{{#Wiki_filter:UNITED STATES  

.  

NUCLEAR REGULATORY COMMISSION  

R E G I O N IV  

611 RYAN PLAZA DRIVE, SUITE 400  

ARLINGTON, TEXAS 76011-4005  

August 17,2007  

EA 07-090  

Stewart B. Minahan, Vice  

President-Nuclear and CNO  

Nebraska Public Power District  

72676648AAvenue  

Brownville, NE 68321  

SUBJECT: FINAL SIGNIFICANCE DETERMINATION FOR A WHITE FINDING AND NOTICE  

OF VIOLATION - NRC SPECIAL INSPECTION REPORT 05000298/2007007 -  

Dear Mr. Minahan:  

The purpose of this letter is to provide you the final results of our significance determination of  

the preliminary White finding identified in the subject inspection report. The inspection finding  

was assessed using the Significance Determination Process and was preliminarily  

characterized as White, a finding with low to moderate increased importance to safety, that may  

require additional NRC inspections. This proposed White finding involved an apparent violation  

of I O CFR Part 50, Appendix B, Criterion VI "Instructions Procedures, and Drawings," involving  

the failure to establish procedural controls for evaluating the use of parts prior to their  

installation in safety-related applications, (e.g. the emergency diesel generator).  

At your request, a Regulatory Conference was held on July 13, 2007. During this conference  

your staff presented information related to the voltage regulator failures that adversely affected  

Emergency Diesel Generator (EDG) 2. This included information regarding the failure  

mechanism of the voltage regulator circuit board, results of your root cause evaluations, and  

associated corrective actions. The July 13, 2007, Regulatory Conference meeting summary,  

dated July 18, 2007 (ML072000280), includes a copy of the CNS presentation.  

Based on NRC review of all available information, including the information discussed during  

the Regulatory Conference, the NRC has decided not to pursue a violation of 10 CFR Part 50,  

Appendix B, Criterion V. However, the NRC has determined a violation of 10 CFR Part 50,  

Appendix B, Criterion XVI, "Corrective Action," did occur in that CNS failed to promptly identify a  

significant condition adverse to quality that resulted in the reduced reliability of EDG 2. Two  

distinct and reasonable opportunities to identify the condition adverse to quality existed yet the  

condition was not promptly identified and corrected to preclude recurrence. Specifically, your  

inadequate procedural guidance for evaluating the suitability of parts used in safety related  

applications presented one missed opportunity to identify that an EDG voltage regulating circuit  

board was defective prior to its installation on November 8, 2006. Following installation of the  

defective EDG 2 voltage regulator circuit board two high voltage conditions, one resulting in an  

EDG automatic high voltage trip, occurred on November 13, 2006. Your evaluation of these  

high voltage events missed another opportunity to identify and correct the deficient condition.  

Nebraska Public Power District  

-2-  

The failure to identify and correct this deficiency resulted in an additional high voltage trip of  

EDG 2 that occurred on January 18, 2007. This violation is cited in the enclosed Notice of  

Violation (Enclosure I). The details describing the 10 CFR Part 50, Appendix B, Criterion XVI,  

Corrective Action, violation are described in Enclosure 2.  

The NRCs preliminary assessment of the safety significance of the inspection finding is  

documented in Attachment 3 of NRC Inspection Report 05000298/2007007 (ML071430289).  

This assessment resulted in a change in core damage frequency (delta CDF) of 5.6E-6, being a  

finding of low to moderate safety significance, or White. Our preliminary assessment used the  

loss of offsite power (LOOP) initiating event frequency and EDG non-recovery/repair  

probabilities, as described in NUREG/CR-6890, Reevaluation of Station Blackout Risk at  

Nuclear Power Plants, Analysis of Loss of Offsite Power Events: 1986-2004. This assessment  

assumed that the voltage regulator degraded only during times that the EDG was in operation.  

The assessment assumed the voltage regulator could not be repaired or replaced in time to  

affect the outcome of any core damage sequences. The ability to take manual control of  

EDG 2 was not credited because procedures did not exist and training was not performed in  

this EDG mode of operation. As a sensitivity assessment a case for diagnosing the failure of  

the automatic voltage regulator and successfully operating the EDG in manual mode was  

considered. A recovery failure probability for EDG 2 of 0.3 was assumed that lowered the delta  

CDF to a value of 1.7E-6. A value characterized as having low to moderate safety significance,  

or White.  

Based on additional information indicating that the voltage regulator card failure mechanism  

was intermittent, the NRC determined that a revised safety significance assessment was  

warranted. This revised assessment is provided as Enclosure 3. This assessment was  

performed assuming that the faulty voltage regulator card reduced the reliability of EDG 2. The  

reduced reliability factor was calculated assuming that two failures resulting in high voltage  

EDG trips occurred within a period of 36 hours during which the subject voltage regulator card  

was energized. This assumption was made recognizing that an additional high voltage  

condition occurred on November 13, 2006, that did not result in an EDG trip because the  

duration of the high voltage condition was shorter than the time delay setting. Additionally, the  

NRC revised assessment refined the probability of failing to recover the failed EDG 2 to a value  

of 0.275. This value corresponds to an 83 percent probability for successfully diagnosing the  

automatic voltage regulator failure, during a station blackout event, and a 90 percent probability  

for successfully implementing recovery actions.  

During the Regulatory Conference, CNS asserted the finding was of very low safety  

significance, or Green. On July 27, 2007, CNS provided to the NRC their Probabilistic Safety  

Assessment that is provided as Enclosure 4. The CNS assessment of very low safety  

significance was made based on five key assumptions that differed from the NRCs.  

The first difference was that following failure of EDG 2, CNS assumed recovery of EDG 2 prior to  

core damage occurring with a failure probability of 0.032. This failure probability of recovery  

significantly differed from the NRC assessment of 0.275. The NRC determined that 0.275 was a  

more realistic value after reviewing the human error factors present. Factors assessed are  

discussed in detail in the NRC Phase 3 Analysis provided in Enclosure 3. These factors included:  

Nebraska Public Power District  

-3-  

I ) the high complexity of diagnosing an automatic voltage regulator failure during a station  

blackout event that would involve the support of CNS engineering staff; and 2) recovering the  

failed EDG in manual voltage control during a station blackout event having incomplete  

procedural guidance and a lack of operator training and experience involving operating the EDG  

in manual voltage control during loaded conditions.  

The second difference was that CNS calculated the reduced reliability factor for EDG 2 assuming  

that one failure was the result of the defective diode during the 36-hour duration the subject  

voltage regulator was energized. CNS asserted that conclusive evidence did not exist that the  

cause of the November 13, 2006, event was the result of intermittent voltage regulator card diode  

failure. The NRC reviewed all available information provided by CNS related to the November 13  

event. This included the apparent cause evaluation, the laboratory failure analysis report,  

industry operating experience, and electrical schematic review of the EDG voltage regulating  

system. Based on our reviews the NRC determined that an intermittent diode failure of the  

voltage regulator circuit board was the most plausible failure mechanism. Therefore, the NRC  

concluded that two failures should be used in the EDG 2 reliability calculation.  

The third difference involved CNS evaluating the aspect of convolution related to the probability of  

recovering offsite power or EDG 1 before or close in time to the assumed failure of EDG 2. This  

consideration would render the safety consequences of these events to be less significant. The  

NRC agreed that our model was overly conservative in this aspect, and performed an  

assessment that incorporated credit for convolution. This resulted in a reduction of delta CDF.  

The fourth difference involved CNS crediting the station Class 1 E batteries for periods greater  

than the 8-hour duration utilized in the current risk model. Based on information reviewed the  

NRC concluded that extended battery operation beyond eight hours was plausible, however,  

other operational challenges would be present as described in Appendix A, Station Blackout  

Event Tree Adjustments, Table A-I of the CNS Probabilistic Safety Assessment (Enclosure 4).  

Based on these considerations the NRC adjusted our model extending the Class 1 E batteries to  

10 hours. In addition, an adjustment was made to account for the recovery dependency  

associated with the failure of both EDGs.  

The fifth difference involved CNS asserting that implementation of specific station blackout  

mitigating actions, that were not currently credited in either the NRC or the CNS risk models,  

would reduce the risk significance of the finding. These specific actions included the use of fire  

water injection to the core, manual operation of the reactor core isolation cooling (RCIC) system,  

and the ability to black start an EDG following battery depletion events. Based on our review, and  

as discussed in the NRC Phase 3 Analysis (Enclosure 3), the NRC determined the success of  

using these alternative mitigation strategies were offset by the risk contribution of external events.  

After careful consideration of the information provided at the Regulatory Conference, the  

information provided in your risk assessment received on July 27, 2007, and the information  

developed during the inspection, the NRC has concluded that the best characterization of risk for  

this finding is of low to moderate safety significance (White), with a delta CDF of 1.2E-6.  

Nebraska Public Power District  

-4-  

You have 30 calendar days from the date of this letter to appeal the NRCs determination of  

significance for the identified White finding. Such appeals will be considered to have merit only if  

they meet the criteria given in NRC Inspection Manual Chapter 0609, Attachment 2. In  

accordance with the NRC Enforcement Policy, the Notice of Violation is considered an escalated  

enforcement action because it is associated with a White finding.  

You are required to respond to this letter and should follow the instructions specified in the  

enclosed Notice when preparing your response.  

In addition, we will use the NRC Action Matrix to determine the most appropriate NRC response  

and any increase in NRC oversight, or actions you need to take in response to the most recent  

performance deficiencies. We will notify you by separate correspondence of that determination.  

In accordance with 10 CFR 2.390 of the NRCs Rules of Practice, a copy of this letter, its  

enclosures, and your response will be made available electronically for public inspection in the  

NRC Public Document Room or from the Publicly Available Records component of NRCs  

document system (ADAMS). ADAMS is accessible from the NRC Web site at  

h t t P : //w.  

n rc . a ov/ r e a d i n a - r m/a d a m s . h t m I (the Pub I i c E I ec t ro n i c Read i n g Room ) . To the extent  

possible, your response should not include any personal privacy, proprietary, or safeguards  

information so that it can be made available to the Public without redaction.  

Sincerely,  

Bru& S. Mallett  

Regional Administrator  

Docket: 50-298  

License: DPR-46  

Enclosure 1 : Notice of Violation  

Enclosure 2: Notice of Violation Details  

Enclosure 3: NRC Phase 3 Analysis  

Enclosure 4: CNS Probabilistic Safety Assessment  

cc w/Enclosures:  

Gene Mace  

Nuclear Asset Manager  

Nebraska Public Power District  

P.O. Box 98  

P.O. Box 499  

Columbus, NE 68602-0499  

Nebraska Public Power District  

-5-  

D. Van Der Kamp, Acting Licensing Manager  

Nebraska Public Power District  

P.O. Box 98  

Brownville, NE 68321  

Michael J. Linder, Director  

Nebraska Department of  

Environmental Quality  

Julia Schmitt, Manager

Radiation Control Program

P.O. Box 95007

Lincoln, NE 68509-5007

Bureau of Radiological Health  

Iowa Department of Public Health  

Lucas State Office Building, 5th Floor  

321 East 12th Street  

Des Moines, IA 50319  

321 East 12th Street  

Des Moines, IA 50319

Ronald D. Asche, President  

and Chief Executive Officer  

Nebraska Public Power District  

141 4 15th Street  

Columbus, NE 68601  

P. Fleming, Director of  

Nebraska Public Power District  

P.O. Box 98  

Brownville, NE 68321  

John F. McCann, Director, Licensing  

Entergy Nuclear Northeast  

Entergy Nuclear Operations, Inc.  

440 Hamilton Avenue  

White Plains, NY 10601-1813  

Keith G. Henke, Planner  

Division of Community and Public Health  

Office of Emergency Coordination  

930 Wildwood, P.O. Box 570  

Jefferson City, MO 65102  

Chief, Radiological Emergency  

Preparedness Section  

Kansas City Field Office  

Chemical and Nuclear Preparedness  

and Protection Division  

Dept. of Homeland Security  

9221 Ward Parkway  

Suite 300  

Kansas City, MO 641 14-3372  

Nebraska Public Power District  

-6-  

Distribution:  

RIDSSECYMAILCENTER  

RIDSOCAMAILCENTER  

RIDSNRROD  

RlDSOlGMAl LCENTER  

RlDSRGNl MAILCENTER  

RIDSRGN3MAILCENTER  

OEWEB  

cc wlenclosures (via ADAMS e-mail distribution):  

B. Mallett (BSMI)  

DRS BCs (DAP, LJS, ATG, MPSI)  

M. Herrera (MSH3)  

D. Starkey, OE (DRS)  

M. Ashley, NRR (MAB)  

N. Hilton, OE (NDH)  

M. Haire (MSH2)  

M. Vasquez (GMV)  

C. Carpenter, OE (CAC)  

V. Dricks (VLD)  

J. Cai, OE (JXCII)  

S. Farmer (SEFI)  

SUNS1 Review Completed: MCH  

ADAMS:  

Yes0 No  

Initials: MCH  

611 Publicly Available  

Non-Publicly Available  

0 Sensitive  

EI Non-Sensitive  

/RA/  

/RA electronic/ /RA electronic/ /RA ECollins for/  

081 09 107  

081 09 107  

081 09 I07  

081 09 I07  

OFFICIAL RECORD COPY  

T=Telephone  

E=E-mail  

F=Fax  

*Previous Concurrence  

NOTICE OF VIOLATION  

Nebraska Public Power District  

Docket No. 50-298  

License No. DPR-46  

EA-07-090  

During an NRC inspection completed on April 24, 2007, and following a Regulatory Conference  

conducted on July 13, 2007, a violation of NRC requirements was identified. In accordance with  

the NRC Enforcement Policy, the violation is listed below:  

10 CFR Part 50, Appendix B, Criterion XVI, requires, in part, that measures shall be  

established to assure that conditions adverse to quality, such as failures and malfunctions,  

are promptly identified and corrected. In the case of significant conditions adverse to  

quality, the measures shall assure that the cause of the condition is determined and  

corrective action taken to preclude repetition.  

Contrary to the above, as of January 18, 2007, the licensee failed to establish measures  

to promptly identify and correct a significant condition adverse to quality, and failed to  

assure that the cause of a significant condition adverse to quality was determined and that  

corrective action was taken to preclude repetition. Specifically, the licensees inadequate  

procedural guidance for evaluating the suitability of parts used in safety related  

applications presented an opportunity in which the licensee failed to promptly identify a  

defective voltage regulator circuit board used in Emergency Diesel Generator (EDG) 2  

prior to its installation on November 8, 2006, a significant condition adverse to quality.  

Following installation of the defective EDG 2 voltage regulator circuit board, the licensee  

failed to determine the cause of two high voltage conditions which occurred on  

November 13, 2006, and failed to take corrective action to preclude repetition. As a  

result, an additional high voltage condition occurred resulting in a failure of EDG 2 on  

January 18,2007.  

This violation is associated with a White SDP finding.  

Pursuant to the provisions of 10 CFR 2.201, Nebraska Public Power District is hereby required to  

submit a written statement or explanation to the U.S. Nuclear Regulatory Commission, ATN: Document  

Control Desk, Washington, DC 20555-0001 with a copy to the Regional Administrator, Region IV,  

and a copy to the NRC Resident Inspector at the facility that is the subject of this Notice, within  

30 days of the date of the letter transmitting this Notice of Violation (Notice). This reply should be  

clearly marked as a Reply to a Notice of Violation; EA-07-090, and should include for each  

violation: (1) the reason for the violation, or, if contested, the basis for disputing the violation or  

severity level, (2) the corrective steps that have been taken and the results achieved, (3) the  

corrective steps that will be taken to avoid further violations, and (4) the date when full  

compliance will be achieved. Your response may reference or include previous docketed  

correspondence, if the correspondence adequately addresses the required response. If an  

adequate reply is not received within the time specified in this Notice, an order or a Demand for  

Information may be issued as to why the license should not be modified, suspended, or revoked,  

or why such other action as may be proper should not be taken. Where good cause is shown,  

consideration will be given to extending the response time.  

-1 -  

Enclosure 1  

Because your response will be made available electronically for public inspection in the NRC  

Public Document Room or from the NRC's document system (ADAMS), accessible from the NRC  

Web site at http://www.nrc.qov/readinq-rm/adams.html, to the extent possible, it should not  

include any personal privacy, proprietary, or safeguards information so that it can be made  

available to the public without redaction. If personal privacy or proprietary information is  

necessary to provide an acceptable response, then please provide a bracketed copy of your  

response that identifies the information that should be protected and a redacted copy of your  

response that deletes such information. If you request withholding of such material, you must  

specifically identify the portions of your response that you seek to have withheld and provide in  

detail the bases for your claim of withholding (e.g., explain why the disclosure of information will  

create an unwarranted invasion of personal privacy or provide the information required by  

10 CFR 2.390(b) to support a request for withholding confidential commercial or financial  

information). If safeguards information is necessary to provide an acceptable response, please  

provide the level of protection described in 10 CFR 73.21.  

Dated this 17th day of August 2007.  

-2-  

Enclosure 1  

Notice of Violation Details  

Scope  

Following issuance of NRC Inspection Report 05000298/2007007 (ML071430289), that identified  

an apparent violation of 10 CFR Part 50, Appendix B, Criterion V, "Instructions Procedures, and  

Drawings," additional information was reviewed that included the CNS Probabilistic Safety  

Assessment, laboratory information related to the failure mechanism of the voltage regulator  

circuit board, and information discussed during the Regulatory Conference held on July 13, 2007,  

related to this potential finding. After reviewing all available information related to the Emergency  

Diesel Generator (EDG) 2 high voltage events, the NRC decided not to pursue a violation of  

10 CFR Part 50, Appendix B, Criterion V. However, the NRC determined an apparent violation of  

10 CFR Part 50, Appendix B, Criterion XVI, "Corrective Action," did occur in that CNS failed to  

promptly identify a significant condition adverse to quality that resulted in the reduced reliability of  

EDG 2. Two distinct and reasonable opportunities to identify the condition adverse to quality  

existed yet the condition was not promptly identified and corrected to preclude recurrence. The  

following details discuss the additional information reviewed and provide the basis for our  

decision.  

Details  

On November 8, 2006, .a potentiometer mechanically failed during planned maintenance on the  

Emergency Diesel Generator (EDG) 2 voltage regulator. Work order 4514076 provided the  

technical instructions for this maintenance activity and contained a contingency for the  

replacement of the voltage regulator printed circuit board. Replacement of the circuit board was  

performed on November 8, 2006. Following replacement, the circuit board required tuning. The  

tuning process was conducted on November 13, 2006, and included making incremental  

adjustments to the R13 feedback adjust potentiometer and then introducing small voltage  

demand changes. Approximately ten seconds after one voltage demand change EDG 2  

experienced a pair of output voltage spikes, the first to approximately 5500 volts, and the second  

to greater than 5900 volts. The second voltage spike resulted in a high voltage trip of EDG 2.  

The NRC noted that at the time the voltage spikes occurred, maintenance personnel were  

reviewing strip chart recorder traces and no voltage regulator components were being  

manipulated and no changes in demanded voltage were occurring.  

The licensee conducted a failure modes effects analysis (FMEA) and completed troubleshooting  

activities consisting of diagnostic tests and test runs of EDG 2 between November 13-15, 2006.  

Based on the lack of any additional high voltage events during the test runs, completion of the  

FMEA, and input from a vendor field representative, the licensee concluded that the high voltage  

events that occurred on November 13 were attributable to erratic behavior of the feedback  

potentiometer being adjusted to tune the circuit board. This conclusion is described in the  

apparent cause evaluation attached to Condition Report CR-CNS-2006-09096. After completion  

of a subsequent series of satisfactory surveillance test runs, EDG 2 was declared operable on  

November 19,2006. Subsequently, on January 18, 2007, EDG 2 experienced another high  

voltage trip during surveillance testing. The licensee's root cause evaluation of this high voltage  

trip, as described in Condition Report CR-CNS-2007-00480, determined that a manufacturing  

defect of a diode, attached to the printed circuit board installed on November 8, 2006, caused the  

high voltage conditions observed.  

-1 -  

Enclosure 2  

The NRC reviewed the Condition Report CR-CNS-2006-9096 apparent cause evaluation  

addressing the high voltage conditions experienced on November 13, 2006, conducted interviews  

with engineers and maintenance personnel, and reviewed applicable technical manuals. The  

NRC determined that erratic behavior of either or both potentiometers on the printed circuit board  

was not a likely cause for the November 13, 2006, high voltage events. The NRC discussed this  

observation with licensee management on February 1 , 2007, after which the licensee initiated  

Condition Report CR-CNS-2007-00959 documenting the concern. Following these discussions,  

the licensee completed a more detailed evaluation of the apparent cause. This more detailed  

evaluation concluded that the erratic behavior of the feedback potentiometer, combined with the  

possibility that an oxidation layer could have built up on the potentiometer slide wire, could have  

caused an open circuit on the voltage regulator printed circuit board. The licensee believed that  

this open circuit could have resulted in the high voltage condition that EDG 2 experienced. The  

NRC noted that this evaluation was not based on direct observation or circuit modeling, but on  

hypothetical information from a field service vendor. The NRC questioned the licensee if the  

vendors were aware of any similar EDG high voltage condition occurring due to erratic  

potentiometer operation during the tuning process of the voltage regulator circuit board. The  

licensee provided the NRC a written response from the vendor that stated, "No. In addition, we  

have not seen or heard of such an event while adjusting the Range and/or Stability  

potentiometers on any make or model of voltage regulator."  

The NRC noted that the November 13, 2006, high voltage trip of EDG 2 was not viewed by the  

licensee as a possible precursor to the January 18, 2007, event until the receipt of a laboratory  

report on May 8, 2007. This laboratory report contained the results of destructive testing of the  

VRI zener diode from the voltage regulator printed circuit board. This report provided definitive  

evidence that the January 18, 2007, overvoltage trip of EDG 2 was caused by an intermittent  

discontinuity in the diode resulting from a manufacturing defect. Based on this new information,  

the licensee revised the root cause report in CR-CNS-2007-00480 and viewed the  

November 13, 2006, EDG 2 high voltage trip as a possible precursor to the January 18, 2007,  

EDG 2 high voltage trip. Additionally, the NRC noted that when the faulted circuit board was  

being evaluated at the laboratory, no actions were taken to validate if the potentiometers on the  

card were potentially the source of the high voltage events that occurred on November 13, 2006,  

as their FMEA had concluded.  

The NRC reviewed the FMEA performed in Condition Report CR-CNS-2006-9096. The NRC  

noted that operating and maintenance instructions of the EDG voltage regulator system are  

described in the Basler Electric Company Operation and Service Manual, Series Boost Exciter-  

Regulator, Type SBSR HV, dated November 1970. In addition, the NRC noted that Electric  

Power Research Institute (EPRI) published a technical report, Basler SBSR Voltage Regulators  

for Emergency Diesel Generators, dated November 2004, that provided updated operating,  

maintenance, and troubleshooting recommendations to industry users. The licensee used both  

of these resources extensively for procedure development and to guide troubleshooting efforts.  

The NRC noted Section 5 of the Basler vendor manual provided recommendations for  

maintenance and troubleshooting. Table 5-1 of this manual provided a symptom based-probable  

cause table for voltage regulator problems. In the case of the November 13, 2006, EDG 2 high  

voltage trip, the following guidance was applicable:  

-2-  

Enclosure 2  

Svmptom  

Voltage high,  

If no voltage control  

on automatic  

operation, replace  

fuse F1. If no  

voltage control on  

manual operation,  

replace fuse F2.  

Defect in voltage  

regulator printed circuit  

board. No current  

indicated on saturable  

transformer control  

current meter.  

Section 8 of the EPRl technical report also provided troubleshooting recommendations. The  

section of the table that provided valuable insight for the November 13 trip is as follows:  

Symptom  

Voltage high and  

No or low voltage  

Verify that there are  

no blown potential  

transformer fuses  

and that there are  

good connections  

at the potential  

transformers  

Replace R60 or  

entire MOP  

Verify tap setting of  

120 VAC  

Replace voltage  

regulator assembly  

The NRC noted that the FMEA discussed each of the probable causes of the uncontrollable high  

voltage on EDG 2, but that not all of the recommended actions were taken. Specifically, the  

licensee did not replace the faulty voltage regulator assembly even though both the Basler  

technical manual and the EPRl technical report recommended its replacement following  

uncontrollable high voltage conditions.  

In addition, the NRC noted that Condition Report CR-CNS-2006-9096, contained a summary of  

industry operating experience regarding failures of Basler voltage regulators. Of the 58 Basler  

-3-  

Enclosure 2  

failures listed in the report, 33 involved Basler SBSR voltage regulators, the same type used at  

Cooper Nuclear Station. Of these, four involved manufacturing defects on the printed circuit  

boards. The NRC identified another eight Basler voltage regulator failures related to  

manufacturing quality in publicly available sources of operating experience. The NRC also noted  

that none of these failures occurred due to erratic potentiometer operation utilized during the  

tuning process.  

As previously documented in NRC Inspection Report 05000298/2007007, the licensee root cause  

report evaluating the January 18, 2007, EDG 2 high voltage event, documented in  

CR-CNS-2007-00480, determined that the cause of the failure was that the original procurement  

process did not provide technical requirements to reduce the probability of infant mortality failure  

in the voltage regulator board. The licensee determined that the failed circuit board had been  

purchased from the Basler Electric Company in 1973, but that the procurement of the part had  

not specified any technical requirements from the vendor. In effect, the part was purchased as a  

commercial grade item from a non-Appendix B source and placed into storage as an essential  

component, ready for use in safety-related applications, without any documentation of its  

suitability for that purpose. The licensee determined that the specification of proper technical  

requirements, such as inspections and/or testing, would have provided an opportunity to discover  

the latent defect prior to installing the card in an essential application.  

During the Regulatory Conference on July 13, 2007, the licensee stated that even if they had  

performed additional testing, such as a burn in, of the voltage regulator card prior to its  

installation on November 8, 2006, that such testing would probably not identify the faulty diode.  

In addition, the licensee stated that since this card was purchased in 1973, Generic Letter 91-05,  

Licensee Commercial-Grade Procurement and Dedication Programs, discussed that the NRC  

did not expect licensees to review all past procurements.  

With respect to these assertions, the NRC determined that had the licensee performed testing of  

the card prior to its installation in accordance with standard industry recommendations, there was  

some probability that such a defect would have been identified. This conclusion was based on  

the fact the laboratory findings coupled with the actual high voltage occurrences experienced on  

November 13, 2006, and January 18, 2007, confirmed that the failure was of an intermittent  

nature and variations such as temperature alone could cause the condition to manifest itself.  

With respect to the assertion that Generic Letter 91-05 did not require licensees to review past  

commercial grade procurements that may have been inappropriately dedicated suitable for safety  

related applications, the NRC determined the licensee missed an opportunity to perform  

additional evaluations concerning the suitability of the voltage regulating circuit board prior to its  

installation. Specifically, Generic Letter 91-05 states, in part, that the NRC does not expect  

licensees to review all past procurements. However, if failure experience or current information  

on supplier adequacy indicates that a component may not be suitable for service, then corrective  

actions are required for all such installed and stored items in accordance with 10 CFR Part 50,  

Appendix B, Criterion XVI, Corrective Action. Based on the previously discussed operating  

experience related to quality concerns associated with Basler voltage regulating cards, the NRC  

determined that the licensee missed an opportunity to evaluate this information prior to installing  

the EDG 2 voltage regulating card on November 8, 2006. Additionally, following the high voltage  

conditions experienced on November 13, 2006, this operating experience, although obtained, did  

not result in the licensee questioning the quality of the component as reflected in Item 10 of the  

licensees Equipment Failure Evaluation Checklist dated November 30, 2006, stating there were  

no concerns associated with the quality of the part.  

-4-  

Enclosure 2  

Additionally, the NRC reviewed Condition Report CR-CNS-2007-04278, which reported that the  

licensee had failed to perform a required root cause analysis following the diesel generator failure  

on November 13, 2006. Administrative Procedure 05.CR, Condition Report Initiation, Review,  

and Classification, Revision 7, requires that a condition report be classified as Category A (root  

cause investigation) for repeat Critical 1 Component equipment failures that have previously  

been addressed with a root or apparent cause evaluation. Voltage control problems on EDG 2,  

a critical I component in the licensees equipment reliability program, had been addressed  

using apparent cause evaluations on four separate occasions in the twelve months prior to the  

November 13, 2006, high voltage trip. Contrary to the guidance in Procedure 0.5CR, the  

November 13 trip was again assigned an apparent cause evaluation versus the required root  

cause evaluation. When EDG 2 subsequently tripped again on January 18, 2007, a root cause  

team was assembled, which resulted in the identification of a defective diode on the voltage  

regulator printed circuit board.  

Based on the previously discussed observations the NRC concluded that multiple opportunities  

existed for the licensee to promptly identify that the EDG 2 voltage regulating card installed on  

November 8, 2006, was defective prior to declaring the EDG operable on November 19, 2006.  

Based on the failure to promptly identify this degraded condition corrective actions were not  

implemented in accordance with 10 CFR Part 50, Appendix B, Criterion XVI, Corrective Action,  

resulting in the failure of EDG 2 on January 18, 2007.  

Analvsis: This finding is a performance deficiency because the licensee failed to promptly identify  

that a defective Emergency Diesel Generator (EDG) 2 voltage regulator circuit board was  

installed that resulted in adversely affecting the safety function of equipment important to safety.  

This finding is more than minor because it is associated with the equipment performance attribute  

of the Mitigating Systems cornerstone and adversely affects the cornerstone objective of ensuring  

the availability, reliability, and capability of systems that respond to initiating events.  

This finding was evaluated using the Significance Determination Process (SDP) Phase 1  

Screening Worksheet provided in Manual Chapter 0609, Appendix A, Significance Determination  

of Reactor Inspection Findings for At-Power Situations. The screening indicated that a Phase 2  

analysis was required because the finding represents a loss of safety function for EDG 2 for  

greater than its Technical Specification allowed completion time. The Phase 2 and 3 evaluations  

concluded that the finding was of low to moderate safety significance (See Enclosure 3 for  

details).  

The cause of this finding is related to the problem identification and resolution crosscutting  

components of the corrective action program and operating experience because the licensee  

failed to thoroughly evaluate the EDG high voltage condition such that resolutions address the  

causes and the licensee failed to effectively use operating experience, including vendor  

recommendations, resulting in changes to plant equipment (P.l (c)), and (P.2(b)).  

-5-  

Enclosure 2  

Cooper Nuclear Station  

Failure of EDG 2 Voltage Regulator  

NRC Phase 3 Analysis  

The NRC estimated the risk increase resulting from the degraded Emergency Diesel Generator  

(EDG) 2 voltage regulator. The diesel was run at the following times with durations reported as  

the period of time that the voltage regulator was energized (all of these operational runs were  

conducted after the defective voltage regulator circuit board was installed):  

11/11/06 0 hrs 3 min  

11/13/06 1 hr 30 min (first failure)  

11/14/06 6 hrs 46 rnin  

11/15/06 1 hr 35 rnin  

11/16/06 9 hrs 23 rnin  

11/17/06 5 hrs 3 min  

11/18/06 2 hrs 28 min  

12/12/06 5 hrs 41 rnin  

01/18/07 4 hrs 16 min (second failure)  

The unit was returned to Mode 1 on November 22, 2006, and ran at power until the last failure  

occurred on January 18, 2007. The period of exposure was 57 days.  

Assumptions  

1.  

The licensee determined that the voltage regulator failures were caused by an intermittent  

condition resulting from a faulty diode. Two failures of the voltage regulator occurred  

within a period of 36 hours during which the voltage regulator was energized. This  

information was used to calculate an hourly failure rate for use in the risk analysis. The  

NRC noted the licensee had calculated an increased unreliability of the voltage regulator  

by performing a Bayesian update of industry data. However, the NRC determined that the  

risk impact is more accurately expressed by modeling the condition as a new failure mode  

of the diesel generator.  

2.  

Common cause vulnerabilities for EDG 1 did not exist, that is, the failure mode is  

assumed to be independent in nature. This is because the root caus'e investigation  

determined that the failure was the result of a manufacturing defect resulting in an infant  

mortality. The same component in EDGI had been installed since initial plant operations  

and had operated reliably beyond the "burn-in" period, providing evidence that it did not  

have the same manufacturing defect. The NRC considered the probability of EDG 1  

failing from defective voltage regulator within a short period of time of the EDG 2 failure to  

be too low to affect the results of this analysis.  

The standard CNS SPAR model credited the Class 1 E batteries with an 8-hour discharge  

capability following a station blackout. Based on information received from the licensee,  

this credit was extended to 10 hours. Although the batteries could potentially function  

beyond I O hours under certain conditions other challenges related to the operation of  

RCIC and HPCl in station blackout conditions would be present. These challenges  

included the availability of adequate injection supply water and operational concerns of  

-1-  

Enclosure 3  

RClC under high back pressure conditions as a result of the unavailability of suppression  

pool cooling during an extended station blackout event.  

4.  

Using the SPAR-H methodology, it was estimated that the probability of recovering from  

the failure, using manual voltage regulation control, in a time frame consistent with the  

core damage sequences was 72.5 percent, or a 0.275 non-recovery probability. Recovery  

would involve diagnosing the problem and then making a decision to either replace the  

automatic voltage regulating circuit board or operate the EDG in a manual voltage  

regulating mode.  

The results of this analysis are presented in the table below:  

Low (1 0)  

Incomplete (20)  

Available Time  

I Expansive Time (0.01) (>2X  

nominal and > 30 min.)  

Stress  

I  

High (2)  

Complexity  

I  

High (5)  

>5 Times Required (0.1)  

High (2)  

Moderate (2)  

Incomplete (20)  

Nominal  

I  

Poor (5)  

Overall Total HRA  

I  

0.275  

I  

(1) This reflects the result using the formula for cases where 3 or more negative PSFs are present.  

The nominal time for performing the actions was small compared to the minimum time of  

4 or 8 hours available (for most core damage sequences) to restore power following a  

loss of offsite power (LOOP) event. The time available for diagnosis was considered to  

be expansive because it exceeded twice what would be considered nominal and is greater  

than 30 minutes. Extra time was credited for the action steps because at least 6 hours  

would be available for most sequences and it was assumed that approximately 1 hour  

would be required. High stress was assumed because the station would be in a blackout  

condition. The steps needed to diagnose the problem and decide on an action plan to  

either replace the voltage regulator or attempt manual voltage control operation were  

considered to be highly complex because procedural guidance did not direct operators to  

take manual voltage regulation control of the EDG following high voltage trip conditions.  

Diagnosing the failed voltage regulator and determining subsequent recovery actions  

would be an unfamiliar maintenance task requiring high skill. During NRC discussions  

-2-  

Enclosure 3  

with control room operators they stated engineering support would be required to evaluate  

the diesel failure rather than attempt to start the EDG in manual control, potentially  

damaging the machine.  

The NRC addressed diagnosis recovery as presented in the SPAR-H Method in  

NUREG/CR-6883, Section 2.8, Recovery. Additional credit for this finding was not  

considered applicable because of a lack of additional alarms or cues that would occur  

after the initial diagnosis effort was completed. Also, the NRC determined that recovery  

from an initial diagnosis failure was already adequately accounted for in the 0.01 factor  

that was applied for the availability of expansive time. The actions needed to operate the  

diesel generator in a manual voltage regulating mode were considered to be moderately  

complex. Low training and experience was assumed because the plant staff had not  

performed this mode of operation and had not received specific training. Procedures  

focused on manual operation of the diesel were not available, but credit for incomplete  

procedures was applied because various technical sources were available that could be  

pieced together to generate a temporary working procedure. Work processes for actions  

were considered poor because a substantive crosscutting issue is currently open related  

to personnel failing to adhere to procedural compliance, reflective of a trend of poor work  

practices. The result of the SPAR-H analysis was a failure probability of 0.275. For the  

short-term (30-minute) sequences in the SPAR model (corresponding to the failure of  

steam-powered high pressure injection sources), credit for recovery of the EDG 2 voltage  

regulator failure was not applied because of inadequate time available.  

For cutsets that contained both recovery of EDG 2 from the voltage regulator failure and a  

standard generic recovery for EDGs, which in this case would apply only to a recovery of  

EDG 1, a dependency correction was applied as discussed in the SPAR-H Method in  

NUREG/CR-6883, Section 2.6. The dependency rating was determined to be high,  

based on the rating factors of same crew (crew in this case was defined as the team of  

managers and engineers who would be making decisions related to the recovery of both  

EDGs), close in time, and different location. To account for the dependency on the  

recovery of EDG 1 , the formula of (1 + base SPAR non-recovery probability)/2 was used.  

The use of a dependency correction accounts for several issues, including the fact that  

the standard EDG recovery factors in SPAR models address the probability of recovering  

one of two EDGs that have failed, meaning that the more easily recoverable unit can be  

selected for this purpose. In this case, the recovery factor is limited to only one EDG, and  

the option to select the other EDG is not available within the mathematics of the model.  

The dependency also accounts for situations where recovery of one EDG may be  

abandoned in favor of recovery the other unit, and where the recovery team loses  

confidence after experiencing a failure to recover the first EDG. It also accounts for the  

splitting of resources in the double-EDG failure scenario.  

6.  

For EDG fail-to-run basic events, the Cooper SPAR model assumes that the failure occurs  

immediately following the loss of offsite power event. This is a conservative modeling  

assumption because it fails to account for scenarios where offsite power or the other EDG  

is recovered prior to the moment that the EDG 2 experiences a failure to run. For the  

assumed intermittent failure condition of EDG 2, failure is assumed to be equally probable  

throughout the 24-hour mission time. Therefore, recovery of offsite power or the other  

diesel generator before or close in time following the assumed EDG 2 failure renders the  

safety consequences of the performance deficiency to be insignificant in those cases. To  

-3-  

Enclosure 3  

correct for this conservatism, the Cooper SPAR model was modified with sequence  

specific convolution correction factors that were applied whenever an EDG fail-to-run  

event appeared in a cutset.

7.846-6 /vr.  

Internal Events Analysis  

The Cooper SPAR model, Revision 3.31 , dated October I O , 2006, was used in the analysis. A  

cutset truncation of 1 .OE-I 2 was used. Average test and maintenance was assumed. The model  

was modified as previously discussed to apply convolution correction factors and to credit the  

battery with a IO-hour discharge capability. In addition, a modeling error was discovered and  

corrected related to the failure of a battery charger on a train alternate to an EDG failure. The  

result of this correction reduced the base CDF result of the model.  

For the estimate of the voltage regulator failure rate, the NRC assumed a zero prior distribution  

which resulted in a lambda value of 0.556 for two failures occurring in a 36-hour time period  

(Assumption 1). Using a Poisson distribution, this equates to a probability of 0.736 that the EDG  

will fail to run within 24 hours following a demand. A 24-hour period is used as the standard  

mission time within the SPAR model.  

The NRC created a new basic event for the failure of the voltage regulator and placed it into the  

fault tree for Diesel Generator 2 Faults. Under the same AND gate, a basic event for recovery  

of the EDG 2 voltage regulator failure (0.275) was inserted. As previously discussed, for cutsets  

that contained both failure to recover EDG 2 from the voltage regulator failure and a standard  

SPAR EDG recovery term, which would in this case only apply to EDG 1, a correction to the  

standard EDG non-recovery probability was applied to account for the dependency between  

these two recoveries. Using the SPAR-H methodology, a high dependency was determined and  

the calculation using this assumption resulted in an increase in the non-recovery probability for  

EDG 1 within the affected cutsets. Additionally, for cutsets containing a 30-minute recovery term,  

related to the loss of high pressure injection sources, the value of the EDG 2 voltage regulator  

non-recovery probability was set to 1 .O, because recovery of EDG 2 would not be possible in that  

time frame. The common cause EDG fail-to-run term was not changed and therefore all cutsets  

containing this term were completely offset by the base case.  

The following table displays the result of the analysis:  

The major cutsets were reviewed and no anomalies were identified.  

External Events Analysis  

The risk increase from fire initiating events was reviewed and determined to have a small impact  

on the risk of the finding. Only two fire scenarios were identified where equipment damage could  

cause an unintentional LOOP to occur. These are a fire in control room board C or a fire in  

control room vertical board F. For these control room fires, the probability of causing a LOOP are  

remote because of the confined specificity of their locations and the fact that a combination of hot  

shorts of a specific polarity are needed to cause the emergency and startup transformer breakers  

-4-  

Enclosure 3  

to open. Breakers to these transformers do not lock out and recovery of power can be achieved  

by pulling the control power fuses at the breakers and operating the breakers manually.  

Procedures are available to perform these actions. The combination of the low event frequency  

and high recovery probability means that fires in these locations do not add appreciably to the risk  

of this finding.  

The other class of fires resulting in a LOOP required an evacuation of the control room. In this  

case, plant procedures require isolating offsite power from the vital buses and using the preferred  

source of power, Division 2 EDG. The sequences that could lead to core damage would include  

a failure of the Division 1 EDG, such that ultimate success in averting core damage would rely on  

recovery of either EDG or of offsite power. A review of the onsite electrical distribution system  

did not reveal any particular difficulties in restoring switchyard power to the vital buses in this  

scenario, especially given that at least 8 hours are available to accomplish this task for the bulk of  

the core damage scenarios.  

Switchgear room fires only affected the ability to power one of the two vital buses from offsite  

power, leaving at least one vital bus available for plant recovery. Therefore, a fire in Switchgear  

Room A would not require operation of EDG 2 and a fire in Switchgear Room B would not affect  

the risk difference of the finding because it would cause the same consequence as in the base  

case.  

In general, the fire risk importance for this finding is small compared to that associated with  

internal events because onsite fires do not remove the availability of offsite power in the  

switchyard, whereas, in the internal events scenarios, long-term unavailability of offsite power is  

presumed to occur as a consequence of such events as severe weather or significant electrical  

grid failures.  

The Cooper IPEEE Internal Fire Analysis screened the fire zones that had a significant impact on  

overall plant risk. When adjusted for the exposure period of this finding, the cumulative baseline  

core damage frequency for the zones having the potential for a control room evacuation (and a  

procedure-induced LOOP) or an induced plant centered LOOP was approximately 3.6E-7/yr. The  

methods used to screen these areas were not rigorous and used several bounding assumptions,  

the refinement of which would likely lower the result. Based on these considerations, the NRC  

concluded that the risk related to fires would not be sufficient to change the risk characterization  

of this finding.  

The seismicity at Cooper is low and would likely have a small impact on risk for an EDG issue.  

As a sensitivity, data from the RASP External Events Handbook was used to estimate the scope  

of the seismic risk particular to this finding. The generic median earthquake acceleration  

assumed to cause a loss of offsite power is 0.3g. The estimated frequency of earthquakes at  

Cooper of this magnitude or greater is 9.828E-5/yr. The generic median earthquake frequency  

assumed to cause a loss of the diesel generators is 3.lg, though essential equipment powered  

by the EDGs would likely fail at approximately 2.0g. The seismic information for Cooper is  

capped at a magnitude of 1 .Og with a frequency of 8.187E-6. This would suggest that an  

earthquake could be expected to occur with an approximate frequency of 9.OE-5/yr that would  

remove offsite power but not damage other equipment important to safe shutdown.  

To model the seismic risk, that NRC assumed that offsite power could not be recovered within  

24 hours and therefore zeroed all offsite power recoveries in the SPAR model. A CCDP was  

-5-  

Enclosure 3  

generated for the base case and, using the same assumptions for the failure probability of the  

voltage regulator, for the analysis case. The result is presented in the following table:  

(I EF=9E-  

57-Day  

Exposure  

I  

.279E-3  

7.560E-3  

5.7E-7  

8.9E-8  

Flooding could be a concern because of the proximity to the Missouri River. However, floods that  

would remove offsite power would also likely flood the EDG compartments and therefore not  

result in a significant change to the risk associated with the finding. The switchyard elevation is  

below that of the power block by several feet, but it is not likely that a slight inundation of the  

switchyard would cause a loss of offsite power. The low frequency of floods within the thin slice  

of water elevations that would remove offsite power for at least 4 hours, but not debilitate the  

diesel generators indicates that external flooding would not add appreciably to the risk of this  

finding.  

The NRC determined that although external events would add risk to the overall assessment, the  

amount of risk would be small and not change the safety significance of the finding.  

Alternative Mitigation Strategies  

The NRC noted that several alternative mitigation strategies discussed by the licensee during the  

Regulatory Conference on July 13, 2007, were not modeled or were disabled in the SPAR model.  

These strategies included the ability to operate RClC in a manual mode of operation following  

battery depletion, the use of firewater injection into the RCS, and the capability to blackstart an  

EDG following loss of the Class IE dc buses.  

With respect to the use of fire water injection the NRC noted that the CNS SPAR model  

integrates a recovery based on firewater injection into the station blackout event tree. In the base  

case, this recovery is set at a non-recovery probability of 1 .O, which implies no recovery credit.  

As a sensitivity study, the NRC assumed a baseline firewater failure probability of 0.1 and noted  

that the final delta CDF result was decreased by only 2.1 percent because firewater was only  

modeled in depressurized reactor coolant system sequences that were not large risk contributors  

to this finding.  

With respect to manual operation of the RClC system, the NRC noted that this mitigation strategy  

was not credited in either the NRC or CNS risk assessment models. Nonetheless, the feasibility  

of this strategy was assessed by reviewing station procedures, interviewing station personnel,  

performing a field walkdown of the procedural steps with station operators, and evaluating the  

human error factors that would be present following an extended station blackout event resulting  

in depletion of the station essential batteries. Based on this qualitative review, the NRC  

concluded that this strategy would not significantly change the overall risk assessment conclusion  

for this specific type of event. Factors assessed that affected this decision included: 1) following  

depletion of the battery supporting RClC operation the initial valve lineup supporting manual  

system operation would take at least 75 minutes; 2) no cooling over an extended period of time in  

the RClC turbine room causes an extremely high temperature environment that would  

significantly restrict personnel stay times; 3) reactor vessel level indication is on a different  

-6-  

Enclosure 3  

elevation than the RCIC flow controls; 4) manual starting of the RClC pump in this configuration  

has not been tested; 5) position indication is not readily available for motor operated valves;  

6) procedures are not clear ensuring proper system alignment; 7) procedures do not verify  

adequate RClC water supply tank level prior to starting the pump nor supply adequate guidance  

to maintain adequate level during RClC operation to prevent vortexing concerns in the supply  

tank; 8) one identified motor operated valve that is required to be manually operated is  

approximately 12 feet above the floor and is not readily accessible because it is directly above the  

RClC turbine; 9) operators would be required to travel up and down multiple levels (in an  

extremely hot environment) repeatedly; and I O ) a substantive crosscutting issue is currently open  

related to personnel failing to follow procedural guidance reflective of a trend related to poor work  

practices.  

Additionally, the ability to black start an EDG was reviewed by the NRC. The NRC concluded that  

because of the many uncertainties and associated variables that credit for this mitigation strategy  

was not readily quantifiable.  

After review of the particular procedures, activities, and conditions under which these actions  

would be taken, none of these strategies were considered to appreciably affect the risk  

significance of the finding. Nevertheless, in a qualitative sense, they would improve the chances  

for avoiding core damage. The NRC determined the success of using these alternative mitigation  

strategies were comparable to the additional risk due to external events. Based on this  

qualitative assessment these alternative mitigation strategies were considered offset by the risk  

contribution of the external events.  

Large Early Release Frequency:  

In accordance with Manual Chapter 0609, Appendix A, Attachment 1, Step 2.6, Screening for the  

Potential Risk Contribution Due to LERF, the NRC reviewed the core damage sequences to  

determine an estimate of the change in large early release frequency caused by the finding.  

The LERF consequences of this performance deficiency were similar to those documented in a  

previous SDP Phase 3 evaluation regarding a misalignment of gland seal water to the service  

water pumps. The final determination letter was issued on March 31 , 2005, and is located in  

ADAMS, Accession No. ML050910127. The following excerpt from this document addressed the  

LERF issue:  

The NRC reevaluated the portions of the preliminary significance determination related to  

the change in LERF. In the regulatory conference, the licensee argued that the dominant  

sequences were not contributors to the LERF. Therefore, there was no change in LERF  

resulting from the subject performance deficiency. Their argument was based on the  

longer than usual core damage sequences, providing for additional time to core damage,  

and the relatively short time estimated to evacuate the close in population surrounding  

Cooper Nuclear Station.  

LERF is defined in NRC Inspection Manual Chapter 0609, Appendix H, Containment  

Integrity Significance Determination Process as: the frequency of those accidents  

leading to significant, unmitigated release from containment in a time frame prior to the  

effective evacuation of the close-in population such that there is a potential for early health  

effect. The NRC noted that the dominant core damage sequences documented in the  

-7-  

Enclosure 3  

preliminary significance determination were long sequences that took greater than  

12 hours to proceed to reactor pressure vessel breach. The shortest calculated interval  

from the time reactor conditions would have met the requirements for entry into a general  

emergency (requiring the evacuation) until the time of postulated containment rupture was  

3.5 hours. The licensee stated that the average evacuation time for Cooper, from the  

declaration of a General Emergency was 62 minutes.  

The NRC determined that, based on a 62-minute average evacuation time, effective  

evacuation of the close-in population could be achieved within 3.5 hours. Therefore, the  

dominant core damage sequences affected by the subject performance deficiency were  

not LERF contributors. As such, the NRCs best estimate determination of the change in  

LERF resulting from the performance deficiency was zero.  

In the current analysis, the total contribution of the 30-minute sequences to the current case CDF  

is only 0.17% of the total. For 2-hour sequences, the contribution is only 0.04%. That is, almost  

all of the risk associated with this performance deficiency involves sequences of duration 4 hours  

or longer following the loss of all ac power. Based on the average 62-minute evacuation time as  

documented above, the NRC determined that large early release did not contribute to the  

significance of the current finding.  

References  

NUREG/CR-6890, Reevaluation of Station Blackout Risk at Nuclear Power Plants, Analysis of  

Loss of Offsite Power Events: 1986-2004  

Incremental Change in Core Damage Probability Resulting from Degraded Voltage Regulator  

Diode Installed in the Division 2 Diesel Generator, PSA-ES083, Revision 0  

NUREG/CR-6883, SPAR-H Human Reliability Analysis Method  

Peer Review  

John Kramer, NRR  

See-Meng Wong, NRR  

Jeff Circle, NRR  

David Loveless, RIV  

-8-  

Enclosure 3  

Enclosure 4  

PROBABILISTIC SAFETY ASSESSMENT  

COOPER NUCLEAR STATION  

ENGINEERING STUDY  

Incremental Change in Core Damage Probability Resulting from Degraded  

Voltage Regulator Diode Installed in the Division 2 Diesel Generator  

PSA-ES082  

Revision 0  

Prepared By:  

Risk Management Engineer  

$isk Management Engineer  

Risk Management Supervisor  

Revisions:  

PROBABILISTIC SAFETY ASSESSMENT  

COOPER NUCLEAR STATION  

ENGINEERING STUDY  

Incremental Change in Core Damage Probability Resulting from Degraded  

Voltage Regulator Diode Installed in the Division 2 Diesel Generator  

PSA-ES082  

Revision 0  

S ignature/Date  

See Original for Signatures