ML071210353
| ML071210353 | |
| Person / Time | |
|---|---|
| Site: | Harris  |
| Issue date: | 09/21/2006 |
| From: | Ertman J Progress Energy Carolinas |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| FPIP-0202, Rev 0 | |
| Download: ML071210353 (10) | |
Text
PROJECT INSTRUCTION FPIP-0202 FIRE PRA Component Selection Revision 0 Prepared by Reviewed by Approved by FPIP-0202 Rev. 0 Page 1 of 10
TABLE OF CONTENTS SECTION PAGE 1.0 PURPOSE.......................................................................................................................3
2.0 REFERENCES
................................................................................................................3 3.0 DEFINITIONS..................................................................................................................3 4.0 RESPONSIBILITIES........................................................................................................3 5.0 PREREQUISITES............................................................................................................4 6.0 PRECAUTIONS AND LIMITATIONS...............................................................................4 7.0 SPECIAL TOOLS AND EQUIPMENT..............................................................................4 8.0 ACCEPTANCE CRITERIA...............................................................................................4 9.0 INSTRUCTIONS..............................................................................................................4 9.1 Overview...............................................................................................................4 9.2 Obtain Current Equipment lists.............................................................................5 9.3 Deterministic Safe Shutdown Analysis Equipment List.........................................5 9.4 Internal Events PRA Model Equipment List...........................................................6 9.5 Unique Fire Induced Core Damage Sequences....................................................8 9.6 Instrumentation.....................................................................................................8 9.7 Documentation of Data Mapping...........................................................................9 10.0 RECORDS.......................................................................................................................9 FPIP-0202 Rev. 0 Page 2 of 10
1.0 PURPOSE This procedure provides requirements and guidance for the selection of plant equipment to be treated in the Fire PRA. The guidance and requirements are applicable to the Robinson Nuclear Plant (RNP), Brunswick Nuclear Plant (BNP), Harris Nuclear Plant (HNP), and Crystal River 3 (CR3).
2.0 REFERENCES
2.1 Developmental 2.1.1 PRO-NGGC-0201, NGG Standard Procedure Writer's Guide 2.1.2 FPIP-0100, Fire Protection initiatives Project-Project Controls 2.2 Implementing 2.2.1 EPRI/NRC-RES Fire PRA Methodology for Nuclear Power Facilities: Volume 2; Detailed Methodology. Electric Power Research Institute (EPRI), Palo Alto, CA, and U.S. Nuclear Regulatory Commission, Office of Nuclear Regulatory Research (RES), Rockville, MD: 2005, EPRI TR-1011989 and NUREG/CR-6850 2.2.2 NGG Fire Protection Program Improvement Initiatives, Attachment 2, NFPA 805 Transition Project Technical Details 2.2.3 NEI 04-06, Rev.1, Guidance for Self-Assessment of Circuit Failure Issues 2.2.4 NEI 00-01, Rev.1, Guidance for Post-Fire Safe Shutdown Circuit Anaylsis 3.0 DEFINITIONS 3.1 Shall The use of the term 'shall' denotes a requirement or a mandatory activity 3.2 Should The use of the term 'should' denotes an expected action unless there is justifiable reason not to perform the action. 3.3 Fire Compartment Within this document, the use of the terms Fire Compartment, Fire PRA Compartment, and compartment are all intended to be equivalent. A Fire Compartment is a location associated with a plant that is bounded by features for which there is reasonable confidence that such boundaries are capable of preventing the spread of fire.
4.0 RESPONSIBILITIES 4.1 Fire Protection/SSA Engineer 4.1.1 Provide the approved safe shutdown equipment list and spurious actuation studies FPIP-0202 Rev. 0 Page 3 of 10
4.1.2 Support the PRA engineer with component select tasks as needed 4.2 PRA Engineer 4.2.1 Review the scope of plant system equipment, and associated function(s), treated in the internal events PRA model for inclusion in the Fire PRA. 4.2.2 Review the scope of plant system equipment, and associated function(s), treated in the post fire safe shutdown analysis for inclusion in the Fire PRA. 4.2.3 Review the scope of plant instruments not already considered in the items above for inclusion in the Fire PRA. 4.2.4 Review of the results of Multiple Spurious actuations studies and the related sequences for consistency with the plant PRA and Fire PRA models. 5.0 PREREQUISITES 5.1 The Fire PRA Component selection is the first step towards the development of the actual Fire PRA model. This model is developed from the internal events PRA model. As a consequence, an approved version (revision) of the internal events PRA model shall be selected as the basis for the Fire PRA. 5.2 The Fire Safe Shutdown Program Manager database for plant equipment shall be completed prior to finalizing this task. The intent here is to ensure that the full scope of plant equipment credited for post fire safe shutdown analysis is considered in development of the Fire PRA.
5.3 The results of any expert panel assessment, multiple-spurious actuation study, or NEI 04-06 assessment should be completed and incorporated into this task. The results of these tasks may identify unique fire induced sequences that would not be adequately treated based on the logic in the internal events PRA model. 6.0 PRECAUTIONS AND LIMITATIONS There are no specific precautions or limitations for this task. 7.0 SPECIAL TOOLS AND EQUIPMENT N/A 8.0 ACCEPTANCE CRITERIA N/A 9.0 INSTRUCTIONS 9.1 Overview The overall process of performing the Fire PRA Component Selection Task is described in NUREG/CR-6850 [1]. The specific guidance, requirements, and criteria provided therein should be applied together with the requirements of this Project Instruction. The development of a Fire PRA model begins with the existing plant internal events PRA model. The scope of equipment considered and treated in the PRA model must then be reconciled with the scope of plant equipment treated in the deterministic post fire safe FPIP-0202 Rev. 0 Page 4 of 10
shutdown analysis. Through this process, a portion of the issue related to treatment of fire induced core damage sequences can be addressed. The balance of the issue related to fire induced core damage sequences is addressed though other activities associated with the treatment of multiple fire induced spurious actuation. Another key element of this scope of work involves the treatment of plant instrumentation. This scope of instruments consists of those relied upon in the Human Reliability Analysis (HRA) for credited operator actions and those additional instruments whose fire induced failure could lead to incorrect or otherwise undesired operator actions. The resulting Fire PRA Component list is then used in subsequent tasks to complete the development of the Fire PRA. 9.2 Obtain Current Equipment lists The starting point for Fire PRA Component Selection is the currently identified equipment included in the Safe Shutdown Analysis and the Internal Events PRA. 9.2.1 Obtain a copy of the post fire (SSEL) and note the revision or version identifier of the list or source document. Ensure that this listing has sufficient detail to ascertain the intended function(s) of each component (active versus passive, open versus close, start versus stop, Hi/Lo interface, flow diversion, etc). 9.2.2 Obtain a list of basic events from the Internal Events PRA. Basic events which do not map to equipment can generally be screened. This includes initiators, HFEs, common cause, maintenance, flags, etc. The remaining basic events should be "mapped" to a component tag. This mapping is typically developed as part of the online risk models (EOOS), but may exist elsewhere. If it does not exist it must be developed.
Note: for the remainder of this document, the term basic event implies a component with a specific failure mode. 9.2.3 Obtain the HRA analysis from the PRA, and identify instruments which may be relied upon for event success but may not be explicitly modeled in the PRA. 9.3 Deterministic Safe Shutdown Analysis Equipment List The full scope of the plant equipment considered in the post fire safe shutdown equipment list shall be reviewed and individually dispositioned for applicability in the Fire PRA. Care must be taken to compare component IDs and failure modes. For each component on the SSEL, determine whether mapping of that component to the plant PRA model is necessary. A component on the SSEL should be mapped to the PRA model if that component's fire induced failure would disable or otherwise adversely affect the plant's capability to mitigate the potential consequences of that fire event. A disposition should be provided for each component reviewed as follows:
NA - not modeled and not required to be modeled in PRA (w/notes)
OK - modeled in the PRA (add Basic Event and PRA tag ID if different) FPIP-0202 Rev. 0 Page 5 of 10
AD - needs to be added to PRA (add BE/TAG info when complete) The scope of the SSEL may include plant equipment that are not material the Fire PRA study. For each item on the SSEL determined to be not applicable to the Fire PRA, a justification shall be provided. This may occur due various reasons. Examples Include: The component is on the SSEL to satisfy the deterministic regulatory requirement to achieve cold shutdown conditions. This safe endstate for the Fire PRA is based on the internal events PRA success criteria. This criteria and associated safe endstate is typically safe and stable hot standby (shutdown) conditions. As a consequence, there may be certain equipment on the SSEL that are not needed, or whose fire induced failure is not material to the CDF calculation. The component provides only an indication function and is not associated with any credited operator action and is not likely to cause the operator to performed unwanted or un-needed actions that have undesired affects - such as tripping a otherwise unaffected running pump. The component may be passive and be included for boundary definition only (manual valves or check valves). Typical PRA methods for treating as pre-initiators and flow diversions can be used to screen. Fire dampers can also be screened from this analysis if they do not impact the PRA success criteria, since PRAs typically only require HVAC to a few areas in the plant for accident mitigation. Dampers can also be addressed during fire scenario development and multi-compartment analyses. For each item on the SSEL determined to be in the scope of the Fire PRA, identify the applicable failure modes to be considered. Identify the model changes needed. For example, a particular basic event may exist only in that sub-structure associated with Steam Generator tube rupture and would not be considered in the Fire PRA as a credible fire induced initiating event. In such instances, it may be necessary to edit the plant PRA model to properly treat the consequences of the postulated fire event. The model changes can be made in Task 5 (Fire-Induced Risk Model). 9.3.1 The completion of this task shall result in an annotated version of the SSEL where each entry has a disposition justified per 9.3.1. In the event one or more SSEL items cannot be adequately mapped, then PRA model changes may be required as described in Section 9.4. 9.4 Internal Events PRA Model Equipment List The Fire PRA Model is based on the internal events PRA model. The internal events PRA model typically treats the full plant capability. However, in order to apply this same completeness to the Fire PRA would require the identification of cables and their spatial location for all associated components. In order to achieve an equitable balance between analysis completeness and overall analysis development cost, the initial scope of plant equipment to be credited in the analysis will be dependent on the availability of data. FPIP-0202 Rev. 0 Page 6 of 10
The data to be used in the Fire PRA will be obtained from two sources. The deterministic post fire safe shutdown equipment list (SSEL) and associated cables. The scope of 'non-Appendix R' equipment and cables deemed to have high potential risk importance. For this final set of components, the associated set of cables as well as all spatial location information must be developed as part of the Fire PRA development effort. The performance of the steps in this Section can be completed in an iterative manner with the steps in Section 9.2. 9.4.1 The revision or version of the internal events PRA model to be used as the base model for the Fire PRA development shall be identified and documented. 9.4.2 Starting with the list obtained in 9.2.2., identify passive/mechanical equipment, such as manual valves which do not have circuits to be traced. Apply disposition code of "P" for documentation purposes. 9.4.3 Identify Equipment is uniquely associated with an initiating event that cannot occur or be caused by a postulated fire event. Examples of these include Large Break LOCA and Steam Generator Tube Rupture.. Apply disposition code of "
U" for documentation purposes. 9.4.4 For the remaining components, identify the normal and desired positions for the basic events. This information should be easily correlated to the failure mode identified by the basic event. 9.4.5 Identify the basic events which are already considered by SSEL. Apply disposition code of "
Y" for documentation purposes. 9.4.6 For the remaining components, determine (or obtain from other documents) the risk significance (based on the internal events) if they are failed (RAW).
Note: This list can be provided as is to the SSA engineer for cable routing consideration, and support for basic event disposition. 9.4.7 For each component determine the need to include the component for fire protection (NFPA-805) credit. If credited, circuit routing may be required.
Disposition should be documented. The following codes can be used: P - Passive/mechanical equipment does not need to be evaluated. U - Equipment is uniquely associated with an initiating event that cannot occur or be caused by a postulated fire event. Examples of these include Large Break LOCA and Steam Generator Tube Rupture. Y - Already included in SSEL (identify tag id if different) L - Low importance (RAW) equipment may not need to be credited (assume it fails given the fire). Spurious action should be considered. FPIP-0202 Rev. 0 Page 7 of 10
A - equipment should be credited and have circuits routed.
9.5 Unique Fire Induced Core Damage Sequences The development of the Fire PRA Model may identify instances where the consequence of a postulated fire induced equipment failure is not treated in the base internal events PRA model. This is most likely to occur when multiple spurious actuation events are considered. The exclusion of such treatment in the internal events PRA model is because the negligible probability of these events occurring due to random failures. In these cases, a modification of the PRA model shall be prepared so that the resultant analysis properly treats the fire induced consequence. One of the objectives of the Fire PRA Model development task is to maintain an overall framework wherein the entire plant risk assessment is embodied in a single integrated model. Therefore, if a PRA model change is required as described in this Section, that change must also be incorporated into the internal events PRA Model. As such, any changes that are needed must also consider the existing administrative procedures and controls associated with internal events PRA model edits. 9.5.1 Review the scope of 'un-mapped' SSEL items from Section 9.3 and determine whether the addition of one or more model basic events and associated logic structure is required. 9.5.2 The identification of potentially unique fire induced core damage sequences may also occur as a result of the Expert Panel reviews and/or NEI 04-06 related self-assessments related to the multiple spurious actuation issue. A review of these shall be performed to determine whether additional changes to the Fire PRA Model are required. 9.5.3 The addition of any PRA Model basic events that occurs as a result of the Section 9.5 steps shall also be reviewed in accordance with Section 9.4 of this procedure. 9.6 Instrumentation The development of the Fire PRA includes the treatment of plant instrumentation in a fashion not previously described or required in prior industry guidance documents. The treatment of plant instrumentation is intended to address potential consequences of fire induced failure. The postulated fire induced failure of plant instrumentation may result in the loss of a credited 'input' that provides the cue to initiate an operator action. The loss of such an instrument could potentially invalidate the associated Human Reliability Analysis (HRA) and the resultant Human Error Probability (HEP) used in the plant PRA. The postulated fire induced failure of plant instrumentation may result in the generation of erroneous signals and/or spurious alarms that may lead to mal-operation of the plant equipment in response to procedure directed operator actions. FPIP-0202 Rev. 0 Page 8 of 10
The objective of this step is to identify those plant instruments that are important to the performance of plant equipment and to ensure that they are considered in the development of the plant Fire PRA model. 9.6.1 Review the scope of human actions to be 'credited' in the Fire PRA Model. For each of the actions, identify the instrument(s) relied upon for providing the operator cue. 9.6.2 Perform a review of the plant alarm response procedures. Identify those instances where the occurrence of a single 'spurious' alarm signal, by itself, would result in an immediate operator response to terminate a key system's or component's operation that would otherwise be desirable to continue operation. 9.6.3 For each identified occurrence of the condition described in Section 9.6.2, identify the specific instrument and associated instrument LOOP components.
Also identify or characterize the consequence of the failure, or spurious signal, from that instrument. If an existing PRA model basic event can be used to properly treat the failure consequence, then identify the basic event(s). If a model change or new basic events are required, then provide a disposition indicating such. This latter information is necessary to support the Task 5 development of the Fire PRA model. 9.6.4 For each instrument (or instrument LOOP) identified, ensure that the equipment is added to the scope of the Fire PRA. While a specific Fire PRA Equipment list is not required, some means to ensure that those components credited in the Fire PRA have their associated cables identified in Task 3 shall be provided. 9.7 Documentation of Data Mapping The development of the Fire PRA involves the collection of large volumes of data that are logically related. These logical data relationships are relied upon in the application of various electronic search and sorted routines to support the completion of the analysis. The SSEL is maintained in the FSSPMD. Each component should have a disposition code for application to the PRA. Equipment added as a result of PRA review in section 9.4 will be added to the list and coded to indicate that they are not part of the formal SSEL. The PRA database contains a list of the modeled basic events. Each basic event will have a component reference and a disposition for applicability to fire analysis. This data will be maintained as part of the formal PRA documentation/models. 9.8 Deliverables 9.8.1 A candidate list of the components and functions to be added to the PRA. 9.8.2 A candidate list of the PRA components and functions for cable/circuit routing. 10.0 RECORDS N/A FPIP-0202 Rev. 0 Page 9 of 10
FPIP-0202 Rev. 0 Page 10 of 10