ML17139B885
ML17139B885 | |
Person / Time | |
---|---|
Site: | Susquehanna |
Issue date: | 03/31/1982 |
From: | EDS NUCLEAR, INC. |
To: | |
Shared Package | |
ML17139B884 | List: |
References | |
02-0160-1102, 02-0160-1102-R01, 2-160-1102, 2-160-1102-R1, NUDOCS 8310180481 | |
Download: ML17139B885 (29) | |
Text
CONTROLSYSTEMPOKERSUPPLYANDSENSORMALFUNCTIONSTUDYPreparedfor:PennsylvaniaPowerandLightCompanySusquehannaSteamElectricStationPreparedby:EDSNuclearInesMarch,1982ReportNo.02-0160-1102Revision1831018048i831014PDRADOCK05000387P,PDR Il' ReportNo.02-0160-1102Revision1hCONTROLSYSTEMPOWERSUPPLYANDSENSORMALFUNCTIONSTUDYTABLEOFCONTENTSSact1onPacae1.0Introduction2'0ExecutiveSummary3.0Methodology4.0SummaryofResults50References15AppendicesAppendixATechnicalProcedureforthePerformanceoftheAnalysisAppendixBControlSystems/SafetyFunctionsAppendixCControlSystemIdentificationDiagramsAppendixDCommonalityDiagramsAppendixEFailureModesandEffectsAnalysisAppendixFMalfunctionAnalysisTables ReportNo.0201601102Revision0CONTROLSYSTEMPOWERSUPPLYANDSENSORMALFUNCTIONSTUDY1~0INTRODUCTIONOnJune15,1981,PennsylvaniaPowerandLightCompany(PPEL)requestedthatEDSNuclearInc~(EDS)assisttheminrespondingtotheSafetyEvaluationReport(SER)itemconcerningthefailureofnon-safetygradecontrolsystemsduetofailure/malfunctionofpowersuppliesorsensordthatarecommontothesecontrolsytemsfortheSusquehannaSteamElectricStation(SSES)~Verificationwasrequestedtoensurethatthesubjectcontrolsystemfailureswouldnotimpactonplantsafety.Theobjectiveoftheanalysiscontainedhereinistwofold-1.Toidentifypowersuppliesandsensorstotwoormorenon-safetygradecontrolsystems.2.ToanalyzetheeffectsofthefailureormalfunctionofthesepowersuppliesandsensorsoncontrolsystemstodetermineiftheresultingplantconditionsarecontainedwithintheboundaryofChapter15analysisandarewithinthecapabilitiesofoperatorsandsafetysystems.Inordertoachievetheseobjectives,EDSemployedatwo-phaseapproachconsistingoftheIdentificationPhaseandtheAnalysisPhase.IntheIdentificationPhase,diagramsweregeneratedtoidentifythenon-safetygradecontrolsystemsandtheirpowersuppliesandsensors.Thesediagramswerefurtneranalyzedinordertodeterminethosecommonpowersuppliesandsensors.IntheAnalysisPhase,Failure"ModesandEffectAnalyses(FMEA)wasutilizedtodeterminetheeffectsofthesepowersupplyandsensorfailuresontheirrespectivecontrolsystemsand,ultimately,onplantperformancesTheFMEAswerethenanalyzedtodeterminethesafetyimplications(ifany)forthefailureofthesecontrolsystems.Thisreportdocumentstheresultofthisanalysis.ThemethodologyemployedisdescribedgenerallyinSection3'andingreaterdetailinAppendixA.AsummaryofresultsispresentedingeneraltermsinSection4.0andindetailinAppendices3throughF.ReferencesareprovidedinSection5.0.AnExecutiveSummaryisprovidedinSection2.0whichhighlightsthesalientresultsofthisproject.C c2.0EXECUTIVESUMMARYReportNo.02-0160-1102Revision0Thepurposeofthisreportistodetermineifthefailureofcommonpowersuppliesandsensorsfoznon-safetygradecontrolsystemswillimpactonplantsafety.Thiswasaccomplishedbyfirstidentifyingthosecommonpowersuppliesandsensors,thenanalyzingtheeffectsthosecontrolsystemfailuresonplantsafety.Inaddition,forthosecontrolsystemfailuresthatimpactedonplantsafetybutwerenotaddressedbyChapter15analysisandwerenotwithinoperatorandsafetysystem'apabilities,recommendationsforplantmodificationorChapter15reanalysisweremade.Theprojectwasdividedintotwophases-theIdentificationPhaseandtheAnalysisPhase~IntheidentificationPhase,keyplantsafetyfunctionswereidentifiedusingChapter15.ThecontrolsystemsthatcouldaffectthesesafetyfunctionswerethenidentifiedfromthoselistedinChapter7'7,"ControlSystemsNotRequiredforSafety."Thepowersuppliesandsensorsthatprovidepowerorsignalstothesecontrolsystemswereidentified'orthesekeyitems-safetyfunctions,controlsystems,powersupplies,andsensors-ControlSystemIdentificationDiagrams(CSID)weregeneratedtodocumentthisinformationandtoassistinfurtheranalysis'owersupplyandsensorcommonalitywasdeterminedusingtheCSIDs.Aseconddiagram--CommonalityDiagram(CD)--wasgeneratedtoshowthecontrolsystemsandtheirassociatedcomponentsthatwereaffectedbyeachcommonpowersupplyorsensor.IntheAnalysisPhase,FailureModesandEffectsAnalysis(FMEA)wasperformedoneachcommonpowersupplyandsensortodeterminetheeffectofthefailureonthecontrolsytemandonplantperformancesAnalysiswasthenperformedusingtheFMEAresultstodeterminethefollowing:l.ImpactonplantsafetyincludingplantresponseasperChapter15.2.IftheplantconditionswerewithinoperatorandsafetysystemcapabilitiesasperChapter15~Forthoseconditionsthatdidnotmeetthecriteriaofitems{l)and{2),recommendationsforplantmodificationsorChapter15reanalysiswereprovided.
ReportNo~02-0160-1102Revision12.2ResultsAtotaloftenpowersupplyandsensorcommonalitieswereidentifiedandanalyzed.Ofthesetencommonalities<n-'ne(9)'wereofthepowersupplytypeandone(1)wasoftnesensortype.1.Thefailureofpowersupply1D635125VDCthatiscommontotheReactorFeedwaterControlSystemand.PxessureRegulatorandT/GControlSystemresultedinplantconditionsthatmaynotbeboundedbyChapter15analysis.TheconditionisgeneratedbyamaximumdemandsignalfromtheFeedwaterSystemduetoazeroflowsignalfromtheBtrainflowsensorinstrumentationbeingprocessedbytheFeedwaterSystemonlossofthepowersupply.ThispowersupplyalsopowerstheReactorFeedPumpTurbineCtripcixcuit.Ifthereactorvesselhighleveltripsetpointisreachedinthismaximumfeeddemandsituation,RFPTsAandBwilltrip;RFPTCwillcontinuetooperateduetothetripcircuitfailure.ItshouldbenotedthatdataisnotcurrentlyavailabletoverifythattheLevel8txippointwillbereached.EDS,therefore,recommendsthattheappropriateinstrumentperfoxmancebereviewedandtransientanalysisbeperformedtoverifytheconditionexists.IftheLevel8tripisnotreached<theconditionsgeneratedbythefailureof1D635areboundedbyChapter15analysis.IfitisdetexminedthattheLevel8trippointisreached,EDSrecommendsthataplantmodificationbemadetoprovidedifferentpowersuppliesfortheBtrainfeedflowinstrumentationandtheReactorFeedPumpTurbineCtripcircuit.Asanalternatesolution,EDSrecommendsthatthemaximumfeeddemandconditioninChapter15bereanalyzedtovexifythatthefailureofthefeedpumptotripis,infact,boundedbycurrentChapter15analysis.2~AllothercommonpowexsupplyandsensorfailuresweredetexminedtobeeitherboundedbyChapter15analysisandwithinoperatorandsafetysystemcapabilitiesortonotimpactplantsafety.DetailedanalysisdocumentingtheresultsiscontainedinSection4.0andAppendicesBthroughF.
El ReportNo.02-0160-1102Revision03~0METHODOLOGYAsindicatedintheintroduction,themethodologythatwasutilizedbyEDSforthisprojectwasdesignedtomeetthefollowingobjectives:1.Toidentifypowersuppliesandsensorstotwoormorenon-safetygradecontrolsystems.2.ToanalyzetheeffectsofthefailureormalfunctionofthesepowersuppliesandsensorsoncontrolsystemstodetermineiftheresultingplantconditionsarecontainedwithintheboundaryofChapter15analysisandarewithinthecapabilitiesofoper'atorsandsafetysystems'hemethodologyemployedtoachievetheseobjectivesissummarizedinthissection.AdetaileddescriptionofthismethodologyiscontainedinAppendixA,"TechnicalProceduresforthePerformanceoftheAnalysis."Atwo-phaseapproachwasusedaspartofthismethodology.Phase1,the"IdentificationPhase,"consistedofidentifyingthefollowingitems:PlantsafetyfunctionsControlsystemsPowersuppliesandsensorstothecontrolsystemsPowersuppliesandsensorscommontocontrolsystemsPhase2,the"AnalysisPhase,"consistedoftheanalysisofthefailureofthesecommonpowersuppliesandsensorswithrespecttotheirassociatedcontrolsystems.Thecontrolsystemfailureswereanalyzedwithrespecttothefollowingcriteria:PlantresponseasperChapter15PlantconditionswithinoperatorandsafetysystemcapabilitiesReanalysisormodificationsrequiredtocorrectanyproblemsnotcoveredbythefirsttwocriteria3.1IdentificationPhaseThefirstpartoftheidentificationphaseconsistedofidentifyingthenon-safetygradecontrolsystemsthatcouldimpactplantsafety.Inordertoaccomplishthis,itwasfirstnecessarytoidentifythoseplantsafetyfunctionsthatarerequiredtobemetduringthevariousmodesofplantoperation.ThesafetyfunctionsweregeneratedusingChapter15,Appendix15AoftheCESAR.TheplantoperatingmodesandsafetyfunctionswereaddedtotheControlSystem ReportNo.02-0160-1102Revision0IdentificationDiagrams(CSIDs).Thesediagramscontainalltheidentificationinformationrequiredtodeterminecommonalitywithrespecttopowersuppliesandsensors-Subsequenttosafetyfunctionidentification,thecontrolsystemswhichcouldaffect.thesesafetyfunctionswereidentified.Thesecontrolsystemswereselectedfromthelistofnon-safetygradecontrolsystemsprovidedinChapter7'oftheFSAR.ThecontrolsystemswerethenaddedtotheCSIDs.ThepowersuppliesandsensorsrequiredtosupportthesecontrolsystemswereidentifiedandaddedtotheCSIDs-ThepowersupplyidentificationalsoincludedtheCascadingPowerSupplyEffect,thatis,thepotentialforfailureofhigherlevelpowersuppliesduetofailureofacorrespondinglowerlevelpowersupply'heboundaryofthecascadingeffectwaslimitedtothe120VACand125VDCinstrumentandcontrolbuses.ThisboundarywasbasedoninformationprovidedbythePPSLElectricalGroupconcerningcrediblehigherlevelpowersupplybusfailures.CSIDsareshowninAppendixC.Thefinal.partoftheidentificationphasewastodeterminewhichpowersuppliesandsensorswerecommontomorethanonecontrolsystem.ThiscommonalitywasaccomplishedusingtheCSIDs.Eachcommonpowersupplyandsensornotedwasthenusedasthefocalpointofaseconddiagram-CommonalityDiagram(CD)~Thisdiagrampresentedthecommonpowersupplyorsensor,thecontrolsystemsaffected,andthekeycomponentsandcircuitsthatarepartofthesecontrolsystems~CDsareshowninAppendixD.'.2AnalsisPhaseThemethodologyemployedintheanalysisphaseconsistedoftwoparts:FailureModesandEffectsAnalysis(FMEA)andMalfunctionAnalysis.TheFMEAtechniquewasusedtogeneratefailureeffectsinformationoneachcontrolsystemasitpertainstoitscommonmode.powersupplyorsensorfailure.UsingtheinformationfromtheCDs,theoveralleffectofthepowersupplyorsensorfailurewasdeterminedwithrespecttocontrolsystemandplantperformance.TheresultsofthispartoftheanalysisweredocumentedonFMEAformsascontainedinAppe'ndixE.MalfunctionanalysiswasthenperformedusingtheFNEAstodetermineiftheplantconditionsgeneratedimpactedonplantsafetyandwerewithinthecapabilitiesofoperatorsandsafetysystems.Theconditionsgeneratedasperthe ReportNo.02-0160-1102Revision0PMEAswerecomparedwithChapter15analysisforverificationofplantresponse,operatorresponse,andsafetysystemresponseForthoseplantconditionsinwhichplantsafetywasimpactedwithoutappropriateChapter15analysisandoperatorandsafetysystemcapabilityverifications,systemmodificationsorChapter15analysisrecommendationswereprovided.ThetablesinAppendixFwereusedasatooltodocumentthemalfunctionanalysis.Thisinformationwasthensummarizedintheresultssectionofthisreport.
ReportNo.02-0160-1102Revision0.4.0SUMMARYOFRESULTSThepurposeofthiseffortwastodetermineifthefailureofcommonpowersuppliesandsensorsfornon-safetygradecontrolsystemscouldimpactonSSESplantsafety.Theresultsofthiseffortaredividedintotwomajorareas:IdentificationofkeyelementsControlsystemsthatcouldimpactplantsafetyPowersuppliesandsensorstothesecontrolsystemsCommonpowersuppliesandsensorsforthesecontrolsystems2.AnalysisofcontrolsystemfailureReferencedtotheFSAR-Chapter15WithincapabilitiesofoperatorandsafetysystemsRecommendationsforreanalysisormodificationifrequiredThissectionprovidesasummaryoftheresultsdeterminedbyEDSwithrespecttoeachofthetwomajorareas'moredetaileditem-by-itemlistingoftheresultsiscontainedinAppendicesBthroughF.4.1IdentificationPriortoperformingtheanalysisonthesubjectcontrolsystemfailure,itwasnecessarytofirstdeterminewhichofthoseSSESnon-safetygradecontrolsystemcouldimpactplantsafety.BasedontheplantsafetyfunctionsforeachplantoperatingmodeasdescribedinChapter15andthecontrolsystemsdescribedinChapter7',"ControlSystemNotRequiredforSafety,"thecontrolsystemsthatcouldimpactplantsafetyweredeterminedanddocumentedasfollows:1~2.3.4,~5.6.~7~8.9~ReactorManualControlSystemRecirculationFlowControlSystemReactorFeedwaterControlSystemPressureRegulatorandTurbineGeneratorControlSystemTraversingIn-CoreProbeControlSystemReactorWaterCleanupControlSystemRefuelingInterlockControlSystemRodBlockMonitorSystemNuclearPressureReliefControlSystemItshouldbeemphasizedthatthislistincludesthosecontrolsystemsthatcouldimpactplantsafety.Actualdeterminationofthosecontrolsystemsthat,infact,doimpactplantsafetywouldbeaccomplishedduringthe ReportNo.02-0160-1102Revision1analysisphaseoftheproject-DocumentationofthesafetyfunctionsandcontrolsystemsiscontainedintheControlSystemIdentificationDiagrams(CSIDs)inAppendixC.BasedonthecontrolsystemscopeasdefinedinChapter7.7,thepowersuppliesandsensorsthatsupporteachofthesecontrolsystemswereidentified.Thepowersuppliesidentifiedwerethosespecific120VACand125VDCinstrumentandcontrolpowersupplies.Thesensorsidentifiedwerethosesensorsthatprovideinputsintothecontrolsystem.DetaileddocumentationofthesepowersuppliesandsensorsisalsocontainedintheCSIDs.Intheprocessofidentifyingcontrolsystempowersupplies,theCascadingPowerSupplyEffectwasalsoadd"essed.BasedonastudyperformedbythePPGLElectricalGroup,itwasdeterminedthattheonlycrediblecascadingpowersupplyfailurepossibleatSSESwasthatcombinationof1Y218and1Y219120VACbuses.ThesearetheonlytwoinstrumentandcontrolpowersuppliesthatwouldbesubjecttothecascadingeffectbasedonthedesignoftheSSESelectricaldistributionsystem.AllotherpowersuppliesatahigherlevelarebackedupbyeitheranalternateACsourceorabattery.Uponcompletionofthepowersupplyandsensoridentification,powersupplyandsensorcommonalitywasdetermined.CommonalityDiagrams(CDs)weregeneratedtoshowcommonalitybetweenthosecontrolsystemsidentified.Atotaloften(10)commonalitiesweredetermined.Thesecommonalitiesformthebasisfortheanalysisphaseoftheproject.TheCDsarecontainedinAppendixD.4.2AnalysisTheanalysisofthecontrolsystemsthatcontainedcommonpowersuppliesandsensorswasaccomplishedusingFailureModesandEffectsAnalysis(BREA),thenanalyzingtheoverallimpactofeachsystemFMEAontheplant.TheFMEAsweregeneratedforeachcontrolsystemasitpertainstothecommonpowersupply.orsensor.ThedetailedresultsofeachFMEAarecontainedinAppendixE.BasedontheBKAs,thedetailedanalysisofthesecontrolsystemswasperformed.Theresultsarepresentedhereintwocategories:(1)Failuresthatcouldimpactplant'afetyrequiringfurtheranalysis,and(2)failuresthatcouldimpactplantsafetyaddressedbyChapter15/failuresthatdonotimpactplantsafety.
ReportNo.02-0160-1102Revision11.FailuresThatCouldImactPlantSafetReirinFurtherAnalysisEDSanalysisdeterminedthatfailureofthepowersupply1D635125VDCcouldimpactplantsafetyandthereforerequiresfurtheranalysis.ThecontrolsystemsaffectedbythispowersupplyfailurearetheReactorFeedwaterandthePressureRegulatorandT/GControlSystems.TheconditionsthatmaynotbeboundedbyChapter15analysisare,however,isolatedtotheFeedwaterSystemonly-specificallytheFeedwaterFlowControlandReactorFeedwaterPumpTurbine(RFPT)TripContxolsub-systems.ThelossofthispowersupplydoesnotgenerateconditionsoutsideoftheboundaryofChapter15analysisforthePressureRegulatorandT/GControlSystem.Basedondatacurrentlyavailable,thesequenceofeventsthatresultfromthelossofthispowersupplyfortheFeedwaterSystemisasfollows:a.HM.leoperatingat100%reactorpower,theplantexperiencesalossof1D635.ThefeedwaterflowsignalfromtheBtraininstrumentationpoweredby1D635(FlowTransmitterFTlN002BandSRU6)changestozeroduetothelossof1D635-SincethefeedwaterflowsignalsfromtrainsA,BandCazesummed,thetotalfeedflowsignalchangesfrom100%feedflowto67%feedflowsubsequenttoreceivingtheerroneouszerosignalfromtheB,train.Thisintroducesamismatchbetweensteamflow,whichisstillat100%,andfeedflowwhichisat67%.b.Inresponsetothissteamflow,feedflowmismatch,theFeedwaterFlowContxolSystemsendsasignaltothethreeRFPT'stoinczeasefeedflowtomakeupfortheerroneous33%decxeaseinflow.Actualfeedflowatthispointwouldbeapproximately135%.cdSinceactualfeedflowissignificantlygreaterthanthatrequired,theincreaseinreactorvessellevel~marea'chtheLevel8(highlevel)'tripsetpoint~d-IftheLevel8tripsetpointisreached,atripsignalwillbesenttoRFPTsA,B,andCandtheT/G.RFPTsAandBandtheT/Gtrip.RFPTCfailstotripbecauseitstripcircuitwasdisableduponlossof1D635.
ReportNo~02-0160-1102Revision1BasedontheassumptionthattheLevel8setpointisreachedduetoexcessivefeedwaterdemand,theresultingconditionsarenotexplicitlyaddressedbyChapter15-Chapter15statesthattheplantresponsetoaLevel8condition,initiatedbyexcessfeedflow,shouldincludethetripofallRPPTsandtheT/G.SincetheconditionsgeneratedsubsequenttothefailureofRPPTCtotriparenotknown<itcannotbedetexminediftheplantsystemcapabilitiesareadequateusingpresentChapter15analysis.TheoperatordoesretaintheabilitytotakemanualcontroloftheRPPTCtomitigatetheeffectsofitscontinuedoperation.TheoperatorwouldbealertedtotherisingreactorvessellevelbytheLevel7alarm.Thiscondition,therefore,appearstobewithinthecapabilitiesoftheoperator.Xnordertoresolvethisproblem,EDSrecommendsthat,first,ananalysis(thermalhydraulicandinstrument)beconductedtoverifythattheLevel8setpointwillbereached,basedonthesequenceofeventspreviouslypostulated.ZftheresultsofthisanalysisverifythattheLevel8setpointisnotreached,thentheconditionsgeneratedbythelossofpowersupply1D635125VDCareinfactboundedbyChapter15analysis'ftheLevel8setpointisreached,thentheresultingconditionsrequirefurtheranalysis.PorthoseconditionsnotexplicitlyaddressedbyChapter15analysis,EDSrecommendsresolutionofthisproblembeaccomplishedinoneoftwoways.AplantmodificationcouldbemadetoremovethecommonalitybetweenthefeedwaterflowBprocessinstrumentation(PlowTransmitterandSRU)andtheRPPTCtripcircuit.BasedonEDSfailuremodesandeffectsanalysis,changingtheseinstrumentstoanalternatepowersupplywouldresolvethisproblem.1D615andXD625shouldbeeliminatedasalternativessincetheyprovidepowertotheRPPTAandBtripcircuits,respectively.EDSrecommendsthattheBtraininstrumentsbemovedtotheACpowersupplythatiscurrentlyprovidingpowertothePeedwaterPlowControlSyst:em-1Y218Breaker13.TheappropriateconversiondeviceswouldalsohavetobeaddedinordertoaccountforthechangeoveroftheseinstrumentsfromDCtoAC.MovingtheseinstrumentstolY218wouldnotchangetheoveralleffectontheFeedwaterPlowControlSystemsubsequenttothelossoflY218-Thesystemeffectsandplantresponseasnotedinthe1Y218PMEAwouldremainthesame~-10 ReportNo-02-0160-1102Revision1Ztshouldbenotedthatifanypowersupplyotherthan1Y218isselected,theappropriateFailureModesandEffectsAnalysisshouldbeperformedtoensurethatanewproblemisnotcreated.ThesecondmethodofproblemresolutionwouldbetoanalyzetheconditionsgeneratedbythecontinuedoperationofRFPTCtoverifythattheplantsystemswill<infact,mitigatetheprobleminspiteofthisnewcondition.2.FailuresThatZmctPlantSafetyAddressedbyChater15/FailuresThatDoNotImpactPlantSafetyTheremainingnine(9)controlsystemcommonalitieshavebeendetexminedbyEDStobeeith'eraddressedbyChapter15ortonotimpactplantsafety.Norecommendationsfoxmodificationoranalysisarerequired.Eachoneissummarizedasfollows:a.1D615125VDCThecontrolsystemsinvolvedwiththispowersupplyfailurearetheReactorFeedwaterControl,PressureRegulator-T/GControl,andRecirculationFlowContxol.Theonlyplantsafety-relatedconditiongeneratedbythisfailureisalossofrecirculationflowinLoopAandarecirculationrunbackinLoopB.ThisconditionandtheplantresponseiscoveredbyChapter15analysis.Thisconditionisalsowithinthecapabilitiesoftheoperator.Znaddition<safetysystemresponseisnotrequixed.b1D625125VDCThecontrolsystemsinvolvedwiththispowersupplyfailurearetheReactorFeedwaterControl,PressureRegulator-T/GControl,RecirculationFlowControl,andtheTraversingZn-CoxeProbe.Theonlyplantsafety-relatedconditiongeneratedbythisfailureisalossofrecirculationflowLoopB.ThisconditionandtheplantresponseforsingleloopflowarecoveredbyChaptez15analysis.Thisconditionisalsowithinthecapabilitiesoftheoperator.Inaddition,safetysystemresponseisnotrequired--11-ReportNo.02-0160-1102Revision0C~1D645125VDCThecontrolsystemsinvolvedwiththispowersupplyfailurearetheReactorFeedwaterControland'ressureRegulator-T/6Control.Theonlyplantsafety-relatedconditiongeneratedbythisfailureisapotentialhighreactorvessellevelduetothefailureoftheFeedwaterBlevelsensor..Thisfailurecombinedwithmaximumfeedwaterflowdemand(worstcase)isaddressedinChapter15.ThisvesselhighlevelconditioniswithinoperatorcapabilitiessincemanualcontroloftheReactorFeedwaterControlSystemisstillavailable.ThesafetysystemsthatrespondperChapter15forthisconditionpossessthenecessarycapabilitiestomitigatetheproblem.'d~lY218120VACThecontrolsystemsinvolvedwiththispowersupplyfailurearetheReactorFeedwaterContol,ReactorManualControlRecirculationFlowControl,PressureRegulation-T/6Control,ReactorWaterCleanup,NuclearPressureRelief,andTraversing'n-CoreProbeTheplantsafetyconditiongeneratedbythisfailureisapotentialhighorlowreactorvessellevelresultingfromtheFeedwaterControlSystemfailingatmaximumorminimumdemand.Thefailureofthispowersupplyinvolvesa"speedfreeze"ofthereactorfeedwaterpumpturbines(RFPT)~A"speedfreeze"meansthattheRFPTspeedislockedinattheratethatwaspresentpriortothelossofpower.Thisspeedfreezeatmaximumorminimumdemanddirectlyleadstoahighorlowwaterlevel,respectively.TheplantresponsetothemaximumorminimumfeedflowdemandisaddressedinChapter15.Inthemaximumdemandcondition,aLevel8tripwillresult,eventuallyleadingtoRFPTtrip,T/6trip,reactorscram,recirculationpumptrip,andHPC1'/RCICactuation.Theminimumdemandconditioncondition,asperChapter15,willresultinaplantresponseofaLevel3tripfollowedbyaLevel2trip~Thisresultsinareactorscram,recirculationpumptrip,MSIVclosure,T/6trip,andHPCI/RCICactuation.12
ReportNo.02-0160-1102Revision0Themaximumandminimumdemandconditionsarewithinoperatorcapabiliti'es.ThesafetysystemsthatrespondperChapter15fortheseconditionspossessthenecessarycapabilitiestomitigatethisproblem.Itshouldbenotedthatalthoughtheconditiongeneratedinbetweenmaximumandminimumfeedflowdemandisnotsafetyrelated,itpreventschangesfrombeingmadeontheReactorManualControl,ReactorFeedwaterControl,andtheRecirculationPlowControlsystems'ponlossofpower,eachofthesesystemsremainsintheconfigurationitwasinpriortothelossofpower.Specifically,rodscannotbemovedandfeedwaterandrecirculationflowcannotbealtered.Thisconditionisnotbeyondoperatorcapabilities,butshouldbeconsideredwhenPPSLisgeneratingplanttrainingoroperatingprocedures.e.1Y219.120VACThecontrolsystemsinvolvedwiththispowersupplyfailurearetheReactorManualControlSystemandtheReactorWaterCleanupSystem.Therearenoplantsafety-relatedconditionsassociatedwiththelossofthispowersupply;therefore,noChapter15analysisisrequired'peratororsafetysystemresponseisnotrequired.1Y226120VACgoThecontrolsystemsinvolvedwiththispowersupplyfailurearetheNuclearPressureReliefSystemandtheReactorWaterCleanupSystem.Therearenoplantsafety-relatedconditionsassociatedwiththelossofthispowersupply;therefore,noChapter15analysisisrequired.Operatororsafetysystemresponseisnotrequired.1Y629120VAC1ThecontrolsystemsinvolvedwiththispowersupplyfailurearethePressureRegulator-T/6Control,TheanalysisforlY629failureisbasedonT/6solenoidvalvesfailing"asis."Thisassumptionhastobemadeduetoalackofspecificreferenceinformation.13 ReportNo.02-0160-1102Revision0theReactorManualControlSystem,'andthe~RecirculationFlowControlSystem.TheconditionsassociatedwiththispowersupplyfailureareaT/6tripatlessthan30%poweroraT/6tripandreactorscramatgreaterthan30%power..TheplantresponseforeitherconditioniscoveredbyChapter15analysis'oththeT/6tripandthereactorscramarewithinoperatorcapabilities.These.conditionsarealsowithinthecapabilitiesofthesafetysystems,includingScram,,HPCI,'andRCIC,asperChapter15.FeedwaterFlowElements-FElNOOlA,B,CThecontrolsystemsinvolvedwiththissensorfailurearetheReactorFeedwaterControlandtheRecirculationControl~TheplantsafetyconditiongeneratedbythisfailureisapotentialhighorlowreactorvessellevelresultingfromtheFeedwaterControlSystemfailingatmaximumorminimumdemand.Thisfailureiscausedbyonefeedwaterflowelementfailingsuchthateitherahighfloworlowflowsignalisgenerated.TheplantresponsetothemaximumorminimumfeedflowdemandisaddressedinChapter15.Inthemaximumdemandcondition,aLevel8tripwillresult,eventuallyleadingtoRFPTtrip,T/6trip,reactorscram,recirculationpumptrip,andHPCI/RCICactuation.Theminimumdemandconditioncondition,asperChapter15,willresultinaplantresponseofaLevel3tripfollowedbyaLevel2trip~Thisresultinareactorscram,recirculationpumptrip,MSIVclosure,T/6trip,andHPCI/RCICactuation.Themaximumandminimumdemandconditionsarewithinoperatorcapabilities~Thesafetysystems-thatrespondperChapter15fortheseconditionspossessthenecessarycapabilitiestomitigatethisproblem.Itshouldbenotedthataflowelementfailurecausedbyamechanicalproblem(i.e.,cloggingatthesensinginletoroutlet)wouldtakeplaceoverarelativelylongperiodoftimeFlowdegradationshouldbenotedthroughroutineflowindicationmonitoring'4 ReportNo.02-0160-1102Revision0i.CascadinPowerSu1Effect-lY218and1Y219120VACInanalyzingtheSSESelectricaldistributionsystem,itispossiblethatafailureinpowersupply1X219couldcausepowersupply1Y218tofail,aswell,sinceitsuppliespowertolY219.ThefailureofahigherlevelpowersupplyduetoafailureofacorrespondinglowerlevelpowersupplyisdefinedastheCascadingPowerSupplyEffect.ThecombinedfailureoflY218and1Y219doesnotinvokeconditionsnotalreadycoveredintheanalysisofeachofthesepowersuppliesinsub-paragraphs(d)and(e)respectively.Thiscombinedfailureis,therefore,boundedbyChapter15analysisandwithinthecapabilitiesoftheoperatorandsafetysystems.Nootheranalysisisrequired.15
.
5.0REFERENCES
ReportNo.02-0160-1102Revision0Thefollowingisthelistofreferencesusedduringthisproject:5.1GeneralInformationSusquehannaSteamElectricStation,Units1and2,FinalSafetyAnalysisReport,PennsylvaniaPowerandLightCompany,Volumes1-17,Revision23,6/81.5'SstemDescritiveReferencesReactorFeedwaterControlSstemInstructionManuals4110and4125,AlphalinePressureTransmittersAbsoluteandGage,Models1151APand1151GP,Rosemount.2~3.5.6.7~8.IndicatingSwitches,LiquidLevel-DifferentialPressure-PlowRate,Product/Bullet,in288A/289A,ITTBarton.BaileyServiceManual,Type771NarrowRollStrip-ChartRecorder(4577Kll-300A)BaileyPartsManual,Type771,772,and773Strip-ChartRecorders,(4577Kll-350)~OperatingandInstructionManual,StaticInverterModelN250-MRS-125-60-115,TopazElectronics,October1974.Informationaboutthe(OrificePlate)BoreCalculation,Vikery-Simms,Inc.,VSIJobNo~-N-1053andN-1175.OrificeBoreCalculationLiquidFlow,Vike~-Simms,Inc.,2/23/76.PressureSwitchesPartsPriceList,Code1BourdonTube,Barksdale(BulletinNo.671221-B),January1,1973.9.BaileyServiceManual,Type745SingleandDualAlarm,.(4574K15-300F)~.10~BaileyServiceManual,Type754FunctionGenerator,(4575K14-300A).llewBaileyInstallationManual,Type754FunctionGenerator,(4575K14-001).
ReportNo'.02-0160-1102Revision012~BaileyInstructions,Type760001VoltageSignalSources,(4576K10-001).13'aileyServiceManual,755DynamicCompensator,(4575K15-300B).14..BaileyDifferenceData,Type755DynamicCompensatorCat~No~50-755010AAAA1NAB(4575K15-003).15~16.BaileyInstallationManual,Type701BasicController,(.4570K11-001A).Susquehanna1,OperationsandMaintenanceInstructions,FeedwaterControlSystem,GeneralElectric(GEK-73592A),April,1981.RecirculationFlowControlSstem2.3.4~5.7~8.9~10.Susquehanna1,OperationsandMaintenanceInstructions,.RecirculationFlowControlSystem,GeneralElectric(GEK-73590),February,1979.BaileyServiceManual,Type724LogicUnit,(4572K14-300B).BaileyInstallationManual,Type745SingleandDualAlarm,(4574K15-001A).BaileyServiceManual,Type745SingleandDualAlarm,(4574K15-300F).BaileyInstallationManual,Type752TwoInputandFourInputSummers,(4575K12-001B).InstallationandOperatingInstructions,RegulatedDCPowerSupplies,GeneralElectric(GEI-54440).BaileyInstallationManual,Type744DifferenceAlarm,(4574K14-001).BaileyInstallationManual,Type720UtilityStations,(4572K10-001)-BaileyServiceManual,Type720UtilityStations,(4574K10-300).BaileyInstructions,Type766SignalResistorUnitsCat~No.766--*,(4576K16-007A).17 ReportNo.02-0160-1102Revision012.13'4.15~BaileyInstallationManual,Type724LogicUnit,(4572K14-001).BaileyInstallationManual,Type740MillivoltConverters,(4574K10-001A).BaileyServiceManual,Type723ProportionalandDelayUnit,(4572K13-300).BaileyInstallationManual,Type723,ProportionalandDelayUnit,(4572K13-001).BaileyInstallationManual,,Type746SignalLimiter,(4574K16-001A)-16'BaileyInstallationManual,Type722ManualUnit,(4572K12-001).17'8.19~20.21.22.23.24.BaileyServiceManual,Type722ManualUnit,(4572K12-300A).BaileyInstallationManual,Type721ControlUnit,(4572K11-001).BaileyServiceManual,Type721ControlUnit,(4572K11-300).ACRPanels120/125Vand24VFeederTabulation,SusquehannaProject,BechtelPowerCorporation,ElectricalSchemeGroup,June22,1981.InstructionsforOperation,Installation,Maintenance,andCalibration,ElectronicFlowTransmitter73G-0049M,Ametek/SchuttesKoerting(74S-0269M-001),July,1974.I'nstructionManual,(4104/4126)Model1151DPAlphaline,DifferentialandHighDifferentialPressureTransmitters,Rosemount(8856-J03-A-25-1).BaileyServiceManual,Type751Sealer,(4575K11-300F).IEEEGuideforGeneralPrinciplesofReliabilityAnalysisofNuclearPowerGeneratingStationProtectionSystems,IEEEStandard352-1975.ReactorWaterCleanuSstemSusquehanna1,OperationandMaintenanceInstructions,ReactorWaterCleanupSystem,GeneralElectric(GEK-73608),February1979.18 Repox'tNo.02.-0160-1102Revision0PressureReulatorandT/GControlSstemGeneratorProtection,GeneralElectxic(GEK-75512A),November,1980.2~3~4~5.7~8.9-10.BasicFunctionsofElectrohydraulicControl(EHC)System,Nuclear(BoilingWaterReactor)Units,GeneralElectric(GEK-17911)~ProtectionSystem-ElectrohydraulicControl,BasicFunctions,GeneralElectric,(GEK-11366).SpeedControlUnit,(Fossil-Baseload,BWR,PWR),GeneralElectric(GEK-11381E).tInstructions,EHCLineSpeedMatcher,GeneralElectric(GEK-17910A)~Instructions,DescriptionofLoadControlUnit(BWR),GeneralElectric,(GEK-37946).LoadControlUnit,LoadReferenceCircuits,NuclearUnits,GeneralElectric(GEK-17864A).Instructions,LoadLimitCircuitsandLogic,(BWR),GeneralElectric,'(GEK-17863B)~Instructions,Chest/ShellWarmingCircuitsandLogic,3or5LightConfiguration,Nuclear-BWR,GeneralElectric,(GEK-46351B).RosemountPressureTransducerModel1104A,(GEK-37803).12-13~14-15~CurrenttoVoltageConverter,GeneralElectric,(GEK-25580).Instructions,RateSensitivePowerLoadUnbalanceCircuitandRelays,(Nuclear),.GeneralElectric,(GEK-37959A).FlowControlUnit,GeneralElectric,(GEK-25588).ValveTestLogic,(BWR),GeneralElectric,(GEK-37941).Pressux'eControlUnit,(BWR),GeneralElectric,(GEK-17885A)~16.TurbineInitialPressureRegulatorandControlSystem,BypassControlUnit,GeneralElectric,;(GEK-17880).19
ReportNo.02-,0160-1102Revision017.18.19.20.21'urbineInitialPressureRegulatorandControlSystem,AutomaticLoadFollowingSignal,GeneralElectric,(GEK17881)~AutomaticPressureSet-PointAdjust,GeneralElectric,(GEK-17882A).Instructions,ElectricAlarmandTripSystem,GeneralElectric,(GEK-11367C).FirstHitCircuitry,GeneralElectric,(GEK-25557).ProtectiveSystem-ElectrohydraulicControl,BasicFunctions,GeneralElectric,M-392,1971.22.ElectricAlarmandTripSystem,GeneralElectric,M-3931971.23.ElectricalPowerSupplies,GeneralElectric,M-399,1971.24.25.26.27.Instructions,TestingoZtheOverspeedTripSystem,GeneralElectric,(GEK-11383C).BackupOverspeedTrip,ElectrohydraulicControlSystem,GeneralElectric,(GEK-17978A).Instructions,ElectricalPowerSupplies,EHCSystem,GeneralElectric,(GEK-25540A).InstructionManualandPartsListModel730and751SeriesLiquidLevelControls,Bulletin:46-612,MagnetrolInternational,April1976.TraversinIn-CoreProbeSstem2.3.Preliminary,Susquehanna1and2,OperationandMaintenanceInstructions,TraversingIn-CoreProbeCa'librationSystem,GeneralElectric(GEK-73601A),February1981.OperationandMaintenanceInstructions,IndexingMechanism791E241G4(GEK-73601A),February1981.OperationandMaintenanceInstructions,DriveMechanism706E263G13,G14,G15,andG16,GeneralElectric(GEK-39600D),March1980.20 ReportNo.02-0160-1102Revision04..OperationandMaintenanceInstructions,ValveControlMonitor112C3706G8,G10,andG12,GeneralElectric(GEK-34668D),February1980.5.OperationandMaintenanceInstructions,ValveControlMonitor112C3706G7,G9,andGll,GeneralElectric(GEK-34573E),October1979.ReactorManual'ControlSstem1.Susquehanna1and2,OperationandMaintenanceInstructions,ReactorManualControlSystem,GeneralElectric(GEK-73596A),April1981.2.Susquehanna1,OperationandMaintenanceInstructions,ControlRodDriveHydraulics,GeneralElectric(GEK-73595A),March1981.NuclearPressureReliefSstem1.Susquehanna1,OperationandMaintenanceInstructions,AutomaticDepressurizationSystem,GeneralElectric(GEK-73602),February1979.5.3SstemDrawingsGeneralReferencesGeneralElectricBechtel8856-Ml-H12-877SH1-10E-10SH1-3E-42SH14-19,SH21-22E-64SH17gSHll28ReactorFeedwaterControlSstemGeneralElectricBechtel8856-Ml-C32-17SH1-68856-M6-3SH11E-126SH1-2J-127SH7,9j-427SH3M-106M-127SH1-2E-114SH1-2E-127SH6RecirculationFlowControlSstemGeneralElectricFF116510SH1101-1103*8856-Ml-B31-178SH1-218856-Ml-B31-189SH1-58856-Ml-B31-275SH1-2121 ReportNo.02-0160-1102Revision00RecirculationPlowControlSstem(cont'd)BechtelM-103M-105M-106M-115M-140M-143E-129SH17J-105SH1-10J-106SH1-11J-115SH1-11J-406"SH2J-410SH4ReactorWaterCleanuSstemGeneralElectricBechtel8856-Mj-G33-140SH1-5M-144PressureReulatorandT/GControlGeneralElectricBechtelTraversinIn-CoreProbeGeneralElectricBechtel8856-M2J-6SH1-398856-M2J-10SH18856-M2J-34SH1-38856-M2J-39SH1-78856-M2J-40SH1-108856-M2J-112SH1-7E>>101SH4E-illSH1-4E-120SH1-8E-121SH1-4E-122SH1-4M-101791E413SH1-5*E-177SH4,8ReactorManualControlSstemGeneralElectricBechtel8856-Ml-C12-108SH1,28856-Ml-C12-110SH1-9,SH11-12,SH14-32'H35-36E-158SH1-3E-169SH2-4M-146M-147 ReportNo.02-0160-1102Revision0NuclearPressureReliefSystemGeneralElectricBechtelRefuelinInterlockPGeneralElectricRodBlockMonitoringBechtel8856-B21-'129SH1-8E-180SH1-8M-141M-1428856MlC12110SH19gSHll12'H14-32,SH35-368856-Ml-F21-52SH1-19E-157SH1-6E177SH1I3ISH48'Note:Bechteldrawingnumberswereusedexceptwherenotedbyanasterisk.AnasteriskwillindicateaGeneralElectricnumber.23