05000461/LER-2013-009, Regarding Software Errors in New Digital Feedwater Control System Result in Manual Reactor Scram Due to Approaching High Reactor Pressure Vessel Water Level Setpoint
| ML14268A080 | |
| Person / Time | |
|---|---|
| Site: | Clinton  (NPF-062) |
| Issue date: | 02/10/2014 |
| From: | Taber B Exelon Generation Co |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| U-604159 LER 13-009-00 | |
| Download: ML14268A080 (4) | |
| Event date: | |
|---|---|
| Report date: | |
| Reporting criterion: | 10 CFR 50.73(a)(2)(i) 10 CFR 50.73(a)(2)(vii), Common Cause Inoperability 10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded 10 CFR 50.73(a)(2)(viii)(A) 10 CFR 50.73(a)(2) 10 CFR 50.73(a)(2)(viii)(B) 10 CFR 50.73(a)(2)(ix)(A) 10 CFR 50.73(a)(2)(iv)(A), System Actuation 10 CFR 50.73(a)(2)(x) 10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor 10 CFR 50.73(a)(2)(v)(B), Loss of Safety Function - Remove Residual Heat 10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown 10 CFR 50.73(a)(2)(v), Loss of Safety Function 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications |
| 4612013009R00 - NRC Website | |
text
Exelon Generation, Clinton Power Station 8401 Power Road Clinton, IL 61727 U-604159 10 CFR 50.73 February 10, 2014 SRRS 5A.108 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555-0001 Clinton Power Station, Unit 1 Facility Operating License No. NPF-62 NRC Docket No. 50-461
Subject:
Licensee Event Report 2013-009-00 Enclosed is Licensee Event Report (LER) No. 2013-009-00: Software Errors in New Digital Feedwater Control System Result in Manual Reactor Scram Due to Approaching High Reactor Pressure Vessel Water Level Setpoint. This report is being submitted in accordance with the requirements of 10 CFR 50.73.
There are no regulatory commitments contained in this report.
Should you have any questions concerning this report, please contact Mr. Jeffrey E. Cunningham, Acting Regulatory Assurance Manager, at (217)-937-3160.
Respectfully, B. Keith Taber Site Vice President Clinton Power Station RSF/blf
Enclosure:
Licensee Event Report 2013-009-00 cc:
Regional Administrator - NRC Region III NRC Senior Resident Inspector - Clinton Power Station Office of Nuclear Facility Safety - IEMA Division of Nuclear Safety
NRC FORM 366 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB: NO. 3160-0104 EXPIRES: 01131112017 (01-2014)
ý.41 Estimated burden per response to comply with this mandatory cotlection request: 80 hour9.259259e-4 days <br />0.0222 hours <br />1.322751e-4 weeks <br />3.044e-5 months <br /> Reported lessons leamed are Incorporated into the lcensing process and fed back to industry-Send comments regarding burden estimate to the FOIA, Privacy and Information Collections
(,
Branch (T-5 F53). U.S. Nuclear Regulatory Commission, Washington, DC 20555&0001, or by LICENSEE EVENT REPORT (LER)
Intenete-mailtoIntocsliects.Resouce¢nrc.gov, and to the Deut Officer. Office of lnformraion and (See Page 2 for required number of Regulatory Affairs, NEOB-10202, (3150.0104), Office of Management and Budget, Washington, DC 20503. If a means used to impose an information collecton does not display a currently valid OMB digits/characters for each block) control number, the NRC may not conduct or sponsor, and a person is net required to respond to, the information collection.
- 3. PAGE Clinton Power Station, Unit 1 05000 461 1 OF 3
- 4. TITLE Software Errors in New Digital Feedwater Control System Result in Manual Reactor Scram Due to Approaching High Reactor Pressure Vessel Water Level Setpoint
- 5. EVENT DATE
- 6. LER NUMBER
- 7. REPORT DATE
- 8. OTHER FACILITIES INVOLVED MONTH DAY YEAR YEAR SEQUENTIAL REV FAMIOIY NAME DOCKET NUMBER I
I NUMBER NO.
MONTH DAY YEAR 05000 12 13 013 2013 -
009 00 02 10 2014 FIY0O
- 9. OPERATING MODE
- 11. THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS OF 10 CFR§: (Check all that apply) 11 20.2201(b)
[]
20.2203(a)(3)(i)
[]
50.73(a)(2)(i)(C)
U 50.73(a)(2)(vii)
E] 20.2201(d)
[]
20.2203(a)(3)(ii) 50.73(a)(2)(ii)(A)
[
50.73(a)(2)(viii)(A)
U 20.2203(a)(1)
[]
20.2203(a)(4)
[] 50.73(a)(2)(i1)(B)
[] 50.73(a)(2)(viii)(B)
El 20.2203(a)(2)(i)
E] 50.36(c)(1)(i)(A)
E] 50.73(a)(2)(lii) jJ 50.73(a)(2)(ix)(A)
- 10. POWER LEVEL U 20.2203{a)(2)(ii)
[j 50.36(c)(1)(ii)(A)
[
50.73(a)(2)(iv)(A)
[J 50.73(a)(2)(x)
[j 20.2203(a)(2)(Iii)
[]
50.36(c)(2) 50.73(a)(2)(v)(A)
[
73.71(a)(4) 18 U 20.2203(a)(2)(iv) j] 50.46(a)(3)(iiH )
50.73(a)(2)(v)(B)
U 73.71(a)(5)
U 20.2203(a)(2)(v) jJ 50.73(a)(2)(i)(A)
[J 50.73(a)(2)(v)(C)
U] OTHER [7 20 2203(a)(2)(vi)
[] 50.73(a)(2)(i)(B) jj 50.73(a)(2)(v)(D)
Specify in Abstract below or in
PLANT AND SYSTEM IDENTIFICATION
General Electric -- Boiling Water Reactor, 3473 Megawatts Thermal Rated Core Power Energy Industry Identification System (EllS) codes are identified in text as [XX].
EVENT IDENTIFICATION Software Errors in New Digital Feedwater Control System Result in Manual Reactor Scram Due to Approaching High Reactor Pressure Vessel Water Level Setpoint
A. Plant Operating Conditions Before the Event
Unit: 1 Event Date: 12/1312013 Event Time: 1758 hours0.0203 days <br />0.488 hours <br />0.00291 weeks <br />6.68919e-4 months <br /> Central Standard Time (CST)
Mode: 1 Mode Name: POWER OPERATION Reactor Power: 18 percent
B. DESCRIPTION OF EVENT
On 12/13/13 the plant was in Mode 1 (Power Operation) at 18 percent reactor power and power ascension was in progress from a plant outage. Operators were preparing to transition from the Motor Driven Reactor Feed Pump (MDRFP) [SJ] [P]
to the 'A' Turbine Driven Reactor Feed Pump (TDRFP) in accordance with the feedwater operating procedure. This was a first time evolution for the operating crew using the digital feedwater control system (DFW), although the crew was trained on DFW in the simulator. In accordance with the procedure, Operators opened the 'A' TDRFP discharge valve [V]
and placed the 'A' TDRFP recirculation valve In automatic, which positioned the recirculation valve to 25% open.
When the 'A' TDRFP began to feed, the MDRFP began to reduce flow as designed. Over the next few minutes, flow from the two feed pumps began to fluctuate, and reactor pressure vessel [RPVI water level began to oscillate outside the normal control band. Operators recognized the level swings were growing in amplitude, and took manual control of the MDRFP flow control valve IFCV]. With the FCV valve shut and no flow from the MDRFP, Operators gave the FCV a shut signal to ensure It remained fully shut. At this time, the speed of the 'A' TDRFP increased causing an Increase in RPV water level. At 1758 hours0.0203 days <br />0.488 hours <br />0.00291 weeks <br />6.68919e-4 months <br /> when the predetermined RPV water level threshold was achieved (prior to the Level 8 high RPV water level signal), operators placed the Reactor Mode Switch [HS] Into the Shutdown position, initiating a manual Reactor SCRAM.
RPV water level decreased to the low RPV water Level 3 setpoint as expected and operators entered Emergency Operating Procedure (EOP) -1, RPV Control. Operators verified all control rods fully inserted into the reactor core.
Normally closed Group 2 (Residual Heat Removal (RHR) [BC]), Group 3 (RHR), and Group 20 (miscellaneous systems) containment Isolation valves received signals to close as expected from the Level 3 trip and operators subsequently verified the associated valves were closed.
Operators controlled reactor pressure using main steam line drains [SB] and controlled reactor pressure vessel level using the feedwater I condensate booster systems [SD].
This event is reportable under the provisions of 10 CFR 50.73(a)(2)(iv)(A) due to the unplanned manual actuation of the Reactor Protection System [JCI (RPS) and actuations of containment isolation valves. Event Notification 49632 was made to the NRC on 12/13/13 at 1907 hours0.0221 days <br />0.53 hours <br />0.00315 weeks <br />7.256135e-4 months <br /> CST.
This event was entered into the Clinton Power Station corrective action program under Issue Report 1596987.
C. CAUSE OF EVENT
The Root Cause for this event is that system and component level critical characteristics and parameters were embedded within the application software that were not identified, evaluated, and mitigated in the engineering change package for the recently installed digital feedwater control system.
D. SAFETY CONSEQUENCES
When reactor water level approached the high RPV water Level 8 trip set point, operators took manual action to shut down the reactor prior to an automatic reactor scram and place the plant in a safe and stable condition. Safety-related systems functioned correctly in response to this event with critical plant parameters remaining within the bounds of plant design, Technical Specifications, Updated Safety Analysis Report, Offsite Dose Calculation Manual, and Core Operating Limits Report. No plant safety limits were exceeded. No Emergency Core Cooling System actuations occurred or were required to place the plant in a safe and stable condition.
E. CORRECTIVE ACTIONS
The installed digital feedwater programming will be revised to correct the identified software errors.
Operating procedures have been revised as interim corrective action to provide operators with clear guidance for manually bringing the TDRFP on line and specific operating limits to prevent TDRFP operation below 2900 RPM. These revisions will ensure safe and controlled operation of the TDRFP until programming is revised and Installed to correct the identified software errors.
The Process for Managing Plant Modifications Involving Microprocessor Technology, will be revised to mandate that any and all engineering judgments and unverified assumptions encapsulated within vendor provided software be clearly identified and independently validated prior to modification completion. This includes function blocks, mathematical calculations and modeled plant performance characteristics.
F. PREVIOUS OCCURRENCES
No previous similar events have been identified.
G. COMPONENT FAILURE DATA
No components failed during this event.
1 I