ML20128G402

From kanterella
Revision as of 10:13, 8 July 2020 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Forwards Markup of AP600 Reliability Assurance Program (Rap),Ssar Section 16.2
ML20128G402
Person / Time
Site: 05200003
Issue date: 10/03/1996
From: Mcintyre B
WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To: Quay T
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
DCP-NRC0612, DCP-NRC612, NSD-NRC-96-4830, NUDOCS 9610090024
Download: ML20128G402 (21)
v  d  e


Text

. ~:

cmp

, ~.

Westinghouse Energy Systems Ba 355 Pinsbutgh Pennsylvania 15230 0355 Electric Corporation NSD-NRC-96-4830 DCP/NRC0612 Docket No.: STN-52-003 October 3,1996 Document Control Desk U.S. Nuclear Regulatory Commission Washington, D.C. 20555 ATTENTION: T.R. QUAY

SUBJECT:

MARKUP COPY OF THE AP600 RELIABILITY ASSURANCE PROGRAM (RAP), SSAR SECTION 16.2

Dear Mr. Quay:

Please find enclosed a markup copy of the AP600 Reliability Assurance Program (RAP), SSAR Section 16.2. The RAP contained in Revision 7 of the SSAR (April 1996), was revised to reflect NRC review conunents received on July 16, 1996, and resolved during an August 16, 1996, meeting with the NRC. With submittal of the attached markup, the following Open Item Tracking System (OITS) items are statused CLOSED: 1286,1288,1289,1291,1292,1296, and 1298. OITS items 1290,1293,1295, and 1297 were clo-sed previously as agreed during the August 16,1996 meeting.

A new open item (#3943) was added to the OITS to evaluate hydrogen ignitors and containment fan coolers in'the " Risk Significant SSCs Under the Scope of RAP" table. The results of this evaluation will be discussed with the NRC prior to submittal of the RAP in SSAR Revision 10. Revision 10 of the SSAR will complete Westinghouse RAP activities for AP600 Design Certification.

If you have any questions regarding this transmittal, please contact Robin K. Nydes at (412) 374-4125.

L/Wh Brian A. McIntyre, Manager Advanced Plant Safety and Licensing

/nja Enclosure cc: W. Iluffman, NRC i F. Talbot, NRC T. Bergman, NRC M/

N. Liparulo, Westinghouse (w/o Enclosure) -

9610090024 961003

, n PDR ADOCK 05200003 Q' O U (r _

. A PDR

ms

16. Technical Specificctions 16.2 Design Reliability Assurance Program l

This subsection presents the AP600 Design Reliability Assurance Program (D-RAP).

16.2.1 Introductior The AP600 D-RAP is implemented as an integral part of the AP600 design process to provide l confidence that reliability is designed into the plant and that the important reliability assumptions made as part of the AP600 probabilistic risk assessment (PRA) will remain valid throughout plant life. The PRA quantifies plant response to a spectmm of initiating events to demonstrate the low probability of core damage and resultant risk to the public. PRA input includes specific values for the reliability of the various structures, systems, and components (SSCs) in the plant that are used to respond to postulated initiating events.

The D-RAP, as shown in Figure 16.2-1, is implemented in three phases. The first phase, the Design Certification phase, defines the overall structure of the AP600 D-RAP, and implements those aspects of the program which are applicable to the design process. During this phase, risk-significant SSCs are identified for inclusion in the program using probabilistic, deterministic, and other methods. Phase II, the post-design certification process, develois component maintenance recommendations for the plant's operations and maintenance activitiis for the identified SSCs. The third phase is the site-specific phase, which introduces the plant!s site-specific SCCs to the D-RAP process. Phases I and II are performed by the designer.

Phase III is the responsibility of the Combined License applicant.

Finally, Figure 16.2-1 shows the Operational Reliability Assumnce Process (0-RAP). This phase, which is implemented by the Combined License applicant, provides confidence that the operations and maintenance activities performed in the operating plant support and maintain the reliability assumptions made in the plant PRA.

16.2.2- Scope ne D-RAP includes a design evaluation of the AP600 and identifies the aspects of plant operation, maintenance, and performance monitoring pertinent to risk-significant SSCs. In .

addition to the PRA, deterministic tools, industry sources, and expert opinion are utilized to identify and prioritize those risk-significant SSCs.

16.2.3 Design Considerations Extensive ~ efforts are involved in optimizing the AP600 design for operational availability as well as safety. The use of consistent reliability information provides confidence that the calculated system availabilities are based on the same data and assumptions as the PRA.

When an alternative design is proposed to improve performance in either arch, the revised design is first reviewed to provide confidence that the current assumptions in the other areas are not violated. When a potential conflict exists between safety goals and other goals, safety goals take precedence.

Draft Revision: 10

[ W85tiligh00S8 16.2-1 September 30,1996

16. Technical Specificctions ,

As part of the design process, risk-significant components are evaluated to determine their dominant failure modes and the effects associated with those failure modes. For most components, a substantial operating history is available which defines the significant failure modes and their likely causes.

The identification and prioritization of the various possible failure modes for each component lead to suggestions for failure prevention or mitigation. This information is provided as input to the Combined License applicant's operational reliability assurance activities because it defines the means by which component reliability can be maintamed.

The design reflects the reliability values assumed in the design and PRA as part of procurement specifications.

16.2.4 Relationship to Other Administrative Programs The D-RAP manifests itself in other administrative and operational programs in the AP600.

The technical specifications provide surveillance and testing frequencies for certain risks significant SSCs, providing confidence that the reliability values assumed for them in the PR$

will be maintamed during plant operations. In addition, certain risk-significant systems th)t provide defense-in-depth or result in significant improvement in the PRA evaluations aile included in the scope of the D-RAP to provide a high degree of confidence W their performance.

~

The O-RAP can be implemented through the plant's existing programs for maintenance or quality assurance. For example, . the: plant's implentation of the ' Maintenance Rule, 10 CFR 50.65, can provide coverage of the SSCs that would be included in O-RAP. The Combined License applica.nt will be responsible for the submittal of an O-RAP to the NRC.

The NRC will review this process as part of the plant's maintenance program. Quality Assurance program, or other existing program.

16.2.5 The AP600 Design Organization The AP600 organization described in Section 1.4 formulates and implements the AP600 D-RAP.

The AP600 management staff is responsible for the AP600 design and licensing.

The AP600 staff coordinates the program activities, including those performed within Westinghouse as well as work completed by the architect-engineers and other supporting organizations listed in Section 1.4.

The AP600 staff is responsible for development of Phase I of the D-RAP and the design, analyses, and risk and reliability engineering required to support development of the girogram.

Westinghouse is responsible for the safety analyses, the reliability analyses, and the PRA.

Draft Revision: 10 September 30,1996 16.2-2 [ W85tiflgt100S8

l l

. ym:

16. Technical Specincctions The reliability analyses are performed using common databases from Westinghouse and from l industry sources such as INPO and EPRI.

Within the engineering organization, the Risk and Reliability organization is responsible for managing and integrating the D-RAP and has direct access to the AP600 staff. Risk and Reliability is responsible for keeping the AP600 staff cognizant of the D-RAP risk-significant items, program needs, and status. Risk and Reliability participates in the design change control l process for the purpose of providing D-RAP-related inputs to the design process. Additionally, a cognizant representative of Risk and Reliability is present _at design reviews and status meetings. Through these interfaces, Risk and Reliability can identify discrepancies between the performance of risk-significant SSCs and the reliability assumptions in the PRA. Meetings between Risk and Reliability and the designer are then held to resolve discrepancies.

16.2.6 Objective The objective of the D-RAP is to design reliability into the plant and to maintain the AP600 reliability consistent with the NRC-established PRA safety goals.

The following goals have been established for the D-RAP:

l Provide a mechanism for establishing baseline reliability values and the Maintenance Rule (10 CFR 50.65) for SSCs consistent with the NRC-established PRA safety goali. l

=

Provide a mechanism for establishing baseline reliability values for SSCs consistent with the regulatory treatrnent of nonsafety systems (RTNSS) process a

Provide a mechanism for establishing baseline reliability values for SSCs consistent with the defense-in-depth functions to minimize challenges to the safety-related systems Generate design and operational information to be used by a Combined License applicant for ongoing plant reliability assurance activities The site-specific portion of the D-RAP (Phase IU) is the responsibility of the Combined License applicant.

The Combined License applicant should submit its D-RAP organization description for NRC review.

The goal of the Combined License applicant's O-RAP should be to ensure that reliability is maintained consistent with overall safety goals and that the capability to perform safety-related functions is maintained. Individual component reliability values are expected to change throughout the course of plant life because of aging and changes in suppliers and technology.

Changes in individual component reliability values are acceptable as long as overall plant safety performance is maintained within the NRC-established PRA safety goals and the deterministic licensing design bases.

Draft Revision: 10 Y W95tingh00S8 16.2-3 ScPtember 30,1996

mmE -

16. Technical Specificctions Mj .

16.2.7 D-RAP, Phase !

Phase I, the definition portion of the D-RAP, includes the initial identification of SSCs to be included in the program, implementation of the aspects applicable to design effons, and definition of the scope, requirements, and implementation options to be included in the later phases.

16.2.7.1 SSCs Identification and Prioritization The initial task of the D-RAP is identification of risk-significant SSCs to be included within the scope of the program. As shown in Figure 16.2-1, the AP600 PRA and the AP600 implementation of the RTNSS process are sources used to identify those SSCs and their critical failure modes. The review of light water reactor industry experience and industry notices (such as licensee event reports) support the process. An expert panel is also employed in the selection process.

PRA-based measurements provide information that contributes to the identification and prioritization of SSCs. A component's risk achievement worth (RAW)is the factor by which the plant's core damage frequency increases if the component reliability is assigned tife value 0.0. In selecting a risk-achievement worth threshold for identifying critical components, it was considered that the AP600 has a core damage frequency approximately two orders of magnitude lower than that of currently operating pressurized water reactors. Thus, a threshold risk achievement worth of at least 10 for any given component supports an AP600 core damage frequency that is 10 times better than that of currently operating teactors.

Components with risk achievement worth values of 10 or greater will be included in the D-RAP.

Risk reduction worth (RRW) is used in the selection process. A component's risk reduction  ;

worth is the amount by which the plant's core damage frequency decreases if the component's 1 reliability is assigned the value 1.0. A threshold measure of 1.2 or greater is used as the i cutoff. Given the low core damage frequency of AP600, this is considered appropriate.

  • j Components with risk reduction worths of 1.2 or greater will be included in the D-RAP.

Fussel-Vesely worth (FVW) is also used in the screening process. This is a measure of an event's contribution to the o ferall plant core damage frequency. Components with Fussel- )

Vesely worths of 20 percent or greater are included in the D-RAP.

The RTNSS process is also instrumental in identifying risk-significant SSCs. This process contains both probabilistic and deterministic elements and is described in Reference 1. A PRA sensitivity study (Reference 2) was performed to calculate core damage frequency and large release frequency assuming no credit for nonsafety-related SSCs to mitigate at-power and shutdown events. This sensitivity study is referred to as the focused PRA. The deterministic identification of risk-significant SSCs encompassed the following guidelines and considerations:

Draft Revision: 10 September 30,1996 16.2-4 T W85tingt100S8

l l n~ w ,

. 16. Technical Specifications ATWS rule (10 CFR 50.62)

=

Loss of all ac power (10 CFR 50.63)

Post-72-hour actions ,

Containment performance l Adverse interactions with the AP600 safety-related systems Seismic considerations Nonsafety-related systems identified as risk-significant are considered in the scope of I the D-RAP:

Diverse actuation system

=

Non-Class IE de and uninterruptible power supply system Offsite power, main ac power, and onsite standby power systems Normal residual heat removal system Component cooling water system

Finally, risk-significant SSCs are selected using industry experience, regulations, and engineering judgment.

16.2.7.1.1 Level 1 PRA and Shutdown Analysis The Level 1 PRA evaluates accident sequences from initiating events and failures of safety functions to core damage events. The probability of core damage and the identification of dominant contributors to that state are also determined in this analysis.

A low-power and shutdown assessment was conducted to address concerns about risk of operations during shutdown conditions. It encompasses operation when the reactor is in a suberitical state or is in a transition between suberiticality and power operation up to 5 percent of rated power. It consists of a Level 1 PRA and an evaluation of release frequencies and magnitudes.

Included in the D-RAP are events that meet the threshold risk achievement worth, risk reduction worth, or Fussel-Vesely worth values defined in subsection 16.2.7.1.

16.2.7.1.2 Level 2 Analysis The Level 2 analysis predicts the plant response to severe accidents and offsite fission product releases. Specifically, the analysis includes the following sections:

Evaluating severe accident phenomena and fission product source terms

  • Modeling the containment event tree Analyzing hydrogen burn, mixing, and ignitor placement
  • Modeling the AP600 utilizing the MAAP4 code Draft Revision: 10

[ W85tingt100S8 16.2-5 September 30,19%

10. Technical Specificctions Equipment used in the prevention of severe accidents and severe post-accident boundary conditions is credited in the Level 1 and Level 2 PRA analyses. An example of this preventive equipment is the reactor coolant system automatic depressurization system (ADS).

Successful depressurization leads to core cooling, and in the event that injection fails, results in a low pressure core damage sequence that has fewer uncertainties and can be more easily mitigated than high pressure core damage.

The containment event tree used in the AP600 Level 2 PRA examines the operation of equipment which mitigates the threat to the containment from severe accident phenomena.

The systems credited for the mitigation of large fission product releases are containment isolation, passive containment cooling water (PCS), and operator action to flood the cavity by opening the recirculation valves and energizing the hydrogen ignitors.

16.2.7.1.3 External Event Analyses These analyses consider the events whose cause is extemal to all the systems associated with normal and emergency operations situations. They include the following:

  • Intemal flood
  • Seismic margins analysis
  • External events evaluations (such as high winds and tornados, external floods, and transportation accidents)
  • Fire The internal flood analysis identifies, analyzes, and quantifies the core damage risk l contribution as a result of intemal flooding during at-power and shutdown conditions. The i analysis models potential flood vulnerabilities in conjunction with random failures modeled i as part of the intemal events PRA.

The seismic margins analysis identifies potential vulnerabilities and demonstrates seismic margin beyond the safe shutdown earthquake. The capacity of those components required to bring the plant to a safe, stable shutdown is evaluated.

I 16.2.7.1.4 Expert Panel Meetings were held among Systems Engineering, PRA, and Reliability Engineering to identify additional SSCs that should be included in the D-RAP. As shown in Figure 16.2-1, industry-wide information sources and engineering judgment were employed in considering the addition of SSCs to the D-RAP.

Draft Revision: 10 September 30,1996 16.2-6 3 W95tingh00S8 1

l l

, 16. Technical Specificottons 16.2.7.1.5 SSCs to be Included in D-RAP Table 16.2-1 lists the non-site-specific SSCs included in the D-RAP. In Figure 16.2-1, this list is denoted as " Risk-significant items (non-site-specific). For each item listed in the "SSC" column, there is a corresponding " Rationale" given. Items whose values exceed the thresholds for risk achievement, risk reduction, or Fussel-Vesely are included and noted as such. Other SSCs are included based upon their significance to RTNSS, Level 2 analysis, extemal event analyses, or seismic margin analysis. Additional items are included based upon an expert panel review. The " Remarks" column provides additional insights into the selection process, ne use of the the risk reduction worth, Fussel-Vesely worth, and extemal event criteria resulted in no SSC selections.

16.2.7.2 D-RAP, Phase II During Phase II of the D-RAP, maintenance assessments and recommendations are developed by the designer to enhance the reliability of the plant risk-significant components. Timse activities are shown in Figure 16.2-1 as " Recommended Plant Maintenance Monitoring Activities." He recommendations can take the form of monitoring activities or preventivii, predictive or corrective maintenance, and are dependent upon the types of failure modes thtt a component may experience. These modes are generally determmed by a failure modei, effects and criticality analysis. The maintenance recommendations address the most significant failure modes of the component.

16.2.7.2.1 Information Available to Combined License Applicant To support the Combined License applicant's D-RAP Phase III and O-RAP, the following information is provided at the end of Phase II:

  • The list of risk-significant SSCs identified during the design phase

= The PRA assumptions for component unavailability and failure data, provided in Chapter 32 of the PRA report.

  • The analyses performed for components identified as major contributors to total risk, with the dominant failure modes identified and prioritized. The suggested means for prevention or mitigation of these failure modes forms the basis for the plant surveil-lance, testing, and maintenance programs.

= Reference 1 provides recommended short-term availability controls for nonsafety-related SSCs that perform the functions identified as RTNSS-important. These recommenda-tions include the operational modes when the systems are risk significant, the recommended modes for extended maintenance operations on the system, and remedial actions if the system is not available.

Draft Revision: 10

[ W65tingt100$8 16.2-7 September 30,1996

16. Technical Specificctions ,

16.2.7.3 D-RAP, Phase III Site-specific activities of the D-RAP are the responsibility of the Combined License applicant.

Figure 16.2-1 shows these activities in the Phase III area of the figure. At this stage, the designer's D-RAP package must be modified or appended based on considerations specific to the site. An example of this would be assignment of additional components to the risk-significant ranking due to the highly corrosive environment of a coastline installation. These considerations would be used as inputs to the critical items list and maintenance activities, and the final maintenance plan of the plant would reflect this.

16.2.7.4 D RAP Implementation The following is an example of a system that was reviewed and modified under the D-RAP, Phases I and IL The design and analytical results presented here are intended as an example and do not necessarily reflect the current AP600 design.

The automatic depressurization system, which is part of the reactor coolant system, acts in conjunction with the passive core cooling system to mitigate design basis accidents. Its function is to reduce reactor coolant system pressure in a controlled fashion to allow the required flow rates from the lower pressure injection supplies (core makeup tanks, accumulators, and in-containment refueling wavr storage tank). It is required primarily to mitigate small-break loss-of-coolant accidents (LOCAs). The automatic depressurization system function is discussed in subsection 5.4.6 of the SSAR.

The earlier automatic depressurization system design contained four depressurization stages, with motor-operated valves in all stages. Preliminary PRA analysis established that fourth stage failure, in certain combination with failures of other stages, was a major contributor to core damage frequency. Thus, it was concluded that the founh stage valves should be diverse I in design from the valves in other stages to reduce common cause failure.

As a result of joint meetings among the AP600 PRA, Design, and staff organizations to l discuss core melt frequency improvements, the fourth stage automatic depressurization system I was changed from a motor-operated valve to a squib (explosively actuated) valve. The new configuration of the system is shown in the reactor coolant system P&ID (Figure 5.1-5 of the SSAR). An example of the the analytical results that reflect this change is provided in Table 16.2-2.

As part of the evaluation of the squib valves, a failure modes and effects criticality analysis (FMECA) was prepared to identify subcomponent failures and critical items that could lead to hazardous or abnormal conditions of the automatic depressurization system and the plant.

The identification of failure modes facilitated the development of recommended maintenance and in-service testing activities to maximize valve reliability.

The squib valve is a completely static electromechanical assembly. Prior to activation, there are no moving parts. No powered components are needed to hold a stem seat or globe in Draft Revision: 10 September 30,1996 16.2-8 3 WestlDgh00S8 i

l l

, 16. Technical Specificctions place by torque, solenoid coils, or friction. Typically, for a period of two refueling outage cycles, adjustments, switch setting checks, or component replacement are not required; however, due to the inherent nature of an explosive material, the primer chamber assembly must be replaced within 5 years. An explosive actuator is a simple, passive device which does not require in-service testing. The integrity of the electrical circuit to the explosive actuator can be continuously verified by a trickle current.

Because the automatic depressurization system founh stage valves perform safety-related functions, they will be subject to in-service testing to verify that they are ready to function in an accident. Subsection 3.9.6 of the SSAR includes in-service testing requirements for these valves.

Table 16.2-3 consolidates sample FMECA results from both the founh stage squib valves and the second and third stage motor-operated valves. These components rank high in risk-significance priority for the automatic depressurization system. The failure modes are provided, along with maintenance / surveillance recommendations and the rationale for the recommendations.

16.2.8 Combined License Activities RAP These activities are represented in Figure 16.2-1 as ' Plant Maintenance Program."

The Combined License applicant is responsible for performing the tasks necessary to maintain the reliability of risk-significant SSCs. Reference 3 contains examples of cost-effective maintenance enhancements, such as condition monitoring and shifting time-directed maintenance to condition-directed maintenance.

De Maintenance Rule (10 CFR 50.65) is relevant to the Combined License applicant's maintenance activities in that it prescribes SSC performance-related goals during plant operation.

In addition to performing the specific tasks necessary to maintain SSC reliability at its -

required level, the activities should include these elements:

. Reliability data base - Historical data available on equipment performance. The compilation and reduction of this data provides the plant with an initial key source of component reliability information. After plant operation begins, this data base will grow and become more useful in the Combined License applicant's O-RAP.

  • Surveillance and testing -In addition to maintaining the per' unce of the components necessary for plant operation, surveillance and testing proudes a high degree of reliability for the safety related SSCs.
  • Maintenance plan - Intended to provide high equipment reliability by taking into account manufacturer's recommendations and operating experience, this plan describes the nature and frequency of maintenance activities to be performed on plant equipment.

Draft Revision: 10 3 W8stinghouse 16.2-9 September 30,1996

m

16. Technical Specific tions .

The plan includes the selected SSCs identiGed in the D-RAP that are periodically evaluated.

16.2.9 Glossary of Terms ADS Automatic depressurization system D-RAP Design Reliability Assurance Program - performed as part of the AP600 design effort to assure that the reliability assumptions of the PRA remain valid throughout the plant operating lifetime.

O-RAP Operational Reliability Assurance Process '

PRA Probabilistic risk assessment ,

1 l

RAW Risk achievement worth ,

I' Risk-significant Any SSC determined in the PRA or by significant other analysis to be a major contributor to overall plant risk RRW Risk reduction worth l

RTNSS Regulatory treatment of nonsafety-related systems

. 1 SSC Structures, systems, and components 16.2.10 References l

1. Brockhoff, C. S., Haag, C. L., More, D. G., Sterdis, A. L., "AP600 Implementation of the Regulatory Treatment of Nonsafety-Related Systems Process," WCAP-13856, September 1993.
2. AP600 Probabilistic Risk Assessment,1995.
3. Lofgren, E. V., Cooper, S. E. Kurth, R. E, Phillips, "A Process for Risk-Focused Maintenance," NUREG/CR-5695, March 1991.

Draft Revision: 10 September 30,1996 16.2-10 [ W85tingh00S8

1

_+. 1

16. Technical Specificctions  !

l Table 16.2-1 RISK SIGNIFICANT SSCs UNDER THE SCOPE OF D RAP SSCm Rationale

  • Remarks Reactor coolant pump trip breakers RAW 210 These breakers open automatically to allow core makeup tank operation.

Diverse actuation system hardware automatic EP,RTNSS The diverse actuation system is actuanon (sensor input through control output diverse from the protection and safety and indication) monitoring system and provides automatic actuation of selected plant features including control rod insertion, turbine trip, passive residual heat removal heat ~ exchanger actuation, core makeup tank actuation, isolation of critical containment lines, and passive ' containment cooling system actuauon.

Reactor trip breaker MG sets EP,RTNSS These breakers open automatically to allow insertion of the control rods; Non-lE de power (to diverse actuation EP,RTNSS Non-lE de provides power to thd system / plant control system) ' diverse actuation system and the plant control system.

Pressurizer safety valves EP These valves provide overpressure protection of the reactor coolant system.

In-containment refueling water storage tank RAW 210 The in-containment refueling water injection check valves storage tank injection lines provide long-term core cooling following a loss-of-coolant accident. 'Ibese check valves open when the reactor coolant system pressure is reduced to below the in-contamment refueling . water storage tank injection head, in-containment refueling water storage tank RAW 210 The in-containment refueling water injection squib valves storage tank injection lines provide longer-term core cooling following a loss-of coolant accident. 'Ibese squib valves open automancally to allow injection when the reactor coolant system pressure _is reduced to below the in-contaanment refueling water storage tank injection head.

Draft Revision: 10

[ Westinghouse 16.2-11 september 30,1996

16. Technical Specifications .

SSC* Rationale

  • Remarks In-containment refueling water storage tank RAW 210 De in-containment refueling water injection screens storage tank injection lines provide long-term core cooling following a loss-of-coolant accident.nese screens are located inside the in-containment refueling water storage tank and prevent large particles from bpag injected into the reactor coolant system. %ey are designed so that they will not become obstructed.

Containment recirculation check valves RAW 210 he containment' recirculation lines provide long-term core cooling following a loss-of-coolant accident.

Rese check valves open when the in-containment refueling water storage tank level is reduced to'about the same level as the containment level.

%ese check valves can also allow.

Iong-term core cooling to be provided by the nonnal residual heat removal pumps.

Containment recirculation squib valves RAW 210 and The containment recirculation lines 12 vel 2 provide long-term core cooling following a loss-of-coolant accident.

Dese squib valves open automatically to allow containment recirculation when the in-containment refueling water storage tank level is reduced to about the same level as the containment. %ese squib valves can also allow long-term core cooling to be provided by the normal residual heat removal pumps.

Dese squib valves together with the containment recirculation motor-operated valves can provide a rapid flooding of the containment to support in-vessel retention during a severe accident.

Containment recirculation screens RAW 210 De containment recirculation lines provide long-term core cooling following a loss-of-coolant accident.

De semens are located in the containment - and prevent large particles from being inje'eted into the reactor . coolant system. %ey are designed so that they will not become obstructed.

Draft Revision: 10 September 30,1996 16.2-12 [ W95tingt10US8

_w

16. Techsical Specificctions 4

SSCW Ratirgde* Remarks Containment recirculation motor-operated RAW : 1 and The containment recirculation lines valves Level '- provide long-term core cooling following a loss-of-coolant accident.

De motor-operated valves open automatically to allow containment recirculation when the in-containment refueling water storage tank level is reduced to about the same level as the containment. The motor-operated valves also allow long-term core cooling to be provided by the normal residual heat removal pumps.

Core makeup tank RAW 210 The core makeup tank provides borated water to the reactor coolant system in the event of a loss-of-coolant accident.

Accumulator tank RAW 210 The accumulator provides makeup to the reactor coolant system following loss +f-coolant accidents.

Core makeup tank air-operated valves RAW 210 These air-operated valves automatically open to allow core ..

makeup tank injection.

Accumulator check valves RAW 210 hese check valves open when the reactor coolant system pressure drops below the accumulator pressure to allow accumulator injection.

Passive residual heat removal heat exchanger EP The passive residual heat removal air-operated valves system heat exchangers provide core cooling following non-loss-of-coolant accident events, steam generator tube ruptwes, and anticipated transients without scram. De air-operated valves automatically open to initiate passive residual heat removal system heat exchanger operation.

Automatic depressurization system Stage 1/2/3 Level 2, EP The automatic depressurization system motor-operated valves provides a controlled depressurization of the retetor coolant system following loss-of-coolant accidents to allow core cooling fmm the accumulator, in-containment refueling water storage tank injection, and containment recirculation. The automatic depressurization system provides " bleed" capability for feed / bleed cooling of the core. De automatic depressurization system also provides depressurization of the reactor coolant system to prevent a high-pressure core melt sequence.

Draft Revision: 10 16.2-13 september 30,1996 Y W8stifichouse

16. Technical SpecificCtions ,

SSC* Rationalem Remarks Automatic depressurization system Stage 4 RAW 210 The automatic depressurization system squib valves pmvides a controlled depressurization of the reactor coolant system following loss-of-coolant accidents to allow core cooling from the accumulator,in-containment refueling water storage tank injection, and containment recirculation. The automatic depressurization system provides " bleed" capability for ,

feed / bleed cooling of the core. The  !

automatic depressurization system i also provides depressurization of the l reactor cc lant system to prevent a l high-presA e cose melt ==-  !

Steam generator main steam isolation valves EP The steam generator' main steam isolation valves provide isolation of the steam generator following secondary line breaks and, stearq '

generator tube rupture.

Steam generator safety valves EP The steam generator safety valvei provide overpressurizer paik,s of the steam generator. They also provide core cooling by venting steam from the steam generator.

4 Startup feedwater pumps EP The startup feedwater system pumps provide feedwater to the steam generator. This capability provides an alternate core cooling mechanism to the passive residual heat removal system heat exchangers for non-loss-of-coolant accident events or steam generator tube rupture.

Protection and safety monitoring system RAW 210 The protection and safety monitoring software system provides automatic actuation of safety-related equipment. This includes the software associated with processing the sensor inputs and providing the output signals.

Plant control system hardware (sensor input EP The plant control system provides through control output and indication) control of nonsafety-related equipment. This item includes the hardware associated with processing the sensor inputs and providing the output signals.

Core makeup t .evel seer es RAW 210 These sensors automatically actuate the automatic 4 6.&,n system.

Draft Revision: 10 September 30,1996 s o.2-14 T Westinghouse

16. Technical Specific-tions In<ontainment refueling water storage tank RAW 210 These sensors automatically open the level sensors containment recirculation motor-operated valves and squib valves.

Steam generator level sensors - narrow range, RAW 210 These sensors automatically actuate wide range (protection and safety monitoring the startup feedwater system and the system / diverse actuation system) passive residual heat removal system heat exchangers on low level, and isolate chemical and volume contml system makeup and the startup feedwater system on high level.

Pressurizer level sensors (protection and safety RAW 210 These sensors automatically actuate monitoring systern/ diverse actuation system) chemical and volume control system makeup and core makeup tank operation on low level. ney also isolate the chemical and volume contml system on high level.

IE batteries (24-hour) RAW 210 These batteries provide power for the pmtection and safety monitoring system and safety-related valve operation.

125 Vdc IE buses (24-hour) EP nese buses provide power for the protection and safety monitoring system and. safety-related _ valve operation.

125 Vdc IE motor control centers (24-hour) EP These motor control centers actuate safety-related valves.

Main control room dedicated manual controls EP These contmis allow the operators to manually actuate safety-related equipment.

Main control room qualified displays EP The main control room qualified displays pmvide the safety-related display required to me r plant performance after acciden .

Chemical and volume control system makeup EP These pumps pmvide maU to the pumps reactor coolant sy st.m to accommodate leaks and to provide negative reactivity for shutdowns, steam line breaks, and anticipated transients without scram. His capability is an alternative to the passive core cooling system.

Draft Revision: 10

[ W85tiligt10US8 16.2-15 September 30,1996

16. Technical Specificctions ,

l Normal residual heat removal system pumps RTNSS These pumps provide shutdown cooling of the reactor coolant system.

They also provide an altemate reactor coolant system lower pressure injection capability following actuation of the automatic depressurization system.

The operation of these pumps is RTNSS-important during shutdown reduced-inventory conditions. Normal residual heat removal system valve realignment is not required for reduced-inventory conditions.

Component cooling water pumps RTNSS These pumps provide cooling of the normal residual heat removal system and the startup feedwater system heat exchanger. Providing cooling of the normal residual heat removal system heat exchanger is RTNSS-lmportant during shutdown reduced-inventory conditions. Component cooling wated ,

system valve realignment is . not l

required , for reduced-inventory conditions.

Service water pumps RTNSS 'Ihese pumps provide cooling of the component cooling water system heat exchanger. Providing cooling of the component cooling water system twat exchanger is RTNSS-important during shutdown reduced inventory conditions. Service water system valve realignment is not required for reduced-inventory conditions.

Nonsafety-related diesels RTNSS *Ihese diesels provide ac power to support operation of nonsafety-related equipment such as the startup feedwater system pumps, chemical and volume control system pumps, normal residual heat removal system pumps, component cooling water system pumps, service water system pumps, and the plant control system.

Providing ac power to the normal residual heat removal system and the equipment necessary to support its

,l operation is RTNSS-important.

Draft Revision: 10 September 30,1996 16.2-16 3 W85tiflgh0USS I

, 16. Tech:Ical Specificctions 3 Containment shell Level 2 + EP The containment shell provides a l barrier to steam and radioactivity l released into the containment. "Ihe l shell also provides heat transfer from the core to the atmosphere following I accidents.  !

Passive containment cooling air-operated drain EP These valves open automatically to valves drain water from a water storage tank onto the outside surface of the containment shell. This water provides evaporative cooling of the containment shell following accidents.

Nuclear Fuel SMA The nuclear fuel includes the fuel pellets, fuel cladding, and associated support structures. This equipment, which provides a first barrier for release of radioactivity and allows for effective core cooling, had the least margin in the seismic margin analysis.

Hydrogen ignitors TBD TBD  ;

Containment fan coolers TBD TBD Notes:

1. Only includes listed equipment. Other parts of SSC or support systems are not included unless specifically listed.
2. Defmitions of Terms:

RAW = Risk achievement worth EP = Expert panel

'RTNSS = Regulatory treatment of nonsafety systems SMA = Seismic margin analysis

3. Maintenance / surveillance recommendations for equipment are documented in the appropriate SSAR section.

Table 16.2-3 provides a typical example of recommendations.

Draft Revision: 10 W Westkigt:0use 16.2-17 September 30,1996

1 g,:-

I

~

16. Technical Specific tions ,

Table 16.2-2 EXAMPLE OF RISK SIGNIFICANT RANKING OF SSCs FOR THE AUTOMATIC DEPRESSURIZATION SYSTEM Rank'" Event Code Description 1 ED3 MOD 07 EDS3 EAl distribution panel failure or unavailable due to testing and maintenance 2 AD4 MOD 07, AD4 MOD 08, AD4 MOD 09, Hardware failure of 2 of 4 automatic AD4 MOD 10 depressurization system Stage 4 lines (includes squib valves) 3 ECIBS00lTM. ECBS012TM, ECIBS121TM, Unavailability of bus ECS ES due to EC2BS002TM, EC2BS022TM,EC2BS221TM unscheduled maintenance 4 AD2 MOD 01, AD2 MOD 02, AD2 MOD 03, Hardware failure of automatic depressurization AD2 MOD 04 system Stages 2 and 3 of lines I and 2 (include:: motor-operated valves) 5 ECOMOD01 Main generator breaker ES01 fails to'open 6 ED3 MOD 01 Fixed component fails: circuit breaker, inverter or static transfer switch 7 ZOIMOD01,202 MOD 01 Diesel generator fails to start and run or i breaker 102 fails to close 8 202DG00lTM,202DG00lTM Standby diesel generator unavailable due to testing and maintenance Note:

1. The ranking is the order of the decreasing risk achievement component importance l

l l

Draft Revision: 10 September 30,1996 16.2-18 3 W95tingh0US8

1

16. Technical Specifications Table 16.2-3 EXAMPLE OF AUTOMATIC DEPRESSURIZATION SYSTEM FAILURE MODES AND RECOMMENDED O-RAP ACTIVITIES C-_,:::st Failure Mode Effect on System Recomunended Remarks Cg. ^* - Tests / Main **amara automatic depressurization system Failure to open on Failure to open blocks Functional test every 6 Testing represents a risk Stage 2 and 3 motor-operated valves demand reactor coolant system months. of reactor coolant system vent flow through one of depressurization, and two parallel branch lines therefore should be of the affected automatic minimized.

depressurization system valve stage.

Automatic depressunzation system Failure to open on Failure of a Stage 4 Test firing of explosive ASME Code guidelines Stage 4 squib valves demand automatic depressunzation charge in accordance with enhanced by results of system valve is the most ASME Code staggered test squib valve failure limiting single valve guidelines. Continuous modes and effects failure from the standpoint trickle current verification analysis criteria.

of automatic of the explosive actuator depressurization system circuit.

performance, based on this stage being the largest valve size. With the limiting S'. age 4 automatic depressraization system valve failure, the automatic depressurization system vent flow capacity is reduced, but safety analysis has demonstrated that the automatic depressurization system still meets design basis reactor coolant venting requirements.

Draft Revision: 10

[ W85tingfl0US8 16.2-19 September 30,1996

+

16. Technical Specific.itions AP800 DESEN REUABtJTY ASSURANCE PROGRAM (& 0-RAP)

O. RAP 4 ASEI r

/ COLLECT INFORMATION &SYSTEMk

\

7 7 DEVELOP SYSTEM MODEL 1r iP 1F LWR EXPERIENCE REGULATORY f ir

/

\ g,

/

\ EXPERT /

\ PANEL /

REVIEW (INFORMATION NOTICES ETC)

TRE ATMENT OF NSAFETY. RELATE SYSTE MS 1r w J J y

(NON-$l'E4PECIFC) 4 D. RAP PHASE il ir RECOMMENOED PLANT MAINTENANCEAGONITORING ACTMTIEs 1r I sate.8PECIFC CONSOLIDATED D-RAP. PHASE Ill

. SITE. SPECIFIC RimlFW rTEMS. , Rism?

DESION

  • MAINTENANCg ITEMS kWNTEMNCE (SITE 4PECIFIC)

CON $1DERATIONg CONSIDERATIONS i,

OPERATIONAL RELIABILITY ASSURANCE PROCESS (0.R AP) ir PLANT MANTENANCE PROGRAM Figure 16.2-1 Design Reliability Assurance Program and 0 RAP Draft Revision: 10 September 30,1996 16.2-20 3 Westingh00S8

._ . . _

Retrieved from "https://kanterella.com/w/index.php?title=ML20128G402&oldid=2895198"