Review of the Vogtle Units 1 and 2 Auxiliary Feedwater System Reliability Analysis

ML20205F440
Person / Time
Site:	Vogtle
Issue date:	10/31/1985
From:	Fresco A, Papazoglou I, Youngblood R BROOKHAVEN NATIONAL LABORATORY
To:	Office of Nuclear Reactor Regulation
References
CON-FIN-A-3702 BNL-NUREG-51876, NUREG-CR-4228, NUDOCS 8511120038
Download: ML20205F440 (95)
v • d • e

Text

. . -

NUREG/CR-4228 BNL-NUREG-51876 Review of the Vogtle Units 1 and 2 Auxiliary Feedwater System Reliability Analysis 4

1 Prepared by A. Fresco, R. Youngblood, l. A. Papazoglou Brookhaven National Laboratory Prep: red for U.S. Nuclear Regulatory Commission 1

l 4 C No$jp4 PDR

NOTICE This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government not any agency thereof, or any of their employees, makes any warranty, expressed or imphed, or assumes any legal liabihty of re-spnnsibihty for any third party's use, or the results of such use, of any infctmation, apparatus, product or process disclosed in this report, or represents that its use by such third party would not infringe privately owned rights.

NOTICE Availabihty of Reference Materials Cited in NRC Publications Most documents cited in N RC pubhcations will be available from one of the following sources-

1. The NRC Pubhc Document Room,1717 H Street N.W.

Washington, DC 20555

2. The Superintendent of Documents, U.S. Government Printing Oltice Pmt Of f we Box 37082, Washington, DC 20013-7082

3. The National Technical information Service, Springfield, VA 22161 Although the hsting that follows represents the majority of documents cited in NRC oubhcations.

it is not intended to be exhaustive.

Referenced documents available br inspection and copying for a fee from the NRC Pubhc Docu ment Room include NRC correspondence and internal N RC memoranda; NRC Office of Inspection and Enforcement bulletins, circulars, information notices, inspection and investigation notices; Licensee Event Reports; vendor reports and correspondence; Commission papers; and apphcant and licensee documents and correspondence.

The following documents in the NUREG series are available for purchase from the GPO Sales Program formal NRC staff and contractor reports, NRC sponsored conference proceedings, and NRC booklets and brochures. Also available are Regulatory Guides, N RC regulations in the Code of federal Regulations, and Nuclear Regulatory Commission issuances.

Documents available from the National Technical Information Service include NUREG series.

reports and technical reports prepared by other federal agencies and reports prepared by the Atomic Energy Commission, forerunner agency to the Nuclear Regulatory Commission.

Documents available from public and special technical hbraries include all open hterature items, such as books, journal and periodical articles, and transactions. FedIrral Register notices. federal and state legislation, and congressional reports can usually be obtained from these hbraries.

Documents such as theses, dissertations, foreign reports and translations, and non NRC conference proceedings are available for purchase from the organization sponsoring the pubhcation cited Single copies of NRC draf t reports are available free, to the extent of supply, upon written request to the Division of Technical Information and Document Control, U S. Nuclear Regulatory Com mission, Washington, DC 20555.

Copies of industry codes and standards used in a substantive manner in the NRC regulatory process are maintained at the NRC Library, 7920 Norfolk Avenue, Bethesda, Maryland, and are available there for reference use by the public. Codes and standards are usually copyrighted and may be purchased from the originating organization or, if they are American National Standards, from the American National Standards institute,1430 Broadway, New York, NY 10018.

-_-w__ _ - - _ - - -- - _ __--_w--- -

NUREG/CR-4228 BNL-NUREG-51876 4

Review of the Vogtle Units 1 and 2 Auxiliary Feedwater System Reliability Analysis

. _ _ - _ - - _ - - _ _ _ - . _ _ _ _ - _ - ~ - _ _ . _ _ _ _ _ - ._ -_ _

Manuscript Completed: August 1985 Data Published: October 1985 Prtpared by A. Fresco, R. Youngblood, l. A. Papazoglou l

Brookhaven National Laboratory Upton, NY 11973 i

Prrpered for Divi lon of Systems Integration Offica of Nuclear Reactor Regulation

! U.S. Nuclear Regulatory Commission W::hington, D.C. 20555 NRC FIN A3702 l

_ _ . ____..__ ___ .._.. . _.___ ~_ _ _ ._ _.__ _ .-_ __.,_. - _ _ __. _

-iii-1 4

i ABSTRACT t'

This report ' presents the results of the review of the Auxiliary Feedwater System reliability analysis for-the Vogtle Electric Generating Plant (VEGP)

Units 1 and 2. -The objective of this report is to ' estimate the probability that the Auxiliary Feedwater System will fail to perform its mission for each of three different initiators: (1) loss of main-feedwater with of fsite power available, (2) loss of offsite-power, (3) loss of all ac power except vital

{ instrumentation and control 125-V dc/120-V ac power. The scope, methodology, and failure data are prescribed by NUREG-0611, Appendix III. The results are i compared with those obtained in NUREG-0611 for other Westinghouse plants.

4 4

I i

i t

i i

i s

n

)

y e e,, w - ,,, , - , - , , , , - - - - , - - - - - --- --,,n-,.- , , , - - . . . ,,.e,-,n.- -n

~. -- _ _ _ . . .- . . -

-v-4 TABLE OF CONTENTS Page ABSTRACT ............................................................... iii L I S T OF F I GUR E S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii L I S T OF TA B L E S . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v i i i EXECUTIVE

SUMMARY

...................................................... ix

1. INTRODUCTION ....................................................... 1 4

2. SCOPE OF BNL REVIEW ................................................ 1

3. MISSION SUCCESS CRITERIA ........................................... 2

4. SY ST EM D E SCR I PT IO N . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

{

1

. '5. EM E RGE NC Y OP E R AT I ON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5.1 Loss of Ma i n Feedwate r - (LMFW ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5.2 Los s o f O f f s i t e Powe r (L O OP ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 5.3 L os s o f Al l a c Powe r (LOAC ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

]

6. TESTING ............................................................ 4

7. SURVEILLANCE REQUIREMENTS .......................................... 6

8. OUTAGE LIMITATIONS AND MAINTENANCE ................................. 6 8.1 Outage Limitations ............................................ 6 8.2 Maintenance ................................................... 7 j

9. RELIABILITY ANALYSIS ............................................... 8 9.1. Qu a l i t a t i v e As pe ct s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

9.1.1 Mode of System Initiation .............................. 8 9.1.2 System Control Followi ng Initiation . . . . . . . . . . . . . . . . . . . . 9 9.1.3 Effects of Test and Maintenance Activities ............. 10 9.1.4 Avail abili ty of Alternate Water Supplies . . . . . . . . . . . . . . . 10

9.1.5 Adequacy and Separation of Power Sources ............... 11 l

9.1.6 C ommo n M o de F a i l u r e s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .- 12

' 9.1.7 Single Point Failures .................................. 12 l

9.1. 8 . Adequa cy of Eme rgency Procedures . . . . . . . . . . . . . . . . . . . . . . . 12 9.2- Quantitative Aspects .......................................... 13 9.2.1 Applicant's Use of NRC-Suggested Methodology and Data .............................................. 13 L 9.2.1.1 Fault Tree - Construction and Evaluation.. ..... . . 13 i 9.2.1.2 Failure Data .................................. 14 9.2.2 Ap pl i c a n t ' s R es u l t s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 9.2.2.1 System Unavailabilities ....................... 14 9.2.2.2 Dominant Failure Modes and Conclusions......... 15 i

1-

-vi

'Page 9.2.3 BNL Assessment ......................................... 15 9.2.3.1 Fault Trees ................................... 15 9.2.3.2 Failure Data .................................. 16 9.2.3.3 System Unava il abil i ti es . . . . . . . . . . . . . . . . . . . . . . . 18 9.2.3.4 Dominant Failure Modes ........................ 19 9.2.3.5 General Compa rison to Other Plants . . . .. . .. .. . . 20 9.2.3.6 General Comments .............................. 21 REFERENCES ............................................................. 22

-vil-LIST OF FIGURES

- Figure- Title Page 1 AFWS (Simpl i fi ed Fl ow Diagram) . . . . . . . . . . . . . . . . . . . . . . . xi 1- AFWS (S impli fi ed Flow Diag ram) . . . . . . . . . . . . . . . . . . . . . . . 23 2: Unit 1 Auxiliary Feedwater/ Steam Generators Intake ... xii 2 Unit 1 Auxiliary-Feedwater/ Steam Generators Intake.... 24 3 AFWS Simpl i fi ed Pi pi ng Layout . . . . . . . . . . . . . . . . . . . . . . . . 25

.4 AFWS Reliability Evaluation Methodology Flow Chart ... 26 5 Un i t 1 A FWS B l oc k Di ag ram . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 6 ' AFWS . Expa nded ' Bl ock Di ag ram . . . . . . . . . . . . . . . . . . . . . . . . . . 28

=7 Unit 1 AFWS Fault Tree Model ......................... 29 8 VEGP -AFWS Unavailability' Assessment Dominant Failure Modes - Case No.~1 - LMFW ................... 62

9. .VEGP AFWS Unavailability Assessment Dominant Fail ure Modes - Case No. 2 - LOOP . . . . . . . . . . . . . . . . . . . 64 10 VEGP AFWS Unavailability Assessment Dominant

-Failure Modes - Case No. 3 - LOAC ................... 66 i

a i

$ r i

l

. - - - . . _ . - ___, , . . . , . _ . . _ - , . . . . . _ . . . ~ - . . , - . - . . . .

-viii-LIST OF TABLES Table Title Page 1 VEGP AFWS Conditional Availability Comparison to Other Plants Usi ng the Westi nghouse NSSS . . . . . . . . . . . . . . . . . .. xiii 2 Unavailabilities of the VEGP AFWS, Comparison of Applicant's Results to BNL Assessment ................ xiv 3 BNL Assumptions of VEGP NSSS Steam Generator Makeup Requi rements Based Upon FSAR In formation . . . . . . . . . . . . . 67 4 AFWS Componen t Fa il u re Da ta . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 5 NRC-Supplied Data Used for Purposes of Conducting a Comparative Assessment of Existing AFWS Designs and Thei r Potenti al Rel i abi l i ti es . . . . . . . . . . . . . . . . . . . . . . . . 71 6 Nomenclature Scheme for Fault Identifiers Added by BNL to the Applicant's Fault Tree .................... 75 7 Comparison of Data Assumptions ......................... '76 8 VEGP AFWS Unavailability Sensitivity Comparison ........ 79 r

I l

4 9

o

-ix-EXECUTIVE

SUMMARY

Af ter the accident at Three Mile Island, a study was performed of the reliability of the auxiliary feedwater system (AFWS) of each plant then oper-ating with NSSS designed (gy Westinghouse. The results 9 AttherequestoftheNRC,t{)thatstudywere presented in NUREG-0611 l Georgia Power Corporation, an operating license applicant, has mad 9 q study of the Vogtle Electric Generating Plant (VEGP) Units 1 and 2 AFWS,13; performed using NUREG-0611 as a guideline. BNL has reviewed this study, and its conclusions are as follows (High, Medium, and Low refer to the NUREG-0611 reliability scale).

1. For an accident resulting in a loss of main feedwater (LMFW with off-site power available) the reliability of the AFWS is in the High range (un-availability = 2.2E-5/ demand).

2. For a loss of offsite power (LOOP) resulting in a concurrent loss of main feedwater (LMFW), the reliability of the AFWS is on the borderline of the High range (unavailability = 1.0E-4/ demand).

3. For a loss of all ac power (LOAC), except for the 125-V dc/120-V ac vital instrumentation and control power systems, resulting in a concurrent loss of main feedwater (LMFW), the reliability of the AFWS is in the Medium range (unavailability = 3.2E-?/d_ emend).

A comparison of the VEGP AFWS reliability to other AFWS designs in plants using the Westinghouse NSSS is shown in Table 1. The specific quantitative comparison between the applicant's results and those obtained by BNL is shown in Table 2. The BNL results are based on the unavailabilities shown in Table 8 of this report. for Case C with Multiple Errors Assumed.

This evaluation incorporates certain fairly conservative assumptions which were made for lack of information. These are discussed in Section 9.2.3. It is likely that additional information would reduce the uravail-ability estimates quoted above.

General Comparison to Other Plants The Vogtle AFWS design is similar to that of many other plants in that it consists nf two motor-driven pumps and a third pump which is steam turbine driven. It does have several notable features such as two redundant safety-class condensate storage tanks each having sufficient capacity for an extended cooldown and satisfaction of the design basis requirements. Transfer to the standby tank must be done manually. Another feature is the provision of a third, independent train of de power for the Turbine-Driven Pump (TDP) and its associated motor-operated valves, designated as 125-V dc Train C power. In this manner, failure of either dc Train A or Train B f ails only one of the Motor-Driven Pumps (MDPs), not an MDP and the TDP simultaneously.

-x-Also, since the-motor-operated throttle valves on the TDP discharge lines to the Steam Generators (SGs) are de-powered by Train C, SG level control can be maintained' by the operator from the control room even during a LOAC transient.

The location of the test recirculation lines very close to the SG intakes allows verification by pump testing of the position of all valves on the pumps' discharge lines, except for the manually operated stop check valves on the inlet lines to each SG (113,114,115,116).

The MDP headers are joined together by two nonnally closed manual valves 055 and 056. By opening both of these valves, either MDP can be used to feed all four steam generators. This feature is also available in several other AFWS designs.

Finally, the provision of the stop check valves 113, 114, 115, and 116 in the SG intake lines is unusual. Although, as mentioned previously, as the potential for human error blocking all AFW flow to an entire steam generator increases, the valv's e may provide an additional safety margin in preventing the back-leakage of steam into the AFW lines.

General Comments The Vogtle AFWS is in general a very well-designed system. The pro-visions for pump testing allow for nearly complete verification of the valve positions on the pump's discharge, the exception being the steam generator intake lines themselves. The inadvertent closure of the manually operated stop check valves on the intake lines does, however, have a significant effect on the unavailability analysis. This effect is substantially reduced if the valves have control room position indication or if the operator can credibly recognize the problem and take appropriate actions outside the Control Room within the 30 minutes allowable action time.

The actual procedure for and the sequencing of pump testing was not clearly explained in the applicant's analysis. It is not clear how many of the recirculation bypass line valves to_the Condensate System are simul-taneously opened during the testing of any one pump. Presumably, the re-circulation line valves for the two steam generators supplied by each MDP and the four valves for the four steam generators supplied by the TDP are opened simultaneously.

. . - _ _ _ . _ _ _ - - _ . . . . - - _. ._, __ . _ __ . ..-.m.._ . . _ _ . _ _ _.....__._..m. _ . . . _ - _ _ . _ , . _..__m.- _ . - . --

1. 006 (y. 2nrg

+ @) M 8 mou sTE AM Gent mATOn 3 g MAIN STE Au $v11g u &O 4**

40 M

[t] Mimou STE Au GthER ATON F l We mis 007 TRIPAmo 1P4 3 0 itenOTTLE GOVs AssemG watwa watyg Cfht A 4 gg ,

j etNTAmt I

$106, g /

C$f av sv g,g gg 7"/

t8 M- 8I O to TO st g au e,

/ ENERATOR I0 014 015 S122 020

"~'"'

40 LO '

7 ~

g; g,, @, t9 O LO, e- TO $Y g au j j CEhtnATOR e'

Oli $17% 023 gigg,,g to 7 3 fg ,

/k

, . A., 0 LO LO .. to LO 4* TO $TE Au 08 0 N hI N GtmenATOR M7 N StiF N CST m,

,,, gg, g y ,

=>

On 026 384TAsf 3 x

$15e LO [to 5113 06 t (1)

W W 'l

, 3 111- p

-s x LO 053 tc gow a a ..

c as seu oeo (11 5110 4 06:

LO LO ..

N**'

• • 2 $ '

, , , , , , te][as.

~

'a. y' >

c Ncol s:

em g 003 to (1) CHECK VALVE go, ** FL APPE H HAS 4- h 4 ,

BCEN REMOVf D q , gig 046 SIM 046 Sett est (il m s,pg a

><3 LO 2 tit' Figure 1 v0GTLE AFWS F LECTRIC CENER ATING PLANT Georg. s iaPower UNIT uNo our 2 FSAR FIGURE 10A-1 Aue

-xii-3a %a 2'3 -- 2$' \

x s- s- ww 0, bx

. ae

} ,, ! J j ,, Isk ,__ _ _ __ _ _ _ _: l e;~

e- L ,_ _ __ _ _ _ _ :_ l -

m m

3r i

~l s - flI al

3r

? T a lf l

• 1l 6M m <

r i 4 s

_J JL I .

I

_JL I  !! <

!! o e  : s  :  : 30 me -

>=

IT:: !l

. I :

- l < <2

-c w

=2 1r -t':s T l

=2 ir

,r :

I

e

aw

-z x

o i:  ;

INN!! t i  :

! I Ni! I b'  !

~ h x

_ _I -

l ; - _I _

l i, ~< e

-E l  ! !s E

\_ E l  ! l ih EU $

k_r_ k__!

_J _ _

r_ __J _ _

l se-eM

~

u.

r  ! I 8  ! 8 l y " -

v e I y -

v I I I 7 = 1 7 = 1 t_ i________J s

t_ l________J s

5 3

=

,s= ,=

a l  :: I  :: a

• i'

/

) *i'

/

%n xe -

2 2 w3 0O O2 w@4 a

33 u_

es: %a Uw-3 y. :- Oa2

-: >ma

!, " e, 2:

g c-__--__ g o, -

3

1r  : I .I

3r 9- r_______l  : c.;

e sL 1rI

l 3  :-1 rl -

s at i ;

a.

s aJLl, g

ll

.l p I :

N

.l

. i -:  !. .c_

d[

• W D

<3 e h q,.

lr 63 l

'

• 1r, .

l 37;

l e o E

i i, = f Ia -

l  :

-l

_l -

ll _ _l _

l j E

h_  ! l 5 Ii s 5 i

__a - - - l I r_ l

,__a _ -

l t I s 1 8  ! x I v " -

v i y 2 -

v i-e l .

l 7 5 l 7  : I t_ _________J x

t_ i________J s

! ,a I

i  :: l  ::

- ) as 3 7

/ /

e

Table 1 VEGP AFdS Conditional Availability Corparison(*)

to Oth2r Plants Using ths W stinghouse NSSS TRANSIENT EVE NTS LMFW L Mf WItOOP L MF Wit OAC PLANTS LOW MED' HIGH PL AN T S LOW . MED HIGH GH PLANTS LOW MED HIGH WE STINGHOUSE WESimCHOUSE -I WESTINGHOUSE ,

H AOD AM NECK e HADO AM NECK <> HADDAM NECK di SAN ONOFRE e SAN ONOFRE e SAN ONOFRE q> - - -HD PR AtRIE ISL AND ti PR AIRtE ISL AND e PRAIRIE ISL A ND <>

a SALEM <>- 4 -

SAL E M <>-Is SAL E M ti 2 ION - G 240N D ZION O V ANKEE ROWE e yANKE E ROWE D YANKEE ROWE t>

T RO JA N e T ROJAN e T ROJAN O skDe AN POINT '

INOf AN POINT e t

sNDIAN POINT 4>

K E W ANE E e NEW ANEE e NEWANEE <>

3 H 8. ROSINSON O H 8. ROSINSON O H 8 ROSINSON 1 BE AVER V ALLE Y e SE AVER VALLEY e BE AVER VALLEM, t>

f cmNA e GmNA e Gm4A O POINT BE ACH e POINT BE ACH e POINT BE ACH e COOK e COOK e COOK O t TURKEY POINT e TURKEY PosNT e TURKEY POINT 4i FARLEY e FARLEY e FARLEY ti e

SU R R Y SURRY e SURRY

• NORTH ANNA e NORTH ANN A 4 NORTH ANNA e i voGTLE Q @ VOGTLE '

ll VOCTLE A.~l t- ORDF R OF MAGNtTUDE IN UNAVAIL ABILITV REPRESE NTED IOW 3

- INCRE AssesG AVAILA88tITV.

i e THE SCAT t soR THrS E vENr eS NOT THE SAME AS THAT rOR THE tun ^NO ium m w @ Applicant's results l

$ BNL assessment a

1

-xiv-Table 2 Unavailabilities of the VEGP AFWS, Comparison of Applicant's Results to BNL Assessment Transient Applicant's Results BNL Assessment

1. LMFW 6.3E-6 2.2E-5

2. LOOP 2.6E-5 1.0E-4

3. LOAC 1.0E-2 3.2E-2

1. INTRODUCTION This report is a review by Brookhaven National Laboratory (BNL) of the Vogtle Electric Generating Plant (VEGP) Final Safety Analysis Report (FSAR)

Appendix alysis," prepared 10A, entitled "VEGP by Bechtel Auxiliary Feedwater Corporation for Georgia System PowerAvailability Corporation. An-(3)

After the accident at Three Mile Island, a study was performed of the Auxiliary Feedwater Systems (AFWS) of all the then-operating plants. The re-sults obtainN for operating Westinghouse-designed plants were presented in NUREG-0611. W At that time, the objective was to compare AFWS designs; ac-

cordingly, generic failure probabilities were used in the analysis, rather

j. than plant-specific data. Some of these generic data were presented in I

NUREG-0611. - The probability that the AFWS would fail to perform its mission on demand was estimated for three initiating events:  ;

I (a) loss of main feedwater (LMFW) without loss of offsite power; (b) loss of main feedwater associated with loss of offsite power (LOOP);

(c) loss of main feedwater associated with loss of offsite and onsite ac (LOAC).

i j Since then, each applicant for an operating license has been required to i submitareliabil}i1y NUREG-0611 study. analysis of the plant's A quantitative criterionAFWS, for AFWSsimilar to thathas reliability in the been defined by the NRG in the current Standard Review Plan (SRP) for Auxiliary Feedwater Systemsl4 )-

l

". . . An accep

! range of 10 gable AFWS to 10-5 per demand should based have an unreliability on an analysis in the using methods and data presented in NUREG-0611 and '

NUREG-0635. Compensating factors such as other methods of accomplishing the safety functions of the AFWS or other

, reliable methods for cooling the reactor core during abnormal conditions may be considered to justify a larger j unavailability of the AFWS."

2. _S_ COPE OF BNL REVIEW The BNL review has been conducted in accordance data, and scope found in Appendix III in NUREG-0611.(w{lth l the methooology, It has two major

- objectives:

(a) to evaluate the applicant's reliability analysis of the AFWS; (b) to provide an independent assessment, to the extent practical, of the _ AFWS unavailability.

i I

. Unavailability as used in this report has been defined as the "probabil-ity that the AFWS will not perform its mission on demand." The term unavail-ability is used interchangeably with unreliability. Specific goals of this review are then:

(a) to compare the applicant's AFWS to the operating plants studied in NUREG-0611 by following the methodology of the latter as closely as possible; (b) :to evaluate the applicant's AFWS with respect to the reliability 9 i.e., that the unreliability of the goal set forth AFWS is in the range of 10- in SRP 10.4 4,to 10-5 per demand, using the above

!' methodology.

i

! The NOREG-0611 methodology and the BNL review specifically exclude ex-

! ternally caused common mode failures such as earthquakes, tornados, floods,

! etc., and internal failures caused by pipe ruptures, i

3. MISSION SUCCESS CRITERIA.

il l

According to Reference 3, the AFWS is composed of three mechanical trains

! which serve the four steam generators at a given unit. The steam generators

have been analyzed to require 510 gal / min.of flow under the most severe acci-1 dent conditions.. Each motor-driven pump of trains A and B has a capacity of l 630 gal / min and provides more than 100% of the required auxiliary feedwater

! flow. Train . A provides feedwater .to steam generators 1 and 4, and train B j provides feedwater to steam generators 2 and 3. The-(steam) turbine-driven j pump of train C has a capacity of 1300 gal / min and provides more than 200% of 1 the required auxiliary feedwater flow. The turbine-driven pump provides feed-

! water to all four steam generators. Furthennore, as outlined by the PRC eval-2 uation of AFWSs (NUREG-0611), the AFWS must actuate within the time it takes

, for the steam generators to boil dry when no flow is provided to the steam j generators. At VEGP, the boiloff time (a'nd therefore the limit on the AFWS l actuation time) is approximately 30 min..as stated in Reference 3.

l In addition, FSAR Subject 10.4.9.2.1 states that normal flow is from the

CST to the auxiliary feedwater pumps. The design of the CST provides for cold i

shutdown capability for a period of 9 h: 4 h at hot standby, followed by a 5-h cooldown period. Table 3 of this report provides the nuclear steam supply

, system (NSSS) required makeup rates to the steam generators for the specific

! transients within the- scope of this ' review. Initially, sensible heat is re-

moved from the RCS to reduce the temperature from a full-power operation j average temperature of 588'F to a' nominal hot standby temperature of 500*F.

j Subsequently, to bring the reactor down to 350'F at 50 F/h, an initial makeup

rate of 500 gal / min is required.

l

4. SYSTEM DESCRIPTION i The BNL review of the AFWS reliability is based on the system as described in' the.VEGP FSAR Sections 10.4.9 and 10A currently on file in BNL's l

j 4

Nuclear Safety Library. The simplified AFWS flow diagrams, fault trees, and other drawings from Section 10A have been included in this report for convenience (see Figures 1 to 7 of this report). All figures and tables will be referred to by the present numbering scheme, e.g., Table 1 of this report, which is FSAR Table 10A-5, will be called simply Table 1.

5. EMERGENCY OPERATION For the discussions below, refer to Figures 1 and 2.

5.1 Loss of Main Feedwater (LMFW)

Offsite power is available and the two motor-driven pumps (MDPs) start automatically upon trip of both Main Feedwater (MFW) pumps or low-low level in any one steam generator. Automatic actuation also occurs upon a Safety injec-tion signal. The turbine-driven pump starts automatically upon low-low level in any two steam generators by the opening of the dc Train C motor-operated steam admission valve 5106 Unless the normally aligned Condensate Storage Tank 091 contains an inadequate supply of water and pump suction has not already been aligned to the standby CST 002, no other closed valves need to be opened either manually or automatically to initiate auxiliary feedwater flow.

Transfer to the alternate CST 002 must be done manually, either from the Control Room or locally, by opening the motor-operated valves 5113, 5118 and 5119. The operator can remotely manipulate the position of the AFW flow con-trol valves (5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139) to control steam generator level. This can also be done locally at the valves. Upon reaching pump a flow rate of 100 gal / min or greater, the motor-operated iso-lation valves in the recirculation miniflow lines of each MDP are automatical-ly isolated so that no recirt.ulr ion flow occurs during most of AFWS opera-tion, except for the continuous t ecirculation flow of the TDP. If the motor-operated valves in the miniflow lines of trains A and 8 fail to close, there is still sufficient flow to the steam generators because of the presence of a flow-limiting orifice to the miniflow lines.

5.2 Loss of Offsite Power (LOOP)

In this case, with no offsite power available, the MDPs can be started only after receiving an automatic signal from the diesel generators sequencing logic. The TDP is automatically started upon LOOP. The Reactor Ccolant Pumps are not powered and thus cooldown of the reactor core is by natural circula-tion. For lack of information in the applicant's FSAR and reliability anal-ysis, BNL has assumed that the required flow rate is 510 gal / min, the same as for the LMFW case. This still results in only one MDP being required.

All valve orientations and manipulations are the same as for the LMFW case, except that the steam admission valve, 5106, is automatically opened to start the TDP directly upon a LOOP signal. Steam generator level control is again either remote from the Control Room or local manually.

i i

-4 I 5.3 Loss of All ac Power (LOAC) l' Since both offsite and onsite power are unavailable, only the steam turbine-driven pump is available to supply AFW flow. All valves in the TDP i train, including the flow control valves, are supplied with dc power which

! allows the operator complete control of the single TDP train from the Control

f. Room without the need for local manual actions except during c6mponent fail-j ures. All motor-operated valves in the TDP train are powered from a separate

de train designated Train C which derives power from ac Train A with backup

, power provided by batteries. Therefore, Train C dc power can be assumed to be 1

independent of Train A de power because it is backed by dedicated batteries 1 which would become the sole power source for the LOAC condition.

, Since the LOAC condition includes.a blackout sequence signal, the TDP is i aute:aatically actuated upon LOOP by opening the steam supply valve 5106. For i the reasons explained above, BNL has assumed that the required flow rate is

! 510 gal / min. Again, the Reactor Coolant Pumps are not powered, and thus cool-

! down of the reactor core is by natural circulation. Steam generator level

, control is performed manually either from the Control Room or locally at the valves.

! 6. TESTING The applicant has based his analysis with regard to testing on the fol-lowing information taken from FSAR Appendix 10A. As of the date of the ap-

plicant's evaluation, the Technical Specifications, operating procedures,

! maintenance procedures, and testing procedures applicable to the VEGP AFWS i

, were not written. Thus, in order to model and analyze the contribution of hu-man error, testing, and maintenance to the unreliability of the VEGP AFWS, re-levant generic documents were used.

1 The Technical Specifications yptd were extracted from the Westinghouse '

, Standard Technical Specifications.P1 The most notable factors of these 2

preliminary Technical Specifications are (with respect to testing):

)

i a. The testing frequency for AFWS pumps is once every 31 days.

j b. The testing frequency of pumps and valves with automatic actuation is j performed once every 18 months.

t j c. The testing frequency of each dc train is once every 7 days.

] BNL interprets item b to mean that the automatic actuation signal of j pumps and valves, not the pumps and valves themselves, is tested ~every 18

( months. BNL also assumes that testing of the automatic actuation signals and ,

j the dc trains does not require *. hose components to be unavailable during the i test..

In addition, according to Reference 3, the generic plant testing and

! maintenance procedures used in the AFWS reliability evaluation were a l

i I

{

1

- --- .,,--y.- ,--,.---r, ..-~~:_,c-, -i,--. , - , , - . . . p,,w-,. , . ww ,,3 - . , 14,,- . .:---,w-+ -ry,-t"ter-~'

synthesis of generic procedures. These procedures are based on current industry practice, lessons learned from previous human reliability analysis, and the VEGP AFWS design capabilities. Those procedures ralevant to testing are:

a. The motor-operated valves in the discharge lines (5120, 5122, 5125, 5127, 5132, 5134, and 5137) are used to manuall) throttle AFWS flow and pressure during testing to keep AFWS flow from entering a steam generator,

b. The motor-operated valves in the discharge lines receive an automatic actuation signal to assume their full-open position even if they are being used for testing.

c. The only valves requiring manual realignment for testing or flushing are the recirculation bypass valves (81, 82, 83, and 84).

d. If a single recirculation bypass valve has not been closed, there is still sufficient flow to the steam generators due to the presence of a flow-limiting orifice in the recirculation line.

e. The motor-operated valves from CST 002 (5113, 5118, and 5119) are manually controlled with no automatic sic,nals to close (if CST 002 is being used for testing or flushing of an AFWS train).

f. Valve position after a test is checked by a single operation.

The pump testing procedure requires further discussion. According to Reference 3, the AFWS is designed to allow flushing or testing while the plant is operating with no effect on the main feedwater flow. Any train of the AFWS for testing or flushing is aligned such that suction is taken from a CST and the flow passes through the pump and discharge lines where the motor-operated valves in the discharge lines are used to throttle the flow and pressure. The flow is then diverted away from the steam generators prior to the stop check valves by the manual opening of the bypass (recirculation) valves and dis-charged to the condensate system. Each recirculation line is fitted with an orifice that limits the amount of flow diverted away from the steam genera-tors. This ensures sufficient flow to the steam generators if the AFWS is required during flushing or testing. When not in use, the recirculation valves (81, 82, 83, and 84) remain closed. Also, upon receipt of any of the AFWS automatic actuation signals, the discharge (control) valves go to the full-open position if not already open. Although the applicant states that failure to close the recirculation valves after a test, or during a test in

which the.AFWS is required, does not result in excessive flow diversion, it is i

not clear that this is true when only one MDP is available. In particular, if either MDP has a capacity of 630 gal / min at steam generator pressure with the miniflow recirculation lines closed, a diversion of more than 120 gal / min through the test recirculation line would result in a flow rate below the required 510 gal / min LMFW (see Table 3). To see the effect of this, BNL has modeled failure to close the recirculation line valves as independent human

errors coupled with testing of a single pump which can cause insufficient flow to the respective steam generator. The net impact on the final results is, however, quite small.

7. SURVEILLANCE REQUIREMENTS As explained in the preceding section, the Technical Specifications were extracted from the preliminary Westinghouse Standard Technical Specifications.

The most notable of them with respect to surveillance are:

a. The verification frequency of the CSTs water volume is once every 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.

b. The verification frequency of valves in the flowpath is once every 31 days.

The table presenting the applicant's failure data in Reference 3, is in-cluded in this report as Table 4. The above infonnation is used in conjunc-tion with the failure data for human acts and errors given in NUREG-0611, and appears in this report as Table 5. From Table 4, it appears that the appli-cant has assumed operator errors for motor-operated valves only.

! Pre-accident closure was given a 5x10-4 unavailability / demand which

! corresponds to the NUREG-0611 value for valves having control room position indication, which is typically the case for motor-operated valves. However, l no pre-accident error was assumed for manual valves, which typically do not have such indication. BNL has assumed an error probability of 1x10-3/ demand i for valv of 5x10 gs whose position

/ demand for valvescan be verified whose positionby the can notpump testing act and a value be verified.

j I Post-accident closure of motor-operated valves is given a failure prob-ability of 5x10-3/ demand, which is the NUREG-0611 value for a 30 min allow-able actuation time for a "Non-Dedicated" primary operator to actuate the AFWS. This does not consider the probability of the backup control room

! operator taking the proper action. In this case, the NUREG-0611 value for the overall estimated failure probability is 1x10-J, i .e. , a 0.2 recovery f ac-tor, which is what has been assumed in the BNL analysis. No unavailability due to post-accident closure of manual valves is assumed.

l

8. OUTAGE LIMITATIONS AND MAINTENANCE 8.1 Outage Limitations

]

From the preliminary Westinghouse Technical Specifications, the limiting conditions of operation are:

a. With one AFWS pump inoperable, the limiting condition of operation action time to hot standby is 78 hours9.027778e-4 days <br />0.0217 hours <br />1.289683e-4 weeks <br />2.9679e-5 months <br />.

b. With two AFWS pumps inoperable, the limiting condition of operation i action time to hot standby.is 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.

1 J

r-

c. - With one or more steam generators inoperable, the limiting condition of operation action time is 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />.

d. With less than 330,000 gal in the CSTs, the limiting condition for operation action time to hot shutdown is 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br />.

e. With one 125-V de train inoperable, the .imiting condition for oper-ation action time to hot standby is 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.

The above requirements essentially define a maintenance policy which allows only one pump train or steam generator to be unavailable at one time because of maintenance. Any secondary t.navailability of a pump train or steam generator is assumed to be due to a failure discovered during testing of the remaining two pump trains. It should be noted that testing by itself does not cause pump unavailability, only the failure to reclose the recirculation by-pass valve or reopen the throttled control valve to a steam generator. How-ever, it is assumed that testing of only one pump train at a time is allowed.

8.2 Maintenance _

The generic plant procedures contain the following items which pertain to maintenance:

a. The performance of maintenance on a component requires that the com-ponent be manually isolated on both the upstream and downstream sides.

b. The motor-operated valves in the miniflow lines of trains A and B (5154 and 5155) are subject to maintenance for calibration of the flow element actuation device in these valves.

The applicant has stated the required actions to perform component mainte-nance, i.e., the need for both upstream and downstream isolation. Maintenance has been assumed by the applicant for all pumps and valves, including check valves and manually operated check, gate, and butterfly valves, but not for the diesel generators.

Although the applicant references both NUREG-0611 and WASH-1400(6) as sources for maintenance unavailabilities, the data values for valves appear to be substantially lower than those given in the referenced sources. In par-ticular, a comparison of the applicant's data with the sources is as follows:

Component in Maintenance Applicant's Data NUREG-0611/ WASH-1400 Check, stop check motor-operated valves, trip and throttle valve, speed governing valve 2.17x10-6 2.1x10-3 Manual gate valves and manual butterfly valves on pump suc-tion lines 7x10-8 2.1x10-3 Butterfly valves on CST discharge lines 4x10-7 2.1x10-3 Motor- and turbine-driven pumps 5.8x10-3 5.8x10-3 Diesel generators 0 6.4x10-3 125-V dc electric power 2.4x10-6 *

• Out of NUREG-0611 scope.

In the BNL analysis, the NUREG-0611/ WASH-1400 data were used. However, maintenance was assumed only for motor-operated valves. All other valve maintenance, with the exception of the maintenance on the stop check valves 017, 020, 023, 026, 037, 040, 043, and 046 on the pump discharge lines, was assumed to be zero.

The modeling of the fault trees and a complete comparison of the data as-sumptions are discussed in detail in Section 9.2 of this report.

9. RELIABILITY ANALYSIS 9.1 Qualitative Aspects 9.1.1 Mode of System Initiation

1. LMFW - As stated above in Section 5, both MDPs start automatically upon loss of both MFW pumps or upon low-low level in any one steam generator.

Should the MDPs fail to start, the TDP will start automatically upon low-low level in any two steam generators. All three pumps can be manually started by the operator either from the Control Room or locally. Therefore, the appli-cant complies with Recommendation GL-1 of NUREG-0611 that AFWS flow be initiated automatically using safety grade equipment and that manual start serve as a backup to automatic AFWS initiation.

2. LOOP - Both MDPs are automatically initiated by the diesel-generator sequencing logic once power is received from the diesel generators. The TDP is also automatically initiated by opening dc-operated valve 5106 by means of i

i l

125-V dc Train C power provided either by the 120-V ac power of the Train A diesel-generator through the inverters 'or by the dedicated battery backup power. All three pumps can again be started manually by the operator eithe'r from the Control Room or locally. Therefore, the applicant still complies with recommendation GL-1 mentioned above.

3. LOAC - In this case, only the TDP is available. Since LOOP is im-plied, the TTP is again automatically initiated by opening valve 5106. The ,

pump is normally aligned to CST 001. If the standby CST 002.must be used as the suction source, valve 5113 is powered by dc Train C and can be opened manually either from the Control Room or locally, although such alignment is normally perfonned prior to the transient. The TDP can also be initiated manually either from the Control Room or locally in this case. Therefore, the I

applicant complies with Recommendation GL-3 of NUREG-0611 which states that at least one AFW pump and its associated flow path and essential instrumentation should automatically initiate AFW system flow and be capable of being operated

~

independently of any ac power source for.at-least two hours.

9.1.2 System Control Following Initiation A,

According to Reference 3, the AFWS is aligned to be placed in service automatically in the event of a demand. Following the receipt of a safety injection signal, a two-out-of-four low-low steam generator water level signal

, from any one steam generator, a trip signal from both main feedwater pumps, or a loss-of-offsite-power signal, the auxiliary feedwater discharge valves go to the full-open position if not already open and the two motor-driven auxiliary

, feedwater pumps are actuated and begin to deliver flow from the online CST to 4

the steam generators. Once flow has been established, the motor-operated valves in the miniflow lines close automatically. The turbine-driven pump is

',. actuated automatically on two-out-of-four low-low water level in any two steam generators or on a loss-of-offsite-power signal. To' actuate the turbine-

) driven pump, the nonnally closed dc motor-operated valve (5106) in the steam supply line to the turbine is opened automatically. The speed-governing valve and the trip / throttle valve, which are in the same line as the steam inlet

valve, are automatically controlled by the speed governor on the turbine-driven pump. Following a transient or accident, the minimum flow is delivered l to at least two effective steam generators within 1 min of an automatic '

auxiliary feedwater actuation signal. Once the system has been ' actuated, the

! operator can remotely manipulate the auxiliary feedwater control valves in order to control the steam generator water level.

For normal operation, the AFWS is used to fill and/or maintain the water -

' level in the steam generators during startup, shutdown, and hot standby con-ditions. The AFWS may be actuated and controlled manually during normal oper-ation or abnormal conditions. The motor-operated valves in the miniflow lines -

of mechanical trains A and B (5155 and 5154) can only be actuated automatical-

~

ly. ~ Although not shown on Figure 1, safety-grade flow meters with both Con-trol Room and remote shutdown rianel indication and instrument channels powered from emergency buses have been orovided to indicate flow to each steam gen-

, erator. This appears to satisfy the requirements of Additional Snort Term 4

. Recommendation 5.3.3 of NUREG-0611.

i i

- .-- ...r . ,% .,. rs . -y , . . - - - . . , - , _ . _ . , . - . . , - , . , . , . - - .y .,

-- - y j

f q For the specific .csses covered by this review, system control is as fol-lows:

1. LMFW - Steam generator level control is maintained by the operator manually modulating the motor-operated flow control valves in the pump discharge lines to each of the four steam generators (M0Vs 5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139). If suction must be transferred from the primary condensate storage tank CST 001 to the standby tank CST 002, the normally closed MOVs 5113, 5118, and 5119 can be manually opened either from the Control Room or locally. There' is no automatic pump trip on low suction pressure. The r.dni, flow lines around the MDPs are automatically isolated when pump flow is above;100 gal / min while the miniflow line around the TDP operates continuously. x c' , ,

There are two'normally closed manual sate valves, 055 and 056, on a '

header which joins the two motor-driven pumps A and B together. Normally MDPA -

supplies only-Steam Generators 1 and 4 while MDPB supplies only Steam it Generators 2 and 3. By ope'ning both these valves, either motor-driven pump f alone can supply all four steam generators.

2. LOOP - System control is basically the same as for LMFW. The only significant difference is that ac power is supplied by the diesel generators.

Leven control can still be maintained by modulating the flow control valves in the dit, charge lines to the steam generators. Transfer to the standby condensete storage tank and use of one motor-driven pump to feed all four  ;

steam generators are also the same as for LMFW. -

3. LOAC - In this case, only the turbine-driven pump and its fhw paths' '

are available. Since all motor-operated valves in its flow paths are d:- O operated, the operator can still control the steam generator level byvnodu-lating the flow control valves either from the Control Room or locally. In~

effect, the operator can perform all of the same functions as before with the s

TDP for LMFW and LOOP because the Train C dc power is backed up by its own dedicated batteries which are used when Train A 120-V ac power is unavailable.

a-9.1.3 Effects of Test and Maintenance Activities The ef fect of testing on this system was discuss'ed earlier in Section 6.

As noted in Section 8, the applicant has stated tha$ to perform maintenance on any component, the component must be manually isolated both upstream and downstream. This can easily incapacitate an enti et pump' train.- For example (see Figure 1), if maintenance must be performed ondnt 'oi"the' manual gate valves on any one.of the discharge lines to the four steam generators from the TDP, valves 016, 019, 022, or 025, all four valves must' be ' closed, thereby incapacitating the TDP.

9.1.4 Availability of Alternate Wate'r Supplies:9I h*~

f-

)

There are two redundant condensate stdrage tanks whQhre eacir idin-tained above a minimun level of 330,000 gal. The minimuMMer level of s

4

(

each CST is designed to maintain the reactor in a hot standby condition for 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> followed by a 5 hour5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> cooldown period, at which time the residual heat removal system can be used to further cnol the reactor coolant system. The combined minimum operating capacity of the CSTs (660,000 gal)'is designed to allow a hot standby condition for 31 hours3.587963e-4 days <br />0.00861 hours <br />5.125661e-5 weeks <br />1.17955e-5 months <br /> followed by a 5 hour5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> cooldown period until operation of the residual heat removal system is initiated.

Each tank is a Seismic Category 1 structure with a capacity of 480,000 gol. The minimum safety capacity is ensured by all nozzles of nonsafety systems being located on the storage tanks above the corresponding elevation.

The condensate level in each tank is automatically maintained by a level con-trol valve in the line (to the tank) from the demineralized water system, which actuates when the volume in the tank drops to 472,250 gal.

As the water in the online CST is depleted, the operator may manually realign the system so that the standby CST serves all three pumps. A separate line connects each pump to each CST.

Therefore, the applicant has taken substantial measures to ensure an adequate supply of alternate water sources. However, it should be noted that the flappers have been removed from the check valves on the suction side of the pumps, valves 013, 033, 051, 058, and 061, (see Figure 1). No reason is oiven for this. Such being the case, if and when the operator must transfer to the standby CST 002, it seems that the level in CST 001 will precipitously rise while the level in CST 002 will precipitously fall to equalize the static head. This is because there are effectively no check valves on the pump sucticn side, so that flow from CST 002 does not isolate CST 001. This might lead to some momentary confusion on the operator's part and possible mis-interpretation of instrument readings.

The specific emergency procedures for transferring to the standby CST have not been provided in Reference 3. The procedures should include criteria to inform the operator when the transfer to the standby CST should take place, and should meet all other requirements described in Recommendation GS-4 of NUREG-0611. Reference 3 does indicate that there are level indicators and alarms both in the Control Room and locally for the CST water level to allow the operator to anticipate the need for makeup water or transfer to the alternate CST to prevent a low pump suction pressure from occurring. It does not indicate whether the indicators and alarms are redundant and whether the low-low level of such alarms allows at least 20 minutes for operator action, as described in Additional Short-Term Recommendation 5.3.1 of NUREG-0611, 9.1. 5 Adequacy and Separation of Power Sources According to Reference 3, physical separation between the trains of the AFWS is maintained with regard to the prevention of common cause failures created by fire, flooding, and missiles. The simplified piping layout schematic of the AFWS is provided as Figure 3 of this report. Excluding the containment building, the only two locations where a portion of all three trains lie in a common area are in the building that houses the CSTs and in a pipe chase in the auxiliary feedwater pumphouse. Both locations:

i

a. are protected from external missiles and have no internal source for missiles,

b. have no components subject to disabling damage due to flooding, and

c. have minimal sources of fire.

Physical separation between electrical components of the AFWS is provided in accordance with Regulatory Guide 1.75 and Institute of Electrical and Elec-tronics Engineers (IEEE) Standard 384 9.1.6 Common Mode' Failures In BNL's judgment, two aspects of the Vogtle AFWS design yield poten-tially significant common mode failure contributions to the system unavail-ability (see Figures 1 and 2). The first aspect involves the manual 11y operated stop check valves at the steam generator inlet lines, (113, 114, 115 and116). If the operator inadvertently closes any three of the four valves, the mission success criterion is unmet. Closure of one of these valves prevents the flow from both of the pumps which normally supply a steam generator. Even if the normally closed interconnection between the two motor-driven pumps, valves 055 and 056, is open, flow still cannot enter the steam generator from the alternate motor-driven pump.

The other aspect is the testing of the turbine-driven pump coupled with conmon mode failure to close at least two of the recirculation line valves, (81,82,83,84) which causes excessive flow diversion from the steam generators. Both of these cases are quantitatively assessed in Section 9.2.3.2.

The applicant's own common cause analysis, according to Ref. 3 was performed deterministically and in two parts. The first part was performed explicitly for common cause hardware failure by location, and is discussed in Section 9.1.5 on physical separation. The second part of the conmon cause analysis was performed implicitly throughout the evaluation. According to the applicant, the results of the entire canmon cause analysis revealed no significant common cause potential within the VEGP AFWS.

9.1.7 Single Point Failures No single point failures were discovered during the course of this review.

9.1.8 Adequacy of Emergency Procedures The applicant has not previded emergency procedures at this time. Such procedures should be provided in the future.

i I

9. 2 Quantitative Aspects 9.2.1 Applicant's Use of NRC-Suggested Methodology and Data 9.2.1.1 Fault Tree Construction and Evaluation In Reference 3, the applicant states that the initial fault tree was developed to the component failure mode level and then expanded to the component failure cause level. The component failure causes considered were:

a. Random failure on demand.

b. Unavailability due to testing.

y c. Unavailability due to maintenance.

d. Independent human error during testing or maintenance.

e. Common cause human error during testing or maintenance.

i The fault tree developed for the analysis in FSAR is included in this report with BNL modifications as Figure 7, Sheets 1 to 33.

Although the applicant states that unavailability due to testing and common cause human error during testing or maintenance were considered in the fault tree, BNL was unable to locate any such aspects in our review of both i the fault tree and the applicant's assumptions in Table 3. Neither the fault tree nor the data table contains specific fault identifiers, and therefore the applicant's results can not be unequivocally duplicated. Nevertheless, the fault tree is very comprehensive and great care was evidently taken to correctly model maintenance acts on all pumps and valves. However, the important contribution of diesel-generator maintenance was omitted.

In addition, the fault tree does not model maintenance acts excluded by i technical ing that thespecification requirements applicant used the WAM-CUT in(9n)y useful way, computer code. particularly Speci ficalconsider-ly, Figure 7, Sheets 3 through 10, show that the inputs to the AND gates: "N0lF TO SG FROM TRAIN DUE TO MAINTENANCE" and a NOT gate described as "D0ES NOT VTULATE TECHNIC'XE SPECIFICATIONS."

Obviously _the latter gate indicates only schematically how the calcula-tion was performed, because it does not identify exactly which coincident maintenance events are to be excluded. It is therefore unclear just exactly how the applicant arrived at his numerical results. In using the WAMCUT code, the two basic approaches to elimination of disallowed coincident test and/or maintenance ' acts are (1) to make extensive use of NOT gates, or (2) to define the top event so that disallowed maintenance and test acts are inherently-excluded.

i l

i

l BNL used the SETS code (8) to quantify the results. SETS allows both methods mentioned above. In addition, SETS allows a third in which the top i event is defined so as to allow unlimited coincident test and maintenance acts; the cutsets are then processed by SETS to eliminate those which are to be disallowed by the Technical Specifications. This is discussed further in Section 9.2.3, BNL Assessment.

9.2.1.2 Failure Data The applicant's failure data (Table 4 in Reference 3), are reproduced in Table 4 of this report. The data are in substantial agreement with the data 4

prescribed in Table III-2 of NUREG-0611 (see Table 5), with the very notable exception of valve and diesel generator maintenance unavailabilities. The appligant's data vglues for valve maintenance are extremely low, ragging from 7x10- to 2.17x10 , as compared to the NUREG-0611 value of 2.1x10 ,

while diesel generator maintenance was neglected. The references cited are NUREG-0611 and WASH-1400, but BNL cannot ascertain how the applicant derived his values from those sources.

Reference 3 states: "All data were used to quantify point estimates of unavailability on demand, and uncertainty is not accounted for in the anal-ysis. It should be noted that the data used in the reliability analysis is generic, and as such the results are an evaluation of the AFWS design. The implication of the data is that they do not account for the actual charact'er-istics of how the plant is to be operated and maintained" (emphasis by added).

The case of pre-accident operator error with respect to closing manually operated valves appears to have been omitted from Table 4. This is further discussed in Section 9.2.3, since it has a significant impact on the quanti-tative results.

A minor comme the applicant's data include a maintenance unavail-abilityof2.4x10gt:for 125-V dc electric power, while random failure was neglected. Maintenance unavailability does not appear to have been included in the fault tree, while random failure was included.

9.2.2 Applicant's Results 9.2.2.1 System Unavailabilities According.to Reference 3, the quantitative results of the conditional unavailabilities for the three cases designated by the NRC for the AFWS are:

A. Case 1 - LMFW - For the case where there is an assumed loss of main feedwaterwithareactortripoccurringandoffsiteacpowervailabge,the conditional unavailability of the AFWS was calculated to be 6.3x10 .

+

B. Case 2 - LMFW/ LOOP - For the case where there is an assumed loss of main feedwater with a reactor trip occurring and offsite ac power not availab{e, the conditional unavailability of the AFWS was calculated to be 2.6x10 .

C. Case 3 - LMFW/LOAC - For the case where there is an assumed loss of i

main feedwater with a reactor trip occurring and no ac power availa e, the conditional unavailability of the AFWS was calculated to be 1.0x10-9.2.2.2 Dominant Failure Modes and Conclusions It is stated in Reference 3 that the quantitative measure of importance was used as an indication of the dominant contributors to the AFWS conditional 4 unavailability. The value of importance was then taken as the sum of all cut-set probabilities containing a category of failure divided by the top event probability. The failure categories analyzed for each case are random failure of valves on demand; unavailability of valves due to maintenance; operator

error; and pump unavailabilities (random or maintenance).

The applicant's dominant failure modes and conclusions for each case are as follows:

A. Case 1 - LMFW - The importance of the most significant contributor to system failure, pump unavailability, was calculated to be 86%. Examination of the category of pump unavailabilities revealed that pump failures were occur-I ring in combination with electric power system failure. Furthermore, unavail-ability of the turbine driven pump was determined to be the most significant single failure event, but this pump did not dominate system unavailability.

~

B. Case 2 - LMFW/ LOOP - The findings for Case 2 revealed that pump unavailabilities contribute 80% to system unavailability. Examination of this l category revealed, as did Case 1, that no single component of the AFWS can be

! thought of as dominating (or controlling) system unavailability. The reduc-tion of the system conditional availability for this case was found to be i

directly attributable to the assumed loss of redundancy in ac power sources.

C. Case 3 - LMFW/LOAC - In Case 3, the -AFWS is reduced to only the turbine-driven pump. Thus, any single failure along this pump train would be sufficient to fail the AFWS. The dominant contributors to system 3 unavailability were as follows:

i 1. The turbine-driven pump package (pump, trip throttle valve, and I

speed governing valve).

2. The steam inlet valve (motor-operated valve 5106).

i 9.2.3 BNL Assessment

, 9.2.3.1 Fault Trees Since the applicant's fault trees (Reference 3) seem to be substantially correct and complete, particularly with respect to the modeling of maintenance acts at the component level, these same fault trees with minor revisions were

, used .in the BNL analysis, provided in this report as Figure 7, Sheets 1 to 33.

i The major revisions which were necessary were the addition of fault identi-fiers and a finer separation of certain maintenance acts so the. top event l

l i

could be properly identified and the nonfunctional event "Does Not Violate

-Technical Specifications" eliminated. The fault identification nomenclature scheme is shown in Table 6 The applicant did not separate the steam gen-erator intake sections in the expanded block diagram, Figure 6, into random and maintenance contributors because no maintenance can be performed on either of the two check valves or the stop check valve in a typical 1,ntake section, e.g., check valves 121 and 125 and stop check valve 113 on Steam Generator 1 Intake. However, BNL did so in order to model maintenance on the stop check valves on the pump discharge lines to a given steam generator and also a ,

possible unavailability due to testing if the operator fails to reclose the recirculation valve in the condensate system return line (see Figure 7, Sheets 12 and 13).

Another significant revision was the inclusion of diesel generator main-tenance unavailability on Sheets 14 and 15. Other minor revisions are identi-fied on the fault trees. It shuuld also be noted that the top event on Sheet I was modified to show the actual gate names and the Boolean expression which was used to replicate the 3 out of 4 canbination gate used by the applicant in the WAM-CUT code. The SETS code used by BNL does not use combination gates.

.The fault trees as shown allow unrestricted coincident test and main-tenance acts. Those acts which are not allowed by the Technical Specifica-tions were then deleted from the cutsets by use of the DELETE TERM option of the SETS code. Specifically, the equation establishing the terms to be deleted is based on the Expanded Reliability Block Diagram in Figure 6, and is given below:

DELETE = A*B + B*C + A*C A = PMPAMAINT + A1MAINT + A4MAINT + TAMDPA003 B = PMPBMAINT + B2MAINT + B3MAINT + TAMDPB002 C = PMPCMAINT + C1MAINT + C2MAINT + C3MAINT + C4MAINT + TATDPC001 l After cutsets are obtained, they are processed to eliminate failure combina-tions which imply event DELETE.

This essentially disallows simultaneous maintenance on or testing of two or three pumps, or one pump and one of the discharge flow paths of another pump, or two or more discharge flow paths when each flow path is supplied by a different pump.

9.2.3.2 Failure Data A general comparison between theLapplicant's data assumptions and those used by BNL is provided in Table 7.

The most important aspects of the applicant's data in terms of sensitiv-ity in the quantitative results are the maintenance unavailabilities assumed

for all valves and the pre-accident human error assumed for the operator inadvertently closing a manual valve. The applicant's assumptions for valve maintenance arc extremely low compared with the NUREG-0611 data. The sub-mittal's values range from 7E-8 to 2.17E-6, while the BNL assumption was 2.1E-3, based on NUREG-0611 data, for all motor-operated valves and 0 for all manually operated valves and check valves, with the exception of the stop check valves on the pump discharge lines, as noted earlier in Section 8.2 Similarly, the applicar.t appears to have assumed 0 for the pre-accident operator error of inadvertent closure of a manually operated valve. The BNL assumptions for this case were SE-3 for locked-open manual valves whose posi-tion cannot be verified as a result of the testing of its associated pump and 1E-3 if testing does allow position verification. This has very important implications for the manually operated stop check valves 113, 114, 115, and 116 at the AFW intake to each steam generator. Since each valve lies in a common discharge path for the two AFW pumps which supply any given steam generator, its inadvertent closure blocks all AFW flow to that steam gen-erator.

It does not appear that pump testing per se can verify the position of those valves because, during the pump test, the discharge pressure is throt-tied by the motor-operated valves (5120, 5122, 5125, 5127, 5132, 5134, 5137, and 5139) so that flow does not enter the steam generators but is diverted to the Condensate System through the recirculation bypass valves. Thus, no flow passes through the locked-open stop check valves in question. In the NRC Standard Technical Specifications (4), periodic surveillance is generally not required if a valve is locked into its emergency position. Thus, the only way to verify the position of these valves appears to be by voluntary visual inspection during a pump test. However, for independent failures, use of the post-accident recovery factor of 0.25 as specified in Table 5 for 30 minutes allowable time, yields (SE-3)*(0.25) n, IE-3. The common mode failures described in Section 9.1.6 have been quantified and added to the system un-availabilities for independent failures only (as shown in Table 8), as fol-lows:

N0FLOSGS1234 = CRVL0*0EFTCCRVS+CM0ESCVS*0EFTOSCVS (1)

CRVLO = CMOECRVS + TATDPC001 (2)

, where N0FLOSGS1234 = Multiple error contribution to the probability of insufficient flow to steam generators 1, 2, 3, and l 4 CRVLO = probability of the condensate return valves (081,082,083,084) being in the open position, i

l l

~- - .- -; - _ -. -

1 I

OEFTCCRVS = probability of the operator failing to close the condensate return valves after automatic AFWS initiation,.5E-3.

CM0ESCVS' = Common mode probability of pre-accident operator error in leaving the manually operated stop check valves 1 (113, 114, 115, 116) in the closed position,1E-3.

0EFTOSCVS = probability of the operator failing to open the stop ,

check valves after automatic AFWS initiation, SE-3.

CM0ECRVS- = Common mode probability'of pre-accident operator

error in leaving the condensate return valves in the open position, 1E-3.

TATDPC001 = probability of the turbine-driven pump undergoing ,.

test, which requires'that the condensate return  !

valves be open, 6.4E-4. I Substituting (2) into (1) [

N0FLOSGS1234 = (CM0ECRVS+TATDPC001) (0EFTCCRVS)

+(CM0ESCVS )*(0EFTOSCVS)

=(1E-3+6.4E-4)*(5E-3)+(1E-3)*(SE-3) j = 8.2E-6+5E-6=1.3E-5 Therefore,1.3E-5 is the multiple error contribution to the top event

~

from misalignment of either multiple stop check valves or multiple condensate

, return valves.

For each initiator, and f ar different error probabilities associated with other valves, Table 8 provides results calculated with and without this con-tribution. The purpose of this is to display the 'ef fect 'of the assumptions which have been made, which,.in the present case, must be regarded.as ingredi-1 ents of a parametric sensitivity study. It. is ' unclear whether opening all the

' condensate return valves really fails the system. If not, then the correspond-1 ing contribution of 5.E-6 (see above) should be subtracted from the system

unavailability quoted in all Case b entries in Table 8, and from the results given in the Executive Summary.

9.2.3.3 System Unavailabilities A sensitivity comparison between the results of the applicant and of BNL is shown in Table 8 for various situations. ~.The results are given for the i

y

= ,,- - - . -- . . .._ . ,m.,,_ .__ ,_, , _ , , _ , . , ,

three cases of LMFW, LOOP, and LOAC, in which the following assumptions have been made:

1) Case A - All manual valves ar6 assigned a pre-accident operator error rate of SE-3/ demand rlus a 1E-4/ demand for plugging.

2) Case B - All manual valves are assigned a pre-accident operator error rate of IE-3/ demand plus a 1E-4/ demand for plugging except the manually operated stop check valves at the steam genera-tor intake lines (113, 114, 115, 116) which have a pre-accident operator error rate of SE-3/ demand.

3) Case C - All. manual valves are assigned a pre-accident operator error rate of IE-3/ demand plus a 1E-4/ demand for plugging. The manually operated stop check valves 113, 114, 115 and 116 are evaluated with a recovery factor of 0.25, which also equates to a 1E-3/ demand failure rate.

The purpose of presenting results in this way is to displ y more clearly the effects of certain assumptions. In many similar analyses e Westinghouse systems, credit has been taken both implicitly and explicitly for operator action to recover certain errors. Here, choosing lower error probabilities i

corresponds, in effect, to taking more credit for recovery.

For the purpose of selecting the proper assessment for compliance with the NUREG-0611 guidelines, and correspondence with the applicant's actual design, BNL has chosen Case C with multiple errors included for the final evaluation provided in Tables 1 and 2 in the Executive Summary.

9.2.3.4 Dominant Failure Modes The results of the BNL analysis are provided in Figures 8 to 10 for Case B of Table 8, assum49 independent failures only.

1. Case 1 - LMFW The dominant failure modes are shown in Figure 8. The leading group is random failure of one pump combined with maintenance outage of a second pump and random failure of one of the manual stop check valves on the steam gen-erator inlet lines supplied by the third pump. The next significant set is random failures of three of the four manual stop check valves on the steam generator inlet lines, followed by random failure of two pumps and one of the manual stop' check valves supplied by the third pump.

2. Case 2 - LOOP The dominant failure modes for this case are shown in Figure 9. The leading group is random failure of both diesel generators (ACTRNAF and ACTRNBF) combined with random or maintenance acts on the turbine-driven pump train. The next major group is maintenance acts on one of the pumps combined

-2 0-with random failure of one of the diesel generators and of either one of the manual stop check valves'on the steam generator inlet lines supplied by the third pump or random failure of the third pump itself.

1 Case 3 - LOAC The dominant failure modes are shown in Figure 10 for this case. As expected, single random failures or maintenance acts on the turbine-driven

. pump itself.or one of the several valves on the turbine inlet supply line comprise the predominant group of failure modes. At much lower failure prob-ability rates, the next group consists of double failures pertaining to random failures of the -locked-open manually operated butterfly valves on the conden-sate storage tank supply lines to the turbine-driven pump suction combined with random failure of or operator failure to open the normally closed motor-operated valves isolating the turbine-driven pump suction from the standby condensate storage tank.

9.2.3.5 General Comparison to Other Plants The-Vogtle AFWS design is similar to that of many other plants in that it consists of two motor-driven pumps and a third pump which is steam turbine driven. It does have several notable features such as two redundant safety-class condensate storage tanks each having sufficient capacity for an extended cooldown and satisfaction of the design basis requirements. Transfer to the standby tank must he done manually. Another feature is the provision of a third,. independent train of dc power for the TDP and its associated motor-operated valves, designated as 125-V dc Train C power. In this manner, fail-ure of either dc Train A or Train B fails only one of the MDPs, not an MDP and the TDP simultaneously.

Also, since the motor-operated throttle valves on the TDP discharge lines to the SGs are de-powered by Train C, SG level control can be maintained by the operator from the control room even during a LOAC transient.

The location of the test recirculation lines very close to the SG intakes allows verification by pump testing of the position of all valves on the pumps' discharge lines, except for the manually operated stop check valves on the inlet lines to each SG (113,114,115,116).

The MDP headers are joined together by two normally closed manual valves 055 and 056. By opening both of these valves, either MDP can be used to feed.

all four steam generators. This feature is also available in several other AFWS designs.

Finally, the provision of'the stop check valves 113, 114, 115, and 116 in the SG . intake lines is unusual. . Although, as mentioned previously, as the potential for human error blocking all AFW flow to an entire steam generator increases, the valves may provide an additional . safety margin in preventing the back-leakage of steam into the AFW lines.

L 9.2.3.6 General Comments The Vogtle' AFWS is in general a very well-designed system. The pro-4 visions for pump testing allow for nearly. complete verification of the valve positions on the pump's discharge, the exception being the steam generator intake lines themselves. The inadvertent closure of the manually operated stop check valves on the intake lines does, however, have a significant effect on the unavailability analysis. This ef fect .is substantially' reduced if. the valves have control room position indication or if the operator can credibly recognize the problem and take' appropriate actions outside the Control Room ,

within the 30 minutes allowable action time.  !

The actual procedure for and the sequencing of pump' testing was not clearly explained in the applicant's. analysis. . It is not clear how many of the recirculation bypass line valves to the Condensate System are simul-taneously opened during the ' testing of any one pump. Presumably, the re-circulation line valves for the two steam generators supplied by each MDP and the four valves for the four steam generators supplied by the_ TDP are opened

simultaneously.

1 i

i 1

l

. . . - - , . - - . ~ - . , . - , - . . - - - . - . , . . - - - . , - - - - - - - - , . . . - - - . _

^

4 i

l REFERENCES

1. . U.S. NRC, Generic Evaluation of Feedwater Transients and Small Break Loss-of-Coolant Accidents in Westinghouse-Designed Operating Plants, NUREG-0611, January 1980.

2. Letter from D. F. Ross, Jr., U.S. NRC, addressed to All Pending Opera-ting License Applicants of Nuclear Steam Supply Systems Designed by Westinghouse and Combustion Engineering, dated March 10, 1980.

3. Georgia Power. Corporation, VEGP Auxiliary Feedwater System Reliability Analysis, VEGP FSAR Appendix 10A, current edition.

4. U.S. NRC, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants - LWR Edition - Section 10.4.9, ' Auxiliary Feedwater System', NUREG-0800, Revision 2, July 1981.

5. U.S. NRC, Standard Technical Specifications for Westinghouse Pressurized Water Reactors, NUREG-0452, Revision 4, Fall 1981.

6. U.S. NRC, Reactor Safety Study: An Assessment of Accident Risks in U.S.

Commercial Nuclear Power Plants - Appendices 3 and 4: Failure Data, WASH-1400 (NUREG75/014), October 1975.

7. Erdmann, R. C. , Leverenz, F. L. , and Ki rch , H. , WAM-CUT: A Computer Code for Fault Tree Evaluation, EPRI-NP-803, Science Applications, Inc., June 1978.

8. Worrell, R. B. and Stack, D. W., A SETS Users Manual for the Fault Tree Analyst, NUREG/CR-0465, Sandia National Laboratory, November 1978.

v

1. 3eo, 006 y

+

F ROM $TE AM GENE RATOR t j 4" MAIN STE AM 57%Tf M LO M

P ROM 5f E AM GE NE RATOR 2 ]

008 3019 007 TRIP ANO $PE E D THROTTLE GOVE RNtNG WALVE VALVE LO LO g TOSitAM Q X '

GENERATOR

.T. \_ _ _ ,,7 ,

a'~'A <

CST 5106 MV $v _g M le ..

LO LO g .. TO $ff AM 002pl[0eo ee tRA C GENERATOR W W

• LO O /LO /

- -- T ir to

.w t LO q'013 (1) r I'*' 6" 014 015 th 'O SINTAuf 10* 1r '003' I

))

LO LO .. TO STE AM gg. ,., X '

CENEnATOR 022 5125 023 2tNTAuf f- T /'% /\

/L 029

'"" 'O a- 40 LO LO a~ TO $ r AM 006 '%'  %'[ M N / / GENERATOR gy 8 t 002 000 025 1127 026 '

094 05e (1) 31NTAKE 002 002 N c.a 000 007 g,g, 036 5132 037 LO[LO,_O,_

5113 069(1) 10" 1r

1. ) \

LO 2 tir LC p

b oh6 g

^ x 063 LO x

Om m.

LO x *~

0A0 (1)

.,,. ., LO LO x

x

, , , , , , (C)[0s6 g

in N

7%003 8 '~

LO LO, 4" (1) CHtCK VALVs e- ,,,, x ,,,

F L APPE R H AS estuntuoveo

.. .2 (n ,,, , , , . ,

>C Figure 1 voGTLE AF14S E LECTRIC GENER ATING PLANT GeorgiaIbwer UMT 1 AND UMT 2 FSAR FIGURE 10A-1 433-9

e!!s- s!!  !- kam t, c, sx 3e 1 ;L

,, >s i

, _ _-_ -- l az ag

,r 2- c._ _ ___ _ _ _ l  :,r 2- I N "

?  : ,1 rll  ::l z  :

s s 1P  ::l Wm 8 s -

( 4  ! m <

_ak

I - >

_sL

i.

<  ; o el e <l >.

m 8 -

,e

. l '*

11

• I ,a

. l'*:

!l

• 3  : << m

' ' t,r ;:

Hd

,r Tr:  : ==

l

am m i

i .

i

1 -z o INN!! l

! f INN'! I

!x

!,~,H<

_I -

l 3. - -I -

l s g m s

l 2 l ! E h_ \__rJ r l  ! l ih es 5 h_ \_=r,_ a -

l l [

8  ! 8 I 8  ! 8 I v a -

a -

r i e v I 5 l 5

- - l 7  : I 7  : I t_ i________J s

L_ i________J s

z a

3 s 4 sf 3 2 0

:: 2

1 11 ~

3 3 4" C>

$2 wo 0O O2

.4

.a @

y e4 4

-

• O of3 Q e O w >-

-gj Ca2 2 f .3 >w3 g* g.g c- e-

} ,., i AL ,__ j ,, IJL,________l i,

r 2- :l .

3r e- I  : e;

• islPll il  !* 5:

1P t il 3 r

._JL !

7

[I  : JL I z 21 P

. l '*

.I

!l e

. l'*;

il

![

C

5 _ 4 >t 4

**

l'v 81r*

} l :f

• 3 l'v 49P: l

• h'-

l .  ;  ! O l!

l I N N !!  !  !=  ! N'I i b

l5 -

-I -

l 5 E

l_ l.__al _

i 5

Ii l

_ 1_ 1

__a 5

I i

,_ I s  ! 8 I 8 s a -

! 1 y r a -

l y 2 l

• l 5 l 7 I 7

1 I t_ i________J s

t_ d:________J s

a $

• 3; l .. 1 .

15  :, s 3 3

/ /

e

4I l 2 3 1

T T A S S 0 C C 1 E

R U

G 3 - I F

e 1 I r u R g

i A F S F

~ _

r np B e oe s t vmi n u o T oir u a r - N MDP T n o 0 n n p m Cn e

i e h

p A L

mpe 5 a b irv mui r u a r

m u

P G

mih N TuDP R T P P r np A o C S

I T

C oevm t

oiu a r

in W A2 Rr F E i MD P T r A

l e NN n E u nA Go u6 C ,.

- TT I A R

T, C C T, E

A N LN

!A u

IN R

_ A T R

T knr B c l

e N N e n I I

w n8 A A u6 R T

R T

o P

TT a

ig r

o e

G

- T N

E G MN n mem av o NI D n mem iavo ia elao t

MSVR IAL aelao TI MSVR t

N U B O

C 9 -

3 3

4 i

SYST EM SYST EM DESCRIPTIONS D R AWINGS I I 1

SYSTEM SOUNOS R ELIABILITY BLOCKOIAGRAM DEVELOPMENT F AULT TR EE DEVELOPMENT TO COtrONENT FAILURE CAUSE TECHNICAL SPECIFICATIONS ,,

MINIMAL e CUT SET ANALYSIS OPERATING PROCEDURES R EVISED F AULT TR EE DETERMINISTIC COMMON CAUSE ANALYSIS STATSSTICALLY INDEPENDENT FAILURE CAUSE QUANTIFICATION RESULTS ANO _

CONCLUSIONS 10967 3 Figure 4 v0GTLE AFWS RELIABILITY EVALUATION Georgia Powerkn ELECTRIC GENERATING PLANT METHODOLOGY FLOW CHART UNIT 1 ANO UNIT 2 FSAR FIGURE 10A-4 433-9

TRAIN A OlSCHARGE TO STE AM GENERATOR 1 PUMP A - (All SECTION TR AIN A DISCHARGE TO STE AM GENERATOR 4 (A4)

TR AIN C OlSCHARGE STE AM N GENERATOR 1 GENE ATOR1 / INTAKE SECTION (CII I O'I

. TR AIN C STEAM DISCH AR GE 8 ^ GENERATOR 4 GENERATOR 4 INTAKE SECTION -

8 I (SG4)

PUMP C SECTION 2/4 s (PMPC) TRAIN C N '

TO STE AM GENERATOR 2 -

GENERATOR 2

^ ION gy3 (C2)

TR AIN C DISCHARGE STE AM N GENERATOR 3 GENE ATOR 3 / INTAKE SE,CTION I '

(C3)

TRAIN 8 t DISCHARGE TO STE AM GENERATOR 2 PUMPB (B2)

SECTION (PMPS)

TRAIN 8 DISCHARGE t TO STE AM GENERATOR 3 (B3' Figure 0 -

ECTRIC GENE R ATING PL ANT Georgia Power d UNIH AND UNIT 2 FSAR FIGURE 10A-5 033 9

k= .

M A

R G

A I

4 2'

D K 6

~ _ C -

l O A L 0 B 1 K T K NT K T T D E l

o N TN 4 T O

r e TNA N 3 K G T E R U

I s I AIW S lN AI sI SNAIN D M M I M 6 N G

- - - - e A I F

ED r P l TN 4 KD m T K D 3 KD u X o O TN o N G T N g S INA R S NA I R s I R NA S lN A R i E R F A S S W F

)

F

)

A T

T N

T T T T T T T N I

N I N N N N N N A A A AI A I

A I

AI I

A I

A L 1

M M M M M M M M P 4 1 3 2 3 A A C 4 C

S C C B B M G A N R

G TI A

I A2 D Rr K Ei C

O Nnu E

L B

$ Go D w Cn D D D D D N N N N A N D

N N D

N F

A E IR A A

R A

R A

R A A A A L T

Ti R R R R R Cr 4

1 A

4 A

t C C t

C 3

C 2

3

$ GEi oLn vEu r

e w

P o

T N

I T .a i

I A

N I

A N

AI gs r

M A

P M

C P

M 9

P o

e M M M P P P G

D D D N N N A A A R L E R A C S P P P M

P M M P P 9

3 3

A

'E'.e'RENs" FROM AFvv5 r,

3'* IFTSGSl234, I

I I I l NOiF,TO NO,ig,TO NO4TO uOgTO NOlFTSGI NOlFTSG 2 NOlFTSG3 NOlFTSG4 1 1 i i  ! I I I

$N Fans TAKf seCTiON

$$$ N "

tNTAK lNTAK e O I TAE Faits sect >ON Fasts seCriON Farts seCTeoN y r, r, r, r, IFTSGilNTK IFTSG2lNTK IFTSG31NTK IFTSG41NTK (sGi sG2 sG STMG NI T STMG N2 i STMGEN 3 sG4 T

I I I I I  !

STMGEN4 I 1 NOlF T SGI NOt F 0 SG1 NOlF 1 5G2 8sO8F T SG2 feOaF T $G3 NotF TO SG3 feOlF T SG4 NO4FTO 5G4 TRAIN A TRAIN C TRA4N 8 TRAIN C TRAIN 8 TRAIN C TRAIN A TRAIN C NOlf T1F A NotF T1FC . NosF T2FS teOlF T 2F C NOt F13F S NOlF T 3FC NOe F T4 F A NOtFT4FC feOtF NO OR INSUFFaCleNT FLOW D IFTSGS1234 : STMGENS 123 + STMGENS' 124 + STMGENS 134 + STMGENS 234 - ****

STMGENS 123 : NOlFTSGI NOlFTSG2 NOlFTSG3 STMGENS 134 :NOlFTSGI NOlFTSG3 NOlFTSG4 STMGENS124: NOlFTSGI NOlFTSG2 NOlFTSG4 STMGENS 234 =NOlFTSG2 NOlFTSG3 NOlFTSG4 Finisre 7 (< hoots 1 nf 33) ,

voGTLE UNIT 1 AFWS FAULT TREE MODEL Georgia Power A ELECTRICGENERATING UNIT 1 AND UFIT 2 PLANT FSAR FIGURE 10A-7 (SHEET 1 OF 30)1 4339

1 STMGENI

\

SGI INTAKE SECTION FAILS

/[\

STMGEN2 SG 2 INTAKE SECTION FAILS m I E 7 i I

SG2 INTAKE SG2 INTAKE SGI INTAKE SGI INTAKE SECTION IN SECTION FAILS SECTION IN SECTION FAILS MAINTENANCE RANDOMLY M AIN T E N AN C E R AN DOMLY OR TEST OR TEST SGilNTKRAND SG21NTKRAND SC21NTKM AINT SGilNTKMAINT SG3 INTAKE SG 4 INTAKE SECTION FAILS _\_ SECTION FAILS STMGEN3 STMGEN4 J ,

i i l I SG3 INThKE SG3 INTAKE SC4 INTAKE SG4 INTAKE SECTION IN SECTION FAILS SECTION IN SECTION FAILS M AINTE N A NCE R ANDO MLY MAIN TEN ANCE RAN DOM LY

- OR TEST OR TEST SG41NTKRAND t SG3fNTKRAND SG3lNTKMAINT SG41NTKMAINT Ficure 7 (Sheet 2 of 33)

EL CTRIC GENERATING PLANT Georgia Power uNir i ANo uNir a m ADN*

FSAR FIG. LOA-7 SHEET lA b' 30 433-9

-~

NOlF TO SGI FHOM

\ TRAIN A NOlF T1F A BNL REVISION T

\ \ \ l k NOf F TO SG1 -

R A FROM TRAIN A

\ DUE TO RANDOM IN FAILURE AIRPM PAR

\ l I g VI AT T TRAIN A FLOW TO SG1 UN AVAIL-TRAIN A DIS-CHARGE SECTION TRAIN A PUMP Y SECTION FAILS EC IC L A8LE DUE TO TO SG1 FAILS RANDOMLY

\SPE IF T NS MAINT ENANCE RANDOMLY AIMPMPAM A1 RAND PMPARAND I I TRAIN A DIS- TRAlN A PUMP CHARGE VALVE SECTION IN

,,,5fy,8,(g MAINTENANCE O

AIMAINT- MOV5139 o

PMPAMAINT 109679 Figure 7 (Sheet 3 Of 33)

VOGTLE UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENERATING PLANT Georgia Power n unit i ANo uun 2 FSAR l

FIGURE 10A-7 (SHEET 2 OF 30)1 4339.

NOlF TO SG1 FROM

\ T R AIN C NOlFTIF C O

BNL REVISION T h i \ l NO F T SG NOlF TO SG1 R TR IN FROM TRAIN C D E DOE TO RANDOM IN EN NC FAILURE ClRPMPCR

\ l _l NO TRAIN C FLOW TR AIN C DIS- TRAIN C PUMP '

-T T

CA E]FIC Tl

\ TO SG1 UNAVAIL A8LE DUE TO MAINTENANCE CHARGE SECTION TO SG1 FAILS RANDOMLY SECTION FAILS RANDOMLY ClM PM PCM C1R AND PMPCRAND I I TRAIN C DIS- TR AIN C PUMP CHARGE VALVE SECTION IN A

MAINTENANCE O

CIMAINT-MOV5122

/\

PMPCMAINT 10967-3 Fiqure 7 (Sheet 4 Of 33)

Georgia Powerkn LECTRIC GENER ATING PLANT UNIT 1 AND UNIT 2 FSAR FIGURE 10A-7 (SHEET 3 OF 30)

_ 433-9

i NOlF TO SG2 FRoM

\ T R AIN G NOlFT2FB

)

BNL REVISION I\ \ t i

NOh i SG NOlF TO SG 2 R TR IN FROM TRAIN 8 D E1  !

DUE TO RANDOM IN EN C FAILURE 3

B2RPMPBR s

\ l I L, E TRAIN B FLOW TRAIN B DIS-10 AT TO SG2 UNAVAIL. CHARGE SECTION TRAL'N B PUMP T CH ICA ABLE DUE TO SECTION FA:LS TO SG2 FAILS RANDOMLY E IFl Tl NS 3 MAINTENANCE RANDOMLY B2MPMPBM B2 RAND PMP8 RAP'J l I TRAIN B DIS- TR AIN B PUMP CHARGE VALVE SECTION IN MAI TENANCE

^

O 82MAINT-MOV5132 fs PMP8MAINT 1o967 3 Figure 7 (Sheet 5 of 33) ia Power k LECTRIC GENERATING PLANT Georg. M UNIT 1 AND UNIT 2 FSAR FIGURE 10A-7 (SHEET 4 OF 30) 433 9

NOlF TO SG2 FROM

\ T H AIN C NOtFT2FC BNL REVISION 1 \ \ l N IF S NOlF TO SG2 FROM T Al FROM TRAIN C QUE O DUE TO HANDOM Al TE NC FAILURE C2RPMPCR 1 I DOkS T. TRAIN C FLOW TRAIN C DIS' TRAIN C PUMP l VI TO SG2 UNAVAIL-ABLE DUE TO CHARGE SECTION TO SG2 F AILS SECTION FAILS f EC IC L RANDOMLY SP IFl AT NS MAINTENANCE RANDOMLY C2 M P M PCM C2 RAND PMPCRANO I I

^

CA E V LVE E ION N A A CE MAIN NANCE O A PMPCMAINT 10967 3 C2M AINT-MOV5125 Figure 7 (Sheet 6 of 33)

VOGTLE UNIT 1 AFWS FAULT TREE MODEL Georgia Powerkn ELECTRIC GENERATING PLANT FSAR Uuir i AND UNIT 2 FIGURE 10A-7 (SHEET 5 OF 30) 433 9 e _ _ . _ _ _ . _ _ _ _

NO F YO SG3 FROM

\ TRAIN S NOlFT3FB 8NL REVISION T ,

l\ \ t I NOf T G -

' NOlF TO SG 3 R TR N FROM TRAIN 8 DET DUE TO RANDOM IN EN C FAILURE

\ 83RPMPBR

-w NO

\ TRAIN 8 FLOW 1 I h

TRAIN B DIS. TRAIN 8 PUMP AT TO SG3 UNAVAIL- CHARGE SECTION SECTION F AILS T CA ABLE DUE TO TO SG3 FAILS Tl S RANDOMLY E MAINTENANCE RANDOMLY-B3MPMPBM 83 RAND PMPSRANO I I TR AIN B DIS- TRAIN B PUMP CHARGE VALVE SECTION IN MAI NANCE

' ^

O 83MAINT-MOV5134 fs PMPBMAINT 30N 3 Figure 7 (Sheet 7 of 33) voGTLE EL ECTRIC GENERATING PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power UNIT uus unit , FSAR FIGURE 10A-7 (SHEET 6 OF 30) 433 9

NOlF TO SG3 FROM

\ T R AIN C NOIFT37 C BNL REVISION 1 \ \ l N F Th SG NOlF TO SG3 R T IN FROM TRAIN C E DUE TO RANDOM IN EN NC F AILURE C3RPMPCR m

\ l I h'

TRAIN C FLOW TRAIN C DIS

• TRAIN C PUMP VIO AT TO SG3 UNAVAIL- CHARGE SECTION SECTION FAILS T CH IC ABLE DUE TO TO SG3 FAILS RANDOMLY E IF T MAINTENANCE RANDOMLY C3 RAND PMPCRAND I I

" TR^ '

CHARGE V L E E l MAI EN E 0

C 3MAINT- MOV5127

/\

PMPCMAINT.

10967 3 Fiqure 7 (Sheet 8 of 33)

GeorgiaIbwcr $

LECTRiC GENERATING PLANT M UNIT 1 AND UNIT 2 FSAR j FIGURE 10A-7 (SiiEET 7 OF 30) 433-9

NOlF TO SG4 FROM

\ TRAIN A NOlFT4 F A

\

BNL REVISION i \ \

N SG

} I NOiF TO SG4 R IN FROM TRAIN A DOE DUE TO RANDOM NC FAILURE AIN{E 3

A4RPMPAR

\ , ,

DO T TRAIN A FLOW VI TRAIN A DIS

• TRAIN A PUMP T- TO SG4 UNAVAIL CHARGE SECTION EC L ABLE DUE TO SECTION FAILS 8 SPE IFl AT TO SG4 FAILS RANDOMLY MAINTENANCE RANDOMLY A4 MPM PA M A4 RAND PMPARAND l

C AR EV VE ^ ^

E lM MAINTENANCE Al TENANCE A4 MAINT -MOV 5137 PMPAMAINT Figure 7 (Sheet 9 of 33)

Georgia Power k LECTRIC GENERATING PLANT UNIT 1 AFWS FAULT TRE3 MODEL M IWIT 1 AND UNIT 2 FSAR 4349 FIGURE 10A-7 (SHEET 8 OF 30)

NOlF TO SG4 FROM

\ TR AIN C NOlF T4 F C BNL REVISION 1 g g [

N IF Th 5 \ NOlF TO SG4 FR i FROM TRAIN C l

DUE TO RANDOM Al F AILOR E Q

N C4RPMPCR

^

-y 1 I 1 L T TRAIN C FLOW TRAIN C DIS- TRAIN C PUMP E TO SG4 UNAVAIL- CHARGE SECTION SECTION FAILS ~

TECHN L ABLE DUE TO TO SG4 FAILS RANDOMLY CIFICA 10 MAINTENANCE RANDOMLY ,

C4MPM PCM

- ' .,f C4 R AND PMPCRAND g ,

TR AIN C DIS- TRAIN C PUMP CHARGE VALVE SECTION IN MAINT H NCE

^'" ~,#

=e ,

Pa4PCMAINT 10967 3

4. C4 M AINT-M OV5120

• A; s

Figure 7 (Shdet 10 of' 33) v0GTLE UNIT 1 AFWS FAULT TREE'MODEL '

Georgia Powerkh E LECTRIC GENER ATING PL ANT FSAR

~

UNIT i Auo UNIT 2 FIGURE 10A-7 (SHEET 9 OF 30)

I 483-9

l I

BNL REVISION

. TYPIC AL SGilNTKRAND h (NT AK), E YtON

" ^"D 0 " "

/1 / I I / /1

//3.,y HE CHECK VALVE CHECK VALVE

//:OP .y =: = ALVE

~,E CH,ECK

, a:: s ,

ht V c.O RACHV121 O O RACHV125 O

RASCVil3 S 6 h mr4K,e i,criou

" * " D 0 ""

SG2iNTKRAND

/1 / I I ~ / A a' E " if2 F5f[s CHECK ALVE f

[ i un r

/ ctosto 12s F ts closEo 'gfs*lgS at g3 i uni TE =c f

S O3 RACHVl22 O RAC O

RASCVil4 12 6 M -O miaK,E $,ction SG31NTKRAND """D*""

l I / /t v7 E j' **'E*rlit s"'

• • 'Es*rlfts ' cHEc'KE*LvE

v7 E f[/

i u TE as ctosEo ctosto

$l5f,^lg5 /[/ u TE =

MS O6 RACHV124 0 0 RACHV128 0

RASCVil5 S O mrAK,E E,creow SG41NTkRAND "*"Do""

1/ / I i / /l rop ME CHECK VALVE CHECK VALVE ' '

//~J,~"r'./ 'us#h5 'Esuh5 CHECK

'g;;p LVE f//J'11*~c/ /

A V 7 RACHV123 O O O RACHVl27 'RASCVil6 S 0 -3 VOGTLE Figure 7 (Sheet 11 of 33) b ELECTRIC GENERATING PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power al UNIT 1 AND UNif 2 FSAR FIGURE 10A-7 (SHEET 10 OF 30) 433-9

-, - .. - ~ - _- . . . - . ~ ~ . . . . _ . . - ~ . - . . , -

SGIINTAKE SECTION IN

' MAINTENANCE ,

SGilNTKMAINT OR TEST N

l l STOP CHECK STOP CHECK TRAIN A PUMP SECTION IN TRAIN C PUMP SECTION IN b FARS TEST & OPERATOR FARS VALVE O20 IN VALVE 046 IN TO R ECL'OPER OSE CONDENSATE ATOR TO RECLOSE CONDENSATE MAINTENANCE ' MAINTENANCE VALVE 0 81 VALVE ' 0 81 l F3 r3

' ~

SGlPMPATEST SGIPMPCTEST MASCVO2O MASCVO46 l l ,

TRAIN A PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 081 TEST VALVE 081 0

TAMDPAOO3 OEMGVO810P 0 0 TATDPCOOI 0

OEMGVO810P i

j #

2 4

SG 2 INTAKE ,

SECTION IN MAINTENANCE SG2iNTKMAINT OR TEST 1

l i I I i STOP CHECK STOP CHECK TRAIN B PUMP SECTION IN TRAIN C PUMP. SECTION IN

^

VALVE O23. IN VALVE 037 .IN

' MAINTENANCE M AINT ENANCE VALVE 082 VALVE 082  ;

O MASCVO23 O

MASCVO37 SG2PMPBTEST o

SG2PMPCTEST o

]  ?  :

r_ A l l' l TRAIN B PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEGT VALVE 082 TEST- VALVE 082

. O

' TAM D P BOO 2 OEGVO820P O O TATDPCOOI .OEMGVO820P O

Figure 7-(5heet 12 Of 33)

TM NE ia Pwerk

! ELECTRIC GENERATING PLANr Georg. h unir i nuo unir 2 BNL ADDITION FSAR' FIG.-IOA-7 SHEET IO A OF 30 433 9

SG3 INTAKE SECTION IN j \ MAINTENANCE SG3tNTKMAINT OR TEST t

I I I I STOP CHECK STOP CHECK TRAIN B PUMP SECTION IN TRAIN C PUMP SECTION IN VALVE O26 IN VALVE 040 IN T S OPERATOR FARS TEST & OPERATOR FARS M AIN TENANC E M AIN TENANCE VALVE 083 VALVE 083 O

MASCVO26-O MASCVO40 SG3PMPBTEST n

SG3PMPCTEST O

l I TRAIN 8 PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 083 TEST VALVE 083 O

TAMDPBOO2 O

OEMGVO830P O

TAMDPCOOI OEMGVO830P O

i SG4 INTAKE SECTION IN

\ MAINTENANCE SG41NTKMAINT OR TEST I I I I STOP CHECK STOP CHECK TRAIN A PUMP SECTION IN TRAIN C PUMP SECTION IN VALVE' Ol7 IN VALV E 043 IN TEST G OPERATOR FAILS TEST 8 OPERATOR FAILS MAINTENANCE M AIN TE!;t,,9 C E TO RECLOSE CONDENSATE TO RECLOSE CONDENSATE VALVE 084 VA LVE 084 0

MASCVOl7 O

MASCVO43 o o SG4PMPATEST SG4PMPCTEST I I TRAIN A PUMP OPERATOR FAILS TRAIN C PUMP OPERATOR FAILS SECTION IN TO RECLOSE SECTION IN TO RECLOSE TEST VALVE 084 TEST VALVE 084 O

TAMDPAOO3 O

OEMGVO840P TAMDPCOOI O O OEMGVO840P Figure 7 (Sheet 13 Of 33) a Power$

ELECTRIC GENEf4 ATING PL ANT b Georp. h unit i ANo uNn 2 BNL ADDITION l

FSAR FIG. LOA-7 SHEET 10 3 OF 30 433-9_

. _ _ _ . . _ _ . _ _ _ _ m .

T R AIN A PUMP SECTION F ALLS IN MAINTE N ANCE PMPAMAINT BNL ADDITION T I I I I I l

/ DIESEL GE NER ATOR TRAIN A IN E1 AINT E N A NC E GATE VALVE 942IN M AINT E NANCE PUMP ilF3 IN MAIN T EN ANCE NOlF TO PUMP A DOE TO MAINTENANCE GATE VALVE 935IN M AINT E N ANCE CHECK VALVE AIlIN M AINT E N ANCE GATE VALVE 045IN MAINTENANCE

^

O MADGA O

MAMGVO42 O

MAMDPAOO3 O

MAMGVO45 MACHVOOI O O MAMGVO45 I IFTMDPAM AINT I BUTTERF Y VALVE OV51 095 DUE TO DUE TO M AINT E N ANCE MAINT EN ANCE BYVO95MAINT MOV5119M AINT L ,

' '?

I I I I BU TE FY BUTTERFLY MOV 5119 ALVE VA VALVE #95 IN IN gy IN MAINTENANCE MAINTENANCE MAINT E N ANCE MAINTENANCE O

MABYVO91 O

MABYVO95 O

MAMOV5tl9 O

MABYVO97  ;

BUTT E R F LY BUTTERFLY BUTTERFLY BUTTERFLY VALVE 998 VALVE 990 VALVE 992IN VALVE $99 IN IN MAINTENANCE MAINTE N ANCE MAINTENANCE O

MABYVO90 O

MABYVO92 O

M ABY VO99 MABYVO98 O

NOlF = NO OR INSUFFICIENT FLOW Figure 7 (Sheet 14 of 33)

VOGTLE UNIT 1 AFWS FAULT TREE MODEL Georgia Powerkh ELECTRIC GENERATING PLANT FSAR UNIT uuo unit 2 FIGURE 10A-7 (SHEET 11 OF 30)!

433-9 l

T A AIN 8 PUMP SECTION F AILS

.M,.1T M ~ ~ ^~~ A ~-

BNL ADDITION I N I I i i I l EIESEL GENERATOR GATE VALVE PUMP 902 NOlF TO GATE VALVE CHECK VALVE GATE VALVE TRAIN 8 IN 036IN IN PUMP 8 DUE TO 866 IN 002IN 039 IN CI AI N T E N AN C E MAINT E N ANCE MAINTENANCE MAINTENANCE MAINTENANCE MAINTENANCE M AINT E NANCE O

MADGB O

MAMGVO36 O

MAMDPBOO2 O O O MAMGVO60 MACHVOO2 MAMGVO39 I

I IFTMDPBMAINT I NO!F THROUGH NOlF THROUGH BUTTERFLY VALVE MOV 5118 094 OUE TO OUE TO MAINTENANCE MAIN T E N ANCE BYVO94MAINT MOV5Il8MAINT E

?>

I I I I BUTTERFLY BUTTERFLY MOV 5118 BUTTERFLY VALVE 999 VALVE 994 IN IN VALVE 999 IN MAINTENANCE MAINTENANCE MAINTENANCE IN MAINTENANCE O

MABYVO90 O

MABYVO94 O

MAMOV5118 O

MABYVO99 BUTTERFLY BUTTERFLY RUTTERFLY VALVE 992 IN BUTTERFLY 091IN VALVE 998 IN VALVE 997 MAINT EN ANCE MAINTENANCE MAINTE NANCE IN MAINTENANCE O

MABYVO92 O

MABYVO91 O

MABYVO98 O

MABYVO97 , , , ,

NOlF = NO OR INSUFFICIENT FLOW Figure 7 (Sheet 15 of 33) voGTLE UNIT 1 AFWS FAULT TREE MODEL ia Powerk ELECTRIC GENER ATING PLANT Georg. n UNIT i ANo Unit 2 FSAR FIGURE 10A-7 (SHEET 12 OF 30):

433-9

,_h, M,,,

M'".'

A..c7.

. . .'E.. 7 I I I I I I I I ha

,',[,"'**

% ',' [,"u'

i TunuYU[t aivah C"' C," V,* ' V ' G A',a, ALvg T,u e,v,t = carevALyg cAfgvALyg M A.Nn A~C. MA.Ti A c. =,g,,g M A,N , , ,. Am. M A ,,, , , A < .

,AR,L,.,7g. ,Tg M A,N, . . A m , M A,N , , ,, A ,

MAMGVOl6 O MAMGVOl9 O MACHVOl4 O O MAMGVOIS . .TDPCMAINT O

MAMGVO22 MAMGVO25 O.

IFTTDPCMAINT ' '

au'#lm'""viffwi

• f.o'v"s"!!?" ru*aa' oa'v'* c ,' ^"lA0" "

!."foNL " !,', '" ,

09] Dut TO DutTO PUMP W MAINT E N ANCE coEia'Na4 y AL yg M s V A' VI 'N MAIN 1mAM(

M A t% T( NANC E .A AIN T E N ApsCf M AIN T1N ANCE SYSTE,M MAIN 5 HANCE DUETO MAINIINANCI BYVO93MAINT MOV5113MAINT 0

MATDPCOOl 0 NOISMAINT MASGV O

MATTV MAMOV5106 O

I I e 4

suT T E Rs L v MOV gtt3 4 MAa NT t N A t MAINT E NANCE O

MABYVO93 MAMOV5l13 O

l ] I 1 I I B71TERFLV SUTTERFLV SUTTERFLV BUTTERFLY CHfCE VALVE MOV 3819 CHECK VALVI MOV 3eep WALVE MS Walvt See lh V AL VE MF IN VALVI See - 308 IN IN $36 6N IN th M4=4T EN ANCE M AINT t h ANCE MAINTE 4ApsCE IN MAlpsTf h ANCE MAsNT t 4ANCE MAINT E NAPsCE MAINT E NANCE mal %T E NAfsCE O O MABYVO90 O O O O .O O

-g SUTTERFLV MABYVO97 BUTTfRFLV MABYVO98 MACHVOO8 MAMOV3Ol9 MACHVOO6 MAMOV3OO9 -8 WALVE $92 WALVE999 em M AINTE NameCE tN MAINTE 8sAmeCE I

MABYVO91 O MABYVO92 O

MABYVO99 Figure 7 (Sheet 16 of 33) -

voGTLE UNIT 1 AFWS FAULT TREE MODEL .

ELECTRIC GENERATING PLANT Georgia Power o unit uuo ouiT 2 FSAR FIGURE 10A-7 (SHEET 13 OF 30) 433-9

TR AIN C TR AIN C TR AIN C Ol$ CHARGE TR AIN C DISCHARGE DISCHARGE DISCHARGa

$ECTION TO $G1 SECTION TO $G2 F AILS $ECilON TO $G3 $ECTION TO $G4 F AIL $ F ABL$ F AILS C1RANO R ANDOesL Y. C2 RAND RANDOMLV RANOOMLV C3 RAND CAR AND RANDOMLY I I I I I I I I CHECK LVE GATE VALvt CHEcu LVE GAtt VALvt CHECK ALVE GATEVALVE CHECI SJe F AILS LVE GATE VALVE

$19 F AILS $23 F AILS $22 F AILS $26 F AILS EIS F AILS $17 F AILS $16 F AIL $

CLOSED CLOSE D CLOSE D CLOSE D CLOSE D CLOSE D CLO$E D CLOSED O

RASCVO2O O

RAMGVOl9 O

RASCVO23 O

RAMGVO22 O

RASC VO26 O O O RAMGVO25 RASCVOl7 RAMGVOl6 e asov 5122 - esOV $125 MOV 5127 esOV 5128 e

8 F A4LS CLOSE D F AIL $ CLOSE D F AILS CLOSED F AILS CLOSED b

DCDuvsin b

DCD v$ irs b

DCo=vun b

DCO.vsiro 10967 3 Figure 7 (Sheet 17 of 33) k Georgia Power M ' UNIT 1 AND UNIT 2 NEcSanc GENERATING PLANT FIGURE 10A-7 (SHEET 14 OF 30) 433-9

,'i -

e*7 3 )

E 7

L 0 E 3 VS 0 6 9 E 3 VS 4 4 0 LLD LLD O 1 D PAIE 0 PAIE O F OVAS I OVAS T

SKFO C 3L EMC OC V S

A I

T SK FO C8L E9 4C OC V S

A

)

3 3

M E

O 5

H H f E 1 C R C R o R T T 8

1 E

T E t L H e U S N N e A (

h F SI OS

- OS 4 S

- ITILY 7 7 SILY ITI 4 3 ( 7 DCA LM 3 1 S D 3 1 DCA L 3 D 1SE i SR -

E EF M WA A

- AEFS O NLGO IGSN A

RR 4

A I

. 5L VAO OF MC IS L

A5 v M

O C

8 N

IEGN AGS S 3O RR OR A D

I 5ILS VAO OF C M-L As v M

O C

A 7

r e

u FS AF 0

1 TA OR HT A TAT H g 1 E C C i R

- F T U I G D D N I

. \ N \ N U F -

A A h /4 R

A E 2

R 3

8 E 9 VS 4 VS 3 LLD O LLD AIE AIE AS T AS V I

V FO E2L T

ANC OV G M

I V FO E9L T 3 :'

A8-OO G M

N A

L P

- A A G R G G ,

R N I .

T A2 RT E i NN Eu GD CN R A I

E L

T T i G CT Ei oLN

. vEu E E 7 VS 6 V 4 S 3

. LL D 0 LLD PAIE 0

- PAIAE OV F S OVAS -

I TS K O C6 C EM L OC S V

A I

TKFO SC 3C E$

H 7L OC V S

A r

e w

H C R C R P

o

.a i

, g r

o e

N N

. .OS SILY. 9 9

- OS SILY. 2 2 3

G ITIL DCA 3 D 3 ITIL DCA 3 1 S E D 1 1 S 1

EF M E 5 EF M 5LS v 5LI S A

8 AS O v S O VAIOL A5 I

NEG 1

D VAO M N 2 IEGD OF M

IGSN OF L AGSN D A

RR A M'C D C RR OA MC C A

T A OR A TA*R HT .H C C D D

\ N \NA A

R R

- 1

.5 2 G A E 8 E 3 VS 4 VS O LLD O LLD AIE V AIE V VAS VAS

. I FO

- E6L T4C A9 OG M A

I

~ E6L T3C A8 FO OM A G

-G R -G R

- 9-3 3

4

,! $ jl i  : i *

)

0

- L 3

- E _

D F O O 3

) M 3

N g

O O 3 E 6 v TN

Ra O 3f E 1 n

o AMt A -o R

. I t

m o p N

ODMP 3 7

5 0' 91 T T E

E o O 3 , 2 T

m OA t a a, O 2 t L H OR N0, O O e U S a $4 G A 2 O e (

e D

M l

Ty Ro, hPDM ] N T

S C

OSCT h S

(

A F 7 4 N r $go E A SR -

S WA 0A l

E r

R 7 iv oEi n V3 i O

R O"s an A RN D l, e FS 1 R

I r s

P r AF oEO T

t r o OU P M [ u E 0 N g 1 A

A O

M L F i R

. a A F U Nma N T G I

A/

\ee F

3 P

l Is t r n

ao n

hTT R 9

N U

I F

0 N

F A

Nv IS 1

1 r (JA 5 o MN N V I s s

t t

4 A

R I

hT C R O M T N

A F 9 F ye 9 N s, 9 A L

O I 1 te ' , P rs O V $'o,,

I 'sV M

i aE sV TL TA st OL C

OYIB -

so g

O51 V O

G N

I T

uV s A f', o, .M A2 A Rr c' R R Ei Nn S Eu 3 5 Go .

I O v Cm s

V O O o (

F A

E I A R

L T i a O A i, O M a T P N G Cr f

v V ,T C 0HC '?

5 I I

a 0 sON E i D

oTC R oLn I 1 ,

c v y M o15 vE u r

u c A N T m EaL R t vi F A pa

, I oP l

n=

ie i

I O

h r

5 o T P'v A'

R u

a n

v2 2

9

, F e U'

P', o 3 L

FN D O "o5 3 9= w aJ n 1o o h1VN I

nE NO A ll I

I e r

i P I eV Tt OVBY I

f"fvo,, 5e T t

P o 3 TA uV C L

R' T'n5 N

O 5 s A Iu l'g ,

Oe .a i

o ss ti 9 R o Mcr g r

a 'aa s

2 O o D

N e o

I fe n 'a V E= e

[\

A P '

o o Y O=

R a

P s M F5 No " f B a G

'aPs s e r3 T V L

F 5 o g

i O F y5 9 o N

v ED V I t9 t0 D O

- t S V V -

OGM E

nE OYB I

a OL V

I I EV s i

'F rL L o t C R ta C r ( u N a V A f o A I

c R

T u R O is O

at T i

5' A c' OSCA R

9-3 3

4

~

T R AIN G PUMP MOTORDR4V(N RANDO y A 5 PMP9 RAND yppgg 7, OPERAT&

Q Q l I I I eA MoroR ORSvt N "w[pNo s* itt R CAL $ NA MJ $ Ast Cto$. c PUMP -2 Clos. o  ;;,agN g,o;.p ~ ingi,A,R;p Q

RAMGVO60 IFFMDPBOO2 O RACHVOO2 Q

ACTRNBF ISTMDPBOO2 O RAMDPBOO2 1, I I l MOTORt,9tytN Note TO No auf OMAttC gf,0 MqT $7GNA\

PUMP N2 Mof 0R ORgVg N ST ART $5GNAL LIIG PUMP 902 10 MOTOM ggg iO TRAIN B DRtvt N PUMP M2 b

"o"" 2' IFTMDPBOO2 O iSTTRNBF O

OEMDeBOO2 I

T I suTIE v LVE '

"0[VsNe M

co IFFBYVO94

[ IFFMOV5llB i i I suTTERFLv sUT TERFLY Mov st te v VALVE 991 05NOT suTT VALVE E R9F L,g CST M2 V ALVE 094 ' A'L3 F AILS CLO$f D FAILS CLOSED Ort Nf D F Att s CLOst 0 O

RABYVO91 O

RABYO94 g ovsilec' RABYVO98 O O RACSTOO2 I

CST wi

'"8LS

, Y,,"t[yY atsNRfCAL R

pa$$gg Ort N MOV Site ON DE MAND O OEMOV5118FTO O O ACTRNBF RAMOV5118 O nose -

RACSTOOl

~ ' ' " " " * ' " * ' ' " " ' "

Fiaure 7 (Sheet 20 of 33) vocTLE UNIT 1 AFWS FAULT TREE MODEL ELECTRIC GENERATING PLANT Georgia Power unit i Ano unir NM FIGURE 10A-7 (SHEET 17 OF 30)l 433-9

h PMPCRAND SEC$50FYt$

Q l l I CATE VALVE 015 NOiF TO ' " '"

ORlVE N CHECK VALVE

• * ' " '" ^

c'tOSE o oRiUE N Pu'MP 5'

"""'n'n^1'3 t ESES

• IFTTDPCOOl RAMGVOIS TDPF RACHVOl4 I I su"TT[R vv4Lvt GH nog 9TH,A BNL ADDITION BNL ADDITION IFFBYVO93 IFFMOV5113 g

I I I '

l TR Y S T Csr ool Gytvt y 3 v LVE D fL T CST 002 FAILS FAILS CLOSED v LVE 7 F AILS CLOSE D OPEN F AILS CLOSED FAILS O

RACSTOOI O

RABYO93 O

RABYVO90

=ov5"3c' O O RABYVO97 RACSTOO2 I I Fall TO ELE R CAL [q OPEN MOV 5113 pot E sus ON DEMAND O

OEMOV5113FTO O O DCTRNCF RAMOV5113FTO 10967 3 Figure 7 (Sheet 21 of 33) vocTLE UNIT 1 AFWS FAULT TREE MOI 4;L Georgia Powerkh ELECTRIC GENER ATING PLANT ouiT i suo unit 2 ,

FSAR C33-9 FIGURE 10A-7 (SHEET 18 OF 30)J

TURBINE DRIVEN PUMP F ALLS TO OPE R ATE i

l 1 TURBINE DRIVEN PUMP F AILS TO NOIS TO OPERATE ON TUR8INE DEMAND NOISTTDP RATDPCOOl I I I I TRIP AND SPE ED MOV 5106 NOIS TO THROTTLE GOVE RNING F AILS TO OPE N MOV 5186 VALVE F AILS VALVE FAILS CLOSED CLOSED 1

MV10sF NOISMOV5106 b TTVF b

SGVF e

I I NOIS FROM NOl$ FROM STEAM STEAM GENERATOR 2 GENERATOR NOISFSG2 -

NOISFSGI s

I I I I CHECK VALVE GATE VALVE wy 313 mm. GATE VALVE CHECK VALVE

' F AILS CLOSED F AILS CLOSED LS h#'ED ED hAjLS O

RACHVOO8 O

RAMGVOO7 b

stMvels A

stMvese O

RAMGVOO5 O

RACHVOO6 30967 3 NOIS = NO OR INSUFFICIENT STE AM Figure 7 (Sheet 22 of 33)

LECTRIC GENERATING PLANT MM Georgia Power unit i ANO unit 2 FIGURE 10A-7 (SHEET 19 OF 30) 433-9

I I

i. MOV 5166 FAILS TO OPEN MV196F I I .

LOSS OF DC ELECTRICAL NO OPEN MOV 5106 -

POWER ON SIGNAL TO FAILS TO OPEN TRAIN C MOV 5106 ON DEMAND -

O

! O DCTRNCF ISTMOV5106 RAMOV5106 ln Y

1

.l 1 1 NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5106 a

O ISTTRNCF O

OEMOV5tO6FTO 109674 Figure 7 (Sheet 23 of 33)

EcTalc cENERATING PLANT UNIT 1 AFWS FAULT TREE MODEL j GeorgiaPower. Mk UNIT 1 ANO UNIT 2 FIGURE 10A-7 (SHEET 20 OF 30) i 4334

TRIP AND THROTTLE VALVE FAILS

, TTVF

-s i l I LOSS OF DC SIGN AL TO TH[OTE ELECTRICAL TRIP AND VALVE FAILS POWER ON THROTTLE TO OPEN TRAIN C VALVE FAILS ON DEMAND

-- lSTTTV DCTRNCF RATTVFTO g

I I

} OPERATOR FAILS GOVERNOR SPEE FAILS GOVERNOR-4 O

RASPDGOV O

OESPDGOV i SPEED i GOVERNtNG

?

VALVE FAILS SGVF i

em e

+- 1 I LOSS OF DC SIGNAL TO WEED 2 ELECTRICAL SPEED GOVERNING i POWER ON GOVERNING VALVE FAILS TRAIN C VALVE FAILS ON AND

.pv r3 ISTSGV:

DCTRNCF RASGVFTO I I SPEED OPERATOR FAILS GOVERNOR TO OVERRIDE FAILS SPE ED GOVERNOR '-

O RASPDGOV O

OESPDGOV so u r.3 l

y, ,

Figure 7 (Sheet 24 Of JJJ -

ELECTRIC GENER ATiNG PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power unit u NouNir2 FSAR l ,-FIGURE 10A-7 (SHEEU 21 OF 30) 4339

MOV 3019 MOV 3099 FAILS FAILS

\ CLOSED CLOSED SIMVG19 SIMV999 em em i I I I MOv3e19 MOV 3099 FAILS CLOSED Mv NOT 0 N FAIL.S CLOSE D ON DEMAND ON DEMAND NOTO O

0 RA MOV3Ol9CL MOv3OI9CL RAMOV3OO9CL

.O MOV3OO9CL MOV 3819 MOV 3019 MOV 3009 MOV 3009 '

CLOSED FAILS CLOSED FAILS BY ERROR TO OPEN BY ERROR TO OPEN MOV3Ol9FTO MOV3OO9FTO O EMOV3Ol9CL -s OEMOV3OO9CL -w I I I l L F NO MANUAL MOV 3019 FAILS ELE TR ELE TR C L NO MANUAL MOV 3099 FAILS POWE R ON

^ OPEN SIGNAL TO OPEN ON TO WV 3019 DEMAW POWER ON TRAIN A TRAIN B TO MOV 3099 DEMAND O

DCTRNAF O

OEMOV3Ol9FTO O

RAMOV3Ol9FTO O O O DCTRNBF OEMOV3OO9FTO RAMOV3OO9FTO 10967 3 Figure 7 (Sheet 25 of 33)

L CTRIC GENERATING PLANT Georgia Power h( UNeT 1 ANo UNIT 2 FS A R FIGURE 10A-7 (SHEET 22 OF 30)l 433-9

I .

' MOV 5132

- FAILS

\ CLOSED

'ACDMV5132 I I if f MOV 5132 FAILS MOV 5132 CLOSED NOT i ,

ON DEMAND OPEN 4

{

+ O MOV5132CL RAMOV5132CL

[

i, I MOV 5132 MOV 5132 j CLOSED BY FAILS 1 ERROR TO OPEN MOV5132FTO O EMOV 5132CL ,

1 l l

' LOSS OF NO OPEN MOV 5132 FAILS ELECTRICAL SIGNAL TO TO OPEN POWER ON MOV 5132 ON DEMAND TRAIN B O

j O

ACTRNBF IS TMOV5132 RAMOV5132FTO l l I, I I i NO MANUAL NO AUTOMATIC

) - OPEN SIGNAL OPEN SIGNAL TO TRAIN B TO MOV 5132 o o i

i ISTTRNBF OEMOV5132FTO 10947 3 i

. Figure 7 (Sheet 26 of 33J

• 0 I ELECTRIC GENERATING PLANr

.. UNIT 1 AFWS FAULT TREE MODEL Georgia Power' ouir u no unir 2 .FSAR l

I FIGURE 10A-7: (SHEET 23 OF 30) .,

$ 433 9

,-. , - - , . - . , , _ - . . , . _ , - - . - - - - - . - - - -- - - - - - - - - ~ ~ - - - - - - - - -

MOV 5134 FAILS

\ CLOSED ACDMV5134 T

I I MOV 5134 MOV 5134 FAILS CLOSED NOT ON DEMAND OPEN O

O R A MOV5134CL MOV5134CL I

MOV 5134 MOV 5134 CLOSED BY FAILS ERROR TO OPEN O

OEMOV5134CL A MOV5134 FTO m

l l LOSS OF ELECTRICAL NO OPEN MOV 5134 FAILS POWER ON SIGNAL TO TO OPEN TRAIN B MOV 5134 ON DEMAND O

V ISTMOV5134 ACTRN BF _ RAMOV5134 FTO I I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN B TO MOV 5134 O

ISTTRNBF O

OEMOV5134FTO 10967 3 Fiqure 7-(Sheet 27 of 33)

ELICTRIC CENE RATING PLANT b GeorgiaPower m&A unir uuo vuiT FSAR

~

FIGURE 10A-7 (SIIEET 24 OF 3UI 433-@

f MOV 5137 g FAILS CLOSED r ACDMV5137 T

I I MOV 5137 MOV 5137

FAILS CLOSED NOT i ON DEMAND OPEN O

MOVSI37CL

, RAMOV5137CL t

I i MOV 5137 MOV 5137 CLOSED BY = FAILS i

ERROR TO OPEN

< v MOV5137FTO OEMOV5137CL n

j. .g

. LOSS OF ELECTRICAL NO OPEN MOV 5137 FAILS SIGNAL TO TO OPEN P WER ON MOV 5137 ON DEMAND f3 V -

lSTMOV5137

ACTRNAF RAMOV5137FTO J

-l ,

I- I f

NO AUTOMATIC NO MANUAL.

.{ OPEN SIGNAL OPEN SIGNAL TO TRAIN A TO MOV 5137 i

O ISTTRNAF O

OEMOV5137FTO * *** 7 3

,i

' - tigure / pneet cc or aa; UNIT 1;AFWS FAULT TREE MODEL l ELECTRIC GE NE R ATING PL ANT Georg.iaPower uuif ,A~o uuir FSAR FIGURE 10A-7 (SHEET 25 OF 30) 433 9 - . - - -

- - + ...------..---.--w.,,,,..,,-e+-----ee- . - ~ - * - - - .---*e- m, w , ----y---,..----w y--,-- - . , , , , -  % --=,-----w -,.--..,-,w< , e + . ,. - . .

MOV 5139 FAILS b CLOSED

ACDMV5139 T

I 1 MOV 5139 MOV 5139 FAILS CLOSED NOT ON DEMAND OPEN O

O RAMOV5139CL MOV5139CL

I MOV 5139 MOV 5139

CLOSED BY FAILS TO ERROR OPEN i

l MOV5139FTO j OEMOV5139CL m 'I I 1 LOSS OF ELECTRICAL NO OPEN MOV 5139 FAILS POWER ON SIGNAL TO TO OPEN TRAIN A MOV 5139 ON DEMAND f3 v ISTMOV5139 ACTRNAF RAMOV5i39FTO

. I I

. NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN A TO MOV 5139 O

ISTTRNAF O

O EMOV5139FTO g,,,,,

vocitt Figure 7 (Sheet 29 of 33)

. E!.ECTRIC GE NE R ATING PL ANT UNIT 1 AFWS FAULT TREE MODEL GeOrgla Power uNir 1 Amo unir 2 FSAR FIGURE 10A-7 (SHEET 26 OF 30) g 033 9 --

MOV 5129 FAILS

\ CLOSED DCDMV5129 T

I I MOV 5129 MOV 5129 FAILS CLOSED NOT ON DEMAND OPEN O

O RAMOV5120CL MOV5120CL I

MOV 5129 MOV 5129 CLOSED BY FAILS TO ERROR OPEN O A MOV5120FTO OEMOV5120CL m i I LOSS OF DC ELECTRICAL NO OPEN MOV 5129 FAILS SIGNAL TO TO OPEN ER ON MOV 5129 ON DEMAND C

O O

DCTRNCF ISTMOV5120 RAMOV5120FTO l

l 1 NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO THAIN C TO MOV 5129 O

ISTTRNCF O

OEMOV5120F TO g,,,,,

Figure 7 (Sheet 30 of 33)

^

kEcTnic cENER AriNG PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power d uNir uNo uNir FSAR j FIGURE 10A-7 (SHEET 27 OF 30)

.u., j

C MOV 5122 FAILS

\ CLOSED DCMV5122 e

V T

I 1 MOV 5122 MOV 5122 FAILS CLOSED NOT ON DEMAND OPEN O

O R A MOV5122CL MOV5122CL I

MOV 5122 MOV 5122 CLOSED BY FAILS TO ERROR OPEN O

OEMOV5122CL m MOV5122 FTO I I LOSS OF DC ELECTRICAL NO OPEN MOV 5122 FAILS SIGNAL TO ' TO OPEN PNER ON MOV 5122 ON DEMAND C

o DCTRNCF (3

ISTMOV 5122 RAMOV5l22FTO I I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5122 O

ISTTRNCF O

OEMOV5122FTO 10967 3 VOGTLE 9

- ELECTRIC GENERATING PLANT UNIT l'AFWS FAULT TREE MODEL Georgia Power' unit i ANo u ir a FSAR FIGURE 10A-7 (S!!EET 28 OF 30) 433-9

MOV 5125 FAILS A CLOSED DCMV5125 -

T I I MOV 5125 MOV 5125 FAILS CLOSED NOT ON DEMAND OPEN O

O RAMOV5125CL MOV5125CL I

MOV 5125' MOV 5125 CLOSED BY FAILS ERROR TO OPEN V MOV5125FTO OE MOV5125CL m i

l I LOSS OF DC ELECTRICAL NO OPEN MOV 5125 FAILS SIGNAL TO TO OPEN POWER ON MOV 5125 ON DEMAND TRAIN C o

DCTRNCF f3 ISTMOV5125 RAMOV5125FTO I

I I NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5125 O

ISTTRNCF O

OEMOV5125FTO 10967 3 VOGTLE Figure 7 (Sheet 32 of 33)

UNIT 1 AFWS FAULT TREE MODEL Georgia Powerkh E LECTRIC G ENE R ATING PLANT uNir 1 ANo UNIT 2 FSAR FIGURE 10A-7 (SHEET 29 OF 30) 433-9

MOV 5127 FALLS

\ CLOSED DCDMVS127 l

l 1 MOV 5127 MOV 5127 FAILS CLOSED NOT ON DEMAND OPEN O

O RAMOV5125CL MOV 5125CL I

MOV 5127 MOV 5127 CLOSED BY FAILS ERROR TO OPEN O

OEMOV5125CL MOV5125FTO I I O2OFDC ELECTRICAL NO OPEN MOV 5127 FAILS POWER ON SIGNAL TO TO OPEN MOV 5127 ON DEMAND O

DCTRNCF O

ISTMOV5125 RAMOV5125FTO I l NO AUTOMATIC NO MANUAL OPEN SIGNAL OPEN SIGNAL TO TRAIN C TO MOV 5127 O

ISTTRNCF O

OEMOV5125FTO 10967 3 VOGTLE Figure / (Sheet 33 of 33)

• ELECTRIC GENER ATING PLANT UNIT 1 AFWS FAULT TREE MODEL Georgia Power uNir 1 ANo uNir 2 FSAR

,,,, FIGURE 10A-7 ISHEET 30 OF 30)

T EF F---- PR0 8. - - - - - - - - - - - - - - - - - - -

huMEEE CF TERM IFTSGS1234-TKGL4 =

1 1 4730E-07 RASCV115

• FAMOPA003

• MATOFC001 + _--

2 1. 479 0 E- 07 MATOPC001 +

RASCV114

• FAMDFA003.-- _'

3 1. 4 79 0E- 07 RASCV116

• FAMCP8002 ' MAT 0FC001 +

4 1. 479 0 E-07 R5SCV113

• FAMCP8002

• MATDFC001 +

5 5.4795h-07 RASch115*RATCFC001

• PAPOPA003 +

4 1.479CE-07 RASCV114 ' FATOPC001

• MAPOPA003 +

7 1.*793E-07 RASCV116

• FATOFC001

• MAM0F8002 +

8 1.4790E-07 RASCV113

• FAT 0FC001

• MAPDP9002 +

9 1.450 0E- 07 RANCPA003

• RAMOP8002

• HATCPC001 +

10 1.*500E-07 R AMCF A0 03

• RATOPC0J1 ' MANCP8002 +

11 1.45 0 0E- 07 RANCF80 G2

• RATOPC001

• MAMCPA003 +

12 1. 3 26 5E- 07 RASCV113

• FASCV114

• R ASCV115 +

---1.- 3 2 e 5 E- 07 R ASCV 113 -* - F AS CV114 *-R ASCV ii6-;

-14 "-i . 3 26 5 E-07-R AS CV 114 *- RA SC V 115 *- 9 AS CV 116--+

e 15 - 1. 3265E-07 -R ASCV113 *4 ASCV115 *-R ASCV116 :

16 ---1. 2 75 0E-07 -- R ASCV115 * -F A MOP A0 0 3 '- R A TDPC 001--+-

17--14 275 OE-07---R ASCV 114-* -R ANOP A 00 3

• 4 ATOPC 001--+-

- 1. 2 75 CE R ASCV11e -* -F AMDP900 2- *-F ATOFC 001-+

19 --i . 2 7 5 0 E- 07-- R ASCV113

• F AMDP000 2--*- RAT 0PC 001-+

20 1c2500E-07 RAMOPA0 03 8-RAMOPe002 *-R ATOPC001 :

Figure 8 VEGP AFWS Unavailability Assessment-Dominant Failure Modes Case No.1-LMFW (Sheet 1 of 2)

I TERP PR08.

NUM E ER - CF- T ER M - -- - - - - - - -- - - - -

21---9 .169 8 E- O d P. A SC V115 - * - F A S G VFTO ' -N AM 0P A 0 0 3 -+-

2 2 -9 .-169 6 E- 0 8 R ASCV114 *-E AS GVFTO *-M AMCP A 0 0 3-+

23-4 16 9 EE- 06 RASCViit *-FASGVFTO *-MANOFE002-+

24 9. ie9 dE- 08 R ASCV113- *-RAS GVFTO +-N ANCP80 02- +

9.169 eE- 08 -- R ASCV115 *- F AT TVFTO *~ N ANGP A0 0 3 -+ -

20 9.169EE-06 R ASCV114 8- F ATT VF T0 *-M AHOP A0 03-+-

27 9.169 eE-0 8 ---- R AS CVii E ' F AT T VF TO *- H AMCF 80 0 2 - + --

28--9 169 dE -- RASCV113

• FATTVFTO *-HAMCF8002 + --

29 - 9 .16 9 8 E- 0 6 -

RASCV115 *-FAMOV5106 *-MANOPA003-+

30 --4 .16 9 6E- 08 R A S C V 114 - * - F A N O V 510 6 '- H A HO P A 0 0 3 --+

31 4.169 8E-0 8 ---R ASCV116 *- F A MOV 510 6 ' M A PDFB 00 2 - +

32 9.169 6E-06 --R ASCV113

• F AMOV5106 *" H AFDF0 00 2 -+-

3 3--8 . 9 9 0 0E-06 --R AN CP A 0 0 3 '-- R A S GVFTG ' - M A ND F8 00 2 -+---

34 8. 993 0E R AHOFE0 02 *- R ASGVFTC ' -H ANOF A00 3-+-

35-8.99 0 0E-08 --R ANOF A0 03

• RATT VFTO *-PANOF000 2-+

i 36 d . 990 GE- 0 8 -----R AN CF 00 02 * -R ATT VFTO *-- M APC PA 0 0 3 -+

37 8.993 0E -- RANCF A0 03 ' R A NOV5106 ' -H ANCPB0 0 2-+ -

38 8 990 0E-06 --RANCF90 02 *-F ANOV5106 *-H ANCP A003-+

39 7. 9 05 0E- 08 --R ASCV 115 *-E AMOF A0 0 3 * - R ASGVFTC-+

Figure 8 (Sheet 2 of 2)

- - - - __ ------s -

TERM Fo C t.

nut

• B E R- 0 F - T Eo M --~ - - -- -- --- - = - - - - - - -

--IF TSGS1234-T KDL 4 -

2 3r2200E-0* AC T RN A F--*- AC T RN BF-+ ~M A T OP C0 01-+

2 us5000E-06 AC T RN A F-+- AC T RN CF-+- R AT 00 C 0 01-+-

3 217900E-06 --ACT RN A F -* --AC T RN t!F * -R A SGVF T O-+-

=- 2 .-79 0 0 E- 0 6- - AC T Rtl A F-

• AC T Rri eF* -R A T TVF T O- +

~--F- 2.79005-06--- ACT Rit A F ~ AC T RN E F--* R AM OV 510 6 + -

6 1. 6 9 0 0E- 0 6- -- -AC T RN A F + - AC T RN E F-* M AN OV 3 0 0 9 + --

7--1. 6 9 0 JE- 0 6 - - AC T RN A F

• AC T RN 8 F '

• M At*CV 3C 19 +

- - - -- 8 1.8900E-06 ACTRNAF

• AC T RN 6F

• MAMOV5106 + ^ - - - - - - -

9- -1.6900E-Oe - ACT RN A F -* AC T RN t:F-* M A T T V + - - ---

=10 1. 8 9 0 tE- c t------ AC T fen A F

• AC T Rtt eF -+ H ASGV +-

11 9.9000E-07 ACTRNAF

• ACTRN8F

• RAMGV315 + - - - - - -

12 -1. 6 0 0 0E- 0 7 - ACT PNOF- * 'R A T OP C001 -* -N AD G A +

l'3 9. 6100E-17 ACT RNA F-*-R A TOP C001-* H ADGB- +

i ts 8Te 78 0E-C7 R ASCV116-*-1CT RN3F-*- M A TOPC 001 +

15--- 8 v 8 74 0 E- 07 m-R A S C V113 -* - A C T R t40 F -+ - M A TO P C 0 01-+

I 16 87?740E-07 -RAS CV115-* -A CT Rtt A F-=-M A TODC0 01- +

17 8r874CE-07 R A S CV it 4-+- A CT R N A F-+-M A T OP C 0 01-+

i i

i8 6.7000E-97 ACTPtlBF-+-PAMOPA003-*-NATOPC001-+

19 -- tu? 00 0E- 07 AC T QN8 F -+ +R A T0 0C0 01--*

• M AN OF' A 0 0 3 -+

Figure 9 VEGP AFWS Unavailability Assessment-Dominant Failure Modes Case No.2-LOOP (Sheet 1 of 2)

TERM PRCS.

NUMBEo. OF-T err- ----- --

20 --- e .-7 0 0 0d- 0 7---- A C T Rrd A F ' R A MDP 80 0 2

• M ATDPC0 01--* ' -

21 e . 7 0 0 06- 0 7-- ACTRfAF *-RATDFC001--*-MANOF0002-+

2'2 - 7.6500E R A SCV116

• A CT R N6F -* -R A TDPC 0 01--+ - -

-2 3 -7. 6f 0 0 E-0 7--- R A SCV113

• A CT R t4BF - +- R A TDP C 001 - + - - - - - -

2h 7.6500E RASCV115- *- A CT RhAF-*- R A TDP C0 01 -+ -

25- 7. t 5 0 0E- 0 7---- R A S C V114

• A CT R N A C

• R A T D P C 0 01 - + ----

26 -7. 5 0 0 0 5- 0 7 ------ AC T RN 9 F--

• R A ND P A 0 0 3 *- R ATDPC0 01 + --

27 7.5 000E-0 7 ACT RN A F- *- RA NOP bCO 2-*- R ATDPC 0 01-+ -

28 T r95-20i= 0 7 AC-T RN 6F--* -R A SG V FT0 + - M A DG A -+

29 M r9520E-07 AC T RNE F-

• RA T T V FTO

• M A DG A-- + -

30 5.- 95 2 0.E- 0 7- AC T PNb F- * - R A NO V510 6 -* N ADG A - +-

31 5.-9' 2 0E- e 7-- A C T RN A F.-* R A SG v FTo-* -M A cGe -

32 -5. 952 0E-0 7-- AC T RdA F * ' RA TT V FTO

• M A DGB + --- - - -

3 3 -9. 99 2 0c- 0 7 -- A C T R h A F '* - R A MOV S 10 6

• M ADG 6 + - ---- -

--3 4--5.-3 9 4 0E- 0 7 -~- AC T RNb F

• R A SG V F TC "* N A MDP A 0 0 3 - + -----

35 - 9.39*0E-07 -ACTGfibF

• RATTVFTO

• MANDP A00 3 + -

3E --5. 3 9 0E- 0 7-- ACTRNb F

• R A PO V510 6

• M AMDF A0 0 3 + --

37 - 5.39 4 0E- 0 7- ~--- ACTRN A F * -R A SGV FTO -*- M A MDPb 0 0 2 + -

38- 5.39.dE-07 ACTRNAF

• RA TT V FTO

• NANDP5 00 2 + -

Figure 9 (Sheet 2 of 2)

A

\ 3 TERM PR06 NUMBER OF TERM s

- IFTSGS1234-TKDL4 s' i t

1 5 8000E-01 MATDPC001 +

i 2 5.0000E 03 .,R A T O P C 0 0.1 +

3 3.1000E 03 RASGVFTO +

4 3 1000E-03 RATTVFTO +

l 5 3.1000E 03 RAMOV5106 +

6 2 1000E 03 MAMOV3009 +

i 7 ~2 .1000E-03 MAM0V5106 + s 1

8 2 1000E-03 MATTV +

9 2 1000E-03 MASGV +

i 10 2 1000E-03 MAMov3019 +

11 1.1000E-01 RAMGV015 + <

i i 12 2.2000E-04 DCTRNCF +

13 1.0000E-04 RACHV014 + 4 l

14 7.0000E-06 ISTTRNCF

• OEMOV5106FT0 +

l 15 3 4100E-06 RABYV090

• RAMOV5113FT0 +

16 3 4100E-06 RABYV093

• RAMOV5113FT0 +

17 1.2100E-06 RABYV090

• R&BYV097 +

18 1 2100E 06 R AMOV 0 05'!

• RAMGV00T +

19 1.2100E 06 RABYV093 e'RABYV097 +

20 1 1000E 0A RABYV093*OEMO{5113FT0.

j 21 1.1000E 0A RABYV090

• OEMOV5113FTO +

22 5.0000E 07 RASPDGOV

• OESPDGOV +

Figure 10 VEGP AFWS Unavailability Assessment Dominant Failure i Modes Case No.3-LOAC l

l

Table 3 BNL Assumptions of VEGP NSSS Stean Generator Makeup Requirements Based Upon FSAR Information Flow Requirements (gal / min Power Levels Loss of Main Loss of Offsite Loss of All (MWt) Feedwater (LMFW) Power (LOOP) AC Power (LOAC) 3425 510 510 510 AFW Flow Information Pump Discharge Flow Pump Recirculation (gal / min) Flow (gal / min)

Turbine- Motor- Motor- Turbine- Motor- Motor-Driven Driven Driven Driven Driven Driven Pump Pump A Pump 8 Pump Pump A Pump B 852 552 552 144 0 (a) 0 (a) at 1235 psia 120*F (a) The motor-operated valves in the motor-driven pump recirculation lines are intended to close when the pump flow reaches the miniflow,100 gal / min, within a minute. Thus, the motor-driven pump recirculation flow was not considered.

7 Table 4 AFWS Component Failure Data Unavailability Failure on Repa i r f ir.e Due to Demand Rgre rence l h L_ Maintenanco ge[efpnce Fault Event / Tree Description Component NA NA Check valve (at steam gen- 121 122, 1 x 10~" 1 NA erator intake) fails to 123, 124, open on demand 125, 126, 127, 128 NA NA NA Stop check valvc (at steam 113, 114, 1x 10 ** 1 generator intake) fails to 115, 116 open on demand 017, 020, 1x 10 ~" 1 7 2.17 x 10~' 1, 3 Stop check valve (on AFWS 4 d i scha rge ) fails to open 023, 026, p3 on demand 037. 040, O 043, 046 'O

~

Motor-operated va lve (on 5120, 5122, 1 x 10~" 1 7 2.17 x 10 ' 1, 3 8

discharge line) transfers 5125, 5127, ]

y ,

closed 5132, 5137, 5134 5139 g

y, g Gate valve (on discharge 015, 016, 1 x 10~" 1 7 7 x 10-e 3 O

line) transfers 019, 022, >

025, 035, '

closed 036, 039, Ofs2, 045, --

060

~

Check vaive (on discharge 001, 002, 1 x 10~" 1 7 2.17 x 10 ' 1, 3 line) fails to open on 014 demand Motor-driven pump 003, 002 5 x 10" 1 19 5.81 x 10 i fails (includes controls) ~3

~3 1 19 5,81 x 10 1 Turbine-driven pump 001 5 x 10 faiIs (includes

. controls) s a

l l ) l

~ e$e 4 ] y : M o* t :* y $ y e

c n A A A A e N N N N 3 r

e f

e R

y k t a e .

i l

e r n i oc

• Bs o

- - n i btn 0 li t a a 1 l t c l en ae ne i ue x ml uh aDt Sl ft v n 7 u n0 a dB ss n ia U M A

N A

N A A 1, n,

i0 84 te N N 2 a s1 im 1 k- i e s1 sH mt t6 iS r m n0 RA oe i

T e- W fr 1 iC sf t

n, ru rh A A A

. el A nR0 en pi i[ N N N N 7 aU8 do a a rN9 ii or p T 1 cs t R

e r",y esr cs Ai m leo r

tta fm by anu oo ac wan C nn e dl a t ue c ePJ ny u n e er sq e 3 1 1 1 1 rg ,

nn mo st ie r

) r

. e rio sa tf t f oti el i t

n e at su ce O R nr a sg nh oel Ae ut C ipu R p

(

n tog n ms o _

3 a e Ar oa 4 d 2 "

• ludR a c 3 0 e c e en-r a 0 0

0

- 1 anr 1

=. e d

um 0 vgo yc ut l

b t g 1 1 1 1 x Eit du ta x x x sc uN l a

T iJ x F

a 3 5 5 5 1

1 cea iDe rR ee t

S .

y.

S bc yu el ra nsr tU ec eua e h d

Goc

" hi f",

a ws 92749 939227 e

e ,nu gc Ss ei jn 12233 ,d e pg t ce

, 01111 111233 011111 2er desn niN rn nc e AB 35555 35555$ 0 po nl ot oa an n

i isr tl na q nn ,,, , , ,,,,,,

0sn r

at ,n tere seo cP en p 90527 9680549 ,,e povev isW o a te m ii aa er ,

nt 02233 0012233 13v rl vl mnc C

o rr Tt 01111 0111111 35555 355555$ 00g Ttvgv 00o irhaoa mii o r " w7 Re5 o9 ma i ain Csr ,P 1 m yntO rr e re , l_ bo t

n ode . a_a ebeo o d s tic iur ti tl o te ect u e rl l co e r

uc M

ip -

s o o t o oi a g uAF m g

,N O e dd ny r e l

c t er etk d Cl , t c t l

v Rns u a) ifi l

a l e aa J . ck s i e ae n av rlT el e s v nv vl ao g Nil di D n l gl ig a rO b o a ia s evd leos n ,e/ sa e v Cr nm5 e

(

sv t

l tga n ce ir em7 il i.

r r d nd r tnm ufd e so- eae T ce) e ee a oie s Nor e e O n u SCC E

cvm

/ aw2 t pt t rnd nai o a c .s i m .R ant t

n f pd r oar s hr n g U nu e o n e ten e S. on sd n s S. N a e ,i r v ca pr l e ap l

a vo r U l_ a E RU( t do e E ei rr1 oor uo n- n u ngn a dpe f

e in0a 5p t ut rr a r a R

. . . a1 e l

l ce oe mo mp peo 1 2 3 M/r u ies t t m ie a al a oy uo ou rpo . .

F Fec Mb Nm Np Tst s b l ll 1 lllI -

bo

)u 2 y yh o">'

c'a" e 3 3 3 3 3 c A n , , A , , , A A e 1 1 1 N 1 1 2 N N N 3 r

e f

e R

y t

i l

ioc -

e 6 _ 6 6

- e 6

0 - 0

• btn 0 0 7 0 a a 1 1 1 0 1 l en 1 - 1

+

t e x x x x 0 iaOt v n 7 7 7 x

7 1 x a i 1 1 1 0 1 x 4 n . . . A A A A U ta 2 2 2 N 7 2 4 N N N 2 t

e i_

m lL A A A A rtt ii 7 7 7 N 7 7 0 N N N 2 a 14 p

e R

e n A e 1 1 1 1 1 1 1 3 1 3 N r

e

) r

. e t H n

O n 3 '

C o * -

(

4 en ra d 0 1

0 6

0

'0 "

~

0 1

0 "

0 8

0 0 3

~

un i x 1 1 1 1 x 1 1 1 e l e iD 1 x x x x 1 x x x 2 l

b a . . A a r 3 1 1 1 1 3 1 1 7 0 N T

9 8 t 1 , 1 ,

n 8 0 7 :4 1 179 2 ,, r .,

e 0 3 0 9 5 999 0 AB o ABC n 0 0 0 000 0 n 1 o , ,

, iinndr nnn p 6 , 9 , , 39 ,,, ee e iii m 0 6 0 5 35 11 028 1 aaev s aaa o 1 0 0 0 99 11 999 0 rrpo a rrr 0 Ttsg C Ttt C 5 0 3 0 00 55 000 n

l o

i )d p en ka s s am er r Mc ste ne e r

- e' n end if f e n e e e vi bs ns v) n o w c D lv) e p n rn on l e o o d lamo ua i

ak o (a an ( t p e va n va trd r vi a V e td o ot ed tn et ld e s u e -

r dnn ( dte n a v d n v r t t 5r T eia m ess o)m l) ena l ee c i 2e s

/ t m sal t o (ee ae tom a gf a 1 w t aee eei ael kd vni aie vrs r o n rnd rnc ea rtd an r r fp e ei lvta srd ei vtn lyl ec lyha s o o o v pb n a n pbr l no pun cr l c E oro ve)a ore ai fn oso fst ri i e r ei u nem ur v d rod - d a rl o rr t rts kike rts me eie rps ed)e es f

luan ut l

o l cbad o n eas tts oml t T

s i c s

u tni ert tna teo tco tui opa tTno uSil S ig o

ie al a ooa hunn oor atl uul ai r M(r Ctio M(t Csc Bsc M(r BCl c C rs L t e

Table 5 NRC-SUPPLIED DATA USED FOR PURPOSES OF CONOUCTING A LORFAKAil ft AshtS5 MENT OF EXISTING AFWS DE5IGN5 AND THEIR POTENiiAL RELIABILITIES Point Value Estimate of Probability of*

Failure on Demand I. Cmoonent (Hardware) Failure Data

a. Val ves:

Manual Valves (Plugged) ~1 x 10-4 Check Valves ~1 x 10-4 Motor-Operated Valves

- Mechanical Cceponents 'l x 10-3 Plugging Contribution ~1 x 10-4 Control Circuit (Lecal to Valve) w/Quartarly Tests 6 x 10-3 w/ Monthly Tests '2 x 10-3

5. Pumes: (1 Pump)

Mechanical Compone.1ts 1 x 10-3 Centrol Circuit w/ Quarterly Tests ~7 x 10-3 w/ Monthly Tests 4 x 10-3

c. Actuation Locic ~7 x 10-3 m _ _ _ _

. I

Table 5 (Cont.)

II. Test and Maintenance Outage Contributions:

a. Calculational Approach

1. Test Outage

( hrs / test) ( tests / year)

QTES7 nrs/ year

2. Maintenance Outage 034337,  ; (0.22)( hrs /maint. act) ao

b. Data Tables for Test and Maint. Outages

• SG98ARY OF TEST ACT DURAT!CN Calculated Range on Test Mean Test Act Component- Act Duration Time, hr Duration Time, to, hr Pumos 0.25 - 4 1.4 Valves 0.25 - 2 0.36 Diesel s 0.25 - 4 1.4 Instrumentation 0.25 - 4 1.4 LOG-NORMAL M00ELED MAINTENANCE ACT 00 RATION Calculated Range on Maintenance Mean Maintenance Act Component Act Duration Time, hr Duration Time, 0t , hr Pumps 1/2 - 24 7 1/2 - 72 19 Val ves 1/2 - 24 7 Diesels 2 - 72 21 Instr's.ientation 1/4 - 24 6 Note: inese cata tables were taken fr:m the Reactor Safety Study

(*4 ASH-1400) for purposes of this AF4 system assessment.

Where the plant technical specifications placed limits on the cutage duration (s) allowed for AF4 system trains, this tech spec limit was used to estimate the mean duration times for maintenance. In genersi, it was found that the outages allowed for maintenanca dcminated those centributions to AF4 systen unavailanili ./ fran outages due to .esting.

Table 5 (Cont.)

III. Human Acts & Errors - Failure Data: . Estimated Human Error / Failure Probabilities Modifying Factors & Situations' With Valve Position With Local Walk-Around & W/0 Either Indication in Control Room louble Check Procedures Point Value Est Est. en Point Value Est Est. on Point Value Est On Error Error Estimate Error Factor Factor Factor

a. Acts A Errors of A Pre-Accident Nature

1. Valves Mispositioned During Test /Maint (a) Specific Single Valve wrongly Selected out of A Population of Valves During Conduct of a -2 -2 -2 Test or Maintenance Act (X No. 1 X 10 X 1 1 X 10 X 1 10 I XY of Valves in Population at Choice) 75 1 20 7 R 10 10 (b) Inadvertently Leaves Correct Valva in Wrong Position 5 x 10

-4 20 5 x 10 -3 10 IC

-2 10

2. More than one valve is affected (coupled errors) 1 x 10

~4 20 1 x 10'3 10 3 x 10 ~3 10 h e

3. Miscalibration of Sensors / Electrical Relays (a) One Sensor / Relay Affected - -

5'x 10~3 10 10 39 (b) More than one Sensor / Relay 3 3

Affected - -

1 x 10 10 3 x 13 10 l

l I

1'

. _ - , m. .

Table 5 (Cont.)

Time Actuation Needed Estimated Failure Estimated Failure Overall Estimated f Prob. for Primary Pro 4. of other Estimate Error Factor l Operator to (Backup) Control of Failure on Overall Actuate AFW5 Rm. Operator to Probability Probability Actuate AFWS

b. Acts & Errors of a Post-Accident Nature

1. Manual Actuation of AFW system from Control Room j

~

(a) Considering " Dedicated" Operator 5 min. 2 x 10 3 2 x 10 3 10 I to Actuate AFW system and Possible 15 min. 1 x 10 4 0.5 (mod. dep.) 5 54 10 10 Backup Actuation of AFWS 30 min. 5 x 10 .25 (Iow dep.) 10 10 (a) Considering "Non-Dedicated" 5 min -

5 x 10 2 10

(

Operator-to Actuate AFW system 15 min.

5x10ll 0.5 (mod. dep.) 5 x 310 a I x 10,3 10 and Possible Backup 30 min. 5 x 10 .25 (Iow dep.) 10 10 8 Acutation of AFW system 1

Table 6 Nomenclature Scheme for Fault Identifiers Added by BNL to the Applicant's Fault Tree Basic Events RA = Random Acts (includes pre-accident operator error for manual valves)

MA = Maintenance Acts TA = Test Acts OE = Operator Error (includes both pre- and post-accident operator error for motor-operated valves)

CL = Closed OP = Open FT0 = Fails to Open ACTRNAF = Random failure of Train A ac power, i.e., Diesel Generator A.

ACTRNBF = Same for Train B.

Components BYV = Butterfly Valve MDP = Motor-Driven Pump CHV = Check Valve TDP = Turbine-Driven Pump SCV = Stop Check Valve DG = Diesel Generator MGV = Manual Gate Valve M0V = Motor-0perated Valve ,

Table 7 Comparison of Data Assumptions Unavailability / Demand Description Applicant BNL I

A. Maintenance

1. Pumps 5.81x10-3 5.8x10-3

2. - Valves

a. Motor-operated gate and butterfly valves 2.17x10-6 2.1x10-3

b. Manual butterfly valves on CST discharge lines 4.0x10-7 0 c.- Manual butterfly valves on ptsnp suction lines 7.0x10-8 0

d. Speed governor and trip and throttle valves 2.17x10-6 2.1x10-3

e. . Manual stop check valves at steam generator intakes 0* O

f. Manual stop check valves on pump discharge lines 2.17x10-6 0

g. Manual gate valves on turbine steam intake 0* O

h. Manual gate valves on pump discharge lines 7.0x10-8 0

1. Check valves at steam generator i ntakes 0* 0

j. Check valves on pamp discharge 1ines 2.17x10-6 0

3. Diesel Generators (0nsite ac Power) 0 6.4x10-3

4. 125-V dc Power 2.4x10-6 0 B. Testing-

1. Pumps 0 6.4x10-4

2. - Val ves 0/ Of

3. Diesel Generators 0 0 It is assumeo that no maintenance can be performed on these components owing to their proximity to the stean. generators.

,/ Valve testing does not cause unavailability.

Table 7 (Cont.) ,

Unavailability / Demand Description Applicant BNL C. Human Errors-

1. Pre-accident nature

a. Motor-operated . valves with Control Room position indication 5x10-4 5x10-4

b. -Manual valves with no Control Room position indication

1) Post-accident operator recovery not possible within 30 minutes 0 5x10-3

-11) Post-accident operator recovery possible within 30 minutes 0 1x10-3

2. Post-accident nature a .~ Operator fails to open motor-operated valves (includes transfer to alternate Condensate Storage Tank) 5x10-3 1x10-3

b. ~ 0perator fails to start pumps 5x10-3 1x10-3 D. Mechanical and Electrical Faults

1. Plugging of all valyes 1x10-4 1x10-4

2. Failure of mechanical components including pumps and motor-operated valyes 1x10-3 1x10-3

3. Diesel generator fails to start 3x10-2 3x10-2

4. 125-V.de power failure 0 .0

5. Failure of actuation logic for. pumps and motor-operated valves (per train) 7x10-3 7x10-3

-6. Control' circuit failure

a. Pumps (monthly tests)' 4x10-3 4x10-3 b.- Valves (monthly tests) 2x10-3 2x10-3

Table-7 (Cont.)

Unavailability / Demand Description Applicant BNL E. Summation of Random Failures (Human Errors and Mechanical and Electrical Faults)-

1. Pumps, both motor- and turbine-driven 5x10-3 5x10-3

2. Val ves

a. Motor-operateo, position change required (plugging plus control circuit failure) 3.1x10-3 3.1x10-3

b. Manual valves (locked open)

1. ' No post accident operator recovery possible within 30 minutes (Valve position not verifiable by pump testing) 1x10-4 5.1x10-3 ii. Post accident operator recovery possible within 30 minutes (Valve position verifiable by pump testi ng) 1x10-4 1.1x1g-3

c. Check valves 1x10-4 1x10-

3. Diesel Generators 3x10-2 3x10-2

Table 8 VEGP AFWS Unavailability Sensitivity Comparison A. All Manual Valves B. All Manual Valves C. All Manual Valves Applicant's Results 5.1E-3 Random Error 1.1E-3 Random Error 1.1E-3 Random Error Except SG Intake Valves at 5.1E-3 Case Random Error

1. LMFW a) Independent Fail-ures Only 4.1E-5 1.4E-5 8.8E-6 b) Multiple 6.3E-6 Errors Assured 5.4E-5 2.7E-3 2.2E-5 L

?

2. LOOP a) Independent Fail-ures Only 2.0E-4 1.1E-4 8.7E-5 b) Multiple 2.6E-5 Errors Assumed 2.1E-4 1.2E-4 1.0E-4

3. LOAC a) Independent Fail-ures Only 3.6E-2 3.2E-2 3.2E-2 b) Multiple 1.0E-2 Errors Assuned 3.6E-2 3.2E-2 3.2E-2

==,c,,.oa- m u s .uctu.= .ouaro., co-s5c= i *=>o 1 ~vo.e a <4 ~ r<oc - a. . < .e, 2"3# BIBLIOGRAPHIC DATA SHEET NUREG/CR-4228 sis,~5reuct o~ , ......,, BNL-NUREG-5187 2 T TLt &%D SLt E 3 LEavi tL ANE Review o the Vogtle Units 1 and 2 Auxiliary Feedwater System Re ' ability Analysis

[DATE REPCat COMPLtTED l

. . .s, Auguf 1985 f . o...... oar. ao A. Fresco, R. Yo gblood, and I. A. Papazoglou / wo~r- veAa l

pEtober 1985

, + ,0 ..~ao.a.,,2.i.o,.... . .u ~a .co. 5s ,,_,, ,, C , onCia.a wo- u~a ...

Brookhaven National > oratory ,,,,,ooo .,,,,,,,,,

Upton, New York 1197 A-3702 10 SPONSOwsNG ORGANilaitO% %Awt 4%3 esastamG a etts stacsw ee le Cape, tia YvPt Os atPomi Division of Safety Technolo Final Office of Nuclear Reactor Reg ation ,,,,,,,co,,,,,,,_,,,,,,

U.S. Nuclear Regulatory Commis 'on Washington, DC 20555 12 SvPPLEMENTany NOf ts 13 A85f maCT <JG0 seseos er esos This report presents the resul f the review of the Auxiliary Feedwater System reliability analysis for the o le Electric Generating Plant (VEGP)

Units 1 and 2. The objective of t is r rt is to estimate the probability that the Auxiliary Feedwater Syst n will il to perform its mission for each of three different initiators: ( loss o ain feedwater with offsite power availatle, (2) loss of offsite wer, (3) 1 s of all ac power except vital instrumentation and control 12 V dc/120-V a ower. The scope, methodology, and failure data are prescrib by NUREG-0611, ppendix III. The results are compared with those obtained n NUREG-0611 for her Westinghouse plants.

to QQC6Wt %T A% ALYSr5 . . RE * *QMD5-QESCMtPT 9 5 Av 4aL&3s tai v Reliability Analysis NUREG-0611 Auxiliary Feedwater Sys ms Unlimited Pump and Valve Failure tes an Units 1 and 2 -

'* 55 cua'" c'*5"' car'o*

Vogtle Generating Stat l <r..~,

. .ei r..es oai i~oro via-s Unclassified a r.~,

L Unclassified a nu~. . o .G 5

....C.

UNITED STATES souxtwctass miit NUCLEAR REGULATO7.Y COMMISSION l

'055'*l,usraio  ;

WASHINGTON, D.C. 20666 wasa o c (

.. -1 o .,

f OFFICIAL BUSINESS $

PENALTY FOR PRIVATE USE. 6300 110 t;U RE 6 1205550730 RC pog.PCR hyICly go-;gg TICC 4G1 DC 2 0 W.

PollC b'[,wthgTON m

C D

E E

-4

<\

>(

Zl r;

E!

.m, 5

a