Text

Ak MITSUBISHI HEAVY INDUSTRIES, LTD.

16-5, KONAN 2-CHOME, MINATO-KU

.TOKYO, JAPAN December 28, 2010 Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 Attention: Mr. Jeffrey A. Ciocco Docket No.52-021 MHI Ref: UAP-HF-10350

Subject:

MHI's Response to US-APWR DCD RAI No. 671-5126 Revision 0 (SRP Section 07.04)

Reference:

1) "Request for Additional Information No. 671-5126 Revision 2, SRP Section:

07.04 - Safe Shutdown Systems - Application Section: Section 7.4" dated December 6, 2010.

With this letter, Mitsubishi Heavy Industries, Ltd. ("MHI") transmits to the U.S. Nuclear Regulatory Commission ("NRC") a document entitled "Response to Request for Additional Information No. 671-5126 Revision 2."

Enclosed is the response to a question contained within Reference 1.

Please contact Dr. C. Keith Paulson, Senior Technical Manager, Mitsubishi Nuclear Energy Systems, Inc. if the NRC has questions concerning any aspect of the submittals. His contact information is below.

Sincerely, Yoshiki Ogata, General Manager-APWR Promoting Department Mitsubishi Heavy Industries, LTD.

Enclosure:

1. Response to Request for Additional Information No. 671-5126 Revision 2 CC: J. A. Ciocco C. K. Paulson Contact Information C. Keith Paulson, Senior Technical Manager Mitsubishi Nuclear Energy Systems, Inc.

300 Oxford Drive, Suite 301 Monroeville, PA 15146 E-mail: ck-paulson@mnes-us.com Telephone: (412) 373-6466

Docket No.52-021 MHI Ref: UAP-HF-10350 Enclosure 1 UAP-HF-10350 Docket No.52-021 Response to Request for Additional Information No. 671-5126 Revision 2 December 2010

RESPONSE TO REQUEST FOR ADDITIONAL INFORMATION 12/28/2010 US-APWR Design Certification Mitsubishi Heavy Industries Docket No.52-021 RAI NO.: NO.671-5126 REVISION 2 SRP SECTION: 07.04 - SAFE SHUTDOWN SYSTEMS APPLICATION SECTION: 07.04 DATE OF RAI ISSUE: 12/6/2010 QUESTION NO. : 07.04-20 DCD Tier 2 Section 7.4.1.5 discusses the normal and safe shutdown from outside the MCR.

Confirm that no single failure will prevent transfer of more than one train from the MCR to the RSR. That is, Section 4.2.4.d in MUAP-07004-P states that, "This design ensures no single failure will prevent transfer of more than one train. In addition a single failure will not result in spurious transfer of any train." And, Fig. 4.2-1 in MUAP-07004-P shows an AND gate for transfer switch 1 and transfer switch 2. DCD Tier 2 Section 7.4.1.5 does not address this issue. In accordance with Section 5.1 of IEEE-603, please confirm that the AND gate in Fig. 4.2-1 represents one train and that the transfer meets the single failure criterion.

ANSWER:

As stated in Subsection 4.2.4-d of MUAP-07004 "Safety I&C System Description and Design Process", there are two separate transfer switches to control each of the four PSMS trains and one for the PCMS. The transfer actions from the Main Control Room (MCR) to Remote Shutdown Room (RSR) require the manipulations of both sets of switches for each PSMS train and PCMS.

Transfer is controlled separately for each of the four PSMS trains and separately for the PCMS.

Cables for each transfer switches are routed in accordance with IEEE Std 384-1992, including cables within MCR and RSR so that a single failure does not propagate to outside of one train.

This design ensures no single failure will prevent transfer of more than one train because transfer circuits of each train are independent and separated as Class 1E circuit. In addition, a single failure will not result in spurious transfer of any train because operation of both of the switches is required to effect the transfer for each train.

Impact on DCD Item 9 of DCD Subsection 7.4.1.5 will be revised as follows:

9. The RSR is located in the reactor building. The transfer switch panels are in two separate locations, one is in the RSR, and another one is located outside of the MCR on the escape route to the RSR. The transfer actions from the MCR to RSR require the manipulation of both of switches for each train. Transfer is controlled separately for each of the four PSMS trains and separately for the PCMS. The transfer switch logic design is described in Topical Report MUAP-07004 (Reference 7.4-6) Section 4.2.4.d.

The cable routes for each transfer switch panels are seprted-itG in separate arothe fire areas as shown in Figure 7.4-2, and cables are separated in accordance with IEEE std 384-1992 including cables within MCR and RSR.

7.5-1

This design ensures no single failure prevents transfer of more than one train. In addition, no single failure results in spurious transfer of any train.

Impact on COLA There is no impact on the COLA Impact on PRA There is no impact on the PRA This completes MHI's responses to the NRC's question.

7.5-2

RESPONSE TO REQUEST FOR ADDITIONAL INFORMATION 12/2812010 US-APWR Design Certification Mitsubishi Heavy Industries Docket No.52-021 RAI NO.: NO.671-5126 REVISION 2 SRP SECTION: 07.04 - SAFE SHUTDOWN SYSTEMS APPLICATION SECTION: 07.04 DATE OF RAI ISSUE: 12/6/2010 QUESTION NO. : 07.04-21 DCD Tier 2 Section 7.4.1.5 discusses the location, purpose, and controls of the transfer switches but not periodic testing of those switches. DCD Tier 2 Section 7.4.1.3 mentions periodic testing, but in the general sense of the SLS, PRS, and ESFAS. As required by Criterion 5.7 of IEEE Std 603-1991, periodic testing should duplicate, as closely as practical, the overall performance required of the safety system. The test should confirm operability of both the automatic and manual circuitry. The capability should be provided to permit testing during power operation. Please address periodic testing of the RSC and the transfer switches from the MCR to the RSR and how the tests duplicate the overall performance required of the safe shutdown system, how the tests confirm operability of both the automatic and manual circuitry, and the ability to perform these tests during power operation.

ANSWER:

The redundant PSMS trains are self-tested on a continuous basis. Self-testing also encompasses all data communications within a PSMS train. MCR/RSR transfer can be initiated only by manipulating the transfer switches. Manual testing is provided for the transfer switches and display and control functions of Safety VDUs on Remote Shutdown Console (RSC), as defined in Technical Specification, Section 3.3.4. As described in Subsection 4.2.4-d of MUAP-07004, transfer can be controlled separately for each of the four PSMS trains; these functions for one PSMS train at a time can, therefore, be tested during power operation without affecting operability in the MCR.

Impact on DCD The following paragraph will be added to Subsection 7.4.2.5:

Manual testinq is provided for the transfer switches and the display and control functions of the Safety VDUs on the RSC. As described in Subsection 4.2.4-d of MUAP-07004, transfer can be controlled separately for each of the four PSMS trains- these functions for one PSMS train at a time can, therefore, be tested during power operation without affecting operability in the MCR.

Impact on COLA There is no impact on the COLA Impact on PRA 7.5-3

There is no impact on the PRA This completes MHI's responses to the NRC's question.

7.5-4

RESPONSE TO REQUEST FOR ADDITIONAL INFORMATION 12/2812010 US-APWR Design Certification Mitsubishi Heavy Industries Docket No.52-021 RAI NO.: NO.671-5126 REVISION 2 SRP SECTION: 07.04 - SAFE SHUTDOWN SYSTEMS APPLICATION SECTION: 07.04 DATE OF RAI ISSUE: 12/6/2010 QUESTION NO. : 07.04-22 Neither DCD Tier 2, Section 7.4 nor 8.3, nor MUAP-07004-P, "Safety I&C System Description and Design Process," Appendix A discusses the ability to achieve safe shutdown with onsite electric power available assuming offsite power is not available and with offsite electric power available assuming onsite power is not available. Provide specific details on how the maintenance bypass of power sources and the reliability of electric power for the systems required to achieve and maintain safe shutdown meets the requirements of IEEE Std. 603-1991, Clause 8.3.

ANSWER:

The Class IE power system is comprised of four trains, and each train of the power system is backed-up by a Class 1E Gas Turbine Generator (GTG). Each Class 1E power system feeds to the corresponding train of mechanical and I&C equipment, as described in DCD Chapter 8 Figure 8.1-1.

In the US-APWR plant design, achieving and maintaining safe shutdown requires two trains for four-train systems, and one train for two-train systems. Therefore, taking a single failure into account, three trains for four-train systems and two trains for two train systems are required to be operable. During one train GTG maintenance bypass, for four-train systems, the three remaining trains are operable. For two-train systems, both of two required trains are operable during maintenance bypass since the power system train corresponding maintenance bypass is switched so that the associated train is powered from another power system train, as described in Subsection 8.3.1.1.2.1.

In addition, when onsite electric power is available assuming offsite power is not available, safe shutdown is achieved and maintained with onsite electric power (Class 1E GTG). And when offsite electric power is available assuming onsite power is not available, safe shutdown is achieved and maintained with offsite power.

Impact on DCD The third paragraph of Subsection 7.4.2.2 will be revised as follows:

The test method for all I&C equipment within the PSMS, including equipment used for safe shutdown, is the same. Self-diagnosis with overlapping manual tests that encompass PSMS I/O and interfacing plant process components, such as sensors, pumps and valves, ensure there are 7.5-5

no undetectable failures. Th . . at II., ,...k. a* n *-" f--

safe shutdown components to satisfy the single failure cr.tc'-Ro. Any two out of the four trains of mechanical systems are required to be operable to achieve safe shutdown conditions. Therefore, the systems are capable to achieve safe shutdown conditions assuming a single failure and on-line maintenance of the mechanical systems and Class 1E ac power systems. Table 7.4-1 shows that there is redundancy for each component credited for safe shutdown.

Impact on COLA There is no impact on the COLA Impact on PRA There is no impact on the PRA This completes MHI's responses to the NRC's question.

7.5-6