Information Notice 1994-20, Common-Cause Failures Due to Inadequate Design Control and Dedication

Common-Cause Failures Due to Inadequate Design Control and Dedication

ML031060589
Person / Time
Site:	Beaver Valley, Millstone, Hatch, Monticello, Calvert Cliffs, Dresden, Davis Besse, Peach Bottom, Browns Ferry, Salem, Oconee, Nine Mile Point, Palisades, Palo Verde, Perry, Indian Point, Fermi, Kewaunee, Catawba, Harris, Wolf Creek, Saint Lucie, Point Beach, Oyster Creek, Watts Bar, Hope Creek, Grand Gulf, Cooper, Sequoyah, Byron, Pilgrim, Arkansas Nuclear, Three Mile Island, Braidwood, Susquehanna, Summer, Prairie Island, Columbia, Seabrook, Brunswick, Surry, Limerick, North Anna, Turkey Point, River Bend, Vermont Yankee, Crystal River, Haddam Neck, Ginna, Diablo Canyon, Callaway, Vogtle, Waterford, Duane Arnold, Farley, Robinson, Clinton, South Texas, San Onofre, Cook, Comanche Peak, Yankee Rowe, Maine Yankee, Quad Cities, Humboldt Bay, La Crosse, Big Rock Point, Rancho Seco, Zion, Midland, Bellefonte, Fort Calhoun, FitzPatrick, McGuire, LaSalle, Fort Saint Vrain, Shoreham, Satsop, Trojan, Atlantic Nuclear Power Plant
Issue date:	03/17/1994
From:	Grimes B Office of Nuclear Reactor Regulation
To:
References
IN-94-020, NUDOCS 9403110132
Download: ML031060589 (11)
v • d • e

UNITED STATES NUCLEAR REGULATORY

COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C. 20555 March 17, 1994 NRC INFORMATION

NOTICE NO. 94-20: COMMON-CAUSE

FAILURES DUE TO INADEQUATE

DESIGN CONTROL AND DEDICATION

Addressees

All holders of operating

licenses or construction

permits for nuclear power reactors.

Purpose

This information

notice is being provided to alert addressees

to potential common-cause

failures resulting

from inadequate

design control and dedication

measures implemented

for the replacement

of electromechanical

relays with digital microprocessor-based

relays. It is expected that recipients

will review the information

for applicability

to their facilities

and consider actions, as appropriate, to avoid similar problems.

However, suggestions

contained

in this information

notice do not constitute

NRC requirements;

therefore, no specific action or written response is required.Description

of Circumstances

A common-cause

failure at the Beaver Valley Unit 2 Power Station rendered inoperable

multiple trains of a system designed to mitigate the consequences

of an accident.

On November 4, 1993, during testing of the Train A, 2-1 emergency

diesel generator (EDG) load sequencer, the sequencer

failed to automatically

load safety-related

equipment

onto the emergency

bus. Two suspect relays were replaced and the surveillance

test was successfully

repeated.

On November 6, 1993, during surveillance

testing, the Train B, 2-2 EDG load sequencer

failed to automatically

load safety-related

equipment

onto the emergency

bus. An NRC Augmented

Inspection

Team was sent to the site to review the circumstances

surrounding

these events (Inspection

Report 50-412/93-81).

Discussion

The EDG load sequencers

control the sequence in which safety-related

equipment starts after the EDG restores power when normal power is lost on the emergency busses. Timer/relays

are used to load the safety-related

equipment

in six discrete steps during a 1-minute period. The same type of timer/relay

is also used to reset the diesel generator

load sequencer

if a safety injection

or a 9403110132 PbR 'tE V40Nv+ 9u-oCo Cqc3I u3/\

IN 0,-0O March 17, 1994 containment

isolation

Phase B signal is received.

Resetting

the load sequencer

allows necessary

emergency

core cooling system equipment

to be loaded. The load sequencers

originally

used electromechanical

timer/relays

to generate the timed steps and sequencer

reset function.

The electro-mechanical

timer/relays

were replaced with microprocessor-based

timer/relays

during the second refueling

outage, in November 1990. Each train of the load sequencer

has eight Model 365A digital microprocessor-based

timer/relays

manufactured

by Automatic

Timer Controls Inc. The timer/relays

were purchased as commercial-grade

items and dedicated

for safety-related

service.A review of these events indicated

that the microprocessor-based

timer/relay

failed as a result of the voltage spikes that were generated

by the auxiliary relay coil controlled

by the timer/relay.

The voltage spikes, also referred to as "inductive

kicks," were generated

when the timer/relay

time-delay

contacts interrupted

the current to the auxiliary

relay coil. These spikes then arced across the timer/relay

contacts.

This arcing, in conjunction

with the inductance

and wiring capacitance, generated

fast electrical

noise transients

called "arc showering" (electromagnetic

interference).

The peak voltage noise transient

changes as a function of the breakdown

voltage of the contact gap, which changes as the contacts move apart and/or bounce. These noise transients

caused the microprocessor

in the timer/relay

to fail. The failure of the microprocessor-based

timer/relay

caused the time-delay

contacts to reclose shortly after they had properly opened as part of the load sequencer

operation.

Closing the time-delay

contact locked out (deenergized)

the load sequencer

master relay and prevented

the load sequencer

from operating.

To correct the identified

problem, the licensee installed

diodes across the auxiliary

relay coils to suppress the voltage spike that had caused the microprocessor-based

timer/relay

failure. This modification

was confirmed to correct the problem through successful

testing of the EDG load sequencer.

The design control for the selection

and review for suitability

of the microprocessor

timer/relays

for this application

was not adequate.

The modification

design data did not identify the potential

for voltage spiking by the auxiliary

relays and translate

that potential

into electromagnetic

interference

requirements

for the equipment

purchase specification

and the dedication

testing specification.

As a result of inadequate

design control, a common-cause

failure mechanism

was introduced

into the diesel generator

load sequencers.

This event highlights

the need to ensure proper design control activities

when replacing

discrete component

electrical

or electromechanical

devices with digital microprocessor-based

electronic

devices. Specifically, the event

IN 9"-iO March 17, 1994 shows that safety-significant, common-mode

failures can occur when the design review does not ensure that the digital, microprocessor-based

replacement

equipment

is compatible

for the specific application

and service environment.

This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

contacts:

John Calvert, RI (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachment:

List of Recently Issued NRC Information

Notices

Attk.-hment

IN 94-20 March 17, 1994 LIST OF RECENTLY ISSUED NRC INFORMATION

NOTICES Information

Date of Notice No. Subject Issuance Issued to 94-19 94-18 94-17 94-16 94-15 Emergency

Diesel Generator

Vulnerability

to Failure from Cold Fuel Oil Accuracy of Motor-Operated Valve Diag-nostic Equipment (Responses

to Sup-plement 5 to Generic Letter 89-10)Strontium-90

Eye Appli-cators: Submission

of Quality Management

Plan (QMP), Calibration, and Use Recent Incidents

Resulting in Offsite Contamination

Radiation

Exposures

during an Event Involving

a Fixed Nuclear Gauge Failure to Implement Requirements

for Biennial Medical Examinations

and Notification

to the NRC of Changes in Licensed Operator Medical Conditions

Intersystem

LOCA Outside Containment

03/16/94 03/16/94 03/11/94 03/03/94 03/02/94 02/24/94 02/22/94 All holders of OLs or CPs for nuclear power reactors.All holders of OLs or CPs for nuclear power reactors.All U.S. Nuclear Regulatory

Commission

Medical Use Licensees.

All U.S. Nuclear Regulatory

Commission

material and fuel cycle licensees.

All U.S. Nuclear Regulatory

Commission

licensees

author-ized to possess, use, manu-facture, or distribute

industrial

nuclear gauges.All holders of OLs or CPs for nuclear power and non-power reactors and all licensed reactor operators and senior reactor operators.

All holders of OLs or CPs for nuclear power reactors.94-14 92-36, Supp. 1 OL = Operating

License CP = Construction

Permit

IN 4-20 March 17, 1994 shows that safety-significant, common-mode

failures can occur when the design review does not ensure that the digital, microprocessor-based

replacement

equipment

is compatible

for the specific application

and service environment.

This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager. odginal signed by Brian K. Grimes, Director Brian LGnmeI Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

contacts: John Calvert, RI (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachment:

List of Recently Issued Information

Notices*SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I l *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 0126/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRC

H *C:HICB/NRR

D

• DSSA/NRR

• AC:OC/R D:D ELee JSWermiel

ACThadani

AJKugler 01/21/94 01/27/94 02/14/94 02/07/94 03/// /94*D:DRIL/NRR

CERossi 03/01/94 DOCUMENT NAME: 94-20.IN

-IN4-XX February xx, 1994 shows that safety-significant, common-mode

failures can occur when the design review does not ensure that the digital, microprocessor-based

replacement

equipment

is compatible

for the specific application

and service environment.

This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

Contacts: John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:

1. List of Recently Issued Information

Notices*SFF PRFVTOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRCH

• C:HICB/NRR

l D:DSSA/NRR , *AC:OGCB/NRR

D:DORS/NRR

ELee JSWermiel

ACThadaniW

AJKugler BKGrimes 01/27/94 01/27/94 02/J/94 02/07/94 02/ /94 lAMIIMFNT

Mr. fl0TI1VFIV

TNIIF fQ, .g 1 I AA]Vd Uvvu%1JLII

I Urs 1IL.LO A MLLI ..-w bCO I~~ 4,~ A- _onuV

IN i4-XX February xx, 1994 shows that safety-significant, common-mode

failures can occur when the design review does not ensure that the digital, microprocessor-based

replacement

equipment

is compatible

for the specific application

and service environment.

This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

Contacts: John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:

1. List of Recently Issued Information

Notices*SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 01/26/94 01/26/94*HICB/DRCH

• C:HICB/NRR

I AC:OGCB/NRR

I D:DORS/NRR

ELee JSWermiel

AJKuglert!

I BKGrimes 01/27/94 01/27/94 02/ 1/94 I 02//94.^^. .s _ DAIw W CUMLNI NAML: UIlKLLAY.Nl- I IN 94-XX February xx, 1994 electronic

devices. Specifically, the event shows that safety-significant, common-mode

failures can occur when the design review does not ensure that the digital, microprocessor-based

replacement

equipment

is compatible

for the specific application

and service environment.

This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

Contacts:

John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:

1. List of Recently Issued Information

Notices*SEE PREVIOUS CONCURRENCE

OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 j 01/25/94 01/26/94 01/26/94 01/26/ 94*HICB/DRCH

I*C:HICB/NRR

I C:OGCB/NRR

I D:DORS/NRR

IELee JSWermiel

GHMarcus BKGrimes 01/27/94 01/27/94 01/ /94 01/ /94 TT Tt .l~m X 1SF._ _ o Tb V1 T T--VLkCUM!;N'1 iAmzI;: Ul~x.t!;LAYX.J.NJV

Is , IN 94-XX February xx, 1994 This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

Contacts:

John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:

1. List of Recently Issued Information

Notices*SEE PREVIOUS CONCURRENCE

-OFFICE *OGCB *TECH ED. *REGION I *REGION I *REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE 01/26/94 01/25/94 01/26/94 101/26/94.

01/26/94*HICB/DRCH

.C:1JI1P1v/4R

C:OGCB/NRR

D:DORS/NRR

E~ee JS/f'm t 'P ELee I GHMarcus BKGrimes 01/27/94 0 01/2.7/94

01/ /94 01/ /94 UDOUMENT NAME: 1GRELAY.INF

I IN 94-XX February xx, 1994 This information

notice requires no specific action or written response.

If you have any questions

about the information

in this notice, please contact one of the technical

contacts listed below or the appropriate

Office of Nuclear Reactor Regulation (NRR) project manager.Brian K. Grimes, Director Division of Operating

Reactor Support Office of Nuclear Reactor Regulation

Technical

Contacts:

John Calvert, Region I (610) 337-5194 Eric Lee, NRR (301) 504-3201 Attachments:

1. List of Recently Issued Information

Notices'e.Az*VVV

1 £4 eCmewwr bi Iosu i*SET W DrTAT1T t"(WrTTDDPWNOT

---

-- e'u' Im v :@F-F -WI I VW OFFICE OGCB V *TECH ED. REGION I REGION I REGION I NAME CVHodge RSanders JCalvert JTrapp JWiggins DATE___ 0 94 01/25/94 01_//94 01/2. /94 01/ZL/94 HICB/DRCH C:HICB/NRR

C:OGCB/NRR

D:DORS/NRR

E44Le j JSWermiel

GHlarcus BKGrimes 01/77/94 01/ /94 01/ /94 [01/ /94 DOCUMENT NAME: DIGRELAY.INF

• SEE PREVIOUS CONCURRENCE

OFFICE OGCB TECH ED. REGION I REGION I REGION I NAME CVHodge %L4k JCalvert JTrapp JWiggins DATE 01/ /94 01/'f/94 01/ /94 01/ /94 01/ /94_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 5I HICB/DRCH C:HICB/NRR

IC:OGCB/NRR

D:DORS/NRR

ELee JSWermiel

GHMarcus BKGrimes 01/ /94 01/ /94 01/ /94 01/ /94 DOCUMENT NAME: DIGRELAY.INF