ML050960036

From kanterella
Revision as of 02:40, 14 July 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
Jump to navigation Jump to search
Final Precursor Analysis - Ginna Grid Loop
ML050960036
Person / Time
Site: Ginna Constellation icon.png
Issue date: 12/17/2004
From: Christopher Hunter
NRC/RES/DRAA/OERAB
To:
Shared Package
ML060030075 List:
References
LER 03-002
Download: ML050960036 (14)
v  d  e


Text

1 For the initiating event assessment, the parameter of interest is the measure of the CCDP. This is thevalue obtained when calculating the probability of core damage for an initiating event with subsequent failure of oneor more components following the initiating event. The reported value is the estimated mean CCDP.

1Enclosure Final Precursor AnalysisAccident Sequence Precursor Program --- Office of Nuclear Regulatory ResearchGinnaAutomatic Reactor Trip and Loss of Offsite Power Due to theAugust 14, 2003, Transmission Grid BlackoutEvent Date8/14/2003LER: 244/03-002 CCDP 1 = 2x10-5December 17, 2004Event Summary At 1611 hours0.0186 days <br />0.448 hours <br />0.00266 weeks <br />6.129855e-4 months <br /> on August 14, 2003, Ginna experienced grid instability and a subsequent reactortrip while operating at approximately 100% power. Offsite power was never completely lost to the buses supplying the power block area; however, the operators determined that the offsite powersupply was unreliable and manually started and loaded the plant emergency diesel generators (EDGs) onto the emergency buses. The EDGs supplied power to safety-related plant loads until offsite power was deemed stable. Attachment A is a timeline of significant events. (Refs. 1 and 2).Cause. The reactor trip was caused by grid instability associated with the regional transmissionsystem blackout that occurr ed on August 14, 2003.Other conditions, failures, and unavailable equipment. Both pressurizer power-operated reliefvalves (PORVs) lifted and reclosed to limit the pressure transient. (Ref. 1).Recovery opportunities. Offsite power was considered stable at 1700 hours0.0197 days <br />0.472 hours <br />0.00281 weeks <br />6.4685e-4 months <br />. Power from offsitewas first restored to an emergency bus at 2108 hours0.0244 days <br />0.586 hours <br />0.00349 weeks <br />8.02094e-4 months <br />.Analysis Results

!Conditional Core Damage Probability (CCDP)The CCDP for this event is 2x10

-5. The acceptance threshold for the Accident SequencePrecursor Program is a CCDP of 1x10

-6. This event is a precursor.Mean5%95%Best estimate2x10-52x10-66x10-5 LER 244-03-002 2!Dominant SequencesThe dominant core damage sequence for this assessment is loss of offsite power(LOOP)/station blackout (SBO) sequences 18-45 (78.9% of the total CCDP). The LOOPand SBO event trees are shown in Figures 1 and 2. The events and important component failures in LOOP/SBO Sequence 18-45 are:

Sloss of offsite power occurs, Sreactor shutdown succeeds, Semergency power is unavailable, Sauxiliary feedwater fails to provide sufficient flow, Soffsite power is not recovered in 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, and San emergency diesel generator is not recovered in 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />.

!Results Tables SThe CCDP values for the dominant sequences are shown in Table 1.

SThe event tree sequence logic for the dominant sequences is presented in Table 2a.STable 2b defines the nomenclature used in Table 2a.

SThe most important cut sets for the dominant sequences are listed in Table 3.

STable 4 presents names, definitions, and probabilities of (1) basic events whoseprobabilities were changed to update the referenced SPAR model, (2) basic eventswhose probabilities were changed to model this event, and (3) basic events that areimportant to the CCDP result.Modeling Assumptions

!Assessment SummaryDue to the unstable power grid, this event was modeled as a LOOP initiating event. Rev.3.10 (SAPHIRE 7) of the Ginna SPAR model (Ref. 3) was used for this assessment. The specific model version used as a starting point for this analysis is dated December 10, 2004.Since this event involves unstable offsite power for a significant duration, probabilities ofnonrecovery of offsite power at different times into the event are important factors in the estimation of the CCDP.Best estimate: Stable and useable offsite power was available in the switchyard at 1700hours, about 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> into this event. Failure to recover offsite power to plant safety-related loads (if needed because EDGs fail to supply the loads), given recovery of power to the switchyard, could result from (1) operators failing to restore proper breaker line-ups, (2)breakers failing to close on demand, or (3) a combination of operator and breaker failures.

The dominant contributor to failure to recover offsite power to plant safety-related loads in this situation is operators failing to restore proper breaker line-ups. This analysis assumedthat at least 30 minutes are necessary to restore power to an emergency bus given that LER 244-03-002 1 Sensitivity analysis has shown that the difference between 30 and 60 minutes restoration time hasminimal effect on the results.

3offsite power is available in the switchyard.

2 The time available for operators to restoreproper breaker line-ups to prevent core damage is dependent on specific acci dentsequences and is modeled as such using the SPAR human reliability model (Ref. 4).Assumptions described below, combined with the assumption of offsite power restoration described above, form the bases for the LOOP nonrecovery probabilities.!Important AssumptionsImportant assumptions regarding power recovery modeling include the following:

SNo opportunity for the recovery of offsite power to safety-related loads is consideredfor any time prior to power being available in the switchyard.

SAt least 30 minutes are required to restore power to emergency loads after poweris available in the switchyard.

SSPAR models do not credit offsite power recovery following battery depletion.The GEM program used to determine the CCDP for this analysis will calculate pr obabilitiesof recovering offsite power at various time points of importance to the analysis based on historical data for grid-related LOOPs. In this analysis, this feature was overridden; offsite power recovery probabilities were based on (1) known information about when power wasrestored to the switchyard and (2) use of the SPAR human error model to estimateprobabilities of failing to realign power to emergency buses for times after power wasrestored to the switchyard. Attachment B is a general description of analysis of LOOP events in the Accident SequencePrecursor Program. It includes a description of the approach to estimating offsite power recovery probabilities.!Event Tree and Fault Tree ChangesA rule was developed for LOOP/SBO sequence 18-45. After discussion with INEEL, it hasbeen determined that basic event AFW-XHE-XM-FIREW does not apply to short term core damage sequences. The rule is provided below.if AFW-XHE-XM-FIREW then DeleteRoot; endif

!Basic Event Probability ChangesTable 4 includes basic events whose probabilities were changed to reflect the event beinganalyzed. The bases for these changes are as follows:

SProbability of AFW motor-driven pump (MDP) B fails to run (AFW-MDP-FR-AF01B). Operators caused AFW MDP '1B' to trip while trying to restore to a normallineup. Therefore, AFW-MDP-FR-AF01B was set to 1.0. This event has minimal effect on the analysis results.

LER 244-03-002 4 SProbability of failure to recover offsite power in 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (OEP-XHE-XL-NR01H).During the event, reliable offsite power was available in the switchyard 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> into the event. Therefore, the operators did not have sufficient time to recover offsite power to the vital safety buses. Using the SPAR human error model to determine the value (see Attachment C), OEP-XHE-XL-NR01H was set to TRUE.

SProbability of failure to recover offsite power prior in 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> (OEP-XHE-XL-NR02H). During the event, reliable offsite power was available in the switchyard 1hour into the event. Therefore, the operators had 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> to recover offsite power to the vital safety buses. Using the SPAR human error model to determine the value (see Attachment C), OEP-XHE-XL-NR02H was set to 1.0x10

-2. SProbability of failure to recover offsite power prior in 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> (OEP-XHE-XL-NR03H). During the event, reliable offsite power was available in the switchyard 1hour into the event. Therefore, the operators had 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> to recover offsite power to the vital safety buses. Using the SPAR human error model to determine the value (see Attachment C), OEP-XHE-XL-NR03H was set to 1.0x10

-2.SProbability of failure to recover offsite power prior in 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> (OEP-XHE-XL-NR04H). During the event, reliable offsite power was available in the switchyard 1hour into the event. Therefore, the operators had 3 hours3.472222e-5 days <br />8.333333e-4 hours <br />4.960317e-6 weeks <br />1.1415e-6 months <br /> to recover offsite power to the vital safety buses. Using the SPAR human error model to determine the value (see Attachment C), OEP-XHE-XL-NR04H was set to 1.0x10

-3.SProbability of failure to recover offsite power prior in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (OEP-XHE-XL-NR06H). During the event, reliable offsite power was available in the switchyard 1hour into the event. Therefore, the operators had 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> to recover offsite power to the vital safety buses. Using the SPAR human error model to determine the value (see Attachment C), OEP-XHE-XL-NR06H was set to 1.0x10

-3.SProbability of PORVs/SRVs to open during LOOP (PPR-SRV-CO-L). During thisevent, both of the pressurizer's PORVs lifted to limit the pressure transient.Therefore, PPR-SRV-CO-L was set to TRUE.

SProbability of PORVs/SRVs to open during SBO (PPR-SRV-CO-SBO). Duringthis event, both of the pressurizer's PORVs lifted to limit the pressure transient.Therefore, PPR-SRV-CO-SBO was set to TRUE.

SProbability of diesel generators failing to run (ZT-DGN-FR-L). The defaultdiesel generator mission times were changed to reflect the actual time offsite power was restored to the first vital bus (approximately 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />). Since the overall fail-to-run is made up of two separate factors, the mission times for the factors were set to the following: ZT-DGN-FR-E = 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (base case value) and ZT-DGN-FR-L = 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />.SProbability of auxiliary feedwater turbine-driven pump failing to run (ZT-TDP-FR-L). Since the AFW TDP is the only ac-power-independent pump in the AFWsystem, the AFW TDP mission time was set to the actual time that offsite powerwas restored to the second vital bus (approximately 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />). Since the overall fail-to-run is made up of two separate factors, the mission times for the factors were set LER 244-03-002 5to the following: ZT-TDP-FR-E = 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (base case value) and ZT-TDP-FR-L = 4hours. References 1.Licensee Event Report 244/03-002, Revision 0, Major Power Grid Disturbance Causes Lossof Electrical Load and Reactor Trip, event date August 14, 2003 (ADAMS Accession No.ML0328904410).2.NRC Region 1 Grid Special Report, October 15, 2003 (ADAMS Accession No.ML0324102160).3.R. F. Buell and J. K. Knudsen , Standardized Plant Analysis Risk Model for Ginna (ASPPWR B), Revision 3.10, December 2004.4.D. Gertman, et al., SPAR-H Method, INEEL/EXT-02-10307, Draft for Comment, November2002 (ADAMS Accession No. ML0315400840).

LER 244-03-002 6Table 1. Conditional probabilities associated with the highest probability sequen ces.Event treenameSequence no.Conditional core damageprobability (CCDP)1PercentagecontributionLOOP/SBO18-451.5x10

-578.9%Total (all sequences) 21.9x10-51.Values are point estimates. (File name: GEM 244-03-002 12-13-2004.wpd)2.Total CCDP includes all sequences (including those not shown in this table).Table 2a. Event tree sequence logic for the dominant sequences.Event treenameSequence no.Logic("/" denotes success; see Table 2b for top event names)LOOP/SBO18-45/RPS, EPS, AFW-B, OPR-01H, DGR-01HTable 2b. Definitions of fault trees listed in Table 2a.AFW-BNO OR INSUFFICIENT AFW FLOWDGR-01HOPERATOR FAILS TO RECOVER AN EDG IN 1 HOUREPSEMERGENCY POWER SYSTEM FAILURESOPR-01HOFFSITE POWER RECOVERY IN 1 HOUR RPSREACTOR FAILS TO TRIP DURING LOOPTable 3. Conditional cut sets for dominant sequen ces.CCDP 1PercentcontributionMinimal cut sets 2Event Tree: LOOP, Sequence 18-451.4 x 10-69.6EPS-XHE-XL-NR01HEPS-DGN-CF-FRABAFW-XHE-XO-TDP8.6 x 10-75.8EPS-XHE-XL-NR01HEPS-DGN-CF-FRABAFW-XHE-XM-HVAC8.6 x 10-75.8EPS-XHE-XL-NR01HEPS-DGN-CF-FRABAFW-TDP-FS-TDP8.1 x 10-5Total (all cut sets) 31.Values are point estimates.2.See Table 4 for definitions and probabilities for the basic events.3.Totals include all cut sets (including those not shown in this table).

LER 244-03-002 7Table 4. Definitions and probabilities for modified or dominant basic events.Event nameDescriptionProbability/frequencyModifiedAFW-MDP-FR-AF01BAFW MOTOR-DRIVEN PUMP 1B FAILS TO RUN1.0Yes 1AFW-TDP-FS-TDPAFW TURBINE-DRIVEN PUMP FAILS TOSTART6.0x10-3 NoAFW-XHE-XM-HVACOPERATOR FAILS TO RESTART AFWVENTILATION6.0x10-3 NoAFW-XHE-XO-TDPFAILURE TO CONTROL AFW TDP AND ALIGNFW COOLING1.0x10-2 NoEPS-DGN-CF-FRABCCF OF DIESEL GENERATORS 'A' AND 'B' TO RUN1.7x10-4Yes 1EPS-XHE-XL-NR01HOPERATOR FAILS TO RECOVER AN EDG IN 1HOUR8.4x10-1 NoIE-LOOPLOSS OF OFFSITE POWER (INITIATINGEVENT)1.0Yes 2OEP-XHE-XL-NR01HOPERATOR FAILS TO RECOVER OFFSITEPOWER WITHIN 1 HOURTRUEYes 3OEP-XHE-XL-NR02HOPERATOR FAILS TO RECOVER OFFSITEPOWER WITHIN 2 HOURS1.0x10-2Yes 3OEP-XHE-XL-NR03HOPERATOR FAILS TO RECOVER OFFSITEPOWER WITHIN 3 HOURS1.0x10-2Yes 3OEP-XHE-XL-NR04HOPERATOR FAILS TO RECOVER OFFSITEPOWER WITHIN 4 HOURS1.0x10-3Yes 3OEP-XHE-XL-NR06HOPERATOR FAILS TO RECOVER OFFSITEPOWER WITHIN 6 HOURS1.0x10-3Yes 3PPR-SRV-CO-LPORVs/SRVs OPEN DURING LOOPTRUEYes 1PPR-SRV-CO-SBOPORVs OPEN DURING SBOTRUEYes 1ZT-DGN-FR-LEDG FAILS TO RUN (LONG TERM)3.2x10

-3Yes 4ZT-DGN-FR-LAFW TDP FAILS TO RUN (LONG TERM)2.0x10

-4Yes 41.Event changed to reflect the condition being analyzed. See report and Basic Event Probability Changes for further details.2.Initiating event assessment- all other initiating event frequencies set zero.3.Evaluated per the SPAR-H method (Ref. 4). See report and Attachment C for further details. 4.Changed mission times to correspond to the time offsite power was restored to the first and second vital busses. See report and Basic Event Probability Changes for further details.

LER 244-03-002 8Attachment AEvent TimelineTable A.1 Timeline of significant events.Time 1Event1611Reactor trips due to grid instability. Offsite power was not lost, but voltage was unstable1614EDGs are manually started and loaded to power the emergency buses1700Stable power available in switchyard2108First emergency bus is switched to offsite power source2108Second emergency bus is switched to offsite power source1.All times are on August 14, 2003.

LER 244-03-002 1 ASP Guideline A: Detailed Analysis, U.S. Nuclear Regulatory Commission.

9Attachment BLOOP Analysis ProcedureThis procedure is not intended to stand alone; instead it is intended to augment ASP Guideline A:Detailed Analysis

1. LOOP event analyses are a type of initiating event assessment as describedin ASP Guideline A. Specific analysis steps that are unique to ASP analysis of LOOP events are included here.1.Determine significant facts associated with the event.1.1Determine when the LOOP occurred.1.2Determine when stable offsite power was first available in the switchyard.

1.3Determine when offsite power was first restored to an emergency bus.

1.4Determine when offsite power was fully restored (all emergency buses poweredfrom offsite, EDGs secured).1.5Identify any other significant conditions, failures, or unavailabilities that coincidedwith the LOOP.2.Model power recovery factors associated with the best estimate case and anydefined sensitivity cases.2.1For the best estimate case, the LOOP duration is the time between the occurrenceof the LOOP and the time when stable power was available in the switchyard plus the assumed time required to restore power from the switchyard to emergency buses. Attachment C documents the probabilistic analysis of power recoveryfactors for the best estimate case analysis.2.2If EDGs successfully start and supply emergency loads, plant operators do nottypically rush to restore offsite power to emergency buses, preferring to wait until grid stability is more certain. Therefore, a typical upper bound sensitivity caseconsiders the LOOP duration as the time between the occurrence of the LOOP andthe time when offsite power was first restored to an emergency bus. Attachment C documents the probabilistic analysis of power recovery factors for the sensitivitycase analysis.3.Model event-specific mission durations for critical equipment for the best estimatecase and any defined sensitivity cases. (For most equipment, SPAR model failure probabilities are not functions of defined mission durations and are therefore not affected by this analysis step. Notable exceptions include EDGs and, for PWRs, turbine-driven auxiliary feedwater pumps.)3.1For the best estimate case, mission durations are set equal to the assumed LOOPduration as defined in Step 2.1 above.3.2For a typical upper bound sensitivity case, mission durations are set equal to thetime between the occurrence of the LOOP and the time when offsite power was fully restored to all emergency buses. (Note these mission durations are longer than the assumed LOOP duration defined in Step 2.2 above; they are intended to representthe longest possible mission duration for any critical equipment item.)

LER 244-03-002 10Attachment CPower Recovery Modeling

!Backgr oundThe time required to restore offsite power to plant emergency equipment is a significantfactor in modeling the CCDP given a LOOP. SPAR LOOP/SBO models include varioussequence-specific ac power recovery factors that are based on the time available to recover power to prevent core damage. For a sequence involving failure of all of the cooling sources, only about 30 minutes would be available to recover power to help avoid core damage. On the other hand, sequences involving successful early inventory control anddecay heat removal, but failure of long-term decay heat removal, would accommodate several hours to recover ac power prior to core damage.In this analysis, offsite power recovery probabilities are based on (1) known informationabout when power was restored to the switchyard and (2) estimated probabilities of failingto realign power to emergency buses for times after offsite power was restored to the switchyard. Power restoration times were reported by the licensee in the LER and in response to the questionnaire that was conducted by the NRC Regional Office. The timeused is the time at which the grid operator informed the plant that power was available tothe switchyard (with a load limit). Although the load limit was adequate to energize plant equipment and, if necessary, prevent the occurrence of an SBO sequence, plant operatorsdid not immediately load safety buses onto the grid. This ASP analysis does not consider the possibility that grid power would have been unreliable if that power were immediatelyused. Failure to recover offsite power to plant safety-related loads (if needed because EDGs failto supply the loads), given recovery of power to the switchyard, could result from (1) operators failing to restore proper breaker line-ups, (2) breakers failing to close on demand,or (3) a combination of operator and breaker failures. The dominant contributor to failure to recover offsite power to plant safety-related loads in this situation is operators failing torestore proper breaker line-ups. The SPAR human error model (ref.) was used to estimate nonrecovery probabilities as a function of time following restoration of offsite power to theswitchyard. The best estimate analysis assumes that at least 30 minutes are necessary to restore offsite power to emergency buses given offsite power is available in the switchyard.

!Human Error ModelingThe SPAR human error model generally considers the following three factors:

SProbability of failure to diagnose the need for action SProbability of failure to successfully perform the desired action SDependency on other operator actions involved in the specific sequence of interestThis analysis assumes no probability of failure to diagnose the need to recover ac powerand no dependency between operator performance of the power recovery task and any other task the operators may need to perform. Thus, each estimated ac power nonrecovery probability is based solely on the pr obability of failure to successfully perform the desiredaction.

LER 244-03-002 11The probability of failure to perform an action is the product of a nominal failure probability(1.0x10-3) and the following eight performance shaping factors (PSFs):

SAvailable time SStress SComplexity SExperience/training SProcedures SErgonomics SFitness for duty SWork processesFor each ac power nonrecovery probability, the PSF for available time is assigned a valueof 10 if the time available to perform the action is approximately equal to the time required to perform the action, 1.0 if the time available is between 2 and 4 times the time required, and 0.1 if the time available is greater than or equal to 5 times the time required. If the timeavailable is inadequate (i.e., less than the time to restoration of power to the switchyard plus 30 minutes for the best estimate), the ac power nonrecovery probability is 1.0 (TRUE).The PSF for stress is assigned a value of 5 (corresponding to extreme stress) for all acpower nonrecovery probabilities. Factors considered in assigning this PSF include thesudden onset of the LOOP initiating event, the duration of the event, the existence of compounding equipment failures (ac power recovery is needed only if one or more emergency buses are not powered by EDGs), and the existence of a direct threat to the plant.For all of the ac power nonrecovery probabilities, the PSF for complexity is assigned a valueof 2 (corresponding to moderately complex) based on the need for multiple breaker alignments and verifications.For all of the ac power nonrecovery probabilities, the PSFs for experience/training,procedures, ergonomics, fitness for duty, and work processes are assumed to be nominal (i.e., are assigned values of 1.0).

!ResultsTable C.1 presents the calculated values for the ac power nonrecovery probabilities usedin the best estimate analysis. Table C.1 AC Power Nonrecovery ProbabilitiesNonrecovery FactorNominalValue PSFNonrecoveryProbabilityTimeAvailableProduct ofAll OthersOEP-XHE-XL-NR01H1.0x10

-3Inadequate10TRUEOEP-XHE-XL-NR02H1.0x10

-31101.0x10-2OEP-XHE-XL-NR03H1.0x10

-31101.0x10-2OEP-XHE-XL-NR04H1.0x10

-30.1101.0x10

-3OEP-XHE-XL-NR06H1.0x10

-30.1101.0x10

-3Attachment D LER 244-03-002 12Response to Comments1.Comment from Bob Clark, Licensing Project Manager for Ginna - Feedwater controlsystem failure (Ref. D.1)"There was a failure in the digital feedwater control system at Ginna during the grid eventthat you may want to consider in the SPAR model. Westinghouse plants have a controlsignal to close the main feedwater regulating valves (MFRVs) after a reactor trip when the RCS average temperature drops several degrees below the normal value. This MFRVclosure failed at Ginna due to voltage fluctuations which caused the digital feedwater control system to switch to manual. Both SGs filled up to the high-high level setpoint. At thatpoint a safety-related signal closed the MFRVs. This is described in the Ginna LER. AFW was available to both SGs. The primary concern would be an overfill of the SGs, increasing the probability of a steam line break (for example, a SG safety valve opens on high SGpressure, and a slug of water gets accelerated through it, causing it to fail open). However, since the high-high level terminated the overfill, and the setpoint is designed to protectagainst overfill, it may not be that significant in the risk model."Response: The analysis gave no credit for MFW working (i.e., it was slightly conservative).Overfilling a steam generator is not addressed by the SPAR model. It is probably not risksignificant, as stated above in the comment.2.Comment from Kenneth Kolaczyk, Ginna SRI - Feedwater control system failure"The description of the Ginna event as outlined on page two of the forwarding memo, andpage five of attachment one, seems to indicate that the 'B' Motor Driven AuxiliaryFeedwater (MDAFW) pump did not start and operate as designed following the trip. This is incorrect, as the pump did operate as designed. It was damaged only after the operators failed to correctly align the AFW system when they were restoring it to a more "normal"lineup following the trip. I am not sure if this fact will effect the results of your analysis. If you want additionalinformation regarding the particulars of the error, see NRC inspection report 50-244/2003-006."Response: Even though the "B" motor-driven AFW pump failed due to operator error, it didfail to complete its mission time, and therefore it is modeled as failed to run. This had a negligible effect on the quantitative result.

References:

1.Ginna feed reg valve failure during 8/14/03 event, e-mail from John P. Boska, LicensingProject Manager (Hope Creek), U.S. Nuclear Regulatory Commission, to Gary Demoss, U.S. Nuclear Regulatory Commission, March 11, 2004.

HPRHIGHPRESSURERECIRC RHRRESIDUALHEATREMOVALPZR RCSDEPRESSFOR LPI/RHRSSCSECONDARYSIDECOOLDOWNOPR-06HOFFSITEPOWERRECOVERYIN 6 HRSOPR-02HOFFSITEPOWERRECOVERYIN 2 HRS FAB FEEDANDBLEEDHPIHIGHPRESSUREINJECTIONLOSCRCP SEALCOOLINGMAINTAINED PORV PORVsARECLOSEDAFWAUXILIARYFEEDWATEREPSEMERGENCYPOWERRPSREACTORSHUTDOWNIE-LOOPLOSS OFOFFSITEPOWER# END-STATE 1 OK 2T LOOP-1 3 OK 4 OK 5 CD 6 OK 7 CD 8 OK 9 CD 10 OK 11 CD 12 CD 13 OK 14 CD 15 OK 16 CD 17 CD 18T SBO 19T ATWSHPR-LHPR-LFAB-LAFW-LPORV-LLOSC-LHPI-LFigure 1: Ginna LOOP event tree.

13SENSITIVE - NOT FOR PUBLIC DISCLOSURESENSITIVE - NOT FOR PUBLIC DISCLOSURE LER 244/03-002 LER 244/03-002 13 13SENSITIVE - NOT FOR PUBLIC DISCLOSURESENSITIVE - NOT FOR PUBLIC DISCLOSURE LER 244/03-002 DGR-04HDIESELGENERATORRECOVERY(IN 4 HR)OPR-04HOFFSITEPOWERRECOVERY(IN 4 HR)O2RCPSEALSTAGE 2INTEGRITYBP2RCPSEALSTAGE 2INTEGRITY O1RCPSEALSTAGE 1INTEGRITYBP1RCPSEALSTAGE 1INTEGRITYRSDRAPIDSECONDARYDEPRESSPORVPORVsARECLOSEDAFWAUXILIARYFEEDWATER BP2 SEAL STAGE 2 INTEGRITY

  1. END-STATE NOTES 1 OK 2 OK 3 CD 25-hour-Tcu 4T SBO-1 5 OK 6 CD 4-hour-Tcu 7T SBO-1 8 OK 9 CD 9-hour-Tcu 10T SBO-1 11 OK 12 CD 2-hour-Tcu 13T SBO-2 14 OK 15 CD 25-hour-Tcu 16T SBO-2 17 OK 18 CD 3-hour-Tcu 19T SBO-2 20 OK 21 CD 3-hour-Tcu 22T SBO-2 23 OK 24 CD 6-hour-Tcu 25T SBO-2 26 OK 27 CD 2-hour-Tcu 28T SBO-2 29 OK 30 CD 2-hour-Tcu 31T SBO-2 32 OK 33 CD 6-hour-Tcu 34T SBO-2 35 OK 36 CD 2-hour-Tcu 37T SBO-2 38 OK 39 CD 2-hour-Tcu 40T SBO-2 41 OK 42 CD 30-min-Tcu 43T SBO-3 44 OK 45 CD 30-min-TcuOPR-01HOPR-01H21 gpm/rcp182 gpm/rcp76 gpm/rcp480 gpm/rcp 21 gpm/rcp 172 gpm/rcp182 gpm/rcp61 gpm/rcp 300 gpm/rcp 300 gpm/rcp 76 gpm/rcp300 gpm/rcp 480 gpm/rcpOPR-02HOPR-03HOPR-03HOPR-02HOPR-02HOPR-02HOPR-02HDGR-02HDGR-03HDGR-03HDGR-02HDGR-02HDGR-02HDGR-02HAFW-BPORV-BDGR-01HDGR-01HFigure 2: Ginna SBO event tree with dominant sequence highlighted. LER 244/03-002 14
Retrieved from "https://kanterella.com/w/index.php?title=ML050960036&oldid=1852092"