ML20247K332

From kanterella
Revision as of 17:56, 8 March 2021 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Safety Evaluation Accepting ATWS Mitigation Sys,Pending Tech Spec Issue Resolution
ML20247K332
Person / Time
Site: Sequoyah  Tennessee Valley Authority icon.png
Issue date: 09/14/1989
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML20247K319 List:
References
NUDOCS 8909210133
Download: ML20247K332 (8)


Text

- --

c '

j.!rMecg UNITED STATES '

g[4 .

3{.

. NUCLE A'R. REGULATORY COMMISSION WASHINGTON D. C.20555

l pH , r34 ....,/
  • 3 t

ENCLOSURE 4 SAFETY EVALUATION BY THE'0FFICE OF NUCLEAR REACTOR REGULATION i

' COMPLIANCE WITH ATWS RULE 10 CFR 50.62 j

DOCKET NOS. 50-327 AND 50-328

1.0 INTRODUCTION

On July 26, 1984, the Code of Federal Regulations (CFR) was amended to include Section 10 CFR 50.62,:" Requirements for Reduction of Risk From Anticipated  !

Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants" (hereafter known as the ATWS Rule). The requirements of Section 10 CFR 50.62 apply:to all connercial light-water-cooled nuclear power plants including j Sequoyah Nuclear. Plant, Units 1 and 2, which is two Westinghouse pressurized f water reactors.

An' ATWS is an. anticipated operational occurrence, such as loss of feedwater, loss of condenser vacuum, or loss of offsite power, that is accompanied by a failure of the Reactor Trip System (RTS) to shut down the reactor. The ATWS Rule requires specific improvements in the design and operation of commercial nuclear power facilities to recuce the probability of failure to shut down the reactor following anticipated transients ar.d to mitigate the consequences of an ATWS event.

Paragraph (c)(1) of 10 CFR 50.62 specifies the basic ATWS mitigation system requirements for Westinghouse plants. Equipment, diverse from the RTS, is required to initiate the auxiliary feedwater (AFW) system and a turbine trip for ATWS events. In response to Paragraph (c)(1), the Westinghouse Owners Group (WOG) develo circuitry (AMSAC) designs ped a set of conceptual generic ATWS plants.

to Westinghouse mitigating The system actuation WOG issued Westing-house Topical Report WCAP-10858, "AMSAC Generic Design Package", which provided information on the various Westinghouse designs.

The staff reviewed WCAP-10858 and issued a safety evaluation of the subject topical report on July 7,1986 (Reference 1). In this safety evaluation, the staff concluded that the generic designs presented in WCAP-10858 adequately meet the requirements of 10 CFR 50.62. The staff-approved version of the WCAP is labeled WCAP-10858-P-A.

During the course of the staff's review of the proposed AMSAC desigh, the WOG issued Addendum 1 to WCAP-10858-P-A in its letter dated February 26, 1987 (Reference 2). This addendum changed the setpoint of the C-20 AMSAC permissive signal from 70 percent reactor power to 40 percent power. Or August 3, 1987, the WOG issued Revision 1 to WCAP-10858-P-A (Reference 3), which incorporated Addendum 1 changes and provided details on changes associated with a new variable timer and the C-20 time delay. For those plants selecting either the P

e@ 9

^

3 . .

3 .. ~

4.

, feedwater flow or the.feedwater pump / valve status logic option, a variable

" delay timer is to be. incorporated into the AMSAC actuation logics. The varia-p ble. time delay. will- be: inverse to reactor power 'and will approximate the time y

'that- the steam' generator takes' to boil down to the low-low' level setpoint upon a loss of main feedwater (MFW) from any given reactor power level between '40 :

J . percent' a'nd 100 percent power. The time delay on the C-20 permissive' signal l- for all logics will be' lengthened to. incorporate the maximum time that the.

steam generator takes to boil down to the low-lowllevel setpoint upon a loss of MFW with the' reactor operating at 40 percent power. The staff considers the iRevision 1 changes.to be acceptable.

2.0 REVIEW CRITERIA The systems' and equipment required by 10 CFR 50.62 do not have.to meet all of i the requireraents' normally' applied to safetysrelated equipment. However the equipment required by the ATWS Rule should be of sufficient quality and reliability to perfonn its intended function while minimizing the potential for- 'l transients that may challenge-the safety systems'(e.g., inadvertent scrams).

The following review criteria were used to evaluate the licensee's submittals:

1. The ATWS Rule, 10 CFR 50.62.
2. " Considerations Regarding Systems and Equipment Criteria," published

'in the Federal Register Volume 49, No. 124, dated June 26, 1984.

3. Generic Letter 85-06, " Quality Assurance Guidance for ATWS Equipment ,

That Is Not Safety Related."

4. Safety Evaluation of WCAP-10858 (Reference 1).

5.. WCAP-10858-P-A, Revision 1 (Reference 3).

I 3.0 DISCUSSION AND EVAJUATION .l 1

Paragraph (c)(6) of tne ATWS Rule requires that detailed information on each i nuclear power plant to demonstrate compliance with the requirements in the Rule be submitted-to the Director, Office of Nuclear Reactor Regulation (NRR).

In accordance with Paragraph (c)(6) of the ATWS Rule, the Tennessee Valley Authority (TVA, the' licensee) provided information by letter dated February 17, 1987 (Reference 4) on the detailed design description of the ATWS mitigating.

system actuation circuitry proposed for installation at the Sequoyah Nuclear Plant,. Units 1 and 2.

The staff' held a conference call with the licensee on May 10, 1988 to discuss the AMSAC design for Sequoyah. As a result of the conference call, the i licensee res onded to the staff's concerns by letters dated August 23, 1988 {

(Reference 5 and October 25, 1988 (Reference 6) on Sequoyah.

j

i 3

To determine that conditions indicative of an ATWS event are present, the

-licensee has elected to implement the WCAP-10858-P-A AMSAC design associated with monitoring the stcam generator water level and activating the AMSAC when the water level is below the low-low setpoint established for the reactor protection system (RPS). Also, the licensee will implement the new time celay associated with the C-20 permissive, as discussed above, consistent with the requirements of Revision 1 to the WCAP.

Many details and interfaces associated with the implementation of the final AMSAC design are of a plant-specific nature. In its safety evaluation of WCAP-10858. the staff identified 14 key elements that require resolution for each plant design. The following paragraphs provide e discussion on the licensee's compliance at Sequoyah with respect to each of the key elements:

1. - Diversi ty The plant design should include adequate diversity between the AMSAC equipment and the existing RPS equipment. Reasonable equipment diversity, to the extent practicable., is required to minimize the potential for common-cause failure.

The licensee has provided information to confirm that the solid-state RPS logic circuits will be diverse from the relay logic circuits of the AMSAC in the areas of design, equipment, and manufacturing. Where similar components are used, such as output relays, the AMSAC will utilize a relay ,

of a different make and manufacturer. j,

2. Logic Power Supplies Logic power supplies need not be Class IE, but must be capable of performing safety functions upon a loss of offsite power. The logic power must come from a power source that is independent from the RPS power supplies.

The licensee has committed to provide a logic power supply for the Sequoyah AMSAC logic circuits that will provide the maximum available i independence from the RPS power supplies. The AMSAC will be powered from nonsafety-related power supplies capable of operating upon a loss of l offsite power.

3. Safety-Related Interface l

l The implementation of the ATWS Rule shall be such that the existing RPS

l. continues to meet all applicable safety criteria.

The proposed Sequoyah AMSAC design has no safety-related interfaces with the RPS at its input. At its output, the AMSAC will interface with the l

Class IE circuits of the AFW pumps. Connections with these Class lE l

4 9

l 4 )

l circuits will be made through the use of approved Class IE isolation i devices. The licensee has confimed that the existing safety-related

. criteria that are in effect'at the Sequoyah plant will continue to be met after the implementation of AMSAC (i.e., the RPS will continue to perform its safety functions without interference from AMSAC). Refer to Item 9 .

for further discussion on this issue.  !

4. Quality Assurance 1

The licensee is required to provide information regarding compliance with Generic Letter (GL) 85-06, " Quality Assurance for ATWS Equipment That Is Not Safety Related."

The criteria of the NRC quality assurance guidance in GL 85-06 were reviewed by the licensee. The licensee stated that the quality assurance {

practices at the Sequoyah plant, as applicable to nonsafety-related AMSAC equipment, comply with the guidance of GL 85-06.

5. Maintenance Bypasses Information showing how maintenance at power is accomplished should be provided. In addition, maintenance bypass indications should be incor-parated into the continuous indication of bypass status in the control room.

The licensee provided information showing how maintenance will be accomplished at power. The staff was informed that maintenance at power can be performed by placing the appropriate train of equipment into the >

testing mode. The continuous indication of bypass status will be provided {

in the control room through the use of the annunciation system. The licensee has conducted a human-factors review of the bypass indications..

The review satisfies the human-factors guidelines in effect at Sequoyah and conforms to good human engineering practices.

6. Operating Bypasses The operating bypasses should bc indicated continuously in the control [

room. The independence of the C-20 permissive signal should be addressed, The licensee has provided information stating that an AMSAC operating bypass (i.e., C-20 permissive signal) will be provided to defeat the block of the AMSAC system (i.e., am the AMSAC at power levels about 40 percent reactor power, the C-20 setpoint). Upon the loss of the C-20 input --

turbine impulse pressure signal -- the C-20 permissive signal will be maintained by a timer for a period of 360 seconds. This value is speci-l fled in WCAP-10858-P-A, Revision 1. The licensee has detemined that this time delay will be sufficient to ensure that AMSAC will perform its function in the event of a turbine trip (i.e., a loss of load ATWS). The C-20 permissive signal will originate from the first stage turbine impulse i chamber pressure sensors and will be isolated from the RPS by qualified

! Class 1E isolators. The C-20 permissive signal will be processed by the

]

(

h

,y # qm m my .,

Y,, Y' U ~

h ',  %

M c

.' 5Q hk apQ& e n 1

Y Q nix , F M , , L P' n_

Qhhh h?

  • h l- x ,

d:'.

Q ,L 4 ? f_ ,

e M '

AMSAC logic which will;be diverse from
the RPS.. The C-20 bypas's status m3d >will_be continuously 1ndicated:in the control room when the reactorLis:

iabove"the:40% power level. This ir;dication is consistent with-the. human-

,g ' '

. i factors guidelines ~1n,effect at..the Sequoyah plant.

A  ; ,

g a( >

7e Meansvfor- Bypassesi '

LThe'means for[ bypassing'shall be accomplished ' using aEpermanentlyJ -"

_5 Linstalled, human-factored, bypass switch or similar. device. ' Methods for; bypassing; disallowed;in the guidance should not be utilized.

f; J < ' 1 The.: licensee. stated'that bypassing AMSAC during testing and maintenance i ,

, , will: be ' accomplished lwith; a: permanently. installed bypass switch.1The .

y" ' disallowed ^ methods for bypasstng such as lifting leads, pulling fuses.,,

. blocking relays,'or tripping breakers ~will; not be used.D The licensee;has f conducted'a human-factors review,of the controls and annunciators-for.

~

'. bypass. indication. . This review contains- good human-factors . engineering practices and satisfies <the guidelines currently in effect at the.Sequoyah ~

plant. '

- 8. j Manual Initiation n

Manualcinitiation capability of the AMSAC mitigation function must be provided.

The' licensee discussed how manual turbine trip and auxiliary feedwater

, actuation are accomplished by the operator. In sumary, the. operator can use existing manual controls to perform a turbine' trip and to start auxiliary feedwater flow should it be necessary. Thus, no additional manual . initiation capability is. required as a result of installing the-AMSACl equipment at Sequoyah.'.

'9. 'Flectrical Independence From Existing Reactor' Protection. System Independence is required from the sensor output to the final actuation

'n , device, at which point nonsafety-related circuits must be isolated from safety-related circuits by qualified Class IE isolators.

J

The 1icensee discussed how electrical independence is.to be achieved..-The proposed design requires' isolation between the non-Class 1E AMSAC and the Class 1E circuits associated with the AFW pumps. The licensee has
informed the staff that the required isolation will be achieved using electrical.

isolation devices that have been qualified and tested to Class IE electrical equipment requirements. In addition, the isolators were tested as described' E ,

in Appendix A of the staff's Safety Evaluttion dated July 7,1986 (Reference 1) and the isolators are acceptable for use at the Sequoyah 4

EC plant as qualified iso'lators for this application. The implementation of l the AMSAC design will be corsistent with the electrical separation p criteria established for the plant during original plant licensing.

___im____'________._u________._'_a..'____ _ _ _ _ . - .a -- __ _

y - r, t

.. i 1

. '6 1

'j

10. : Physical Separation From Existing Reactor Protection System l !

The(implementation of the ATWS mitigating! system must be such that the separation criteria _ applied to the existing RPS are not violated.-

The licensee _ stated.that the AMSAC circuitry will- be physically separated from.the'RPS circuitry.- The licensee has'further stated that the cable

~

routing will:be independent'of protection system cable routing and that

the ATWS equipment cabinets will be. located so that there will be no interaction with the. protection system cabinets. The licensee also stated that-the RPS design will; continue (subsequent to the implementation of AMSAC) to Ineet the-separattdn criteria originally established for the

~

- Sequoyah plant during original plant licensing.

11. Environmental! Qualification The plant-specific submittal should _ address the environmental qualifi-cation of ATWS equipment for anticipated operational occurrences.

. The licensee stated that AMSAC mitigation equipment will be located in.

areas of the plant that are considered to have a mild environment. The licensee also stated that the equipment will be designed to operate in the environment qualified for anticipated operational occurrences that might.

occur associated with the respective equipment locations.

- 12. Testability at Power Measures to test the ATWS migitating system before installation, as well as periodically, are to be established. Testing of the system may be performed with the system in the bypass mode. Testing from the input sensor through to the final actuation device should be performed with the plant shut down.

The-licensee stated that the AMSAC system will be tested prior to instal-lation and operation. The system will also be tested periodically and that a complete end-to-end test of the AMSAC system, including the AMSAC outputs through to the final actuation devices, will be performed during each refueling outage. With the plant at power, the system can be tested with the AMSAC outputs bypassed. At-power testing capability consists of using approled plant surveillance procedures.

The bypass of the AMSAC outputs will be accomplished through permanently installed bypass switches which prevent the need to lift leads, pull fuses, trip breakers, or physically block relays. Status outputs to the plant computer and main control board, indicating that a general warning condi-c tion exists with AMSAC, will be initiated when the system's outputs are

! bypassed. The licensee has conducted a human-factors review of the i controls and indications used for testing purposes. The results of the j review indicated conformance to good human-factors engineering practices I and consistency with the plant's detailed control room design review process.

~ ~ ~

V .

j' j' .

L.. 7

(

13. Completion of Mitigative Actic'.

that (1) the protective action, once The licensee initiated, goes is to required to and completion verify (2) the subsequent return to operation requires deliberate operator action.

The licensee responded that the system design will be such that AMSAC is consistent with the circuitry of the auxiliary feedwater and turbine trip control. systems. Once initiated, the design will ensure that protective action goes to completion. Following completion of the mitigative action, deliberate operator action will then be required to return the actuated

-devices to normal operation.

14. Technical Specification The plant specific . submittal should address technical specification requirements for AMSAC. {

The licensee responded that no technical specification action is proposed with raspect to the AMSAC. The licensee stated that the system does not meet NRC criteria for inclusion in the Technical Specifications. The surveillance interval and actions required to service the AMSAC will be administratively controlled using plant procedures.

The aquipment required by che ATWS Rule to reduce the risk associated with an ATWS event must be designed to perform its functions in a reliable manner. A method acceptable to the staff for demonstrating that the equipment satisfies the reliability requirements of the ATWS Rule it to provide limiting conditions for operation and surveillance requirements in the Technical Specifications. In its Interim Commission Policy Statement of Technical Specification Improvements for Nuclear Pcwer Plants (52 FR 3788, published February 6,1987), the Commission established a specific  ;

set of objective criteria for determining which regulatory requirements j and operating restrictions should be included in Technical Specifications.

The staff is presently reviewing ATWS requirements to the criteria in this Policy Statement to determine whether, and to what extent, technical specifications are appropriate. Accordingly, this aspect of the staff ,

review remains open pending completion of the staff's review. The staff I will provide guidance regarding the technical specification requirements for AMSAC at a later date. 4

4.0 CONCLUSION

Based on the above, the staff concludes, pending resolution of the technical specification issue, that the AMSAC design proposed by the Tennessee Valley Authority for the Sequoyah Nuclear Plant, Units 1 and 2, is ecceptable and is in compliance with the ATWS Rule, 10 CFR 50.62 Paragraph (c)(1). Although a staff review has not been completed regarding the need for technical specift-cations for the AMSAC design, the licensee should continue with the scheduled

_____.-_-_.9_____2

f, 4

i' installation and implementation (i.e., planned operation) of the AMSAC design at Sequoyah and provide testing-utilizing administratively controlled proce-

-dures. By latter dated July 6, 1988, the licensee stated that the modifi-cations for the AMSAC design will be completed il; the_ Cycle 4 refueling outage-for each unit.

5.0 REFERENCES

s1. Letter, C. E. Rossi (NRC) to L. D. Butterfield (WOG), " Acceptance _ for-Referencing of Licensing Topical Report." July 7,1986.

1

2. Letter, R. A. Newton'(WOG) to J. Lyons (NRC) " Westinghouse Owners Group-Addendum 1 to WCAP-10858-P-A and WCAP-11233-A: AMSAC Generic Design Packa0e " February 26, 1987.
3. Letter, R. A. Newton (WOG) to J. Lyons (NRC), " Westinghouse Owners Group Transmittal of Topical Report, WCAP-10858-P-A, Revision 1: AMSAC Generic Design Package," August 3,1987.
4. Letter, R. Gridley (TVA)Lto U.S. NRC, "Sequoyah Nuclear Plant - 10 CFR 50.62 - Plant Specific Details," February 17, 1987.
5. Letter, R. Gridley' (TVA) to U.S. NRC, "Sequoyah Nuclear Plant (SQN) --

10 CFR 50.62 - Design Changes," August 23, 1988.

6. Letter, R. Gridley (TVA) to U.S. NRC, "Sequoyah Nuclear Plant (SQN) -

10 CFR 50.62 - Additional Design Information," October 25, 1986.

Frincipal Contributor: L. Tran Dated: September 14, 1989 1

i

"~

_j