DISCIPLINE COMMENTS: pue By Ase .§, BL For [aro were e DISCIPLINE ARICAL fowvan — A/S fcavie — c/w fcivit. — ARC, [eLecTRICAL, [nsTr'w [coMTROLS, PLuMeNG lnvac. arriem revas| wre TREAT. [sweLoina TEI EROMEERNG For fro fom nc] © fon it ey35- 2 L003 2 OF, CCOMISION FEDERAL DE ELECTRICIDAD LAGUNA VERDE UNITS 1 & 2 roi -AIS42O] Tm ne comments, pm ro vemor | [comments a4 woven, Pn To vexoon | 2 fnawine wor apecicnns, 7 Paver ro venoon > enmne newest no comarnra, vo ewer ta vewoon | # POR MromuATion xe . g [ra rvareen mermooucincs ncouiaro | 1 ne runrwen nareooucioce mgouinea | 9 omit mewoce meoncouciee ‘ SAFETY CRITERN =r oar oe Tea JASCO SERVICES INCORPORATED Dent ERECTOR ST, NEW YORK, Wy_ 10008. oenrnre \ia ae ee nee rie eee ee eee eee eee eee eee NUCLEAR ENERGY GENERAL@@ ELECTRIC «| 72400 swe, BUSINESS OPERATIONS Rev 2 REVISION STATUS. SHEET DOCUMENT TITLE __PRODUCT SAFETY STANDARDS LEGEND OR DI is ‘TYPE __SAFETY CRITERIA = DENOTES CHANGES RE scott AS iQ 1983 a GENERAL DOCUMENT CHANGE NHI3889 CuK BY: Lb BA HARTMAN REVISIONS CHANGED PER NH20497 CHKD BY: Ch 2 CC seacS LAGUNA VERDE BLo we. = eriGRe. omc ELD ERY 43.5.0 Ow RE SCOTT ___7-24-81 __|__SAN JOSE cHKD BY |RETSSUED BA HAR’ 24-81 CON’ SHEE: _SH_NO.1)) eemucteaneneney «GENERAL QP ELECTRIC zensaad NO. 2 ev BUSINESS OPERATIONS TABLE OF CONTENTS Page 1.0 SCOPE 6 1.1 General Electric Product Safety Standards Document 6 1.2. PSS System Documents 6 1.3 Definition of PSS Approach to Safety Design 8 2.0 APPLICABLE DOCUMENTS 9 2.1 General Electric Document 9 2.1.1 Regulations Implementation Specification 3 2.1.2 Regulatory Guide Implementation Position 9 3.0 REQUIREMENTS 9 3.1 Event Analysis Requirements 9 3.1.1 Identification of Limiting Set of Events n 3.1.2 Environmental, Natural & Manmade Hazards @ 3.1.3 Estimated Frequency of Occurrence w 3.1.4 Acceptance Criteria for Plant Design Events 1B 3.1.5 Regulatory and Safety and Licensing Requirements 16 3.1.6 Event Analysis -- Functional Guidelines a1 4.1.7 Event Analysis Documentation Requirements (Analysis Criteria) 23 3.2 Missile Analysis Requirements 25 3.2.1 Missile Analysis Application Requirements 25 3.2.2 Missile Analysis Regulatory Requirements 26 312.3 Missile Analysis Safety and Licensing Safety Standards 26 3.3 Seismic and Dynamic Load Analysis 26 3.3.1 Seismic and Dynamic Load Analysis Requirements 26 3.3.2 Seismic and Dynamic Load AnaTysis Application a7 #3.3.3 Seismic and Dynamic Regulatory Requirements 27 Neo #07 (REV 10/83) 103165*-2wucteanevency - GENERAL @@ ELECTRIC 22ag400 © SHNO- BUSINESS OPERATIONS nev 2 TABLE OF CONTENTS (Cont'd) Page 3.3.3.1 NRC Regulations a7 3.3.3.2 NRC Regulatory Guides 28 313.4 Safety and Licensing Safety Standards (SS) 28 3.4 System Design Analysis Requirements 29 314.1 Safety Action/Safety Systems Relationships 29 314.2 System Classification 29 3.4.3 Definitions and Glossary of Terms 30 3.5 Structures, Components and Equipment Classification #4 3.5.1 Safety Classes 35 3.5.2 Safety Class Functional Criteria 38 3.5.3 Safety Class Interface 39 3.5.4 Correlation with other Equipment Safety 39 Class Designations 3.6 Industry Codes and Standards 39 3.6.1 Safety Class 1, 2 and 3 Mechanical Equipment a1 3.6.2 Non-Nuclear Safety Mechanical Equipment 52 3.6.3 Electrica) Equipment 52 3.6.4 Structures 54 316.5 QuaTity Assurance 54 3.6.6 Independence and Separation 54 3.6.7 Material of Pressure Retaining Components 55 3.7 Safety and Licensing Standards (SS) 55 ss System Interface Input Functions 55 $32 System Interface Output Functions 55 $$ 3 Critical Parameters 55 ss 4 Environmental Capability 55 ss Mechanical Loading Capability 56 ss6 Testability 56 $37 Compliance with Single Failure Criterion 56 ss 8 Compliance with Equipment Design Criteria 57 ss9 (Not. Used) 57 SS 10 (Not. Used) 57 ss 11 Manual Initiation 57 $8 12 Bypasses and Manual Interruption Devices 57 $$13 (Not Used) 57 ss 14 Status Indication in the Control Room 57 $$ 15 Separation of Safety Related Mechanical and Electrical 57 Equipment $$ 16 Protection Against Dynamic Effect of Equipment Failure 59 $S.17 Flow Blockage Constraints 59 5518 (Not Used) 59 Neo 807 (REV 10/81) 103165*-3 3wuctanenency GENERAL QD ELECTRIC poneago NO BUSINESS OPERATIONS nv 2 TABLE OF CONTENTS (Cont'd) age $s 19 Processing of Explosive Mixtures 59 SS 20 Containment Isolation Valve Arrangements 59 Appendix A > EVENTS ANALYSIS REFERENCE INFORMATION 66 Appendix Bo ~ MISSILE AND SEISMIC ANALYSIS REFERENCE DOCUMENTATION 72 Appendix C - GUIDELINES FOR CODE CLASSIFICATION (CC) AND EQUIPMENT CLASSIFICATION (EC) 76 Eo #07 (REV 10/81) 103165*-4weucanenency GENERAL QQ ELECTRIC zeneano 0. 5 BUSINESS OPERATIONS nev 2 LIST GF TABLES Page a1 Comparison af Event Frequency to Plant Conditions 10 ‘and Component Service Loadings 3-2 GE Functional Classifications, Design Basis 31 3-3 Regulatory Classification of Systems (Regulatory Guide 1.70) 32, 3-4 Correlation of Equipment Safety Classes 40 35 Code Group Designations - Industry Codes and Standards 42 for Mechanical Components 3-6 Loading Conditions for Safety Class 1 Structures 44 and Equipment 3-7 Safety Class 2 and 3 Loading Conditions -- ASME 48 Code Class 2 and 3 Components +8 Standards for Safety Class 3 Electrical Equipment 53 NEO 907 (REV 10/83) 103165*-5wucueanenercy «GENERAL QQ) ELECTRIC 22ngag0 | MNO BUSINESS OPERATIONS. Ev 2 1.0. SCOPE 1.1 General Electric Product Safety Standards 1.1.1. The General Electric Product Safety Standards document. (PSS) contains the GE Safety and Licensing basis design requirements for a generic Boiling Water Reactor Power Plant. This document and the set of supporting system Jevel Safety and Licensing requirement documents identified herein includes general NRC design criteria, regulatory guides, regulations, IEEE requirenents and unique requirenents of General Electric which together comprise the total Set of licensing basis requirements which have been tdentified for a generic Nuclear Steam Supply System (NSSS). 1.1.2 The scope of the PSS includes requirements an the General Electric base NSSS scope plus all authorized options and design alternates; thus, the PSS contains the total envelope of possible safety and Ticensing requirements which Could apply to any given NSSS plant. The PSS requirements, therefore, applicable to any given requisition plant will be determined by the scope of supply and the options selected. 1.1.3 The extent of PSS application to a given requisition plant is defined by the project unique Regulatory Requirenents and Industry Standards document (RR&IS) which provides the bounds, limits and exceptians applying to each requisition plant in accordance with the contract, praject PwA, and defined =. scope of work. The RRAIS is the top-level document for safety and licensing Tequirements for each plant, and specifies those requirements in terms of NRC Regulations, Regulatory Guides, IEEE Standards and General Electric Safety Design Requirements. 1.2 PSS System Documents 1.2.1 The supporting PSS System Dacuments contain the safety and licensing design and design verification requirements for the generic BWR system design. System documents have been provided for the follawing systems: Document MPL Number Syster Number Identity Reactor B11, B13 2288407 Nuclear Boiter Bz, 822 — 22A8402 Recirculation : 831, 832, 2248403 833, B35 Control Rod Orive cit, cl2 © -22a8404 Standby Liquid Control cay 22A8005, Neutron Monitoring cs] 22A8406 Remote Shutdown C61 22A8407 Reactor Protection C71, c72 2288408 Neo 207 (REV 10/83) 103165*-6muctearenency GENERAL QD ELECTRIC pensaao NO 7 BUSINESS OPERATIONS nev 2 Document, MPL Number System Number, Identity Emergency Core Cooling-(Includes CS/HPCS, E21, E22 22A8409 HPCI, SEHR, and E24, E41 ADS mode of Main Steam and LPCI mode B21, 822 of RHR) 11, E12 Process Radiation Monitoring Dll, 012, 22A8410 013, 017, pig Containment Atmosphere Monitoring 023 22A8471 Residual Heat Removal E11, £12 22ae412 Leak Detection £31 2208413 Main Steam Leakage £32, £33 22A8414 Reactor Core Isolation Cooling £51 2208415 Reactor and Fuel Servicing Equipment FeSectfons 22A8416 Reactor Water Cleanup G31, G33, 2208417 636 Fuel, ReToad Fuel and Core Performance a, LIT, 22a8418 112 Off Gas N62, N64, 2288419 N66. Radwaste - gn, 2208420 Gi7, G18 1.2.1 The requirements section in each supporting system document is arranged according to the following subdivisions: Section 3.1 Design Safety Bases. Defines the safety function(s) of the system for which requirements are identified. Section 3.2 System Requirements Section 3.2.1 NRC Regulations. Identifies the NRC Title 10 Code of Federal Regulations that tmpose design requirements on the reference system. The system design is required to comply with General Electric Company positions Specified in the Regulations Implementation Specification (MPL A&1/A42-4070) for these 10CFR requirements. Section 3.2.2 Regulatory Guides. Identifies NRC Regulatory Guides that jmpose design requirements on the reference system. The system design is required to comply with General Electric Company positions specified in the Regulatory Guide Implementation Pasition (A41/A42-4070) for the Regulatory Guides. Section 3.2.3 Safety Standards. Identifies the General Electric Safety and Licensing Safety Standards that impose requirements on the system design. A Neo 207 (REV 10/811 103165*-7wucieanenency GENERAL QQ ELECTRIC zeneano NO 8 BUSINESS OPERATIONS Rev 2 complete list af these safety standards is provided in Section 3.5 of this Product Safety Standard. Section 3.2.4 System Component Requirements. Identifies the safety require- ments applicable to each of the components within the system. These require- ments are specified in tabular form. For each system component (i.e. piping that forms part of reactor coolant pressure boundary, electrical modules with safety functions, pumps, etc.) the table identifies; safety function, safety category (i.e, safety class, QA class, ASME category, seismic category, and IEEE category), quality group, applicable NRC reguTations and Regulatory Guides, electrical and mechanical separation requirements and [EEE standards. Section 3.2.5 IEEE Standards. Identifies the IEEE Standards that impose requirements on the design of the reference system. 1.3 Definition of PSS Approach to Safety Design 1.3.1 General Approach. The objective of the standards compiled here and in the supperting P86 system documents is to present a systenatic approach to the integration of a conplex number of design considerations for ensuring that the nuclear safety criteria are adequately identified and incorporated in the design of a BWR power plant. The method consists of the following: 1.3.1.1 Identify and evaluate the spectrum of postulated events that a plant might experience during a 40-year life time. Define the unacceptable result or consequences in terms of analytical limits. 1.3.1.2 Classify the postulated events in accordance with their expected best estimate frequency of occurrence, and as to design condition, i.e. normal operation, transients, accidents, etc. 1.3.1.3 For each postulated event, identify the safety function(s) needed to mitigate or avoid an unacceptable event consequence. Design safety system(s) and components for the needed safety. 1.3.1.4 Identify and document the analysis criteria needed to define and contro} the calculations. 1.3.1.5 Identify a set. of equipment “safety classes" that correlates to the stringency of design requirements to which structural, mechanical and electrical equipment are assigned to ensure performance of nuclear safety functions. 1.3.1.6 Identify the NRC regulations, regulatory guides and major industry codes and standards for design af structures, systems and components. 1.3.1.7 Identify the design criteria that are applicable to several or all plant systems, e.g., single failure criterion, credit for aperator activities, atc. NEO 807 (REV 10/61) 10316548wucucanenency GENERAL @Q ELECTRIC zenegoo HNO. BUSINESS OPERATIONS Rev 2 2.0 APPLICABLE DOCUMENTS As described above in Section 1.3, the BWR Product Safety Standards (PSS) get applied to a given nuclear power plant by the RR&IS document. The PSS, in turn, specifies what and where certain regulations and regulatory guides must be applied. As stated throughout Section 3, whenever an NRC regulation or regulatory guide is specified, their application must be in accordance with the General Electric positions contained in the documents listed below. 2.1 General Electric Company Documents 2.1.1 Regulations ImpTementation Specification (RIS) - (MPL baa /nt2- 4070}. The RIS document contains the General Electric Company positions an the TOCFR NRC regulations. The RIS provides any necessary interpretation on how to apply the NRC regulations identified in the PSS as applicable to a system or complaint of the generic BWR. 2.1.2 Regulatory Guide ImpTementation Pasition (RGIP) - (MPL_A41/A42-4070). The RGIP document contains the General Electric Company positions on the NRC ReguTatory Guides. The RGIP provides position statements for each of the Regulatory Guides (including the various revisions) that have been identified in the PSS as applicable to a system or component of the generic BWR. 3.0 REQUIREMENTS 3.1 Event Analysis Requirements. The spectrum of postulated normal operations é dag oSSEte-Ghae' the BWE night experience over a 40-year lifetine shal? be = Gdentified and categorized by frequency of occurrence according to the event best-estimate frequency of occurrence categories shawn in Table 3-1. (See Appendix A, for examples of design conditions (DC), plant operating status and event frequency tabulation.) Special criteria apply to missile and seismic event analysis and these are separately discussed in Sections 3.2 and 3.3. In evaluating accident probabilities and consequences, the types of causative events which must be considered include: a) planned operation; b) the effect of all credible equipment operations ar malfunctions in response to operational accident or spurious signals, or due to adverse failure during any planned mode of reactor operation; NEO 807 (REV 10/8) 103165*-9T-x¥LTE09 seuly s1seq uBisap st apduexo uy “aeuuew poussiqeyse Alsnoyaasd ayy Ut payead3 aq 03 anuyqUOD sqUOAS ayy eur suinbas Acw sapinb fuoyeinBes pue suojze[nBod ‘sase> aseyy JO euos UJ “suoLyeuaplsuod Hussuads| 3sed Butunp paseid udaq ancy Aay7 YDLYR UY BSou7 MOA 7U919JJ{P a4e eYy Se{iobazEd gq Us wayy BeLd PLNoN YDLYA Sa{2uaNba4J 92uad4NIIO ANY SUOLIEUJqUOD BDUaIUNIIO UapL>uLOD 40 anites aL6uLs smid squana Buiqerqiuy to SquaAa BusqecgyuL ouos yey UAoYS aAey Auysnpul Aq sasd[EUE “UOLZEPPE UT *(4S) auntLes atBurs + (4007) damMod 2915540 40 $807 + (¥IOI) WAPI WUE LOO) JO S807 St aduéxa uy “B1day149 Avases y-20 ULYILM pazepouwosse aq 3 padinbed aq oy enusquO> few pUE ue0g rey “eak/y-0T> ade P2vaWuno0 Jo Salouanbaly 4yayy YBNOY? Lede SuoLyeULqUOD s2ua4 “ang90 queplDULod Jo aun{tey [Buss snpd square Bulgeyytuy io ‘square Burzeyytu, awos (2) 2798N =Kouonbeij uaa ayz 0} Burpsoore vequnu e pauBssse st 9d U3 YoLuM OLaLpuo) qWUeLd, LeDueunU [duis e pagdope sey (aJeuP Te6I) T'ZS CSNY) © §[Aa] ad}AdaS,, 40 yde2u02 e43 padolarsp L/6T UL pue payuerso quauoduod uey3 ayyea WerShs BUjaq Se Saj4oBeze> eAoge oy YILM Stlaqosd pey SMEALE SEY INSY oO *s3ine4 GutztuL] 4o squaplouy quanbadguy ‘s3ueplsuy quanbas4 ALayeLapoH uy adaou09 SuvS4) 2 quodey 81sAteuy Majes Leuy4 40} sejsoBaye> Burmoj [oj 243 pasodosd yn ayy (s/6T) O4°T ePID i “Boy UT “O3LINVS PUE ADNSDYSMA ‘L]Sdn ‘THMYON {See (y°T apinp “Bay) abesn Jarier (1) @I0N o a os s 9-0TKd 5. OT a (2) 9 OTs OT vy | Sunaazo9v a3LvINisod @ v ¥OTCKe OF ea i: ae) a vy OTAKz OT £ SINJQIONT LN3ND3YNT =< € 2-01441-0T —— os ad a 2_01<4¢0°T @ [Go SINIGIONT_ANaNDIY 2 @ 7 O1SO'T ‘ATALVE3OOHN o worLvuado 1 NOLLVaad0 G3NNVTd v NOILVU3d0 G3NNVTE t Q3NNY Td “TWHEON WIA BOLT Yad CINSNOGWOOY WIA WOLIWIY Ad | | od | (4) AONWENIIO AINSNDIUS S13A37 (4) AaNWEUNIDO ADWANDAYA a0 SNOILIGNOD NOIS30 BIVHTIS3=1538_1N3A3 JOIAUaS. OaIVWIIS3-1538_1N3A3 SHY, Ss D1wioI1a WAIN SONTOVOT 39TAUSS IN3NOdWOD HSV GNV (Id) SNOTLIGNOD INVId “SA AINRNDIYS INIA SNY OL NOSTHVAHOD (90) SNOTLIGNOD NOIS3G ONY ADNSNOIYS LNFAI 9TYLIF1A WYINID NUCLEAR ENERGY BUSINESS OPERATIONS T-e F1aVL Neo #07 (REV 10/81wucuanenercy «GENERAL QQ) ELECTRIC zeasaao | OTL BUSINESS OPERATIONS Rev > c) postulated pipe rupture accident conditions; d) catastrophic events such as fire and explosion, aircraft impact, and advent of noxious gases or Tiquids, Toss of heat sink; 2) potential environmental disturbances or accurrences such as earthquake, Tightning, flooding, tornado, icing of cooling water supply, accidents in or due to nearby military or industrial establishments, and accidents due to nearby transportation facilities; f) operator errors; and g) common mode failures. A limiting set of events far each DC shall be comprehensively and systematically identified for detailed analysis. The set of initiating events and initiating events plus single failure or coincident accurrence combinations which characterize a1] postulated events for each DC shall be identified for each plant. This set shaTl be evaluated to determine those that are Tiniting ‘and form part of the design basis. Experience may show a need to add to the limiting set after its initial identification. A qualitative comparison of similar events may be sufficient to identify the specific event that Teads to the most Timiting consequences. Only that event need be analyzed in detail. The intent is to minimize the number of events that need to be quantitatively analyzed, It should be noted, however, that different events in the same OC may be Timtting when the multipTicity of consequences is considered. For example, within a given DC, ane event might result in the highest system pressure, while another event might Tead to minimum core thermal-hydraulic margin or maximum offsite dose consequences. The single failure criterion requires that the plant be capable of achieving (1) emergency reactivity control, (2) emergency core and containment heat temaval, and (3) containment isolation, integrity, and cleanup* given an jnitiating event plus an fndependent single failure in any one of the systems required to support directly or indirectly these three nuclear safety functions (ive., only one single failure need be assumed in the plant nuclear safety~ related equipment for any initiating event). 3.1.1 Identification of Limiting Set of Events. The limiting set of events shal] be determined as follows 3.1.1.1 Identify all initiating events that can result in the basic parameter changes listed below: Increase of reactivity Changes of reactor coolant flow Containment cleanup means removing the fission products from the containment atmosphere follawing a LOCA. Neo 807 (REV 10/81) 103165*-11wucusanenercy GENERAL @) ELECTRIC zene 12 ae BUSINESS OPERATIONS Changes of reactor coolant pressure Changes of reactor coolant temperature Changes of reactor coolant level ar inventory Changes in energy supplies to the plant Changes in coolant supplies to the plant Changes in the nuclear safety-related equipment Changes in core power distribution Changes in radioactive releases or Changes af any other variable that approach Tim iting value 3.1.1.2, Determine whether the integrated response of the plant to each such event without any preventive or mitigating nuclear safety: function can cause parameter changes that will result in the violation of any plant nuclear safety criteria. The definition shall include the logical consequences of the event, such as the effects of the event an plant equipment. 3.1.1.3. For each event identify its cause, its initial conditions, its best-estimate frequency af occurrence, and’its consequences including its effect on basic parameters and nuclear safety supporting equipment. 3.1.1.4 Classify each event as DC-1, ~: best-estimate frequency of occurrence. -3, or -4 according to its 3.1,2 Environmental, Natural _and Manmade Hazards - The events caused by plant environmental conditions and natural and man-made hazards (Sections 3.1.6. 13 and 3.1.6-14, respectively) shall be considered as possible causes of a OC-2, “Zor 4. Missile and seismic events are discussed in Sections 3.2 and 3.3 respectively. 3.1.3. Estimated Frequency of Occurrence. The estimated frequency of occur- ponce of the FeTEVating event_oF THTETating event plus single failure or coincident occurrence combinations (e.g., estimated fogs ‘or component failure rate) shall be assessed to be less than or equal to the maximum allowed for that DC, and the consequences of the event shall be determined ta be within the safety criteria specified for that DC. The safety criteria of Section 3.1.4 have been established on the premise that: 3.1.3.1 Those situations in the plant that are assessed as having a high Frequency of occurrence shall have a small consequence to the public, and 3.1.3.2 Those extreme situations having the potential for the greatest Consequence to the public shall be those having a very Tow frequency of accurrence. 4.1.3.3. Sections 3.1.5.3 (S57), 3.1.6.10 and 3.1.6.1 describe treatment of Single failure, and coincident occurrences. Use of these sections might allow reclassification of some initiating events or initiating events plus single failure or coincident occurrence conbinattons downward one or two DC categories (ie., from DC-2 to DC-3 or DC-4). However, if the OC classification is shifted by use of Sections 3.1.5.3 (SS7), 3.1.6.10 and 3.1.6.1] such shift Neo #07 (REV 10/81) 103165*-12wuctearenency GENERAL @@ ELECTRIC zerssoa #13 ane BUSINESS OPERATIONS shall not eliminate the need to evaluate the basic initiating event (e.g. without single failure or coincident occurrence or both) in the more probable DC, which in some cases might contra! the design. If the frequency of accur- rence of an initiating event, or initiatiog event plus single failure or coincident occurrences is shown to be <10 ®/year on a best estimate bases per 3.16.11, this event need not be considered for design. 3.1.3.4 Criterion Based on Probabilistic Analysis. The following become chee ee 7 1) the probability of accidental events which could result in exceeding 500 mR to the whole body at any offsite location or which could Substantigl ly reduce core life or invalidate a safety function shall not exceed 10°2 per reactor year. 2) the probabiTity of accidental events capable of causing damages as would require major effort to repair or replace major reactor internals (e.g Shroud support piping or jet. punps) hich are not designed to be repiace able and vhich have Important safety functions, or capable of causing Togs of containment integrity, shal! not exceed 104 per reactor years a 3) the probability of accidental events which could produce offsite exposures in excess of those specified in 10CFR100 shal! not exceed 10 © per reactor year. Any evidence, such as that, from plant, qperation, testing or probabilistic | analysis, which indicate that these objectives are not being met shall be cause for corrective measures (design, construction, or recommended pracedure) unless the exception is justified. 3.1.4 Acceptance Criteria for Plant Design Events. The plant design require nents afeeepestHiad in terms of tre acceptance criteria for plant response to events which are different for each frequency category and which are described in the remainder of this section. 3.1.4.1 Criteria for Normal (Planned) Operation (0C-1 3.1.4.1.1 Radioactive Material Release to the environs shall not exceed the limits of either OCFR20 or IOCFR50, Appendix I. slay? Radiation exposure to plant personnel shall not exceed the limits of Eo 807 (REV 10/81) 103165*-13wuctcanencray GENERAL @@) ELECTRIC z2ng400 | SHNO. 14 BUSINESS OPERATIONS ev 2 3.1.4.1.3 No caTculated fuel damage* shall occur while operating within the envelope of limits for planned operations (established by planned operations analysis). 3.1.4.1.4 Radioactive material barrier stress levels shal] not exceed those allowed by design criteria. The radioactive material barriers to be considered are those that, if ruptured, could result in the inability to avaid unacceptable results such as those described in 3.1.4.1.1 and 3.1.4.1.2. 3.1.4.1.5. The existence of a design condition not considered by plant safety analyses is unacceptable. 3.1.4.2 Criteria for Moderately Frequent Incidents (DC-2) 3.1.4.2.1 Radioactive material release to the environs shall not exceed the limits of TOCFR20 exposure. 3,1.4.2.2 Radiation expasure to plant personnel shall not exceed the limits of ‘VOCFR20. 3.1.4.2.3 No calculated fuel damage* shall occur as a direct result of the DC 2 (Service Level B) incident. 3,1.4.2.4 Nuclear system safety class component stresses including fatigue shall not exceed those allowed for the DC 2 (Service Level B) classification by applicable industry standards. 3.1.4.2.5 No condition shall exist that resuits in consequential Toss of function of a necessary containment barrier. 3.1.4.3 Criteria for Infrequent Incidents (DC-3) 3.1.4.3.1 Radioactive material reTease to the environs shall not result in dose consequences that exceed the Timits of a small fraction af (<25%) VOCFRI00. 3.1.4.3.2 Radiation exposure to plant personnel shall not exceed the limits of LOCFR20. ‘%Calcutated fueT damage is any breach of the fuel cladding calculated to accur to such an extent that fission products thus released to the environs via normal discharge paths for radioactive materials would result in the occurrence of unacceptable results such as those described in 3.1.4.1.1 and 3.1.4.1.2. The envelope of limits concerning fuel damage for planned operation shal? include, but not be limited to, excessive cladding strain, minimum critical power ratio, ability to shutdown the core, and maximum K,-- of fuel storage. Neo 407 (REV 10/81) 103165*-14mucteancnency «GENERAL @ ELECTRIC 22a8400 = SHNO. 15 BUSINESS OPERATIONS 2 REV 3.1.4.3.3 No calculated fuel thermal-mechanical design analysis limit shall be exceeded. 3.1.4.3.4 No condition shall exist that results in consequential Toss of capability to shut the plant down and remove decay heat. 3.1.4.3.5 No condition shall exist that results in consequential Toss of function of a necessary containment barrier. 3.1.4.4 Criteria for Postulated Accidents (DC-4) 3.1.4.4.1 Radioactive material release to the environs shall not result in dose consequences that exceed the Timits of 10CFRI00. 3.1.4.4.2 No fueT cladding failure shal? occur which would cause changes in core geometry such that core coaTing would be inhibited. 3.1.4.4.3 Nuclear system safety class component stresses (as a direct result of the accident) shall not exceed those allowed for the DC4 (Service Level 0) classification by applicable industry standards. 3.1.4.4.4 Containment stresses (as a direct result of the accident) shall not exceed those allowed for the DC1 (Service Level A) classification by applicable industry standards, when containment is required. Containment stresses as a result of local dynamic effects, such as jet impingement, shal] not exceed those allowed for DC4 (Service Level D) classification by applicable industry standards, when containment is required. 3.1.4.4.5 Radfatian exposure (from any accident) to plant operations personnel in the main control room shal] not exceed 5 Rem whole bady, 30 Rem inhalation, and 75 Rem skin. 3.1.4.5 Criteria for Special Events? 3.1.4.5.1 The ability to shutdown the reactor and bring the reactor to the cald shutdown condition independent of control rods is required for the special event "shutdown without contraT rods." 3.1.4.5.2 The ability to shutdown the reactor and bring the reactor to the cold Shutdown condition by manipulating controls and equipment outside the contro? room Ys required for the special event "shutdown from outside the contro] room." 3.1.4.5.3 Criteria for ATWS, degraded cores, post TMI, decommissioning and others, are under development by both NRC and the nuclear industry and will be included here when agreed upon. T—pactaT Events are those events for which the NRC has requested special design consideration. NEO 407 (REV 10/81) 103165*-15wouanenercy «GENERAL @@ ELECTRIC zzagaoa «= HNO. 16 BUSINESS OPERATIONS vd Re 3.1.4.6 Acceptance Criteria for Postulated Loss-of-Coolant Accidents (loca). Tr-addttion to the criteria described earlier in this section, the emergency core cooling systems (ECCS) design must meet the following acceptance criteria from NRC Regulations TOCFR50.46 for loss-af-coolant accidents. 3.1.4.6.1 The calculated maximum fuel element cladding temperature shaT1 not exceed 2200°F, 3.1.4.6.2 The calculated total oxidation of the cladding shall nowhere exceed 0.17 times the total cladding thickness before oxidation. 3.1.4.6.3 The calculated total amaunt of hydrogen generated from the chemical reaction of the cladding with water or steam shalT not exceed 0.01 times the hypatheticaT amount that would be generated if ali of the metal in the cladding cylinders surrounding the fuel, excluding the cladding surrounding the plenum volume, were to react. 3.1.4.6.4 Calculated changes in core geometry shall be such that the core remains amenable to cooling. 3.1.4.6.5 After any calculated successful initial operation of the ECCS, the calculated core temperature shall be maintained at an acceptably law value and decay heat shall be removed for the extended period of time required by the Yong-lived radioactivity remaining in the core. 3.1.4.7 Foreign Plants GE BWR Plants built in foreign countries shall satisfy the applicable require- ments of those countries as identified in contract documents. If this results in deviations from the nuclear safety requirement from that of a U.S. supplied BWR, then NEBG Instruction 70-16 far Non-Standard Licensing Analysis for International Plants shall be followed. If this results in requirements less restrictive than for the United States, then the USA standards shall be met. Any deviation from U.S, Standards shall be documented per NEBG Instruction 70-13.2.4. 3.1.5 Regulatory and Safety and Licensing Requirements 3.1.5.1 NRC Regulations. The NRC regulations do not explicitly specify all events to-be-aneiyzed~ “There are regulations that relate to event analysis in a general sense and these must be considered. Event analysis must comply with General Electric Company positions specified in NRC Regulations Implementation Specification (MPL A41/42-4070) for the 1OCFR NRC Regulations listed below. NEO 407 (REV 10/81) 103165*-16NUCLEAR ENERGY BUSINESS OPERATIONS GENERAL @@ ELECTRIC vezengaoo v7 Section of JOCFR 20 21 50.44 50.46 50.558 50 App. A 50 App. A GDC 2 50 App. A GDC 4 50 App. A GDC 10 50 App. A GDC 11 50. App. A GDC 12 50 App. A GDC 15 50 App. A GDC 20 50 App. A GDC 22 50 App. A GDC 25 50 App. A GDC 26 50 App. A GDC 27 50 App. A GDC 28 50 App. A GDC 29 Neo #07 (REV 10/81) 103165*-17 Title Standards for Protection Against Radiation Reporting of Defects and NoncompTiance Standards for Combustible Gas Control System in Light-Water-Cooled Power Reactors Acceptance Criteria for Energency Core ool ing Systen in Light-Water-Cooled Power Reactors Codes and Standards Definitions Design Bases for Protection Against Natural Phenomena Environmental and Missile Design Bases Reactor Design Reactor Inherent Protection Suppression of Reactor Power Oscillations Reactor Coolant System Design Protection System Functions Protection System Independence Protection System Requirements for Reactivity Contro? Reactivity Control System Redundancy and Capability Combined Reactivity Control Systems Capability Reactivity Limits Protection Against Anticipated Operational Occurrenceswucucanevency GENERAL @Q ELECTRIC oneaon 90. aw BUSINESS OPERATIONS REV 2 3.1.5.1 (Cont'd) Section of 1OCER Title 50 App. A GDC 31 Fracture Prevention of Reactor Coolant Pressure Boundary 50 App. A GDC 33 Reactor Coolant Makeup 50 App. A GDC 34 Residual Heat RemovaT 50 App. A GDC 35 Emergency Core Cooling 50 App. A GDC 38 Containment Heat Removal 50 App. A GDC 50 Containment Design Basis 50 App. A GDC 60 Cantrol of Releases of Radioactive Materials to the Environment 50 App. AGOC 61 Fuel Storage and Handling and Radioactivity Contro? 50 App. A-GDC 62 Prevention of Criticality in Fuel Storage and Handling 50 App. I. Numerical Guides for Design Objectives and Limiting Conditions for Operation to Meet the Criterion “As Low as is Reasonably Achievable" for Radioactive Material in Light-Water-Cooled Nuclear Pawer Reactor Effluents 50 App. K ECCS Evaluation Models TL App. A Normal Conditions of Transport TL App. 8 Hypothetical Accident Conditions 100 Reactor Site Criteria NEO ao7 (REV 10/81) 103165*-18wucteanenency «GENERAL @@) ELECTRIC 2zasaoo | NO Ig BUSINESS OPERATIONS = neve 3.7.5.2 Regulatory Guides. Event analysis must comply with General Electric Company positions specified in the Regulatory Guide Implementation Position (MPL A41/A42-4070) for the NRC Regulatory Guides listed below. NOTE: QUALITY RELATED REGULATORY GUIDES. Nuclear Energy Business Organization PoTicy Sotitresufres adherence to certain quality related Regulatory Guides. These are identified in the Regulatory Guide Implementation Positions Document (RGIP) (MPL A41/A42-4070). The latest issues of all such QA regulatory guides fdentified in the RGIP shall govern and are applied administratively throughout NEBO. Regulatory Guide Tit! 1.3 Assumptions Used for Evaluating the Potential Radiolagical Consequences of a Loss-af-Coolant Accident for Boiling Water Reactors LS Assumptions Used for Evaluating the Potential RadiaTogical Consequences of a Steam Line Break : Accident for Boiling Water Reactors 1.6 Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems 1.7 Control of Combustible Gas Concentrations in Containment. FolTowing a Loss-af-Coolant Accident 1.25 Assumptions Used for EvaTuating the Potential Radiological Consequences of a Fuel Handling Accident in the Fuel Handling and Storage Facility for Boiling and Pressurized Water Reactors 1.26 Quality Group Classifications and Standards for Water, Steam, and Radioactive Waste Containing Components of Nuclear Power Plants 1.27 Ultimate Heat Sink for Nuclear Power Plants 1.48 Design Limits and Laading Combinations for Seismic Category 1 Fluid System Components 1.49 Power Levels of Nuclear Power Plants 1.53 Application of the Single-Faiflure Criterion to Nuclear Power Plant Protection Systems Neo 807 (REV 10/81) 103165*-19BUSINESS OPERATIONS wouranenency «GENERAL @ ELECTRIC zosead 29 av 3.1.5.2 (Cont'd) Regulatory Guide Title 1.87 Design Limits and Loading Combinations for Metal Primary Reactor Containnent System Components 1.59 Design Basis Floods for Nuclear Power Plants 1.62 Manual Initiation of Protective Actions 1.70 Standard Format and Content, of Safety Analysis Reports for Nuclear Power Plants 1.76 Design Basis Tornado for NucTear Power Plants 1.89 wal ification of Class 1E Equipment for Nuclear ower Plants 1.98 Assumptions Used for Evaluating the Potential Radiological Consequences of a Radioactive Offgas System Failure in a Boiling Water Reactor Luz Calculation of Releases of Radioactive Materials in Gaseous and Liquid Effluents From Light Water Cooled Power Reactors 1.120 Fire Protection Guidelines for Nuclear Power PLants 1.126 An Acceptable Model and Related Statistical Methods for the Analysis of Fuel Densification 1.5 Atmospheric Dispersion Nodels for Potential Accident Consequences Assessment of Nuclear Power Plants 8.8 Information Relevant to Maintaining Occupational Radiation Exposure as Low as is Reasonably Achievable 3.1.5.3 Safety and Licens Safety Standards. The event analysis of equipment and systens must comply with the FaTlowing General Electric safety standards. ss System Interface Input Requirements S$ 2 System Interface Output Requirements $83 Critical Parameters 58 4 Environmental Capability SS5 NechanicaT Loading Capability ss 7 Compliance with Single-Failure Criterion ss 17 Flow Blockage Constraints NEO 907 (REV 10/81) 103165*-20wucteanenency GENERAL @ ELECTRIC 22a8400 © SHNO. 21 ‘BUSINESS OPERATIONS 2 REV 9.1.6 Event Analysis -- Fusctional Guidelines. The following functional Gulde1ines shoutd be observed in performing analyses of the variaus plant events. (See Appendix A, paragraph B for example of tabulation and (DC) assignment. ) 3.1.6.1 Actions and Limits Important to Safety or Safety-Related. An action, or limit shall be considered important to safety or safety related only if it is required to avoid one or more unacceptable results with the specified single failure assumptions for transients and accidents. 3.1.6.2. Extent af Analysis for Planned Operations. The full spectrum of tilibal cobhtttone for planned operations shall be considered for each event analyzed so that all protection sequences are identified. Consideration should not be limited to “worst cases", because lesser cases sometimes require protection sequences different from the worst cases. 3.1.6.3 Initial Conditions for Transients, Accidents and Special Events. The jnitial conditions for transients, accidents, and special events shall be imited to those conditions that would be permitted to exist during planned operations or as the initial conditions are modified by natural phenomena and man-made hazards if they are the cause of a transient or accident. 3.1.6.6 Limits on Analysis for Planned Operations. For 2 planned operation, consideration shall be made only for actions, limits and systems necessary to meet the acceptance criteria for that planned operation (as opposed to transients, accidents, and special events which are followed through to completion}. Planned’ operations are treated differently from other events, because the transfer from one operation to another is deliberate. For events other than planned operations, the transfer from one condition to another may be unavoidable. 3.1.6.5 Event Duration For Transients, Accidents and Special Events. For transients, accidents and special events, consideration shall be made for the entire duration af the event and aftermath until some planned operation is resumed. Planned operations shalT be considered resumed when either (a) the procedures being followed are identical to those used during any one of the defined planned operations, or (b) only the plant equipment intended for planned operation is required to operate. 3.1.6.6 Operator Action. Operator action shall be credited on a case basis, depending on the conditions that would exist at the time operator action would be required; but in no case shall manual action be assumed to occur earlier than ten minutes after an accident. Because transients, accidents, and special events are considered through the entire duration of the event until a planned operation is resumed, manual operation of certain systems is sometimes required following the more rapid portions of the event. Credit for operator action is taken only when the operator can reasonably be expected to accomplish the required action under the existing conditions. Conversely, the potential far human errar and its related consequences shall be considered in the design. Neo #07 (REV 10/81) 103165*-21wucteanenercy «GENERAL QQ ELECTRIC zeasaon = HNO 22 + BUSINESS OPERATIONS v2 Fe Human error may be an initiating event, a single failure, a coincident accur- rence, or a common cause failure. 3.1.6.7 Important to Safety Considerations for Transients, Accidents and Special Events: Far transients, accidents and special events, anly those gations; Timfts and systems shail be considered important to safety for which there arises a unique requirement as a result of the event. For instance, if a system or component that was operating prior to the event (during planned operations) 1s to be enplayed in the same manner following the event, and if the system or component. is not necessary to the accomplishment of a required safety action, then the system shall be considered not important to safety. 3.1.6.8 Auxiliary System Failure. An auxiliary system or a redundant auxiliary system, whose failure results in safe failure of the associated front-line safety system shal] be considered not important to safety. 3.1.6.9 Analysis of Responses to Transients, Accidents and Special Events. A system or action that actually plays a unique role in the response to a transient, accident, or special event shall be considered important to safety unless the effects of the system or action are not needed to avoid one ar more unacceptable results in the detailed analysis of the event. 3.1.6.10 Coincident Occurrences. Design conditions may include simultaneous independent, or Tow probability dependent, occurrences of non-safety systems other than single failure of nuclear safety-related systems. (Single failure criteria for nuclear safety-related systems are specified in Section 3.6 (SS7).) Except as noted in 3.1.6.11 below, when any coincident occurrence or combination of caincident occurrences, whose prabability of occurrence simul- taneous with the initiating event is 10-2, is combined with a OC-2 or -3 initiating event or initiating event plus single failure, DC-3 or -4 safety criteria respectively shall apply. Examples incTude: a. Loss of offsite power b. Stuck rod c. Reactor coolant system iodine concentration spike d. Failure of a normal plant contro? system. If the frequency of occurrence of an initiating event, or initiating event plus single failure or caincident occurrences, is shown to be <10-®/year on a best-estimate basis, this combination shall not be considered far design. * Otherwise, the DC-4 safety criteria shall apply to the sequence of DC-4 events plus the coincident occurrences discussed above. 3.1.6.11 Optional Approach. As an option to the preceeding (e.g. application ‘of single failure and coincident occurrences), a probabilistic assessment may Fone initiating events, or initiating events plus single failure or coincident occurrence combinations even though their frequencies of occurrence are <10-®/year, have been and may continue to be required to be accommodated within DC-4 safety criteria by regulatory authorities. Neo 807 (REV 10/81) 103165*-22wctanenency «GENERAL @@) ELECTRIC 22ag400 = SHNO. 23 BUSINESS OPERATIONS 7 nev be performed to determine the likelihood of the combination of the initiating event plus a single failure or coincident occurrences, or both. Best-estimate values shall be the basis for compliance with this alternative. This combination shal] then be categorized as a DC in accordance with the frequency ranges defined in Section 3.1 and the corresponding nuclear safety criteria shall apply. If this optional approach has been used, the designer shall indicate this in any statement regarding compliance with this standard. 3.1.6.12 Common Cause Failures (Common Mode). In addition to the requirements of 3.1.3, 3.1.4, 3.1.5, and 3.1.6 above, the designer shall recognize that redundant or diverse trains do nat necessarily have independent failure modes. The designer shall seek to eliminate multiple equipment train failures originating from a common cause. The failure modes of redundant and diverse equipment and the conditions or operations that are common to them shall be studied to determine that a predictable common failure mode does not exist. The designer shall not introduce additional equipment or encumber the design with complexity without reasonable assurance that such additions are beneficial Yn terms of reduced risk or increased nuclear safety. 3.1.6.13 Environmental Conditions Considered in Design. The range of environmental conditions which might prevail in the Ticinity of the site shall be evaTuated to establish the design requirements for the plant. Environmental conditions to be evaluated include the following: a. Meteoratogy e. Geography and Denography b. Geology and Seismology f. Missile Generation c. Hydrology @. Chemical Hazards d. Biology 3.1.6.14 Natural and Man Made Hazards. The range of external phenonmena which might prevail in the vicinity of the site shall be evaluated to establish the design requirements for the plant. The range of conditions shall be established on the basis of suitable historical data, sampling and exploration ‘of the external phenomena at and in the vicinity of the site. Natural and man made hazards and combinations of natural and man made hazards shall be identified and considered in the design of the plant. For guidance see ANS 2.12-1978, "Guidelines for Combining Natural and External Man Made Hazards at Power Reactor Sites." Natural and man made hazards can be initiating events or coincident occurrences. Specific requirements for missile and seismic event analysis are presented in Sections 3.2 and 3.3. 3.1.7. Event Analysis Documentation Requirements (Analysis Criteria). 3.1.7.1 Normal (Planned) Gperation. Documented analyses of planned plant operations shaTT sae eetede the Fol tating: NEO 807 (REV 10/83) 103165*-23wouranenency GENERAL @) ELECTRIC zeneaoo MO 24 BUSINESS OPERATIONS rev 2 3.1.7.1.1 Limits for plant process parameters such that, when the plant systems operate within the envelope formed by such Timits, the acceptance criteria for normal operation (Section 3.1.4) are met. 3.1.7.1.2 The identity of all plant systems and the functional inter- relationships. necessary to maintain the plant within the envelope limits identified in the analysis required by criterion 3.1.7.1.1. 3.1.7.1.3. The physical reTationships (input and output functions) for all systems identified by criterion 3.1.7.1.2. 3.1.7.1.4 Specific methods or assumptions emplayed in the analyses. 3.1.7.1.5 Margin between the limits specified in the analysis (as shown in Section 3.1.4.1) and the limits implied by the acceptance criteria. 3.1.7.1.6 The Safety Classes (1, 2, 3, and unclassified) and quality groups (A, B, C, and D) for plant systems and components as determined by the definitions given in subsection 3.5. 3.1.7.1.7 Seismic Category 1 structures and equipment as determined by the definition given in subsection 3.5 3.1.7.1.8 Operator actions required. 3.1.7.2 Transient, Accident, and jal Event Analysis. Documented analysis of transients, acctdents, and achat ts shall tnclude the folTowing: 3.1.7.2.1__& step-by-step sequence af events from initiation including the single failure assumptions, to final stabilized condition. 3.1,7.2.2 The extent to which normally operating plant instrumentation and controls are assumed to function. 3.1.7.2.3 The extent to which plant and reactor protection systems are required to function. 3.1.7.2.4 The credit taken for the functioning of normally operating plant Systems, This should include the functional relationships between systems that are used to accomplish safety actions. 3.1.7.2.5 The operation of engineered safety systems that is required. This should include the functional relationships between systems used to accomplish safety actions and auxiliary systems required for proper operation of safety systems directly associated with a required safety action. 3.1.7.2.6 Environmental requirements for each system with a required safety action identified in 3.1.7.2.4 or 3.1.7.2.5. NEO 007 (REV 10/81) 103165*-24wocueanenerey «GENERAL @ ELECTRIC zansaon 8: 25 BUSINESS OPERATIONS Rev? 3.1.7.2.7 Specific methods and assumptions employed in the analysis 3.1.7.2.8 Margins between the event consequences and the limits implied by the acceptance criteria (as shown in Sections 3.1.4.2 through 3.1.4.6). 3.1.7.2.9 The radioactive material barriers required te prevent radicactive material release in excess of the Timits allowed by the acceptance criteria af ‘the event ( as shawn in Section 3.1.4.2 through 3.1.4.6). 3.1.7.2.10 The operator actions required and assumed in determining plant response to the event. This includes, but is not limited to, the earliest time following the event that operator action is required. 2.1.7.2.11 The Safety Classes (1, 2, 3, and unclassified) and quality groups (A, B, G, and 0) for plant systems and components as determined by the definitions given in subsection 3.5. 3.1.7.2.12 Seismic Category 1 structures and equipment as determined by the definition given in subsection 3.5. 3.2 Missile Analysis Requirements. Missile and seismic analysis (see also Section 3.) as stated in Section 3.1 above are events for which specific criteria have been developed. Nissile analysis shall be performed for al! safety systems and components to: Identify all potential and postulated missiles. b. Determine by use of probabilistic analysis, whether potential or postulated missiles are congidered to be credible (probability of ‘occurrence greater than 10” per year). c. Determine the energy and potential targets far postulated missiles. d. Perform a damage assessment. 3.2.1 Missile Analysis Application Requirements. Appendix 8 provides some reference missile and seismic analysis documentation. 4.2.1.1 Missile analysis shal] be performed for all safety class 1, 2 or 3 equipment (systems, structures, and components) which can be struck by a potential missile, These are identified in Table 1 of Section 3.2.4 of each Product Safety Standard System document. In performing the missile analysis, all potential missiles must be identified and their damage patential evaluated. Equipment must be provided with protection of sufficient strength to preclude damage by the missile(s) 3.2.1.2 Analytical mbthods for determining missile energy and potential targets (item c of Section 3.2) shall be documented (e.g. “Engineering and Neo #07 (REV 10/81) 103165*-25wucteanenency «GENERAL @) ELECTRIC 22aggo0 = HN 26 BUSINESS OPERATIONS v 2 Re Management Guide to Tornado, Missile, det Thrust, and Pipe Whip on Equipment ‘and Structures" by J. D. Stevenson of Nuclear Structural Systems Association, Inc., and Section 3 of "Design of Structures for Missile Impact", prepared by Bechtel Power Corporation. ) 3.2.2 Missile Analysis Requlatory Requirements 3.2.2.1 NRC Regulations. Missile analysis of equipment must comply with Genera? Electric Company positions specified in NRC Regulations Implementation Specification (MPL A41/A42-4070) for the IOCFR NRC Regulations listed below. Section of JOCFR Title "50 App. A GDC 4 Environmental and Missile Design Bases 3.2.2.2 Regulatory Guides. Missile analysis of equipment must comply with General Electric Company positions specified in the Regulatory Guide Implemen- tation Position (MPL A41/A42-4070) for the NRC Regulatory Guides listed below. (For Quality Related Regulatory Guides see 3.1.5.2.) Regulatory Title 1.70 Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants 1.76 Design Basis Tornado for Nuclear Power Plants 3.2.3 Missile Analysis Safety and Licensing Safety Standards (SS). The missile analysis of equipment must comply with the following General Electric safety standard. SS 16 Protection Against Dynamic Effects of Equipment failures 3.3 Seismic and Dynamic Load Analysis 3.3.1 Seismic _and Dynamic Load Analysis Requirements: 3.3.1.1 Safe Shutdown Earthquake (SSE). The design shall assure that if the safe shutdown earthquake occurs, the capability of the structures, systems, and components necessary to assure: (2) the integrity of the reactor coolant pressure baundary; (2) the capability to shut down the reactor and maintain it in a safe shutdown conditian; or, Neo 907 (REV 10/81) 103165*-26nucteanenency «GENERAL @ ELECTRIC aeasago HNO 27 BUSINESS OPERATIONS. z nev’ (3) the capability to prevent or mitigate the consequences of accidents which could result in potential offsite exposures comparable to the guidelines exposure of 10CFR100; shal] remain functional. Following the SSE, repairs to some of the structures, systems and components may be necessary 3.3.1.2 Operating Basis Earthquake (OBE) - The design shall assure that the safety related structures, systems, and components described in 3.3.1.1 shalT withstand the OBE Toads in combination with other designated appropriate loads without incurring any damage to the structures, systems and components. Vibratory ground motion exceeding the QBE shall initiate a shutdown of the reactor power plant. 3.3.1.3 Seismic Category I - Regardless of ather safety classifications, plant structures, systems and components, including their foundations and supports which are designed to be functional in the event of an SSE shall be designated Seismic Category I. Structures, components, equipment and systems designated as Safety Class 1, Safety Class 2, ar Safety Class 3 (see subsection 3.5 for a discussion of Safety Classes) shail always also be classified as Seismic Category I (except for some Safety Class 3 equipment whose postulated failure would not result in conservatively calculated potential offsite doses which are more than 0.5 Rem to the whole body or its equivalent ta any part of the body). 3.3.2 Sefsmic and Dynamic Load Analysis Application 3.3.2.1 Seismic and Dynamic load analysis must be performed for al) equipment and systems that are seismic category 1. These are identified in Table 1 of Section 3.2.4 in each of the Product Safety Standards System data sheet Documents. Appendix B provides reference seismic information. 3.3.2.2 The methods utilized and the loads applied in the seismic and dynamic Toads analyses shal? be separately identified and documented for each requisi- tion plant. 3.3.3 Seismic and Dynamic Regulatory Requirements 3.3.3.1 NRC Regulations. Seismic and dynamic Toad analysis of equipment, and systems must_comply with General Electric Company positians specified in NRC Regulations Implementation Specification (MPL A41/A42-4070) for the TOCFR NRC Regulations Tisted below. Section of JOCFR Title 50 App. A GDC 2 Design Basis for Protection Against Natural Phenomena 50 App. A GDC & Environmental and Missile Design Basis NEO 897 (REV 10/01) 103165*-27wuctearenency «GENERAL @@) ELECTRIC 22ne4g0 | SHNO- 28 BUSINESS OPERATIONS 2 fev Section of IOCFR Title 100.3 Reactor Site Criteria-Definitions 100 App. A Seismic and Geological Siting Criteria for Nuclear Power Plants 3.3.3.2 NRC Regulatory Guides. Seismic and dynamic load analysis of equipment dad’ aystene must comply with General Electric Company positfons specified in ‘the Regulatory Guide ImpTementation Position (MPL A41/A42-4070) for the NRC Regulatory Guides Tisted below. (For Quality Related Regulatory Guides see 3.1.5.2.) Regulatory Guide Title 112 Instrumentation for Earthquakes 1.29 Seismic Design Classification 1.48 Design Limits and Loading Combinations for Seismic Category 1 Fluid System Components 1.60 |. Design Response Spectra for Seismic Design of Nuclear Power Plants 1.61 Damping Values for Seismic Design of Nuclear Power Plants 1.70 Standard Format and Content of Safety Analysis Reports for NucTear Power Plants 1.92 Combining Modal Responses and Spatial Components in Seismic Response Analysis 1.100 Seismic Qualification of Electric Equipment for Nuclear Power Plants 1.122 Development of Floor Design Response for Seismic Design of Floor-Supported Equipment or Components 3.3.4 Safety and Licensing Safety Standards (SS). The seismic and dynamic Joad analysts of equipment and systems must comply with the following General Electric safety standards. ss1 System Interface Input Requirements $8 2 System Interface Output Requirements NEO 607 (REV 10/81) 103165%-28wuctearenency GENERAL @@) ELECTRIC zensaoo —*™©- 29 BUSINESS OPERATIONS REV Z ss 3 Critical Parameters SS 4 Environmental Capability SS 5. Mechanical Loading Capability 3.4 System Design Analysis Requirements 3.4.1 Safety Function/Safety System Relationships - Section 3.1 states that a det of THnttiag plan ting p Hhenearetcohaitiane (OC) anda Timiting set of events for each design condition shall be identified. Section 3.1 also provides that a detailed nuclear safety analysis be performed on these limiting sets of events. This nuclear safety analysis should constitute the technical basis for demon- strating (in Safety Analysis Reports) that the nuclear plant can be operated without undue radiaTogical risk to public health and safety. The design documentation system shall permit identification of the Timiting design basis events and the supporting analyses for which each system was designed in accordance with the preceeding requirements of Section 3.1, 3.2 and 3.3. The functional rote provided by each plant system, including any nuclear safety functions, shal) be identified for the system and its components and in addition, the safety actions designed to avoid one or mare unacceptable results shall also be identified. In some cases, mare than one safety function may be provided and more than one safety function may be needed to avoid the same unacceptable result. The nature of the specific event to be analyzed, and the diversity of initial conditions that can exist to initiate the event, may require the use of different systems to accomplish the same safety function. In this eventuality, the same failure criteria can be applied to either the individual systems or to paired combinations of systems. The functional interface relationships of a system with ather plant systems shalT also be identified and shal! include the identification of auxiliary systems essential for the proper operation of system safety functions including the identification and relationship of auxiliaries which are common to more ‘than one system. 3.4.2 System Classification Systems that are relied upon in the safety analysis to provide a nuclear safety function for a design basis event shall be designated as Safety systems. Systems not relied upon in the safety analysis to provide a nuclear safety function for a design basis event. and whose failure does not impair the nuclear safety. of the plant ar environs, even though some of the system components have a nuclear safety function, shall be designated as Power Generation Systems. An auxiliary systen whose failure does not prevent. an associated front Tine safety system from performing its safety function shall also be considered a non safety-related, or Power Generation system. The safety-related equipment, components or structures of both safety and Power Generation Systems shail be given a Safety classification of SC1, SC2 or SC3 in accordance with the requirements of Section 3.5, and be designed to Neo 807 (REV 20/81) 103165*-29wucueanenency «GENERAL @ ELECTRIC 22as400 = SHNO. 30 BUSINESS OPERATIONS 2 nev appropriate design and Quality Assurance requirements. Non safety-related portions of safety systems are not required to meet the same stringent design Gesign and QA requirements that are imposed by a safety-related classification and shall be classified as not safety-related or Other. Systems which have been pravided to respond to Special Events not included in the postulated set of 40 year design conditions shall be designated as "Special Capability Systems". Table 3-2, GE Functional Classification of Systems, Design Basis lists typical BWR plant systems according to the above classifications. Under the heading "Safety Related" are plant systems which perform, either in total or in part, a nuclear safety function. Systems listed under the Power Generation heading are those systems or portions af systems which are not relied upon in safety analysis for maintaining the nuclear safety of the plant and environs, lastly are shown those systems provided for NRC special events and designated as Special Capability systems. For comparison, Table 3-3 shows the organization and classification scheme required by the NRC in Regulatory Guide 1.70 for describing nuclear power plant systems, components, and structures including the safety related systems, equipment and supporting safety analyses. The common ingredient. between Tables 3-2 and 3-3 is the requirement to identify the needed safety functions and actions and the plant equipment, systems and structures relied upon in safety analyses to provide those safety functions. In arder to obtain uniformity in the classification of systems and components, ‘the following definitions are provided for terms frequently encountered in discussions of Safety Classes 1, 2 and 3: 3.4.3 Definitions and Glossary of Terms 1. An auxiliary system of a safety system provides a support function that ‘is necessary to accomplish the safety function af the system (t.e., electrical power ar heat removal). A primary auxiliary system must provide a support function automatically or remotely. A secondary auxiliary system provides a support function that can be initiated manually and locatly during any design condition event. 2. Common Cause Failure Multiple failure of systems, structures, or Components as @ result of a single phenomenon. 3. Design Basis Event (DBE) Postulated events used in the design to establish the performance requirements of the structures, systems, and components. Relative to product qualification, the DBE is that event or events resulting in the limiting service conditions for which the product fs to be qualified. DBE may include a main steam Tine break (MSLB), Tass of coolant accident (LOCA), Toss af heating, ventilating and air conditioning (HVAC), an earthquake or other conditions appropriate to the product location. NEO 007 (REV 10/81) 103165*-30NUCLEAR ENERGY BUSINESS OPERATIONS GENERAL @® EL TAB GE FUNCTIONAL CLASSIFICAT] ISAFETY-RECATED SYSTERS Fuel and Core Support System Control Rod Orive System (CRD) Control Rod Drive Rod Pattern Controt INeutron Honitoring System Average Power Range Monitors, (APRH) ‘3. Intermedtate Range Monttor (IRA) Reactor Recirculation system (1) (12) ‘e Hecirculation Pump Trip Reactor Pressure Vesse) syston (2) (4) Residual Heat Renoval System (RHR) =. Suppression Pool Cooling Mode & Contalment Spray Mage Nuclear Go'ler.systen (NBS) (1) (2) (9) (10) e thucTear Stean Supply ShutofY System, (NSSS5) laeactor Core Isolation Cooting System (RCIC)* Primary Containment. Systen onbuskoe Gas Contra, Systen (ate) ‘Atmos. Monit. fhyaroge © Dryeell sn Recomb.. Sys. (/containsent Wixing System containment Puroe Systen Leak Detection System (LOS) (2) lsuppression Pool Tesperature Monitoring System ISuppression Pool Makeup Systen lEnergency Core Cooling Systens Js) High Bressure Core Spray System (HPCS) High Pressure Coolant Injection Sys. (HPCI) Wuclear Boiler System futonatc Depressurization Systen (42S) Low Pres. Core Spray Sys. (LPCS)/Core Spray Sys. Residual Heat Removal System (RHR) Low Pressure Coolant, Injection Hode (LPCI) idraulic Systen ) sy, cae) (8 Fian'bity Contr. Sys.) 'e ESF Fans, Ducts and Filters ‘Standby Gas Treatment Systen (SCTS) IMSIV Leakage Control Systen (HSPLCS/HSIVLCS) Jair an Water Positive Leakage Control Systens lDrywel and Containrent Vacuun Greaker Systen. Rector Protection system (Trip System) (RPS/RTS) Istandby Powar Systens (Diesel Generator) 13g. Support. Systens (Fuel, Lube, Air, Water) IReactor and Fuel Servicing System (2) (3) ‘© Refueling InterTocks lruel Poot Cooling System (FPCS)* Service Water Systen (7) ‘¢ Energency Equipaent Service Water = RHR Service Water instrument Air for ESF Equipeent, Process Radiation Monitoring System (PRM) (8) e Main Steam Line Radiation Monitoring © Containment. Ventilation Radiation Monitoring Eee agegee eee oes aErEELESeeS eee [SPECIAL CAFRBTUITY SYSTERS special Emergency Heat Renoval System (SEHR) ISeandby Liquid Control System (SLCS) Remote: shutdown Systen (RSS) Redundant Reactivity Control System (RRCS) Emergency Response Inforaation System (ERIS) Post Accident. Sampling System (PASS) power Generation System for BWR 4/5 107202-182 ECTRIC 2208400. anneal! REV 9 LE 3-2 ION OF SYSTEMS, DESIGN BASIS lcontrol Rod Orive Rod Contro} & Info System (RC&IS) ‘¢. Reactor Manual Contral Neutron Hon’ toring NMS) ig igen 3 Traversing In-Core Probe (TIP) Process juter/Performance Monitoring System Reactor Recirc. System ay () ac Recire Flow Contro! system lneactar Water Cleanup system (RWCU) (1) (2) Res iduat Heat Removal Systen ‘© Shutdown Cooling Mode (1) (2) ‘© Steam Condensing Mode (2) lNuclear Boiler System (1) (2) (9) (10) Feedwater System (I) (2) sFeechater Control Syste steam Bypass & Pressure Regutation Sys._(SBEPRS) IContainment Atmosphere Monitoring System (5) IT Cooling. systen ‘systems (22) jLeak Detection System (2) lReactor and Fuel Servicing System (2) (3) Plant. Servicing System Fuel Poo! Cleanup syster \Service Water System (7) lpracess Radiat ion Monitoring (8) ste Systen (2) fons Syston Sareresston Poo! Cleanup Systen NOTES: Designated systens have components Tien perforn the folowing sareby funct fons: RCP function only Contaiment. {isolation function only Refueling interlocks only Internal structures with ESF functions gen monitoring function only Safety related equipment only RHR and energency equiprent cooling only ‘Any PRY used to isolate containment or Zontrol ventilation to the control Building, e.g. HSL radiation, cont, Vent, radiation, control roon inlet vent monitoring, etc. Gverpressure Protection Function only Safety related instrunentation only End of cycle recirculation pump trip anly Supporting Safety Related Equipment onlyGENERAL QQ ELECTRIC NUCLEAR ENERGY 22as400 HNO 32 BUSINESS OPERATIONS rev 2 TABLE 3-3 REGULATORY CLASSIFICATION OF SYSTEMS (Regulatory Gufde 1,70) (REACTOR SVSTON {INSTRUMENTATTONARO_CONTROL Fue! and Cone Partormance System jactor Trip Systae Resceiviey Contre) Systene Sgeactor Protection Systen (RPS) ‘ontro ve Sys (cro) Recireulation Fi 1 actor Reactor Recirculation System (Recirc) Reactor Water Cleanup System (RWCU) ResiduaT Heat Removal Systen (RHR) Shutdown CaoTing Mode Low Pressure Coolant. Injection Mode (LPCI) Suppression Pool Cooling Hode Containment. Spray Mode Stean Condensing Kode Nuclear Bofler System (NAS) Feedwater Systen, | Reactor’ Nation Cooling Syston REEREO-SAFETY_ FEATURE SYSTERS (ESF rat Systane. (EARS) ie suppression Poot Cooling Mode af RHR 3 Contatrment Spray Mode of RHR Containment. Trotatfon Systems. (CIS) (CRVICS) w= nue’ stm Supply Shutor? Sys (NSSSS) Portion of NB Conbustible. Gas Control Systen (CCS) SGopttoent snr, oni Sy, (ew) : : mr Recon, Sys, (FiammabtV#ty Contre? Sys) Drywei/contatnment. Mixing Systen ‘ Containnent. Purge Systen Suppression Poot Hake Up System (PHS) Core Cooling System (ECCS) ressure pray Systen (HPCS) or High Pressure Coolant. Injection System (HPCT) Low Pressure Coolant Injection Mode (LPCI) of RHR Core Spray (CS) or Low Pressure Core Spray (LPCS) ‘Automate Depressurization Systen (ADS) Portion of NBS Hebitabirity Systens HaDT REET FatTSTEG vent tation Systems (HVAC) Control Building Shielding & Area Rad. Monit. Sys. Snoke and Toxic Gas Renoval Systen Fission Product Removal and contro! Systems SSP yan filters.and Gucting Systems Control Bldg. Outdoor Air Cleanup Systen Standby Gas Treatment System ~ Purge Exhaust Isolation Valve Leakage Control systems Me Tao Vales: Lest Cor Sys CHSIVEES or MSPLES) Air Positive SeaT Isolation Valve Leakage Contra) Water Positive Seal Isolation Valve Leakage Control SE PE or Standby Gas Treatment System (SGTS) Remote Shutdown System (RSS) Standby Liquid Control System (SLCS) ‘Shutdown Cooling Mode of RHR Systen Sefety Related Display Information Sat pRLaet Tamms Flows, Cavels, Rad. Indications RPV, SRV, Hin, St. Tine, ECCS systens RR, RCIC, ESW, Neut. Mon. (APRH), Dryvell, Containment, Control Room, SGTS B1d. and Filters Diesel Generator Supporting Systens yr Instrumentation Systems Required for Saf Meee eee noni toring Santee WO) Process Radiation Monitoring System (PRM) Leak Detect on Systen (10S) Containment Atmos. Honitering Sys. (CANS) Suppression Poo! Tenp. Monit. Sys. (SPTHS) Fuet Poo! Cooling System (FPCS) High Pressure/Low Pressure System Interlocks Rod Pattern Control Trip L__Recirculation Pum Trip ____] rie Power (Diesel Generator) System (Fuel, Lube, Water, etc.) Xm STIS sce ered ie] HandVing_and Storage Systems oT ing Water Tor Reactor AuxTTiary Systens recess System Aux stems rested Air/Instrument alr Sanpiing Systems Equipment. and Floor Drain systems Heating, VentiT and Air Conditioning Sys. (HVAC) ieroT, Radwaste, Turbine, Fuel, ‘Auxillary Blogs. and other’ ESF Areas ener = nicatios ‘ cu ERATION ‘Steam Bypass & Press, Reg. Sys. (SBEPAS) and, ADT SISTER fou Control Syston r Contre) System Bypass & Pressure ReguTation Sys. (SB&PRS) JProcess Computer/Performance Monit. Sys. (PMS) lReactor Water Cleanup Systen (RHCU) lRadwaste System ffgas. Systen rea Radtation Konitoring System (ARHS) suppression Poo! Cleanup Systen 20d Control and Information System (RCRIS) ro7201-182 Closed Loop Outside Containment Seal Systen sources (Air Contained), Dose Assessment Isolation Valve Water Leg Leakage Control System Protection (Shielding, Vent. & Monitoring) ROMER ROL_SY: SAFETY sek Monitor System Reactor Vessel Instr. (Non-Safety Portion) Leak Detection System (Non-Safety Portion) Contatnment. Exhaust. Systen Drywell Purge Systen Drywell Chiller System Instrument Air System Display Control System Fire Protection System Reactor Manual Control