff not l covered by Reg. Guide 1.8 struck out for AP600 TS?

48) Westinghouse should determine if the main steam line PORV block valves I should be included in the AP600 TS since credit is taken for the closure of these valves in SSAR Chapter 15 accident analyses.
49) Table 3.3.2-1 on ESFAS Instrumentation shows the Boron Dilution Block (Item 15) nominal trip setpoint at 1.6 X the source range flux in a 50 minute period. SSAR Section 15.4.6.2.2 implies that the setpoint is based on a 10 minute period rather than 50 minute. This discrepancy should be resolved.
50) Westinghouse should justify why passive autocatalytic recombiners (PARS)  ;

are not subject to any TS LCO. The PARS should have operability and  !

surveillance requirements to ensure their availability for hydrogen control.

1

51) LCO 3.6.9 pH Adjustment The trisodium phosphate used in the pH adjustment system is known to degrade with time. The AP600 TS should have a periodic chemical testing i surveillance to monitor the potency of the trisodium phosphate.

i 14

l l Mr. Nicholas J. Liparulo Docket No.52-003 l

Westinghouse Electric Corporation AP600  !

cc: Mr. Nicholas J. Liparulo, Manager Mr. Frank A. Ross ,

Nuclear Safety and Regulatory Analysis U.S. Department of Energy, NE-42  !

Nuclear and Advanced Technology Division Office of LWR Safety and Technology

Westinghouse Electric Corporation 19901 Germantown Road .
P.O. Box 355 Germantown, MD 20874 l j Pittsburgh, PA 15230 l
Mr. Ronald Simard, Director  ;

j Mr. B. A. McIntyre Advanced Reactor Program '

i Advanced Plant Safety & Licensing Nuclear Energy Institute i Westinghouse Electric Corporation 1776 Eye Street, N.W.

4 Energy Systems Business Unit Suite 300 Box 355 Washington, DC 20006-3706  !

Pittsburgh, PA 15230 Ms. Lynn Connor Mr. John C. Butler Doc-Search Associates Advanced Plant Safety & Licensing Post Office Box 34 Westinghouse Electric Corporation Cabin John, MD 20818 Energy Systems Business Unit i Box 355 Mr. James E. Quinn, Projects Manager 1

' t.' .Pittsburgh, PA 15230 LMR and SBWR Programs GE Nuclear Energy Mr. M. D. Beaumont 175 Curtner Avenue, M/C 165 Nuclear and Advanced Technology Division San Jose, CA 95125 Westinghouse Electric Corporation i One Montrose Metro Mr. Robert H. Buchholz l 11921 Rockville Pike GE Nuclear Energy j Suite 350 175 Curtner Avenue, MC-781 i Rockville, MD 20852 San Jose, CA 95125 l Mr. Sterling Franks Barton Z. Cowan, Esq.

U.S. Department of Energy Eckert Seamans Cherin & Mellott  !

NE-50 600 Grant Street 42nd Floor ,

19901 Germantown Road Pittsburgh, PA 15219 )

Germantown, MD 20874 Mr. Ed Rodwell, Manager Mr. S. M. Modro .PWR Design Certification Nuclear Systems Analysis Technologies Electric Power Research Institute Lockheed Idaho Technologies Company 3412 Hillview Avenue Post Office Box 1625 Palo Alto, CA 94303 Idaho Falls, ID 83415 Mr. Charles Thompson, Nuclear Engineer AP600 Certification NE-50 19901 Germantown Road Germantown, MD 20874 8

4