On October 29, 2014, during performance of the Browns Ferry Nuclear Plant (BFN) Unit 1 Main Steam Relief Valve (MSRV) Manual Cycle Test, MSRV 1-19 failed to open. Investigation of the failure revealed a misconfiguration of the control air lines to both the MSRV 1-19 and MSRV 1-18 which occurred during installation of the flex hoses in 2006. MSRV 1-19 has an Automatic Depressurization System (ADS) function which was defeated by the air line misconfiguration. The ADS function for MSRV 1-19 has been inoperable since May 2007. This condition would have prevented MSRV 1-19 from performing its specified ADS safety function for longer than allowed by Technical Specifications. The cause of this event was a latent organizational and programmatic gap associated with the BFN Unit 1 Restart Organization. Specifically, the management and organizational infrastructure in place during the BFN Unit 1 restart was inadequate to preclude numerous human performance errors during the 2005-2007 time period, including the multiple human performance errors associated with this event.
It is a incomplete corrective action program...how do they tell the operability of containment air? By detecting pressure and displaying it in the control room. Containment air connects up to the accumulators...drain the air from containment air because of the check valves in the dischage of the accumulator would remain operable and pressurized. The accumulator would open and shut the SRV/ADS valve. You don't remotely display accumulator air pressure, even if you did...it wouldn't fully detect operability. This is a rather cheap and worthless fix coming out of the lessens of TMI. I hate add on components. Lets say a clump of rust from the interior falls off and collects at the bottom. Rust might weld the check valve shut. So the accumulator might still be filled with air and ADS might not work if the normal air fails.
The only way of verification of the permeability of the accumulator I can think of is a remote isolation valve up stream of the check valves. Have a vent path between the isolation valve and check valve, and another remotely operated valve in the vent like. You would need to display accumulation outside contain. Then shut the main line isolation valve, open the vent path valve...if the accumulator pressure goes down then the accumulator would work. By operation the SRV valve or ADS valve, even if these component opened, it still wouldn't detect the operability of the occumulation/
The big problem is not the mixed up lines...is they couldn't detect it not working it in all these testing and leak rate test over all these years. The non operability is very difficult to detect...you can't detect the non operability.
The corrective action is to revise the MSRV pilot valve installation procedures for all three units to include a step to validate the ADS-MSRVs are connected to the appropriate ADS accumulator.Plant Operating Conditions Before the EventBrowns Ferry Nuclear Plant (BFN) Unit 1 was in Mode 1 at approximately 20 percent power.
So they were
II. Description of EventA. Event:On October 29, 2014, at 2225 hours Central Daylight Time (CDT), during performance of the BFN Unit 1 Main Steam Relief Valve (MSRV) Manual Cycle Test, MSRV [RV] 1-19 failed to open. Investigation of the failure on October 30, 2014, revealed the failure of MSRV 1-19 to stroke was due to the control air root valve, 1-SHV-032-2519, being
It is much worst than you can imagine. They found the mix up by accident. Here is the first error, the air root valve was found shut. Then they found the mixed up. So one ADS valve didn't work and a regulate SRV didn't. This raise two questions...were they decking prior testing of these valves.
inappropriately isolated by a separate, and unrelated, human performance error that occurred during the fall 2014 BFN Unit 1 Refueling Outage (RFO). Control air root valve 1-SHV-032-2519 is the control air header shutoff for MSRV 1-18. Further investigation revealed a misconfiguration of the control air lines to both MSRV 1-19 and MSRV 1-18. MSRV 1-19 has an Automatic Depressurization System (ADS) [SB] function.BFN Unit 1 has 13 MSRVs. All 13 MSRVs can be opened manually from the main control room or are self-actuated to limit reactor pressure. The ADS consists of 6 of the 13 MSRVs and is designed to provide depressurization of the reactor during a small break loss of coolant accident if the High Pressure Coolant Injection System (HPCI) [BJ] fails or is unable to maintain required water level in the reactor. Each of the MSRVs used for ADS is equipped with an air accumulator [ACC]. The accumulator provides the pneumatic power to actuate the valves. These accumulators are provided to assure that the valves can be held open following failure of normal air supply.The misconfiguration would have prevented MSRV 1-19 from performing its specified ADS safety function for longer than allowed by Technical Specifications (TS) Limiting Condition for Operation (LCO) 3.5.1 ECCS - Operating, actions due to a loss of backup control air supply from an accumulator.The misconfiguration event occurred on December 7, 2006, during preparation for BFN Unit 1 restart from an extended outage, when the air hoses were installed incorrectly on MSRV 1-19 and MSRV 1-18 in a swapped configuration. Review of the work order determined the instructions were adequate to achieve successful installation of the hoses.The misconfiguration was subsequently discovered by Operations on April 29, 2007, as part of the System Preoperability Checklist walkdown. A work order was initiated to correctly align the MSRV air lines. However, the lines were not swapped and remained misconfigured. A review of the work steps revealed a substitution error that essentially directed the workers to remove the lines and reinstall them in the same orientation.On May 22, 2007, BFN Unit 1 was brought on-line with the misconfiguration still in place. This date represents the beginning of MSRV 1-19 inoperability.On November 7, 2014, a temporary modification was implemented to restore operability of the ADS safety function. The ADS control air accumulator intended for MSRV 1-19 remains connected to MSRV 1-18. The controls and logic for the two valves were swapped to ensure the ADS circuitry from MSRV 1-19 opens MSRV 1-18. This temporary modification will remain in place until the condition can be corrected during the next refueling outage.B. Status of structures, components, or systems that were inoperable at the start of the event and that contributed to the event:The control air root valve 1-SHV-032-2519 was inappropriately isolated by a separate, and unrelated, human performance error, that occurred during the fall 2014 BFN Unit 1 RFO, resulting in the discovery of the ADS control air accumulator misconfiguration between MSRV 1-19 and MSRV 1-18.C. Dates and approximate times of occurrences:Dates & Approximate Times
December 7, 2006 Air hoses to MSRV 1-19 and 1-18 were installed in a swapped configuration during BFN Unit 1 restart.
April 29, 2007 Operations identified MSRV misconfiguration. Work that same day failed to correct the condition. Unit 1 restart.
May 22, 2007: BFN Unit 1 was brought on-line with the misconfiguration still in place. Start of MSRV 1-19 inoperability.
October 29, 2014, at 2225 hours CDT: MSRV 1-19 failed to open during the MSRV Manual Cycle Test. BFN Unit 1 entered TS LCO 3.5.1.E.
October 30, 2014 Central Standard Time (CST): Troubleshooting activities identified the misconfiguration of the control air lines to both the MSRV 1-19 and MSRV 1-18.
November 7, 2014, at 1746 hours: Implemented temporary modification to restore ADS function. Operations declared MSRV 1-19 Operable and exited TS LCO 3.5.1.E.
D. Manufacturer and model number (or other identification) of each component that failed during the event:There were no failed components associated with this event.E. Other systems or secondary functions affected:There were no other system or secondary functions affected.F. Method of discovery of each component or system failure or procedure error:During performance of the BFN Unit 1 MSRV Manual Cycle Test, MSRV 1-19 failed to open. Investigation of the failure on October 30, 2014, revealed the failure of MSRV 1-19 to stroke was due to the control air root valve, 1-SHV-032-2519, being inappropriately isolated by a separate human performance error. Further investigation revealed a misconfiguration of the control air lines to both MSRV 1-19 and MSRV 1-18.G. The failure mode, mechanism, and effect of each failed component, if known:There were no failed components associated with this event.H. Operator actions:MSRV 1-19 failed to open during the MSRV Manual Cycle Test when Operations took the handswitch to the open position. Operations declared MSRV 1-19 inoperable and entered TS LCO 3.5.1.E.Ill. Cause of the Event / Problem StatementA. The cause of each component or system failure or personnel error, if known:The direct cause of this condition was MSRVs 1-18 and 1-19 were initially installed with swapped control air supplied due to a latent human performance error made during BFN Unit 1 restart in 2006.Contributing to this event was that there are no requirements to verify the ADS-MSRVs are connected to ADS accumulators.B. The cause(s) and circumstances for each human performance related root cause:The cause of this event was a latent organizational and programmatic gap associated with the BFN Unit 1 Restart Organization. Specifically, the management and organizational infrastructure in place during the BFN Unit 1 restart was inadequate to preclude numerous human performance errors during the 2005-2007 time period, including the multiple human performance errors associated with this event.IV. Analysis of the event:The Tennessee Valley Authority is submitting this report in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 50.73(a)(2)(i)(B), as any operation or condition which was prohibited by the plant's Technical Specifications.The BFN Unit 1 TS LCO 3.5.1, ECCS - Operating, requires the ADS function of 6 MSRVs to be Operable, during Mode 1, and Modes 2 and 3, when the steam dome pressure is greater than or equal to 150 pounds per square inch gauge (psig). With one BFN Unit 1 ADS valve inoperable, TS 3.5.1 Required Action E.1 requires the ADS valve to be returned to Operable status in 14 days. If the ADS valve cannot be restored to Operable status in the required time period, TS 3.5.1 Required Actions G.A and G.2 require the unit to be in Mode 3 in 12 hours and to reduce reactor steam dome pressure to less than or equal to 150 psig in 36 hours.Inoperability of MSRV 1-19 began on May 22, 2007, when BFN Unit 1 was brought on-line after an extended shutdown and ended on November 7, 2014, at 1746 hours CST, when the ADS function was declared operable following a temporary modification to MSRVs 1-19 and 1-18. Therefore, BFN Unit 1 operated with one inoperable ADS valve for longer than allowed by TS 3.5.1 Actions.BFN Unit 1 LCO 3.0.4 prohibits Mode changes when an LCO is not met except under certain conditions that were not applicable to this event. Since it was not recognized that one BFN Unit 1 ADS valve was inoperable from May 22, 2007, until November 7, 2014, BFN changed Modes in violation of LCO 3.0.4 on multiple occasions. This event was the result of multiple, and latent, human performance errors at all levels of the organization during BFN Unit I restart. Specifically, human performance errors were introduced when flex hoses were initially installed incorrectly in 2006, when preparing the flawed corrective maintenance work order after the condition was identified in 2007, when the work order was approved with the flaw, when the work order was performed without identifying the error, and when the organization failed to verify the identified misconfiguration had been corrected.Human performance issues during the BFN Unit 1 Restart were previously identified and evaluated by Problem Evaluation Report (PER)137614 in 2008 to investigate the five BFN Unit 1 scrams following BFN Unit 1 restart. The investigation identified three common root causes including an inadequate BFN Unit 1 management and organizational infrastructure, less than adequate risk management, and a lack of first line supervision and management oversight. Consistent with these findings, the cause of this event was a latent organizational and programmatic gap associated with the BFN Unit I Restart Organization.Contributing to this event was that there are no requirements to verify the ADS-MSRVs are connected to ADS accumulators. During each outage, testing is performed as part of pre-startup activities to verify the ADS valves can be cycled from the control room. The MSRV solenoid pilot valves are removed and replaced with lab verified, refurbished pilot valves that have certified set points, and the ADS accumulators are checked for soundness. However, the connection of the ADS-MSRVs to the correct ADS accumulators is not verified. This missing requirement, in part, allowed this misconfiguration condition to exist undetected for approximately seven years.The likelihood of the MSRV control air lines being swapped in the future is unlikely because the flex hoses connecting control air to the MSRVs cannot be physically manipulated to interface with an adjacent MSRV because the interface is welded and this union is not broken during normal valve maintenance. To ensure this condition does not exist for the other BFN units, walkdowns will be performed on the BFN Units 2 and 3 MSRV control air lines during each units upcoming refueling outage. To preclude this condition from recurring, the MSRV pilot valve installation procedures will be revised to verify ADS-MSRVs are connected to the correct accumulator.Assessment of Safety ConsequencesADS serves as a backup to the HPCI System under certain loss of coolant accident conditions. During the last three years, one ADS valve has been inoperable, and the HPCI and low pressure ECCS have been out service for maintenance along with the inoperable ADS valve. Evaluations provided by General Electric and AREVA have shown that the bounding scenario plus the loss of the ADS valve does not result in failure to meet 10 CFR 50.46 and Primary Containment acceptance criteria.A Probabilistic Risk Analysis (PRA) of this condition concluded that the unavailability of the MSRV 1-19 to perform an ADS function or to be backed by an accumulator would have an insignificant impact on overall plant risk. The PRA concluded that there was no plant configuration which would present a significant increase in risk over normal test and maintenance due to the unavailability of a single ADS valve.Based on the discussion above, the safety significance of this condition is minimal and did not pose a threat to the health and safety of the public or plant personnel.A. Availability of systems or components that could have performed the same function as the components and systems that failed during the event:
Five of the six ADS valves remained available. Although the ADS function for MSRV 1-19 was unavailable, the valve would have performed within the tolerance of the mechanical setpoint of 1135 psig during an overpressurization event.B. For events that occurred when the reactor was shut down, availability of systems or components needed to shutdown the reactor and maintain safe shutdown conditions, remove residual heat, control the release of radioactive material, or mitigate the consequences of an accident:The ADS is not required to perform its safety function when the reactor is shut down.C. For failure that rendered a train of a safety system inoperable, an estimate of the elapsed time from discovery of the failure until the train was returned to service:Inoperability of MSRV 1-19 began on May 22, 2007, when BFN Unit 1 was brought on-line after an extended shutdown and ended on November 7, 2014, at 1746 hours CST, when the ADS function was declared operable following a temporary modification to MSRVs 1-19 and 1-18.VI. Corrective ActionsCorrective Actions are being managed by TVA's corrective action program under Problem Evaluation Report (PER) 952082.Immediate Corrective ActionsA temporary modification was implemented to restore operability of the ADS safety function. This temporary modification will remain in place until the configuration can be corrected during the next refueling outage.Corrective Actions that Reduce Probability of Similar Events Occurrinq in the Future "* BFN will perform walkdowns of the BFN Units 2 and 3 MSRV control air lines during each units upcoming refueling outage to ensure proper configuration.* BFN will revise the MSRV pilot valve installation procedures for all three units to include a step to validate the ADS-MSRVs are connected to the appropriate ADS accumulator.VII. Additional Information:A. Previous similar events at the same plant:A search of the Corrective Action Program and BFN Licensee Event Reports for Units 1, 2, and 3, for approximately the past three years did not identify any similar events.B. Additional Information:There is no additional information.C. Safety System Functional Failure Consideration:In accordance with the Nuclear Energy Institute (NEI) 99-02, "Regulatory Assessment Performance Indicator Guideline," this event is not considered a system functional failure because the minimum number of ADS valves remained available to perform their safety function in the event of an accident.D. Scram with Complications Consideration:This event did not result in a reactor scram.VIII. Commitments
There are no commitments.
