ML13115A955

From kanterella
Revision as of 14:57, 1 August 2018 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Final ASP Analysis-Browns Ferry Nuclear Plant, Unit 3, Reactor Trip and Subsequent Loss of Offsite Power Due Failure of Unit Station System Transformer Differential Relay (LER 296/12-004)
ML13115A955
Person / Time
Site: Browns Ferry Tennessee Valley Authority icon.png
Issue date: 05/16/2013
From:
NRC/RES/DRA
To:
Office of Nuclear Reactor Regulation
hunter Christopher 301-251-7575
Shared Package
ML13115A891 List:
References
LER-12-003-01
Download: ML13115A955 (15)
v  d  e


Text

Enclosure 1 Final Precursor Analysis Accident Sequence Precursor Program - Office of Nuclear Regulatory Research Browns Ferry Nuclear Plant, Unit 3 Reactor Trip and Subsequent Loss of Offsite Power due Failure of Unit Station System Transformer Differential Relay Event Date: 05/22/2012 LER: 296/12-003-01 IR: 50-296/12-04 CCDP = 2x10-5 EVENT

SUMMARY

Event Description. On May 22, 2012, at 2:49 a.m., Brown Ferry Nuclear Plant, Unit 3, the reactor was automatically scrammed due to de-energization of the reactor protection system (RPS) from actuation of Unit Station Service Transformer (USST) 3A Differential Relay 387SA, which resulted in a loss of 500 kV power to Unit 3. This relay was picked up during a transfer of 4 kV Unit Board 3C from alternate power (161 kV) to normal power (USST 3A). All Unit 3 emergency diesel generators (EDGs) successfully started and tied to their respective 4 kV shutdown boards. Power from the 161 kV offsite circuit remained available during the entire

event.

At 4:30 a.m., operators restored 500 kV power through the alternate feeder breakers to all Unit 3 4 kV unit boards. All safety systems responded as expected and no emergency core cooling system water level initiation set points were reached. The reactor core isolation cooling (RCIC) system was manually started to control reactor water level. Primary containment isolation system initiation signals for Groups 1-3, 6, and 8 were received as expected due to loss of offsite power. At the time of the reactor scram, the high pressure coolant injection (HPCI) system was tagged out for removal of temporary instrumentation following planned maintenance.

It was determined that the differential relay failure for USST 3A was installed with incorrect design calculation settings. This new differential relay was replaced during the last refueling outage that ended on May 20, 2012. Additional information is provided in References 1 and 2.

MODELING ASSUMPTIONS Analysis Type. The Browns Ferry Unit 3 SPAR model, created in May 2012, was used for this event analysis. This event was modeled as a LOOP initiating event.

Analysis Rules. The ASP program uses Significance Determination Process results for degraded conditions when available. However, the ASP Program performs independent analysis for initiating events.

Key Modeling Assumptions. The following modeling assumptions were determined to be significant to the modeling of this event analysis:

LER 296/12-003-01 2

  • Offsite power was restored to Unit 3 shutdown boards one hour and 41 minutes after the LOOP occurred. However, offsite power from 161 kV source was available throughout the event; therefore, operators could have restored power to a Unit 3 shutdown boards earlier, if needed [i.e., during a postulated station blackout (SBO)]. See the section on Recovery Analysis for further details.
  • The HPCI pump was considered inoperable at the onset of the LOOP because plant personnel were removing temporary instrumentation; however, the maintenance work instructions for the pump contained procedures to restore the pump if needed to provide a source of high-pressure makeup to the reactor. The analysis assumes that the pump could be recovered within 10-15 minutes.

Fault Tree Modification. The following fault tree modifications were necessary to perform this event analysis:

  • A new basic event was added to the two HPCI fault trees: HCI and HCI-01. Basic event HCI-XHE-RECOVER (Operators fail to recover HPCI Pump from Maintenance) was added to account for potential recovery of the HPCI pump from maintenance. This new basic event along with basic event HCI-TDP-TM-TRAIN (HPCI Train Is Unavailable Because Of Maintenance) was moved and inserted under a new 'AND' gates (HCI-8 and HCI01-7, respectively). See Figures B-1 and B-2 in Appendix B for the modified HPCI fault trees.

Basic Event Probability Changes. The following initiating event frequencies and basic event probabilities were modified for this event analysis:

  • This analysis models the May 22, 2012 reactor trip at Browns Ferry Nuclear Plant, Unit 3 as a switchyard-centered LOOP initiating event. - The probability of switchyard-centered LOOP (IE-LOOPSC) was set to 1.0; all other initiating event probabilities were set to zero.
  • Basic Event HCI-TDP-TM-TRAIN (HPCI Train is Unavailable Due to Test and Maintenance) was set to 1.0 because the HPCI pump was out for maintenance. - The HPCI pump was determined to be recoverable within 10-15 minutes and procedures to return the pump to service were contained in the maintenance work instructions. The SPAR-H Human Reliability Analysis Method (References 4 and 5) was used to estimate this new human failure event (HFE). Tables 1 and 2 provide the key qualitative information for these recovery HFEs and the performance shaping factor (PSFs) adjustments required for the quantification for this recovery event using SPAR-H.

Table 1. Qualitative Evaluation for the Recovery of the HPCI Pump from Maintenance.

Definition The definition for this recovery event is the operators failing to restore the HPCI pump to service from maintenance (to remove temporary instrumentation) to provide a source of high-pressure makeup to the to the reactor coolant system (RCS) given a LOOP and failure of RCIC. Description and Event Context HPCI availability is only a key concern during event mitigation if RCIC fails. If RCIC fails during a postulated SBO, only 30 minutes would be available to restore power to the shutdown board prior to core uncovery.

LER 296/12-003-01 3 Operator Action Success Criteria For successful recovery, operators must restore HPCI to operable status (i.e., able to perform its safety function) within 30 minutes of the loss of offsite power, postulated SBO, and subsequent failure of RCIC.

Nominal Cues

  • Loss of offsite power occurs
  • RCIC fails Procedural Guidance Maintenance work instructions Diagnosis/Action This recovery contains sufficient diagnosis and action components.

Table 2. SPAR-H Evaluation of HEP for Recovery of the HPCI Pump from Maintenance.

PSF Diagnosis / Action Multiplier Notes Time Available 1 / 1 The operators would need 10 to 15 minutes to perform the action component (i.e., to manipulate the valve, etc.) to align the HPCI pump to supply the RCS with high-pressure makeup. Therefore, the minimum time for diagnosis is approximately 15 minutes. Therefore, available time for the diagnosis component for 30 minute recovery is assigned as Nominal Time (i.e., x1). Since sufficient time was available to for the action component of the recovery, the available time for the action component for the all recovery times is evaluated as Nominal (i.e., x1). See Reference 5 for guidance on apportioning time between the diagnosis and action components of an HFE. Stress 2 / 1 The PSF for diagnosis stress is assigned a value of High Stress (i.e., x2) due to the LOOP, the failure of RCIC, and potential unavailability of RCS depressurization (due to operator error or hardware failure). The PSF for action stress was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1). Complexity 2 / 1 The PSF for diagnosis complexity is assigned a value of Moderately Complex (i.e., x2) because operators would have to deal with multiple equipment unavailabilities and the concurrent actions/multiple procedures during the LOOP, the failure of RCIC, and potential unavailability of RCS depressurization. The PSF for action complexity was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1). Procedures Experience/Training Ergonomics/HMI Fitness for Duty Work Processes 1 / 1 No event information is available to warrant a change in these PSFs (for diagnosis and action) from Nominal for these HFEs.

LER 296/12-003-01 4 An HEP evaluated using SPAR-H is calculated using the following formula:

Calculated HEP = (Product of Diagnosis PSFs x 0.01) + (Product of Action PSFs x 0.001) Therefore, the failure probability for HCI-XHE-RECOVER was set to 4x10

-2.

  • Basic Event RCI-TDP-TM-TRAIN (RCIC is Unavailable Because of Maintenance) was set to FALSE because the RCIC pump will not be taken out of testing or maintenance while the HPCI pump is out for maintenance (would violate Technical Specifications).
  • The offsite power was recovered to all of the Unit 3 shutdown boards in one hour and 41 minutes after the reactor trip and LOOP occurred; therefore, the default EDG and turbine-driven pump (RCIC and HPCI) mission times were changed to reflect the actual time offsite power was restored to the essential buses.

Since the overall fail-to-run is made up of two separate factors, the mission times for these factors were set to the following: ZT-DGN-FR-E

= 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> and ZT-TDP-FR-E = 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (base case values) and ZT-DGN-FR-L = 0.75 hours8.680556e-4 days <br />0.0208 hours <br />1.240079e-4 weeks <br />2.85375e-5 months <br /> and ZT-TDP-FR-L= 0.75 hours8.680556e-4 days <br />0.0208 hours <br />1.240079e-4 weeks <br />2.85375e-5 months <br />.

Offsite Power Recovery Analysis. The time required to restore offsite power to plant emergency equipment is a significant factor in modeling the CCDP given a LOOP. The LOOP/SBO modeling within the SPAR models include various sequence-specific power recovery factors that are based on the time available to recover offsite power to prevent core damage. Depending on the (1) availability of the turbine-driven, high-pressure injection systems (RCIC, HPCI); (2) the success or failure to depressurize the RCS; (3) the battery depletion time; the time available to restore offsite power prior to core damage during a postulated SBO for Browns Ferry, Unit 3 ranges from 30 minutes to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />.

In this analysis, offsite power recovery probabilities are based on:

  • Known information about when offsite power was available in the switchyard and when power was restored to the first shutdown board, and
  • A determination on whether offsite power could have been restored sooner given a postulated SBO.
  • Estimated probabilities of operators failing to realign offsite power to a shutdown board.

During the event, operators restored power to all of Unit 3 shutdown boards (from the 500 kV source) one hour and 41 minutes after the LOOP occurred. However, power from the 161 kV source was available for the entire duration of the event. To restore offsite power to one shutdown board, operators would need to determine that a LOOP occurred due to a loss of 500 kV offsite source. In addition, the operators would need to determine that offsite power was still available via the 161 kV source.

The SPAR-H Method was used to estimate non-recovery probabilities as a function of time following restoration of offsite power to the switchyard. Tables 3 and 4 provide the key qualitative information for these recovery HFEs and the PSFs adjustments required for the quantification of the HEPs using SPAR-H.

LER 296/12-003-01 5 Table 3. Qualitative Evaluation of HFEs for Recovery of Offsite Power to a Unit 3 Shutdown Board.

Definition The definition for these recovery HFEs is the operators failing to restore offsite power to a Unit 3 shutdown board via the 161 kV source within 30 minutes to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> (depending on the sequence) given a postulated LOOP or SBO. Description and Event Context Depending on postulated failures of the recirculation pump seals (due to unavailability of seal injection/cooling), the availability of the high-pressure injection systems (HPCI, RCIC), and the time until the station batteries are depleted, operators would have between 30 minutes to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> to restore power to a Unit 3 shutdown board via the unit boards powered by the 161 kV source. Operator Action Success Criteria For successful recovery, operators would have to align power from a unit board to a shutdown board prior to core uncovery. The time available for operators to perform this action would be a minimum of 30 minutes (given the failure of RCIC).

Nominal Cues

  • Momentary de-energization of all plant AC electrical boards resulting in de-energization of running equipment
  • EDGs start and provide power to 4160 V and 480 V shutdown boards
  • Diesel Generator Start Failure annunciation
  • Reactor Scram and Main Turbine-Generator Trip
  • RPS MG Sets A and B trip resulting in all RPS trips sealed in
  • Primary and Secondary Containment Isolation Procedural Guidance 0-AOI-57-1A, "Loss of Offsite Power (161 kV and 500 kV)/Station Blackout" 0-AOI-57-1B, "Loss of 500 kV" OI-82, "EDG Operations Diagnosis/Action These recovery HFEs contain sufficient diagnosis and action components.

Table 4. SPAR-H Evaluation of HEPs for Recovery of Offsite Power to a Unit 3 Shutdown Board.

PSF Diagnosis / Action Multiplier Notes Time Available 1 or 0.01 / 1 The operators would need less than five minutes to perform the action component (i.e., to shut two breakers) to restore power to a shutdown board via the 161 kV offsite power source. Therefore, the minimum time for diagnosis is approximately 25 minutes. Therefore, available time for the diagnosis component for 30 minute recovery is assigned as Nominal Time (i.e., x1). Available time for the diagnosis component for recoveries with at least one hour available are assigned as Expansive Time (i.e., x0.01; time available is >2 times nominal and >30 minutes). Since sufficient time was available to for the action component of the recovery, the available time for the action component for the all recovery times is evaluated as Nominal (i.e., x1). See Reference 5 for guidance on apportioning time between the diagnosis and action components of an HFE.

LER 296/12-003-01 6 PSF Diagnosis / Action Multiplier Notes Stress 2 / 1 The PSF for diagnosis stress is assigned a value of High Stress (i.e., x2) due to the postulated SBO. The PSF for action stress was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1). Complexity 2 / 1 The PSF for diagnosis complexity is assigned a value of Moderately Complex (i.e., x2) because operators would have to deal with multiple equipment unavailabilities and the concurrent actions/multiple procedures during a postulated SBO. The PSF for action complexity was not determined to be a performance driver for these HFEs; and therefore, was assigned a value of Nominal (i.e., x1). Procedures Experience/Training Ergonomics/HMI Fitness for Duty Work Processes 1 / 1 No event information is available to warrant a change in these PSFs (for diagnosis and action) from Nominal for these HFEs.

Therefore, the failure probability for OEP-XHE-XL-NR30MHSC (Operator Fails to Recover Offsite Power in 30 Minutes) was set to 4x10

-2.

In addition, the failure probabilities for OEP-XHE-XL-NR01HSC (Operator Fails to Recover Offsite Power in 1 Hour), OEP-XHE-XL-NR04HSC (Operator Fails to Recover Offsite Power in 4 Hours), OEP-XHE-XL-NR10HSC (Operator Fails to Recover Offsite Power in 10 Hours), and OEP-XHE-XL-NR12HSC (Operator Fails to Recover Offsite Power in 12 Hours) were set to 1x10-3. ANALYSIS RESULTS Conditional Core Damage Probabilities. The point estimate conditional core damage probability (CCDP) for this event is 2.0x10

-5. The Accident Sequence Precursor Program acceptance threshold is a CCDP of 1x10

-6 or the CCDP equivalent of an uncomplicated reactor trip with a non-recoverable loss of secondary plant systems (e.g., feed water and condensate), whichever is greater. This CCDP equivalent for Browns Ferry Unit 3 is 5x10

-6. Dominant Sequence. The dominant accident sequence is LOOP/SBO Sequence 28-18 (CCDP = 1.4x10

-5) which contributes approximately 75% of the total internal events CCDP for Unit 1. The cutsets/sequences that contribute to the top 95% and/or at least 1% of the total internal events CCDP are provided in Appendix A.

The dominant sequence is shown graphically in Figures B-3 and B-4 in Appendix B. The events and important component failures in LOOP Sequence 28-18 are:

  • Recirculation pump seals integrity succeeds,
  • Operators fail to recover offsite power in 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />, and
  • Operators fail to recover an EDG in 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />.

REFERENCES

1. Browns Ferry Nuclear Plant, Unit 3, "LER 296/12-003 Automatic Reactor Scram Due to De-Energization of Reactor Protection System from Actuation of 3A Unit Station Service Transformer Differential Relay," dated November, 26 2012. (ML12333A007)
2. U.S. Nuclear Regulatory Commission, "Browns Ferry Nuclear Plant - NRC Integrated Inspection Report 05000259/2012004, 05000260/2012004, and 05000296/2012004 and Notice of Enforcement Discretion," dated November 13, 2012. (ML12319A182)
3. Idaho National Laboratory, NUREG/CR-6883, "The SPAR-H Human Reliability Analysis Method," August 2005 (ML051950061).
4. Idaho National Laboratory, "INL/EXT-10-18533, SPAR-H Step-by-Step Guidance," May 2011 (ML112060305).

LER 296/12-003-01 A-1 Appendix A: Analysis Results Summary of Conditional Event Changes Event Description Cond. Value Nominal Value HCI-XHE-RECOVERY OPERATORS FAIL TO RECOVERY HPCI PUMP FROM MAINTENANCE 4.00E-2 N/A HCI-TDP-TM-TRAIN HPCI TRAIN IS UNAVAILABLE DUE TO TEST AND MAINTENANCE TRUE 1.13E-2 IE-LOOPSC a LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 1.00E+0 1.04E-2 OEP-XHE-XL-NR01HSC OPERATOR FAILS TO RECOVER OFFSITE POWER IN 1 HOUR (SWITCHYARD) 1.00E-3 4.01E-1 OEP-XHE-XL-NR04HSC OPERATOR FAILS TO RECOVER OFFSITE POWER IN 4 HOURS (SWITCHYARD) 1.00E-3 1.02E-1 OEP-XHE-XL-NR10HSC OPERATOR FAILS TO RECOVER OFFSITE POWER IN 10 HOURS (SWITCHYARD) 1.00E-3 2.61E-2 OEP-XHE-XL-NR12HSC OPERATOR FAILS TO RECOVER OFFSITE POWER IN 12 HOURS (SWITCHYARD) 1.00E-3 1.90E-2 OEP-XHE-XL-NR30MSC OPERATOR FAILS TO RECOVER OFFSITE POWER IN 30 MINUTES (SWITCHYARD) 4.00E-2 6.02E-1 RCI-TDP-TM-TRAIN RCIC PUMP TRAIN IS UNAVAILABLE BECAUSE OF MAINTENANCE FALSE 1.09E-2 ZT-DGN-FR-L DIESEL GENERATOR FAILS TO RUN 8.17E-4 1.09E-3 ZT-TDP-FR-L TURBINE DRIVEN PUMP FAILS TO RUN 1.17E-3 3.52E-2 a. All other initiating event probabilities were set to zero.

Dominant Sequences (Contribute 1% of the Total CCDP) Name CCDP PercentageSequence Path LOOPSC: 28-18 1.44E-05 74.6% /RPS, EPS, /SRV, /RPSL, /RCI01, OPR-04H, DGR-04H LOOPSC: 28-34-3 1.44E-06 7.5% /RPS, EPS, /SRV, RPSL, /RCI01, OPR-04H, DGR-04H LOOPSC: 25 1.42E-06 7.4% /RPS, /EPS, /SRV, HPI, DEP LOOPSC: 04 5.36E-07 2.8% /RPS, /EPS, /SRV , /HPI, SPC, /DEP, /LPI, RHR, /CVS, LI01 LOOPSC: 06 5.31E-07 2.8% /RPS, /EPS, /SRV , /HPI, SPC, /DEP, /LPI, RHR, CVS, LI LOOPSC: 24 3.29E-07 1.7% /RPS, /EPS, /SRV, HPI, /DEP, LPI, VA LOOPSC: 13 2.70E-07 1.4% /RPS, /EPS, /SRV, /HPI, SPC, DEP LOOPSC 28-30 2.22E-07 1.2% /RPS, EPS, /S RV, /RPSL, RCI01, /HCI01, OPR-04H, DGR-04H Total 1.93E-05 Referenced Fault Trees Fault Tree Description CVS CONTAINMENT VENTING DEP MANUAL REACTOR DEPRESS DGR-04H DIESEL GENERATOR RECOVERY IN 4 HRS EPS TRANSFER BRANCH SBO EXT ACTIONS TO EXTEND ECCS OPERATION HPI HIGH-PRESSURE INJECTION (RCIC or HPCI)

LER 296/12-003-01 A-2 Fault Tree Description LI LATE INJECTION LI01 BROWNS FERRY 3 LATE INJECTION FAULT TREE LPI LOW PRESSURE INJECTION (CS or LPCI) OPR-04H OFFSITE POWER RECOVERY IN 4 HRS RCI01 REACTOR COOLANT INJECION RHR LOSS OF RESIDUAL HEAT REMOVAL SYSTEMS RPSL RECIRC PUMP SEAL INTEGRITY SPC SUPPRESSION POOL COOLING VA ALTERNATE LOW PRESS INJECTION Important Cutsets (from Dominant Sequences) # CCDP Total % Cutset Description 1 9.79E-6 53.4 LOOPSC: 28-18

/RPS, EPS, /SRV, /RPSL, /RCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 9.79E-6 ACP-CRB-CF-OPSD3 COMMON CAUSE FAILURE OF OFFSITE POWER FEED TO SHUTDOWN BOARDS 2 4.57E-6 24.9 LOOPSC: 28-18

/RPS, EPS, /SRV, /RPSL, /RCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 4.57E-6 RSW-STR-CF-ALL RHRSW STRAINERS FAIL FROM COMMON CAUSE 3 9.79E-7 5.34 LOOPSC: 28-34-3

/RPS, EPS, /SRV, RPSL, /RCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 9.79E-6 ACP-CRB-CF-OPSD3 COMMON CAUSE FAILURE OF OFFSITE POWER FEED TO SHUTDOWN BOARDS 1.00E-1 RRS-MDP-LK-SEALS RECIRCULATION PUMP SEALS FAIL 4 5.00E-7 2.73 LOOPSC: 04

/RPS, /EPS, /SRV, /HPI, SPC, /DEP, /LPI, RHR, /CVS, LI01 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 1.00E-3 OPR-XHE-XM-LI01 OPERATOR FAILS TO START/CONTROL LATE INJECTION 5.00E-4 RHR-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL RHR 5 5.00E-7 2.73 LOOPSC: 06

/RPS, /EPS, /SRV, /HPI, SPC, /DEP, /LPI, RHR, CVS, LI 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 1.00E-3 CVS-XHE-XM-VENT OPERATOR FAILS TO VENT CONTAINMENT 5.00E-4 RHR-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL RHR 6 4.57E-7 2.49 LOOPSC: 28-34-3

/RPS, EPS, /SRV, RPSL, /RCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 1.00E-1 RRS-MDP-LK-SEALS RECIRCULATION PUMP SEALS FAIL 4.57E-6 RSW-STR-CF-ALL RHRSW STRAINERS FAIL FROM COMMON CAUSE LER 296/12-003-01 A-3 # CCDP Total % Cutset Description 7 3.80E-7 2.07 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 4.00E-2 HCI-XHE-RECOVERY OPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCE 1.90E-2 RCI-XHE-XE-MISCAL RCIC FAILS FROM MISCALIBRATION OF RUPTURE DISC 8 2.50E-7 1.36 LOOPSC: 13

/RPS, /EPS, /SRV, /HPI, SPC, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 5.00E-4 RHR-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL RHR 9 1.71E-7 0.93 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 1.50E-1 HCI-MOV-CC-IVFRO HPCI INJECTION VALVE FAILS TO REOPEN 1.50E-1 HCI-MULTIPLE-INJECT MULTIPLE HPCI INJECTIONS REQUIRED 8.00E-1 HCI-XHE-XL-INJECT OPERATOR FAILS TO RECOVER HPCI INJECT MOV FAILURE TO REOPEN 1.90E-2 RCI-XHE-XE-MISCAL RCIC FAILS FROM MISCALIBRATION OF RUPTURE DISC 10 1.30E-7 0.71 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 4.00E-2 HCI-XHE-RECOVERY OPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCE 6.49E-3 RCI-TDP-FS-TRAIN RCIC PUMP FAILS TO START 11 1.12E-7 0.61 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 4.00E-2 HCI-XHE-RECOVERY OPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCE 5.59E-3 RCI-TDP-FR-TRAIN RCIC PUMP FAILS TO RUN GIVEN THAT IT STARTED 12 6.36E-8 0.35 LOOPSC: 28-30

/RPS, EPS, /SRV, /RPSL, RCI01, /HCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 9.79E-6 ACP-CRB-CF-OPSD3 COMMON CAUSE FAILURE OF OFFSITE POWER FEED TO SHUTDOWN BOARDS 6.49E-3 RCI-TDP-FS-TRAIN RCIC PUMP FAILS TO START 13 6.17E-8 0.34 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 6.49E-3 HCI-TDP-FS-TRAIN HPCI PUMP FAILS TO START 1.90E-2 RCI-XHE-XE-MISCAL RCIC FAILS FROM MISCALIBRATION OF RUPTURE DISC LER 296/12-003-01 A-4 # CCDP Total % Cutset Description 14 6.00E-8 0.33 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 4.00E-2 HCI-XHE-RECOVERY OPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCE 1.50E-1 RCI-RESTART RESTART OF RCIC IS REQUIRED 8.00E-2 RCI-TDP-FS-RSTRT RCIC FAILS TO RESTART GIVEN START AND SHORT-TERM RUN 2.50E-1 RCI-XHE-XL-RSTRT OPERATOR FAILS TO RECOVER RCIC FAILURE TO RESTART 15 5.84E-8 0.32 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 1.50E-1 HCI-MOV-CC-IVFRO HPCI INJECTION VALVE FAILS TO REOPEN 1.50E-1 HCI-MULTIPLE-INJECT MULTIPLE HPCI INJECTIONS REQUIRED 8.00E-1 HCI-XHE-XL-INJECT OPERATOR FAILS TO RECOVER HPCI INJECT MOV FAILURE TO REOPEN 6.49E-3 RCI-TDP-FS-TRAIN RCIC PUMP FAILS TO START 16 5.47E-8 0.3 LOOPSC: 28-30

/RPS, EPS, /SRV, /RPSL, RCI01, /HCI01, OPR-04H, DGR-04H 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 9.79E-6 ACP-CRB-CF-OPSD3 COMMON CAUSE FAILURE OF OFFSITE POWER FEED TO SHUTDOWN BOARDS 5.59E-3 RCI-TDP-FR-TRAIN RCIC PUMP FAILS TO RUN GIVEN THAT IT STARTED 17 5.31E-8 0.29 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 5.59E-3 HCI-TDP-FR-TRAIN HPCI PUMP TRAIN FAILS TO RUN GIVEN IT STARTED 1.90E-2 RCI-XHE-XE-MISCAL RCIC FAILS FROM MISCALIBRATION OF RUPTURE DISC 18 5.03E-8 0.27 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 1.50E-1 HCI-MOV-CC-IVFRO HPCI INJECTION VALVE FAILS TO REOPEN 1.50E-1 HCI-MULTIPLE-INJECT MULTIPLE HPCI INJECTIONS REQUIRED 8.00E-1 HCI-XHE-XL-INJECT OPERATOR FAILS TO RECOVER HPCI INJECT MOV FAILURE TO REOPEN 5.59E-3 RCI-TDP-FR-TRAIN RCIC PUMP FAILS TO RUN GIVEN THAT IT STARTED LER 296/12-003-01 A-5 # CCDP Total % Cutset Description 19 3.98E-8 0.22 LOOPSC: 25

/RPS, /EPS, /SRV, HPI, DEP 1.00E+0 IE-LOOPSC LOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED) 5.00E-4 ADS-XHE-XM-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 4.00E-2 HCI-XHE-RECOVERY OPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCE 7.97E-3 RCI-MOV-FC-XFER RCIC FAILS TO TRANSFER DURING RECIRCULATION 2.50E-1 RCI-XHE-XL-XFER OPERATOR FAILS TO RECOVER SUCTION TRANSFER FAILURE LER 296/12-003-01 B-1 Appendix B: Modified Fault Trees and Key Event Trees Figure B-1. Modified HPCI fault tree (HCI). Figure B-2. Modified HPCI fault tree (HCI01). HCIHPCIHCI-1HPCI WATER SUPPLIES ARE UNAVAILABLEExtHPCI-CTLHPCI FLOW CONTROLExtDCP-RMOV3ABROWNS FERRY 3 MOV BOARD 3A FAULT TREEHCI-2HPCI PUMP TRAIN IS UNAVAILABLEHCI-7FAILURE OF THE HPCI INJECTION VALVE TO REOPENHCI-8HPCI Train Is Unavailable Because of Maintenance1.13E-02HCI-TDP-TM-TRAINHPCI TRAIN IS UNAVAILABLE BECAUSE OF MAINTENANCE1.00E+00HCI-XHE-RECOVERYOPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCEHCI-5HPCI FAILS TO RUNHCI-4HPCI FAILS TO START6.14E-07MFW-CKV-CF-FEEDFEEDWATER CHECK VALVES FAIL FROM COMMON CAUSE1.07E-05MFW-CKV-CC-TRNAFEEDWATER CHECK VALVE 3-558 FAILS TO OPEN1.00E-03HCI-XHE-XO-ERROROPERATOR FAILS TO START/CONTROL HCI INJECTION1.70E-03HCI-XHE-XE-MISCALMISCALIBRATION OF HPCI EXHAUST PRESSURE INSTRUMENTATIONHCI01BROWNS FERRY 3 HPCI SYSTEM FAULT TREEExtHPCI-CTLHPCI FLOW CONTROLExtDCP-RMOV3ABROWNS FERRY 3 MOV BOARD 3A FAULT TREEHCI01-2HPCI PUMP TRAIN IS UNAVAILABLEHCI01-7HPCI TRAIN IS UNAVAILABLE DUE TO MAINTENANCE1.13E-02HCI-TDP-TM-TRAINHPCI TRAIN IS UNAVAILABLE BECAUSE OF MAINTENANCE1.00E+00HCI-XHE-RECOVERYOPERATORS FAIL TO RECVOVER HPCI PUMP FROM MAINTENANCEHCI01-4HPCI FAILS TO STARTHCI01-6HPCI FAILS TO STARTTrueHCI-XHE-XL-STARTOPERATOR FAILS TO RECOVER HPCI FAILURE TO STARTHCI01-5HPCI FAILS TO RUNHCI01-1HPCI WATER SUPPLIES ARE UNAVAILABLE6.14E-07MFW-CKV-CF-FEEDFEEDWATER CHECK VALVES FAIL FROM COMMON CAUSE1.07E-05MFW-CKV-CC-TRNAFEEDWATER CHECK VALVE 3-558 FAILS TO OPEN1.00E-03HCI-XHE-XO-ERROROPERATOR FAILS TO START/CONTROL HCI INJECTION LER 296/12-003-01 B-2 Figure B-3. Browns Ferry Nuclear Plant, Unit 3 LOOP event tree. IE-LOOPSCLOSS OF OFFSITE POWER INITIATOR (SWITCHYARD-CENTERED)RPSREACTOR SHUTDOWNFTF-SBOEPSTRANSFER BRANCH SBOSRVSRV'S CLOSEHPIHIGH PRESSURE INJECTION (RCIC or HPCI)SPCSUPPRESSION POOL COOLING DEPMANUAL REACTOR DEPRESSLPILOW PRESSURE INJECTION (CS or LPCI)

VAALTERNATE LOW PRESS INJECTIONRHRLOSS OF RESIDUAL HEAT REMOVAL SYSTEMSCVSCONTAINMENT VENTING LILATE INJECTION

  1. End State(Phase - CD) 1 OK 2 OK 3 OKLI01 4 CD 5 OK 6 CD 7 OKRH1 8 OKLI02 9 CD 10 OK 11 CD 12 CD 13 CD 14 OK 15 OKLI01 16 CD 17 OK 18 CD 19 OKRH1 20 OKLI02 21 CD 22 OK 23 CD 24 CD 25 CDP1 26LOOP-1P2 27LOOP-2 28SBO 29ATWS 30 CD LER 296/12-003-01 B-3 Figure B-4. Browns Ferry Nuclear Plant, Unit 3 SBO event tree. FTF-SBOEPSTRANSFER BRANCH SBOSRVSRV'S CLOSERPSLRECIRC PUMP SEAL INTEGRITY RCIRCICHCIHPCIEXTACTIONS TO EXTEND ECCS OPERATIONFTF-SBODEP01MANUAL REACTOR DEPRESSFWSFIREWATER INJECTIONOPROFFSITE POWER RECOVERYDGRDIESEL GENERATOR RECOVERYCVSCONTAINMENT VENTING LILATE INJECTION
  1. End State(Phase - CD) 1@SBO-OPOPR-12H 2 OKDGR-12H 3 OKLI-EXT 4 CDCVS01 5 OK 6 CD 7@SBO-OPOPR-12H 8 OKDGR-12H 9 OKLI02 10 CDCVS01 11 OK 12 CD 13@SBO-OPOPR-04H 14 OKDGR-04H 15 CD 16@SBO-OPOPR-04H 17 OKDGR-04H 18 CDRCI01 19@SBO-OPOPR-12H 20 OKDGR-12H 21 OKLI02 22 CDCVS01 23 OK 24 CD 25@SBO-OPOPR-04H 26 OKDGR-04H 27 CD 28@SBO-OPOPR-04H 29 OKDGR-04H 30 CDHCI01 31@SBO-OPOPR-30M 32 OKDGR-30M 33 CD 34SBO-1P1 35SBO-1P2 36SBO-2
Retrieved from "https://kanterella.com/w/index.php?title=ML13115A955&oldid=928405"