auxiliary feedwater sys reliability analysis' for facility
TRANSCRIPT
',
. ,
.
.
AUXILIARY FEEDWATER SYSTEM
RELIABILITY ANALYSIS
FOR
CRYSTAL RIVER
UNIT NO. 3
By
W. W. Weaver
B. L. BrooksR. S. Enzinna
' October 1979
Babcock & WilcoxPower Generation Group
Huclear Power Generation DivisionP.O. Box 1260
Lynchburg, Va. 24505
1666 006
8001020 teJ b
'L. .
TABLE OF C0flTEf1TS
Section Page
Executive Summary iii
1.0 Introduction 1
1.1 Background 1
1.2 Objectives 1
1.3 Scope 1
1.4 Analysis Technique 21.5 Assumptions & Criteria 2
2.0 System Description 5
2.1 Overall Configuration 5-
2.2 Supporting Systems 7
P.3 Power Sources 82.4 Instrumentation & Control 82.5 Operator Actions 112.6 Testing 11
,
2.7 Technical Specification Limitations 11
3.0 Reliability Evaluation 13
3.1 Fault Tree Technique 133.2 Comparative Reliability Results 133.3 Dominant Failure Contributors 14
References 16
Appendix A A-1
Appendix B B-1
1666 007
--
8 L9
LIST OF FIGURES
Figure
1. Crystal River Unit 3 - AFWS
2. Crystal River Unit 3 - Simplified Power Source Diagram
3. Crystal River Unit 3 - Simplified Power Source DiagramDC Loads
4. Crystal River Unit 3 - Simplified Power Source DiagramAC Valves
5. Crystal River Unit 3 - Pump Start Logic
6. Crystal River Unit 3 - SLRM Logic
7. Comparison of Crystal River AFWS Reliability With NRCResults for h[ Plants
.
%
'
.1666 008
~
.
' ..
EXECUTIVE SUPJMRY,
The NRC has requested all operating plants with Babcock & Wilcox (B&W)designed reactors to consider means for upgrading the reliability of theirAuxiliary Feedwater Sy::tems (AFWS). As a part of the response to this request,Florida Power Corporation and the other B&W Owners Group utilities have requestedB&W to perform a simplified reliability analysis of existing auxiliary feedwatersystems. This draft report presents the results of that reliability study forthe Crystal River 3 AFWS.
The primary objective of this study was to evaluate the Crystal River 3AFWS reliability (defined as " point unavailability") using an approach which wouldproduce results comparable to those obtained by f1RC staff analyses for Westinghouseand Combustion Engineering Plants. Another objective was to identify dominantfailure contributors affecting system reliability.
AFWS reliability was assessed for three cases: Loss of Main Feedwater (LMFW)with reactor trip, LMFW with Loss of Offsite Power (LMFU/ LOOP) and LMFW with Lossof all AC power (LMFW/LOAC). System reliability was assessed by the constructionand analysis of fault trees.
The results of this study are on the following page. These results indicatethe Crystal River 3 AFWS reliability, based on the reliabilities obtained by theNRC for Westinghnuse plants, is medium for LMFW, low to medium for LMFW/ LOOP, and
low for LMFW/LOAC. The LOOP case is iow for 5 minutes because the operator mustmanually load the motor-driven auxiliary feedwater pump on the diesel generator.AFWS probability of failure for the LMFW/LOAC case is 1.0, accounting for themajor AC dependency of pump cooling water..
Dominant failure contributors which were identified in this study include1) dependency on external AC-powered cooling water pumps, and 2) system
unavailability resulting from outages for preventive maintenance.
A similar study will be performed for each Owners Group utility and additionalplant specific draft reports will be prepared. At the conclusion of the program,information contained in the plant specific reports will be collected and used togenerate an AFWS reliability report comparing all B&W operating plants.
1666 009
- _.. - - - - . -. -
_-.
'
COMPARISON OF CRYSTAL RIVER AFWS RELIABILITY WITH NRC RESULTS FOR W PLANTS_
CASE 1: LMFW CASE 2: LOOP CASE 3: LOAC
LOW MED HIGH LOW MED HI GH LOW * MED* H I GH *______
5 1 d h
CR 3 15 g 5 3
30 0 e e.______ _ _ _ ______ _ _ _ . _____ _ _ _ _ _ _ ___ _ _ _ _ _ _ _ _ _
All E $ $ O O O OPLANTS
-
g _ _. _ _ __ _
wd MISSION SUCCESS WITHIN 5 MINUTES g g RANGE OF f_ PLANTS
E MISSION SUCCESS WITHIN 15 MINUTES
$ MISSION SUCCFSS WITHIN 30 MINUTES *THE SCALE FOR CASE 3 IS NOT THE SAME AS FORCASES 1 & 2
,
. .,
1.0 Intrcduction
1.1 Background
This report presents the results of a reliability study for the Crystal River3 Auxiliary Feedwater System (AFWS). The NRC is conducting similar analysesfor Westinghouse and Combustion Engineering plants. Preliminary results of
the NRC study are available (Reference 1) and have been included in this,
report for comparison with the Crystal River 3 AFWS reliability. The approach
employed in this study for Crystal River 3 has been developed in close coordina-tion with the NRC and is, therefore, expected to yield comparable results.
1.2 Ojtjectives
Th7 objectives of this study are:
e To perform a simplified analysis to assess the relative reliability ofthe Crystal River 3 AFWS. It is intended that the results of this analysis
be directly comparable to those obtained by the NRC for Westinghouse andCombustion Engineering plants. This is assured by the use of the sameevaluative technique, event scenarios, assumptions and reliability dataused by the NRC.
e To identify, through the development of reliability-based insight,dominant failure contributors to the Crystal River 3 AFWS unreliability.
1.3 Scope
The Crystal River 3 AFWS was analyzed as it existed on August 1,1979. Three
event scenarios were analyzed:
o Case 1 - Loss of Main Feedwater with Reactor Trip (LMFW).
e Case 2 - LMFW coincident with Loss of Offsite Power (LMFW/ LOOP).
e Case 3 - LMFW coincident with Loss of all AC Power (LMFW/LOAC).
These event scenarios were taken as given; that is, postulated causes forthese scenarios and the associated probabilities of their occurrence werenot considered. Additionally, external common mode events (earthquakes,fires, etc.) and their effects were excluded from consideration.
For each of the three cases, system reliability as a function of time was
evaluated.
1666 011
-1-
.
, .,
1.4 Analysis Technique
The evaluation of reliability for the Crystal River 3 AFWS was based primarilyon the construction and analysis of fault trees. This technique encouragesthe development of insights which permit i Mntification of the primarycontributors to system unreliability. Application of this technique isdescribed in detail in Section 3.1.
.
1.5 Assumptions and Criteria
Assumptions and criteria were made in consultation with the NRC staff and
were selected to :s are that the Crystal River 3 reliability evaluationresults will be comparable to those obtained by the NRC for the Westinghouseand Combustion Engineering analyses.
1) Criterion for Mission Success - In order to evaluate the overall reliabilitycontribution of system components, it is necessary to establish whetheror not failure of those components will prevent successful accomplishmentof the AFWS mission. Thus, it is necessary to explicitly define thecriterion for mission success. The criterion adopted for this study wasthe attainment of flow from at least one pump to at least one steamgenerator. Mission success can be alternatively defined as at least onerunning pump with suction to a source of water and an open flow path toat least one generator _without flow diversion.
System reliability was calculated at times of 5,15, and 30 minutes toallow for a range of operator action. These times were specificallychosen because NRC-supplied operater reliability data for these times wascvailable; however, these times are reasonable and consistent with LMFWmitigation for B&W plants. In their study, the NRC staff has used steamgenerator dryout time as a criterion for successful AFWS initiation, andthe 5 minute case represents a comparable result for B&W plants sinceauxiliary feedwater delivery withir. 5 minutes will prevent steam generatordryout. However, steam generator dryout itself does not imply seriousconsequences; a more appropriate criteria is the maintenance of adequatecore cooling. Recent ECCS analyses (Reference 2) have shown that adequatecore cooling can be maintained for times in excess of 20 minutes without
AFWS operation, providing that at least one High Pressure Injection Pumpis operated.
1666 012
-2
'g t
*
.
2) Power Availability - The following assumptions were made regardingpower availability:
LMFW - All AC and DC power was assumed available with a probability of1.0.
LMFW/ LOOP - The most limiting diesel generator was unavailable with aprobability of 10-2 The other generator was assumed available.
with a probability of 1.0. (The most limiting generator wasDG-3A (see Figure 2) which, in Case 2, provides power to ESbus 3A which supplies the motor-driven EFW pump.)
LMFW/LOAC - DC and battery-backed AC were assumed available witn a
probability of 1.0.
3) NRC-Suoplied Data - NRC-supplied unreliability data for hardware, operatoractions and preventive maintenance were assumed valid and directly applicable.These data are listed in Appendix B.
4) Small Lines Ignored - Lines on the order of 1-inch were imred as possibleflow diversion paths.
5) Coupled Manual Actions - Manual initiation of valves with identical function
was considered coupled. Such valves were assumed to be both opened manuallyor both not opened. The case in which one valve was opened and the othervalve was left closed was not considered.
6) Degraded Failures - Degraded failures were not considered; that is,components were assumed to operate properly or were treated as failed.The only exception to this assumption was the Electric / Pneumaticsignal converters which result in a 50% flow control valve position onloss of power; this position was considered as not failed closed and,therefore, capable of passing adequate flow.
7) Condensate Storage Tank - The Condensate Storage Tank is a Seismic-6
Category I structure and a failure probability of 5 x 10 was assigned
to this tank.
8) ICS Reliability - Although separate control circuits are provided withinthe Integrated Control System (ICS) to control the flow of AFW to eitherof the steam generators, the ICS was assumed to consist of only a singlecontrol device with signals to both AFWS trains and a failure probability
-3of 7 x 10 was assigned to ICS operation.
1666 013
ty
9) Alternate Steam Source - Although steam is alternately available tothe turbine-driven auxiliary feedwater pump from the fossil-poweredUnits 1 and 2, this was not considered in the reliability study. Use
of this steam required operation of manual valves in Unit 3 and Unit 1or 2.
'
,
1666 014
.
e e
.
',
2.0 System Description
2.1 Overall Configuration
A diagram of the Crystal River Unit 3 AFWS is presented in Figure 1. The
system consists of two interconnected trains, each capable of supplyingauxiliary feedwater to either or both steam generators under automatic ormanual initiation and control.
,
2.1.1 Suction
The primary water source for both trains of the Crystal River AFUS is theSeismic Category 1 Condensate Storage Tank, CDT-1. Separate six-inch lineswith normally open AC-powered valves draw suction through a common eight-inchline with a locked-open manual valve.
A reserve of 150,000 gallons is maintained within the tank and is verifiedby control room indication of level, control room annunciation on low level,
and Technical Specification requirements.
An alternate, non-seismic source of water is available for AFWS use from the
main condenser hotwell. Separate eight-inch lines with normally-closed DC-powered valves can draw suction through a common eight-inch line with anormally-open manual valve. The DC-powered valves are interlocked such thatthey can be opened only if at least oneof two DC-powered vacuum breaker valvesis open.
2.1.2 _P_ umps and Discharge Cross-Tie
The pumps in both trains are each rated at 740 gpm with a design recirculationficwrate of 20 gpm. Thus each pump is capable of delivering 720 gpm againstmaximum OTSG pressure to the discharge piping supplying both steam generators.
The Train A pump (EFP-2) is a turbine-driven pumo, capable of receiving motivesteam from either OTSG or from the auxiliary steam supply from fossil-poweredUnits 1 and 2. The Train B pump (EFP-1) is a motor-driven pump powered from
diesel-backed ES bus 3A.
The pumps are interconnected at their discharge by separate cross-ties, eachcontaining a nornally-open DC-powered valve and a check valve. In addition,
there is another crass-tie containing two normally-closed manual valves.
-s- 1666 015
.
., ,
2.1.3 Flow Control Valves
The flow of auxiliary feedwater to each s ..' ,, ..Jr is controlled by
pneumatic valves FWV-39 and FWV-40. Du ri r.3 ;ic AFWS initiation and-
control these valves are under control of the ategrated Control System (ICS)via electric to pneumatic converters. Control 6 - these valves, including
manual control, will be described in greater am Section 2.4.
Valves FW-39 and 40 function both as the auxiliary feedwater flow controlvalves and as the startup feedwater flow control valves. During low poweroperation, flow from the main feedwater pump passes through FWV-41 (FWV-42),is controlled by FWV-40 (FWV-39), and re: rns to the main feedwater headerthrough FWV-36 (FWV-33); FWV-35 (FWV-34) i3 closed to prevent this flow fromentering the auxiliary f6edwater nozzles.
2.1.4 Steam Supply for EFP-2
Steam for the turbine-driven pump (EFP-2) is extracted immediately downstreamof both steam generators. This steam must pass through a normally-open DC-operated stop-check valve (MS-55 or 56) a check valve (MS-186 or 187) and anormally-closed DC-operated stop valve (ASV-5). Initiation of the turbine-
driven pump is accomplished by opening this stop valve. Initiation signels
are described in Section 2.4..
In addition, an alternate source of steam is available from fossil-poweredUnits 1 and 2 and taps in immediately upstream of ASV-5. Lineup of this
source required local, manual operation of valves at both Unit 3 and eitherUnit 1 or 2; therefore, this feature was not included in the reliability study.
2.1.5 Other Important System Features
The primary components for AFWS operation following LMFW are described above.
There are additional system features, however, which affect overall systemreliability. These features are described below:
Steam Line Ruoture Matrix: This feature is a redundant, Class IE logic matrixthat senses low steam generator pressure and isolatesthe generator with ~ w pressure by closing main steamisolation valves, main feedwater isolation valves,
and auxiliary feedwater isolation valves (FWV-33,34,35,36,161,162).
666 016-6-
'..,
Remote Manual Bvoass Valves: Two remote-manual, normally-open, DC-powered
bypass valves (FWV-161,162) are provided, onein each AFWS supply line to the steam generators.These valves provide a back-up means of controllingAFWS flow should the ICS-controlled valves (FWV-39,40) fail for any reason. They are pre-throttled to
provide = 550 gpm to each steam generator at design- pressure.
2.1.6 Valve Indications and Operability
All AC-and DC-powered valves fail "as is" on the loss of electric power. Allsuch valves shown on Figure 1 are controllable from the control room and theirposition is indicated in the control room. Power for the indication and controlof these valves is derived from the power source for the respective valve motors.Only four valves (EFV-3,4,7, and 8) are AC-powered (non-vital) and they arenormally open. '
The penumatic flow control valves (FWV-39,40) will fail "as is" on loss ofsupply air pressure. An air lock is provided that senses. low air pressure and
,
de-energizes a solenoid valve to lock the existing air pressures across thecontrol valve piston. An air reservoir is provided for each valve whichallows remote-manual opening of the control valve when normal supply air islost. This is accomplished using DC-powered solenoid valves to direct air fromthe reservoir to the underside of the control valve piston while venting thetop of the piston. Loss of power to the electric / pneumatic converters willresult in the valves assuming a position of approximately 50% open.
In addition to the backup air supply, further reliability is achieved by the
provision of remote-manual DC-powered valves (FWV-161,162).
2.2 Supporting Systems
The only supporting systems required for successful operation of the AFWS iscooling water for the pumps. Pump cooling water is supplied by the fluclearServices Closed Cycle Cooling System. The two EFW pumps are supplied in
parallel from a common header. Five cooling water pumps are provided, two ofwhich receive diesel-backed power. The cooling system is Seismic Class I.All valves in the loop supplying the EFW pumps are normally open manual valves.
1666 017-7_
.
a,
Lubricating oil is an integral system powered by the pump shaft, and requiresno electrical input.
2.3 Power Sources
Simplified diagrams showing power distribution for the AFWS are shown inFigures 2-4. The motor-driven auxiliary feedwater pump (EFP-1) and twoNuclear Services Closed Cycle Cooling Water pumps (f!SCCCW-3A & 3B) are AC-
powered components backed by diesel generators as shown in Figure 2. DC-
powered AFWS valves are powered as shown in Figure 3. AC-powered valves
(EPV-3,4,7, & 8) are not diesel backed and are powered as shown in Figure 4;these valves are normally open and fail "as is" on loss of power. Flow paths
from each pump to both steam generators are available without any valverepositioning.
In the event of Case 2 (LMFW/ LOOP), the diesel generators are startedautomatically and the cooling water pumps (one on each ES bus) are automati-cally loaded on their respective diesels. However, the motor-driven AFWS
pump (EFP-1) will not start automatically; it must be manually loaded on thediesel. Case 2 will also result in a loss of normal air supplies but adequatebackup is available as described in Section 2.1.6; the followup action in theplant operating procedure for LOOP requires manual loading of air compressorson the diesels.
.
In the event of Case 3 (LMFW/LOAC) the AFWS flow will still be initiated throughthe DC-powered steam supply valve and the turbine-driven pump. However, power
will not be available for the Nuclear Service Closed Cycle Cooling pumps andthe turbine-driven pump can operate for only a short period of time (estimatedat thirty minutes) without cooling water.
2.4 Instrumentation and Control
2.4.1 Initiation Logic
A simplified diagram of AFWS initiation is shown in Figure 5. This diagramis functional in nature and does not represent actual hardware. The actual
logic is contained in relay racks and the individual component controllers.
1666 018
-8-
.
.,
Automatic initiation will occur whenever one of two conditions exist:loss of both ma n feedwater pumps or low level in both steam generators.c
The logic in the relay cabinets de-energizes a relay to initiate the AFWS, thusa loss of the vital 120VAC source will also cause initiation. The automaticinitiation will open ASV-5 and MSV-55 (MSV-55 and 56 are normally open) tostart the turbine-driven pump. The initiation signal also closes the circuit
breaker to start the motor-driven pump provided the two interlocks describedbelow are satisfied. Once a pump is started, AFWS flow will occur since theflowpaths, including the discharge cross-connects, are normally open.
DC power is required to open ASV-5 and to close the breaker for the motor-driven pump; this power deaendency is shown in Figure 5. In addition, the
motor-driven pump is interlocked to prevent automatic start unless offsitepower is available on the ES ous and one of the suction valves (EFV-2 or 3)is open.
A key-operated bypass is provided to prevent inadvertent initiation of theAFUS when the main feedwater pumps are secured during normal startups andshutdowns. This bypass feature does not have automatic removal but it is
under administrative control. Initiation on low steam generator level isprovided as a backup means of ensuring AFW initiation and this actuation isnot bypassed.
.
2.4.2 Flow Control
Normal control for AFWS flow is achieved with flow control valves FWV-39 and40. The ICS senses the loss of main feed pumps or low level in the steamgenerators and opens.the AFWS Block Valves (FWV-34 and 35) and closes the
ikin Feedwater Connections (FWV-33 and 36). This directs AFWS flow throughFWV-39 and 40 to the upper nozzles in the steam generators.
FWV-39 and 40 are pneumatic-operated valves and are normally controlled bythe ICS via electric / pneumatic converters. The ICS adjusts these valves to
attain and maintain one of two level setpoints, depending on RC pump status.A loss of the ICS control signal will result in the valve failing to a positionapproximately 50% open. On loss of supply air pressure, the valve will fail
"as is", which, depending on SG level at the time of failure, could be theclosed position.
1666 019
-9-
"..,
In addition to the backup provisions for FWV-39 and 40, DC-powered bypassvalves (FWV-161 and FWV-162) are provided. These valves are pre-throttledto allow a flowrate of approximately 550 gpm to each steam generator, toensure flow is established should FWV-34,35, 39 or 40 fail. Once AFWS
initiation occurs, the operator will verify proper operation of the normalflow control path and then close FWV-161 and 162.
2.4.3 Instrumentation ,
Instrumentation provided in the control room and availability during thethree cases (i.e., power source dependency) is:
AvailableIndication Case 1 Case 2 Case 3
CDT-1 level Yes No No
CDT-1 level alarms Yes Yes Yes
EFW now Yes Yes Yes
Valve positions Yes Yes* Yes*
OTSG level Yes Yes Yes
0TSG level alarms Yes Yes Yes
* for all except AC-powered valves EFW-3,4,7, and 8
2.4.4 Steam Line Rupture Matrix (Figure 6)
Operation of the AFWS can be affected by the steam line rupture matrix (SLRM);therefore, it is described here and included in the fault tree analysis.
The SLRM detects low steam pressure in either steam generator and will isolatea generator if a low pressure condition exists; low pressure must be detectedby two pressure switches, one set at 725 psig, the other at 600 psig (SeeFigure 6). The isolation signal will cause closure of the main steam isolationvalves, main feedwater isolation valves, and auxiliary feedwater isolationvalves for the affected steam generator.
The SLRM is a safety-grade system provided with battery-backed power andcoincidence logic in the actuation circuitry. Inadvertent actuation of theSLRM could cause isolation of one steam generator; therefore, this possibilityis included in the fault tree.
1666 020
-10-
.
., ,
~2. 5 Operator Actions
For Case 1, no operator action is required to establish AFHS flow. The
operator will verify proper flow control and adjust FWV-161 and 162 asrequired. Certain failures, as shown in the fault trees, can be correctedby operator action and this probability is included for three times followinginitiation; 5 minutes, 15 minutes, and 30 minutes. All components of theAFWS are operable from the control room.
.
The only significant differences for Case 2 are as follows:
a) The motor-driven pump must be manually loaded onto the ES bus (from the
control room).
b) Failures involving AC-powered valves EFW-3,4,7, or 8 would require localmanual correction.
For Case 3, the turbine-driven pump would start automatically and all theDC-powered valves would be operable from the control room. Because cooling
water for the turbine-driven pump requires AC power, the pump would eventuallyoverheat; no mitigative operator action was identified.
2.6 Testina
Automatic initiation and full flow testing is accomplished during every coldshutdown if at least three months has expired since the last test, or if theshutdown is planned to exceed 48 hours in duration.
AFWS valves are cycled once each quarter. After cycling they are verified to
be in the correct position by two independent valve lineup checks.
Monthly operability checks of both pumps are performed using the normalrecirculation flow paths. These checks confirm the pump and pump drive
capability to operate and produce the required pump discharge pressure.These checks require closure of the associated stop-check valve (EFV-7 or
EFV-8). Following the tests, proper valve lineup is ensured by two indepen-dent checks.
2.7 Technical Soecification Limitations
The limiting condition for operation for the AFWS requires two independentauxiliary feedwater pumps and associated flow paths be operable with:
-11- 1666 021
.
' '
. .
a) One auxiliary feedwater pump capable of being powered from an operablesteam supply system.
b) One auxiliary feedwater pump capable of being powered from an operablesteam supply system.
If one auxiliary feedwater system becomes inoperable, it must be restoredto an operable condition within 72 hours or the plant must be placed in hotshutdown within the next 12 hours.
Technical Specifications also require the availability of 150,000 gallonsof water in the condensate storage tank (CDT-1) for AFWS use.
1666'022
-
.
'- 2-
.
., , .
3.0 Reliability Evaluation
3.1 Fault Tree Technioue
The Crystal River 3 AFUS reliability was evaluated by constructing andanalyzing a fault tree. The fault tree developed during this study iscontained in Appendix A. The top level event in this tree is failure
to achieve mission success; from this point the tree branches downwardto a level of detail corresponding to llRC-supplied data. This level is
generally indicated by basic event circles.
For construction of the first tier of the tree (page A-1), the AFWScomponents in each train were grouped into three categories - Suction,Pump and Discharge. lhe suction cross-tie interconnects the trainsbetween the categories Suction and Pump, and the discharge cross-tieinterconnects the trains between categories Pump and Discharge. System
failure can result from Suction-Suction, Pump-Pump 'and Discharge-Dis-charge failures or from failure combinations such as Pump (A)-Discharge (B)with the discharge cross-tie inoperable. The tree on page A-1 indicatesall the combinations which were considered. *
,
The techniques used in fault-tree construction and the symbols shown inAppendix A are consistent with those used in WASH-1400 (Reference 3).Following completion of the tree, hand calculations were performed toobtain system unavailability for 5,15 and 30 minutes for each of the threeevent scenario cases.
.
3.2 Comparative Reliability Results
The results of the analysis are presented in Figure 7 Indicated in thisfigure are the system reliability results for each of the three cases andfor each time 5,15 and 30 minutes. The basic fomat for this figure,
including the characterization of Low, Medium, and High reliability, wasadapted from ir. formation presented by the NRC in Reference 1. Because the
NRC-supplied input data were often unverified estimates of component andhuman reliability, absolute values of calculated system reliability mustbe de-emphasized; results have significance only when used on a relativebasis for purposes of comparison. Accordingly, the intent of Figure 7 is
1666 023-13-
. ,,
to show the relative reliability standing of the Crystal River 3 AFWSfor each of the three cases and also to compare these results to theNRC results for Westinbhouse plants. The Westinghouse results andnumerical values pemitting construction of Figure 7 were all obtainedfrom Reference 1. It should be noted that there is a scale change forthe Case 3 results; reliability results for Case 3 cannot be cross-com-pared with Cases 1 and 2.
.
As indicated in Figure 7 relative to Westinghouse, Crystal River 3 hasmedium reliability for Case 1, low to medium reliablity for Case 2, andlow reliability for Case 3.
As the time for operator action increases from 5 to 30 minutes, theprobability of mission success improves. Most of the improvement occursbetween 5 and 15 minutes, reflecting a significant difference in the NRC-supplied operator reliability data for these times. On the other hand,there was little difference in the operator reliability data between 15and 30 minutes and this is reflected in the system unavailability results.
The primary reason for the lower reliability of Case 2 at 5 minutes isthe requirement for manual loading of the pump onto the diesel, althoughinclusion of a failure probability for the limiting diesel also contributesto the overall change from Case 1 to Case 2.
The low Case 3 result reflects the AC dependency of pump cooling water.
3.3 Dominant Failure Contributors
3.3.1 Case 1 - LMFW
A major contributor for this case involves the cooling water system forthe AFWS pumps. Although redundant, ES-backed cooling water pumps areprovided, both AFWS pumps are supplied by a common header with a singlecommon supply valve and a single common return valve. These valves arenormally open and manually operated locally. They are not routinely cycledand their position is verified by monthly surveillance checks. However,
plugging of either valve would result in loss of cooling water flow, andeventual bearing failure, for both AFWS pumps.
1666 024
-14-
'.,
Other major contributcrs for Case 1 include preventive maintenancetaking one AFWS pump out of service, and pump failures. Majorpump failure contributors include mechanical failures and failure
of ASV-5 to open for the turbine-driven pump.
3.3.2 Case 2 - LMFW/ LOOP
The major contributors for Case 1 apply as well to Case 2. However,
there is an added contributor which accounts for the major portionof the difference in the overall system reliability between Case 1 andCase ? as shown in Figure 7. This additional contributor is the re-quirement for manual loading of the motor-driven pump onto the ES bus.This action is included in the procedure for station blackout (LOOP).
3.3.3 Case 3 - LMFW/LOAC
As stated previously, even with total loss cf AC power (other than thatsupplied by battery-backed inverters) AFWS flow will be initiated andcan be controlled using DC powered valves. However, the ES busses
supplying power to the cooling water pumps are lost in Case 3 and this willresult in eventual overheating and bearing failure of the turbine-drivenpump. For this reason, credit was not taken for the initial flow and
an overall probability of failure of 1.0 was assigned. This contributorwas the only major AC dependency identified in the Crystal River 3 AFWS.
1666 025
-15-
'.-
,
REFERENCES
1) " Auxiliary Feedwater Reliability Study", an llRC staff presentation tothe ACRS at the ACRS neeting of July 26, 1979, 1717 "H" Street, Room 1046,Washington, D.C.
2) " Evaluation of Transient Behavior and Small Reactor Coolant SystemBreaks in the 177 Fuel Assembly Plant," May 7,1979.
3) WASH-1400 (liUREG-75/014), " Reactor Safety St,udy (Appendix II)," US !!RC,
October 1975.
.
1666 026
.
e
-16-
.
-.
,
.
e
I
-,
/ i
Figure 1
CRYSTAL RIVER UNIT 3 AFT 5
---w..
TURBikE STOP VA VES
ATN0 EUNP . -> ATWO DUMPtt CC
COND CURP + COND CUWP-
MM ' " ^COND CUMP *w' ^ L COND 00WP, ,
SAFETIES -=--- SAFETIES . ESV-55 ESV-186 FSV-tS7 RSV 56-e- 5 A F E T IES+ SAFETIES
(4) (4) -
ASV-5 [ d CCSG A P SG B
TO TURBINEDRIVEN PURP
FIV 43, Fly 44,
b= ULTRASONIC FLCT IND. ?<*DC CC
DC E'
I""3#E DC
TD BAIN FEEDfATER TO WAIN FEED 5ATERFtV 26 Fay.33
QFIV 40 pryy.33
' " ' ' 'FRDE EAIN FEEDIATER M FIV 162 @ FRCN MAIN FEEDtATER
FI V-41, , Fyy 42
FtV-157 BC CC . FtV-158
.
ETV-15 EFV-14 EFV-32 EFV 16.
EFV 17 .EFV 16
BC E EFV-11 CC E ETV-33
N NE FV-12 HDTIELL III"I3
AC EFV 8 EFV-1 AC
REclRC (CRIFICED TO _ RECIRC. (ORIFICED TO LIMIT T:=,
Lluli TO 20 GPM) EFV 5 EFV-6 20 GPN)- E CC
-
EFV-1 EFV-2FRCH % p,ASV 5 (./ AC AC \)
E F P-2 ,
EFV 4 E - L.L.X CONDENSATE STORAGE TANK
CDV-103
1666 027
-
..
,
Figure 2
CRYSTAL RIVER UNIT 3
SIMPLIFIED POWER SOURCE DIACRAM
- STARTUP TRANSFORMER
|)sc |) NC(NOTE 2)
ES ES,
4160 B'JS 3A 4160 FUS 3B
I) NOI)NC)NO(NOTE 1) i) Ncl
|) NCI) NO| NC
IDG EFP DG3A 1
3B,
NSCCCW NSCCCWww wwmm P-3A P 38 mm
4160/483 NC.
ES BUS 3A | | ES BUS 3B
) "c ,)[.
MCC 3A-1| DUPLICATE FOR |
| | |C |NC | B VITALS B & 0 Oj| NC NC NO N |
J '
ICS-Y NNI-Y~ "~
STATICBATT.CHGRS. INV. --=- V I T A L A
DC PANEL 3A'~ ~
STATIC
NC NC N0 INV.
| I --
L ~l ) NC ) NC|
| _ _|DISCONNECT I
SWITCH NOTES: 1. EFP-1 INTERLOCKE0 SO Wil' ONLY
_ LOA 0 AUTOMATICALLY IF 0FFSITE
POWER ON BUS 3A.
2. TWO ALTERNATE S00RCES AVAILABLE
MANUALLY; UNIT 1/2 STARTUP XFMR
WITHIN MINUTES AND UNIT 3 AUX. XFMR
WITHIN EIGHT HOURS.
1666 028
Figure 3'
'- ,
-
CRYSTAL RIVER UNIT 3
SIMPLIFIED PDWER SDURCE DIAGRAM
DC LDADS
FROM MCC 3A-1 FRDM MCC 3B-2*A r ,r ,
) NC NC ) ND h ND \ NC'
NCI
i i I I J
BATT BATT BATT BATT BATT BATT
CHGR CHGR CHGR CHGR CHGR CHGR_
_ __ _ _ _ _ _ __ ._ _ _ _ _ _ _ . . _ _
NC b NC h ND '| ND NC NC
| A i )
INC ) NC DC DC j NC
'NCi
/ 4 PANEL PANEL / j3A 3B
DPDP-1A DPDP-18..
, _ __ _|,
_. __
| DTDP-3A DPDP
/ / I3Bi'
_ _I _.J._ ___
+ EFV-2 EFV-1 e-
_
DPDP-BA DPDP | gg//p/////_J_ _ _ _ _ __ __ _ _ _ _ _ _ _
u EFV-14 EFV-11 =
> EFV-33 EFV-32 a& FYlV-35 FWV-33 -e
& F#V-36 pyy.3 4 -"
a FWV-161 FWV -162-;
MSV -55 -<
MSV-56 ,
ASV-5 m1666 029
.
' -. .
,.
Figure 4
CRYSTAL RIVER UNIT 3
SIMPLiflED POWER SOURCE DIAGRAM
AC VALVES
.
" + UNIT 3
& UNIT 3 STARTUP AUX XFMRA XFMR
'l NC 1 NO I N0 i NC
1 a ) u
4160 UNIT BUS 3A 4160 UNIT BUS 3B
'| NC NC
i '
W W 4160/480 WW 4160/480mm mmt
+ PLANT AUX.BUS 3
0
\NC | NO 'NO )NCI# # '
TURBINE AUX BUS 3A TURDINE AUX BUS 3D
'NC 1 NC
'I
4 4
TURBINE TURBINE
MCC-3A MCC-38| )NC bNC ! I NC iNC|/ / / 4
__I_ _ __ _ __ __
y u v y
EFV-3 EFV-7 EFV-4 EFV-B
1666 030
__ _ _ _ .
.
Figure 5.
CRYSTAL RIVER UNIT 3
PUMP START LOGIC
CLOSE AUTO'
OPENNFP 'A' ON VITAL ~-
250V DC ---* --*- OPEN NSV-55120V AC
N?P 'B' GN ----+ z o---.-
,
KEY B1 PASS _ .- +.
SG 'A' LO LEVEL % %(ICS)
-
CLOSE
SG 'B' LO LEVEL % 0 AUTO(ICS) ,
OPEN
- 2 50 V D C --.- -.- OPEN ASV-5: r
=
125V DC - - CLOSE SUPPLYEFV-2 OPEN 0FFSITE PfR AVAll BKR TO NOTOR-0 RIVEN-
O 7
PUMP
EFV-3 OPEN --
-
&& LEGEND:
b OR GATECD ] AND GATEu
.
@ NOT-
.
a
' s
M
.>.t"#9*
> MJ
* De ZM =C=J * Z
O*S#9 >=
.
=4 (Z
. > == M||umg,s.s had
6/D M Z haJ *t===spy E >= >= =C
6aa K Q =C UM ha. G
Q l""Q haJ Q .M K Z Q.J NhaJ De Q =C Zu
c K JhaJ g D 3=
A 8== t,aJ M - *
Z Q &aJ Q '
Ze4/t et== saa .J sA ZJD W W,Q haJ
m == == Q J E.SQ M Z >= N U &aJZ 3 - Q =JM Q h O
LS O tad >=>= Elc MU
Z.= - 3= C3-
e.aJ.
Q D J LaJLS QQ W = D tee Q > K
h Q=4
a E LaJ==D
J =C== E
C3- OJ C3
Z 3Q s/9 LS - O E O naJ
== M v taJ Elm Z Ke mJ CIC L LaJ>= J Mw j U U Q mu =C c3 M s==
JCh.3Q
| II|
m>= >=3C E#5 ^W 6a.s M
>==|De
=CI3 2 -- - s/s
L <kJk i p
se. wtaJ E/Dd Q
=JM N E3^ v39'" Z e= Q** O M f3 hsJ >=Z - Q =C MD C3 2 J =C 4/Dgg3
G &D =C >= C#9
6'd* u tadM -
M -N 3e Z ->= Q Nap
w> M === >-
_OD~ M D
< kk== - f.SgV9 M= a u m O_ m
w 44 E D ZJ - ta.s as|: nad
=C U g/3 g3 e>* Q =C LaJM E .J CD c3
[* C) w wga -
JL jl II Ib d l, n
OO LS
'| %D -I M I |v a.
>=>= W4/9 W6ee
"CD>=
k Il =Z- -.===-o.
| ||
' M U n~=c saD 4Z A. O O 4r5g gec > O N ~M CD LO ] N
v a- v=
itsN C.SP= -
4/9V m
1666 032
- - - . . _ , ._ _
.-
Figure 7
COMPARISON OF CRYSTAL RIVER AFWS RELIABILITY WITH NRC RESULTS FOR ftPLANTS'
i. |CASE 1: LNFW CASE 2: LOOP CASE 3: LOAC
______ . HIGH LOW MED h GH LOW * ME0* H I GH *LOW MED
s A A k
Ca.3 is sa a m
' o e ei
______ _ _ _ ______ _ _ _ _ _ _ _ . ._ _ _ _ _ _ _ _ ___ _ _ _ _ _ _ .
ALL I g g C g g 3PLANTS
-
as _ _ _ _ _ _ _ _
OsON
d MISSION SUCCESS WITHIN 5 MINUTES g g RANGE OF 1 PLANTS
uE MISSION SUCCESS WITHIN 15 MINUTESu
$ MISSION SUCCESS WITHIN 30 MINUTES *THE SCALE FOR CASE 3 IS N3T THE SAME AS FORCASES 1 & 2
APPEhDIA A
INSUFFICIENT TAFs 10 AT MLEAST ONE O
STEAM CENERATOR
WC
f\ D-
-w
/ 20\
INSUFFICIENT DISCHAREE PREVENilVE BOTH LAl[R
MAhNTFLOW FROM RELATED ANCE
SOURCES FallBOTH PUMPS FAILURES FAILURES
A,\ ,, - c,
SUPP09 IVSYSTEM
FAILSI INSUFFICIENT INSUFFICIENT H0itELL CONDE NSA TE
FLOW (ROMFLOW FROM FAILURE STORAGE TANK
TRAIN A TRAIN B SYSTEM FAILURE
INSUFFICIENT INSUFFICIENT
FLOS FROM FLOS FROM ,,,-% -wPUMP A PUMP B
A AINSUF F IC IE NT TRAIN A IRAIN B INSUFFICIENT
P 0 OlSCHARGE OlSCHARGEFL0g FROMp p
DISCHARGE A FAILURE FAILURE DISCHARGE 2
A /i\ A\ A-
0
A1
* .
...
I
2
TRAth A 4
Ol1 CHARGE
FAILURE
,, ,,VALVE
FtV 44/
T Ft v-439 LUG 5
stRV DPER*TO PRIBART
FAILURE FAILS TO 011 CHARGE
IMII ggy PATH FAILS
.
ALTE RNATE
- Ol$ CHARGE
PATH FAILS
AIR OPERATED N0 TOR-0PERATED 50 TOR-0PERATE0VALVALVE Ftv-40F/ F f v - 157,' VALVE FIV 35/ VALVE FIV 1C2/FIV 39F FAILS Ff v 158 FfV 34 FAIL $ Ftv 161 FA!LS
CLCSED ptygs TO OPEN CLOSED
RfF g-(PLUES)
f% (* (%NECHANICAL ECHANICAL
IAfy$tVALVE LOCAL FAILURE ,gL,,p )1%7(RTE 4".lf 5ANUAL INE
LEFT OPENING LIFTCLCSED FAtLs CLCSED
IC$ 0?iRATORACTUAtl0N FAILS TO I
NOPERATOR FAILS ACTUATE VLV
DPERATORFAILS TO CPENIN pggLg 7g ,
CTUATE V. , CTUATE VLOPENih* gg PENIN"
LOCAL CC CONTROL 50 TOR LOCAL" L POWER CIRCUlf CPERATOR MANUAL \
0,ENE
o;;;;-Aiu F m uRE ,Alu , Ain
b b0,BOC CON 1RxAIR air C0 m 0L
OPERATOR SUPPLT C!RCUiT POWER CIRCUlf OPEPATORFAILS FAILS Falls FAILS Fagts ,gg($
1666 035A-2
A 5C
INSUFFICIENT *FLOW FROM 2PUMPS TO
DISCHARGE A
em
fD () (h
INSUFFICIENT LINE FROM LINE FROM LINE FROM LINE FROM INSUFFICIENTPUMP A TO PUMP B TO
FLOW FROM PUMP A TO PUMP B TO FLOW FROM
i8 E^ '8 DlS REA PUMP A
PUMP B DISCHARGE A Fall s
4\ A A A A A
A-3
.'
A ~mo
INSUFFICIENT CFLOW FROM CPUMPS TO j
OlSCHARGE B
-w
() (h (D
INSUFFICIENT LINE FROM LINE FROM LINE FROM LINE FROM INSUFFICIENTFLOW FROM PUMP B TO PUMP B TO PUMP A TO PUMP A TO FLOW FROM
PUMP A CISCHARGE B DISCHARGE B DISCHARGE B DISCHARGE BPUMP BFAILS FAILS FAILS FAILS
A\ A A A\ A\ A\
." A-4
.
e
*
. .,
A AA A
LINE FRDN LINE FRON
PUNP A/B TO PUNP A'8 70OlSCHARGE g DISCHARGE B
A ll e FAILSh e *
-
NDTOR OPERATED VALVE N0 TOR-OPERATEDVALVE
VALVE EFV-11/ E FV-18 ' VALVE EFV-32/EFV-17/EFV 1A FAILS EFVi5 E FV -16 EFV 33 FAILS
CLOSED PLUGS CLOSEDPLUGS
NECHANICA NECHANICAL
FAILURE FAILURE
O O
VALVE VALVE
l*DERTENilY IWVERTENTLY
LEFT LIFTCLO2D CLEE
CPERATC PERATOR
FAILS TO FAILS TOACTUATE VLW ACTUATE VL
OPENING OPENING
VALVE FAILS VALVE FAILS
TO 0 FENTO DPEN
O O
LCC LCCALMANUAL NANUAL
OPENING OPE N HGFAILS FAILS
%
00 CONTROL NDTOR DCCONTROL NDTOR
R gigeggy DPERATOR P0tER OPERATORgFAILS FAILS FAILS FAILSg(
1666 038,.,
6E0 999l.O
.O>= e9We ag .-
. .MN.4 -a
O
Q 5-O e ens ew M & en
oe Mens= 33 -d
M ' *r "" " p M . e G 80=-a = b - 5 ::
3_ 2 *_*, C V 2_ V 5., 5 *=. .-
O e et-
dM N em
4&& end 3- 3 ga a wEI g = s'''
=m -d - o.
== ge
go=w o ._ ~ e., 5 *-. -=
t.3$Oem u
4
WwEme4D'" M end
N and U m-22 %en2-M.aO -4.4*=.0
D= O3 m weaO=M a.f 6f.4 h-d
ens A==p as 3 seee-
3 em Q > 23
esU -m Q b= Q
< ens W ee.A Hm3
rim -es.
& >= 2h 9 5 EEE -
w O 3 andO**2 m & -M gg69 em M m ed 4
ems 3
62 *-e We g
GfS elRmgm &-
D* ens es=2w> 2 == m ens eE u- W W ens C3 3
ens e og &9 hO& L& en, e.= e.83 O 9. **
2em 7 X we AO - W> W
-
- M S 8'= ==Q&- 3>= nm~3 d A
m. m XMm we em e-es3 ena O ene 2
- e > t.a em we=
wem.s -eme 4.sna
O&93
-WHE e3 3- &
em. C3 aes349*b69 h 6'93-
LE
M.eaW
ese @ 489 Bind 2* L9
2D&es.
b>=
4-
9 3 N6 .e -
9
D eAd O 4S 6
3is 44 >
e 3- - on.ee. e., OM
*ED E 4.2- Deegg egg4 4
Q Em E
ens 4 ese-M-== m
An eum e m m
- 4 3
w2 .B. *2" ~
= _
eadu.E De2O- est=M M adW >= 4.4 -
EMe
amt5 Q =.=3emGod 0
3m
m- 44WA E ens aSQ>-
3 b M e.b& ames3 44M
u& = egW 2 33 m d& E ==
E.J e
M
.
6
N
RO
R T S0 A
I
L1 R0 E Au P F
O
OYO CCC-L iO l SR u LT C I
f N R AC I FC C
LLAA UCNOA A
%EL N R
Y N CWL 5 E OO'P P PP V OU SS A O LT Au E C EA V SE L L
I RN UT A IA LS V A HC AIF
E F VN L
R0VO1 GT E NA STIRLA NEI UEPAI P
FC
(N0lS
OlLTA IUUAATF 7
C AA
E L
T I
A T SVU E L
N R N S I
E D A E AE N R F
AI
OI
I PC N PSI TF B ROF M R TTU A U SS E I EN TI S INE U
V8LRA O L
AUV 5TyNgT
gEeiipg
I pgImygA (
T ENMRNEOA II RE LCFTI SVF u LF A BPUE PSTGUNSSS
EI
NT MIN O
E R LI FC YI M LF A PF E PU T US S SNI T E
NMgNE OA lI RElCF II SiF u l
F A APUE PSTGUINSSS
.,
m
*
..
,
AINSUFFICIENT
STEAM FROM
SG A STEAMSUPPLY LINE
-
_
STEAM SUPPLY INSUFFICIENT TWO MANUAL 2 of gggggVALVE MSV-55 VALVES ON WMFLOW FROM
FAILS STEAM SL'PPLY (h SG A (FENj VALVE AFTER
CLOSED TRAIN A ggy,$$A FAIL CLOSE0 E Fall
PLUGS
-- --_MECHANICAL ggggy
FAILURE LEFF
(l[SGf% fh
valve^
g
MDVERTEhTLY i
LEFT
QEED
FIRSTSEC
- .] VALVE VALVE
PLUGS PLUGS
I VALVE falls
TO OPEN
(%FERAT
AUTOMATIC FAILS TOACTUATION ACTUATE VLV
FAILS OPENING
h LOCAL
MANUAL
-% OPENING
FAILS
1666 041
00 CONTROL MOTOR
POWER circuli OPERATOR
FAILS FAILS FAILS
A.8
*
..
.
AINSUFFICIENT
STEAM FROM
SG B STEARSUPPLY LINE
f
r%
STEAM SUPPLY CHECK TWO MANUAL 2 0F BINSUFFICIENT
VALVE MSV-56 ALVE AFTE VALVES ON FETY VLYS
MSV 56 STEAU SUPPLY 34SGB09 FLOW FROMFAILS CLOSED
PLUGS B FAIL CLCSED Egl TRAIN B
M( ()NECHANICAL
FAILURE
(3 - nygtyg
1*DVERTENTL
VALVE LEFT
l*DVERIENTL QEEDLEFT
112ID
!'
FIRST SECOND
VALVE VAlfE
PLUGS PLUGS
PERATOR VALVE
FAILS TO FAILS TOCTUATE VLV
OPENING OPEN
(%
LOCAL
MANUAL
OPENING
FAILS
-s
1666 042OC
'POWER
CIRCULI OPERATOR7 3
FAILS FAILS
A9
5
5 4
ik3Uf f lCIE NT
f L0f f eosPU5P O
B0f DR -DR IVEN v4Lyg INsuFflCIENT BCTOR -OPE RATED
PURP O [f y .g SATER 50imCEI vAtvE Ef t 7f atts TO OPERATE ptygs 10 PVuP 8 F AIL 5 CL0sE0
PU.P . < ,_ .CO., 0L " " '5!CHANICAL ACTUA fl0h 709 E t FAim SUPPORilVg ,ggg g yf AILUpE F AIL URE F A ILURE $f5TEBS F AILURE
fill 5 g
I
=IteDOFEN!LTLIFT Q2El
f4 3CASE I. CASE 2. CTUATE VLV
LEFI LOOP OPENING
BANUAL gatyg pgiggLDA0l#G &IT Attias TO OPEh
FAILS
AUTC BA huA L
ACTUAT10m ACTUAfloh
F AIL 3 f att$
LOCAL
BA bu4L
OPEulNG
FAILS
AC CONTROL B0f0A
POWE R CIRCulf OPE RATOR
fell $ f alL$ f Alts
A 10
1666 043
A<*-::r-
INSUFFICIENT*
WATER SOURCES
TO PUMP B C-
em
() () (D
INSUFFICIENT INSUFFICIENT IN3UFFICIENT INSUFFICIENT CONDENSATEHOTWELL
FLOW FROM FLOW FROM FLOW FROM FLOW FROM STORAGE TANK
FAILURE CST SYSTEM TO CST SYSTEM TO HOTWELL TO HOTWELL TO SYSTEM
PUMP B PUMP B PUMP B PUMP B FAILURE
A A A A A A
A-il
.
9
,
..
A AINSUFFICIENT INSUFFICIENT
FL0f FROM FLOW TRONCST SYSTEN TO CST SYSTEN TO
PUNP A PUNP S
N0 TOR CPERATED N0 TOR-OPERATED
VALVE EFV-4 VALVE EFV 3
FAILS CLOSED FAILS CLOSED
f% f)NECHANICAL NECHANICA
FAILURE FAILURE
..
[\ MM'Eim NOGTEhTLY
LEFT % LEFT '
QDSED E
VALVE FAILSOPERATOR PERATORFAILS TO FAILS TO TO OPENCTbATE YLV CTUATE VLV
OPENING OPENING
VALVE FAILS {TO OPEN - "
f% f%INTERLOCK
FAILURE
KEEPS VLVCLOSE
/ %( LOCAL LOCAL
BANUAL MANUAL' OPENING OPENING
FAILS FAILS-
AC N3 TORAC NOTOR CONTROLCONTROLPOWER OPERATORPOWER OPERATOR circulicirculi
FAILS paits pagts FAILS pg|Ls,A,t,
1666 045A-12
.
*.
,
.
A AINSUFFICIENT INSUFFICIENTFLOW FROM FLOW FROM
HOTIELL TO HOTIELL TOPUMP A PUMP B
MOTOR.CPERATED MOTOR-OPERATED
VALVE EFV 1 VALVE EFV-2FAILS FAILS
TO DPEN TO OPEN
% -
PERATOR ' p INTERLOC INTERLOC OPERATOR r"hMECHANICAL FAILS TO FAILURE FAILURE FAILS TO MECHANICAL
FAILURE ACTUATE V (EEPS VLV KEEPS VAlv ACTUATE VLY FAILUREOPENING CLOSED CLCSED OPENIN
j LOCAL /N LOCAL
f MANUAL f T MANUALOPENING OPENING
'% FAILS 'SFAILS
DCCONTROL MOTOR DC CONTROL MOTOR
POIER CIRCulT OPERATOR POWER circuli OPERATOR
FAILS pg|tg FAILS FAILS FAILS FAILS
1666 046A-n
.
=
A ANW
HOTWELL CONDENSATE O
FAILURE STORAGE TANK wSYSTEM FAILURE
-
,,. w - %
L A S -
CASE 1,t
LMFWFAILS TO| | MECHANICAL | N/ I i:FV-103 Ii EFV-36 , ,
I L L pi
D new
[ LEVELVE
CONTROL LC-5 FAILUREfSWITCH ON
[ CSTICAUSE3 CST DRAIN CST FAILS I
LOW
f LEVEL OPERATOR IGNORES f MAKEUP INIO HOTWELL 10 P
I I ALARM OR FAILS | SYSTEM|
ALARM
TO A MAKEUP
.'- A-14
.
A coec3
PREVENTIVE eMAINTENANCE e
RELATED eFA IURES -
-
FAILURES FAILURES FAILURES WITH FAILURES WITH
WITH PUMP A WITH PUMP B DISCHARGE A DISCHARGE B
UNDER P.M. UNDER P.M. UNDER P.M. UNDER P.M.
6
FAILURES WITH FAILURES WITH
VALVE EFV-1 VALVE EFV-2
UNDER P.M. UNDER P.M.
A A
A-15,
.
9
e
4
9
AFAILURES tlTH
PUNP A UNDER
P.E.
fD
( (- -
INSUFFICIENT DISCH ARGE BOTH WATER 'FLOW FROM RELATED SOURCES PUMP A
MSV-55 EFV nlPUNP B FAILURES Fall
NSV 36 UNDER EFV-32
ASV-5 P.M. EFV B
O UNDER P.M. UNDER P.u
INSUFFICIENT INSUFFICIENT
FLOW FROM FLDE FROM
TRAIN A TRAIN B
-s -
LINE FROM TRAIN A TRAIN 8 LINE FROMPUNP B TO PUNP B TO
DISCHARGE DISCHARGE DISCHARGE BDISCHARGE AFAILS FAILURE FAILURE FAILS
A\ A A\ A\
A 16
1666 049-
'.'
,
AFAILURES flTH
PUNP B
UNDER P.M.
fh
fh f\-w -
|NSUFFICIENT DISCHARGE BOTH IATER DFLOW FROM RELATED SOURCES PUMP
,
PUMP A FAILURES Fall U
,
EFV-H
EFV-7
(N UNDER P.M.
INSUFFICIENT INSUFFICIENT
FLOW FROM FLOW FROM
TRAIN A TRAIN B
ew -w
LINE FROM TRAIN A LINE FROW TRAIN BPUMP A TO OlSCHARGE PUMP A TO DISCHARGE
Dl3 EA FAILURE DISC RGE Bp
A />\ A A
1666 050
A 11
'.*.
AFAILURES WITH
DISCHARGE B
UNDER P.M.
(D
.
-w
\'
VALVES
FWV-34INSUFFICIENT INSUFFICIENT BOTH WATER FWV-39F
FLOW FROM FLOW FROM SOURCES FWV-161BOTH PUMPS TRAIN A Fall
4\ A A
1666 051
A -19
&g
AFAILURES WITH
OISCHARGE A
UNDER P.M.
(D
O'%
.
VALVES
FWV-35
INSUFFICIENT INSUFFICIENT BOTH WATER FWV-40F
FLOW FROM FLOW FROM SOURCES FWV-162
BOTH PUMPS TRAIN B FAIL
A A A
1666 052
A-18
.
AFAILURES tlTH
{ YALVE EFV-1
UNDER P.M.
O
O /\VALVE
'' EFV 1
UNDER
P. M.
INSUFFICIENT DISCHARGE CONDENSATE INSUFFICIENTFLOW FROM RELATED STORAGE TANK FLOW FROM
fu !PUMP B FAILURES SYSTEM FAILURE
A A X,\n
INSUFFICIENT INSUFFICIENT
FLOW FROM FLOW FRCM
TRAIN A TRAIN 8
-s -s
LINE FROM TRAIN A TRAIN B LINE FROMPUMP B TO OlSCHARGE
OlSCHARGE A DISCHARGE PUMP B TO
DISCHARGE BFAILURE FAILURE FAILSFAILS
a A 4\ A
A-20
*-
.
- .,
AFAILURES WITH
VALVE EFV-2
UNDER P.M.
f%
O /hVALVE
'S EFV-2
UNDER
P.M.
INSUFFICIENT DISCHARGE CONDENSATE INSUFFICIENT
FLO1 FROM RELATED STORAGE TANK FLOM FROM
SYSTEM CST SYSTEMPUMP A FAILURES F AI LUP.E TO PUMP A
A 4\ A
INSUFFICIENT INSUFFICIENT
FLOW FROM FLOI FROM
TRAIN A TRAIN B
'S-%
LINE FROM TRAIN A LINE FROM TRAIN B.
PUMP A TO DISCHARGEPUMP A TO DISCHARGE' ' '
FAILURE3 FAILURE s
A A 4\ A\
1666 054A-21
,.
APPENDIX B
.
.
IlRC-SUPPLIED DATA USE1 r0R PURPOSES OF C0" DUCTING
A C0 PARATIVE ASSESS;'.E"T OF EXISTING
AFWS DESIG"S & THEIR POTENTIAL REL! ABILITIES
.
Point Value Estimateof Probability of'
,
Failure on Demand
1. Component (Hardware) Failure Data
a. Val vet :
Manual Valves (Plugged) 41 x 10-Check Valves 41 x 10~Motor Operated Valves
liechanical Components 41 x 10-3Plugging Contribution 41 x 10-
Control Circuit (Local to Valve)w/ Quarterly Tests 46 x 10-3w/ Monthly Tests 42 x 10-3
.
b. Pumps: (1 Pump)
Mechanical Components 41 x 10-Control Circui t
w/ Quarterly Tests 47 x 10-3w/ Monthly Tests s4 x 10-3
c. Actuation Loaic %7 x'10-3.
.____
* Error factors of 3-10 (up and down) about such values are not unexpected forbasic data uncertainties.
1666 055B-1
.
II. Human Acts & Errors - Failure Data: -
.
.
- Estimated Human Error / Failure hybabilities +
^ Modifying Facte ; & Situations +With Local Walk-
With Valve Position Around & DoubleIndication in Control Room Check Procedures w/o Either
Point Est on Point Est on Point Est onVal ue Error Value Error Value ErrorEst: mate Fac tor Es timate Factor Es tima te Factor*
-
'
A) Acts & Errors of a Pre- -
Accident Nature1. Valves mispositioned
during test / maintenance.
777 x 10-2 x.110 10-2 x1 10
'
a) Specific single7g x 10-2 xy 20
1 1 1x773 valve wrongly selected
out of a population ofn)
valves during conductof a test or maintenanceact ("X" no. of valves -
in population at choice).
b) Inadvertently leaves s5 x 10-4 20 SS x 10-3 10 s10-2 10correct valve inwrong posi tion.
-4 -32. More than one valve is s1 x 10 20 ml x 10 10 m3 x 10-3 10affected (coupled errors).
-
ChCh
CD.(J7
C7s,
.
*aL -
,
appendix B
II. Human Acts & Errors - Failure Data (Cont'd):
+ Estimated Human Error / Failure Probabilities -+
Estimated FailureProb. for Primary
Time Actuation Operator to Actuate'
Needed AFWS Compor,ents
B) Acts & Errors of a Post-Accident Nature
1. Manual actuation of 45 min. %5 x 10-241x10[2AR!S from Control s15 min.
3Room. Considering m30 min. s5 x 10"non-dedicated"operator to actuateAFWS and possiblebackup actuation of -
AFWS .
III. Maintenance Outace Contribution'
Maintenance outage for pumps and EMOVS:
0.22 (# hours / maintenance act)0 gMaintenance 720
1666 057
B-3