Clarification of the Term "Operable" as It
Applies to Single Failure Criterion for Safety Systems Required by TS
(Generic Letter 80-30)
GL80030
UNITED STATES
NUCLEAR REGULATORY COMMISSION
WASHINGTON, D.C. 20555
April 10, 1980
ALL POWER REACTOR LICENSEES
Gentlemen:
It has recently come to our attention that there may be some
misunderstanding regarding the use of the term OPERABLE as it applies to the
single failure criterion for safety systems in power reactors. The purpose
of this letter is to clarify the meaning of this term and to request
licensees to take specific actions to assure that it is appropriately
applied at their-facilities. IE Information Notice No. 79-35, "Control of
Maintenance and Essential Equipment" also contained information on this
subject.
The NRC's Standard Technical Specifications (STS) were formulated to
preserve the single failure criterion for systems that are relied upon in
the safety analysis report. By and large, the single failure criterion is
preserved by specifying Limiting Conditions for Operation (LCOs) that
require all redundant components of safety related systems to be OPERABLE.
When the required redundancy is not maintained, either due to equipment
failure or maintenance outage, action is required, within a specified time,
to change the operating mode of the plant to place it in a safe condition.
The specified time to take action, usually called the equipment
out-of-service time, is a temporary relaxation of the single failure
criterion, which, consistent with overall system reliability considerations,
provides a limited time to fix equipment or otherwise make it OPERABLE. If
equipment can be returned to OPERABLE status within the specified time,
plant shutdown is not required.
LCOs are specified for each safety related system in the plant, and with few
exceptions, the ACTION statements address single outages of components,
trains or subsystems. For any particular system, the LCO does not address
multiple outages of redundant components, nor does it address the effects of
outages of any support systems - such as electrical power or cooling water -
that are relied upon to maintain the OPERABILITY of the particular system.
This is because of the large number of combinations of these types of
outages that are possible. Instead, the STS employ general specifications
and an explicit definition of the tem OPERABLE to encompass all such cases.
These provisions have been formulated to assure that no set of equipment
outages would be allowed to persist that would result in the facility being
in an unprotected condition. These specifications are contained in the
enclosed Model Technical Specifications. Illustrative examples of how these
specifications apply are contained, in the associated Bases.
.
- 2 -
Because of the importance of assuring safety system availability, the staff
has concluded that all facility technical specifications should contain
these requirements, and that appropriate procedures should be implemented to
assure that the necessary records, such as plant logs or similar documents,
are reviewed to determine compliance with these specifications (1) promptly
upon discovering a component, train, or subsystem to be inoperable, and (2)
prior to removing a component from service.
Therefore, we request that you (1) submit proposed changes to your technical
specifications, within 30 days, that incorporate the requirements of the
enclosed Model Technical Specifications, and (2) implement the above
described procedures to assure compliance with your proposed changes within
30 days thereafter.
With regard to technical specification changes, we recognize that the
terminology used in the enclosed Model Technical Specifications may not
directly apply to plants without STS, therefore the OPERATIONAL MODE or
CONDITION definitions are also included in the enclosure. If you do not have
STS you should modify the terminology to make it consistent with your
particular facility technical specifications.
If you have any questions, please contact us.
Sincerely,
Darrell G. Eisenhut, Acting Director
Division of Operating Reactors
Office of Nuclear Reactor Regulation
Enclosure:
Model Technical Specifications
.
Enclosure 1
MODEL TECHNICAL SPECIFICATIONS
PRESSURIZED WATER REACTORS
1.0 DEFINITIONS
OPERABLE - OPERABILITY
1.6 A system, subsystem, train, component or device shall be OPERABLE or
have OPERABILITY when it is capable of performing its specified function(s).
Implicit in this definition shall be the assumption that all necessary
attendant instrumentation, controls, normal and emergency electrical power
sources, cooling or seal water, lubrication or other auxiliary equipment
that are required for the system, subsystem, train, component or device to
perform its function(s) are also capable of performing their related support
function(s).
3/4 LIMITING CONDITIONS FOR OPERATION (GENERAL)
3/4.0 APPLICABILITY
LIMITING CONDITION FOR OPERATION
3.0.3 In the event a Limiting Condition for Operation and/or associated
ACTION requirements cannot be satisfied because of circumstances in excess
of those addressed in the specification, the unit shall be placed in at
least HOT STANDBY within 1 hour, in at least HOT SHUTDOWN within the next 6
hours, and in at least COLD SHUTDOWN within the following 30 hours unless
corrective measures are completed that permit operation under the
permissible ACTION statements for the specified time interval as measured
from initial discovery or until the reactor is placed in a MODE in which the
specification is not applicable. Exceptions to these requirements shall be
stated in the individual specifications.
3.0.5 When a system, subsystem, train, component or device is determined to
be inoperable solely because its emergency power source is inoperable, or
solely because its normal power source is inoperable, it may be considered
OPERABLE for the purpose of satisfying the requirements of its applicable
Limiting Condition for Operation, provided: 1) its corresponding normal or
emergency power source is OPERABLE; and (2) all of its redundant system(s),
subsystem(s), train(s), component(s) and device(s) are OPERABLE, or likewise
satisfy the requirements of this specification. Unless both conditions (1)
and (2) are satisfied, the unit shall be placed in at least HOT STANDBY
within 1 hour, in at least HOT SHUTDOWN within the next 6 hours, and in at
least COLD SHUTDOWN within the following 30 hours. This specification is not
applicable in MODES 5 or 6.
.
- 2 -
3/4.0 APPLICABILITY
BASES
3.0.3 This specification delineates the ACTION to be taken for circumstances
not directly provided for in the ACTION statements and whose occurrence
would violation the intent of the specification. For example, Specification
3.5.1 requires each Reactor Coolant System accumulator to be OPERABLE and
provides explicit ACTION requirements if one accumulator is inoperable.
Under the terms of Specification 3.0.3, if more than one accumulator is
inoperable, the unit is required to be in at least HOT STANDBY within 1 hour
and in at least HOT SHUTDOWN within the following 6 hours. As a further
example, Specification 3.6.2.1 requires two Containment Spray Systems to be
OPERABLE and provides explicit ACTION requirements if one spray system is
inoperable: Under the terms of Specification 3.0.3, If both of the required
Containment Spray Systems are inoperable, the unIt is required to be in at
least HOT STANDBY within 1 hour, In at least HOT SHUTDOWN within the
following 6 hours and in at least COLD SHUTDOWN In the next 30 hours. It Is
assumed that the unit is brought to the required MODE within the required
times by promptly Initiating and carrying out the appropriate ACTION
statement.
3.0.5 This specification delineates what additional conditions must be
satisfied to permit operation to continue, consistent with the ACTION
statements for power sources, when a normal or emergency power source is not
OPERABLE. It specifically prohibits operation when one division is
inoperable because its normal or emergency power source is inoperable and a
system, subsystem, train, component or device in another division is
inoperable for another reason.
The provisions of this specification permit the ACTION statements associated
with individual systems, subsystems, trains, components, or devices to be
consistent with the ACTION statements of the associated electrical power
source. It allows operation to be governed by the time limits of the ACTION
statement associated with the Limiting Condition for Operation for the
normal or emergency power source, not the individual ACTION statements for
each system, subsystem, train, component or device that is determined to be
inoperable solely because of the inoperability of its normal or emergency
power source.
For example, Specification 3.8.1.1 requires in part that two emergency
diesel generators be OPERABLE. The ACTION statement provides for a 72 hour
out-of-service time when one emergency diesel generator is not OPERABLE. If
the definition of OPERABLE were applied without consideration of
Specification 3.0.5, all systems, subsystems, trains, components and devices
supplied by the inoperable emergency power source would also be inoperable.
This would dictate invoking the applicable ACTION statements for each of the
applicable Limiting Conditions for Operation. However, the provisions of
Specification 3.0.5 permit the time limits for continued operation to be
consistent with the ACTION statement for the inoperable
.
- 3 -
emergency diesel generator instead, provided the other specified conditions
are satisfied. In this case, this would mean that the corresponding normal
power source must be OPERABLE, and all redundant systems, subsystems,
trains, components, and devices must be OPERABLE, or otherwise satisfy
Specification 3.0.5 (i.e., be capable of performing their design function
and have at least one normal or one emergency power source OPERABLE). If
they are not satisfied, shutdown is required in accordance with this
specification.
As a further example Specification 3.8.1.1 requires in part that two
physically independent circuits between the offsite transmission network and
the onsite Class IE distribution system be OPERABLE. The ACTION statement
provides a 24 hour out-of-service time when both required offsite circuits
are not OPERABLE. If the definition of OPERABLE were applied without
consideration of Specification 3.0.5, all systems, subsystems, trains,
components and devices supplied by the inoperable normal power sources, both
of the offsite circuits, would also be inoperable. This would dictate
invoking the applicable ACTION statements for each of the applicable LCOs.
However, the provisions of Specification 3.0.5 permit the time limits for
continued operation to be consistent with the ACTION statement for the
inoperable normal power sources instead, provided the other specified
conditions are satisfied. In this case, this would mean that for one
division the emergency power source must be OPERABLE (as must be the
components supplied by the emergency power source) and all redundant
systems, subsystems, trains, components and devices in the other division
must be OPERABLE, or likewise satisfy Specification 3.0.5 (i.e., be capable
of performing their design functions and have an emergency power source
OPERABLE). In other words, both emergency power sources must be OPERABLE and
all redundant systems, subsystems, trains, components and devices in both
divisions must also be OPERABLE. If these conditions are not satisfied,
shutdown is required in accordance with this specification.
In MODES 5 or 6 Specification 3.0.5 is not applicable, and thus the
individual ACTION statements for each applicable Limiting Condition for
Operation in these MODES must be adhered to.
.
DEFINITION OF WESTINGHOUSE PWR
OPERATIONAL MODES
REACTIVITY % RATED AVERAGE COOLANT
MODE CONDITION, Keff THERMAL POWER* TEMPERATURE
1. POWER OPERATION => 0.99 => 5% => 350F
2. STARTUP => 0.99 < 5% => 350F
3. HOT STANDBY < 0.99 0 => 350F
4. HOT SHUTDOWN < 0.99 0 350F
> Tavg >
200F
5. COLD SHUTDOWN < 0.99 0 =< 200F
6. REFUELING** =< 0.95 0 =< 140F
*Excluding decay heat.
**Reactor vessel head unbolted or removed and fuel in the vessel.
.
DEFINITION OF COMBUSTION ENGINEERING PWR
OPERATIONAL MODES
REACTIVITY % OF RATED AVERAGE COOLANT
OPERATIONAL MODE CONDITION, Keff THERMAL POWER* TEMPERATURE
1. POWER OPERATION => 0.99 > 5% => 300F
2. STARTUP => 0.99 =< 5% => 300F
3. HOT STANDBY < 0.99 0 => 300F
4. HOT SHUTDOWN < 0.99 0 300F
> Tavg
200F
5. COLD SHUTDOWN < 0.99 0 < 200F
6. REFUELING** =< 0.95 0 =< 140F
*Excluding decay heat.
**Reactor vessel head unbolted or removed and fuel in the vessel.
.
DEFINITION OF BABCOCK & WILCOX PWR
OPERATIONAL MODES
REACTIVITY % OF RATED AVERAGE COOLANT
OPERATIONAL MODE CONDITION, Keff THERMAL POWER* TEMPERATURE
1. POWER OPERATION => 0.99 > 5% => 305F
2. STARTUP => 0.99 =< 5% => 305F
3. HOT STANDBY < 0.99 0 => 305F
4. HOT SHUTDOWN < 0.99 0 305F
> Tavg
200F
5. COLD SHUTDOWN < 0.99 0 < 200F
6. REFUELING** =< 0.95 0 =< 140F
*Excluding decay heat.
**Reactor vessel head unbolted or removed and fuel in the vessel.
.
Enclosure 2
MODEL TECHNICAL SPECIFICATIONS
BOILING WATER REACTORS
1.0 DEFINITION
OPERABLE - OPERABILITY
1.20 A system, subsystem, train, component or device shall be OPERABLE or
have OPERABILITY when it is capable of performing its specified function(s).
Implicit in this definition shall be the assumption that all necessary
attendant instrumentation, controls, normal and emergency electrical power
sources, cooling or seal water, lubrication or other auxiliary equipment
that are required for the system, subsystem, train, component or device to
perform its function(s) are also capable of performing their related support
function(s).
3/4 LIMITING CONDITIONS FOR OPERATION (GENERAL)
3/4.0 APPLICABILITY
LIMITING CONDITION FOR OPERATION
3.0.3 In the event a Limiting Condition for Operation and/or associated
ACTION requirements cannot be satisfied because of circumstances in excess
of those addressed in the specification, the unit shall be placed in at
least HOT SHUTDOWN within 6 hours and in COLD SHUTDOWN within the following
30 hours unless corrective measures are completed that permit operation
under the permissible discovery or until the reactor is placed in an
OPERATIONAL CONDITION in which the specification is not applicable.
Exceptions to these requirements shall be stated in the individual
specifications.
3.0.5 When a system, subsystem, train, component or device is determined to
be inoperable soley because its emergency power source is inoperable, or
solely because its normal power source is inoperable, It may be considered
OPERABLE for the purpose of satisfying the requirements of its applicable
Limiting Condition for Operation, provided: (1) its corresponding normal or
emergency power source is OPERABLE, and (2) all of its redundant system(s),
subsystem(s), train(s), component(s) and device(s) are OPERABLE, or likewise
satisfy the requirements of this specification. Unless both conditions (1)
and (2) are satisfied, the unit shall be placed in at least HOT SHUTDOWN
within 6 hours, and in at least COLD SHUTDOWN within the following 30 hours.
This specification is not applicable in Conditions 4 or 5.
.
- 2 -
3/4.0 APPLICABILITY
BASES
3.0.3 This specification delineates the ACTION to be taken for circumstances
not directly provided for in the ACTION statements and whose occurrence
would violate the intent of the specification. For example, Specification
3.7.2 calls for two control room emergency filtration subsystems to be
OPERABLE and provides explicit ACTION requirements if one subsystem is
inoperable. Under the terms of Specification 3.0.3, if both of the required
subsystems are inoperable, the unit is to be in at least HOT SHUTDOWN within
6 hours and in COLD SHUTDOWN within the next 30 hours. As a further example,
Specification 3.6.6.1 requires two primary containment hydrogen recombiner
systems to be OPERABLE and provides explicit ACTION requirements if one
recombiner system is inoperable. Under the terms of Specification 3.0.3, if
both of the required systems are inoperable, the unit is to be in at least
HOT SHUTDOWN within 6 hours. It is assumed that the unit is brought to the
required OPERATIONAL CONDITION within the required times by promptly
initiating and carrying out the appropriate ACTION statement.
3.0.5 This specification delineates what additional conditions must be
satisfied to permit operation to continue, consistent with the ACTION
statements for power sources, when a normal or emergency power source is not
OPERABLE. It specifically prohibits operation when one division is
inoperable because its normal or emergency power source is inoperable and a
system, subsystem, train, component or device in another division is
inoperable for another reason.
The provisions of this specification permit the ACTION statements associated
with individual systems, subsystems, trains components or devices to be
consistent with the ACTION statements of the associated electrical power
source. It allows operation to be governed by the time limits of the ACTION
statement associated with the Limiting Condition for Operation for the
normal or emergency power source, not the individual ACTION statements for
each system, subsystem, train, component or device that is determined to be
inoperable solely because of the inoperability of its normal or emergency
power source.
For example, Specification 3.8.1.1 requires in part that all three emergency
diesel generators be OPERABLE. The ACTION statement provides for a 72 hour
out-of-service time when emergency diesel generator (1A) or (1B) is not
OPERABLE. If the definition of OPERABLE were applied without consideration
of Specification 3.0.5. all systems, subsystems, trains, components and
devices supplied by the inoperable emergency power source, diesel generator
(1A) or (1B), would also be inoperable. This would dictate invoking the
applicable ACTION statements for each of the applicable Limiting Conditions
for Operation. However, the provisions of Specification 3.0.5 permit the
time limits for continued operation to be consistent with the ACTION
statement for the inoperable emergency diesel generator instead, provided
the other specified conditions are satisfied. If they are not satisfied,
shutdown is required in accordance with this specification.
.
- 3 -
As a further example, Specification 3.8.1.1 requires in part that two
physically independent circuits between the offsite transmission network and
the onsite Class IE distribution system be OPERABLE. The ACTION statement
provides a 24 hour out-of-service time when both required offsite circuits
are not OPERABLE. If the definition of OPERABLE were applied without
consideration of Specification 3.0.5, all systems, subsystems, trains,
components and devices supplied by the inoperable normal power sources, both
of the offsite circuits, would also be inoperable. This would dictate
invoking the applicable ACTION statements for each of the applicable LCOs.
However, the provisions of Specification 3.0.5 permit the time limits for
continued operation to be consistent with the ACTION, statement for the
inoperable normal power sources instead, provided the other specified
conditions are satisfied. In this case, this would mean that for one
division the emergency power source must be OPERABLE (as must be the
components) supplied by the emergency power source) and all redundant
systems, subsystems, trains, components and devices in the other division
must be OPERABLE, or likewise satisfy Specification 3.0.5 (i.e., be capable
of performing their design functions and have an emergency power source
OPERABLE). In other words, both emergency power sources (1A) and (1B) must
be OPERABLE and all redundant systems, subsystems, trains, components and
devices In both divisions must also be OPERABLE. If these conditions are not
satisfied, shutdown is required in accordance with this specification.
In Condition 4 or 5 Specification 3.0.5 is not applicable, and thus the
individual ACTION statements for each applicable Limiting Condition for
Operation in these Conditions must be adhered to.
.
DEFINITION OF BWR
OPERATIONAL CONDITIONS
MODE SWITCH AVERAGE REACTOR
CONDITION POSITION COOLANT TEMPERATURE
1. POWER OPERATION Run Any temperature
2. STARTUP Startup/Hot Standby Any temperature
3. HOT SHUTDOWN Shutdown > 212F
4. COLD SHUTDOWN Shutdown <= 212F
5. REFUELING* Shutdown or Refuel** <= 212F
* Reactor vessel head unbolted or removed and fuel in the vessel.
**See Special Test Exception 3.10.3
Page Last Reviewed/Updated Thursday, March 25, 2021