05000369/LER-2021-001, Valid Actuations of the Unit 2 B Train Emergency AC Power System and B Train Auxiliary Feedwater System

From kanterella
(Redirected from ML21315A006)
Jump to navigation Jump to search
Valid Actuations of the Unit 2 B Train Emergency AC Power System and B Train Auxiliary Feedwater System
ML21315A006
Person / Time
Site:  Duke Energy icon.png
Issue date: 11/10/2021
From: Teresa Ray
Duke Energy Carolinas
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
RA-21-0293 LER 2021-001-00
Download: ML21315A006 (7)
v  d  e


LER-2021-001, Valid Actuations of the Unit 2 B Train Emergency AC Power System and B Train Auxiliary Feedwater System
Event date:
Report date:
Reporting criterion: 10 CFR 50.73(a)(2)(iv)(B), System Actuation
3692021001R00 - NRC Website
v  d  e

text

J,.., DUKE

~ ENERGY Serial No: RA-21-0293 November 10, 2021 U.S. Nuclear Regulatory Commission Washington, D.C. 20555 ATTENTION: Document Control Desk

Subject:

Duke Energy Carolinas, LLC McGuire Nuclear Station, Unit 2 Docket No. 05000370 Renewed License No. NPF-9, NPF-17 Licensee Event Report 2021-01, Revision 0 Nuclear Condition Report Number 02397398 Thomas D. Ray, P.E.

Site Vice President McGuire Nuclear Station Duke Energy MG01VP 11 2700 Hagers Ferry Road Huntersville, NC 28078 o: 980.875.4805 f: 980.875.4809 Tom.Ray@duke-energy.com 10 CFR 50.73

\\

Pursuant to 10 CFR 50.73 Section (a)(2)(iv)(A), attached is Licensee Event Report (LER) 2021-01, Revision 0, regarding valid actuations of the 28 Emergency AC Electrical Power System and B Train Auxiliary Feedwater (AFW) System.

This event is considered to have no significance with respect to the health and safety of the public. There are no regulatory commitments contained in this LER.

If questions arise regarding this LER, please contact Jeff Thomas at 980-875-4499.

Thomas D. Ray Site Vice President McGuire Nuclear Station Attachment www.duke-energy.com

U. S. Nuclear Regulatory Commission RA-21-0293 Page2 cc:

Laura A. Dudes Administrator, Region II U.S. Nuclear Regulatory Commission Marquis One Tower 245 Peachtree Center Ave.

NE Suite 1200, 30303-1257 J. Klos Project Manager (McGuire)

U.S. Nuclear Regulatory Commission Mail Stop O-9-E3 11555 Rockville Pike Rockville, MD 20852 Andy Hutto NRC Senior Resident Inspector McGuire Nuclear Station

Abstract

On 9-13-21, at approximately 0011 hours1.273148e-4 days <br />0.00306 hours <br />1.818783e-5 weeks <br />4.1855e-6 months <br />, Unit 2 was in Mode 5 (Cold Shutdown), when valid actuations of the 2B Emergency AC Electrical Power System and 2B Auxiliary Feedwater (AFW) System occurred during Engineering Safety Features Actuation System (ESFAS) testing. During restoration from a portion of the test, the 2B Diesel Generator (DG) Load Sequencer blackout (BO) logic inadvertently actuated while resetting the 2B DG Load Sequencer. At the time, the 2B DG was operating in standby and the 2ETB Essential 4160 Volt Switchgear was energized by offsite power. The inadvertent BO circuitry actuation de-energized 2ETB which sealed in the load sequencer BO logic. 2ETB was load shed, the 2B DG breaker closed, and the BO loads, including the 2B Motor Driven AFW Pump, were loaded in their proper sequence. Offsite power was restored to 2ETB and the 2B DG and 2B Motor Driven AFW Pump were secured per procedure.

The DG Load Sequencer BO logic was inadvertently actuated prior to the blocking circuit preventing actuation due to a latent design error which introduced a design margin vulnerability within the load sequencer BO circuitry. This vulnerability is also applicable to the 1A, 1 B, and 2A DG Load Sequencers. Engineering Changes (ECs) which eliminate the design margin vulnerability were implemented on the 2A and 2B DG Load Sequencers and are planned to be implemented on the 1A and 1 B DG Load Sequencers. Also, a compensatory action was implemented on Unit 1 which mitigates the design margin vulnerability until the ECs are implemented. There was no impact on the health and safety of the public or plant personnel.

BACKGROUND The following system and component information is provided to assist readers in understanding the event described in this LER. Applicable Energy Industry Identification [EIIS] system and component codes are enclosed within brackets. McGuire Nuclear Station unique system and component identifiers are contained within parentheses.

Engineered Safety Feature Actuation System, Diesel Generator Load Sequencer [JE] (EQB)

The engineered safety features actuation system includes the instrumentation and control components, modules, and other equipment that operates to maintain plant parameters within acceptable limits during a design basis event. Typically, the engineered safety features actuation system initiates emergency negative radioactivity insertion, post-accident heat removal, emergency core cooling, post-accident radioactivity removal, and containment isolation.

The Diesel Generator Load Sequencer System functions to energize the necessary blackout (BO) and/or safety injection (SI) loads in a prescribed sequence and in such a manner so as not to momentarily overload the diesel generator or auxiliary transformer. The Diesel Generator (DG) Load Sequencer has three modes of operation: SI concurrent with a BO, SI only, and BO only. During SI concurrent with a BO and SI only, the DG Load Sequencer BO logic should remain blocked to prevent inadvertent actuation.

Diesel Generator Control System [EK] (EQC)

The Diesel Generator Control System consists of the electrical controls and instrumentation necessary for starting and operating each of the four emergency diesel generators at McGuire Nuclear Station. The DGs provide power to the train specific 4160 Volt bus in the event of a loss of power to the bus.

Also, during a SI actuation, the DGs are operated in standby in case a BO occurs. The 4160 Volt bus provides power to equipment essential for safe shutdown of the plant during a design basis event.

McGuire has two emergency DGs per unit.

Auxiliary Feedwater System [BA] (CA):

The Auxiliary Feedwater System (AFW) automatically supplies feedwater to the steam generators (S/Gs) to remove decay heat from the Reactor Coolant System upon the loss of normal feedwater supply. The AFW System mitigates the consequences of any event with loss of normal feedwater.

The design basis of the AFW System is to supply water to the Steam Generators (SGs) to remove decay heat and other residual heat by delivering at least the minimum required flow rate to the SGs.

00 YEAR 2021

3. LER NUMBER SEQUENTIAL NUMBER 01 The AFW Motor Driven Pumps will automatically provide feedwater when initiated on any of the following conditions:
  • AM SAC Actuation (AM SAC - Anticipated Transient Without Scram (A TWS) Mitigation System Activation Circuitry)
  • Two out of four (2/4) low-low level alarms in any one SG
  • Initiation of a SI signal
  • Loss of power to the 4160V essential bus (BO)

The Turbine Driven AFW Pump will automatically provide feedwater when initiated on any of the following conditions:

  • Two out of four (2/4) low-low level in any two SGs
  • One out of one (1/1) low-low level in any two SGs (SSF Instrumentation)
  • Loss of power to the 4160V essential bus (BO)

The Turbine Driven AFW Pump will not start on a BO signal coincident with or while a SI signal is present.

EVENT DESCRIPTION

At the time of this event, Unit 1 was operating in Mode 1 at approximately 100 percent power. Unit 2 was in Mode 5 (Cold Shutdown) during a planned refueling outage and Periodic Test PT/2/N4200/009 B, Engineered Safety Features Actuation Periodic Test Train B, was in progress.

There were no structures, systems, or components out of service at the time of this event that contributed to this event.

Review of the Operator Aid Computer (OAC) event log revealed that the BO logic was inadvertently actuated during load sequencer reset from both the SI concurrent with a BO portion of the test and the SI only portion of test.

During performance of the SI only portion of the test on September 13, 2021, at approximately 0011 hours1.273148e-4 days <br />0.00306 hours <br />1.818783e-5 weeks <br />4.1855e-6 months <br />, the 2ETB Essential 4160 Volt Switchgear was being energized by offsite power. The 2B DG was running due to the SI actuation but was not aligned to 2ETB. During reset of the 2B DG Load Sequencer, the BO logic inadvertently actuated while resetting the 2B DG Load Sequencer. The inadvertent BO circuitry actuation de-energized the 2ETB Switchgear which sealed in the load sequencer BO logic. The 2ETB Switchgear was load shed, the 2B DG breaker closed, and the BO loads, including the 2B Motor Driven AFW Pump, were loaded in their proper sequence. Offsite power was restored to the 2ETB Switchgear and the 2B DG and the 2B Motor Driven AFW Pump were secured by procedure.

REV NO.

00 Further review of the OAC event log during performance of the causal evaluation revealed that the BO Logic was inadvertently actuated during performance of the SI concurrent with a BO portion of the test on September 12, 2021. At approximately 2216 hours0.0256 days <br />0.616 hours <br />0.00366 weeks <br />8.43188e-4 months <br />, the 2ETB Incoming Breakers were already open and 2ETB was being energized by the 28 DG. Since 2ETB was being energized by the 28 EOG, a blackout of 2ETB did not occur. However, Turbine Driven Auxiliary Feedwater Steam Supply Valves 2SA-48ABC and 2SA-49AB opened when the 28 DG Load Sequencer was reset, indicating that the BO logic was inadvertently actuated.

There were no issues associated with the actuation function of the 28 DG Load Sequencer during the SI concurrent with BO portion or the SI only portion of the test. Actuation of the 28 Emergency AC Electrical Power System and the AFW System occurred while resetting the 28 DG Load Sequencer following performance of those portions of the test.

REPORT ABILITY The unplanned actuations of the 2B Emergency AC Electrical Power System and the 28 AFW System were reported within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> of discovery in accordance with 10 CFR 50.72(b)(3)(iv)(A), "Any event or condition that results in valid actuation of any of the systems listed in paragraph (b)(3)(iv)(B) of this section except when the actuation results from and is part of a pre-planned sequence during testing or reactor operation." Furthermore, this LER satisfies the corresponding 60 day reporting criteria specified in 10 CFR 50. 73 (a)(2)(iv)(A), "Any event or condition that resulted in manual or automatic actuation of any of the systems listed in paragraph (a)(2)(iv)(B)." The applicable 1 O CFR 50.73(a)(2)(iv)(B) systems include the Emergency AC Electrical Power System and the Auxiliary Feedwater System.

CAUSAL FACTORS The DG Load Sequencer BO logic inadvertently actuated during the load sequencer reset prior to the blocking circuit preventing BO actuation during the SI concurrent with a BO portion of the test and the SI only portion of test. The cause was determined to be a latent design error which introduced an unrecognized design margin vulnerability within the load sequencer BO circuitry. Specifically, the sequencing between the SI blocking reset and BO circuitry reset only provided approximately 5 milliseconds of margin. During the Unit 2 Spring 2020 refueling outage, the original EE(TRB3t) D87 timer was replaced per Equivalency Engineering Changes (EQVR-ECs 416095 & 417012). The original part was a Cutler-Hammer D87 timer and the replacement part was a Curtiss-Wright D87 timer. As part of the causal determination process, the pickup times for an original Cutler-Hammer D87 timer and new Curtiss-Wright D87 timers were determined using a high-speed recorder bench testing. The output of the original Cutler-Hammer D87 timer was instantaneous with no delay between the input and output of the timer. The new Curtiss-Wright D87 timer had a delay of approximately 15 milliseconds between the input and output of the timer. The lack of design margin and longer pickup time of the new Curtiss-Wright D87 timer resulted in the blackout logic inadvertently actuating during reset from a SI concurrent with a BO or SI only.

00

CORRECTIVE ACTIONS

Once the latent design error was identified, Engineering Change (EC) 420097 was developed to resolve the design vulnerability. A contact from reset relay EB(RRB) was added to the blackout circuitry which resolved the design margin issue and eliminated the reliance of the EE(TRB3t) pickup time. This eliminates the relay race when resetting the sequencer by providing a direct circuit for contact opening to prevent the BO logic from being satisfied when the Load Sequencer Reset Push Button is depressed. EC 420097 was implemented on the 2A and 28 DG Load Sequencers during the Fall 2021 Refueling Outage and EC 420121 is planned to be implemented on the Unit 1 (1A and 1 B) DG Load Sequencers. Furthermore, a compensatory action has been implemented for the 1A and 1 B DG Load Sequencers until EC 420121 is implemented. The compensatory action opens and re-closes the load sequencer control power breaker instead of pressing the Load Sequencer Reset Pushbutton. The compensatory action mitigates the design margin vulnerability in the load sequencer blackout circuitry.

SAFETY ANALYSIS

The safety system actuations had no actual adverse impacts to the plant since the 28 ESFAS train was out of service for testing. If an actual SI event had occurred, the load sequencer would have actuated as designed and applied the SI loads. Due to the identified sequencer reset circuitry problem, when Operations reset the sequencer it would have load shed the essential buses and loaded the blackout-related loads. In accordance with Emergency Procedures, Operations would have de-energized the sequencer to gain control of equipment and would have manually started (or stopped) the SI loads.

The impact of the load sequencer reset problem has been evaluated to be low risk. The evaluation included Loss of Coolant Accidents, Steam Generator Tube Ruptures and Spurious SI actuations which would result in reliance on emergency DGs post-sequencer reset as the essential buses would not be connected to the normal offsite power supply. However simultaneous loss (failure) of both emergency DGs is unlikely and operators can reconnect the bus to normal plant power sources, if needed. As a result, the increase in CDF is estimated to be less than 1 E-06/year. Therefore, it is concluded that this event did not impact the health and safety of the public or plant personnel.

ADDITIONAL INFORMATION

A review of the McGuire corrective action program was conducted to determine if this was a recurring event (i.e., similar event with the same cause code). No previous similar events were identified within the past five years associated with system actuations caused by a design margin vulnerability.

Therefore, this is not considered a recurring event.

00 Page _5_ of _5_

Retrieved from "https://kanterella.com/w/index.php?title=05000369/LER-2021-001,_Valid_Actuations_of_the_Unit_2_B_Train_Emergency_AC_Power_System_and_B_Train_Auxiliary_Feedwater_System&oldid=3805353"