ML24004A284

From kanterella
Revision as of 20:11, 5 October 2024 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
(CN 96-016) IP 93801 Safety System Functional Inspection (SSFI)
ML24004A284
Person / Time
Issue date: 07/25/1996
From:
NRC/NRR/DRO/IRIB
To:
Shared Package
ML23248A201 List:
References
CN 96-016
Download: ML24004A284 (1)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C. 205M--0001

NRC INSPECTION MANUAL PSIB

INSPECTION PROCEDURE 93801

SAFETY SYSTEM FUNCTIONAL INSPECTION (SSFI)

PROGRAM APPLICABILITY: 2515

93801-01 INSPECTION OBJECTIVES 01.01 The primary objective of a Safety System Functional Inspection (SSFI) is to assess the ope rational performance capability of selected safety systems through an in-depth, multi-disciplinary engineering review to verify that the selected systems are capable of performing their intended safety functions.

Generic safety significant findings are pursued across the system boundaries on a plant-wide basis.

01.02 The secondary objective of the SSFI is to determine the program-related root cause for identified performance deficiencies and analyze the implications of these deficiencies on the licensee's quality assurance program.

  • 93801-02 INSPECTION REQUIREMENTS 02.01 Inspection Planning. Prior to the inspection, the team leader shall develop an inspection plan to address, at a minimum, the following points:
a. Background information relative to significant issues between the responsible Regional Office and the licensee, particularly as it may relate to engineering and plant design.
b. Identification of applicable sections of procedure 93801, identification of specific MC-2515 procedures, and any supplemental checklists and inspection elements, as assigned to each individual team member.
c. Selection of the systems and key components to be addressed by the team as initial inspection samples, based upon the plant specific IPE results.
d. Assignments of individual team members to specific functional areas, and expectations regarding the type and timing of information to be provided to other team members, e.g., the recommendations, guidance, data, and requests originated by the engineering office team to the inspectors at the pl ant.
e. A access training, entrance and exit meetings, coordination meetings, timetable of events involving team coordination activities, such as site conference calls, due dates for issuance of intra-team data, etc.
  • Issue Date: 07/15/96 - 1 - 93801..

02.02 System Selection. The SSFI should be performed on one or two safety systems. During the planning process, the team leader should select a number of electrical, mechanical, and instrumentation and control components for detailed review. The majority of these components should be from the principal system with the remainder from support systems which are necessary for successful

  • operation of the principal system or from interfacing safety systems served by.

the principal system.

02.03 Inspection Preparation. After selecting the safety systems to be evaluated, the team leader and the engineering design inspectors conduct the pre inspection trip to the site and engineering offices to assemble the plant procedures, drawings, modification packages, calculations, analysis and other background information. In addition, the inspectors identify all the documenta tion required for the remaining functional areas such as key administrative procedures. This information is copied, collated, and distributed to the inspection team members for their in-office preparation.

The engineering design inspection begins with the pre-inspection visit. The inspectors will communicate their initial engineering observations to the other team members for followup during the in-office preparation of their respective functional areas. Particularly sensitive areas that warrant onsite reviews are to be included.

As an option, the site members of the inspection team may accompany the team leader to the site during the pre-inspection visit to assist in reference material collection and to obtain site access training.

02.04 Conduct of the Inspection. After initial arrival on-site, the inspection team should establish contact with the applicable system engineers and conduct a general system walkdown either as a team or individually. The objective of this walkdown is familiarization with the general plant and specific system

  • operations and maintenance inspectors later in the inspection. hardware and layout. A more detailed walkdown will be performed by the

The inspectors assigned to each of the functional areas should develop individual inspection plans to meet the inspection objectives listed in Section 01.01 and following inspection requirements. the inspection plan of Section 02.01. The inspection plans shall incorporate the

a. Engineering Design and Configuration Control
1. Review the design basis and licensing basis documents such as calculations and analyses for the selected system and determine the functional requirements for the system and each active component during accident or abnormal conditions. This review should include verifying the appropriateness of the design assumptions, boundary conditions, and models. This may include independent calculations by the engineering design inspectors. The review should determine if (1) the design basis is in accordance with the facility's bases, analyses, and associated design output documents such as licensing commitments and regulatory requirements, (2) the design facility drawings and procurement specifications are correct, and (3) if the installed system and components are tested to verify that the design bases have been met.
2. Review the configuration of the selected system as installed in the
  • pl ant and determine if the drawings which reflect the as-built design

93801 - 2 - Issue Date: 07/15/96 and installation consistent with the current design and licensing documents, regulatory requirements and commitments for the facility.

3. Determine if the as-built and modified system is capable of functioning as specified by the current design and licensing documents, regulatory requirements, and commitments for the facility.

  • 4. Determine if the system operation is consistent with the design and licensing documents. Determine the need for further review and operational evaluation of discrepancies.
5. Evaluate the licensee's drawing control program, the control and use of design and licensing input information, and the adequacy of design calculations from the perspective of modifications made to the selected safety system.
6. Review all modifications made to the original system that could have potentially changed the design basis. Determine if the system meets the design basis and licensing basis in the as-modified configura tion.
7. Determine if system modifications implemented since initial licensing have introduced any unreviewed safety questions.
8. Review the modification packages for the selected safety system to ensure that a 11 changes to the support elements have been made procedures, software, operating procedures, training documentation (pursuant to ANSI N45.2.11), including maintenance requirements and and training programs, periodic testing, and procurement documenta tion and specifications. Determine the need for further review and evaluation of discrepancies.
  • 9. Evaluate the interface between engineering and technical support and plant operations.
10. If available, review (usually toward the end of the inspection) the results of the licensee's internal SSFI reviews and technical audits (of the selected system when available).
11. Review the results of the plant specific IPE relative to the system(s) selected. Determine licensee response to IPE issues.
b. Operations
1. Identify the key components of the system and the components to be evaluated during this inspection.
2. Review the technical adequacy and accuracy of alarm response procedures and operating procedures for normal, abnormal and emergency system operations.
3. Review operator training for the selected system, focusing on the technical completeness and accuracy of the training manual and lesson plans. Ensure that the lesson plans reflect the system modifications and that the licensed operators have been trained on these modifica tions.

Issue Date: 07/15/96 - 3 - 93801

4. Walk-through the system operating procedures and the system P&!Ds with the operators. Verify that the procedures can be performed using the main control panel and the alternate shutdown panel and operation. If any special equipment is required to perform these that components and equipment are accessible for normal and emergency working order. Verify that the knowledge level of the operators is procedures, determine if the equipment is available and in good adequate concerning equipment location and operation. *
5. Conduct interviews with the operators to determine how the system is operated. Determine if system operation is consistent with the licensing basis.
6. Verify the local operation of equipment. Determine whether the indication available to operate the equipment is in accordance with applicable operating procedures and instructions. Verify that the environmental conditions assumed under accident conditions are adequate for remote operation of equipment, such as expected room temperature, emergency lighting, steam, etc.
7. Verify that the support systems and procedures are adequate to support the selected safety system during the event sequences that it is designed to initiate.

C. Maintenance

1. Identify the key components of the system and the components to be evaluated during this inspection.
2. In conjunction with other interested functional areas (such as Operations), conduct an in-depth system walkdown.
3. Witness any maintenance performed on the selected system while the team is onsite. *
4. Review maintenance procedures for technical adequacy. Determine if the procedures are sufficient to perform the maintenance task and provide for identification and evaluation of equipment and work deficiencies. Check the procedure content against the vendor manuals to verify that the procedure satisfies the vendor requirements, as determined applicable by the licensee, for maintaining the equipment in proper working order. Verify that important vendor manuals are complete and up-to-date.
5. Review the maintenance program for the selected system to determine if the preventive maintenance ( PM) requirements are adequate and comprehensive.
6. Determine if the system components are being adequately maintained to ensure their operability under all accident conditions.
7. Review applicable vendor manuals, generic communications (i.e., Bulletins, Information Notices, Generic Letters, and special studies) and verify that the licensee has integrated and implemented the applicable items into the maintenance program.
8. Review the component history files for the selected components for the past two years; however, a longer interval may be necessary.
  • 93801 - 4 - Issue Date: 07/15/96 While reviewing the maintenance history, look for recurring equipment problems and attempt to determine if any trends exist. Select several maintenance activities and verify each for technical satisfactory demonstration of equipment operability. adequacy, performance of appropriate post-maintenance testing and
  • 9. Conduct detailed interviews with the maintenance personnel to determine what maintenance and modifications have been performed.

Determine if the maintenance and modifications are consistent with the licensing basis.

Determine if maintenance personnel receive adequate training pertaining to the selected safety system and if the degree of training provided is consistent with the amount of technical detail included in procedures.

d. Surveillance and Testing
1. Identify the key components of the system and the components to be evaluated during this inspection.
2. Review and evaluate the technical adequacy and accuracy of all of the Technical Specification surveillance procedures and inservice test Attention should be focused on the specific components selected for procedures performed in the past two years for this system.

detailed review.

3. Verify that the system has been tested in accordance with the accident analysis. Determine if the testing adequately ensures that conditions. Verify that the surveillance test procedure acceptance the system will operate as designed under postulated accident criteria are adequate to demonstrate continued operability.
  • 4. Determine if surveillance test procedures comprehensively address system responses addressed in the licensing basis.
5. Evaluate the support systems and plant modifications selected for review by the engineering team to ensure that system capability as demonstrated by preoperational testing is consistent with the licensing basis. *
6. Review the component history files, looking for indications of adverse trends or recurrent test failures.
7. Review the i selected safety system, emphasizing the technical adequacy and nservi ce test records for pumps and valves in the accuracy of the data. Attention should be focused on the specific components selected for detailed review.
8. Conduct interviews with instrumentation and control technicians, discussing in detail such items as how specific instruments are tested, how valve stroke time testing is performed, and how and where temporary test equipment is installed.

9. Determine if engineering and technical support personnel contribute to surveillance test procedures and if they review test results.

Issue Date: 07/15/96 - 5 - 93801

10. Witness any post-maintenance, surveillance, and inservice tests performed on the selected system while the inspection team is onsite.
e. Quality Assurance and Corrective Actions
1. Review the Pl ant Ons ite Safety Review Committee and the Offs ite Safety Review Committee meeting minutes for the past six months for items pertaining to the selected system. Identify any discrepancies
2. Review the open item tracking system for items pertaining to the selected safety system.
3. Conduct technical interviews with key quality assurance and quality control personnel to determine their understanding of system licensing basis and level of involvement in field activities.
4. Review the operational history of the selected system, including licensee event reports (LERs), nuclear plant reliability data system nonconformance reports, and maintenance work requests, with an (NPRDS) reports, 10 CFR 50.72 reports, enforcement actions, emphasis on adequacy of root cause evaluations. Limit the review of work requests to a sample of work requests ready for implementation, with emphasis on consistency with the licensing basis.
5. Compare the results of the team's assessment of the areas inspected for the selected system with the results of applicable licensee quality verification activities in the same areas (i.e., operations, maintenance, surveillance and testing, engineering design, and design control). In cases where the same findings exist, determine why they have not been corrected. In cases where the team found conditions which were missed by the licensee, determine why the licensee's
  • quality verification activities were not capable of finding these issues.
6. Review the status of the corrective actions for the findings of applicable licensee SSFI reviews and technical audits (of the selected system when available).

93801-03 INSPECTION GUIDANCE General Guidance. The predominant feature of an SSFI is the use of a deep vertical slice technique to accomplish the inspection objectives. The term "deep vertical slice" refers to the in-depth review of a selected safety system in six functional areas. These areas are operations, maintenance, surveillance and testing, engineering design, design control, and quality assurance and self assessment. When a weakness in a functional area is identified, the inspection is expanded to determine if a programmatic weakness exists. For example, if the selected safety system is the auxiliary feedwater system and a weakness in motor operated valve torque switch settings is identified by the maintenance inspector, then a preliminary review of programmatic controls for torque switches should be performed. In contrast, a programmatic inspection technique typically examines functional areas by arbitrarily selecting and observing activities in a given functional area across a variety of systems.

93801 - 6 - Issue Date: 07/15/96

  • The SSFI determines whether the system is capable of performing the safety functions required by the design and licensing bases and regulatory requirements and commitments, and if the testing is adequate to demonstrate that the system would perform all of the safety functions required. The SSFI verifies that the system maintenance and material condition are adequate to ensure system performance under postulated ace i dent conditions and that the operator and
  • maintenance of the system. The human factors considerations relating to the technician training are adequate to ensure proper operations, testing and selected system (such as accessibility and labeling of valves) and the supporting procedures for the system are reviewed to verify adequacy and to ensure proper system operation under normal and accident conditions. The management controls including procedures are reviewed to verify that the safety system will fulfill the functions required by the safety analysis and that the support systems required for system operation are capable of performing their required functions in the expected accident environments.

The SSFI technique emphasizes the functionality of the selected safety system.

The focus of the inspection should be on the system and hardware operation, maintenance, engineering design, design control, surveillance and testing, and quality assurance and corrective actions -- and not on a review of programmatic requirements. The SSFI method has been successful in disclosing specific safety question the reliance on affected safety systems for continued plant operation. related hardware, design, or operational problems and issues that call into Because the safety systems selected for review are not normally challenged or periodically tested to the outer limits of their design basis, a heightened measure of confidence in system functionality and reliability can be provided by an SSFI evaluation. Based on the safety benefits of the inspection, it is important to correctly select the system for evaluation and to prepare for the inspection prior to arrival onsite.

detailed design and licensing basis requirements for the selected safety system Past experience with SSFls has demonstrated that identifying and retrieving the

  • can be quite difficult and time consuming for the inspection team as well as for the licensee. Clearly identifying design and licensing basis requirements at older plants is difficult and is typically scattered among the records stored at the plant, the licensee's corporate offices, the A/E's offices, and the NSSS vendor's offices. Consequently, an effort should be made to provide the licensee with adequate advanced notice regarding the system(s) to be inspected to allow the licensee time to begin collecting the needed documentation.

The licensee is required by 10 CFR 50, Appendix Band 10 CFR 50.59 to fully modifications to those systems since initial licensing. As a minimum, the understand the design and licensing bases for all safety systems and the licensee should have documentation available to support any system design changes.

For older plants, it may be difficult for the licensee to retrieve design and licensing bases and other documents such as calculations and analyses. If the selected system has not been modified since initial licensing, the fact that original documents are not available to demonstrate safety system functionality determine operability by 1 does not in itself raise an operability question. It may be possible to i censee surveillance testing, review of pre-operat i ona 1 test data, or other means. However, for systems modified since operating license issuance, the licensee should have a sufficient set of design documents to demonstrate that design margins have not been unacceptably reduced. Therefore, for plants where original design documents are difficult to retrieve, the team Generic Letters that would require licensees to assess the adequacy of their should focus on reviewing system modifications and responses to NRC Bulletins and Issue Date: 07/15/96 - 7 - 93801 regeneration of a limited set of design documents. facility, at least on a topical basis, and which would have required the

The inspectors should verify that the current configuration of the system is in accordance with the design basis and the licensing basis. In addition, the inspectors should also verify that the current surveillance and testing requirements assure that the system meets its licensing basis and will perform

  • the safety functions.

The facility's licensing basis is the set of regulatory requirements and licensing commitments that form the basis for issuance of the operating license and for the continued safe operation of the facility. The licensing basis is Analysis Report, NRC safety evaluation reports, and licensee commitments such as contained in NRC regulations, plant technical specifications, the Final Safety these in response to NRC generic notifications or to NRC violations. The licensing basis changes with time. For example, as technical specification amendments are issued, the licensing basis is updated.

related to the selected system (e.g., accessibility and labeling of components). Inspectors in all areas should be sensitive to the human factors considerations

03.01 Guidance for Inspection Requirement 02.02. The ideal system for an SSFI is one that is relied upon for accident mitigation and has been significantly modified over plant life. If available, the plant-specific PRA should be reviewed as part of the system selection methodology. The PRA should demonstrate that the system would be involved in the dominant sequences for high core melt frequency. The recommended system is to have been originally designed by the architect engineer (A/E) because systems designed by the nuclear steam supply system (NSSS) vendor are generally subject to more rigid design and modification controls than the A/E-designed systems. Modifications to NSSS vendor-designed A/E-designed systems are often solely performed by the licensee's engineering systems are typically performed by the NSSS vendor and modifications to staff. Therefore, the potential for compromising the design basis and reducing

  • safety may be greater for an A/E-designed system than for an NSSS vendor-designed system, although an NSSS vendor-designed system is acceptable for evaluations.

Studies conducted by the Office for Analysis and Evaluation of OperationaJ Data also can provide useful data for determining which system to select. In addition, the previous NRC inspection history and licensee self-assessments, including SSFis, should be considered in selecting the system for review.

03.02 Guidance for Inspection Requirement 02.03. The engineering design inspection begins with the pre-inspection visit to allow beginning the design portion of the inspection two-weeks earlier than the rest of the inspection.

This increases the effectiveness of the inspection because it allows the engineering team more onsite review time. This additional time is required because the engineering team must review a considerable amount of design documentation to determine if the system design basis has been maintained throughout the modification process. In addition, this method allows communicating the initial engineering observations to the other members of the team for follow-up during the in-office preparation of their respective functional areas.

During the in-office preparation phase, the following items should be reviewed by each inspector to obtain a detailed working understanding of the system operation and design bases:

a. Final Safety Analysis Report (FSAR) and Updated Safety Analysis Report (USAR).

93801 - 8 - Issue Date: 07/15/96

b. Site-specific administrative procedures.

c. System descriptions and design basis documents (if available).

d. Site-specific training documents for the system.
  • e. Technical Specification requirements and surveillance test procedures.
f. System piping and instrumentation drawings (P&IDs), one-line diagrams and logic diagrams.
g. Engineering calculations (e.g., equipment sizing and short circuit analysis}.
h. Temporary and permanent modifications, including safety evaluations.
i. Relevant regulatory information such as Information Notices, Generic Letters, and special studies that apply to the system.
j. ANSI standards applicable to the assigned functional areas.
k. Licensee event reports (LERs) for the past 12 months.
1. Inspection reports for the past 12 months.
m. Licensee engineering design guides.
n. Significant nonconformance reports.

Each team member should study the documentation to become as familiar as possible and achieve an in-depth understanding of the selected system (e.g., safety function in all modes of operation, major system flow paths, essential safety

  • features actuation signals, system alignment during accident mitigation, safety design basis, operation, testing and maintenance requirements, and equipment interlocks, etc.}. The inspectors should become familiar with system hardware, history. They should also become familiar with the accident sequences that the the system. Additionally, each inspector should have a working knowledge of the system is designed to mitigate, as well as the accident analysis assumptions for of maintenance, and the quality assurance (QA) program. plant's key administrative controls such as the design change process, control

03.03 Guidance for Inspection Requirement 02.04. The effectiveness of the SSFI method is greatly enhanced if the various inspection team members are able to benefit from each other's inspection efforts. Accordingly, daily team meetings allow the team members to share their findings. Experience indicates that significant findings originate from team meeting discussions that allow related the synergism of team meetings, seemingly -unrelated observations in one inspection findings in different functional areas to be pieced together. Through to examine specific issues leading to a broader understanding of problem areas. functional area may lead key inspectors responsible for other functional areas

03.04 Guidance for Inspection Requirement 02.04a. The design review portion of the inspection should be performed by inspectors with extensive nuclear plant design experience, preferably comparable to the experience gained through previous employment with an architect engineering firm. It is important also that the inspectors performing the design review have a good understanding of integrated plant operations, maintenance, testing, and quality assurance so that

  • they are able to relate their findings to the other functional areas being Issue Date: 07/15/96 - 9 - 93801 this specific expertise is not internally available. inspected. To this extent it is recommended that contractor support be used when

determine if the design basis is met by the installed and tested configuration. In reviewing the functional adequacy of the selected system, the inspector should The inspector should understand not only the original purpose of the design, but the manner and conditions under which the system will actually be required to

  • function. For example:
a. For valves: What permissive interlocks are involved? What differential pressures will exist when the valve strokes? Will the valve be repositioned during the course of the event? What is the source of manual actions are required to backup and restore a degraded function? control and indication power? What control logic is involved? What
b. For pumps: What are the fl ow paths the pump wi 11 experience during accident scenarios? Do the flow paths change? What permissive interlock and control logic applies? How is the pump controlled during accident conditions? What manual actions are required to back up and restore a degraded function? What suction and discharge pressures can the pump be expected to experience during accident conditions? What is the motive power for the pump during all conditions? Does vendor data and specifications support sustained operations at low flows?
c. For instrumentation and sensors: What plant parameters are used as inputs to the initiation and control system? Is operator intervention required in certain scenarios? Are the range and accuracy of instrumentation adequate? What is the extent of surveillance and calibrations of such.

instrumentation?

When comparing the as-built design with the current design basis and the licensing requirements for the selected system, the inspector should consider the following questions:

a. Are the assumptions upon which the original design was based adequate? For example, are service water flow capacities sufficient with the minimum number of pumps available under accident conditions? Are the voltage studies accurate and will the required M0Vs and relays operate under end-of-life battery conditions and degraded grid voltages? Are fuses and thermal overloads properly sized? Are current de loads within the capacity of the station batteries? Is the instrumentation adequate in range and accessibility for operations to control the system under normal and abnormal conditions?
b. Have modified structures surrounding safety equipment, components, or structures been evaluated for seismic 2-over-l considerations, and have modified equipment components falling under the scope of 10 CFR 50.49 been thoroughly evaluated for environmental equipment qualifications considerations such as temperature, radiation, and humidity?
c. If the as-built documents have been marked for the design changes on an interim basis, have additional measures been taken including document review, approval and safe guarding the marked documents and related papers until the changes have been incorporated on the revised documents.

When reviewing modifications to a safety system, the inspector should verify that marked-up copies of drawings are used for future design change activities until 93801 - 10 - Issue Date: 07/15/96 the revised as-built document incorporating all the marked-up changes is officially issued.

03.05 Guidance for Inspection Requirement 02.04b. When reviewing the normal, abnormal and emergency operating procedures, the inspector should assess the technical adequacy of the procedures and determine if the procedural steps will

  • achieve required system performance for normal, abnormal, remote shutdown, and emergency conditions. This should include consideration of operator actions to compensate for shortcomings in design. The inspectors should determine if the system is operated in accordance with the system design and if ope rat i ans personnel receive adequate training pertaining to the selected system. In addition, the degree of training provided should be consistent with the amount of technical detail included in procedures. In particular, verify that operators are trained on system response, failure modes, and required actions involved in all credible scenarios in which the system is required to function.

The inspector should verify that the emergency, off-normal, and abnormal operating procedures are adequate to handle the most limiting design basis events. Where it is not reasonable for procedures to provide detailed guidance, the inspector should verify that the licensee's training program ensures that the operators are knowledgeable in the areas of concern.

The inspector should verify that the operations personnel have the ability to reference an up-to-date and accurate copy of the control room documents. This is necessary because the controlled drawings may not be revised, unless changes due to modifications are extensive. As an interim measure, some utilities have marked-up a controlled set of the control room documents to show the design changes. In such situations, the inspector should also verify that revisions of the controlled documents incorporating the marked-up changes are performed in a timely manner following the modification. The timeliness of document revision should be consistent to the safety significance of the modified system. Effects of marked-up design changes should not preclude the document being a useable

  • reference document, i.e., without clutter which could cause difficulty in determining the actual installed configuration.

The inspector should verify that the marked-up changes to the control room drawings have been reflected in changes to the normal, abnormal, and emergency operating procedures as necessitated by the scope of the change.

03.06 Guidance for Inspection Requirement 02.04c. When performing the review of maintenance records, it is essential for the inspector to understand the technical details of how the activities were performed. For example, the inspector should consider whether the closing limit switches were set with the motor-operated valve fully shut or partially open and off the valve seat.

As part of the detailed system walkdown, the inspectors should analyze the adequacy of the system lineup, accessibility, and indications relative to the most limiting design basis conditions (e.g., degraded power and lighting, single failure, loss of non-safety indications, and harsh environments). This walkdown should be a very detailed hand-over-hand verification to ensure that the as-built configuration agrees with the P&ID. The following attributes should be considered:

a. Determine if components are accurately labeled and accessible. For example, can the components be operated locally or manually if required and is there health physics or security considerations?

Issue Date: 07/15/96 - 11 - 93801

b. Determine if motor-operated valve (MOV) operators and check valves (particularly lift check valves) are installed in the orientation required by the manufacturer. Additionally, a human factors assessment of the component (such as the direction of handwheel rotation for valves installed upside down and the number of turns required for full valve travel) should be made.
c. Determine if the system lineup is consistent with the design and licensing
  • basis requirements. This lineup inspection should include considerations of the normal and backup power supplies, control circuitry, indication and annunciation status, and sensing lines for instrumentation.
d. Determine if manually operated components can be operated under accident conditions (i.e., radiation levels, temperatures, and manpower require ments).

When reviewing the preventive maintenance requirements, the inspector should assess whether the vendor-recommended maintenance task is addr*essed by the maintenance program. For example, are the PMs current for this system? Are corrective maintenance procedures available for major system components? Are maintained to ensure the reliability of pneumatic valves? Are fuse and thermal limit and torque switch settings proper? Is the instrument air system adequately overload sizes correct and are pipe supports, seismic restraints and shielding being maintained? In addition, the inspector should verify that all the required vendor manuals are available and that the latest revisions and bulletins have been reviewed and incorporated into the maintenance requirements. Special attention should be taken to ensure that the appropriate level of detail and guidance is provided in maintenance procedures, especially at facilities where maintenance is performed in accordance with the "skill of the craft."

03.07 Guidance for Inspection Requirement 02.04d. The review of test records should go beyond a review of the in-service testing and surveillance programs required for Technical Specifications. The inspector should answer the

  • fundamental question of whether the safety system and all included components have been adequately tested to demonstrate that they can accomplish their determine if the system components have been adequately tested to demonstrate intended safety functions as defined by their design basis. The inspector should that they can perform their safety function under all conditions they might experience in an accident situation. Although it is not always possible to test the systems in the exact accident configuration or cond.ition, engineering analysis or similar testing (such as containment spray nozzle smoke tests) should have been performed. The testing of the system to be reviewed should include manufacturer's bench tests, installation checks, preoperational testing, and initial testing and periodic testing. Initial testing can include tests such as technical specification surveillance tests, post-maintenance tests, in-service startup or power ascension testing. Periodic testing can include tests such as tests, and preventive maintenance testing.

When reviewing the technical adequacy of the surveillance and testing procedures, the inspector must ensure that the test procedures comprehensively address the required system responses. For example, the inspector should verify that the test lineup duplicates the accident response lineup and that the check valves are tested to prevent reverse flow. The test should not establish any artificial initial conditions; however, the determination of adequate testing may require consideration of removing all actuator power, including both electrical and pneumatic, for fail-safe valves. In addition, support systems and plant modifications should be evaluated to ensure that the system's functional capability, as demonstrated by preoperational testing, has not been compromised.

  • 93801 - 12 - Issue Date: 07/15/96 For instance, the addition of a fire barrier in an emergency core cooling system paths. The inspector should also verify that post-maintenance testing {ECCS) pump room may compromise room cooling capabilities by altering air flow demonstrates that the system functional capability has been maintained. Fina 11 y, the inspector should verify that the periodic test adequately confirms the continued operability of the safety system.
  • 03.08 Guidance for Inspection Requirement 02.04e. During interviews with the quality assurance (QA) and quality control {QC) technicians, the inspector should attempt to determine their level of knowledge and involvement in field activities.

When reviewing the operational experience of the selected system, the inspector should attempt to determine the hi stori cal re 1 i abi 1 i ty of the system and its components based on the review and analysis of the operational experience. The inspector should determine if the licensee has aggressively pursued, identified, and corrected root causes of failures. In addition, the inspector should determine the extent of the maintenance backlog and ascertain if the licensee has a program to identify, prioritize, and perform timely safety maintenance activities.

93801-04 INSPECTION RESOURCE ESTIMATE 04.01 Team Composition. The typical SSFI team composition includes six to seven inspectors (three or four operational and three engineering design) assigned to the following areas: operations, maintenance, surveillance and testing, quality design, and instrumentation and control (I&C) design. A mechanical components assurance and corrective actions, mechanical system design, electrical system design area may also be added. The detailed system walkdown can be done by an additional inspector participating for only part of the onsite activities, or this aspect can be jointly performed by the maintenance and operations inspectors. The engineering design inspection assignments may be modified

  • depending on the particular system selected for inspection.

A full-time team leader without any specific area assignments should have the primary responsibility to provide guidance and coordinate team activities. It The senior resident inspector for the site being inspected should not normally is recommended that the team leader have several years of inspection experience.

be assigned as a participating team member; however, their involvement in the inspection process should be encouraged to the extent the resident duties will all ow.

The engineering design inspectors should have extensive architect engineering experience within their assigned discipline area. In many cases, it may be necessary to use contractor support to provide this specific expertise. When contractor support is used, the engineering design and design control functional areas are normally assigned to an experienced NRC inspector who functions as the engineering discipline sub-team leader. This inspector works closely with the engineering design engineers and must have excellent communication skills. This assignment is particularly important on inspections where the licensee's exists to isolate the design and inspection portions of the team due to the corporate engineering offices are not located onsite. A significant potential physical separation of the team members. In this case, extraordinary measures, weekly full team meetings, should be taken to ensure full communication between such as daily team teleconferences with follow-up individual conversations or the team members.

  • Issue Date: 07/15/96 - 13 - 93801 04.02 Inspection Duration. The length of the inspection, including a one week preparation, is about eight weeks. The licensee should be notified of the safety systems selected to be reviewed at least two weeks in advance of the preinspect ion visit. This minimum amount of time is necessary due to the difficulty documents. During the first week of the inspection, the team leader and the most licensees have experienced in locating and reassembling the design basis engineering design inspectors visit the site and corporate offices to perform the
  • pre-inspection visit, obtain the required plant procedures, drawings, and other support information and begin the engineering design inspection. The inspection all team members immediately following the inspection exit. A longer period will report preparation will require, at a minimum, an additional two weeks effort for be required of the team leader to issue the report.

04.03 Insoection Schedule. The following guidance is provided for resource commitments and planning in conducting the inspection from start to finish.

Week 1 Pre-inspection visit by the team leader and the engineering design expectations to the licensee for the remainder of the inspection. inspectors to collect necessary background information and relay location, either site or corporate, which will allow access to the Entrance meeting for the design phase of the inspection at the best licensee's knowledgeable engineers and to review modification packages and calculations.

Week 2 Team leader copies, collates, and distributes background information to all team members.

Week 3 Begin in-office review of design inspection work. Briefings on the this week. preliminary concerns of the engineering design team are performed

Week 4 design inspectors, begins on-site inspection activities. Entrance meeting at site. The entire inspection team, including Week 5 In-office review of inspection documentation and internal NRC management briefings on preliminary inspection findings and potential operational issues. No on-site or engineering office inspection activities. This period off-site allows the licensee time to review the outstanding concerns and questions identified so far during the inspection.

Week 6 The entire inspection team, including the engineering design and follow-up on the outstanding issues and concerns. The pre-exit inspectors, returns on-site for one week to complete the inspection rehearsal is conducted late Thursday afternoon with the participation of NRC management representatives. The exit meeting is held on Friday morning.

Week 7-8 Inspection report input preparation by the team.

Week 9-11 Report completion by the team leader.

93801-05 ADDITIONAL NRC INSPECTION GUIDANCE 05.01 Based upon the inspection observations, the team leader will be responsible to develop an input for the facility Systematic Assessment of Licensee Performance report. This input will predominately address the

  • 93801 - 14 - Issue Date: 07/15/96 to the responsiveness of the engineering organization to plant requirements. Engineering and Technical Support functional area. Consideration should be given Overall conclusions should be drawn with respect to the adequacy of the engineering processes.

05.02 The general guidelines for team inspections are provided in Manual Chapter

  • 2900, "Team Inspections." The following inspection procedures are applicable for reference during the inspection:

35701 - QA Program Annual Review 37700 Design, Design Changes and Modifications 37701 - Facility Modifications 37702 - Design Changes and Modifications Program 41701 - Licensed Operator Training 42700 - Plant Procedures 61700 - Surveillance Procedures and Records 61725 - Surveillance Testing and Calibration Control Program 61726 - Monthly Surveillance Observations 62702 - Maintenance Program 62703 - Monthly Maintenance Observations 62704 - Observation of Work, Work Activities, and Review of Quality Records Instrumentation Maintenance (Components and Systems) 62705 - Electrical Maintenance (Components and Systems) Observation of Work, 71707 - Operational Safety Verification Work Activities, and Review of Quality Records 71710 - ESF System Walk Down 72701 - Modification Testing 73051 - lnservice Inspection Review of Program 73055 - Inservice Inspection Data Review and Evaluation

  • END

Issue Date: 07/15/96 - 15 - 93801

Retrieved from "https://kanterella.com/w/index.php?title=ML24004A284&oldid=3682964"