ML081960523

From kanterella
Revision as of 09:22, 29 August 2018 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
NFPA 805 Transition Pilot Plant FAQ 07-0040, Revision 3
ML081960523
Person / Time
Site: Oconee  Duke Energy icon.png
Issue date: 07/14/2008
From: Goforth D
Duke Energy Nuclear
To:
Office of Nuclear Reactor Regulation
References
FAQ 07-0040, Rev 3
Download: ML081960523 (22)
v  d  e


Text

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 1 of 22 Plant: Oconee Nuclear Station Date:May 21, 2008 Contact: David Goforth Phone:(704) 382-2659 Email:djgofort@duke-energy.com Distribution: (NEI Internal Use) 805 TF FPWG RATF RIRWG BWROG PWROG Purpose of FAQ:

The purpose of the FAQ is to clarify the following:

1. The process for selecting equipment and cabling to evaluate for Non-Power Operational (NPO) modes 2. Evaluation of Higher Risk Evolutions to be evaluated during NPO modes 3. The process for analyzing key safety functions in different plant operational states 4. The actions taken beyond the normal fire protection program defense-in-depth actions when a specific key safety function (KSF) is lost.

1 Is this Interpretation of guidance? Yes / No

Proposed new guidance not in NEI 04-02? Yes / No Details: NEI 04-02 guidance needing interpretation (include section, paragraph, and line numbers as applicable):

NEI 04-02 Section 4.3.3 and Appendix F.

Circumstances requiring guidance interpretation or new guidance:

1 According to Section 1.3.1, "Nuclear Safety Goal," of NFPA 805, "[t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition." As stated, this does not mandate a fire risk evaluation comparable to what would be expected during full power. Therefore, it is recognized that, for non-power operations, a "risk-informed" approach ha s been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of KSFs. This approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF (e.g., a reduction in the availability of credited paths ["redundancy decrease"] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 2 of 22 NEI 04-02, Revision 1, Section 4.3.3 states:

"The nuclear safety goal of NFPA 805 requires evaluation of the effects of a fire

'during any operational mode and plant configuration.'"

NEI 04-02, Section 4.3.3 further goes on to outline a strategy "To demonstrate that the nuclear safety performance criteria are met for High Risk Evolutions (HREs as defined by NUMARC 91-06) during non-power operational modes-

" The strategy as described was endorsed in Regulatory Guide 1.205. However, the use of the term Higher Risk Evolutions (HRE), as defined in NUMARC 91-06, may not be completely appropriate in this context or provide enough explanation as to what HRE need to be considered during this NPO modes transition review, NUMARC 91-06 defines a HRE as:

"Outage activities, plant configurations or conditions during shutdown where the plant is more susceptible to an event causing the loss of a key safety function."

NUMARC 91-06 provides a suggested method for the management of Key Safety Functions during outages. The method is based on providing greater defense-in-depth during higher risk evolutions. The method does not focus on the event that may cause the degradation of a KSF, rather it is focused on the availability of systems (pre event). The following sections of NUMARC 91-06 illustrate that focus:

"3.0 OUTAGE PLANNING AND CONTROL

-Outage safety can be improved by fo cusing on the AVAILABILITY of systems that provide and support KEY SAFETY FUNCTIONS as well as on measures that can reduce both the likelihood and consequences of adverse events."

"3.2 Level of Activities

Guidelines

-

3. Activities that may impact KEY SAFETY FUNCTIONS should be limited and strictly controlled during HIGHER RISK EVOLUTIONS or infrequently performed evolutions.
4. Outage planning and execution should consider the potential introduction of hazards (e.g., fire, flooding, et c.) posed by the level and/or scope of activities in a given area of the plant and establish compensatory measures as appropriate."

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 3 of 22 "3.3 Providing Defense in Depth

A fundamental element of outage planning and control is to ensure that the systems and components that perform KEY SAFETY FUNCTIONS during shutdown are AVAILABLE when needed. The objectives are to provide backup for KEY SAFETY FUNCTIONS, particularly during HIGHER RISK EVOLUTIONS, to optimize safety system AVAILABILITY, to provide administrative controls that support the FUNCTIONALITY of key equipment, and to provide procedures designed to mitigate the loss of KEY SAFETY FUNCTIONS.

Guidelines 4 Systems, structures and components identified to provide DEFENSE IN DEPTH during periods of the outage s hould be controlled such that they remain AVAILABLE during these periods."

"3.4 Contingency Planning

The AVAILABILITY of equipment and personnel to respond to degraded conditions during an outage is an important element of shutdown safety. CONTINGENCY PLANS can be used to reestablish DEFENSE IN DEPTH if planned systems or equipment become unavailable or to protect AVAILABLE equipment. In general, as the level of planned DEFENSE IN DEPTH decreases, the use of CONTINGENCY PLANS should increase. CONTINGENCY PLANS may take the form of mandatory prerequisite activities, procedures, pre-outage schedules or changes to the schedule during the outage, or other approved direction.

Consistent with the guidance provided in NUMARC 91-06, the following process will assess the effects of a fire on the ability to maintain KSFs during the outage. The process is risk-informed to the extent that the strategies will be based on the available equipment and whether the plant is in a higher risk evolution.

Therefore, the strategy defined in NEI 04-02 will be fire risk-informed since contingency plans will be put in place when the plant is in a HRE. During low risk periods normal risk management controls and fire protection processes and procedures will be utilized.

Detail contentious points if licensee and NRC have not reached consensus on the facts and circumstances:

None Potentially relevant existing FAQ numbers:

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 4 of 22 None Response Section:

Proposed resolution of FAQ and the basis for the proposal:

1. Equipment and Cable Selection Process The following discussion provides the basis for identifying which plant configurations during NPO may prove to be more risk significant
2. These configurations will be reviewed during this transition review for the purposes of selecting the systems and equipment that will be needed to support these configurations and maintain the key safety functions required while the plant is in that configuration.

Many studies have been performed to characterize the risk associated with non-power states. Using Core Damage Frequency (CDF) as a risk metric, it is accepted that most outage configurations or POSs are of relatively low risk and that only a few configurations or POSs represent a risk near or greater than at-power operations.

NUREG/CR-6143 and NUREG/CR-6144 NUREG/CR-6143 and 6144 document Low Power and Shutdown (LPSD) risk studies performed in the early 1990's. NUREG/CR-6143 evaluated BWR risk using Grand Gulf Unit 1 as the study plant, while NUREG/CR-6144 evaluated PWR risk

using Surry Unit 1.

In Phase 1 of the studies, a coarse screening analysis was performed to examine accidents initiated by internal events (including fire and flooding) for all POSs. The objective of the Phase 1 study was to identify potentially

"-vulnerable plant configurations, to characterize the potential core damage scenarios and to provide a foundation for a detailed phase 2 analysis."

Based on the results of the Phase 1 study, the Phase 2 analysis focused on POS 5 for BWRs, which covers approximately Cold Shutdown as defined by the Grand Gulf Tech Specs. For PWRs, mid-loop operation was selected as the plant configuration to be analyzed. Thus, it can be seen that these two plant configurations are clearly important with respect to risk during LPSD conditions.

NRC Public LPSD Workshop - 1999 The NRC sponsored a public LPSD workshop in 1999 to gather information regarding LPSD risk. A summary of the results of the workshop and presentations provided by the industry and NRC are c ontained in Sandia Report SAND99-1815. Some excerpts are provided below:

2 Only NUREG/CR-6143 and 6144 considered fire risk (at a coarse screening level)

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 5 of 22 Westinghouse Experience and Insights from Shutdown Risk Projects LPSD risk was dominated by events related to low reactor coolant system (RCS) inventory conditions and a few periods of high vulnerability.

Scientech Presentation on Shutdown Risk Monitoring LPSD CDF is less than, but comparable to full-power CDF. In some cases, instantaneous risk may be higher in LPSD than at-power, but only for very short durations. Most of the risk is associated with low inventory conditions early in the outage. Shutdown Risk Assessment at Seabrook Station

The mean CDF is numerically comparable to full-power CDF, although of higher uncertainty. However, estimates for health effects (i.e., Level 3) were negligible. It was recommended that high thermal margin configurations be considered for screening.

CDF from internal events is 88% of total LPSD CDF Loss of RHR with RCS at low level 71% Loss of RHR with RCS filled 11% LOCA (RCS Drain down event) 18%

Risk Perspective from EPRI

For both BWR and PWR analyses, the LPSD risk is dominated by peak risk periods characterized by relatively high instantaneous risk over short periods of time early during the outage. The risk contribution of these peaks to the entire outage risk was greater than 80%, for both BWRs and PWRs. The dominant contributor to risk is human error (50%).

Example BWR Results Outage Average CDF 4.9E-6/yr Peak CDF 6.1E-5/yr Minimum CDF 4.4E-7/yr Ratio of Peak to Min ~140 Outage Core Damage Probability (cumulative risk) 6.5E-7 Peak Risk Core Damage Probability (CDP) 5.5E-7 Example PWR Results FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 6 of 22 Outage Average CDF 1.8E-4/yr Peak CDF 1.0E-3/yr Minimum CDF 7.0E-7/yr Ratio of Peak to Min ~1400 Outage Core Damage Probability (cumulative risk) 2.2E-5 Peak Risk Core Damage Probability (CDP) 1.9E-5

NRC Shutdown SDP Process Inspection Manual IM0609, Appendix G, describes the NRC Shutdown SDP process. It acknowledges step increases in risk for PWRs when (1) the RCS boundary is breached and the steam generators cannot be used for DHR, and (2) during midloop conditions. For BWRs, it is recognized that a step increase occurs during cold shutdown.

The following simplified POSs are defined in IM0609, Appendix G; they will be used to describe the recommended actions with respect to NFPA 805.

PWR [IM0609, Appendix G Attachment 2]

POS 1 - This POS starts when the RHR system is put into service. The RCS is closed such that a steam generator could be used for decay heat removal, if the secondary side of a steam generator is filled. The RCS may have a bubble in the pressurizer. This POS ends when the RCS is vented such that the steam generators cannot sustain core heat removal. This POS typically includes Mode 4 (hot shutdown) and portions of Mode 5 (cold shutdown).

POS 2 - This POS starts when the RCS is vented such that: (1) the steam generators cannot sustain core heat removal and (2) a sufficient vent path exists for feed and bleed. This POS includes portions of Mode 5 (cold shutdown) and Mode 6 (refueling). Reduced inventory operations and midloop operations with a vented RCS are subsets of this POS.

POS 3 - This POS represents the shutdown condition when the refueling cavity water level is at or above the minimum level required for movement of irradiated fuel assemblies within containment as defined by Technical Specifications. This POS occurs during Mode 6.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 7 of 22 BWR [IM0609, Appendix G Attachment 3]

POS 1 - This POS starts when the RHR system is put into service. The vessel head is on and the RCS is closed such that an extended loss of the DHR function without operator intervention could result in a RCS re-pressurization above the shutoff head for the RHR pumps.

POS 2 - This POS represents the shutdown condition when (1) the vessel head is removed and reactor pressure vessel water level is less than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as defined by Technical Specifications OR (2) a sufficient RCS vent path exists for decay heat removal.

POS 3 - This POS represents the shutdown condition when the reactor pressure vessel water level is equal or greater than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as define by Technical Specifications. This POS occurs during Mode 5.

Plant Operating States to be Considered Based on the studies cited above and the understanding that LPSD risk is concentrated in only certain POSs, the strategy will be to focus on those POSs

where additional risk management contingencies may need to be applied.

Tables 1 and 2 (Tables F-2 and F-3 of the proposed NEI 04-02 markup) define the POSs that a plant will go through during NPO modes, and provides a disposition of the POSs with respect to selecting systems and equipment that will be needed to support these configurations. For other non-power conditions (e.g., PWR Mode 3, BWR Startup Mode 2), it is recommended that the at-power process be used, since it should generally be bounding.

Table 1 - PWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat Removal Available No additional reviews required under NEI 04-02, Section 4.3.3 based upon previous risk reviews. Provide appropriate fire protection/fire prevention In this POS, if SGs are available in addition to RHR, significant redundancy and diversity exists for heat removal. Just having inventory in the SGs can provide substantial passive heat removal, providing additional time to recover other heat removal methods. Inventory control is not generally challenged during this POS.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 8 of 22 Table 1 - PWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat Removal Unavailable [Consider limiting to configurations where time to boil is less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> and/or RCS level is being changed] Perform actions per NEI 04-02, Section 4.3.3 Without SG Heat Removal capability, heat removal is limited to RHR and potentially bleed and feed. RCS pressurization on loss of heat removal could render RHR unavailable due to high pressure. Activities in this POS often involve changing RCS level. During RCS level changes, the likelihood of loss of inventory control is higher, challenging the inventory control safety function.

POS 2 Perform actions per NEI 04-02, Section 4.3.3. This is the generally the highest risk configuration/POS for a PWR. Due to low inventory, times to boil and damage are low, typically on the order of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> or less.

POS 3 Evaluate potential RCS drain paths that could be affected by fire During this POS, substantial inventory exists to cope with an extended loss of active heat removal. Times to boil are often on the order of 16 or more hours. However, fire induced RCS draindown events can reduce margins substantially.

Table 2 - BWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 Perform actions per NEI 04-02, Section 4.3.3. Inventory control is not generally challenged during this POS. However, loss of RHR could lead to a re-pressurized condition and there could be situations where the unavailability of high pressure injections systems from service could limit the mitigation capabilities.

POS 2 Perform actions per NEI 04-02, Section 4.3.3. This is generally a period of relatively high risk in a BWR especially early in the outage when the decay heat is still relatively high.

POS 3 Evaluate potential RV drain paths that could be affected by fire During this POS, substantial inventory exists to cope with an extended loss of active heat removal. Times to core boil damage are often on the order of 16 or more hours. However, induced RV draindown events can reduce margins substantially.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 9 of 22

2. Higher Risk Evolutions As previously noted, NUMARC 91-06 provides a definition for higher risk evolutions, but this definition lacks sufficient enough explanation as to what evolutions should be considered during the performance of a NPO review. While this definition provides a basic framework for identifying higher risk evolutions, plants may have expanded on this definition and included it in their outage management procedures. While each plant may be unique in its specific definition of what a higher risk evolution is, the following attributes should be considered in their definition of a higher risk evolution:

Time to core boil Reactor coolant system and fuel pool inventory Decay heat removal capability If appropriate, provide proposed rewording of guidance for inclusion in the next Revision:

See revisions to NEI 04-02 Section 4.3.3 and Appendix F below.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 10 of 22 4.3.3 Non-Power Operational Modes Transition Review The nuclear safety goal of NFPA 805 requires the evaluation of the effects of a fire "during any operational mode and plant configuration". The concept of protection of equipment from the effects of fire during plant shutdown conditions is discussed in NUREG-1449, Shutdown and Low-Power Operation at Commercial Nuclear Power Plants in the United States. In general, the underlying concerns are the differences between the functional requirements (i.e. different (or additional) set of systems and components) and time dependencies on decay heat removal system operation during non-power operations and full power operations. The current industry approach for evaluating risk during shutdown conditions involves the normal fire protection program defense-in-depth actions as well as qualitative and/or quantitative assessments and is based on NUMARC 93-01, Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants and NUMARC 91-06, Guidelines for Industry Actions to Assess Shutdown Management.

Appendix F provides additional discussion on the Non-Power Operational (NPO) Mode Transition Review, details of the Plant Operational States to be evaluated, and provides examples of this process and the documentation requirements anticipated.

==================================================================== F. Considerations for Non-Power Operational Modes The strategy for controls/protection of equipment during Non-Power Operational (NPO) modes, for plants adopting NFPA 805, will be a combination of the normal fire protection program defense-in-depth actions and additional risk-informed steps based on the availability of systems and equipment needed to support Key Safety Functions (KSFs) and whether or not the plant is in a Higher Risk Evolution (HRE). The goal (as depicted in Figure F-2) is to ensure that contingency plans are established when the plant is in a HRE, and there is the possibility of losing a KSF due to fire. Additional controls/measures will be evaluated during a NPO mode where the risk is intrinsically high 3; during low risk periods normal risk management controls and fire prevention / protection processes and procedures will be utilized.

4 These additional control/measures are discussed in Section F.4.

The process to demonstrate that the nuclear safety performance criteria are met during non-power modes of operations involves the following steps:

3 According to Section 1.3.1, "Nuclear Safety Goal," of NFPA 805, "[t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition." As stated, this does not mandate a fire risk evaluation comparable to wh at would be expected during full power. Therefore, it is recognized that, for non-power operations, a "risk-informed" approach ha s been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of a KSF. As such, these are expected to account for most, if not all, POSs that can be considered "higher risk evolutions" when considering fire effects. This approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF (e.g., a reduction in the availability of credited paths ["redundancy decrease"] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

4 If an HRE is in progress additional controls/measures should be evaluated.

Deleted: "intrinsically high"Deleted: "

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 11 of 22

1. Review existing Outage Management Processes
2. Identify Components/Cables
a. Review plant systems to determine success paths that support each of the defense-in-depth KSFs, and then
b. Identify cables required for the selected components and then determine their routing
3. Perform Fire Area Assessments (identify pinch points)
4. Manage risk associated with fire-induced vulnerabilities during the outage These steps are described in sections F.1 through F.4 below and the process is depicted on Figures F-1 and F-2. Implementation of the process should be documented in Table F-1. F.1 Review existing Outage Management Processes To begin the process of assessing the fire protection plan for non-power modes of operation, discussions should be held between the Probabilistic Risk Assessment (PRA) Staff, the Fire Protection, and the Outage Management staff to determine the best way to integrate NFPA 805 fire protection aspects into existing Outage Management Processes.

Included in this review should be a definition of what will be considered an HRE, if not already defined in plant outage management procedures. The HRE definition should consider the following:

Time to boil Reactor coolant system and fuel pool inventory Decay heat removal capability In accordance with NUMARC 91-06 Activities that may impact KSFs should be limited and strictly controlled during HREs or infrequently performed evolutions.

5 F.2 Identify Components and Cables The identification of systems and components to be included in this NPO Review begins with the identification of the plant operational states (POSs) that need to be considered. The following discussion identifies the various operational states that a plant goes through during NPO, and which ones are the most risk significant. The definitions of the following simplified POSs are

5 According to Section 1.3.1, "Nuclear Safety Goal," of NFPA 805, "[t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition." As stated, this does not mandate a fire risk evaluation comparable to what would be expected during full power. Therefore, it is recognized that, for non-power operations, a "risk-informed" approach ha s been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of a KSF. As such, these are expected to account for most, if not all, POSs that can be considered "higher risk evolutions " when considering fire effects. This approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF (e.g., a reduction in the availability of credited paths ["redundancy decrease"] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

Deleted: intrinsically highDeleted: "

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 12 of 22 contained in NRC Inspection Manual IM0609, Appendix G, Attachment 2, Phase 2 Significance Determination Process Template for PWR During Shutdown, and are included here for use in reading Tables F-2 and F-3.

Pressurized Water Reactor (PWR) [IM0609, Appendix G Attachment 2]

POS 1 - This POS starts when the RHR system is put into service. The RCS is closed such that a steam generator could be used for decay heat removal, if the secondary side of a steam generator is filled. The RCS may have a bubble in the pressurizer. This POS ends when the RCS is vented such that the steam generators cannot sustain core heat removal. This POS typically includes Mode 4 (hot shutdown) and portions of Mode 5 (cold shutdown).

POS 2 - This POS starts when the RCS is vented such that: (1) the steam generators cannot sustain core heat removal and (2) a sufficient vent path exists for feed and bleed. This POS includes portions of Mode 5 (cold shutdown) and Mode 6 (refueling). Reduced inventory operations and midloop operations with a vented RCS are subsets of this POS.

POS 3 - This POS represents the shutdown condition when the refueling cavity water level is at or above the minimum level required for movement of irradiated fuel assemblies within containment as defined by Technical Specifications. This POS occurs during Mode 6.

Boiling Water Reactor (BWR) [IM0609, Appendix G Attachment 3]

POS 1 - This POS starts when the RHR system is put into service. The vessel head is on and the RCS is closed such that an extended loss of the DHR function without operator intervention could result in a RCS re-pressurization above the shutoff head for the RHR pumps. POS 2 - This POS represents the shutdown condition when (1) the vessel head is removed and reactor pressure vessel water level is less than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as defined by Technical Specifications OR (2) a sufficient RCS vent path exists for decay heat removal.

POS 3 - This POS represents the shutdown condition when the reactor pressure vessel water level is equal or greater than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as define by Technical Specifications. This POS occurs during Mode 5.

Disposition of the POSs (to determine which POSs require the identification of systems and components to support KSF) are provided in Tables F-2 and F-3. For other non-power conditions (e.g., PWR Mode 3, BWR Startup Mode 2), it is recommended that the normal fire protection program controls, processes and procedures be used.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 13 of 22 Table F PWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat Removal Available No additional reviews required under NEI 04-02, Section 4.3.3 based upon previous risk reviews. Provide appropriate fire protection /prevention In this POS, if SGs are available in addition to RHR, significant redundancy and diversity exists for heat removal. Just having inventory in the SGs can provide substantial passive heat removal, providing additional time to recover other heat removal methods. Inventory control is not generally challenged during this POS. POS 1 with SG Heat Removal Unavailable [Consider limiting to configurations where time to boil is less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> and/or RCS level is being changed] Perform actions per NEI 04-02, Section 4.3.3 Without SG Heat Removal capability, heat removal is limited to RHR and potentially bleed and feed. RCS pressurization on loss of heat removal could render RHR unavailable due to high pressure. Activities in this POS often involve changing RCS level. During RCS level changes, the likelihood of loss of inventory control is higher, challenging the inventory control safety function.

POS 2 Perform actions per NEI 04-02, Section 4.3.3. This is the generally the highest risk configuration/POS for a PWR. Due to low inventory, times to core boil are low, typically on the order of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> or less. POS 3 Evaluate potential RCS drain paths that could be affected by fire During this POS, substantial inventory exists to cope with an extended loss of active heat removal. Times to boil are often on the order of 16 or more hours. However, fire induced RCS draindown events can reduce margins substantially.

Table F BWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 1 Perform actions per NEI 04-02, Section 4.3.3. Inventory control is not generally challenged during this POS. However, loss of RHR could lead to a re-pressurized condition and there could be situations where the unavailability of high pressure injections systems from service could limit the mitigation capabilities. POS 2 Perform actions per NEI 04-02, Section 4.3.3. This is generally a period of relatively high risk in a BWR especially early in the outage when the decay heat is still relatively high. Deleted: normal fire protection and prevention practices apply)

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 14 of 22 Table F BWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 3 Evaluate potential RV drain paths that could be affected by fire During this POS, substantial inventory exists to cope with an extended loss of active heat removal. Times to boil are often on the order of 16 or more hours. However, induced RV draindown events can reduce margins substantially.

After identifying the POSs that require additional equipment evaluation for inclusion in the NPO review: Review existing plant outage processes (outage management and outage risk assessments) to determine KSFs that support the POSs of concern. Determine equipment relied upon to provide KSFs, including support functions, during the POSs to be evaluated. Each outage evolution identifies the diverse and/or redundant methods of achieving the KSF. For example, to achieve the Decay Heat Removal KSF a plant may credit Decay Heat Removal/Residual Heat Removal Train A, Decay Heat Removal/Residual Heat Removal Train B, Charging/High Pressure Injection Train A, Charging/High Pressure Injection Train B, and Gravity Feed and Chemical and Volume Control. Compare the equipment credited for achieving these KSFs against the equipment credited for nuclear safety. Note the position/function for the component. For example, the existing nuclear safety capability assessment (i.e., safe shutdown analysis for demonstrating compliance with 10 CFR 50, Appendix R/NUREG-0800) may credit the valve in the closed position however; the valve may be required open for shutdown modes of operation. For those components not already credited (or credited in a different way e.g., on versus off, open versus closed, etc.) analyze the circuits in accordance with the nuclear safety methodology. Identify cables that need to be included in the NPO review. For cables that are not already credited in the nuclear safety capability assessment, determine the routing for these cables. F.3 Perform Fire Area Assessments (Identify pinch points) Identify locations where:

1. Fires may cause damage to the equipment (and cabling) credited above, or
2. KSFs are achieved solely by crediting recovery actions, e.g., alignment of gravity feed. Fire modeling may be used to determine if postulated fires in a fire area are expected to damage equipment (and cabling) thereby eliminating a pinch point.

To implement this guidance perform the following Tasks:

Determine if a single fire in the area can cause a loss of success paths for a KSF.

Deleted: A FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 15 of 22 o Conservatively, assume the entire contents of a fire area are lost. Document the loss of success paths. Specifically identify those areas that cause the loss of all success paths for a KSF.

o If fire modeling is used to limit the damage in a fire area, document that fire modeling is credited and ensure the basis for acceptability of that model (location, type, and quantity of combustible, etc.) is documented. These critical design inputs should be maintained during outage modes. Fire modeling treatment should include a treatment of safety margin to account for uncertainties/accuracy of the fire model used.

F.4 Manage risk associated with fire-induced vulnerabilities during the outage The management of risk associated with fire-induced vulnerabilities during NPO varies based on whether or not the plant is in a Higher Risk Evolution as follows: During those NPO evolutions where risk is relatively low. The normal fire protection program defense-in-depth actions are credited for addressing the risk impact of those fires that potentially impact one or more trains of equipment that provide a KSF required during non-power operations, but would not be expected to cause the total loss of that KSF. The following actions are considered to be adequate to address minor losses of system capability or redundancy:

o Control of Ignition Sources Hot Work (cutting, welding and/or grinding) Temporary Electrical Installations Electric portable space heaters o Control of Combustibles Transient fire hazards Modifications Flammable and Combustible liquids and gases o Compensatory Actions for fire protection system impairments Openings in fire barriers Inoperable fire detectors or detection systems Inoperable fire suppression systems o Housekeeping Ensure that the normal fire protection defense-in-depth features are applicable during NPO modes.

During those NPO evolutions that are defined as HREs Additional fire protection defense in depth measures will be taken during HREs by:

o Managing risk in fire areas that contain known pinch points (all success paths for a KSF subject to damage by a fire).

o Managing risk in fire areas where pinch points may arise because of equipment taken out of service FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 16 of 22 NUMARC 91-06 discusses the development of outage plans and schedules. A key element of that process is to ensure the KSFs perform as needed during the various outage evolutions. During outage planning, the NPO Fire Area Assessment should be reviewed to identify areas of single-point KSF vulnerability during higher risk evolutions to develop any needed contingency plans/actions. For those areas consider combinations of the following options to reduce fire risk, depending upon the significance of the potential damage:

o Prohibition or limitation of hot work in fire areas during periods of increased vulnerability o Verification of operable detection and /or suppression in the vulnerable areas.

o Prohibition or limitation of combustible materials in fire areas during periods of increased vulnerability o Plant configuration changes (e.g., removing power from equipment once it is placed in its desired position) o Provision of additional fire patrols at periodic intervals or other appropriate compensatory measures (such as surveillance cameras) during increased vulnerability o Use of recovery actions to mitigate potential losses of key safety functions.

o Identification and monitoring in-situ ignition sources for "fire precursors" (e.g.,

equipment temperatures).

o Reschedule the work to a period with lower risk or higher DID In addition, for KSF Equipment removed from service during the HREs the impact should be evaluated based on KSF equipment status and the NPO Fire Area Assessment to develop needed contingency plans/actions. Deleted: Consideration of removing power from equipment once it is placed in its desired position to prevent spurious operation.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 17 of 22 Are the Cables AnalyzedAppropriate andComplete?YesIdentify Equipment, Cables and Appropriate Information and Enter into Analytical Database NoYesReview Existing Outage Management ProcessIdentifyLocationsWhere a Single FireMay Damage AllCredited Paths for a KSF NoFor the Plant Operational States Defined in SectionF-2, Identify the Key Safety Functions (KSFs) for ReviewIs the RequiredEquipment for each identified KSF Included inSSD Analysis?

F.1 F.2 F.3 Figure F-1 Review POSs, KSFs, Components, Cables, and Identify Pinch Points FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 18 of 22 No Yes KSFEquipmentAvailability Changed?KSFLost?DetermineFire Area Impact based onNPO Fire Area AssessmentsImplement Contingency Plan forSpecific KSFEquipmentOut of Service (OOS)NoFire Protection Defense-in-DepthActionsHigher Risk Evolution as Defined by Plant Specific Outage Risk Criteria for example1) Time to Boil2) Reactor Coolant System and Fuel Pool Inventory3) Decay Heat RemovalFire Protection Defense-in-DepthActionsHigher RiskEvolution?F.4 Yes Yes NoFire Protection Defense-in-DepthActions Figure F-2 Manage Risks

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 19 of 22 Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results The nuclear safety goal is to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition. F.1 Review existing Outage Management Processes Define Higher Risk Evolutions (HREs), if not already defined in plant outage management procedures. The HRE definition should consider the following:

o Time to boil o Reactor coolant system and fuel pool inventory o Decay heat removal capability Define HREs F.2 Identify Components and Cables The identification of systems and components to be included in this NPO Review begins with the identification of the plant operational states (POSs) that need to be considered Identify the various operational states that a plant goes through during NPO, and which ones are the most risk significant. After identifying POSs that require additional equipment evaluation for inclusion in the NPO review: Review existing plant outage processes (outage management and outage risk assessments) to determine Key Safety Functions (KSFs) that support the POSs of concern. Determine equipment relied upon to provide KSFs, including support functions, during the POSs to be evaluated. Compare the equipment credited for achieving these KSFs against the equipment credited for nuclear safety. Note the position/function for the component For those components not already credited (or credited in a different way e.g., on versus off, open versus closed, etc.) analyze the circuits in accordance with the nuclear safety methodology. Identify cables that need to be included in the NPO review.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 20 of 22 Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results For cables that are not already credited in the nuclear safety capability assessment, determine the routing for these cables.

F.3 Perform Fire Area Assessments (Identify pinch points) Identify locations where: Fires may cause damage to the equipment (and cabling) credited above, or KSFs are achieved solely by crediting recovery actions, e.g., alignment of gravity feed Fire modeling may be used to determine if postulated fires in a fire area are expected to damage equipment (and cabling) thereby eliminating a pinch point. Fire modeling should include a treatment of safety margin (MEFS/LFS or other treatment) to account for uncertainties/accuracy of the fire model used Determine if a single fire in the area can cause a loss of success paths for a KSF.

o Conservatively, assume the entire contents of a fire area are lost. Document the loss of success paths. Specifically identify those areas th at cause the loss of all success paths for a KSF. o If fire modeling is used to limit the damage in a fire area, document that fire modeling is credited and ensure the basis for acceptability of that model (location, type, and quantity of combustible, etc.) is documented. These critical design inputs should be maintained during outage modes.

F.4 Manage risks associated with fire-induced vulnerabilities during the outage During those NPO evolutions where risk is relatively low. The normal fire protection program defense-in-depth actions are credited for addressing the risk impact of those fires that potentially impact one or more trains of equipment that provide a KSF required during non-power operations, but would not be expected to cause the total loss of that KSF.

The following actions are considered to be adequate to address minor losses of system capability or redundancy:

o Control of Ignition Sources Ensure that the normal fire protection defense in depth features are applicable during NPO modes. Deleted: e FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 21 of 22 Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results Hot Work (cutting, welding and/or grinding) Temporary Electrical Installations Electric portable space heaters o Control of Combustibles Transient fire hazards Modifications Flammable and Combustible liquids and gases o Compensatory Actions for fire protection system impairments Openings in fire barriers Inoperable fire detectors or detection systems Inoperable fire suppression systems o Housekeeping During those NPO evolutions that are defined as HREs Additional fire protection defense in depth measures will be taken during HREs by:

o Managing risk in fire areas that contain known pinch points.

o Managing risk in fire areas where pinch points may arise because of equipment taken out of service NUMARC 91-06 discusses the development of outage plans and schedules. A key element of that process is to ensure the KSFs perform as needed during the various outage evolutions. During outage planning, the NPO Fire Area Assessment should be reviewed to identify areas of single-point KSF vulnerability during higher risk evolutions to develop any needed contingency plans/actions. For those areas consider combinations of the following options to reduce fire Integrate the results of the analysis performed above into the plant's outage management process. To the extent practical pre-plan the options for achieving the KSF.

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Page 22 of 22 Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results risk depending upon the significance of the potential damage: o Prohibition or limitation of hot work in fire areas during periods of increased vulnerability o Verification of operable detection and /or suppression in the vulnerable areas.

o Prohibition or limitation of combustible materials in fire areas during periods of increased vulnerability o Plant lineup modifications (removing power from equipment once it is placed in its desired position) o Provision of additional fi re patrols at periodic intervals or other appropriate compensatory measures (such as surveillance cameras) during increased vulnerability o Use of recovery actions to mitigate potential losses of key safety functions.

o Identification and monitoring in-situ ignition sources for "fire precursors" (e.g., equipment temperatures).

o Reschedule the work to a period with lower risk or higher DID.

In addition, for KSF Equipment removed from service during the HREs the impact should be evaluated based on KSF equipment status and the NPO Fire Area Assessment to develop needed contingency plans/actions.

Retrieved from "https://kanterella.com/w/index.php?title=ML081960523&oldid=998446"