ML20212D113
| ML20212D113 | |
| Person / Time | |
|---|---|
| Site: | Rancho Seco |
| Issue date: | 12/05/1986 |
| From: | Julie Ward SACRAMENTO MUNICIPAL UTILITY DISTRICT |
| To: | Miraglia F Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML20212D124 | List: |
| References | |
| JEW-86-713, TAC-64359, NUDOCS 8612310294 | |
| Download: ML20212D113 (38) | |
Text
_.
l esuun
' ~ ~
SACRAMENTO MUNICIPAL UTIUTY DISTRICT C P, o. Box 15830, Sacramento CA 95852-1830,(916) 452-3211 AN ELECTRIC SYSTEM SERVING THE HEART OF CALIFORNIA I
JEW 86-713 I l
. December 5, 1986 i
DIRECTOR OF NUCLEAR REACTOR REGULATION 4
ATTENTION FRANK J MIRAGLIA DIRECTOR i PWR-B DIVISION l U S NUCLEAR REGULATORY COMMISSION
- i. WASHINGTON DC 20555 DOCKET NO. 50-312 RANCHO SECO NUCLEAR GENERATING STATION UNIT NO. 1 PROPOSED AMENDMENT 152 i
In accordance with 10 CFR 50.90, the Sacramento Municipal Utility District proposes to amend its Operating License DPR-54 for Rancho Seco Nuclear Generating Station, Unit 1.
Proposed Amendment No.152 consists of revisions and additions to
- 1) Section 3.1, " Reactor Coolant System"; 2) Section 3.4, " Steam and Power Conversion System"; 3) Section 3.5, " Instrumentation System"; 4) Section 4.1, " Operational Safety Review"; and 5)
Section 4.8, " Auxiliary Feedwater Pump Periodic Testing" of the
. Rancho Seco Technical Specifications to permit the operation of the Emergency Feedwater Initiation and Control (EFIC) system.
The Proposed Amendment incorporates the features of Proposed Amendment 107 submitted October 10, 1985 and Proposed Amendment 148 submitted June 13, 1986 which would revise Sections 3.4 and
, 4.8 on Auxiliary Feedwater Pump requirements. Also, the proposed EFIC system revisions to Tables 3.5.1-1, " Instruments Operating Conditions" and Table 4.1-1, " Instrument Surveillance +
Requirements" will replace the items in Proposed Amendment 150 submitted September 22, 1986. Therefore, the District requests that no further work be performed on Proposed Amendments 107, 148 and 150 since the proposed amendment incorporates all the appropriate features of these previously submitted amendments.
These changes are discussed in detail in Enclosure 1 which is the Description of Proposed Changes, Associated Safety Analysis and the "No Significant Hazards Evaluation". Enclosure 2 is the proposed technical specification.
g0
%1W 8612310294 861205 2 DR ADOCK 0500 I bb
- RANCHO SECO NUCLEAR GENERATING STATION 14440 Twin Cities Road. Herald, CA 95638-9799;(209) 333 2935
FRANK J MIRAGLIA (2) December 5, 1986 To assist in the review, the District is providing design information that supports this proposed technical specification amendment. The enclosures include the following information:
- Enclosure 3 - Design Basis Report for ECN AS415, the installation of the Emergency Feedwater Initiation and Control
- Enclosure 4 - EFIC Auxiliary Feedwater System Description
- Enclosure 5 - Design changes from NRC SER " Rancho Seco, Auxiliary Feedwater Systems" dated September 26, 1983.
The District has decided to install the EFIC system during the current extended outage. Therefore, the NRC approval of Proposed Amendment 152 is required prior to startup.
Pursuant to 10 CFR 50.91(b) (a), the Radiological Health Branch of the California State Department of Health Services has been informed of this proposed amendment by mailed copy of this submittal.
Enclosed is a check for $150.00 as required by 10 CFR 170.21,
" Statement of Fees."
If you have any questions concerning this submittal, please contact Mr. Ron Colombo of my staf f at Rancho Seco Nuclear Generating Station.
-J'E WARD DEPUTY GENERAL MANAGER, NUCLEAR Attachments cc: Region V (2) Subscribed and sworn to before MIPC (2) e this 5th ,or,Thenbe r, 1986 s
Lun nA ]iAnO Notary Public a 0Fr%UL SEAL BAWN DARufiG g- [ , ' NOTARY FGUC CAUFORN!A SACHA?/ ENTO COUNTY M.* Uy Coma Egiras ha l2, t990 J
-4
- . - , 9 i
ENCLOSURE 1 Description of Proposed Changes, Associated Safety Analysis, and "No Significant Hazards Evaluation".
(
P f
i t
t 1
a f
1 J
~
l
- 1. Existing Specification:
1.2.10 Remain Critical A technical specification that requires that the reactor shall not remain critical shall mean that an uninterrupted normal hot shutdown will be completed within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
New Specification:
1.2.10 Remain Critical A technical specification that requires that the reactor shall not remain critical shall mean that an uninterrupted normal hot shutdown procedure will be completed within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> unless otherwise specified. j 1.20 Vector Logic !
1 A set of circuitry in each channel of the !
Emergency Feedwater Initiation and Control (EFIC) which, orce Auxiliary Feedwater (AFW) has been initiated, determines whether AFW to a steam generator should be allowed or terminated and the signal output for each EFIC channel to the AFW valves associated with that channel.
t Discussion:
The revision to the definition " remain critical" clarifies that certain specifications have action times ,
different from that required by the existing .
j definition. The addition defines the term vector logic -
as used in the EFIC system.
f 2
. _ - . - _ . J
i
- 2. Existing Specifications:
3.1.1.2 Steam Generator A. One steam generator shall be operable whenever the reactor coolant average temperature is above 280 degrees-F.
New Specification:
3.1.1.2 Steam Generator A. Two steam generators shall be operable' whenever the reactor coolant average temperature is above 280 degrees-F except as described in 3.1.1.2.B. t B. With one or more steam generator (s) !
inoperable due to excessive leakage per 3.1.6.9, bring the reactor to cold .
shutdown conditions within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />.
C. With one or more steam generator (s) inoperable due to steam generator defective tube (s), restore the inoperable generator (s) to operable status prior to increasing the reactor coolant average temperature above 200 degrees-F.
Bases:
4 When the reactor is not critical but TAV is above 280 i I
- degrees-F, one steam generator provides sufficient heat removal capability for removing decay heat. However, '
i single failure considerations require that both steam !
l generators be operable. _
1
! Discussion:
This change requires both steam generators to be I operable and defines the corrective action for i inoperable steam generator (s). This revision is consistent with analysis supporting the EFIC system by requiring both steam generators to be operable to satisfy single failure considerations.
l l
3 L ]
1;
- 3. Existing Specifications:
3.4.1 The reactor shall not remain above 280 degrees-F with irradiated fuel in the pressure vessel unless the following conditions are met:
3.4.1.1 Capability to supply feedwater to one steam generator at a process flow rate corresponding to a decay heat of 4-1/2 percent full reactor power from at least one of the following means.
A. A condensate pump and a main feed pump or B. A condensate pump or
- c. An auxiliary feedwater pump. .
l The required flow rates are:
Feedwater temperature Required flow degrees-F gpm 40 743 60 756 90 780 3.4.1.2 Two steam system safety valves are operable per steam generator.
3.4.1.3 The turbine bypass system to the condenser i shall have one valve operable or the !
atmospheric dump system shall have a minimum '
of 1 of 3 valves operable per steam generator.
3.4.1.4 A minimum of 250,000 gallons of water shall be +
available in the condensate storage tank.
3.4.2 In addition to the requirements of 3.4.1, the reactor shall not remain critical unless the following conditions are met:
3.4.2.1 Seventeen of the eighteen main steam system safet'y valves are operable.
3.4.2.2 When two independent 100 percent capacity
, auxiliary feedwater flow paths are not available, the capacity shall be restored within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or the plant shall be placed
~
, in a cooling mode which does not rely on steam generators for cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
4
. -__ _ . _ , ..- . - - ._ - .. _ - . - . . - _ _ - . _ _ _ . . - . . _ . _ . . _ - - - _ - _ ____)
U 3.4.2.3 When at least one 100 percent capacity auxiliary feedwater flow path is not available, the reactor shall be made subcritical within four hours and the facility placed in a shutdown cooling mode which does not rely on steam generators for cooling Within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
Bases:
The feedwater system and the turbine bypass system are normally used for decay heat removal and cooldown above 280 degrees-F. Feedwater makeup is supplied by 2 operation of a condensate pump and main feedwater pump.
In the event of complete loss of electrical power, feedwater is supplied by a turbine driven auxiliary feedwater pump which takes suction from the condensate storage tank. Steam relief.would be through the system's atmospheric relief valves.
If neither main feed pump is available, fe,edwater can be supplied to the steam generators by an auxiliary feedwater pump and steam relief would be through the turbine bypass system to the condenser.
In order to heat the reactor coolant system above 280 degrees-F, the maximum steam removal capability required is 4-1/2 percent of rated power. This is the maximum decay heat rate at 30 seconds after a reactor trip. The requirement for two steam system safety valves per steam {
generator provides a steam relief capability of over 10 ,
percent per steam generator (1,341,938 lb/h) . In :
addition, two turbine bypass valves to the condenser or two atmospheric dump valves will provide the necessary capacity.
The 250,000 gallons of water in the condensate storage tank is the amount needed for cooling water to the steam generators for a period in excess o{1gne day following a complete loss of all unit ac power. 1 The minimum relief capacity ( f 17This valves is 13,329,163 lb/hr.
steam system safety is sufficient capacity to protect the steam systeg pnder the design i overpower condition of 112 percent.t3;
References:
(1) FSAR paragraph 14.1.2.8.4 (2) FSAR paragraph 10.3.4 (3) FSAR Appendix 3A, Answer to Question 3A.5 5
J
New Specifications:
3.4.1 The reactor shall not be brought or remain above 280 degrees-F with irradiated fuel in the pressure vessel unless the following conditions are met:
A. Capability to remove decay . heat by use of two steam generators as specified in 3.1.1.2.
B. One turbine bypass valve or one atmospheric dump valve per steam generator shall be operable.
C. A minimum of 250,000 gallons of water shall be available in the condensate storage tank.
D. Two main steam system safety valves are operable per steam generator.
E. Both auxiliary feedwater trains (i.e.,
pumps and th'eir flow paths) are operable.
F. Both trains of main feedwater isolation on each main feedwater line are operable.
With less than the above required components operable be on decay heat cooling within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.
3.4.2 The reactor shall not be brought or remain critical unless the following conditions are met-A. Capability to remove degay heat by use of ;
two steam generators as specified in 3.1.1.2.
B. One turbine bypass valve or atmospheric dump valve per steam generator shall be operable except that (1) with one less than the minimum number of valves, restore the inoperable valve within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />; (2) with two less than the minimum number of valves, restore at least one inoperable valve within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
6
.J
C. A minimum of 250,000 gallons of water shall be available in the condensate storage tank except that with less than the minimum volume, restore the minimum volume within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
D. Seventeen of the eighteen main steam safety valves are operable except that with less than the minimum number of valves, restore the inoperable valves within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
E. Four turbine throttle stop valves are operable except that with less than the minimum number of valves, restore the inoperable valves within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next l2 hours.
F. Both auxiliary feedwater trains (i.e., pump and their flow path) operable except that; (1) With one auxiliary feedwater train inoperable, restore the train to operable status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />; (2) With both auxiliary feedwater trains inoperable, the reactor shall be made subcritical within four hours and the reactor shall on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
G. Both trains of main feedwater isolation on each main feedwater line are operable except that; (1) With one main feedwater isolation train inoperable, restore the train to operable status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or be in hot shutdown within the next 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />; (2) With both main feedwater isolation trains inoperable, the reactor shall be made subcritical within four hours and the reactor shall be on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
Bases:
The feedwater system and the turbine bypass system are normally used for decay heat removal and cooldown above 280 degrees-F. Main feedwater is supplied by operation of a condensate pump and main feedwater pump. If neither 7
___ )
g main feed pump is available, feedwater can be supplied to the steam generators by an auxiliary feedwater pump.
Steam relief would be through the turbine bypass system to the condenser, if available, or through the system's atmospheric relief valves.
The auxiliary feedwater system is designed to provide sufficient flow on loss of main feedwater to match decay heat plus Reactor Coolant Pump heat input to the Reactor Coolanp4fystembeforesolidpressurizeroperationcould occur.
The 250,000 gallons of water in the condensate storage tank is sufficient to remove decay heat (plus Reactor Coolant pump heat for two pumps) for approximately 13 hours1.50463e-4 days <br />0.00361 hours <br />2.149471e-5 weeks <br />4.9465e-6 months <br />. This volume provides sufficient water to remove the decay heat for approximately 5.S hours and to subsequently cool the plant to the D a cooldown rate of 50 degrees-F/hr. gp system pressure at ;
The minimum relief capacity ( f 17 steam system safety !'
valves is 13,328,153 lb/hr. This is-sufficient capacity to protect the steam syste !
overpower condition of 112 percent. 3pnder the design Both trains of main feedwater isolation on each main feedwater line are operable. Train A of main feedwater isolation is comprised of main feedwater control valves, main feedwater block valve and startup feedwater control valve. Train B of main feedwater isolation is comprised of main feedwater isolation valves.
References:
1 (1) B and W Document 32-1141727-00, " Heat Removal Capability of SMUD CST," March 1984.
(2) FSAR paragraph 10.3.4 (3) FSAR Appendix 3A, Answer to Question 3A.5 (4) B and W Calculation 86-1123794-99, "SMUD AFW System Following Loss of Feedwater," March 1981 3
8 J
Discussion:
This specification defines the additional components required to be operable by the installation of EFIC and ;
the amount of time components can be inoperable prior to taking corrective action. The requirements for both steam generators and both auxiliary feedwater trains to be operable is consistent with the approach as described in item 1. A revision to this specification has been previously submitted by Proposed Amendment No.107, dated October 30, 1985. This specification includes the features of Proposed Amendment No.107.
9
- 4. Existing Specification:
3.5.1.1 Startup and operation are not permitted unless the requirements of table 3.5.1-1, Columns A and B are ret:
3.5.1.2 In the event the number of protection channels operable falls below the limit given under Table 3.5.1-1, Columns A and B, operation shall be limited as specified in Column C.
In the event the number of operable Process Instrumentation channels is less than the Total Number of Channel (s), restore the inoperable channels to operable status within 7 days, or be in at least hot shutdown within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. If the number of operable channels is less than the minimum channels operable, either restore the inoperable channels to operable within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> or be in at least hot shutdown within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
Table 3.5.1-1 INSTRUMENTS OPERATING CONDITIONS (A) (B) (C)
Operator. Action if Minimum Conditions of Total Number Channels Columns A and B Functional Unit of Channels Operable Cannot be Met.
- 1. Low Main Feedwater See Section Pressure: Start 3.5.1.2 Motor Driven Pump and Turbine Driven Pump 2 1
- 2. Phase Imbalance /
Underpower RCP:
! Start Motor Driven and Turbine Driven Pumps 2 1 10 J
l New Specifications:
3.5.1.1 Startup and operation are 'not permitted unless the requirements of Table 3.5.1-1, Columns A and B are met.
3.5.1.2 In the event the number of protection channels operable falls below the limit given under Table 3.5.1-1, Columns A and B, operation i shall be limited as specified in Column C. '
In the event the number of operable Process Instrumentation or EFIC system channels is less than the Total Number of Channel (s),
. restore the inoperable channels to operable status within 7 days, or be in at least hot i.
shutdown within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. If the number of operable channels is one less than the minimum channels operable, either restore the inoperable channels to operable within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> or be in at least hot shutdown within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. If the number of operable channels is two less than the minimum channels operable, the reactor shall be made subcritical within four hours and on decay heat cooling within the next 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.
3.5.1.7 For calibration or maintenance of an Emergency Feedwater Initiation and Control (EFIC) channel, 'a key operated " maintenance bypass" switch associated with each channel will be 4
used which will prevent the initiate signal r l from being transmitted to the Channel A and B l trip logic. Only one channel shall be locked .
into " maintenance bypass" at any one time.
3.5.1.8 If a channel of the RPS is in bypass, it is permissible to bypass only the corresponding channel of EFIC.
I l
l 11
I Table 3.5.1-1 INSTRUMENTS OPERATING CONDITIONS (A) (B) (C)
Operator Action if Minimum Conditions of Total Number Channels Columns A and B Functional Unit of Channels Operable Cannot be Met Emergency Feedwater Initiation and Control (EFIC) System
- 1. AFW Initiation
- a. Manual 2 2 See 3.5.1.2.
- b. Low Level, SGA or B 4/SG 3/SG S e e 3. 5.1. 2. May be (Note 1) bypassed below 750 ,
psig OTSG pressure.
- c. Low Pressure 4/SG 3/SG See 3.5.1.2. May be SGA or B (Note 1) bypassed below 750 psig OTSG pressure.
- d. Loss of MFW 4 3 See 3.5.1.2. Loss Anticipatory (Note 1) of MFW Anticipatory Reactor Trip Reactor Trip is effectively bypassed in RPS below 20 j percent power.
- e. Loss of 4 RC 4 3 See 3.5.1.2. May be Pumps (Note 1) bypassed below 750 psig pressure.
- f. Automatic Trip 2 2 See 3.5.1.2.
Logic
- 2. SG-A Main Feedwater Isolation
- a. Manual 2 2 See 3.5.1.2.
- b. Low SGA Pressure 4 3 (Note 1) See 3.5.1.2. May be bypassed below 750 psig OTSG pressure.
- c. Automatic Trip 2 2 See 3.5.1.2.
Logic 12 J
L I
l Table 3.1.1-1 (Continued) i INSTRUMENTS OPERATING CONDITIONS j (A) (B) (C)
Operator Action if -)
Minimum Conditions of Total Number Channels Columns A and B Functional Unit of Channels Operable Cannot be Met
, 3. SG-B Main Feedwater Isolation
- a. Manual 2 2 See 3.5.1.2.
- b. Low SGB 4 3(Note 1) See 3.5.1.2. May be Pressure bypassed below 750 psig OTSG pressure.
- c. Automatic Trip 2 2 See 3.5.1.2.
Logic
- 4. AFW Valve Commands (Vector)
- a. Vector Enable 2 2 See 3.5.1.2
- b. Vector Module 4 3 See 3.5.1.2
- c. Control Enable 2 2 See 3.5.1.2
- d. Control Module 2 2 See 3.5.1.2
- Note 1 The number of minimum channels operable may be reduced to 2 provided one of the inoperable channels is in a tripped -
state. ,
j Bases:
i Every reasonable effort will be made to maintain all
( safety instrumentation in operation. A startup is not ,
I permitted unless three power range neutron instrument
! channels and two channels each of the following are operable: four reactor coolant.-temperature instrument channels, four reactor coolant flow instrument channels, four reactor coolant pressure instrument channels, four pressure-temperature instrument channels, four flux-imbalance flow instrument channels, four power-number of pumps instrument channels, and four high reactor building pressure instrument channels. The safety features actuation system must have two analog channels functioning correctly prior to startup. EFIC system instrumentation as required by Table 3.5.1-1 must be operable.
13 J
There are four reactor protection channels. Normal trip logic is two out of four. Required trip logic for the
> power range instrumentation channels is two out of three. The EFIC trip logic is two times one-out-of-two taken twice. Minimum trip logic on other instrumentation channels is one out of two.
The EFIC system is designed to automatically initiate AFW when:
- 1. all four RC pumps are tripped,
- 3. The level of either steam generator is low,
- 4. either steam generator pressure is low, or
The EFIC system will isolate main feedwater to any steam generator when the pressure goes below 600 psig.
The EFIC system is also designed to isolate or feed AFW according to the following logic:
t
- If both SGs are above 600 psig, supply AFW to both SGs.
t If one SG is below 600 psig, supply AFW to the other SG.
- If both SGs are below 600 psig but the pressure difference between the two SGs '
exceeds 100 psig, supply AFW only to the SG with the higher pressure. .
If both SGs are below 600 psig and the
. pressure difference is less than 100 psig, supply AFW to both SGs. ,
At cold shutdown conditions, all EFIC initiate and ;
isolate functions are manually or automatically bypassed. When pressure in both steam generators is greater than 750 psig, the following bypassed !
initiation signals will have been automatically reset-
- 1) loss of 4 RC pumps, 2) low steam generator pressure, and 3) low steam generator level.
Since the EFIC receives signals from the RPS, it is important that only corresponding channels be placed in
" maintenance bypass". If a channel of RPS is in maintenance bypass, the corresponding channel of EFIC
! can be bypassed. An interlock feature also prevents l
bypassing more than one EFIC channel at a time. These interlocking features allow the EFIC system to take a
, single failure in addition to having one channel in j maintenance bypass.
14
I l
Various RPS test features can inhibit initiate signals to the EFIC system and degrade the EFIC system below ,
acceptable limits if the RPS channel is not in bypass.
Therefore, no testing should be performed on a RPS instrument string which supplies an output to EFIC without placing that RPS channel in bypass.
i The EFIC system is designed to allow testing durirg power operation. The EFIC system can be tested from its input terminals to the actuated device controllers without placing the channel in key locked " maintenance bypass." A test of the EFIC trip logic will actuate one of two relays in the controllers. The two relays are tested individually to prevent automatic actuation of the component.
Each EFIC channel key operated maintenance bypass switch is provided with alarm and lights to indicate when the maintenance bypass switch is being used.
Discussion:
The existing instrumentation that controls the Auxiliary Feedwater System has been replaced by the EFIC system instrumentation. Also, the revisions in Proposed Amendment No.150 are no longer required since that instrumentation has been replaced by EFIC system instrumentation. This ' specification defines the operating requirement on the EFIC system.
4 e
15 J
- 5. Existing Specifications:
3.5.3 The safety features actuation setpoints and permissible bypasses shall be as follows:
Functional Unit Action Setpoint Lors of all RC Pumps Starts Auxiliary Not Applicable Feedwater Pumps Low Feedwater Pressure Starts Auxiliary 2750 psig Feedwater Pumps New Specifications:
3.5.3 The safety features actuation setpoints and permissible bypasses shall be as follows:
Functional Unit Action Setpoint High Reactor Building Reactor Building spray pressure
- valves *** $30 psig
+ Reactor Building spray pumps *** $30 psig High pressure injection and start of Reactor Building cooling and Reactor Building isolation. 54 psig, Low pressure injection, EFIC AFW initiate $4 psig Low reactor coolant High pressure injection system pressure ** and start of Reactor Building cooling and Reactor Building isolation. 21600 psig Low pressure injection, EFIC AFW initiate >l600 psig
- May be bypassed during Reactor Building leak rate test.
- May be bypassed below 1850 psig and is automatically reinstated above 1850 psig.
- Five-minute time delay.
16 J
Discussion:
Loss of all RC Pumps and low Feedwater Pressure actuation setpoints are deleted since the signals now provide input to initiate the EFIC system. The SFAS actuation signal will result in EFIC AFW initiating.
- 6. Existing Specifications:
Table 4.1-1 INSTRUMENT SURVEILLANCE REQUIREMENTS Channel Description Check Test Calibrate Remarks
- 48. Auxiliary Feedwater Start Circuit ,
- a. Phase Imbalance / l Underpower RCP S N/A R l
- b. Low Main Feed-water Pressure N/A M R NEW SPECIFICATION Table 4.1-1 ,
INSTRUMENT SURVEILLANCE REQUIREMENTS {
i Channel Description Check Test Calibrate Remarks
- 48. Deleted
- 68. AFW Initiation l
- a. Manual N/A M N/A
- b. Low Level SGA or B S M R
- c. Low Pressure SGA or B S M R
- d. Loss of MFW Anticipatory Reactor Trip S M R
- e. Loss of 4 RC .
Pumps S M N/A
- f. Automatic Trip Logic N/A M N/A 17 w J
Table 4.1-1(Continued)
INSTRUMENT SURVEILLANCE REQUIREMENTS Ch nnel Descripti'on Check Test Calibrate Remarks
- 69. SGA Main Feedwater Line Isolation
- a. Manual N/A M N/A
- b. Automatic Trip Logic N/A M N/A
- 70. SGB Main Feedwater Line Isolation
- a. Manual N/A M N/A
- b. Automatic Trip i Level N/A M N/A .
- 71. AFW Valve Commands (Vector)
- a. AFW Initiation Autonatic Trip Logic Tripped N/A M N/A
- b. SGA Pressure Low S M R
.i c. SGB Pressure '
Low S M R 1
- d. SG Pressure l Difference SGA Pressure > S M R !
SGB Pressure '
SGB Pressure >
SGA Pressure S M R
- 72. AFW Control Valve Control
- a. Manual /4uto in Manual N/A M N/A
- b. AFW Initiation Automatic Trip Logic Tripped N/A M N/A 18 J
.i Table 4.1-1 (Continued)
INSTRUMENT SURVEILLANCE REQUIREMENTS ,
Channel Description Check Test Calibrate Remark
- 73. SG Level Control Setpoint Selection
- a. Manual / Auto in Manual N/A M N/A
- b. AFW Initiation Automatic Trip Logic Tripped N/A M N/A
- c. Loss of 4 RC Pumps S M N/A ,
- 74. ADV Control Valve Control
- 3
- a. Manual / Auto N/A M N/A in Manual .
S = Each shift M = Monthly P = Prior to each startup if D = Daily Q = Quarterly not done previous week W = Weekly SY = Semiannual R = Once during the refueling interval f
i Discussion:
This change deletes the surveillance requirements for ;
the existing control functions for the auxiliary ;
feedwater system and replaces them with the new control
- functions for the EFIC system.
L i
19
a 'j
- 7. Existing Specifications:
Table 4.1-2 MINIMUM EQUIPMENT TEST FREQUENCY Itim Test Frequency
- 6. Turbine steam stop valves Movement of each valve Monthly New Specifications:
Table 4.1-2 ;
MINIMUM EQUIPMENT TEST FREQUENCY j i
i l
Itzm Test Frequency !'
- 6. Turbine Throttle Stop Valves Movement Monthly -
of each valve
- 16. Main Fcedwater Isolation Valves I:
- a. Main Feedwater Isolation Valves Functional Each refueling interval
- b. Main Feedwater Block Valves Functional Each refueling interval ,
- c. Startup Feedwater !
Control Valves Functional Each refueling interval i
- d. Main Feedwater !
Control Valves Functional Each refueling interval
- 17. Turbine Throttle Stop Valves Cycle Each refueling interval Discussion:
This new specification defines the surveillance requirement for verifying the operability of valves required for Main Feedwater Isolation per Specification 3.4.2.G and Turbine Throttle Stop Valves per Specification 3.4.2.E.
20
, _ _ - . .-. - _. _ ._ _ J
- 8. Existing Specifications:
4.8.1 Monthly on a staggered test basis at a time when the average reactor coolant system temperature is > 305 degrees-F, the turbine / motor driven and motor driven auxiliary feedwater pumps shall be operated on recirculation to the condenser to verify proper operation. Separate tests will be performed in order to verify the turbine driven capability and the motor driven ,
capability of auxiliary feedwater pump P-318.
The monthly test frequency requirement shall
, be brought current within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> after the average reactor coolant system temperature is
> 305 degrees-F for the motor driven pumps.
The turbine driven capability shall be brought current within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of obtaining 5 percent reactor power.
Acceptable performance will be indicated if the pump starts and operates for fifteen minutes at a discharge pressure of greater than or equal to 1050 psig at a flow of greater than or equal to 780 gpm. This flow will be verified using tank level decrease and pump differential pressure.
4.8.2 At least one per 18 months during a shutdown:
1 1 1. Verify that each automatic valve in the i
flow path actuates to its correct ,
position upon receipt of each auxiliary feedwater actuation test signal.
! 2. Verify that each auxiliary feedwater pump l
starts as designed automatically upon receipt of each auxiliary feodwater i actuation test signal.
~
4.8.3 All valves, including those that are locked, sealed, or otherwise secured in position, are to be inspected monthly to verify they are in the proper position.
4.8.4 Prior to startup following a refueling shutdown or any cold shutdown of longer than 30 days duration, conduct a test to demonstrate that the motor-driven AFW pumps can pump water from the CST to the steam generator.
4.8.5 Provide a dedicated individual during surveillance testing who will be in communication with the control room. This 21
, k individual shall be stationed near any (locally) manually realigned valves that would inhibit injection into the steam generators, when only ,
one auxiliary feedwater train is available.
4.8.6 Component Tests .
A. Testing -
s At least quarterly, when the average reactor coolant system temperature is greater than or equal to 305 degrees-F, inservice testing of Auxiliary Feedwater System pumps and valves shall be performed in accordance with Section XI *
- of the ASME Boiler and Pressure Code and applicable Addenda as required by 10 CFR 50, Section 50.55a(g) (6) (i) .
The quarterly test requirement shall be h.
brought current within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> after the ;
average Reactor Coolant System temperature is greater than or equal to 305 degrees-F.
B. Flow Path Verification Following inservice testing of pumps and valves as required by paragraphs 4.8.r and 4.8.2, required flow paths shall be demonstrated operable by verifying that i each valva (manual, power-actuated or , t 1
automati4 in the flow path that is not !
i locked in position is in its normal l operating position.
Bases: ,
The monthly test frequency will be sufficient to verify -
that the turbine / motor driven auxiliary feedwater pumps }
are operable. Verification of correct operation will be made both from the control room instrumentation and direct visual observation of the pumps.
The OPERABILITY of the auxiliary feedwater system ensures that the Reactor Coolant System can be cooled down to less than 305 degrees-F from normal operating conditions in the event of a total loss of off-site power.
Each electric driven auxiliary feedwater pump io capable of delivering a total feedwater flow of 780 gpm at a pressure of 1050 psig to the entrance of the steam generators. The steam driven auxiliary feedwater pump is capable of delivering a total feedwater flow of 780 22
- y. - - _ - - .
l gpa at a pressure of 1050 psig to the entrance of the steam generators. This capacity is sufficient to ensure that adequate feedwater flow is available to remove decay heat and reduce the Reactor Coolant System temperature to less than 300 degrees-F when the Decay Heat Removal System may be placed into operation.
'New Specifications:
4.8.1 Monthly on a staggered basis at a time when the average reactor coolant system temperature is 2305 degrees-F, the turbine / motor driven and motor driven auxiliary feedwater pumps shall be operated on-recirculation to the condenser to verify proper operation. ,
- Separate tests will be performed in order to ;
verify the turbine driven capability and the motor driven capability of auxiliary feedwater pump P-318.
The monthly test frequency requirement shall be brought current within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> after the average reactor coolant system temperature is 2305 degrees-F for the motor driven pumps.
The turbine driven capability shall be brought current within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> of obtaining 5 percent reactor power.
Acceptable performance will be indicated if the pump starts and operates for fifteen minutes at a
, flow rate of greater than or equal to 760 gpm and I
~
at a discharge pressure sufficient to drive that
~
flow through the most restrictive flow path to a single steam generator which is at a pressure of 1050 psig.
4.8.2 At least once per 18 months:
- 1. verify that each automatic valve in the flow path actuates to its correct position upon receipt of each auxiliary feedwater actuation test signal.
- 2. Verify that each auxiliary feedwater pump starts as designed automatically upon l
receipt of each auxiliary feedwater actuation test' signal.
23 i
. . = .
b 4.8.3 All valves, including those that are locked, sealed, or otherwise secured in position, are to be inspected monthly to verify they are in the proper position.
4.8.4 Prior to startup following a refueling shutdown or any cold ehutdown of longer than 30 days duration, conduct a test to demonstrate that the motor-driven AFW pumps can pump water from the CST to the steam generator.
Bases:
The monthly test frequency will be sufficient to verify that the turbine / motor driven and motor driven auxiliary feedwater pumps are operable. Verification of correct operation will be made both from the control room instrumentation and direct visual observation of the pumps. ;
l The OPERABILITY of the auxiliary feedwater system ensures that the Reactor Coolant System can be cooled down to less than 305 degrees-F from normal operating conditions in the event of a total loss of off-site power.
The electric driven auxiliary feedwater pumps are capable of delivering a total fe.edwater flow of 760 gpm at a pressure of 1050 psig to the entrance of the steam generators. The steam driven auxiliary feedwater pump -
is capable of delivering a total feedwater flow of 760 '
gpm to the entrance of the steam generators over the steam generator operating range of 800 psig to 1050 psig. This capacity is utilized as analytical input to the Loss of Main Feedwater Analysis which is the design basis event for AFW flow requirements.
Discussion:
This revision incorporates the featuti s of 1) Proposed Amendment No. 107 which changed tie r guired auxiliary feedwater flow to 760 gpm and 2} froc sed Amendment No.
148 which would permit auxiliacs fcef.ater periodic tasting either during plant operation or shutdown conditions. The definition of acceptable performance for the auxiliary feedwater pumps has been clarified to better define the pressure requirement associated with the 760 gpm flow. The revision does not alter the flow requirements as defined in Proposed Amendment No. 107.
Specification 4.8.5 was deleted since the AFW flow test valves can now be automatically operated from the control room, an individual is no longer required to be stationed at the valves during surveillance testing.
24
f Also, existing Specification 4.8.6 was deleted. Since the NRC issued Amendment 80 dated April 14, 1986 requiring monthly testing, the NRC also left in the requirement for the quarterly testing of the same pumps.
s .
t 25
SAFETY ANALYSIS EQB EFIC E M SYSTEM UPGRADES The District has reviewed this modification in accordance with 10 CFR 50.59 and determined that it is not an unreviewed safety question, but requires changes to the Rancho Seco Technical Specifications. These include revisions to the limiting conditions for operation and curveillance standards to incorporate EFIC and AFW system upgrades. EFIC will require changes to the descriptions in chapters 6, 7, 8, and 10 of the USAR. Installing EFIC does not change the analysis in Chapter 14 but provides additional margins because EFIC is a fully Class 1 Control and Initiation System and therefore, more reliable system. An example of this increase in margin is the steam line break analysis which relies on the main steam failure logic (MSFL) to isolate MFW from the steam generator. EFIC replaces the non safety grade MSFL with a safety grade system that isolates MFW and AFW to a depressuriced ,
. I The EFIC Auxiliary Feedwater System Description (Encl. 4) and the l Design Basis Report (Encl. 3) for EFIC provide a description of j-the changes being made. t The NRC has reviewed the District's proposed Auxiliary Feedwater System Upgrade (which includes EFIC) and the NRC's evaluation concluded in their April 7, 1983 and September 26, 1983 SERs that "The proposed AFWS upgrade represents a considerable and acceptable improvement over the existing design.' The SER further stated "We therefore conclude that, until a staff position is developed regarding the need for further modifications to improve ;
AFWS reliability, operation of Rancho Seco, with the proposed upgraded AFWS design, is acceptable."
The District has modified the EFIC design to incorporate " lessons learned" from Crystal River 3 and ANO 1 without changing the basic !
functional goal to provide a highly reliable AFW system.
The failure modes for EFIC are discussed in the DBR for ECN A-5415 (Encl. 3) and Casualty Events are discussed in Section 6.0 of the j EFIC System Description (Encl. 4). The failure or casualty events discussed in the EFIC System Description include a discussion of the recovery procedures and design features to mitigate the effects of the assumed event. The failures discussed include Loss i of Main Feedwater (LMFW), LMFW with loss of offsite power, LMFW with loss of~all AC (onsite and offsite), plant cooldown, turbine trip with and without bypass, main feed line break, main steam line break (MSLB) and AFW line break, small break LOCA, and fire inside and outside the control room. The failure modes discussion in the DBR also includes a discussion of AFW valve failure, failure of fiberoptic cables between channels, failure of RPS inputs to EFIC, failure of SFAS input to EFIC, failure of EFIC trip interface equipment, power sources failures for EFIC and EFIC related hardware, and EFIC control failures.
The events discussed in the EFIC system description include, design basis events and hypothetical events for Rancho Seco that
- i. J
t have already been analysed in the USAR. The design of the EFIC controls will allow a minimum of 10 minutes before operator action is required over the full spectrum of decay heat rates.
The discussion indicates that the required initial actions are to verify or confirm AFW initiation and flow and steam generator levels to ensure EFIC is functioning as required. EFIC is designed to minimise overcooling following a loss of MFW event.
However, this feature of EFIC is not designed to meet single failure criterion. For a SBLOCA, the operator will have to select the ECC level setpoint for steam generator level. For all cases the operator can take manual control of EFIC (AFW flow, steam generator level, etc.). For all Design Basis Events discussed in USAR Chapter 14, the addition of EFIC does not change the USAR analysis.
The failure modes discussed in the DBR for ECN A-5415 (Encl. 3) ,
address EFIC system failures. The following is a summary of the ,
failure modes discussed in the DBR ,
combination of series sets of valves (parallel flow .
paths to each steam generator). A failure of one valve will affect only one of the paths in the parallel set. !
The existing design does not have Class 1 parallel flow paths to each steam generator. !
- 2. , Failure of fiberoptic cables between channels - the fiberoptic communication between EFIC channels is ,
designed so that a single failure (such as loss of all j fiberoptic cables going into one EFIC cabinet) will not t u
result in a fail're of EFIC functions to actuate as 6
- required. A failure of any cable causes the signal to !
go to an actuated state. j Should a single event affect more than one channel, it could inadvertently cause actuation of either AFW initiation or MFW isolation. Initiation of AFW will only supply water to the steam generators if the steam generator levels are low (starts AFW pumps, but AFW -
valves are closed due to no demand signal). Isolation of MFW can lead to plant trip. Howuver, for this improbable event AFW is available to provide cooling.
It should be noted that there are ccrrently several failure modes which exist that lead tv LMFW (e.g.
failed NNI turbine header pressure sensor). In this case EFIC represents no additional plant failure modes.
- 3. Failure of RPS inputs to EFIC - EFIC receives actuation signals from RPS for MFW pumps tripped and RCPs tripped.
For both cases EFIC looks at the hPS inputs as four channels and actuates based on a one out of two taken twice logic. Thus any single failure of the RPS inputs to EFIC will not prevent actuation of EFIC function or cause inadvertent EFIC actuation.
J
r
~
- 4. Failure of SFAS Input to EFIC - The SFAS inputs to EFIC are designed so that a single failure will not stop EFIC from initiating AFW when SFAS actuates. There are two channels of initiate signals sent to EFIC from SFAS.
There'are 2 signals per channel, each signal delivering a half trip to the AFW trip module. A loss of power in a SFAS channel will prevent the channel from initiating its corresponding EFIC channel. A signal failure in a SFAS channel could cause a half trip in its corresponding EFIC channel. An actuation of either channel of.SFAS is sufficient to actuate one train of AFW thereby ensuring AFW initiation and control even assuming a concurrent single failure. Thus a single failure in the SFAS input to EFIC will not result in EFIC failing to initiate or cause an inadvertent initiation. ;
i
- 5. Failure of EFIC trip interface equipment (TIE) - EFIC actuates various components through the trip outputs of the train A and B TIE cabinets. The outputs of train A +
are redundant to train B, therefore, a single failure !
i will not cause the failure of more than one train of AFW.
hardware - EFIC AFW power sources are discussed in section III.C.8 of the DBR for ECN A-5415 (Encl. 3). It describes the upgraded AFW system as a two train system with either train capable of supplying the required AFW to both steam generators. It concluded that with channelized power and logic a single' failure will ,
neither prevent feed or isolation of AFW flow. The DBR I also discusses specific failures and their affects. All l of these failures assume concurrent loss of offsite i power. They are: l
- a. Failure of Diesel Generator GEA or GEB ,
No AFW components are powered from these diesel generators. However, mainsteam system branch isolation valves are. Without GEB the normally ;
closed HV-20565 would fail in its last position.
If closed, its EFIC function would be correct. If open, and a major steam leak were occurring, both
' main steam lines would de pressurize. In this event, P-318 would not function using the turbine driver. EFIC would feed both steam generators. To avoid overcooling, operator ac'. ion would be required either to close HV-20b60 (powered from GEA) or to manually regulate AFW flow.
j b. Failure of Diesel Generator GEA2 or GEB2
3-E:
E
- 1. Failure of Diesel Generator GEA2 y Without GEA2 power the AFW pump P-319 would !
not operate. P-318 is sufficient for all cooling requirements and would be available in either its turbine or motor driven mode.
Without GEA2 power, MFW block valves HV-20529 I' and HV-20530 would not function. The EFIC MFW l isolation function would still be provided by !
MFW isolation valves HV-20515 and HV-20516. !-
- 2. Failure of Diesel Generator GEB2 :
4 Without GEB2 the motor driver for P-318 will not be available. P-318 should still be j]!
functional on its turbine driver and P-319 ![
would still be functional, j; o
Without GEB2, HV-20515 and HV-20516 would fail !
in their last position. However, without offsite power, the condensate pumps would probably fail'and flow through these valves will not occur. In any case, isolation of MFW would still occur via the MFW control and block valves.
Power for control circuits and for backlighting of I push-button which control EFIC comes from the EFIC l
channel affected e.g., if power to EFIC Channel "A" 3 is lost, the "A" channel EFIC control circuits on i HISS will go dark and control will be non-functional. .
The Class 1 analog indication on HISS requires two '
inputs to be functional; signal and power. If the signal is lost, the display will go "off scale low", i.e., the digital read out will be at its lowest possible value, and the bar graph will flash a single LED in the lowest position. If the 120 VAC power is lost the indicator will go dark.
Power to the Channel "A" indicators is from the same battery backed inverted power which powers EFIC Channel "A". Power to the Channel "B" indicators is from the same battery backed inverted power which powers EFIC Channel "B".
Since all Class 1 indications except AFW pump discharge pressure have redundant indicators of a different channel, the only process indication lost l on loss of a single power source would be one of the pump discharge pressures. Control lights to
L s
i the back lighted push-buttons and the ammeter ;
would be back-up indication showing pump operation. F
- 7. EFIC Control Failure - The following is a di'scussion of EFIC control failures. It should be noted that for these failures, the rate of change of RCS and secondary system parameters is not different than would be expected for similar control failures to the existing '
AFW and ADV controls.
- a. Atmospheric Dump Valve Fails Closed If the Turbine Bypass Valves do not control the main steam pressure, the pressure would increase and be controlled by the code safety valves. If the other steam generator is available, and has pressure control, RCS cooling would proceed through it and steam pressure in the impacted generator would' follow saturation pressure consistent with !
RCS hot leg temperature.
l
- b. Atmospheric Dump Valve Fails Open The energy release would cause main steam pressure to decre,ase with a resulting decrease in Steam Generator secondary temperature. The RCS temperature would decrease. The best response is for the operator to isolate the open ADV(s) using the motor operated ADV isolation valves. However, if steam generator pressure drops below 600 psig,
- c. AFW Valve Fails Closed If an AFW control valve fails closed, the process control point would shift rapidly to the parallel ;
control valve.
- d. AFW Valve Fails Open The energy required to heat the cold AFW to saturation will cause a temperature and subsequent pressure decrease in the steam generator. Operator action to isolate the open AFW valve using the series aligned motor operated isolation valve is the best operator response. Actual valve position indication is available to identify the errant valve.
If only one S.G. is impacted, EFIC will automatically isolate AFW to that steam generator if pressure drops below 600 psig. In the event
1:
4; that the excess AFW develops to an overfill
condition, the MFU overfill protection and annunciation would alert the operator to the need t to isolate the errant valve,
1)1oss of power to EFIC "A" or "B" channel, 2) loss of a control module within EFIC "A" or "B" channel, 3) failure of a pressure or level sensing circuit, and 4) failed signal to a single device.
A single failure cannot simultaneously cause failure of control signals from both channel "A" and channel "B". Control failures for either channel would be similar. Therefore, only failures ,
of channel "A" will be discussed below.
Loss of power to channel "A" would cause the ADV(s) on one main steamline to fail closed, and one AFW control valve to each steam generator to ;
fail open. During normal plant operation no change i
-in operation would result. If AFW has been l initiated, the ADV closure would initially play a ,
minor role because cooling from excess AFW flow would eventually dominate secondary pressure.
Manual closure of the series AFW isolation valves is required. Following re pressurization, the failure of the ADV(s) will become apparent and the course of action is as described in 7.a above.
Loss of one of the two control modules within EFIC channel "A" will cause either a control valve to the "B" steam generator to fail open (See 7.d) or a control valve and the ADV(s) of the "A" steam generator to fail open and closed respectively.
This latter failure becomes a subset of loss of channel power.
I Failure of a pressure sensor signal, though :
pdssible in either direction, would be expected to fail low. This would cause the ADV(s) on one steam generator to fail closed and one AFW valve on the same steam generator to fail closed (due to Feed Only Good Generator or F.O.G.G. logic). Manual control of both valves, through EFIC would still be possible.
Failure of a low range level sensor, though possible in either direction, would be expected to fail low. If it failed low, and AFW had been initiated, one AFW control valve would fail open (See 7.d). If it failed high, one AFW control valve would fail closed (see 7.c).
J
_. -~;
Failure of a wide range level sensor, though possible in either direction, would be expected to fail low. This would lead to like scenarios for a failed low level sensor, but only if~all RCPs were not running.
A failed signal to a single controlled component could cause a valve to open or close. Those events are described in 7.a to 7.d. However, due to the nature of the 4-20ma control circuits used, failures which produce 4ma or less are the expected failure modes. Therefore, the expected fail state for.a single component would be closed for an ADV(s) or open for an AFW control valve.
This control failure discussion assumes loss of ,
only one sensor or loss of power to all sensors in !
one channel. EFIC sensors may share process sensing lines with other EFIC channel sensors or other system sensors depending upon specific sensor installation details. This includes steam generator level and pressure instrumentation. In j both cases the design uses shared instrument taps. I However, failure of a single tap will not prevent EFIC from providing proper protective action when I required.
EFIC is bounded by the design basis and the safety analysis as described in the Rancho Seco USAR. It !'
enhances the USAR analysis. Therefore, this j modification is not an unreviewed safety question and -
increases the margin of safety.
Basis fox No SignifiSant Hazards Determinationt The proposed change does not involve a significant hasards consideration because operation of Rancho Seco in accordance with this change would not: l
- 1. involve a significant increase in the probability or l consequences of an accident previously evaluated. EFIC l upgrades critical portions of the existing AFW system to j
Class i safety grade (i.e. initiation and control) and therefore does not change the accident analysis. This is l because the same assumptions in USAR Chapter 14 for accidents i requiring AFW envelope the EFIC modification. The revisions I
and additions to the Technical Specifications define the operability and surveillance requirements for the EFIC system. Therefore, this change does not increase the i probability or consequences of an accident.
- 2. create the possibility of a new or different kind of accident from any previously evaluated. EFIC upgrades critical portions of the existing AFW system to Class 1 safety grade t >
t (i.e. initiation and control) and therefore does not change the accident analysis. This_is because the same assumptions in USAR Chapter 14 for accidents requiring AFW envelope the
'EFIC modification. Therefore the installation of EFIC and resultant additions and revisions to the Technical Specifications does not create the possibility of a new or different kind of accident.
- 3. involve a significant reduction in a margin of safety. EFIC is an enhancement or upgrade to Class 1 or safety grade of existing plant systems. EFIC will not reduce the margin of safety because, as stated in 2. above, the existing accident -
analysis in USAR Ch 14 requiring AFW, bound the assumed margins of safety. EFIC, in fact, increases these margins, because it is Class 1.
I!
I t
i
1
- l SAFETY ANALYSIS FOR AUXILIARY FEEDWATER SYSTEM REVISIONS The design basis event originally used for sizing the auxiliary i
- concurrent loss of offsite power (LOOP), and subsequent loss of the reactor coolant pumps. The pertinent parameters for this accident relative to the AFWS are design flowrate and required
- time to full AFW flow. The design values which resulted from this original (FSAR) analysis are 780 gpm deliverable to the
- steam generator within 40 seconds of the initiation signal.
The 40 second time was chosen to allow the AFWS to inject feedwater and begin increasing steam generator level to the 50 percent operating range level required for natural circulation
, prior to completion of the reactor coolant pump . The design flowrate was selected to be equal to or greater than the decay
- heat generation rate at 40 seconds. Each AFW pump has a rated capacity of 840 gpm at 1150 psig with a normal recirculation +
flow of 60 gpm; thus the net flow rate to the steam generators is 780 gpm.
i The AFW flow design basis for the upgraded system has been i revised to require delivery of 760 gpm within 70 seconds to at j least one steam generator. The revised design basis event for ;
sizing the AFWS is a loss of main feedwater with no loss of offsite power. The reactor and reactor coolant pump heat input resulting from this event with no anticipatory reactor trip or
' trip due to loss of offsite power represents the limiting
! condition for determining AFWS flow requirements. The time i delay assumed for delivery of AFW flow is consistent with pump
- initiation in the design basis event and in the event of loss
( of main feedwater coincident with loss of offsite power. This analysis was provided to the NRC in a February 18, 1983 letter.
In the September 26, 1983 NRC SER on Auxiliary Feedwater
, System, the NRC concluded that " Based on our review of the licensee's February 18, 1983 submittal, we conclude that Rancho Seco AFWS design meets the minimum flow requirements and, therefore, the licensee's response is acceptable."
Basis for No Significant Hazards Determination 2 The proposed change does not involve a significant hazards consideration because operation of Rancho Seco in accordance j with this change would not:
- 1. Involve a significant increase in the probability or consequences of an accident previously evaluated. The District's February 18, 1983 letter provide the transient analyses supporting the design basis for the auxiliary feedwater system. The September 26, 1983 NRC SER
. documents the acceptability of the design basis and l supporting transient analyses.
I
- 2. Create the possibility of a new or different kind of accident from any previously analyzed. As stated above, the transient analyses have been performed that address all transients which require auxiliary feedwater for mitigation. The September 26, 1983 NRC SER documents the acceptability of the transient analyses.
- 3. Involve a significant reduction in a margin of safety.
The revised design basis event for sizing the AFWS is a loss of main feedwater with no loss of offsite power. The reactor and reactor trip or trip due to loss of offsite powar represents the limiting conditions for determining AFWS flow requirements. Our transient analysis documents the acceptability of using this revised design basis flow.
The September 26, 1983 NRC SER documents the acceptability of the design basis and supporting transient analyses.
i I
t
ENCICSURE 2 Proposed Technical Specifications Amendment No. 152
-