Human Error Report 9/2007

A. NRC-Identified and Self-Revealing Findings

Cornerstone: Initiating Events

• Green. A self-revealing non-cited violation of 10 CFR 50, Appendix B, Criterion V, “Instructions, Procedures, and Drawings,” occurred when technicians did not follow a procedure during undervoltage relay testing on the normal supply breaker for the 10A401 4 kV bus. This resulted in a momentary loss of power to the 10A401 4kV vital bus that caused the loss of two reactor feed pumps (RFPs) and required the manual insertion of all control rods (scram). PSEG’s corrective

actions included changing the procedure guidance for the sequence of breaker testing and adding independent verification steps for the removal of test equipment.

The finding was greater than minor because it affected the human performance attribute of the Initiating Events cornerstone and impacted the cornerstone

objective to limit the likelihood of those events that upset plant stability and challenge critical safety functions during plant operations. Specifically, failure to

follow surveillance test procedures resulted in the momentary loss of power to the 10A401 vital bus and a reactor scram. The inspectors determined the finding

was of very low safety significance (Green). The finding had a cross-cutting aspect in the area of human performance because personnel did not follow procedures (H.4.b). Specifically, maintenance technicians failed to remove test equipment in accordance with the test procedure. (Section 4OA3)

 

 

Cornerstone: Mitigating Systems

• Green. The inspectors identified a non-cited violation of 10 CFR Part 50.65(a)(4) when PSEG did not assess and manage the increase in risk for corrective maintenance activities on the ‘C’ SSW pump following an emergent failure of a ‘B’ SSW ventilation supply fan. PSEG updated the risk assessment, implemented appropriate risk management actions, repaired and restored the ‘B’ SSW fan to service, and created notification 20326624 to address the inadequate risk assessment.

iv

The finding was greater than minor because PSEG’s risk assessment had errors or incorrect assumptions that changed the outcome of the plant risk assessment.

Specifically, PSEG’s risk assessment did not consider the emergent failure of the ‘B’ SSW supply fan risk prior to performing planned maintenance on the ‘C’ SSW

pump. The inspectors determined that the finding was of very low safety significance (Green) because the incremental core damage probability deficit

was in the low E-8 range. The finding had a cross-cutting aspect in the area of human performance because PSEG did not appropriately plan work activities by

incorporating risk insights (H.3.b). Specifically, PSEG did not adjust the work schedule to ensure overall plant risk was minimized because PSEG did not

evaluate the change in plant risk caused by the emergent failure of the ‘B’ SSW ventilation supply fan. (Section 1R13)

 

============ ========= ========= ========= ========= =======

This one is an “LER” report, a deeper review of a previous problem; in this case, from 05/29/07: PSEG ignored corrective actions from 2003, which would have prevented the problem below:

 

 

 

ABSTRACT

On May 29, 2007 while operating with the reactor at 100% power and the main generator synchronized to the grid, a manual scram was initiated in anticipation of a low reactor water level condition.

An unexpected slow (dead bus) transfer of a 4 KV Class 1 -E bus from the normal to alternate source occurred during monthly relay testing. The slow (dead bus) transfer and subsequent loss of a non-safety

related motor control center (MCC) resulted in a loss of feed water followed by a reactor scram. A potential personnel error or faulty relay initiated the slow bus transfer and a low margin condition

associated with the reactor feed pump oil system design caused a loss of 2 reactor feed pumps. As a result of these conditions reactor level could not be maintained and operators took the action to

manually scram the reactor. After the scram, reactor water level lowered to Level 2 and a valid ECCS initiation signal caused HPCI and RCIC to start and inject to the core. The ECCS injection required a 4-hour report that was transmitted to the NRC in accordance with 10 CFR 50.72 (b)(2)(iv)(A) . Corrective actions included revising the surveillance procedure to require testing only be performed on

an open breaker and to verify that the relay contacts are in the correct state upon completion of the surveillance. Operating procedures were revised to maintain both Reactor Feedwater Pump (RFP) Lube

Oil pumps operating for each RFP. NRC FORM 366(6-2004)

 

CAUSE OF OCCURRENCE

The root cause of the unexpected bus transfer could not be conclusively determined by the investigation. There are two potential causes to the initiating event that are being addressed. The timer stop timing

module test leads may have been left in place from a previous procedure step creating a low impedance path to satisfy the logic path. It was noted that if the test leads had not been properly removed in the

correct sequence, then the unexpected slow (dead bus) transfer would occur. The maintenance personnel performing the surveillance stated that they believed they followed the procedure correctly.

The investigation concluded from simulated testing of the conditions that the actual alarm chronology contradicted personnel statements. This human performance failure is the most likely root cause.

A stuck channel 1(A-B) 27X 7-8 contact along with the HFA channel 2(B-C) 27X HFA relay being tested would satisfy the logic to cause a slow transfer. The root cause for this problem cannot be verified

without a vital bus outage, which will be performed at the next refueling outage. Multiple tests were performed to ensure operability. The surveillance was re-performed satisfactorily. An additional -

surveillance was later performed and the contacts were visually verified to function correctly. The RFPT oil system design is not adequate to assure that the standby lube oil pump will start and

maintain minimum operating pressure on loss of the operating oil pump. This is an original equipment manufacturer design deficiency. This deficiency was identified in 2003 and two modifications were

installed to improve system performance. Corrective actions were inappropriately closed for the 2003 event without having implemented one of the corrective actions as planned, and without having

performed the CAPR effectiveness review as planned.

NRC FORM 366A (1-2001)

 

 

 

PREVIOUS OCCURRENCES

A review of previous reportable events at Hope Creek was performed to determine if a similar event had occurred. 09/19/03 - Hope Creek, LER 2003-007-00 Reactor Scram Due To Electrical Transient, Low Reactor Water Level And Loss Of Reactor Feed Pumps A and C. Corrective actions from this event were not completed in a timely manner and could have prevented the partial loss of feedwater during this 2007 event.