ML20246E292
| ML20246E292 | |
| Person / Time | |
|---|---|
| Site: | 05000470 |
| Issue date: | 08/17/1989 |
| From: | Holahan G Office of Nuclear Reactor Regulation |
| To: | Congel F, Richardson J, Thadani A Office of Nuclear Reactor Regulation |
| References | |
| PROJECT-675A NUDOCS 8908290072 | |
| Download: ML20246E292 (1) | |
Text
g ~ ~ _ _ _
K
- cf
. Project No. 675 August.17, 1989
' MEMORANDUM TOR:
Ashok C..Thadani, Assistant Director for Systems .
Division of Engineering & Systems Technology, NRR James E. Richardson, Assistant Director for Engineering Division of Engineering & Systems Technology, NRR Frank J..Congel Director Division' of Radiation Protection &
Emergency Preparedness, NRit Jack W. Roe, Director Division of License Performance &
Quality Evaluation, NRR Brian W. Sheron, Director Division of Systems Research, RES FROM: Gary M. Holahan, Acting Assistant Director for Region IV Reactors & Special Projects Division of Reactor Projects - III, IV, V and Special Projects, NRR
SUBJECT:
LICENSING REVIEW BASIS FOR CESSAR-DC ArevisedLicensingReviewBasis(LRB)documentforCESSAR-DCisenclosedfor your review and coments. This document identifies key technical issues and CE's approach for their resolutions, and establishes the schedule and process for the design certification review of CE System 80+.
After resolving all comments, we plan to issue this document by Septenter 8, ,
1989. Your comments should be forwarded to Rabi Singh (X21103, Mail Stop IIH-3) by August 31, 1989.
/s/
Gary M. Holahan, Acting Assistant Director for Region IV Reactors & Special Projects Division of Reactor Projects - III, IV, g 8. Y and Special Projects, NRR
- a.
Enclosure:
DISTRIBUTION:
!.$ :As stated CeFriTTfW RSingh g4 NRC PDR- GHolahan Id ; .
cc: T. Murley F. Miraglia PDSLE R/F PShuttleworth /
-8@' J. Partlow D. Crutchfield / -
8 or J. Sniezek P
\ ,
PDN:PM 2D II PDSLE A Pp (
on 4 PS ' leworth RSingh:cw C i 1er GHo ahan ,
b
'08/j /89 08/0/P9 L
08yd/gl3h R.LE Cb.0S/pM9nhiCOPY (MEMO FOR THADANI)
- o 4
-t o
J COMBUSTION ENGINEERING August 7,1989 LD-89-088 Project No. 675 Mr. Charles L. Miller l
Office of Nuclear Reactor Regulation U.S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, D.C. 20555
Subject:
Licensing Review Basis for CESSAR-DC
Reference:
Letter LD-89-033, A. E. Scherer (C-E), to T. J. Kenyon (NRC), dated March 30, 1989
Dear Mr. Miller:
Enclosed with this letter is Combustion Engineering's suggested revision to the proposed Licensing Review Basis (LRB) document for the review of the Combustion Engineering Standard Safety Analysis Report - Design Certification (CESSAR-DC). The revisions to the enclosed LRB are the result of the June 15, June 22, and July 18, 1989, meetings among Mr. Singh Nuclear Regulatory Commission (NRC),
i Mr. Kenyon (NRC), Mr. Monninger (NRC) and Mr. Ritterbusch of my staff.
It is our belief that this revision of the LRB is responsive to concerns expressed by the Staff and we request your early review and concurrence. If you have any questions, please dell me or ,
Mr. S. E. Ritterbusch of my staff at (203) 285-5206.
Very truly yours, COMBUSTION ENGINEERING, INC.
s/RJ A. cherer ,
Director l Nuclear Licensing i AES:jeb
Enclosure:
As Stated i
ec: Dr. T. Murley (NRC)
Mr. F. Ross (DOE-Germantown) ;
_Mr. R. Singh (NRC) {
Posset Systems 1000 Prospe:: em Read (202) SES-19M Combustion Engneenng Inc. Post Omce Box 500 Teiex 99297 Wincscr Connet:= cut 06095 0E00 kS OO l ":Jf) 1 (( kfq e_-_ _ _ _ 7 ~
Enclosure I to LD-89-088 l o- .
COMBUSTION ENGINEERING, INC.
SYSTEM 80+= STANDARD DESIGN DESIGN CERTIFICATION LICENSING REVIEW BASIS August,1989 i
i Oa e t i , < < c l V b I (J U ' o ( W )
' ~ ~
ABSTRACT Title 10 of the Code of Federal Regulations, Part 52, contains the requirements for issuance of early site permits, standara design certifications, and combined licenses. Consistent with this rule, Combustion Engineering, Inc. has applied for design certification of the System 80+'
Standard Design, which is described in the Combustion Engineering Standard Safety Analysis Report-Design Certification (CESSAR-DC). This Licensing Review Basis document has been developed (1) to identify key technical issues and Combustion Engineering's proposed approach for their resolution and (2) to establish the schedule and process for the design certification review.
I f
i
TABLE OF CONTENTS
'Section Eggg ABSTRACT 1
1.0 INTRODUCTION
1.1 Scope and Content of CESSAR-DC 2 1.2 Applicability of the EPRI ALWR 2 ,
Requirements Document 1.3 Scope & Content of Future 3 Applications Referencing CESSAR-DC 7
2.0 SCHEDULE 3.0 CONTENT OF APPLICATION 10 3.1 Dual Docket Approach 10 3.2 :CESSAR-DC Format 10 3.3 CESSAR-DC Amendment Identification 10 3.4 Incorporation of Key Requirements 12 14 4.0 NRC STAFF REVIEW 4.1 Overview 14 4.2 Procedure 14 16 5.0 ACRS PARTICIPATION.
17 6.0 SEVERE ACCIDENT ISSUES 6.1 Introduction 17 6.2 TMI Requirements for New Plants 17 6.3. Resolution of USIs and GSIs 18 6.4 Probabilistic Risk Assessment 18 6.5 Severe Accident Performance Goals 18 6.5.1. Prevention of Core Damage 18 6.5.2 Mitigation of Care Damage 20 6.5.3- Offsite Consequences of Severe Accidents 22 24 7.0 OTHER SPECIFIC ISSUES 7.1 Physical Security and Sabotage 24 l 25 7.2 Site Envelope Parameters 7.3 Completeness of Design Documentation 25 7.4 Program for the Assurance of Duality in Design 27 27 7.5 Instrumentation and Controls 7.6 Maintenance, Surveillance and Reliability 27 7.7 Safety Goal Policy Statement 28 l 1
i
Pace 29 7.8 L0CFRPart52 7.9 Sixty! Year Life 29 7.10 Fire Protection 29 7.11 Station Blackout 30 7.12 Leak-Before-Break 30 7.13 Source Term 31 7.14 Operational Basis Earthquake 31 7.15 Type C Containment Leak Rate 31 7.16 Hydrogen Generation 32 7.17 Severe Accident Containment Vents 32 7.18 Mid-Loop Operations 32 7.19 Interfacing System LOCA 33 7.20 Anticipated Transients without Scram (ATWS) 33 7.21 Electrical System Design 34 7.22 Degraded Core Behavior 35 Appendix A Process for Resolution of Unresolved and A-1 Generic Safety Issues as Required by 10 CFR Part 52 Appendix B Process for Probabilistic Risk B-1 Assessment as Required by 10 CFR Part 52 Appendix C Process for Degraded Core C-1 Evaluation Consistent with the Severe Accident Policy Statement LIST OF TABLES Pace Tables 1 Nuclear Power Plant Structures, Systems, and Components 4 Currently Included in the System 80+ Standard Design 2 Nuclear Power Plant Structures, Systems, and Components 6 For Which a Conceptual Design Will be Provided 8
3 CESSAR-DC Submittal Schedule LIST OF FIGURES Pace Ficure Dual Docket Approach 11 1
l
\
l ii l
L_______________________-_-______. _ _ _ - _ _ _ _ _
4
'4 .
1.0 INTRODUCTION
1 4.__
1.,
Combustion Engineering has applied for Design Certification of the System 80+D Standard Design in accordance with the Commission's' regulations (10 CFR Part 52).
R Combustion Engineering is enhancing the System 80 standard design
~
[ described in the Combustion Engineering Standard Safety Analysis Report - FSAR (CESSAR-Fj] to meet the requirements of 10 CFR Part 52 and the guidance of the NRC's Severe Accident and Safety Goal . Policy-Statements.. The scope of this-improved design, the System 80+D
~
Standard Design, covers an essentially complete nuclear power plant, which will include all structures, systems, and components that can affect safe operation, except for site-specific elements . This-
. scope will be described in the Combustion Engineering Standard Safety Analysis ~ Report-Design Certification (CESSAR-DC), which will provide sufficient information to enable the Staff to issue the Final Design Approval required for Commission terrification of the System 80+ Standard Design.
Both Combustion Engineering and the NRC Staff believe that the safety review of CESSAR-DC will proceed more smoothly if certain licensing review bases are established. This Licensing Review Basis (LRB) document will, therefore, be used (1) to identify key technical issucs and Combustion Engineering's proposed approach for their resolution and (2) to establish the schedule and process for the Design Certification review.
- The System 80+ design process is currently ongoing and will be completed according to the schedule presented in Section 2.
. 1-
t E . , ,.
. 1.1 Scope and rantent of CESSAR-DC The.' scope of the System 80+ Standard Design includes an essentially complete nuclear power plant. Table 1 lists the detailed lI structures, systems, and components included in the System 80+
, Standard Design and Table 2 lists those for which a conceptual design will be provided, consistent with the requirements of 10 CFR Part 52. Interface requirements for structures, systems, and L components, not included in the System 80+ Standard Design will be l provided in CESSAR-DC. NRC Staff review of the information presented in CESSAR-DC will ensure that all safety issues are fully l
addressed and that all regulatory requirements are accounted for during the Design Certification process. The Staff's review of CESSAR-DC, therefore, will close out all questions concerning the System 80+ Standard Design, consistent with 10 CFR Part 52, and will address the tests, inspections, analyses, and acceptance criterie I that are necessary to provide reasonable assurance that the plant :
l will be built and operated in accordance with the design L certification.
1 l Since Combustion Engineering wishes to obtain an FDA and a Design Certification for the System 80+ Standard Design before any applicant, site, or equipment suppliers are identified, it will provide the necessary level of detailed information to enable the Staff to complete its review without preempting competitive bidding on any future project that references the certified design. The format and content of CESSAR-DC are described in Sections 3, 6, and 1.
l l
1.2 ADDlicability of the EPRI ALWR Requirements Document l
Combustion engineering is responsible for the development of the System 80+ Stendard Design, even though assistance may be obtained from other organizations during the design process and NRC Staff review. The design bases for the System 80+ Standard Design include performance and safety criteria established by Combustion L _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ______..______________.______.____________________.______________._._____.______________._.________..____;
o ,-
3 I
Engineering, industry codes and-standards, System 80 design N information, operating plant experience, NRC regulations and guidance, and input from the EPRIiALWR Requirements' Document.
Selected EPRI criteria are adopted by. Combustion Engineering after technical, licensing, and cost reviews. The System 80+ design bases and design features are described in CESSAR-DC and Combustion Engineering will be responsible for responding to NRC questions on-this material. In responding to some questions, however, Combustion-Engineering may reference the EPRI ALWR Requirements Document (and associated NRC review documents) or inay invite EPRI to participate in meetings with NRC staff in order to provide more detailed technical support. Examples of subjects where such questions might arise_are (1) Probabilistic Risk Assessment methodology, (2) sabotage protection, and (3) hydrogen generation and control inside the containment.
1.3 Scope and Content of Future Applications Referencing CESSAR-DC When the certified System 80+ Standard Design is referenced in an application, the Staff's review of matters related to the approved reference design need consider only (1) whether the parameters of the specified construction site fall within the requirements of the certified design site envelope, (2) whether the interface requirements of the certified design have been met, (3) the applicant's proposed means of assuring that plant construction will conform to the certified design requirements, and (4) a final confirmation (based on compliance reviews / audits during construction) that the plant has been constructed and can be operated in compliance with the design details and acceptance criteria certified by the Commission. No further review of the i
referenced design will be required when the site-specific parameters l -- fall within the site envelope and interface requiremerits are met.
~
.s TABLE l'
< NUCLEAR POWER PLANT STRUCTURES SYSTEMS. AND COMPONENTS CURRENTLY e N LUDED IN THE SYSTEN 80+ STANDARD DESIGN o Reactor Coolant System o Fuel System o Shutdown Cooling System o Containment Structure and Support Systems o Safety Injection System o Habitability Systems o Safety Depressurization System o Reactor Protective System o Engineered Safety Features Actuation System o Control Systems not Required for Safety o Onsite Power System o Fuel Storage and Handling 3ystems o Station Service Water System o Component Cooling Water System o Turbine Building Service Water System o Turbine Building Cooling Water System o Chilled Water System o Demineralized Water Makeup System o Condensate Storage System o Compressed Air Systems o Process Sampling System o Equipment and Floor Drainage System o Chemical and Volume Control System o Control Building Ventilation System o Fuel Building Ventilation System o Auxiliary and Radwaste Building Ventilation System o Diesel Building Ventilation System o Containment Purge Ventilation System o Containment Cooling and Ventilation o Turbine Building Ventilation System o Station Service Water Pump Structure Ventilation System o Fire Protection System o Communication Systems o Lighting Systems o Diesel Generator (DG) Engine Fuel Oil System o DG Engine Cooling Water System o DG Engine Starting Air System o DG Engine Lube Oil System o DG Engine Air Intake and Exhaust o DG Building Sump Pump System o Compressed Gas System o Turbine Generator System o Main Steam Supply System o Turbine Bypass System o Main Condenser System o Condensate Cleanup System 4
l 4
, TABLE 1-(Cont'd)
NUCLEARPOWER$LkNf~ STRUCTURES. SYSTEMS.ANDCOMPONENTSCURRENTLY-L INCLUDED IN THE SYSTEM 80+ STANDARD DESIGN 1
o Condensate and Feedwater System o Steam and Power Conversion System o Steam Generator Blowdown System o Emergency Feedwater System o ' Liquid Waste Management System o Gareous Waste Management System l o Solid Waste Management System o Process / Effluent Radiation Monitoring System i
1 TABLE 2 NUCLEAR POWER PLANT STRUCTURES. SYSTEMS. AND._ COMPONENTS FOR WHICH A CONCEPTUAL DESIGN WILL BE PROVIDED o Offsite Power System (Including Switchyard) o Emergency Operations Facility I o Operations Support Center o Training Facilities o Office Space'0utside the Control Complex -
o Laboratory Facilities
-0 Decontamination Facilities o Ultimate Heat Sink o Warehouses o Sewage Treatment Facilities o Potable and Sanitary Water Systems o Service Water Intake Structure 1
- Conceptual design descriptions and interface requirements will be provided in CESSAR-DC, consistent with the requirements of 10 CFR Part 52.
)
l 1
- -_ - _ - _ _ _ _ _______- ___ _____ __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ ______ }
l..'.
t&i l W.,
- -.'2 0L . SCHEDULE.
~
~
~The'scT dUTi for. submitting groups of CESSAR-DC chapters is shown in
,, i- Table 3 along with the schedule for NRC review of those'submittals.
The major milestones are design' completion by September.1990, an FDA by September 1991, and Design Certification by September'1992.-
l-7
0 0 0
_ R 9 9 0 0 9 9 9 9 9
.E 9 9 CSE 1 1 9 1 1 1 R T H H NTA C . E E FD C C N N A R R A E U U
_ R A D J J M
D M D D D D E E E E 8 8 18T9 CL T7 T D8 D8 T8T8
_ DA T8 T7 D8 I 9I 9
- T I 9 I 8 E9 E8 E9 RTE M1 M9 T1 T9 T1 M1M1 B B1 T T1 T B B AIT I . U .U .
SMA U . U I L I SBD ST S . MI ME MT SCSR EU - P V BR BN BP E A CS lE 2O UP UU UE lD2M AS AN SA SJ SS E E N
E. O L I R U T E 3 D A T 0 1 E T P 2 4 1
H N A
& 5 -
C EFH &
S M0C &
E 1 3 6 1 )
L L I 4
3 A P R T M P )8 )
T I E 81 A E I L M 6,1 3, B B A . 9 A U 8 T S
) .)
6,1 3, C 4 4 D ) ) 7. (8 6 )
8 R
N S 0 1
5, , C 6,1 5 ,
3, 6, 3 ) -
A O ,
A 6. )7 A S I 3 5 5, 8 S T 5, ) 5,6,7 .
6,1 E C 0 3 3,) 346 )
C F O
E S
1 23
) 1 4 3.4 -
. 2.4567 NF
( 1 5, 9, ))
4 3)
, 5 6, 7,
- 3 , - - 1 (112 O
IRE R 0 1
12
. 4 56(
3.10 (511 3456
. 1
. 34564 SAT ( 459
(( (( (((7 (((1 ISP , ( , -
VSA 07 , 0 EEH 1 11 159 S61 24567 14567 RCC S
T
, N S , E
, M M R S M M ,E EG O M E D , LE T - TN T . E G N M ATM MMS YUSI CC T N A E CSE EEY TRYR AE S ,A T RIYT TTS METSE EL YNR S S OMSS SS EFS E REGSOR ,
N Y TE Y YYR TANLN N IASN N O S CHLS SSE SSI OI , ,I ET MO O I E ACO T Y RG KMLTAEEI NC E ,R GNA S , ,TN AEDSUTTT TN G I T T P ON R NOW AMNE ETNALISC P IA ,M II D ,I EO RSAWASYE EOLN I I
I R , SR LTE ERTCS BYH V ST R CS RU ETCP OCE PES R - S .ED O C ST ES RS M OEF OTY&O E LD NTR S EN VS OYEA CJ LI S T REEA+ANP CSMS NY ER OVUR0 E E
D DE M
NA O U NIC VC .NC OA FIF ,8GME NNG LE CY RTLS W N N SIF ET L AR T ONOS OYE ENST BC ,MXI I A A RI RI TAVE DTG GEAN - EhEEDAT T EU EL CL C TER EI RTA KTETLLTO T NQ WA AODO UFE TSPNM AOWSPI NB I P EE OU EONR HAM IEEEU EROYUUOA MU GR PQ RCAP SSE SDDMH LPPSNBCS BO UR C D E SG A B
y-n.
In e
1 M,g O a.*- _-N'
.=e m m ==* m mm mm
- g. i e
e=e m.' m m . CP5 ' m
'==* **' ' a *=a w e , Ch - - ma-ggy,
- p .
>==
g g ,g. g w w A v==
A A: A C=
ww sg -
U 2
.w CL w w w Cg: D M- .M M MM M
- )
O m Ch uJ O O m m m g3 aC m -@ m c=* -
e > m.== - m -
g b. W . ===
- ll
- aut - M E w >=*
w >=-
M eC gl2 O Z A CE: A w
M g W stC W - .5 E. M gm 7 M i
Wi a
- W = W 1D >-
- E" . . >C e W A === s=a eJ .w
.g 3 aC 'a D gl:
O. U WAZ U M ECU v W >=
W J E .
m aC & I
>= E A s== W L.J b.
J E dD 4D ^
eC "D -
.>= ,
M e=
=
0 *== me 0 M M e
M E O aC C
- e=e
- M M ^
M >=
w Q =
act CD m Gi 'J. W C3
- O M e m @
w .M .M g6 n. M OO N O eK W* ^
- ZZ *
>= 2 w m+ *,=a
== ww @
M aC & M Q. A w
- == M N a==* CD w @
M eC w *==N w A A @ *==
>W W 3 M CD === - -* aC C KUU a Z M M O a
M Z -
- M w -
>=
M CC, a.= 9=* C e:C O r= M a: W U
eC M >= .=J CC *=
2 O Z ==J
- 4 6 C a = act Z
- - 3 W
=
l
=
- M .=J ===
>=
l O ^ Zw > c Z >==*C WZ >=* = c
ed =
0a w acC M W M M w E == M .
M Z Z V O aCa-U w Z =Z Z ta= Z
- =" MWOOZ *
- e== A E C O V.= O M aKC >==
Q3 O
- O O.=
a O.=
a Z C
>= ** 2. Of - ==
=M W M A M4E t.h M *.= 0 >= M.
== === -
- >- atC O >= M == acC * * = = > > > a:C M E J .'D v V.= WWA J W
===wM^ Z=>= aCC W w Qw O elC C ==QMv^> w Jw ct O O == Kw %
C CC % hQ M Z J ll> 2 w .=J W aEC >== atC a'a C >=-E VI CC % aC AVO W ww Z U >== >= % CC Q U -ZCL M - % >=
M w CC ZwN Z N O
N C
.=J U-EQw ==Csct C 3 C 6 N P.=
- C w C:r -
ww eC E M a+-= >= uQ- Jw*== CtllNw m .C7 W ll="
VML- -= U Q U U UG ww
>= La. % Cf E
>= *= 3 W C *=* CC - ef U
.=J et llll" >= M CC 2 et Ww %
Z Z lll:: Z CC %
== A M >= C3 w
L/2 CJc. w CC M M lllD A Z E g , u , .
8 M a, a
e
- 9-L- - - -- _ ______ _
1 3.0 CONTENT OF APPLICATION 1
s 3.1 Dual 6o"nR' Acoroach q Since the System 80+ Standard Design is an evolution of the System 80 design, a new (separate) docket will be created which includes all of the extisting information and history of the current System 80 l docket, docket number STN 50-470F. As shown in Figure 1, the new docket will be utilized to describe the System 80+ Standard Design.
This approach will allow current System 80 users to reference the first docket while, at the same time, allowing for full NRC review of the System 80+ design and development of the System 80+ Design Certification Rule.
3.2 CESSAR-DC Format The format of CESSAR-DC will be consistent with the guidance of the Standard Review Plan (NUREG-0800) and the Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants (Regulatory Guide 1.70, Revision 3). The numbering of CESSAR-DC sections related to the Nuclear Steam Supply System will be consistent with CESSAR-F, since the System 80+ design is based on the System 80 design described in CESSAR-F.
3.3 CESSAR-DC Amendment Identification .
The CESSAR-DC submittals outlined in Table 3 consist of changes to existing CESSAR-F material in chapter-by-chapter packages. Bars with amendment identifiers will be provided in the margins to indicate all areas of change relative to CESSAR-F. The CESSAR-DC amendment identifier and date will be provided at the bottom of each amended page.
All CESSAR-F material in CESSAR-DC will be reviewed specifically for applicability to the System 80+ Standard Design, will be modified if appropriate, and will then be identified as CESSAR-DC material.
t l' n
o nit gae icl siu f
eiR Dt r e
C d
~
3-3 J.
- CA P D Ns W ,lt l _
AD F t
n e
3- Am V D dn il C
P F e A
0 m t
I I' 2- A l'
I A V E
t l T P iiI .II 1 I iii i
E e WC0 I
K 1 -
1 -
V 1
L P -
AJ X -
I 2-t
^_A D 'r._
F -
0 -
7 4 -
0 I 5
N -
T :C -
S e D t
.F -
o- A k - ;
NR D P
cR o [_
t e A DA S k S wS cS oE eE DC NC
' W'
- ! l l
c..
. '34 .
Incorporation of Key Requirements Paragraph'527II'6ftheCommission' regulations'statesthat applications for design certification must contain the-following items:
(1)- The technical information which is required of applicants for-construction permits and operating licenses by 10 CFR Part 20, Part 50 and its appendices, and. Parts 73 and'100, and which is technically relevant to the design and not site-specific; (2) . Demonstration of compliance with any technically rele' vant portions of the Three Mile Island requirements set forth in 10 CFR 50.34(f);
(3) The site parameters postulated for the design, and an analysis and evaluation of the design in terms of such parameters.
(4) Proposed technical resolutions of those Unresolved Safety l-Issues and medium- and high-priority Generic Safety Issues which are identified in the version of NUREG-0933 current on the date six months prior to application and which are technically relevant to the design; l
(5) A design-specific probabilistic risk assessment; (6) Proposed tests, inspections, analyses, and acceptance criteria which are necessary and sufficient to provide reasonable i assurance that, if the tests, inspections and analyses are performed and the acceptance criteria met, a plant which references the design is built and will operate in accordance with the design certification; (7) The interface requirements to be met by those portions of the plant for which the application does not seek certification. }
These requirements must be sufficiently detailed to allow
e I. ;. ,
i
.4 7.-
. completion of. the-final safety analysis and design-specific.
l.
? probabilistic risk assessment; (8) Justification that compliance with the interface requirements is. verifiable through inspection, testing (either in the plant or elsewhere), or analysis.
(9) A representative conceptual design for those portions of the plant for which the-application does not seek certification to aid'the staff in its review of the final safety analysis, probabilistic risk assessment, and interface requirements.
CESSAR-DC will contain all relevant information in accordance with the requirements of 10 CFR Part 52, including the items listed '
'above. Information will also be included in CESSAR-DC to address the issues identified in Sections 6 and 7 of-this document.
'r h b
o,
-- - - ..._.... ~. . . . _ _ _ _ _ _ _ _ _ _ , _
l l
l 4.0 NRC STAFF REVIEW e-4.1 Overview Each NRC reviewer will be provided a complete copy of the CESSAR-F Safety Evaluation Report (NUREG-0852 and supplements). The NRC Staff will give consideration to this Safety Evaluation Report in order to determine applicability of conclusions in that report to the System EO+ design. After reviewing this report, NRC Staff will review the design described in CESSAR-DC to confirm compliance with NRC regulations, guidance of the Severe Accident and Safety Goal Policy Statements, and the guidance of the Standard Review Plan (SRP).
Combustion Engineering will identify (in Appendix A to CESSAR-DC) proposed acceptance criteria for the resolution of all applicable USIs and GSIs; NRC staff will review these criteria and modify them
- where necessary. Combustion Engineering will also describe System 80+ compliance with those criteria and NRC Staff will review those
" compliance" writeups, consistent with the schedule in Section 2.
Combustion Engineering has committed to provide a sufficient level of information to allow the NRC Staff to complete its review of the System 80+ Standard Design and is' sue the Final Design Approval required for design certification.
4.2 Procedure The staff will follow its review procedures of the SRP, supplemented .
and modified as follows:
(1) CESSAR-DC is to be submitted in groups as shown in Table 3.
Accordingly, the staff SER will also be issued in draft form, in sections in accordance with the schedule also shown in Table
- 3. The draft SER sections will be made publicly available.
_ _ - _ _ _ . _ _ _ - - - - - - - -- - -- - - - )
L (2). At the completion of the review of the individual SAR chapters, the staff will perform an integrated review of the. application.
IhIs~ieview will complement the Probabilistic Risk Assessment.
(PRA) review, -in that it will be an overall . assessment of the
! design. The staff will issue a composite final SER in I
accorcance with the schedule shown in Table 3.
(3) It will be important to carefully document the open or unresolved issues that may be identified early in the review process, but which cannot be resolved until the completion of later chapters. Each draft SER section will-contain a description of such issues. In addition, Combustion Engineering will maintain an updated checklist which. identifies outstanding issues and the future chapter (s) in which resolution is anticipated. This checklist will be available to the NRC Project Manager.
(4) Each draft SER will contain a target schedule for closing outstanding SER issues that is compatible with the target date for the FDA.
r .-
~
-. 5. 'O ACRS PARTICIPATION w_
One step in the design review of a standard plant is the independent-review by the Advisory Committee on Reactor Safeguards (ACRS).
Periodic reviews-will address the safety aspects of-the design changes and/or design enhancements on matters selected by the ACRS.
The NRC' Staff will keep the ACRS informed on the progress of the
-review and'will schedule meetings with the ACRS, as appropriate.
16 -
4 6.0 SEVERE ACCIDENT ISSUES 6.1 IntroducTT6n' Severe accident issues are addressed in 10 CFR Part 52 and in the Severe f.ccident Policy Statement.
Part 52 was published April 18, 1989 (54 FR 15372) with an effective date of May 18, 1989. This rule covers early site permits, standard design certifications, and combined licenses. Requirements for applications for design certification are covered in Paragraph 52.47 and supporting information will be provided by Combustion Engineering in CESSAR-DC. ,
On August 8, 1985, the Commission issued a policy statement on l
severe accidents (50 FR 37138, " Policy Statement on Severe Reactor Accidents Regarding future Designs and Existing Plants"). The policy statement provides general criteria and procedures for the ,
licensing of new plants and for the systematic examination of l existing plants, The Commission encouraged the development of new designs that might realize safety improvements and stated that the Commission intended to take all reasonable steps to reduce the chances ci occurrence of a severe accident and to mitigate the consequences of such an accident, should one occur.
The following subsections describe the approach to meeting certain requirements of 10 CFR Part 52.
6.2 TMI Requirements for New Mants Co'nbustion Engineering will comply with all regulations applicable to the System 80 Standard Design including those listed in 10 CFR Part 50.34(f) or will provide information to support an alternate approach, consistent with 10 CFR Part 50.12.
6.3 Resolution of USIs and GSIs The basis for identifying USIs and GSIs is described in Section 4 and the process for developing the resolution of USIs and GSIs is provided in Appendix A. The list of USIs and GSIs applicable to the System 80+ design is also provided in Appendix A. That list will be l revised, if necessary, c.uring the development of the CESSAR-DC writeups which document implementation of USI and GSI resolutions.
6.4 ProbabilisUc Risk Assessment l
The process of preparing and using the System 80+ Standard Design PRA is provided in Appendix B. The process for review of degraded core issues, which are factored into the PRA, is described in Appendix C.
6.5 Severe Accident performance Goals This subsection describes the goals for severe accident performance criteria. These goals are consistent with the guidance of the NRC's l Severe Accident and Safety Goal Policy Statements.
6.5.1 P"evention of Core Damace 1
For the System 80+ PRA, Combustion Engineering has adopted the following criteria for potential severe core damage.
A potential for severe core damage shall be assumed to exist if and only if both of the following have occurred:
I (A) The collapsed level in the RCS has decreased such that active fuel in the core has been uncovered; and, (B) A temperature of 22000 F or higher is reached in any node of the core as defined in a realistic thermal-hydraulic calculation.
1 18 -
L _-- _ - _ - _ _ _ _ _ _ _ _ _ _ _ _ _ .
1.-
If the above criteria for potential severe. core damage are exceeded, predictions of actual core damage and resulting radioactive releases will $e caiculated using the MAAP code. Review of the MAAP code, however, may not be necessary.since the staff can apply its own MELCOR and Source Term Code Package ($TCP)l codes in its evrlvation.
The staff will review PAAP analyses and comparisons to other codes in order to assess the acceptability of conclusions based on MAAP.
As indicated in Appendix C, the initial analyses will be dcne with RAAP-3B and final analyses will be performe~d using the new improved -
MAAP-DOE code.
-The above criteria are consistent with the EPRI definition provided-in Section 1.2 of the EPRI~ALWR Requirements Document. It is Combustion Engineering's goal that the estimated mean annual core damage frequency (including both internal and external events) will
> be less than 1.0E-5 events per reactor-year.
It-is Combustion Engineering's goal that no containment failure modes shall exist that lead to offsite doses in excess of 25 rem with a mean frequency greater than 1.0E-6 events per reactor-year.
With regard to meteorology, the methods and assumptions employed in the analysis of environmental transport consequences (plume size / wind direction / wind speed / wind shift probability / adverse or expected weather), population distribution (probability of individual seeing plume / location of individual (s) during release),
and time of exposure will be consistent with the guidance found in NUREG/CR-2300, dated January, 1983, and NUREG/CR-2815, dated August, 1985.
/
. 6.5.2- Mitication of Core Damace The containment is one' of the principal barriers to the release of radioactivity. Consistent with this defense-in-depth principle, the System 80+ design will provide protection against containment failure in the event of a release of radioactivity to the containment atmosphere.
The expected containment design features will include:
- a. a large dry steel containment (the System 80+ containment has an ultimate strength which is approximately four times the design strength -- best-estimate calculations show actual failure at a pressure of 220 psig vs. a design pressure of 53 psig),
- b. measures to reduce the probability of early containment failure, including the safety-grade Containment Spray System and the safety-grade Safety Depressurization System,
- c. a conservative design basis accident (guiilotine pipe break),
- d. severe accident hydrogen control,
- e. an in-containment refueling water storage tank for scrubbing .
radioactivity out of reacto-coolant-system releases and for providing a reliable source of water for flooding the reactor cavity,
- f. reliable containment heat removal rystems, (e.g., the non-safety-grade Containment Cooling and Ventilation and Normal Chilled Water Systems and the safety-grade Containment Spray System), and
- t. -_ _ . - _ . _ - - - . - - - _ _ _ _ - - _ _ . _ _ _ _ _ _ _ _ - - _ - _ _ _ _ - - - _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ - - _ _ _ _ _
L I
- g. consideration of' severe accidents in the design of the reactor vessel cavity configuration, including entrainment of a.
e-%
hypothetical molten core.
During NRC staff review of.the Syctem 80+ design, the approa*.n for demonstrating containment integrity under severe accident conditions l
may be revised or supplemented. Initial expectation:s, however, are that containment integrity will be demonstrated based on the probabilistic reliability approach summarized below.
l Any quantitative reliability prediction of the containment function most be stated together with the corresponding definition of the methodology used in that prediction. The reliability of containment performance, in the context of the EPRI ALWR Requirements Document, is embodied in the PRA goals of (1) a mean core damage frequency of -
less than 1.0E-5 events per reactor-year and (2) a mean frequency for occurrence of doses greater than 25 rem beyond a one-half mile radius from the reactor of less than 1.0E-6 events per reactor-year.
i Combustion Engineering believes that the above criteri& are appropriate for evaluating the protection of the health and safety of the public with respect to severe accidents and that it is inappropriate to specify a specific containment performance goal in the context of the above PRA goals.
Nonetheless, the robust containment design selected for System 80+
permits Combustion Engineering to state its expectations for containment performance,I based on the following definitions:
Based on methodology comistent with the EPRI PRA Key Assumptions and Groundrules Cocument (Appendix A to Volume 2, Chapter I of the EPRI ALWR Requirements Document).
21 -
(1) " Credible core damage sequences" is' defined as;all core damage
~
event sequences with a frequency greater than 1.0E-6 per
~
reactor-year. External events wnich would cause both core damage and concurrently fail the containment and which have a l frequency of less than 1.0E 5 per reactor-year will not. be considered in this evaluation.
.(2) " Containment failure" is defined as a post-core-damage release resulting in a dose greater than 25 rem beyond one-half mile !
from the reactor.
Based on the above, the System 80+ containment design is expected to be such that the containment conditional failure probability, when weighted over credible core damage sequences, will be less than one in ten (1.0E-1), consistent with the EPRI PRA goals listed above.
6.5.3 Offsite Consequences of Severe Accidents Combustion Engineering has adopted the following large-offsite-release design goal for the System 80+ Standard Design.
In the event of a severe accident, the dose beyond a one-half mile radius from the reactor shall not exceed 25 rem. The mean frequency of occurrence for higher offsite doses shall be less than once per million reactor-years, considering both internal and external events.
An industry effort, sponsored by EPRI, has evaluated the guidance of the Safety Goal and Severe Accident Policy Statements and documented a quantitative design goal for addressing the portion of these policies dealing with large radioactive releases resulting from a 3 severe core accident (Chapter 1 of the EPRI ALWR Requirements Document). The Combustion Engineering design goal is consistent with the EPRI design goal. )
4
w Probabilistic Risk Assessment (PRA). using mean values, will be used by Combustion Engineering to demonstrate that the System 80+
Standard Design achieves these design goals. The System 80+ tevel L III PRA will'be performed by modifying and extending the baseline R
System 80 PRA. The accident sequences to be quantitatively
- evaluated will be of the type and number listed in Tables 7.2-1 to 7.2 9 of the baseline PRA report [ Enclosure to Letter, LD-88-008, A.
E. Scherer (C-E) to G. S. Vissing (NRC), dated January 22,1988].
That report also provides detailed descriptions of the system i modeling methods, analysis ground rules, and computer co#,s that H were used (Section 2.0). The PRA evaluation process for the System 80+ Standard Design will be similar to that described'in the baseline PRA report and will be summarized in Appendix B-of CESSAR-DC. The final PRA will reflect only the final System 80+
design and any assumptions or methods carried over from the baseline PRA will be fully applicable to the System 80+ PRA.
External events will be considered in the System 80+ PRA. There is an Advanced Reactor Severe Accident Program (ARSAP) task to identify the degree to which each external event category should be quantitatively evaluated in the System 80+ PRA. Combustion Engineering is adopting the ARSAP results and any resulting restrictions on site selection will be placed in Chapter 2 of CESSAR-DC.
Sabotage is considered in the design by identifying these design features which minimize the potential for sabotage (see Appendix A to Chapter 13 of CESSAR-DC). In particular, Combustion Engineering uses physical separation of safety trains as well as existing nuclear security design practices to minimize the risk of sabotage.
Combustion Engineering will also address all appropriate NRC guidance. Sabotage will not, however, be addressed quantitatively in the System 80+ PRA.
In summ:;ry, the use of PRA, in conjunction with industry and NRC guidance, will determine whether t'he Combustion Engineering design goals for severe accidents have been achieved.
[;; ,
L m, .
-7.0 OTHER SPECIFIC ISSUES The following subsections identify other specific issues (and the-l; general approach to their resolution) which are identified in NRC i regulations, guidance, or pr,licy statements or which are of special interest to NRC Staff.
L ,
7.1 Physical Security and Sabotaae The System 80+ Standard Design is being developed in accordance with all current NRC regulations and guidance regarding the physical' -f security of nuclear power plants and the prevention of sabotage. -In addition, a spe;;ial program to identify both existing and new design fertures for sabotage protection was completed and results are summarized in CiSU R DC (Chapter 13, Appendix A).
The basis for NRC guidance will be as defined in 10 CFR 73.55,
" Requirements for Physical Protection of Licensed Activities in Nuclear Power Reactors Against Radiological Sabotage," and other-applicable portions of 10 CFR 73. It is intended that the final design be sufficiently complete to allow the development of a comprehensive security plan that will ensure that the safety of the as-built facility will continue to be accurately described by the certified design.
CESSAR-DC will include enough information to ensure the existence of adequate physical barriers to protect vital equipment in accordance with 10 CFR 73.55(c), " Physical Barriers," and to identify access control points to all vital areas in accordance with 10 CFR 73.55(d), " Access Requirements." CESSAR-DC will also include a summary of insider / outsider sabotage scenarios and design features to provide sabotage protection (Appendix A to Chapter 13).
1 4 .
,g Due to site-specific and operation-specific features, CESSAR-DC will not injgall details required by 10 CFR 73.55. Any design interface requirements or inputs to site development or plant operation will, however, be itientified in CESSAR-DC. Examples of such site-specific or operation-specific items.in'10 CFR 73.55 are:
! ,(1). Physical Security (2) Access Requirements (3) Detection Aids (4) Communication Requirements (5) Testing and Maintenance (6) Response Requirements As described in-CESSAR-DC, Appendix A to Chapter 13, physical features are being provided for the prevention and mitigation of sabotage. These will include aspects of sccurity design identified in 10 CFR 73.55, the Standard Review Plan (Section 13.6), and other NRC reports (e.g., SAND 82-7053 and NUREG/CR-2585). The sabotage protection criteria and program results are summarized in CESSAR-DC.
7.2 Site Envelope Parameters The System 80+ Standard Design is based on assumed site-related parameters, to be discussed in CESSAR-DC, that were selected so as to be applicable to the majority of potential nuclear power plant ,
sites in the United States. The site envelope parameters for the System 80+ design are presented in Chapter 2 of CESSAR-DC.
7.3 Completeness of Desien Documentation Consistent with the requirements of 10 CFR Part 52, CESSAR-DC will define the major design components and include the results of sufficient engineering to identify, as appropriate:
- a. design basis criteria
- b. analysis and design methods
- c. functional design and physical arrangement of systems 25 -
_ _ _ _ _ _ _ _ _ _ _ _ - - - - - _ _ - - _ _ _ _ _ _ ___ - - - - - - - - - - . _ - - - . - - - - - . -- -- -a
i plant physical arrangements sufficient to accommodate systems {
d.
and components
- e. functional and/or performance specifications for components and materials sufficiently detailed to become a part of. associated procurement specifications
- f. acceptance / test requirements 1
- g. risk assessment methodology Consistent with 10 CFR 52.47(a)(2), design documentation supporting CESSAR-DC and available for NRC audit should include, as appropriate:
- a. design basis criteria I
- b. plant general arrangements of structures and components, including piping system layouts
- c. process and instrumentation diagrams, electrical system layouts, and major conduit and cable tray layouts
- d. control logic diagrams
- e. system functional descriptions and supporting studies and analyses.
- f. sufficient detail to permit preparation of component and procurement specifications, including acceptance criteria and test requirements
- g. sufficient detail to permit preparation of construction /
t installation specifications, including acceptance criteria and i -- test requirements
- h. program for the assurance of quality ;
- i. design-related aspects for the emergency plans
- j. supporting design documentation such as site envelope data and calculations sufficient to support the level of design detail noted above i
- k. design-related aspects of the physical security program
- 1. ALARA/ radiation protection plan I
- m. accident analyses
- n. technical specifications {
1 o, probabilistic risk assessment
g 4 l.
In a limited number of cases where detailed design information is not' available, .information on methods', procedures, and acceptance-criteriawillbeprovided. Combustion' Engineering will also define-those' related tests, inspections, analysis,'and acceptance criteria-that are necessary to assure that the design is properly implemented in the plant. These tests; inspections, analysis, and acceptance-criteria are intended to be implemented and verified in a series of reviews by the applicant during construction and pre-operation. .The:
NRC' Staff will monitor. the performance of these reviews and i
implementation of'the design through its inspection program.
l-
- 7.4 - Procram for the Assurance of Ouality in Desion The Combustion Engineering-Quality Assurance Program is described in topical report CENPD-210, Revision 5, " Quality Assurance Program".
Supplemental information is provided in Chapter 17 of CESSAR-DC.
Combustion Engineering will submit justification, acceptable to the NRC Staff,'for any deviations from Appendix B of 10 CFR 50.
7.5 Instrumentation and Controls l The standards and criteria used by Combustion Engineering in the design of Instrumentation and Control Systems and used by the Staff in the review of these systems are addressed in Chapters 7 and 18 of CESSAR-DC. Detailed design descriptions are also presented therein.
7.6 Maintenance. Surveillance. end Reliability The development of a detailed design implementation document and technical specifications, supplemented by an evaluation of PRA results, will ensure that sufficient maintenance guidance will be made available to the utility applicant. This documentation will allow the development of a comprehensive maintenance program that will ensure that the safety of the as-bulit facility will continue to be accurately described by the certified design.
The proposed Technical Specification.:s will be developed as early as practicable and will be. submitted for review and approval by the StaffDrt of the CESSAR-DC submittal. The Technical Specification.s will be developed based upon risk and reliability considerations. These Technical Specifications will be included in
.the Design Certification process. Combustion Engineering will identify (in CESSAR-DC) design features that are necessary for testing and maintenance during operation without challenging' safety systems.
l Certification of a design will be based in part upon a Probabilistic Risk Assessment (PRA) of that design. In that the validity of a PRA is highly dependent on the reliability of systems, structure , and components, the staff requires assurance that programs will be implemented which will ensure that the reliability of those systems, structures, and components (assumed in analyses) will be maintained throughout plant life. Therefore, a program to assure design reliability will be provided as part of the FDA review. This program will be reviewed as part of the Combustion Engineering Design Certification Program and will include items such as (1) the Technical Specific'ations and ISI/IST, (2) the maintenance guidelines, (3) procedure guidelines, and (4) security guidelines.
7.7 Safety Goal Policy Statement On August 4 and 21, 1986, the Commission published a Policy Statement on " Safety Goals for the Operation of Nuclear Power Plants" (51 FR 28044 and 51 FR 30028). This policy statement focuses on the risks to the public from nuclear power plant operations. Its objective is to establish goals that broadly define an acceptable level of radiological risk.
Combustion Engineering will comply with those implementation requirements that are developed by the NRC which are applicable to the System 80+ Standard Design. Combustion Engineering will apply the severe accident performance go'als of Section 6.5 during the design and analysis of the System 80+ Standard Design.
.. J '
! 'q'
?"
7.8 '10 CFR Part 52 The System 80+ Design Certification Program will be conducted in accordance with the Commission's regulations, including 10 CFR Part 52.
7.9 Sixty-Year Life The staff will review the System 80+ design for a 60-year life notwithstanding the fact that a 40-year license term limitation is presently in the regulations. Combustion Engineering will identify .
the components and systems which are affected. CESSAR-DC will contain information to support the review for a 60-year design life including information on fatigue, corrosion, and thermal aging. As a result of its review, _the NRC staff may identify additional information ne-assary to support a 60-year design life.
7.30 Fire Protection Improved fire protection criteria will be implemented for the System 80+ Standard Design. The current Branch Technical Position 9.5-1 guidance (e.g., 20 ft. separation) will be supplemented by a criterion for safe shutdown capability in the event of a complete loss of any fire area, assuming that re-entry into the fire area is not possible (except for the containment, where physical separation will be maximized to the extent practical). Additional review criteria will be provided through NRC questions.
Fire protection for control room shutdown capability is provided by independent alternate shutdown capability that is physically and electrically independent of the control room. Fire protection for redundant shutdown systems in the Reactor Containment Building will ensure, to as great an extent as possible, that one shutdown division will be free of fire damage. Consideration will be given for safety-grade provisions for the fire protection systems to ;
ensure that the remaining shutdown capabilities are protected. In
L p.
c.
addition, it will be demonstrated that smoke, hot gases, or the ' fire L suppressant will not migrate into other fire areas to the extent
" that safe shutdown capabilities, including operator actions, could be adversely affected.
7.11 Station Blackout i
The System 80+ Standard Design includes improved design features and
- electrical systems to ensure a safe shutdown of the reactor. These improvements are summarized below:
(1) One turbine-driven emergency feedwater pump is included for each steam generator. (These are in addition to the two motor-driven emergency feedwater pumps.) In previous designs one turbine-driven pump was shared by both steam generators.
(2) Each of the four safety-related instrument channels has a battery backup. In addition, Class IE Electrical Divisions I and II, which include the two emergency diesei generators, have their own batteries.
(3) The design has full load rejection capability.and the capability to subsequently provide electrical power from the turbine generator.
(4) An alternate source of AC power which is diverse from the safety-grade emergency diesels is included (this alternate AC j source is expected to be a control-grade gas turbine). This AC f source has its own battery.
7.12 Leak-Before-Break Leak-before-break can be considered where justified. Improved design features (described in CESSAR-DC) ensure that steam generator <
1
s
... m tube integrity will be maintained. Also, CESSAR-DC addresses the issue of material embrittlement associated with reactor vessel material and supports.
A revised regulation (i.e., Genera 1' Design Criterion 4, effective
-November 27,1987) and draft SRP.Section 3.6.3'have been' issued.
The' System 80+ Standard Design addresses and meets the rule and the intent of the SRP.
7.13 Source Term i
The NRC staff will use the licensing basis source term " TID 14844" for the review of the System 80+ safety analysis. With EPRI input, realistic source terms will be established to be applied to the PRAs and severe accident evaluations for future ALWRs, including the System 80+' Standard Design. If NRC staff and EPRI-agree that the realistic source terms can also be applied to safety analysis, Combustion Engineering will perform the safety analysis accordingly.
7.14 Doerational Basis Earthouake The staff agrees that the OBE should not control the design of safety systems, which now occurs when 10 CFR 100, Appendix A, is applied. The System 80+ design will be consistent with the EPRI
' ALWR Requirements Document with respect to definition of OBE, SSE, and analysis methodology. It is expected that the OBE will be less than one-half of the SSE, which is a departure from 10 CFR 100, Appendix A. The NRC staff has agreed to consider an exemption from the regulations for the System 80+ Standard Design as part of the review of CESSAR-DC.
7.15 Tvoe C Containment Leak Rate ,
Containment leakage is acknowledged by the staff as being a function of containment pressure. This pressure-dependence will be reflected in predictions of leak rate for the System 80+ containment.
l
l L ,
l-7.16 Hydrocen Generation p .
l l
- 1. CombuftttH' engineering will provide information to justify a System 80+ containment design consistent with the EPRI ALWR Requirements Document and NRC Staff review thereof. That information will O include justification for the assumed extent of metal-water reaction l and the allowable maximum hydrogen concentration.
l 7.17 Severe Accident Containment Vents Combustion Engineering will ensure that the System 80+ containment L
design. includes the capability to add containment vents at a future time. This approach is in compliance with current regulations l [50.34(f)(3)(iv)). NRC Staff will then review System 80+ severe accident issues including containment overpressure analysis and, based thereon, will determine if there is a need for special containment vents.
7.18 Mid-looo Operations l
This issue addresses the potential loss of decay heat removal capability when the reactor is shut down for refueling or maintenance and the reactor coolant system is drained to the "mid-loop" level with the reactor vessel head still on the reactor vessel. The phenomenon of concern is a buildup of pressure in the reactor vessel and hot leg which could result after a loss of decay heat removal capability. This pressure buildup could cause a rapid loss of coolant inventory if there is an opening in the cold leg (e.g., during reactor coolant pump repair). Combustion Engineering will specifically address this issue through analysts and consideration of specific design features and/or operational restrictions which would resolve the root cause of concern (e.g., a vent path to preclude pressure buildup above the core during '
mid-loop conditions).
1 I
b i
e..
7.19 Interfacing System LOCA i s 7
An Interfacing System LOCA is a loss of primary coolant outside-
! containment via a. system which interfaces with the RCS and for which.
the pressure boundary is outside containment. The.. interfacing system LOCA-is presumed to result.from exposing low pressure piping of the interfacing system to full primary system p'ressure' due to failure of multiple pressure barrier. valves.
The most significant interfacing system LOCAs would occur in the safety injection and shutdown cooling systems since these systems L have the largest pipe sizes for interfacing systems. In the development of the System 80+ Standard Design the probability of an interfacing system LOCA was decreased significantly by eliminating the low-pressure safety injection system and by increasing the design pressure of the shutdown cooling system from 650 psi to 900 psi. . With this higher design pressure, the shutdown cooling system is expected to maintain its integrity even when exposed to full
-reactor coolant system pressure.
In addition.to the above design improvements, interfacing system LOCAs are included in the Probabilistic Risk Assessment for the System 80+ design. As expected, results to date indicate that interfacing system LOCAs provide only a minor contribution to the core damage frequency (i.e., a contribution of approximately 3.0E-9 relative to the core damage frequency goal of 1.0E-5).
-7.20 Anticipated Transients Without Scram (ATWS)
The System 80+ Standard Design includes a new control grade system to address the requirements of the ATWS Rule (10 CFR 50.62). The new system is the Alternate Protection System (APS). The APS includes an Alternate Reactor Trip Signal and an Alternate Feedwater Actuation Signal which are separate and diverse from the safety grade reactor trip system. The APS, therefore, addresses both the prevention and mitigation requirements of the ATWS Rule.
l
f
. .7.21 Electrical System Desian i
TheSy$ tem 80+StandardDesignwouldbeconnectedtoaswitchyard and to the transmission system via two separate and independent transmission lines. The generator circuit' breaker, along with the unit main transformers, allows one of these lines not only to supply power to the. transmission system during_ normal operation, but also to serve as an immediate available source of preferred onsite power.
The other separate transmission line is connected, via the switchyard and a standby auxiliary transformer, to provide an independent second immediate source of offsite power to the onsite power distribution system for safety and permanent.non-safety loads.
The onsite power system for the System 80+ Standard Design consists of the main generator, the generator circuit breaker, unit main transformers, two unit auxiliary transformers, one standby auxiliary transformer, two safety-grade diesel generators,-a control grade alternste AC source, the batteri.es, and the auxiliary power system.
The Class 1E safety loads are divided into two redundant and independent load group Divisions I and II. Each Load Division is capable of being supplied power from the following sources (listed in decreasing order of priority):
A. Unit Main Turbine Generator B. Unit Main Transformers (Offsite Preferred Bus-1)
C. Standby Auxiliary Transformer (Offsita Preferred Bus-2)
D. Emergency Diesel Generators E. Alternate AC Source (diverse from the diesel generators)
If the unit main generator, both the offsite power sources, and the diesel generators are all unavailable, either one of the Safety Divisions may be powered from the Alternate AC Source.
A detailed description of the electrical power system is presented in Chapter 8 of CESSAR-DC.
l 7.22 Dearaded Core Behavior The System 80+ Standard Design includes design features to both prevent and mitigate the effects of a degraded core.. The' main new prevention feature is lhe Safety Depressurization System for reactor coolant system depressurization. This system when used in conjunction with the Safety Injection System,.provides a backup to the Shutdown Cooling. System to decrease the probability of core damage. The Safety Depressurization System also minimizes the possibility of core ejection (from the vessel) under high-pressure conditions.
The System 80+ reactor vessel cavity design includes two. basic features to mitigate the effects of a degraded core ejected from the 2
reactor vessel. First,.a large floor area (0.02 m /MWt) enhances debris dispersal and coolability. The second feature is an indirect (labyrinthine) cavity vent path, including a debris collection
- ' chamber, which is configured to tra'p solid core debris and minimize direct containment heating.
The reactor vessel cavity configuration is shown in the containment layout drawings in Section 1.2 of CESSAR-DC.
~~
~~*.~g --
--.--.-,,-.__,...y,.
. i 1
APPENDIX A Combustion Engineering Design Certification Program Process for Resolution of Unresolved and Generic Safety Issues as Required by 10 CFR Part 52
~
4 l
A-1
I. Overview of Process for'Repolution of USIs and GSIs~
~ -
One of tne majo'r. goals of Combustion Engineering's Design l
Certification Program is io' develop and obtain NRC certification of a standard design (the System 80+E Standard Design) which meets the requirements of 10 CFR Part 52. In order to comply, technical resolution of all applicable Unresolved Safety Issues (USIs) and i Medium- and High-Priority Generic Safety Issues (GSIs) must be l
demonstrated for the System 80+ Standard Design.
Combustion Engineering will integrate input from related industry programs (e.g., the EPRI Regulatory Stabilization Program) and implement resolutions to the USIs and GSIs for the System 80+
Standard Design. A summary of the acceptance criteria and design features'for resolution of the USIs and GSIs will-be provided in an appendix to Combustion Engineering's Standard Safety Analysis Report
- Design Certification (CESSAR-DC). It is anticipated that Combustion Engineering will provide the NRC Staff with the information necessary to close out all applicable review issues so
.that a Design Certification rulemaking can be concluded without open issues or conditions.
II. Identification of Issues Aeolicable to the System 80+ Standard Desion A total of 734 USIs and GSIs are identified in "a Prioritization of Generic Safety Issues" (NUREG-0933), along with a summary of the status of each issue. The EPRI Regulatory Stabilization Program reviewed all USIs and GSIs and identified, as of July 1, 1986, 386 "Not Applicable" issuet (see NUREG-1197). {
The remainder, 348 issues, were considered to be " Applicable
- to the design of Advanced Light Water Reactors. Further review was performed to determine the subset of issues applicable to the System 80+ Standard Design. An issue was eliminated for System 80+ if it met one of the following criteria: )
.A-2 l
l
- ' ~ ~ - - - , , , _ , , , , _ _
._.-.m_.___
L' p '..-
L- .,
- 1. The-issue is prioritized in NUREG-0933 as DROPPED or LOW, or-the issue has not yet been prioritized.
.i.
- 3. The issue was classified as a DROP-issue'in the EPRI~ Regulatory Stabilization Prograc.
- 4. The issue meets one of the criteria used in the EPRI Regulatory Stabilization Program for identifying "Not Applicable" issues (see NUREG-1197).
- 5. The issue is " resolved" in NUREG-0933 with no new requirements or guidance and with no reference to old requirements or guidance.
The resulting list of issues is presented on the following pages.
~
As implementation of these issues progresses, including NRC review, the list of issues for the System 80+ design may be revised. New USIs and GSIs will be addressed through the " question and answer" process. An up-to-date listing will be available to the NRC Project Manager at all times.
III. Acceptance Criteria for Resolution of USis and GSIs In order to implement the applicable USIs and GSIs, proposed acceptance criteria must first be documented (by either the NRC or by an applicant). Then, the implementation into the design must be proposed and reviewed by NRC Staff. Combustion Engineering will evaluate input from various sources (described below) and each applicable safety issue will be implemented and documented on the CESSAR-DC docket. Some issues have already been resolved (i.e.,
criteria defined) by the NRC and -in these cases- Combustion Engineering will implement, to the maximum extent possible, the NRC's proposed resolutions. If, however, some revisions are necessary, Combustion Engineering will propose alternate criteria appropriate for the System 80+ Standard Design.
A-3
~~
'j? .J .
~
Acceptance criteria for some issues have not yet been identified.
For these issues which are applicable to' System 80+, Combustion Engine 5riniwill review results of the EPRI Regulatory Stabilization Program and DOE's Advanced Reactor Severe Accident Program-(ARSAP).
To the maximum extent practical, results-from these programs will be-implemented for the System 80+ Standard Design. Combustion.
Engineering will.also monitor and use, to the extent practical,.the.
.c information provided by the NRC via the Generic' Issue Management Control System (GIMCS).
The EPRI Regulatory Stabilization Program is developing Topic Papers on proposed acceptance criteria for resolution of the more significant USIs and GSIs'which are applicable to Advanced LWR designs. The primary purpose of these Topic' Papers ~is to document criteria for resalution of applicable issues and incorporate NRC comments. The Combustion Engineering Design Certification Program-will address and resolve the USIs and GSIs via design features which
~
are expectad to be consistent with the criteria in the Topic Papers.
In this way, the issues can be closed out based on documented criteria which have been reviewed by the NRC.
Topic Papers will also be generated in the ARSAP to address severe accident issues. ARSAP staff have reviewed current information related to severe accidents to identify a composite list of related issues for which Topic Papers will be produced. Some of these Topic Papers may also be applicable to resolution of the USIs and GSIs which must be resolved for the System 80+ Standard Design. For these particular USIs and GSIs, Combustion Engineering will integrate input from the DOE ARSAP and present the proposed acceptance criteria and resolutions to the NRC for review and comments.
There may be some USIs and GSIs, however, for which Topic Papers or other documented resolutions are not available from either the EPRI Regulatory Stabilization Program, the DOE ARSAP, or from the NRC.
I A4
( .
m 4
For these USIs and GSIs, Combustion _ Engineering will. develop acceptange_ criteria and resolutions specific to the System 80+
Standard Design 'and will obtain NRC approval through documentation in CESSAR-DC.
IV. NRC Review Process and Documentation Proposed acceptance criteria and design features'for resolution of applicable USIs and GSIs will be documented by_ Combustion-Engineering in Appendix A to CESSAR-DC. The NRC will review this appendix and Combustion Engineering will provide any additional information necessary for preliminary NRC concurrence. Final NRC appro' val of the proposed resolutions will occur as part of the Design Certification rulemaking. Combustion Engineering will provide sufficient information in CESSAR-DC so that the appendix can serve as the primary documentation of acceptance criteria for USIs and GSIs during NRC Staff and ACRS reviews.
The NRC-will review the acceptance criteria and proposed resolutions to specific USIs and GSIs on a schedule consistent with NRC review for the Final Design Approval. The schedule for the Final Design Approval is provided in Section 2 of this Licensing Review Basis document.
NRC review results will be documented in draf.t Safety Evalu'ation Reports (SERs). The draft SERs will address the acceptance criteria 4 for the USIs and GSIs, as well as the resolutions (design features) proposed for the System 80+ Standard Design. NRC's preliminary concurrence with the acceptance criteria and resolutions will be l provided in the draft SERs. The draft SERs will be finalized when all CESSAR-DC chapters have been submitted and an integrated review has been completed by the NRC Staff.
A-5 l
-mmmmmm__ _ _ __2_-_-___.c____.__._--________ ___a.__u_.-.__- - _ _ _a w.-__ .._-_____-a__-_..m.___ -
F o
' re
. n V. Summary i
CombusEionEngineering'sDesignCertificationProgramfor.theSystem 80+' Standard Design will resolve all applicable USIs and GSIs, as reautred.by 10 CFR Part S2.- Input from related industry programs
'and existing NRC' documentation will be reviewed and' integrated in
. order to identify acceptance criteria for resolution of the USIs and GSIs.
The resolution of USIs and GSIs for System 80+ will be based primarily on acceptance criteria from EPRI ALWR and DOE ARSAP Topic Papers and from existing NRC documentation. Combustion Engineering will integrate these inputs and develop additional criteria,_ if and -
where necessary. Documentation of the' acceptance criteria and proposed design features for resolution of all applicable USIs and GSIs will be provided in Appendix A to CESSAR-DC. Combustion Engineering will provide whatever information is necessary to close the USIs and GSIs for the System.80+ Standard Design. NRC's preliminary concurrence with the acceptance criteria and proposed resolutions will be documented in the CESSAR-DC draft Safety Evaluation Reports.
I 4
A-6
- g. , _ . . ___.
yj ,,,.
g '
P go:No. 1:
r* :07/24/89' LIST OF UNRESOLVED SAFETY ISSUES AND
- HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE' l: , e' m THE SYSTEM.80+ STANDARD. DESIGN ISSUE -
ISSUE NUMBER ISSUE TITLE TYPE i:
1'
'003. '
. SETPOINT DRIFT IN GSI INSTRUMENTATION; 014 PWR. PIPE _ CRACKS GSI 015- RADIATION EFFECTS ON REACTOR , GSI VISSEL' SUPPORTS 022 . INADVERTENT BORON DILUTION. GSI' EVENTS 023 - REACTOR COOLANT PUMP SEAL- GSI FAILURES
, 029 BOLTING DEGRADATION OR GSI
- i. .- FAILURES IN NUCLEAR PIANTS l
L- 036' LOSS OF SERVICE WATER GSI l
045- INOPERABILITY OF INSTRUMENTS - GSI DUE TO-EXTREME COLD WEATHER l
048 LCO'FOR CLASS 1E VITAL GSI l: INSTRUMENT BUSES IN OPERATING L REACTORS 049 INTERLOCKS AND LCOs FOR GSI REDUNDANT CLASS 1E TIE BREAKER 051 PROPOSED REQUIREMENTS FOR GSI IMPROVING RELIABILITY OF OPEN CYCLE SERVICE WATER SYSTEMS
'057 EFFECTS OF FIRE PROTECTION GSI i SYSTEM ACTUATION ON SAFETY l- RELATED EQUIPMENT l 064 IDENTIFICATION OF PROTECTION GSI l-SYSTEM INSTRUMENT SENSING l
LINES l
l
- b. ,
4-f !
-m=m - . . . . , . _
h_4-_.-e_---_m______mm_.___--.-_,_-.__m __-_m.-_-_m _ . _ . . _ . , _ _ _ - _ .___m- _ _ - - __--._...---__..__._..-m.. _ _ _ . __m.____. ..__.-_-_._____ . _ _ _ _ .__ _
Mj_. . ,
7, 9P3g3:.NO. :-2' l 73n 07/24/89:
l '
LIST OF UNRESOLVED: SAFETY ISSUES AND.
- l-
- HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE-e .TO THE SYSTEM 80+ STANDARD. DESIGN.
i.
ISSUE ISSUE
- NUMBER ISSUE' TITLE TYPE
-066 STEAM GENERATOR REQUIREMENTS GSI
' ~
070~ 'PORV AND-BLOCK VALVE GSI RELIABILITY 075' GENERIC IMPLICATIONS OF'ATWS GSI EVENTS AT SALEM - . OPERATIONAL.
QA PROGRAMS 079 UNANALYZED REACTOR VESSEL GSI THERMAL STRESS- DURING NATURAL:
CONVECTION COOLDOWN
'082 'BEYOND DESIGN' BASES ACCIDENTS GSI' IN SPENT FUEL POOLS 083 CONTROL ~ ROOM HABITABILITY GSI-093- STEAM BINDING OF AUXILIARY GSI FEEDWATER PUMPS 094 ADDITIONAL LTOP FOR LIGHT 'GSI' WATER REACTORS ~
'099 RCS/RHR SUCTION LINE GSI INTERLOCKS ON PWRS 103 DESIGN FOR PROBABLE MAXIMUM GSI PRECIPITATION' i 105 INTERFACING SYSTEMS LOCA AT GSI LWRS 106 PIPING AND USE OF HIGHLY GSI COMBUSTIBLE GASES IN VITAL AREAS -- FIRE PROTECTION 119.1 PIPE RUPTURE REQUIREMENTS GSI/RI
- 119.2 PIPE DAMPING VALUES GSI/RI
. .- .- . - . ~ . . -
__u _m_______.__ __._____________._.________..________.___________m _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ . _ _ _ _ _ _ _ _ _ _ - - _ _ _ _ _ - _ _ _ _ _ . - _ _ _ _ _ - _ _ . _ _ . . _ - _ _ . _ . - _ _ -
}:
l *
~
! - :P:g3 N3.. 3'
. 07/24/89 LIST OF UNRESOLVED SAFETY ISSUES AND-
'HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE e - M THE SYSTEM 80+ STANDARD DESIGN r ISSUE ISSUE L NUMBER ISSUE TITLE TYPE i
I 119.3 DECOUPLING OBE FROM SSE GSI/RI 119.5 LEAK DETECTION REQUIREMENTS GSI/RI 122.2 INITIATING FEED AND BLEED GSI 124 AUXILIARY FEIDWATER SYSTEM- GSI RELIABILITY 125.I.03 SPDS AVAILABILITY GSI 125.II.07 REEVALUATE PROVISION TO GSI
. AUTOMATICALLY ISOLATE
'FEEDWATER FROM STEAM GENERATOR DURING LINE BREAK 128 ELECTRICAL POWER RELIABILITY GSI 130 ESSENTIAL SERVICE WATER PUMP GSI FAILURES AT MULTIPLANT SITES 135 INTEGRATED STEAM GENERATOR GSI ISSUES A-01 WATER HAMMER USI A-02 ASYMMETRIC BLOWDOWN LOADS ON USI RCS A-04 C-E STEAM GENERATOR TUBE USI INTEGRITY A-09 ATWS USI A-11 REACTOR VESSEL MATERIAL USI TOUGHNESS A-12 FRACTURE TOUGHNESS OF S.G. & USI RCP SUPPORTS A-13 SNUBBER OPERABILITY ASSURANCE GSI
- l q
A',<
0 .P'Lgi No.., 4
' }07/24/89-
- LIST OF' UNRESOLVED SAFETY ISSUES AND HIGH/ MEDIUM PRIORITY GENERIC: ISSUES-APPLICABLE 1 * ^^ THE SYSTEM 80+ STANDARD DESI",N ISSUE. - ISSUE NUMBER. ISSUE TITLE '
~ TYPE e ..
A ' '
PRIMARY COOLANT SYSTEM GSI DECONTAMINATION AND STEAM GENERATOR CHEMICAL' CLEANING A-17 ' SYSTEMS INTERACTION USI A-24 QUALIFICATION OF. CLASS 1E USI'
. SAFETY RELATED. EQUIPMENT
- A-25~ NON-SAFETY LOADS ON CLASS 1E GSI POWER SOURCES-A-26 REACTOR VESSEL PRESSURE. - USI TRANSIENT PROTECTION A-29 PLANT DESIGN FOR REDUCTION OF GSI VULNERABILITY TO SABOTAGE.
A-30 ADEQUACY OF SAFETY RELATED DC USI POWER SUPPLYS A-31 RER' SHUTDOWN REQUIREMENTS USI A-35 AtEQUACY-OF OFFSITE POWER GSI SYSTEMS A-36 CONTROL OF HEAVY LOADS NEAR USI SPENT FUEL A-43 CONTAINMENT EMERGENCY SUMP USI PERFORMANCE A-44 STATION BLACKOUT USI A-45 SHUTDOWN DECAY HEAT REMOVAL USI REQUIREMENTS:
A-47 SAFETY IMPLICATIONS OF CONTROL USI SYSTEMS A-49 PRESSURIZED THERMAL SHOCK USI
-____-_u__- . _ -_ _ - __n______am _ - - _ _ __-____m---
'j -
L,
- g. P ga l No. ; .5.
07/24/89
['-
LIST'OF. UNRESOLVED SAFETY ISSUES.AND l
HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE I- & - M THE SYSTEM 80+ STANDARD DESIGN ISSUE: ' ISSUE NUMBERL ISSUE TITLE TYPE.
B-05 -
~
DUCTILITY OF TWO-WAY SLABS &' GSI SHELLS -- STEEL CONTAINMENTS P
B-36 DEV. DESIGN, TEST, MAINT. GSI-CRIT.FOR ATMOSPHERE CLEANUP.
SYSTEM AIR FILTRAT. AND ABSORPTION UNITS.....
B-53 LOAD BREAK SWITCH GSI B-56 ,
DIESEL GENERATOR RELIABILITY GSI-B-58 -PASSIVE MECHANICAL FAILURES GSI B-60 LOOSE PARTS' MONITORING SYSTEM' GSI B-61 ALLOWABLE.ECCS EQUIPMENT GSI OUTAGE PERIODS B-63 ISOLATION OF LOW PRESSURE GSI SYSTEMS CONNECTED TO THE REACTOR COOLANT PRESSURE BOUNDARY B-66 CONTROL ROOM INFILTRATION GSI MEASUREMENTS C-01 ASSURANCE OF CONTINUOUS LONG GSI '
TERM CAPABILITY OF HERMETIC
~
SEALS ON INSTRUMENTATION AND ELECT. EQUIP.
C-02 STUDY OF CONTAINMENT GSI DEPRESSURIZATION BY
. INADVERTENT SPRAY OPERATION C-04 STATISTICAL METHODS FOR ECCS GSI/RI ANALYSIS C-05 DECAY HEAT UPDATE GSI/RI 8 - - - - _ _ - . _ - . _ _ _ _ - _ _ . _ _ . _ _ _ -_ *
~ '
P g3 No.. 6.
.. 07/24/89 LIST'OF UNRESOLVED SAFETY ISSUES'AND -
.. -HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE
& - *^ THE SYSTEM 80+ STANDARD DESIGN ISSUE ISSUE
-WUMBER - ISSUE TITLE TYPE.
. ~C-06 LOCA HEAT SOURCES GSI/RI C-10 . EFFECTIVE OPERATION OF GSI CONTAINMENT SPRAYS IN A LOCA C-12 PRIMARY SYSTEM VIBRATION , GSI ,
ASSESSMINT l HF 1.3.4a HUMAN FACTORS PROGRAM PLAN - GSI MAN MACHINE INTERFACE - LOCAL CONTROL STATIONS HF I.3.4b HUMAN FACTORS PROGRAM PIAN - GSI MAN MACHINE INTERFACE.- l ANNUNCIATORS j
, i HF 1.3.4c HUMAN FACTORS PROGRAM PLAN - GSI MAN MACHINE INTERTACE'-
OPERATIONAL AIDS HF 1.3.4d HUMAN FACTORS PROGRAM PLAN - GSI MAN MACHINE INTERFACE -
AUTOMATION AND ARTIFICIAL INTELLIGENCE ,
i HF 1.3.4e HUMAN FACTORS PROGRAM PLAN - GSI -l MAN MACHINE INTERFACE - l COMPUTERS AND COMPUTER '
DISPLAYS HF 5.1 ICCAL CONTR.0L STATIONS GSI HF 5.2 REVIEW CRITERIA FOR HUMAN GSI {
FACTORS ASPECTS OF ADVANCED l I&C i
HF 8.0 MAINTENANCE AND SURVEILLANCE GSI PROGRAM l l
'I.C.1 SHORT TERM ACCIDENT ANALYSIS GSI AND PROOEDURES REVISION !
? i
- h. _ - _ _ _ _ _ _ _ __ ___.__--.__a_ m.____. ________m __.______m___ m_ _ _ . - _ _ _ . _ _ _ _ _ _ . _ . . . _ _ __.m._. _m__ ..__ _ . _ _
p .
a .
Pag 3 No. -7 07/24/89
~
LIST OF UNRESOLVED SAFETY ISSUES AND l HIGH/ MEDIUM PRIORITY GENERIC. ISSUES APPLICABLE THE SYSTEM 80+ STANDARD DESIGN l
ISSUE' IS3UE
-NUMBER- ISSUE TITLE TYPE I '. D. 2 ,
, CONTROL ROOM DESIGN REVIEWS -- GSI/TMI PLANT SAFETY PARAMETER DISPLAY CONSOLE I.D.3 CONTROL' ROOM' DESIGN -- SAFETY GSI/TMI
, SYSTEM STATUS MONITORING .
I.D.4 CONTROL ROOM DESIGN STANDARD GSI I.D.5 -(1) CONTROL ROOM DESIGN -- GSI IMPROVED INSTRUMENTATION RESEARCH ALARMS AND DISPLAYS I.D.5 (2) CONTROL ROOM DESIGN -- GSI IMPROVED INSTRUMENTATION RESEARCH "
I.D.5 (3) CONTROL ROOM DESIGN -- GSI ON-LINE REACTOR SURWILLANCE SYSTEMS I.D.5 (4) CONTROL ROOM DESIGN -e GSI IMPROVED INSTRUMENTATION RESEARCH ~
I.F.1 QUALITY ASSURANCE - EXPAND GSI QUALITY ASSURANCE LIST FOR EQUIPMENT IMPORTANT TO SAFETY I.F.2 (2) QUALITY ASSURANCE -- GSI/TMI DEVEI4P MORE DETAILED CRITERIA I.F.2 (3) QUALITY ASSURANCE -- GSI/TMI-DEVELOP MORE DEIAINLED CRITERIA I.F.2 (6) QUALITY ASSURANCE -- GSI DEVELOP MORE DETAILED QA CRITERIA b
o
, m-Page No. . 8 07/24/B9
~
LIST OF UNRESOLVED SAFETY ISSUES AND HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE W e THE SYSTEM 80+ STANDARD DESIGN ,
L ISSUE ISSUE.
' NUMBER ISSUE TITLE TYPE l
T.T.2 , (9) QUALITY ASSURANCE -- GSI DEVELOP MORE DETAILED QA CRITERIA II.B.1 SATETY REVIEW CONSIDERATION -- GSI/TMI REACTOR COOIANT SYSTEM VENTS II.B.2 SATETY REVIEW CONSIDERATION -- GSI/TMI PLANT SHIELDING TO PROVIDE POST ACCIDENT ACCESS TO VITAL AREAS II.B.3 SATETY REVIEW CONSIDERATION -- GSI/TMI POST ACCIDENT SAMPLING SYSTEM RELIABILITY ENGINEERING II.C.4 . GSI/TMI II.D.1 COOLANT SYSTEM VALVES -- GSI/TMI TESTING REQUIREMENTS II.D.3 COOLANT SYSTEM VALVES -- VALVE GSI/TMI POSITION INDICATION II.E.1.1 AUXILIARY TIEDWATER SYSTEM GSI/TMI EVALUATION II.E.1.2 AUXILIARY TEEDWATER SYSTEM GSI/TMI AUTOMATIC INITIATION AND TLOW INDICATION II.E.4.1 CONTAINMENT DESIGN -- GSI DEDICATED PENETRATIONS II.E.4.2 CONTAINMENT DESIGN -- GSI/TMI ISOLATION DEPENDABILITY II.E.4.4 (1-5) CONTAINMENT DESIGN -- GSI/TMI PURGING II.T.1 (1-6) ADDITIONAL ACCIDENT GSI/TMI MONITORING INSTRUMENTATION 1-_-___-___---__ _ - . _ _ _ - ___ _ - _ _ _ _ _ . _ _ _
n .
F;ga Ns. . 9
. ;07/24/89 LIST OF UNRESOLVED SAFETY ISSUES AND-HIGH/ MEDIUM PRIORITY GENERIC ISSUES APPLICABLE
, & ^^ THE SYSTEM 80+-STANDARD DESIGN ISSUE ISSUE NUMBER ISSUE TITLE' TYPE II.F.2 IDENTIFICATION AND RECOVERY GSI/TMI FROM CONDITIONS LEADIN3 TO INADEQUATE CORE COOLING II.F.3 INSTRUMENTATION FOR MONITORING GSI/TMI ACCIDENT CONDITIONS ~
'II.G.1 POWER SUFPLIES FOR PRESSURIZER GSI/TMI RELIEF VALVES, BLOCK VALVES, AND LEVEL INDICATORS II.K.1 - ( 4 c , 4 b , 5 a , 6, 9 ,10,14 ,15,16, 2 6, 2 GSI 7,28) MEASURES TO MITIGATE SMALL BREAK LOCA'S & IDSS OF FW ACCIDENTS '
. IE BULLETINS II.K.3- (5,6,8,25,30,31,54,55) FINAL GSI/TMI
' RECOMMENDATIONS OF B&O TASK FORCE TO MITIGATE ACCIDENTS III.D.3.3- (1-4) IN-PLANT RADIATION GSI/TMI MONITORING III.D.3.4 (1-2) CONTROL ROOM GSI HABITABILITY 121 HYDROGEN CONTROL FOR LARGE, GSI DRY PWR CONTAINMENTS A-48 HYDROGIN COMTROL, MEASURES & USI EFFECTS OF HYDROGEN BURNS f
D - ___ ___ __
APPEN0 0 Combustion Engineering Design Certification Program Process for Probabilistic Risk Assessment as Required by 10 CFR Part 52 O
l l
l B-1 h.h-m.._...___ m
y
?' ~.
I 1.- Overview of Process for Probabilistic Risk Assessment of System 80+'
One of the requirements of 10 CFR Part 52 is that a Probabilistic Risk Assessment (PRA) must be performed for all future plants. To address these requirements, a System 80+ Standard Design Level III PRA is being performed.
The System 80+ Standard Design PRA has two p-imary purposes. The first purpose is to identify (1) the dominant contributors to severe accident risk and (2) the accident sequences which are-insignificant. The second purpose is to provide an an.alytical tool for evaluating the impact of design modifications on core damage probability and the overall risk to the health and safety of the public.
-This PRA is performed in two phases. In the first phase, Event Trees and Fault Tree Models were developed for the current System 80 standardized design. These models were used to establish a baseline core damage frequency and to determine the dominant core damage contributors for the current System 80 design. In this phase, the System 80 design was evaluated using generic reliability data.
The second phase is an' interactive process in which these models will be modified to reflect system design enhancements proposed for the System 80+ Standard Design. The resulting models will be fully applicable to the System 80+ design. The models are being evaluated - - _
to determine the impact of the design enhancements on core damage frequency and dominant ccre damage contributors. These impacts will be reviewed and other design enhancements will be considered as appropriate to achieve the overall safety goals.
1 i
B-2 l
1
~ ~
_ _ . _ . . _ _ . . _ l Lili__.___ _ __._ l
l;
~
C ,
~
(
[.
~
Phase One: Baseline System 80 PRA i
r The ba elbe System 80 core damage frequency calculation'is a level I PRA that addresses internal events only during full power operation. This PRA included the identification and quantification of accident sequences attributable to internal initiators.which led to core damage. While the Balance of Plant (BOP) systems are outside of the System 80 NSSS scope, information on certain BOP p
systems was required in order to thoroughly evaluate the performance of the NSSS Systems. Where such information was required, functional system designs which meet CESSAR-F interfage requirements-and are censistent with support system. configurations used in recent vintage Combustion Engineering plants were used in the analyses.
Phase Two: System 80+ PRA As the System 80 design evolves into the System 80+ Standard Design, the baseline PRA will also evolve so as to provide input to the many design decisions that will be made. Based on the results of the baseline PRA, initial system reliability targets will be established and potential system weak links will be identified.
Recognizing that some s'ystem reliability targets will be more difficult or expensive to meet than others, trade-offs will be called for and the evolving PRA will serve as a valuable method to monitor the current status of the design with respect to reliability and risk goals. These goals include reliability goals from Standard Review Plans, large-release frequency goals from the Safety Goal Policy Statement and EPRI ALWR Program core melt frequency objectives.
The baseline PRA will identify dominant accident sequences. The System 80+ Standard Design development effort will then be able to focus on improving the reliability of systems or equipment involved B-3
- - ~ ~ - -
________--T--. .~
.ir, the dominant sequences. As design im;rovements are adopted, the PRA eqdels_will be updated. All models in the final PRA will be applicable to the System 80+ design.
The final PRA for the System 80+ Standard Design will include all of the design modifications that are implemented as a part of the Design Certification Program. Additionally, with support from the DOE Advanced Reactor Severe Accident Program (AR, SAP), the PRA will be upgraded to a tevel III PRA and the limiting external events will be addressed. The Level III PRA will include the following elements:
(1) An analysis of the plant design and operation focused on the accident sequences that could lead to a core melt, their basic causes, and their frequencies (2) An analysis of the physical processes of the accident sequences and the response of the containment (3) An analysis of the transport of radionuclides to the environment and an assessment of potential public health consequences (i.e., dose as a function of distance).
II. Acceotance Criteria and Methodoloov for PRA As stated in Section I, the objectives of PRA analyses are to calculate a a seline core damage frequency for a System 80 plant, to determine the dominant core damage contributors and to assess potential areas for design improvements in the System 80+ Standard Design and to document the System 80+ Standard Design PRA. These analyses are equivalent to the Probabilistic Safety Analysis (PSA) e described in the PSA Procedures Guide (NUREG/CR-2815). The methods employed in this analysis are consistent with methods outlined in the PSA Procedures Guide and methods described in the PRA Procedures B-4
e' Guide (NUREG/CR-2300). This work will use the small event-tree /1_arga fault tree approach. Figure B-1 shows the major tasks in this analysis. ' The following sections describe each of these tasks and associated methodology.
- Plant Familiarization The objective of this task is to (1) collect the information necessary for identification of appropriate initiating events, (2) determine the success criteria for the front line systems required to prevent or mitigate the transients and accidents and (3) identify the dependence between the front line systems and the support systems which are required for proper functioning of the front line systems. This task is primarily an information gathering task.
The information collected in this task includes design information, operational information and information on plant responses to transients, CESSAR-F will be used to provide information on the design of systems within the basic NSSS scope and interface requirements for the support systems. Where additional design detail is needed for support systems, typical system designs will be generated based on support system designs described in the FSARs of recent vintage C-E plants with similar NSSS designs.
Operator actions during plant transients will be evaluated and established basd on C-E's Emergency Procedure Guidelines and discussions with licensed operators in C E's Training Department and at an operati$g System 80 plant. Surveillance requirements and operability definitions will be derived from C-E's Standard Technical Specifications and, where more specific detail is needed, from System 80 plant specific Technical Specifications. Maintenance information, where needed, will be based on common industry practices.
B-5 J_ - -_ _ _
~~
I i
- I l
J 1
r
- j l i I
1 Y ^^-
C Ebe u -
i
- w 0$m 1
ac j u -
d L l
m
= E
- w - 4 E W C y 3 W ==*
c e-C ta g
= h== G w W g, .- === to W toe a== m 4 to g ( l M
M E.
w e
one e
(
>=
C C
W K J L di J lI E -
.C o 6 9
- w
= v -
E -
h- <
w .m
~g a >-
== == ..
W W
5 L-!
-w _
- a.
.e a
gr .
p ,
C@ -
L L 1 E
>=
k 2
s A a'a
.J i
m l
B-6 ;
- ~. --- _ . _ . . . _ . . , . _ _
The Reactor Safety Study (WASH 1400), several other published PRA studies, and the IDCOR IPE Procedures Guide will also be reviewed as
~
part of the pla'nt familiarization task, The objectives of these reviews are to provide a broad overview of areas to be addressed in this analysis and to identify potential problem' areas..
Accident Secuence Definition The objective of this task is to qualitatively identify those accident sequences which lead to core melt / core damage. This will be accomplished using event tree analysis. Event tree analysis involves defining a set of initiating events and constructing a set of system event trees which relate plant system responses to each defined initiating event. Each system event tree represents a distinct set of system accident sequences, each of which consists of an initiating event and a combination of various system successes and failures that lead to an identifiable plant state. Procedures for developing system event trees are described in detail in the PRA' Procedures Guide. For this analysis, the small event tree /large fault tree approach will be used. In this approach, only the front line systems which respond to mitigate an accident or transient will be addressed on the event tree. The impact of the support systems is addressed within the fault tree models for the front line systems.
A Master Logic Diagram (MLD) will be constructed to guide the selection and grouping of the initiating events. An MLD is essentially a top level tree in which the general conditions that could lead to the top level event are deductively determined. For this analysis, the top event on the MLD is defined to be "offsite release" even though the scope of the analysis is limited to identifying core damage frequency and dominant contributors. This is to ensure completeness and to facilitate later extension of this analysis, i
B-7 'l l
System Modelina Quantifica5 Ion of the system accident sequences' requires knowledge of the failure probability or frequency of occurrence for each element of the system accident sequence. The initiating event frequency and.the probability of failure for a system accident sequence element involving the failure of a single component can be l quantified directly from the appropriate raw data. However, if the system accident sequence element represents a specific failure rode for a system or subsystem, a fault tree model of the system or subsystem will be constructed and quantified to obtain the desired failure probability.
The evaluation of each fault tree yields both qualitative and quantitative information. The quantitative evaluation of the fault trees yields several numerical measures of a system failure probability, two of which are typically employed in the event tree quantification (i.e., the unavailability and unreliability).
The unavailability is the probability that a system will not respond when demanded. The unreliM+ility is the probability that a system will fail (at least once) during a given required operating period.
The unreliability is us' ually added to the unavailability when the system accident sequence element represents the failure of a' standby system to actuate and then run for a specified period of time.
-..e.
Two types of human failures will be included in the fault tree analyses. They are " pre-ex'. sting maintenance errors" and failures of the operator to respond to various demands. Pre-existing maintenance errors are undetected errors committed since the last periodic test of a standby system. An example of this type of error is the failure to reopen a mini-flow valve which was closed for maintenance. A failure of the operator to respond includes the failure of the operator to perform a required function at all or to perform it correctiy, An example of this type of error is the failure of the operator to back-up the automatic actuation of a safety system.
B-8
' - - - - - - - - _ _ - _ ___.-___._.m_ m _
For the System 80+ PRA, failure of the operator to respond to -
Variog demands,where there was a time constraint will be quantified using the Human Cognitive Reliabi'ity Model. The human cognitive reliability model is a set of tine dependent functions which describe the probability of a crew response in performing a task'.
The human cognitive reliability model permits the analyst' to predict the. cognitive reliability associated with a non-response for a given task or. series of related tasks, once'the dominant type of cognitive processing (skill-based, rule-based or knowledge-based), the medium response time for the task or tasks under nominal conditions and performance shaping factors such as stress levels or environment are identified. The inherent time dependence in this model makes it ideal for. evaluating operator responses during a transient. The failure probability for " pre-existing maintenance errors" will be quantified using the Handbook of Human Reliability Analysis. The Handbook of Human Reliability Analysis is an extension of the human reliability analysis methodology developed for WASH-1400, the Reactor Safety Study, and is intended to provide methods, models and estimated human error probabilities to enable analysts to make quantitative or qualitative assessments of the occurrence of human errors that affect the availability or operational reliability of engineered safety systems and components. The emphasis is on tasks addressed in the Reactor Safety Study, calibration, maintenance and selected control room tasks related to engineered safety features availability. It is the best available source for evaluating human performance with respect to maintenance, calibration, testing and other tasks performed during normal plant operation. However, the time dependent model is not as thorough and explicit as that provided by the human cognitive reliability model.
For the System 80+ PRA, the small ever.t tree /large fault tree l approach has been selected. The event trees developed for this PRA l will address the response of the front line systems, that is, those systems directly involved in mitigating the various initiating events. The impact of the support, systems will be modeled within B-9
' ~ ~~ ~
9 a the front line system models. CESSAR-F contains interface requirements for the support systems but does not contain any support system configurations or schematics. Therefore, in order to develop the support system models, representative support system configurations will be developed using the CESSAR-F interface-requirements, support system configurations for System 80 plants and the typical system configurations in the Nuclear Plant Reliability
. Data System (NPRDS) Reportable Scope Manual for Combustion -
Engineering designed plants.
Once the baseline PRA models are established, they will be' used in the reliability assurance program mentioned above. The models will identify where improvements are needed to assure reliability,' risk, and core melt frequency goals are met. If system designs evolve, for example, from two-train to four-train systems, the system models will be revised in order to provide an up-to-date assessment of where the design stands compared to the goals and to identify potential areas for improvement.. As the system descriptions in.
CESSAR DC are developed, and as additional requirements from the EPRI ALWR Requirements Document are adopted, the system models will l be updated to reflect those requirements. The System Reliability Models that result from this process will form the heart of the final System 80+ Standard Design PRA.
Data Assessment Reliability data are needed for the quantification of the system fault trees and the system accident sequences which result in severe core damage. The data needed for this quantification include:
- 1. initiating event frequencies,
- 2. component failure rates (demand and time-dependent),
- 3. component repair times and maintenance frequencies, )
- 4. common cause failure rates, l B-10 1
I
4.
e-
.- 5. human' failure probabilities,
- 6. tpecial event probabilities (e.g., restoration of offsite power),
and -
- 7. error tactors for the items above.
Because the analysis is for a new design (System 80+), generic (industry-wide)- reliability data will be used in this analysis.
[The System 80+ design, when completed and implemented, will meet or exceed these generic reliability data.) The basic initiating event frequencies will be extracted from the PSA Procedure Guide, EPRI NP-2230 and the.NREP Generic Data Base. .The initiating event .
frequencies in the Zion PRA, the Oconee PRA and the Calvert Cliffs .f IREP Report as well as those in NUREG/CR-4550 will also be considered. l Accident Secuence Ouantification The basic objective of this analysis is to model baseline core damage frequency once for a System 80 plant and then again for the System 80+ Standard Des'ign. The total core damage frequency, due to internal events, is the sum of the frequencies of the system level accident sequence frequencies for those accident sequences which result in core damage.
The system level accident sequences leading to core damage will be ,
identified using event tree analysis. Each system level accident sequence will consist of an initiating event and one or more q additional elements, each representing either a front line system failure or a special event such as failure to restore offsite power within a given time or the most reactive rod sticking out of the core. The frequency for the system level accident sequence will be determined by quantifying the individual elements in the sequence and then combining the results in the appropriate manner. The frequencies for the initiating events and the.special events are j directly calculable, j l
l B-11
~ '-
C_~1 - - _ _ _ _ _
]
L:
The front line system. failure probabilities will be calculated in L the baseline analysis using conditioned fault tree analysis. In the L System 80+ itan'dard Design PRA, only fault tree linking will be used (i.e., the conditioned fault tree analysis in the baseline PRA l, will not be used). The first step in this process will be to construct a fault tree model for each front line system that appeared as an element in a system accident sequence. The models will include submodels for the appropriate support systems.
l The next step will be to perform a baseline quantification of each fault tree using generic failure rates. For those front line systems appearing in the LOCA or steam line break sequences, base line quantifications will be made with and without offsite power.
This quantification provides a list of cutsets, the system unreliability and the system unavailability for each front line system. This quantification will be performed using CEREC, a fault tree analysis computer code. The third step in this process is to identify common elements in fault tree models appearing in any given event sequence and to calculate conditional failure probabilities for these elements.
After all the conditioned component failure rates are calculated, the system fault trees'will be requantified using the appropriate conditioned component failure rates, thus yielding a set of system failure probabilities specific to the initiating event classes.
The final step in the quantification of the core damage frequency is to solve each system accident sequence equation using the appropriate initiating event, special event and system failure probabilities. .This will be done using CESAM, a Monte Carlo sampling code for equation solving.
l B'-12
m --- _-
J-
,4; Radionuclides Release and Transoort-The evaluation [of environmental radionuclides releases that' result from severely degraded core accidents will involve five elements:
~ 1; Radionuclides and structural material inventories;
- 2. Radionuclides and structural material source term from the core; 3 Transport, deposition, and release in the primary system; 4 Transport, deposition, and release in the containment; and,
- . Transport outside the containment.
The analysis will proceed in a sequential manner, starting with the radionuclides and structural material inventories. This will involve the determination of the quantities of radionuclides and structural materials that are present at the beginning of an accident. The next step will be the evaluation of the radionuclides and structural material source term from the core. - This will entail the determination of the quantities of radionuclides and structural materials released from the core to the primary system or to the containment. (Direct releases of radionuclides and structural materials from the corium--the melted core and structural materials--to the containment can occur in meltdown accidents after the pressure vessel has melted through and the corium is interacting
. with the concrete basemat.) This source term will then be used in the analysis of radionuclides transport, deposition, and release in the primary system. The analysis will consider the various deposition processes that can occur in the primary system. The result will be the source term for release from the primary system to the containment; it is used in the analysis of transport, deposition, and release in the containment. This analysis will take account of the various deposition processes that can occur in the l
l- containment, and it will determine the quantities of radionuclides released from the containment to the environment. The computer code CRAC-II will be used to compute the potential consequences of fission product release (i.e., dose as a function of distance).
l 1
B-13 M
( :. ,
' III. NRC Review Process and Documentation The.Syhtem80+StandardDesignProbabilisticRiskAssessmentwillbe documented in an appendix to CESSAR-DC according to the schedule in-Section 2 of this document. In the meantime, however, Combustion Engineering will apprise the.NRC and obtain feedback on the System 80+ Standard Design PRA via meetings and questions and responses.
The purpose of these early interactions is to provide continuous NRC comments as the System 80+ Standard Design PRA is developed.
Emphasis will be placed'on establishing NRC criteria for acceptance of the. System 80+ PRA. .
Combustion Engineering will document, in the CESSAR-DC 3ppendix or.
references to that appendix, all acceptance criteria and descriptive
~
information necessary to obtain NRC concurrence on the System 80+
Standard Design PRA. NRC concurrence on the CESSAR-DC PRA will be provided in the Safety Evaluation Report.
1 I
. )
, B-14
---__.__m.--_ - . . _ - _ _ _ _
.a _:
.-- t i:- -
~
- 1. ...
- s. f
- APPENDIX C-i.
CombustionEngineeringDesignCertificationProgramf-1
- Process for Degraded Core Evaluation Consistent with the Severe-Accident' Policy
-Statement L
9 4
0 C-1 ,
i l
~ ' ' ' ~ ' ' ' '
__.__._u_u__________ . _ _ _ . _ _ _ _ _ _ _ _ _ _ . . _ _ _ , _ _ _ _ _ _ _ = _ _ _ _ _ _ __ _
)
f i': Y 1- I ~. Overview of Process-for Decraded Core Evaluation H
The Severe Accident Policy Statement recommends that the design bases for future plants' include consideration of both prevention and mitigation of degraded core accidents, using an evaluation approach based on deterministic engineering analysis'and judgment'and complemented by a Probabilistic Risk Assessment (PRA). Combustion Engineering, with support from the DOE Advanced Reactor Severe Accident Program (ARSAP) and the EPRI ALWR Requirements Document program, will implement design features to prevent and mitigate degraded core conditions and will include degraded core evaluation
.in the design and PRA'of the System 80+ Standard. Design. The' proposed approach for this evaluation is to identify the severe accident issues applicable to the System 80+ Standard Design, to develop design features for resolution of those issues, and to include these design features in the System 80+ PRA.
II. Method of Evaluation ARSAP has identified severe accident issues on the basis of results of'the Industry Degraded Core Rulemaking (IDCOR) Program and all available research related to severe accidents. These issues will be addressed in Topic Papers which document technical information on the subject issues and propose criteria for resolution of those issues. The Topic Papers have been divided by ARSAP into s'ix ,
categories corresponding to subject area and sequer.ce of preparation. Table C-I provides a list of the issues that are included in each category. Topic Papers will be reviewed, prior to submittal to the NRC, by an Industry Technical Advisory Group organized by ARSAP.
Issues will also be addressed by implementing design features for the prevention and mitigation of degraded core conditions. These features will be described in detail in CESSAR-DC, and they are summarized in Section 7 of this Licensing Review Basis Document C-2
p j{
~
u
{ .;
l y
s
- (e.g.,. Sections' 7.11, 7.17, and 7.22). The resolution of issues-for thy System 80+ Standard Design will be substantiated, as
{
L required, by plant' specific evaluations.
Combustion Engineering and ARSAP have chosen the Modular Accident Analysis Program (MAAP) Version 38 as the methodology for deterministic analysis of the System 80+ Standard Design to support resolution of severe accident issues. MAAP-3B will be revised to include model improvements resulting from ARSAP activities.; The improved version of MAAP, called MAAP-DOE, will be used in the final-evaluation of the System 80+ Standard Design. Severe, accidents that are found to occur at a frequency below a cut-off of 1 x 10-8 per reactor year will not be analyzed. MAAP-DOE will be utilized for
- design-specific analyses of accident initiation, progression, and containment response. It is a best-estimate, method which uses a modular format for modeling plant systems and for predicting a quantified' release of radioactive materials from containment corresponding to different postulated accident sequences. It will also be used in sensitivity analyses to investigate the effectiveness of alternative design features for. the mitigation of degraded core accidents.
It should be emphasized here that NRC approval of the MAAP code is not required. Technical disagreements between the MAAP-DOE results and NRC methods will be addressed on a case-by-case basis (a proposed process for NRC review of MAAP-DOE is the subject of Topic Paper 5.3).
C-3 W'e~-
-->s- ~___ _ _ _ _ _ _
L 7
' ... I&SLL.G-1 v - .. .
LISTING 0F ARSAP TOPIC PAPERS Set 1 RESOLVED IDCOR/NRC ISSUES - APPLICABILITY TO ALWRS o Reactor coolant system natural circulation' (IDCOR Issue 2) o In-vessel steam explosions and alpha mode failure (IDCOR Issue 7) o Ex-vessel heat transfer models from molten core to concrete (IDCOR Issue 10) o Fission product release prior to vessel failure (IDCOR Issue 1) o Release model for control rod materials (IDCOR Issue 3)-
o . Fission product and aerosol deposition'in primary-system (IDCOR 1 Issue 4) o Ex-vessel fission product release (during core-concrete interactions) (IDCOR Issue 9) o Fission product and aerosol. deposition in containment (IDCOR Issue 12) o Revaporization of fission products (IDCOR Issue 11) o Secondary containment performance (IDCOR Issue 16) o Modeling of emergency response (IDCOR Issue 14)-
Set 2 PLANT RESPONSE UNDER SEVERE ACCIDENT CONDITIONS o In-vessel hydrogen generation (IDCOR Issue 5) (
o Core melt progression and vessel failure (IDCOR Issue 6) o Direct containment heating by ejected core materials (IDCOR i Issue 8) o Containment performance (capability, failure modes, isolation, bypass) (IDCOR Issue 15) 1 o Hydrogen ignition and burning (IDCOR Issue 17) o Debris coolability (IDCOR Issue 10)
C-4
~
~ ~
~ ~ ~ ~~~ ~ ~'~
.a.
A
,'# TABLE C-1 (Cont'd) e _ ,
I LISTING 0F ARSAP TOPIC PAPERS-Set 3 PROBABILISTIC METHODS
,o External events o Success criteria and mission time l o Accident' sequence selection Set 4 SEVERE ACCIDENT PERFORMANCE .
o Essential equipment performance (IDCOR Issue 18)
Set 5 SAFETY G0AL EVALUATION o Safety goal implementation - interpretation of goals and usage of PRA results in comparison with goals, including interpretation of uncertainties o Uncertainties in plant risk analysis o MAAP acceptance - consensus on severe accident analysis capability Set 6 SEVLRE ACCIDENT MANAGEMENT o Severe accident management program i
b l
C-5
_ _ _ _ _ _ _ = = = = - --
=--- , - - - - - - --
s
.. 3 i o A j i
( III. . Guidelines for Deoraded Core Evaluation ;
e-- . -k The resolution of severe accident issues documented in Topic Pape'rs /
is consistent with NRC guidance on implementation of the Severe i
Accident Policy Statement and with the NRC Safety Goal Policy Statement. The Safety Goal Policy Statement includes the general performance guideline that the overall mean frequency of large releases of radioactive material to the environment as a result of reactor. accidents should be less than 10-6 per year of reactor operation. Procedural criteria for degraded core evaluations are expected to be issued in future regulatory documentation. The following criteria are currently proposed by the NRC staff:
- the evaluation should use realistic prediction of radioactive material releases commensurate with the event;
- - the more likely of severe accidents nsed.s to be considered in the design and licensing of the plant:
- evaluation of severe accident consequences does not need to use conservative engineering practice common for design basis events;
- consequences of more likely severe accidents should not represent a threat to the public; and, ,
- extremely unlikely events need not be considered in computing consequences, but should be assured of extremely low probability of occurrence.
C-6
f.
tr
- r.
N'. .
c a., IV. NRC Review Process
~
The proposed resolutions of severe accident issues for the System 80+ Standard Design have teen documented in Topic Papers.and'
' submitted for NRC review.' Design features for prevention and mitigation of degraded core conditions will be described in CESSAR-DC. The NRC Staff will' provide interim guidance as to the
~ ^
appropriateness of each resoiution submitted for the. System 80+
design. It is pvssible that 4.he NRC Staff may desire additional information,-including results of deterministic analyses for degraded core accidents, to support their review.
NRC review results will be documented, following completion of the initial review, resulting in reso?ution of the issue or agreement on an achievable pathway for resolution. The documentation will address the acceptability of resolutions for severe accident issues,
, including criteria. applied for the System 80+ Standard Design and methods of evaluation.
V. Summary The System 80+ Standard Design degraded core. evaluation will address severe accident issues applicable to advanceo pressurized water reactors. The resolution of severe accident 1.ssues will be based on the recommendation to demonstrate safety accepti.bility in compliance with the NRC Severe Accident and Safety Goal Poli;y Statements.
Combustion Engineering will propose System 80+ des!gn features and criteria for resolution of severe accident issues. The NRC Staff will provide guidance on the appropriateness of the proposed resolution and will request additional information, as required, sufficient for resolution of each issue.
k
?
I C-7
, .