ML003739470

From kanterella
Revision as of 10:42, 14 July 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search
Draft Regulatory Guide DG-1046, Guidelines for Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment in Nuclear Power Plants
ML003739470
Person / Time
Issue date: 04/30/1996
From:
Office of Nuclear Regulatory Research
To:
References
DG-1046
Download: ML003739470 (92)
v  d  e


Text

"UNITED STATES NUCLEAR REGULATORY COMMISSION Z WASHINGTON, D.C. 205D5-0001 April 1996 April 26, 1996 Division 1 Task DG-1046 TO: DISTRIBUTION LIST FOR DIVISION I REGULATORY GUIDES

SUBJECT:

DRAFT REGULATORY GUIDE DG-1046, "GUIDELINES FOR REPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT IN NUCLEAR POWER PLANTS" On February 12, 1996, the Nuclear Regulatory Commission published a notice of proposed rulemaking (61 FR 5318) that would require that licensees for commercial nuclear power plants report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. This proposed Section 50.76, which is intended for 10 CFR Part 50, "Domestic Licensing of Production and Utilization Facilities," would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provides the basis for the summary data reported to the NRC be maintained onsite and available for NRC inspection.

The NRC has prepared Draft Regulatory Guide DG-1046 to provide guidance to licensees on methods that would be acceptable to the NRC staff for implementing the proposed rule. This draft regulatory guide is being published for public comment in conjunction with public comment on the proposed rule, Section 50.76. Comments should be submitted to the Chief, Rules Review and Directives Branch, Division of Freedom of Information and Publication Services, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

The public comment period for the draft regulatory guide ends on July 5, 1996. Comments received after that date will be considered if it is practical to do so, but assurance of consideration cannot be given for late comments.

The NRC staff is planning to conduct a workshop on June 4, 1996, to discuss the draft regulatory guide and the proposed rule. A public announcement providing information on the workshop is being published in the Federal Register along with the announcement that this draft regulatory guide is available for public comment.

I~Bill M. Morris, Dir~~or Division of Regulator$

App1licati ons Office of Nuclear Regtilatory Research U.S. NUCLEAR REGULATORY COMMISSION OFFICE OF NUCLEAR REGULATORY RESEARCH DRAFT REGULATORY GUIDE April 1996 Division 1 Draft DG-1046 Contact: D.P. Allison (301)415-6835 IContact:_DP._Allison_301)415_683 DRAFT REGULATORY GUIDE DG-1046 GUIDELINES FOR RELIABILITY AND AVAILABIL FOR RISK-SIGNIFICANT EQUIPMENT IN NUCLEAR, This regulatory guide Is being issued in draft form to involve the public in the early stages of the development of a regulatory position In this area. It has not received complete staff review and does not represent an official NRC staff position.

Public comments are being solicited on the draft guide (including any Implementation schedule) and its associated regulatory analysis or valuelimpect statement.

Comments should be accompanied by appropriate supporting data. Written comments may be submitted to the Rules Review and Directives Brsnch, DFIPS, Office of Administration, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

Copies of comments received may be examined at the NRC Public Document Room, 2120 L Street NW., Washington, DC. Comments will be most helpful I received y July 5, 1996. Requests for single copies of draft guides (which may be reproduced) or for placement on an automatic distribution list for single copies of future guides in specific divisions should be made in writing to the U.S. Nuclear Regulatory Commission, Washington, DC 20555, Attention:

Office of Administration, Distribution end Mail Services Section.

TABLE OF CONTENTS A. INTRODUCTION

................... B. DISCUSSION

.................... C. REGULATORY POSITION ..... .................

1. Reportable Systems .............

1.1 Basic Systems ............. 1.2 Other Reportable Systems ....... 1.3 Boundaries of Systems, Trains, and Equipm 2. Reportable Plant Operational States .... 3. Reportable Demands .............

4. Reportable Run Times ............
5. Reportable Failures ............

5.1 Failure on Demand ...........

5.2 Failure To Run ............ 5.3 Recoverable Failures .........

6. Unavailable Hours 7. Hours in Plant Operational States ..... 8. Concurrent Unavailable Hours ........
9. Annual Reports ............... 9.1 Summary Reliability and Availability Data 9.2 Failure Records ... ......... 9.3 Identification of Systems, Trains, and Eq 9.4 Electronic Submittal

.........

10. Onsite Data Storage ..... .............

DRAFT REGULATORY ANALYSIS ..... ................

ent Groups . uipment Groups* 11I

  • 1* 2
  • 1 4
  • 1 5
  • 1 7 *
  • 9
  • 17
  • 12
  • 14
  • 15
  • 16
  • 17
  • 17
  • 18
  • 18
  • 19
  • 20
  • 20
  • 20
  • 20 21
  • 21
  • 22 R/A-1 APPENDICES APPENDIX A, Proposed Section 50.76, Including Statement of Considerations

...... ...........................

A-i APPENDIX B, Glossary ..............

............................

B-i APPENDIX C, Examples of Reportable Systems ..... ................

...C-i APPENDIX D, Risk Importance Measures ....... ...................

.. D-i APPENDIX E, Defining Systems, Trains, and Equipment Group Configurations and Data Reporting Forms .... ...........

..E-1 APPENDIX F, Component Failure Records ...... ...................

...F-i APPENDIX G, Event Log ...........

...........................

G-1 A. INTRODUCTION On February 12, 1996, the Commission published for public comment a proposed rule, Section 50.76, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (61 FR 5318). The proposed rule is intended for Part 50, "Domestic Licensing of Production and Utilization Facilities," of the NRC's regulations in Title 10 of the Code of Federal Regulations.

A copy of the proposed rule is provided in Appendix A. The proposed rule would require that licensees for commercial nuclear power reactors report plant-specific summaries of reliability and availability data for selected systems and equipment to the NRC. It would also require that records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the summary data reported to the NRC be maintained onsite and made available for NRC inspection for 5 years. A public workshop will be held soon after publication of this draft regulatory guide to receive comments on the proposed Section 50.76 and the supplemental guidance in this guide for implementing the proposed rule. The comment period for this proposed rule will not expire until at least 30 days after publication of this draft guide. The NRC intends to publish the final rule in December 1996. As stated in the proposed Section 50.76, licensees would begin reporting the summary data, compiled on the basis of calendar quarters (or on a more frequent basis at the option of each licensee), for the calendar year 1997. The first report, covering January 1 through December 31, 1997, would be submitted by January 31, 1998. Thereafter, each annual report would be submitted by January 31 of the following year. Many terms are defined in the Glossary in Appendix B as they are used in this guide. Appendix C lists examples of systems to be reported, and Appendix D discusses risk-importance measures.

Appendix E helps define systems, trains, and equipment group configurations for reporting and presents some examples of systems; it also provides some data reporting forms. Appendix F discusses records of component failures, and Appendix G is an example of an event log. This draft regulatory guide is being developed to provide guidance to licensees on the summary data to be reported to the NRC and on the basic data I to be maintained onsite and available for NRC inspection.

It is being published for public comment in conjunction with the public comment on the proposed Section 50.76. Regulatory guides are issued to describe and make available to the public such information as methods acceptable to the NRC staff for implementing specific parts of the Commission's regulations, techniques used by the staff in evaluating specific problems or postulated accidents, and guidance to applicants.

Regulatory guides are not substitutes for regulations, and compliance with regulatory guides is not required.

Regulatory guides are issued in draft form for public comment to involve the public in the early stages of developing the regulatory positions.

Draft regulatory guides have not received complete staff review and do not represent official NRC staff positions.

This draft regulatory guides proposes information collections that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This regulatory guide will be submitted to the Office of Management and Budget with the final rule for review and approval of the information collections.

The public reporting burden for this collection of information is estimated to average 1,375 hours0.00434 days <br />0.104 hours <br />6.200397e-4 weeks <br />1.426875e-4 months <br /> per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.

Send comments on any aspect of this collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6 F 33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internet electronic mail to BJS1@NRC.GOV; and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0011), Office of Management and Budget, Washington, DC 20503. The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number.2 B. DISCUSSION OVERVIEW The data collected under the proposed Section 50.76 are intended to provide reliability and availability data on selected systems and equipment in U.S. commercial nuclear power plants for use by both the NRC and its licensees.

The regulatory guide is intended to provide a flexible framework to obtain consistent data yet allow licensees to use existing data collection programs to the extent they are applicable.

The reporting is intended to include the most risk-significant systems that are a subset of the risk-important systems already identified for implementation of the maintenance rule. It is estimated that a typical plant will have 7 to 10 reportable systems. Licensees will also be able to use existing surveillance and inservice test information along with information on unplanned ESF actuations to satisfy most, if not all, of the equipment demand reporting requirements.

The data would be compiled by NRC in a centralized database.

The definitions and information requested are intended to be sufficient to qualify the database for regulatory applications of probabilistic risk assessment (PRA) that fall within the limitations of the data. This regulatory guide has the following major features:

Only the most risk-significant systems are subject to reporting.

Regulatory Position 1.1 lists five basic systems that the NRC has determined should be reported for all plants. Regulatory Position 1.2 provides acceptable methods for licensees to determine other systems that are reportable on a plant-specific basis. As discussed in Regulatory Position 1.3, flexibility is provided for the identification of boundaries of systems, trains, and equipment groups. It is recommended that boundaries be defined so that systems, trains, and equipment groups are defined by a similarity of demands for equipment.

Licensees have considerable flexibility in defining boundaries to allow the use of existing testing and onsite data collection systems.

Demand and failure counts and hours that trains and equipment groups are unavailable should be identified by the train or equipment group in which 3 they occurred and the plant operational state at the time of occurrence. (See Regulatory Position 2.) Demands and any failures on demand should also be identified by the type of demand: (1) actual demands to perform a risk-significant safety function,'

(2) spurious actuations of a train or equipment group that closely simulate actual demands, and (3) test demands. (See Regulatory Position 3.) Degradations in equipment performance that deviate from the design basis but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under 10 CFR 50.76. (See Regulatory Position 5.) The hours that reportable trains and equipment groups were unavailable are reportable, whether planned or unplanned, and whether due directly to equipment in the reportable train or equipment group or due to a support system being unavailable. (See Regulatory Position 6.) Initially, licensees should: (1) determine their reportable systems; (2) identify their risk-significant safety functions; (3) define the trains and equipment groups for these systems; and (4) identify the plant operational states for which the specified trains and equipment group data are reportable.

They should then track or log the required data and annually report the summary data as discussed in Regulatory Position 9. Licensees should keep onsite the 1The term "safety function" as used here does not necessarily correspond to (1) safety-related systems, structures, and components, as currently defined in 10 CFR 50.49, (2) a facility's design basis, (3) a facility's licensing basis, or (4) operability requirements in a facility's technical specifications.

The "risk-significant safety function" is a function that has or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.

It should also be noted that the staff's current guidance on operability requirements is provided in Generic Letter 91-18, November 7, 1991,

Subject:

Information to Licensees Regarding Two NRC Inspection Manual Sections on Resolution of Degraded and Nonconforming Conditions and on Operability.

Copies are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.

4 records and documentation that provide the basis for the summary data reported to the NRC. (See Regulatory Position 10.) Figure I is a flowchart of the guidelines for implementing the proposed rule. C. REGULATORY POSITION The methods provided in this Regulatory Position describe means that would be acceptable to the NRC staff for meeting the requirements of the proposed Section 50.76 to 10 CFR Part 50. The demand counts, failure counts, unavailable hours, and run time information reported to the NRC should be sufficiently accurate to allow the NRC and licensees to estimate equipment reliability and to perform risk analyses.

Occasional minor errors in the reported number of actual or spurious demands, failures, or unavailable hours would be considered to be within an acceptable level of accuracy if they do not (1) have a systematic bias in one direction, (2) appear consistently in many systems, or (3) result in significant impacts on the estimated reliability and risk parameters.

When estimates of demands are used, they should be very close to the average of actual counts of demands in a reporting period, consistent with the standards provided above. 1. REPORTABLE SYSTEMS Reportable systems are the most risk-significant systems that are a subset of the systems identified for implementation of the maintenance rule. They include (1) a generic set of systems that the NRC has determined should be reported by all licensees, called "basic systems," and (2) other risk significant systems that individual licensees determine to be subject to the proposed rule on a plant-specific basis.5 FIGURE 1. Implementation of Guidelines for Reporting Reliability Data (Italics indicate sections of this regulatory guide that provide guidance.)

6 I I 1.1 Basic Systems TABLE 1. Basic Systems for PWRs PWR Basic System Risk-Significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads for loss of off-site power. Reactor protection system Reactor trip for accident or transient (RPS) conditions.

Auxiliary feedwater (AFW) Decay heat removal in accident or transient system conditions, including loss of off-site power and station blackout.

High-pressure safety Safety injection, small loss-of-coolant injection (HPSI) system accident (LOCA), medium LOCA and feed and bleed. Decay heat removal for large LOCA, post-LOCA recirculation phase. Reactor vessel makeup during shutdown.

Low-pressure safety Safety injection, medium LOCA and large LOCA. injection (LPSI) system/RHR Boost for high-pressure safety injection pumps at some plants for small LOCA (post LOCA recirculation phase) or for feed and bleed. Decay heat removal for large LOCA, post-LOCA recirculation phase and shutdown operations.

Reactor vessel makeup during shutdown.7 TABLE 2. Basic Systems for BWRs BWR Basic System Risk-significant Safety Function Emergency ac power system Provide bus power and load sequencing for essential loads on loss of off-site power. Reactor protection system Reactor trip for accident or transient (RPS) conditions.

Reactor core isolation Reactor vessel injection for loss of off-site cooling system (RCIC) or power, loss of feedwater, very small LOCA, or station blackout.

Isolation condenser Core cooling via natural circulation for loss of off-site power, loss of feedwater, main condenser isolation, or station blackout.

High-pressure coolant Reactor vessel injection from condensate injection system (HPCI) storage tank or suppression pool for loss of off-site power, loss of feedwater, small LOCA, medium LOCA, or station blackout.

High-pressure core spray Reactor vessel injection from condensate system (HPCS) or storage tank or suppression pool for loss of off-site power, loss of feedwater, LOCA, or station blackout.

Feedwater coolant injection system (FWCI) Reactor vessel injection from condensate storage tank or suppression pool for loss of off-site power, loss of feedwater or LOCA. Low-pressure coolant Reactor vessel injection from the condensate injection function of storage tank (CST) or suppression pool under residual heat removal low pressure conditions. (RHR), low-pressure coolant injection (LPCI) and/or low pressure core spray (LPCS) system(s) and Heat removal function of Decay heat removal from the suppression pool RHR. or the reactor under low pressure conditions.

8 1_

Some plants may have different names for the systems and equipment that provide the above risk-significant safety functions.

The plant-specific names should be used as appropriate to identify the systems and equipment that accomplish the risk-significant safety functions discussed above. (Examples are provided in Appendix C). 1.2 Other Reportable Systems Each licensee should determine whether there are other plant systems, besides the basic systems, that are of sufficient risk-significance to be reportable.

Systems and equipment groups are reportable if they have or could have a significant effect on risk in terms of avoiding core-damage accidents or preserving containment integrity.

Generally, these systems should contribute as much or more to core-damage frequency as the basic systems. Systems meeting one or more of the following conditions should be considered reportable:

Systems with relatively high risk-importance measures as determined from the plant's full PRA. Systems necessary for assurance of the more risk-significant aspects of containment integrity (e.g., prevent gross containment failure).

Systems necessary for shutdown from a risk perspective (decay heat removal and makeup functional capability).

To begin the process of identifying these systems, licensees should use one of two lists of systems and equipment:

(1) Licensees may use the list of SSCs determined to be risk-significant for the maintenance rule as an initial list. (2) Licensees may wish to make a more specific determination of the systems and equipment that meet the risk-significance level intended by the proposed rule. If so, the licensee should calculate two measures, the Fussell-Vesely (FV) measure and the ratio form of the Risk Achievement Worth (RAW) measure. Systems and equipment with FV 0.1 or RAW 100 9 should be included in the initial list. The formulas for these measures are given in Appendix D. A multidisciplinary expert panel, similar to the expert panel used for implementation of the maintenance rule, should use (1) or (2) above as an initial list of safety systems. The panel should then use PRA insights and evaluate other relevant application-specific information to add or delete systems to derive a list of other reportable systems. The panel should consider the following:

Systems that are important because their failure or malfunction could result in accident-initiating events need not be considered reportable unless they also have a risk-significant mitigative function.

An example of a system that would not generally be reportable is the offsite (preferred) power system. Support systems that serve several reportable systems would generally be reportable separately.

However, only the trains or equipment groups that provide the principal functional capability of the system would be reported separately as a reportable support system. Trains or equipment groups in support systems that provide a dedicated support function to a single train or equipment group in a reportable system need not be reported separately or as part of a reportable support system. The reliability and availability of this support system equipment will be evidenced by its impact on reportable front-line system reliability and availability. (See Appendix E for additional guidance.)

Risk-significant structures such as containment structures and ice condensers, for which risk is more a function of capability than reliability, need not be considered reportable.

However, other systems and equipment that are important for containment integrity should be considered for reportability.

The expert panel should consider containment spray, containment fan coolers, suppression pool cooling, containment vacuum breakers, and portions of containment isolation with regard to their risk-significant effect on containment integrity.

Containment isolation would be a candidate to the extent that there may 10 be relatively large penetrations that are open frequently (i.e., greater than 1% of the time the reactor is operating) and could contribute to gross containment function failure.

Systems and equipment that are risk-significant only because of operator error for actuation, operation, or termination of a risk-significant safety function need not be considered reportable.

The scope of the proposed rule is limited to data on equipment reliability and availability.

For example, power operated relief valves would not be reportable if they were risk-significant only because of the likelihood of operator failure to open them for feed and bleed. However, this exclusion would not apply to operator or other personnel errors that could unintentionally make equipment inoperable (unavailable) with respect to its risk-significant safety function.

Systems and equipment that make a large contribution to risk during shutdown and are significant contributors to total risk should be considered reportable.

The panel should consider the mitigation systems necessary for safety functions during shutdown, e.g., decay heat removal, primary inventory control, and pressure relief. The primary interest in these systems is in their availability to respond to shutdown accident scenarios.

1.3 Boundaries of Systems, Trains, and Equipment Groups The boundaries of systems, trains, and equipment groups should be defined by the nature of the demands so that the information to be reported on demands and unavailability is consistent with testing and other actuations of the equipment.

Thus, trains or parts of trains that are actuated to perform a safety function or part of a safety function should be included in an equipment group. This will allow the use of tests and other actuations for all equipment within the group to be counted as one unit to simplify counting demands and unavailability.

However, licensees have great flexibility in defining the boundaries of systems, trains, and equipment groups to facilitate tracking of demands associated with routine testing and other actuations (planned or unplanned), as well as considering existing data systems and technical 11 specifications.

Licensees who choose an alternative method of defining trains and equipment groups should select groups of components with essentially the same test frequency and report counts of their demands.

Licensees should submit diagrams for all reportable systems, trains, and equipment groups that indicate the principal active and passive components.

Some suggested principles and a number of detailed examples for identifying and delineating systems, trains, and equipment groups are provided in Appendix E. 2. REPORTABLE PLANT OPERATIONAL STATES Data for reportable systems should be reported for those plant operational states for which the systems could be demanded to perform their risk-significant safety function.

Data on unavailability need not be reported for operational states in which the refueling cavity is more than half full or the reactor is defueled.

Reportable surveillance test demands and associated failures should be reported any time there is a valid test actuation of the reportable systems, trains, or equipment groups that meets reportability guidance (see Regulatory Position 3). For reporting under the proposed rule, "plant operational states" should be defined by the following:

Plant operational states for PWRs: PI Power operations and shutdown conditions without RHR initiation P2 Shutdown conditions with RHR cooling and RCS unvented P3 Shutdown conditions with RHR cooling and RCS vented but not in reduced inventory P4 Reduced inventory Plant operational states for BWRs: BI Power operations and shutdown conditions without RHR initiation B2 Shutdown conditions with RHR cooling and RCS unvented B3 Shutdown conditions with RHR cooling and RCS vented Tables 3 and 4 show the plant operational states for which the data should be reported for the "basic systems." 12 TABLE 3. Plant Operational States for PWRs 13 P1 P2 P3 P4 PWR Power Shutdown Shutdown Reduced Basic Operation Conditions Conditions Inventory Systems and Shutdown with RHR with RHR Modes Cooling Cooling and without RHR and RCS RCS Vented Initiations Unvented but not in Reduced Inventory Emergency ac power yes yes yes yes system Reactor protection yes no no no system Auxiliary feedwater yes yes no no system High-pressure safety yes yes yes yes injection system Low-pressure safety yes yes yes yes injection system/RHR

_ I III TABLE 4. Plant Operational States for BWRs BI B2 B3 BWR Power Shutdown Shutdown Basic Operation and Conditions Conditions Systems Shutdown with RHR with RHR Conditions Cooling and Cooling and without RHR RCS RCS Vented Initiation Unvented Emergency ac power system yes yes yes Reactor protection system yes no no Reactor core isolation cooling yes yes no system or Isolation condenser yes yes no High-pressure coolant injection yes yes no system High-pressure core spray system yes yes no or Feedwater coolant injection yes yes yes system Low-pressure coolant injection yes yes yes function of residual heat removal, low-pressure coolant injection or low-pressure core spray systems and Heat removal function of RHR yes yes yes and containment spray systems I II_ I For systems that are determined to be reportable based on their plant specific risk significance, reliability data should be reported for those plant operational states during which they could be used to perform their risk significant safety function.

3. REPORTABLE DEMANDS A reportable demand is an instance when a basic system or other risk significant system, train, or equipment group is actuated to perform its risk significant safety function.

A demand may be manual or automatic.

Reportable 14 I demands should include (1) actual demands, (2) spurious demands that closely simulate actual demands, (3) test demands that involve, or, if actually demanded, would involve, simultaneous or integrated actuation of all components in the system or train, and (4) certain partial train tests that provide data necessary to estimate train reliability.

These partial test demands, although conducted at different time intervals, can be combined to estimate the demand reliability of the train. These partial train tests may include mini-flow pump tests, diesel generator monthly tests, valve stroke tests, RPS actuation channel tests, and special integrated system tests conducted during refueling outages. Individual component tests (e.g., valve stroke tests) that are conducted at roughly the same frequency could be reported as demands for that group. Additional guidance and examples are provided in Appendix E. When it is impractical to count individual demands and a reasonable basis for estimating demands has been established, the reported demands may reflect the general history of the equipment rather than an exact count of every demand. The basis for count estimates of demands should be modified when changes in plant operations and testing make the estimated values inaccurate for reliability estimates. (See the discussion of accuracy at beginning of the Regulatory Position.)

The use of estimated demands would not apply to actual or spurious demands to perform a risk-significant safety function or to surveillance required by technical specifications.

Test demands following maintenance or repair of equipment, if they are used to demonstrate that the equipment is ready to return to service, should not be counted as reportable demands.

Examples of reportable demands are provided in Appendix E. 4. REPORTABLE RUN TIMES Certain systems are required to start and operate for a relatively long test or mission time. These systems include the emergency ac power system, the fluid systems listed in Regulatory Position 1.1 and similar reportable systems selected by the methods in Regulatory Position 1.2 with risk-significant mission run times of about eight hours or more. For all run times or hours of operation greater than one hour for these systems, licensees should report (1) the number of demands (either test or in response to an actual demand) to run 15 for an hour or more, (2) the number of these runs that ended in failure, and (3) the total hours of operation of these runs (the sum of all run times greater than an hour from the time of the demand to the end of the operation).

Data on run time must be reported by the train or equipment group, by the type of demand, and by the plant operational state at the time of the demand to run. Appendix E describes a way to report these data that is acceptable to the NRC staff. 5. REPORTABLE FAILURES A failure is reportable when a reportable system, train, or equipment group fails to perform its risk-significant safety function in response to a reportable demand. This information is used in conjunction with the count of reportable demands to estimate unreliability.

This information should be tabulated on the data sheets provided in Appendix E. In addition, a component failure record, as described in Appendix F, should be provided.

The component failure record is used to identify the actual component that failed, its cause, the effect of the failure, and other pertinent information.

Some risk-significant systems have multiple success paths because of their complexity of design and multiple safety function requirements.

These systems are not easily divided into simple trains or equipment groups with simple train-level success criteria.

While it may be appropriate to combine multiple success paths into a single train or equipment group for the purpose of counting demands, it would be inappropriate to report failures at that level. For example, the valves between the pumps and steam generators in a headered auxiliary feedwater system may be required to direct flow from only one pump to only one steam generator for success in some sequences, but may be required to direct flow from two pumps to two or more steam generators for success in other sequences.

Thus, the failure of any of these injection valves is of potential risk-significance.

A failure record is required for each principal component failure of a reportable system, train, or equipment group. A principal component failure is also reportable when discovered by means other than a reportable demand (e.g., it is found to be unable to perform its risk-significant safety function because of actual or incipient failure by inspection or other nonreportable demands.16 A failure in a front-line reportable system, train, or equipment group may be due to the failure of a component from a support system. If the failed support system component provides a dedicated support function to a single train or equipment group in the reportable system (as discussed in Regulatory Position 1.2), the failure of the support system component should be reported against the reportable front-line system. If the dedicated component is not indicated on the systems diagram for the reportable system, the component failure record should describe the component and its function.

For example, if the heat exchanger from the service water system that is dedicated to a specific diesel generator became plugged resulting in the failure of the diesel generator, the failure should be reported as a failure of a train in the emergency ac power system due to failure of the service water heat exchanger.

On the other hand, if a failed support system component fails or causes the unavailability of more than one reportable front-line system, and the support system is also designated as a reportable system, the failure should be reported as a failure of the support system. The accompanying component failure record should describe the effects on the front-line systems. If this same situation occurs in a support system that is not itself a reportable system, the failures of each affected front-line system should be reported, with a single component failure record that indicates the connection of all the affected systems to the single support system component failure. For example, if failure of a service water pump results in failure of an emergency diesel generator (EDG) and loss of an RHR train, it should be reported as a service water system failure that caused failure or unavailable hours for an EDG train and an RHR train. Degradations in equipment performance that do not satisfy operability requirements for design basis accidents but would not prevent the accomplishment of a risk-significant safety function are generally not reportable as failures under this rule (e.g., an emergency diesel generator start in 11 to 12 seconds, when the requirement to start is within 10 seconds, would not be reportable).

If there is reasonable doubt about the reportability of an equipment degradation as a failure, or if precise analysis of operational capability is required to determine whether the equipment degradation represents a risk-significant safety function failure, the degradation should be reported as a failure with an appropriate explanation.

17 Failure records should be submitted to NRC with the annual reports.

Guidance on the content and format of failure records is provided in Appendix F. 5.1 Failure on Demand Failures on demand should include failures to start and achieve a steady state condition (e.g., rated speed, flow, position) and failures to operate for up to one hour. Failures to change state on demand should include failures of valves and electrical equipment that must change state (open, close, make or break contact) to fulfill their risk-significant safety functions.

Failures on demand must be reported by the train or equipment group in which the failure occurred, the type of demand, and the plant operational state at the time of failure. See Appendix E for the format for reporting failure counts. 5.2 Failure To Run Failures that occur after a successful start (i.e., start and run for one hour) should be reported as a failure to run for the train or equipment group containing the failure. See Appendix E for the format for reporting data on failure to run. 5.3 Recoverable Failures Initial actuation or run failures that are promptly recovered in a time frame consistent with the risk-significant safety function are not reportable.

The following guidance should be used: Actuation and run failures that are promptly recovered from the control room in a short period and don't require diagnosis or repair are not reportable.

The length of time for successful recovery depends on the function that must be performed, but is generally limited to less than 5 minutes. For example, failure of an emergency diesel generator to start automatically would not be reported as a failure if an operator manually started the diesel generator from the control room within a few minutes.18 For conducting functional tests, a component may be aligned to a test position that is different from its normal standby position, leaving the train or equipment group in a configuration that would not be capable of automatically satisfying its safety function.

If an operator is stationed by the realigned component with the specific responsibility of realigning it to its safety function position in case a real demand occurs during the period of the test and a reportable demand occurs, the operator's successful realignment of the component would be a successful demand, not a reportable failure. Operator error or inability to successfully operate the equipment would be reported as a failure on demand. Any other actions by the operator to recover failures of other components should be reported as failures.

6. UNAVAILABLE HOURS Unavailable hours are the period of time that a reportable system, train, or equipment group is not capable of performing its risk-significant safety function for reportable plant operational states. This may occur following a failure on demand or by removal of equipment from service (e.g., for maintenance or testing).

Unavailable hours must be reported as either planned (preventive maintenance, test, or other planned activities) or unplanned (e.g., repair of a component resulting in a system or train being unavailable).

It also includes time unavailable because a support system failed or was unavailable, rendering the train or equipment group incapable of performing its risk-significant safety function.

Unavailable hours do not include conditions that are promptly recoverable from the control room, such that the risk-significant safety function could be performed as needed. Nor do they include the loss of individual components that do not result in a reportable system, train, or equipment group being unavailable.

Unavailable hours should begin when a system, train, or equipment group is either removed from service for scheduled (planned) or corrective 19 (unplanned) maintenance, or is discovered to be incapable of performing the safety function by some means other than a reportable demand (e.g., by observation of mispositioned or damaged components).

When reportable equipment is determined to be unavailable by means other than a reportable demand and it is not feasible to determine the time the equipment actually became unavailable, the time the equipment became unavailable should be estimated as the mid-point between the last time the failed component was known to be functional and the time it was discovered to be failed. For example, if a component is discovered to be inoperable because of corrosion that occurred since the last successful operation, it would be difficult to determine exactly when the corrosion reached the point that the component would have failed on demand. In this case, the unavailable time should be estimated as one half the time since the last successful test plus the corrective action time needed to restore the component back to an operable state. 7. HOURS IN PLANT OPERATIONAL STATES Licensees should report the number of hours during each quarter that the plant was in each of the plant operational states defined in Regulatory Position 2. Examples for reporting these hours are shown in Appendix E. 8. CONCURRENT UNAVAILABLE HOURS Concurrent unavailable hours are to be reported when two or more trains or equipment groups in the same or different reportable systems are unavailable at the same time. The intent is to report on a loss of redundancy within and between systems as well as a concurrent loss of two or more safety functions at the train or equipment group level. For each such instance, the concurrent unavailable hours (either known hours or hours estimated by the method suggested in Regulatory Position 6) and the identity of the trains or equipment groups should be reported.20

9. ANNUAL REPORTS Licensees are required to submit annual reports of the reportable summary reliability and availability data, compiled on a quarterly basis. Licensees may report data more frequently or compile information more frequently than quarterly.

9.1 Summary Reliability and Availability Data Appendix E provides formats (or data sheets) that are acceptable to the NRC staff for submitting summary reliability and availability data, along with information on compiling specific data elements.

9.2 Failure Records As discussed in Regulatory Position 5, a failure record is required for each reportable failure. Appendix F lists the information that should be supplied in each failure record. A Nuclear Plant Reliability Data System (NPRDS) failure record may be submitted in lieu of the failure record of Appendix F if it contains the information identified in Appendix F. 9.3 Identification of Systems, Trains, and Equipment Groups The initial annual report should include brief descriptions identifying the systems, trains, and equipment groups to which the summary data apply. Subsequent annual reports should identify changes made to the systems, trains, and equipment groups. The information provided on systems, trains, and equipment groups, should include the following items. A list of the risk-significant systems and equipment that the licensee has determined on a plant-specific basis to be reportable under the rule, as discussed in Regulatory Position 1.2. A brief description of the risk-significant safety functions for these systems, as for the basic systems in Regulatory Position 1.1, that could 21 be used to identify risk-significant successes, failures, and unavailable time. The plant operational states for which reliability and availability data are reportable for each risk-significant system, train, and equipment group, as for the basic systems in Regulatory Position 2. Simplified system diagrams for each reportable system, annotated to show each risk-significant train and equipment group associated with the various types of reportable demands and unavailable hours. Examples are provided in Appendix E. These diagrams should include principal component identifiers for all reportable components that would permit the linking of failure records to specific components in the system diagrams.

9.4 Electronic Submittal Documentation of reportable reliability and availability data, failure records, and descriptive material on the systems may be submitted by letter or electronically.

There are several acceptable methods and formats for submitting data electronically.

Files may be sent by e-mail over the Internet or by mailing a diskette containing the data. 10. ONSITE DATA STORAGE Licensees should maintain records and documentation to verify and validate the summary data reported to NRC. These records should be available for NRC review. Licensees may maintain a log of each demand, failure, or unavailable period that forms the basis for the summary data reported to the NRC. Alternatively, licensees may wish to state their methods or references for linking each reportable data element (demand, failure, or unavailable period) to existing plant records. Plant records could include such items as maintenance work orders and requests, maintenance rule documentation, plant monthly operating reports, control room logs, diesel generator room logs, operations and maintenance staff planning documents, and LERs. The staff 22 suggests a format similar to Appendix G to both ensure clarity and to provide a method of easily recording information on a frequent (daily or weekly) basis. These records should cover a period of at least the 5 most recent calendar years.23 APPENDIX A PROPOSED RULE SECTION 50.76, "uREPORTING RELIABILITY AND AVAILABILITY INFORMATION FOR RISK-SIGNIFICANT SYSTEMS AND EQUIPMENT," INCLUDING THE STATEMENT OF CONSIDERATIONS Published in the Federal Register on February 12, 1996 (Volume 61, No. 29, pages 5318-5326)

A-i Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules not required by 5 USC 553 or any other provision of law to pubiish a notice of proposed rulemaking with respect to the subject matter of this rule. Federal Assistance Program The title and number of the Federal Assistance Program, as found in the Catalog of Federal Domestic Assistance, to which this rule applies are: Commodity Loans and Purchases 10.051 Environmental Evaluation It has been determined by an environmental evaluation that this action will have no significant impact on the quality of the human environment.

Therefore, neither an environmental assessment nor environment statement is needed. Executive Order 12372 This program/activity is not subject to the provisions of Executive Order 12372, which requires intergovernmental consultation with State and local officials.

See the notice related to 7 CFR Part 3015, subpart V published at 48 FR 2915 (une 24, 1983). Executive Order 12778 This proposed rule has been reviewed in accordance with Executive Order 12778. The provisions of this proposed rule are not retroactive and preempt State laws to the extent that such laws are inconsistent with the provisions of this proposed rule. Before any legal action is brought regarding determinations made under provision of 7 CFR Part 1464, the administrative appeal provisions set forth at 7 CFR Part 780 must be exhausted.

Paperwork Reduction Act This proposed rule does not change the information collection requirements that have been approved by OMB and assigned control number 0560-0058.

Background Nested tobacco is tobacco in a lot containing a "nest" of inferior tobacco or foreign material, presumably, to increase the payment of loan weight of the lot. A formal definition of nesting is found in regulations codified at 7 CFR Part 29 and that definition is incorporated in the rules for the tobacco price support program found at 7 CFR Part 1464. In some cases, the nesting may not be discovered until later in processing, well after a price support loan for the tobacco has been disbursed.

Under current tobacco program rules n 7 CFR Part 1464.7 through 9, a producer found to have "knowingly" presented nested tobacco (i) must refund the price support loan amount for the individual lot and (ii) will be declared to be ineligible for any other tobacco price support for that year. Because of the severity of the consequences, there is sometimes a reluctance to make a finding that the violation was knowing and producers will sometimes contend that the nesting was the act of irresponsible employees or other handlers of tobacco. However, there is no apparent reason why a refund should not be demanded for a loan made on any adulterated (nested) lot whether it was, as to producer, "knowingly" nested or not. It must be the responsibility of the producer to present eligible tobacco. Nesting produces false weights, and processing problems, and by producing undue loan disbursements can cause losses that ultimately are born by the tobacco producer because of the "no net-cost" nature of the tobacco program.

The proposed rule would make explicit that a refund wi8ll be due from the loan recipient on the individual nested lot in all cases of nesting ("knowing" or not). However, the rules would allow the Farm Service Agency (FSA) county conmmittee, with the concurrence of the FSA State committee, to reduce the amount of the refund demanded, in accordance with guidelines of the FSA Deputy Administrator for Farm Programs.

This allowance will permit adjustments to avoid undue hardships to producers.

This rule would not adjust the terms under which a producer can lose eligibility for the entire crop year. for all lots, as a result of a nesting violation.

For that, a "knowing" violation will still be required.

The proposed rule is, instead, addressed to the accounting for the individual lot that is actually nested. This result would be accomplished by modifying Part 1464.8 to make more explicit that nested tobacco is per se ineligible for price support. Also, Part 1464.9 would be amended to remove the reference to "knowing" violations with regard to demands for refunds on individual lots. Comments on this proposed rule are welcomed and should be submitted by the date indicated in this notice. List of Subjects in 7 CFR Part 1464 Agriculture, Assessments, Loan program, Price support program, Tobacco, Warehouses.

Accordingly, it is proposed that 7 CFR Part 1464 be amended as follows: PART 1464-TOBACCO

1. The authority citation for part 1464 continues to read as follows: Authority:

7 U.S.C. 1421, 1423, 1441, 1445, 1445-1 and 1445-2; 15 U.S.C. 714b, 714c. 2. Section 1464.8 is amended by revising the introductory text to read as follows: t1464.8 Eligible tobacco.

Eligible tobacco for the purpose of pledging such tobacco as collateral for a price support loan is any tobacco of a kind for which price support is available, as provided in § 1464.2. that is in sound and merchantable condition, is not nested as defined in 7 CFR Part 29, and: * *t * *

  • 3. Section 1"464.9 is amended by revising paragraph (a) to read as follows: §1464.9 Refund of price support advance.
  • * *r
  • at (a) Received a price support advance on tobacco that was nested, as defined in part 29 of this title or otherwise not eligible for price support. The county committee, with concurrence of a State committee representative, may reduce the refund with respect to tobacco otherwise required in this part, in accordance with guidelines issued by the Deputy Administrator for Farm Programs.

ft * * *

  • Signed at Washington, D.C., on February 5, 1996. Bruce R. Weber, Acting Executive Vice President, Commodity Credit Corporation.

[FR Doc. 96-2927 Filed 2-9-96; 8:45 am) BILUNG COoE 3410-05-M NUCLEAR REGULATORY COMMISSION 10 CFR Part 50 RIN 3150-AF33 Reporting Reliability and Availability Information for Risk-significant Systems and Equipment AGENCY: Nuclear Regulatory Commission.

ACTION: Proposed rule.

SUMMARY

The Nuclear Regulatory Commission (NRC) is proposing to amend its regulations to require that licensees for commercial nuclear power reactors report plant-specific summary reliability and availability data for risk significant systems and equipment

' to I In relation to this proposed rule, the term equipment is intended to apply to an ensemble of components treated as a single entity for certain probabilistic risk assessments (PRAs) where a system or train treatment would not be appropriate.

A-2 5318 I l.Ajliial I VnV fR1. No. 29 / Mondav. February 12. 1996 / Proposed Rules 51 the NRC. The proposed rule would also require licensees to maintain on site, and to make available for NRC inspection, records and documentation that provide the basis for the summary data reported to the NRC. The systems and equipment for which data would be provided are a subset of the systems and equipment within the scope of the maintenance rule. The Commission has determined that reporting of reliability and availability information is necessary to substantially improve the NRC's ability to make risk effective regulatory decisions consistent with the Commission's policy statement on the use of probabilistic risk assessments (PRAs) (August 16, 1995; 60 FR 42622). This would assist the NRC in improving its oversight capabilities with respect to public health and safety and becoming more efficient by focusing its regulatory program on those issues of greatest risk significance and reducing unnecessary regulatory burdens on licensees.

The Commission would use the data that would be required by the proposed rule in generic issue resolution, developing quantitative indicators that can assist in assessing plant safety performance, performing risk-based inspections, and pursuing modifications to specific plants and basic regulations and guidelines.

Furthermore, this information would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensees' capabilities to implement the evaluation and goal setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment within the scope of the maintenance rule. DATES: Comments regarding any aspect of the proposed rule are due to the Commission by June 11, 1996. Comments received after that date will be considered if it is practical to do so, but the Commission can give no assurance of consideration for late comments.

The Commission intends that this expiration date will be at least 30 days after publication of an associated draft regulatory guide for public comment.

In addition, comments regarding the collection of information, including the burden estimate and suggestions for reducing the burden, should be submitted to the Office of Management and Budget (OMB), and to the NRC, by March 13, 1996. For further information see the discussion below under the heading Paperwork Reduction Act Statement.

ADDRESSES:

Mail written comments to: U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, ATTN.: Docketing and Service Branch. Deliver written comments to the NRC at One White Flint North, 11555 Rockville Pike, Rockville, MD, between 7:30 am and 4:15 pm on Federal workdays.

Send comments regarding the collection of information, including the burden estimate and suggestions for reducing the burden, to: (1) Desk Officer, Office of Information and Regulatory Affairs, NEOB-I0202 (3150 0011), Office of Management and Budget, Washington, DC 20503, and (2) Information and Records Management Branch (T-6F33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001.

For further information se the discussion below under the heading Paperwork Reduction Act Statement.

Copies of the draft regulatory analysis, the supporting statement submitted to the OMB, and comments received may be examined, and/or copied for a fee, at: The NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. FOR FURTHER INFORMATION CONTACT: Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (301) 415-6835.

SUPPLEMENTARY INFORMATION:

Background Current Requirements There are no existing requirements to systematically report reliability and availability information; nor is there an industry-wide database to provide such information.

Current reporting requirements in 10 CFR 50.72, "Immediate notification" and 10 CFR 50.73, "Licensee event report system," require the submittal of extensive descriptive information on selected plant and system level events. The Nuclear Plant Reliability Data System, a data base that industry supports and the Institute for Nuclear Power Operations (INPO) maintains, provides data on component engineering characteristics and failures.

Neither of these sources includes all the data elements (i.e., number of demands on a system, number of hours of operation, and information on maintenance unavailability) that are needed to determine the reliability and availability of systems and equipment.

Maintenance effectiveness monitoring requirements in 10 CFR 50.65, "Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants", also do not contain reporting requirements.

krecent years, plants have performed Individual Plant Evaluations (IPEs), as requested in Generic Letter 88-20 and its supplements, and submitted the results to the NRC. These submittals provide measures of risk such as core damage frequency, dominant accident sequences, and containment release category information.

While system and component reliability data have been collected as part of some utility IPEs, this information is typically not included in the IPE submittals to the NRC. Prior Efforts In late 1991 and through 1992, the NRC staff participated on an INPO established NRC/industry review group to make recommendations for changes to the Nuclear Plant Reliability Data System (NPRDS). The group's final recommendations to INPO to collect PRA-related reliability and availability data would have provided most of NRC's data needs. However, INPO took no action on these recommendations.

During 1992 and 1993, the NRC staff continued through correspondence and meetings to outline the particular data needed and to seek INPO's assistance in obtaining the data. In a December 1993 meeting with NUMARC (now the Nuclear Energy Institute (NEI)), INPO representatives suggested their Safety System Performance Indicator (SSPI) as a surrogate for reliability data. They proposed expanding the indicator to additional systems and indicated that data elements could be modified to compute actual reliability and availability data. Although general agreements were reached with INPO on which systems and components and what types of data elements are appropriate for risk-related applications and maintenance effectiveness monitoring, no voluntary system of providing data resulted from these discussions.

In the fall of 1994, the NRC staff began work on this rulemaking action. In June 1995, NEI proposed to discuss a voluntary approach of providing reliability and availability data to the NRC based on SSPI data. The NRC staff will continue to work with industry on voluntary submittal of reliability data, under a program that will meet the needs of all parties, while at the same time proceeding to obtain public comment on this proposed rule. Industry representatives have expressed concern that reliability data, if publicly available, would be subject to A-3 11-A-i-I / Vol 61 No 29 / Monday, February 12, 1996 / Proposed Rules 5319 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules misuse. In certain circumstances it is permissible for the NRC to withhold information from public disclosure.

For example, pursuant to 10 CFR 2.790(b)(1), a licensee may propose that a document be withheld from public disclosure on the grounds that it contains trade secrets or privileged or confidential commercial or financial information.

However, the data that would be reported under this proposed rule would not appear to qualify for withholding.

Reliability data used as input to risk-based regulatory decisions should be scrutable and accessible to the public. The Commission's PRA policy statement indicates that appropriate supporting data for PRA analyses that support regulatory decisions should be publicly available.

Similarly, the Commission's draft report on public responsiveness (March 31, 1995; 60 FR 16685) indicates that the policy of the NRC is to make information available to the public relating to its health and safety mission, consistent with its legal obligations to protect information and its deliberative and investigative processes.

Commenters who believe that there is information subject to a proper 10 CFR 2.790(b)(1) withholding determination requested by the proposed rule should provide a specific justification for such belief. Move to Risk-Based Regulation For several years the Commission has been working towards increased use of PRAs in power reactor regulation.

In its policy statement on the use of PRAs, the Commission has indicated that the use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in terms of methods and data, and this implies that the collection of equipment and human reliability data should be enhanced.

Implementation of these policies would improve the regulatory process through (1) improved risk effective safety decision making, (2) more efficient use of agency resources, and (3) reduction in unnecessary burdens on licensees.

These improvements would enhance both efficiency and safety. The data reported under this proposed rule would improve the NRC's oversight capability with respect to public health and safety by focusing the NRC's regulatory programs in a risk effective manner. Generally, the NRC's ability to identify plants and systems at increased risk for significant events and, thus, to take appropriate action would be substantially improved.

For example, a generic indication of low reliability or availability for a system might indicate a technical problem, with its attendant risk, that may warrant generic action. Similarly, a plant-specific indication of low reliability or availability for several systems might indicate a programmatic problem, with its attendant risk, and may warrant plant-specific action. It has been noted that prior to some significant events (such as the scram failure at Salem and the accident at Three Mile Island) there was previously existing information (such as challenge data and reliability data for scram breakers and power operated relief valves) which, if collected, recognized, and acted upon might have led to preventive actions. Accordingly, it is expected that reliability and availability information for selected risk-significant systems would improve the NRC's oversight capability with respect to public health and safety-i.e., the ability to maintain or enhance safety by identifying and reviewing indications of increased risk and, if appropriate, taking generic or plant-specific action. Such problems could be subtle in nature. For instance, licensee(s) might schedule train outages for maintenance at certain times, such that risks are substantially increased over what would be expected based on random outages.

This situation would not be indicated by current reporting requirements, or even by simply reporting train unavailability, but it could be indicated by the concurrent unavailability of two or more trains, as would be reported under the proposed rule. Additional examples discussed below describe further specific uses of the data that would help to enhance safety. In order to move towards risk-based regulation and the increased use of PRA information, the NRC needs scrutable, plant-specific and generic reliability and availability information.

The framework for an overall move towards risk-based regulation involves the development of a regulatory process. This process includes operational procedures and decision criteria that require credible PRA methods, models, and data. This framework would provide for predictable, consistent, and objective risk-based regulatory decision making. The data that would be reported under this rule represent one of the needed elements.

In addition, these data are needed to improve the efficiency and effectiveness of NRC regulatory applications that employ a risk-based perspective in advance of defining the entire framework.

Generally, plant-specific information is needed because there can be wide plant-to-plant variations in the design, importance, reliability and availability of particular systems and equipment.

It is necessary to identify similar equipment in various plants so that the data can be properly grouped and analyzed to estimate overall industry performance and plant-specific performance and to identify outliers (good or bad).2 Some examples of how reliability and availability information would be used to improve current NRC regulatory applications that consider risk in the decision process are discussed below. One of the examples involves the need for information to support generic regulatory actions--i.e., generic issue resolution and its associated rulemaking or regulatory guide revision.

Another example involves the need for information to determine whether further NRC action is needed at specific plants--i.e., indicators of plant performance.

Some involve a mixture of plant specific and generic elements.

For example, analyzing an event at a given plant could lead to a plant-specific action such as a special inspection and/ or to a generic action such as a bulletin or generic letter. Generic Issue Resolution The NRC currently uses risk estimates in: (1) prioritizing safety issues, (2) deciding whether new requirements or staff positions to address these issues are warranted, and (3) deciding whether proposed new requirements or staff positions should be implemented.

Knowing the current, updated reliability and availability of key systems would, in some cases, lead to a better understanding of the risk in these areas and, thus, to more risk-effective decisions.

This should both enhance public protection and reduce unnecessary regulatory burdens.

Generic data would usually suffice for this purpose; however, in some cases the data would need to be divided to account for specific classes or groups of plants. Indicators of Plant Performance PRA models with plant-specific reliability and availability data would be used to develop indicators of plant performance and trends in plant performance which are more closely related to risk than those currently in use. These new indicators would replace some of those currently in use 2 For many of the systems involved, plant specific demand and failure data will be sparse, at least initially.

Until data have been collected for some time, it will be necessary to use data from similar equipment.

applications, and environments at several plants in order to obtain practical estimates of reliability and uncertainty.

Even when sufficient plant-specific data exist to estimate plant performance, comparison to industry or group averages is often desirable.

A-4 5320 I 5321 Federal Re~ister / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and thereby enhance NRC's ability to make risk-effective decisions with regard to identifying plants for increased or decreased regulatory attention.

For example, it is important to detect situations where an individual plant may be having reliability or availability problems with multiple systems.

Accident Sequence Precursor (ASP) and Event Analysis Plant-specific, train-level reliability and unavailability data would be used to improve the plant-specific ASP models which the NRC uses to compute conditional core damage probability for determining the risk-significance of operational events. In addition, dates and causes of equipment failures would be used to identify common cause failures and to compute common cause failure rates for input to these models. Improving these methods would enhance the staff's ability to make risk effective decisions about which events warrant further inspections or investigations and/or generic actions such as bulletins and generic letters.

Plant-specific data are needed to better understand an event and calculate the associated conditional core damage probability.

It is also useful to identify systems that have the most influence on the results. Then the risk associated with the potential for similar events at other plants, which may be known to have low reliability for the key systems, can be considered in determining whether further actions are warranted.

Risk-Based Inspections Current and updated system reliability, availability and failure data in a generic and plant-specific risk based context would be used to enhance the staffs ability to plan inspections focused on the most risk-significant plant systems, components, and operations.

While generic data would be used in developing risk-based inspection guides and a framework for inspections, plant-specific data would be used to focus and optimize inspection activities at specific plants. For example, an individual plant may have an atypical reliability problem with a specific risk-significant system and thereby warrant additional attention.

In addition, special studies can be conducted to determine the root cause of reliability problems by comparing the characteristics of plants that have these problems with those that do not. Aging Equipment reliability data would help identify equipment that is being degraded by aging and define the extent and the risk-significance of aging problems.

Another class of examples involves the need for information to evaluate anticipated cost beneficial licensing actions, where the rationale is that risk permits reductions in previous margins of safety or less prescriptive requirements without adverse impact on overall safety. The NRC is actively pursuing a variety of modifications to the basic regulations and guidelines that govern the operation of commercial nuclear power reactor s. These modifications are characterized by allowing individual licensees to utilize insights from plant-specific risk evaluations to reduce or remove current requirements that are found to have low risk-significance.

Current regulatory requirements under consideration for risk-based modification include those prescribing quality assurance, in-service inspection, in-service testing, and surveillance testing. It is anticipated that a significant number of additional requests will be received that rely upon risk-based arguments.

These changes could adversely affect the level of safety achieved by the plants if the risk evaluations are flawed or the changes are improperly executed or the changes involve synergistic effects that are not covered by the risk models or captured by historical data. Current, plant specific reliability and availability data would help the NRC monitor the licensees' programs to maintain safety while reducing regulatory burdens.

Relaxation of undue regulatory burdens then can proceed with confidence that there will be appropriate feedback to assure that the level of safety is not being degraded.

Some examples are discussed below. Risk-Based Technical Specification Technical Specification requirements specify surveillance intervals and allowed outage times for safety equipment for the various modes of plant operation.

It is anticipated that licensees will request a number of relaxations in surveillance intervals and allowed outage times. Current, plant specific reliability and availability data would help the NRC monitor performance for the systems and equipment subject to the proposed rule. Thus, proposed relaxations of surveillance intervals and allowed outage times for such systems could be evaluated more effectively based on past performance and on confidence that there would be appropriate feedback to ensure that performance is not being degraded.

In addition, failure rates from actual demands will be used to verify Federal ~ ~ ~ ~ ~ ~ ~ ha failure / o.6,N.2 ody eray1,19 ratoes estmaedsrmtetn that failure rates estimated from testing are approximately the same. Inservice Testing Inservice testing requirements, which are based on the provisions of the American Society of Mechanical Engineers Boiler and Pressure Vessel Code (ASME Code), measure the functional characteristics of equipment performance, such as pump flow, in order to detect degradation.

The ASME and licensee owners' groups are working toward establishing risk-based frequencies for inservice testing, based on plant-specific risk ranking methodologies.

Changes in testing frequency can affect reliability in many ways. For example, less frequent valve testing might lead to an increase in the demand failure rate because the valve actuating mechanism tends to bind or freeze after extended periods of idleness.

However, using plant-specific demand failure and unavailability data, proposed changes can be more effectively evaluated based on the risk significance and performance of plant systems and based on confidence that there will be appropriate feedback to assure that the level of safety is not being degraded.

NRC Maintenance Rule The maintenance rule, 10 CFR 50.65, was issued on July 10, 1991 (56 FR 31306). The reliability and availability information that would be required by the proposed reporting rule would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensee's capabilities to implement the evaluation and goal-setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment Within the scope of the maintenance rule. NRC Monitoring As discussed above, current plant specific data can provide feedback on the effectiveness of licensee programs, including maintenance programs.

Accordingly, these data would improve the NRC's monitoring ability by providing risk-based measures of the effectiveness of individual licensee maintenance programs and the overall effectiveness of the maintenance rule. In addition, the NRC has expressed concern about the extent to which some reactor licensees are taking systems and equipment out of service for maintenance during plant operation.

Although this practice may offer economic benefits by reducing plant A-5 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules downtime, it must be properly managed to assure that safety is not compromised.

It should be noted that licensees are required by 10 CFR 50.65(a)(3) to periodically conduct assessments and make adjustments to ensure that the objective of preventing failures through maintenance is appropriately balanced against the objective of minimizing unavailability due to monitoring and preventive maintenance.

The NRC would use the hours when any two or more trains from the same or differenL systems are concurrently unavailable to monitor how well licensees are managing the risk associated with such maintenance.

As discussed below, under "Licensee Implementation," the data would also enhance licensees' capabilities to make prudent on-line maintenance decisions.

The maintenance rule is also important to license renewal (10 CFR Part 54). Hence, improving the NRC's oversight of the maintenance rule could strengthen one of the bases for the scope of the license renewal rule. Licensee Implementation In connection with the NRC's PRA policy, the NRC staff has defined the data elements that would improve the evaluation of maintenance and has established that they are the same as those needed to support a transition toward a risk- and performance-based regulatory process. The NRC believes that the reliability and availability data that would be required by this rule would enhance licensee's capabilities to implement the evaluation and goal setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the systems and equipment within the scope of the maintenance rule.3 In some circumstances, the maintenance rule requires licensees to establish performance or condition 3 The systems and equipment covered by this proposed rule are a subset of the systems and equipment within the scope of the maintenance rnle. The data elements are more extensive than what would be required for compliance with the maintenance rule: however, for the systems covered, these data elements would serve to improve implementation of the maintenance rnle. To cite one example, under 10 CFR 50.65(a)(2), risk significant systems may be considered to be subject to an effective preventive maintenance program and, thus, not subject to condition or performance monitoring unless "maintenance preventable" failures occur. However, gathering the reliability and availability information specified in this proposed rnle, including data elements such as concurrent outages and the causes of failures, would provide a bettu picture of a system's performance and the effectiveness of the preventive maintenance program than simply awaiting the occurrence of "maintenance preventable" failures.goals, taking into account industry-wide operating experience where practical.

It also requires periodic program evaluations, including consideration of unavailability due to monitoring or preventive maintenance, taking industry-wide operating experience into account, where practical.

Licensees will need to monitor reliability and availability of risk-significant systems, particularly for the periodic program evaluations.4 For many of the systems involved, plant-specific demand and failure data will be sparse, at least initially.

However statistical analysis techniques exist that allow a licensee to analyze and evaluate data from similar equipment, applications and environments from other plants, besides the data from their plant. These analyses yield meaningful reliability estimates for the subject plant that can be compared with performance goals. Industry-wide data would also provide a practical source for comparing plant specific performance with industry operating experience.

Although plant specific information is generally available on site, and utilities review licensee event reports and other generic event informatior, NRC site visits, associated with early efforts to prepare for maintenance rule implementation in 1996, indicate that utilities do not use industry operating experience in a systematic and consistent way for goal setting purposes under the maintenance rule. Based on these considerations, the availability of current, industry-wide reliability and availability data would enhance licensee's capabilities to implement the evaluation and goal setting activities required by the maintenance rule. As discussed previously, the NRC has recently found cause for concern about how some reactor licensees handle on line maintenance.

Prudent on-line maintenance decisions depend on a full appreciation of the risk-significance of s taking equipment out of service (individually or collectively) and use of plant-specific and generic reliability and availability data would play a significant role in improving such t decision making. " 4 NUMARC 93-01, which the NRC has endorsed as describing one acceptable way of meeting the requiremrnts of the NRC's maintenance rule, indicates in Section 12.2.4 that the adjustment for t balancing of objectives needs to he done for risk significant structures, systems, and components (SSCs). However, for other SSCa it is acceptable to measure operating SSC performance against overall 1 plant performance criteria and standby system performance against specific perfonnance criteria.

This is reasonable in that, for systems that are less risk-significant, the expense of a rigorous balancing' is not warranted.

Description of Proposed Rule The proposed rule would require holders of operating licenses for nuclear power reactors to report reliability and availability data for certain risk significant systems and equipment.

The proposed reporting requirements would apply to the event-mitigating systems and equipment which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.

Summary information reported to the NRC would be: 1. The number of demands, the number of failures to start associated with such demands, and the dates of any such failures, characterized according to the identification of the train affected, the type of demand (test, inadvertent/spurious, or actual need), and the plant mode at the time of the demand (operating or shutdown);

2. The number of hours of operation following each successful start, characterized according to the identification of the train affected and whether or not the operation was terminated because of equipment failure, with the dates of any such failures;
3. The number of hours equipment is unavailable, characterized according to the identification of the train affected, the plant mode at the time equipment is unavailable (operating or shutdown), characterization of the unavailable period (planned, unplanned, or support system unavailable), and, if due to a support system being unavailable, dentification of the support system; 4. For each period equipment is unavailable due to component failure(s), failure record identifying the component(s) and providing the failure late, duration, mode, cause, and effect; and 5. The number of hours when two or nore trains from the same or different systems were concurrently unavailable, characterized according to the dentification of the trains that were navailable.

The first annual report would identify he systems, trains, and ensembles of :omponents covered by the reporting requirements of the rule; subsequent mnual reports would either state that no changes were made subsequent to he previous annual report or describe he changes made. The summary information would be reported annually and compiled on the basis of calendar quarters, or on a more frequent basis at the option of each individual licensee.

Records and documentation of each occurrence of a demand, failure, or unavailable period A-6 5322 L I Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules that provide the basis for the summary data reported to the NRC would be required to be maintained on site and made available for NRC inspection.

In developing these data elements the NRC has, over the past three years, reached a consensus on the minimum data'needed to support risk-based applications and enhance implementation of the maintenance rule. During this period NRC staff has also interacted extensively with INPO and NEI in an effort to define the minimum reliability and availability data needed to satisfy the needs of both NRC risk-based regulatory applications and industry (licensee) uses of PRA. The number of demands and the number of successful starts are needed to estimate demand reliability, i.e., the fraction of demands that result in successful starts. (The complement of this fraction provides an estimate of the probability of failure on demand). The actual number of demands and successes, as opposed to the ratio, is needed for purposes such as: (1) providing a measure of confidence in the results and (2) permitting proper combination of data from different plants. The type of demand is needed to determine whether or not the demand reliability estimated by testing is approximately the same as the demand reliability for actual demands.

Sometimes it is not, indicating a need for additional data analysis in making reliability estimates.

The plant mode at the time of a demand is needed to estimate the demand frequency, demand reliability, and unavailability according to plant mode. These factors, as well as the risk associated with unreliability and unavailability, can be quite different depending on whether the plant is in operation or shut down. The hours of operation following successful starts are needed to estimate the probability the equipment will function for a specified period of time. This information is needed for systems that must operate for an extended period following an accident to fulfill a risk-significant safety function.

The number of hours that equipment is not available (unavailable hours) is needed to estimate the fraction of time that a train is not available to perform its risk-significant safety function.

For some systems this can be an important or dominant contributor to the overall probability of failure to perform the system's safety function.

It can be significantly affected by elective maintenance.

The type of unavailable hours (planned or unplanned) is needed to effectively utilize these estimates.

For example, a high unplanned unavailability may indicate a need for more preventive maintenance; a high planned unavailability may indicate the opposite.

The unavailable hours due to support systems failure or unavailability are needed to properly capture concurrent outages and to eliminate double counting.

For example, an Emergency Service Water (ESW) train being unavailable may result in other trains being unavailable as well; however, for purposes of estimating risk in a PRA study, that unavailability should not be counted more than once. The date of each failure is needed to allow screening for potential common cause failures.

Failures that occur closely together in time warrant review to see whether a common cause failure may be involved.

Common cause failures may indicate a need for revised maintenance procedures or staggered testing. Common cause failure rates are also needed for PRA models because of their importance in system reliability and availability estimates.

Failure cause and failure mode information are needed to support common cause failure analysis as discussed above and to associate the failure with the correct failure mode for input into PRA models. Quarterly data are needed to conduct first order trending studies to identify areas of emerging concern with regard to overall plant and system performance.

More frequent compilation is acceptable at the discretion of each licensee.

An identification of the systems, trains, and ensembles of components subject to the rule is needed because identification of the components within the systems, trains, and ensembles is necessary for proper use and evaluation of the data by the staff and for industry wide generic applications to account for physical differences between plants. For example, simplified system diagrams could be marked to show the systems, trains, and ensembles against which the data would be reported.

Retention of records and documentation that provide the bases for the summary data report to the NRC for a period of several years is consistent with maintenance rule applications.

For example, monitoring reliability for a few years may be used to determine trends in order to achieve the balance described in 10 CFR 50.65(a)(3)-i.e., the balance between preventing failures through maintenance and minimizing unavailability due to monitoring and preventive maintenance.

In addition, on-site data are needed to provide a scrutable basis for regulatory decisions.

For example, it is expected to be necessary to review the actual unavailable hours in order to estimate the mean repair times for key components for the purpose of updating the staff's PRA models. Regulatory Guide A new regulatory guide will be prepared and issued to provide supplementary guidance.

The guide will present an acceptable way to define the systems and equipment subject to the rule and it will provide risk-based definitions of failure as well as train and system boundaries consistent with PRA applications.

The format in which data would be provided to the NRC and a suggested format for maintaining on-site documentation and record keeping would be included.

In order to reduce costs, use of electronic data submittal will be considered a priority objective in developing and implementing the guide. A draft guide will be published for comment before it is finalized.

A public workshop is planned after publication of the draft guide. The comment period for this proposed rule will not expire until at least 30 days after publication of the draft regulatory guide. Definitions The basic definitions used in reporting under § 50.76 are discussed below; further details will be addressed in the regulatory guide. For example, the basic definition of failure is provided here; further details, such as how to handle a case where the operators prematurely terminate system operation following a real demand, will be discussed in the regulatory guide. In particular, the regulatory guide will define risk-significant safety function(s) and failures for systems and equipment covered by this proposed rule. Demand is an occurrence where a system or train is called upon to perform its risk-significant safety function.

A demand may be manual or automatic.

It may occur in response to a real need, a test, an error, an equipment malfunction or other spurious causes. For the purposes of reporting under this rule, the demands of interest are those which are actual demands or closely simulate actual demands for the train or specific equipment involved.

Failure, for the purpose of reporting under this rule, is an occurrence where a system or train fails to perform its risk significant safety function.

A failure may occur as a result of a hardware malfunction, a software malfunction, or a human error. Failures to start in response to a demand are reported under paragraph 50.76(b)(1)(i).

Failures A-7 5323 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules to run after a successful start are reported under paragraph 50.76(b)(1](ii).

Unavailability is the probability that a required system or train is not in a condition to perform or is not capable of performing its risk-significant safety function.

This may result from failure to start, from failure to run, or from intentional or unintentional removal of equipment from service (e.g., for maintenance or testing).

Risk-significant safety function is a safety function that has or could have a significant effect on risk (in terms of avoiding core damage accidents or preserving containment integrity for the purposes of reporting under this proposed rule). Reportable systems and equipment are the event-mitigating systems and equipment which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.

The reportable systems and equipment will be determined by each licensee.

The regulatory guide will describe acceptable methods for making that determination.

It is expected that the rule will produce a set of basic systems for which reliability data will be reported for all plants that have them. However, these basic systems are not sufficient by themselves.

Additional systems and equipment to be addressed will depend on plant-specific features.

Listed below is the set of basic systems that the Commission is currently considering for identification in the draft regulatory guide. Basic PWR systems Basic BWR systems Auxiliary feedwater

.... Reactor core isolation cooling or isolation condenser.

High pressure safety Feedwater coolant in injection jection, high pres sure coolant injec tion or high pres sure core spray, as appropriate.

Reactor protection

..... Reactor protection.

Low pressure safety Low pressure coolant injection, injection and low pressure core spray. Emergency ac power Emergency ac power. As discussed above, the systems and equipment to be included in the scope of the rule would be those event mitigating systems and equipment that have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.

To ensure that this approach is consistent with operating experience, the NRC has considered the systems and equipment that have been substantially involved in significant events in U. S. reactors.

These systems were found to fall into the following categories:

1. Basic systems. As indicated above, the NRC expects that these systems would be included in the scope of the rule for all plants. The basic systems on the proposed list have been confirmed to have been substantially involved in signi ficant events. 2. Plant-specific systems. Systems such as service water and component cooling water are risk-significant, but the significance varies widely, depending upon plant-specific designs.

It is expected that these systems will be included, as appropriate, based on plant-specific PRA studies. Other systems, such as containment purge, appear infrequently in connection with significant events and are not expected to be risk-significant for any plants. 3. Initiating systems. Systems such as main feedwater and offsite power are primarily considered to be initiators of significant events, rather than mitigation systems. Existing reporting requirements in 10 CFR 50.72 and 10 CFR 50.73 provide enough information to characterize the important initiating systems for the purpose of PRA studies.

4. Non-measurable items. Items such as reactor coolant system corrosion are not amenable to meaningful measurement by the methods of this proposed rule. Based on this review, the systems and equipment to be included in the scope of the rule are considered reasonably consistent with operating experience in terms of involvement in significant events. Accordingly, it is expected that reliability and availability information for those systems and equipment will be well suited for identifying plants and systems at increased risk for significant events. Minimizing Costs. The NRC intends that the data required to be collected and reported under this proposed rule be essentially the same as would be required for monitoring reliability and/ or availability for other purposes, such as monitoring system reliability where that is the option chosen for compliance with the maintenance rule. Thus, it should be practical to gather and report the data without significant additional cost. This will be a priority goal in developing the guidance to be included in the new regulatory guide. Sunset Provision.

As experience is gained with implementing the proposed rule and utilizing the information required to be collected and reported, a reassessment may be necessary or desirable.

One way of assuring such a reassessment would be to include a"sunset provision" in the rule, whereby the rule would automatically expire after a specified period of time unless: (i) a condition specified in the rule is fulfilled, or (ii) the Commission engages in a rulemaking which extends the effectiveness of the rule. The Commission requests public comments on whether the proposed rule should contain such a sunset provision, and if so, the period of time after which the rule should automatically expire. Grandfather Provision.

There may be some plants for which, at the time that the proposed rule may be adopted by the Commission as a final rule, licensees have already announced plans to discontinue operation in the near future. Furthermore, licensees may determine in the future to discontinue operation at some plants. In either case, there may be less reason to require collection and repeting of the information contemplated by the proposed rule at such plants and it may be advisable to exempt such plants from the information collection and reporting requirements of the proposed rule (i.e., "grandfathering").

The Commission requests public comments on whether the proposed rule should exempt plants that have announced (or will announce) plans to discontinue operation within a short time (e.g., two years). Conclusion As discussed under the subject "Move to Risk-Based Regulation," the information to be collected under the proposed rule is necessary for the development and implementation of risk-based regulatory processes.

Risk based regulatory approaches provide a means for the Commission to maintain, and in some cases improve, safety while reducing impacts on licensees as well as NRC resource expenditures, by focusing regulatory requirements and activities on the most risk-significant areas. In addition, this information would improve the NRC's oversight of licensees' implementation of the maintenance rule. It would also enhance licensee's capabilities to implement the evaluation and goal-setting activities required by the maintenance rule by providing licensees with access to current industry-wide reliability and availability information for some of the risk-significant systems and equipment within the scope of the maintenance rule. The Commission has also prepared a regulatory analysis (see "Regulatory Analysis")

which identified alternatives for collecting the information for use by both licensees and the NRC, and evaluated the costs of each viable alternative.

Based upon these factors, the Commission believes that the costs A-8 5324 5325 Federal RegUter / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules of the proposed rule's information collection and reporting requirements are justified in view of the potential safety significance and projected benefits of the information in NRC regulatory activities.

Submission of Comments in Electronic Format Commenters are encouraged to submit, in addition to the original paper copy, a copy of their comments in an electronic format on IBM PC DOS compatible 3.5- or 5.25-inch, double sided, diskettes.

Data files should be provided in WordPerfect 5.0 or 5.1. ASCII code is also acceptable, or if formatted text is required, data files should be submitted in IBM Revisable Format Text Document Content Architecture (RFT/DCA) format. Environmental Impact- Categorical Exclusion The proposed rule sets forth requirements for the collection, maintenance, and reporting of reliability and availability data for certain risk significant systems and equipment.

The NRC has determined that this proposed rule is the type of action described in categorical exclusion, 10 CFR 51.22(c)(3)(ii).

Therefore, neither an environmental impact statement nor an environmental assessment has been prepared for this proposed regulation.

Paperwork Reduction Act Statement This proposed rule amends information collection requirements that are subject to the Paperwork Reduction Act of 1995 (44 U.S.C. 3501 et seq.). This rule has been submitted to OMB for review and approval of the Paperwork Reduction Act requirements.

The public reporting burden for this collection of information is estimated to average 1375 hours0.0159 days <br />0.382 hours <br />0.00227 weeks <br />5.231875e-4 months <br /> per response (i.e., per commercial nuclear power reactor per year), including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information.

The Commission is seeking public comment on the potential impact of the collection of information contained in the proposed rule and on the following issues: 1. Is the proposed collection of information necessary for the proper performance of the functions of the NRC, and does the information have practical utility? 2. Is the estimate of burden accurate?

3. Is there a way to enhance the quality, utility, and clarity of the information to be collected?
4. How can the burden of the collection of information be minimized including by using automated collection techniques?

Send comments on any aspect of this proposed collection of information, including suggestions for reducing the burden, to the Information and Records Management Branch (T-6-F33), U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202, (3150-0011), Office of Management and Budget, Washington, DC 20503. Comments to OMB on the collections of information or on the above issues should be submitted by March 13, 1996. Comments received after this date will be considered if it is practical to do so, but assurance of consideration cannot be given to comments received after this date. Public Protection Notification The NRC may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Regulatory Analysis The Commission has prepared a draft regulatory analysis on this proposed regulation.

The analysis examines the costs and benefits of the alternatives considered by the Commission.

The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from: Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (301) 415-6835.

Regulatory Flexibility Certification In accordance with the Regulatory Flexibility Act of 1980 (5 U.S.C. 605 (B)), the Commission certifies that this rule will not, if promulgated, have a significant economic impact on a substantial number of small entities.

The proposed rule affects only the licensing and operation of nuclear power plants. The companies that own these plants do not fall within the scope of the definition of "small entities" set forth in the Regulatory Flexibility Act or the size standards adopted by the NRC on April 11, 1995 (60 FR 18344-10 CFR 2.810. Backfit Analysis The proposed rule sets forth requirements for reporting and record keeping. The NRC has determined that the backfit rule, 10 CFR 50.109, does not apply to this proposed rule, and therefore, a backfit analysis is not required for this proposed rule because these amendments do not involve any provisions which would impose backfits as defined in 10 CFR 50.109(a)(1).

However, as discussed above in "Regulatory Analysis," the Commission has prepared a regulatory analysis which summarizes the purpose and intended use of the information proposed to be collected, identifies alternatives for collection and reporting of the proposed information, and identifies the impacts and benefits of the alternatives.

This regulatory analysis constitutes a disciplined process for evaluating the potential benefits and projected impacts (burdens) of information collection and reporting requirements such as the proposed rule. The Commission therefore concludes that the objective underlying the Commission's adoption of the Backfit Rule-that regulatory impacts are assessed under established criteria in a disciplined process--is being met for this proposed rule. List of Subjects in 10 CFR Part 50 Antitrust, Classified information, Criminal penalties, Fire protection, Intergovernmental relations, Nuclear power plants and reactors, Radiation protection, Reactor siting criteria, Reporting and record keeping requirements.

For the reasons set out in the preamble and under the authority of the Atomic Energy Act of 1954, as amended, the Energy Reorganization Act of 1974, as amended, and 5 U.S.C. 553, the NRC is proposing to adopt the following amendments to 10 CFR Part 50. PART 50--OOMESTIC UCENSING OF PRODUCTION AND UTIUZATION FACILITIES

1. The authority citation for Part 50 continues to read as follows: Authority:

Sections 102,103,104, 105, 161, 182, 183, 186, 189,68 Stat. 936, 937, 938. 948,953, 954,955,956.

as amended, sec. 234, 83 Stat 1244, as amended (42 U.S.C. 2132, 2133. 2134, 2135, 2201, 2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S. C. 5841, 5842, 5846). Section 50.7 also issued under Pub. L. 95 601, sec. 10, 92 Stat 2951 as amended by Pub. L. 102-486, sec. 2902, 106 Stat 3123, (42 U.S.C. 5851). Section 50.10 also issued under secs. 101, 185, 68 Stat. 936, 955, as amended (42 U.S.C. 2131, 2235]; sec. 102, Pub. L. 91 190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, and 50.54(dd), and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). Sections 50.23, 50.35, 50.55, A-9 Federal Register / Vol. 61, No. 29 / Monday, February 12, 1996 / Proposed Rules and 50.56 also issued under sec. 185, 68 Stal 955 (42 U.S.C. 2235). Sections 50.33a, 50.551 and Appendix Q also issued under sec. 102, Pub. L.91-190, 83 Stat. 853 (42 U.S.C. 4332] Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 ,42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L 97-415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued tude, sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80-50.81 also issued under sec. 184,68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187,68 Stat. 955 (42 U.S.C. 2237). 2. Section 50.8(b) is revised to read as follows: §50.8 Infornmallon collection re-qCirUmB" oM a ol. (b) The approved information collection requirements contained in this part appear in §§ 50.30, 50.33, 50.33a, 50.34, 50.34a, 50.35, 50.36, 50.36a, 50.48, 50.49, 50.54, 50.55, 50.55a, 50.59, 50.60, 50.61, 50.63, 50.64, 50.65, 50.71, 50.72, 50.75, 50.76, 50.80, 50.82, 50.90, 50.91, 50.120, and Appendices A, B, E, G, H, I, J, K, M, N, 0, Q, and R. * * *

  • 3. Section 50.76 is added to read as follows: § 50.76 Reporting reliability and avallability Infom'ation for risk-significant systems and equipment. (a) Applicability.

This section applies to all holders of operating licenses for commercial nuclear power plants under 10 CFR 50.21b or 50.22 and all holders of combined operating licenses for commercial nuclear power plants under 10 CFR 52.97. (b) Requirements.

(1) Each licensee shall submit an annual report to the NRC that contains the following information, compiled on the basis of calendar quarters, or on a more frequent basis at the option of each licensee, for systems, trains, and ensembles of components in paragraph (b)(3) of this section: (i) The number of demands, the number of failures to start associated with such demands, and the dates of such failures, characterized according to the identification of the train affected, the type of demand (test, inadvertent/ -spurious, or actual need), and the plant mode at the time of the demand (operating or shutdown); (ii) The number of hours of operation following each successful start, characterized according to the identification of the train affected and whether or not the operation was terminated because of equipment failure, with the dates of any such failures;(iii) The number of hours equipment is unavailable, characterized according to the identification of the train affected the plant mode at the time equipment is unavailable (operating or shutdown), characterization of the unavailable period (planned, unplanned, or support r system unavailable), and, if due to a support system being unavailable, identification of the support system; (iv) For each period equipment is unavailable due to component failure(s), a failure record identifying the component(s) and providing the failure date, duration, mode, cause, and effect; and (v) The number of hours when two or more trains from the same or different systems were concurrently unavailable, characterized according to the identification of the trains that were unavailable.

(2) The initial annual report described in (b)(1) above shall identify the systems, trains, and ensembles of components covered by paragraph (b)(3) below; subsequent annual reports shall either state that no changes were made subsequent to the previous annual report or describe any changes made. f3) The requirements of paragraphs (b)(1) and (b)(2) of this section apply to those event-mitigation systems, and ensembles of components treated as single entities in certain probabilistic risk assessments where a system or train treatment would not be appropriate, which have or could have a significant effect on risk in terms of avoiding core damage accidents or preserving containment integrity.

(4) Each licensee shall maintain records and documentation of each occurrence of a demand, failure, or unavailable period that provide the basis for the data reported in paragraph (b)(1) of this section on site and available for NRC inspection for a period of 5 years after the date of the report specified in paragraph (b)(1) of this section. (c) Implementation.

Licensees shall begin collecting the information required by paragraph (b) of this section on January 1, 1997, and shall submit the first report required by paragraph (b)(1) of this section by January 31, 1998. Thereafter, each annual report required by paragraph (b)(1) of this section shall be submitted by January 31 of the following year. Dated at Rockville, MD, this 2nd day of February, 1996. For the Nuclear Regulatory Commission.

John C. Heyle, Secretory of the Commission.

[FR Doc. 96-2698 Filed 2-9-96; 8:45 am] CO.DEOcc 75-"1-P DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. 93-NM-133-AD]

Airworthiness Directives; Airbus Industrie Model A300, A310, and A300 600 Series Airplanes AGENCY: Federal Aviation Administration, DOT. ACTION: Supplemental notice of proposed rulemaking; reopening of comment period.

SUMMARY

This document revises an earlier proposed airworthiness directive (AD), applicable to certain Airbus Model A300, A310, and A300-600 series airplanes, that would have required inspections to detect missing fasteners, cracked fitting angles, and elongated fastener holes in certain frames, and correction of discrepancies.

That proposal was prompted by discrepancies found at the fitting angles on the frame at which a certain electronic rack is'attached.

This action revises the proposed rule by revising the inspection thresholds and repetitive intervals; providing an optional terminating action; and deleting certain airplanes from the applicability.

The actions specified by this proposed AD are intended to prevent damage propagation that could lead to failure of the rack-to-structure attachment points, and subsequently could result in loss of airplane systems, structural damage, and possible electrical arcing. DATES: Comments must be received by March 4, 1996. ADDRESSES:

Submit comments in triplicate to the Federal Aviation Administration (FAA), Transport Airplane Directorate, ANM-103, Attention:

Rules Docket No. 93-NM 133-AD, 1601 Lind Avenue SW., Renton, Washington 98055-4056.

Comments may be inspected at this location between 9:00 a.m. and 3:00 p.m., Monday through Friday, except Federal holidays.

The service information referenced in the proposed rule may be obtained from Airbus Industrie, 1 Rond Point Maurice Bellonte, 31707 Blagnac Cedex, France. This information may be examined at the FAA, Transport Airplane Directorate, 1601 Lind Avenue, SW., Renton, Washington.

FOR FURTHER FORMATION CONTACT: Tim Backman, Aerospace Engineer, Standardization Branch, ANM-113, FAA, Transport Airplane Directorate, 1601 Lind Avenue SW., Renton, A-I0 5326 t APPENDIX B GLOSSARY Actual Demand is a command to a reportable system, train, or equipment group to initiate action to perform its risk-significant function in response to a need for the function arising from an accident or transient.

Availability as used in this regulatory guide is the probability that a reportable system, train, or equipment group is capable of performing on demand its risk-significant safety function during a reportable plant operational state. It is estimated by dividing the number of hours that a system, train, or equipment group is available to perform its risk-significant safety function by the total number of hours that the plant is in a specific reportable plant operational state during a quarter.

Concurrent unavailable hours are the hours when two or more trains or equipment groups in reportable systems were unavailable at the same time to perform their risk-significant safety function during a plant operational state for which they were both reportable.

Core damage freauency is a measure of risk estimated by assessing the average yearly frequency of core damage that is expected for an individual nuclear power plant from the plant's probabilistic risk assessment (PRA). Equipment group is a portion of a reportable system that is defined to indicate a group of components that are all commanded to perform their risk-significant safety function by a particular type of reportable demand. Front-line system is a collection of components and structures designated and installed to perform one or more safety functions such as core inventory make up or containment cooling.

Principal component is an element of a train or equipment group necessary for the train or equipment group to perform its risk-significant safety function and is the lowest level of detail normally included in the plant equipment representation in its PRA models. For example, principal components would include:

  • Motor operated valves (manual or automatic), including motors and power supplies up to the first power breaker
  • Air operated valves, including air to local supply valves
  • Station battery output breakers and relays
  • Heat exchangers
  • RPS instrument logical output relays, such as the four k-relays in the example PWR scram system
  • Hydraulic control units in BWR RPS Reliability as used in this regulatory guide is reliability on demand and the probability that a system, train, or equipment group will successfully complete its risk-significant safety function when called upon to do so during a period when it is considered to be available.

Risk-importance measure is any quantitative calculation that measures the relative or absolute contribution to risk of an attribute that has an impact on risk. Risk-siqnificant is the term given to any aspect of nuclear power operations that could have an effect on risk (either core damage frequency or health effects to the public).

Risk-significant safety function is a safety function, for the purposes of reporting under the proposed rule, that has or could have a significant effect on risk in terms of preventing core damage accidents or preserving containment integrity.

The accomplishment of a risk-significant safety function does not necessarily correspond to operability requirements for design basis accidents.

It corresponds to the successful completion of the mission as modeled in PRAs. Spurious demand is a command given to equipment that arises from a false signal that mimics an actual demand. Support system is a system that provides a needed function to front-line or other systems but does not provide a direct safety function itself. Examples are electric power, service water, component cooling water, and automatic actuation systems.

Surveillance or test demand is a command given to equipment to prove that the equipment is available to perform its risk-significant safety function.

Unavailability and Unreliability are the complementary functions of availability and reliability.

B-2 APPENDIX C EXAMPLES OF REPORTABLE SYSTEMS This appendix provides several examples (Tables C-i thru C-5) of the types and numbers of systems that could be selected for final expert panel review and selection using the system level calculation alternate (with FV>O.I or RAW >100). These examples, which apply to five sample plants, were prepared by the NRC staff to illustrate the principles involved.

Similar outcomes in selecting risk-significant systems for reporting reliability and availability data are expected when using the maintenance rule risk-significant structures, systems, and components (SSCs) and supplemental expert panel screening.

However, more emphasis is placed on qualititative screening when using the maintenance rule SSCs as a starting point. In each case, the screening considerations discussed in Regulatory Position 1.2, Other Reportable Systems, would be applied. For reference they are summarized below. 0 Event initiating systems (as opposed to mitigating systems) may be excluded.

a Support systems that support several reportable systems should be considered.

  • Systems and structures, such as containment structures and ice condensers, for which risk is more a function of capability than reliability, may be excluded.
  • Systems and equipment that are risk-significant only because the likelihood of operator error may be excluded.

0 Systems and equipment that make large contributions to shutdown risk and are significant contributors to overall risk should be included.

0 Systems and equipment that have a contribution to risk that is small compared to that of the basic systems may be excluded.

  • Systems important for the more risk-significant aspects of containment integrity.

Any of these considerations that were a significant factor in adding or deleting a system from Tables C-i through C-5 have been indicated in parentheses.

C-I TABLE C-1: PLANT 1 -BWR, MARK 3 CONTAINMENT, GE TYPE 6 Fussell-Vesely Ratio Standby Service Water System Emergency ac Power System Auto. Depressurization System Residual Heat Removal System' Power Conversion System Instrument Air System SEng. Safety Feature Actuation High Pressure Core Spray Reactor Protection System Standby Liquid Control System Reactor Core Isolation Cooling 3 0.44 0.36 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 36200 Less than 100 Less than 100 Less than 100 Less than 100 26802 Less than 100 Less than 100 Less than 100 Less than 100 Basic System No Yes No Yes No No No Yes Yes No Yes Candidate for Reportable System Yes Yes No Yes No Yes No Yes Yes No Yes Reason to Include or Exclude High FV and RAW High RAW For Plant 1, we would expect seven systems to be candidate reportable systems.

I 1 Also decay heat removed function, low pressure core spray, containment spray and shutdown cooling function.

2 Largely HVAC support (accumulators are the backup).

Importance values not available.

C System Name TABLE C-2: PLANT 2 -PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT, CE System Name Main Feedwater Auxilliary Feedwater Emergency AC Power High Pressure Safety Injection Reactor Protection System HVAC/Chilled Water' Component Cooling Water 3 Main Steam 4 C Containment Spray SSaltwater Cooling Safety Injection Tanks Low Pressure Safety Injection Instrument Air & Nitrogen System Chemical & Volume Control System Fussell-Vesely Ratio 0.991 0.41 0.39 0.32 0.12 0.19 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio Less than 100 3130 6620 268 127000 7390 161 313 Less than 100 164 Less than 100 Less than 100 Less than 100 Less than 100 Basic System No Yes Yes Yes Yes No No No No No No Yes No No Candidate for Reportable System No Yes Yes Yes Yes Yes No Yes Yes Yes No Yes No No Reason to Include or Exclude Always running, (c).See footnote 2. See footnote 3. High RAW. Containment integrity, (g). High RAW For Plant 2, we would expect nine systems to be candidate reportable systems.

Includes motor-driven condensate pumps which back-up the steam driven auxiliary feed pumps. 2 High RAW and support for ECCS and emergency ac, (b). Shutdown risk consideration (a).4 Includes isolating steam generator and providing steam to turbine driven pumps.

TABLE C-3: PLANT 3 -PWR, LARGE DRY AMBIENT PRESSURE CONTAINMENT CE Fussell-Vesely Ratio Emergency ac power system Auxiliary Feedwater System High Pressure Injection System Low Pressure Injection System Feedwater System Containment Isolation System Raw Water System Primary Pressure Control Circulating Water System Chemical & Volume Control Instrument Air System Turbine Plant Cooling Water Component Cooling Water HVAC 1 Containment Cooling System Containment Spray System Hydogen Purge System ESFAS Logic System Reactor Protection System'0.68 0.27 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 4130 135 140 598 737 Less than 100 118 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 7505 Less than 100 Less than 100 Less than 100 Less than 100 Basic System Yes Yes Yes Yes No No No No No No No No No No No No No No Yes Candidate for Reportable System Yes Yes Yes Yes No No Yes No No No No No Yes Yes Yes Yes No No Yes Reason to Include or Exclude Initiating event (a). High RAW Shutdown risk, (e). Containment integrity, (g). Containment integrity, (g). See footnote 2.For Plant 3, we would expect 10 systems to be candidate reportable systems.

1 High RAW and supports both ECCS and emergency ac (b). 2 importance measures not available.

L System Name I TABLE C-4: PLANT 4 -BWR, MARK 1 CONTAINMENT, GE TYPE 4 System Name Eng. Safety Feature Actuation Essential Service Water Primary Containment Venting Condensate System High Pressure Coolant Injection Residual Heat Removal' Reactor Protection System Standby Liquid Control System Emergency ac Power System Reactor Building Cooling Water Reactor Core Isolation Cooling Normal Service Water DC Power System Emergency Heat, Vent, & Air Cond. High Pressure Service Water' Instrument Air System Turbine Building Cooling Water I~~Fussell-Vesely Ratio 0.63 0.25 0.15 Less than 0.1 Less than 0.1 0.11 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 8420 8150 Less than 100 Less than 100 Less than 100 499 1010 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 4320 Less than 100 Less than 100 Basic System No No No No Yes Yes Yes No Yes No Yes No No No No No No Candidate for Reportable System Yes Yes Yes No Yes Yes Yes No Yes No Yes No No No Yes No No Reason to Include or Exclude High FV and RAW High FV and RAW High FV See footnote 2.For Plant 4, we would expect nine systems to be candidate reportable systems.

Also low pressure coolant injection, containment spray and post-accident heat removal.

2 High RAW and support for service water and high head safety injection function (b).

TABLE C-5: PLANT 5 -PWR, LARGE DRY SUBATMOSPHERIC PRESSURE CONTAINMENT, WESTINGHOUSE THREE-LOOP System Name Emergency ac Electric Power Reactor Coolant Pumps Auxiliary Feedwater System Primary Pressure Relief High Pressure Injection 1 Low Pressure Recirculation Reactor Protection System Main Service Water Accumulators C Low Pressure Injection Main Feedwater Instrument Air System High Pressure Recirculation DC Power (1A and 1B) Component Cooling Water Residual Heat Removal Containment Spray System Inside Spray Recirculation Outside Spray Recirculation Consequence Limiting Control Fussell-Vesely Ratio 0.62 0.19 0.19 0.1 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Less than 0.1 Risk Achievement Worth Ratio 1370 Less than 100 4740 Less than 100 565 Less than 100 697 565 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 1952 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Less than 100 Basic System Yes No Yes No Yes No Yes No No Yes No No No No No No No No No No Candidate for Reportable System Yes No Yes No Yes No Yes Yes No Yes No No No Yes Yes Yes Yes No No No Reason to Include or Exclude Initiating event, (a). Operator action, (d). High RAW. High RAW. Shutdown risk, (e). Shutdown risk, (e). Containment integrity, (g).For Plant 5, we would expect 10 systems to be candidate reportable systems.

Also dedicated charging pump cooling system and safety injection actuation.

2 Largely response to loss of offsite power.

APPENDIX D RISK-IMPORTANCE MEASURES The Fussell-Vesely importance measure is a relative measure. It provides an indication of the fractional contribution of a given system to core damage frequency (CDF) at the current, or expected level of reliability.

The mathematical expression for this importance measure is:' FV = [F(x) -F(O)] I F(x) with: F(x) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x at their mean value, and F(O) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to zero. An alternative notation is FV = qj/CDF with: q, = the sum of all cut sets that contain failure modes in the system of interest, and CDF = the sum of all cut sets, i.e., the core damage frequency.

The risk achievement worth ratio (ratio form of risk increase) is a relative measure. It provides an indication of the increase in CDF if a system is assumed to always fail. Its mathematical expression is: RAW = F(1) / F(x) Terminology and definitions are derived from NUREG/CR-1489, "A Review of NRC Staff Uses of Probabilistic Risk Assessment" (March 1994), page C-165, where FV is discussed in terms of the fractional contribution of a component (or basic event). Copies of NUREG/CR-1489 are available for inspection or copying for a fee from the NRC Public Document Room at 2120 L Street NW., Washington, DC; the PDR's mailing address is Mail Stop LL-6, Washington, DC 20555; telephone (202)634-3273; fax (202)634-3343.

Copies may be purchased at current rates from the U.S. Government Printing Office, P.O. Box 37082, Washington, DC 20402-9328 (telephone (202)512-1800);

or from the National Technical Information Service by writing NTIS at 5285 Port Royal Road, Springfield, VA 22161. D-1 with F(1) = minimal cut set upper bound (or sequence frequency) evaluated with the basic event probabilities of all components in system x set to one The importance measures routinely calculated by PRA computer codes typically are applicable to individual components only. Importance measures for individual components in a system are not necessarily additive to compute the total importance of the system. In order to compute system importances for determining reportable systems under 10 CFR 50.76, it is suggested that F(O) be estimated by setting the probabilities of all basic events in the system to zero, including common cause and human error events. F(1) similarly can be estimated by setting all of the basic events unique to the system to one. In the calculation of F(1), it may be necessary to resolve the Boolean equations for the cut set in order to obtain an appropriate value for the RAW ratio.D-2 I APPENDIX E DEFINING SYSTEMS, TRAINS, AND EQUIPMENT GROUP CONFIGURATIONS AND DATA REPORTING FORMS Suggested Principles For identifying reportable systems, trains, and equipment groups within systems, it is suggested that licensees mark up simplified drawings.

Only the configurations representing risk-significant safety functions need be included.

Separate diagrams may be needed to clearly define all reportable trains and equipment groups. In determining system boundaries, it is suggested that licensees include the active equipment that would be challenged by an actual demand to perform a risk-significant safety function.

Passive components and check valves would also be included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures or unavailable hours. It is suggested that the system then be divided into trains (e.g., pump flow paths in fluid flow systems, individual diesel generators and their associated support subsystems).

It is suggested that equipment groups be defined as needed to indicate what compounds are involved in demands that challenge only part of a system. This will help to ensure that the data can be properly counted.

In deciding whether a particular component should be considered as part of a front-line system or part of a support system, one should consider the following:

If a support-system component is dedicated to support an individual train or component in a front-line system, the component should be treated the same as a component of the front-line train. (It need not be shown in the front-line system schematic diagram.)

If the component supports more than one train or system operation, it should be treated as part of the support system, even if the support system is not a reportable risk-significant system. Support systems include but are not limited to service water, component cooling, reactor building cooling, HVAC, alternating current power and direct current power systems. For the cooling water system, the components that provide the principal functional capability would include pumps, valves, and 'Simplified drawings for each plant are available in the NRC's Plant Information Book. These books are maintained in the NRC Operations Center for use in incident response.

Printed copies have been provided to each licensee.

In addition, they are available electronically at the NRC's home page on the Internet (http://www.nrc.gov).

E-1 heat exchangers that provide a source of cooling water for individual component cooling water loops. The individual cooling water loops that are dedicated to one front-line train or equipment group would be treated as part of the front line system. These cooling water loops typically contain one or more valves and heat exchangers.

For electrical power systems, the components that provide the principal functional capability would include power sources (EGDs, batteries), output or feeder breakers, and busbars that connect the power supplies to load and distribution circuits.

Transformers may also be included if they are located between the main power supply busbars and the balance of the load distribution circuitry.

Load center circuit breakers and their relays that supply power to individual components in reportable systems would be reportable as if they were part of the component to which they supply power.E-2 I Example 1: Auxiliary Feedwater System Figure E-1 shows the PWR auxiliary feedwater system used in this example.

This figure includes those active components that must function in response to actual demands to perform risk-significant safety functions.

Passive components and check valves are included as needed to provide a reasonable schematic of the system and to allow identification of passive components that could contribute to failures and/or unavailable hours. The components shown are the principal components of the system. Figure E-1.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands. In addition, the same components would be actuated for spurious demands that closely simulate actual demands and for cyclic tests that involve integrated actuation of the entire train. Note that the discharge valves that are shared by Trains A and B are included in both trains (i.e., Trains A and B overlap).

Such overlap creates a potential for overcounting demands on the shared equipment.

This train overlap should be clearly indicated to allow for proper data accounting.

While overlapping trains is an acceptable method of handling shared components, licensees have great flexibility in choosing another approach, such as arbitrarily assigning the shared valves only to Train A. In that case, the potential for undercounting demands on the shared valves would have to be addressed when the data are stored and disseminated.

Figure E-1.2 shows Train B. Principles similar to those for Train A were used for Train B. Figure E-1.3 shows Train C. Principles similar to those for Train A were used, except that the Train C suction and discharge valves are not shared with other trains. Figure E-1.4 shows components that are challenged by monthly mini-flow pump tests for each of the three trains. Figure E-1.5 shows the components that are challenged by quarterly valve stroke tests. Figure E-1.6 shows a report form that is acceptable to the NRC staff for reporting data on the auxiliary feedwater system.E-3 FIGURE E-1 PWR AUXILIARY FEEDWATER SYSTEM L1.TE~t 4,1tf L-o -c sr 4--m csr--4-To CST L S-3 ril Ll *1:z m FIGURE E-1.2 TRAIN B roc rS h9Roo csr-4-r6 csT r ,racsT MOP ^7-)"ROA? /4AMIAI (4-I,,

FIGURE E-1.3 TRAIN C ro cs r Steam to Turbine ji~a to _*STi 1Ro 0)w >

FIGURE E-1.4 MINI-FLOW TESTS 7-0cr -C-5 r MAL4A/ Z!PAAI? WA flfA m L FIGURE E-1.5 QUARTERLY VALVE STROKE TESTS ro csr m Steam to TurbiTneS 7-o_-, c. s r A014 MAI -, C-rsE W,,1f.

FIGURE E-1.6 DATA REPORTING FORM FLUID SYSTEMS Plant/Unit:

System: _ Train/Equipment Group: Plant Operational State: _ Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES' 2 Actual/Spurious Demands: Actual/Spurious Failures:

Miniflow Tests: Miniflow Test Failures:

VAlve Stroke Tests: Valve Stroke Failures:

Cycle Tests: Cycle Test Failures: OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: Operating Hours: Failures: TRAIN UNAVAILABILITY 2 Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: Report the number of each type of demand during the quarter and the number of failures of principal components that occurred during each type of demand during the quarter.

2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.

E-1O I Example 2: High-Pressure Safety Injection System Figure E-2 shows the high-pressure safety injection system used in this example.

Principles similar to those discussed in the first example were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function.

The components shown are the principal components of the system. Figure E-2.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands for safety injection.

In addition, the same components would be actuated for spurious demands that closely simulate actual demands.

Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function.

Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train. Figure E-2.2 shows Train B and Equipment Group I-B. Principles similar to those for Train A were used for Train B. Figure E-2.3 shows Train C and Equipment Group 1-C. Principles similar to those for Train A were used. Figure E-2.4 shows the components challenged by monthly mini-flow tests for each of the three trains. Figure E-2.5 shows the components challenged by valve stroke tests. As noted on the drawing, some valves are stroke tested quarterly and other valves are stroke tested each refueling cycle. The quarterly and refueling cycle valve stroke tests would be reported separately, not added together.

Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the high-pressure safety injection system.E-11 FIGURE E-2 PWR HIGH PRESSURE SAFETY INJECTION SYSTEM vi SAFETY INJECTION ANO REFUELINO WATER STORAGE TANW FROM SHUTDOWN -**7-' HAT EXCHANGER

.'" V2 m TO LOOP i8 TO LOOP 1A "TO LOOP 28 TO LOOP 2A I Xi>-n -I r\)

FIGURE E-2.2 TRAIN B PUMP B SAFETY INIBMW mANDREFUELNC WATER sTORtAGE TANK L 3 dMd LO LU 3-,fAl= MLVM DNrmflmaNv NOUDWMAIMM 0 NIVdl C*ý-3 3dngij FIGURE E-2.4 MINI-FLOW TESTS MINI-FLOW PUMP TEST, PUMP B PUMP B SAFETY INJECTION AND REFUELING WATER STORAGE TANK MINI-FLOW PUMP TEST, PUMP A SAFETY INJECTION AND REFUELING WATER STORAGE TANK PUMP A MINI-FLOW PUMP TEST, PUMP C SAFETY INJECTION AND REFUELING WATER STORAGE TANK PUMP C E-16 L FIGURE E-2.5 VALVE STROKE TESTS FROM SUMP FROM SHUTDOWN HEAT EXCHANC TRAIN B PUMP A TRAIN A-I NOTE: (1) VALVES ENCIRCLED BY DASHED LINES BELONG TO EQUIPMENT GROUP 3-, REFUELING CYCLE STROKE TESTING.

(2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY STROKE TESTING.FROM SHUTDOWN A m B Example 3: PWR Residual Heat Removal System Figure E-3 shows the PWR Residual Heat Removal System example.

Principles similar to those discussed in Example 1 were used to develop this figure, i.e., the system is defined in terms of actual demands to perform a risk-significant safety function.

The components shown are the principal components of the system. Figure E-3.1 shows Train A. Train A is defined in terms of the components that are challenged by actual demands for safety injection.

In addition, the same components would be actuated for spurious demands that closely simulate actual demands and cyclic tests that involve integrated actuation of the entire train. Note that only the safety injection mode is addressed, but post-accident recirculation is also a risk-significant function.

Demands for recirculation are exceedingly rare; accordingly, they are not reported for this train. Figure E-3.2 shows Train B and Equipment Group 1-B. Principles similar to those discussed in Example I were used. Figure E-3.3 shows the components challenged by monthly mini-flow tests for each of the two trains. Figure E-3.4 shows the components challenged by valve stroke tests. As noted on the drawing, some valves are stroke tested quarterly and other values are stroke tested on a refueling cycle basis. The quarterly and refueling cycle tests would be reported separately, not added together.

Figure E-1.6 shows a report form that could be modified to show the types of valve stroke tests for reporting data on the residual heat removal system.E-18 FIGURE E-3 PWR RESIDUAL HEAT REMOVAL SYSTEM MINIFLOW RH-Pump A EFG-5 RI-IR-IAX A Component Cooling Water To SI Pumps To Charging Pumps To Aux CS Nozzles To Loop I Cold leg To Loop 2 Cold leg To Loop 2 H,,t leg To Loop 3 Hot leg To Loop 3 Cold leg To Loop 4 Cold leg To SI Pumps Co"ta inment To Charging Pumps To Spent Fuel Pool Makeup V6 m I.To CS Pump I A From Hot Leg Loop 3 RCS-XXX V1 V2 FIGURE E-3.1 TRAIN A Rzdueing Water StMWgeTank R) RH R-HX A RH-Pump A onC x t-i C (4Itlng To' LAnop ColId leg~To Loop 3 C old leg FIGURE E-3.2 TRAIN B Skwaw.Tmnk RHR-HX B To L~oop I Cold k-&-To Loosp 3 Cold lwg To LAop 4 Cold lvg Water FIGURE E-3.3 MINI-FLOW TESTS TRAIN A MINIF.OW RH-Pump A EFG-5 TRAIN B RH-Pump B E-22 FIGURE E-3.4 VALVE STROKE TESTS To SI Pumps To Charging Pumps To Aux CS Nozzles.. ._4 _1 TO To CS Pump IA , To Loop 1 Sl Pumps MINIFLOW RHRX A I Cold leg Cold leg I*1I : E ,IRH-Pump A E k I ;

mn EI Water To Loop 2 I~o [ I ...........

,,i Aote Hot leg RCS-XX V3Vjo opý - 01 V2I FHot leg From Hot RCS.XXX Leg Loop3 HR-3X B ......___.... To Loop3 Cold leg RH-Pump B Component Cooling To Aux To Loop4 E-Water CS Nozzles Cold leg .... To'Iw,,c~o.

S........

.To CS Pump I B 3 To S1 Pumps \ .'S mII NOTE: (1) VALVES ENCLOSED IN DASHED LINES BELONG TO EQUIPMENT GROUP 3-1, REFUELING CYCLE STROKE TESTS. (2) OTHER POWER OPERATED VALVES BELONG TO EQUIPMENT GROUP 3-2, QUARTERLY VALVE STROKE TESTS.To Chaering Pumps To Spent Fuel pool Makeup V6/

Example 4: Emergency ac Power System Figure E-4 shows the emergency ac power system example.

Only one train is shown; the other trains are essentially identical.

The principal components of this system are the diesel and its generator with their associated support subsystems, the output breaker, the 4160v bus, the load sequencer, and the load shed logic relay groups. There are four types of demands for this system. 1. Actual/Spurious Demands with Automatic Loading These actuations involve an ESF or undervoltage initiation signal that results (or should result) in an emergency diesel generator automatic start, load shedding, and sequencing of one or more ESF loads. The principal components are all of the principal components of the train. 2. Actual/Spurious Demands Without Automatic Loading These actuations involve ESF or other actuations that result (or should result) in an emergency diesel generator start (automatic or manual) but do not involve load shedding or sequencing.

The load may be shed manually or added to the bus. The principal component is the emergency diesel generator including its support subsystems.

3. Refueling Surveillance Tests These tests are normally run during each refueling cycle. They normally involve the simulation of a loss of offsite power with an ESF actuation signal and include an automatic start of the emergency diesel generator, closure of the output breaker, and load sequencing.

The test may be run for an extended period (8-24 hours) or a separate run test may be conducted.

Each test that involves start and loading of the diesel generator should be counted as a demand. All the principal components of the train are included.

4. Periodic Surveillance Tests These tests are normally run monthly. They involve an automatic start of the emergency diesel generator with manual or automatic syncronization to a power bus. The principal component for this test is the emergency diesel generator and its support subsystems.

Loaded runs in excess of one hour for any of the demand types are also reported under the heading uOperating Reliability Data." Figure E-4.1 shows a report form for reporting data on the emergency ac power system.E-24 FIGURE E-4 EXAMPLE EMERGENCY ac POWER SYSTEM TRAIN A (TRAIN B IDENTICAL)

Fuel Oil JacketEngine Driven (51 Radiator Lube Oil Circulation Starting Air Branches to lower & upper starting motors Note: Jacket Water Pumps are an integral part of Diesel Engine Air Receivers FIGURE E-4.1 DATA REPORTING FORM EMERGENCY ELECTRIC POWER Plant/Unit:

System: Train: Plant Operational State: Calendar Year: Date Submitted:

Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED FAILURES*

Actual/Spurious Demands wlAutoload:

Actual/Spurious w/Autoload Failures:

Actual/Spurious Demands w/o Autoload:

Actual/Spurious w/o Autoload Failures:

Refueling Surveillance Tests: Refueling Surveillance Failures:

Periodic Surveillance Tests: Periodic Surveillance Failures:

OPERATING RELIABILITY DATA (ROTATING EQUIPMENT)

Number of Applicable Runs: Operating Hours: Failures:

TRAIN UNAVAILABILITY*

Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY*

Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: Attach is a component failure report for each failure associated with demands, operating reliability or unavailability.

E-26 Example 5: PWR Reactor Protection System Figure E-5 shows the PWR Reactor Protection System; this example has two subsystems.

The first consists of equipment in the reactortrip system (RTS). The second consists of equipment specific to the diverse scram system (DSS). The reportable equipment groups for the RTS are: The four K-relays (i.e., K-i, K-2, K-3, and K-4) that provide output actuation from the reactor trip logic matrices.

Control rods and their trip coils. The eight reactor trip circuit breakers, including their shunt-trip and undervoltage trip devices.

The principal components are the individual k-relays, control rods and their trip coils, reactor trip circuit breakers, shunt-trip devices, and undervoltage trip devices.

The reportable equipment group of the DSS includes the two 480v MG set load contactors used for a diverse scram. These are also the principal components.

Figure 5-1 shows the suggested form for reporting data on the PWR reactor protection systems. It is assumed that since the diverse scram system only responds to high pressurizer pressure, actual or spurious demands for the diverse scram system are rare. Thus, such demands have not been included on the example data sheet for this system. However, if a licensee decides to report this type of demand, it can be done by adding two lines to the data sheet. All actual and spurious demands of the RTS that result in or should result in reactor trip with rod motion are reportable as a system demand. Quarterly functional tests include individual tests of the instrument channels that should result in k-relay actuation and reactor trip circuit breaker tests. Each such series of tests that results in or should result in actuation of the k-relays and the eight trip circuit breakers should be reported as a single demand. Refueling cycle functional tests include tests of the four k-relays and the eight reactor trip circuit breakers.

In addition, they include individual tests of the undervoltage trip devices and the shunt trip devices for each circuit breaker. They also include control rod insertion tests. Each series of refueling cycle tests that results in individual actuation of the principal components should be reported as a single demand. A failure record should be provided for failure of any principal component.

Individual sensor and logic relay failures are not reportable unless they result in failure of a k-relay to change state. Unavailable time is not reported for the RTS. The diverse scram system is periodically tested while the reactor is at power. Each series of periodic tests that should result in actuation of a principal E-27 component (i.e., a load contactor) should be reported as a single demand for the diverse scram system. A failure record should be provided for any associated failure of a principal component.

Unavailable hours are reported separately from demand and failure counts.E-28 ko FIGURE E-5.1 DATA REPORTING FORM PWR REACTOR PROTECTION SYSTEM Plant/Unit:

System: Plant Operational State: Calendar Year: Date Submitted:

Quarter I Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: RTS REPORTABLE DEMANDS AND ASSOCIATED FAILURES*Actual/Spurious Demands: Actual/Spurious Demands Failures:

Quarterly Channel Functional Tests: Quarterly Functional Test Failures:

Refueling Cycle Functional Tests: Refueling Cycle Test Failures: DIVERSE SCRAM SYSTEM REPORTABLE DEMANDS AND ASSOCIATED FAILURES Diverse Scram System Tests: Diverse Scram Test Failures:

DIVERSE SCRAM SYSTEM UNAVAILABILITY DATA* Planned Unavailable Hours: Unplanned Unavailable Hours: Support System: Planned Hours: Unplanned Hours:.Attach a component failure report for each principal component failure associated with demands or unavailability.

E-30-1 ---

Example 6: BWR Reactor Trip System and Alternative Rod Injection Figure E-6 shows the BWR Reactor Trip System and Alternative Rod Injection system. For the purpose of this discussion, there are two groups:

  • The first equipment group consists of equipment in the reactor trip system (RTS).
  • The second equipment group consists of equipment specific to the Alternate Rod Insertion (ARI) system. The reportable equipment groups for the RTS are:
  • The A, B, C, and D actuation channels, through each channel's actuation (output) relay. The backup scram solenoid valves. The Hydraulic Control Units (HCUs) and their control rods. The principal components are the trip channel actuation relays, backup scram solenoid valves, and the HCUs and their control rods. The reportable equipment groups for the ARI are:
  • Individual ARI actuation channels, including each channel's actuation relay. The ARI scram solenoid valves. The principal components are the trip actuation relays and the scram solenoid valves. Actual and spurious demands for the RTS and ARI equipment groups should be summed and reported on the Data Reporting Form (Figure E-6.1). A failure record should be provided for failure of any principal component.

Individual sensor and logic relay failures are not reportable unless they result in failure of the actuation channel relay to change state. Also reportable are the number of test demands required by technical specifications.

Tests that individually challenge all actuation channels, one at a time, should be reported as a single test demand for the actuation channel equipment group. Tests that individually challenge both of the backup scram solenoid valves should be reported as a single test demand for that equipment group. The refueling tests of the HCUs, which typically challenge only one quarter of the HCUs during one refueling outage, should be reported as a single partial (1/4) test demand. Reporting of unavailable time is not required for RTS equipment groups but should be reported for ARI.E-31 FIGURE E-6 BWR REACTOR PROTECTION SYSTEM RPS 'A' Normal Supply 480 VAC RPS "8 Spply 480VAC MCC 1 133 48DVAC M M From BPS Bus"B° 120 VA RIOS But 'A'"P m'8 2 A RPS Channel A A . Trip Logic C C DTi oi To HCU Solenoid Valves RPS Chan Trip Logc Conac A (K 14's) Aux. A ux Rea V SRelay ' (Tyaical a) 125 VDC M Relay1A K221B SInstrument Air ha 4 S Tupplypfty (2) DScaan b0 ValvesOK ,,'1K Instrumen(Sr leVolv Instrumnt Airo" Vae NetinScr-.

V" oumulior FIGURE E-6.1 DATA REPORTING FORM BWR REACTOR PROTECTION SYSTEM (RTS) Plant/Unit:

System: Plant Operational State: Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: RTS DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demand: Actual/Spurious Failures:

Act. Channel Test Demands: Act. Channel Test Failures:

Partial (114) HCU Test Demands: Partial (1/4) HCU Test Failures:

Backup Scram Sol. Valve Tests: Backup Scram Sol. Valve Failures: ARI DEMANDS AND ASSOCIATED FAILURES Actual/Spurious Demands: Actual/Spurious Failures:

Channel Test Demands: Channel Test Failures:

ARI Scram Pilot Air Header Valve Tests: ARI Scram Pilot Air Header Failures: ARI EQUIPMENT GROUP UNAVAILABILITY DATA Planned Unavailable Hours: Unplanned Unavailable Hours: ARI EQUIPMENT GROUP UNAVAILABILITY DUE TO SUPPORT SYSTEM UNAVAILABILITY Support System: Planned Unavailable Hours: Unplanned Unavailable Hours: Support System: Planned Hours: Unplanned Hours: E-33 DATA REPORTING FORM FOR OTHER REPORTABLE SYSTEMS Figure E-7 provides a suggested general reporting form for reporting data for other systems that may be determined to be reportable under the guidance in Regulatory Position 1.2. The form is the same as the forms for the fluid, emergency power, and reactor protection systems except for the section on "Train Demands and Associated Failures." This section should be modified as appropriate for the reportable system and the plant's own testing regime. The first column in this section would list each type of demand (actual, spurious, and each type of test such as quarterly tests, mini-flow tests, refueling cycle tests, or other, as appropriate) for the reportable system. As discussed in Regulatory Position 1.3, each of these demands should define the boundaries of trains and equipment groups within the systems so that the boundaries include the equipment actuated by that type of demand to perform a safety function.

Simplified system diagrams should be provided to indicate the equipment involved in each type of actuation.

For each type of demand, include two lines or rows -- one to report the number of demands and the other to report the number of failures associated with that type of demand during each of the four quarters.E-34 FIGURE E-7 DATA REPORTING FORM OTHER REPORTABLE SYSTEMS Plant/Unit:

System: Train/Equipment Group: Plant Operational State: Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 Reactor Hours in State: TRAIN DEMANDS AND ASSOCIATED TRAIN FAILURES" 2 Types of Demands Actual/Spuri ous Demands: Actual/Spuri ous Fail ures: Demands: Failures:

Demands: Failures: OPERATING RELIABILITY DATA (ROTATING EQUIPMENT) 2 Number of Applicable Runs: Operating Hours: Failures:

TRAIN UNAVAILABILITY 2 Planned Unavailable Hours: Unplanned Unavailable Hours: TRAIN UNAVAILABLE HOURS DUE TO SUPPORT SYSTEM UNAVAILABILITY 2 Support System: Planned Hours: Unplanned Hours: Support System: Planned Hours: Unplanned Hours: SReport the number for each type of demand during the quarter and the number of failures of principal components associated with those types of demands during the quarter.

2 Attach a component failure report for each failure associated with demands, operating reliability or unavailability.

E-35 CONCURRENT UNAVAILABLE HOURS _ As stated in Regulatory Position 8, concurrent unavailable hours are reportable when two or more reportable systems, trains, or equipment group are unavailable at the same time during a reportable plant operational mode. Figure E-8 provides a suggested form for reporting concurrent unavailable hours. System, train, and equipment group designations should match the nomenclature used to identify them in system diagrams and data sheets (see Figures E-1 through E-6). The concurrent unavailable hours should be designated by plant mode as defined in Regulatory Position 2. The example in Figure E-8 is for a PWR with systems diagrams shown in Figures E-1 to E-4.2. E-36 FIGURE E-8 DATA REPORTING FORM CONCURRENT UNAVAILABILITY Plant/Unit:

Calendar Year: Date Submitted:

Quarter 1 Quarter 2 Quarter 3 Quarter 4 HOURS OF CONCURRENT UNAVAILABILITY/OPERATING STATE (System, train, equipment group)Exampl e AFW-A EDG-B AFW-A EDG-B HPSI-A EDG-A HPSI-B 6.5 hrs State 1 1.5 hrs State 1 2.0 hrs State 1 E-37 APPENDIX F COMPONENT FAILURE RECORDS A component failure report should be submitted for each reportable failure.

The table below lists the information that should be supplied in each component failure report.REPORT FIELD Plant name INFORMATION TO BE PROVIDED Name of unit and number System Component Drawing Failure discovery date Date last operable Failure end date Failure mode Failure detection method Failure Description Narrative Cause of Failure Narrative Corrective Action Narrative System in which the failed component is located.

Component type and ID number used in the system drawing.

Identification of the plant piping and instrumen tation diagram showing the location of the failed component.

Date the component was discovered in a failed state. Date component was last verified as operable.

Date when component was repaired.

How the component failed to perform. (Open, close, start, run, etc.) Method by which the failure was detected, e.g., pump test, actual demand, maintenance inspection.

A brief narrative description of the failure, including the plant operational mode and system mode at time of discovery, the impact of the failure on system, train, or equipment group, and, if the failure was due to failure of a dedicated support system, identification of the support system and the failed component.

A brief description of the cause of failure, including piece parts failed. A brief description of the corrective action to restore the failed component (e.g., repaired or replaced failed piece part).F-1 APPENDIX G EVENT LOG Figure G-1 is a suggested format for an onsite log to track the basic event data (failures, demands, run times, and unavailable hours) that form the basis for the summary data reported to the NRC. It is an example of a link between existing plant records and data systems and the summary information required by the rule. Column I The date of the demand or the start date of the period of unavailable hours or run time. Columns 2 and 3 The system and train or equipment groups in which the demand or period of unavailability occurred.Columns 4, 5, 6, and 7 Columns 8, 9, and 10 Column 11 If the event was a demand, the next four columns would indicate whether it was successful or, if not, the type of failure (start or run) and the run time (if applicable.)

If the event was a period of unavailable hours, the next three columns would record the unavailable hours according to whether they were planned, unplanned, or due to a support system being unavailable.

The next to last column would use the plant's numbering or identification system for referencing plant records such as job requests, maintenance work orders, or operator logs. These plant records should provide documentation of the start of the event (demand or period of unavailable hours), the corrective action taken, and the end of the period of unavailable hours (return to service).G-1 Col umn 12 The last column would provide any additional information needed to compile the summary data, such as the support system resulting in the front-line system being unavailable, the plant state at the time of the event, the diagram showing the principal component causing the event, or the name of the principal component.

Licensees may use whatever approach and format is most suitable to link plant records to the summary data.G-2 FIGURE G-1 EVENT LOG Date System Train Demands Hours Plant Comments or Unavailable Records Equip- Reference ment Successful Start Run Run Planned Unplanned Due to Group Demand Failure Failure Hours Support System 1/30/96 EDG EDG A 35 JO 704645. Replace JO 783768 relief valve 3/16/96 EDG EDG B / 20 RAC 1-88048.

JO 00756384 4/19/96 AFW Train A / 88.5 Unavailable (turbine) when plant went into mode 3 4/20/96 EDG EDG B 10 ESW JO 84932 4/22/96 EDO EDG A / LG 84932 Surveillance test DRAFT REGULATORY ANALYSIS The NRC has prepared a draft regulatory analysis, "Reporting Reliability and Availability Information for Risk-Significant Systems and Equipment" (December 19, 1995), on the proposed rule, 10 CFR 50.76. The analysis examines the costs and benefits of the alternatives considered by the NRC. The draft analysis is available for inspection in the NRC Public Document Room, 2120 L Street NW. (Lower Level), Washington, DC. Single copies of the draft analysis may be obtained from Dennis Allison, Office for Analysis and Evaluation of Operational Data, U.S. Nuclear Regulatory Commission, Washington, DC 20555-0001, Telephone (202) 415-6835.R/A-1 Federal Recycling Program UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, DC 20555-0001 FIRST CLASS MAIL POSTAGE AND FEES PAID USNRC PERMIT NO. G-67 OFFICIAL BUSINESS PENALTY FOR PRIVATE USE, $300\

Retrieved from "https://kanterella.com/w/index.php?title=ML003739470&oldid=1856928"