ML18264A141

From kanterella
Jump to navigation Jump to search
APR1400 Chapter 1, Introduction and General Discussion, Final Safety Evaluation Report
ML18264A141
Person / Time
Site: 05200046
Issue date: 09/28/2018
From: William Ward
NRC/NRO/DLSE/LB2
To:
Ward W /NRO/415-7038
Shared Package
ML18087A364 List:
References
APR1400 Chapter 1
Download: ML18264A141 (40)
v  d  e


Text

1.0 INTRODUCTION

AND GENERAL DISCUSSION 1.1 Introduction On December 23, 2014, Korea Electric Power Corporation (KEPCO) and Korea Hydro &

Nuclear Power Company Ltd. (KHNP) (hereinafter referred to as KHNP or the applicant),

tendered its application for certification of the Advanced Power Reactor 1400 (APR1400) large, light-water, standard nuclear reactor design with the U.S. Nuclear Regulatory Commission (the NRC or Commission). The applicant submitted this application in accordance with Title 10 of the Code of Federal Regulations (10 CFR) Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants, Subpart B, Standard Design Certifications, and Subpart E, Standard Design Approvals. The application included the APR1400 design control document (DCD), its environmental report (ER), and the APR1400 probabilistic risk assessment (PRA). The NRC formally accepted the application as a docketed application for design certification (Docket No.52-046) on March 4, 2015.

The APR1400 design is a two-loop, evolutionary design, pressurized-water reactor (PWR) based on the System 80+ design by Combustion Engineering (now owned by Westinghouse Electric Company LLC (Westinghouse hereon)). The NRC certified the System 80+ design under 10 CFR Part 52, Subpart B, on June 20, 1997. The certification expired on June 20, 2012. Westinghouse licensed the use of the System 80+ design and provided design support to KHNP throughout the design review. The System 80+ design was upgraded to the APR1400 based on KHNPs more than 30 years of operating reactors expertise accumulated while developing and operating the OPR1000 design in Korea.

The major design features of the APR1400 that are different from System 80+ are as follows:

o pre-stressed concrete cylindrical containment; o fluidic device (FD) in the safety injection tank (SIT) to further enhance safety injection system performance; o improved digital instrumentation and controls (I&C) and advanced control room design; o PLUS7 fuel; o use of passive autocatalytic recombiners/igniters for hydrogen mitigation, and o design enhancements to better execute severe accident management strategies such as external reactor vessel cooling.

KHNP initially designed the APR1400 for approval to use in South Korea. The first two APR1400 units built are identified as Shin Kori 3 (in operation since December 2016) and 4 (not operational yet). There are four other APR1400 plants in various stages of construction or licensing in South Korea. KHNP is supporting KEPCO in the construction of four APR1400 plants in the United Arab Emirates. The design submitted to NRC was a modification of the original APR1400 design, specifically to meet U.S. regulatory requirements and Electric Power Research Institute (EPRI) user requirements.

The DCD information is divided into two categories, denoted as Tier 1 and Tier 2. Tier 1 is the portion of the generic design-related information that is proposed for approval and certification, including, among other things, the inspections, tests, analyses, and acceptance criteria (ITAAC).

Tier 2 is the portion of the generic design-related information proposed for approval by the NRC, but not certification. Tier 2 information includes, among other things, a description of the design of the facility required for a final safety analysis report by 10 CFR 50.34. There is no Tier 2*

1-1

information in the APR1400 DCD. Subsequently, the applicant supplemented the information in the DCD by providing revisions to the original submittal. The applicant submitted the most recent version, DCD Revision 3, to the Commission on August 13, 2018.

To evaluate the APR1400 design, the NRC staff (staff) reviewed Revision 3 of the DCD, including all referenced technical and topical reports, and generated its final safety evaluation report (FSER) on all Tier 1 and Tier 2 information. The FSER is divided into Chapters that evaluate the matching chapters in the DCD. Throughout the review, the staff requested that the applicant submit additional information to clarify the description of the APR1400 design. The FSER (meaning all chapters, unless stated otherwise) discusses some of the applicant's responses to these requests for additional information (RAls). Appendix E to this FSER provides a list of the issuance and response dates for each RAI the staff submitted to the applicant. The DCD, PRA, and all other pertinent information and materials (including Tier 1 information) are available for inspection by the public at the NRC Public Document Room and the Agency-wide Documents Access and Management System, Public Electronic Reading Room.

This FSER summarizes the staffs safety review of the APR1400 design against the requirements of 10 CFR Part 52, Subparts B and E, and delineates the scope of the technical details considered in evaluating the proposed design. In addition, this FSER documents the resolution of the open and confirmatory items identified in the safety evaluation report (SER) with open items for the APR1400 design. Appendix F to this FSER includes a copy of the report by the Advisory Committee on Reactor Safeguards (ACRS) required by 10 CFR 52.53 and 10 CFR 52.141.

DCD Chapter 1, Sections 1.2 and 1.3, summarize the APR1400 design. Section 1.4 identifies the agents and contractors who provided design services to the applicant or other support for the design. Section 1.5 describes the performance of new safety features included in the APR1400 design. Section 1.6 discusses the material referenced from topical and technical reports. Section 1.7 discusses the drawings and other detailed information for the APR1400 design. Section 1.8 addresses APR1400 design interfaces with standard designs. Section 1.9 describes the APR1400 design conformance with regulatory guidance. In Chapter 1, there are seven Combined License (COL) items described across five sections.

This Chapter 1 FSER includes additional sections not listed in the DCD but added by staff to clarify certain application-wide considerations. Section 1.10, Index of Exemptions, identifies that no exemptions are listed in the DCD. Section 1.11, Index of Tier 2* Information, identifies that there is no Tier 2* information in the DCD. Section 1.12, COL Information Items, describes how COL items are handled in the DCD. Section 1.13, Requests for Additional Information, describes the nomenclature for RAIs discussed in the FSER.

As described above, the applicant supplemented the information in the DCD by providing revisions to the document. The staff has completed its review of Revision 3, the most recent version of the DCD, as documented throughout this FSER, and, for the reasons set forth herein, finds it to be acceptable.

1.1.1 Metrication This FSER conforms to the Commissions policy statement on metrication published in the Federal Register on June 19, 1996. Therefore, all measures are expressed as metric units, followed by English units in parentheses. An example of a standard conversion would be as 1-2

follows: A unit of air volume flow 760 millimeters (mm) of mercury and 20 degrees Celsius (C)

(14.7 pounds-force per square inch absolute (psia) and 68 degrees Fahrenheit (F)).

1.1.2 Proprietary Information The DCD does not contain proprietary information. The DCD references reports created by KHNP, KEPCO, Westinghouse, and other entities. Some of these reports contain proprietary information that the author (KHNP, or Westinghouse in support of KHNP) requested be held exempt from public disclosure, as provided by 10 CFR 2.390. Some of the RAI responses contained planned revisions to the proprietary reports or proprietary discussions. For each report or RAI response, the applicant provided a nonproprietary version, similar in content except for the omission of the proprietary information. The staff predicated its findings on the proprietary versions of these referenced reports and RAI responses. However, evaluations of those reports and RAI responses described in this FSER do not contain proprietary information.

1.1.3 Combined License Applicants Referencing the APR1400 Design Future applicants who reference the APR1400 standard design for specific facilities will retain architect-engineers, constructors, and consultants, as needed. As part of its review of an application for a COL referencing the APR1400 design, the staff will evaluate, for each plant-specific application, the technical competence of the COL applicant and its contractors to manage, design, construct, and operate a nuclear power plant. COL applicants will also be subject to the requirements of 10 CFR Part 52, Subpart C, Combined Licenses, and any requirements resulting from the staffs review of this standard design. Throughout the DCD, the applicant identified matters to be addressed by plant-specific applicants as COL information items. This FSER also refers to such matters as COL Items throughout. DCD Tier 2, Revision 3, Table 1.8-2, Combined License Information Items, provides a list of COL items identified in the DCD and this FSER. There are seven COL items identified in this chapter.

1.1.3.1 Plant Location and Schedule The APR1400 is designed for use at a site with the parameters that are described in Chapter 2 of the DCD. The APR1400 is designed as a complete, single unit plant. The COL applicant that references the APR1400 design certification is to identify the actual plant site location

[COL Item 1.1(1)]. The staff finds this COL item acceptable because it supports the COL applicants compliance with 10 CFR 52.79(a)(1).

The COL applicant that references the APR1400 is to provide estimated schedules for the completion of construction and the start of commercial operation [COL Item 1.1(2)]. The staff finds this COL item acceptable because it supports the COL applicants compliance with multiple subsections of 10 CFR 52.79(a).

1.1.4 Additional Information Appendix A to this FSER provides a chronology of the principal actions, submittals, and amendments related to the processing of the APR1400 application. Appendix B provides a list of references identified in this FSER. Appendix C contains definitions of the acronyms used throughout this FSER. Appendix D lists the project management and principal technical reviewers who evaluated the APR1400 design. Appendix E provides an index of the staffs RAls and the applicants responses. Appendix F includes a copy of the letter from the ACRS 1-3

providing the results of its review of the APR1400 design. The list of the COL information items contained in the DCD can be found in DCD Tier 2, Revision 3, Table 1.8-2.

Questions regarding the design certification application and review should be directed to the Office of New Reactors which can be contacted by calling (301) 415-7000, or by writing to the U.S. Nuclear Regulatory Commission, Office of New Reactors, Washington, DC 20555-0001.

1.2 General Design Description 1.2.1 Scope of the APR1400 Design The requirement that governs the scope of the APR1400 design can be found in 10 CFR 52.47 which requires that an applicant for certification provide a complete design scope, except for site-specific elements. Therefore, the scope of the APR1400 design must include all of the plant structures, systems, and components (SSCs) that can affect the safe operation of the plant, except for its site-specific elements. The applicant described the APR1400 standard design scope in DCD Tier 2, Revision 3, Section 1.8, Interfaces with Standard Designs, including the site-specific elements that are either partially or wholly outside the standard design scope. The applicant also described interface requirements (see DCD Tier 2, Revision 3, Table 1.8-1, Index of System, Structure, or Component Interface Requirements for APR1400) and representative conceptual designs, as required by 10 CFR 52.47(a)(25) and 10 CFR 52.47(a)(26), respectively.

1.2.2 Summary of the APR1400 Design The plant designed by KHNP includes a standard, pressurized-water reactor (PWR) nuclear steam supply system (NSSS). The plant could be constructed at any location that meets the parameters identified in DCD Tier 2, Revision 3, Chapter 2, Site Characteristics. The scope of the APR1400 design covers an essentially complete nuclear power plant that includes all SSCs that can significantly affect safe operation. The APR1400 containment is a steel-lined, pre-stressed, concrete structure that consists of a right circular cylinder with a hemispherical dome on a reinforced concrete common basemat. There is no structural connection between the free-standing portion of the containment and adjacent structures other than penetrations and associated supports. Access to the containment is through personnel air locks, or an equipment hatch.

The APR1400 design provides a reactor vessel, two closed loops connected in parallel (each loop has one steam generator (SG) and two reactor coolant pumps (RCPs)), and a pressurizer (PZR) connected to a loop. The reactor core is fueled by uranium dioxide pellets enclosed in fuel rods. The core consists of 241 fuel assemblies that contain varying U-235 enrichments.

The information presented herein pertains to one reactor unit with an NSSS thermal power rating of up to 4,000 megawatts thermal (MWt). The core thermal output is 3,983 MWt. Based on the reference design, the plant operates at an estimated gross electrical power output at a rated power of 1,425 megawatts electric. This electrical output can vary depending on site-specific conditions.

The applicant stated that the plant has a design lifespan of 60 years without the need for an extended refurbishment outage. It is designed to operate on a fuel cycle, from post-refueling startup to the subsequent post-refueling startup, with a refueling interval of 18 months.

1-4

The APR1400 uses a two-loop, four RCP PWR for normal operation and has active safety features. It includes a large, rugged reactor containment building and associated containment systems for heat removal and retention of fission products for design basis events (DBEs) and beyond DBEs (BDBEs). It is designed with at least two separate and independent ac power connections to the grid to decrease the likelihood of a loss of offsite power (LOOP). To reduce the risk of a station blackout (SBO), the design provides an independent, safety-related, onsite ac power generation source for each division and by providing a non-safety-related, alternate ac (AAC) onsite power source. It also provides for the connection of FLEX equipment (water and electrical connections) for BDBEs.

The APR1400 standard plant includes buildings dedicated exclusively or primarily to housing systems and equipment related to the nuclear system or controlled access to these systems and equipment. Buildings included are: reactor containment building, auxiliary building surrounding the containment building and including two emergency diesel generator (EDG) rooms, turbine generator (T/G) building, compound building, EDG building with two EDG rooms, AAC gas turbine building, an essential service water (ESW) intake structure and ultimate heat sink (UHS) structure, component cooling water (CCW) heat exchange building, and security buildings. The following is a general description of the APR1400 design. Subsequent chapters of this FSER provide detailed descriptions and evaluations of the individual systems that make up the APR1400 design.

1.2.2.1 Combined License Information There is one COL item identified for DCD Tier 2 Section 1.2. COL Item 1.2(1), states, The COL applicant is to prepare a complete and detailed site plan. The staff finds this COL item acceptable because it supports the COL applicants compliance with 10 CFR 52.79(a)(1).

1.2.2.2 Principal Design Criteria The APR1400 safety design is based on the following basic principles used by KHNP:

(1) Core Damage Frequency (CDF) - The target CDF is less than 10-5/reactor-year for internal and external events during all operation modes.

(2) Large Release Frequency (LRF) - The target is less than 10-6/reactor year (3) The APR1400 is designed to prevent exceeding radiation exposure limits specified under U.S. regulatory requirements.

(2) Reliability is built into the APR1400 throughout the design, manufacture, construction, test, and inspection stages.

(3) The APR1400 is equipped with defense-in-depth features to prevent offsite release of radioactive fission products, in order to protect the health and safety of the public.

(4) The structures of the APR1400 are designed to be resistant to postulated natural phenomena.

(5) Fire protection measures are incorporated in the design, in accordance with the defense-in-depth concept for fires.

1-5

The design includes the following principal plant structures:

Reactor containment buildingsteel-lined prestressed concrete structure consisting of a right circular cylinder with a hemispherical dome on a reinforced concrete basemat. The reactor containment building completely encloses the reactor and reactor coolant system (RCS), and the in-containment refueling water storage tank (IRWST). It is designed to provide a barrier that is essentially leak-tight to the release of radioactive materials subsequent to postulated accidents. Internal structures and compartment arrangement provide equipment missile protection and biological shielding for maintenance personnel.

Auxiliary buildinghouses electrical and mechanical equipment which supports reactor operations, including steam and water systems connected between the T/G and the reactor. Rooms in the auxiliary building include the fuel handling area, two EDG rooms, the main control room (MCR), the Technical Support Center (TSC), the remote shutdown console (RSC), emergency core cooling system (ECCS) equipment, auxiliary feedwater storage tanks (AFWST), and the I&C equipment rooms.

Turbine buildinghouses equipment associated with the main turbine and electrical generator and their auxiliary systems and equipment, including the condensate system.

Compound buildinghouses equipment associated with the collection and processing of solid and liquid radioactive waste generated by the plant. It also has the operation support center, access control facility, hot machine shop, and sampling facilities and laboratory.

EDG buildinghouses the two safety-related EDGs and their associated auxiliary equipment.

AAC gas turbine generator (GTG) buildinghouses the AAC GTGs and their associated support systems.

ESW Buildingstwo buildings housing essential service water pumps, a cooling tower, and a cooling tower basin.

CCW Heat Exchanger Buildingstwo buildings next to each ESW building containing CCW heat exchangers and filters.

General Power Generation (Nonsafety) Design Criteria The plant is designed to produce electricity from a T/G unit using steam generated in the two SGs. Heat removal systems have sufficient capacity and operational adequacy to remove heat generated in the reactor core for the full range of normal operational conditions and anticipated operational occurrences (AOOs). Backup heat removal systems remove decay heat generated in the core when the normal operational heat removal systems become inoperative. The capacity of such systems is adequate to prevent fuel cladding damage. The fuel cladding, in conjunction with other plant systems, is designed to retain integrity, so that the consequences of any failures are within acceptable limits throughout the range of normal operational conditions and AOOs for the design life of the fuel. Control equipment allows the reactor to respond automatically to load changes and AOOs. The reactor power level and power distribution can be controlled manually.

1-6

General Safety Design Criteria The safety design objectives of the APR1400 used by KHNP are as follows:

a. Simplify plant design and operation.
1. Use a minimum number of systems, valves, pumps, instruments, and other types of mechanical and electrical equipment that are consistent with essential functional requirements.
2. Provide a human-system interface (HSI) that simplifies plant operation and reflects operator needs and capabilities.
3. Provide system and component designs that provide reasonable assurance that the final plant design minimizes demands on the operator during normal operation as well as transient and emergency conditions.
4. Design equipment and arrangements that simplify and facilitate maintenance.
5. Provide protective logic and actuation systems that are more simplified than those in existing plants.
6. Use standardized components to facilitate operations and maintenance.
7. Design for ease and simplification of construction.
b. Provide the proper safety margin for a more forgiving and resilient plant.
1. Designed capability to accommodate transients without causing initiation of engineered safety systems.
2. Ample operator time to assess and respond to abnormal conditions with minimum potential for damage.
3. Enhancement of system and component reliability and minimization of the potential of exceeding limiting conditions for operations (LCO) limits that could cause power reductions or shutdown.
c. Improve the HSI system to promote error-free normal operations and quick, accurate diagnosis of off-normal conditions.
d. Meet applicable NRC requirements related to engineered safety system design and analysis of plant and engineered safety system responses to regulatory transients and accidents.
e. Evaluate the mean annual CDF and LRF for the APR1400 design using a PRA. The design target for CDF is 1 x 10-4 events per reactor year, and the design target for LRF is 1 x 10-6 events per reactor year. These targets include an assessment of internal and external events, excluding seismic events, sabotage, and other external events, and an assessment of shutdown events.
f. Provide a large, rugged reactor containment building and associated containment systems for heat removal and retention of fission products for DBEs and BDBEs.

1-7

Containment design pressure is based on the most limiting loss of coolant or steam line break accident.

g. Provide containment system components for which a change of state is necessary (e.g.,

containment isolation valves) that are redundant and sufficiently independent from the systems whose failure could lead to core damage in order to provide reasonable assurance of an intact containment and avoid significant vulnerability to common cause failure.

h. Design the containment systems so the applicable exposure limits are met assuming a reactor containment building design leak rate of no less than 0.1 volume percent per day.
i. Provide at least two separate and independent ac power connections to the grid to decrease the likelihood of a LOOP.
j. Reduce the risk of an SBO by providing an independent, safety-related, onsite ac power generation source for each division and by providing a non-safety-related, AAC onsite power source.
k. Provide adequate severe accident protection through conservatisms inherent in the design and additional plant features that limit direct containment heating, provide reasonable assurance of core debris coolability, and avoid detonable concentrations of hydrogen.

The reactor core power distribution and coolant conditions are controlled so that the peak linear heat rate and the minimum departure from nucleate boiling ratio (DNBR) are maintained within operating limits supported by the accident analyses in regard to the correlations between measured quantities, power distribution, and uncertainties in the determination of power distribution. The core operating limit supervisory system indicates to the operator how far the core is from operating limits and provides an audible alarm should an operating limit be exceeded. Such a condition signifies a reduction in the capability of the plant to withstand an anticipated transient but does not necessarily imply a violation of fuel design limits. If the margin to fuel design limits continues to decrease, the reactor protection system (RPS) provides reasonable assurance that the specified acceptable fuel design limits are not exceeded by initiating a reactor trip.

Those portions of the nuclear system that form part of the reactor coolant pressure boundary (RCPB) are designed to retain integrity as a radioactive material containment barrier following AOOs and to ensure cooling of the reactor core following accidents. Where action is immediately required in response to AOOs and accidents, such action is automatic and requires no decision or manipulation of controls by plant operations personnel.

Safety-related functions rely on equipment of sufficient redundancy and independence so that no single failure of active components prevents performance of the safety-related functions.

The design of SSCs includes allowances for natural environmental disturbances, such as earthquakes, floods, and storms, at the station site. Standby electrical power sources have sufficient capacity to power those safety-related systems requiring electrical power concurrently.

Standby electrical power sources allow prompt reactor shutdown and removal of decay heat, even if normal auxiliary power is not available.

1-8

The containment design pressure is based on the most limiting coolant or steam line break accident. Containment isolation components are redundant and sufficiently independent from the systems whose failure could lead to core damage in order to provide reasonable assurance of an intact containment and avoid significant vulnerability to common cause failure.

Containment systems are designed to meet applicable exposure limits assuming a reactor containment building design leak rate of 0.1 volume percent per day.

The ECCS limits the fuel cladding temperature to less than the limit in 10 CFR 50.46 in the event of a design-basis loss-of-coolant accident (LOCA). The ECCSs provide continuity of core cooling over the complete range of postulated break sizes in the RCPB piping. The ECCSs are initiated automatically when required, regardless of the availability of offsite power supplies and the normal generating system of the station. The MCR is shielded against radiation, so that continued occupancy under Design Basis Accident (DBA) conditions is possible. If the MCR is uninhabitable, the remote shutdown room (RSR) also provides capability for safety injection system (SIS) operation.

Nuclear System Criteria The fuel cladding is a fission product barrier designed to retain integrity, so that there is reasonable assurance that any fuel failures occurring during normal operation do not result in dose consequences that exceed acceptable limits. The fuel cladding, in conjunction with other plant systems, is designed to retain integrity to ensure that dose consequences, as a result of any fuel failures occurring during any AOOs, are within acceptable limits. Those portions of the nuclear system that form part of the RCPB are designed to retain integrity as a fission product barrier, during normal operation and following AOOs, and to retain sufficient integrity to ensure core cooling following accidents. The capacity of the heat removal systems provided to remove heat generated in the reactor core for the full range of normal operational transients, as well as for AOOs, is adequate to prevent fuel cladding damage that results in dose consequences exceeding acceptable limits. The reactor is capable of being shut down automatically in sufficient time to prevent fuel cladding damage during AOOs.

Sufficient normal, auxiliary, and standby sources of electrical power allow prompt shutdown and continued maintenance of the station in a safe condition under all credible circumstances. The dc power sources are adequate to accomplish the required safety-related functions under all postulated accident conditions.

1.2.3 Nuclear Steam Supply System Summary The following summarizes the plant description provided in DCD Tier 2, Revision 3, Sections 1.2.3 through 1.2.13.

The scope of the APR1400 design covers an essentially complete nuclear power plant that includes all SSCs that can significantly affect safe operation. The primary design characteristics are summarized in the following subsections. The seismic category, safety classification, and quality assurance requirements of SSCs are listed in Table 3.2-1.

1-9

1.2.3.1 Reactor 1.2.3.1.1 Reactor Core The reactor core is fueled by uranium dioxide pellets enclosed in fuel rods. The fuel rods are fabricated into assemblies with nozzles that limit axial motion and grids that limit lateral motion of the fuel rods. The control element assemblies (CEAs) consist of boron carbide (B4C) or Inconel absorber rods that are guided by tubes located within the fuel assembly. The core consists of 241 fuel assemblies that are typically loaded in the first fuel cycles with different U-235 enrichments. The NSSS-rated thermal output is 4,000 MWt with a core thermal output of 3,983 MWt. The reactor core is described in DCD Tier 2, Sections 4.2, 4.3, and 4.4.

1.2.3.1.2 Reactor Internals The reactor internals include the core support barrel, lower support structure and in-core instrumentation nozzle assembly, core shroud, and upper guide structure assembly. The core support barrel is a right circular cylinder supported by a ring flange from a ledge on the reactor vessel. The lower support structure transmits the entire weight of the core to the core support barrel by means of a beam structure. Snubbers are provided at the lower end of the core support barrel to restrict lateral and torsional movement. The core shroud surrounds the core and minimizes the amount of bypass flow. The upper guide structure provides a flow shroud for the CEAs and limits upward motion of the fuel assemblies.

The principal design bases for the reactor internals are to provide vertical supports and horizontal restraints during all normal operating, upset, emergency, and faulted conditions. The core is supported and restrained during normal operation and postulated accidents to provide reasonable assurance that coolant can be supplied to the coolant channels for heat removal.

The reactor internals are described in further detail in DCD Tier 2, Sections 3.9 and 4.5.

1.2.3.2 Reactor Coolant System and Connecting System 1.2.3.2.1 Reactor Coolant System The RCS is arranged as two closed loops connected in parallel to the reactor vessel. Each loop consists of one outlet hot leg, one SG, two cold legs, and two RCPs. A PZR is connected to one of the RCS loops.

The RCS operates at a nominal pressure of 158.2 kg/cm2A (2,250 psia). The reactor coolant enters the reactor vessel, flows downward between the reactor vessel shell and core barrel, flows up through the core, leaves the reactor vessel, and flows through the tube side of the two SGs where heat is transferred to the secondary system. The RCPs return the reactor coolant to the reactor vessel.

Two SGs, using heat generated by the reactor core, produce steam for driving the plant T/G.

Each SG is a vertical U-tube heat exchanger with an integral economizer that operates with the reactor coolant on the tube side and secondary coolant on the shell side. Each unit is designed to transfer heat from the RCS to the secondary system to produce saturated steam when provided with the proper feedwater (FW) input.

Moisture separators and steam dryers on the shellside of the SG limit the moisture content of the steam during normal operation. An integral flow restrictor is included in each SG nozzle to restrict flow in the event of a steam line break.

1-10

The SG incorporates high-performance steam dryers to limit the moisture content to below 0.25 percent in the steam flow. The heat transfer tubes are made of Alloy 690 TT, which is resistant to stress corrosion cracking in high-temperature conditions. The secondary FW inventory is increased to extend the dry-out time to enhance the NSSS capability to tolerate upset conditions and improve operational flexibility. The heat transfer area is large enough to allow the NSSS to maintain a rated output even if 10 percent of the tubes are plugged.

The RCS is described in further detail in DCD Tier 2, Chapter 5 and evaluated in Chapter 5 of this FSER.

1.2.3.2.2 Reactor Coolant System High Point Vents The high point vent system is a dedicated safety system designed to perform the following functions:

a. A safety-grade means of venting non-condensable gases and steam from the PZR and the reactor vessel closure head.
b. A safety-grade means to depressurize the RCS in the event the PZR spray is unavailable during plant cooldown to cold shutdown.

The reactor coolant gas vent system (RCGVS) is described in further detail in DCD Tier 2, Subsection 5.4.12.

1.2.4 Engineered Safety Features Engineered safety features (ESF) are provided to mitigate the consequences of DBAs. These ESFs are designed to localize, control, mitigate, or terminate such accidents in order to hold exposure levels below the limits of 10 CFR 50.34, Contents of applications; technical information.

1.2.4.1 Reactor Containment Building General arrangements for the reactor containment building are discussed in DCD Tier 2, Subsection 1.2.14.

The APR1400 reactor containment building is a steel-lined prestressed concrete structure that consists of a right circular cylinder with a hemispherical dome on a reinforced concrete basemat. The cylindrical portion of the containment structure is prestressed by a post-tensioning system that consists of horizontal (hoop) and vertical (inverted, U-shaped) tendons.

The interior surfaces of the containment shell, dome, and basemat are lined with a carbon steel plate for leak-tightness. A protective layer of concrete (filled slab) covers the portion of the liner over the foundation slab. The containment building provides biological shielding for normal and accident conditions.

The containment building completely encloses the reactor and RCS, and is designed to provide a barrier that is essentially leak-tight to the release of radioactive materials subsequent to postulated accidents. The internal structures and compartment arrangement provide equipment missile protection and biological shielding for maintenance personnel.

The containment building is designed for all credible loading combinations, including normal loads during a LOCA, test loads, and loads due to adverse environmental conditions.

1-11

1.2.4.2 Safety Injection System In the event of a LOCA, the SIS injects borated water into the RCS. The SIS incorporates a four-train safety injection (SI) configuration and an IRWST.

The SIS uses four SI pumps (SIPs) to inject borated water directly into the reactor vessel. In addition, four SITs are provided. The SI pumps are aligned to the IRWST, and realignment for recirculation following a LOCA is not required. The SIT provides cooling to limit core damage and fission product release and reasonable assurance of an adequate shutdown margin. The FD in the SIT regulates the flow rate into the reactor vessel to improve cooling effectiveness.

The SIS also provides continuous long-term, post-accident cooling of the core by recirculating borated water from the IRWST. Water drawn from the IRWST by the SI pumps and containment spray (CS) pumps is injected into the reactor vessel and containment. The SI water then enters the containment through the primary pipe break. This water and the CS water return through floor drains and the holdup volume tank to the IRWST. During this process, heat is removed from the IRWST water by the CS heat exchanger.

The SIS is capable of providing an alternate means of decay heat removal for the events beyond the licensing design basis in which the SGs are not available. Decay heat removal is accomplished by feeding and bleeding the RCS, using the SIS to feed and the PZR pilot operated safety relief valve (POSRV) to bleed, and by cooling the IRWST water using the shutdown cooling system (SCS).

The SIS and the IRWST are described in further detail in DCD Tier 2, Sections 6.3 and 6.8, respectively, and evaluated in Chapter 6 of this FSER.

1.2.4.3 Auxiliary Feedwater System The auxiliary feedwater system (AFWS) provides FW from the AFW storage tanks (AFWSTs) to the SGs for heat removal when the FW system is inoperable for a transient or postulated accident condition.

The AFWS consists of two 100 percent capacity motor-driven pumps, two 100 percent capacity turbine driven pumps, two 100 percent AFWSTs, valves, two cavitating flow-limiting venturis, and instrumentation. Each pump takes suction from the respective AFWST and has a respective discharge header. Each pump discharge header contains a pump discharge check valve, flow modulating valve, AFW isolation valve, and SG isolation check valve.

The AFWS components are in seismic Category I structures, which protect the components from external environmental hazards such as earthquakes, tornados, floods, and external missiles. Each train of the AFWS is physically separated from the others within these structures.

One motor-driven pump train and one turbine-driven pump train are configured into one mechanical division and joined inside the containment to feed their respective SG through a common AFW header, which connects to the SG downcomer feedwater line. Each common AFW header contains a cavitating venturi to restrict the maximum AFW flow rate to each SG.

The AFWS is designed to be manually or automatically actuated by an auxiliary feedwater actuation signal (AFAS). At the low water level setpoint of the SG, the AFAS associated with that SG is designed to actuate the AFWS.

1-12

For design basis considerations, sufficient FW can be provided at the required temperature and pressure even if a secondary pipe break event occurs. Because the AFWS is the only safety-related source of makeup water to the SGs for heat removal when the FW system is inoperable for a transient or postulated accident condition, it has been designed with redundancy, diversity, and separation.

The AFWS is described further in DCD Tier 2, Subsection 10.4.9, and evaluated in Chapter 10 of this FSER.

1.2.4.4 Containment Spray System The containment spray system (CSS) is designed to maintain containment pressure and temperature within the design limits in the DBAs that result in mass-energy releases to the containment atmosphere. The CSS also provides a containment air cleanup function to reduce the concentration of fission products in the containment atmosphere after an accident.

The CSS consists of two independent trains, each containing a CS pump, a CS heat exchanger, a CS pump mini-flow heat exchanger, spray headers, spray rings and nozzles, and associated valves, piping, and instrumentation.

The CS pumps are automatically actuated on receipt of a safety injection actuation signal (SIAS) or a containment spray actuation signal. Upon a containment spray actuation signal, the CS isolation valves open, and the CS flow starts. The essential components of the CSS are powered from the emergency power sources to provide assurance of the reliability of the safety function for a LOOP. The suction isolation valve from the IRWST is locked open during power operation. Two CS pumps supply water through two CS heat exchangers to the spray headers in the upper region of the containment. Spray headers are used to provide a relatively uniform distribution of spray over the cross-sectional area of the containment. The IRWST provides a continuous suction source for the CS pumps, thus eliminating the switchover from the IRWST to the containment recirculation sump for conventional PWR plants.

The CS pumps can be manually aligned and used as residual heat removal pumps during SCS operation. Likewise, the SC pumps can be manually aligned to perform the CS function.

The CS pumps can also be used as a backup to the SC pumps to provide cooling of the IRWST water during post-accident feed and bleed operations when the SGs are not available to cool the RCS.

The CSS is further discussed in DCD Tier 2, Subsections 6.2.2 and 6.5.2, and evaluated in Chapter 6 of this FSER.

1.2.4.5 Containment Isolation System The containment isolation system (CIS) provides means of isolating fluid systems that pass through the containment penetrations to confine the release of any radioactivity from the containment following a postulated DBA.

In conformance to 10 CFR Part 50, Appendix A, General Design Criterion (GDC) 54, Piping systems penetrating containment, the piping systems and related components penetrating the containment are provided with leak detection, isolation, and containment capabilities with redundancy, reliability, and performance capabilities that reflect the safety-related importance of isolating these fluid systems.

1-13

Isolation design is achieved by applying acceptable common criteria to penetrations in many different fluid systems and by using containment pressure to provide a containment isolation actuation signal to actuate appropriate valves.

The CIS is described further in DCD Tier 2, Subsection 6.2.4, and evaluated in Chapter 6 of this FSER.

1.2.4.6 Engineered Safety Features Filter Systems The ESF filters are provided for the systems that are required to perform safety-related functions subsequent to a DBA, as follows:

a. Control room emergency makeup air cleaning system The system is part of the control room heating, ventilation, and air conditioning (HVAC) system and is used to clean the makeup air that has potential to carry radioactive iodine and particulates following a DBA.

The system is normally shut down and starts automatically in response to any one of the following signals:

1) SIAS
2) Control room emergency ventilation actuation signal
3) Remote manual activation from the MCR
b. Auxiliary building controlled area emergency exhaust system The system is part of the auxiliary building controlled area HVAC system and is used to filter radioactive elemental iodines and particulates in the exhaust air from the safety-related mechanical equipment rooms, which are cooled by safety-related cubicle coolers after a DBA.

The system is normally shut down and starts automatically in response to any one of the following signals:

1) SIAS
2) Remote manual activation from the MCR
c. Fuel handling area emergency exhaust system The system is part of the fuel handling area HVAC system and is used to reduce the radioactive elemental iodines and particulates in the exhaust air from the fuel handling area following a fuel handling accident.

The system is normally shut down and starts automatically in response to one of the following signals:

1) High radiation signal from the radiation monitor located in the common discharge duct of the fuel handling area exhaust air cleaning units
2) Fuel handling area emergency ventilation action signal
3) Remote manual activation from the MCR 1-14

The ESF filter systems are described further in DCD Tier 2, Subsection 6.5.1, and evaluated in Chapter 6 of this FSER.

1.2.5 Instrumentation and Control 1.2.5.1 Reactor Trip System The reactor trip system is a safety system that initiates reactor trips. The reactor trip system consists of four channels of sensors, auxiliary process cabinet-safety (APC-S), ex-core neutron flux monitoring system, core protection calculator system (CPCS), the RPS portion of the plant protection system (PPS), and reactor trip switchgear system (RTSS).

Four independent channels of the RPS monitor the selected plant parameters. The RPS logic is designed to initiate protective action whenever the signals of any two channels of a given parameter reach the setpoint. If this occurs, the power supplied to the control element drive mechanisms (CEDMs) is interrupted through the RTSS. The CEDMs release the CEAs, which drop into the core to shut down the reactor.

The reactor trip system is described further in DCD Tier 2, Section 7.2, evaluated in Chapter 7 of this FSER.

1.2.5.2 Engineered Safety Features System The ESF system consists of four channels of sensors, APC-S, the engineered safety features actuation system (ESFAS) portion of PPS, and the engineered safety features - component control system (ESF-CCS).

The ESF-CCS accepts ESFAS initiation signals from the ESFAS portion of the PPS and radiation monitoring system (RMS). The ESF actuation logic is used to activate ESF system components of the plant. EDG loading sequencer logic is also included in the ESF-CCS. The component control logic in the ESF-CCS is described in DCD Tier 2, Subsection 1.2.5.3. The ESF actuation logic has a selective 2-out-of-4 coincidence logic for the NSSS ESFAS or 1-out-of-2 logic for the balance-of-plant (BOP) ESFAS so that no single failure can preclude the system from providing the safety function. The ESF actuation signal actuates ESF system components through the ESF-CCS.

The ESF system is described further in DCD Tier 2, Section 7.3, and evaluated in Chapter 7 of this FSER.

1.2.5.3 Component Control System The component control system (CCS) is designed to provide control of plant process components and to acquire data on the process components. The CCS provides discrete and continuous control of plant components.

The CCS consists of the ESF-CCS and process-CCS (P-CCS) assemblies to provide control for the different divisions of safety equipment, as well as non-safety equipment. Although the safety and non-safety CCS assemblies perform different plant control functions, they use diverse software and software-dependent electronic components.

1-15

The ESF-CCS is described further in DCD Tier 2, Section 7.3, and evaluated in Chapter 7 of this FSER. The P-CCS is described further in DCD Tier 2, Section 7.7, and evaluated in Chapter 7 of this FSER.

1.2.5.4 Diverse Protection System The diverse protection system (DPS) augments the plant protection function by initiating a reactor trip signal, turbine trip signal, AFAS, and SIAS that are separate and diverse from the PPS.

The DPS is provided to address the design requirements of 10 CFR 50.62, Requirements for reduction of risk from anticipated transients without scram (ATWS) events for light-water-cooled nuclear power plants, and the Staff Requirements Memorandum (SRM) regarding SECY 087, Defense Against Common-Mode Failures in Digital Instrumentation and Control Systems, Item II.Q. The DPS equipment provides a simple and diverse mechanism to significantly decrease risk from ATWS events and assist the mitigation of the effects of a postulated common-cause failure (CCF) of the digital computer logic within the PPS and ESF-CCS.

The DPS initiates a reactor trip when the PZR or containment pressure exceeds a predetermined value. For implementation of the reactor trip function, the DPS circuitry is diverse from the PPS, from sensor output to interruption of power to control rods. The DPS design uses a 2-out-of-4 logic to open trip circuit breakers of the RTSS.

The DPS initiates the AFAS when the level in either SG decreases below a predetermined value and initiates the SIAS when the PZR pressure decreases below a predetermined value. From sensor output to, but not including, the final actuation device, the DPS circuitry for the AFAS and SIAS is independent and diverse from the circuitry of the PPS and ESF-CCS.

The DPS is described further in DCD Tier 2, Section 7.8, and evaluated in Chapter 7 of this FSER.

1.2.5.5 Reactor Control Systems The startup, operation, and shutdown of the reactor are accomplished through integrated control system actions. These control systems regulate reactor power and respond to plant transients to maintain the NSSS within its normal operating conditions. Reactor control functions are performed by the power control system (PCS) and NSSS process control system (NPCS) of the P-CCS, as described in DCD Tier 2, Section 7.7. The PCS performs digital rod control system, reactor power cutback system, and required response spectra functions to adjust the reactor power response to turbine load demand. The NPCS performs steam bypass control system (SBCS), feedwater control system (FWCS), and PZR control functions.

Reactor power control is normally accomplished by the automatic movement of CEAs in response to a change in reactor coolant temperature, with manual control that can override the automatic signal at any time. If the reactor coolant temperature is different from a programmed value, the CEAs are adjusted until the difference is within the prescribed control band.

Regulation of the reactor coolant temperature, in accordance with this process, maintains the secondary steam pressure within operating limits and matches reactor power to load demand.

The reactor is controlled by a combination of CEA motion and dissolved boric acid in the reactor coolant. Boric acid is used for reactivity changes associated with large but gradual changes in water temperature, xenon concentration, and fuel burnup. The addition of boric acid also 1-16

provides an increased shutdown margin during the initial fuel loading and subsequent refueling.

The boric acid solution is prepared and stored at a temperature that prevents precipitation.

CEA movement provides changes in reactivity for shutdown or power changes. The CEAs are moved by CEDMs mounted on the reactor vessel head. The CEDMs are designed to permit rapid insertion of the CEAs into the reactor core by gravity. CEA motion can be initiated manually or automatically.

The pressure in the RCS is controlled by regulating the temperature of the coolant in the PZR where steam and water are maintained in thermal equilibrium. Steam is formed by the PZR heaters or condensed by the PZR spray to reduce variations caused by expansion and contraction of the reactor coolant because of temperature changes.

The SBCS is used to dump steam in case of a large mismatch between the power being produced by the reactor and the power being used by the turbine. Dumping steam allows the reactor to remain at power instead of tripping. The water level in each SG is maintained by the FWCS. The reactor power cutback system is used to drop selected CEAs into the core to reduce reactor power rapidly during the large loss of load or failure of 2-out-of-3 operating FW pumps. Dropping selected CEAs allows the SBCS and the FWCS to maintain the NSSS in a stable condition without a reactor trip and without lifting any safety valves during the transients after the loss of load.

The reactor control systems are described further in DCD Tier 2, Section 7.7, and evaluated in Chapter 7 of this FSER. The Reactivity Control System is described further in DCD Tier 2, Section 4.6, and evaluated in Chapter 4 of this FSER.

1.2.5.6 Nuclear Instrumentation The nuclear instrumentation includes ex-core and in-core neutron flux detectors and associated signal processing equipment. Eight channels of ex-core instrumentation monitor the power.

Two startup channels are provided for startup, two control channels are provided for power control, and four safety channels are provided for protection.

The startup channels are used to monitor the power that is used during the initial reactor startup, extended shutdown periods, startup after extended periods of shutdown, and after refueling operations. The control channels are used to control the reactor power during power operation. The safety channels are used to provide inputs to the variable overpower, high logarithmic power, low DNBR, and high local power density trips in the RPS.

The in-core nuclear instrumentation consists of fixed in-core nuclear instrumentation detectors distributed throughout the core. The instrumentation is used to monitor the power distribution in the core and evaluate fuel burnup in each fuel assembly and thermal margins in the core.

The in-core and ex-core nuclear instrumentation is described further in DCD Tier 2, Section 7.7, and evaluated in Chapter 7 of this FSER.

1.2.5.7 Process Monitoring Systems Temperature, pressure, flow, and liquid level are monitored as required to keep operating personnel informed of the reactor plant operating conditions. Protection channels indicate the various parameters used for protective action and provide trip and pre-trip alarms from the RPS.

1-17

Plant liquid and gaseous effluents are monitored to provide reasonable assurance that they are maintained within applicable radioactivity limits. Additional information regarding radiological waste process monitoring is provided in DCD Tier 2, Section 11.5.

Process monitoring systems are described further in DCD Tier 2, Section 7.7 of the DCD and evaluated in Section 7.7 of this FSER.

1.2.6 Human-System Interface System 1.2.6.1 Main Control Room The MCR is provided with a redundant, compact, workstation-type human-system interface (HSI); large display panel (LDP); safety console; voice communication equipment; and other equipment that is necessary for plant operation.

Qualified indication and alarm displays are provided to permit normal and accident plant operations in the event that the information processing system (IPS) becomes unavailable.

The arrangements and layouts for all controls and displays in the MCR are designed, verified, and validated in accordance with human factors design guidelines and the requirements in the APR1400 human factors engineering (HFE) program plan, which is described in DCD Tier 2, Section 18.1, and evaluated in Chapter 18 of this FSER.

The layout of an MCR is shown in DCD Tier 2, Figure 7.7-13. An operator workstation, including sufficient desk space, is provided to support the plant monitoring and daily operational needs for each operator.

1.2.6.2 Remote Shutdown Room The RSR design includes the RSC, which is similar to the reactor operator (RO) workstation in the MCR, and the shutdown overview display panel (SODP) to achieve cold shutdown (Mode 5 plant conditions) when operators are to evacuate the MCR. The layout of the RSR is shown in DCD Tier 2, Figure 7.4-4.

For a safe shutdown from the RSR, controls and indications are available through information on flat panel displays (FPDs) and soft controls on the RSC. The SODP provides information that the operator uses during plant shutdown operation.

For consistency, the information displays and soft controls on the RSC are the same as in the MCR.

1.2.6.3 Qualified Indication and Alarm System The qualified indication and alarm system (QIAS) is composed of the qualified indication and alarm system - P (QIAS-P) and qualified indication and alarm system - non-safety (QIAS-N).

The QIAS-P provides a continuous and dedicated display of NRC Regulatory Guide (RG) 1.97, Criteria for Accident Monitoring Instrumentation for Nuclear Power Plants, Type B and C parameters for accident monitoring.

The QIAS-N receives analog and digital data from both safety and non-safety systems, analyzes the data, and relays the results of the analysis to the operator via the QIAS-N FPD and 1-18

mini-LDP in the MCR, and SODP in the RSR. The system interfaces with the IPS to integrate alarm and process information.

The QIAS is described further in DCD Tier 2, Section 7.5, and evaluated in Chapter 7 of this FSER.

1.2.6.4 Information Processing System The IPS is a fault-tolerant, multi-processor, computer-based system that provides plant data and status information to the operating staff. The IPS monitors the NSSS and balance-of-plant (BOP) steam and electrical production processes. The IPS provides plant operating staff the ability to obtain detailed process data via FPDs and LDPs.

The major functions performed by the IPS include plant-wide data acquisition through dedicated data links to plant systems, validation of sensed parameters, execution of application programs and performance calculations, monitoring of general plant status and plant safety status, generation of logs and reports, determination of alarm conditions, recording of the sequence of events, and generation of a post-trip review.

The FPD and LDP formats incorporate HFE design principles that permit operator recognition of information that is necessary to allow the operator to monitor, control, and diagnose plant conditions.

The IPS is designed to provide the plant operating staff with information for the safe and efficient operation of the plant. The IPS is designed to tolerate the loss of any single major system component without total loss of functionality. The design includes automatic fail-over and sufficient redundant peripherals to minimize the effects of an IPS component failure during plant operations.

The IPS is described further in DCD Tier 2, Section 7.7, and evaluated in Chapter 7 of this FSER.

1.2.7 Electrical System Offsite and onsite power systems are provided to supply electrical power to unit auxiliaries that are necessary during normal operation and the RPS and ESF that are necessary in abnormal and accident conditions.

The offsite power system consists of transmission lines, transmission line towers, switchyard components and a control system, switchyard battery systems, transmission tie lines, main generator, generator circuit breaker (GCB), main transformer, unit auxiliary transformers (UATs), and standby auxiliary transformers.

Under normal operating conditions, the main generator supplies power through an isolated phase bus and the GCB to the main transformer and UATs. The UATs are connected to the isolated phase bus between the GCB and main transformer. Additional information on the offsite power system is provided in DCD Tier 2, Section 8.2, and evaluated in Chapter 8 of this FSER.

The onsite power system for the unit auxiliaries consists of four EDGs, an AAC gas turbine generator (GTG), and two onsite power distribution systems (a Class 1E system and a non-Class 1E system). The onsite power distribution system is connected to the site-specific 1-19

switchyard via two separate and independent transmission tie circuits. One circuit is connected to the switchyard through the main transformer and UATs, and the other circuit is connected to the switchyard via the standby auxiliary transformers.

During normal operation, onsite power is supplied from the main generator through the UATs.

During startup and shutdown, the GCB is open, and the onsite power is supplied from the transmission system through the main transformer and UATs.

The onsite power system is described further in DCD Tier 2, Section 8.3. A description of the AAC generator system is provided in DCD Tier 2 Section 8.4. These systems are evaluated in Chapter 8, of this FSER.

1.2.8 Steam and Power Conversion System The function of the steam and power conversion system is to convert heat energy generated by the nuclear reactor into electrical energy. The heat energy produces steam in two SGs capable of driving a T/G unit.

The steam and power conversion system consists of the T/G, main steam system (MSS),

condensate and FW system, and other support systems. The steam and power conversion system uses a condensing cycle with regenerative FW heating.

The steam generated in the two SGs is supplied to the high-pressure turbine by the MSS. The steam is expanded through the high-pressure turbine, passes through the two moisture separator reheaters (MSRs), and then flows to the three low-pressure turbines.

The exhaust steam from the low-pressure turbines is condensed in a conventional surface-type condenser. The condenser removes air and other non-condensable gases from the condensate and transfers heat to the circulating water system.

The condensate from the steam is returned to the SGs through the condensate and FW system.

The condensate from the condenser hotwell is transferred through the low-pressure (LP) heaters to the deaerator storage tank by the condensate pumps.

The FW booster pumps take suction from the deaerator storage tank and discharge to the FW pumps. FW is discharged from the FW pumps, passes through two trains of high-pressure FW heaters, and is delivered to the SGs.

The steam and power conversion system is described further in DCD Tier 2, Chapter 10, and evaluated in Chapter 10 of this FSER.

1.2.8.1 Turbine Generator The T/G converts the thermal energy of the steam produced in the SGs into mechanical shaft power and then into electrical energy.

The T/G consists of a double-flow, high-pressure turbine and three double-flow, low-pressure turbines driving a direct-coupled generator and two external MSRs.

The flow of main steam is directed from the SGs to the high-pressure turbine through main stop and control valves. After expanding through the high-pressure turbine, exhaust steam passes through the MSRs. Extraction from the high-pressure turbine and main steam from the 1-20

equalization header is supplied to the first and second stage of reheater tube bundles in each reheater. The hot reheat steam is admitted to the low-pressure turbines through combined intermediate valves and expands through the low-pressure turbines to the main condensers.

The T/G control system is designed to be compatible with the plant control system for reactor operation. The T/G is designed to accept a sudden loss of full load or LOOP without exceeding design overspeed.

The T/G is described further in DCD Tier 2, Section 10.2 and evaluated in Chapter 10 of this FSER.

1.2.8.2 Main Steam System The MSS delivers steam generated in the SGs to the high-pressure turbine where the thermal energy of the steam is converted to mechanical energy to drive the main T/G. The MSS also provides steam to the FW pump turbines, AFW pump turbines, second-stage reheater of the MSRs, turbine steam seal system, auxiliary steam system, and process sampling system.

The major components of the MSS are the main steam piping, main steam isolation valves (MSIVs), main steam isolation valve bypass valves, main steam safety valves (MSSVs), main steam atmospheric dump valves (MSADVs), turbine bypass valves, and AFW pump turbine steam supply valves and warmup valves.

An MSIV is installed on each of the main steam lines downstream of the MSSVs, outside the reactor containment building. The MSIVs are provided to isolate the SGs upon receipt of a main steam isolation signal. MSIVs are remote-operated and fail-closed valves with a hydraulic actuator.

Overpressure protection for the secondary side of the SGs is provided by spring-loaded MSSVs.

Modulation of the turbine bypass valves would normally prevent the safety valves from opening.

Following the load rejection of any magnitude from full load to house load, including a turbine trip from 100 percent power, the turbine bypass system controls main steam pressure automatically by the SBCS.

During a turbine or reactor trip, the turbine bypass system dissipates heat from the RCS to the condensers. The system has the capability of relieving 55 percent of full load main steam flow to the main condenser.

The MSS is provided with MSADVs to remove reactor decay heat during hot standby and emergency cooldown in conjunction with AFWS.

The MSS is described in further detail in DCD Tier 2, Section 10.3, and evaluated in Chapter 10 of this FSER.

1.2.8.3 Condensate and Feedwater System The condensate and FW system delivers FW from the condenser to the SG. The entire condensate system is non-safety-related. The portions of the FW system that are required to mitigate the consequences of an accident and allow safe shutdown of the reactor are safety-related.

1-21

The condensate and FW system is described further in DCD Tier 2, Subsection 10.4.7, and evaluated in Chapter 10 of this FSER.

1.2.9 Heating, Ventilation, and Air Conditioning System The HVAC systems for all plant buildings are designed for personnel comfort and equipment operation. In addition, the following systems are provided with the protection features described as follows:

a. The control room HVAC system is designed to maintain the environment in the control room envelope and limit the radiation exposure of personnel in the control room during all plant operation conditions. The system maintains positive pressure to provide habitability and prevent uncontrolled incoming air leakage.
b. The fuel handling area HVAC system is a once-through ventilation system designed to limit the radiation release following a fuel-handling accident to meet 10 CFR 50.34 guidelines. This system maintains the area under negative pressure and airflow from less-contaminated to more-contaminated areas.
c. The compound building controlled-area HVAC system is a once-through ventilation system with filtered exhausts. This system maintains negative building pressure and airflow from less-contaminated to more-contaminated areas.
d. The auxiliary building controlled-area HVAC system is a once-through ventilation system designed to filter post-accident contaminated leakages before exiting to meet 10 CFR 50.34 guidelines. This system maintains the building under negative pressure and airflow from less-contaminated to more-contaminated areas.
e. The containment purge system is provided with post-accident containment isolation features and filtration units for air cleanup during normal and refueling operations. This system limits the radiation release to meet 10 CFR 50.34 guidelines in case of a fuel handling accident inside the containment.

Other HVAC systems are described in DCD Tier 2, Section 9.4, and evaluated in Chapter 9 of this FSER.

1.2.10 Fuel Handling and Storage 1.2.10.1 Fuel Handling Fuel handling equipment provides for the safe handling of fuel assemblies and CEAs under specified conditions and for the required assembly, disassembly, and storage of the integrated head assembly and reactor internals during refueling.

The major components of the system are the refueling machine, the CEA change platform, the fuel transfer system, the spent fuel handling machine, the new fuel elevator, and the CEA elevator. The fuel handling equipment is provided to transfer new and spent fuel assembly between the fuel storage facility, the containment building, and the fuel shipping and receiving areas during initial core loading and refueling operations. A fuel assembly is inserted into or removed from the core using the refueling machine. During normal operations, irradiated fuel assemblies and CEAs are maintained in a water environment. Sub-criticality is maintained during all fuel handling operations.

1-22

Fuel handling is further discussed in DCD Tier 2, Section 9.1, and evaluated in Chapter 9 of this FSER.

1.2.10.2 Fuel Storage The new fuel storage facility provides onsite storage capacity of 112 new fuel assemblies. This capacity, which represents 46 percent of the fuel assemblies in the core, envelops a reload batch based on a refueling cycle of 18 months. The spent fuel storage is divided into two regions of the fuel. The fresh or partially burnt fuel assemblies are stored in Region I, which has storage capacity for one full core, one refueling batch, and five damaged fuel assemblies. The Region I storage area is designed to accommodate fuel assemblies with an initial enrichment up to 5 weight percent U-235. Region II has a storage capacity of spent fuel assemblies generated during a plant operation of 20 years. The maximum initial enrichment of 5 weight percent U-235 and the minimum burnup are applied to the Region II design.

Criticality and safety analyses are addressed in DCD Tier 2, Subsection 9.1.1. The new fuel and spent fuel storage facilities are addressed in DCD Tier 2, Subsection 9.1.2. These subsections are evaluated in Chapter 9 of this FSER.

1.2.11 Cooling Water Systems 1.2.11.1 Circulating Water System The circulating water system provides cooling water for the condensers and T/G building closed cooling water heat exchangers and rejects heat to the normal plant heat sink. The normal plant heat sink is site-specific, but a mechanical draft cooling tower is used as a preferable heat sink.

The circulating water system is described further in DCD Tier 2, Subsection 10.4.5, and evaluated in Chapter 10 of this FSER.

1.2.11.2 Essential Service Water System The ESW system (ESWS) is an open system that takes suction from the UHS and provides cooling water to remove heat released from plant SSCs. The ESWS returns the heated water to the UHS. The ESWS cools the CCW system (CCWS), which in turn cools essential and non-essential reactor auxiliary loads.

The ESWS consists of two independent, redundant, safety-related divisions. Each division consists of two ESW pumps, three CCW heat exchangers, three ESW debris filters, and associated piping, valves, controls, and instrumentation.

During normal operation, one ESW pump and two CCW heat exchangers per division are in service.

During plant shutdown operations, two ESW pumps and three CCW heat exchangers in each division operate to remove heat from the components required for plant shutdown operation.

During plant abnormal operation, one ESW pump and two CCW heat exchangers in a single division operate to remove heat from the essential components required for safe shutdown or mitigation of plant abnormal conditions.

1-23

In the event of a LOOP, each division of the ESWS is automatically powered from the EDGs in accordance with emergency load sequencing.

The ESWS is described further in DCD Tier 2, Subsection 9.2.1, and evaluated in Chapter 9 of this FSER.

1.2.11.3 Component Cooling Water System The CCWS is a closed-loop cooling water system that, in conjunction with the ESWS and the UHS, removes heat generated from essential and non-essential plant components connected to the CCWS. Heat transferred by these components to the CCWS is rejected to the ESWS via the CCW heat exchangers.

The CCWS consists of two independent, redundant closed loop divisions. Each division consists of two CCW pumps, three CCW heat exchangers, a CCW surge tank, a CCW chemical addition tank, a CCW makeup pump, and associated piping, valves, and instruments.

During normal power operation, one CCW pump and two CCW heat exchangers in each division are in service to supply cooling water to safety-related and non-safety-related components in the division required for normal power operation.

During the plant shutdown operation, two CCW pumps and three CCW heat exchangers in each division operate to supply cooling water to the components required for plant shutdown operation.

During abnormal plant operations, one CCW pump and two CCW heat exchangers in a single division operate to supply cooling water to the essential components required for the safe shutdown of the plant or mitigation of the abnormal condition.

In the event of a LOOP, each division of the CCWS is automatically powered from the EDGs in accordance with emergency load sequencing.

The CCWS is described further in DCD Tier 2, Subsection 9.2.2, and evaluated in Chapter 9 of this FSER.

1.2.11.4 Chilled Water System The chilled water system is designed to provide and distribute enough quantity of chilled water, through a group of dedicated piping systems, to air handling units and cubicle coolers in specific plant areas. The system is divided into two subsystems: an essential chilled water system that serves safety-related HVAC cooling loads and a plant chilled water system that serves primarily non-safety-related HVAC cooling loads.

The chilled water system is described further in DCD Tier 2, Subsection 9.2.7, and evaluated in Chapter 9 of this FSER.

1.2.11.5 Spent Fuel Pool Cooling and Cleanup System The spent fuel pool cooling and cleanup system (SFPCCS) consists of the spent fuel pool (SFP) cooling system and the SFP cleanup system.

1-24

The safety-related SFP cooling system consists of two redundant trains that are independent of each other. The SFP cooling system removes decay heat generated by one full core offloaded after 100 hours0.00116 days <br />0.0278 hours <br />1.653439e-4 weeks <br />3.805e-5 months <br /> following shutdown, plus the spent fuel assemblies accumulated from the previous refueling operations. Spent fuel is placed in the pool during the refueling operation and stored there until shipped offsite. Heat is transferred from the SFP cooling system, through an SFP cooling heat exchanger, to the CCWS. When a cooling train is in operation, water flows from the SFP to the SFP cooling pump suction, is pumped through the hot side of the heat exchanger and is returned to the SFP. The suction line is located at an elevation above the required minimum water level, while the return line contains an anti-siphon device to prevent gravity drainage of the SFP.

The non-safety-related SFP cleanup system consists of pumps, demineralizers, and filters to maintain SFP water clarity and purity. Fuel transfer canal and refueling pool water is circulated through the same demineralizers and filters. These cleanup loops are sufficient for removing fission products and other contaminants that may be introduced if a leaking fuel assembly is transferred to the SFP.

The demineralizer and filter of the cleanup train are used to clean and purify the SFP water or refueling water while SFP heat removal operations proceed. Connections are provided so that the water may be pumped from either the IRWST or the SFP through a filter and demineralizer and discharged to IRWST or the SFP. To assist further in maintaining SFP optical clarity, the SFP surface is cleaned by a skimmer.

The SFP receives borated makeup water from the boric acid storage tank through the chemical and volume control system (CVCS). The seismic Category I backup source is provided from the AFWST via the CCW makeup pumps. The non-seismic Category source of non-borated demineralized water to the SFP is available during normal plant conditions.

The SFPCCS is described further in DCD Tier 2, Subsection 9.1.3, and evaluated in Chapter 9 of this FSER.

1.2.12 Auxiliary Systems 1.2.12.1 Shutdown Cooling System The SCS is used to reduce the temperature of the reactor coolant, at a controlled rate, from the hot shutdown operating temperature to the refueling temperature and to maintain the proper reactor coolant temperature during refueling. The system uses SC pumps to circulate the reactor coolant through two SC heat exchangers and return it to the RCS. The CCWS supplies cooling water for the SC heat exchangers. The SCS is not placed in service until RCS pressure has been reduced to 31.6 kg/cm2A (450 psia) or lower.

The SCS has a design pressure of 63.28 kg/cm2 G (900 psig). The applicant notes that the large system pressure margin provides for greater operational flexibility and reduces the risk of system over pressurization.

The SCS is described in further detail in DCD Tier 2, Subsection 5.4.7, and evaluated in Chapter 5 of this FSER.

1-25

1.2.12.2 Chemical and Volume Control System The CVCS controls the purity, volume, and boric acid content of the reactor coolant. The CVCS is not required for any safe shutdown or accident mitigation function.

The coolant purity level in the RCS is controlled by continuous purification of a bypass stream of reactor coolant. Water removed from the RCS is cooled in the regenerative heat exchanger and letdown heat exchanger.

From there, the coolant flows through a filter and a demineralizer where corrosion and fission products are removed. The coolant is then sprayed into the volume control tank and returned by the charging pumps to the regenerative heat exchanger for heating prior to returning to the RCS loops. A portion of the flow downstream of the charging pump is diverted for RCP seal injection. The charging flow is controlled by centrifugal charging pumps and a charging flow control valve on the discharge of the pumps.

The CVCS automatically adjusts the amount of reactor coolant in order to maintain a programmed level in the PZR.

The CVCS controls the boric acid concentration in the coolant by feed and bleed where the purified letdown stream is diverted to a boron recovery subsystem, and either concentrated boric acid or demineralized water is sent to the charging pumps. The diverted coolant stream is processed by ion exchange and degasification and flows to a concentrator. The concentrator bottoms are sent to the boric acid storage tank for reuse as boric acid solution, and the distillate is passed through an ion exchanger and stored for reuse as demineralized water in the reactor makeup water tank.

The APR1400 design employs dedicated safety systems for accident mitigation and safe-shutdown functions. Although not a safety-related system, the CVCS could provide makeup and depressurization capabilities.

The CVCS is described in further detail in DCD Tier 2, Subsection 9.3.4, and evaluated in Chapter 9 of this FSER.

1.2.12.3 Primary Sampling System The primary sampling system is designed to collect and deliver representative samples for inline and laboratory analyses. Typical results of the analyses include reactor coolant boron and chloride concentrations, fission product radioactivity level, radionuclide gamma-spectrum, dissolved gas concentrations, fission gas content, conductivity, pH, corrosion product concentration, and chemical additive concentration. The analysis results are used in regulating boron concentration, evaluating fuel element integrity and demineralizer performance, maintaining acceptable hydrogen levels, detecting radioactive material leakage, and regulating additions of corrosion-controlling chemicals to the systems.

The system consists of sampling lines, a normal primary sample sink, a normal primary sample cooler rack, post-accident primary sample cooler rack, post-accident primary sample sink, normal/post-accident primary sample control panels, primary off-gas hydrogen/oxygen analyzer, analysis equipment, and associated valves and instrumentation.

The system permits sampling during reactor operation, cooldown, and post-accident modes without requiring access to containment. Remote samples of fluids can be taken from high 1-26

radiation areas without requiring access to these areas. Local sampling points are provided at various locations throughout the plant. Samples from the containment flow through containment isolation valves to the post-accident primary sample room in the auxiliary building or the normal primary sample room in the compound building. High-temperature sample lines also contain sample coolers in the normal and post-accident primary sample cooler racks.

The primary sampling system is described further in DCD Tier 2, Subsection 9.3.2, and evaluated in Chapter 9 of this FSER.

1.2.12.4 Condensate Polishing System The condensate polishing system is designed to remove dissolved and suspended impurities that could cause corrosion damage to secondary system equipment. Condensate polishing demineralizers are also used to remove impurities that enter the system as a result of a condenser circulating water tube leak.

The condensate polishing system is described further in DCD Tier 2, Subsection 10.4.6, and evaluated in Chapter 10 of this FSER.

1.2.12.5 Steam Generator Blowdown System The SG blowdown system (SGBS) is designed to assist in maintaining the chemical characteristics of the secondary side water within permissible limits during normal operation and AOOs such as a main condenser tube leak or SG primary-to-secondary tube leakage. The SGBS is also designed to remove impurities concentrated in SGs by continuous blowdown, periodical high-capacity blowdown, and emergency blowdown.

The SGBS consists of the blowdown subsystem (BDS) and wet layup subsystem (WLS). The BDS consists of blowdown piping connected to each SG, a blowdown flash tank, a regenerative heat exchanger, two pre-filters, two demineralizers, a post-filter, and control valves. The WLS consists of two recirculation trains (one for each SG) and shares filters and demineralizers with the BDS.

During normal operations, the continuous blowdown (0.2 percent or 1 percent of the full-power main steam flow) flows from each SG are maintained to keep SG the secondary side water chemistry within the specified limits.

The blowdown is directed into a flash tank where the flashed steam is returned to the cycle via the high-pressure FW heaters. The liquid portion flows to a heat exchanger for cooling and is directed through a blowdown filter where a major portion of the suspended solids is removed.

After filtration, the blowdown fluid is processed by blowdown demineralizers and returned to the condenser. During long-term shutdown periods, the WLS is used to control water chemistry in the SGs. Following draining or dry layup, the WLS is used to refill the SGs.

The blowdown lines from the SGs are automatically isolated by closing isolation valves in the event of abnormal conditions.

The SGBS is described further in DCD Tier 2, Subsection 10.4.8, and evaluated in Chapter 10 of this FSER.

1-27

1.2.12.6 Compressed Air and Gas Systems The compressed air and gas systems comprise the compressed air system, the compressed gas system, and the breathing air system. The compressed air and gas systems are non-safety-related with the exception of containment penetration portion.

The instrument air system supplies clean, oil-free, dried air to all air-operated instrumentation and valves. The service air system supplies compressed air for air-operated tools, miscellaneous equipment, and various maintenance purposes.

The compressed gas system comprises the nitrogen subsystems, hydrogen subsystem, and carbon dioxide subsystem.

The breathing air system supplies emergency breathing air for control room personnel.

The compressed air and instrument air systems are described further in DCD Tier 2, Subsection 9.3.1, and evaluated in Chapter 9 of this FSER.

1.2.12.7 Equipment and Floor Drainage System The equipment and floor drainage system provides the means by which wastes are segregated and transported to the liquid waste management system (LWMS) to minimize liquid and gaseous radioactive releases.

The equipment and floor drainage system is described further in DCD Tier 2, Subsection 9.3.3, and evaluated in Chapter 9 of this FSER.

1.2.12.8 Fire Protection Program The fire protection program protects SSCs important to safety from the effects of a potential fire.

There is reasonable assurance that the plant would achieve safe shutdown with the assumption that fire will render all equipment in any one fire area inoperable, recognizing that postfire reentry for repairs or operator action will not be possible. The plant also maintains the ability to minimize the potential for radioactive releases to the environment in the event of a fire.

The fire protection program includes administrative controls, emergency lighting, fire barriers, fire detection and suppression systems, fire brigade personnel, and other features provided for fire protection purposes.

The fire protection program is described further in DCD Tier 2, Subsection 9.5.1, and evaluated in Chapter 9 of this FSER.

1.2.12.9 Communication Systems The communication systems are designed to provide effective communications between all areas of the plant and the plant site, including all vital areas of the plant. In addition, the communication systems are designed to provide an effective means to communicate to plant personnel and offsite utility and regulatory officials during normal conditions, abnormal, and accident conditions.

The communication systems are described further in DCD Tier 2, Subsection 9.5.2, and evaluated in Chapter 9 of this FSER.

1-28

1.2.12.10 Lighting System The lighting system is designed to provide adequate and effective illumination throughout the plant and plant site, including all vital areas of the plant.

The normal lighting system is used to provide normal illumination under normal plant operation, maintenance, and test conditions.

Upon loss of the normal lighting system, the emergency lighting system is used to provide acceptable levels of illumination throughout the station and particularly in areas where emergency operations are performed, such as control rooms, fuel handling area, remote shutdown area, and Class 1E switchgear rooms.

The lighting system is described further in DCD Tier 2, Subsection 9.5.3 and evaluated in Chapter 9 of this FSER.

1.2.12.11 Emergency Diesel Generator System The EDG system is a safety-related system consisting of four EDGs and their respective support systems such as fuel oil, lube oil, engine cooling water, starting air, and combustion air intake and exhaust systems. Each EDG provides Class 1E power to one of the four independent Class 1E buses during a LOOP. EDGs are normally in standby mode.

Each EDG is designed to attain the rated voltage and frequency within 17 seconds of a loss of voltage, and to be connected to the 4.16 kV Class 1E bus within 19 seconds of a loss of voltage.

Once the EDG reaches rated voltage and speed, the EDG breaker closes and the sequencer generates the proper signal to connect ESF equipment to the Class 1E bus in a programmed time sequence.

The EDG support systems are described further in DCD Tier 2, Subsections 9.5.4 through 9.5.8, and evaluated in Chapter 9 of this FSER.

1.2.12.12 Gas Turbine Generator Facility One GTG is used as an AAC source to cope with an SBO. The GTG is independent from the EDGs. The GTG manually starts from a standby condition, accelerates to the required speed, reaches nominal voltage and frequency, and is ready to accept load within 2 minutes of receipt of a start signal in the event of an SBO. The GTG is also designed to start automatically and to be connected manually to non-Class 1E cables in the event of a LOOP.

The major components of the GTG are a combustion turbine, generator, and auxiliary systems such as fuel oil, lube oil, start system, and combustion air intake and exhaust systems.

The GTG support systems are described further in DCD Tier 2, Subsection 9.5.9, and evaluated in Chapter 9 of this FSER.

1.2.12.13 Domestic Water and Sanitary System The domestic water and sanitary system provides water for drinking and sanitary purposes.

1-29

The sanitary system is designed to receive and treat sewage. This system serves no safety functions and any malfunction has no adverse effect on any safety-related system. The requirements of 10 CFR Part 50, Appendix A, GDC 60, Control of releases of radioactive materials to the environment, are met as related to the design provisions provided to control the release of liquid effluents containing radioactive material from contaminating the domestic water and sanitary system.

The domestic water and sanitary system are described further in DCD Tier 2, Subsection 9.2.4, and evaluated in Chapter 9 of this FSER.

1.2.13 Radioactive Waste Management Systems The radioactive waste management systems are designed to control radioactive liquid, gaseous, and solid wastes. The systems consist of three principal systems:

a. Liquid waste management system
b. Gaseous waste management system
c. Solid waste management system The solid, gaseous, and liquid waste management systems are located in the compound building. The design of the radioactive waste management systems provides reasonable assurance that the total offsite dose resulting from radioactive releases is as low as is reasonably achievable (ALARA).

1.2.13.1 Liquid Waste Management System The LWMS is designed to monitor, control, collect, process, handle, store, and dispose of liquid radioactive waste generated during normal plant conditions, including AOOs. The LWMS is divided into the floor drain subsystem, equipment waste subsystem, chemical waste subsystem, and detergent waste subsystem. The LWMS treats liquid waste using a reverse osmosis package system that reduces radioactivity to levels acceptable for release or reuse. The processed liquid radioactive waste is sampled prior to release from monitor tanks. The LWMS is designed to monitor radioactivity levels in the processed liquid waste prior to release.

The LWMS is designed to meet the following requirements:

a. Capability to process floor drain wastes, equipment wastes, chemical wastes, and detergent wastes to meet release radionuclide concentration limits in accordance with 10 CFR Part 20, Appendix B, Annual Limits on Intake (ALIs) and Derived Air Concentrations (DACs) of Radionuclides for Occupational Exposure; Effluent Concentrations; Concentrations for Release to Sewerage, prior to discharge to the environment.
b. Capability to recycle treated water in order to minimize the liquid radwaste effluent releases to the environment.
c. Capability to segregate the liquid waste streams by the use of separate waste drain headers and waste collection sumps or tanks for each waste stream category.

The LWMS provides sufficient capacity, redundancy, and flexibility to treat the liquid radwaste in a manner that reduces the radionuclide concentrations to levels that do not exceed the effluent concentration limits in 10 CFR Part 20, Appendix B, and 10 CFR Part 50, Appendix I, 1-30

Numerical Guides for Design Objectives and Limiting Conditions for Operation to Meet the Criterion As Low As Is Reasonably Achievable for Radioactive Material in Light-Water-Cooled Nuclear Power Reactor Effluents, dose objectives for liquid effluents.

A description of this system is presented in DCD Tier 2, Subsection 11.2 and the LWMS is evaluated in Chapter 11 of this FSER.

1.2.13.2 Gaseous Waste Management System The gaseous waste management system (GWMS) is designed to monitor, control, collect, process, handle, store, and dispose of gaseous radioactive waste generated during normal plant conditions, including AOOs.

The GWMS manages radioactive gases collected from the off-gas system and other tank vents containing radioactive materials. The gaseous waste from the above sources is treated to reduce the quantity of radioactive material prior to release to the environment.

The radiation level in the processed gases is verified with radiation monitors prior to release to the environment.

The GWMS is designed to meet the following requirements:

a. Provide the capability to monitor, control, collect, process, handle, store, and dispose of radioactive gaseous waste generated as the result of normal operation including AOOs to meet release radionuclide concentration limits in accordance with 10 CFR Part 20, Appendix B, prior to discharge to the environment.
b. Provide reasonable assurance that the release of radioactive material in gaseous effluents is kept ALARA.
c. Remove and reduce radioactive materials to the environment to meet the requirements of 10 CFR Part 50, Appendix I.

The gaseous radwaste subsystem uses charcoal at ambient temperature to delay the passage of radioactive gases. When operating at design conditions, the mass of charcoal provided in the absorber beds is sufficient to provide a delay of 45 days for xenon and a delay of 3.5 days for krypton.

The GWMS operates at pressures slightly above atmospheric, and therefore limits the potential for oxygen inleakage. Leakage from the GWMS is further limited using welded connections wherever they are not restricted due to maintenance requirements. Control valves are provided with bellows seals to minimize leakage through the valve stems. The GWMS is designed to prevent the formation or buildup of explosive mixtures of hydrogen and oxygen by continuous monitoring and controlling the concentrations of hydrogen and oxygen through one of the two gas analyzers. The concentrations are confirmed by periodic sampling and analysis at several routing locations. When the oxygen concentration is detected to be higher than the predetermined setpoint, nitrogen is injected to dilute the concentration to below the lower flammable limit, which is 4 percent.

A description of this system is presented in DCD Tier 2, Section 11.3 and the GWMS is evaluated in Chapter 11 of this FSER.

1-31

1.2.13.3 Solid Waste Management System The solid waste management system (SWMS) is designed to provide the means to monitor, control, collect, process, handle, and temporarily store the following prior to shipment: wet, dewatered, and dry solid radioactive waste generated during normal plant conditions, including AOOs. The SWMS processes both wet solid active waste and dry active waste for onsite interim storage and shipment to the offsite disposal facility.

The SWMS is designed to meet the following requirements:

a. Collect, segregate, treat, package, and store various solid radioactive wastes generated from the normal operation, maintenance, refueling, and AOOs.
b. Store, treat, and package the radioactive spent resin transported from the LWMS, CVCS, SFPCCS, and SGBS.
c. Temporarily store the high- and low-activity waste, and to retrieve and ship wastes.
d. Treat and package wastes into drums or high-integrity containers that satisfy the required regulations of the U.S. Department of Transportation and the disposal facility.
e. Satisfy federal regulations and protect the workers and the general public from radiation exposures ALARA.

The SWMS is subdivided into a spent resin transfer subsystem, packaging and storage subsystem, filter handling subsystem, dry active waste subsystem, concentrate treatment subsystem, and waste storage subsystem.

In order to reduce occupational radiation exposure, operations for processing and transfer of low- and intermediate-level radioactive waste are conducted remotely. Operator access is required for work related to low-level radioactive waste such as dry active waste.

A description of this system is presented in DCD Tier 2, Section 11.4, and the SWMS is evaluated in Chapter 11 of this FSER.

1.3 Comparison with Similar Facility Designs The APR1400 design is a two-loop, evolutionary design, PWR based on the Korean OPR1000 design and the System 80+ design by Combustion Engineering (now owned by Westinghouse).

The System 80+ design was certified by NRC under 10 CFR Part 52, Subpart B, on June 20, 1997. The certification expired on June 20, 2012. KHNP initially designed the APR1400 for approval to use in South Korea. The first two APR1400 units built are identified as Shin Kori 3 and 4 (SKN 3&4).

DCD Tier 2, Section 1.3, summarizes the comparison of the APR1400, System 80+, and SKN 3&4 designs, split between NSSS components and non-NSSS components. Tables 1.3-1, Comparison of NSSS Components, and 1.3-2, Comparison of Plant Components Other Than NSSS, provide system by system comparisons and identify the chapter and section of the DCD where the system is discussed.

1-32

1.4 Identification of Agents and Contractors DCD Tier 2, Section 1.4.1 discusses the two companies which submitted the DCD application and are considered co-applicants. KEPCO is a market-oriented public corporation based in South Korea. KEPCO was founded with the objective to facilitate the development of electric power supply and contribute to the national economy in accordance with the Korea Electric Power Corporation Act. KEPCO is partially owned by the Korean government. Its stock is listed on the New York Stock Exchange. KEPCO provides funds for the APR1400 design certification and reviews top-level policy issues.

KHNP is responsible for the APR1400 design and certification. KHNP is a wholly-owned subsidiary of KEPCO which owns and operates Koreas 21 nuclear power plants and 27 hydro-electric power plants. It separated from KEPCO in 2001. The System 80+ design was upgraded based on KHNPs more than 30 years of operating reactors and their expertise accumulated while developing the OPR1000 design in Korea.

DCD Tier 2, Sections 1.4.2 through 1.4.5, describe the following major contractors that provided support to the APR1400 application and review response under the direction of KHNP. KHNP relied on the following companies, all located in Korea, to support the design certification.

KEPCO Engineering and Construction Company, Inc. (KEPCO E&C) is the Architect Engineer (A/E). KEPCO E&C provide engineering and engineering management services, project management assistance, and support services. KEPCO E&C has nuclear plant experience beginning in 1976 and participated in the construction of all Korean nuclear power plants.

The NSSS Division of KEPCO E&C is the NSSS designer. KEPCO E&C-NSSS initially worked with Asea Brown-Boveri Combustion Engineering (ABB-CE) on 1,000 MW PWRs in Korea.

Since 1991, the NSSS Division has been the sole designer of the NSSS of all nuclear power plants built in Korea and developed the NSSS design of the APR1400 plant.

Doosan Heavy Industry and Construction Co., Ltd. (Doosan) is a separate, publicly owned company. Doosan was designated by KHNP as the prime contractor for the supply of equipment, materials, and related services of the NSSS and T/Gs for 14 nuclear plant construction efforts in Korea, including SKN 3&4.

KEPCO Nuclear Fuel (KEPCO NF) is a fuel design and fabrication company that has been responsible for the fuel supplied to all nuclear power plants in Korea for decades. Its major activities include initial and reload core design, fuel development, fuel assembly and component manufacture, and fuel services. KEPCO NF is responsible for the PLUS7 fuel design.

DCD Tier 2, Chapter 1, Section 1.4.6, Combined License Information, lists one COL Item.

COL 1.4(1) The combined license (COL) applicant that references the APR1400 design certification is to identify major agents, contractors, and participants for the construction and operation of the nuclear power plant.

The staff finds that COL Item 1.4(1) is reasonable because it supports the COL applicants compliance with 10 CFR 52.79(a)(26) which requires a COL applicant to provide, The applicants organizational structure, allocations or responsibilities and authorities, and personnel qualifications for operation.

1-33

The staff evaluated the technical qualifications of KHNP, and their supporting companies, based on the information provided in DCD Tier 2, Chapter 1, and the NRCs previous experience with Doosan as a major component manufacturer. The staff determined that KHNP and its supporting companies are technically qualified to support the APR1400 design certification represented in the DCD.

1.5 Performance of New Safety Features The APR1400 DCD Tier 2, Section 1.5, Requirements for Additional Technical Information, provides additional technical information for the unique design features of the APR1400.

Fluidic Device Design DCD Tier 2, Section 1.5.1, Fluidic Device Design, describes the FD. In the event of a large break LOCA (LBLOCA), conventional nuclear power plants deliver cooling water via the SIS using SIPs during the reflood phase and from SITs in the refill phase. With conventional SITs, excessive water is delivered to the reactor core and causes the excess water to exit to the atmosphere via the break.

The FD is installed inside the SIT of the APR1400 and passively controls the water injection rate. The FD consists of a standpipe and a vortex chamber. When the SIT water level is above the standpipe top, water enters the vortex chamber through both the top of the standpipe and the control ports in the chamber, low inside the SIT. This results in a large flow rate to the reactor core. However, when the water level falls below the top of the standpipe, the only flowpath is through the lower level control ports. This results in the formation of a vortex and reduced flow rate to the core. By passive design, the SIT provides short-term large injection flow to refill the reactor vessel and core. Then, the SIT provides a lower flow to reduce the amount of water spilled into the containment. This reduced flow, in conjunction with the SIP, adequately supports the core reflooding phase. As stated by the applicant and supported by testing described below, the result is an improvement in the overall reliability of the SIS water injection.

The FD tested full-scale at the valve performance evaluation rig (VAPER) Test Facility at the Korea Atomic Energy Research institute (KAERI). Experimental results confirm design performance requirements of injection flow rate, pressure loss coefficient, and injection duration time. The designed vortex in low-flow mode increased the pressure loss coefficient (lower pressure loss) by a factor of 10 times compared to the high flow rate period. KHNP used its Quality Assurance Program to ensure reasonable assurance of the testing and results.

The FD design is described in the Topical Report, APR1400-Z-M-TR-12003-A, Fluidic Device Design for the APR1400, Revision 0 (ML17129A594). It is evaluated in the Topical Report Safety Evaluation (TRSE). As part of NRC process, applicants are directed to include the TRSE in an Accepted version of the Topical Report. The Accepted, or A version is the version of the Topical Report which can be referenced for use as stated in the report and TRSE. KHNPs LBLOCA methodology is described in the Topical Report, APR1400-F-A-TR-12004-A, Realistic Evaluation Methodology for LB LOCA, Revision 0 (ML18233A442). It is evaluated in the safety evaluation included in the A version of the Topical Report. Additional evaluations of the SIS and LBLOCA are provided in Section 6.3, Safety Injection System, and Chapter 15, Transient And Accident Analyses of this FSER.

1-34

Pilot-Operated Safety Relief Valve Design The APR1400 adapts the POSRV to provide overpressure protection of the RCS. Four POSRVs are connected to the top of the PZR by separate inlet lines. These valves also provide rapid (remote, manual) depressurization functions during the BDBE of a total loss of FW event for feed-and-bleed operations and for severe accidents to reduce RCS pressure prior to vessel breach. The four POSRVs are designed to maintain the RCS pressure below 110 percent of design pressure during the worst-case scenario. Manually operated isolation valves are normally open, but are closed for maintenance or testing activities. The POSRVs are capable of discharging steam, water, and steam-water mixture. The POSRVs are evaluated in Section 5.4.14, Safety and Relief Valves, of this FSER.

Direct Vessel Injection The APR1400 SIS is designed to inject water directly into the reactor vessel, through direct vessel injection nozzles, in the downcomer region. Prior PWR designs injected water to the cold leg, expecting it to flow to the vessel. However, a cold leg break could reduce the quantity of water reaching the vessel. There are four direct vessel injection nozzles, all are 90 degrees apart from each other. Direct vessel injection is evaluated in Section 6.3, Emergency Core Cooling System/Safety Injection System, of this FSER.

Digital Instrumentation and Control System The APR1400 includes digital I&C systems consisting of the safety I&C system and non-safety control and monitoring system. APR1400 I&C also includes a diverse actuation system (DAS).

All I&C functions and tasks are translated between the I&C systems and plant operators using the HSI system.

The HSI system is designed in accordance with the HFE program to provide reasonable assurance that the HFE design is properly developed and effectively implemented. The HFE program is developed according to a systematic top-down approach. In accordance with applicable requirements of the HFE process elements, the HFE program plan provides reasonable assurance that the HSI design effectively supports the operator and allows consequential operator errors to be minimized. The HFE program is in effect at least from the start of the design cycle through completion of initial plant startup test program to conform with NUREG-0711, Human Factors Engineering Program Review Model, Revision 3.

The safety I&C system consists of the PPS, CPCS, ESF-CCS, and the QIAS-P. The control and monitoring system includes the PCS, P-CCS, QIAS-N, and IPS. The DAS is composed of the DPS, diverse indication system, and diverse manual ESF actuation switch. The HSI system includes the compact workstation-based operator console with an information flat panel display and ESF-CCS soft control module (ESCM), LDP, safety console with ESCM / manual switches /

operator module / display device in the MCR, compact workstation-based operator console with ESCM, and a shutdown overview panel in the RSR.

The safety I&C system is implemented on the four channels of common programmable logic controller qualified for Class 1E grade in accordance with IEEE Std. 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, and IEEE Std. 7-4.3.2-2003, IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations, and each channel is located in a separate I&C equipment room.

1-35

The software for the digital I&C system is designed, verified, and validated in accordance with software life-cycle process conforming with NRC RG 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, Revision 3.

The control and monitoring system is implemented on a distributed control system. The data communication system provides a high-speed and error-free communication path between each system and within a system.

The diversity and defense-in-depth analysis is performed to demonstrate that the DAS and control system meet Item II.Q of the SRM on SECY-93-087, July 1993, in case of software common-cause failure in the safety I&C system. The DAS is implemented on the platform diverse from the safety I&C system and control system.

The DAS, and all I&C systems are evaluated in Chapter 7, Instrumentation and Controls, of this FSER. The HFE program and HSI system are evaluated in Chapter 18, Human Factors Engineering, of this FSER.

1.6 Material Referenced DCD Tier 2, Table 1.6-1, List of Topical Reports, contains all topical reports that are incorporated by reference as part of the application. The staff reviewed these reports. Each topical report has a separate safety evaluation written for it. The applicant has submitted an Accepted version of each topical report which includes in the front of the report a copy of the safety evaluation and the NRC letter transmitting the safety evaluation. For each topical report, the ACRS reviewed the topical report and issued its own letter stating that there was reasonable assurance that use of the topical report is acceptable for the APR1400 design.

DCD Tier 2, Table 1.6-2, List of Technical Reports, contains all technical reports that are incorporated by reference as part of the application. The staff reviewed these reports. The staffs evaluation of any referenced information is included as part of this FSER in the chapter where the technical reports are referenced.

1.7 Drawings and Other Detailed Information DCD Tier 2, Chapter 1, Table 1.7-1, Safety-Related Electrical, Instrumentation, and Control Drawings, provides a summary of the electrical, instrumentation, and control system configuration drawings. DCD Tier 2, Table 1.7-2, APR1400 System Flow Diagrams, provides a summary of the mechanical system configuration drawings. DCD Tier 2, Figure 1.7-1, Flow Diagram Symbols and Legend, lists the standard piping designations and specifications used in the drawings.

1.8 Interfaces with Standard Designs For a design certification application, the NRC requires the applicant to address interface requirements for those design features that are outside the scope of the certified design, as identified by the applicant, and a representative conceptual design for those portions of the plant for which the application does not seek certification; 10 CFR 52.47(a)(24) requires a conceptual design and 10 CFR 52.47(a)(25) sets forth interface requirements for out-of-scope portions of the design. ITAAC, required by 10 CFR 52.47(b)(1), apply only to in-scope portions of the design and are not related to 10 CFR 52.47(a)(24) and 10 CFR 52.47(a)(25).

1-36

COL Item 1.8(1) states, The COL applicant is to describe how site-specific interface requirements are met. DCD Tier 2, Table 1.8-1, is an index of all DCD sections which contain interface requirements. DCD Tier 1, Revision 3, Chapter 3, Interface Requirement, identifies these interfaces for the electrical system, UHS, and ESW system. The staff reviewed the lists for the three systems and find reasonable assurance that the lists are complete and specific enough for the COL applicant to appropriately match its site-specific equipment and systems to the listed items such that the COL can satisfactorily complete the COL Item. The staff finds COL Item 1.8(1) acceptable because it ensures that the COL follows through on matching the interfaces identified in the DCD as required by 10 CFR 52.47(a)(25).

1.9 Conformance with Regulatory Guidance Conformance with Regulatory Guides DCD Tier 2, Table 1.9-1, APR1400 Conformance with Regulatory Guides, lists regulatory guides and branch technical positions that are applicable to the APR1400 design. RGs from Division 1, Power Reactors; Division 4, Environmental and Siting; Division 5, Materials and Plant Protection; and Division 8, Occupational Health are listed. Applicable revisions are also shown. The DCD Tier 2 Section column of Table 1.9-1 identifies where the RG is discussed in the DCD.

Conformance with the Standard Review Plan DCD Tier 2, Section 1.9.2, APR1400 Conformance with the Standard Review Plan, lists the sections of the Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (NUREG-0800) (SRP) which were followed in the preparation of the DCD and application, and that are applicable to the APR1400 design. Applicable revisions and deviations from the SRP are also listed. Conformance or a summary description of any deviation is given with each table entry. The DCD Tier 2 Section column of Table 1.9-2 identifies where the SRP section is discussed in the DCD.

Generic Issues and Three Mile Island (TMI) Requirements DCD Tier 2, Table 1.9-3, APR1400 Conformance with Generic Issues (NUREG-0933),

addresses the applicability of NRC generic issues. DCD Tier 2, Table 1.9-4, APR1400 Conformance with Additional TMI-Related Requirements (10 CFR 50.34(f)), discusses the conformance with Three Mile Island requirements set forth in 10 CFR 50.34(f) and identifies the location in the DCD of the detailed discussion. DCD Tier 2, Section 1.9.3, Generic Issues, describes the applicants approach to identifying technically relevant generic issues and TMI requirements which were current as of the date six months prior to the application docket date.

Operational Experience (Generic Communications)

DCD Tier 2, Section 1.9.4, Operational Experience (Generic Communications), describes the applicants approach to identifying and incorporating operating experience insights required by 10 CFR 52.47(a)(22). This section states that, GLs and bulletins issued after the March 2007 revision of the SRP have been assessed to address how the applicable operating experience has been incorporated into the APR1400 design. DCD Tier 2, Table 1.9-5, Generic Communications Applicability to APR1400, lists the Generic Letters and Bulletins considered for applicability to the APR1400 application.

1-37

Commission (SECY) Documents DCD Tier 2, Section 1.9.5, Advanced and Evolutionary Light-Water Reactor Design Issues, identifies RG 1.206, Section C.I.1.9.5 as specifying that a DC applicant is to address the licensing and policy issues developed by the NRC and documented in the Office of the Secretary of the Commission (SECY) documents and the associated Staff Requirements Memoranda (SRM) that apply to the proposed design. DCD Tier 2, Table 1.9-6, Summary of SECY Documents Provided in Section C.I.1.9.5 of NRC RG 1.206, lists the SECY papers reviewed for applicability to the APR1400 application. A brief discussion is provided and the location in the DCD where it is applied is stated. DCD Tier 2, Table 1.9-7, Conformance with SECY-93-087, lists the individual items in SECY-93-087. For each item, a brief discussion is provided and the location in the DCD where it is applied is stated.

Fukushima Near Term Task Force Tier 1, 2, and 3 Recommendation On July 12, 2011, NRC issued the report, Recommendations for Enhancing Reactor Safety in the 21st Century, sub-titled The Near-Term Task Force (NTTF) Review of Insights from the Fukushima Dai-Ichi Accident (ML111861807). The NTTF report contained multiple recommendations which were later followed up with Commission review and briefings. Based on the recommendations contained in several SECY papers provided to the Commission, the Commission directed the issuance of Orders to the operating reactors to comply with some of the NTTF recommendations. The intent of these Orders is applied to new reactor designs during the design certification process as described in SECY-12-0025 (ML12039A111).

DCD Tier 2, Table 1.9-8, APR1400 Strategies for Addressing Tier 1, 2 and 3 NTTF Recommendations, summarizes KHNPs approach to addressing the SECY papers and Orders.

Part 21 Notification of Failure to Comply or Existence of a Defect and Its Evaluation DCD Tier 2, Section 1.9.7 (title above), acknowledges the requirements of 10 CFR Part 21 regarding the identification and reporting of defects. DCD Tier 2, Section 1.9.7 stated that there are no known applicable defects at the time of application submission.

Combined License Information DCD Tier 2, Section 1.9.8, Combined License Information, lists COL Item 1.9(1) which states, The COL applicant is to provide an evaluation of the conformance with the regulatory criteria for the site-specific portions and operational aspects of the facility. The staff finds COL Item 1.9(1) acceptable because it supports the COL applicants compliance with multiple subsections of 10 CFR 52.79(a).

Summary DCD Tier 2, Section 1.9 describes and lists the regulatory guidance used for the design of the APR1400 nuclear power plant detailed in the design certification application. However, confirmation of the applicability and evaluation of the proper application of the guidance is made 1-38

in the sections of this FSER where the systems and components referencing the guidance are evaluated.

1.10 Index of Exemptions In accordance with 10 CFR 52.48, the staff used the current regulations in 10 CFR Part 20; 10 CFR Part 50; 10 CFR Part 73, Physical Protection of Plants and Materials, and 10 CFR Part 100, Reactor Site Criteria, in reviewing the KHNP application for certification of the APR1400 design. KHNP did not submit any exemption requests as part of the APR1400 design certification application. During this review, the staff did not identify any instances where an exemption from the above regulations was necessary.

1.11 Index of Tier 2* Information Tier 2* information is information that requires NRC approval before a departure is taken from the certified design, in accordance with the applicable design certification rule. There is no Tier 2* information in this application.

1.12 COL Information Items COL applicants and licensees referencing the certified APR1400 standard design must satisfy the requirements and commitments identified in the DCD. The APR1400 DCD Tier 2 identifies certain general commitments as COL information items. These items relate to programs, procedures, and issues that are outside the scope of the certified design review. They do not establish requirements; rather, they identify a set of information to be included in a plant-specific safety analysis report. An applicant for a COL should address each of these items in its application. It may deviate from or omit these items, provided that the deviation or omission is identified and justified in the plant-specific safety analysis report. COL Item 1.8(2) states, The COL applicant is to identify how each COL information item is addressed. The finds this COL item acceptable because it supports the COLs compliance with 10 CFR 52.73, Relationship to other subparts, subpart (b), which states that the Commission needs to make a determination that a COL application that references a certified design is consistent with the certification information.

The following table summarizes the COL items identified in DCD Tier 2, Chapter 1.

Table 1.12-1 Combined License Items Identified in the DCD Item No. Description Section COL 1.1(1) The COL applicant that references the APR1400 is to identify the 1.1.1 actual plant site location.

COL 1.1(2) The COL applicant that references the APR1400 is to provide 1.1.5 estimated schedules for the completion of construction and the start of commercial operation.

COL 1.2(1) The COL applicant is to prepare a complete and detailed site plan. 1.2 COL 1.4(1) The COL applicant that references the APR1400 design certification 1.4 is to identify major agents, contractors, and participants for the construction and operation of the nuclear power plant.

COL 1.8(1) The COL applicant is to describe how site-specific interface 1.8 requirements are met.

1-39

Item No. Description Section COL 1.8(2) The COL applicant is to identify how each COL information item is 1.8 addressed.

COL 1.9(1) The COL applicant is to provide an evaluation of the conformance 1.9 with the regulatory criteria for the site-specific portions and operational aspects of the facility.

1.13 Requests for Additional Information RAIs are questions asked of KHNP by the staff concerning the application. The NRC sent questions to KHNP in letters and KHNP responded to the staff in letters. Appendix E of this FSER lists these letters.

The nomenclature for RAIs concerning the DCD took one of the following two forms:

(1) XX.Y-Z, where XX was the DCD Chapter number, Y was the section number, and Z was the question sequence number.

(2) XX.Y.A-Z, where XX was the DCD Chapter number, Y was the section number, A was the subsection number, and Z was the question sequence number.

1.14 Conclusion As described above, the applicant supplemented the information in the initial DCD submission by providing revisions to the document. The staff has completed its review of Revision 3, the most recent version of the DCD, as documented throughout this FSER, and, for the reasons set forth herein, finds it to be acceptable.

1-40

Retrieved from "https://kanterella.com/w/index.php?title=ML18264A141&oldid=1922350"