05000244/LER-2006-001

From kanterella
Revision as of 10:12, 27 November 2017 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
LER-2006-001, Potential Failure of Charging Pumps Due to Unevaluated Fire Scenario
R.E. Ginna Nuclear Power Plant
Event date: 05-17-2006
Report date: 07-13-2006
Reporting criterion: 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition
2442006001R00 - NRC Website

I. PRE-EVENT PLANT CONDITIONS:

On May 17, 2006, during the performance of an electrical engineering circuit evaluation of Appendix R fire scenarios, it was discovered that a previously unevaluated failure mode potentially existed for the Charging Pumps. Certain fire scenarios occurring in the Control Complex, Cable Tunnel, or Auxiliary Building, could result in the failure of undervoltage protection circuitry that would trip the "A" Charging Pump breaker, and hold it in a tripped condition. A similar condition existed for the "B" Charging Pump, during certain fire scenarios in the "A" Battery Room.

II. DESCRIPTION OF EVENT:

A. EVENT:

A circuit evaluation that was being performed by Engineering identified a previously unevaluated failure mode of charging pumps A and B due to potential fire effects on undervoltage cables during certain fire scenarios. Each charging pump (A and B) has an undervoltage trip relay contact that is not bypassed by the existing remote control transfer switch. The remote control transfer switch allows for local operation of the charging pump during various fire scenarios. The possibility existed that power would not be available to the required charging pump because of potential fire effects on undervoltage cables which could cause a charging pump breaker to be maintained in a continuously tripped condition.

Engineering determined that controlled configuration drawings depicted the circuit correctly.

Engineering also determined which fire areas contained undervoltage cables that could cause this failure mode, and reviewed the applicable emergency response (ER-FIRE series) procedures. For the "B" Charging Pump, the applicable procedures were adequate to enable operator mitigation of this event.

However, for the "A" Charging Pump, the procedures were not adequate to enable immediate operator mitigation of this event.

During the extent of condition investigation for the initial issue, an additional failure mode was identified. The potential for a breaker trip scenario of charging pumps and Standby Auxiliary Feedwater (SAFW) pumps existed due to spurious undervoltage and safety injection signals. During a Battery Room "A" fire or Battery Room "B" fire, a fire induced spurious safety injection or undervoltage signal could cause the trip condition for the SAFW pumps and charging pumps. This trip condition would prevent the closure of the breakers for these pumps from the control room.

B. INOPERABLE STRUCTURES, COMPONENTS, OR SYSTEMS THAT CONTRIBUTED TO

THE EVENT:

None

C. DATES AND APPROXIMATE TIMES OF MAJOR OCCURENCES:

  • May 17, 2006, 1400 EDST: Event date and time: During a discussion between the PRA engineer and a circuit analysis engineer regarding undervoltage trips of Appendix R safe shutdown equipment, it was recognized that the fire effects on undervoltage cables could apparently cause the circuit breaker for the "A" and "B" Charging Pumps to be continually tripped. This was immediately reported to management.
  • May 17, 2006, 1500 EDST: Condition Report CR 2006-002099 was initiated.
  • May 18, 2006, 1500 EDST: An issue response team verified the validity of the issue and a prompt review of the extent of condition was initiated.
  • May 18, 2006, 1940 EDST: Notification of unanalyzed failure of charging pumps during fire scenarios, event # 42588, under 10CFR50.72(b)(3)(ii)(B).
  • May 19, 2006, 1300 EDST: Changes to the fire response procedures that enable local operation of the "A" and "B" Charging Pumps were implemented.

D. OTHER SYSTEMS OR SECONDARY FUNCTIONS AFFECTED:

None, since there were no failures of any structures, systems, or components.

E. METHOD OF DISCOVERY:

A circuit analysis engineer was performing a circuit evaluation to identify interlocks and interlock circuits for Appendix R safe shutdown equipment. The circuit evaluation was being performed to satisfy an action item resulting from a self assessment.

F. SAFETY SYSTEM RESPONSES:

Because there was no equipment failure, no safety systems were energized. This LER was initiated because of the potential for failure, rather than an actual failure.

III. CAUSE OF EVENT:

_,- The charging pump undervoltage relay contacts were not isolated by a transfer switch in the original Ginna plant design, because the function of the local transfer switches in the Charging Pump Room was to isolate Control Room wiring only (for events requiring local operation of a charging pump). The function of the transfer switch was changed by the original Appendix R Report dated December 1983, which credited the transfer switch for isolation of Charging Pump "A" from fire effects for three fire areas (Control Complex, Cable Tunnel, and Auxiliary Building Basement/Mezzanine) to provide alternative shutdown capability.

Because undervoltage circuits between the Relay Room and 480V Buses 14 and 16 existed at the time of the original Appendix R circuit modifications, the opportunity to detect this failure mode existed.

However, the safe shutdown evaluation that preceded the original Appendix R submittal failed to identify the lack of isolation of the undervoltage trip contact.

IV. ASSESSMENT OF THE SAFETY CONSEQUENCES OF THE EVENT:

This event is reportable in accordance with 10 CFR 50.73, Licensee Event Report System, item (a)(2)(ii)(B), which requires a report of, "The nuclear power plant being in an unanalyzed condition that significantly degraded plant safety.

The requirements for protecting safe shutdown systems and their respective components and associated circuits from the effects of a fire are specified in 10 CFR 50, Appendix R, and the NRC Generic Letter 81-12. The charging pumps serve as Appendix R safe shutdown equipment. Specific fire scenarios in the Control Complex, Cable Tunnel, Auxiliary Building Basement/Mezzanine, or Battery Room A, could potentially result in the failure of a circuit which would cause the "A" and "B" Charging Pumps to be tripped and held tripped by the undervoltage protection circuitry. During the specific fire scenario, operators would be dispatched to local charging pump control stations, where they are procedurally directed to switch to the alternate DC source to start Charging Pump A. However, if the trip logic was made up due to the failed circuit in the undervoltage logic, Charging Pump A would be prevented from starting. Since Charging Pump A is the only charging pump assumed available for this scenario, there will be no charging flow for makeup to the Reactor Coolant System.

The safety significance of this event was reviewed for both actual consequences and potential (- consequences. There were no actual consequences in terms of safety, dose, or dollars resulting fromthis event, since the issue is only relevant during certain Appendix R fire scenarios, and no such fire occurred during the time this condition existed. The potential safety and dose consequences of this condition were evaluated using PSA techniques. This evaluation indicates that the potential consequences, in terms of increased Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) were 1.7E-07/yr and 6.3E-08/yr, respectively. Both of these are classified as low risk significance by the NRC's Significance Determination Process (SDP). The low risk significance of this condition is due to the fact that a significant amount of time is available to recover a charging pump (approximately 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />), and the actions necessary to recover the pump are relatively simple (i.e., restore the normal DC power supply alignment, remove DC power from the control circuit, and manually close the breaker to the pump), although not specifically proceduralized. Although the time available to restore the SAFW is somewhat shorter (slightly over 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />), the actions necessary are simple and had pre-existing procedure steps in Attachment 4 of ER-FIRE.4 and ER-FIRE.5, making the likelihood of success high.

V. CORRECTIVE ACTIONS:

A. ACTION TAKEN TO RETURN AFFECTED SYSTEMS TO PRE-EVENT NORMAL

STATUS:

  • It was determined that the most effective way to prevent an undervoltage trip of the breakers would be to remove a set of DC fuses in the undervoltage relay cabinet near the applicable bus.

This would defeat the undervoltage relay cabinet, preventing operation of all undervoltage trip relays in the cabinet. For Charging Pump "A", this would allow local operation of the charging pump from the local station in the Charging Pump Room using the alternate DC supply, as directed by procedures ER-FIRE.1, ER-FIRE.2 and ER-FIRE.3. For Charging Pump "B", this would allow operation of the charging pump from the Control Room, as directed by ER-FIRE.4.

For the SAFW pumps, this would allow operations as directed by ER-FIRE-4 and ER-FIRE-5.

The procedure changes were implemented on 5/19/06. As part of the procedure change process, it was verified by walkdown that the added time burden to perform these activities did not impact time-critical operator actions.

  • A fire-induced Safety Injection (SI) signal trip of the charging pumps could be a concern for the Battery Room "A" and "B" fire areas because procedures ER-FIRE.4 and ER-FIRE.3 for these areas don't use the transfer switches which would isolate the SI trip signals.

Procedures ER-FIRE.1 and ER-FIRE.2 had pre-existing steps to de-energize Main Control Board DC Distribution Panels DCPDPCB04A and DCPDPCB04B, which would remove power from the SI racks to prevent SI trips for the Control Complex and Cable Tunnel fire areas. Steps were added to procedures ER-FIRE.3, ER-FIRE.4 and ER-FIRE.5 to remove the DC power to the SI racks by opening specific breakers in the Main Control Board DC Distribution Panels. The procedure changes were implemented on 5/19/06. As part of the procedure change process, it was verified by walkdown that the added time burden to perform these activities did not impact time-critical operator actions.

B. ACTION TAKEN OR PLANNED TO PREVENT RECURRENCE:

  • Design Analysis DA-EE-2000-066, "Appendix R Conformance Analysis," will be revised to include the interlocks identified as a result of this event, related interlock cables will be listed as Appendix R cables, and the related ER-FIRE Procedures, revised as a result of this event, will be referenced.
  • Ginna has previously notified the NRC of our intent to adopt NFPA 805 (Performance-Based Standard for Fire Protection for Light Water Reactor Generator Plants, 2001 Edition) in accordance with 10 CFR 50.48(c).

VI. ADDITIONAL INFORMATION:

A. FAILED COMPONENTS:

No structures, systems, or components failed as result of this event.

B. PREVIOUS LERs ON SIMILAR EVENTS:

C. THE ENERGY INDUSTRY IDENTIFICATION SYSTEM (EIIS) COMPONENT FUNCTION

IDENTIFIER AND SYSTEM NAME OF EACH COMPONENT OR SYSTEM REFERRED TO

IN THIS LER:

COMPONENT IEEE 803 IEEE 805

FUNCTION NUMBER SYSTEM IDENTIFICATION

Pump P CB Cable CBL EI Breaker B KR EC