05000289/LER-2005-002

From kanterella
Revision as of 10:08, 27 November 2017 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
LER-2005-002,
Docket Number
Event date:
Report date:
2892005002R00 - NRC Website

EVENT DESCRIPTION

Plant Conditions before the event:

Babcock & Wilcox — Pressurized Water Reactor — 2568 MWth Core Power Date/Time: April 27, 2005/approximately 1300 hours0.015 days <br />0.361 hours <br />0.00215 weeks <br />4.9465e-4 months <br /> Power Level: 100% steady state power prior to and during the event Mode: Power Operations On April 27, 2005, a previously unidentified error associated with an Appendix R fire scenario involving multiple high impedance faults (MHIF), in the 306' elevation of the Control Building, was identified. An engineering evaluation has determined that the operations procedure for recovery of vital power for instrumentation and control, following a postulated fire/MHIF scenario in this area, would not be successful. The original evaluation of this fire/MHIF concern (in the 1987 timeframe) considered this event to be very improbable and incorrectly assumed that the recovery of vital power following a bus trip would be successful. The historical procedure incorrectly assumed that DC power (which is assumed lost in the fire) was not required to restart the necessary electrical recovery equipment.

Safe shutdown analysis of fire in the 306' elevation of the Control Building (CB-FA-1) assumes all A train Engineered Safeguards (ES) power (AC, DC, and 125 Volt Vital AC) is lost, since these power supplies have unprotected cables in this fire zone. This area contains both Train A and Train B ES power for control and indication. Train B power must be protected from the effects of a fire in this area to the extent that safe shutdown components depend on B Train electrical power. The cables for the DC and AC to Inverters IEK/INVTI B and D (both in Train B) go through this area. The AC cables to Inverters B and D are protected from fire, but the DC cables are not protected from fire.

A fire in CB-FA-1 could cause loss of indication and control needed to maintain the plant in a safe shutdown condition. The AC source to the Inverters could be lost by trip of 1B ES Motor Control Center (MCC) IEK/MCC] due to Multiple High Impedance Faults (MHIF) on unprotected cables fed from 1B ES MCC.

The safe shutdown analysis didn't identify that a loss of all four vital buses could -occur until B and D vital buses are recovered. The loss of control and indication was not addressed in the 1987 timeframe. There is no documentation acknowledging the condition.

In addition, procedure 1104-45P, "Fire Mitigation (Supplement to 1202-31[Fire])," actions for recovering the vital instrument buses were found deficient. The procedure directed the operator to re-energize 1B ES MCC with the inverters connected to the MCC. Restarting the inverters on the AC source may blow fuses or damage the inverters.

This potential loss of safe shutdown functions was reported to the NRC on 5/3/05. The report was made under 10 CFR 50.72(b)(3)(ii)(B) as an unanalyzed, condition which could cause loss of safe shutdown functions from the control room and the remote shutdown panel.

1104-45P instructs shutting down the reactor, loading B Train ES buses on the Diesel Generator IEK/DG] then opening the breakers of unprotected DC circuits to protect the B battery, which include the B and D inverter feeds. The inverters continue to operate on AC unless AC is lost. If 1B ES MCC is lost due to MHIF, the Inverters B and D trip and control and indication are lost in the Control Room and at the Remote Shutdown Panel.

Interruption in the 480 VAC feed to the Inverters must be assumed since 1B ES Motor Control Center could trip due to Multiple High Impedance Faults (MHIF). The inverters would trip because the switches providing DC feed to the inverters have been opened. Trip of 1B ES MCC would cause loss of 1B and 1D inverters. 1A and 1C Inverters are not available because A Train power is not protected. Loss of all four inverters would leave the The procedure that opens the DC feed to Inverter 1B and 1D was implemented on December 23, 1988. The procedure was implemented instead of a modification to protect the DC Cables in CB-FA-1.

CAUSE OF EVENT

The decision to implement a procedure solution to resolve the Appendix R MHIF trip of the 1B ES MCC feeder breaker and DC fault concerns for a fire in area CB-FA-1 was flawed because it did not address the consequences of the loss of Control Room and Remote Shutdown indication and controls resulting from the MHIF trip of 1B ES MCC feeder breaker.

Root Cause:

Insufficient technical rigor applied in the technical analysis of the MHIF strategy and in the procedure review process.

ANALYSIS / SAFETY SIGNIFICANCE

The consequence of the deficiency, if the event were to occur, is that the procedures previously in effect were not adequate for reaching safe shutdown. Required instrumentation and control would be lost due to 1B ES MCC trip.

Overall plant risk is low due to the low probability of a MHIF event, and due to the existence of fire detection and sprinkler systems, and low fire loading in the affected area. The risk has been addressed by the addition of a fire watch that reduces the probability of damage due to fire and the interim procedure that takes post-fire preemptive action to isolate unprotected circuits.

The assessment of low overall risk of MHIF events is consistent with the risk informed approach in NRC Regulatory Issue Summary (RIS) 2004-03. In RIS 2004-03, the NRC states "Multiple high-impedance faults are considered of very low likelihood.

Although overall risk is low, the requirement to address MHIF remains in effect and the corrective actions are directed to achieving compliance.

CORRECTIVE ACTIONS

Immediate and Short Term Actions:

1.Established 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> roving fire watch 2. Implemented an interim change to procedure 1104-45P, IC 18035, that takes post-fire preemptive action to isolate unprotected circuits.

Long Term Corrective Actions:

1. The corrective action to prevent recurrence has been addressed previously within our corrective action process via IR 213719. The Exelon technical human factors procedure, HU-AA-1212, has been established.

2. Install a modification to provide continuous power to vital bus B and D during an Appendix R fire scenario in area CB-FA-1.

3. Re-evaluate MHIF events in all fire zones for similar problems and resolve by a combination of procedure changes, design changes, and/or design analysis.

PREVIOUS OCCURENCES

There were no previous events reported at TMI related to the plant being in an unanalyzed condition related to Appendix R fire protection issues.

ADDITIONAL INFORMATION

A preliminary review was conducted of those fire mitigation procedures, which describe the action to recover a bus that has failed due to a MHIF event. This preliminary review did not identify any additional MHIF problems. A more comprehensive evaluation, described in the "Long Term Corrective Actions" above, is in progress.

  • Energy Industry Identification System (EIIS), System Identification (SI) and Component Function Identification (CFI) Codes are included in brackets, [Sl/CFI] where applicable, as required by 10 CFR 50.73 (b)(2)(ii)(F).