ML17354A814

From kanterella
Revision as of 07:43, 14 September 2018 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Chapter 9.5.1, Fire Protection System, Safety Evaluation with No Open Items, GEH Advanced Boiling Water Reactor DC Renewal
ML17354A814
Person / Time
Site: 05200045
Issue date: 03/08/2018
From: Adrian Muniz
NRC/NRO/DNRL
To:
Muniz A
Shared Package
ML18003A278 List:
References
Download: ML17354A814 (3)


Text

1 9.0 Auxiliary Systems 9.5.1 Fire Protection System 9.5.1.1 Regulatory Criteria In Revision 6 of the ABWR DCD, the applicant proposed to modify DCD Tier 2, Section 9.5.1, "Fire Protection System," to clarify the likelihood of multiple spurious actuations (also called "multiple spurious operations") due to fire in digital systems. The DC Renewal applicant also proposed changes to the DCD to require combined license (COL) applicants to follow the methodology in NEI 00-01, "Guidance for Post Fire Safe Shutdown Circuit Analysis," Revision 2, as modified by Regulatory Guide 1.189, "Fire Protection for Nuclear Power Plants," Revision 2, in order to address multiple spurious actuations in analog systems. These proposed changes are limited to clarifying the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire, clarifying the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation, and specifying the methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems for compliance with General Design Criterion (GDC) 3, "Fire Protection," as set forth in Appendix A, "General Design Criteria for Nuclear Power Plants," to Title 10 of the Code of Federal Regulations (10 CFR) Part 50, "Domestic Licensing of Production and Utilization Facilities," and compliance with 10 CFR 50.48, "Fire protection," as these regulations existed in 1997. Therefore, they are "modifications," as that term is defined in Chapter 1 of this supplement, and will correspondingly be evaluated using the regulations applicable and in effect at the initial ABWR certification.

The relevant regulatory requirements for this area of review are:

  • 10 CFR 50.48 (1997), "Fire protection," subsection (a) which required, in part, a description of "the means to limit fire damage to structures, systems, or components important to safety so that the capability to safely shut down the plant is ensured."

The staff conducted its review in accordance with Section 9.5.1, "Fire Protection Program," of NUREG-0800, "Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants (LWR Edition)," (SRP) (1981)). In addition, the staff's review followed the guidance in Regulatory Guide (RG) 1.189, Revision 2, with respect to multiple spurious actuations in analog systems.

9.5.1.2 Summary of Technical Information In NUREG-1503, Section 9.5.1, "Fire Protection System," the staff FSER for the originally certified ABWR DCD, the staff did not mention spurious actuations, nor is there a discussion on digital instrumentation & control (I&C) systems' response given a fire event. For design basis fire events, generally, the originally certified ABWR DCD, Tier 2 Section 3.13.4.2, "Fire Events," stated: "- [S]eparation criteria are maintained during design basis fire events. Internal fire in 2 one affected zone will not propagate to other [redundant] divisions. Smoke is removed from the affected zone. Other zones are pressurized and also vented." Thus, the ABWR is designed to maintain safe shutdown capabilities following a fire in any affected zone. In addition in DCD Tier 2 Section 9.5.1.1.7, "Spurious Control Actions," the originally certified DCD stated, "The probability of two spurious signals matching is essentially zero."

In a request for additional information (RAI) 09.05.01-1, dated April 29, 2015 (Agencywide Documents Access and Management System (ADAMS) Accession No. ML15118A725), the staff requested GEH to perform an evaluation for the effects of multiple spurious operations due to a fire consistent with NEI 00-01, Guidance for Post Fire Safe Shutdown Circuit Analysis," Revision 2, as modified in RG 1.189, "Fire Protection for Nuclear Power Plants," Revision 2 or to propose and justify an alternative.

9.5.1.3 Technical Evaluation The applicant provided responses to the staff's RAI in letters dated July 30, 2015 (ADAMS Accession No. ML15212A762), October 29, 2015 (ADAMS Accession No. ML15302A308), April 11, 2016 (ADAMS Accession No. ML16102A344), and December 7, 2016 (ADAMS Accession No. ML16342C331), including proposed DCD mark-ups.

GEH stated that a detailed assessment of the ABWR's vulnerability to multiple spurious operations would need to be conducted during the detailed design phase. GEH proposed the following changes to DCD Tier 2, Sections 9.5.1.1.7 and 9.5.13.22:

The staff finds this acceptable since RG 1.189, Rev 2 endorses NEI 00-01, Rev 2. The DCD now provides an acceptable methodology for performing the fire-induced multiple spurious analysis, whereas the original design certification did not specify a methodology.

The applicant also addressed multiple spurious actuations due to fire in digital systems by proposing several changes to DCD Tier 2, Section 9.

5.1.1.7. First, the applicant proposes to replace the words "probability -is essentially zero" with "likelihood - is miniscule." The staff finds this acceptable because the revised DCD no longer implies a probabilistic analysis was utilized, which is consistent with the application of a deterministic fire protection program. Second, the applicant proposes to insert language to clarify that along with optical fiber cabling, fire-induced spurious actuation will be considered in main control room components, Remote Multiplexing Units (RMU), Essential Multiplexing System (EMS) and digital controller equipment in the C/B connected via fiber-optic cable. The staff finds this acceptable because this change properly expands the spurious actuation analysis to include the digital equipment both in and outside of the main control room fire area. Third, the applicant proposes to insert language providing a description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious actuation. The digital architecture utilizes message 3 authentication which requires the message format and sequence to be correct and to be recognized. The staff finds this acceptable because it makes use of features that are pertinent to digital systems.

The staff finds acceptable the proposed changes described above because they clarify the language in the ABWR DCD in regards to the likelihood of multiple spurious actuations due to a fire and the description of the defense-in-depth of the digital architecture that would prevent a spurious signal from becoming a spurious act uation. In addition, t he DCD specifies the NRC-approved methodologies to be used by COL applicants when addressing multiple spurious actuations in analog systems.

All the changes identified above are being tracked as Confirmatory Item 9.5.1-1.

9.5.1.4 Conclusion Based on the evaluation provided in this FSER section supplement, the staff concludes that the proposed changes do not alter the safety findings made in the FSER for the original ABWR certification. In addition the changes proposed by the applicant, addressing multiple spurious actuations in analog systems, are in accordance with updated guidance in RG 1.189, Revision 2. Therefore, the staff finds that the proposed changes comply with

10 CFR 50.48 (1997) and GDC 3 (1997) and are acceptable.